Netgraph node, first steps in kernel land and a bloody crash dump

Greg 'groggy' Lehey grog at FreeBSD.org
Sun Aug 3 22:13:33 PDT 2003 

On Thursday, 31 July 2003 at 23:14:52 +0200, Paolo Pisati wrote:
>
> Hi guys,
>
> still here with my netgraph node.
>
> Today, after a couple of nice days without a problem,
> i spent the last 4 hours trying to understand why the hell,
> my module crash my stable box.
> ...
> #0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
> 487             if (dumping++) {
> (kgdb) where
> #5  0xc0204f63 in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16,
>       tf_edi = -856166976, tf_esi = 0, tf_ebp = -856167184,
>       tf_isp = -856167216, tf_ebx = 69, tf_edx = 0, tf_ecx = 0,
>       tf_eax = -6422529, tf_trapno = 12, tf_err = 0, tf_eip = 784, tf_cs = 8,
>       tf_eflags = 66118, tf_esp = -1071208512, tf_ss = 1861})
>     at /usr/src/sys/i386/i386/trap.c:466
> #6  0x310 in ?? ()
> #7  0xc0163e70 in putchar (c=69, arg=0xccf7edc0)
>     at /usr/src/sys/kern/subr_prf.c:355
> #8  0xc0164086 in kvprintf (fmt=0xc0e24baa "AF NODE\n",
>     func=0xc0163dd0 <putchar>, arg=0xccf7edc0, radix=10, ap=0xccf7edd8 "")
>     at /usr/src/sys/kern/subr_prf.c:532
> #9  0xc0163d4c in printf (fmt=0xc0e24ba8 "LEAF NODE\n")
>     at /usr/src/sys/kern/subr_prf.c:305
> #10 0xc0e2348a in ?? ()
> #11 0xc0e23354 in ?? ()
>
> Ok, i'm not a guru, but it looks like the culprit is printf in
> kernel land, or at least, a bad use of it from myself... (see #9).

Hmm.  Is this a kld?

> I would like to fill the missing ?? in this dump, but i couldn't
> find how to load the symbols from my node (and yes, i've tried
> what's written in the handbook about the modules and it didn't
> work).

OK, what we see here is that the printf call calls putchar() to print
the individual characters.  The one it's printing now is 0x69 (frame
7), lowercase 'i'.  That's not in the (first) string passed to
printf(), but it could be in another parameter, or in the format
string.

You can't get the address of frame 6 because it's not a valid address.
Kernel code sits above 0xc0000000, and this address is 0x310, which
suggests to me that you've smashed a stack or something.  I'd guess
that you've overflowed the buffer.

> on a side note:
> [flag at newluxor flag]$ man 9 printf
> No entry for printf in section 9 of the manual
> [flag at newluxor flag]$
>
> what's happened to the man page?

Hasn't been written.  Do you feel like doing it?

Greg
-- 
See complete headers for address and phone numbers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20030804/42ee4377/attachment.bin

More information about the freebsd-hackers mailing list