From owner-freebsd-usb@FreeBSD.ORG Wed Mar 25 09:18:01 2009 Return-Path: Delivered-To: freebsd-usb@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 06C371065677; Wed, 25 Mar 2009 09:18:01 +0000 (UTC) (envelope-from weongyo.jeong@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.225]) by mx1.freebsd.org (Postfix) with ESMTP id B8B668FC08; Wed, 25 Mar 2009 09:18:00 +0000 (UTC) (envelope-from weongyo.jeong@gmail.com) Received: by rv-out-0506.google.com with SMTP id l9so3050851rvb.43 for ; Wed, 25 Mar 2009 02:18:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:received:from:date:to:cc :subject:message-id:reply-to:mime-version:content-type :content-disposition:user-agent:organization:x-operation-sytem; bh=X33sMe++n6kL8+8g0JRCZ3OMwO4tF3vaWksZ2Qdciag=; b=WY04uYkb9RxlncaZwlacdFuFk4XiDRmrvzuH7czqqOsixmIp/EFV/Po9/JZhfP1jka O341tgIXOvCjMFdBMSEgNilnTCHpxx8vPXh8E6AIOumOExMVLH4isaKDnqREtcxx/62V QdU1sPa9x9y+wFW5pFg1Sl3z44Y/IpxZwHhb8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:date:to:cc:subject:message-id:reply-to:mime-version :content-type:content-disposition:user-agent:organization :x-operation-sytem; b=k0olfNbHlMyoXpFJuUR0wfelQjTQQJuthU76d+M46rUXGgC5wPzS8QD6Z7jK5J6FY5 PVgbzB/WJSozYWj+td7N52SpCyyp4YcLLBQP16kD9MWYBdYFD8p/5I9Shp4Jzq1jGJWw z36LpZMkMaKXDB9t+e62m/Z0Yngvd+yO2CUao= Received: by 10.140.158.4 with SMTP id g4mr3471564rve.160.1237972680252; Wed, 25 Mar 2009 02:18:00 -0700 (PDT) Received: from weongyo ([114.111.62.249]) by mx.google.com with ESMTPS id f21sm16408243rvb.45.2009.03.25.02.17.58 (version=SSLv3 cipher=RC4-MD5); Wed, 25 Mar 2009 02:17:59 -0700 (PDT) Received: by weongyo (sSMTP sendmail emulation); Wed, 25 Mar 2009 18:17:56 +0900 From: Weongyo Jeong Date: Wed, 25 Mar 2009 18:17:56 +0900 To: Hans Petter Selasky Message-ID: <20090325091756.GA14916@weongyo.cdnetworks.kr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i Organization: CDNetworks. X-Operation-Sytem: FreeBSD Cc: Sam Leffler , freebsd-usb@freebsd.org, Andrew Thompson Subject: q: Memory modified after free in usb2 X-BeenThere: freebsd-usb@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Weongyo Jeong List-Id: FreeBSD support for USB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Mar 2009 09:18:02 -0000 Hello Hans :), I think porting uath(4) to usb almost have done that it works well to associate with AP and for WPA but I'm suffered from a strange panic after detach as follows: Memory modified after free 0xc4da3600(508) val=24000000 @ 0xc4da3600 panic: Most recently used by USBdev cpuid = 0 KDB: enter: panic [thread pid 17 tid 100036 ] Stopped at kdb_enter+0x3a: movl $0,kdb_why The detach step is like as follows: usb2_transfer_unsetup(sc->sc_xfer, UATH_N_XFERS); ... uath_free_rx_data_list(sc); uath_free_tx_data_list(sc); uath_free_cmd_list(sc, sc->sc_cmd, UATH_CMD_LIST_COUNT); that I've checked all memory leaks or calls after freeing memory but it looks it's not a driver problem. To solve this problem I modified codes slightly like below: usb2_transfer_unsetup(sc->sc_xfer, UATH_N_XFERS); usb2_pause_mtx(NULL, 5 * hz); ... uath_free_rx_data_list(sc); uath_free_tx_data_list(sc); uath_free_cmd_list(sc, sc->sc_cmd, UATH_CMD_LIST_COUNT); After adding it I couldn't see `Memory modified after free' messages anymore. My question is that I can't understand why adding usb2_pause_mtx() helps this symptom? regards, Weongyo Jeong