Duplicate free in ffs_getextattr() with UFS_ACL

From: YAMAMOTO, Taku <taku_at_tackymt.homeip.net>
Date: Sun, 8 Mar 2009 04:32:49 +0900
Greetings,

I've come across the following duplicate free when tracking down the
occational page fault panic.

(kgdb) x/s panicstr
0xc08a7cc0:      "Duplicate free of item 0xc4c9a290 from zone 0xc108c380(16)\n"
(kgdb) bt
#0  0xc05de3bd in doadump ()
#1  0xc05de964 in boot ()
#2  0xc05dedf8 in panic ()
#3  0xc075062b in uma_dbg_free ()
#4  0xc074f448 in uma_zfree_arg ()
#5  0xc05cd536 in free ()
#6  0xc0735a30 in ffs_close_ea ()
#7  0xc0736131 in ffs_getextattr ()
#8  0xc06751a7 in vn_extattr_get ()
#9  0xc0739086 in ufs_getacl ()
#10 0xc07433c6 in ufs_access ()
#11 0xc0655a18 in vfs_cache_lookup ()
#12 0xc07d48fd in VOP_LOOKUP_APV ()
#13 0xc065be19 in lookup ()
#14 0xc065cdce in namei ()
#15 0xc066bb6d in kern_statat_vnhook ()
#16 0xc066bcaf in kern_statat ()
#17 0xc066bce7 in kern_lstat ()
#18 0xc066bd7b in lstat ()
#19 0xc07c44ec in syscall ()
#20 0xc07aaab0 in Xint0x80_syscall ()
#21 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)

The source tree is csupped at 2009-02-22T12:00:00Z.

I think the problem is that ffs_getextattr() depends on vp's being
exclusively locked but that no longer is true when ufs_access() are
going to retrieve an ACL.


Virtually yours,
-- 
-|-__   YAMAMOTO, Taku
 | __ <     <taku_at_tackymt.homeip.net>

      - A chicken is an egg's way of producing more eggs. -
Received on Sat Mar 07 2009 - 18:32:52 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:43 UTC