|
Description
|
Jim Litchfield has been seeing panics on his laptop when using punchin
on nightly.1016-nd. The panics have been presenting themselves in odd
places -- BAD TRAPs when accessing or freeing "struct anon_hdr"s or
"struct tsd_thread"s. The panics don't happen when running DEBUG bits.
The machine was working just fine with build 75a.
I did some initial investigation, and it looked to me like some 32-byte
buffer had been freed twice. Since we were running without kmem_flags
enabled, I couldn't tell much more than that. Since the bug was
reproducible, I asked Jim to try it again with kmem_flags set to 1. This
enables kmem auditing, but doesn't overwrite buffers with 0xdeadbeef.
This time it produced a more coherent panic:
kernel memory allocator:
redzone violation: write past end of buffer
buffer=ffffff01a2f17cb0 bufctl=ffffff01a486fd88 cache: kmem_alloc_32
previous transaction on buffer ffffff01a2f17cb0:
thread=ffffff0190d86080 time=T-0.000128232
slab=ffffff01a41cbf88 cache: kmem_alloc_32
kmem_cache_free_debug+131
kmem_cache_free+4e
kmem_free+142
icmp_close_free+3a
icmp_close+31
qdetach+bf
strclose+357
socktpi_close+1d0
fop_close+64
closef+56
closeandsetf+458
close+14
A dump with kmem_flags=1 is currently available in /home/jamesl/c4.tar.gz .
|
