Site Navigation

Date:      Thu, 23 Mar 2000 05:47:32 -0500
From:      Jim Mercer <jim@reptiles.org>
To:        Matthew Dillon <dillon@apollo.backplane.com>
Cc:        hackers@FreeBSD.ORG
Subject:   Re: possible bug in kernel/if_ether.c
Message-ID:  <20000323054731.W983@reptiles.org>
In-Reply-To: <200003230515.VAA96507@apollo.backplane.com>; from dillon@apollo.backplane.com on Wed, Mar 22, 2000 at 09:15:27PM -0800
References:  <20000322225639.T983@reptiles.org> <200003230515.VAA96507@apollo.backplane.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--LpQ9ahxlCli8rRTG
Content-Type: text/plain; charset=us-ascii

On Wed, Mar 22, 2000 at 09:15:27PM -0800, Matthew Dillon wrote:
> :#5  0xc01997c8 in arpintr () at ../../netinet/if_ether.c:447
> 
>     Very, very weird.  Can you disassemble the 'arpintr' function from your
>     kernel binary?
> 
>     gdb -k /kernel	(or kernel.debug if you have it)
>     disassemble arpintr

no problem (although much of this appears well over my head).
thanx for having a look.

>     I can't pinpoint the fault point since my kernel is compiled up
>     differently, but I suspect it's at the line I've indicated below.
> 
>     Unfortunately, it makes no sense whatsoever because %ebx would have to
>     be NULL and that case already checked.  I suspect the actual fault
>     address is somewhere else if you do the dissassembly it should help.

just to clarify, i'm running 4.0-RELEASE, with a cvsup 4.x-stable-supfile
as at approx Mar 21 02:00

i've attached my kernel config file as well.

FreeBSD snuffy.nag.ca 4.0-STABLE FreeBSD 4.0-STABLE #2: Tue Mar 21 03:48:14 EST 2000     toor@snuffy.nag.ca:/usr/src/sys/compile/NAG-ORANGE  i386

also, as at 23:00 last night (currently 05:30) i ifconfig'd the rl0 to 10mbps
and rebooted, and i haven't had a reboot yet.

mind you, it hasn't been rebooting with any regular frequency, nor do the
reboots appear to be related to system load.  (ie, i had some heavy database processing happening and a "make world" at the same time, without a reboot, then
got a reboot later during an idle period).

from kernel.debug:

