netbsd-bugs: Re: kern/33630

Subject: Re: kern/33630
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Martin Husemann <martin@duskware.de>
List: netbsd-bugs
Date: 06/24/2006 12:30:02
The following reply was made to PR kern/33630; it has been noted by GNATS.

From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: kern/33630
Date: Sat, 24 Jun 2006 14:26:02 +0200

 On suggestion from Yamamoto-san I padded struct kauth_cred to various sizes.
 When I make it 256 bytes big (just as mbufs are, which seem to work fine with
 pools), the corruption does not happen. When I pad it to something arbitrary
 smaller, like 112 bytes, I can reproduce the corruption.
 
 I also added an assertion that makes sure no pool operation on this pool
 happens in interrupt context, and indeed this did not happen.
 
 Here is a dump of the pool before the problem:
 
 db> show pool kauth_cred_pool
 POOL kauth_credpl: size 112, align 16, ioff 0, roflags 0x000000c0
 	alloc 0x1811230
 	minitems 0, minpages 0, maxpages 4294967295, npages 1
 	itemsperpage 72, nitems 29, nout 43, hardlimit 4294967295
 
 	nget 46097, nfail 0, nput 46054
 	npagealloc 1, npagefree 0, hiwat 1, nidle 0
 
 db> c
 
 and some time later:
 
 	log entry 0:
 		action = get, addr = 0xdac03f0
 		file ../../../../kern/kern_auth.c at line 116
 
 panic: pool_get(kauth_credpl): free list modified: magic 0; page 0xdac0000; item addr 0xdac03f0
 db> show pool kauth_cred_pool
 POOL kauth_credpl: size 112, align 16, ioff 0, roflags 0x000000c0
 	alloc 0x1811230
 	minitems 0, minpages 0, maxpages 4294967295, npages 1
 	itemsperpage 72, nitems 29, nout 43, hardlimit 4294967295
 
 	nget 128269, nfail 0, nput 128207
 	npagealloc 1, npagefree 0, hiwat 1, nidle 0
 
 	currently entered from file ../../../../kern/kern_auth.c line 116
 db> show pool /p kauth_cred_pool
 POOL kauth_credpl: size 112, align 16, ioff 0, roflags 0x000000c0
 	alloc 0x1811230
 	minitems 0, minpages 0, maxpages 4294967295, npages 1
 	itemsperpage 72, nitems 29, nout 43, hardlimit 4294967295
 
 	nget 128269, nfail 0, nput 128207
 	npagealloc 1, npagefree 0, hiwat 1, nidle 0
 
 	partial-page list:
 		page 0xdac0000, nmissing 62, time 0,0
 			item 0xdac03f0, magic 0x0
 	curpage 0xdac0000
 
 	currently entered from file ../../../../kern/kern_auth.c line 116
 
 Since this pool seems to be missing some items now, I'll add QUEUEDEBUG and
 retry the experiment.
 
 Martin