bug-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: oskit-mach: vm_map_copyout crash


From: Daniel Wagner
Subject: Re: oskit-mach: vm_map_copyout crash
Date: Thu, 22 Nov 2001 23:13:41 +0100
User-agent: Mutt/1.2.5i

On Tue, 20 Nov 2001, Roland McGrath wrote:

> I take it your second program uses device_set_filter on its own to select
> some of the packets.

Yes, that's right.

> First, by
> program should both be sending and receiving packets.  We need to figure
> looking in the mach_msg_trap frame, you can see the whole message header
> (do "p/x *kmsg"). 

(gdb) p/x *kmsg
$1 = {ikm_next = 0x4081700, ikm_prev = 0xffffff10, ikm_size = 0x100, 
  ikm_marequest = 0x0, ikm_header = {msgh_bits = 0x80001200, msgh_size = 0xa0, 
    msgh_remote_port = 0x0, msgh_local_port = 0x4, msgh_seqno = 0x5, 
    msgh_id = 0x7788}}

> Then take a look in the vm_map_copyout frame and examine all the
> addresses involved; show us all the local variables there and examine the
> pointers.

(gdb) i local
m = 0x0
va = 14680064
offset = 1
object = 0xb
size = 4096
start = 16928768
vm_copy_start = 2248704
last = 0x412ca3c
entry = 0x4058d20

(gdb) p/x *dst_map
Repeat count 5 too large for buffer: 
ffffffff00000a0008f013043c0309040000e0000000e0c00b00000001000000048d05040300000007000000010000003c0309040000000000000000170
Repeat count 5 too large for buffer: 
ffffffff00000a0008f013043c0309040000e0000000e0c00b00000001000000048d05040300000007000000010000003c0309040000000000000000170
Repeat count 5 too large for buffer: 
ffffffff00000a0008f013043c0309040000e0000000e0c00b00000001000000048d05040300000007000000010000003c0309040000000000000000170
Ignoring packet error, continuing...
$1 = {lock = {thread = 0xffffffff, read_count = 0x0, want_upgrade = 0x0, 
    want_write = 0x1, waiting = 0x0, can_sleep = 0x1, recursion_depth = 0x0, 
    0x413f008}, hdr = {links = {prev = 0x413f008, next = 0x409033c, 
      start = 0xe00000, end = 0xc0e00000}, nentries = 0xb, 
    entries_pageable = 0x1}, pmap = 0x4058d04, size = 0x3, ref_count = 0x7, 
  hint = 0x1, first_free = 0x409033c, wait_for_space = 0x0, 
  wiring_required = 0x0, timestamp = 0x17}

(gdb) p/x *dst_addr
$2 = 0x1024000

(gdb) p/x *copy    
$3 = {type = 0x1, offset = 0x225000, size = 0x14, c_u = {hdr = {links = {
        prev = 0x409919c, next = 0x409919c, start = 0x0, end = 0x0}, 
      nentries = 0x1, entries_pageable = 0x1}, c_o = {object = 0x409919c}, 
    c_p = {page_list = {0x409919c, 0x409919c, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0}, 
      npages = 0x0, cont = 0x0, cont_args = 0x0}}}

(gdb) p/x *object
Repeat count 13 too large for buffer: 
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010
Repeat count 13 too large for buffer: 
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010
Repeat count 13 too large for buffer: 
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010
Ignoring packet error, continuing...
$4 = {memq = {next = 0x0, prev = 0x0}, size = 0x0, ref_count = 0x0, 
  resident_page_count = 0x0, copy = 0x0, shadow = 0x0, shadow_offset = 0x0, 
  pager = 0x0, paging_offset = 0x0, pager_request = 0x0, pager_name = 0x0, 
  copy_strategy = 0x0, absent_count = 0x0, all_wanted = 0x0, 
  paging_in_progress = 0x1, pager_created = 0x0, pager_initialized = 0x0, 
  pager_ready = 0x0, can_persist = 0x0, internal = 0x0, temporary = 0x0, 
  alive = 0x0, lock_in_progress = 0x0, lock_restart = 0x0, 
  use_old_pageout = 0x0, use_shared_copy = 0x0, shadowed = 0x0, cached_list = {
    next = 0x0, prev = 0x0}, last_alloc = 0x0, existence_info = 0x0}

(gdb) p/x *last
$5 = {links = {prev = 0x409919c, next = 0x40499a0, start = 0x1e23000, 
    end = 0x1e25000}, object = {vm_object = 0x412cf18, sub_map = 0x412cf18}, 
  offset = 0x0, is_shared = 0x0, is_sub_map = 0x0, in_transition = 0x0, 
  needs_wakeup = 0x0, needs_copy = 0x0, protection = 0x3, 
  max_protection = 0x7, inheritance = 0x1, wired_count = 0x0, 
  user_wired_count = 0x0, projected_on = 0x0}

(gdb) p/x *entry
$6 = {links = {prev = 0x413f008, next = 0x409033c, start = 0xe00000, 
    end = 0xc0e00000}, object = {vm_object = 0xb, sub_map = 0xb}, 
  offset = 0x1, is_shared = 0x0, is_sub_map = 0x0, in_transition = 0x1, 
  needs_wakeup = 0x0, needs_copy = 0x0, protection = 0x3, 
  max_protection = 0x7, inheritance = 0x1, wired_count = 0x33c, 
  user_wired_count = 0x409, projected_on = 0x0}

-- 
Daniel Wagner                              "use quit to exit"
email: wagi@gmx.ch

GnuPG: 1024D/DCDE890A (public key available on any keyserver)



reply via email to

[Prev in Thread] Current Thread [Next in Thread]