netbsd-bugs: kern/37145: NULL dereference on nfs reconnect

Subject: kern/37145: NULL dereference on nfs reconnect
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <yamt@mwd.biglobe.ne.jp>
List: netbsd-bugs
Date: 10/18/2007 09:40:00
>Number:         37145
>Category:       kern
>Synopsis:       NULL dereference on nfs reconnect
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Oct 18 09:40:00 +0000 2007
>Originator:     YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
>Release:        NetBSD 4.99.33
>Organization:
	
>Environment:
NetBSD 4.99.33 amd64
>Description:

uvm_fault(0xffff80004796e5f0, 0x0, 1) -> e
kernel: page fault trap, code=0
Stopped in pid 7323.1 (gdb) at  netbsd:socreate+0x33:   movq    0x278(%r8),%rdi
db{0}> t
socreate() at netbsd:socreate+0x33
nfs_connect() at netbsd:nfs_connect+0x4f
nfs_reconnect() at netbsd:nfs_reconnect+0x55
nfs_receive() at netbsd:nfs_receive+0x2d2
nfs_reply() at netbsd:nfs_reply+0x6b
nfs_request() at netbsd:nfs_request+0x316
nfs_removerpc() at netbsd:nfs_removerpc+0x4c9
nfs_inactive() at netbsd:nfs_inactive+0xde
VOP_INACTIVE() at netbsd:VOP_INACTIVE+0x26
vn_close() at netbsd:vn_close+0x64
closef() at netbsd:closef+0xb8
fdfree() at netbsd:fdfree+0x92
exit1() at netbsd:exit1+0x1a5
sys_exit() at netbsd:sys_exit+0x5b
syscall_plain() at netbsd:syscall_plain+0x1cb
uvm_fault(0xffff80004796e5f0, 0x0, 1) -> e
kernel: page fault trap, code=0
Faulted in DDB; continuing...
db{0}> show reg
ds          0
es          0xde68
fs          0xfc78
gs          0xfc78
rdi         0x2
rsi         0xffff800002ea7850
rbp         0xffff8000477bd840
rbx         0xffff800002ea7800
rdx         0x1
rcx         0x2
rax         0
r8          0
r9          0
r10         0x4
r11         0x4
r12         0
r13         0x2
r14         0xffff800002de5838
r15         0xffff8000477bd9a0
rip         0xffffffff80411553  socreate+0x33
cs          0x8
rflags      0x10286
rsp         0xffff8000477bd800
ss          0x10
netbsd:socreate+0x33:   movq    0x278(%r8),%rdi
db{0}> x/i socreate,16
netbsd:socreate:        pushq   %rbp
netbsd:socreate+0x1:    movslq  %ecx,%rax
netbsd:socreate+0x4:    movq    %rax,%r9
netbsd:socreate+0x7:    movq    %rsp,%rbp
netbsd:socreate+0xa:    subq    $0x40,%rsp
netbsd:socreate+0xe:    movq    %rbx,0xffffffffffffffd8(%rbp)
netbsd:socreate+0x12:   movq    %r12,0xffffffffffffffe0(%rbp)
netbsd:socreate+0x16:   movl    %ecx,%r12d
netbsd:socreate+0x19:   movq    %r13,0xffffffffffffffe8(%rbp)
netbsd:socreate+0x1d:   movq    %r14,0xfffffffffffffff0(%rbp)
netbsd:socreate+0x21:   movslq  %edi,%rcx
netbsd:socreate+0x24:   movq    %r15,0xfffffffffffffff8(%rbp)
netbsd:socreate+0x28:   movq    %rsi,0xffffffffffffffd0(%rbp)
netbsd:socreate+0x2c:   movl    %edi,%r13d
netbsd:socreate+0x2f:   movq    %rax,0xffffffffffffffc8(%rbp)
netbsd:socreate+0x33:   movq    0x278(%r8),%rdi
netbsd:socreate+0x3a:   movl    %edx,%r14d
netbsd:socreate+0x3d:   movq    %r8,%r15
netbsd:socreate+0x40:   movl    $0x7,%esi
netbsd:socreate+0x45:   movslq  %edx,%r8
netbsd:socreate+0x48:   movl    $0x15,%edx
netbsd:socreate+0x4d:   call    netbsd:kauth_authorize_network
db{0}>

>How-To-Repeat:
	
>Fix:
	

>Unformatted: