(audit?) Panic in 6.2-PRERELEASE
Ceri Davies
ceri at submonkey.net
Fri Jan 5 13:15:33 UTC 2007
On Fri, Jan 05, 2007 at 12:13:30PM +0000, Robert Watson wrote:
> On Fri, 5 Jan 2007, Ceri Davies wrote:
>
> >For the last two mornings, my system decided to panic() in the exact same
> >place. I have dumps from both but they almost exactly the same. Any
> >pointers on where to go next are welcomed.
> >
> >Here's the first, and I don't see much in there:
>
> In principle, kern_fstat() should not call audit_arg_auditon(), so either
> we're looking at a compile problem or at stack corruption. Am I correct in
> thinking that this is running on a cyrus server?
Correct.
> Much as I would love to
> trust the contents of ub there, I suspect they can't be trusted. Could you
> print the contents of *fp in kern_fstat() in both of those stacks? I'd
> particularly like to know the value of fp->f_type, and then depending on
> the type, possibly the contents of *(struct vnode *)fp->f_vnode for
> DTYPE_VNODE/TYPE_FIFO or *(struct socket *)fp->f_data in the case of
> DTYPE_SOCKET.
Can you tell me how to get at *fp given that the stack trace shows fstat()
and not kern_fstat()? Sorry if I'm being dumb but I don't know how to step
into the kern_fstat() call from fstat().
> >#7 0xc05cda7c in audit_arg_auditon () at /usr/src/sys/security/audit/audit_arg.c:586
> >#8 0xc04c470d in fstat (td=0xc2eeb180, uap=0xd610dc74) at /usr/src/sys/kern/kern_descrip.c:1075
Ceri
--
That must be wonderful! I don't understand it at all.
-- Moliere
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20070105/d4e49137/attachment.pgp
More information about the freebsd-stable
mailing list