From nobody@FreeBSD.org  Tue Aug  1 12:43:38 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A3CA916A4DA
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  1 Aug 2006 12:43:38 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3D8CD43D90
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  1 Aug 2006 12:43:18 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k71ChHa0024464
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 1 Aug 2006 12:43:17 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k71ChHj5024463;
	Tue, 1 Aug 2006 12:43:17 GMT
	(envelope-from nobody)
Message-Id: <200608011243.k71ChHj5024463@www.freebsd.org>
Date: Tue, 1 Aug 2006 12:43:17 GMT
From: Maik Ehinger <m.ehinger@ltur.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ncp kernel panic
X-Send-Pr-Version: www-2.3

>Number:         101168
>Category:       kern
>Synopsis:       [ncp] [patch] ncp kernel panic
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    gavin
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 01 12:50:14 GMT 2006
>Closed-Date:    Sat Aug 18 11:47:42 GMT 2007
>Last-Modified:  Sat Aug 18 11:47:42 GMT 2007
>Originator:     Maik Ehinger
>Release:        6.1-Stable
>Organization:
>Environment:
FreeBSD pcmcb3-104.mcbad.net 6.1-STABLE FreeBSD 6.1-STABLE #0: Tue Aug  1 11:33:31 CEST 2006     root@pcmcb3-104.mcbad.net:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
I get an kernel panic after entering the password for an ncp connection.
Using ncplogin or mount_nwfs makes no difference.

I try to connect to an Novell 6.5 Server with TCP only. Worked well with
FreeBSD 4.11


 Fatal trap 12: page fault while in kernel mode
 fault virtual address        = 0x0
 fault code           = supervisor write, page not present
 instruction pointer  = 0x20:0xc068a3fc
 stack pointer                = 0x28:0xdcebc8dc
 frame pointer                = 0x28:0xdcebc8e4
 code segment         = base 0x0, limit 0xfffff, type 0x1b
 = DPL 0, pres 1, def32 1, gran 1
 processor eflags     = interrupt enabled, resume, IOPL = 0
 current process              = 772 (ncplogin)
 trap number          = 12
 panic: page fault
 Uptime: 16m46s
 Dumping 494 MB (2 chunks)
 chunk 0: 1MB (159 pages) ... ok
 chunk 1: 495MB (126511 pages) 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63
 47 31 15 ... ok
 
 Dump complete
 Automatic reboot in 15 seconds - press a key on the console to abort
 Rebooting...


>How-To-Repeat:
Try to mount an NetWare volume using mount_nwfs.
>Fix:
Not really a fix only a panic workaround. It seems to work for me so
far without any recognized problems.

I also get some 

md_get_mem(461): Incomplete copy

messages without any known problem.



--- ncp_sock.c.orig              Fri Jan  7 02:45:49 2005
+++ ncp_sock.c           Thu Jul 20 14:12:45 2006
@@ -189,7 +189,12 @@
     struct thread *td = curthread;
     struct ucred *cred = NULL;
 
-    return so->so_proto->pr_usrreqs->pru_sopoll(so, events, cred, td);
+    if ( td->td_selq.tqh_last == NULL ) {
+          printf("ncp_poll: td->td_selq.tqh_last == NULL\n");
+        return 0;               
+    }
+
+   return so->so_proto->pr_usrreqs->pru_sopoll(so, events, cred, td);
 }
 
 int

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: gavin 
State-Changed-When: Wed Aug 15 18:48:17 UTC 2007 
State-Changed-Why:  
To submitter:  Are you able to test this with a more recent version of 
FreeBSD (ideally, 6.2-STABLE) and confirm if the problem still exists? 
If it does still fail, it would be useful if you could test with FreeBSD 
7.0-CURRENT to determine if the issue is fixed there. 


Responsible-Changed-From-To: freebsd-i386->gavin 
Responsible-Changed-By: gavin 
Responsible-Changed-When: Wed Aug 15 18:48:17 UTC 2007 
Responsible-Changed-Why:  
Take 

http://www.freebsd.org/cgi/query-pr.cgi?pr=101168 
State-Changed-From-To: feedback->closed 
State-Changed-By: gavin 
State-Changed-When: Sat Aug 18 11:46:35 UTC 2007 
State-Changed-Why:  
Submitter confirms that this seems to be fixed (tested with 6.2-Release-p7) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=101168 
>Unformatted:
