SCTP panic with sctp_send()
Michael Tuexen
tuexen at freebsd.org
Sun Jun 27 16:12:02 UTC 2010
On Jun 27, 2010, at 5:19 PM, Randall Stewart wrote:
> Michael:
>
> You are to fast for me... of course I need to check multiple email
> bins on something like this.. and I need my coffee this AM ;-)
I'll try to MFC the change to stable/8 and releng/8.1. I'll also
see if it can go into stable/7
Best regards
Michael
>
> R
> On Jun 26, 2010, at 12:30 PM, Michael Tuexen wrote:
>
>> On Jun 26, 2010, at 3:00 PM, Valentin Nechayev wrote:
>>
>>> Hi,
>>>
>>> FreeBSD 7.3-RELEASE i386
>>>
>>> Fatal trap 12: page fault while in kernel mode
>>> fault virtual address = 0x0
>>> fault code = supervisor read, page not present
>>> instruction pointer = 0x20:0xc05955ca
>>> stack pointer = 0x28:0xe783bb94
>>> frame pointer = 0x28:0xe783bc80
>>> code segment = base 0x0, limit 0xfffff, type 0x1b
>>> = DPL 0, pres 1, def32 1, gran 1
>>> processor eflags = interrupt enabled, resume, IOPL = 0
>>> current process = 7751 (spc)
>>> trap number = 12
>>> panic: page fault
>>> Uptime: 20d6h25m18s
>>> Physical memory: 1910 MB
>>> Dumping 265 MB: 250 234 218 202 186 170 154 138 122 106 90 74 58 42 26 10
>>>
>>> (kgdb) bt
>>> #0 doadump () at pcpu.h:196
>>> #1 0xc053a730 in boot (howto=260) at /usr/BSD/src/sys/kern/kern_shutdown.c:418
>>> #2 0xc053a931 in panic (fmt=Variable "fmt" is not available.
>>> ) at /usr/BSD/src/sys/kern/kern_shutdown.c:574
>>> #3 0xc0762e4c in trap_fatal (frame=0xe783bb54, eva=0)
>>> at /usr/BSD/src/sys/i386/i386/trap.c:950
>>> #4 0xc07630b0 in trap_pfault (frame=0xe783bb54, usermode=0, eva=0)
>>> at /usr/BSD/src/sys/i386/i386/trap.c:863
>>> #5 0xc0763a92 in trap (frame=0xe783bb54)
>>> at /usr/BSD/src/sys/i386/i386/trap.c:541
>>> #6 0xc074f81b in calltrap () at /usr/BSD/src/sys/i386/i386/exception.s:166
>>> #7 0xc05955ca in sctp_generic_sendmsg (td=0xcafb7d80, uap=0xe783bcfc)
>>> at /usr/BSD/src/sys/kern/uipc_syscalls.c:2386
>>> #8 0xc0763405 in syscall (frame=0xe783bd38)
>>> at /usr/BSD/src/sys/i386/i386/trap.c:1101
>>> #9 0xc074f880 in Xint0x80_syscall ()
>>> at /usr/BSD/src/sys/i386/i386/exception.s:262
>>> #10 0x00000033 in ?? ()
>>> Previous frame inner to this frame (corrupt stack?)
>>>
>>> (kgdb) f 7
>>> #7 0xc05955ca in sctp_generic_sendmsg (td=0xcafb7d80, uap=0xe783bcfc)
>>> at /usr/BSD/src/sys/kern/uipc_syscalls.c:2386
>>> 2386 ktrsockaddr(to);
>>> (kgdb) p to
>>> $1 = (struct sockaddr *) 0x0
>>> (kgdb) l
>>> 2381 error = getsock(td->td_proc->p_fd, uap->sd, &fp, NULL);
>>> 2382 if (error)
>>> 2383 goto sctp_bad;
>>> 2384 #ifdef KTRACE
>>> 2385 if (KTRPOINT(td, KTR_STRUCT))
>>> 2386 ktrsockaddr(to);
>>> 2387 #endif
>>> 2388
>>> 2389 iov[0].iov_base = uap->msg;
>>> 2390 iov[0].iov_len = uap->mlen;
>>>
>>> As seen from code, if uap->tolen is zero, `to' isn't initialized and remains
>>> NULL. This error is identical to -CURRENT.
>> Thanks for reporting it. It is fixed in r209540 for current.
>>
>> Best regards
>> Michael
>>>
>>> Seems this zero originates from libc code for sctp_send():
>>>
>>> ===
>>> #ifdef SYS_sctp_generic_sendmsg
>>> struct sockaddr *to = NULL;
>>>
>>> return (syscall(SYS_sctp_generic_sendmsg, sd,
>>> data, len, to, 0, sinfo, flags));
>>> #else
>>> ===
>>>
>>> why after `to'?
>>>
>>>
>>> -netch-
>>>
>>
>> _______________________________________________
>> freebsd-net at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>>
>
> ------------------------------
> Randall Stewart
> 803-317-4952 (cell)
>
>
More information about the freebsd-net
mailing list