On Thu, Jan 04, 2007 at 06:07:27AM +0200, Kostik Belousov wrote: > On Wed, Jan 03, 2007 at 04:01:04PM -0500, John Baldwin wrote: > > On Wednesday 03 January 2007 09:18, Eugene Grosbein wrote: > > > Hi! > > > > > > I try to find bugs in 6.2-PRERELEASE by using it (q) :-) > > > The question is: are kernel options WITNESS/WITNESS_KDB expected > > > to be in usable kernel? I don't worry about performance overhead here. > > > > > > The problem is, I've found this is nearly impossible to run > > > my home system with RELENG_6 build from yesterday's sources, > > > X.org 6.9.0, mplayer etc. without panicing and crashdump generation > > > after an hour or so. Just switch from X to vty and logon gave me another > > > LOR and crashdump. One of these you can see here: > > > > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/107455 > > > > > > Perhaps, I should not use these options for everyday STABLE use? > > > > > > Eugene > > > > I think you are running into devfs bugs actually. > > I would suggest that the problem may be in the nvidia driver instead. > It seems to be related to dev cloning. > > Anyway, obtaining exact location of fault in devfs_populate_loop (either > with crashdump/kgdb or manually) would be first step.
Ok, thanks to Eugene for sending me requested information in private message. The problem is revealed by INVARIANTS option, not by WITNESS, and is definitely the use-after-free. in src/nvidia_dev.c, nvidia_dev_close(), that is cdevsw.d_close proc, the destroy_dev() is called. Please, apply rev. 1.199 of sys/kern/kern_conf.c. I expect that crashes shall stop, but non-killable processes (in the "devdrn") state would accumulate. Please, confirm.
pgphDvlfI6apx.pgp
Description: PGP signature
