Re: panic: ifc_free_unit: bit is already cleared

From: Andrew Thompson <thompsa_at_freebsd.org>
Date: Wed, 12 Oct 2005 10:06:02 +1300
On Mon, Oct 10, 2005 at 01:29:00PM -0700, Brooks Davis wrote:
> On Mon, Oct 10, 2005 at 03:22:08PM +1300, Andrew Thompson wrote:
> > On Mon, Oct 10, 2005 at 03:28:49AM +0400, Yar Tikhiy wrote:
> > > FWIW, I tried to look at the $subject problem since I had had it
> > > before, but just got a different panic:
> > > 
> > >         Memory modified after free 0xc140b000(4092) val=deadc0dc _at_ 0xc140b000
> > >         panic: Most recently used by clone
> > > 
> > > The clone code seems to have decremented something (refcount?) twice
> > > after freeing the memory chunk.
> > 
> > I have been testing this patch and I think it fixes all the problems
> > discussed.
> > 
> > It changes refcounting to count the number of cloned interfaces so
> > ifc_units is only freed when its safe. A new function has been added to
> > decrement this when a simple cloner module is unloaded. The cloner is
> > still detached first to prevent the race.
> > 
> > In most cases the change is as simple as:
> 
> I don't see any reason why you can't just replace the specific destroy
> calls with calls to ifc_simple_destroy().  That would avoid expanding
> the API.

I have updated the patch and yes, its a nicer way to do it. Please
review.

Ive run through interations of create/kldunload with bridge, disc,
faith, gif, gre and ppp with extra printf's and its freeing correctly.

Andrew

Received on Tue Oct 11 2005 - 19:06:09 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:45 UTC