Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 26 Jun 2010 16:00:13 +0300
From:      Valentin Nechayev <netch@netch.kiev.ua>
To:        tuexen@freebsd.org, rrs@freebsd.org
Cc:        net@freebsd.org
Subject:   SCTP panic with sctp_send()
Message-ID:  <20100626130013.GA1502@netch.kiev.ua>

next in thread | raw e-mail | index | archive | help
Hi,

FreeBSD 7.3-RELEASE i386

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x0
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc05955ca
stack pointer           = 0x28:0xe783bb94
frame pointer           = 0x28:0xe783bc80
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 7751 (spc)
trap number             = 12
panic: page fault
Uptime: 20d6h25m18s
Physical memory: 1910 MB
Dumping 265 MB: 250 234 218 202 186 170 154 138 122 106 90 74 58 42 26 10

(kgdb) bt
#0  doadump () at pcpu.h:196
#1  0xc053a730 in boot (howto=260) at /usr/BSD/src/sys/kern/kern_shutdown.c:418
#2  0xc053a931 in panic (fmt=Variable "fmt" is not available.
) at /usr/BSD/src/sys/kern/kern_shutdown.c:574
#3  0xc0762e4c in trap_fatal (frame=0xe783bb54, eva=0)
    at /usr/BSD/src/sys/i386/i386/trap.c:950
#4  0xc07630b0 in trap_pfault (frame=0xe783bb54, usermode=0, eva=0)
    at /usr/BSD/src/sys/i386/i386/trap.c:863
#5  0xc0763a92 in trap (frame=0xe783bb54)
    at /usr/BSD/src/sys/i386/i386/trap.c:541
#6  0xc074f81b in calltrap () at /usr/BSD/src/sys/i386/i386/exception.s:166
#7  0xc05955ca in sctp_generic_sendmsg (td=0xcafb7d80, uap=0xe783bcfc)
    at /usr/BSD/src/sys/kern/uipc_syscalls.c:2386
#8  0xc0763405 in syscall (frame=0xe783bd38)
    at /usr/BSD/src/sys/i386/i386/trap.c:1101
#9  0xc074f880 in Xint0x80_syscall ()
    at /usr/BSD/src/sys/i386/i386/exception.s:262
#10 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)

(kgdb) f 7
#7  0xc05955ca in sctp_generic_sendmsg (td=0xcafb7d80, uap=0xe783bcfc)
    at /usr/BSD/src/sys/kern/uipc_syscalls.c:2386
2386                    ktrsockaddr(to);
(kgdb) p to
$1 = (struct sockaddr *) 0x0
(kgdb) l
2381            error = getsock(td->td_proc->p_fd, uap->sd, &fp, NULL);
2382            if (error)
2383                    goto sctp_bad;
2384    #ifdef KTRACE
2385            if (KTRPOINT(td, KTR_STRUCT))
2386                    ktrsockaddr(to);
2387    #endif
2388
2389            iov[0].iov_base = uap->msg;
2390            iov[0].iov_len = uap->mlen;

As seen from code, if uap->tolen is zero, `to' isn't initialized and remains
NULL. This error is identical to -CURRENT.

Seems this zero originates from libc code for sctp_send():

===
#ifdef SYS_sctp_generic_sendmsg
        struct sockaddr *to = NULL;

        return (syscall(SYS_sctp_generic_sendmsg, sd,
            data, len, to, 0, sinfo, flags));
#else
===

why after `to'?


-netch-



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100626130013.GA1502>