Date: Thu, 30 Jun 2005 21:00:39 GMT From: "Richard Legault" <rlegault@SANDVINE.com> To: freebsd-i386@FreeBSD.org Subject: Re: i386/82285: kernel panic during reboot Message-ID: <200506302100.j5UL0d0I030608@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR i386/82285; it has been noted by GNATS. From: "Richard Legault" <rlegault@SANDVINE.com> To: <bug-followup@FreeBSD.org>, "Richard Legault" <rlegault@SANDVINE.com> Cc: Subject: Re: i386/82285: kernel panic during reboot Date: Thu, 30 Jun 2005 16:57:48 -0400 I have determined that the p_ucred value has never been set. In other = words this proc was in the "process" of being created as evidence by p->p_state=3DPRS_NEW. In the file kern_fork.c (1.234.2.4) I have found a potential race = condition. In function fork1() at line 410 the process (p2) is added to the allproc = list. At line 515 p2->p_ucred is set. Thus there are some 40 instructions in = which a reboot could swap this task out and start unraveling the all proc = list. I have confirmed on 3 consecutive panics that it was the first proc in = the allproc list. I have moved the setting of the p2->p_ucred =3D crhold(td->td_ucred) to = before the addition of p2 to the allproc list.=20 Are there other race conditions sitting here that have yet to be = uncovered? Should other instructions be moved ahead of adding p2 to the proclist? I looked at the p_cansignal path and found no other gotchas. Having applied the fix I have continuously rebooted for 5 hours without = a panic at a rate of a 1reboot/3min. The previous record was 3 hours without a panic, with most happening = within an hour. Richard Legault Senior Engineer 519-880-2400 ext 2722 www.sandvine.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506302100.j5UL0d0I030608>