Date: Tue, 17 Feb 1998 11:46:23 +0100 From: Eivind Eklund <eivind@yes.no> To: hackers@FreeBSD.ORG Subject: ed overwrite clue? Message-ID: <19980217114623.18048@follo.net>
next in thread | raw e-mail | index | archive | help
This might be a clue for the strange ED overwrites (or it might be
something completely unrelated :-)
I'm getting panic()s from if_ed.c overwriting strange locations from
/* get pointer to this buffer's header structure */
packet_ptr = sc->mem_ring +
(sc->next_packet - sc->rec_page_start) * ED_PAGE_SIZE;
/*
* The byte count includes a 4 byte header that was added by
* the NIC.
*/
if (sc->mem_shared)
packet_hdr = *(struct ed_ring *) packet_ptr;
else
HERE--> ed_pio_readmem(sc, (int)packet_ptr, (char *) &packet_hdr,
sizeof(packet_hdr));
len = packet_hdr.count;
if (len > (ETHER_MAX_LEN - ETHER_CRC_LEN + sizeof(struct ed_ring)) ||
len < (ETHER_MIN_LEN - ETHER_CRC_LEN + sizeof(struct ed_ring))) {
/*
* Length is a wild value. There's a good chance that
The backtrace look like this (don't mind the line-numbers - they're
from something that is somewhat like a merge between -current now and
RELENG_2_2_2_RELEASE).
diablo(root)/intercom/var/crash# gdb -k /intercom/kernel.debug vmcore.0
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i386-unknown-freebsd),
Copyright 1996 Free Software Foundation, Inc...
IdlePTD 202000
current pcb at 1e5c80
panic: general protection fault
#0 boot (howto=256) at ../../kern/kern_shutdown.c:243
243 dumppcb.pcb_cr3 = rcr3();
(kgdb) bt
#0 boot (howto=256) at ../../kern/kern_shutdown.c:243
#1 0xf0114922 in panic (fmt=0xf01ad315 "general protection fault")
at ../../kern/kern_shutdown.c:367
#2 0xf01ade66 in trap_fatal (frame=0xefbfff28) at ../../i386/i386/trap.c:742
#3 0xf01ad716 in trap (frame={tf_es = 39, tf_ds = 16, tf_edi = -272629824,
tf_esi = 553, tf_ebp = -272629884, tf_isp = -272629936,
tf_ebx = -266415104, tf_edx = 560, tf_ecx = 2, tf_eax = 2,
tf_trapno = 9, tf_err = 0, tf_eip = -266652498, tf_cs = 8,
tf_eflags = 65538, tf_esp = 551, tf_ss = -266415104})
at ../../i386/i386/trap.c:440
#4 0xf01b34ae in ed_pio_readmem (sc=0xf01ed400, src=25088,
dst=0xefbfffc0 "'", amount=4) at machine/cpufunc.h:185
#5 0xf01b2e17 in edintr_sc (sc=0xf01ed400) at ../../i386/isa/if_ed.c:2284
#6 0xf01b2fda in edintr (unit=0) at ../../i386/isa/if_ed.c:2619
#7 0xf01a6047 in Xfastintr5 ()
#8 0x1b40 in ?? ()
#9 0x1095 in ?? ()
(kgdb)
and the actual panic() is here
diablo(root)/intercom/var/crash# gdb -k /intercom/kernel.debug vmcore.0
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i386-unknown-freebsd),
Copyright 1996 Free Software Foundation, Inc...
IdlePTD 202000
current pcb at 1e5c80
panic: general protection fault
#0 boot (howto=256) at ../../kern/kern_shutdown.c:243
243 dumppcb.pcb_cr3 = rcr3();
(kgdb) bt
#0 boot (howto=256) at ../../kern/kern_shutdown.c:243
#1 0xf0114922 in panic (fmt=0xf01ad315 "general protection fault")
at ../../kern/kern_shutdown.c:367
#2 0xf01ade66 in trap_fatal (frame=0xefbfff28) at ../../i386/i386/trap.c:742
#3 0xf01ad716 in trap (frame={tf_es = 39, tf_ds = 16, tf_edi = -272629824,
tf_esi = 553, tf_ebp = -272629884, tf_isp = -272629936,
tf_ebx = -266415104, tf_edx = 560, tf_ecx = 2, tf_eax = 2,
tf_trapno = 9, tf_err = 0, tf_eip = -266652498, tf_cs = 8,
tf_eflags = 65538, tf_esp = 551, tf_ss = -266415104})
at ../../i386/i386/trap.c:440
#4 0xf01b34ae in ed_pio_readmem (sc=0xf01ed400, src=25088,
dst=0xefbfffc0 "'", amount=4) at machine/cpufunc.h:185
#5 0xf01b2e17 in edintr_sc (sc=0xf01ed400) at ../../i386/isa/if_ed.c:2284
#6 0xf01b2fda in edintr (unit=0) at ../../i386/isa/if_ed.c:2619
#7 0xf01a6047 in Xfastintr5 ()
#8 0x1b40 in ?? ()
#9 0x1095 in ?? ()
(kgdb)
and I can reproduce at will. I haven't looked too closely yet, but
just thought I'd throw out the relevant info at once. (It's on a
modified RELENG_2_2_2_RELEASE with a PnP ed0 and running ipfw; I don't
think more of the info is really relevant. Nothing that looks
relevant has changed in if_ed.c from the version I have to -current).
I'll be working on this in the coming hours.
Eivind.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980217114623.18048>