From owner-freebsd-bugs@FreeBSD.ORG Fri Feb 22 17:10:02 2013 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 8DCE45A0 for ; Fri, 22 Feb 2013 17:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 7D345CD0 for ; Fri, 22 Feb 2013 17:10:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r1MHA1wJ060159 for ; Fri, 22 Feb 2013 17:10:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r1MHA1fp060158; Fri, 22 Feb 2013 17:10:01 GMT (envelope-from gnats) Date: Fri, 22 Feb 2013 17:10:01 GMT Message-Id: <201302221710.r1MHA1fp060158@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Fabian Keil Subject: kern/162036: [geom] Fatal trap 12: page fault while in kernel mode -- Stopped at atomic_subtract_int+0x4 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Fabian Keil List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Feb 2013 17:10:02 -0000 The following reply was made to PR kern/162036; it has been noted by GNATS. From: Fabian Keil To: bug-followup@FreeBSD.org Cc: Subject: kern/162036: [geom] Fatal trap 12: page fault while in kernel mode -- Stopped at atomic_subtract_int+0x4 Date: Fri, 22 Feb 2013 17:59:13 +0100 --Sig_/ygxLXwLUVd3B0XBB6PqOfsd Content-Type: multipart/mixed; boundary="MP_/KEOJ2TQS+uSTGDSq0NXG=p3" --MP_/KEOJ2TQS+uSTGDSq0NXG=p3 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline The problem still exists with a current kernel but apparently the atomic_subtract_int() call has been relocated. As the result there are now two related panics caused by g_eli_read_done() and (sometimes) g_eli_crypto_read_done() being called with: (kgdb) p bp->bio_parent->bio_to->geom->softc $1 =3D (void *) 0x0 The attached patch adds the missing pointer checks and seems to prevent the panics for me. So far I haven't seen similar panics in the g_*_write_done() functions, although they look rather similar. Fabian --MP_/KEOJ2TQS+uSTGDSq0NXG=p3 Content-Type: text/x-patch Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename=kern-162036-Let-g_eli_-read_done-deal-with-lost-devices.patch =46rom 52a4fac396eaaaadd7a79a0d4311f38bdc3d3141 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Tue, 19 Feb 2013 14:42:00 +0100 Subject: [PATCH 1/2] Let g_eli_*read_done() deal with lost devices without causing panics Seems to fix kern/162036 for me. --- sys/geom/eli/g_eli.c | 3 ++- sys/geom/eli/g_eli_privacy.c | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/sys/geom/eli/g_eli.c b/sys/geom/eli/g_eli.c index 4e35297..24969b0 100644 --- a/sys/geom/eli/g_eli.c +++ b/sys/geom/eli/g_eli.c @@ -183,7 +183,8 @@ g_eli_read_done(struct bio *bp) pbp->bio_driver2 =3D NULL; } g_io_deliver(pbp, pbp->bio_error); - atomic_subtract_int(&sc->sc_inflight, 1); + if (sc !=3D NULL) + atomic_subtract_int(&sc->sc_inflight, 1); return; } mtx_lock(&sc->sc_queue_mtx); diff --git a/sys/geom/eli/g_eli_privacy.c b/sys/geom/eli/g_eli_privacy.c index f353832..938883a 100644 --- a/sys/geom/eli/g_eli_privacy.c +++ b/sys/geom/eli/g_eli_privacy.c @@ -88,7 +88,8 @@ g_eli_crypto_read_done(struct cryptop *crp) bp->bio_error =3D crp->crp_etype; } sc =3D bp->bio_to->geom->softc; - g_eli_key_drop(sc, crp->crp_desc->crd_key); + if (sc !=3D NULL) + g_eli_key_drop(sc, crp->crp_desc->crd_key); /* * Do we have all sectors already? */ @@ -105,7 +106,8 @@ g_eli_crypto_read_done(struct cryptop *crp) * Read is finished, send it up. */ g_io_deliver(bp, bp->bio_error); - atomic_subtract_int(&sc->sc_inflight, 1); + if (sc !=3D NULL) + atomic_subtract_int(&sc->sc_inflight, 1); return (0); } =20 --=20 1.8.1.3 --MP_/KEOJ2TQS+uSTGDSq0NXG=p3-- --Sig_/ygxLXwLUVd3B0XBB6PqOfsd Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQIcBAEBCAAGBQJRJ6PlAAoJEGkYIpGLojccDGMP/064LFc70F8+/Zn6ofTr1sgM 4s0euYG6ebtB3nOFuiaEoNqfcbga+2+FSJBnxEogc1/MMA9r/CAsqee8HUvT3HGo psjeefN6K3k5Emk1GywLqZetgGzMbtqtZEZ5Qppd/Z7m2VzznnKZ+5UPx/tcxo7y krPELZjj2qRITBRPX5AN+xTmbYKCqtoOHKxXJIQN8Cf+9zoVhidaWu3Q2GG0AQo5 lvcWVAWPQcRNoS+lRyyeX4dO+miOPSMUBcNvSmcGxFHjaQxnr61aR4kztu0DNkAz rJznXgoEb05f0EZ8bc5sP0nVnv1B+Uo1gEM5JHZ3IR0RugXLJv+nkaSzD0JM9iAd X7dmU798cpWiF4wXliIeTxCHeOKxLYeSFnPMams319FQrDyHrGiZl3jWcQh6PHbr 0SjqB8GGAyb5cV7BkD6szQjJbErmRCcmwFUHEt9Ra13lFl83ZBPHEr2EYf8VfJnt 2w4xMPx5Z1vu7YHk/cKliVYnl9uoplG9ob6HksDm7VNkxlTyeUqCAGNVNHK8nMi1 pPy95t3KgM7rgdRlxIldMyJpl5gUX/wWhmieGV8FQ2vh0JiK67ude3KlDATk9pKW 4BbiTmgfiAcMQvmwDsRI5FhlSK2KhwIFIRQUpW9LIkF0t1LHOHYboqHs4YCx/L3n NNw9YRVwLPUQb1G5q4ft =L8cH -----END PGP SIGNATURE----- --Sig_/ygxLXwLUVd3B0XBB6PqOfsd--