panic after ifioctl/if_clone_destroy
Hans Petter Selasky
hps at selasky.org
Mon Aug 6 09:39:28 UTC 2018
Hi Matthew,
On 08/06/18 10:02, Hans Petter Selasky wrote:
> - if ((tdwait = TAILQ_FIRST(&record->er_tdlist)) != NULL &&
> - TD_IS_RUNNING(tdwait->et_td)) {
At least the TD_IS_RUNNING() check is invalid. The "tdwait" structure is
in the control of the other CPU and "tdwait->et_td" might be invalid at
any time, so accessing any members here is not a good idea.
It is pretty clear that the epoch was exited during the loop:
etd->et_td = (void*)0xDEADBEEF;
fault virtual address = 0xdeadc2ff
fault code = supervisor read data, page not present
If you remove the TD_IS_RUNNING() check I'm not sure how useful this
loop will be ...
--HPS
More information about the freebsd-current
mailing list