port-sun3: ping dumps core?

Subject: ping dumps core?
To: None <port-sun3@NetBSD.ORG>
From: Ian Dall <Ian.Dall@dsto.defence.gov.au>
List: port-sun3
Date: 11/28/1996 13:56:13
On my Sun 3/50 ping core dumps after receiving one return
packet. A few other network utilities, but not all, core dump
as well. ftp and telnet are fine as is rcp. However, rlogin
and rlogind both seem to be a problem.

At least in the case of ping, this is a long standing problem (netbsd
1.1, 1.2, 1.2B). I definitely dont see this on my pc532 also running
netbsd and I presume that few other people have seen it on a Sun3
either, since I haven't seen it mentioned.

Does anyone else see this? gdb doesn't seem much help (it keeps
dropping me back to ddb when I hit a break point. Is there an easy way
to turn that off?

The problem is unlikely to be in the ping code anyway. Attached is the
tail of a ktrace/kdump I did. The problem seems to be that last
recvfrom has been called with bad arguments. Compare them with the
previous recvfrom calls. Also note that the bad recvfrom follows an
interupted recvfrom.

If I use gdb on ping, I don't, as I say find it very useful. However,
one thing I note is that I can get lots of received packets handled
successfully (albeit with very large delays) by setting breakpoints.
ie, it seems to be a Heisenbug.

My working hypothesis is that there is something wrong with the signal
handling code which somehow results in a corrupted stack.

Ian

  3078 ping     CALL  recvfrom(0x3,0x2c000,0xc0,0,0xdfff9c2,0xdfff9b2)
  3078 ping     GIO   fd 3 read 84 bytes
       "E\0\0@`\M-a\0\0\M^?\^A\0\0
	\0\0\^A
	\0\0\^B\0\0\^YQ\f\^F\0\0002\M^\\M-3\M-j\0\^E	\^Z\b	
	\v\f\r\^N\^O\^P\^Q\^R\^S\^T\^U\^V\^W\^X\^Y\^Z\^[\^\\^]\^^\^_ !"#$%&'()\
	*+,-./01234567"
  3078 ping     RET   recvfrom 84/0x54
  3078 ping     CALL  gettimeofday(0xdfff97c,0)
  3078 ping     RET   gettimeofday 0
  3078 ping     CALL  break(0x35ffc)
  3078 ping     RET   break 0
  3078 ping     CALL  write(0x1,0x2e000,0x3a)
  3078 ping     GIO   fd 1 wrote 58 bytes
       "64 bytes from 10.0.0.1: icmp_seq=0 ttl=255 time=49.991 ms
       "
  3078 ping     RET   write 58/0x3a
  3078 ping     CALL  recvfrom(0x3,0x2c000,0xc0,0,0xdfff9c2,0xdfff9b2)
  3078 ping     PSIG  SIGALRM caught handler=0x314a mask=0x0 code=0x0
  3078 ping     RET   recvfrom RESTART
  3078 ping     CALL  gettimeofday(0x16cdc,0)
  3078 ping     RET   gettimeofday 0
  3078 ping     CALL  sendto(0x3,0x16cd4,0x40,0,0x16ac8,0x10)
  3078 ping     GIO   fd 3 wrote 64 bytes
       "\b\0\M-C3\f\^F\0\^A2\M^\\M-3\M-k\0\^EW5\b	
	\v\f\r\^N\^O\^P\^Q\^R\^S\^T\^U\^V\^W\^X\^Y\^Z\^[\^\\^]\^^\^_ !"#$%&'()\
	*+,-./01234567"
  3078 ping     RET   sendto 64/0x40
  3078 ping     CALL  sigaction(0xe,0xdfff73c,0xdfff730)
  3078 ping     RET   sigaction 0
  3078 ping     CALL  setitimer(0,0xdfff73c,0xdfff72c)
  3078 ping     RET   setitimer 0
  3078 ping     CALL  sigreturn(0xdfff95c)
  3078 ping     RET   sigreturn JUSTRETURN
  3078 ping     CALL  recvfrom(0x30f0,0x3,0x2c000,0xc0,0,0xdfff9c2)
  3078 ping     RET   recvfrom -1 errno 9 Bad file descriptor
  3078 ping     PSIG  SIGSEGV SIG_DFL
  3078 ping     NAMI  "ping.core"