Date: Mon, 24 Jul 2006 17:16:09 -0400 From: John Baldwin <jhb@freebsd.org> To: freebsd-current@freebsd.org Subject: Re: page fault panic in kern_access/crcopy Message-ID: <200607241716.09548.jhb@freebsd.org> In-Reply-To: <44C36691.5030501@gmail.com> References: <44C36691.5030501@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sunday 23 July 2006 08:07, Pawel Worach wrote:
> Hi,
> 
> While testing SCTP with NetPIPE I found a reproducible panic, I'm not 
> sure if this one is SCTP's fault. This is using:
> FreeBSD 7.0-CURRENT #0: Sun Jul 23 13:23:06 CEST 2006 + SCTP patches 
> from today.
> Previous frame inner to this frame (corrupt stack?)
> (kgdb) f 8
> #8  0xc0531b92 in crcopy (dest=0xc28f4800, src=0xc28f4800)
>      at /usr/src/sys/kern/kern_prot.c:1954
> 1954            uihold(dest->cr_uidinfo);
> (kgdb) p *dest
> $1 = {cr_ref = 1, cr_uid = 0, cr_ruid = 0, cr_svuid = 0, cr_ngroups = 0,
>    cr_groups = {0 <repeats 16 times>}, cr_rgid = 0, cr_svgid = 0,
>    cr_uidinfo = 0x0, cr_ruidinfo = 0x0, cr_prison = 0x0, cr_label = 0x0}
> (kgdb) p *src
> $2 = {cr_ref = 1, cr_uid = 0, cr_ruid = 0, cr_svuid = 0, cr_ngroups = 0,
>    cr_groups = {0 <repeats 16 times>}, cr_rgid = 0, cr_svgid = 0,
>    cr_uidinfo = 0x0, cr_ruidinfo = 0x0, cr_prison = 0x0, cr_label = 0x0}
This implies that curthread has a bogus td_ucred.  Lots of things should break 
if this happens. :(  You need to find where td_ucred gets set to a bogus 
credential.
-- 
John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607241716.09548.jhb>
