Panic during samba mount

Nicolas Thery nthery at gmail.com
Fri Jul 9 23:34:23 PDT 2010


I reproduced the bug and I'm giving it a look.Cheers,NicolasOn 2 July 2010 19:27, Tero Jaasko <tero.jaasko.no.spam.please at mail.suomi.net> wrote:
Hello,
I am getting a "Fatal trap 12: page fault while in kernel mode" -panic on a samba mount command, e.g.
"mount_smbfs -I 192.168.0.195 //guest at 192.168.0.195/share /mnt/share/".

--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<
Fatal trap 12: page fault while in kernel mode
mp_lock = 00000000; cpuid = 0; lapic->id = 00000000
fault virtual address   = 0x60
fault code              = supervisor read data, page not present
instruction pointer     = 0x8:0xffffffff80250e17
stack pointer           = 0x10:0xfffffffe37b62ab0
frame pointer           = 0x10:0xfffffffe37b62ad0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 0, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = Idle
current thread          = pri 44 (CRIT)
trap number             = 12
panic: page fault
mp_lock = 00000000; cpuid = 0
Trace beginning at frame 0xfffffffe37b627f8
panic() at panic+0x1fc
panic() at panic+0x1fc
trap_fatal() at trap_fatal+0x3f4
trap_pfault() at trap_pfault+0x158
trap() at trap+0x67e
calltrap() at calltrap+0x8
--- trap 000000000000000c, rip = ffffffff80250e17, rsp = fffffffe37b62ab0, rbp = fffffffe37b62ad0 ---
prison_replace_wildcards() at prison_replace_wildcards+0x1f
in_pcbbind() at in_pcbbind+0x2e1
tcp_connect() at tcp_connect+0x52
tcp_usr_connect() at tcp_usr_connect+0xe7
netmsg_pru_connect() at netmsg_pru_connect+0x1b
netmsg_service() at netmsg_service+0x122
tcpmsg_service_loop() at tcpmsg_service_loop+0x26
boot() called on cpu#0
Uptime: 4m23s
Physical memory: 8176 MB
--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<

There seems to be a problem in prison_replace_wildcards() at sys/kern/kern_jail.c:, as the given "td->td_ucred" is NULL. The attached kgdb.txt contains my attempt at debugging the situation.

The panic is 100% reproducible on my system and I have a few kernel dumps from the situation, if somebody needs tehm. I have attached a band-aid kind of patch, which seems to work, at least with it the samba works as expected, but perhaps it is not a correct solution.

I added a kprintf() on the "td->td_ucred == NULL" -case, and it seems
to be called only twice during the smb mount, not after.

The machine and kernel is a regular Intel x86_64 SMP setup, build
from yesterday's master.

Best regards,
Tero Jääskö





More information about the Bugs mailing list