Date: Sun, 19 Aug 2007 15:26:44 -0400 From: Kris Kennaway <kris@obsecurity.org> To: current@FreeBSD.org Cc: davidxu@FreeBSD.org Subject: "panic: ureadc" from aio Message-ID: <20070819192644.GA59961@rot26.obsecurity.org>
next in thread | raw e-mail | index | archive | help
--vtzGhvizbBRQ85DL
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
I was running stress2 which hung somehow, so I ^Ced it and it panicked:
panic: ureadc
cpuid = 1
KDB: enter: panic
[thread pid 8507 tid 100609 ]
Stopped at kdb_enter+0x33: leave
db> wh
Tracing pid 8507 tid 100609 td 0xc5d63cc0
kdb_enter(c0780dbf,1,c0781318,ed2619fc,1,...) at kdb_enter+0x33
panic(c0781318,0,77,c4e3b400,ed261bf0,...) at panic+0xed
ureadc(77,ed261cb0,159,c0788008,0,...) at ureadc+0x87
ttread(c4e3b400,ed261cb0,0,c537f800,ed261cb0,...) at ttread+0x304
ptsread(c537f800,ed261cb0,0,168,0,...) at ptsread+0x38
giant_read(c537f800,ed261cb0,0,1,0,...) at giant_read+0x48
devfs_read_f(c50d21a0,ed261cb0,c53c2100,1,c5d63cc0,...) at devfs_read_f+0x6b
aio_daemon(1,ed261d38,c077d7d0,315,c846e000,...) at aio_daemon+0x34c
fork_exit(c05da285,1,ed261d38) at fork_exit+0xa6
fork_trampoline() at fork_trampoline+0x8
--- trap 0, eip = 0, esp = 0xed261d70, ebp = 0 ---
The panic is here:
if (uio->uio_iovcnt == 0 || uio->uio_resid == 0)
panic("ureadc");
12548 1 12548 0 RLs CPU 0 [aiod5]
12327 1 1395 1003 SE+ aioprn 0xc571d748 syscall
12214 1 1395 1003 SE+ aioprn 0xccf9b9f4 syscall
8510 1 8510 0 RLs CPU 3 [aiod4]
8509 1 8509 0 RLs [aiod3]
8508 1 8508 0 RLs CPU 2 [aiod2]
8507 1 8507 0 RLs CPU 1 [aiod1]
I think aio has more input validation bugs.
Kris
--vtzGhvizbBRQ85DL
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
iD8DBQFGyJl0Wry0BWjoQKURAgPeAJ9XpbvAFQcdWEhIbYJJ9wMq/JM2vQCeOpT0
LSXTobjzXgXO+h+1F1BZMGA=
=ByrI
-----END PGP SIGNATURE-----
--vtzGhvizbBRQ85DL--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070819192644.GA59961>