Site Navigation

Date:      Mon, 17 Aug 2020 10:02:39 +0200
From:      Hans Petter Selasky <hps@selasky.org>
To:        Alexandre Levy <a13xlevy@gmail.com>
Cc:        freebsd-current@freebsd.org
Subject:   Re: Kernel crash during video transcoding
Message-ID:  <c2e0385d-8860-be33-7e79-e09bef8c8703@selasky.org>
In-Reply-To: <CAEWSB32P47nCfa7%2BKhBNg89hPx_rrsWrRobVV6v4zxX0UGzNJw@mail.gmail.com>
References:  <CAEWSB323c2zapSG30OS5T30Wd_bpT=7NbvrPtsyQDRRHQUf7qA@mail.gmail.com> <13793020-1bde-b13f-65e3-909e27d876ad@selasky.org> <CAEWSB323KtVrixgRyKsekdgcGjFm4kUqG6qDE59Aev3Cc6sYBg@mail.gmail.com> <4e9d9a89-4883-1f1c-c796-e5925fd171cc@selasky.org> <CAEWSB30YNwQ7Bpv00P-B=TTHCqT_aFm30552n51Pic1uN5hnZQ@mail.gmail.com> <CAEWSB33_ka2aQb81UmODu72Be_9Vvqi4Qb-jfXHEZ1HgCqwADQ@mail.gmail.com> <51a2fe4f-5a3e-8d24-19e2-3cdaa8378015@selasky.org> <CAEWSB32oKbaE4M=V3H8F9rJv%2BL1ivKejhGAXmHMxOKkyYQLCxg@mail.gmail.com> <CAEWSB33-harOEk3v4rWBMQQJwfOtJmap-qBqAjc33__nLYKLrQ@mail.gmail.com> <5fe820c0-69af-8c41-69d6-a3c33ed55e2e@selasky.org> <CAEWSB32P47nCfa7%2BKhBNg89hPx_rrsWrRobVV6v4zxX0UGzNJw@mail.gmail.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

On 2020-08-16 22:23, Alexandre Levy wrote:
> (kgdb) p *m
> $2 = {plinks = {q = {tqe_next = 0x578491b51dd60510, tqe_prev =
> 0xd78c11bd9dde8518}, s = {ss = {sle_next = 0x578491b51dd60510}}, memguard =
> {p = 6306325585301210384,
>        v = 15531808720989095192}, uma = {slab = 0x578491b51dd60510, zone =
> 0xd78c11bd9dde8518}}, listq = {tqe_next = 0xd78c11bd9dde8518, tqe_prev =
> 0x265bc92017d7aa38},
>    object = 0x2659c92217d5aa3a, pindex = 2758957463725517354, phys_addr =
> 2758957463725517354, md = {pv_list = {tqh_first = 0x2e49c1321fc5a22a,
> tqh_last = 0x3e4bd1300fc7b228},
>      pv_gen = 265794104, pat_mode = 1046204704}, ref_count = 257405624,
> busy_lock = 1054593440, a = {{flags = 4757, queue = 48 '0', act_count = 134
> '\206'}, _bits = 2251297429},
>    order = 98 'b', pool = 204 '\314', flags = 75 'K', oflags = 105 'i',
> psind = -107 '\225', segind = 18 '\022', valid = 48 '0', dirty = 134 '\206'}

This "m" structure looks freed.

It looks like a use after free issue.

Can you enter this in GDB:

set print pretty on

Then dump some more structures you can get hold of?

--HPS

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c2e0385d-8860-be33-7e79-e09bef8c8703>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact