On Fri, Sep 29, 2006 at 08:26:40PM +0200, Martin Blapp wrote: > > Hi all, > > > Free tty struct after last close. This should fix the pty-leak by numbers. > > Remove workarounds for tty_refcount beeing 0, this will be fixed > > differently > > later. > > > > Back out rev 1.145 since we initialize the tty struct from scratch and bad > > things can't happen anymore. > > > > Sigh. Peter Holmes stress tests did show that we still have problems. With > the beckout of rev. 1.145 we get again the same panics as the pty_pts code > does. > This is deep somewhere in the devfs code. It does happen with/without > freeing > struct tty. > > Memory modified after free 0xc45b7d00(252) val=deadc0dd @ 0xc45b7d70 > panic: Most recently used by DEVFS1
You can identify precisely where the use-after-free occurs by configuring DEBUG_MEMGUARD; I posted a trace of what is probably the same bug once to current@ once but don't have it to hand. Kris
pgpYSNdoKlj0F.pgp
Description: PGP signature
