NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/40570: portalfs + puffs = panic



>Number:         40570
>Category:       kern
>Synopsis:       portalfs + puffs = panic
>Confidential:   no
>Severity:       critical
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Feb 07 04:25:00 +0000 2009
>Originator:     David A. Holland
>Release:        NetBSD 5.99.7
>Organization:
>Environment:
System: NetBSD malfoy 5.99.7 NetBSD 5.99.7 (MALFOY) #15: Mon Jan 12 15:44:34 
EST 2009 root@malfoy:/usr/src/sys/arch/i386/compile/MALFOY i386
Architecture: i386
Machine: i386
>Description:

portalfs+puffs dies a horrible death. By request of pooka@:

# mount_puffsportal /usr/share/examples/mount_portal/tcp.1.conf /mnt
# cat /mnt/tcp/localhost/daytime
uvm_fault(0xcb00db64, 0xb9dc2000, 1) -> 0xe
fatal page fault in supervisor mode
trap type 6 code 0 eip c01d7153 cs 8 eflags 10282 cr2 b9dc2ed8 ilevel 4
kernel: supervisor trap page fault, code=0
Stopped in pid 585.1 (mount_puffsporta) at     netbsd:fd_putfile+0x33: movl 
0(%eax),%esi
db{0}> bt
fd_putfile(bbbcaf78,caf9cbc0,4,0,c039055c,cb010280,4,cae97000,c08b9b00,0) at 
netbsd:fd_putfile+0x33
unp_internalize(cb07bb84,bbabfe30,c0940d38,4,cb00db64,cae96008,c0940d3c,caf9cbc0,0,0)
 at netbsd:unp_internalize+0x10e
uipc_usrreq(c0980a1c,9,c0940d00,0,c08b9b00,cb010280,c08b9b00,8b9b00,c0980a74,10)
 at netbsd:uipc_usrreq+0x2c7
sosend(c0980a1c,0,cb08bc58,c0940d00,c08b9b00,0,cb010280,1,0,cb07bc18) at 
netbsd:sosend+0x403
do_sys_sendmsg(cb010280,6,cb07bcb8,0,cb07bd28,cb00db64,cb07bd3c,c02e2b30,0,0) 
at netbsd:do_sys_sendmsg+0x2fb
sys_sendmsg(cb010280,cb07bd00,cb07bd28,bbbe7b1c,bbbe7000,cb00db64,1,6,bbabfdfc,0)
 at netbsd:sys_sendmsg+0x58
syscall(cb07bd48,bb9000b3, blah blah blah) at netbsd:syscall+0xc8

Usual caveats about hand-typed traces apply.

I also question the trace, because fd_putfile takes one argument
that's supposed to be a file handle number. Although if someone's
really passing 0xbbbcaf78 as a file handle, it would explain the crash...

>How-To-Repeat:

as above

>Fix:


Home | Main Index | Thread Index | Old Index