Mbuf double-free guilty party detection patch
Thierry Herbelot
thierry at herbelot.com
Sun Jun 26 09:31:10 GMT 2005
I wrote too soon :
"better" error messages :
This memory last freed by: c0663782
Memory modified after free 0xc20a9500(256) val=0 @ 0xc20a9540
This memory last freed by: c0663782
Memory modified after free 0xc20a9500(256) val=3 @ 0xc20a9544
This memory last freed by: c066a3b0
Memory modified after free 0xc20a9400(256) val=0 @ 0xc20a9400
This memory last freed by: c066a3b0
Memory modified after free 0xc20a9400(256) val=0 @ 0xc20a9404
This memory last freed by: c066a3b0
(these are the only two meaningful addresses in the log)
multi-cur# addr2line -e /usr/src/sys/i386/compile/GENERIC/kernel.debug
0xc0663782
../../../kern/uipc_mbuf.c:167
which is :
158 /*
159 * Free an entire chain of mbufs and associated external buffers, if
160 * applicable.
161 */
162 void
163 m_freem(struct mbuf *mb)
164 {
165
166 while (mb != NULL)
167 mb = m_free(mb);
168 }
multi-cur# addr2line -e /usr/src/sys/i386/compile/GENERIC/kernel.debug
0xc066a3b0
../../../kern/uipc_socket2.c:1158
which is :
1147 if (m->m_len > len) {
1148 m->m_len -= len;
1149 m->m_data += len;
1150 sb->sb_cc -= len;
1151 if (m->m_type != MT_DATA && m->m_type !=
MT_HEADER &&
1152 m->m_type != MT_OOBDATA)
1153 sb->sb_ctl -= len;
1154 break;
1155 }
1156 len -= m->m_len;
1157 sbfree(sb, m);
1158 m = m_free(m);
the test case is : building the kernel while tar-ing the src tree over two
separate ssh session.
TfH
More information about the freebsd-current
mailing list