Index: sys/kern/vfs_subr.c =================================================================== --- sys/kern/vfs_subr.c +++ sys/kern/vfs_subr.c @@ -3594,7 +3594,7 @@ if (vp->v_pollinfo != NULL) return; - vi = uma_zalloc(vnodepoll_zone, M_WAITOK); + vi = uma_zalloc(vnodepoll_zone, M_WAITOK | M_ZERO); mtx_init(&vi->vpi_lock, "vnode pollinfo", NULL, MTX_DEF); knlist_init(&vi->vpi_selinfo.si_note, vp, vfs_knllock, vfs_knlunlock, vfs_knl_assert_locked, vfs_knl_assert_unlocked); Index: sys/vm/uma_core.c =================================================================== --- sys/vm/uma_core.c +++ sys/vm/uma_core.c @@ -1940,6 +1940,20 @@ args.dtor = dtor; args.uminit = uminit; args.fini = fini; +#ifdef INVARIANTS + /* + * If a zone is being created with an empty constructor and + * destructor, pass UMA constructor/destructor which checks for + * memory use after free. + */ + if ((!(flags & UMA_ZONE_ZINIT)) && ctor == NULL && dtor == NULL && + uminit == NULL && fini == NULL) { + args.ctor = trash_ctor; + args.dtor = trash_dtor; + args.uminit = trash_init; + args.fini = trash_fini; + } +#endif args.align = align; args.flags = flags; args.keg = NULL; Index: sys/vm/uma_dbg.c =================================================================== --- sys/vm/uma_dbg.c +++ sys/vm/uma_dbg.c @@ -69,8 +69,13 @@ for (p = mem; cnt > 0; cnt--, p++) if (*p != uma_junk) { +#ifdef INVARIANTS + panic("Memory modified after free %p(%d) val=%x @ %p\n", + mem, size, *p, p); +#else printf("Memory modified after free %p(%d) val=%x @ %p\n", mem, size, *p, p); +#endif return (0); } return (0);