From owner-freebsd-current@FreeBSD.ORG  Sat Feb 26 00:47:14 2005
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8FFF616A4CE; Sat, 26 Feb 2005 00:47:14 +0000 (GMT)
Received: from carver.gumbysoft.com (carver.gumbysoft.com [66.220.23.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 7090E43D3F; Sat, 26 Feb 2005 00:47:14 +0000 (GMT)
	(envelope-from dwhite@gumbysoft.com)
Received: by carver.gumbysoft.com (Postfix, from userid 1000)
	id 632BF72DD4; Fri, 25 Feb 2005 16:47:14 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by carver.gumbysoft.com (Postfix) with ESMTP id 5DFEA72DCB;
	Fri, 25 Feb 2005 16:47:14 -0800 (PST)
Date: Fri, 25 Feb 2005 16:47:14 -0800 (PST)
From: Doug White <dwhite@gumbysoft.com>
To: Kris Kennaway <kris@obsecurity.org>
In-Reply-To: <20050224213936.GA2591@xor.obsecurity.org>
Message-ID: <20050225164319.F30975@carver.gumbysoft.com>
References: <20050224213936.GA2591@xor.obsecurity.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: current@FreeBSD.org
cc: phk@FreeBSD.org
Subject: Re: Fatal trap 12 in kernload()
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Feb 2005 00:47:14 -0000

On Thu, 24 Feb 2005, Kris Kennaway wrote:

> > fault virtual address   = 0x7562676b

I agree with Dan, this is bogus. kernload() is the offset from kernbase
where the ELF headers get stuck. I suspect ddb is resolving it like it
resolves end -- its beyond the beginning of the kernel so it picks the
next best match, like end shows up beyond the end of the symbol table.
(FYI end usually indicates calls into a KLD.)

> > current process         = 52613 (getty)
> > Tracing pid 52613 tid 100360 td 0xd2d3a000
> > kernload(cd533500,3,2000,d2d3a000,3) at 0x7562676b
> > devfs_open(f8225a4c,c072025a,1e6,c07205ff,d235f134) at devfs_open+0x291

Can you get an addr2line on this devfs_open call?  It appears to have
tried to open an incompletely initialized tty device.  Which one would be
nice to know :-)

> > VOP_OPEN_APV(c07340a0,f8225a4c,3,c076d398,1) at VOP_OPEN_APV+0x9e
> > vn_open_cred(f8225bbc,f8225cbc,860,cd33e180,1) at vn_open_cred+0x45b
> > vn_open(f8225bbc,f8225cbc,860,1,d2d3a000) at vn_open+0x33
> > kern_open(d2d3a000,804f860,0,3,804f860) at kern_open+0xca
> > open(d2d3a000,f8225d14,3a6,c071c691,d2d3a000) at open+0x36
> > syscall(2f,2f,2f,2,804f860) at syscall+0x2c4
> > Xint0x80_syscall() at Xint0x80_syscall+0x1f
> > --- syscall (5, FreeBSD ELF32, open), eip = 0x280ca2cb, esp = 0xbfbfedfc, ebp = 0xbfbfee28 ---
> > db>
>
> Kris
>

-- 
Doug White                    |  FreeBSD: The Power to Serve
dwhite@gumbysoft.com          |  www.FreeBSD.org