Date: Sun, 8 May 2005 16:19:47 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Kris Kennaway <kris@obsecurity.org> Cc: current@FreeBSD.org Subject: Re: ptcwrite panic (with dump) Message-ID: <20050508231947.GA33571@xor.obsecurity.org> In-Reply-To: <20050508231735.GA32435@xor.obsecurity.org> References: <20050508231255.GA28688@xor.obsecurity.org> <20050508231735.GA32435@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--y0ulUmNC+osPPQO6
Content-Type: text/plain; charset=unknown-8bit
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Grr, truncation.
Script started on Sun May 8 23:18:33 2005
pointyhat# kgdb =07vmco=1B[16C=1B[Kkernel.debug.1 vmcore.1
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so:=
Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain condition=
s.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
#0 doadump () at pcpu.h:165
165 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc045b605 in db_fncall (dummy1=3D1016, dummy2=3D0, dummy3=3D11, dummy4=
=3D0xee3e38d4 "\f")
at ../../../ddb/db_command.c:531
fn_addr =3D -1068399536
args =3D {0 <repeats 11 times>}
nargs =3D 11
retval =3D 0
func =3D (fcn_10args_t *) 0xc0518450 <doadump>
t =3D 0
#2 0xc045b392 in db_command (last_cmdp=3D0xc0753584, cmd_table=3D0x0, aux_=
cmd_tablep=3D0xc071f13c,=20
aux_cmd_tablep_end=3D0xc071f140) at ../../../ddb/db_command.c:349
cmd =3D (struct command *) 0xc0724600
t =3D 0
modif =3D "\f\000\000\000=F8\003\000\000=F08>=EEf=F2h=C0=F8\003\000\000=F8=
\003\000\000\r\000\000\000\0349>=EE=A5=F4h=C0\0049>=EE=F8\003\000\000\200%\=
000\000\f\000\017\003\v\222U=C0x\000\000\000\200>u=C0\f\000\000\00049>=EE1=
=DAE=C0}=E8o=C0=B0=D6E=C0\000\000\000\000\020\000\000\000\f\000\000\000\200=
>u=C0=C6=CCE=C0\200>u=C086u=C0x\000\000\000\2309>=EE"
addr =3D 1016
count =3D 11
have_addr =3D 0
result =3D 0
#3 0xc045b4a5 in db_command_loop () at ../../../ddb/db_command.c:455
No locals.
#4 0xc045d5e5 in db_trap (type=3D12, code=3D0) at ../../../ddb/db_main.c:2=
21
jb =3D {{_jb =3D {-297911912, -297911940, -297911860, 1, 12, -1069165178, =
1, 12, -297911860,=20
-1068242440, -297911860, -1068273856}}}
prev_jb =3D (void *) 0x0
bkpt =3D 0
#5 0xc0536fee in kdb_trap (type=3D0, code=3D0, tf=3D0xee3e3ab0) at ../../.=
./kern/subr_kdb.c:421
did_stop_cpus =3D 1
handled =3D -297911632
#6 0xc06bbf06 in trap_fatal (frame=3D0xee3e3ab0, eva=3D0) at ../../../i386=
/i386/trap.c:801
code =3D 40
---Type <return> to continue, or q <return> to quit---
type =3D 12
ss =3D 40
esp =3D 0
softseg =3D {ssd_base =3D 0, ssd_limit =3D 1048575, ssd_type =3D 27, ssd_d=
pl =3D 0, ssd_p =3D 1,=20
ssd_xx =3D 11, ssd_xx1 =3D 1, ssd_def32 =3D 1, ssd_gran =3D 1}
#7 0xc06bbbc2 in trap_pfault (frame=3D0xee3e3ab0, usermode=3D0, eva=3D8) a=
t ../../../i386/i386/trap.c:724
va =3D 0
vm =3D (struct vmspace *) 0x0
map =3D 0x1
rv =3D 1
ftype =3D 1 '\001'
td =3D (struct thread *) 0xc3a5ad80
p =3D (struct proc *) 0xc3a593f8
#8 0xc06bb78e in trap (frame=3D
{tf_fs =3D 8, tf_es =3D -1066074072, tf_ds =3D -1066074072, tf_edi =
=3D -1017107456, tf_esi =3D -1017107456, tf_ebp =3D -297911476, tf_isp =3D =
-297911588, tf_ebx =3D 20, tf_edx =3D 4, tf_ecx =3D 1, tf_eax =3D 0, tf_tra=
pno =3D 12, tf_err =3D 0, tf_eip =3D -1068146714, tf_cs =3D 32, tf_eflags =
=3D 66178, tf_esp =3D -1066031968, tf_ss =3D -1066384328}) at ../../../i386=
/i386/trap.c:414
td =3D (struct thread *) 0xc3a5ad80
p =3D (struct proc *) 0xc3a593f8
sticks =3D 3228935364
i =3D 0
ucode =3D 0
type =3D 12
code =3D 0
eva =3D 8
#9 0xc06a683a in calltrap () at ../../../i386/i386/exception.s:139
No locals.
