Mark Tinguely <tinguely_at_casselton.net> writes: > This is great, you caught the kernel trashing a callout entry > in uma_dbg. Hmm, not so fast... Look at the list output: 103 if ((u_int32_t)c == uma_junk) { 104 kdb_enter("trash_dtor: uma_junk found in a "\ 105 "callwheel element"); By the moment when I start traversing callwheel, it is already corrupted! (Or maybe modified by someone who doesn't hold the callout_lock) > I cannot figure out how #14 linked the function sorecieved() to > the inline function uma_zfree(). (thinking as I am typing) Could > someone changed the recieve function call for this socket? Maybe inline function introduces this mess? > In my opinion, you can remove the callout_check_callwheel function > and calls. Agreed, I just wanted to demonstrate that things are not so simple. > You want to always catch it before it corrupts, and that > is done in the uma_dbg. Unfortunately, uma_dbg catches already corrupted callwheel (or not catches anything at all, in this case ppp works) > Once you catch the corruption, we know it will panic in the near > future, unless we are in the debugger long enough, for the timer to > expire and be removed. Hmm, looks like it's really so. This needs additional checking. > I would completely delete the compile directory and "config" and > do a fresh make. This is exactly what I have done before submitting my report. Because I cvsdown'ed to 2005.10.21.16.30.00 to be independent of recent changes that would mess up something. I also tested on fresh current on Saturday or Sunday - backtrace was similar - may be different lines or something. -- WBR, Victor V. Snezhko EMail: snezhko_at_indorsoft.ruReceived on Wed Nov 09 2005 - 07:25:51 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:47 UTC