ptcwrite panic (with dump)
Kris Kennaway
kris at obsecurity.org
Sun May 8 16:19:49 PDT 2005
Grr, truncation.
Script started on Sun May 8 23:18:33 2005
pointyhat# kgdb vmco[16C[Kkernel.debug.1 vmcore.1
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
#0 doadump () at pcpu.h:165
165 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc045b605 in db_fncall (dummy1=1016, dummy2=0, dummy3=11, dummy4=0xee3e38d4 "\f")
at ../../../ddb/db_command.c:531
fn_addr = -1068399536
args = {0 <repeats 11 times>}
nargs = 11
retval = 0
func = (fcn_10args_t *) 0xc0518450 <doadump>
t = 0
#2 0xc045b392 in db_command (last_cmdp=0xc0753584, cmd_table=0x0, aux_cmd_tablep=0xc071f13c,
aux_cmd_tablep_end=0xc071f140) at ../../../ddb/db_command.c:349
cmd = (struct command *) 0xc0724600
t = 0
modif = "\f\000\000\000ø\003\000\000ð8>îfòhÀø\003\000\000ø\003\000\000\r\000\000\000\0349>î¥ôhÀ\0049>îø\003\000\000\200%\000\000\f\000\017\003\v\222UÀx\000\000\000\200>uÀ\f\000\000\00049>î1ÚEÀ}èoÀ°ÖEÀ\000\000\000\000\020\000\000\000\f\000\000\000\200>uÀÆÌEÀ\200>uÀ86uÀx\000\000\000\2309>î"
addr = 1016
count = 11
have_addr = 0
result = 0
#3 0xc045b4a5 in db_command_loop () at ../../../ddb/db_command.c:455
No locals.
#4 0xc045d5e5 in db_trap (type=12, code=0) at ../../../ddb/db_main.c:221
jb = {{_jb = {-297911912, -297911940, -297911860, 1, 12, -1069165178, 1, 12, -297911860,
-1068242440, -297911860, -1068273856}}}
prev_jb = (void *) 0x0
bkpt = 0
#5 0xc0536fee in kdb_trap (type=0, code=0, tf=0xee3e3ab0) at ../../../kern/subr_kdb.c:421
did_stop_cpus = 1
handled = -297911632
#6 0xc06bbf06 in trap_fatal (frame=0xee3e3ab0, eva=0) at ../../../i386/i386/trap.c:801
code = 40
---Type <return> to continue, or q <return> to quit---
type = 12
ss = 40
esp = 0
softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1,
ssd_xx = 11, ssd_xx1 = 1, ssd_def32 = 1, ssd_gran = 1}
#7 0xc06bbbc2 in trap_pfault (frame=0xee3e3ab0, usermode=0, eva=8) at ../../../i386/i386/trap.c:724
va = 0
vm = (struct vmspace *) 0x0
map = 0x1
rv = 1
ftype = 1 '\001'
td = (struct thread *) 0xc3a5ad80
p = (struct proc *) 0xc3a593f8
#8 0xc06bb78e in trap (frame=
{tf_fs = 8, tf_es = -1066074072, tf_ds = -1066074072, tf_edi = -1017107456, tf_esi = -1017107456, tf_ebp = -297911476, tf_isp = -297911588, tf_ebx = 20, tf_edx = 4, tf_ecx = 1, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1068146714, tf_cs = 32, tf_eflags = 66178, tf_esp = -1066031968, tf_ss = -1066384328}) at ../../../i386/i386/trap.c:414
td = (struct thread *) 0xc3a5ad80
p = (struct proc *) 0xc3a593f8
sticks = 3228935364
i = 0
ucode = 0
type = 12
code = 0
eva = 8
#9 0xc06a683a in calltrap () at ../../../i386/i386/exception.s:139
No locals.
#10 0x00000008 in ?? ()
No symbol table info available.
#11 0xc0750028 in legacy_pcib_methods ()
No symbol table info available.
#12 0xc0750028 in legacy_pcib_methods ()
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#13 0xc3602c00 in ?? ()
No symbol table info available.
#14 0xc3602c00 in ?? ()
No symbol table info available.
#15 0xee3e3b4c in ?? ()
No symbol table info available.
#16 0xee3e3adc in ?? ()
No symbol table info available.
#17 0x00000014 in ?? ()
No symbol table info available.
#18 0x00000004 in ?? ()
No symbol table info available.
#19 0x00000001 in ?? ()
No symbol table info available.
#20 0x00000000 in ?? ()
No symbol table info available.
#21 0x0000000c in ?? ()
No symbol table info available.
#22 0x00000000 in ?? ()
No symbol table info available.
