NetBSD Problem Report #45415
From martin@aprisoft.de Mon Oct 3 13:40:15 2011
Return-Path: <martin@aprisoft.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id B4DCD63B85F
for <gnats-bugs@gnats.NetBSD.org>; Mon, 3 Oct 2011 13:40:15 +0000 (UTC)
Message-Id: <20111003134006.D5C69AF580F@emmas.aprisoft.de>
Date: Mon, 3 Oct 2011 15:40:06 +0200 (CEST)
From: martin@NetBSD.org
Reply-To: martin@NetBSD.org
To: gnats-bugs@gnats.NetBSD.org
Subject: ptyfs crashes -current
X-Send-Pr-Version: 3.95
>Number: 45415
>Category: kern
>Synopsis: ptyfs crashes -current
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Oct 03 13:45:00 +0000 2011
>Last-Modified: Wed Mar 14 13:02:31 +0000 2012
>Originator: Martin Husemann
>Release: NetBSD 5.99.56
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD after-hours.aprisoft.de 5.99.56 NetBSD 5.99.56 (MODULAR) #56: Mon Oct 3 10:39:42 CEST 2011 martin@after-hours.aprisoft.de:/usr/src/sys/arch/sparc64/compile/MODULAR sparc64
Architecture: sparc64
Machine: sparc64
>Description:
I mount a ptyfs on /dev/pts, using the ptyfs kernel module, auto-loaded on
mount time.
As soon as I try to log in, the system crashes:
kernel trap 30: data access exception
Stopped in pid 388.1 (rxvt) at netbsd:pty_grant_slave+0x40: ld [%g1 + 0x60], %g1
db{1}> bt
cdev_ioctl(1500, 20007447, eaefca0, 3, eb31c00, b) at netbsd:cdev_ioctl+0x6c
VOP_IOCTL(f141e60, 20007447, eaefca0, 3, 39ce600, 0) at netbsd:VOP_IOCTL+0x5c
vn_ioctl(3, 20007447, eaefca0, 1, 0, 40415308) at netbsd:vn_ioctl+0x50
sys_ioctl(eb31c00, eaefdd0, eaefe10, 1, 0, 40414f28) at netbsd:sys_ioctl+0x194
syscall_plain(eaefed0, eaefdd0, 40a45b18, ffffffffffffacb1, 40a45b18, 3) at netbsd:syscall_plain+0x134
This is the code location, apparently:
(gdb) list *(pty_grant_slave+0x40)
0x147e3c0 is in pty_grant_slave (../../../../kern/tty_ptm.c:205).
200 if (ptm == NULL)
201 return EOPNOTSUPP;
202 if ((error = (*ptm->allocvp)(ptm, l, &vp, dev, 't')) != 0)
203 return error;
204
205 if ((vp->v_mount->mnt_flag & MNT_RDONLY) == 0) {
206 struct vattr vattr;
207 (*ptm->getvattr)(ptm, l, &vattr);
208 /* Do the VOP_SETATTR() as root. */
209 error = VOP_SETATTR(vp, &vattr, lwp0.l_cred);
The unaligned access probably means vp->v_mount is broken.
>How-To-Repeat:
s.a.
>Fix:
n/a
>Release-Note:
>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/45415: ptyfs crashes -current
Date: Tue, 4 Oct 2011 11:04:45 +0200
Actually the mount pointer is NULL - this can not be intended, as ptyfs later
accesses mnt_data all over the place (even if I avoid the NULL deref initially
reported here).
Martin
From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org,
gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, martin@NetBSD.org
Cc:
Subject: Re: kern/45415: ptyfs crashes -current
Date: Tue, 4 Oct 2011 09:53:37 -0400
On Oct 4, 9:05am, martin@duskware.de (Martin Husemann) wrote:
-- Subject: Re: kern/45415: ptyfs crashes -current
| Actually the mount pointer is NULL - this can not be intended, as ptyfs later
| accesses mnt_data all over the place (even if I avoid the NULL deref initially
| reported here).
It probably has to do with the latest vnode changes. Perhaps ptyfs is keeping
dead vnodes active when it should not, because I cannot find a code path where
the v_mount is NULL on allocation.
christos
From: "J. Hannken-Illjes" <hannken@eis.cs.tu-bs.de>
To: gnats-bugs@NetBSD.org
Cc: martin@NetBSD.org
Subject: Re: kern/45415: ptyfs crashes -current
Date: Tue, 4 Oct 2011 16:37:06 +0200
Martin,
could you add some printf's to fs/ptyfs/ptyfs_subr.c::ptyfs_allocvp() to
see if the new vnode comes from ptyfs_used_get() or getnewvnode() and
check its v_mount here.
