Date: Mon, 4 Aug 2003 14:43:26 +0930 From: Greg 'groggy' Lehey <grog@FreeBSD.org> To: Paolo Pisati <p.pisati@oltrelinux.com> Cc: FreeBSD_Net <freebsd-net@FreeBSD.ORG> Subject: Re: Netgraph node, first steps in kernel land and a bloody crash dump Message-ID: <20030804051326.GY95375@wantadilla.lemis.com> In-Reply-To: <20030731211452.GA210@newluxor.skynet.org> References: <20030731211452.GA210@newluxor.skynet.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Fn23agWlbbdZ3cy5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thursday, 31 July 2003 at 23:14:52 +0200, Paolo Pisati wrote:
>
> Hi guys,
>
> still here with my netgraph node.
>
> Today, after a couple of nice days without a problem,
> i spent the last 4 hours trying to understand why the hell,
> my module crash my stable box.
> ...
> #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
> 487 if (dumping++) {
> (kgdb) where
> #5 0xc0204f63 in trap (frame=3D{tf_fs =3D 16, tf_es =3D 16, tf_ds =3D 16,
> tf_edi =3D -856166976, tf_esi =3D 0, tf_ebp =3D -856167184,
> tf_isp =3D -856167216, tf_ebx =3D 69, tf_edx =3D 0, tf_ecx =3D 0,
> tf_eax =3D -6422529, tf_trapno =3D 12, tf_err =3D 0, tf_eip =3D 784=
, tf_cs =3D 8,
> tf_eflags =3D 66118, tf_esp =3D -1071208512, tf_ss =3D 1861})
> at /usr/src/sys/i386/i386/trap.c:466
> #6 0x310 in ?? ()
> #7 0xc0163e70 in putchar (c=3D69, arg=3D0xccf7edc0)
> at /usr/src/sys/kern/subr_prf.c:355
> #8 0xc0164086 in kvprintf (fmt=3D0xc0e24baa "AF NODE\n",
> func=3D0xc0163dd0 <putchar>, arg=3D0xccf7edc0, radix=3D10, ap=3D0xccf=
7edd8 "")
> at /usr/src/sys/kern/subr_prf.c:532
> #9 0xc0163d4c in printf (fmt=3D0xc0e24ba8 "LEAF NODE\n")
> at /usr/src/sys/kern/subr_prf.c:305
> #10 0xc0e2348a in ?? ()
> #11 0xc0e23354 in ?? ()
>
> Ok, i'm not a guru, but it looks like the culprit is printf in
> kernel land, or at least, a bad use of it from myself... (see #9).
Hmm. Is this a kld?
> I would like to fill the missing ?? in this dump, but i couldn't
> find how to load the symbols from my node (and yes, i've tried
> what's written in the handbook about the modules and it didn't
> work).
OK, what we see here is that the printf call calls putchar() to print
the individual characters. The one it's printing now is 0x69 (frame
7), lowercase 'i'. That's not in the (first) string passed to
printf(), but it could be in another parameter, or in the format
string.
You can't get the address of frame 6 because it's not a valid address.
Kernel code sits above 0xc0000000, and this address is 0x310, which
suggests to me that you've smashed a stack or something. I'd guess
that you've overflowed the buffer.
> on a side note:
> [flag@newluxor flag]$ man 9 printf
> No entry for printf in section 9 of the manual
> [flag@newluxor flag]$
>
> what's happened to the man page?
Hasn't been written. Do you feel like doing it?
Greg
--=20
See complete headers for address and phone numbers
--Fn23agWlbbdZ3cy5
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (FreeBSD)
iD8DBQE/Let2IubykFB6QiMRAmjJAJ9XywQ11NJVrqWVHnwbTIzdHK6YhQCcC0R8
+GmdJHu3uZ6aH3Ps11gxOxs=
=9YnD
-----END PGP SIGNATURE-----
--Fn23agWlbbdZ3cy5--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030804051326.GY95375>