From owner-freebsd-hackers@FreeBSD.ORG Fri Aug 26 03:28:51 2011 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 32ED6106564A for ; Fri, 26 Aug 2011 03:28:51 +0000 (UTC) (envelope-from jamesbrandongooch@gmail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id B5BCD8FC15 for ; Fri, 26 Aug 2011 03:28:50 +0000 (UTC) Received: by wwi36 with SMTP id 36so3051007wwi.31 for ; Thu, 25 Aug 2011 20:28:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=zMSS1uG9ogyi9hGObOdLI3YNcA+6Yn7EAlCR/yxoFuk=; b=kIYV82rILKmTKjRRa6+zB3+ucidY9DLmnWgZf+dLkYvPRs4UcuODxhTFhmuV43UcDS 8tjKJSBtys+zbzGz06R+9BzbQnlV+AOhDmbOmEFx20nWHLnbS4GZpqFOX4NJbFDdPTOL A/kVWNuSMoCEBLU2+jZJbKVPaimY/vlFitwUc= MIME-Version: 1.0 Received: by 10.216.157.135 with SMTP id o7mr1313097wek.28.1314329329516; Thu, 25 Aug 2011 20:28:49 -0700 (PDT) Received: by 10.216.208.158 with HTTP; Thu, 25 Aug 2011 20:28:49 -0700 (PDT) In-Reply-To: <20110825222001.GX17489@deviant.kiev.zoral.com.ua> References: <4E56BB99.6030706@sgi.com> <20110825215348.GW17489@deviant.kiev.zoral.com.ua> <20110825222001.GX17489@deviant.kiev.zoral.com.ua> Date: Thu, 25 Aug 2011 22:28:49 -0500 Message-ID: From: Brandon Gooch To: Kostik Belousov Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-hackers@freebsd.org, Charlie Martin Subject: Re: Where to ask about a 7.2 bug, and debugging sys/queue.h errors X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Aug 2011 03:28:51 -0000 2011/8/25 Kostik Belousov : > On Thu, Aug 25, 2011 at 05:12:09PM -0500, Brandon Gooch wrote: >> On Thu, Aug 25, 2011 at 4:53 PM, Kostik Belousov w= rote: >> > On Thu, Aug 25, 2011 at 03:16:09PM -0600, Charlie Martin wrote: >> >> We're having a crash in some internal code running on FreeBSD 7.2 >> >> (specifically =A07.2-PRERELEASE FreeBSD 7.2-PRERELEASE and yeah, I kn= ow >> >> it's quite a bit behind) in which after 18-30 hours of running load >> >> tests, the code panics with: >> >> >> >> panic: Bad link elm 0xffffff0044c09600 next->prev !=3D elm >> >> cpuid =3D 0 >> >> KDB: stack backtrace: >> >> db_trace_self_wrapper() at 0xffffffff8019119a =3D db_trace_self_wrapp= er+0x2a >> >> panic() at 0xffffffff80307c72 =3D panic+0x182 >> >> devfs_populate_loop() at 0xffffffff802a43a8 =3D devfs_populate_loop+0= x548 >> >> >> >> >> >> First question: where's the most appropriate place to ask about this >> >> kind of bug on a back version. >> > It is fine to ask there. >> > >> >> >> >> Second: does this remind anyone of any bugs? =A0Googling came up with= a >> >> few somewhat similar things but hasn't provided much insight so far. >> > In 99% of the cases, it means that you forgot to dev_ref() some cdev. >> >> So dev_ref increments the reference count for a cdev. Even though the >> work "loop" seems to indicate that we will iterate over a list of >> objects (one of which we may be missing a reference to via a missing >> dev_ref()), I'm not seeing how this can cause a panic from inside >> devfs_populate_loop(). >> >> Can you help me understand this? >> > Missing dev_ref() means that the memory for the cdev (and cdev_priv) is > freed prematurely. If this happens before destroy_dev() is called, > then the list which is iterated over by populate_loop(), is corrupted. > > See e.g. MAKEDEV_REF flag for make_dev(9) and its use in the (old) clone > handlers. > Ahhh, thanks Kostik. Reading make_dev(9) (and more source code) now... -Brandon