From owner-freebsd-current@FreeBSD.ORG Sun May 8 23:19:49 2005 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2459D16A4E6; Sun, 8 May 2005 23:19:49 +0000 (GMT) Received: from obsecurity.dyndns.org (CPE0050040655c8-CM00111ae02aac.cpe.net.cable.rogers.com [69.194.102.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id 84C1143D67; Sun, 8 May 2005 23:19:48 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id EFF79513C1; Sun, 8 May 2005 16:19:47 -0700 (PDT) Date: Sun, 8 May 2005 16:19:47 -0700 From: Kris Kennaway To: Kris Kennaway Message-ID: <20050508231947.GA33571@xor.obsecurity.org> References: <20050508231255.GA28688@xor.obsecurity.org> <20050508231735.GA32435@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="y0ulUmNC+osPPQO6" Content-Disposition: inline In-Reply-To: <20050508231735.GA32435@xor.obsecurity.org> User-Agent: Mutt/1.4.2.1i cc: dwhite@FreeBSD.org cc: phk@freeBSD.org cc: current@FreeBSD.org Subject: Re: ptcwrite panic (with dump) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 May 2005 23:19:49 -0000 --y0ulUmNC+osPPQO6 Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Grr, truncation. Script started on Sun May 8 23:18:33 2005 pointyhat# kgdb =07vmco=1B[16C=1B[Kkernel.debug.1 vmcore.1 [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so:= Undefined symbol "ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain condition= s. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". #0 doadump () at pcpu.h:165 165 pcpu.h: No such file or directory. in pcpu.h (kgdb) bt full #0 doadump () at pcpu.h:165 No locals. #1 0xc045b605 in db_fncall (dummy1=3D1016, dummy2=3D0, dummy3=3D11, dummy4= =3D0xee3e38d4 "\f") at ../../../ddb/db_command.c:531 fn_addr =3D -1068399536 args =3D {0 } nargs =3D 11 retval =3D 0 func =3D (fcn_10args_t *) 0xc0518450 t =3D 0 #2 0xc045b392 in db_command (last_cmdp=3D0xc0753584, cmd_table=3D0x0, aux_= cmd_tablep=3D0xc071f13c,=20 aux_cmd_tablep_end=3D0xc071f140) at ../../../ddb/db_command.c:349 cmd =3D (struct command *) 0xc0724600 t =3D 0 modif =3D "\f\000\000\000=F8\003\000\000=F08>=EEf=F2h=C0=F8\003\000\000=F8= \003\000\000\r\000\000\000\0349>=EE=A5=F4h=C0\0049>=EE=F8\003\000\000\200%\= 000\000\f\000\017\003\v\222U=C0x\000\000\000\200>u=C0\f\000\000\00049>=EE1= =DAE=C0}=E8o=C0=B0=D6E=C0\000\000\000\000\020\000\000\000\f\000\000\000\200= >u=C0=C6=CCE=C0\200>u=C086u=C0x\000\000\000\2309>=EE" addr =3D 1016 count =3D 11 have_addr =3D 0 result =3D 0 #3 0xc045b4a5 in db_command_loop () at ../../../ddb/db_command.c:455 No locals. #4 0xc045d5e5 in db_trap (type=3D12, code=3D0) at ../../../ddb/db_main.c:2= 21 jb =3D {{_jb =3D {-297911912, -297911940, -297911860, 1, 12, -1069165178, = 1, 12, -297911860,=20 -1068242440, -297911860, -1068273856}}} prev_jb =3D (void *) 0x0 bkpt =3D 0 #5 0xc0536fee in kdb_trap (type=3D0, code=3D0, tf=3D0xee3e3ab0) at ../../.