Date: Fri, 25 Feb 2005 21:21:04 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Doug White <dwhite@gumbysoft.com> Cc: Kris Kennaway <kris@obsecurity.org> Subject: Re: Fatal trap 12 in kernload() Message-ID: <20050226052104.GA21973@xor.obsecurity.org> In-Reply-To: <20050225164319.F30975@carver.gumbysoft.com> References: <20050224213936.GA2591@xor.obsecurity.org> <20050225164319.F30975@carver.gumbysoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--W/nzBZO5zC0uMSeA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 25, 2005 at 04:47:14PM -0800, Doug White wrote: > On Thu, 24 Feb 2005, Kris Kennaway wrote: >=20 > > > fault virtual address =3D 0x7562676b >=20 > I agree with Dan, this is bogus. kernload() is the offset from kernbase > where the ELF headers get stuck. I suspect ddb is resolving it like it > resolves end -- its beyond the beginning of the kernel so it picks the > next best match, like end shows up beyond the end of the symbol table. > (FYI end usually indicates calls into a KLD.) >=20 > > > current process =3D 52613 (getty) > > > Tracing pid 52613 tid 100360 td 0xd2d3a000 > > > kernload(cd533500,3,2000,d2d3a000,3) at 0x7562676b > > > devfs_open(f8225a4c,c072025a,1e6,c07205ff,d235f134) at devfs_open+0x2= 91 >=20 > Can you get an addr2line on this devfs_open call? It appears to have > tried to open an incompletely initialized tty device. Which one would be > nice to know :-) It was ttyd0. phk couldn't figure out how this happened, so I'm trying to recreate it. Kris > > > VOP_OPEN_APV(c07340a0,f8225a4c,3,c076d398,1) at VOP_OPEN_APV+0x9e > > > vn_open_cred(f8225bbc,f8225cbc,860,cd33e180,1) at vn_open_cred+0x45b > > > vn_open(f8225bbc,f8225cbc,860,1,d2d3a000) at vn_open+0x33 > > > kern_open(d2d3a000,804f860,0,3,804f860) at kern_open+0xca > > > open(d2d3a000,f8225d14,3a6,c071c691,d2d3a000) at open+0x36 > > > syscall(2f,2f,2f,2,804f860) at syscall+0x2c4 > > > Xint0x80_syscall() at Xint0x80_syscall+0x1f > > > --- syscall (5, FreeBSD ELF32, open), eip =3D 0x280ca2cb, esp =3D 0xb= fbfedfc, ebp =3D 0xbfbfee28 --- > > > db> > > > > Kris > > >=20 > --=20 > Doug White | FreeBSD: The Power to Serve > dwhite@gumbysoft.com | www.FreeBSD.org > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >=20 --W/nzBZO5zC0uMSeA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCIAdAWry0BWjoQKURAvcxAJ9MlpKDb+6CRp5W+eXKxvwwCbrq/QCeNzH0 1y1ZL0JF6hpw9/9OhDtjPYk= =QLxy -----END PGP SIGNATURE----- --W/nzBZO5zC0uMSeA--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050226052104.GA21973>