Kernel panic while doing sysctl -a

Matthias Schmidt matthias at dragonflybsd.org
Mon Jan 7 08:31:07 PST 2008 

Hi,

one of my machines running HEAD experienced a kernel panic.  The command I
executed before the panic was "sysctl -a | less" to get a list of sysctls.
It seems that there is an overflow within the strlen function ...

kernel, crash dump, dmesg and pciconf -lv is available here:

http://www.mathematik.uni-marburg.de/~schmidtm/dfly_crash/

DragonFly node013.lab.ds 1.11.0-DEVELOPMENT DragonFly 1.11.0-DEVELOPMENT #0: Mon Jan  7 11:55:09 CET 2008     root at node013.lab.ds:/usr/obj/usr/src/sys/NODE013  i386

Cheers

	Matthias

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0xd0686f55
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc02ddb9a
stack pointer           = 0x10:0xcec0fb18
frame pointer           = 0x10:0xcec0fb18
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 50725 (sysctl)
current thread          = pri 6 

panic: from debugger


Fatal trap 3: breakpoint instruction fault while in kernel mode
instruction pointer     = 0x8:0xc03136a4
stack pointer           = 0x10:0xcec0f92c
frame pointer           = 0x10:0xcec0f934
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, IOPL = 0
current process         = 50725 (sysctl)
current thread          = pri 6 

panic: from debugger
Uptime: 3h57m22s


(kgdb) bt
#0  dumpsys () at thread.h:83
#1  0xc01c4e1b in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:375
#2  0xc01c4f3c in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:800
#3  0xc0149be5 in db_panic (addr=Could not find the frame base for "db_panic".
) at /usr/src/sys/ddb/db_command.c:447
#4  0xc014a250 in db_command_loop () at /usr/src/sys/ddb/db_command.c:343
#5  0xc014c7bc in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:71
#6  0xc03137f7 in kdb_trap (type=12, code=0, regs=0xcec0fad0) at /usr/src/sys/platform/pc32/i386/db_interface.c:148
#7  0xc032384b in trap_fatal (frame=0xcec0fad0, eva=Variable "eva" is not available.
) at /usr/src/sys/platform/pc32/i386/trap.c:1091
#8  0xc03239b0 in trap_pfault (frame=0xcec0fad0, usermode=0, eva=3496505173)
    at /usr/src/sys/platform/pc32/i386/trap.c:997
#9  0xc03241a0 in trap (frame=0xcec0fad0) at /usr/src/sys/platform/pc32/i386/trap.c:680
#10 0xc0314506 in calltrap () at /usr/src/sys/platform/pc32/i386/exception.s:783
#11 0xc02ddb9a in strlen (str=0xd0686f55 <Address 0xd0686f55 out of bounds>) at /usr/src/sys/libkern/strlen.c:41
#12 0xc02c2153 in sysctl_vm_zone (oidp=0xc03b42a0, arg1=0x0, arg2=0, req=0xcec0fc08) at /usr/src/sys/vm/vm_zone.c:447
#13 0xc01cf935 in sysctl_root (oidp=Variable "oidp" is not available.
) at /usr/src/sys/kern/kern_sysctl.c:1193
#14 0xc01cfa27 in userland_sysctl (name=0xcec0fc90, namelen=2, old=0x0, oldlenp=0xbfbfe8f0, inkernel=0, new=0x0, 
    newlen=0, retval=0xcec0fc8c) at /usr/src/sys/kern/kern_sysctl.c:1268
#15 0xc01cfc28 in sys___sysctl (uap=0xcec0fcf0) at /usr/src/sys/kern/kern_sysctl.c:1211
#16 0xc0323ccb in syscall2 (frame=0xcec0fd40) at /usr/src/sys/platform/pc32/i386/trap.c:1339
#17 0xc03145a5 in Xint0x80_syscall () at /usr/src/sys/platform/pc32/i386/exception.s:872
#18 0x08055d38 in ?? ()
#19 0xbfbfe86c in ?? ()
#20 0x0000002f in ?? ()
#21 0x00000000 in ?? ()
#22 0x00000000 in ?? ()
#23 0x00000000 in ?? ()
#24 0x00000000 in ?? ()
#25 0x13c4b000 in ?? ()
#26 0x00000001 in ?? ()
#27 0xc03c2bf8 in intr_info_ary ()
#28 0xcec0f8d4 in ?? ()
#29 0xcec0f8c4 in ?? ()
#30 0xc8076300 in ?? ()
#31 0xc01cac5a in lwkt_preempt (ntd=0x2, critpri=Cannot access memory at address 0xbfbfe8a4
) at /usr/src/sys/kern/lwkt_thread.c:893
(kgdb) f 11
#11 0xc02ddb9a in strlen (str=0xd0686f55 <Address 0xd0686f55 out of bounds>) at /usr/src/sys/libkern/strlen.c:41
41      {
(kgdb) p str
$5 = 0xd0686f55 <Address 0xd0686f55 out of bounds>
(kgdb) f 14
#14 0xc01cfa27 in userland_sysctl (name=0xcec0fc90, namelen=2, old=0x0, oldlenp=0xbfbfe8f0, inkernel=0, new=0x0, 
    newlen=0, retval=0xcec0fc8c) at /usr/src/sys/kern/kern_sysctl.c:1268
1268                error = sysctl_root(0, name, namelen, &req2);

More information about the Bugs mailing list