Walking the stack by hand

Previous page
Table of content
Next page

Since we trap'ed instead of panic'ed, it is a good idea to manually walk through the stack to get a more accurate picture of the stack traceback. Doing this one time will allow us to use the adb $c command with an understanding of how accurate its output is. Let's walk the stack, starting at register %o6 , as seen in the regs structure shown above. 

  f86e8d08/16X  0xf86e8d08:     2               1000            ffef            fffe                  5004            1a              1a              0                  fceaccb0        f86e8eac        0               fceb2525                  2               0  f86e8d68        f80618ec   f80618ec/i  _vno_rw+0xa4:   jmpl    %g1, %o7  f86e8d68/16X  0xf86e8d68:     f7743a14        7fffffff        f80ca554        f7745ae4                  f7748bec        f7745df0        f774429c        19d1                  f835bac8        1               f86e8eac        1000                  fceaccb4        0  f86e8dc8        f804cb20   f804cb20/i  _rwuio+0x2b0:   jmpl    %g1, %o7  f86e8dc8/16X  0xf86e8dc8:     f835bac8        f81170b0        0               f86e8eac                  f835bac8        102             1000            f835bac8                  f835bac8        f86e8eac        f86e8ea4        1000                  1000            f86e8eac        f86e8e40        f804bab4  and so on

We could continue walking the stack, but we've already accomplished what we needed to. We have confirmed that the $c output we are interested in starts with fifo_rdwr(). The reference to uiomove() is actually a lingering, historical frame on the stack, and tells us that uiomove() was the most recent routine called by fifo_rdwr() .

From both the stack traceback and the manual stack traceback, we can see that when fifo_rdwr() was called, register %i3 contained 0xfceb2525. This value does not represent a full-word address, not even a half-word address. 0xfceb2525 only represents a byte address. The instruction used in the fifo_rdwr() routine was a full word load instruction, ld, so the value in %i3 is suspicious at best.

Note

Unfortunately, it is possible that the fifo_rdwr() routine may have used register %i3 as a local register after it finished reading its contents as a calling parameter , thus modifying %i3 , thus affecting the stack traceback information that we see in the postmortem files.


Let's check the assembly code of fifo_rdwr() to see whether %i3 has been modified since entering the routine.


Previous page
Table of content
Next page
PANIC. UNIX System Crash Dump Analysis Handbook
PANIC! UNIX System Crash Dump Analysis Handbook (Bk/CD-ROM)
ISBN: 0131493868
EAN: 2147483647
Year: 1994
Pages: 289
Authors: Chris Drake
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
Qshell for iSeries
SQL Tips & Techniques (Miscellaneous)
The Complete Cisco VPN Configuration Guide
Web Systems Design and Online Consumer Behavior
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy