From owner-freebsd-bugs@FreeBSD.ORG Tue Jan 19 20:09:47 2010 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AD3721065676 for ; Tue, 19 Jan 2010 20:09:47 +0000 (UTC) (envelope-from hwong@lumeta.com) Received: from MAIL.corp.lumeta.com (hercules.lumeta.com [65.246.245.23]) by mx1.freebsd.org (Postfix) with ESMTP id A4DA48FC16 for ; Tue, 19 Jan 2010 20:09:45 +0000 (UTC) Received: from hwong-desk1.corp.lumeta.com ([65.246.246.57]) by MAIL.corp.lumeta.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 19 Jan 2010 15:09:43 -0500 Message-ID: <4B561187.3030308@lumeta.com> Date: Tue, 19 Jan 2010 15:09:43 -0500 From: Henry Wong User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: freebsd-bugs@FreeBSD.org, Henry Wong References: <201001120250.o0C2o2sI055242@freefall.freebsd.org> <4B4CCBCE.8040004@lumeta.com> <4B4D3DA3.1010706@lumeta.com> <4B560FD7.7050500@lumeta.com> In-Reply-To: <4B560FD7.7050500@lumeta.com> X-OriginalArrivalTime: 19 Jan 2010 20:09:43.0571 (UTC) FILETIME=[570B7E30:01CA9943] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: kern/142728: Panic: Fatal trap 12 in g_io_request X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jan 2010 20:09:47 -0000 Clarification: The race condition and the circumvention was in application code running on the machine, not in the FreeBSD kernel. FreeBSD allows a file system to be mounted read-only multiple times. That is not a race condition. Henry Wong Henry Wong wrote: > I have been able to narrow down this problem and have developed and > partially tested a circumvention. The circumvention appears to be > working. > > I found that there was a race condition that allowed a file system to > possibly be mounted read-only more than once. With a certain sequence > of mounting, mounting, retrieving, umounting and retrieving something > different I was able to reproduce the problem. > > This problem can be considered as resolved as a duplicate of the problem > Steve Hartland reported in April of 2008 in the freebsd-stable list: > > 7.0 panic in geom/ufs > 7.0-RELEASE panic any ideas? > > except that it is still occurring in 8.0-RELEASE. > > The bottom line is that although FreeBSD 8.0 RELEASE allows a ufs > filesystem > to be mounted read-only multiple times, doing so will easily cause the > system > to panic trap with either a trap 12 or a trap 9 in g_io_request. > > The instruction that is causing the trap is where it is constructing the > parametes for the g_trace. The particular parameter is pp->name. It > appears that the pp pointer is referring to a page that is not in the > address space. I have no idea whether the *cp from which the pp was > retrieved is valid or not since each time this crashed for me, it either > took no dump or hung after partially dumping. > > -- > > > Henry Wong > Lead Software Engineer > > Lumeta - / Securing the Network in the Face of Change > / > _hwong@lumeta.com_ > 732.357.3534 (office) > 732.564.0731 (fax) > 220 Davidson Avenue > Somerset , NJ 08873-4146 > www.lumeta.com > -- Henry Wong Lead Software Engineer Lumeta - / Securing the Network in the Face of Change / _hwong@lumeta.com_ 732.357.3534 (office) 732.564.0731 (fax) 220 Davidson Avenue Somerset , NJ 08873-4146 www.lumeta.com