#10 0x00000008 in ?? ()
No symbol table info available.
#11 0xc0750028 in legacy_pcib_methods ()
No symbol table info available.
#12 0xc0750028 in legacy_pcib_methods ()
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#13 0xc3602c00 in ?? ()
No symbol table info available.
#14 0xc3602c00 in ?? ()
No symbol table info available.
#15 0xee3e3b4c in ?? ()
No symbol table info available.
#16 0xee3e3adc in ?? ()
No symbol table info available.
#17 0x00000014 in ?? ()
No symbol table info available.
#18 0x00000004 in ?? ()
No symbol table info available.
#19 0x00000001 in ?? ()
No symbol table info available.
#20 0x00000000 in ?? ()
No symbol table info available.
#21 0x0000000c in ?? ()
No symbol table info available.
#22 0x00000000 in ?? ()
No symbol table info available.
#23 0xc0555fe6 in ttyinfo (tp=3D0xc3602c00) at ../../../kern/tty.c:2565
utime =3D {tv_sec =3D -1009844964, tv_usec =3D 1}
stime =3D {tv_sec =3D -1066411237, tv_usec =3D 299}
p =3D (struct proc *) 0x14
pick =3D (struct proc *) 0xc050e9fa
td =3D (struct thread *) 0x0
stateprefix =3D 0xee3e3b4c "\200;>=EE=E4(U=C0"
state =3D 0xc0704438 "../../../kern/tty.c"
rss =3D 623
load =3D 0
pctcpu =3D -1017107456
#24 0xc05528e4 in ttyinput (c=3D20, tp=3D0xc3602c00) at ../../../kern/tty.c=
:626
---Type <return> to continue, or q <return> to quit---
iflag =3D 11010
lflag =3D 1483
cc =3D (cc_t *) 0xc3602cbc "\004=FF=FF\177\027\025\022\b\003\034\032\031\0=
21\023\026\017\001"
i =3D 0
err =3D 0
#25 0xc0559ef0 in ptcwrite (dev=3D0x0, uio=3D0xee3e3c70, flag=3D4) at lined=
isc.h:122
tp =3D (struct tty *) 0xc3602c00
cp =3D (u_char *) 0xee3e3ba1 ""
cc =3D 1
locbuf =3D "\024\000\000\000\027=ACo=C0=CC;>=EE=FA=E9P=C0\200\210u=C0\001\=
000\000\000\033=DBo=C0+\001\000\000\000\177s=C0\000=ED\n=C6\200=AD=A5=C3=E4=
;>=EE*=B2N=C0\200\210u=C0\000\000\000\000\027=ACo=C0C\000\000\000\004<>=EE\=
200=A3u=C0V\005\000\000\003\201o=C0\034<>=EE:=E9P=C0\200=A3u=C0\b\000\000"
cnt =3D 0
error =3D 0
#26 0xc04cf504 in devfs_write_f (fp=3D0xc5874d38, uio=3D0xee3e3c70, cred=3D=
0xc3c30e80, flags=3D0, td=3D0x1)
at ../../../fs/devfs/devfs_vnops.c:1367
dev =3D (struct cdev *) 0xc60aed00
error =3D 4
ioflag =3D 4
resid =3D 1
dsw =3D (struct cdevsw *) 0xc0737f00
#27 0xc054594b in dofilewrite (td=3D0xc3a5ad80, fp=3D0xc5874d38, fd=3D0, bu=
f=3D0x0, nbyte=3D3228744800, offset=3DUnhandled dwarf expression opcode 0x93
)
at file.h:246
auio =3D {uio_iov =3D 0xee3e3c68, uio_iovcnt =3D 1, uio_offset =3D 1506491=
, uio_resid =3D 0,=20
uio_segflg =3D UIO_USERSPACE, uio_rw =3D UIO_WRITE, uio_td =3D 0xc3a5ad80}
aiov =3D {iov_base =3D 0x80f30e5, iov_len =3D 0}
cnt =3D 1
error =3D -1066222496
ktruio =3D (struct uio *) 0x0
#28 0xc0545779 in write (td=3D0xc3a5ad80, uap=3D0xee3e3d04) at ../../../ker=
n/sys_generic.c:301
fp =3D (struct file *) 0xc5874d38
error =3D 0
#29 0xc06bc280 in syscall (frame=3D
---Type <return> to continue, or q <return> to quit---
