NetBSD Problem Report #47846
From kardel@pip.acrys.com Tue May 21 21:00:22 2013
Return-Path: <kardel@pip.acrys.com>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id 2430B718D6
for <gnats-bugs@gnats.NetBSD.org>; Tue, 21 May 2013 21:00:22 +0000 (UTC)
Message-Id: <201305212100.r4LL0De5005967@pip.acrys.com>
Date: Tue, 21 May 2013 23:00:13 +0200 (CEST)
From: kardel@netbsd.org
Reply-To: kardel@netbsd.org
To: gnats-bugs@NetBSD.org
Subject: panic/lockups in raidframe during detach at shutdown
X-Send-Pr-Version: 3.95
>Number: 47846
>Category: kern
>Synopsis: panic/lockups in raidframe during detach at shutdown
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue May 21 21:05:00 +0000 2013
>Closed-Date: Tue May 31 07:16:23 +0000 2016
>Last-Modified: Tue May 31 07:16:23 +0000 2016
>Originator: Frank Kardel
>Release: NetBSD 6.99.19
>Organization:
>Environment:
System: NetBSD pip.kardel.name 6.99.19 NetBSD 6.99.19 (PIPGEN) #28: Tue May 21 22:10:18 CEST 2013 kardel@pip.kardel.name:/usr/src/sys/arch/amd64/compile/PIPGEN amd64
Architecture: x86_64
Machine: amd64
>Description:
raidframe panics or locks up at shutdown time.
Problem was introduced with the commit of dynamic allocation of
raidX devices.
Module Name: src
Committed By: christos
Date: Sat Apr 27 21:18:43 UTC 2013
Modified Files:
src/sys/dev/raidframe: rf_engine.c rf_netbsd.h rf_netbsdkintf.c
rf_raid.h
Log Message:
allocate devices dynamically.
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 src/sys/dev/raidframe/rf_engine.c
cvs rdiff -u -r1.29 -r1.30 src/sys/dev/raidframe/rf_netbsd.h
cvs rdiff -u -r1.299 -r1.300 src/sys/dev/raidframe/rf_netbsdkintf.c
cvs rdiff -u -r1.43 -r1.44 src/sys/dev/raidframe/rf_raid.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Issue is caused by:
- softc structure are dynamically, independently allocated within the code
- CFATTACH_DECL3_NEW(raid, sizeof(struct raid_softc), ...) still requests
a separate copy of struct raid_softc
- raid_detach() uses device_private() to access the uninitialized
softc structure allocated during config_attach_pseudo().
So, either you get stuck in raidlock() waiting forever or a panic is
triggered in e.g. iostat_free() trying to free never initialized iostat structures.
How-To-Repeat:
Try to shutdown using a raidframe configuration with current raidframe code
>How-To-Repeat:
>Fix:
Quick fix - more analysis is advisable.
Index: rf_netbsdkintf.c
===================================================================
RCS file: /cvsroot/src/sys/dev/raidframe/rf_netbsdkintf.c,v
retrieving revision 1.302
diff -u -r1.302 rf_netbsdkintf.c
--- rf_netbsdkintf.c 29 Apr 2013 21:21:10 -0000 1.302
+++ rf_netbsdkintf.c 21 May 2013 20:20:34 -0000
@@ -3841,15 +3843,20 @@
raid_detach(device_t self, int flags)
{
int error;
- struct raid_softc *rs = device_private(self);
+ struct raid_softc *rs = raidget(device_unit(self));
+
+ if (rs == NULL)
+ return ENXIO;
if ((error = raidlock(rs)) != 0)
return (error);
error = raid_detach_unlocked(rs);
raidunlock(rs);
+ /* XXXkd: raidput(rs) ??? */
+
return error;
}
The above is not completely analysed. The separate softc structure does not need to
be allocated (set DVF_PRIV_ALLOC?). Could there be more oversights?
Where should the raidput()s be done - are there possible leaks (not verified yet)?
>Release-Note:
>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/47846 CVS commit: src/sys/dev/raidframe
Date: Thu, 23 May 2013 10:15:52 -0400
Module Name: src
Committed By: christos
Date: Thu May 23 14:15:52 UTC 2013
Modified Files:
src/sys/dev/raidframe: rf_netbsdkintf.c
Log Message:
PR/47846: Frank Kardel: panic/lockups in raidframe during detach at shutdown
XXX: Fix this properly by using the memory allocated from the autoconf
subsystem and use raidput in all the places needed.
To generate a diff of this commit:
cvs rdiff -u -r1.302 -r1.303 src/sys/dev/raidframe/rf_netbsdkintf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: pgoyette@NetBSD.org
State-Changed-When: Tue, 31 May 2016 07:16:23 +0000
State-Changed-Why:
Fix committed by christos@ on May 23 14:15:52 UTC 2013
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.