From owner-freebsd-current@FreeBSD.ORG Sun Jan 16 21:14:24 2005 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B67316A4CE; Sun, 16 Jan 2005 21:14:24 +0000 (GMT) Received: from cs.rice.edu (cs.rice.edu [128.42.1.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id E22E343D39; Sun, 16 Jan 2005 21:14:23 +0000 (GMT) (envelope-from alc@cs.rice.edu) Received: from localhost (calypso.cs.rice.edu [128.42.1.127]) by cs.rice.edu (Postfix) with ESMTP id 4CE0C4A9B0; Sun, 16 Jan 2005 15:14:23 -0600 (CST) Received: from cs.rice.edu ([128.42.1.30]) by localhost (calypso.cs.rice.edu [128.42.1.127]) (amavisd-new, port 10024) with LMTP id 00776-01-31; Sun, 16 Jan 2005 15:14:22 -0600 (CST) Received: from noel.cs.rice.edu (noel.cs.rice.edu [128.42.1.136]) by cs.rice.edu (Postfix) with ESMTP id B28F04A9AD; Sun, 16 Jan 2005 15:14:22 -0600 (CST) Received: (from alc@localhost) by noel.cs.rice.edu (8.12.10+Sun/8.12.9/Submit) id j0GLDnQs003183; Sun, 16 Jan 2005 15:13:49 -0600 (CST) Date: Sun, 16 Jan 2005 15:13:49 -0600 From: Alan Cox To: Kris Kennaway Message-ID: <20050116211349.GG26214@noel.cs.rice.edu> References: <20050115083847.GA47466@xor.obsecurity.org> <20050116003432.GA448@xor.obsecurity.org> <20050116050433.GA65733@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050116050433.GA65733@xor.obsecurity.org> User-Agent: Mutt/1.3.28i X-Virus-Scanned: by amavis-20030616-p7 at cs.rice.edu cc: alc@freebsd.org cc: current@freebsd.org Subject: Re: fstat triggered INVARIANTS panic in memrw() X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Jan 2005 21:14:24 -0000 On Sat, Jan 15, 2005 at 09:04:33PM -0800, Kris Kennaway wrote: > On Sat, Jan 15, 2005 at 04:34:32PM -0800, Kris Kennaway wrote: > > > > generic_copyout(deadc0de,7ab7037c,eed96c84,54,5964d000) at generic_copyout+0x36 > > > > (kgdb) l *memrw+0x36 > > 0xc06e3486 is in memrw (../../../i386/i386/mem.c:128). > > 123 > > 124 if (!kernacc((caddr_t)(int)uio->uio_offset, c, > > 125 uio->uio_rw == UIO_READ ? > > 126 VM_PROT_READ : VM_PROT_WRITE)) > > 127 return (EFAULT); > > 128 error = uiomove((caddr_t)(int)uio->uio_offset, (int)c, uio); > > 129 continue; > > 130 } > > 131 /* else panic! */ > > 132 } > > > > > memrw(c34fad00,eed96c84,0,398,7ab7037c) at memrw+0x18a > > > devfs_read_f(c51773b8,eed96c84,ca75c800,0,c9ec1780) at devfs_read_f+0x142 > > > dofileread(4,804f000,7ab7037c,ffffffff,ffffffff) at dofileread+0x92 > > > read(c9ec1780,eed96d14,c,3ff,3) at read+0x75 > > > syscall(2f,2f,2f,7ab7037c,80b1078) at syscall+0x137 > > > Xint0x80_syscall() at Xint0x80_syscall+0x1f > > > --- syscall (3, FreeBSD ELF32, read), eip = 0x280d347f, esp = 0xbfbfe34c, ebp = 0xbfbfe378 --- > > > > > > Note the deadc0de in generic_copyout(). > > BTW, this is now wreaking havoc with my ability to finish building > packages for 4.11-RELEASE (together with the softupdates panic also > being reported), so anything someone can do to track this down is > appreciated. > The "deadc0de" passed to generic_copyout() comes from the following lines in devfs_read_f(c51773b8,eed96c84,ca75c800,flags=0): if ((flags & FOF_OFFSET) == 0) uio->uio_offset = fp->f_offset; Can you print the contents of the file structure? Alan