From owner-freebsd-current@FreeBSD.ORG Tue Jan 6 11:42:43 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B129216A4CE for ; Tue, 6 Jan 2004 11:42:43 -0800 (PST) Received: from gw.catspoiler.org (217-ip-163.nccn.net [209.79.217.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CBBE43D45 for ; Tue, 6 Jan 2004 11:42:38 -0800 (PST) (envelope-from truckman@FreeBSD.org) Received: from FreeBSD.org (mousie.catspoiler.org [192.168.101.2]) by gw.catspoiler.org (8.12.9p2/8.12.9) with ESMTP id i06JgU7E014657; Tue, 6 Jan 2004 11:42:34 -0800 (PST) (envelope-from truckman@FreeBSD.org) Message-Id: <200401061942.i06JgU7E014657@gw.catspoiler.org> Date: Tue, 6 Jan 2004 11:42:30 -0800 (PST) From: Don Lewis To: shoesoft@gmx.net In-Reply-To: <1073404061.736.15.camel@shoeserv.freebsd> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii cc: current@FreeBSD.org Subject: Re: page fault panic tracked down (selwakeuppri()) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jan 2004 19:42:43 -0000 On 6 Jan, Stefan Ehmann wrote: > On Tue, 2004-01-06 at 03:06, Don Lewis wrote: >> The parameters passed to feed_vchan_16() might be bad in such a way that >> the KASSERT is happy, but the heap still gets trashed. >> >> If you can't get the KASSERT failure without this code being in a module >> (or get gdb to debug the module), it might be interesting to change this >> KASSERT into an "if" test that prints the parameters and anything else >> of interest and then calls panic(). > > As a workaround I just built the sound modules with COPTS=-g and > installed them. > > Unfortunately I haven't been able to reproduce the previous panic in the > modules again. I hope I can restore the exact configuration to get the > "bad bufsize" panic - this time with more debug info. > > This time I got one more page fault panic and then this - looks even > more random to me > > panic: Most recently used by none > #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 > #1 0xc04e5178 in boot (howto=256) at > /usr/src/sys/kern/kern_shutdown.c:372 > #2 0xc04e5507 in panic () at /usr/src/sys/kern/kern_shutdown.c:550 > #3 0xc0632077 in mtrash_ctor (mem=0xc37dcc00, size=0, arg=0x0) > at /usr/src/sys/vm/uma_dbg.c:137 Looks like the heap got trashed again, but this time the damage was first detected on the free list. Judging by the "none", I suspect that the memory was overwritten by 0's, which seems to be the typical damage.