q: Memory modified after free in usb2
Weongyo Jeong
weongyo.jeong at gmail.com
Wed Mar 25 18:49:43 PDT 2009
On Wed, Mar 25, 2009 at 10:46:54AM +0100, Hans Petter Selasky wrote:
> On Wednesday 25 March 2009, Weongyo Jeong wrote:
> > Hello Hans :),
> >
> > I think porting uath(4) to usb almost have done that it works well to
> > associate with AP and for WPA but I'm suffered from a strange panic after
> > detach as follows:
> >
> > Memory modified after free 0xc4da3600(508) val=24000000 @ 0xc4da3600
> > panic: Most recently used by USBdev
> >
> > cpuid = 0
> > KDB: enter: panic
> > [thread pid 17 tid 100036 ]
> > Stopped at kdb_enter+0x3a: movl $0,kdb_why
> >
> > The detach step is like as follows:
> >
> > usb2_transfer_unsetup(sc->sc_xfer, UATH_N_XFERS);
> > ...
> > uath_free_rx_data_list(sc);
> > uath_free_tx_data_list(sc);
> > uath_free_cmd_list(sc, sc->sc_cmd, UATH_CMD_LIST_COUNT);
> >
> > that I've checked all memory leaks or calls after freeing memory but it
> > looks it's not a driver problem.
> >
> > To solve this problem I modified codes slightly like below:
> >
> > usb2_transfer_unsetup(sc->sc_xfer, UATH_N_XFERS);
> > usb2_pause_mtx(NULL, 5 * hz);
> > ...
> > uath_free_rx_data_list(sc);
> > uath_free_tx_data_list(sc);
> > uath_free_cmd_list(sc, sc->sc_cmd, UATH_CMD_LIST_COUNT);
> >
> > After adding it I couldn't see `Memory modified after free' messages
> > anymore. My question is that I can't understand why adding
> > usb2_pause_mtx() helps this symptom?
>
> Did you drain all the taskqueues before unsetup ?
Yes. All I used was two callouts that the driver currently doesn't use
usb2_proc_create() and tried to drain its before calling
usb2_transfer_unsetup() but it still encounters `Memory modified after
free'.
regards,
Weongyo Jeong
More information about the freebsd-usb
mailing list