NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/41104: ktrace panic



>Number:         41104
>Category:       kern
>Synopsis:       ktrace panic
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Mar 30 21:15:00 +0000 2009
>Originator:     Andrew Doran
>Release:        5.99.9
>Organization:
The NetBSD Project
>Environment:
i386 smp
>Description:
ktraceing a very busy tar:


login: panic: kernel diagnostic assertion "fp->f_count == 0" failed: file 
"../../../../kern/kern_descrip.c", line 1098
fatal breakpoint trap in supervisor mode
trap type 1 code 0 eip c028b5b4 cs 8 eflags 282 cr2 bbb52818 ilevel 0
Stopped in pid 649.1 (ktrace) at        netbsd:breakpoint+0x4:  popl    %ebp
db{7}> bt
breakpoint(cf8f9bc8,cf8f9b78,cf8f9bac,c0747161,c0b64a69,cf8f9bb8,ce3410c0,c0575e
3e,1,cf905f4c) at netbsd:breakpoint+0x4
cpu_Debugger(c0b64a69,cf8f9bb8,ce3410c0,c0575e3e,1,cf905f4c,cf8f9bbc,c05770ab,cf
8f9bb8,0) at netbsd:cpu_Debugger+0xb
panic(c0b9d45c,c0b0eb24,c0b0ee03,c0b0eb04,44a,3,cf8f9bec,c0579375,c0b0eb24,c0b0e
b04) at netbsd:panic+0x171
__kernassert(c0b0eb24,c0b0eb04,44a,c0b0ee03,cfaacc00,3,cf8f9c1c,c0579337,cef5318
0,3) at netbsd:__kernassert+0x37
ffree(cef53180,3,0,cfaafb34,1,1,ce14a674,0,cf905e00,cfaacc00) at netbsd:ffree+0x
3c
fd_abort(cfaafb34,cef53180,3,1d3,cef53180,0,cf8f9c9c,c0577f6e,cef53180,3) at net
bsd:fd_abort+0x16d
sys_ktrace(cfab0a40,cf8f9d04,cf8f9cfc,cf8f9ce0,bbb52000,cfaafb34,cf8f9cdc,c07646
2f,cfab0a40,cfab0a40) at netbsd:sys_ktrace+0x1e9
sy_call(c0bf7efc,cfab0a40,cf8f9d04,cf8f9cfc,c05a667f,0,0,0,80495a2,2000000) at n
etbsd:sy_call+0x2e
syscall(cf8f9d48,b3,ab,1f,1f,8049564,80495a3,bfbfe808,2000000,2) at netbsd:sysca

>How-To-Repeat:
$ ps ax
PID TTY   STAT    TIME COMMAND
479 ttyp2 S+   0:41.00 tar xfp - 
$ su  
Password:
# pwd  
/local/home/ad
# ktrace -p 467; sleep 0.1; ktrace -C

>Fix:
- I guess fd_abort() should not rely on ffree() but should fclose(),
  assuming that the file has a reference.

- Never try to optimize failure paths..




Home | Main Index | Thread Index | Old Index