Date: Sun, 19 Mar 2006 12:38:28 -0800 (PST) From: Steve Watt <steve@Watt.COM> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/94703: panic: "oof, we didn't get our fd" when faxgetty starts Message-ID: <200603192038.k2JKcS6o001775@wattres.watt.com> Resent-Message-ID: <200603192040.k2JKeGtu018732@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 94703 >Category: kern >Synopsis: panic: "oof, we didn't get our fd" when faxgetty starts >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Mar 19 20:40:16 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Steve Watt >Release: FreeBSD 6.1-PRERELEASE i386 >Organization: Watt Consultants >Environment: System: FreeBSD wattres.Watt.COM 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #0: Fri Mar 17 23:50:45 PST 2006 root@wattres.Watt.COM:/usr/obj/usr/src/sys/WATTRES i386 Freshly upgraded (source upgrade and an hour in mergemaster) from 5.5-PRE. Extra settings relative to GENERIC: --- GENERIC Mon Jan 23 06:19:36 2006 +++ WATTRES Fri Mar 17 22:28:58 2006 @@ -19,7 +19,7 @@ # $FreeBSD: src/sys/i386/conf/GENERIC,v 1.429.2.5 2006/01/23 14:19:36 marius Exp $ machine i386 -cpu I486_CPU +## cpu I486_CPU cpu I586_CPU cpu I686_CPU ident GENERIC @@ -29,11 +29,27 @@ makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols +options KDB +options DDB + +options KDB_TRACE +options KDB_UNATTENDED + +options INVARIANTS +options INVARIANT_SUPPORT +options DEBUG_LOCKS +options DEBUG_VFS_LOCKS + (Yes, I'm planning on chasing a VFS locking issue, see PR kern/94261.) >Description: When faxgetty is started, the system panics with "oof, we didn't get our fd". The traceback isn't very interesting: Unread portion of the kernel message buffer: panic: oof, we didn't get our fd KDB: stack backtrace: kdb_backtrace(c091d4a3,c09e53c0,c0919fcf,d01e6a84,100) at kdb_backtrace+0x2f panic(c0919fcf,d01e6aa4,d01e6aa8,c0936707,d01e6ab4) at panic+0xb8 fdcheckstd(c25f3780,0,c091a5b9,24d,0) at fdcheckstd+0x9b do_execve(c25f3780,d01e6cac,0,c,0) at do_execve+0x70c kern_execve(c25f3780,d01e6cac,0,80df480,bfbfed28) at kern_execve+0xb5 execve(c25f3780,d01e6d04,c,41d,3) at execve+0x50 syscall(3b,3b,3b,2,80df440) at syscall+0x295 Xint0x80_syscall() at Xint0x80_syscall+0x1f --- syscall (59, FreeBSD ELF32, execve), eip = 0x80541d7, esp = 0xbfbfed0c, ebp = 0xbfbfed88 --- Uptime: 40s Dumping 223 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 223MB (57072 pages) 207 191 175 159 143 127 111 95 79 63 47 31 15 #0 doadump () at pcpu.h:165 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) up #1 0xc0697e28 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:402 u402 doadump(); (kgdb) up #2 0xc0698146 in panic (fmt=0xc0919fcf "oof, we didn't get our fd") at /usr/src/sys/kern/kern_shutdown.c:558 558 boot(bootopt); (kgdb) up #3 0xc0673b93 in fdcheckstd (td=0xc25f3780) at /usr/src/sys/kern/kern_descrip.c:1820 1820 KASSERT(fd == i, ("oof, we didn't get our fd")); (kgdb) list 1815 int vfslocked; 1816 error = falloc(td, &fp, &fd); 1817 if (error != 0) 1818 break; 1819 /* Note extra ref on `fp' held for us by falloc(). */ 1820 KASSERT(fd == i, ("oof, we didn't get our fd")); 1821 NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE, UIO_SYSSPACE, 1822 "/dev/null", td); 1823 flags = FREAD | FWRITE; 1824 error = vn_open(&nd, &flags, 0, fd); >How-To-Repeat: Install HylaFax, and add ttyd0 "/usr/local/sbin/faxgetty" dialup on secure to your /etc/ttys >Fix: I'm not 100% certain this assert is valid; more code inspection is probably needed, but it smells to me like this is a race condition. Removing the setuid uucp from faxgetty makes the problem go away, but could result (haven't checked yet) in permissions problems on lockfiles. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200603192038.k2JKcS6o001775>