From owner-freebsd-current@FreeBSD.ORG Fri Jul 13 07:35:49 2007 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 591E216A400 for ; Fri, 13 Jul 2007 07:35:49 +0000 (UTC) (envelope-from asmrookie@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.170]) by mx1.freebsd.org (Postfix) with ESMTP id D442F13C4B6 for ; Fri, 13 Jul 2007 07:35:48 +0000 (UTC) (envelope-from asmrookie@gmail.com) Received: by ug-out-1314.google.com with SMTP id o4so573539uge for ; Fri, 13 Jul 2007 00:35:47 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding:sender; b=L41/dWTaGkdQM+x7Ecly60yvWfpvRH3bc/eQu5x1bAyxGxhlGpR6j7fw0tz+lRhekJrq36L3phmZfjlBvkUrddPZLKGk7PL+9DcPYZsOM3hpLyvc+Ll5fa/E9eCFu6FncL+Ko7h7Zuzi8qOijcr1rqehBWl3mRPxDdes+rERvvc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding:sender; b=KStdWmxH/bvTKZClORAe1gh3IWzrThp5IPdVFoD9+WO+zeIQHjVBUriMWZfbXOupskLyRC6AYi0rsRA3yhsCQiB6SCaccAIFhHMUnLbV6AURnFRqOol2IL308LwMQdUgWhLzbk1DJy4gUK24l+WhUge9cKgJb3yeOs9mPwWcOCM= Received: by 10.67.93.7 with SMTP id v7mr1825727ugl.1184312147675; Fri, 13 Jul 2007 00:35:47 -0700 (PDT) Received: from ?172.31.5.25? ( [89.97.252.178]) by mx.google.com with ESMTP id 35sm6599914nfu.2007.07.13.00.35.47 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 13 Jul 2007 00:35:47 -0700 (PDT) Message-ID: <46972B28.1010409@FreeBSD.org> Date: Fri, 13 Jul 2007 09:35:04 +0200 From: Attilio Rao User-Agent: Thunderbird 1.5 (X11/20060526) MIME-Version: 1.0 To: Julian Elischer References: <46970DF7.3000803@elischer.org> In-Reply-To: <46970DF7.3000803@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: Attilio Rao Cc: FreeBSD Current Subject: Re: crash in tty code in 6.1.. fixed since? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: attilio@FreeBSD.org List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jul 2007 07:35:49 -0000 Julian Elischer wrote: > Does this crash look familiar to anyone? > It's in 6.1 unfortunatly.. > > #6 0xc069ca6a in calltrap () at ../../../i386/i386/exception.s:139 > #7 0xc0587012 in ttymodem (tp=0xc6990800, flag=-1065963704) > at ../../../kern/tty.c:1659 > #8 0xc058b83e in ptcclose (dev=0x0, flags=7, fmt=8192, td=0xc6966d80) > at linedisc.h:136 > #9 0xc052bf77 in giant_close (dev=0xc7547c00, fflag=7, devtype=8192, > td=0xc6966d80) at ../../../kern/kern_conf.c:266 > #10 0xc051685f in devfs_close (ap=0xe706baa4) > at ../../../fs/devfs/devfs_vnops.c:287 > #11 0xc06c2a10 in VOP_CLOSE_APV (vop=0x0, a=0xc076af48) at vnode_if.c:426 > #12 0xc05bf3ce in vn_close (vp=0xc764e550, flags=7, file_cred=0x0, > td=0xc6966d80) at vnode_if.h:227 > #13 0xc05c0212 in vn_closefile (fp=0xc7532510, td=0xc6966d80) > at ../../../kern/vfs_vnops.c:852 > #14 0xc0516887 in devfs_close_f (fp=0xc7532510, td=0xc6966d80) > at ../../../fs/devfs/devfs_vnops.c:297 > #15 0xc05361e8 in fdrop_locked (fp=0xc7532510, td=0xc6966d80) at file.h:289 > #16 0xc0536135 in fdrop (fp=0xc7532510, td=0xc6966d80) > at ../../../kern/kern_descrip.c:2122 > #17 0xc05346d3 in closef (fp=0xc7532510, td=0xc6966d80) > at ../../../kern/kern_descrip.c:1942 > #18 0xc0533487 in fdfree (td=0xc6966d80) at > ../../../kern/kern_descrip.c:1627 > #19 0xc053cc88 in exit1 (td=0xc6966d80, rv=15) at > ../../../kern/kern_exit.c:263 > #20 0xc055b58b in sigexit (td=0xc6966d80, sig=15) > at ../../../kern/kern_sig.c:2451 > #21 0xc055b296 in postsig (sig=15) at ../../../kern/kern_sig.c:2326 > #22 0xc0577fbe in ast (framep=0xe706bd38) at ../../../kern/subr_trap.c:266 > #23 0xc069d3ad in doreti_ast () at ../../../i386/i386/exception.s:293 > > (kgdb) up > #7 0xc0587012 in ttymodem (tp=0xc6990800, flag=-1065963704) > at ../../../kern/tty.c:1659 > 1659 if (tp->t_session->s_leader) { > Current language: auto; currently c > (kgdb) list > 1654 !ISSET(tp->t_cflag, CLOCAL)) { > 1655 SET(tp->t_state, TS_ZOMBIE); > 1656 CLR(tp->t_state, TS_CONNECTED); > 1657 if (tp->t_session) { > 1658 sx_slock(&proctree_lock); > 1659 if (tp->t_session->s_leader) { > 1660 struct proc *p; > 1661 > 1662 p = > tp->t_session->s_leader; > 1663 PROC_LOCK(p); > > (kgdb) set print pretty > (kgdb) p *tp > $3 = { > t_rawq = { > c_cc = 0, > [...] > > t_outcc = 119661, t_line = 0, t_dev = 0xc763fe00, t_mdev = 0x0, > t_devunit = 0, t_state = 0, t_flags = 0, t_timeout = 300000, t_pgrp > = 0x0, t_session = 0x0, t_sigio = 0x0, t_rsel = { > si_thrlist = { > tqe_next = 0x0, tqe_prev = 0x0 > }, si_thread = 0x0, si_note = { > [...] > > > tp_session is NULL but it shouldn't have been able to have run that line > (line 1659) if it had tested NULL 2 lines before.. > this suggests a locking problem.. I think it has been fixed some months ago IIRC. The problem here, should be that if sx_slock() let thread sleep, Giant is released before to sleep and tp->t_session can be accessed in racy way. Another nice side-effect about having tty Giant :) Attilio PS: I think I alredy documented these kinds of bugs in my locking documentation in perforce.