Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kauth_cred_free crashing...



I sent this a week ago, but without any subject line... My system has now been up for almost two weeks without any further crashes.

Should I go ahead and commit, or should someone more familiar with this part of the system (elad?) do it?

----------

Last week I wrote about a crash I'd had on my amd64 5.99.23 system:

Overnight, while my machine was idle, I experienced the following crash.

At first blush I might suspect something related to the recent changes WRT socket credentials?

I have the complete 8GB core dump. This was from sources updated via anonCVS on 2010-01-02 at 19:28:14 UTC.

Any clues?

(gdb) target kvm netbsd.4.core
#0 0xffffffff801fca58 in cpu_reboot (howto=260, bootstr=<value optimized out>)
    at /build/netbsd-local/src/sys/arch/amd64/amd64/machdep.c:682
682                     dumpsys();
(gdb) bt
#0 0xffffffff801fca58 in cpu_reboot (howto=260, bootstr=<value optimized out>)
    at /build/netbsd-local/src/sys/arch/amd64/amd64/machdep.c:682
#1  0xffffffff80261c44 in panic (
    fmt=0xffffffff803ad990 <Address 0xffffffff803ad990 out of bounds>)
    at /build/netbsd-local/src/sys/kern/subr_prf.c:299
#2  0xffffffff80341275 in __kernassert (t=0x0, f=0x0, l=0, e=0x0)
    at /build/netbsd-local/src/sys/lib/libkern/__assert.c:50
#3  0xffffffff801c469d in kauth_cred_free (cred=0xffff8000587cacc0)
    at /build/netbsd-local/src/sys/kern/kern_auth.c:194
<snip>
(gdb) fr 3
#3  0xffffffff801c469d in kauth_cred_free (cred=0xffff8000587cacc0)
    at /build/netbsd-local/src/sys/kern/kern_auth.c:194
194             KASSERT(cred->cr_refcnt > 0);
(gdb) print *cred
$1 = {cr_refcnt = 0,
cr_pad = "\000\000\000\000\000|X\000\200|X\000\200", '\0' <repeats 39 times>, cr_uid = 0, cr_euid = 0, cr_svuid = 0, cr_gid = 0, cr_egid = 0,
  cr_svgid = 0, cr_ngroups = 1, cr_groups = {0,
4294967295 <repeats 15 times>}, cr_sd = {specdataref_container = 0x0,
  specdataref_lock = {u = {mtxa_owner = 18446744073709551600}}}}


While the crash was not easily reproducible, it did happen a couple more times over the next few days.

Elad suggested the following patch to remove the explicit call to kauth_cred_free() since it gets called later by closef() which results in the failed assertion.


Index: uipc_syscalls.c
===================================================================
RCS file: /cvsroot/src/sys/kern/uipc_syscalls.c,v
retrieving revision 1.139
diff -u -p -r1.139 uipc_syscalls.c
--- uipc_syscalls.c     29 Dec 2009 04:23:43 -0000      1.139
+++ uipc_syscalls.c     9 Jan 2010 22:31:25 -0000
@@ -233,7 +233,6 @@ do_sys_accept(struct lwp *l, int sock, s
        sounlock(so);
        if (error) {
                /* an error occurred, free the file descriptor and mbuf */
-               kauth_cred_free(so2->so_cred);
                m_freem(nam);
                mutex_enter(&fp2->f_lock);
                fp2->f_count++;
quicky:kern {309}


It has now been 4 days since implementing this patch, and the machine has not crashed in that time.

It's way out of my area of expertise, but perhaps someone more familiar with this part of the kernel might see fit to commit this change?


-------------------------------------------------------------------------
|   Paul Goyette   | PGP DSS Key fingerprint: |  E-mail addresses:      |
| Customer Service | FA29 0E3B 35AF E8AE 6651 |  paul at whooppee.com   |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at juniper.net |
| Kernel Developer |                          | pgoyette at netbsd.org  |
-------------------------------------------------------------------------


Home | Main Index | Thread Index | Old Index