Date: Fri, 23 Aug 2002 19:56:49 +0100 From: "Peter Edwards" <pmedwards@eircom.net> To: gallatin@cs.duke.edu Cc: hackers@freebsd.org Subject: Re: Vinum crash Message-ID: <20020823185651.F3ED543E9E@mx1.FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Hi, Ok, I'm up to my neck in code I've never seen and making wild guesses, but: In vinumrequest.c:launch_requests(), isn't it possible that the final BUF_STRATEGY() from line 431 completes before we get back to the top of the outer "for" loop and that complete_rqe gets called for the last buffer (we don't have splbio()), bringing the refcount of the entire request down to zero, then freeing the request. You then get to the top of the loop, and rq will have been freed, but you looking at its contents. Ok, maybe not likely but... I suppose you could just hold one more reference to the request while doing launch_requests() and check after all theB UF_STRATEGYs are done when you decrement the active count and find it's zero, then do the "request-finished" processing as done by complete_rqe Just a thought... -- Peter Edwards. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020823185651.F3ED543E9E>