From owner-freebsd-stable@FreeBSD.ORG Sun Jan 7 18:57:24 2007 Return-Path: X-Original-To: stable@FreeBSD.org Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 89FBB16A412; Sun, 7 Jan 2007 18:57:24 +0000 (UTC) (envelope-from ceri@submonkey.net) Received: from shrike.submonkey.net (cpc2-cdif2-0-0-cust107.cdif.cable.ntl.com [81.104.168.108]) by mx1.freebsd.org (Postfix) with ESMTP id 2AAE513C47E; Sun, 7 Jan 2007 18:57:24 +0000 (UTC) (envelope-from ceri@submonkey.net) Received: from ceri by shrike.submonkey.net with local (Exim 4.64 (FreeBSD)) (envelope-from ) id 1H3dCs-000L8Y-Kt; Sun, 07 Jan 2007 18:57:22 +0000 Date: Sun, 7 Jan 2007 18:57:21 +0000 From: Ceri Davies To: Robert Watson Message-ID: <20070107185721.GA94367@submonkey.net> References: <20070105111954.GA51511@submonkey.net> <20070105120539.H46119@fledge.watson.org> <20070105131528.GB7088@submonkey.net> <20070105133028.F98541@fledge.watson.org> <20070105150857.GC7088@submonkey.net> <20070106120040.N46119@fledge.watson.org> <20070106132540.GG7088@submonkey.net> <20070107114243.K41371@fledge.watson.org> <20070107170014.GL7088@submonkey.net> <20070107180257.I41371@fledge.watson.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="0OAP2g/MAC+5xKAE" Content-Disposition: inline In-Reply-To: <20070107180257.I41371@fledge.watson.org> X-PGP: finger ceri@FreeBSD.org User-Agent: Mutt/1.5.13 (2006-08-11) Sender: Ceri Davies Cc: stable@FreeBSD.org Subject: Re: (audit?) Panic in 6.2-PRERELEASE X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jan 2007 18:57:24 -0000 --0OAP2g/MAC+5xKAE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jan 07, 2007 at 06:05:39PM +0000, Robert Watson wrote: >=20 > On Sun, 7 Jan 2007, Ceri Davies wrote: >=20 > >>Could you try printing *td->td_ar? Maybe this will give us a clue as t= o=20 > >>how far it got. In particular, this may be able to more reliably give = us=20 > >>the file descriptor number, which is audited early in the system call.= =20 > >>You might find that 'td' is corrupted in many layers of the stack, keep= =20 > >>going up until you find one where it's good. It may well be that=20 > >>td->td_ar->k_ar.ar_arg_fd is correct, and might confirm that uap->fd is= =20 > >>correct still. We'd like also to know if ARG_SOCKINFO, ARG_VNODE1, or= =20 > >>ARG_VNODE2 is set in the k_ar.ar_valid_arg field. This may tell us som= e=20 > >>more about the file descriptor even though it appears to have vanished. > > > >*td->td_ar is null (0x0) in both cases... >=20 > I'm actually beginning to wonder if this is actually audit-related at all= =2E=20 > Something is clearly not right, and the audit code should not actually ha= ve=20 > been entered at all there. Perhaps we're being mislead by the stack trac= e=20 > corruption into thinking audit is involved. I've wondered the same. > >>I'm quite worried by the fact that the file descriptor seems not to be= =20 > >>present any more -- this suggests a file descriptor related race of the= =20 > >>sort that is both quite difficult to figure out and also quite a risk.= =20 > >>It's strange that it would only trigger with audit, however--perhaps=20 > >>audit stretches out the race. Is this an SMP box? > > > >It's certainly looking quite nasty. This system is UP hardware without= =20 > >options SMP. > > > >... > > > >If it's at all useful, I can provide access to this system and the dumps. >=20 > Yeah, I think at this point that would probably be the most helpful thing. OK, you should be able to log in as rwatson@submonkey.net with your freefall key. Details in ~rwatson/README once you're logged in. > Could you confirm that the kernel.debug you're using definitely matches t= he=20 > version of the kernel in the core dump? Yes, definitely. Thanks again, Ceri --=20 That must be wonderful! I don't understand it at all. -- Moliere --0OAP2g/MAC+5xKAE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFFoUKRocfcwTS3JF8RAjsBAJ0XI7xHADgATXi9qKvULfEg1k5kOwCeJ8Pg LNzvXn2HZkJntzDFnVG8Wc0= =IbGq -----END PGP SIGNATURE----- --0OAP2g/MAC+5xKAE--