Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 09 Nov 2005 14:25:37 +0600
From:      Victor Snezhko <snezhko@indorsoft.ru>
To:        Mark Tinguely <tinguely@casselton.net>
Cc:        max@love2party.net, freebsd-current@freebsd.org
Subject:   Re: CURRENT + amd64 + user-ppp = panic
Message-ID:  <upspai5xa.fsf@indorsoft.ru>
In-Reply-To: <200511082137.jA8Lbdkm097916@casselton.net> (Mark Tinguely's message of "Tue, 8 Nov 2005 15:37:39 -0600 (CST)")
References:  <200511082137.jA8Lbdkm097916@casselton.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Mark Tinguely <tinguely@casselton.net> writes:

> This is great, you caught the kernel trashing a callout entry
> in uma_dbg.

Hmm, not so fast...

Look at the list output:

103	if ((u_int32_t)c == uma_junk) {
104		kdb_enter("trash_dtor: uma_junk found in a "\
105			  "callwheel element");

By the moment when I start traversing callwheel, it is already
corrupted! (Or maybe modified by someone who doesn't hold the
callout_lock)

> I cannot figure out how #14 linked the function sorecieved() to 
> the inline function uma_zfree(). (thinking as I am typing) Could
> someone changed the recieve function call for this socket?

Maybe inline function introduces this mess?

> In my opinion, you can remove the callout_check_callwheel function
> and calls.

Agreed, I just wanted to demonstrate that things are not so simple.

> You want to always catch it before it corrupts, and that
> is done in the uma_dbg. 

Unfortunately, uma_dbg catches already corrupted callwheel (or
not catches anything at all, in this case ppp works)

> Once you catch the corruption, we know it will panic in the near
> future, unless we are in the debugger long enough, for the timer to
> expire and be removed.

Hmm, looks like it's really so. This needs additional checking.

> I would completely delete the compile directory and "config" and
> do a fresh make.

This is exactly what I have done before submitting my report. Because
I cvsdown'ed to 2005.10.21.16.30.00 to be independent of recent
changes that would mess up something. I also tested on fresh current
on Saturday or Sunday - backtrace was similar - may be different lines
or something.

-- 
WBR, Victor V. Snezhko
EMail: snezhko@indorsoft.ru





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?upspai5xa.fsf>