[no subject]

[Paul Goyette <paul%whooppee.com@localhost>]

Last week I wrote about a crash I'd had on my amd64 5.99.23 system:

> Overnight, while my machine was idle, I experienced the following 
> crash.
>
> At first blush I might suspect something related to the recent changes 
> WRT socket credentials?
>
> I have the complete 8GB core dump. This was from sources updated via 
> anonCVS on 2010-01-02 at 19:28:14 UTC.
>
> Any clues?
>
> (gdb) target kvm netbsd.4.core
> #0  0xffffffff801fca58 in cpu_reboot (howto=260, bootstr=<value 
> optimized out>)
>     at /build/netbsd-local/src/sys/arch/amd64/amd64/machdep.c:682
> 682                     dumpsys();
> (gdb) bt
> #0  0xffffffff801fca58 in cpu_reboot (howto=260, bootstr=<value 
> optimized out>)
>     at /build/netbsd-local/src/sys/arch/amd64/amd64/machdep.c:682
> #1  0xffffffff80261c44 in panic (
>     fmt=0xffffffff803ad990 <Address 0xffffffff803ad990 out of bounds>)
>     at /build/netbsd-local/src/sys/kern/subr_prf.c:299
> #2  0xffffffff80341275 in __kernassert (t=0x0, f=0x0, l=0, e=0x0)
>     at /build/netbsd-local/src/sys/lib/libkern/__assert.c:50
> #3  0xffffffff801c469d in kauth_cred_free (cred=0xffff8000587cacc0)
>     at /build/netbsd-local/src/sys/kern/kern_auth.c:194
> <snip>
> (gdb) fr 3
> #3  0xffffffff801c469d in kauth_cred_free (cred=0xffff8000587cacc0)
>     at /build/netbsd-local/src/sys/kern/kern_auth.c:194
> 194             KASSERT(cred->cr_refcnt > 0);
> (gdb) print *cred
> $1 = {cr_refcnt = 0,
> cr_pad = "\000\000\000\000\000|X\000\200|X\000\200", '\0' <repeats 39 
> times>, cr_uid = 0, cr_euid = 0, cr_svuid = 0, cr_gid = 0, cr_egid = 0,
>   cr_svgid = 0, cr_ngroups = 1, cr_groups = {0,
> 4294967295 <repeats 15 times>}, cr_sd = {specdataref_container = 0x0,
>   specdataref_lock = {u = {mtxa_owner = 18446744073709551600}}}}


While the crash was not easily reproducible, it did happen a couple more 
times over the next few days.

Elad suggested the following patch to remove the explicit call to 
kauth_cred_free() since it gets called later by closef() which results 
in the failed assertion.


Index: uipc_syscalls.c
===================================================================
RCS file: /cvsroot/src/sys/kern/uipc_syscalls.c,v
retrieving revision 1.139
diff -u -p -r1.139 uipc_syscalls.c
--- uipc_syscalls.c     29 Dec 2009 04:23:43 -0000      1.139
+++ uipc_syscalls.c     9 Jan 2010 22:31:25 -0000
@@ -233,7 +233,6 @@ do_sys_accept(struct lwp *l, int sock, s
        sounlock(so);
        if (error) {
                /* an error occurred, free the file descriptor and mbuf 
*/
-               kauth_cred_free(so2->so_cred);
                m_freem(nam);
                mutex_enter(&fp2->f_lock);
                fp2->f_count++;
quicky:kern {309}


It has now been 4 days since implementing this patch, and the machine 
has not crashed in that time.

It's way out of my area of expertise, but perhaps someone more familiar 
with this part of the kernel might see fit to commit this change?


-------------------------------------------------------------------------
|   Paul Goyette   | PGP DSS Key fingerprint: |  E-mail addresses:      |
| Customer Service | FA29 0E3B 35AF E8AE 6651 |  paul at whooppee.com   |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at juniper.net |
| Kernel Developer |                          | pgoyette at netbsd.org  |
-------------------------------------------------------------------------