Date: Mon, 29 Nov 1999 15:34:37 -0500 (EST) From: David Gilbert <dgilbert@velocet.ca> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/15169: tsleep panics a panic Message-ID: <199911292034.PAA77619@trooper.velocet.net>
index | next in thread | raw e-mail
>Number: 15169
>Category: kern
>Synopsis: tsleep() dereferences *curproc while in a panic
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Nov 29 12:40:00 PST 1999
>Closed-Date:
>Last-Modified:
>Originator: David Gilbert
>Release: FreeBSD 3.2-STABLE i386
>Organization:
Velocet Communications
>Environment:
3.3-STABLE, vinum
>Description:
vinumlock.c calls tsleep() during a sync() in a panic --- which
means the curproc is 0. Now if KTRACE is defined, tsleep() dereferences
*curproc before it checks *panicstr... it looks like this was unintended
side effect of adding the KTRACE #ifdef.
>How-To-Repeat:
I'm running du on a large vinum drive, which causes it to panic
for some (as yet undetermined) reason or other.
>Fix:
I patched the following (there might be a better way to do it?):
*** kern_synch.c.orig Mon Nov 29 15:02:15 1999
--- kern_synch.c Mon Nov 29 15:05:03 1999
***************
*** 384,390 ****
struct callout_handle thandle;
#ifdef KTRACE
! if (KTRPOINT(p, KTR_CSW))
ktrcsw(p->p_tracep, 1, 0);
#endif
s = splhigh();
--- 384,390 ----
struct callout_handle thandle;
#ifdef KTRACE
! if (p && KTRPOINT(p, KTR_CSW))
ktrcsw(p->p_tracep, 1, 0);
#endif
s = splhigh();
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911292034.PAA77619>