From owner-freebsd-bugs  Fri Feb  9 23:10:21 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id B4D6C37B401
	for <freebsd-bugs@hub.freebsd.org>; Fri,  9 Feb 2001 23:10:03 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f1A7A3M96245;
	Fri, 9 Feb 2001 23:10:03 -0800 (PST)
	(envelope-from gnats)
Date: Fri, 9 Feb 2001 23:10:03 -0800 (PST)
Message-Id: <200102100710.f1A7A3M96245@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: "Paul A. Scott" <pscott@the-frontier.org>
Subject: Re: kern/24958: Fatal trap 12 in kernel mode (swapper) on Compaq Presario
Reply-To: "Paul A. Scott" <pscott@the-frontier.org>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR kern/24958; it has been noted by GNATS.

From: "Paul A. Scott" <pscott@the-frontier.org>
To: <freebsd-gnats-submit@FreeBSD.org>, <pscott@cue.net>
Cc:  
Subject: Re: kern/24958: Fatal trap 12 in kernel mode (swapper) on Compaq Presario
Date: Fri, 9 Feb 2001 23:08:51 -0800

 More information:
 
 #nm -n kernel | grep c019f
 ...
 c019f7a0 t msginit
 c019f90c T msgsys
 c019f938 t msg_freehdr
 c019f9e0 T msgctl
 c019fbc0 T msgget
 c019fd60 T msgsnd  <----- Here!
 
 #nm --size-sort kernel | egrep "(msgget)|(msgsnd)"
 000001a0 T msgget
 00000400 T msgsnd  <----- Definitely long enough!
 
 #gdb /sys/compile/GENERIC/sysv_msg.o
 (gdb) disas msgsnd
 Dump of assembler code for function msgsnd:
 0x5c0 <msgsnd>: push   %ebp
 0x5c1 <msgsnd+1>:       mov    %esp,%ebp
 0x5c3 <msgsnd+3>:       sub    $0x18,%esp
 0x5c6 <msgsnd+6>:       push   %edi
 0x5c7 <msgsnd+7>:       push   %esi
 0x5c8 <msgsnd+8>:       push   %ebx
 0x5c9 <msgsnd+9>:       mov    0xc(%ebp),%ecx
 ...
 0x6c6 <msgsnd+262>:     call   0x6c7 <msgsnd+263>
 0x6cb <msgsnd+267>:     mov    %eax,0xfffffff0(%ebp)
 0x6ce <msgsnd+270>:     add    $0x10,%esp
 0x6d1 <msgsnd+273>:     test   %ebx,%ebx
 0x6d3 <msgsnd+275>:     je     0x6db <msgsnd+283>
 0x6d5 <msgsnd+277>:     andw   $0xfdff,0x8(%esi)
 0x6db <msgsnd+283>:     cmpl   $0x0,0xfffffff0(%ebp)
 0x6df <msgsnd+287>:     jne    0x94c <msgsnd+908>
 0x6e5 <msgsnd+293>:     cmpl   $0x0,0x20(%esi)     < --- Doesn't match dump!
 0x6e9 <msgsnd+297>:     jne    0x654 <msgsnd+148>
 0x6ef <msgsnd+303>:     mov    $0x52,%eax
 0x6f4 <msgsnd+308>:     jmp    0x9b7 <msgsnd+1015>
 
 A little math:
 
 ( ip = 0xc019fe83 ) - ( msgsnd = 0xc019fd60 ) = 0x0123
 ( msgsnd = 0x05c0 ) + ( 0x0123 ) = 0x06e3  < --- Doesn't match code!
 
 Could be a wild interrupt vector. Can't check for conflicts because
 the userconfig (boot -c) won't work either (pr kern/24957). Will attempt
 to get userconfig to work on console attached to serial port (boot -h).
 More to come . . .
 
 Paul
 
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message