Date: Tue, 17 Feb 1998 23:48:52 +0100 From: Eivind Eklund <eivind@yes.no> To: Mike Smith <mike@smith.net.au>, Eivind Eklund <eivind@yes.no> Cc: hackers@FreeBSD.ORG Subject: Re: ed overwrite clue? Message-ID: <19980217234852.01126@follo.net> In-Reply-To: <199802172227.OAA03189@dingo.cdrom.com>; from Mike Smith on Tue, Feb 17, 1998 at 02:27:32PM -0800 References: <19980217130957.45413@follo.net> <199802172227.OAA03189@dingo.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 17, 1998 at 02:27:32PM -0800, Mike Smith wrote: > > > One question; the destination of the insw - is that actually a > > > legitimate address? ie. is it on the kernel stack, or somewhere > > > else? > > > > It looks like the destination is on the kernel stack. The source > > looks more suspicious - it is at 0x6200... > > That's not unreasonable; the onboard memory on an NE card isn't based > at zero. See the comments and code in the Novell-specific probe > section for details on this. I've been looking more closesly now - I'm having the destination addresses switch between 0xefbX XXXX and 0xf01X XXXX. The 0xf01*-addresses never crash. And there are much more of the 0xf01*-addresses - I've seen hundreds of 0xf01* pass without getting any crashes, while between 10% and 20% of the 0xefb* crash. (But not 100%, which makes this more complicated). Throwing the interrupt in an splhigh() don't seem to make a difference, so that's not where the problem is. I'm about to start trigging some crashdumps on purpose now, so I can get a good look at how a dump for an OK case is. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980217234852.01126>