Date: Sat, 26 Jun 2010 21:30:12 +0200 From: Michael Tuexen <tuexen@freebsd.org> To: netch@netch.kiev.ua Cc: rrs@freebsd.org, net@freebsd.org Subject: Re: SCTP panic with sctp_send() Message-ID: <1A9143A2-28A7-447A-AF65-A22CC49C6034@freebsd.org> In-Reply-To: <20100626130013.GA1502@netch.kiev.ua> References: <20100626130013.GA1502@netch.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 26, 2010, at 3:00 PM, Valentin Nechayev wrote: > Hi, >=20 > FreeBSD 7.3-RELEASE i386 >=20 > Fatal trap 12: page fault while in kernel mode > fault virtual address =3D 0x0 > fault code =3D supervisor read, page not present > instruction pointer =3D 0x20:0xc05955ca > stack pointer =3D 0x28:0xe783bb94 > frame pointer =3D 0x28:0xe783bc80 > code segment =3D base 0x0, limit 0xfffff, type 0x1b > =3D DPL 0, pres 1, def32 1, gran 1 > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > current process =3D 7751 (spc) > trap number =3D 12 > panic: page fault > Uptime: 20d6h25m18s > Physical memory: 1910 MB > Dumping 265 MB: 250 234 218 202 186 170 154 138 122 106 90 74 58 42 26 = 10 >=20 > (kgdb) bt > #0 doadump () at pcpu.h:196 > #1 0xc053a730 in boot (howto=3D260) at = /usr/BSD/src/sys/kern/kern_shutdown.c:418 > #2 0xc053a931 in panic (fmt=3DVariable "fmt" is not available. > ) at /usr/BSD/src/sys/kern/kern_shutdown.c:574 > #3 0xc0762e4c in trap_fatal (frame=3D0xe783bb54, eva=3D0) > at /usr/BSD/src/sys/i386/i386/trap.c:950 > #4 0xc07630b0 in trap_pfault (frame=3D0xe783bb54, usermode=3D0, = eva=3D0) > at /usr/BSD/src/sys/i386/i386/trap.c:863 > #5 0xc0763a92 in trap (frame=3D0xe783bb54) > at /usr/BSD/src/sys/i386/i386/trap.c:541 > #6 0xc074f81b in calltrap () at = /usr/BSD/src/sys/i386/i386/exception.s:166 > #7 0xc05955ca in sctp_generic_sendmsg (td=3D0xcafb7d80, = uap=3D0xe783bcfc) > at /usr/BSD/src/sys/kern/uipc_syscalls.c:2386 > #8 0xc0763405 in syscall (frame=3D0xe783bd38) > at /usr/BSD/src/sys/i386/i386/trap.c:1101 > #9 0xc074f880 in Xint0x80_syscall () > at /usr/BSD/src/sys/i386/i386/exception.s:262 > #10 0x00000033 in ?? () > Previous frame inner to this frame (corrupt stack?) >=20 > (kgdb) f 7 > #7 0xc05955ca in sctp_generic_sendmsg (td=3D0xcafb7d80, = uap=3D0xe783bcfc) > at /usr/BSD/src/sys/kern/uipc_syscalls.c:2386 > 2386 ktrsockaddr(to); > (kgdb) p to > $1 =3D (struct sockaddr *) 0x0 > (kgdb) l > 2381 error =3D getsock(td->td_proc->p_fd, uap->sd, &fp, = NULL); > 2382 if (error) > 2383 goto sctp_bad; > 2384 #ifdef KTRACE > 2385 if (KTRPOINT(td, KTR_STRUCT)) > 2386 ktrsockaddr(to); > 2387 #endif > 2388 > 2389 iov[0].iov_base =3D uap->msg; > 2390 iov[0].iov_len =3D uap->mlen; >=20 > As seen from code, if uap->tolen is zero, `to' isn't initialized and = remains > NULL. This error is identical to -CURRENT. Thanks for reporting it. It is fixed in r209540 for current. Best regards Michael >=20 > Seems this zero originates from libc code for sctp_send(): >=20 > =3D=3D=3D > #ifdef SYS_sctp_generic_sendmsg > struct sockaddr *to =3D NULL; >=20 > return (syscall(SYS_sctp_generic_sendmsg, sd, > data, len, to, 0, sinfo, flags)); > #else > =3D=3D=3D >=20 > why after `to'? >=20 >=20 > -netch- >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1A9143A2-28A7-447A-AF65-A22CC49C6034>