From owner-freebsd-net@FreeBSD.ORG  Sun Jun 27 16:12:01 2010
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C8EBB1065673;
	Sun, 27 Jun 2010 16:12:01 +0000 (UTC)
	(envelope-from tuexen@freebsd.org)
Received: from mail-n.franken.de (drew.ipv6.franken.de
	[IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa])
	by mx1.freebsd.org (Postfix) with ESMTP id 16B598FC17;
	Sun, 27 Jun 2010 16:12:01 +0000 (UTC)
Received: from [192.168.1.190] (p508FC348.dip.t-dialin.net [80.143.195.72])
	by mail-n.franken.de (Postfix) with ESMTP id D80031C0B463D;
	Sun, 27 Jun 2010 18:11:57 +0200 (CEST)
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset=us-ascii
From: Michael Tuexen <tuexen@freebsd.org>
In-Reply-To: <C83C129D-1C81-40D0-BB0A-57F7C0F60632@lakerest.net>
Date: Sun, 27 Jun 2010 18:13:08 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <B68E6FE2-CDAD-4C1F-BC15-02D6BE58CDDC@freebsd.org>
References: <20100626130013.GA1502@netch.kiev.ua>
	<1A9143A2-28A7-447A-AF65-A22CC49C6034@freebsd.org>
	<C83C129D-1C81-40D0-BB0A-57F7C0F60632@lakerest.net>
To: Randall Stewart <rrs@lakerest.net>
X-Mailer: Apple Mail (2.1081)
Cc: rrs@freebsd.org, netch@netch.kiev.ua, net@freebsd.org
Subject: Re: SCTP panic with sctp_send()
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Jun 2010 16:12:02 -0000

On Jun 27, 2010, at 5:19 PM, Randall Stewart wrote:

> Michael:
>=20
> You are to fast for me... of course I need to check multiple email
> bins on something like this.. and I need my coffee this AM ;-)
I'll try to MFC the change to stable/8 and releng/8.1. I'll also
see if it can go into stable/7

Best regards
Michael
>=20
> R
> On Jun 26, 2010, at 12:30 PM, Michael Tuexen wrote:
>=20
>> On Jun 26, 2010, at 3:00 PM, Valentin Nechayev wrote:
>>=20
>>> Hi,
>>>=20
>>> FreeBSD 7.3-RELEASE i386
>>>=20
>>> Fatal trap 12: page fault while in kernel mode
>>> fault virtual address   =3D 0x0
>>> fault code              =3D supervisor read, page not present
>>> instruction pointer     =3D 0x20:0xc05955ca
>>> stack pointer           =3D 0x28:0xe783bb94
>>> frame pointer           =3D 0x28:0xe783bc80
>>> code segment            =3D base 0x0, limit 0xfffff, type 0x1b
>>>                      =3D DPL 0, pres 1, def32 1, gran 1
>>> processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
>>> current process         =3D 7751 (spc)
>>> trap number             =3D 12
>>> panic: page fault
>>> Uptime: 20d6h25m18s
>>> Physical memory: 1910 MB
>>> Dumping 265 MB: 250 234 218 202 186 170 154 138 122 106 90 74 58 42 =
26 10
>>>=20
>>> (kgdb) bt
>>> #0  doadump () at pcpu.h:196
>>> #1  0xc053a730 in boot (howto=3D260) at =
/usr/BSD/src/sys/kern/kern_shutdown.c:418
>>> #2  0xc053a931 in panic (fmt=3DVariable "fmt" is not available.
>>> ) at /usr/BSD/src/sys/kern/kern_shutdown.c:574
>>> #3  0xc0762e4c in trap_fatal (frame=3D0xe783bb54, eva=3D0)
>>>  at /usr/BSD/src/sys/i386/i386/trap.c:950
>>> #4  0xc07630b0 in trap_pfault (frame=3D0xe783bb54, usermode=3D0, =
eva=3D0)
>>>  at /usr/BSD/src/sys/i386/i386/trap.c:863
>>> #5  0xc0763a92 in trap (frame=3D0xe783bb54)
>>>  at /usr/BSD/src/sys/i386/i386/trap.c:541
>>> #6  0xc074f81b in calltrap () at =
/usr/BSD/src/sys/i386/i386/exception.s:166
>>> #7  0xc05955ca in sctp_generic_sendmsg (td=3D0xcafb7d80, =
uap=3D0xe783bcfc)
>>>  at /usr/BSD/src/sys/kern/uipc_syscalls.c:2386
>>> #8  0xc0763405 in syscall (frame=3D0xe783bd38)
>>>  at /usr/BSD/src/sys/i386/i386/trap.c:1101
>>> #9  0xc074f880 in Xint0x80_syscall ()
>>>  at /usr/BSD/src/sys/i386/i386/exception.s:262
>>> #10 0x00000033 in ?? ()
>>> Previous frame inner to this frame (corrupt stack?)
>>>=20
>>> (kgdb) f 7
>>> #7  0xc05955ca in sctp_generic_sendmsg (td=3D0xcafb7d80, =
uap=3D0xe783bcfc)
>>>  at /usr/BSD/src/sys/kern/uipc_syscalls.c:2386
>>> 2386                    ktrsockaddr(to);
>>> (kgdb) p to
>>> $1 =3D (struct sockaddr *) 0x0
>>> (kgdb) l
>>> 2381            error =3D getsock(td->td_proc->p_fd, uap->sd, &fp, =
NULL);
>>> 2382            if (error)
>>> 2383                    goto sctp_bad;
>>> 2384    #ifdef KTRACE
>>> 2385            if (KTRPOINT(td, KTR_STRUCT))
>>> 2386                    ktrsockaddr(to);
>>> 2387    #endif
>>> 2388
>>> 2389            iov[0].iov_base =3D uap->msg;
>>> 2390            iov[0].iov_len =3D uap->mlen;
>>>=20
>>> As seen from code, if uap->tolen is zero, `to' isn't initialized and =
remains
>>> NULL. This error is identical to -CURRENT.
>> Thanks for reporting it. It is fixed in r209540 for current.
>>=20
>> Best regards
>> Michael
>>>=20
>>> Seems this zero originates from libc code for sctp_send():
>>>=20
>>> =3D=3D=3D
>>> #ifdef SYS_sctp_generic_sendmsg
>>>      struct sockaddr *to =3D NULL;
>>>=20
>>>      return (syscall(SYS_sctp_generic_sendmsg, sd,
>>>          data, len, to, 0, sinfo, flags));
>>> #else
>>> =3D=3D=3D
>>>=20
>>> why after `to'?
>>>=20
>>>=20
>>> -netch-
>>>=20
>>=20
>> _______________________________________________
>> freebsd-net@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to =
"freebsd-net-unsubscribe@freebsd.org"
>>=20
>=20
> ------------------------------
> Randall Stewart
> 803-317-4952 (cell)
>=20
>=20