Re: kern/49171: panic when closing a pty

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,apb%cequrux.com@localhost
Subject: Re: kern/49171: panic when closing a pty
From: "J. Hannken-Illjes" <hannken%eis.cs.tu-bs.de@localhost>
Date: Fri, 3 Oct 2014 14:40:00 +0000 (UTC)

The following reply was made to PR kern/49171; it has been noted by GNATS.

From: "J. Hannken-Illjes" <hannken%eis.cs.tu-bs.de@localhost>
To: Alan Barrett <apb%cequrux.com@localhost>
Cc: gnats-bugs%NetBSD.org@localhost
Subject: Re: kern/49171: panic when closing a pty
Date: Fri, 3 Oct 2014 16:38:39 +0200

 On 02 Oct 2014, at 13:21, Alan Barrett <apb%cequrux.com@localhost> wrote:
 
 > Here's another instance of the same or a related problem.
 > Sources checked out from CVS with -D '2014-09-26 00:00 UTC'.
 >=20
 > The panic message is:
 >=20
 > kernel diagnostic assertion "node !=3D NULL" failed: file =
 "src/sys/kern/vfs_vnode.c", line 1426
 >=20
 > The backtrace is:
 >=20
 > #10 0xc08b9f40 in vpanic (
 >   fmt=3Dfmt@entry=3D0xc0cca854 "kernel %sassertion \"%s\" failed: file =
 \"%s\", line %d ",
 >   ap=3Dap@entry=3D0xdda78d9c =
 "\005\252\314\300\031\304\314\300Hn=EF=BF=BD\300\222\005")
 >   at src/sys/kern/subr_prf.c:338
 > #11 0xc0a6b604 in kern_assert (
 >   fmt=3Dfmt@entry=3D0xc0cca854 "kernel %sassertion \"%s\" failed: file =
 \"%s\", line %d ")
 >   at src/sys/lib/libkern/kern_assert.c:51
 > #12 0xc09e782e in vcache_remove (mp=3D0x0, key=3D0xc789a478, =
 key_len=3D8)
 >   at src/sys/kern/vfs_vnode.c:1426
 > #13 0xc07d3e7e in ptyfs_reclaim (v=3D0xdda78dfc)
 >   at src/sys/fs/ptyfs/ptyfs_vnops.c:228
 > #14 0xc0a01367 in VOP_RECLAIM (vp=3Dvp@entry=3D0xcc37fdc4)
 >   at src/sys/kern/vnode_if.c:1136
 > #15 0xc09e496d in vclean (vp=3Dvp@entry=3D0xcc37fdc4)
 >   at src/sys/kern/vfs_vnode.c:1032
 > #16 0xc09e6b0b in vgone (vp=3D0xcc37fdc4)
 >   at src/sys/kern/vfs_vnode.c:1145
 > #17 0xc09e6bae in vrevoke (vp=3D0xcc33d218)
 >   at src/sys/kern/vfs_vnode.c:1129
 > #18 0xc036ec3f in genfs_revoke (v=3D0xdda78ea0)
 >   at src/sys/miscfs/genfs/genfs_vnops.c:276
 > #19 0xc0a00c67 in VOP_REVOKE (vp=3Dvp@entry=3D0xcc33d218, =
 flags=3Dflags@entry=3D1)
 >   at src/sys/kern/vnode_if.c:656
 > #20 0xc0638173 in exit1 (l=3Dl@entry=3D0xd0c44a80, rv=3D0)
 >   at src/sys/kern/kern_exit.c:395
 > #21 0xc0638473 in sys_exit (l=3D0xd0c44a80, uap=3D0xdda78f68, =
 retval=3D0xdda78f60)
 >   at src/sys/kern/kern_exit.c:181
 > #22 0xc08dc743 in sy_call (rval=3D0xdda78f60, uap=3D0xdda78f68, =
 l=3D0xd0c44a80,
 >   sy=3D<optimized out>) at src/sys/sys/syscallvar.h:61
 > #23 sy_invoke (code=3D1, rval=3D0xdda78f60, uap=3D0xdda78f68, =
 l=3D0xd0c44a80,
 >   sy=3D<optimized out>) at src/sys/sys/syscallvar.h:85
 > #24 syscall (frame=3D0xdda78fa8)
 >   at src/sys/arch/x86/x86/syscall.c:156
 > #25 0xc01005c6 in Xsyscall ()
 > #26 0xdda78fa8 in ?? ()
 > Backtrace stopped: previous frame inner to this frame (corrupt stack?)
 
 We have two vnodes involved here:  0xcc33d218 gets revoked as it is the
 controlling tty and 0xcc37fdc4 gets revoked as it is an aliased device.
 
 0xcc33d218 is closed and dead.
 
 0xcc37fdc4 has "v_mount =3D=3D NULL", "v_specnode !=3D NULL" and "v_data =
 !=3D NULL"
 which can only happen during vnode creation after ptyfs_loadvnode() =
 called
 spec_node_init() and before vcache_get() calls vfs_insmntque().
 
 So we are revoking a partially initialized vnode and crash.
 
 --
 J. Hannken-Illjes - hannken%eis.cs.tu-bs.de@localhost - TU Braunschweig (Germany)

Prev by Date: Re: kern/49171 (panic when closing a pty)
Next by Date: NetBSD Nightly Trouble Ticket Report
Previous by Thread: Re: kern/49171: panic when closing a pty
Next by Thread: Re: kern/49171: panic when closing a pty
Indexes:

Home | Main Index | Thread Index | Old Index