From owner-freebsd-stable@FreeBSD.ORG Fri May 9 02:30:54 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 96B4ED4D; Fri, 9 May 2014 02:30:54 +0000 (UTC) Received: from mail-qc0-x230.google.com (mail-qc0-x230.google.com [IPv6:2607:f8b0:400d:c01::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 383B2276; Fri, 9 May 2014 02:30:54 +0000 (UTC) Received: by mail-qc0-f176.google.com with SMTP id r5so3872644qcx.7 for ; Thu, 08 May 2014 19:30:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Y7aBbi5xWdW00W1jlTZnJxvi1T8nafnj3fv0ErmXCjg=; b=nVoXYVMzBCCxv28S4okJozJuoAj+Rgp+gs/e5B493fiPUHzD6lHw8+Bgpr0NyjkTJJ 8PngoQ9Vn5grY4S8e3HhIfqseSNmZN+zQ29Sqje0LeG+UdmV388AqjkjrO1vZq2wUtNk qEcLbCLEcl5ftF5r6zDA5l0ybP4kRe+sXbgRHZpcq+ipC3cPgnkMsHHUvj9O6P+StrZ8 G4FASBlt1yyRoGpF08ukk6Au2sn1bweEvt1iA5UXl9MZ36a6eATDMbXEP+LxpEFtal3A Hlc2iPcFi9N2vWLufL7GuFYgaftGhn5xInauQB8l74m52uJD1mQJel2nwuCdKBiqCDQJ xFoA== MIME-Version: 1.0 X-Received: by 10.140.49.208 with SMTP id q74mr1341090qga.103.1399602653328; Thu, 08 May 2014 19:30:53 -0700 (PDT) Received: by 10.96.10.161 with HTTP; Thu, 8 May 2014 19:30:53 -0700 (PDT) In-Reply-To: <201405081219.27412.jhb@freebsd.org> References: <1398097892.1101.6.camel@powernoodle.corp.yahoo.com> <201405071431.38812.jhb@freebsd.org> <201405081219.27412.jhb@freebsd.org> Date: Thu, 8 May 2014 19:30:53 -0700 Message-ID: Subject: Re: stable/10 panic From: hiren panchasara To: John Baldwin Content-Type: text/plain; charset=UTF-8 Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 May 2014 02:30:54 -0000 [trimming a lot of things] On Thu, May 8, 2014 at 9:19 AM, John Baldwin wrote: > On Thursday, May 08, 2014 12:39:20 am hiren panchasara wrote: >> On Wed, May 7, 2014 at 11:31 AM, John Baldwin wrote: >> >> 1639. /* >> >> 1640. * shutdown the pipe >> >> 1641. */ >> >> 1642. static void >> >> 1643. pipeclose(cpipe) >> >> 1644. struct pipe *cpipe; >> >> 1645. { >> >> 1646. struct pipepair *pp; >> >> 1647. struct pipe *ppipe; >> >> 1648. >> >> 1649. KASSERT(cpipe != NULL, ("pipeclose: cpipe == NULL")); >> >> 1650. >> >> 1651. PIPE_LOCK(cpipe); >> >> 1652. pipelock(cpipe, 0); >> >> 1653. pp = cpipe->pipe_pair; >> >> 1654. >> >> 1655. pipeselwakeup(cpipe); >> >> >> >> pipeclose() gets called from pipe_dtor() >> > >> > Eh, so it seems like pipeclose() has been called twice on the same pipe which >> > should never happen. >> >> How did you get to that conclusion? > > The pipe's state (cpipe->pipe_present) is set to 3 (PIPE_FINALIZED) which only > happens at bottom of pipeclose(cpipe). However, in your panic, you are dying > at the start of pipeclose() when cpipe's state should be the initial state > still. That is also consistent with the panic as the knlist for the pipe has > already been destroyed (which happens later in pipeclose()) and that is what > zero's the lock fields in knlist causing the actual fault in knote(). > Makes sense. > > Eh, kgdb should be deterministic given a specific kernel and core file. > That is to say, above 'f 11', 'p *dpipe' did something, but here it > did not. Are you running kgdb on the same core or a different one? > Just to end the confusion: http://people.freebsd.org/~hiren/pipeclose_panic_stable10.txt > >> (kgdb) p *fip >> $2 = {fi_pipe = 0xffffffff80c96b7e, fi_readers = -2129533840, >> fi_writers = -8782327094120} > > The readers/writers counts here are garbage. I probably wouldn't trust > the fi_pipe value either. Would be nice to know if the various pointers > line up. Also, I would expect a FIFO to have the 'NAMED' flag set and > thus for pipe_peer to be a different pipe (not itself), but I believe that > was not true from the earlier posts. My reading of code says named pipe doesn't have different pipe for pipe_peer? sys/kern/sys_pipe.c #define PIPE_PEER(pipe) \ (((pipe)->pipe_state & PIPE_NAMED) ? (pipe) : ((pipe)->pipe_peer)) cheers, Hiren