Re: panic: Memory modified after free

---

• From: Steve Kargl <sgk@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Tue, 31 Jan 2006 14:38:16 -0800

---

On Tue, Jan 31, 2006 at 04:33:32PM -0500, Kris Kennaway wrote:
> On Tue, Jan 31, 2006 at 01:22:09PM -0800, Steve Kargl wrote:
> > The system is a dual proc Tyan K8S Pro with 12 GB of memory.
> > The kernel is UP. This was recorded by hand. I have the crash dump.
> >
> > Memory modified after free 0xffffff02505e0c00(504) val=deadc0dd @
> > 0xffffff02505e0cd0
> >
> > panic: Most recently used by DEVFS1
>
> Set up memguard to watch this malloc type in order to obtain useful
> debugging.
>

memguard has made the situation even worse. The kernel never
makes to single user mode. I get

MEMGUARD DEBUGGING ALLOCATOR INITIALIZED
MEMGUARD map base: 0xffffffff8f1b2000
map limit: 0xffffffff919b3000
map size: 41947136 (Bytes)

Memory modified after free 0xffffff000005bd00(248) val=5 @ 0xffffff000005bdd0
kernel trap 9 wiith interrupts disabled

Fatal trap 9: general protection fault while in kernel mode
instruction pointer = 0x8:0xffffffff80306487
stack pointer = 0x10:0xffffffff807a1a20
frame pointer = 0x10:0xffffffff807a1a30
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = resume, IOPL = 0
current process: = 0 ()

[thread pid 0 tid 0]
Stopped at strlen+0x7: cmpb $0,0(%rdi)

db> bt
Tracing pid 0 tid 0 td 0xffffffff8060ac40
strlen() at strlen+0x7
kvprintf() at kvprintf+0x987
vsnprintf() at vsnprintf+0x2e
panic() at panic+0xfa
mtrash_ctor() at mtrash_ctor+0x70
uma_zalloc_arg() at uma_zalloc_arg+0x170
malloc() at malloc+0x11e
init_dynamic_kenv() at init_dynamic_kenv+0x68
mi_startup() at mi_startup+0xb6
btext() at btext+0x2c





--
Steve
_______________________________________________
freebsd-current@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@xxxxxxxxxxx"

---

• References:
  • panic: Memory modified after free
    • From: Steve Kargl
  • Re: panic: Memory modified after free
    • From: Kris Kennaway

• Prev by Date: Re: panic: Memory modified after free
• Next by Date: Patch to fix i915 drm with vgapci changes
• Previous by thread: Re: panic: Memory modified after free
• Next by thread: Re: panic: Memory modified after free
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Panic on boot with new ACPI-CA ... Thanks for memguard tip. ... Without memguard, but with acpi compiled into kernel, system boots up ... ::> I've put the output dsdt/asl file from following command onto the ... (freebsd-current) Re: Panic on boot with new ACPI-CA ... > Thanks for memguard tip. ... > into kernel or loaded as a module. ... > 2) Without memguard, but with acpi compiled into kernel, system boots up ... This will pop into the debugger early. ... (freebsd-current) Re: panic: Memory modified after free ... > The kernel is UP. ... I have the crash dump. ... Most recently used by DEVFS1 ... Set up memguard to watch this malloc type in order to obtain useful ... (freebsd-current) Re: tamper-after-free ... > was trying to cause a buffer overflow on a program made by me, ... im wondering if memguard have something to ... detecting use-after-free conditions in the kernel. ... Kris ... (comp.unix.bsd.freebsd.misc) Strange "filesystem busy" problem ... I am running several NFS and SMB server using SuSE Linux 8.2 with a SuSE ... patched kernel k_smp4G-2.4.21-202. ... The same busy-problem happens when I change to single user mode and then try ... filesystem to see whats making it busy, but both tools do not report ... (Linux-Kernel)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Mailing-Lists  > FreeBSD  > current  > 2006-01