Date: Sun, 27 Jun 2010 08:19:17 -0700 From: Randall Stewart <rrs@lakerest.net> To: Michael Tuexen <tuexen@freebsd.org> Cc: rrs@freebsd.org, netch@netch.kiev.ua, net@freebsd.org Subject: Re: SCTP panic with sctp_send() Message-ID: <C83C129D-1C81-40D0-BB0A-57F7C0F60632@lakerest.net> In-Reply-To: <1A9143A2-28A7-447A-AF65-A22CC49C6034@freebsd.org> References: <20100626130013.GA1502@netch.kiev.ua> <1A9143A2-28A7-447A-AF65-A22CC49C6034@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Michael: You are to fast for me... of course I need to check multiple email bins on something like this.. and I need my coffee this AM ;-) R On Jun 26, 2010, at 12:30 PM, Michael Tuexen wrote: > On Jun 26, 2010, at 3:00 PM, Valentin Nechayev wrote: > >> Hi, >> >> FreeBSD 7.3-RELEASE i386 >> >> Fatal trap 12: page fault while in kernel mode >> fault virtual address = 0x0 >> fault code = supervisor read, page not present >> instruction pointer = 0x20:0xc05955ca >> stack pointer = 0x28:0xe783bb94 >> frame pointer = 0x28:0xe783bc80 >> code segment = base 0x0, limit 0xfffff, type 0x1b >> = DPL 0, pres 1, def32 1, gran 1 >> processor eflags = interrupt enabled, resume, IOPL = 0 >> current process = 7751 (spc) >> trap number = 12 >> panic: page fault >> Uptime: 20d6h25m18s >> Physical memory: 1910 MB >> Dumping 265 MB: 250 234 218 202 186 170 154 138 122 106 90 74 58 42 >> 26 10 >> >> (kgdb) bt >> #0 doadump () at pcpu.h:196 >> #1 0xc053a730 in boot (howto=260) at /usr/BSD/src/sys/kern/ >> kern_shutdown.c:418 >> #2 0xc053a931 in panic (fmt=Variable "fmt" is not available. >> ) at /usr/BSD/src/sys/kern/kern_shutdown.c:574 >> #3 0xc0762e4c in trap_fatal (frame=0xe783bb54, eva=0) >> at /usr/BSD/src/sys/i386/i386/trap.c:950 >> #4 0xc07630b0 in trap_pfault (frame=0xe783bb54, usermode=0, eva=0) >> at /usr/BSD/src/sys/i386/i386/trap.c:863 >> #5 0xc0763a92 in trap (frame=0xe783bb54) >> at /usr/BSD/src/sys/i386/i386/trap.c:541 >> #6 0xc074f81b in calltrap () at /usr/BSD/src/sys/i386/i386/ >> exception.s:166 >> #7 0xc05955ca in sctp_generic_sendmsg (td=0xcafb7d80, >> uap=0xe783bcfc) >> at /usr/BSD/src/sys/kern/uipc_syscalls.c:2386 >> #8 0xc0763405 in syscall (frame=0xe783bd38) >> at /usr/BSD/src/sys/i386/i386/trap.c:1101 >> #9 0xc074f880 in Xint0x80_syscall () >> at /usr/BSD/src/sys/i386/i386/exception.s:262 >> #10 0x00000033 in ?? () >> Previous frame inner to this frame (corrupt stack?) >> >> (kgdb) f 7 >> #7 0xc05955ca in sctp_generic_sendmsg (td=0xcafb7d80, >> uap=0xe783bcfc) >> at /usr/BSD/src/sys/kern/uipc_syscalls.c:2386 >> 2386 ktrsockaddr(to); >> (kgdb) p to >> $1 = (struct sockaddr *) 0x0 >> (kgdb) l >> 2381 error = getsock(td->td_proc->p_fd, uap->sd, &fp, >> NULL); >> 2382 if (error) >> 2383 goto sctp_bad; >> 2384 #ifdef KTRACE >> 2385 if (KTRPOINT(td, KTR_STRUCT)) >> 2386 ktrsockaddr(to); >> 2387 #endif >> 2388 >> 2389 iov[0].iov_base = uap->msg; >> 2390 iov[0].iov_len = uap->mlen; >> >> As seen from code, if uap->tolen is zero, `to' isn't initialized >> and remains >> NULL. This error is identical to -CURRENT. > Thanks for reporting it. It is fixed in r209540 for current. > > Best regards > Michael >> >> Seems this zero originates from libc code for sctp_send(): >> >> === >> #ifdef SYS_sctp_generic_sendmsg >> struct sockaddr *to = NULL; >> >> return (syscall(SYS_sctp_generic_sendmsg, sd, >> data, len, to, 0, sinfo, flags)); >> #else >> === >> >> why after `to'? >> >> >> -netch- >> > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > ------------------------------ Randall Stewart 803-317-4952 (cell)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C83C129D-1C81-40D0-BB0A-57F7C0F60632>