Kernel stack corruption is detected.

[expoinfy]

Hi Slava,

I am seeing the kernel stack is getting corrupted while hooking the fs driver. May I know what i have to do next, how can I handle this kernel stack corruption in code change. Below is small crash snippet for your reference.

* Panic Report * panic(cpu 3 caller 0xffffff7f8c03108e): "Kernel stack memory corruption detected"@/SourceCache/xnu/xnu-2782.40.9/libkern/stack_protector.c:37 Backtrace (CPU 3), Frame : Return Address 0xffffff80dcf737e0 : 0xffffff800b72ad21 0xffffff80dcf73860 : 0xffffff7f8c03108e 0xffffff80dcf738b0 : 0xffffff7f8c030adc 0xffffff80dcf73900 : 0xffffff7f8c030c5f 0xffffff80dcf73d50 : 0xffffff800b96e770 0xffffff80dcf73dd0 : 0xffffff800b963ccf 0xffffff80dcf73e40 : 0xffffff800bbec1a5 0xffffff80dcf73ef0 : 0xffffff800bbebff2 0xffffff80dcf73f50 : 0xffffff800bc4b376 0xffffff80dcf73fb0 : 0xffffff800b8344a6 Kernel Extensions in backtrace: com.SlavaImameev.FsdFilter(1.0)[B1FAEDC5-E28E-3768-8482-9D533A5D124D]@0xffffff7f8c02b000->0xffffff7f8c048fff

BSD process name corresponding to current thread: mds Boot args: debug=0x146 kext-dev-mode=1

[slavaim]

I would like to have a stack with both kernel and driver symbols loaded so function names are shown in the call stack. It is really hard to guess what is going on having such a little information.

[slavaim]

The structure offsets has changed for Sierra. I switched the project from hardcoded offsets to a dynamically generated ones on each load by registering a fake FSD, this required to add USE_FAKE_FSD preprocessor definition and a disassembler. You need to pull the updated project.