[Bug 212168] [panic] [UFS] use-after-free panic (0xdeadc0dedeadc0de)
Kirk McKusick
mckusick at mckusick.com
Mon Sep 26 13:36:44 UTC 2016
> From: bugzilla-noreply at freebsd.org
> To: freebsd-fs at FreeBSD.org
> Subject: [Bug 212168] [panic] [UFS] use-after-free panic (0xdeadc0dedeadc0de)
> Date: Sun, 25 Sep 2016 19:37:15 +0000
>
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212168
My current theory is that some other ARM subsystem is allocating a
piece of memory of the same size as one of the soft updates dependencies.
The memory is freed by that subsystem and allocated by soft updates.
While soft updates is using it the other ARM subsystem frees it a
second time causing the dependency to be trashed.
To test this theory, I have changed the soft updates allocator to keep
its own private pool of structures (e.g., once allocated it is never
returned). Since I have not created separate zones, it is still possible
that it will get a piece of memory that will later be trashed, but that
is much less likely. If the problem persists, I'll take the added step
of creating zones.
The patch is attached. Hopefully Andy can check it out if his latest
fix fails to correct the problem.
Kirk McKusick
More information about the freebsd-fs
mailing list