From owner-freebsd-current@FreeBSD.ORG Fri Apr 8 19:55:36 2005 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C7A316A4CE; Fri, 8 Apr 2005 19:55:36 +0000 (GMT) Received: from obsecurity.dyndns.org (CPE0050040655c8-CM00111ae02aac.cpe.net.cable.rogers.com [69.194.102.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id D611143D41; Fri, 8 Apr 2005 19:55:35 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 342EE5122E; Fri, 8 Apr 2005 12:55:35 -0700 (PDT) Date: Fri, 8 Apr 2005 12:55:35 -0700 From: Kris Kennaway To: Kris Kennaway Message-ID: <20050408195535.GA10868@xor.obsecurity.org> References: <20050405174344.GA86957@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="OXfL5xGRrasGEqWY" Content-Disposition: inline In-Reply-To: <20050405174344.GA86957@xor.obsecurity.org> User-Agent: Mutt/1.4.2.1i cc: current@FreeBSD.org cc: phk@freeBSD.org Subject: Re: NULL pointer deref in ptcread() X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Apr 2005 19:55:36 -0000 --OXfL5xGRrasGEqWY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 05, 2005 at 10:43:44AM -0700, Kris Kennaway wrote: > HEAD from yesterday on a SMP machine. >=20 > Kris FYI (well, slightly different panic), this was caused by resizing the xterm that connected via ssh to screen running on this machine: panic: clist reservation botch cpuid =3D 1 KDB: enter: panic [thread pid 720 tid 100222 ] Stopped at kdb_enter+0x30: leave db> wh Tracing pid 720 tid 100222 td 0xc5c0e170 kdb_enter(c06fa3a6,1,c06ff6b5,f7d31b30,c5c0e170) at kdb_enter+0x30 panic(c06ff6b5,c8951778,8,0,0) at panic+0x13e b_to_q(f7d31b8c,7,c5864838,3f,f7d31b88) at b_to_q+0xd3 ttwrite(c5864800,f7d31c68,4,f7d31c40,c04e2fdd) at ttwrite+0x4a7 ptswrite(c5cfb600,f7d31c68,4,557,c5cfb600) at ptswrite+0x38 devfs_write_f(c5bb4438,f7d31c68,c5d2a200,0,c5c0e170) at devfs_write_f+0xc7 dofilewrite(c5c0e170,c5bb4438,3,809f000,100) at dofilewrite+0xb6 write(c5c0e170,f7d31d14,3a6,c0715405,c5c0e170) at write+0x6a syscall(2f,2f,bfbf002f,0,100) at syscall+0x2c4 Xint0x80_syscall() at Xint0x80_syscall+0x1f --- syscall (4, FreeBSD ELF32, write), eip =3D 0x2816fbb7, esp =3D 0xbfbfe3= ec, ebp =3D 0xbfbfe408 --- Process 720 is screen. Looks like there's a race condition here. Kris > Fatal trap 12: page fault while in kernel mode > cpuid =3D 1; apic id =3D 06 > fault virtual address =3D 0x0 > fault code =3D supervisor read, page not present > instruction pointer =3D 0x8:0xc06b4b02 > stack pointer =3D 0x10:0xf7cb6b4c > frame pointer =3D 0x10:0xf7cb6b78 > code segment =3D base 0x0, limit 0xfffff, type 0x1b > =3D DPL 0, pres 1, def32 1, gran 1 > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > current process =3D 1182 (screen) > [thread pid 1182 tid 100239 ] > Stopped at generic_bcopy+0x1a: repe movsl (%esi),%es:(%edi) > db> wh > Tracing pid 1182 tid 100239 td 0xc5a92b80 > generic_bcopy(c59aa438,f7cb6bb8,40,c0758280,1) at generic_bcopy+0x1a > ptcread(c69b3d00,f7cb6c68,4,3ae,1000) at ptcread+0x180 > devfs_read_f(c5d8e558,f7cb6c68,c605e100,0,c5a92b80) at devfs_read_f+0xa7 > dofileread(c5a92b80,c5d8e558,7,bfbfd3f0,1000) at dofileread+0xc3 > read(c5a92b80,f7cb6d14,3a6,c0715022,c5a92b80) at read+0x6c > syscall(2f,2f,bfbf002f,80aa050,0) at syscall+0x2c4 > Xint0x80_syscall() at Xint0x80_syscall+0x1f > --- syscall (3, FreeBSD ELF32, read), eip =3D 0x2816fbd7, esp =3D 0xbfbfd= 3cc, ebp =3D 0xbfbfe408 --- > db> --OXfL5xGRrasGEqWY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCVuG2Wry0BWjoQKURAurrAKC/Nzq4r8POnT1zbOgfAOfvTmKRGgCgs1hz KLoFwitpRDP128zDbjXemxE= =KtyK -----END PGP SIGNATURE----- --OXfL5xGRrasGEqWY--