Date: Thu, 12 Dec 2024 16:53:45 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 282156] page fault while in kernel mode after 14.0-Release to 14.1-Release upgrade Message-ID: <bug-282156-227-p5fhBnF1DP@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-282156-227@https.bugs.freebsd.org/bugzilla/> References: <bug-282156-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D282156 --- Comment #13 from Rick Macklem <rmacklem@FreeBSD.org> --- (In reply to tfagart from comment #10) Just to bring you up to date w.r.t. my investigation... The packet trace showed that the crash was generated by a callback that the FreeBSD NFS client does not support. I hacked a NFS server to generate these callbacks and I did not get a crash. It worked the way the code appeared to be written, which was replied NFS4ERR_NOTSUPP. (Someday I should implement this callback, but I do not think the lack of it is causing the crash.) Since the crash address is d0 (208) is seems likely that it is a NULL pointer referencing a structure with a field at offset 208. Going through the structures that are used by svc_run(), the only one I could find with a field at offset 208 was SVCPOOL (the field is sp_groupcount). xprt_register() uses this and acquires the SVCPOOL pointer from xp_pool. --> My current best explanation for the crash is that, somehow, xp_pool is set NULL, but I haven't figured out how that could happen yet. xp_pool is set in svc_vc_create_backchannel(), which is called during TCP connection creation (in newnfs_connect()) with nfscbd_pool as argument. One thought is that nfscbd_pool doesn't get initialized soon enough, but that initialization happens inside the client modules modevent() via svcpool_create() and is never set back to NULL. I'll keep looking to see if I can figure out how xp_pool might get set to NULL and maybe come up with a patch that includes some sanity checking for you to try. I will also take a look, but I do not think anything in svc.c changed between 14.0 and 14.1 (which is where the svc_run() code lives). --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-282156-227-p5fhBnF1DP>