--
Juergen Hannken-Illjes - hannken@eis.cs.tu-bs.de - TU Braunschweig (Germany)
From: Martin Husemann <martin@duskware.de>
To: "J. Hannken-Illjes" <hannken@eis.cs.tu-bs.de>
Cc: gnats-bugs@NetBSD.org, martin@NetBSD.org
Subject: Re: kern/45415: ptyfs crashes -current
Date: Tue, 4 Oct 2011 19:47:22 +0200
On Tue, Oct 04, 2011 at 04:37:06PM +0200, J. Hannken-Illjes wrote:
> Martin,
>
> could you add some printf's to fs/ptyfs/ptyfs_subr.c::ptyfs_allocvp() to
> see if the new vnode comes from ptyfs_used_get() or getnewvnode() and
> check its v_mount here.
I did, but I also updated the source tree - and now can't reproduce it any
more.
Martin
From: Martin Husemann <martin@duskware.de>
To: "J. Hannken-Illjes" <hannken@eis.cs.tu-bs.de>
Cc: gnats-bugs@NetBSD.org, martin@NetBSD.org
Subject: Re: kern/45415: ptyfs crashes -current
Date: Tue, 4 Oct 2011 19:59:21 +0200
On Tue, Oct 04, 2011 at 07:47:22PM +0200, Martin Husemann wrote:
> I did, but I also updated the source tree - and now can't reproduce it any
> more.
I removed the printfs, and it happens again. I added a if () that checks
for a NULL v_mount and panic()s if so - and again I can't reproduce it.
Need to look at the generated assembly...
Martin
From: Martin Husemann <martin@duskware.de>
To: "J. Hannken-Illjes" <hannken@eis.cs.tu-bs.de>
Cc: gnats-bugs@NetBSD.org, martin@NetBSD.org
Subject: Re: kern/45415: ptyfs crashes -current
Date: Wed, 12 Oct 2011 00:49:23 +0200
On Tue, Oct 04, 2011 at 07:59:21PM +0200, Martin Husemann wrote:
> Need to look at the generated assembly...
Not done that yet, but a short note: after Christos fixed binutils most
other -current problems went away, but this one IS still present.
Martin
From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org,
gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, martin@NetBSD.org
Cc:
Subject: Re: kern/45415: ptyfs crashes -current
Date: Tue, 11 Oct 2011 19:00:24 -0400
On Oct 11, 10:50pm, martin@duskware.de (Martin Husemann) wrote:
| Not done that yet, but a short note: after Christos fixed binutils most
| other -current problems went away, but this one IS still present.
Maybe another binutils bug. Who knows. Does not seem possible from the
code paths.
christos
From: Martin Husemann <martin@duskware.de>
To: "J. Hannken-Illjes" <hannken@eis.cs.tu-bs.de>
Cc: gnats-bugs@NetBSD.org, martin@NetBSD.org
Subject: Re: kern/45415: ptyfs crashes -current
Date: Wed, 12 Oct 2011 01:31:13 +0200
On Wed, Oct 12, 2011 at 12:49:23AM +0200, Martin Husemann wrote:
> Not done that yet, but a short note: after Christos fixed binutils most
> other -current problems went away, but this one IS still present.
... and it doesn't happen with the statically linked ptyfs in GENERIC.
Martin
From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org,
gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, martin@NetBSD.org
Cc:
Subject: Re: kern/45415: ptyfs crashes -current
Date: Tue, 11 Oct 2011 19:48:46 -0400
On Oct 11, 11:35pm, martin@duskware.de (Martin Husemann) wrote:
| ... and it doesn't happen with the statically linked ptyfs in GENERIC.
$ objdump -R ptyfs.ko
That was sparc64 or sparc?
christos
From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org,
gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, martin@NetBSD.org
Cc:
Subject: Re: kern/45415: ptyfs crashes -current
Date: Tue, 11 Oct 2011 19:58:59 -0400
On Oct 11, 7:48pm, christos@zoulas.com (Christos Zoulas) wrote:
| That was sparc64 or sparc?
I cross compiled.
It is -r since it is not dynamic, but... It looks ok to me.
christos
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/45415: ptyfs crashes -current
Date: Thu, 27 Oct 2011 20:43:50 +0200
This has always been a bit volatile, but it seems I am not able to reproduce
it in -current anymore. Will keep an eye on it...
Martin
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.