From owner-freebsd-usb@FreeBSD.ORG  Wed Mar 25 09:44:27 2009
Return-Path: <owner-freebsd-usb@FreeBSD.ORG>
Delivered-To: freebsd-usb@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7DB56106564A;
	Wed, 25 Mar 2009 09:44:27 +0000 (UTC)
	(envelope-from hselasky@c2i.net)
Received: from swip.net (mailfe05.swip.net [212.247.154.129])
	by mx1.freebsd.org (Postfix) with ESMTP id 8215D8FC2A;
	Wed, 25 Mar 2009 09:44:26 +0000 (UTC)
	(envelope-from hselasky@c2i.net)
X-Cloudmark-Score: 0.000000 []
X-Cloudmark-Analysis: v=1.0 c=1 a=wI6x41arB10A:10 a=UKUsQkNdRSAA:10
	a=9Yt7NY0kyk3sCSaNR-gA:9 a=NVB75EzmNUIsCWFwWjYA:7
	a=q2hXpYEFkKBWlZdNLZs2WmbQkdYA:4 a=LY0hPdMaydYA:10
Received: from [81.191.55.181] (account mc467741@c2i.net HELO [10.36.2.183])
	by mailfe05.swip.net (CommuniGate Pro SMTP 5.2.6)
	with ESMTPA id 1112770658; Wed, 25 Mar 2009 10:44:24 +0100
From: Hans Petter Selasky <hselasky@c2i.net>
To: Weongyo Jeong <weongyo@freebsd.org>
Date: Wed, 25 Mar 2009 10:46:54 +0100
User-Agent: KMail/1.9.7
References: <20090325091756.GA14916@weongyo.cdnetworks.kr>
In-Reply-To: <20090325091756.GA14916@weongyo.cdnetworks.kr>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200903251046.55586.hselasky@c2i.net>
Cc: Sam Leffler <sam@freebsd.org>, freebsd-usb@freebsd.org,
	Andrew Thompson <thompsa@freebsd.org>
Subject: Re: q: Memory modified after free in usb2
X-BeenThere: freebsd-usb@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: FreeBSD support for USB <freebsd-usb.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-usb>,
	<mailto:freebsd-usb-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-usb>
List-Post: <mailto:freebsd-usb@freebsd.org>
List-Help: <mailto:freebsd-usb-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-usb>,
	<mailto:freebsd-usb-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2009 09:44:27 -0000

On Wednesday 25 March 2009, Weongyo Jeong wrote:
> Hello Hans :),
>
> I think porting uath(4) to usb almost have done that it works well to
> associate with AP and for WPA but I'm suffered from a strange panic after
> detach as follows:
>
>   Memory modified after free 0xc4da3600(508) val=24000000 @ 0xc4da3600
>   panic: Most recently used by USBdev
>
>   cpuid = 0
>   KDB: enter: panic
>   [thread pid 17 tid 100036 ]
>   Stopped at      kdb_enter+0x3a: movl    $0,kdb_why
>
> The detach step is like as follows:
>
>   usb2_transfer_unsetup(sc->sc_xfer, UATH_N_XFERS);
>   ...
>   uath_free_rx_data_list(sc);
>   uath_free_tx_data_list(sc);
>   uath_free_cmd_list(sc, sc->sc_cmd, UATH_CMD_LIST_COUNT);
>
> that I've checked all memory leaks or calls after freeing memory but it
> looks it's not a driver problem.
>
> To solve this problem I modified codes slightly like below:
>
>   usb2_transfer_unsetup(sc->sc_xfer, UATH_N_XFERS);
>   usb2_pause_mtx(NULL, 5 * hz);
>   ...
>   uath_free_rx_data_list(sc);
>   uath_free_tx_data_list(sc);
>   uath_free_cmd_list(sc, sc->sc_cmd, UATH_CMD_LIST_COUNT);
>
> After adding it I couldn't see `Memory modified after free' messages
> anymore.  My question is that I can't understand why adding
> usb2_pause_mtx() helps this symptom?

Did you drain all the taskqueues before unsetup ?

--HPS