Re: Panic during samba mount

看板DFBSD_bugs作者nthery.時間15年前 (2010/07/10 15:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/3 (看更多)

--001636c59872e13e53048b02b06e Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable I reproduced the bug and I'm giving it a look. Cheers, Nicolas On 2 July 2010 19:27, Tero Jaasko <tero.jaasko.no.spam.please@mail.suomi.ne= t > wrote: > Hello, > I am getting a "Fatal trap 12: page fault while in kernel mode" -panic on= a > samba mount command, e.g. > "mount_smbfs -I 192.168.0.195 //guest@192.168.0.195/share /mnt/share/". > > --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8< > Fatal trap 12: page fault while in kernel mode > mp_lock =3D 00000000; cpuid =3D 0; lapic->id =3D 00000000 > fault virtual address =3D 0x60 > fault code =3D supervisor read data, page not present > instruction pointer =3D 0x8:0xffffffff80250e17 > stack pointer =3D 0x10:0xfffffffe37b62ab0 > frame pointer =3D 0x10:0xfffffffe37b62ad0 > code segment =3D base 0x0, limit 0xfffff, type 0x1b > =3D DPL 0, pres 1, long 0, def32 0, gran 1 > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > current process =3D Idle > current thread =3D pri 44 (CRIT) > trap number =3D 12 > panic: page fault > mp_lock =3D 00000000; cpuid =3D 0 > Trace beginning at frame 0xfffffffe37b627f8 > panic() at panic+0x1fc > panic() at panic+0x1fc > trap_fatal() at trap_fatal+0x3f4 > trap_pfault() at trap_pfault+0x158 > trap() at trap+0x67e > calltrap() at calltrap+0x8 > --- trap 000000000000000c, rip =3D ffffffff80250e17, rsp =3D fffffffe37b6= 2ab0, > rbp =3D fffffffe37b62ad0 --- > prison_replace_wildcards() at prison_replace_wildcards+0x1f > in_pcbbind() at in_pcbbind+0x2e1 > tcp_connect() at tcp_connect+0x52 > tcp_usr_connect() at tcp_usr_connect+0xe7 > netmsg_pru_connect() at netmsg_pru_connect+0x1b > netmsg_service() at netmsg_service+0x122 > tcpmsg_service_loop() at tcpmsg_service_loop+0x26 > boot() called on cpu#0 > Uptime: 4m23s > Physical memory: 8176 MB > --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8< > > There seems to be a problem in prison_replace_wildcards() at > sys/kern/kern_jail.c:, as the given "td->td_ucred" is NULL. The attached > kgdb.txt contains my attempt at debugging the situation. > > The panic is 100% reproducible on my system and I have a few kernel dumps > from the situation, if somebody needs tehm. I have attached a band-aid ki= nd > of patch, which seems to work, at least with it the samba works as expect= ed, > but perhaps it is not a correct solution. > I added a kprintf() on the "td->td_ucred =3D=3D NULL" -case, and it seems > to be called only twice during the smb mount, not after. > > The machine and kernel is a regular Intel x86_64 SMP setup, build > from yesterday's master. > > Best regards, > Tero J=E4=E4sk=F6 > --001636c59872e13e53048b02b06e Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable I reproduced the bug and I'm giving it a look.<div> </div><div>Cheer= s,</div><div>Nicolas <div class=3D"gmail_quote">On 2 July 2010 19:27= , Tero Jaasko <<a href=3D"mailto:tero.jaasko.no.spam.p= lease@mail.suomi.net">tero.jaasko.no.spam.please@mail.suomi.net</a>></sp= an> wrote: <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex;">Hello, I am getting a "Fatal trap 12: page fault while in kernel mode" -= panic on a samba mount command, e.g. "mount_smbfs -I 192.168.0.195 //<a href=3D"http://guest@192.168.0.195/= share" target=3D"_blank">guest@192.168.0.195/share</a> /mnt/share/".<b= r> --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8&l= t;--8<--8<--8<--8< Fatal trap 12: page fault while in kernel mode mp_lock =3D 00000000; cpuid =3D 0; lapic->id =3D 00000000 fault virtual address =A0 =3D 0x60 fault code =A0 =A0 =A0 =A0 =A0 =A0 =A0=3D supervisor read data, page not pr= esent instruction pointer =A0 =A0 =3D 0x8:0xffffffff80250e17 stack pointer =A0 =A0 =A0 =A0 =A0 =3D 0x10:0xfffffffe37b62ab0 frame pointer =A0 =A0 =A0 =A0 =A0 =3D 0x10:0xfffffffe37b62ad0 code segment =A0 =A0 =A0 =A0 =A0 =A0=3D base 0x0, limit 0xfffff, type 0x1b<= br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=3D DPL 0, pres 1, long 0, = def32 0, gran 1 processor eflags =A0 =A0 =A0 =A0=3D interrupt enabled, resume, IOPL =3D 0<b= r> current process =A0 =A0 =A0 =A0 =3D Idle current thread =A0 =A0 =A0 =A0 =A0=3D pri 44 (CRIT) trap number =A0 =A0 =A0 =A0 =A0 =A0 =3D 12 panic: page fault mp_lock =3D 00000000; cpuid =3D 0 Trace beginning at frame 0xfffffffe37b627f8 panic() at panic+0x1fc panic() at panic+0x1fc trap_fatal() at trap_fatal+0x3f4 trap_pfault() at trap_pfault+0x158 trap() at trap+0x67e calltrap() at calltrap+0x8 --- trap 000000000000000c, rip =3D ffffffff80250e17, rsp =3D fffffffe37b62a= b0, rbp =3D fffffffe37b62ad0 --- prison_replace_wildcards() at prison_replace_wildcards+0x1f in_pcbbind() at in_pcbbind+0x2e1 tcp_connect() at tcp_connect+0x52 tcp_usr_connect() at tcp_usr_connect+0xe7 netmsg_pru_connect() at netmsg_pru_connect+0x1b netmsg_service() at netmsg_service+0x122 tcpmsg_service_loop() at tcpmsg_service_loop+0x26 boot() called on cpu#0 Uptime: 4m23s Physical memory: 8176 MB --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8&l= t;--8<--8<--8<--8< There seems to be a problem in prison_replace_wildcards() at sys/kern/kern_= jail.c:, as the given "td->td_ucred" is NULL. The attached kgd= b.txt contains my attempt at debugging the situation. The panic is 100% reproducible on my system and I have a few kernel dumps f= rom the situation, if somebody needs tehm. I have attached a band-aid kind = of patch, which seems to work, at least with it the samba works as expected= , but perhaps it is not a correct solution. I added a kprintf() on the "td->td_ucred =3D=3D NULL" -case, a= nd it seems to be called only twice during the smb mount, not after. The machine and kernel is a regular Intel x86_64 SMP setup, build from yesterday's master. Best regards, Tero J=E4=E4sk=F6 </blockquote></div> </div> --001636c59872e13e53048b02b06e--

‣ 返回看板[ DFBSD_bugs ] DBSD

‣ 更多 nthery. 的文章

文章代碼(AID): #1CE1gnOV (DFBSD_bugs)