From owner-freebsd-current@FreeBSD.ORG Mon Jan 17 02:18:17 2005 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 375DA16A4CF; Mon, 17 Jan 2005 02:18:17 +0000 (GMT) Received: from obsecurity.dyndns.org (CPE0050040655c8-CM00111ae02aac.cpe.net.cable.rogers.com [69.199.47.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id C89F643D46; Mon, 17 Jan 2005 02:18:16 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id B084351505; Sun, 16 Jan 2005 18:18:15 -0800 (PST) Date: Sun, 16 Jan 2005 18:18:15 -0800 From: Kris Kennaway To: Kris Kennaway Message-ID: <20050117021815.GA8953@xor.obsecurity.org> References: <20050115083847.GA47466@xor.obsecurity.org> <20050116003432.GA448@xor.obsecurity.org> <20050116050433.GA65733@xor.obsecurity.org> <20050116211349.GG26214@noel.cs.rice.edu> <20050117014746.GA96797@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YiEDa0DAkWCtVeE4" Content-Disposition: inline In-Reply-To: <20050117014746.GA96797@xor.obsecurity.org> User-Agent: Mutt/1.4.2.1i cc: alc@freebsd.org cc: Alan Cox cc: current@freebsd.org Subject: Re: fstat triggered INVARIANTS panic in memrw() X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 02:18:17 -0000 --YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jan 16, 2005 at 05:47:46PM -0800, Kris Kennaway wrote: > On Sun, Jan 16, 2005 at 03:13:49PM -0600, Alan Cox wrote: >=20 > > The "deadc0de" passed to generic_copyout() comes from the following > > lines in devfs_read_f(c51773b8,eed96c84,ca75c800,flags=3D0): > >=20 > > if ((flags & FOF_OFFSET) =3D=3D 0) > > uio->uio_offset =3D fp->f_offset; > >=20 > > Can you print the contents of the file structure? >=20 > (kgdb) frame 28 > #28 0xc04d8d91 in devfs_read_f (fp=3D0xc25f5dd0, uio=3D0xe7275c84, cred= =3D0xc3540380, flags=3D0, td=3D0xc3c34170) > at ../../../fs/devfs/devfs_vnops.c:931 > 931 error =3D dsw->d_read(dev, uio, ioflag); > (kgdb) print *fp > $1 =3D {f_list =3D {le_next =3D 0xc25f5bf4, le_prev =3D 0xc25f52a8}, f_ty= pe =3D 1, f_data =3D 0xc22f8200, f_flag =3D 1, > f_mtxp =3D 0xc2251fd0, f_ops =3D 0xc074c140, f_cred =3D 0xc2b2a900, f_c= ount =3D 2, f_vnode =3D 0xc3c6fbdc, > f_offset =3D 3735929054, f_gcflag =3D 0, f_msgcount =3D 0, f_seqcount = =3D 1, f_nextoff =3D 3263609792} 3735929054 =3D 0xdeadc0de. This same struct file appears all the way back to the syscall frame. I wonder if fstat is racing with a tty device removal or something (it's certainly racing with something, e.g.: [...] Jan 17 09:06:14 e450 kernel: pid 21313 (fstat), uid 0: exited on signal 11 Jan 17 10:27:15 e450 kernel: pid 81280 (fstat), uid 0: exited on signal 11 Jan 17 10:27:15 e450 kernel: pid 81287 (fstat), uid 0: exited on signal 11 Jan 17 10:27:15 e450 kernel: pid 81294 (fstat), uid 0: exited on signal 11 Jan 17 10:38:55 e450 kernel: pid 93203 (fstat), uid 0: exited on signal 11 Jan 17 10:38:55 e450 kernel: pid 93210 (fstat), uid 0: exited on signal 11 Kris --YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFB6yBnWry0BWjoQKURAkn/AKCWE97Y5J0/5T3c44B6tWuPw45WegCgn2yP LXJMlIWyJ/OHYLBtdad2rpY= =CvkD -----END PGP SIGNATURE----- --YiEDa0DAkWCtVeE4--