From owner-freebsd-current@FreeBSD.ORG Fri Jul 13 08:27:23 2007 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 57B2616A40D; Fri, 13 Jul 2007 08:27:23 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from relay02.kiev.sovam.com (relay02.kiev.sovam.com [62.64.120.197]) by mx1.freebsd.org (Postfix) with ESMTP id DD79313C51B; Fri, 13 Jul 2007 08:27:22 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from [89.162.146.170] (helo=skuns.kiev.zoral.com.ua) by relay02.kiev.sovam.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.67) (envelope-from ) id 1I9GUe-000Dch-4H; Fri, 13 Jul 2007 11:27:19 +0300 Received: from deviant.kiev.zoral.com.ua (root@[10.1.1.148]) by skuns.kiev.zoral.com.ua (8.14.1/8.14.1) with ESMTP id l6D8R6qA020407 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 13 Jul 2007 11:27:06 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1]) by deviant.kiev.zoral.com.ua (8.14.1/8.14.1) with ESMTP id l6D8R6GB045262; Fri, 13 Jul 2007 11:27:06 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by deviant.kiev.zoral.com.ua (8.14.1/8.14.1/Submit) id l6D8R5Pt045261; Fri, 13 Jul 2007 11:27:05 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to kostikbel@gmail.com using -f Date: Fri, 13 Jul 2007 11:27:05 +0300 From: Kostik Belousov To: Attilio Rao Message-ID: <20070713082705.GI2200@deviant.kiev.zoral.com.ua> References: <46970DF7.3000803@elischer.org> <46972B28.1010409@FreeBSD.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="FyU5fTJCTr/6Eq8v" Content-Disposition: inline In-Reply-To: <46972B28.1010409@FreeBSD.org> User-Agent: Mutt/1.4.2.3i X-Virus-Scanned: ClamAV version 0.90.3, clamav-milter version 0.90.3 on skuns.kiev.zoral.com.ua X-Virus-Status: Clean X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.2.1 X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on skuns.kiev.zoral.com.ua X-Scanner-Signature: fd47f7ed058f8bb752f6c36e497d0305 X-DrWeb-checked: yes X-SpamTest-Envelope-From: kostikbel@gmail.com X-SpamTest-Group-ID: 00000000 X-SpamTest-Header: Not Detected X-SpamTest-Info: Profiles 1217 [July 12 2007] X-SpamTest-Info: helo_type=3 X-SpamTest-Method: none X-SpamTest-Rate: 0 X-SpamTest-Status: Not detected X-SpamTest-Status-Extended: not_detected X-SpamTest-Version: SMTP-Filter Version 3.0.0 [0255], KAS30/Release Cc: Julian Elischer , FreeBSD Current Subject: Re: crash in tty code in 6.1.. fixed since? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jul 2007 08:27:23 -0000 --FyU5fTJCTr/6Eq8v Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 13, 2007 at 09:35:04AM +0200, Attilio Rao wrote: > Julian Elischer wrote: > >Does this crash look familiar to anyone? > >It's in 6.1 unfortunatly.. > > > >#6 0xc069ca6a in calltrap () at ../../../i386/i386/exception.s:139 > >#7 0xc0587012 in ttymodem (tp=3D0xc6990800, flag=3D-1065963704) > > at ../../../kern/tty.c:1659 > >#8 0xc058b83e in ptcclose (dev=3D0x0, flags=3D7, fmt=3D8192, td=3D0xc69= 66d80) > > at linedisc.h:136 > >#9 0xc052bf77 in giant_close (dev=3D0xc7547c00, fflag=3D7, devtype=3D81= 92, =20 > >td=3D0xc6966d80) at ../../../kern/kern_conf.c:266 > >#10 0xc051685f in devfs_close (ap=3D0xe706baa4) > > at ../../../fs/devfs/devfs_vnops.c:287 > >#11 0xc06c2a10 in VOP_CLOSE_APV (vop=3D0x0, a=3D0xc076af48) at vnode_if.