Date: Thu, 26 May 2011 11:27:32 -0400 From: Arnaud Lacombe <lacombar@gmail.com> To: Joerg Wunsch <j@uriah.heep.sax.de> Cc: freebsd-net@freebsd.org Subject: Re: kern/157287: re0: INVARIANTS panic (Memory modified after free) Message-ID: <BANLkTinDZV%2BUEHuADfkfEVQC9vAvgSTjNQ@mail.gmail.com> In-Reply-To: <201105252040.p4PKeB6B082921@freefall.freebsd.org> References: <201105252040.p4PKeB6B082921@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
On Wed, May 25, 2011 at 4:40 PM, Joerg Wunsch <j@uriah.heep.sax.de> wrote:
> The following reply was made to PR kern/157287; it has been noted by GNATS.
>
> From: Joerg Wunsch <j@uriah.heep.sax.de>
> To: FreeBSD-gnats-submit@freebsd.org, freebsd-bugs@FreeBSD.org
> Cc:
> Subject: Re: kern/157287: re0: INVARIANTS panic (Memory modified after free)
> Date: Wed, 25 May 2011 22:33:13 +0200
>
> Some more analysis on the stack trace:
>
> re_attach+0x118a corresponds to re_allocmem(), line 1085:
>
> /* Allocate DMA'able memory for the RX ring */
>
> error = bus_dmamem_alloc(sc->rl_ldata.rl_rx_list_tag,
> (void **)&sc->rl_ldata.rl_rx_list,
> BUS_DMA_WAITOK | BUS_DMA_COHERENT | BUS_DMA_ZERO,
> &sc->rl_ldata.rl_rx_list_map);
>
> callee bus_dmamem_alloc+0x8a is i386/i386/busdma_machdep.c,
> bus_dmamem_alloc() line 526:
>
> /*
> * XXX:
> * (dmat->alignment < dmat->maxsize) is just a quick hack; the exact
> * alignment guarantees of malloc need to be nailed down, and the
> * code below should be rewritten to take that into account.
> *
> * In the meantime, we'll warn the user if malloc gets it wrong.
> */
> if ((dmat->maxsize <= PAGE_SIZE) &&
> (dmat->alignment < dmat->maxsize) &&
> dmat->lowaddr >= ptoa((vm_paddr_t)Maxmem)) {
> *vaddr = malloc(dmat->maxsize, M_DEVBUF, mflags);
> } else {
>
> I could not spot anything obvious though.
This would likely only be the trigger of the panic, following the
inconsistency. Finding the previous owner of the memory chunk would
give more clue, AFAIK, FreeBSD do record the IP of the last user of a
memory chunk (as does Linux' kmemcheck), so that might not be trivial
to find out.
- Arnaud
>
> --
> cheers, J"org .-.-. --... ...-- -.. . DL8DTL
>
> http://www.sax.de/~joerg/ NIC: JW11-RIPE
> Never trust an operating system you don't have sources for. ;-)
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTinDZV%2BUEHuADfkfEVQC9vAvgSTjNQ>