Date: Mon, 26 Sep 2016 06:36:42 -0700 From: Kirk McKusick <mckusick@mckusick.com> To: Andy Turner <andrew@freebsd.org>, Konstantin Belousov <kostikbel@gmail.com> Cc: freebsd-fs@FreeBSD.org Subject: Re: [Bug 212168] [panic] [UFS] use-after-free panic (0xdeadc0dedeadc0de) Message-ID: <201609261336.u8QDagnu056294@chez.mckusick.com> In-Reply-To: <bug-212168-3630-fIJclmRS6S@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: bugzilla-noreply@freebsd.org > To: freebsd-fs@FreeBSD.org > Subject: [Bug 212168] [panic] [UFS] use-after-free panic (0xdeadc0dedead= c0de) > Date: Sun, 25 Sep 2016 19:37:15 +0000 > = > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212168 My current theory is that some other ARM subsystem is allocating a piece of memory of the same size as one of the soft updates dependencies. The memory is freed by that subsystem and allocated by soft updates. While soft updates is using it the other ARM subsystem frees it a second time causing the dependency to be trashed. To test this theory, I have changed the soft updates allocator to keep its own private pool of structures (e.g., once allocated it is never returned). Since I have not created separate zones, it is still possible that it will get a piece of memory that will later be trashed, but that is much less likely. If the problem persists, I'll take the added step of creating zones. The patch is attached. Hopefully Andy can check it out if his latest fix fails to correct the problem. Kirk McKusick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201609261336.u8QDagnu056294>