From owner-freebsd-current  Sun May 27 12:31:11 2001
Delivered-To: freebsd-current@freebsd.org
Received: from midten.fast.no (midten.fast.no [213.188.8.11])
	by hub.freebsd.org (Postfix) with ESMTP
	id A516337B42C; Sun, 27 May 2001 12:31:04 -0700 (PDT)
	(envelope-from Tor.Egge@fast.no)
Received: from fast.no (IDENT:tegge@midten.fast.no [213.188.8.11])
	by midten.fast.no (8.9.3/8.9.3) with ESMTP id VAA90048;
	Sun, 27 May 2001 21:30:59 +0200 (CEST)
Message-Id: <200105271930.VAA90048@midten.fast.no>
To: mdharnois@home.com
Cc: tmoestl@gmx.net, freebsd-current@FreeBSD.ORG, alfred@FreeBSD.ORG,
	jhb@FreeBSD.ORG, rwatson@FreeBSD.ORG
Subject: Re: next panic: blockable sleep lock
From: Tor.Egge@fast.no
In-Reply-To: Your message of "27 May 2001 01:22:24 -0500"
References: <86u22748gv.fsf_-_@mharnois.workgroup.net>
X-Mailer: Mew version 1.70 on Emacs 19.34.1
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Sun, 27 May 2001 21:30:59 +0200
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

> freeing uidinfo: uid = 0, sbsize = 3197224
> freeing uidinfo: uid = 0, proccnt = 86
[...]
> trap(c8d20018,c01d0010,c8cb0010,4,c0b3351c) at trap+0x5d0
> calltrap() at calltrap+0x5
> --- trap 0xc, eip = 0xc01ba652, esp = 0xc8d27ed4, ebp = 0xc8d27ee0 ---
> _mtx_lock_sleep(c0b3351c,0,c035076c,364) at mtx_lock_sleep+0x342
> chgproccnt(c0b33500,ffffffff,0,c1280900,c03b0d40,c8d26bbc,c1280900) at chgproccnt+0x67

The ui_ref member in struct uidinfo is only 16 bits.  This means that
a fatal wraparound due to a missing call to uifree() can happen rather
quickly.

Index: sys/kern/kern_prot.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_prot.c,v
retrieving revision 1.91
diff -u -r1.91 kern_prot.c
--- sys/kern/kern_prot.c	2001/05/25 16:59:06	1.91
+++ sys/kern/kern_prot.c	2001/05/27 07:10:10
@@ -1303,6 +1303,8 @@
 		 */
 		if (cr->cr_uidinfo != NULL)
 			uifree(cr->cr_uidinfo);
+		if (cr->cr_ruidinfo != NULL)
+			uifree(cr->cr_ruidinfo);
 		/*
 		 * Free a prison, if any.
 		 */


- Tor Egge

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message