Mbuf double-free guilty party detection patch
Peter Holm
peter at holm.cc
Sat Jun 25 21:45:09 GMT 2005
On Sat, Jun 25, 2005 at 03:52:01PM -0400, Mike Silbersack wrote:
> > On Sat, Jun 25, 2005 at 12:38:56PM -0400, Mike Silbersack wrote:
> >> > x.123e:This memory last freed by: 0xc2fa6c00
> >> > x.123e-panic: Memory modified after free 0xc2fa6a00(256) val=c2fa6c00
> > (kgdb) x/40x 0xc2fa6a00
> > 0xc2fa6a00: 0xc2fa6c00 0x00000000 0xc24b1ae0 0x00000520
>
> I'm going to have to doublecheck my patch when I get home - the address
> returned by "This memory last freed by" should be a pointer to a function
> address, not a piece of data.
>
> So that we get more results, why don't you change the panic in trash_ctor
> to a printf, then you can continue to run tests and see how many mbufs are
> being corrupted without the issue of having to reboot after a panic, etc.
>
> Mike "Silby" Silbersack
Maybe a panic is better: I got quite a few before I had to reset the
box:
71 This memory last freed by: 0
18 This memory last freed by: 0x800
17 This memory last freed by: 0xdeadc0df
17 This memory last freed by: 0x1
I also added a backtrace and here's the high score:
32 tcp_output(c1e4e564) at tcp_output+0xa42
32 tcp_input(c1a1fc00,14,c1a1fc00,0,0) at tcp_input+0x2b0f
32 ip_input(c1a1fc00) at ip_input+0x511
29 vm_pageout_scan(2,c09ab0c0,0,c086e990,5c3) at vm_pageout_scan+0x107
--
Peter Holm
More information about the freebsd-current
mailing list