[issue1777] vn panic: Freeing already free credential! 0xdef403f8

Joe Talbott josepht at cstone.net
Sat Jun 5 11:59:16 PDT 2010


On Sat, Jun 05, 2010 at 09:00:51AM -0700, Matthew Dillon wrote:
> 
> :> : 	 * Set credits in our softc
> :> : 	 */
> :> : 
> :> :-	if (vn->sc_cred)
> :> :+	if (vn->sc_cred && vn->sc_cred->cr_ref > 0)
> :> : 		crfree(vn->sc_cred);
> :> : 	vn->sc_cred = crdup(cred);
> :> 
> :>     That can't be right.  If vn->sc_cred is set at all there must be a
> :>     ref on it.  If there isn't something is leaking a crfree() without
> :>     clearing it.
> :
> :I've been looking at the backtrace and in frame 6 vn->sc_cred is 0x00
> :but cr in frame 5 is non-NULL and appears to be corrupted.
> :
> :Joe
> 
>    Check the rest of the vn structure and see if it is corrupted.  If
>    it isn't then what is probably happening is some other subsystem
>    (possibly part of the call path into vn, before it gets to vn) might
>    be blowing up the credential.  It might not be VN's fault.
> 

The vn structure appears to NOT be corrupt.  Seems like a race if
vn->sc_cred goes from NULL to non-NULL between frame 6 and 5.  Could
this be related to my recent link_elf change (setting p to proc0 if p
is NULL)?

Joe





More information about the Bugs mailing list