Date: Sat, 11 Jan 2014 16:07:07 +0200 From: Alexander Motin <mav@FreeBSD.org> To: Andriy Gapon <avg@FreeBSD.org>, src-committers@FreeBSD.org, svn-src-all@FreeBSD.org, svn-src-head@FreeBSD.org Subject: Re: svn commit: r260541 - in head/sys/cam: . scsi Message-ID: <52D1500B.4020007@FreeBSD.org> In-Reply-To: <52D14ED6.8070708@FreeBSD.org> References: <201401111335.s0BDZaFU070072@svn.freebsd.org> <52D14ED6.8070708@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11.01.2014 16:01, Andriy Gapon wrote: > on 11/01/2014 15:35 Alexander Motin said the following: >> Author: mav >> Date: Sat Jan 11 13:35:36 2014 >> New Revision: 260541 >> URL: http://svnweb.freebsd.org/changeset/base/260541 >> >> Log: >> Take additional reference on SCSI probe periph to cover its freeze count. >> >> Otherwise periph may be invalidated and freed before single-stepping freeze >> is dropped, causing use after free panic. > > Alexander, > > do you think that this change will help with the panic like the following? > It occurred after I pulled out a flaky USB card reader that seemed to be in the > middle of probing attempts. The fault is a result of trying to lock a destroyed > mutex. No, I think that is different issue. > Fatal trap 12: page fault while in kernel mode > cpuid = 0; apic id = 00 > fault virtual address = 0x378 > fault code = supervisor read data, page not present > instruction pointer = 0x20:0xffffffff805858a0 > stack pointer = 0x28:0xfffffe01de3ffa70 > frame pointer = 0x28:0xfffffe01de3ffb00 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 3 (doneq0) > trap number = 12 > panic: page fault > cpuid = 0 > curthread: 0xfffff800112634c0 > stack: 0xfffffe01de3fc000 - 0xfffffe01de400000 > stack pointer: 0xfffffe01de3ff678 > KDB: stack backtrace: > db_trace_self_wrapper() at 0xffffffff803adceb = db_trace_self_wrapper+0x2b/frame > 0xfffffe01de3ff560 > kdb_backtrace() at 0xffffffff805cbdc9 = kdb_backtrace+0x39/frame 0xfffffe01de3ff610 > panic() at 0xffffffff80597783 = panic+0x1a3/frame 0xfffffe01de3ff690 > trap_fatal() at 0xffffffff8074c9c2 = trap_fatal+0x3a2/frame 0xfffffe01de3ff6f0 > trap_pfault() at 0xffffffff8074cbff = trap_pfault+0x22f/frame 0xfffffe01de3ff790 > trap() at 0xffffffff8074c42b = trap+0x5bb/frame 0xfffffe01de3ff9b0 > calltrap() at 0xffffffff80733b82 = calltrap+0x8/frame 0xfffffe01de3ff9b0 > --- trap 0xc, rip = 0xffffffff805858a0, rsp = 0xfffffe01de3ffa70, rbp = > 0xfffffe01de3ffb00 --- > __mtx_lock_sleep() at 0xffffffff805858a0 = __mtx_lock_sleep+0x1c0/frame > 0xfffffe01de3ffb00 > __mtx_lock_flags() at 0xffffffff805856c3 = __mtx_lock_flags+0x63/frame > 0xfffffe01de3ffb20 > xpt_done_process() at 0xffffffff8029e9ea = xpt_done_process+0x50a/frame > 0xfffffe01de3ffb60 > xpt_done_td() at 0xffffffff802a1896 = xpt_done_td+0x136/frame 0xfffffe01de3ffbb0 > fork_exit() at 0xffffffff8056d241 = fork_exit+0x71/frame 0xfffffe01de3ffbf0 > fork_trampoline() at 0xffffffff807340be = fork_trampoline+0xe/frame > 0xfffffe01de3ffbf0 Could you please resolve xpt_done_process+0x50a ? -- Alexander Motin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52D1500B.4020007>