From owner-freebsd-stable@FreeBSD.ORG Fri Jan 5 13:15:33 2007 Return-Path: X-Original-To: stable@FreeBSD.org Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 152A216A412; Fri, 5 Jan 2007 13:15:33 +0000 (UTC) (envelope-from ceri@submonkey.net) Received: from shrike.submonkey.net (cpc2-cdif2-0-0-cust107.cdif.cable.ntl.com [81.104.168.108]) by mx1.freebsd.org (Postfix) with ESMTP id AB0A913C45D; Fri, 5 Jan 2007 13:15:32 +0000 (UTC) (envelope-from ceri@submonkey.net) Received: from ceri by shrike.submonkey.net with local (Exim 4.64 (FreeBSD)) (envelope-from ) id 1H2ouu-000Dz4-GH; Fri, 05 Jan 2007 13:15:28 +0000 Date: Fri, 5 Jan 2007 13:15:28 +0000 From: Ceri Davies To: Robert Watson Message-ID: <20070105131528.GB7088@submonkey.net> References: <20070105111954.GA51511@submonkey.net> <20070105120539.H46119@fledge.watson.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="AqsLC8rIMeq19msA" Content-Disposition: inline In-Reply-To: <20070105120539.H46119@fledge.watson.org> X-PGP: finger ceri@FreeBSD.org User-Agent: Mutt/1.5.13 (2006-08-11) Sender: Ceri Davies Cc: stable@FreeBSD.org Subject: Re: (audit?) Panic in 6.2-PRERELEASE X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jan 2007 13:15:33 -0000 --AqsLC8rIMeq19msA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 05, 2007 at 12:13:30PM +0000, Robert Watson wrote: > On Fri, 5 Jan 2007, Ceri Davies wrote: >=20 > >For the last two mornings, my system decided to panic() in the exact sam= e=20 > >place. I have dumps from both but they almost exactly the same. Any=20 > >pointers on where to go next are welcomed. > > > >Here's the first, and I don't see much in there: >=20 > In principle, kern_fstat() should not call audit_arg_auditon(), so either= =20 > we're looking at a compile problem or at stack corruption. Am I correct = in=20 > thinking that this is running on a cyrus server? Correct. > Much as I would love to=20 > trust the contents of ub there, I suspect they can't be trusted. Could y= ou=20 > print the contents of *fp in kern_fstat() in both of those stacks? I'd= =20 > particularly like to know the value of fp->f_type, and then depending on= =20 > the type, possibly the contents of *(struct vnode *)fp->f_vnode for=20 > DTYPE_VNODE/TYPE_FIFO or *(struct socket *)fp->f_data in the case of=20 > DTYPE_SOCKET. Can you tell me how to get at *fp given that the stack trace shows fstat() and not kern_fstat()? Sorry if I'm being dumb but I don't know how to step into the kern_fstat() call from fstat(). > >#7 0xc05cda7c in audit_arg_auditon () at /usr/src/sys/security/audit/au= dit_arg.c:586 > >#8 0xc04c470d in fstat (td=3D0xc2eeb180, uap=3D0xd610dc74) at /usr/src/= sys/kern/kern_descrip.c:1075 Ceri --=20 That must be wonderful! I don't understand it at all. -- Moliere --AqsLC8rIMeq19msA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFFnk9wocfcwTS3JF8RAhWfAJ9ARadsmsIULy/Xt5ccMoD5d0wZ4wCfeAcP 0dXwrJs78cBhH2rXc7VVEwg= =Jl7z -----END PGP SIGNATURE----- --AqsLC8rIMeq19msA--