Date: Mon, 29 Nov 1999 15:34:37 -0500 (EST) From: David Gilbert <dgilbert@velocet.ca> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/15169: tsleep panics a panic Message-ID: <199911292034.PAA77619@trooper.velocet.net>
next in thread | raw e-mail | index | archive | help
>Number: 15169 >Category: kern >Synopsis: tsleep() dereferences *curproc while in a panic >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Nov 29 12:40:00 PST 1999 >Closed-Date: >Last-Modified: >Originator: David Gilbert >Release: FreeBSD 3.2-STABLE i386 >Organization: Velocet Communications >Environment: 3.3-STABLE, vinum >Description: vinumlock.c calls tsleep() during a sync() in a panic --- which means the curproc is 0. Now if KTRACE is defined, tsleep() dereferences *curproc before it checks *panicstr... it looks like this was unintended side effect of adding the KTRACE #ifdef. >How-To-Repeat: I'm running du on a large vinum drive, which causes it to panic for some (as yet undetermined) reason or other. >Fix: I patched the following (there might be a better way to do it?): *** kern_synch.c.orig Mon Nov 29 15:02:15 1999 --- kern_synch.c Mon Nov 29 15:05:03 1999 *************** *** 384,390 **** struct callout_handle thandle; #ifdef KTRACE ! if (KTRPOINT(p, KTR_CSW)) ktrcsw(p->p_tracep, 1, 0); #endif s = splhigh(); --- 384,390 ---- struct callout_handle thandle; #ifdef KTRACE ! if (p && KTRPOINT(p, KTR_CSW)) ktrcsw(p->p_tracep, 1, 0); #endif s = splhigh(); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911292034.PAA77619>