kern/85816: maxproc=1 in login.conf causes kernel panic when
logging into account via ssh
Gleb Smirnoff
glebius at FreeBSD.org
Tue Sep 13 23:10:19 PDT 2005
The following reply was made to PR kern/85816; it has been noted by GNATS.
From: Gleb Smirnoff <glebius at FreeBSD.org>
To: bug-followup at FreeBSD.org
Cc:
Subject: kern/85816: maxproc=1 in login.conf causes kernel panic when logging into account via ssh
Date: Wed, 14 Sep 2005 10:09:54 +0400
Attach backtrace to PR's Audit-Trail.
----- Forwarded message from "Jack L." <xxjack12xx at gmail.com> -----
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x0
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc04f96a1
stack pointer = 0x28:0xe1b7dad4
frame pointer = 0x28:0xe1b7db48
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 705 (sshd)
trap number = 12
panic: page fault
cpuid = 0
Uptime: 51s
Dumping 449 MB (2 chunks)
chunk 0: 1MB (159 pages) ... ok
chunk 1: 449MB (114944 pages) 434 418 402 386 370 354 338 322 306 290 274
258 242 226 210 194 178 162 146 130 114 98 82 66 50 34 18 2
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc052163d in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
first_buf_printf = 1
#2 0xc05219ea in panic (fmt=0xc06d19ec "%s") at
/usr/src/sys/kern/kern_shutdown.c:555
td = (struct thread *) 0xc1c597d0
bootopt = 260
newpanic = 0
ap = 0xc1c597d0 "<J??`<\225?"
buf = "page fault", '\0' <repeats 245 times>
#3 0xc06ab9a2 in trap_fatal (frame=0xe1b7da94, eva=0)
at /usr/src/sys/i386/i386/trap.c:841
code = 40
type = 12
ss = 40
esp = 0
softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0,
ssd_p = 1, ssd_xx = 10, ssd_xx1 = 1, ssd_def32 = 1, ssd_gran = 1}
#4 0xc06ab69b in trap_pfault (frame=0xe1b7da94, usermode=0, eva=0)
at /usr/src/sys/i386/i386/trap.c:752
va = 0
vm = (struct vmspace *) 0x0
map = 0xc1d745dc
rv = 1
ftype = 1 '\001'
td = (struct thread *) 0xc1c597d0
p = (struct proc *) 0xc1d54a3c
#5 0xc06ab287 in trap (frame=
{tf_fs = -1068302328, tf_es = -1066205144, tf_ds = -1043070936, tf_edi = 1,
tf_esi = -1043067440, tf_ebp = -508044472, tf_isp = -508044608, tf_ebx =
-1043698088, tf_edx = -1044015152, tf_ecx = -1047944912, tf_eax = 0,
tf_trapno = 12, tf_err = 0, tf_eip = -1068525919, tf_cs = 32, tf_eflags =
66050, tf_esp = -1068274241, tf_ss = -1044015152})
---Type <return> to continue, or q <return> to quit---
at /usr/src/sys/i386/i386/trap.c:442
td = (struct thread *) 0xc1c597d0
p = (struct proc *) 0xc1d54a3c
sticks = 3228802408
i = 0
ucode = 0
type = 12
code = 0
eva = 0
#6 0xc069673a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
No locals.
#7 0xc0530008 in ratecheck (lasttime=0xc1d40dd0, mininterval=0xc1ca6e58)
at /usr/src/sys/kern/kern_time.c:723
tv = {tv_sec = -1068367935, tv_usec = -1042986436}
delta = {tv_sec = -1043922944, tv_usec = -508044460}
rv = 1
#8 0xc05743c3 in unp_discard (fp=0xc1ca6e58) at
/usr/src/sys/kern/uipc_usrreq.c:1887
No locals.
