From owner-freebsd-usb@FreeBSD.ORG Thu Mar 26 07:36:23 2009 Return-Path: Delivered-To: freebsd-usb@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3FE94106566C; Thu, 26 Mar 2009 07:36:23 +0000 (UTC) (envelope-from weongyo.jeong@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.224]) by mx1.freebsd.org (Postfix) with ESMTP id F1C088FC25; Thu, 26 Mar 2009 07:36:22 +0000 (UTC) (envelope-from weongyo.jeong@gmail.com) Received: by rv-out-0506.google.com with SMTP id l9so728391rvb.43 for ; Thu, 26 Mar 2009 00:36:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:received:from:date:to:cc :subject:message-id:reply-to:references:mime-version:content-type :content-disposition:in-reply-to:user-agent:organization :x-operation-sytem; bh=rGCV703ZAs5Ltk6MBLP2yy+Ev+vBZ4mPfe74rD1gOPE=; b=A1sHXAIMslefP0gTmgVvKxE/eQsyyh31YueKhQr05T1KlLGuI+cCpcfOan1a6DxzE8 +FEtE/+R/ClWe90YB9VasJKrnw5j9xw48wpqu3S7uS5yxCkpukiK1RnhMuS9MOwNcWM0 UouWOoC8qquX0Puue6P49hGCj/iaA8/5TCL7w= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:date:to:cc:subject:message-id:reply-to:references:mime-version :content-type:content-disposition:in-reply-to:user-agent :organization:x-operation-sytem; b=Z66SbKtQ3IsIq5D/H/Vuj/Mdk0q2u2RfsIfxeeAVzMCU5FkaIwfQJG8X5Xpt3SN71+ ngSePlaGdUhMIpjhsxAjwoo+P8hqqQ0dLb637A14QjyeFmCeKLEqDJtca/xvjpAS36Wc bDtYQBXKzrbEObxgrUMPAWD/MCL0fOQwiYoKU= Received: by 10.141.137.16 with SMTP id p16mr297590rvn.180.1238052982593; Thu, 26 Mar 2009 00:36:22 -0700 (PDT) Received: from weongyo ([114.111.62.249]) by mx.google.com with ESMTPS id g22sm19360953rvb.23.2009.03.26.00.36.19 (version=SSLv3 cipher=RC4-MD5); Thu, 26 Mar 2009 00:36:21 -0700 (PDT) Received: by weongyo (sSMTP sendmail emulation); Thu, 26 Mar 2009 16:36:16 +0900 From: Weongyo Jeong Date: Thu, 26 Mar 2009 16:36:16 +0900 To: Hans Petter Selasky Message-ID: <20090326073616.GA20088@weongyo.cdnetworks.kr> References: <20090325091756.GA14916@weongyo.cdnetworks.kr> <200903251046.55586.hselasky@c2i.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200903251046.55586.hselasky@c2i.net> User-Agent: Mutt/1.4.2.3i Organization: CDNetworks. X-Operation-Sytem: FreeBSD Cc: Sam Leffler , freebsd-usb@freebsd.org, Andrew Thompson Subject: Re: q: Memory modified after free in usb2 X-BeenThere: freebsd-usb@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Weongyo Jeong List-Id: FreeBSD support for USB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Mar 2009 07:36:23 -0000 On Wed, Mar 25, 2009 at 10:46:54AM +0100, Hans Petter Selasky wrote: > On Wednesday 25 March 2009, Weongyo Jeong wrote: > > Hello Hans :), > > > > I think porting uath(4) to usb almost have done that it works well to > > associate with AP and for WPA but I'm suffered from a strange panic after > > detach as follows: > > > > Memory modified after free 0xc4da3600(508) val=24000000 @ 0xc4da3600 > > panic: Most recently used by USBdev > > > > cpuid = 0 > > KDB: enter: panic > > [thread pid 17 tid 100036 ] > > Stopped at kdb_enter+0x3a: movl $0,kdb_why > > > > The detach step is like as follows: > > > > usb2_transfer_unsetup(sc->sc_xfer, UATH_N_XFERS); > > ... > > uath_free_rx_data_list(sc); > > uath_free_tx_data_list(sc); > > uath_free_cmd_list(sc, sc->sc_cmd, UATH_CMD_LIST_COUNT); > > > > that I've checked all memory leaks or calls after freeing memory but it > > looks it's not a driver problem. > > > > To solve this problem I modified codes slightly like below: > > > > usb2_transfer_unsetup(sc->sc_xfer, UATH_N_XFERS); > > usb2_pause_mtx(NULL, 5 * hz); > > ... > > uath_free_rx_data_list(sc); > > uath_free_tx_data_list(sc); > > uath_free_cmd_list(sc, sc->sc_cmd, UATH_CMD_LIST_COUNT); > > > > After adding it I couldn't see `Memory modified after free' messages > > anymore. My question is that I can't understand why adding > > usb2_pause_mtx() helps this symptom? > > Did you drain all the taskqueues before unsetup ? It looks I found a problem that some tasks running by net80211 causes this problem. It looks calling usb2_transfer_unsetup() after ieee80211_ifdetach(ic) solves the problem. Thanks! regards, Weongyo Jeong