= c:426 > >#12 0xc05bf3ce in vn_close (vp=3D0xc764e550, flags=3D7, file_cred=3D0x0,= =20 > >td=3D0xc6966d80) at vnode_if.h:227 > >#13 0xc05c0212 in vn_closefile (fp=3D0xc7532510, td=3D0xc6966d80) > > at ../../../kern/vfs_vnops.c:852 > >#14 0xc0516887 in devfs_close_f (fp=3D0xc7532510, td=3D0xc6966d80) > > at ../../../fs/devfs/devfs_vnops.c:297 > >#15 0xc05361e8 in fdrop_locked (fp=3D0xc7532510, td=3D0xc6966d80) at fil= e.h:289 > >#16 0xc0536135 in fdrop (fp=3D0xc7532510, td=3D0xc6966d80) > > at ../../../kern/kern_descrip.c:2122 > >#17 0xc05346d3 in closef (fp=3D0xc7532510, td=3D0xc6966d80) > > at ../../../kern/kern_descrip.c:1942 > >#18 0xc0533487 in fdfree (td=3D0xc6966d80) at=20 > >../../../kern/kern_descrip.c:1627 > >#19 0xc053cc88 in exit1 (td=3D0xc6966d80, rv=3D15) at=20 > >../../../kern/kern_exit.c:263 > >#20 0xc055b58b in sigexit (td=3D0xc6966d80, sig=3D15) > > at ../../../kern/kern_sig.c:2451 > >#21 0xc055b296 in postsig (sig=3D15) at ../../../kern/kern_sig.c:2326 > >#22 0xc0577fbe in ast (framep=3D0xe706bd38) at ../../../kern/subr_trap.c= :266 > >#23 0xc069d3ad in doreti_ast () at ../../../i386/i386/exception.s:293 > > > >(kgdb) up > >#7 0xc0587012 in ttymodem (tp=3D0xc6990800, flag=3D-1065963704) > > at ../../../kern/tty.c:1659 > >1659 if (tp->t_session->s_leader) { > >Current language: auto; currently c > >(kgdb) list > >1654 !ISSET(tp->t_cflag, CLOCAL)) { > >1655 SET(tp->t_state, TS_ZOMBIE); > >1656 CLR(tp->t_state, TS_CONNECTED); > >1657 if (tp->t_session) { > >1658 sx_slock(&proctree_lock); > >1659 if (tp->t_session->s_leader) { > >1660 struct proc *p; > >1661 > >1662 p =3D=20 > >tp->t_session->s_leader; > >1663 PROC_LOCK(p); > > > >(kgdb) set print pretty > >(kgdb) p *tp > >$3 =3D { > > t_rawq =3D { > > c_cc =3D 0, > >[...] > > > > t_outcc =3D 119661, t_line =3D 0, t_dev =3D 0xc763fe00, t_mdev =3D 0= x0,=20 > > t_devunit =3D 0, t_state =3D 0, t_flags =3D 0, t_timeout =3D 300000,= t_pgrp=20 > >=3D 0x0, t_session =3D 0x0, t_sigio =3D 0x0, t_rsel =3D { > > si_thrlist =3D { > > tqe_next =3D 0x0, tqe_prev =3D 0x0 > > }, si_thread =3D 0x0, si_note =3D { > > [...] > > > > > >tp_session is NULL but it shouldn't have been able to have run that line= =20 > >(line 1659) if it had tested NULL 2 lines before.. > >this suggests a locking problem.. >=20 > I think it has been fixed some months ago IIRC. > The problem here, should be that if sx_slock() let thread sleep, Giant=20 > is released before to sleep and tp->t_session can be accessed in racy way. > Another nice side-effect about having tty Giant :) Yes, it seems that rev. 1.267 fixed it and was MFCed as rev. 1.228.2.6. There was a lot of commits around this one, it may be safer to update to RELENG_6. --FyU5fTJCTr/6Eq8v Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGlzdYC3+MBN1Mb4gRAsEsAKDRz9V2Yvp1DZe6ZVOBaYma+JQPhwCfTHeo xm7KhWy0n9MUgT3MTF7kWCk= =Oc6E -----END PGP SIGNATURE----- --FyU5fTJCTr/6Eq8v--