Memory modified after free
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Wed Nov 19 22:00:11 PST 2003
Hi,
got this one over the night:
--- cut ---
Memory modified after free 0xc3a58a00(124) val=deadc0dd @ 0xc3a58a1c
panic: Most recently used by soname
Debugger("panic")
Stopped at Debugger+0x45: xchgl %ebx,in_Debugger.0
db> show reg
cs 0x8
ds 0x10
es 0x10
fs 0x18
ss 0x10
eax 0x12
ecx 0x1
edx 0
ebx 0
esp 0xca09bac0
ebp 0xca09bac4
esi 0xc05ddd4f
edi 0x1
eip 0xc0595ba5 Debugger+0x45
efl 0x296
dr0 0
dr1 0
dr2 0
dr3 0
dr4 0xffff0ff0
dr5 0x400
dr6 0xffff0ff0
dr7 0x400
Debugger+0x45: xchgl %ebx,in_Debugger.0
db> trace
Debugger(c05c5718) at Debugger+0x45
panic(c05ddd4f,c05cb3c3,c05ddd20,c3a58a00,7c) at panic+0xb7
mtrash_ctor(c3a58a00,80,0) at mtrash_ctor+0x53
uma_zalloc_arg(c2c3bb40,0,1) at uma_zalloc_arg+0x15e
malloc(48,c06002a0,1,0,ca09bb84) at malloc+0xbd
keydb_newsecpolicy(c2f8de18,c397d400,10,ca09bba4,c054d6a8) at keydb_newsecpolicy+0x12
key_newsp(0,8,1,c2f8de18,c397d400) at key_newsp+0xa5
key_msg2sp(c2f8de18,10,ca09bbb8,3,c2f8de18) at key_msg2sp+0x68
ipsec_set_policy(c397d400,1c,c2f8de18,10,1) at ipsec_set_policy+0x7f
ipsec6_set_policy(c3a0c9f0,1c,c2f8de18,10,1) at ipsec6_set_policy+0x8f
ip6_ctloutput(c3a2f3c0,ca09bcc0,ca09bd14,c39b0140,ca09bcec) at ip6_ctloutput+0x80a
sosetopt(c3a2f3c0,ca09bcc0,c3a2f3c0,1,29) at sosetopt+0x2c
setsockopt(c39b0140,ca09bd14,5,aa,202) at setsockopt+0x90
syscall(2f,2f,2f,808f612,29) at syscall+0x202
Xint0x80_syscall() at Xint0x80_syscall+0x1d
--- syscall (105, FreeBSD ELF32, setsockopt), eip = 0x2822f32f, esp = 0xbfbfed1c, ebp = 0xbfbfed58 ---
db> show locks
exclusive sleep mutex Giant r = 0 (0xc0610680) locked @ HEAD/compile-20031119-1814/sys/kern/uipc_syscalls.c:1312
db> cont
syncing disks, buffers remaining... 398 398...
....
--- cut ---
--
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
56 69 73 69 74 http://www.zabbadoz.net/
More information about the freebsd-current
mailing list