From owner-freebsd-net@FreeBSD.ORG Sat Jun 26 13:11:40 2010 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 686A4106566B for ; Sat, 26 Jun 2010 13:11:40 +0000 (UTC) (envelope-from netch@segfault.kiev.ua) Received: from segfault.kiev.ua (segfault.kiev.ua [193.193.193.4]) by mx1.freebsd.org (Postfix) with ESMTP id D05798FC1B for ; Sat, 26 Jun 2010 13:11:39 +0000 (UTC) Received: from segfault.kiev.ua (localhost.segfault.kiev.ua [127.0.0.1]) by segfault.kiev.ua (8.14.4/8.14.4/8.Who.Cares) with ESMTP id o5QD0ITw002154; Sat, 26 Jun 2010 16:00:18 +0300 (EEST) (envelope-from netch@segfault.kiev.ua) Received: (from netch@localhost) by segfault.kiev.ua (8.14.4/8.14.4/Submit) id o5QD0DWt002151; Sat, 26 Jun 2010 16:00:13 +0300 (EEST) (envelope-from netch) Date: Sat, 26 Jun 2010 16:00:13 +0300 From: Valentin Nechayev To: tuexen@freebsd.org, rrs@freebsd.org Message-ID: <20100626130013.GA1502@netch.kiev.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-42: On Cc: net@freebsd.org Subject: SCTP panic with sctp_send() X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: netch@netch.kiev.ua List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Jun 2010 13:11:40 -0000 Hi, FreeBSD 7.3-RELEASE i386 Fatal trap 12: page fault while in kernel mode fault virtual address = 0x0 fault code = supervisor read, page not present instruction pointer = 0x20:0xc05955ca stack pointer = 0x28:0xe783bb94 frame pointer = 0x28:0xe783bc80 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 7751 (spc) trap number = 12 panic: page fault Uptime: 20d6h25m18s Physical memory: 1910 MB Dumping 265 MB: 250 234 218 202 186 170 154 138 122 106 90 74 58 42 26 10 (kgdb) bt #0 doadump () at pcpu.h:196 #1 0xc053a730 in boot (howto=260) at /usr/BSD/src/sys/kern/kern_shutdown.c:418 #2 0xc053a931 in panic (fmt=Variable "fmt" is not available. ) at /usr/BSD/src/sys/kern/kern_shutdown.c:574 #3 0xc0762e4c in trap_fatal (frame=0xe783bb54, eva=0) at /usr/BSD/src/sys/i386/i386/trap.c:950 #4 0xc07630b0 in trap_pfault (frame=0xe783bb54, usermode=0, eva=0) at /usr/BSD/src/sys/i386/i386/trap.c:863 #5 0xc0763a92 in trap (frame=0xe783bb54) at /usr/BSD/src/sys/i386/i386/trap.c:541 #6 0xc074f81b in calltrap () at /usr/BSD/src/sys/i386/i386/exception.s:166 #7 0xc05955ca in sctp_generic_sendmsg (td=0xcafb7d80, uap=0xe783bcfc) at /usr/BSD/src/sys/kern/uipc_syscalls.c:2386 #8 0xc0763405 in syscall (frame=0xe783bd38) at /usr/BSD/src/sys/i386/i386/trap.c:1101 #9 0xc074f880 in Xint0x80_syscall () at /usr/BSD/src/sys/i386/i386/exception.s:262 #10 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) f 7 #7 0xc05955ca in sctp_generic_sendmsg (td=0xcafb7d80, uap=0xe783bcfc) at /usr/BSD/src/sys/kern/uipc_syscalls.c:2386 2386 ktrsockaddr(to); (kgdb) p to $1 = (struct sockaddr *) 0x0 (kgdb) l 2381 error = getsock(td->td_proc->p_fd, uap->sd, &fp, NULL); 2382 if (error) 2383 goto sctp_bad; 2384 #ifdef KTRACE 2385 if (KTRPOINT(td, KTR_STRUCT)) 2386 ktrsockaddr(to); 2387 #endif 2388 2389 iov[0].iov_base = uap->msg; 2390 iov[0].iov_len = uap->mlen; As seen from code, if uap->tolen is zero, `to' isn't initialized and remains NULL. This error is identical to -CURRENT. Seems this zero originates from libc code for sctp_send(): === #ifdef SYS_sctp_generic_sendmsg struct sockaddr *to = NULL; return (syscall(SYS_sctp_generic_sendmsg, sd, data, len, to, 0, sinfo, flags)); #else === why after `to'? -netch-