(kgdb) disassemble arpintr
Dump of assembler code for function arpintr:
0xc019972c <arpintr>:   pushl  %ebp
0xc019972d <arpintr+1>: movl   %esp,%ebp
0xc019972f <arpintr+3>: pushl  %esi
0xc0199730 <arpintr+4>: pushl  %ebx
0xc0199731 <arpintr+5>: cmpl   $0x0,0xc0270084
0xc0199738 <arpintr+12>:        je     0xc019986c <arpintr+320>
0xc019973e <arpintr+18>:        call   0xc0232224 <splimp>
0xc0199743 <arpintr+23>:        movl   %eax,%edx
0xc0199745 <arpintr+25>:        movl   0xc0270084,%ebx
0xc019974b <arpintr+31>:        testl  %ebx,%ebx
0xc019974d <arpintr+33>:        je     0xc0199775 <arpintr+73>
0xc019974f <arpintr+35>:        movl   0x4(%ebx),%eax
0xc0199752 <arpintr+38>:        movl   %eax,0xc0270084
0xc0199757 <arpintr+43>:        testl  %eax,%eax
0xc0199759 <arpintr+45>:        jne    0xc0199768 <arpintr+60>
0xc019975b <arpintr+47>:        movl   $0x0,0xc0270088
0xc0199765 <arpintr+57>:        leal   0x0(%esi),%esi
0xc0199768 <arpintr+60>:        movl   $0x0,0x4(%ebx)
0xc019976f <arpintr+67>:        decl   0xc027008c
0xc0199775 <arpintr+73>:        pushl  %edx
0xc0199776 <arpintr+74>:        call   0xc02320f4 <splx>
0xc019977b <arpintr+79>:        addl   $0x4,%esp
0xc019977e <arpintr+82>:        testl  %ebx,%ebx
0xc0199780 <arpintr+84>:        je     0xc0199788 <arpintr+92>
0xc0199782 <arpintr+86>:        testb  $0x2,0x12(%ebx)
0xc0199786 <arpintr+90>:        jne    0xc0199794 <arpintr+104>
0xc0199788 <arpintr+92>:        pushl  $0xc024bace
0xc019978d <arpintr+97>:        call   0xc0154968 <panic>
0xc0199792 <arpintr+102>:       movl   %esi,%esi
0xc0199794 <arpintr+104>:       cmpl   $0x7,0xc(%ebx)
0xc0199798 <arpintr+108>:       ja     0xc01997c8 <arpintr+156>
0xc019979a <arpintr+110>:       pushl  $0x8
0xc019979c <arpintr+112>:       pushl  %ebx
0xc019979d <arpintr+113>:       call   0xc016e4b8 <m_pullup>
0xc01997a2 <arpintr+118>:       addl   $0x8,%esp
0xc01997a5 <arpintr+121>:       testl  %eax,%eax
0xc01997a7 <arpintr+123>:       sete   %al
0xc01997aa <arpintr+126>:       movzbl %al,%ebx
0xc01997ad <arpintr+129>:       testl  %ebx,%ebx
0xc01997af <arpintr+131>:       je     0xc01997c8 <arpintr+156>
0xc01997b1 <arpintr+133>:       pushl  $0xc024bae0
0xc01997b6 <arpintr+138>:       pushl  $0x3
0xc01997b8 <arpintr+140>:       call   0xc015f524 <log>
0xc01997bd <arpintr+145>:       addl   $0x8,%esp
0xc01997c0 <arpintr+148>:       jmp    0xc0199731 <arpintr+5>
0xc01997c5 <arpintr+153>:       leal   0x0(%esi),%esi
0xc01997c8 <arpintr+156>:       movl   0x8(%ebx),%ecx
0xc01997cb <arpintr+159>:       movzwl (%ecx),%eax
0xc01997ce <arpintr+162>:       xchgb  %ah,%al
0xc01997d0 <arpintr+164>:       cmpw   $0x1,%ax
0xc01997d4 <arpintr+168>:       je     0xc0199804 <arpintr+216>
0xc01997d6 <arpintr+170>:       movzwl (%ecx),%eax
0xc01997d9 <arpintr+173>:       xchgb  %ah,%al
0xc01997db <arpintr+175>:       cmpw   $0x6,%ax
0xc01997df <arpintr+179>:       je     0xc0199804 <arpintr+216>
0xc01997e1 <arpintr+181>:       pushl  $0xc024ba8e
0xc01997e6 <arpintr+186>:       pushl  %ecx
0xc01997e7 <arpintr+187>:       pushl  $0xc024bb20
0xc01997ec <arpintr+192>:       pushl  $0x3
0xc01997ee <arpintr+194>:       call   0xc015f524 <log>
0xc01997f3 <arpintr+199>:       pushl  %ebx
0xc01997f4 <arpintr+200>:       call   0xc016d99c <m_freem>
0xc01997f9 <arpintr+205>:       addl   $0x14,%esp
0xc01997fc <arpintr+208>:       jmp    0xc0199731 <arpintr+5>
0xc0199801 <arpintr+213>:       leal   0x0(%esi),%esi
0xc0199804 <arpintr+216>:       movl   %ebx,%eax
0xc0199806 <arpintr+218>:       xorl   %esi,%esi
0xc0199808 <arpintr+220>:       testl  %ebx,%ebx
0xc019980a <arpintr+222>:       je     0xc0199815 <arpintr+233>
0xc019980c <arpintr+224>:       addl   0xc(%eax),%esi
0xc019980f <arpintr+227>:       movl   (%eax),%eax
0xc0199811 <arpintr+229>:       testl  %eax,%eax
0xc0199813 <arpintr+231>:       jne    0xc019980c <arpintr+224>
0xc0199815 <arpintr+233>:       movzbl 0x4(%ecx),%edx
0xc0199819 <arpintr+237>:       movzbl 0x5(%ecx),%eax
0xc019981d <arpintr+241>:       leal   0x8(,%eax,2),%eax
0xc0199824 <arpintr+248>:       leal   (%eax,%edx,2),%edx
0xc0199827 <arpintr+251>:       cmpl   %edx,%esi
0xc0199829 <arpintr+253>:       jae    0xc0199848 <arpintr+284>
0xc019982b <arpintr+255>:       pushl  $0xc024bb4b
0xc0199830 <arpintr+260>:       pushl  $0x3
0xc0199832 <arpintr+262>:       call   0xc015f524 <log>
0xc0199837 <arpintr+267>:       pushl  %ebx
0xc0199838 <arpintr+268>:       call   0xc016d99c <m_freem>
0xc019983d <arpintr+273>:       addl   $0xc,%esp
0xc0199840 <arpintr+276>:       jmp    0xc0199731 <arpintr+5>
0xc0199845 <arpintr+281>:       leal   0x0(%esi),%esi
0xc0199848 <arpintr+284>:       movzwl 0x2(%ecx),%eax
0xc019984c <arpintr+288>:       xchgb  %ah,%al
0xc019984e <arpintr+290>:       cmpw   $0x800,%ax
0xc0199852 <arpintr+294>:       jne    0xc019985c <arpintr+304>
0xc0199854 <arpintr+296>:       pushl  %ebx
0xc0199855 <arpintr+297>:       call   0xc0199874 <in_arpinput>
0xc019985a <arpintr+302>:       jmp    0xc0199862 <arpintr+310>
0xc019985c <arpintr+304>:       pushl  %ebx
0xc019985d <arpintr+305>:       call   0xc016d99c <m_freem>
0xc0199862 <arpintr+310>:       addl   $0x4,%esp
0xc0199865 <arpintr+313>:       jmp    0xc0199731 <arpintr+5>
0xc019986a <arpintr+318>:       movl   %esi,%esi
0xc019986c <arpintr+320>:       leal   0xfffffff8(%ebp),%esp
0xc019986f <arpintr+323>:       popl   %ebx
0xc0199870 <arpintr+324>:       popl   %esi
0xc0199871 <arpintr+325>:       leave  
0xc0199872 <arpintr+326>:       ret    
End of assembler dump.