{tf_fs =3D 59, tf_es =3D 59, tf_ds =3D -1078001605, tf_edi =3D 0, tf_=
esi =3D 0, tf_ebp =3D -1077943160, tf_isp =3D -297910940, tf_ebx =3D 135213=
056, tf_edx =3D 1, tf_ecx =3D 13, tf_eax =3D 4, tf_trapno =3D 0, tf_err =3D=
2, tf_eip =3D 672630591, tf_cs =3D 51, tf_eflags =3D 514, tf_esp =3D -1077=
943188, tf_ss =3D 59})
at ../../../i386/i386/trap.c:951
params =3D 0xbfbfe470 <Address 0xbfbfe470 out of bounds>
callp =3D (struct sysent *) 0xc072ddc0
td =3D (struct thread *) 0xc3a5ad80
p =3D (struct proc *) 0xc3a593f8
orig_tf_eflags =3D 514
sticks =3D 61923
error =3D 0
narg =3D 3
args =3D {13, 135213284, 1, 0, 0, -297910996, -1066739755, 135213056}
code =3D 4
#30 0xc06a688f in Xint0x80_syscall () at ../../../i386/i386/exception.s:200
No locals.
#31 0x0000003b in ?? ()
No symbol table info available.
#32 0x0000003b in ?? ()
No symbol table info available.
#33 0xbfbf003b in ?? ()
No symbol table info available.
#34 0x00000000 in ?? ()
No symbol table info available.
#35 0x00000000 in ?? ()
No symbol table info available.
#36 0xbfbfe488 in ?? ()
No symbol table info available.
#37 0xee3e3d64 in ?? ()
No symbol table info available.
#38 0x080f3000 in ?? ()
No symbol table info available.
#39 0x00000001 in ?? ()
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#40 0x0000000d in ?? ()
No symbol table info available.
#41 0x00000004 in ?? ()
No symbol table info available.
#42 0x00000000 in ?? ()
No symbol table info available.
#43 0x00000002 in ?? ()
No symbol table info available.
#44 0x2817873f in ?? ()
No symbol table info available.
#45 0x00000033 in ?? ()
No symbol table info available.
#46 0x00000202 in ?? ()
No symbol table info available.
#47 0xbfbfe46c in ?? ()
No symbol table info available.
#48 0x0000003b in ?? ()
No symbol table info available.
#49 0x00000000 in ?? ()
No symbol table info available.
#50 0x00000000 in ?? ()
No symbol table info available.
#51 0x00000000 in ?? ()
No symbol table info available.
#52 0x00000000 in ?? ()
No symbol table info available.
#53 0x60abe000 in ?? ()
No symbol table info available.
#54 0xc3a593f8 in ?? ()
No symbol table info available.
#55 0xc3a5ad80 in ?? ()
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#56 0xee3e36d4 in ?? ()
No symbol table info available.
#57 0xee3e36b0 in ?? ()
No symbol table info available.
#58 0xc34df600 in ?? ()
No symbol table info available.
#59 0xc052d050 in sched_switch (td=3D0x0, newtd=3D0x80f3000, flags=3DCannot=
access memory at address 0xbfbfe498
) at ../../../kern/sched_4bsd.c:971
kg =3D (struct ksegrp *) 0x0
p =3D (struct proc *) 0x0
Previous frame inner to this frame (corrupt stack?)
--y0ulUmNC+osPPQO6
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)
iD8DBQFCfp6TWry0BWjoQKURAsBbAKDxLWRmYOSk9/9Qo0JzI55GOsR13ACeId09
l1t+yBdd7FxLtxNONj4XFrM=
=W/R5
-----END PGP SIGNATURE-----
--y0ulUmNC+osPPQO6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050508231947.GA33571>