From owner-freebsd-current@FreeBSD.ORG Sat Apr 21 18:58:52 2007 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B31D216A404 for ; Sat, 21 Apr 2007 18:58:52 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from pobox.codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 6B8E613C457 for ; Sat, 21 Apr 2007 18:58:51 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Message-ID:MIME-Version:Content-Type:Content-Disposition:Sender:X-Spam-Status:Subject; b=qWMvNLlDywgjORhCLFJ0qTINnZO5zJkePfL/lLJWBjIx4QgHKs/nB/DFO9hhoc1pqYpljVNJYC4+WiqGXWQY+OwI7aOz8ZQ2LR6aSXw2hpXHm+HnIisgWrWrdI0JvNVdwxhKs6nOJqi5hhZazCVkFeuzRZ49jGsEEf5DzdVmSJE=; Received: from codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by pobox.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1HfKnJ-000EPS-Fj for freebsd-current@freebsd.org; Sat, 21 Apr 2007 22:58:49 +0400 Date: Sat, 21 Apr 2007 22:58:45 +0400 From: Eygene Ryabinkin To: freebsd-current@freebsd.org Message-ID: <20070421185844.GA55315@codelabs.ru> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="J2SCkAp4GZ/dPZZf" Content-Disposition: inline Sender: rea-fbsd@codelabs.ru X-Spam-Status: No, score=-2.4 required=4.0 tests=ALL_TRUSTED,AWL,BAYES_20 Subject: mtx_unlock(NULL) in kern/kern_timeout.c::softclock() X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Apr 2007 18:58:52 -0000 --J2SCkAp4GZ/dPZZf Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Good day. About two weeks ago I started to notice ;)) the kernel panics on my -CURRENT just after the PPP link establishment. The panics were in the softclock() function, upon the line 293. Investigation revealed that I can reproduce this situation with the 100% confidence when the ULE scheduler is used, the pflog(4) is running in the promiscious mode and the PPP link is activated using the ppp(8). I have both INVARIANTS and WITNESS compiled in, this neither affects the crash, nor produces additional messages. For the BSD scheduler all is OK, no crashes at all. The attached patch had fixed my problem: it just checks if we're going to unlock the NULL mutex and avoids this. I am not very well educated in the FreeBSD mutexes, but my investigation of the /sys/sys/mutex.h showed that mtx_unlock(NULL) is not a very bright idea. Moreover, the softclock() code grabs the c_mtx only when (c_mtx != NULL), so it should release it only in this case. May be my case is the sign of some deeper breakage, I do not know. I had failed to save the kgdb() traces for panics and had recompiled the kernel since then a number of times, so I am unable to provide the backtraces now. But I can revert my changes and make the traces if this will be needed. -- Eygene --J2SCkAp4GZ/dPZZf Content-Type: text/plain; charset=koi8-r Content-Disposition: attachment; filename="kern_timeout.c.diff" --- kern/kern_timeout.c.orig Sat Apr 21 21:19:22 2007 +++ kern/kern_timeout.c Sat Apr 21 21:19:51 2007 @@ -289,7 +289,8 @@ lastfunc = c_func; } #endif - if ((c_flags & CALLOUT_RETURNUNLOCKED) == 0) + if (c_mtx != NULL && + (c_flags & CALLOUT_RETURNUNLOCKED) == 0) mtx_unlock(c_mtx); skip: mtx_lock_spin(&callout_lock); --J2SCkAp4GZ/dPZZf--