From owner-freebsd-hackers@FreeBSD.ORG Tue Sep 20 17:54:55 2005 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C9F4C16A420 for ; Tue, 20 Sep 2005 17:54:55 +0000 (GMT) (envelope-from sebastien.bourdeauducq@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 05CB843D48 for ; Tue, 20 Sep 2005 17:54:54 +0000 (GMT) (envelope-from sebastien.bourdeauducq@gmail.com) Received: by xproxy.gmail.com with SMTP id t6so7441wxc for ; Tue, 20 Sep 2005 10:54:54 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:from:to:subject:date:user-agent:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=ApH6JY0MwTWFAbspYceHUBSpXM4pcgRSe879VrRX8ZZf3PrrqNylIo3Mwl3oNmZ5zsz5d6UX1Fl6UhvDwB/kw7pbld40JMgfNjOoBnELOTLx883rJ4qxDF2hW5uE2a1S6F9mLoxxxdK0wVReKEDRxaes3VhdWmkQMkf+IzTmikQ= Received: by 10.70.16.16 with SMTP id 16mr2064232wxp; Tue, 20 Sep 2005 10:48:20 -0700 (PDT) Received: from ?192.168.32.1? ( [82.231.252.157]) by mx.gmail.com with ESMTP id i13sm811740wxd.2005.09.20.10.48.19; Tue, 20 Sep 2005 10:48:20 -0700 (PDT) From: Sebastien To: freebsd-hackers@freebsd.org Date: Tue, 20 Sep 2005 19:49:53 +0200 User-Agent: KMail/1.8 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200509201949.53951.sebastien.bourdeauducq@gmail.com> Subject: Filesystem access from a KLD causes "vrele: negative ref cnt" panic X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Sep 2005 17:54:55 -0000 Hello, When the following kernel code has been run : ------------------------ struct thread *td = curthread; struct nameidata nd; int flags, resid; struct vattr vat; /* Some threads don't have a current working directory, set this to avoid a page fault on vn_open() call */ if(td->td_proc->p_fd->fd_rdir == NULL) td->td_proc->p_fd->fd_rdir = rootvnode; if(td->td_proc->p_fd->fd_cdir == NULL) td->td_proc->p_fd->fd_cdir = rootvnode; NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, &filename[0], td); flags = FREAD; vn_open(&nd, &flags, 0, -1); NDFREE(&nd, NDF_ONLY_PNBUF); /* Get the file size. */ VOP_GETATTR(nd.ni_vp, &vat, td->td_ucred, td); VOP_UNLOCK(nd.ni_vp, 0, td); vn_rdwr(UIO_READ, nd.ni_vp, buf, vat.va_size, 0, UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, NOCRED, &resid, td); vn_close(nd.ni_vp, FREAD, td->td_ucred, td); ------------------------ I have a random panic "vrele: negative ref cnt" when I shutdown the system. Am I double-freeing something in my code ? The fact that the panic is caused randomly suggests there is a synchronization problem - but the above code is always running under the protection of the Giant mutex. Regards, Sebastien PS: This was previously posted on freebsd-fs, but got no answers.