Fix for some stress panics

Antoine Pelisse apelisse at gmail.com
Sun Aug 7 20:24:47 GMT 2005


http://people.freebsd.org/~pho/stress/log/cons149.html
http://people.freebsd.org/~pho/stress/log/cons130.html

I've been working on this panic today (the two are obviously 
the same) and here is a patch to fix it:
--- sys/kern/kern_proc.c.orig Mon Apr 18 04:10:36 2005
+++ sys/kern/kern_proc.c Sun Aug 7 21:18:03 2005
@@ -884,10 +884,8 @@
_PHOLD(p);
FOREACH_THREAD_IN_PROC(p, td) {
fill_kinfo_thread(td, &kinfo_proc);
- PROC_UNLOCK(p);
error = SYSCTL_OUT(req, (caddr_t)&kinfo_proc,
sizeof(kinfo_proc));
- PROC_LOCK(p);
if (error)
break;
}

As a matter of fact, if td is removed from the list through thread_unlink 
while
the mutex is released and the next thread is removed just after, the FOREACH 

is looping through an unlinked list where the td_ksegrp has been set to NULL 

by thread_exit.
If we absolutely have to release the lock, then it's probably safer to check 
if 
td_ksegroup != NULL in the fill_kinfo_thread function.

Regards, 
Antoine Pelisse.


More information about the freebsd-current mailing list