fstat triggered INVARIANTS panic in memrw()
Kris Kennaway
kris at obsecurity.org
Sun Jan 16 18:18:17 PST 2005
On Sun, Jan 16, 2005 at 05:47:46PM -0800, Kris Kennaway wrote:
> On Sun, Jan 16, 2005 at 03:13:49PM -0600, Alan Cox wrote:
>
> > The "deadc0de" passed to generic_copyout() comes from the following
> > lines in devfs_read_f(c51773b8,eed96c84,ca75c800,flags=0):
> >
> > if ((flags & FOF_OFFSET) == 0)
> > uio->uio_offset = fp->f_offset;
> >
> > Can you print the contents of the file structure?
>
> (kgdb) frame 28
> #28 0xc04d8d91 in devfs_read_f (fp=0xc25f5dd0, uio=0xe7275c84, cred=0xc3540380, flags=0, td=0xc3c34170)
> at ../../../fs/devfs/devfs_vnops.c:931
> 931 error = dsw->d_read(dev, uio, ioflag);
> (kgdb) print *fp
> $1 = {f_list = {le_next = 0xc25f5bf4, le_prev = 0xc25f52a8}, f_type = 1, f_data = 0xc22f8200, f_flag = 1,
> f_mtxp = 0xc2251fd0, f_ops = 0xc074c140, f_cred = 0xc2b2a900, f_count = 2, f_vnode = 0xc3c6fbdc,
> f_offset = 3735929054, f_gcflag = 0, f_msgcount = 0, f_seqcount = 1, f_nextoff = 3263609792}
3735929054 = 0xdeadc0de. This same struct file appears all the way
back to the syscall frame. I wonder if fstat is racing with a tty
device removal or something (it's certainly racing with something,
e.g.:
[...]
Jan 17 09:06:14 e450 kernel: pid 21313 (fstat), uid 0: exited on signal 11
Jan 17 10:27:15 e450 kernel: pid 81280 (fstat), uid 0: exited on signal 11
Jan 17 10:27:15 e450 kernel: pid 81287 (fstat), uid 0: exited on signal 11
Jan 17 10:27:15 e450 kernel: pid 81294 (fstat), uid 0: exited on signal 11
Jan 17 10:38:55 e450 kernel: pid 93203 (fstat), uid 0: exited on signal 11
Jan 17 10:38:55 e450 kernel: pid 93210 (fstat), uid 0: exited on signal 11
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20050116/6fb10348/attachment.bin
More information about the freebsd-current
mailing list