Ian FREISLICH wrote: > John Baldwin wrote: > > The uart thing is a red herring, notice the actual PC value is '0'. Someth ing > > in kern_open() invoked a NULL function pointer. Doing 'l *kern_open+0x35' in > > kgdb would be a good start of where to look. > > (kgdb) l *kern_open+0x35 > 0xc0649ce5 is in kern_open (/usr/src/sys/kern/vfs_syscalls.c:1040). > 1035 kern_open(struct thread *td, char *path, enum uio_seg pathseg, int fl ags, > 1036 int mode) > 1037 { > 1038 > 1039 return (kern_openat(td, AT_FDCWD, path, pathseg, flags, mode) ); > 1040 } > 1041 > 1042 int > 1043 kern_openat(struct thread *td, int fd, char *path, enum uio_seg paths eg, > 1044 int flags, int mode) > > That's what my reading seemed indicate. I had to downgrade the > system back to 8.0-STABLE at around 21 April 2010, to get the system > working. > > I'm currently doing a binary search to find offending commit, since > CURRENT and STABLE panic reliably, and in the same way I'm sure > that the problem is common to both. > > I'm down to a window of 9 hours. My money is currently on: > > Working file: sys/kern/vfs_syscalls.c > Approved by: re (bz) > ---------------------------- > revision 1.487.2.7 > date: 2010/04/27 10:47:54; author: kib; state: Exp; lines: +2 -15 > SVN rev 207270 on 2010-04-27 10:47:54Z by kib > > MFC r206547: > Handle a case in kern_openat() when vn_open() change file type from > DTYPE_VNODE. > ---------------------------- Confirmed. 1.487.2.6 doesn't panic, 1.487.2.7 does. This is the change that results in the panic. --- sys/kern/vfs_syscalls.c 16 Apr 2010 08:32:08 -0000 1.487.2.6 +++ sys/kern/vfs_syscalls.c 27 Apr 2010 10:47:54 -0000 1.487.2.7 _at__at_ -35,7 +35,7 _at__at_ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.487.2.6 2010/04/16 08:32:08 kib Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.487.2.7 2010/04/27 10:47:54 kib Exp $"); #include "opt_compat.h" #include "opt_kdtrace.h" _at__at_ -1047,8 +1047,6 _at__at_ struct filedesc *fdp = p->p_fd; struct file *fp; struct vnode *vp; - struct vattr vat; - struct mount *mp; int cmode; struct file *nfp; int type, indx, error; _at__at_ -1141,7 +1139,7 _at__at_ } VOP_UNLOCK(vp, 0); - if (flags & (O_EXLOCK | O_SHLOCK)) { + if (fp->f_type == DTYPE_VNODE && (flags & (O_EXLOCK | O_SHLOCK)) != 0) { lf.l_whence = SEEK_SET; lf.l_start = 0; lf.l_len = 0; _at__at_ -1158,18 +1156,7 _at__at_ atomic_set_int(&fp->f_flag, FHASLOCK); } if (flags & O_TRUNC) { - if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) - goto bad; - VATTR_NULL(&vat); - vat.va_size = 0; - vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); -#ifdef MAC - error = mac_vnode_check_write(td->td_ucred, fp->f_cred, vp); - if (error == 0) -#endif - error = VOP_SETATTR(vp, &vat, td->td_ucred); - VOP_UNLOCK(vp, 0); - vn_finished_write(mp); + error = fo_truncate(fp, 0, td->td_ucred, td); if (error) goto bad; } mount: /dev/fuse0 on /1-wire (fusefs, local, synchronous) Something about it has a write echo -n 192 > /1-wire/29.A52A03000000/PIO.BYTE Panic. But not like: echo -n 192 >> /1-wire/29.A52A03000000/PIO.BYTE I suspect the truncate is not safe. Or, at least this fuse presented fite cannot be truncated. Ian -- Ian FreislichReceived on Mon Aug 23 2010 - 11:29:10 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:06 UTC