From bw@exodus.desync.com  Tue Sep  2 22:00:35 2008
Return-Path: <bw@exodus.desync.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A29D91065674
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  2 Sep 2008 22:00:35 +0000 (UTC)
	(envelope-from bw@exodus.desync.com)
Received: from exodus.desync.com (desync.com [IPv6:2607:f178::165])
	by mx1.freebsd.org (Postfix) with ESMTP id 423808FC1C
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  2 Sep 2008 22:00:34 +0000 (UTC)
	(envelope-from bw@exodus.desync.com)
Received: from exodus.desync.com (localhost [127.0.0.1])
	by exodus.desync.com (8.14.3/8.14.2) with ESMTP id m82M0SIE003566
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 2 Sep 2008 18:00:28 -0400 (EDT)
	(envelope-from bw@exodus.desync.com)
Received: (from bw@localhost)
	by exodus.desync.com (8.14.3/8.14.2/Submit) id m82M0SW4003565;
	Tue, 2 Sep 2008 18:00:28 -0400 (EDT)
	(envelope-from bw)
Message-Id: <200809022200.m82M0SW4003565@exodus.desync.com>
Date: Tue, 2 Sep 2008 18:00:28 -0400 (EDT)
From: Ben Wilber <ben@desync.com>
Reply-To: Ben Wilber <ben@desync.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: perl causes panic
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         127054
>Category:       kern
>Synopsis:       [panic] perl causes panic
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    ed
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 02 22:10:00 UTC 2008
>Closed-Date:    Thu Sep 04 18:50:16 UTC 2008
>Last-Modified:  Thu Sep 04 18:50:16 UTC 2008
>Originator:     Ben Wilber
>Release:        FreeBSD 8.0-CURRENT amd64
>Organization:
>Environment:
System: FreeBSD exodus 8.0-CURRENT FreeBSD 8.0-CURRENT #39: Sun Aug 31 09:17:23 EDT 2008 bw@exodus:/usr/obj/usr/src/sys/COMRADE amd64

Kernel config:

include GENERIC

ident COMRADE

nooptions INVARIANTS
nooptions INVARIANT_SUPPORT
nooptions WITNESS
nooptions WITNESS_SKIPSPIN

options HZ=1000
options DEVICE_POLLING

options         ALTQ
options         ALTQ_CBQ        # Class Based Queueing
options         ALTQ_RED        # Random Early Detection
options         ALTQ_RIO        # RED In/Out
options         ALTQ_HFSC       # Hierarchical Packet Scheduler
options         ALTQ_CDNR       # Traffic conditioner
options         ALTQ_PRIQ       # Priority Queueing

device			crypto
options			IPSEC

>Description:

Perl's CPAN and CPANPLUS shells cause kernel panic.

Fatal trap 12: page faSep  2 17:22:35 ulexodus sshd[2664t w]: error: chown hil/dev/pts/0 0 0 fe iailed: No such fn kile or directoryern
6 failed: No suc5 exodus sshd[26 m64]: error: chmoodd /dev/pts/0 066e
                h file or directcpory
uid = 2; apic id = 06
fault virtual address   = 0x268
fault code              = supervisor read data, page not present
instruction pointer     = 0x8:0xffffffff804ca686
stack pointer           = 0x10:0xfffffffea981ba10
frame pointer           = 0x10:0xfffffffea981ba30
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 2670 (sshd)
[thread pid 2670 tid 100223 ]
Stopped at      _mtx_lock_sleep+0x47:   movl    0x268(%rcx),%eax

db> bt
Tracing pid 2670 tid 100223 td 0xffffff00055b8360
_mtx_lock_sleep() at _mtx_lock_sleep+0x47
ptsdev_read() at ptsdev_read+0x97
dofileread() at dofileread+0x96
kern_readv() at kern_readv+0x46
read() at read+0x4d
syscall() at syscall+0x330
Xfast_syscall() at Xfast_syscall+0xab
--- syscall (3, FreeBSD ELF64, read), rip = 0x80139cb4c, rsp = 0x7fffffffa268, rbp = 0x60e600 ---

>How-To-Repeat:

% perl -MCPAN -e shell
Operator or semicolon missing before &__inline at (eval 90) line 1.
Ambiguous use of & resolved as operator & at (eval 90) line 1.
Use of uninitialized value in bitwise and (&) at (eval 283) line 1.
Use of uninitialized value in bitwise and (&) at (eval 285) line 1.

cpan shell -- CPAN exploration and modules installation (v1.7602)
ReadLine support enabled

Connection to exodus closed.

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->ed 
Responsible-Changed-By: remko 
Responsible-Changed-When: Wed Sep 3 10:03:11 UTC 2008 
Responsible-Changed-Why:  
reassign to mr. tty, this seems as it cannot change some 
info's within the new tty structures. Could be that the 
perl code should be updated to match this behaviour, after 
all it's -current though. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=127054 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/127054: commit references a PR
Date: Thu,  4 Sep 2008 16:31:54 +0000 (UTC)

 ed          2008-09-04 16:30:53 UTC
 
   FreeBSD src repository
 
   Modified files:
     sys/kern             tty_compat.c 
     sys/sys              tty.h 
   Log:
   SVN rev 182763 on 2008-09-04 16:30:53Z by ed
   
   Fix an awful bug inside our COMPAT_43TTY code.
   
   When I migrated tty_compat.c to MPSAFE TTY, I just hooked it up to the
   build and fixed it until it compiled and somewhat worked. It turns out
   this was not the smartest thing, because the old TTY layer also had a
   field called t_flags, which contained a set of sgtty flags.
   
   This means our current COMPAT_43TTY code overwrites the TTY flags,
   causing all strange problems to occur. Fix this code to use a new struct
   member called t_compatflags. This commit may cause kern/127054 to be
   fixed, but this still has to be tested/confirmed by the originator. It
   has to be fixed anyway.
   
   PR:             kern/127054
   
   Revision  Changes    Path
   1.41      +14 -12    src/sys/kern/tty_compat.c
   1.106     +1 -0      src/sys/sys/tty.h
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: ed 
State-Changed-When: Thu Sep 4 18:50:15 UTC 2008 
State-Changed-Why:  
Author confirmed the commit fixed the bug. Thanks for reporting! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=127054 
>Unformatted:
