From owner-freebsd-stable@FreeBSD.ORG Fri Jan 5 13:34:05 2007 Return-Path: X-Original-To: stable@FreeBSD.org Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E7B9F16A407 for ; Fri, 5 Jan 2007 13:34:05 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.freebsd.org (Postfix) with ESMTP id 767C613C467 for ; Fri, 5 Jan 2007 13:34:05 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 7E434476EF; Fri, 5 Jan 2007 08:34:04 -0500 (EST) Date: Fri, 5 Jan 2007 13:34:04 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Ceri Davies In-Reply-To: <20070105131528.GB7088@submonkey.net> Message-ID: <20070105133028.F98541@fledge.watson.org> References: <20070105111954.GA51511@submonkey.net> <20070105120539.H46119@fledge.watson.org> <20070105131528.GB7088@submonkey.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: stable@FreeBSD.org Subject: Re: (audit?) Panic in 6.2-PRERELEASE X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jan 2007 13:34:06 -0000 On Fri, 5 Jan 2007, Ceri Davies wrote: >> Much as I would love to trust the contents of ub there, I suspect they >> can't be trusted. Could you print the contents of *fp in kern_fstat() in >> both of those stacks? I'd particularly like to know the value of >> fp->f_type, and then depending on the type, possibly the contents of >> *(struct vnode *)fp->f_vnode for DTYPE_VNODE/TYPE_FIFO or *(struct socket >> *)fp->f_data in the case of DTYPE_SOCKET. > > Can you tell me how to get at *fp given that the stack trace shows fstat() > and not kern_fstat()? Sorry if I'm being dumb but I don't know how to step > into the kern_fstat() call from fstat(). It could be that the stack is hosed losing the frame, or maybe it's inlined (more likely the former I think, as kern_fstat() is a symbol used elsewhere in the kernel). The best bet may be to use the file descriptor number (uap->fd) to pull the struct file reference out of the process. Something on the order of (td->td_proc->p_fd->fd_ofiles[fd]) should return the right struct file *. How reproduceable is this? Robert N M Watson Computer Laboratory University of Cambridge > >>> #7 0xc05cda7c in audit_arg_auditon () at /usr/src/sys/security/audit/audit_arg.c:586 >>> #8 0xc04c470d in fstat (td=0xc2eeb180, uap=0xd610dc74) at /usr/src/sys/kern/kern_descrip.c:1075 > > Ceri > -- > That must be wonderful! I don't understand it at all. > -- Moliere >