Re: head -r356109 on 32-bit powerpc (old PowerMac): Memory modified after free during late-stage of boot, most recently used by bus-sc

From: Ian Lepore <ian_at_freebsd.org>
Date: Sun, 29 Dec 2019 15:17:58 -0700
On Sun, 2019-12-29 at 23:04 +0100, Hans Petter Selasky wrote:
> On 2019-12-29 22:53, Mark Millard via freebsd-hackers wrote:
> > 0xd2630510: at uma_zalloc_arg+0x1b4
> > 0xd2630540: at malloc+0xfc
> > 0xd2630580: at alloc_bounce_pages+0x7c
> > 0xd26305c0: at bus_dmamap_create+0x1e8
> 
> Do you know what drivers are using bounce pages?
> 
> 

busdma isn't the culprit here.  It was trying to allocate memory and
the uma code found a block that was free and checked it before handing
it out, and discovered that it had been modified after being freed.

Before being freed, the memory was last used as the softc for some
device (perhaps only during probing of a device that never attached). 
That device would most likely be the culprit (or a wild-pointer write
hit that block).

-- Ian
Received on Sun Dec 29 2019 - 21:18:05 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:22 UTC