Panic in socreate (Re: override for mpd)

YONETANI Tomokazu qhwt+dragonfly-bugs at les.ath.cx
Wed Apr 7 22:01:12 PDT 2004


On Wed, Apr 07, 2004 at 09:10:37AM -0700, Matthew Dillon wrote:
>     Well, this is one for Jeff.  Proto 47 must be something that is being
>     dynamically created.  The crash is occuring here in socreate():
> 
>         if (proto)
>                 prp = pffindproto(dom, proto, type);
>         else
>                 prp = pffindtype(dom, type);
> 
>         if (prp == 0 || prp->pr_usrreqs->pru_attach == 0)
>                 return (EPROTONOSUPPORT);
> 
>     My assumption is that prp->pr_usrreqs is NULL.  Jeff?

Hmm. I built the kernel with

  CCVER=gcc2 make NO_CPU_CFLAGS=yes NO_CPU_COPTFLAGS=yes nativekernel

but maybe it doesn't drop -O flag, and the line number may not be correct.
In the backtrace below, gdb shows td == NULL, but that's probably the result of
optimization(register or memory location holding td was overwritten by td->td_proc?).

#0  dumpsys () at /home/source/dragonfly/src/sys/kern/kern_shutdown.c:500
500		if (dumping++) {
(kgdb) bt
#0  dumpsys () at /home/source/dragonfly/src/sys/kern/kern_shutdown.c:500
#1  0xc0152c53 in boot (howto=256) at /home/source/dragonfly/src/sys/kern/kern_shutdown.c:333
#2  0xc0153084 in poweroff_wait (junk=0xc0254b0a, howto=-1071299282)
    at /home/source/dragonfly/src/sys/kern/kern_shutdown.c:612
#3  0xc0216b79 in trap_fatal (frame=0xc7d9eb9c, eva=16)
    at /home/source/dragonfly/src/sys/i386/i386/trap.c:1077
#4  0xc021677d in trap_pfault (frame=0xc7d9eb9c, usermode=0, eva=16)
    at /home/source/dragonfly/src/sys/i386/i386/trap.c:966
#5  0xc0216468 in trap (frame={tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 0,
      tf_esi = -1071185964, tf_ebp = -942019596, tf_isp = -942019640, tf_ebx = -942019539,
      tf_edx = -1071185964, tf_ecx = -1071185856, tf_eax = -1071182144, tf_trapno = 12,
      tf_err = 0, tf_eip = -1072207400, tf_cs = 8, tf_eflags = 66182, tf_esp = -942019539,
      tf_ss = -968006600}) at /home/source/dragonfly/src/sys/i386/i386/trap.c:550
#6  0xc01769d8 in socreate (dom=2, aso=0xc64d6440, type=3, proto=47, td=0xc026e2e0)
    at /home/source/dragonfly/src/sys/kern/uipc_socket.c:141
#7  0xc01a1e87 in ng_ksocket_newhook (node=0xc6529118, hook=0xc0f41ec0,
    name0=0xc650957c "inet/raw/gre")
    at /home/source/dragonfly/src/sys/netgraph/ksocket/ng_ksocket.c:605
#8  0xc019af96 in ng_add_hook (node=0xc6529118, name=0xc650957c "inet/raw/gre", hookp=0xc7d9ec70)
    at /home/source/dragonfly/src/sys/netgraph/netgraph/ng_base.c:702
#9  0xc019b2df in ng_mkpeer (node=0xc65290e0, name=0xc650956c "lower",
    name2=0xc650957c "inet/raw/gre", type=0xc650955c "ksocket")
    at /home/source/dragonfly/src/sys/netgraph/netgraph/ng_base.c:919
#10 0xc019b76a in ng_generic_msg (here=0xc65290e0, msg=0xc6509538, retaddr=0xc0fc5320 "[2]:",
