Date: Thu, 06 Jun 2013 16:54:35 +0300 From: Andriy Gapon <avg@FreeBSD.org> To: Julian Stecklina <jsteckli@os.inf.tu-dresden.de> Cc: freebsd-stable@FreeBSD.org Subject: Re: Reproducable Infiniband panic Message-ID: <51B0949B.1050606@FreeBSD.org> In-Reply-To: <51B07705.207@os.inf.tu-dresden.de> References: <51B07705.207@os.inf.tu-dresden.de>
next in thread | previous in thread | raw e-mail | index | archive | help
on 06/06/2013 14:48 Julian Stecklina said the following: > #7 0xffffffff807a3d83 in linux_file_dtor (cdp=0xfffffe000aeabb80) at > /usr/home/julian/src/freebsd/sys/ofed/include/linux/linux_compat.c:214 > filp = (struct linux_file *) 0xfffffe000aeabb80 > #8 0xffffffff80513c39 in devfs_destroy_cdevpriv (p=0xfffffe0005772980) > at /usr/home/julian/src/freebsd/sys/fs/devfs/devfs_vnops.c:159 > No locals. > #9 0xffffffff80513e47 in devfs_close_f (fp=0xfffffe000b0e9aa0, > td=<value optimized out>) > at /usr/home/julian/src/freebsd/sys/fs/devfs/devfs_vnops.c:619 > error = 0 > fpop = (struct file *) 0x0 The problem seems to be in incorrect interaction between devfs_close_f and linux_file_dtor. The latter expects curthread->td_fpop to have a valid reasonable value. But the former sets curthread->td_fpop to fp only around vnops.fo_close() call and then restores it back to some (what?) previous value before calling devfs_fpdrop->devfs_destroy_cdevpriv. In this case the previous value is NULL. -- Andriy Gapon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51B0949B.1050606>