Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 16 Jan 2005 18:18:15 -0800
From:      Kris Kennaway <kris@obsecurity.org>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        current@freebsd.org
Subject:   Re: fstat triggered INVARIANTS panic in memrw()
Message-ID:  <20050117021815.GA8953@xor.obsecurity.org>
In-Reply-To: <20050117014746.GA96797@xor.obsecurity.org>
References:  <20050115083847.GA47466@xor.obsecurity.org> <20050116003432.GA448@xor.obsecurity.org> <20050116050433.GA65733@xor.obsecurity.org> <20050116211349.GG26214@noel.cs.rice.edu> <20050117014746.GA96797@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--YiEDa0DAkWCtVeE4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Jan 16, 2005 at 05:47:46PM -0800, Kris Kennaway wrote:
> On Sun, Jan 16, 2005 at 03:13:49PM -0600, Alan Cox wrote:
>=20
> > The "deadc0de" passed to generic_copyout() comes from the following
> > lines in devfs_read_f(c51773b8,eed96c84,ca75c800,flags=3D0):
> >=20
> >         if ((flags & FOF_OFFSET) =3D=3D 0)
> >                 uio->uio_offset =3D fp->f_offset;
> >=20
> > Can you print the contents of the file structure?
>=20
> (kgdb) frame 28
> #28 0xc04d8d91 in devfs_read_f (fp=3D0xc25f5dd0, uio=3D0xe7275c84, cred=
=3D0xc3540380, flags=3D0, td=3D0xc3c34170)
>     at ../../../fs/devfs/devfs_vnops.c:931
> 931             error =3D dsw->d_read(dev, uio, ioflag);
> (kgdb) print *fp
> $1 =3D {f_list =3D {le_next =3D 0xc25f5bf4, le_prev =3D 0xc25f52a8}, f_ty=
pe =3D 1, f_data =3D 0xc22f8200, f_flag =3D 1,
>   f_mtxp =3D 0xc2251fd0, f_ops =3D 0xc074c140, f_cred =3D 0xc2b2a900, f_c=
ount =3D 2, f_vnode =3D 0xc3c6fbdc,
>   f_offset =3D 3735929054, f_gcflag =3D 0, f_msgcount =3D 0, f_seqcount =
=3D 1, f_nextoff =3D 3263609792}

3735929054 =3D 0xdeadc0de.  This same struct file appears all the way
back to the syscall frame.  I wonder if fstat is racing with a tty
device removal or something (it's certainly racing with something,
e.g.:

[...]
Jan 17 09:06:14 e450 kernel: pid 21313 (fstat), uid 0: exited on signal 11
Jan 17 10:27:15 e450 kernel: pid 81280 (fstat), uid 0: exited on signal 11
Jan 17 10:27:15 e450 kernel: pid 81287 (fstat), uid 0: exited on signal 11
Jan 17 10:27:15 e450 kernel: pid 81294 (fstat), uid 0: exited on signal 11
Jan 17 10:38:55 e450 kernel: pid 93203 (fstat), uid 0: exited on signal 11
Jan 17 10:38:55 e450 kernel: pid 93210 (fstat), uid 0: exited on signal 11

Kris

--YiEDa0DAkWCtVeE4
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQFB6yBnWry0BWjoQKURAkn/AKCWE97Y5J0/5T3c44B6tWuPw45WegCgn2yP
LXJMlIWyJ/OHYLBtdad2rpY=
=CvkD
-----END PGP SIGNATURE-----

--YiEDa0DAkWCtVeE4--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050117021815.GA8953>