Date: Fri, 26 Sep 2008 14:56:31 +0300 From: Kostik Belousov <kostikbel@gmail.com> To: David Cecil <david.cecil@nokia.com> Cc: freebsd-fs@freebsd.org Subject: Re: panic in closef Message-ID: <20080926115631.GT47828@deviant.kiev.zoral.com.ua> In-Reply-To: <48DCC581.80009@nokia.com> References: <48DCC581.80009@nokia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--z9LUXdM02iSxOrxu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 26, 2008 at 09:20:33PM +1000, David Cecil wrote: > Hi, >=20 > I'm debugging a panic with the call trace below. This is from a=20 > 6.1-based kernel, but as far as I can tell there are no fixes for this=20 > problem in current, based on where I think the problem lies. No, it should be fixed. See r168020 | kib | 2007-03-29 11:21:09 +0300 (Thu, 29 Mar 2007) | 7 lines Extend rev. 1.210 to avoid dereference NULL mp in VFS_NEEDSGIANT and VFS_ASSERT_GIANT. Stop using reserved namespace. and r158320 | tegge | 2006-05-05 22:32:35 +0300 (Fri, 05 May 2006) | 2 lines Avoid dereferencing NULL pointer. >=20 > It falls over in the call to VFS_LOCK_GIANT in closef, trying to=20 > dereference a NULL mount point. To me, the check in VFS_NEEDSGIANT=20 > looks flawed; it checks that MP isn't NULL, then dereferences it, but=20 > I'd expect the vnode interlock to be held (or similar), but it isn't=20 > based on what I see of the code. >=20 > I looks to me like vgonel was probably running around the same time. It= =20 > calls delmntque and NULLs v_mount. I can't see how these two threads=20 > are synchronised to prevent the race condition I describe, but maybe I'm= =20 > missing something. >=20 > Any ideas? >=20 > Thanks, > Dave >=20 > Unread portion of the kernel message buffer: > 2 > panic: page fault > cpuid =3D 0 > KDB: stack backtrace: > db_trace_self_wrapper(60794d20) at db_trace_self_wrapper+0x25 > kdb_backtrace(f8d0eae8,100,67aeb640,28,f8d0eb64,...) at kdb_backtrace+0x29 > panic(60774fbe,607bae69,0,fffff,681dc89b,...) at panic+0x230 > trap_fatal(f8d0eb64,6f,67aeb640,0,c,...) at trap_fatal+0x2ce > trap_pfault(f8d0eb64,0,6f) at trap_pfault+0x1ef > trap(7ae70008,28,f8d00028,3,8236e104,...) at trap+0x36d > calltrap() at calltrap+0x5 > --- trap 0xc, eip =3D 0x60565e72, esp =3D 0xf8d0eba4, ebp =3D 0xf8d0ec00 = --- > closef(7d7f19cc,67aeb640) at closef+0x36 > fdfree(67aeb640) at fdfree+0x5a7 > exit1(67aeb640,100,f8d0ed30,6074c903,67aeb640,...) at exit1+0x4ee > exit1(67aeb640,f8d0ed04) at exit1 > syscall(5fbf003b,812003b,5fbf003b,0,0,...) at syscall+0x2b7 > Xint0x80_syscall() at Xint0x80_syscall+0x1f >=20 >=20 > _______________________________________________ > freebsd-fs@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-fs > To unsubscribe, send any mail to "freebsd-fs-unsubscribe@freebsd.org" --z9LUXdM02iSxOrxu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkjcze4ACgkQC3+MBN1Mb4jiKwCfa3gSRFZ+0+58t9hyzq7lGVSE v9cAn3Bk0jAXDFbndo8ZtEfZaYJL4trg =A4zl -----END PGP SIGNATURE----- --z9LUXdM02iSxOrxu--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080926115631.GT47828>