SCTP panic with sctp_send()

Randall Stewart rrs at lakerest.net
Sun Jun 27 15:19:29 UTC 2010 

Michael:

You are to fast for me... of course I need to check multiple email
bins on something like this.. and I need my coffee this AM ;-)

R
On Jun 26, 2010, at 12:30 PM, Michael Tuexen wrote:

> On Jun 26, 2010, at 3:00 PM, Valentin Nechayev wrote:
>
>> Hi,
>>
>> FreeBSD 7.3-RELEASE i386
>>
>> Fatal trap 12: page fault while in kernel mode
>> fault virtual address   = 0x0
>> fault code              = supervisor read, page not present
>> instruction pointer     = 0x20:0xc05955ca
>> stack pointer           = 0x28:0xe783bb94
>> frame pointer           = 0x28:0xe783bc80
>> code segment            = base 0x0, limit 0xfffff, type 0x1b
>>                       = DPL 0, pres 1, def32 1, gran 1
>> processor eflags        = interrupt enabled, resume, IOPL = 0
>> current process         = 7751 (spc)
>> trap number             = 12
>> panic: page fault
>> Uptime: 20d6h25m18s
>> Physical memory: 1910 MB
>> Dumping 265 MB: 250 234 218 202 186 170 154 138 122 106 90 74 58 42  
>> 26 10
>>
>> (kgdb) bt
>> #0  doadump () at pcpu.h:196
>> #1  0xc053a730 in boot (howto=260) at /usr/BSD/src/sys/kern/ 
>> kern_shutdown.c:418
>> #2  0xc053a931 in panic (fmt=Variable "fmt" is not available.
>> ) at /usr/BSD/src/sys/kern/kern_shutdown.c:574
>> #3  0xc0762e4c in trap_fatal (frame=0xe783bb54, eva=0)
>>   at /usr/BSD/src/sys/i386/i386/trap.c:950
>> #4  0xc07630b0 in trap_pfault (frame=0xe783bb54, usermode=0, eva=0)
>>   at /usr/BSD/src/sys/i386/i386/trap.c:863
>> #5  0xc0763a92 in trap (frame=0xe783bb54)
>>   at /usr/BSD/src/sys/i386/i386/trap.c:541
>> #6  0xc074f81b in calltrap () at /usr/BSD/src/sys/i386/i386/ 
>> exception.s:166
>> #7  0xc05955ca in sctp_generic_sendmsg (td=0xcafb7d80,  
>> uap=0xe783bcfc)
>>   at /usr/BSD/src/sys/kern/uipc_syscalls.c:2386
>> #8  0xc0763405 in syscall (frame=0xe783bd38)
>>   at /usr/BSD/src/sys/i386/i386/trap.c:1101
>> #9  0xc074f880 in Xint0x80_syscall ()
>>   at /usr/BSD/src/sys/i386/i386/exception.s:262
>> #10 0x00000033 in ?? ()
>> Previous frame inner to this frame (corrupt stack?)
>>
>> (kgdb) f 7
>> #7  0xc05955ca in sctp_generic_sendmsg (td=0xcafb7d80,  
>> uap=0xe783bcfc)
>>   at /usr/BSD/src/sys/kern/uipc_syscalls.c:2386
>> 2386                    ktrsockaddr(to);
>> (kgdb) p to
>> $1 = (struct sockaddr *) 0x0
>> (kgdb) l
>> 2381            error = getsock(td->td_proc->p_fd, uap->sd, &fp,  
>> NULL);
>> 2382            if (error)
>> 2383                    goto sctp_bad;
>> 2384    #ifdef KTRACE
>> 2385            if (KTRPOINT(td, KTR_STRUCT))
>> 2386                    ktrsockaddr(to);
>> 2387    #endif
>> 2388
>> 2389            iov[0].iov_base = uap->msg;
>> 2390            iov[0].iov_len = uap->mlen;
>>
>> As seen from code, if uap->tolen is zero, `to' isn't initialized  
>> and remains
>> NULL. This error is identical to -CURRENT.
> Thanks for reporting it. It is fixed in r209540 for current.
>
> Best regards
> Michael
>>
>> Seems this zero originates from libc code for sctp_send():
>>
>> ===
>> #ifdef SYS_sctp_generic_sendmsg
>>       struct sockaddr *to = NULL;
>>
>>       return (syscall(SYS_sctp_generic_sendmsg, sd,
>>           data, len, to, 0, sinfo, flags));
>> #else
>> ===
>>
>> why after `to'?
>>
>>
>> -netch-
>>
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>

------------------------------
Randall Stewart
803-317-4952 (cell)

More information about the freebsd-net mailing list