karl@ddsw1.MCS.COM (Karl Denninger) (04/10/91)
Is anyone else having problems with a "namei" panic in ISC 2.2 (with NFS, the NFS/lockd patches, and POSIX patches applied)? I have been getting these nearly daily. Trap type "E", address is d007962f. That's right near the end of "namei"; here's the relavent line from a "nm" on the kernel: namei |0xd007919c|extern| *struct( )|0x0608| |.text Needless to say, I am most displeased with the crashes! Near as I can determine, the hardware is fine. All pointers or ideas appreciated... -- Karl Denninger (karl@ddsw1.MCS.COM, <well-connected>!ddsw1!karl) Public Access Data Line: [+1 708 808-7300], Voice: [+1 708 808-7200] Anon. arch. (nuucp) 00:00-06:00 C[SD]T, req: /u/public/sources/DIRECTORY/README
rodney@tyrell.stgt.sub.org (Rodney Volz) (04/12/91)
In article <1991Apr10.040146.645@ddsw1.MCS.COM> karl@ddsw1.MCS.COM (Karl Denninger) writes: >I have been getting these nearly daily. Trap type "E", address is d007962f. >That's right near the end of "namei"; here's the relavent line from a "nm" >on the kernel: Function syslog() in /usr/lib/libinet.a seems to be buggy. Don't use it or patch it. -Rodney -- Rodney Volz - 7000 Stuttgart 1 - FRG ============> ...uunet!mcsun!unido!gtc!aragon!tyrell!rodney <============= rodney@tyrell.gtc.de * rodney@delos.stgt.sub.org * rodney@mcshh.hanse.de \_____________ May your children and mine live in peace. ______________/
gemini@geminix.in-berlin.de (Uwe Doering) (04/13/91)
karl@ddsw1.MCS.COM (Karl Denninger) writes: >Is anyone else having problems with a "namei" panic in ISC 2.2 (with NFS, >the NFS/lockd patches, and POSIX patches applied)? > >I have been getting these nearly daily. Trap type "E", address is d007962f. >That's right near the end of "namei"; here's the relavent line from a "nm" >on the kernel: > >namei |0xd007919c|extern| *struct( )|0x0608| |.text > >Needless to say, I am most displeased with the crashes! > >Near as I can determine, the hardware is fine. > >All pointers or ideas appreciated... I found this bug a few days ago and was about to send a bug report to ISC. The problem is "simply" a NULL pointer reference in the namei() function. The machine I found this on runs ISC 2.21 with the security fix installed. I fixed this bug with a binary patch. It is for the module /etc/conf/pack.d/kernel/os.o. I disassembled the original and then the fixed version of os.o and ran a context diff over the output. Depending on what version of the kernel config kit you have the addresses might be off some bytes. You can apply this patch with every binary file editor. *************** *** 35349,35364 **** [%al,%al] cf71: 74 1e je 0x1e <cf91> [0xcf91] ! cf73: 0f b7 07 movzwl (%edi),%eax [%edi,%eax] ! cf76: 3d 11 00 00 00 cmpl $0x11,%eax [$0x11,%eax] ! cf7b: 74 14 je 0x14 <cf91> [0xcf91] ! cf7d: c7 45 e8 00 00 00 00 movl $0x0,0xe8(%ebp) ! [$0x0,-24+%ebp] ! cf84: eb 19 jmp 0x19 <cf9f> ! [0xcf9f] cf86: 90 nop [] cf87: 90 nop --- 35349,35372 ---- [%al,%al] cf71: 74 1e je 0x1e <cf91> [0xcf91] ! cf73: 85 ff testl %edi,%edi ! [%edi,%edi] ! cf75: 74 1a je 0x1a <cf91> ! [0xcf91] ! cf77: 0f b7 07 movzwl (%edi),%eax [%edi,%eax] ! cf7a: 3d 11 00 00 00 cmpl $0x11,%eax [$0x11,%eax] ! cf7f: 74 10 je 0x10 <cf91> [0xcf91] ! cf81: eb 15 jmp 0x15 <cf98> ! [0xcf98] ! cf83: 90 nop ! [] ! cf84: 90 nop ! [] ! cf85: 90 nop ! [] cf86: 90 nop [] cf87: 90 nop I'm not absolutely sure whether the action that is now taken in case of a NULL pointer is the right one, but I haven't noticed any problems, and most important, there are no more kernel panics! At least not from that spot. :-) The action that is taken if the pointer in _not_ NULL hasn't changed (this is not very obvious from the patch, but look in the disassembler listing of your own kernel for more details). I use this modified kernel for over a week now and it works for me. Of course, as always, I can't give you any guaranty that this patch does something useful on your machine. :-) Hope this helps you. Uwe PS: ISC, if you see this posting, could you drop me a note on whether you have put this on your to-do list? This would save me the time needed to file an official bug report. -- Uwe Doering | INET : gemini@geminix.in-berlin.de Berlin |---------------------------------------------------------------- Germany | UUCP : ...!unido!fub!geminix.in-berlin.de!gemini