Re: NFS/VM panic in current with INVARIANTS

Tue, 26 Dec 2000 10:28:21 -0800 

:Hi Matt
:
:I'm getting a reliable panic on CURRENT (2000/12/26) with INVARIANTS
:set. I suppose I could "fix" this by taking out INVARIANTS, but it
:seems to make more sense to try to get it fixed.
:
:The panic() is "freeing free entry", and the traceback (minus most
:of the numbers) is:
:
:panic
:zerror
:zfreei
:NDFREE
:nfsrv_lookup
:nfs_nfsd
:nfssvc
:syscall(2f, 2f, 2f, 1, 0)
:xint0x80
:
:NFS activity (not mounting) triggers it. The panic happens on the
:server box, which is a dual-cpu i386 class running an SMP kernel.
:
:What else do you need?
:
:M
:-- 
:Mark Murray
:Warning: this .sig is umop ap!sdn

    It could be real, but it's impossible for me to tell because 
    whoever wrote the INVARIANTS code for _zfree() wrote completely
    and utterly illegal code.

static __inline__ void
_zfree(vm_zone_t z, void *item)
{ 
        ((void **) item)[0] = z->zitems;
#ifdef INVARIANTS
        if (((void **) item)[1] == (void *) ZENTRY_FREE)
                zerror(ZONE_ERROR_ALREADYFREE);
        ((void **) item)[1] = (void *) ZENTRY_FREE;
#endif
        z->zitems = item;
        z->zfreecnt++;
}

    For all we know, item[1] might contain ZENTRY_FREE normally!  This
    type of invariant code check is just asking for it.

    I don't see anything specifically wrong with nfs's use of NDFREE.  It's
    sophisticated enough that there certainly could be an issue there.

    In order to tell for sure, the _zfree() code needs to have a little more
    sophistication.  When it finds a ZENTRY_FREE, that's only a hint... it
    really needs to also iterate through the items list to see if the
    structure is in fact already on the freelist.  Please try the below
    (completely untested!!) patch and see if you still get the panic.

                                                -Matt

Index: vm_zone.h
===================================================================
RCS file: /home/ncvs/src/sys/vm/vm_zone.h,v
retrieving revision 1.13
diff -u -r1.13 vm_zone.h
--- vm_zone.h   1999/08/28 00:52:44     1.13
+++ vm_zone.h   2000/12/26 18:39:07
@@ -102,8 +102,14 @@
 {
        ((void **) item)[0] = z->zitems;
 #ifdef INVARIANTS
-       if (((void **) item)[1] == (void *) ZENTRY_FREE)
-               zerror(ZONE_ERROR_ALREADYFREE);
+       if (((void **) item)[1] == (void *) ZENTRY_FREE) {
+               void *scan;
+
+               for (scan = z->zitems; scan; scan = ((void **)scan)[0]) {
+                       if (scan == item)
+                               zerror(ZONE_ERROR_ALREADYFREE);
+               }
+       }
        ((void **) item)[1] = (void *) ZENTRY_FREE;
 #endif
        z->zitems = item;


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to