Date: Sun, 26 Jun 2005 11:30:58 +0200 From: Thierry Herbelot <thierry@herbelot.com> To: freebsd-current@freebsd.org Cc: Mike Silbersack <silby@silby.com> Subject: Re: Mbuf double-free guilty party detection patch Message-ID: <200506261131.00331.thierry@herbelot.com> In-Reply-To: <200506261049.42303.thierry@herbelot.com> References: <20050624212729.C537@odysseus.silby.com> <20050626064309.GA4700@nagual.pp.ru> <200506261049.42303.thierry@herbelot.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I wrote too soon :
"better" error messages :
This memory last freed by: c0663782
Memory modified after free 0xc20a9500(256) val=0 @ 0xc20a9540
This memory last freed by: c0663782
Memory modified after free 0xc20a9500(256) val=3 @ 0xc20a9544
This memory last freed by: c066a3b0
Memory modified after free 0xc20a9400(256) val=0 @ 0xc20a9400
This memory last freed by: c066a3b0
Memory modified after free 0xc20a9400(256) val=0 @ 0xc20a9404
This memory last freed by: c066a3b0
(these are the only two meaningful addresses in the log)
multi-cur# addr2line -e /usr/src/sys/i386/compile/GENERIC/kernel.debug
0xc0663782
../../../kern/uipc_mbuf.c:167
which is :
158 /*
159 * Free an entire chain of mbufs and associated external buffers, if
160 * applicable.
161 */
162 void
163 m_freem(struct mbuf *mb)
164 {
165
166 while (mb != NULL)
167 mb = m_free(mb);
168 }
multi-cur# addr2line -e /usr/src/sys/i386/compile/GENERIC/kernel.debug
0xc066a3b0
../../../kern/uipc_socket2.c:1158
which is :
1147 if (m->m_len > len) {
1148 m->m_len -= len;
1149 m->m_data += len;
1150 sb->sb_cc -= len;
1151 if (m->m_type != MT_DATA && m->m_type !=
MT_HEADER &&
1152 m->m_type != MT_OOBDATA)
1153 sb->sb_ctl -= len;
1154 break;
1155 }
1156 len -= m->m_len;
1157 sbfree(sb, m);
1158 m = m_free(m);
the test case is : building the kernel while tar-ing the src tree over two
separate ssh session.
TfH
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506261131.00331.thierry>