Panic from osendmsg() (Re: panic: m_prepend: MH_ALIGN not PKTHDR mbuf)

Sun, 04 Jun 2006 17:42:37 -0700 

On Tue, May 23, 2006 at 09:58:26PM -0400, Kris Kennaway wrote:
> I got this panic as a non-privileged user running the stress2 test
> component that does random syscalls:
> 
> panic: m_prepend: MH_ALIGN not PKTHDR mbuf
> cpuid = 1
> KDB: enter: panic
> [thread pid 15370 tid 100536 ]
> Stopped at      kdb_enter+0x32: leave
> db> wh
> Tracing pid 15370 tid 100536 td 0xc5561000
> kdb_enter(c073c6b2,1,c0741b31,eced5be0,c5561000) at kdb_enter+0x32
> panic(c0741b31,c07199c6,2,0,e) at panic+0x1b1
> m_prepend(c4dc0300,c,2,e,eced5c58) at m_prepend+0xd8
> sendit(eced5c58,7cd3a4b7,eced5c54,28,c4beb1a0) at sendit+0x1a4
> osendmsg(c5561000,eced5d04,c,445,3) at osendmsg+0x89

Anyone looking at this?  It seems that the osendmsg() compatibility
syscall can be easily used to cause this panic.

Kris

> syscall(c54f003b,b51f003b,bfbf003b,f7a64185,bd4fa8c6) at syscall+0x163
> Xint0x80_syscall() at Xint0x80_syscall+0x1f
> --- syscall (114, FreeBSD ELF32, osendmsg), eip = 0x280a4d4d, esp = 
> 0xbfbfeae0, ebp = 0xbfbfeb28 ---
> 
> #8  0xc053e4d5 in panic (fmt=0xc0741b31 "%s: MH_ALIGN not PKTHDR mbuf") at 
> ../../../kern/kern_shutdown.c:549
> #9  0xc057fdc6 in m_prepend (m=0xc4dc0300, len=12, how=0) at 
> ../../../kern/uipc_mbuf.c:500
> #10 0xc058bc16 in sendit (td=0xc5561000, s=-657691676, mp=0xeced5c58, 
> flags=18)
>     at ../../../kern/uipc_syscalls.c:700
> #11 0xc058bd62 in osendmsg (td=0xc5561000, uap=0xeced5d04) at 
> ../../../kern/uipc_syscalls.c:892
> #12 0xc06fa7d7 in syscall (frame=
>       {tf_fs = -984678341, tf_es = -1256259525, tf_ds = -1078001605, tf_edi = 
> -140099195, tf_esi = -1118852922, tf_ebp = -1077941464, tf_isp = -319988380, 
> tf_ebx = 1628509609, tf_edx = 176, tf_ecx = 134516915, tf_eax = 114, 
> tf_trapno = 32, tf_err = 2, tf_eip = 671763789, tf_cs = 51, tf_eflags = 659, 
> tf_esp = -1077941536, tf_ss = 59}) at ../../../i386/i386/trap.c:1016
> #13 0xc06e3daf in Xint0x80_syscall () at ../../../i386/i386/exception.s:191
> #14 0x00000033 in ?? ()
> Previous frame inner to this frame (corrupt stack?)
> 
> Core available.
> 
> Kris
>

Attachment: pgpfidNuaGSnF.pgp
Description: PGP signature

Reply via email to