From owner-freebsd-net@FreeBSD.ORG Sun Aug 3 22:13:32 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D7E937B4DD; Sun, 3 Aug 2003 22:13:32 -0700 (PDT) Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB3D543FA3; Sun, 3 Aug 2003 22:13:29 -0700 (PDT) (envelope-from grog@lemis.com) Received: by wantadilla.lemis.com (Postfix, from userid 1004) id 806B9526AA; Mon, 4 Aug 2003 14:43:26 +0930 (CST) Date: Mon, 4 Aug 2003 14:43:26 +0930 From: Greg 'groggy' Lehey To: Paolo Pisati Message-ID: <20030804051326.GY95375@wantadilla.lemis.com> References: <20030731211452.GA210@newluxor.skynet.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Fn23agWlbbdZ3cy5" Content-Disposition: inline In-Reply-To: <20030731211452.GA210@newluxor.skynet.org> User-Agent: Mutt/1.4i Organization: The FreeBSD Project Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-418-838-708 WWW-Home-Page: http://www.FreeBSD.org/ X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F 09AC 22E6 F290 507A 4223 cc: FreeBSD_Hackers cc: FreeBSD_Net Subject: Re: Netgraph node, first steps in kernel land and a bloody crash dump X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2003 05:13:33 -0000 --Fn23agWlbbdZ3cy5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thursday, 31 July 2003 at 23:14:52 +0200, Paolo Pisati wrote: > > Hi guys, > > still here with my netgraph node. > > Today, after a couple of nice days without a problem, > i spent the last 4 hours trying to understand why the hell, > my module crash my stable box. > ... > #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487 > 487 if (dumping++) { > (kgdb) where > #5 0xc0204f63 in trap (frame=3D{tf_fs =3D 16, tf_es =3D 16, tf_ds =3D 16, > tf_edi =3D -856166976, tf_esi =3D 0, tf_ebp =3D -856167184, > tf_isp =3D -856167216, tf_ebx =3D 69, tf_edx =3D 0, tf_ecx =3D 0, > tf_eax =3D -6422529, tf_trapno =3D 12, tf_err =3D 0, tf_eip =3D 784= , tf_cs =3D 8, > tf_eflags =3D 66118, tf_esp =3D -1071208512, tf_ss =3D 1861}) > at /usr/src/sys/i386/i386/trap.c:466 > #6 0x310 in ?? () > #7 0xc0163e70 in putchar (c=3D69, arg=3D0xccf7edc0) > at /usr/src/sys/kern/subr_prf.c:355 > #8 0xc0164086 in kvprintf (fmt=3D0xc0e24baa "AF NODE\n", > func=3D0xc0163dd0 , arg=3D0xccf7edc0, radix=3D10, ap=3D0xccf= 7edd8 "") > at /usr/src/sys/kern/subr_prf.c:532 > #9 0xc0163d4c in printf (fmt=3D0xc0e24ba8 "LEAF NODE\n") > at /usr/src/sys/kern/subr_prf.c:305 > #10 0xc0e2348a in ?? () > #11 0xc0e23354 in ?? () > > Ok, i'm not a guru, but it looks like the culprit is printf in > kernel land, or at least, a bad use of it from myself... (see #9). Hmm. Is this a kld? > I would like to fill the missing ?? in this dump, but i couldn't > find how to load the symbols from my node (and yes, i've tried > what's written in the handbook about the modules and it didn't > work). OK, what we see here is that the printf call calls putchar() to print the individual characters. The one it's printing now is 0x69 (frame 7), lowercase 'i'. That's not in the (first) string passed to printf(), but it could be in another parameter, or in the format string. You can't get the address of frame 6 because it's not a valid address. Kernel code sits above 0xc0000000, and this address is 0x310, which suggests to me that you've smashed a stack or something. I'd guess that you've overflowed the buffer. > on a side note: > [flag@newluxor flag]$ man 9 printf > No entry for printf in section 9 of the manual > [flag@newluxor flag]$ > > what's happened to the man page? Hasn't been written. Do you feel like doing it? Greg --=20 See complete headers for address and phone numbers --Fn23agWlbbdZ3cy5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE/Let2IubykFB6QiMRAmjJAJ9XywQ11NJVrqWVHnwbTIzdHK6YhQCcC0R8 +GmdJHu3uZ6aH3Ps11gxOxs= =9YnD -----END PGP SIGNATURE----- --Fn23agWlbbdZ3cy5--