Date: Thu, 4 Jan 2007 12:37:08 +0200 From: Kostik Belousov <kostikbel@gmail.com> To: Eugene Grosbein <eugen@kuzbass.ru> Cc: freebsd-hackers@freebsd.org Subject: Re: WITNESS & RELENG_6 Message-ID: <20070104103708.GF21325@deviant.kiev.zoral.com.ua> In-Reply-To: <20070104040727.GD21325@deviant.kiev.zoral.com.ua> References: <20070103141820.GA1014@grosbein.pp.ru> <200701031601.05541.jhb@freebsd.org> <20070104040727.GD21325@deviant.kiev.zoral.com.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
--a/RL+Md+4nRpYrpt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 04, 2007 at 06:07:27AM +0200, Kostik Belousov wrote: > On Wed, Jan 03, 2007 at 04:01:04PM -0500, John Baldwin wrote: > > On Wednesday 03 January 2007 09:18, Eugene Grosbein wrote: > > > Hi! > > >=20 > > > I try to find bugs in 6.2-PRERELEASE by using it (q) :-) > > > The question is: are kernel options WITNESS/WITNESS_KDB expected > > > to be in usable kernel? I don't worry about performance overhead here. > > >=20 > > > The problem is, I've found this is nearly impossible to run > > > my home system with RELENG_6 build from yesterday's sources, > > > X.org 6.9.0, mplayer etc. without panicing and crashdump generation > > > after an hour or so. Just switch from X to vty and logon gave me anot= her > > > LOR and crashdump. One of these you can see here: > > >=20 > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dkern/107455 > > >=20 > > > Perhaps, I should not use these options for everyday STABLE use? > > >=20 > > > Eugene > >=20 > > I think you are running into devfs bugs actually. >=20 > I would suggest that the problem may be in the nvidia driver instead. > It seems to be related to dev cloning. >=20 > Anyway, obtaining exact location of fault in devfs_populate_loop (either > with crashdump/kgdb or manually) would be first step. Ok, thanks to Eugene for sending me requested information in private messag= e. The problem is revealed by INVARIANTS option, not by WITNESS, and is defini= tely the use-after-free. in src/nvidia_dev.c, nvidia_dev_close(), that is cdevsw.d_close proc, the destroy_dev() is called. Please, apply rev. 1.199 of sys/kern/kern_conf= .c. I expect that crashes shall stop, but non-killable processes (in the "devdr= n") state would accumulate. Please, confirm. --a/RL+Md+4nRpYrpt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD4DBQFFnNjUC3+MBN1Mb4gRAmiGAJ4pbkgJHnMzK6mgf1H8uVBL4CPinACVGh79 F4mh5TrVWMrPGHHwzc21uQ== =RPvu -----END PGP SIGNATURE----- --a/RL+Md+4nRpYrpt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070104103708.GF21325>