Kernel Panics & kernel controls
Kernel Panics & kernel controls
- Subject: Kernel Panics & kernel controls
- From: Greg <email@hidden>
- Date: Thu, 18 Jan 2007 12:28:04 -0500
I'm currently writing an application that communicates to a kext
through kernel controls, while the final version of it will be very
"light" on the amount of traffic sent in and out of the kernel, right
now during development there is a "decent amount", which consists at
its peak of only a few bytes per second. The kext itself has a kauth
listener that will occasionally cause some information to be sent
back to the user-land application which has two connections to the
kext (one for sending data, and one for receiving it).
I'm not very familiar with kernel controls but I have a feeling that
the kernel panics are coming from how I'm using them, mainly because
I simply do not know very much about how they work (there's not much
documentation on them). The panic itself seems to occur when data is
sent out (ctl_enqueue'd), although I have no way of being certain.
It seems to have something to do with memory allocation. One other
thing is that at the end of my ctl_sendfunc (called when the client
sends data to the kext), I always call mbuf_freem() on the mbut_t
structure passed in, I saw this done in some Brian's Peer-Guardian
source, however I don't know anything about its proper usage.
I was debugging using the target/development system, here are several
backtraces that occurred from various kernel panics, perhaps they'll
mean something to someone:
-------------
(gdb) bt
#0 0x000a4ca0 in handlePF ()
#1 0x0006b6a0 in vm_map_inherit ()
#2 0x002dc594 in _IOMemoryMap::initCompatible ()
#3 0x00867cc0 in ?? ()
#4 0x0085b6cc in ?? ()
#5 0x002eb640 in IOInterruptController::registerInterrupt ()
#6 0x0008c59c in kernel_upl_commit_range ()
#7 0x0002921c in host_processor_info ()
#8 0x000233f8 in mach_msg_receive_results ()
#9 0x000abaac in machine_thread_get_state ()
#10 0x00000001 in lowGlo ()
Cannot access memory at address 0xbfffd070
#11 0x00000001 in lowGlo ()
Cannot access memory at address 0xbfffd070
Cannot access memory at address 0xbfffd070
-----------
(gdb) bt
#0 0x002b9ec4 in IOService::registerInterest ()
#1 0x002b9ebc in IOService::registerInterest ()
Previous frame identical to this frame (corrupt stack?)
----------
(gdb) bt
#0 0x0009580c in kmod_get_info ()
#1 0x0009580c in kmod_get_info ()
Previous frame identical to this frame (corrupt stack?)
----------
(gdb) bt
#0 0x0003fe3c in thread_policy_reset ()
#1 0x0003fe24 in thread_policy_reset ()
Previous frame identical to this frame (corrupt stack?)
---------
(gdb) bt
#0 0x002fb7c8 in PMSettingObject::free ()
#1 0x002fb7a4 in IOPMrootDomain::removePublishedFeature ()
#2 0x002fb64c in IOPMrootDomain::removePublishedFeature ()
#3 0x0030305c in OSBoolean::initialize ()
#4 0x002d8cb0 in IOMemoryCursor::IOMemoryCursor ()
#5 0x002dc540 in _IOMemoryMap::initCompatible ()
#6 0x00867cc0 in ?? ()
#7 0x0085b6cc in ?? ()
#8 0x002eb640 in IOInterruptController::registerInterrupt ()
#9 0x0008c59c in kernel_upl_commit_range ()
#10 0x0002921c in host_processor_info ()
#11 0x000233f8 in mach_msg_receive_results ()
#12 0x000abaac in machine_thread_get_state ()
#13 0x00000000 in lowGlo ()
----------
(gdb) bt
#0 0x002fb418 in IOPMrootDomain::start ()
#1 0x002fb3c8 in IOPMrootDomain::start ()
Previous frame identical to this frame (corrupt stack?)
---------
Finally here is what the kernel panic displayed on my target machine
and its associated backtrace:
----------
Unresolved kernel trap(cpu 0): 0x300 - Data access
DAR=0x000000001C425C40 PC=0x00000000002FB7C8
Latest crash info for cpu 0:
Exception state (sv=0x2DA7EC80)
PC=0x002FB7C8; MSR=0x00009030; DAR=0x1C425C40; DSIRSR=0x40000000;
LR=0x002FB7A4; R1=0x1742BB00; XCP=0x0000000C (0x300 - Data access)
Backtrace:
0x002FB7A4 0x002FB64C 0x0030305C 0x002D8CB0 0x002DC540 0x00867CC0
0x0085B6CC 0x002EB640 0x0008C59C 0x0002921C 0x000233F8 0x000ABAAC
0x3D223234
Kernel loadable modules in backtrace (with dependencies):
com.apple.ATIRadeon8500(4.1.8)@0x852000
dependency: com.apple.iokit.IOPCIFamily(1.7)@0x463000
dependency: com.apple.iokit.IOGraphicsFamily(1.4.1)@0x7b4000
dependency: com.apple.iokit.IONDRVSupport(1.4.1)@0x7d8000
Proceeding back via exception chain:
Exception state (sv=0x2DA7EC80)
previously dumped as "Latest" state. skipping...
Exception state (sv=0x2DA87C80)
PC=0x9000AB48; MSR=0x0200F030; DAR=0x01890008; DSISR=0x0A000000;
LR=0x9000AA9C; R1=0xBFFFD070; XCP=0x00000030 (0xC00 - System call)
Kernel version:
Darwin Kernel Version 8.8.0: Fri Sep 8 17:18:57 PDT 2006;
root:xnu-792.12.6.obj~1/RELEASE_PPC
Memory access exception (1,0,0)
(gdb) bt
#0 0x002fb7c8 in PMSettingObject::free ()
#1 0x002fb7a4 in IOPMrootDomain::removePublishedFeature ()
#2 0x002fb64c in IOPMrootDomain::removePublishedFeature ()
#3 0x0030305c in OSBoolean::initialize ()
#4 0x002d8cb0 in IOMemoryCursor::IOMemoryCursor ()
#5 0x002dc540 in _IOMemoryMap::initCompatible ()
#6 0x00867cc0 in ?? ()
#7 0x0085b6cc in ?? ()
#8 0x002eb640 in IOInterruptController::registerInterrupt ()
#9 0x0008c59c in kernel_upl_commit_range ()
#10 0x0002921c in host_processor_info ()
#11 0x000233f8 in mach_msg_receive_results ()
#12 0x000abaac in machine_thread_get_state ()
#13 0x3d223234 in ?? ()
Cannot access memory at address 0x3d223234
Cannot access memory at address 0x3d223234
Cannot access memory at address 0xbfffd070
Cannot access memory at address 0x3d223234
Cannot access memory at address 0x3d223234
Cannot access memory at address 0x3d223234
Cannot access memory at address 0xbfffd078
-----------------------
I have NULL checking ifs scattered everywhere in my code but none of
them ever get called so I'm trying to provide as much information as
I can as I have run out of ideas as to why this is happening.
- Greg
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden