From dgilbert@trooper.velocet.net Mon Nov 29 12:34:40 1999
Return-Path: <dgilbert@trooper.velocet.net>
Received: from trooper.velocet.net (trooper.velocet.net [216.126.82.226])
	by hub.freebsd.org (Postfix) with ESMTP id 4BFFB15340
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 29 Nov 1999 12:34:38 -0800 (PST)
	(envelope-from dgilbert@trooper.velocet.net)
Received: (from dgilbert@localhost)
	by trooper.velocet.net (8.9.3/8.9.3) id PAA77619;
	Mon, 29 Nov 1999 15:34:37 -0500 (EST)
	(envelope-from dgilbert)
Message-Id: <199911292034.PAA77619@trooper.velocet.net>
Date: Mon, 29 Nov 1999 15:34:37 -0500 (EST)
From: David Gilbert <dgilbert@velocet.ca>
Sender: dgilbert@trooper.velocet.net
Reply-To: dgilbert@velocet.ca
To: FreeBSD-gnats-submit@freebsd.org
Subject: tsleep panics a panic
X-Send-Pr-Version: 3.2

>Number:         15169
>Category:       kern
>Synopsis:       tsleep() dereferences *curproc while in a panic
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 29 12:40:00 PST 1999
>Closed-Date:    Tue Nov 30 01:05:06 PST 1999
>Last-Modified:  Tue Nov 30 01:06:26 PST 1999
>Originator:     David Gilbert
>Release:        FreeBSD 3.2-STABLE i386
>Organization:
Velocet Communications
>Environment:

	3.3-STABLE, vinum

>Description:

	vinumlock.c calls tsleep() during a sync() in a panic --- which
means the curproc is 0.  Now if KTRACE is defined, tsleep() dereferences
*curproc before it checks *panicstr... it looks like this was unintended
side effect of adding the KTRACE #ifdef.

>How-To-Repeat:

	I'm running du on a large vinum drive, which causes it to panic
for some (as yet undetermined) reason or other.

>Fix:
	
I patched the following (there might be a better way to do it?):

*** kern_synch.c.orig   Mon Nov 29 15:02:15 1999
--- kern_synch.c        Mon Nov 29 15:05:03 1999
***************
*** 384,390 ****
        struct callout_handle thandle;
  
  #ifdef KTRACE
!       if (KTRPOINT(p, KTR_CSW))
                ktrcsw(p->p_tracep, 1, 0);
  #endif
        s = splhigh();
--- 384,390 ----
        struct callout_handle thandle;
  
  #ifdef KTRACE
!       if (p && KTRPOINT(p, KTR_CSW))
                ktrcsw(p->p_tracep, 1, 0);
  #endif
        s = splhigh();
	


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: peter 
State-Changed-When: Tue Nov 30 01:05:06 PST 1999 
State-Changed-Why:  
Suggested fix applied, kern_synch.c revs  1.85, 1.72.2.4 and 1.26.2.6 
Thanks! 
>Unformatted:
