From owner-freebsd-current@FreeBSD.ORG Mon Jul 24 21:28:56 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 474F316A4E7 for ; Mon, 24 Jul 2006 21:28:56 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from server.baldwin.cx (66-23-211-162.clients.speedfactory.net [66.23.211.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id B5E1B43D45 for ; Mon, 24 Jul 2006 21:28:55 +0000 (GMT) (envelope-from jhb@freebsd.org) Received: from localhost.corp.yahoo.com (john@localhost [127.0.0.1]) (authenticated bits=0) by server.baldwin.cx (8.13.4/8.13.4) with ESMTP id k6OLSpE9028792; Mon, 24 Jul 2006 17:28:54 -0400 (EDT) (envelope-from jhb@freebsd.org) From: John Baldwin To: freebsd-current@freebsd.org Date: Mon, 24 Jul 2006 17:16:09 -0400 User-Agent: KMail/1.9.1 References: <44C36691.5030501@gmail.com> In-Reply-To: <44C36691.5030501@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200607241716.09548.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-2.0.2 (server.baldwin.cx [127.0.0.1]); Mon, 24 Jul 2006 17:28:55 -0400 (EDT) X-Virus-Scanned: ClamAV 0.87.1/1616/Mon Jul 24 13:49:29 2006 on server.baldwin.cx X-Virus-Status: Clean X-Spam-Status: No, score=-4.4 required=4.2 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on server.baldwin.cx Cc: Subject: Re: page fault panic in kern_access/crcopy X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jul 2006 21:28:56 -0000 On Sunday 23 July 2006 08:07, Pawel Worach wrote: > Hi, > > While testing SCTP with NetPIPE I found a reproducible panic, I'm not > sure if this one is SCTP's fault. This is using: > FreeBSD 7.0-CURRENT #0: Sun Jul 23 13:23:06 CEST 2006 + SCTP patches > from today. > Previous frame inner to this frame (corrupt stack?) > (kgdb) f 8 > #8 0xc0531b92 in crcopy (dest=0xc28f4800, src=0xc28f4800) > at /usr/src/sys/kern/kern_prot.c:1954 > 1954 uihold(dest->cr_uidinfo); > (kgdb) p *dest > $1 = {cr_ref = 1, cr_uid = 0, cr_ruid = 0, cr_svuid = 0, cr_ngroups = 0, > cr_groups = {0 }, cr_rgid = 0, cr_svgid = 0, > cr_uidinfo = 0x0, cr_ruidinfo = 0x0, cr_prison = 0x0, cr_label = 0x0} > (kgdb) p *src > $2 = {cr_ref = 1, cr_uid = 0, cr_ruid = 0, cr_svuid = 0, cr_ngroups = 0, > cr_groups = {0 }, cr_rgid = 0, cr_svgid = 0, > cr_uidinfo = 0x0, cr_ruidinfo = 0x0, cr_prison = 0x0, cr_label = 0x0} This implies that curthread has a bogus td_ucred. Lots of things should break if this happens. :( You need to find where td_ucred gets set to a bogus credential. -- John Baldwin