> On Apr 25, 2015, at 2:30 AM, Chagin Dmitry <dcha...@freebsd.org> wrote: > > On Fri, Apr 24, 2015 at 05:03:53PM +0000, Scott Long wrote: >> Author: scottl >> Date: Fri Apr 24 17:03:53 2015 >> New Revision: 281942 >> URL: https://svnweb.freebsd.org/changeset/base/281942 >> >> Log: >> Revert r281451. It causes a panic/hang early in boot for a number of >> users, myself included. The original code is likely papering over a >> larger bug that needs to be explored, but for now get things back to >> a working state. >> >> Obtained from: Netflix, Inc. >> MFC after: immediately >> > in my POV, at vm_mem_init stage vm_map_init() call > uma_zcreate() that uses uinitialized zones (which initialized > in uma_startup()). I bet zones contains garbage. >
I don’t follow. vm_mem_init() is called at SI_SUB_VM sysinit, and vm_map_init() is called much later at SI_SUB_INTRINSIC. vm_mem_init() calls uma_startup() almost immediately, which will then call zone_ctor() on the “kegs” and “zones” that were allocated from bss. I don’t think that they’re being used prior to that. The problem that I see is that both of these zones are allocated statically, and contain no storage for the uz_cpu member when that member is declared as a zero-length array. All other zones are created dynamically and include space for these members. uma_startup() is initializing these zones at the right time, before their first use, but isn’t giving them enough room. According to the stack trace I posted, the problem triggers in the second call to uma_zcreate() from uma_startup(). I think what happens is that the first call to uma_zcreate() winds up writing to the zero-length uz_cpu member of masterzone_z from inside of uma_zalloc_args(). This overwrites the adjacent “kegs” and “zones” pointers in the bss. The next call to uma_zcreate() then follows a path of trying to look in the kegs, and eventually blows up. I’m not entirely certain on this chain of events though as it’s a bit twisty inside of uma_zcreate() and I’m not sure I’ve found a link to where it calls uma_zalloc_args(). Scott _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
