"panic: ureadc" from aio
Kris Kennaway
kris at obsecurity.org
Sun Aug 19 12:26:46 PDT 2007
I was running stress2 which hung somehow, so I ^Ced it and it panicked:
panic: ureadc
cpuid = 1
KDB: enter: panic
[thread pid 8507 tid 100609 ]
Stopped at kdb_enter+0x33: leave
db> wh
Tracing pid 8507 tid 100609 td 0xc5d63cc0
kdb_enter(c0780dbf,1,c0781318,ed2619fc,1,...) at kdb_enter+0x33
panic(c0781318,0,77,c4e3b400,ed261bf0,...) at panic+0xed
ureadc(77,ed261cb0,159,c0788008,0,...) at ureadc+0x87
ttread(c4e3b400,ed261cb0,0,c537f800,ed261cb0,...) at ttread+0x304
ptsread(c537f800,ed261cb0,0,168,0,...) at ptsread+0x38
giant_read(c537f800,ed261cb0,0,1,0,...) at giant_read+0x48
devfs_read_f(c50d21a0,ed261cb0,c53c2100,1,c5d63cc0,...) at devfs_read_f+0x6b
aio_daemon(1,ed261d38,c077d7d0,315,c846e000,...) at aio_daemon+0x34c
fork_exit(c05da285,1,ed261d38) at fork_exit+0xa6
fork_trampoline() at fork_trampoline+0x8
--- trap 0, eip = 0, esp = 0xed261d70, ebp = 0 ---
The panic is here:
if (uio->uio_iovcnt == 0 || uio->uio_resid == 0)
panic("ureadc");
12548 1 12548 0 RLs CPU 0 [aiod5]
12327 1 1395 1003 SE+ aioprn 0xc571d748 syscall
12214 1 1395 1003 SE+ aioprn 0xccf9b9f4 syscall
8510 1 8510 0 RLs CPU 3 [aiod4]
8509 1 8509 0 RLs [aiod3]
8508 1 8508 0 RLs CPU 2 [aiod2]
8507 1 8507 0 RLs CPU 1 [aiod1]
I think aio has more input validation bugs.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20070819/9609cf29/attachment.pgp
More information about the freebsd-current
mailing list