#9 0xc0572b2b in unp_freerights (rp=0xc1b4ad28, fdcount=1)
at /usr/src/sys/kern/uipc_usrreq.c:1272
i = 0
fp = (struct file *) 0x0
#10 0xc0572df7 in unp_externalize (control=0xc1b4ad00, controlp=0xe1b7dc54)
at /usr/src/sys/kern/uipc_usrreq.c:1321
td = (struct thread *) 0xc1c597d0
cm = (struct cmsghdr *) 0xc1b4ad18
i = -1068065433
fdp = (int *) 0xe1b7dbc8
rp = (struct file **) 0xc1b4ad24
fp = (struct file *) 0xc1c70000
data = (void *) 0xc1c70000
clen = 16
---Type <return> to continue, or q <return> to quit---
datalen = 4
error = 40
newfds = 1
f = -1043866020
newlen = 0
#11 0xc0566efe in soreceive (so=0xc1c7dde8, psa=0xe1b7dc50, uio=0xe1b7dc5c,
mp0=0x0,
controlp=0xe1b7dc54, flagsp=0xe1b7dcbc) at
/usr/src/sys/kern/uipc_socket.c:1151
cm = (struct mbuf *) 0xc1b4ad00
cmn = (struct mbuf *) 0x0
cme = (struct mbuf **) 0x0
m = (struct mbuf *) 0xc1b4c000
mp = (struct mbuf **) 0x0
flags = 0
len = 4
error = 0
offset = -508044112
pr = (struct protosw *) 0xc0713660
nextrecord = (struct mbuf *) 0x0
moff = 0
type = 0
orig_resid = 1
#12 0xc056d547 in recvit (td=0xc1c597d0, s=4, mp=0xe1b7dca4, namelenp=0x0)
at /usr/src/sys/kern/uipc_syscalls.c:985
auio = {uio_iov = 0xc1a22120, uio_iovcnt = 1, uio_offset = 0, uio_resid = 1,
uio_segflg = UIO_USERSPACE, uio_rw = UIO_READ, uio_td = 0xc1c597d0}
iov = (struct iovec *) 0x0
i = 0
len = 1
error = 4
m = (struct mbuf *) 0x0
control = (struct mbuf *) 0x0
ctlbuf = 0xe1b7dc6c "\001"
---Type <return> to continue, or q <return> to quit---
fp = (struct file *) 0xc1bc8048
so = (struct socket *) 0xc1c7dde8
fromsa = (struct sockaddr *) 0x0
ktruio = (struct uio *) 0x0
#13 0xc056da2b in recvmsg (td=0x0, uap=0xe1b7dd04)
at /usr/src/sys/kern/uipc_syscalls.c:1235
msg = {msg_name = 0x0, msg_namelen = 0, msg_iov = 0xc1a22120, msg_iovlen =
1,
msg_control = 0xbfbfdc70, msg_controllen = 16, msg_flags = 0}
uiov = (struct iovec *) 0xbfbfdc60
iov = (struct iovec *) 0xc1a22120
error = 0
#14 0xc06abd83 in syscall (frame=
{tf_fs = 59, tf_es = -1078001605, tf_ds = -507903941, tf_edi = -1077945188,
tf_esi = -1077945136, tf_ebp = -1077945176, tf_isp = -508043932, tf_ebx =
134839184, tf_edx = 0, tf_ecx = 0, tf_eax = 27, tf_trapno = 12, tf_err = 2,
tf_eip = 674001611, tf_cs = 51, tf_eflags = 646, tf_esp = -1077945268, tf_ss
= 59}) at /usr/src/sys/i386/i386/trap.c:986
params = 0xbfbfdc50 <Address 0xbfbfdc50 out of bounds>
callp = (struct sysent *) 0xc0709824
td = (struct thread *) 0xc1c597d0
p = (struct proc *) 0xc1d54a3c
orig_tf_eflags = 646
sticks = 0
error = 0
narg = 3
args = {4, -1077945216, 0, 134877184, 12, 0, 0, -1042986436}
code = 27
#15 0xc069678f in Xint0x80_syscall () at
/usr/src/sys/i386/i386/exception.s:200
No locals.
#16 0x0000003b in ?? ()
No symbol table info available.
#17 0xbfbf003b in ?? ()
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#18 0xe1ba003b in ?? ()
No symbol table info available.
#19 0xbfbfdc9c in ?? ()
No symbol table info available.
#20 0xbfbfdcd0 in ?? ()
No symbol table info available.
#21 0xbfbfdca8 in ?? ()
No symbol table info available.
#22 0xe1b7dd64 in ?? ()
No symbol table info available.
#23 0x08097b90 in ?? ()
No symbol table info available.
#24 0x00000000 in ?? ()
No symbol table info available.
#25 0x00000000 in ?? ()
No symbol table info available.
#26 0x0000001b in ?? ()
No symbol table info available.
#27 0x0000000c in ?? ()
No symbol table info available.
#28 0x00000002 in ?? ()
No symbol table info available.
#29 0x282c72cb in ?? ()
No symbol table info available.
#30 0x00000033 in ?? ()
No symbol table info available.
#31 0x00000286 in ?? ()
No symbol table info available.
#32 0xbfbfdc4c in ?? ()
No symbol table info available.
#33 0x0000003b in ?? ()
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#34 0xd0d0d0d0 in ?? ()
No symbol table info available.
#35 0xd0d0d0d0 in ?? ()
No symbol table info available.
#36 0xd0d0d0d0 in ?? ()
No symbol table info available.
#37 0xd0d0d0d0 in ?? ()
No symbol table info available.
#38 0x1172c000 in ?? ()
No symbol table info available.
#39 0xc0739b60 in ksg_maxid ()
No symbol table info available.
#40 0xc1950c80 in ?? ()
No symbol table info available.
#41 0xe1b7d72c in ?? ()
No symbol table info available.
#42 0xe1b7d710 in ?? ()
No symbol table info available.
#43 0xc1c597d0 in ?? ()
No symbol table info available.
#44 0xc0536dbf in sched_switch (td=0x8097b90, newtd=0xbfbfdcd0, flags=Cannot
access memory at address 0xbfbfdcb8
)
at /usr/src/sys/kern/sched_ule.c:1383
ksq = (struct kseq *) 0xbfbfdc9c
ke = (struct td_sched *) Cannot access memory at address 0xbfbfdc98
(kgdb)
----- End forwarded message -----
--
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
More information about the freebsd-bugs
mailing list