From owner-freebsd-hackers@freebsd.org Sun Dec 29 22:18:05 2019 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 13CFB1EC702 for ; Sun, 29 Dec 2019 22:18:05 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from outbound2m.ore.mailhop.org (outbound2m.ore.mailhop.org [54.149.155.156]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47mFLh4k8dz4Btp for ; Sun, 29 Dec 2019 22:18:04 +0000 (UTC) (envelope-from ian@freebsd.org) ARC-Seal: i=1; a=rsa-sha256; t=1577657882; cv=none; d=outbound.mailhop.org; s=arc-outbound20181012; b=NEExqKe5LzZ6zs/DWyGL0uaMF6Ih7V878XjuCf7Ou2SyyIY+cfmKZicfEwwhhW09Z22yKUFox1mRK v+fOB++a+gbX+lgRA3t0JEY7uW/J3ZBaRuOY7oz/fLDy/gkr5IXhJyo3kfh7t65lp2dU8vCEhUY5RP HtKdMgT1Ni2q7c77+Meyrb56871x8vkkz4j8FNDqi5VDf5XG3llsy9Dfwet6nOwG7zxM2eBL/EkRSk fsE0FOeY+2GWx/kuT8oERehOb9jiZfOMBvI4J9DMtc6H+DzvWCB1TLrxh+N3KdV04Ni8mIRZjyqtJe v0irfoUngttYUhs6cEWGP0qwpnSkgLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=arc-outbound20181012; h=content-transfer-encoding:mime-version:content-type:references:in-reply-to: date:to:from:subject:message-id:dkim-signature:from; bh=toCG9VxpbGq2eDSiy5Yj2NLeWr4rHpiQLyKUQALsdQ0=; b=mR0y9e6l2vZAwHu/tqjnye4QLn2Gi8IYiTuZVa+8PIazw5qmFdYU21zoR/9wFq6WQKohItJ15YBnk VDZO8UB9dFqSx2J1KmixQvwNxF+/RotiZoH6Ny6puF98BBYZb5yhpaoXqGUIhkCdUXL4TMFkme8V2B 08D/dFM6xxQOMQc6qwW4w+u8Rn12mwsg0WYRZyuEWG9BdFW6MbnDFx+N9xoeDt1KgLOnT4mXsiCL1z zNFKsp0g8qtiU+H+/47iODrfwA5fsFaXwWtepL/81OMPqvI/O+QRQEjNO200KxCKckBvUo29gvwRUv U8n48dj+Fq/W1MPDYG1Ek4LNdROekZQ== ARC-Authentication-Results: i=1; outbound4.ore.mailhop.org; spf=softfail smtp.mailfrom=freebsd.org smtp.remote-ip=67.177.211.60; dmarc=none header.from=freebsd.org; arc=none header.oldest-pass=0; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=dkim-high; h=content-transfer-encoding:mime-version:content-type:references:in-reply-to: date:to:from:subject:message-id:from; bh=toCG9VxpbGq2eDSiy5Yj2NLeWr4rHpiQLyKUQALsdQ0=; b=TKQLbBEXFq5Vo+oYpOTYKwSoyScJBCaOvbeV4qRiFU7xJb6lIxNud4FpG0oS/1w3UPnqwwP80B1XW fU+9U/jk7KlZPlprKS6Z+Rbuxihcq6u2c+s+8/H0qLaLJ8S+5rxcuOjiJkVJJlrrG11xzqKFOLzxZN xBar5jzy12Mnf5Dfasn0nudCr2wvPL/we9QSRNDSHhGcR5GL096fdxaX+K9AZt7d3WyC64D9zKQTdB V/3hmOs0KM37PSUrRDBQf1wb82PFnTgkKgkwiSGNWUzqABUntRU0Vp95qVqAQdkMym6mlDXDRuiKZS yDaXTB9QvMsPQ2q7cRvaUe4NG9mrWCA== X-MHO-RoutePath: aGlwcGll X-MHO-User: 12246c86-2a89-11ea-829f-79a40d15cccd X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information X-Originating-IP: 67.177.211.60 X-Mail-Handler: DuoCircle Outbound SMTP Received: from ilsoft.org (unknown [67.177.211.60]) by outbound4.ore.mailhop.org (Halon) with ESMTPSA id 12246c86-2a89-11ea-829f-79a40d15cccd; Sun, 29 Dec 2019 22:18:01 +0000 (UTC) Received: from rev (rev [172.22.42.240]) by ilsoft.org (8.15.2/8.15.2) with ESMTP id xBTMHwdM098783; Sun, 29 Dec 2019 15:17:59 -0700 (MST) (envelope-from ian@freebsd.org) Message-ID: Subject: Re: head -r356109 on 32-bit powerpc (old PowerMac): Memory modified after free during late-stage of boot, most recently used by bus-sc From: Ian Lepore To: Hans Petter Selasky , Mark Millard , FreeBSD Current , freebsd-hackers@freebsd.org, FreeBSD PowerPC ML Date: Sun, 29 Dec 2019 15:17:58 -0700 In-Reply-To: <42bf7ff5-1279-28cb-5b4b-a0335e819a3a@selasky.org> References: <28FD8632-AC91-40D7-B6E7-36E304D37794.ref@yahoo.com> <28FD8632-AC91-40D7-B6E7-36E304D37794@yahoo.com> <42bf7ff5-1279-28cb-5b4b-a0335e819a3a@selasky.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5 FreeBSD GNOME Team Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47mFLh4k8dz4Btp X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-1.96 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-0.97)[-0.969,0]; NEURAL_HAM_LONG(-1.00)[-0.996,0]; ASN(0.00)[asn:16509, ipnet:54.148.0.0/15, country:US] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Dec 2019 22:18:05 -0000 On Sun, 2019-12-29 at 23:04 +0100, Hans Petter Selasky wrote: > On 2019-12-29 22:53, Mark Millard via freebsd-hackers wrote: > > 0xd2630510: at uma_zalloc_arg+0x1b4 > > 0xd2630540: at malloc+0xfc > > 0xd2630580: at alloc_bounce_pages+0x7c > > 0xd26305c0: at bus_dmamap_create+0x1e8 > > Do you know what drivers are using bounce pages? > > busdma isn't the culprit here. It was trying to allocate memory and the uma code found a block that was free and checked it before handing it out, and discovered that it had been modified after being freed. Before being freed, the memory was last used as the softc for some device (perhaps only during probing of a device that never attached). That device would most likely be the culprit (or a wild-pointer write hit that block). -- Ian