Re: kernel panics with uvideo, savecores and coredumps

To: Christoph Egger <Christoph_Egger%gmx.de@localhost>
Subject: Re: kernel panics with uvideo, savecores and coredumps
From: Andrew Doran <ad%netbsd.org@localhost>
Date: Mon, 1 Dec 2008 08:41:09 +0000

On Sat, Nov 29, 2008 at 04:23:19PM +0100, Christoph Egger wrote:

> breakpoint() at netbsd:breakpoint+0x5
> panic() at netbsd:pani+0x260
> kmem_poison_check() at netbsd:kmem_poison_check+0x82
> kmem_alloc() at netbsd:kmem_alloc+0x58
> amap_alloc() at netbsd:amap_alloc+0x111
> amap_copy() at netbsd:amap_copy+0x34a
> uvM_fault_internal() at netbsd:uvm_fault_internal+0xe53
> trap() at netbsd:trap+0x817
> trap (number 1191182377)
> 0x3830303220332e31:
> db{1}> mach cpu 0
> using cpu 0
> db{1}> bt
> x86_stihlt() at netbsd:x86_stihlt+0x6
> idle_loop() at netbsd:idle_loop+0x18e

amap_copy() is particularly sensitive to corruption in kernel_map. As
well as out of bounds access and "use after free" type problems it can
also indicate memory was passed to kmem_free() that did not come from
kmem_alloc(), for example, part of an lwp's kernel stack.

> > The crash happens in lib/libkvm/kvm_proc.c , line 566:
> > 
> > kp2p->p_forw = kl[0].l_forw;
> > 
> > The kl pointer is NULL. kvm_getlwps() in line 560
> > returns NULL and there's no NULL-pointer check.
> > nlwps passed to kvm_getlwps() is 1.

Fancy fixing it? ;-)

Cheers,
Andrew

References:
- kernel panics with uvideo, savecores and coredumps
  - From: Christoph Egger
- Re: kernel panics with uvideo, savecores and coredumps
  - From: Christoph Egger
- Re: kernel panics with uvideo, savecores and coredumps
  - From: Christoph Egger

Prev by Date: daily CVS update output
Next by Date: Re: Unable to run linux static binary
Previous by Thread: Re: kernel panics with uvideo, savecores and coredumps
Next by Thread: FreeBSD static binaries segfault
Indexes:

Home | Main Index | Thread Index | Old Index