From owner-freebsd-current Thu Dec 19 16:48:48 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 16A1E37B401 for ; Thu, 19 Dec 2002 16:48:47 -0800 (PST) Received: from pump3.york.ac.uk (pump3.york.ac.uk [144.32.128.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id D1D4343EDC for ; Thu, 19 Dec 2002 16:48:45 -0800 (PST) (envelope-from gavin@ury.york.ac.uk) Received: from ury.york.ac.uk (ury.york.ac.uk [144.32.108.81]) by pump3.york.ac.uk (8.10.2/8.10.2) with ESMTP id gBK0mYv16114 for ; Fri, 20 Dec 2002 00:48:34 GMT Received: from ury.york.ac.uk (localhost.york.ac.uk [127.0.0.1]) by ury.york.ac.uk (8.12.6/8.12.6) with ESMTP id gBK0mYTI085177 for ; Fri, 20 Dec 2002 00:48:34 GMT (envelope-from gavin@ury.york.ac.uk) Received: from localhost (gavin@localhost) by ury.york.ac.uk (8.12.6/8.12.6/Submit) with ESMTP id gBK0mXZp085174 for ; Fri, 20 Dec 2002 00:48:34 GMT Date: Fri, 20 Dec 2002 00:48:33 +0000 (GMT) From: Gavin Atkinson To: current@FreeBSD.ORG Subject: Re: Panic: memory modified after free In-Reply-To: <20021219151949.Y54430-100000@ury.york.ac.uk> Message-ID: <20021220004330.J83600-100000@ury.york.ac.uk> References: <20021219151949.Y54430-100000@ury.york.ac.uk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 19 Dec 2002, Gavin Atkinson wrote: > Running 5.0-RC as of yesterday on i386. background fsck was in progress, > but other than that system was idle. Logged in as root on the console, had > cd'd to a ports directory. (note that it panics almost instantly when > using the console, but lasts upto 10 minutes when in use over ssh) > Running "make deinstall" triggered this panic: > > Memory modified after free 0xc1891c00(1020) > panic: Most recently used by none >[snip backtrace] > The machine seems perfectly stable in single user mode. It also seems > pretty stable at the moment with linux emulation, usbd, sendmail, ipv6, > nfs server and moused enables commented out of rc.conf. I will try to add > one at a time tonight to determine which is at fault. Update: I re-cvsupped (to 19 Dec 14:00 GMT) , and recompiled world and kernel. I can no longer cause the panic. I then (out of interest) dropped back to the old kernel that was panicing (18 Dec 12:00 GMT), but run with the new world, and could not recreate the panic. I therefore believe that one of the userland binaries that I replaced was tickling the bug, and now I have replaced that binary, the problem no longer occurs. So, unless anyone can think of a better reason for this, I suspect there is a kernel use-after-free bug laying dormant. Gavin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message