= ./kern/subr_kdb.c:421 did_stop_cpus =3D 1 handled =3D -297911632 #6 0xc06bbf06 in trap_fatal (frame=3D0xee3e3ab0, eva=3D0) at ../../../i386= /i386/trap.c:801 code =3D 40 ---Type to continue, or q to quit--- type =3D 12 ss =3D 40 esp =3D 0 softseg =3D {ssd_base =3D 0, ssd_limit =3D 1048575, ssd_type =3D 27, ssd_d= pl =3D 0, ssd_p =3D 1,=20 ssd_xx =3D 11, ssd_xx1 =3D 1, ssd_def32 =3D 1, ssd_gran =3D 1} #7 0xc06bbbc2 in trap_pfault (frame=3D0xee3e3ab0, usermode=3D0, eva=3D8) a= t ../../../i386/i386/trap.c:724 va =3D 0 vm =3D (struct vmspace *) 0x0 map =3D 0x1 rv =3D 1 ftype =3D 1 '\001' td =3D (struct thread *) 0xc3a5ad80 p =3D (struct proc *) 0xc3a593f8 #8 0xc06bb78e in trap (frame=3D {tf_fs =3D 8, tf_es =3D -1066074072, tf_ds =3D -1066074072, tf_edi = =3D -1017107456, tf_esi =3D -1017107456, tf_ebp =3D -297911476, tf_isp =3D = -297911588, tf_ebx =3D 20, tf_edx =3D 4, tf_ecx =3D 1, tf_eax =3D 0, tf_tra= pno =3D 12, tf_err =3D 0, tf_eip =3D -1068146714, tf_cs =3D 32, tf_eflags = =3D 66178, tf_esp =3D -1066031968, tf_ss =3D -1066384328}) at ../../../i386= /i386/trap.c:414 td =3D (struct thread *) 0xc3a5ad80 p =3D (struct proc *) 0xc3a593f8 sticks =3D 3228935364 i =3D 0 ucode =3D 0 type =3D 12 code =3D 0 eva =3D 8 #9 0xc06a683a in calltrap () at ../../../i386/i386/exception.s:139 No locals. #10 0x00000008 in ?? () No symbol table info available. #11 0xc0750028 in legacy_pcib_methods () No symbol table info available. #12 0xc0750028 in legacy_pcib_methods () ---Type to continue, or q to quit--- No symbol table info available. #13 0xc3602c00 in ?? () No symbol table info available. #14 0xc3602c00 in ?? () No symbol table info available. #15 0xee3e3b4c in ?? () No symbol table info available. #16 0xee3e3adc in ?? () No symbol table info available. #17 0x00000014 in ?? () No symbol table info available. #18 0x00000004 in ?? () No symbol table info available. #19 0x00000001 in ?? () No symbol table info available. #20 0x00000000 in ?? () No symbol table info available. #21 0x0000000c in ?? () No symbol table info available. #22 0x00000000 in ?? () No symbol table info available. #23 0xc0555fe6 in ttyinfo (tp=3D0xc3602c00) at ../../../kern/tty.c:2565 utime =3D {tv_sec =3D -1009844964, tv_usec =3D 1} stime =3D {tv_sec =3D -1066411237, tv_usec =3D 299} p =3D (struct proc *) 0x14 pick =3D (struct proc *) 0xc050e9fa td =3D (struct thread *) 0x0 stateprefix =3D 0xee3e3b4c "\200;>=EE=E4(U=C0" state =3D 0xc0704438 "../../../kern/tty.c" rss =3D 623 load =3D 0 pctcpu =3D -1017107456 #24 0xc05528e4 in ttyinput (c=3D20, tp=3D0xc3602c00) at ../../../kern/tty.c= :626 ---Type to continue, or q to quit--- iflag =3D 11010 lflag =3D 1483 cc =3D (cc_t *) 0xc3602cbc "\004=FF=FF\177\027\025\022\b\003\034\032\031\0= 21\023\026\017\001" i =3D 0 err =3D 0 #25 0xc0559ef0 in ptcwrite (dev=3D0x0, uio=3D0xee3e3c70, flag=3D4) at lined= isc.h:122 tp =3D (struct tty *) 0xc3602c00 cp =3D (u_char *) 0xee3e3ba1 "" cc =3D 1 locbuf =3D "\024\000\000\000\027=ACo=C0=CC;>=EE=FA=E9P=C0\200\210u=C0\001\= 000\000\000\033=DBo=C0+\001\000\000\000\177s=C0\000=ED\n=C6\200=AD=A5=C3=E4= ;>=EE*=B2N=C0\200\210u=C0\000\000\000\000\027=ACo=C0C\000\000\000\004<>=EE\= 200=A3u=C0V\005\000\000\003\201o=C0\034<>=EE:=E9P=C0\200=A3u=C0\b\000\000" cnt =3D 0 error =3D 0 #26 0xc04cf504 in devfs_write_f (fp=3D0xc5874d38, uio=3D0xee3e3c70, cred=3D= 0xc3c30e80, flags=3D0, td=3D0x1) at ../../../fs/devfs/devfs_vnops.c:1367 dev =3D (struct cdev *) 0xc60aed00 error =3D 4 ioflag =3D 4 resid =3D 1 dsw =3D (struct cdevsw *) 0xc0737f00 #27 0xc054594b in dofilewrite (td=3D0xc3a5ad80, fp=3D0xc5874d38, fd=3D0, bu= f=3D0x0, nbyte=3D3228744800, offset=3DUnhandled dwarf expression opcode 0x93 ) at file.h:246 auio =3D {uio_iov =3D 0xee3e3c68, uio_iovcnt =3D 1, uio_offset =3D 1506491= , uio_resid =3D 0,=20 uio_segflg =3D UIO_USERSPACE, uio_rw =3D UIO_WRITE, uio_td =3D 0xc3a5ad80} aiov =3D {iov_base =3D 0x80f30e5, iov_len =3D 0} cnt =3D 1 error =3D -1066222496 ktruio =3D (struct uio *) 0x0 #28 0xc0545779 in write (td=3D0xc3a5ad80, uap=3D0xee3e3d04) at ../../../ker= n/sys_generic.c:301 fp =3D (struct file *) 0xc5874d38 error =3D 0 #29 0xc06bc280 in syscall (frame=3D ---Type to continue, or q to quit--- {tf_fs =3D 59, tf_es =3D 59, tf_ds =3D -1078001605, tf_edi =3D 0, tf_= esi =3D 0, tf_ebp =3D -1077943160, tf_isp =3D -297910940, tf_ebx =3D 135213= 056, tf_edx =3D 1, tf_ecx =3D 13, tf_eax =3D 4, tf_trapno =3D 0, tf_err =3D= 2, tf_eip =3D 672630591, tf_cs =3D 51, tf_eflags =3D 514, tf_esp =3D -1077= 943188, tf_ss =3D 59}) at ../../../i386/i386/trap.c:951 params =3D 0xbfbfe470
callp =3D (struct sysent *) 0xc072ddc0 td =3D (struct thread *) 0xc3a5ad80 p =3D (struct proc *) 0xc3a593f8 orig_tf_eflags =3D 514 sticks =3D 61923 error =3D 0 narg =3D 3 args =3D {13, 135213284, 1, 0, 0, -297910996, -1066739755, 135213056} code =3D 4 #30 0xc06a688f in Xint0x80_syscall () at ../../../i386/i386/exception.s:200 No locals. #31 0x0000003b in ?? () No symbol table info available. #32 0x0000003b in ?? () No symbol table info available. #33 0xbfbf003b in ?? () No symbol table info available. #34 0x00000000 in ?? () No symbol table info available. #35 0x00000000 in ?? () No symbol table info available. #36 0xbfbfe488 in ?? () No symbol table info available. #37 0xee3e3d64 in ?? () No symbol table info available. #38 0x080f3000 in ?? () No symbol table info available. #39 0x00000001 in ?? () ---Type to continue, or q to quit--- No symbol table info available. #40 0x0000000d in ?? () No symbol table info available. #41 0x00000004 in ?? () No symbol table info available. #42 0x00000000 in ?? () No symbol table info available. #43 0x00000002 in ?? () No symbol table info available. #44 0x2817873f in ?? () No symbol table info available. #45 0x00000033 in ?? () No symbol table info available. #46 0x00000202 in ?? () No symbol table info available. #47 0xbfbfe46c in ?? () No symbol table info available. #48 0x0000003b in ?? () No symbol table info available. #49 0x00000000 in ?? () No symbol table info available. #50 0x00000000 in ?? () No symbol table info available. #51 0x00000000 in ?? () No symbol table info available. #52 0x00000000 in ?? () No symbol table info available. #53 0x60abe000 in ?? () No symbol table info available. #54 0xc3a593f8 in ?? () No symbol table info available. #55 0xc3a5ad80 in ?? () No symbol table info available. ---Type to continue, or q to quit--- #56 0xee3e36d4 in ?? () No symbol table info available. #57 0xee3e36b0 in ?? () No symbol table info available. #58 0xc34df600 in ?? () No symbol table info available. #59 0xc052d050 in sched_switch (td=3D0x0, newtd=3D0x80f3000, flags=3DCannot= access memory at address 0xbfbfe498 ) at ../../../kern/sched_4bsd.c:971 kg =3D (struct ksegrp *) 0x0 p =3D (struct proc *) 0x0 Previous frame inner to this frame (corrupt stack?) --y0ulUmNC+osPPQO6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCfp6TWry0BWjoQKURAsBbAKDxLWRmYOSk9/9Qo0JzI55GOsR13ACeId09 l1t+yBdd7FxLtxNONj4XFrM= =W/R5 -----END PGP SIGNATURE----- --y0ulUmNC+osPPQO6--