From owner-freebsd-current@FreeBSD.ORG Wed Nov 19 22:00:11 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7561016A4CE for ; Wed, 19 Nov 2003 22:00:11 -0800 (PST) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D29443FE0 for ; Wed, 19 Nov 2003 22:00:10 -0800 (PST) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 0FD591FF90D for ; Thu, 20 Nov 2003 07:00:08 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id 73FD41FF90C; Thu, 20 Nov 2003 07:00:06 +0100 (CET) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id B2FB0154DB; Thu, 20 Nov 2003 05:55:55 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id 9B239154D7 for ; Thu, 20 Nov 2003 05:55:55 +0000 (UTC) Date: Thu, 20 Nov 2003 05:55:55 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: current@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS snapshot-20020300 Subject: Memory modified after free X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2003 06:00:11 -0000 Hi, got this one over the night: --- cut --- Memory modified after free 0xc3a58a00(124) val=deadc0dd @ 0xc3a58a1c panic: Most recently used by soname Debugger("panic") Stopped at Debugger+0x45: xchgl %ebx,in_Debugger.0 db> show reg cs 0x8 ds 0x10 es 0x10 fs 0x18 ss 0x10 eax 0x12 ecx 0x1 edx 0 ebx 0 esp 0xca09bac0 ebp 0xca09bac4 esi 0xc05ddd4f edi 0x1 eip 0xc0595ba5 Debugger+0x45 efl 0x296 dr0 0 dr1 0 dr2 0 dr3 0 dr4 0xffff0ff0 dr5 0x400 dr6 0xffff0ff0 dr7 0x400 Debugger+0x45: xchgl %ebx,in_Debugger.0 db> trace Debugger(c05c5718) at Debugger+0x45 panic(c05ddd4f,c05cb3c3,c05ddd20,c3a58a00,7c) at panic+0xb7 mtrash_ctor(c3a58a00,80,0) at mtrash_ctor+0x53 uma_zalloc_arg(c2c3bb40,0,1) at uma_zalloc_arg+0x15e malloc(48,c06002a0,1,0,ca09bb84) at malloc+0xbd keydb_newsecpolicy(c2f8de18,c397d400,10,ca09bba4,c054d6a8) at keydb_newsecpolicy+0x12 key_newsp(0,8,1,c2f8de18,c397d400) at key_newsp+0xa5 key_msg2sp(c2f8de18,10,ca09bbb8,3,c2f8de18) at key_msg2sp+0x68 ipsec_set_policy(c397d400,1c,c2f8de18,10,1) at ipsec_set_policy+0x7f ipsec6_set_policy(c3a0c9f0,1c,c2f8de18,10,1) at ipsec6_set_policy+0x8f ip6_ctloutput(c3a2f3c0,ca09bcc0,ca09bd14,c39b0140,ca09bcec) at ip6_ctloutput+0x80a sosetopt(c3a2f3c0,ca09bcc0,c3a2f3c0,1,29) at sosetopt+0x2c setsockopt(c39b0140,ca09bd14,5,aa,202) at setsockopt+0x90 syscall(2f,2f,2f,808f612,29) at syscall+0x202 Xint0x80_syscall() at Xint0x80_syscall+0x1d --- syscall (105, FreeBSD ELF32, setsockopt), eip = 0x2822f32f, esp = 0xbfbfed1c, ebp = 0xbfbfed58 --- db> show locks exclusive sleep mutex Giant r = 0 (0xc0610680) locked @ HEAD/compile-20031119-1814/sys/kern/uipc_syscalls.c:1312 db> cont syncing disks, buffers remaining... 398 398... .... --- cut --- -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/