#23 0xc0555fe6 in ttyinfo (tp=0xc3602c00) at ../../../kern/tty.c:2565
utime = {tv_sec = -1009844964, tv_usec = 1}
stime = {tv_sec = -1066411237, tv_usec = 299}
p = (struct proc *) 0x14
pick = (struct proc *) 0xc050e9fa
td = (struct thread *) 0x0
stateprefix = 0xee3e3b4c "\200;>îä(UÀ"
state = 0xc0704438 "../../../kern/tty.c"
rss = 623
load = 0
pctcpu = -1017107456
#24 0xc05528e4 in ttyinput (c=20, tp=0xc3602c00) at ../../../kern/tty.c:626
---Type <return> to continue, or q <return> to quit---
iflag = 11010
lflag = 1483
cc = (cc_t *) 0xc3602cbc "\004ÿÿ\177\027\025\022\b\003\034\032\031\021\023\026\017\001"
i = 0
err = 0
#25 0xc0559ef0 in ptcwrite (dev=0x0, uio=0xee3e3c70, flag=4) at linedisc.h:122
tp = (struct tty *) 0xc3602c00
cp = (u_char *) 0xee3e3ba1 ""
cc = 1
locbuf = "\024\000\000\000\027¬oÀÌ;>îúéPÀ\200\210uÀ\001\000\000\000\033ÛoÀ+\001\000\000\000\177sÀ\000í\nÆ\200¥Ãä;>î*²NÀ\200\210uÀ\000\000\000\000\027¬oÀC\000\000\000\004<>î\200£uÀV\005\000\000\003\201oÀ\034<>î:éPÀ\200£uÀ\b\000\000"
cnt = 0
error = 0
#26 0xc04cf504 in devfs_write_f (fp=0xc5874d38, uio=0xee3e3c70, cred=0xc3c30e80, flags=0, td=0x1)
at ../../../fs/devfs/devfs_vnops.c:1367
dev = (struct cdev *) 0xc60aed00
error = 4
ioflag = 4
resid = 1
dsw = (struct cdevsw *) 0xc0737f00
#27 0xc054594b in dofilewrite (td=0xc3a5ad80, fp=0xc5874d38, fd=0, buf=0x0, nbyte=3228744800, offset=Unhandled dwarf expression opcode 0x93
)
at file.h:246
auio = {uio_iov = 0xee3e3c68, uio_iovcnt = 1, uio_offset = 1506491, uio_resid = 0,
uio_segflg = UIO_USERSPACE, uio_rw = UIO_WRITE, uio_td = 0xc3a5ad80}
aiov = {iov_base = 0x80f30e5, iov_len = 0}
cnt = 1
error = -1066222496
ktruio = (struct uio *) 0x0
#28 0xc0545779 in write (td=0xc3a5ad80, uap=0xee3e3d04) at ../../../kern/sys_generic.c:301
fp = (struct file *) 0xc5874d38
error = 0
#29 0xc06bc280 in syscall (frame=
---Type <return> to continue, or q <return> to quit---
{tf_fs = 59, tf_es = 59, tf_ds = -1078001605, tf_edi = 0, tf_esi = 0, tf_ebp = -1077943160, tf_isp = -297910940, tf_ebx = 135213056, tf_edx = 1, tf_ecx = 13, tf_eax = 4, tf_trapno = 0, tf_err = 2, tf_eip = 672630591, tf_cs = 51, tf_eflags = 514, tf_esp = -1077943188, tf_ss = 59})
at ../../../i386/i386/trap.c:951
params = 0xbfbfe470 <Address 0xbfbfe470 out of bounds>
callp = (struct sysent *) 0xc072ddc0
td = (struct thread *) 0xc3a5ad80
p = (struct proc *) 0xc3a593f8
orig_tf_eflags = 514
sticks = 61923
error = 0
narg = 3
args = {13, 135213284, 1, 0, 0, -297910996, -1066739755, 135213056}
code = 4
#30 0xc06a688f in Xint0x80_syscall () at ../../../i386/i386/exception.s:200
No locals.
#31 0x0000003b in ?? ()
No symbol table info available.
#32 0x0000003b in ?? ()
No symbol table info available.
#33 0xbfbf003b in ?? ()
No symbol table info available.
#34 0x00000000 in ?? ()
No symbol table info available.
#35 0x00000000 in ?? ()
No symbol table info available.
#36 0xbfbfe488 in ?? ()
No symbol table info available.
#37 0xee3e3d64 in ?? ()
No symbol table info available.
#38 0x080f3000 in ?? ()
No symbol table info available.
#39 0x00000001 in ?? ()
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#40 0x0000000d in ?? ()
No symbol table info available.
#41 0x00000004 in ?? ()
No symbol table info available.
#42 0x00000000 in ?? ()
No symbol table info available.
#43 0x00000002 in ?? ()
No symbol table info available.
#44 0x2817873f in ?? ()
No symbol table info available.
#45 0x00000033 in ?? ()
No symbol table info available.
#46 0x00000202 in ?? ()
No symbol table info available.
#47 0xbfbfe46c in ?? ()
No symbol table info available.
#48 0x0000003b in ?? ()
No symbol table info available.
#49 0x00000000 in ?? ()
No symbol table info available.
#50 0x00000000 in ?? ()
No symbol table info available.
#51 0x00000000 in ?? ()
No symbol table info available.
#52 0x00000000 in ?? ()
No symbol table info available.
#53 0x60abe000 in ?? ()
No symbol table info available.
#54 0xc3a593f8 in ?? ()
No symbol table info available.
#55 0xc3a5ad80 in ?? ()
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#56 0xee3e36d4 in ?? ()
No symbol table info available.
#57 0xee3e36b0 in ?? ()
No symbol table info available.
#58 0xc34df600 in ?? ()
No symbol table info available.
#59 0xc052d050 in sched_switch (td=0x0, newtd=0x80f3000, flags=Cannot access memory at address 0xbfbfe498
) at ../../../kern/sched_4bsd.c:971
kg = (struct ksegrp *) 0x0
p = (struct proc *) 0x0
Previous frame inner to this frame (corrupt stack?)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20050508/c214d377/attachment.bin
More information about the freebsd-current
mailing list