From owner-freebsd-current@FreeBSD.ORG Sun Aug 31 17:11:55 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 25ED916A4BF; Sun, 31 Aug 2003 17:11:55 -0700 (PDT) Received: from milla.ask33.net (milla.ask33.net [217.197.166.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 288A943FEC; Sun, 31 Aug 2003 17:11:54 -0700 (PDT) (envelope-from nick@milla.ask33.net) Received: by milla.ask33.net (Postfix, from userid 1001) id 8536F3ABB2D; Mon, 1 Sep 2003 02:13:45 +0200 (CEST) Date: Mon, 1 Sep 2003 02:13:45 +0200 From: Pawel Jakub Dawidek To: "Kenneth D. Merry" Message-ID: <20030901001345.GE47959@garage.freebsd.pl> References: <20030830040357.GA42770@panzer.kdm.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="fUVTCYYuehuPLEwK" Content-Disposition: inline In-Reply-To: <20030830040357.GA42770@panzer.kdm.org> X-PGP-Key-URL: http://garage.freebsd.pl/jules.asc X-OS: FreeBSD 4.8-RELEASE-p3 i386 X-URL: http://garage.freebsd.pl User-Agent: Mutt/1.5.1i cc: current@FreeBSD.org cc: phk@FreeBSD.org Subject: Re: need some debugging help X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Sep 2003 00:11:55 -0000 --fUVTCYYuehuPLEwK Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Aug 29, 2003 at 10:03:57PM -0600, Kenneth D. Merry wrote: +> I've been working on a set of patches to remove the sysctl variable crea= tion +> from interrupt context in the cd(4) and da(4) drivers. +>=20 +> To fix the problem, I've created a new taskqueue that runs in a thread +> context, instead of inside a software interrupt like the current task +> queues. (The eventual fix will involve moving the CAM probe inside a +> thread; this will provide a more temporary solution that will hopefully +> also work on -stable, until we can change the CAM probe code.) +>=20 +> I think I have everything setup correctly, but I keep getting panics ins= ide +> the GEOM code with these patches. (Memory modified after free.) I don't +> know whether I've just exposed some race condition, or whether I've done +> something wrong. +>=20 +> I've seen several different panics, all with the same root cause (memory +> modified after free), and with two different previous memory pools -- ge= om +> and devbuf. I was getting same panics while I was working on GEOM Gate. After many hours of debugging I've tracked this down - I've initialized a mutex, but I haven't destroy it. As I susspect you're loading cd(4) as kld module? It seems, that you're making exactly same bug: mtx_init(&kthread_mutex, "taskqueue kthread", NULL, MTX_DEF); And where is mtx_destroy()? --=20 Pawel Jakub Dawidek pawel@dawidek.net UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net --fUVTCYYuehuPLEwK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBP1KPOT/PhmMH/Mf1AQEwwQP/UuFUeJxXWxk/VEOhsABjeRWNiH0Y/qvU XuS4u/kdRU6ZxCkeur8Jw2cWd4zJW8piBsRLT5JldhyifCZAzJdlMJcDwISwDa8C 5kxYR3Da0IP6cWQX5wUux4e4lE3zsgRzyBzn073KxIHnQG8oXJ1hq+ahRaysT3yf E8b5lb4Xz5w= =C0WB -----END PGP SIGNATURE----- --fUVTCYYuehuPLEwK--