Date: Sun, 26 Jun 2005 11:30:58 +0200 From: Thierry Herbelot <thierry@herbelot.com> To: freebsd-current@freebsd.org Cc: Mike Silbersack <silby@silby.com> Subject: Re: Mbuf double-free guilty party detection patch Message-ID: <200506261131.00331.thierry@herbelot.com> In-Reply-To: <200506261049.42303.thierry@herbelot.com> References: <20050624212729.C537@odysseus.silby.com> <20050626064309.GA4700@nagual.pp.ru> <200506261049.42303.thierry@herbelot.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I wrote too soon : "better" error messages : This memory last freed by: c0663782 Memory modified after free 0xc20a9500(256) val=0 @ 0xc20a9540 This memory last freed by: c0663782 Memory modified after free 0xc20a9500(256) val=3 @ 0xc20a9544 This memory last freed by: c066a3b0 Memory modified after free 0xc20a9400(256) val=0 @ 0xc20a9400 This memory last freed by: c066a3b0 Memory modified after free 0xc20a9400(256) val=0 @ 0xc20a9404 This memory last freed by: c066a3b0 (these are the only two meaningful addresses in the log) multi-cur# addr2line -e /usr/src/sys/i386/compile/GENERIC/kernel.debug 0xc0663782 ../../../kern/uipc_mbuf.c:167 which is : 158 /* 159 * Free an entire chain of mbufs and associated external buffers, if 160 * applicable. 161 */ 162 void 163 m_freem(struct mbuf *mb) 164 { 165 166 while (mb != NULL) 167 mb = m_free(mb); 168 } multi-cur# addr2line -e /usr/src/sys/i386/compile/GENERIC/kernel.debug 0xc066a3b0 ../../../kern/uipc_socket2.c:1158 which is : 1147 if (m->m_len > len) { 1148 m->m_len -= len; 1149 m->m_data += len; 1150 sb->sb_cc -= len; 1151 if (m->m_type != MT_DATA && m->m_type != MT_HEADER && 1152 m->m_type != MT_OOBDATA) 1153 sb->sb_ctl -= len; 1154 break; 1155 } 1156 len -= m->m_len; 1157 sbfree(sb, m); 1158 m = m_free(m); the test case is : building the kernel while tar-ing the src tree over two separate ssh session. TfH
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506261131.00331.thierry>