From owner-freebsd-fs@FreeBSD.ORG Wed May 20 00:32:41 2015 Return-Path: Delivered-To: freebsd-fs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0679E616 for ; Wed, 20 May 2015 00:32:41 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E5AC21D57 for ; Wed, 20 May 2015 00:32:40 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t4K0Wect058992 for ; Wed, 20 May 2015 00:32:40 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-fs@FreeBSD.org Subject: [Bug 200288] Modify after Free: ZFS Date: Wed, 20 May 2015 00:32:40 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: delphij@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-fs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2015 00:32:41 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200288 Xin LI changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |delphij@FreeBSD.org --- Comment #12 from Xin LI --- (In reply to Larry Rosenman from comment #10) I have looked at all these backtraces and they are almost identical, and unfortunately errors like this are relatively hard to trace down, it's like looking at dead body (assertion, which we already know where the deadly wound is) but not a smoking gun (the code that touches freed memory). Debugging this can be really time consuming. I don't know why memguard didn't catch the issue (which should), did you added the loader.conf option: vm.memguard.desc="solaris" ? I *think* that the issue is probably a decreasing counter, but a quick glance at zfs_rlock.c didn't reveal one, and the code have been there for quite a while. -- You are receiving this mail because: You are the assignee for the bug.