CURRENT + amd64 + user-ppp = panic
Victor Snezhko
snezhko at indorsoft.ru
Wed Nov 9 00:25:52 PST 2005
Mark Tinguely <tinguely at casselton.net> writes:
> This is great, you caught the kernel trashing a callout entry
> in uma_dbg.
Hmm, not so fast...
Look at the list output:
103 if ((u_int32_t)c == uma_junk) {
104 kdb_enter("trash_dtor: uma_junk found in a "\
105 "callwheel element");
By the moment when I start traversing callwheel, it is already
corrupted! (Or maybe modified by someone who doesn't hold the
callout_lock)
> I cannot figure out how #14 linked the function sorecieved() to
> the inline function uma_zfree(). (thinking as I am typing) Could
> someone changed the recieve function call for this socket?
Maybe inline function introduces this mess?
> In my opinion, you can remove the callout_check_callwheel function
> and calls.
Agreed, I just wanted to demonstrate that things are not so simple.
> You want to always catch it before it corrupts, and that
> is done in the uma_dbg.
Unfortunately, uma_dbg catches already corrupted callwheel (or
not catches anything at all, in this case ppp works)
> Once you catch the corruption, we know it will panic in the near
> future, unless we are in the debugger long enough, for the timer to
> expire and be removed.
Hmm, looks like it's really so. This needs additional checking.
> I would completely delete the compile directory and "config" and
> do a fresh make.
This is exactly what I have done before submitting my report. Because
I cvsdown'ed to 2005.10.21.16.30.00 to be independent of recent
changes that would mess up something. I also tested on fresh current
on Saturday or Sunday - backtrace was similar - may be different lines
or something.
--
WBR, Victor V. Snezhko
EMail: snezhko at indorsoft.ru
More information about the freebsd-current
mailing list