From owner-freebsd-hackers@FreeBSD.ORG  Thu Aug 25 22:20:05 2011
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 727C41065670
	for <freebsd-hackers@freebsd.org>; Thu, 25 Aug 2011 22:20:05 +0000 (UTC)
	(envelope-from kostikbel@gmail.com)
Received: from mail.zoral.com.ua (mx0.zoral.com.ua [91.193.166.200])
	by mx1.freebsd.org (Postfix) with ESMTP id E48E38FC14
	for <freebsd-hackers@freebsd.org>; Thu, 25 Aug 2011 22:20:04 +0000 (UTC)
Received: from deviant.kiev.zoral.com.ua (root@deviant.kiev.zoral.com.ua
	[10.1.1.148])
	by mail.zoral.com.ua (8.14.2/8.14.2) with ESMTP id p7PMK1fq010528
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Fri, 26 Aug 2011 01:20:01 +0300 (EEST)
	(envelope-from kostikbel@gmail.com)
Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1])
	by deviant.kiev.zoral.com.ua (8.14.4/8.14.4) with ESMTP id
	p7PMK1CK051238; Fri, 26 Aug 2011 01:20:01 +0300 (EEST)
	(envelope-from kostikbel@gmail.com)
Received: (from kostik@localhost)
	by deviant.kiev.zoral.com.ua (8.14.4/8.14.4/Submit) id p7PMK13Y051237; 
	Fri, 26 Aug 2011 01:20:01 +0300 (EEST)
	(envelope-from kostikbel@gmail.com)
X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to
	kostikbel@gmail.com using -f
Date: Fri, 26 Aug 2011 01:20:01 +0300
From: Kostik Belousov <kostikbel@gmail.com>
To: Brandon Gooch <jamesbrandongooch@gmail.com>
Message-ID: <20110825222001.GX17489@deviant.kiev.zoral.com.ua>
References: <4E56BB99.6030706@sgi.com>
	<20110825215348.GW17489@deviant.kiev.zoral.com.ua>
	<CALBk6yL=T5nfL3rqJtskNS3ahafr0PM-4j5hpqzk8WkK_UXJNQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="QtjeHm9oonoxWgqH"
Content-Disposition: inline
In-Reply-To: <CALBk6yL=T5nfL3rqJtskNS3ahafr0PM-4j5hpqzk8WkK_UXJNQ@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
X-Virus-Scanned: clamav-milter 0.95.2 at skuns.kiev.zoral.com.ua
X-Virus-Status: Clean
X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,
	DNS_FROM_OPENWHOIS autolearn=no version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
	skuns.kiev.zoral.com.ua
Cc: freebsd-hackers@freebsd.org, Charlie Martin <crmartin@sgi.com>
Subject: Re: Where to ask about a 7.2 bug, and debugging sys/queue.h errors
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2011 22:20:05 -0000


--QtjeHm9oonoxWgqH
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Aug 25, 2011 at 05:12:09PM -0500, Brandon Gooch wrote:
> On Thu, Aug 25, 2011 at 4:53 PM, Kostik Belousov <kostikbel@gmail.com> wr=
ote:
> > On Thu, Aug 25, 2011 at 03:16:09PM -0600, Charlie Martin wrote:
> >> We're having a crash in some internal code running on FreeBSD 7.2
> >> (specifically =9A7.2-PRERELEASE FreeBSD 7.2-PRERELEASE and yeah, I know
> >> it's quite a bit behind) in which after 18-30 hours of running load
> >> tests, the code panics with:
> >>
> >> panic: Bad link elm 0xffffff0044c09600 next->prev !=3D elm
> >> cpuid =3D 0
> >> KDB: stack backtrace:
> >> db_trace_self_wrapper() at 0xffffffff8019119a =3D db_trace_self_wrappe=
r+0x2a
> >> panic() at 0xffffffff80307c72 =3D panic+0x182
> >> devfs_populate_loop() at 0xffffffff802a43a8 =3D devfs_populate_loop+0x=
548
> >>
> >>
> >> First question: where's the most appropriate place to ask about this
> >> kind of bug on a back version.
> > It is fine to ask there.
> >
> >>
> >> Second: does this remind anyone of any bugs? =9AGoogling came up with a
> >> few somewhat similar things but hasn't provided much insight so far.
> > In 99% of the cases, it means that you forgot to dev_ref() some cdev.
>=20
> So dev_ref increments the reference count for a cdev. Even though the
> work "loop" seems to indicate that we will iterate over a list of
> objects (one of which we may be missing a reference to via a missing
> dev_ref()), I'm not seeing how this can cause a panic from inside
> devfs_populate_loop().
>=20
> Can you help me understand this?
>=20
Missing dev_ref() means that the memory for the cdev (and cdev_priv) is
freed prematurely. If this happens before destroy_dev() is called,
then the list which is iterated over by populate_loop(), is corrupted.

See e.g. MAKEDEV_REF flag for make_dev(9) and its use in the (old) clone
handlers.

--QtjeHm9oonoxWgqH
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (FreeBSD)

iEYEARECAAYFAk5WypAACgkQC3+MBN1Mb4iO+ACdFJkL5BsS9uhMRInBVw0Mkj/G
0I0An0CAfxULXF/hEhf1aYsFjVul8mMF
=d2bd
-----END PGP SIGNATURE-----

--QtjeHm9oonoxWgqH--