From owner-freebsd-current@FreeBSD.ORG Wed Nov 9 08:25:51 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC24116A41F for ; Wed, 9 Nov 2005 08:25:51 +0000 (GMT) (envelope-from snezhko@indorsoft.ru) Received: from indor.net.tomline.ru (indor.net.tomline.ru [213.183.100.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id C303B43D58 for ; Wed, 9 Nov 2005 08:25:50 +0000 (GMT) (envelope-from snezhko@indorsoft.ru) Received: from SNEZHKO by indorsoft.ru (MDaemon.PRO.v7.2.2.R) with ESMTP id md50000028726.msg for ; Wed, 09 Nov 2005 14:25:41 +0600 X-AntiVirus: Checked by Dr.Web [version: 4.32b, engine: 4.32b, virus records: 126749, updated: 7.11.2005] To: Mark Tinguely References: <200511082137.jA8Lbdkm097916@casselton.net> From: Victor Snezhko Date: Wed, 09 Nov 2005 14:25:37 +0600 In-Reply-To: <200511082137.jA8Lbdkm097916@casselton.net> (Mark Tinguely's message of "Tue, 8 Nov 2005 15:37:39 -0600 (CST)") Message-ID: User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3 (windows-nt) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Processed: indor.net.tomline.ru, Wed, 09 Nov 2005 14:25:41 +0600 (not processed: spam filter disabled) X-Return-Path: snezhko@indorsoft.ru X-MDaemon-Deliver-To: freebsd-current@freebsd.org X-VVS-Spam: false Cc: max@love2party.net, freebsd-current@freebsd.org Subject: Re: CURRENT + amd64 + user-ppp = panic X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Nov 2005 08:25:52 -0000 Mark Tinguely writes: > This is great, you caught the kernel trashing a callout entry > in uma_dbg. Hmm, not so fast... Look at the list output: 103 if ((u_int32_t)c == uma_junk) { 104 kdb_enter("trash_dtor: uma_junk found in a "\ 105 "callwheel element"); By the moment when I start traversing callwheel, it is already corrupted! (Or maybe modified by someone who doesn't hold the callout_lock) > I cannot figure out how #14 linked the function sorecieved() to > the inline function uma_zfree(). (thinking as I am typing) Could > someone changed the recieve function call for this socket? Maybe inline function introduces this mess? > In my opinion, you can remove the callout_check_callwheel function > and calls. Agreed, I just wanted to demonstrate that things are not so simple. > You want to always catch it before it corrupts, and that > is done in the uma_dbg. Unfortunately, uma_dbg catches already corrupted callwheel (or not catches anything at all, in this case ppp works) > Once you catch the corruption, we know it will panic in the near > future, unless we are in the debugger long enough, for the timer to > expire and be removed. Hmm, looks like it's really so. This needs additional checking. > I would completely delete the compile directory and "config" and > do a fresh make. This is exactly what I have done before submitting my report. Because I cvsdown'ed to 2005.10.21.16.30.00 to be independent of recent changes that would mess up something. I also tested on fresh current on Saturday or Sunday - backtrace was similar - may be different lines or something. -- WBR, Victor V. Snezhko EMail: snezhko@indorsoft.ru