From owner-freebsd-stable Fri Jun 28 10:17:51 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 19FE837B400 for ; Fri, 28 Jun 2002 10:17:46 -0700 (PDT) Received: from prism.flugsvamp.com (66-191-112-47.mad.wi.charter.com [66.191.112.47]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A93A43E06 for ; Fri, 28 Jun 2002 10:17:45 -0700 (PDT) (envelope-from jlemon@flugsvamp.com) Received: (from jlemon@localhost) by prism.flugsvamp.com (8.11.6/8.11.6) id g5SHHRw86464; Fri, 28 Jun 2002 12:17:27 -0500 (CDT) (envelope-from jlemon) Date: Fri, 28 Jun 2002 12:17:27 -0500 (CDT) From: Jonathan Lemon Message-Id: <200206281717.g5SHHRw86464@prism.flugsvamp.com> To: don@sandvine.com, stable@freebsd.org Subject: Re: panic in 4.6 with knote_enqueue from kill X-Newsgroups: local.mail.freebsd-stable In-Reply-To: Organization: Cc: Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In article you write: >I have a system panic occuring with FreeBSD 4.6. The stack trace is below... > >Debugger(c032d70a) at Debugger+0x34 >panic(c032bf57,e0f37000,800001e,e0f35ee4,c01ba339) at panic+0xa4 >knote_enqueue(e0f37000) at knote_enqueue+0x22 >knote(db433820,800001e) at knote+0x35 >psignal(db433700,1e,2,db433700,e0f35f80) at psignal+0x49 >kill(db433700,e0f35f80,281f8944,81a9000,818467c) at kill+0x7b >syscall2(2821002f,281f002f,80f002f,818467c,81a9000) at syscall2+0x23d >Xint0x80_syscall() at Xint0x80_syscall+0x2b The assumption made when calling knote() is that we are already at the correct spl level associated with a particular knote list, so no locking should be required. It appears that this isn't true for psignal(), it can be called either from a syscall, or from an interrupt. My guess is that in the call chain above, after checking the kn_status in KNOTE_ACTIVATE(), but before reaching splhigh() in knote_enqueue, an interrupt occurs which causes psignal() to be called again, and queues the knote for retrieval. This causes the assertion to be triggered. Try the patch below. -- Jonathan Index: kern_sig.c =================================================================== RCS file: /ncvs/src/sys/kern/kern_sig.c,v retrieving revision 1.72.2.14 diff -u -r1.72.2.14 kern_sig.c --- kern_sig.c 14 Dec 2001 03:05:32 -0000 1.72.2.14 +++ kern_sig.c 28 Jun 2002 17:23:59 -0000 @@ -1011,7 +1011,9 @@ panic("psignal signal number"); } + s = splhigh(); KNOTE(&p->p_klist, NOTE_SIGNAL | sig); + splx(s); prop = sigprop(sig); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message