NetBSD Problem Report #44961
From www@NetBSD.org Fri May 13 12:29:36 2011
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id E97A463C5FE
for <gnats-bugs@gnats.NetBSD.org>; Fri, 13 May 2011 12:29:35 +0000 (UTC)
Message-Id: <20110513122935.3C24D63B95D@www.NetBSD.org>
Date: Fri, 13 May 2011 12:29:35 +0000 (UTC)
From: emilianogavilan@gmail.com
Reply-To: emilianogavilan@gmail.com
To: gnats-bugs@NetBSD.org
Subject: Kernel crash on relookup() syscall
X-Send-Pr-Version: www-1.0
>Number: 44961
>Category: kern
>Synopsis: Kernel crash on relookup() syscall
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: dholland
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri May 13 12:30:00 +0000 2011
>Closed-Date: Tue Aug 09 23:21:11 +0000 2011
>Last-Modified: Sun Mar 11 23:35:00 +0000 2012
>Originator: Emiliano Gavilán
>Release: NetBSD 5.99.51
>Organization:
>Environment:
NetBSD beaujolais.vinotinto.com.ar 5.99.51 NetBSD 5.99.51 (GENERIC) #0: Thu May 12 06:41:42 UTC 2011 builds@b7.netbsd.org:/home/builds/ab/HEAD/amd64/201105120500Z-obj/home/builds/ab/HEAD/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
Running the Tcl test suite (trunk version) crashes the NetBSD kernel.
Transcription of panic message follows:
panic: relookup: null name
fatal breakpoint trap in supervisor mode
trap type 1 code 0 rip ffffffff8023a7d5 cs 8 rflags 246 cr2 ffff800047f5d000 cpl 0 rsp ffff800049bc0960
stopped in pid 3800.1 (tcltest) at netbsd:breakpoint+0x5: leave
db{0}> bt
breakpoint() at netbsd:breakpoint+0x5
panic() at netbsd:panic+0x2b9
relookup() at netbsd:relookup+0x9b
do_sys_rename() at netbsd:do_sys_rename+0x1a4
syscal() at netbsd:syscal+0xaa
>How-To-Repeat:
go to http://core.tcl.tk/tcl/info/trunk
log in as anonymous and download tarball
unpack and change to the unix directory
./configure && make tcltest && make test TESTFLAGS="-file Cmd.test"
>Fix:
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: kern-bug-people->dholland
Responsible-Changed-By: dholland@NetBSD.org
Responsible-Changed-When: Sat, 14 May 2011 06:44:07 +0000
Responsible-Changed-Why:
mine
From: David Holland <dholland-bugs@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/44961: Kernel crash on relookup() syscall
Date: Sat, 14 May 2011 08:22:38 +0000
On Fri, May 13, 2011 at 12:30:01PM +0000, emilianogavilan@gmail.com wrote:
> Running the Tcl test suite (trunk version) crashes the NetBSD kernel.
> Transcription of panic message follows:
>
> panic: relookup: null name
If you can run this easily, can you run it under ktruss and check what
the arguments to the lethal rename call are? (do "ktruss -i tcl
whatever", and it should panic right after reporting a rename syscall)
if it's not that easy, I can try to set up the tcl test suite, but it
may take a few days.
(I tried to replicate the problem by making simple rename calls, using
path constructs that might yield "" like it's tripping on, and so far
I can't find a case that dies)
--
David A. Holland
dholland@netbsd.org
From: Emiliano Gavilan <emilianogavilan@gmail.com>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/44961: Kernel crash on relookup() syscall
Date: Sat, 14 May 2011 22:39:51 -0300
2011/5/14 David Holland <dholland-bugs@netbsd.org>:
> =A0If you can run this easily, can you run it under ktruss and check what
> =A0the arguments to the lethal rename call are? (do "ktruss -i tcl
> =A0whatever", and it should panic right after reporting a rename syscall)
Tracked it down to the simplest case: as a plain user, simple trying
$ mv / foo
crashes. This is exactly what the Tcl test suite is doing when the bug fire=
s
(try to rename /, expecting an error)
> =A0if it's not that easy, I can try to set up the tcl test suite, but it
> =A0may take a few days.
see above
Emiliano
From: David Holland <dholland-bugs@netbsd.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/44961: Kernel crash on relookup() syscall
Date: Sun, 15 May 2011 07:03:12 +0000
On Sat, May 14, 2011 at 08:25:03AM +0000, David Holland wrote:
> (I tried to replicate the problem by making simple rename calls, using
> path constructs that might yield "" like it's tripping on, and so far
> I can't find a case that dies)
...which was because I was testing the wrong kernel, duh.