    resp=0xc7d9ed4c) at /home/source/dragonfly/src/sys/netgraph/netgraph/ng_base.c:1233
#11 0xc019b661 in ng_send_msg (here=0xc6528e78, msg=0xc6509538, address=0xc0f81ab0 "bypass.link0",
    rptr=0xc7d9ed4c) at /home/source/dragonfly/src/sys/netgraph/netgraph/ng_base.c:1182
#12 0xc01acdd4 in ngc_send (so=0xc7e81d40, flags=0, m=0xc5dbb100, addr=0xc0f81a90, control=0x0,
    td=0xc5d7f5c0) at /home/source/dragonfly/src/sys/netgraph/socket/ng_socket.c:243
#13 0xc0176897 in netmsg_pru_dispatcher (msg=0xc8554ac4)
    at /home/source/dragonfly/src/sys/kern/uipc_msg.c:570
#14 0xc0196d63 in netmsg_service_loop (arg=0x0) at /home/source/dragonfly/src/sys/net/netisr.c:87
(kgdb) fram 6
#6  0xc01769d8 in socreate (dom=2, aso=0xc64d6440, type=3, proto=47, td=0xc026e2e0)
    at /home/source/dragonfly/src/sys/kern/uipc_socket.c:141
141		if (prp == 0 || prp->pr_usrreqs->pru_attach == 0)
(kgdb) list
136		if (proto)
137			prp = pffindproto(dom, proto, type);
138		else
139			prp = pffindtype(dom, type);
140
141		if (prp == 0 || prp->pr_usrreqs->pru_attach == 0)
142			return (EPROTONOSUPPORT);
143
144		if (p->p_ucred->cr_prison && jail_socket_unixiproute_only &&
145		    prp->pr_domain->dom_family != PF_LOCAL &&
(kgdb) print *prp
$1 = {pr_type = 3, pr_domain = 0xc0270040, pr_protocol = 47, pr_flags = 67,
  pr_input = 0xc01b3294 <encap4_input>, pr_output = 0, pr_ctlinput = 0,
  pr_ctloutput = 0xc01b86f8 <rip_ctloutput>, pr_mport = 0xc0196eb8 <cpu0_soport>,
  pr_init = 0xc01b327c <encap_init>, pr_fasttimo = 0, pr_slowtimo = 0, pr_drain = 0,
  pr_usrreqs = 0xc0270ec0}
(kgdb) print prp->pr_usrreqs->pru_attach
$2 = (int (*)()) 0xc01b893c <rip_attach>
(kgdb) print p
$3 = (struct proc *) 0x0
(kgdb) print td
$4 = (struct thread *) 0x0
(kgdb) print *(struct thread *)0xc026e2e0
$5 = {td_threadq = {tqe_next = 0x0, tqe_prev = 0xff800084}, td_allq = {tqe_next = 0xc028a1e0,
    tqe_prev = 0xc02820e8}, td_msgport = {mp_msgq = {tqh_first = 0x0, tqh_last = 0xc026e2f0},
    mp_flags = 0, mp_refs = 0, mp_td = 0xc026e2e0, mp_putport = 0xc0196d04 <netmsg_put_port>,
    mp_waitport = 0xc01582e8 <lwkt_default_waitport>,
    mp_replyport = 0xc015811c <lwkt_default_replyport>,
    mp_abortport = 0xc01582e0 <lwkt_default_abortport>}, td_proc = 0x0, td_pcb = 0xc7d9eda0,
  td_gd = 0xff800000, td_wmesg = 0x0, td_wchan = 0x0, td_pri = 12, td_flags = 3075, td_gen = 0,
  td_preemptable = 0, td_release = 0, td_info = {intdata = 0x0}, td_kstack = 0xc7d9c000 "",
  td_sp = 0xc7d9e9ec "?8_", td_switch = 0xc0215764 <cpu_lwkt_switch>, td_wait = 0x0,
  td_uticks = 0, td_sticks = 187509, td_iticks = 0, td_locks = -15, td_refs = 0,
  td_nest_count = 0, td_unused001 = 0, td_unused002 = 0, td_comm = "netisr_cpu 0\000\000\000\000",
  td_preempted = 0x0, td_caps = 0x0, td_toks = 0x0, td_mach = {mtd_cpl = 4294967295}}
(kgdb)
Script done on Thu Apr	8 13:32:45 2004





More information about the Bugs mailing list