From owner-freebsd-current@FreeBSD.ORG Tue Jul 10 16:23:14 2007 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3460416A421 for ; Tue, 10 Jul 2007 16:23:14 +0000 (UTC) (envelope-from peter@wemm.org) Received: from canning.wemm.org (canning.wemm.org [192.203.228.65]) by mx1.freebsd.org (Postfix) with ESMTP id 1D24513C46A for ; Tue, 10 Jul 2007 16:23:13 +0000 (UTC) (envelope-from peter@wemm.org) Received: from overcee.wemm.org (canning.wemm.org [192.203.228.65]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by canning.wemm.org (Postfix) with ESMTP id BDABE46B6A for ; Tue, 10 Jul 2007 09:23:13 -0700 (PDT) (envelope-from peter@wemm.org) Received: from overcee.wemm.org (localhost [127.0.0.1]) by overcee.wemm.org (8.14.1/8.14.1) with ESMTP id l6AFCYmk002541 for ; Tue, 10 Jul 2007 08:12:34 -0700 (PDT) (envelope-from peter@wemm.org) Received: from localhost (localhost [[UNIX: localhost]]) by overcee.wemm.org (8.14.1/8.14.1/Submit) id l6AFCY76002540 for current@freebsd.org; Tue, 10 Jul 2007 08:12:34 -0700 (PDT) (envelope-from peter@wemm.org) X-Authentication-Warning: overcee.wemm.org: peter set sender to peter@wemm.org using -f From: Peter Wemm To: current@freebsd.org Date: Tue, 10 Jul 2007 08:12:34 -0700 User-Agent: KMail/1.9.6 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200707100812.34540.peter@wemm.org> Cc: Subject: kqueue bug in 7.x with "things" that go away. X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2007 16:23:14 -0000 I've run into a bug in kqueue/tty in 7.x. How to reproduce: open a tty, eg: a usb ftdi ucom device (ttyU0) put a read event on it. sleep in kevent physically remove usb device observe dmesg to say ucom0 went away. Note sleeping program doesn't wake up. ctrl-C (or otherwise exit the program sleeping in kevent) panic! 0xdeadc0de reference or worse. There are probably other ways to make it go boom, but this is pretty graphic. The stack trace I have is a mess due to inlined static function calls, but here are the relevant parts: #7 0xffffffff8042d77e in calltrap () at ../../../amd64/amd64/exception.S:169 #8 0xffffffff802a1645 in knlist_remove_kq (knl=0xdeadc0dedeadc1ae, kn=0xffffff0003bc5b40, knlislocked=0, kqislocked=0) at ../../../kern/kern_event.c:1608 #9 0xffffffff802a41fe in kqueue_close (fp=0xffffff0003d90528, td=0xffffff000e5c29c0) at ../../../kern/kern_event.c:1463 #10 0xffffffff8029c3cc in fdrop (fp=0xffffff0003d90528, td=0xffffff000e5c29c0) at file.h:297 #11 0xffffffff8029d7fb in closef (fp=0xffffff0003d90528, td=0xffffff000e5c29c0) at ../../../kern/kern_descrip.c:1983 #12 0xffffffff8029e32d in fdfree (td=0xffffff000e5c29c0) at ../../../kern/kern_descrip.c:1693 #13 0xffffffff802a70cc in exit1 (td=0xffffff000e5c29c0, rv=2) ---Type to continue, or q to quit--- at ../../../kern/kern_exit.c:272 #14 0xffffffff802c651f in sigexit (td=0xffffff000e5c29c0, sig=0) at ../../../kern/kern_sig.c:2884 #15 0xffffffff802c7378 in postsig (sig=-559038034) at ../../../kern/kern_sig.c:2756 #16 0xffffffff802f4519 in ast (framep=0xffffffffabfe8c70) at ../../../kern/subr_trap.c:259 #17 0xffffffff8042d970 in Xfast_syscall () at ../../../amd64/amd64/exception.S:286 Unfortunately, you don't see the inlined function calls in the trace. I'm not 100% sure what frame 8 and 9 are. The kqueue filter functions dont seem to check TS_GONE. -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com "All of this is for nothing if we don't go to the stars" - JMS/B5