From owner-freebsd-current Sun Mar 17 19:26:51 2002 Delivered-To: freebsd-current@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id F361D37B405; Sun, 17 Mar 2002 19:26:43 -0800 (PST) Received: by flood.ping.uio.no (Postfix, from userid 2602) id A405C5346; Mon, 18 Mar 2002 04:26:41 +0100 (CET) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Kris Kennaway Cc: current@FreeBSD.org, fs@FreeBSD.org, alfred@freebsd.org Subject: Re: panic: bwrite: buffer is not busy??? References: <20020317124958.A34008@xor.obsecurity.org> From: Dag-Erling Smorgrav Date: 18 Mar 2002 04:26:40 +0100 In-Reply-To: <20020317124958.A34008@xor.obsecurity.org> Message-ID: Lines: 55 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Kris Kennaway writes: > #14 0xc0204b92 in _mtx_lock_sleep (m=0xc2f91f34, opts=0, file=0x0, line=0) > at ../../../kern/kern_mutex.c:370 (kgdb) up 14 #14 0xc0204b92 in _mtx_lock_sleep (m=0xc2f91f34, opts=0, file=0x0, line=0) at ../../../kern/kern_mutex.c:370 370 td1 = mtx_owner(m); (kgdb) p *m $1 = {mtx_object = {lo_class = 0x0, lo_name = 0x0, lo_flags = 0, lo_list = { stqe_next = 0x0}, lo_witness = 0x0}, mtx_lock = 2, mtx_recurse = 0, mtx_blocked = {tqh_first = 0x0, tqh_last = 0x0}, mtx_contested = { le_next = 0x0, le_prev = 0x0}} The mutex is uninitialized (destroyed, actually), because... > #15 0xc024f55c in checkdirs (olddp=0xcf1814c0, newdp=0xcf1815a0) at ../../../kern/vfs_syscalls.c:457 (kgdb) up #15 0xc024f55c in checkdirs (olddp=0xcf1814c0, newdp=0xcf1815a0) at ../../../kern/vfs_syscalls.c:457 457 FILEDESC_LOCK(fdp); (kgdb) p *fdp $2 = {fd_ofiles = 0xc2f91200, fd_ofileflags = 0xc2f91f00 "", fd_cdir = 0x0, fd_rdir = 0x0, fd_jdir = 0x0, fd_nfiles = 0, fd_lastfile = 0, fd_freefile = -1024110592, fd_cmask = 0, fd_refcnt = 0, fd_knlistsize = 4, fd_knlist = 0x11ffff, fd_knhashmask = 0, fd_knhash = 0xdb, fd_mtx = { mtx_object = {lo_class = 0x0, lo_name = 0x0, lo_flags = 0, lo_list = { stqe_next = 0x0}, lo_witness = 0x0}, mtx_lock = 2, mtx_recurse = 0, mtx_blocked = {tqh_first = 0x0, tqh_last = 0x0}, mtx_contested = { le_next = 0x0, le_prev = 0x0}}} ...the process has no open files at all, because... (kgdb) p p->p_pid $4 = 10099 (kgdb) p p->p_comm $5 = "wc\000oot", '\000' (kgdb) p p->p_stat $6 = 3 (kgdb) p/x p->p_flag $7 = 0x6000 ...it's exiting, and fdfree() has already run. Solution: p->p_fd must be protected by p's proc lock; fdfree() must set it to NULL immediately after freeing it; checkdirs() must lock each process before examining its fd list. Other problem spotted while investigating this: fdfree() can fail silently; fdfree() should panic if fdp->fd_refcnt is non-zero. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message