Date: Mon, 10 Dec 2012 18:33:54 -0800 From: Navdeep Parhar <nparhar@gmail.com> To: Garrett Cooper <yanegomi@gmail.com> Cc: mdf@freebsd.org, Adrian Chadd <adrian@freebsd.org>, FreeBSD Current <freebsd-current@freebsd.org>, freebsd-net@freebsd.org Subject: Re: "Memory modified after free" - by whom? Message-ID: <20121211023354.GA1916@itx> In-Reply-To: <CAGH67wSQMwUHWRkTde7xkeTx2AR5Q=1dV-6amKgDE_HbOA-U7g@mail.gmail.com> References: <CAGH67wQKUDLQmL8cnWwgzQpWAN2OhKLu0AemPNuy7EOC-i1p9g@mail.gmail.com> <CAJ-Vmo=MsSV3DhAVEP36d%2BFccHDdQz7%2By7v5xTjYKyBP0PfQoQ@mail.gmail.com> <CAMBSHm96ZEiF4mOhUyk-aDS%2BGs%2BhDsh_dMsd-WFcmZ%2BSm6Zk%2BA@mail.gmail.com> <CAJ-Vmok2C_hWd4sDzoVLNWuAzgeP9Cmv6VNfcikDogG_rw8JYg@mail.gmail.com> <CAGH67wSQMwUHWRkTde7xkeTx2AR5Q=1dV-6amKgDE_HbOA-U7g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 10, 2012 at 05:37:17PM -0800, Garrett Cooper wrote: > On Mon, Dec 10, 2012 at 3:21 PM, Adrian Chadd <adrian@freebsd.org> wrote: > > On 10 December 2012 15:18, <mdf@freebsd.org> wrote: > >> On Mon, Dec 10, 2012 at 3:10 PM, Adrian Chadd <adrian@freebsd.org> wrote: > >>> 9216 sounds like a jumbo frame mbuf. So the NIC is writing to an mbuf > >>> after it's finalised/freed. > >>> > >>> I have a similar bug showing up on ath(4) RX. :( > >> > >> Compile with DEBUG_MEMGUARD in the kernel configuration, and then set > >> vm.memguard.desc to the name of the UMA zone used for the 9216 byte > >> allocations, mbuf_jumbo_9k. This should cause a panic when the memory > >> is touched after free. > > > > Right, but I think its a _hardware_ access after the buffer has been freed.. > > At least that will give me an idea of who to punt the bug over to > next (assuming it lists the driver) -- one of the network folks, jfv, > or np :). It seems to be a recent change that's causing this (it's > spewing out these warnings every couple seconds), but that might also > be related to me getting lagg working on CURRENT as my last known base > was 9-STABLE and a lot of networking changes haven't been MFCed :). If you suspect it's a DMA from the NIC after the 9K cluster has been freed, see if the "corrupt" portion looks anything like an Ethernet frame. If it does then the DMAC in the frame will tell you who to follow up with -- jfv@ or me :-) (btw, your log had "val=ffffffff" so I think it's something else..) Regards, Navdeep > I could probably look through the code too after compiling it, but > it would take too long. > Thanks! > -Garrett > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121211023354.GA1916>