Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 28 May 2004 16:24:39 +0200
From:      "Willem Jan Withagen" <wjw@withagen.nl>
To:        <freebsd-current@freebsd.org>
Subject:   Re: Possible bug in malloc-code
Message-ID:  <079001c444bf$830965d0$471b3dd4@dual>
References:  <074501c44449$3ab41bc0$471b3dd4@dual><20040528011551.GB48226@xor.obsecurity.org> <077001c44486$ddd75640$471b3dd4@dual>

next in thread | previous in thread | raw e-mail | index | archive | help
> ----- Original Message ----- 
> From: "Kris Kennaway" <kris@obsecurity.org>
> On Fri, May 28, 2004 at 02:17:57AM +0200, Willem Jan Withagen wrote:
>
> > > The bad thing is that calling free() at this point will freeze the box....
> >
> > amd64 seems to have a bug that causes it to pause while accessing
> > swap.  Make sure this isn't what you're seeing - i.e. wait a few
> > minutes before hitting the reset button.
>
> Interesting point.
> I'll run the box and go to the gym...
> That should give it enough time to recover.
>
> And we'll see.
>
> I'did see such behaviour, but that was more like stalling for a
> 1-2 sec period, Which I atributed to zeroing 500Mb of RAM.

Didn't really work:

The process itself:
Alloc:  n =  335544320, ADR = 0x00000000485D7000
Alloc:  n =  402653184, ADR = 0x000000005C5D7000
Alloc:  n =  469762048, ADR = 0x00000000745D7000
Alloc:  n =  536870912, ADR = 0xFFFFFFFF905D7000
Free:   n =  536870912, ADR = 0xFFFFFFFF905D7000
rMemoryDrv in free(): error: junk pointer, too high to make sense

On the console:
panic: ffs_write: uio->uio_resid < 0
at line 602 in file /home2/src/sys/ufs/ffs/ffs_vnops.c
cpuid = 1;
Stack backtrace:
backtrace() at backtrace+0x17
__panic() at __panic+0x1e4
ffs_write() at ffs_write+0x162
vn_rdwr() at vn_rdwr+0x164
vn_rdwr_inchunks() at vn_rdwr_inchunks+0x80
elf64_coredump() at elf64_coredump+0x113
coredump() at coredump+0x586
sigexit() at sigexit+0x72
postsig() at postsig+0x1be
ast() at ast+0x417
Xfast_syscall() at Xfast_syscall+0xdd
--- syscall (0), rip = 0x20067c8ec, rsp = 0x7fffffffe878, rbp = 0x2006df6c0 ---

So what next....
It is VERY reproduceable, so with guidance on what to look at.
I'm more than willing to up my skills and get to the bottom of this.

If amd64-owners want to have a go at it, and see what they get:
    cd /usr/ports/devel/cocktail/
    make
    cd work/cocktail-9309/reuse/m2c
    make test
    ./rMemoryDrv

--WjW



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?079001c444bf$830965d0$471b3dd4>