(audit?) Panic in 6.2-PRERELEASE
Ceri Davies
ceri at submonkey.net
Sat Jan 6 13:25:47 UTC 2007
On Sat, Jan 06, 2007 at 12:01:51PM +0000, Robert Watson wrote:
> On Fri, 5 Jan 2007, Ceri Davies wrote:
>
> >On Fri, Jan 05, 2007 at 01:34:04PM +0000, Robert Watson wrote:
> >>
> >>On Fri, 5 Jan 2007, Ceri Davies wrote:
> >>
> >>>>Much as I would love to trust the contents of ub there, I suspect they
> >>>>can't be trusted. Could you print the contents of *fp in kern_fstat()
> >>>>in both of those stacks? I'd particularly like to know the value of
> >>>>fp->f_type, and then depending on the type, possibly the contents of
> >>>>*(struct vnode *)fp->f_vnode for DTYPE_VNODE/TYPE_FIFO or *(struct
> >>>>socket *)fp->f_data in the case of DTYPE_SOCKET.
> >>>
> >>>Can you tell me how to get at *fp given that the stack trace shows
> >>>fstat() and not kern_fstat()? Sorry if I'm being dumb but I don't know
> >>>how to step into the kern_fstat() call from fstat().
> >>
> >>It could be that the stack is hosed losing the frame, or maybe it's
> >>inlined (more likely the former I think, as kern_fstat() is a symbol used
> >>elsewhere in the kernel). The best bet may be to use the file descriptor
> >>number (uap->fd) to pull the struct file reference out of the process.
> >>Something on the order of (td->td_proc->p_fd->fd_ofiles[fd]) should
> >>return the right struct file *.
> >
> >OK, got it. They're both sockets, data in the attachments.
> >
> >>How reproduceable is this?
> >
> >So far it's happened this morning and yesterday morning. I haven't seen
> >it before that. I don't know the cause so I can't reproduce it at will,
> >but the logs don't give any indication. Chances are that it will happen
> >again tomorrow, but we'll see.
>
> Hmm. It looks like you printf *(td->td_proc->p_fd->fd_ofiles) without the
> array index. Could you repeat that, but with the array index -- i.e.,
> td->td_proc->p_fd->fd_ofiles[uap->fd]? Also, it would probably be useful
> to print uap->fd. Right now you're printing stdin (index 0), but if the
> index is non-0, we want a different file.
Very tactfully put :) Sorry about that.
None of the uap->fd's seem to be valid.
In the first case, uap->fd is way too high for the length of fd_ofiles,
which only has 21 elements:
(kgdb) up 8
#8 0xc04c470d in fstat (td=0xc2eeb180, uap=0xd610dc74) at /usr/src/sys/kern/kern_descrip.c:1075
1075 error = kern_fstat(td, uap->fd, &ub);
(kgdb) p uap->fd
$1 = 89
(kgdb) p *td->td_proc->p_fd->fd_ofiles[uap->fd]
Cannot access memory at address 0x0
In the second, uap->fd is nonsense:
(kgdb) up 8
#8 0xc04c470d in fstat (td=0xc3109300, uap=0xd617ec74) at /usr/src/sys/kern/kern_descrip.c:1075
1075 error = kern_fstat(td, uap->fd, &ub);
(kgdb) p uap->fd
$1 = -1023449232
(kgdb)
Ceri
--
That must be wonderful! I don't understand it at all.
-- Moliere
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20070106/fa0d3dd2/attachment.pgp
More information about the freebsd-stable
mailing list