--
David A. Holland
dholland@netbsd.org
From: David Holland <dholland-bugs@netbsd.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/44961: Kernel crash on relookup() syscall
Date: Mon, 16 May 2011 07:15:39 +0000
On Sun, May 15, 2011 at 07:05:04AM +0000, David Holland wrote:
> On Sat, May 14, 2011 at 08:25:03AM +0000, David Holland wrote:
> > (I tried to replicate the problem by making simple rename calls, using
> > path constructs that might yield "" like it's tripping on, and so far
> > I can't find a case that dies)
>
> ...which was because I was testing the wrong kernel, duh.
and now my test setup is borked (see current-users) but I believe the
following patch will fix the problem:
Index: vfs_lookup.c
===================================================================
RCS file: /cvsroot/src/sys/kern/vfs_lookup.c,v
retrieving revision 1.183
diff -u -p -r1.183 vfs_lookup.c
--- vfs_lookup.c 18 Apr 2011 00:47:24 -0000 1.183
+++ vfs_lookup.c 16 May 2011 07:13:11 -0000
@@ -1145,8 +1145,8 @@ namei_oneroot(struct namei_state *state,
* current node.
*/
if (cnp->cn_nameptr[0] == '\0') {
- vref(searchdir);
foundobj = searchdir;
+ searchdir = NULL;
cnp->cn_flags |= ISLASTCN;
/* bleh */
it is not really the right patch but it restores the "logic" for this
case to the way it was before I rearranged stuff last.
--
David A. Holland
dholland@netbsd.org
From: Emiliano Gavilan <emilianogavilan@gmail.com>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/44961: Kernel crash on relookup() syscall
Date: Mon, 16 May 2011 09:06:03 -0300
2011/5/16 David Holland <dholland-bugs@netbsd.org>:
> =A0and now my test setup is borked (see current-users) but I believe the
> =A0following patch will fix the problem:
[snip]
> =A0it is not really the right patch but it restores the "logic" for this
> =A0case to the way it was before I rearranged stuff last.
The patch fixed the issue. Now I get
emiliano@beaujolais:~$ mv / foo
mv: rename / to foo: Device busy
Regards
Emiliano
From: "David A. Holland" <dholland@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44961 CVS commit: src/sys/kern
Date: Mon, 16 May 2011 15:09:31 +0000
Module Name: src
Committed By: dholland
Date: Mon May 16 15:09:31 UTC 2011
Modified Files:
src/sys/kern: vfs_lookup.c
Log Message:
Hack for PR 44961: restore the prior "logic" pertaining to looking up /
to prevent a crash when attempting rename("/", "foo"). This is not really
what I want going forward and it may cause e.g. rmdir("blah/") to fail, so
if it causes trouble for anyone back it out. The right fix is going to have
to wait until the qemu/tcp_vtw problems I ran into last night get sorted out.
To generate a diff of this commit:
cvs rdiff -u -r1.183 -r1.184 src/sys/kern/vfs_lookup.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "David A. Holland" <dholland@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44961 CVS commit: src/sys/kern
Date: Tue, 9 Aug 2011 18:37:56 +0000
Module Name: src
Committed By: dholland
Date: Tue Aug 9 18:37:56 UTC 2011
Modified Files:
src/sys/kern: vfs_lookup.c
Log Message:
Simplify handling of slashes. Provides a proper fix for PR 44961.
To generate a diff of this commit:
cvs rdiff -u -r1.184 -r1.185 src/sys/kern/vfs_lookup.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Tue, 09 Aug 2011 23:21:11 +0000
State-Changed-Why:
fixed properly now.
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44961 CVS commit: src/sbin/sysctl
Date: Sun, 11 Mar 2012 19:33:00 -0400
Module Name: src
Committed By: christos
Date: Sun Mar 11 23:33:00 UTC 2012
Modified Files:
src/sbin/sysctl: sysctl.c
Log Message:
PR/44961: Jukka Ruohonen: for sysctl's with built-in handlers, return OPNOTSUPP
if we don't have handlers instead of using the handler we have and silently
failing on attempts to write a node that cannot be written.
To generate a diff of this commit:
cvs rdiff -u -r1.140 -r1.141 src/sbin/sysctl/sysctl.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home