From owner-svn-src-all@FreeBSD.ORG Sat Jan 11 14:07:13 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D8A55BB9; Sat, 11 Jan 2014 14:07:12 +0000 (UTC) Received: from mail-ea0-x232.google.com (mail-ea0-x232.google.com [IPv6:2a00:1450:4013:c01::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id F0C45153D; Sat, 11 Jan 2014 14:07:11 +0000 (UTC) Received: by mail-ea0-f178.google.com with SMTP id d10so2491752eaj.37 for ; Sat, 11 Jan 2014 06:07:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=T4QPxLR1B5mpIC4vpFw50ENv70MY/Cj/W8WoPJSdYcc=; b=YNGfE7nFr1BZGSUm6zSAnYOklLwCOLXiSUagPyEV+feu4jtjnfELAauV7Jd1XznTMQ qCWg9pf1ltcpzSOOeUt8CpNHK+EeoDtv7qKwXYC75tDyzxk1pT0QNtgphddG9Q+E6u2Z mws4WNEQ7dpqr5icTjpDDgyXt9/ER+oPcZ9Zj5bR7egfERJBrKe3Gl8Pdlzaev+BgbUy jvQSIy3Rf5U1DTBoYs8gCqEULt3FL83x5sa3FLZ5LtlFpwhpIl1ebi39nAy1fzOU5VR0 gguGv/qtJGrKMXtGmXa0TSuyu4zWl93loECfSSlZfjNOIhnfRgL/7MoFN92IuG7D/J7H TALA== X-Received: by 10.14.176.195 with SMTP id b43mr15622842eem.39.1389449230369; Sat, 11 Jan 2014 06:07:10 -0800 (PST) Received: from mavbook.mavhome.dp.ua ([134.249.139.101]) by mx.google.com with ESMTPSA id e43sm23112153eep.7.2014.01.11.06.07.08 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 11 Jan 2014 06:07:09 -0800 (PST) Sender: Alexander Motin Message-ID: <52D1500B.4020007@FreeBSD.org> Date: Sat, 11 Jan 2014 16:07:07 +0200 From: Alexander Motin User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Andriy Gapon , src-committers@FreeBSD.org, svn-src-all@FreeBSD.org, svn-src-head@FreeBSD.org Subject: Re: svn commit: r260541 - in head/sys/cam: . scsi References: <201401111335.s0BDZaFU070072@svn.freebsd.org> <52D14ED6.8070708@FreeBSD.org> In-Reply-To: <52D14ED6.8070708@FreeBSD.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jan 2014 14:07:13 -0000 On 11.01.2014 16:01, Andriy Gapon wrote: > on 11/01/2014 15:35 Alexander Motin said the following: >> Author: mav >> Date: Sat Jan 11 13:35:36 2014 >> New Revision: 260541 >> URL: http://svnweb.freebsd.org/changeset/base/260541 >> >> Log: >> Take additional reference on SCSI probe periph to cover its freeze count. >> >> Otherwise periph may be invalidated and freed before single-stepping freeze >> is dropped, causing use after free panic. > > Alexander, > > do you think that this change will help with the panic like the following? > It occurred after I pulled out a flaky USB card reader that seemed to be in the > middle of probing attempts. The fault is a result of trying to lock a destroyed > mutex. No, I think that is different issue. > Fatal trap 12: page fault while in kernel mode > cpuid = 0; apic id = 00 > fault virtual address = 0x378 > fault code = supervisor read data, page not present > instruction pointer = 0x20:0xffffffff805858a0 > stack pointer = 0x28:0xfffffe01de3ffa70 > frame pointer = 0x28:0xfffffe01de3ffb00 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 3 (doneq0) > trap number = 12 > panic: page fault > cpuid = 0 > curthread: 0xfffff800112634c0 > stack: 0xfffffe01de3fc000 - 0xfffffe01de400000 > stack pointer: 0xfffffe01de3ff678 > KDB: stack backtrace: > db_trace_self_wrapper() at 0xffffffff803adceb = db_trace_self_wrapper+0x2b/frame > 0xfffffe01de3ff560 > kdb_backtrace() at 0xffffffff805cbdc9 = kdb_backtrace+0x39/frame 0xfffffe01de3ff610 > panic() at 0xffffffff80597783 = panic+0x1a3/frame 0xfffffe01de3ff690 > trap_fatal() at 0xffffffff8074c9c2 = trap_fatal+0x3a2/frame 0xfffffe01de3ff6f0 > trap_pfault() at 0xffffffff8074cbff = trap_pfault+0x22f/frame 0xfffffe01de3ff790 > trap() at 0xffffffff8074c42b = trap+0x5bb/frame 0xfffffe01de3ff9b0 > calltrap() at 0xffffffff80733b82 = calltrap+0x8/frame 0xfffffe01de3ff9b0 > --- trap 0xc, rip = 0xffffffff805858a0, rsp = 0xfffffe01de3ffa70, rbp = > 0xfffffe01de3ffb00 --- > __mtx_lock_sleep() at 0xffffffff805858a0 = __mtx_lock_sleep+0x1c0/frame > 0xfffffe01de3ffb00 > __mtx_lock_flags() at 0xffffffff805856c3 = __mtx_lock_flags+0x63/frame > 0xfffffe01de3ffb20 > xpt_done_process() at 0xffffffff8029e9ea = xpt_done_process+0x50a/frame > 0xfffffe01de3ffb60 > xpt_done_td() at 0xffffffff802a1896 = xpt_done_td+0x136/frame 0xfffffe01de3ffbb0 > fork_exit() at 0xffffffff8056d241 = fork_exit+0x71/frame 0xfffffe01de3ffbf0 > fork_trampoline() at 0xffffffff807340be = fork_trampoline+0xe/frame > 0xfffffe01de3ffbf0 Could you please resolve xpt_done_process+0x50a ? -- Alexander Motin