Date: Sun, 8 Mar 2009 04:32:49 +0900 From: "YAMAMOTO, Taku" <taku@tackymt.homeip.net> To: freebsd-current@freebsd.org Subject: Duplicate free in ffs_getextattr() with UFS_ACL Message-ID: <20090308043249.37e17467.taku@tackymt.homeip.net>
next in thread | raw e-mail | index | archive | help
Greetings,
I've come across the following duplicate free when tracking down the
occational page fault panic.
(kgdb) x/s panicstr
0xc08a7cc0: "Duplicate free of item 0xc4c9a290 from zone 0xc108c380(16)\n"
(kgdb) bt
#0 0xc05de3bd in doadump ()
#1 0xc05de964 in boot ()
#2 0xc05dedf8 in panic ()
#3 0xc075062b in uma_dbg_free ()
#4 0xc074f448 in uma_zfree_arg ()
#5 0xc05cd536 in free ()
#6 0xc0735a30 in ffs_close_ea ()
#7 0xc0736131 in ffs_getextattr ()
#8 0xc06751a7 in vn_extattr_get ()
#9 0xc0739086 in ufs_getacl ()
#10 0xc07433c6 in ufs_access ()
#11 0xc0655a18 in vfs_cache_lookup ()
#12 0xc07d48fd in VOP_LOOKUP_APV ()
#13 0xc065be19 in lookup ()
#14 0xc065cdce in namei ()
#15 0xc066bb6d in kern_statat_vnhook ()
#16 0xc066bcaf in kern_statat ()
#17 0xc066bce7 in kern_lstat ()
#18 0xc066bd7b in lstat ()
#19 0xc07c44ec in syscall ()
#20 0xc07aaab0 in Xint0x80_syscall ()
#21 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
The source tree is csupped at 2009-02-22T12:00:00Z.
I think the problem is that ffs_getextattr() depends on vp's being
exclusively locked but that no longer is true when ufs_access() are
going to retrieve an ACL.
Virtually yours,
--
-|-__ YAMAMOTO, Taku
| __ < <taku@tackymt.homeip.net>
- A chicken is an egg's way of producing more eggs. -
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090308043249.37e17467.taku>