page fault panic in kern_access/crcopy
John Baldwin
jhb at freebsd.org
Mon Jul 24 21:28:56 UTC 2006
On Sunday 23 July 2006 08:07, Pawel Worach wrote:
> Hi,
>
> While testing SCTP with NetPIPE I found a reproducible panic, I'm not
> sure if this one is SCTP's fault. This is using:
> FreeBSD 7.0-CURRENT #0: Sun Jul 23 13:23:06 CEST 2006 + SCTP patches
> from today.
> Previous frame inner to this frame (corrupt stack?)
> (kgdb) f 8
> #8 0xc0531b92 in crcopy (dest=0xc28f4800, src=0xc28f4800)
> at /usr/src/sys/kern/kern_prot.c:1954
> 1954 uihold(dest->cr_uidinfo);
> (kgdb) p *dest
> $1 = {cr_ref = 1, cr_uid = 0, cr_ruid = 0, cr_svuid = 0, cr_ngroups = 0,
> cr_groups = {0 <repeats 16 times>}, cr_rgid = 0, cr_svgid = 0,
> cr_uidinfo = 0x0, cr_ruidinfo = 0x0, cr_prison = 0x0, cr_label = 0x0}
> (kgdb) p *src
> $2 = {cr_ref = 1, cr_uid = 0, cr_ruid = 0, cr_svuid = 0, cr_ngroups = 0,
> cr_groups = {0 <repeats 16 times>}, cr_rgid = 0, cr_svgid = 0,
> cr_uidinfo = 0x0, cr_ruidinfo = 0x0, cr_prison = 0x0, cr_label = 0x0}
This implies that curthread has a bogus td_ucred. Lots of things should break
if this happens. :( You need to find where td_ucred gets set to a bogus
credential.
--
John Baldwin
More information about the freebsd-current
mailing list