Date: Wed, 24 Nov 2004 08:49:06 -0800 From: Nate Lawson <nate@root.org> To: Gavin Atkinson <gavin.atkinson@ury.york.ac.uk> Cc: freebsd-current@freebsd.org Subject: Re: Memory modified after free: Most recently used by acpitask Message-ID: <41A4BB82.2010406@root.org> In-Reply-To: <1101312453.56574.122.camel@buffy.york.ac.uk> References: <1101312453.56574.122.camel@buffy.york.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Gavin Atkinson wrote: > Hi, > > Just got a panic on a 6-CURRENT (Thu Nov 18 16:36:35 GMT 2004) machine, > while copying a large amount of data around. > > Seems to be an ACPI related reuse-after-free. As far as I can tell, 20 > bytes into the acpi_task structure is (int)ta_flags within the embedded > struct task, but I can't see use of this field in the ACPI code so ACPI > may be a red herring. > > Sadly, I don't have a core dump as the machine double faulted during the > attempt. > > Gavin > > > # cp -Rp /usr/* /var/usr > [about 10 minutes later] > Memory modified after free 0xc44a8420(28) val=0 @ 0xc44a8434 > panic: Most recently used by acpitask Unfortunately, the panic message doesn't tell you who modified it since someone with a stray pointer (say, who allocated/freed it before acpi) could overwrite it and it was only detected on the next malloc. The way I've found these is to boot -d (into ddb) and type "watch 0xc44a8420". Then hit "c" to continue the boot. Dump a "tr" any time the watchpoint triggers and look for suspicious callers. -Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41A4BB82.2010406>