Page MenuHomeFreeBSD
Differential D34335

tty: fix panic with INVARIANTS
ClosedPublic
Actions

Authored by rew on Feb 22 2022, 4:42 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Sep 20, 10:48 AM
Unknown Object (File)
Tue, Sep 17, 6:24 PM
Unknown Object (File)
Mon, Sep 16, 6:14 PM
Unknown Object (File)
Sun, Sep 15, 9:40 PM
Unknown Object (File)
Thu, Sep 5, 7:52 AM
Unknown Object (File)
Mon, Sep 2, 1:44 AM
Unknown Object (File)
Sat, Aug 31, 1:08 PM
Unknown Object (File)
Wed, Aug 28, 12:49 PM
View All 39 Files
Subscribers
hselasky
imp

Details

Reviewers
mjg
hselasky
Commits
rG0a2f49823402: tty: fix a panic with INVARIANTS
Summary

reported at https://lists.freebsd.org/archives/freebsd-current/2022-February/001564.html

watch'ing a tty triggers a refcount wraparound panic:

 % watch ttyu0

panic: refcount 0xfffff80003bb97d4 wraparound
cpuid = 1
time = 1645472248
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00827d0c80
vpanic() at vpanic+0x17f/frame 0xfffffe00827d0cd0
panic() at panic+0x43/frame 0xfffffe00827d0d30
fdclose() at fdclose/frame 0xfffffe00827d0dc0
closefp_impl() at closefp_impl+0x77/frame 0xfffffe00827d0e00
amd64_syscall() at amd64_syscall+0x12e/frame 0xfffffe00827d0f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00827d0f30
--- syscall (6, FreeBSD ELF64, sys_close), rip = 0x8011e8f7a, rsp = 0x7fffffffe0b8, rbp = 0x7fffffffe4f0 ---
KDB: enter: panic
[ thread pid 709 tid 100091 ]
Stopped at      kdb_enter+0x37: movq    $0,0x1281ffe(%rip)
db>

Take a reference on the file after fget_cap_locked() to fix.

Reported by: Michael Jung <mikej_at_paymentallianceintl.com>
Fixes: f40dd6c8034b ("tty: switch ttyhook_register to use fget_cap_locked")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

rew created this revision.Feb 22 2022, 4:42 AM
Herald added a subscriber: imp. · View Herald TranscriptFeb 22 2022, 4:42 AM
rew requested review of this revision.Feb 22 2022, 4:42 AM
Harbormaster completed remote builds in B44531: Diff 103081.Feb 22 2022, 4:42 AM
rew edited the summary of this revision. (Show Details)Feb 22 2022, 4:43 AM
rew added a reviewer: mjg.
hselasky accepted this revision.Feb 22 2022, 9:18 AM
hselasky added a subscriber: hselasky.

Looks good to me.

This revision is now accepted and ready to land.Feb 22 2022, 9:18 AM
mjg accepted this revision.Feb 22 2022, 10:10 AM

Heh. I was looking at all other fd changes thinking fp is perhaps set, the func fails and fdrops and then some caller blindly uses it.

Thank you for looking into it.

Closed by commit rG0a2f49823402: tty: fix a panic with INVARIANTS (authored by rew). · Explain WhyFeb 22 2022, 6:38 PM
This revision was automatically updated to reflect the committed changes.
rew added a commit: rG0a2f49823402: tty: fix a panic with INVARIANTS.

Revision Contents
Changeset List

PathSize
sys/
kern/
2 lines

Diff 103117

View Options

sys/kern/tty.c

Loading...