-- 
[ Jim Mercer                 jim@reptiles.org              +1 416 506-0654 ]
[          Reptilian Research -- Longer Life through Colder Blood          ]
[  Don't be fooled by cheap Finnish imitations; BSD is the One True Code.  ]

--LpQ9ahxlCli8rRTG
Content-Type: text/plain; charset=us-ascii
Content-Description: kernel config
Content-Disposition: attachment; filename=NAG-ORANGE

#

machine		i386
cpu		I586_CPU
cpu		I686_CPU
ident		"NAG-ORANGE"
maxusers	64

makeoptions	DEBUG=-g		#Build kernel with gdb(1) debug symbols

options 	INET			#InterNETworking
#options 	INET6			#IPv6 communications protocols
options 	FFS			#Berkeley Fast Filesystem
options 	FFS_ROOT		#FFS usable as root device [keep this!]
options 	MFS			#Memory Filesystem
options 	MD_ROOT			#MD is a potential root device
options 	NFS			#Network Filesystem
options 	NFS_ROOT		#NFS usable as root device, NFS required
options 	MSDOSFS			#MSDOS Filesystem
options 	CD9660			#ISO 9660 Filesystem
options 	CD9660_ROOT		#CD-ROM usable as root, CD9660 required
options 	PROCFS			#Process filesystem
options 	COMPAT_43		#Compatible with BSD 4.3 [KEEP THIS!]
options 	SCSI_DELAY=15000	#Delay (in ms) before probing SCSI
options 	UCONSOLE		#Allow users to grab the console
options 	USERCONFIG		#boot -c editor
options 	VISUAL_USERCONFIG	#visual boot -c editor
options 	KTRACE			#ktrace(1) support
options 	SYSVSHM			#SYSV-style shared memory
options 	SYSVMSG			#SYSV-style message queues
options 	SYSVSEM			#SYSV-style semaphores
options 	P1003_1B		#Posix P1003_1B real-time extentions
options 	_KPOSIX_PRIORITY_SCHEDULING
options		ICMP_BANDLIM		#Rate limit bad replies
options 	INCLUDE_CONFIG_FILE     # Include this file in kernel
options 	IPFIREWALL		#firewall
options 	IPFIREWALL_VERBOSE	#print information about
					# dropped packets
options 	IPFIREWALL_FORWARD	#enable transparent proxy support
options 	IPFIREWALL_VERBOSE_LIMIT=100	#limit verbosity
options 	IPFIREWALL_DEFAULT_TO_ACCEPT	#allow everything by default
options 	TCP_DROP_SYNFIN		#drop TCP packets with SYN+FIN
options 	TCP_RESTRICT_RST	#restrict emission of TCP RST
options 	DUMMYNET
options 	MD5

# To make an SMP kernel, the next two are needed
options 	SMP			# Symmetric MultiProcessor Kernel
options 	APIC_IO			# Symmetric (APIC) I/O
# Optionally these may need tweaked, (defaults shown):
#options 	NCPU=2			# number of CPUs
#options 	NBUS=4			# number of busses
#options 	NAPIC=1			# number of IO APICs
#options 	NINTR=24		# number of INTs

device		isa
device		pci

# Floppy drives
device		fdc0	at isa? port IO_FD1 irq 6 drq 2
device		fd0	at fdc0 drive 0

# SCSI Controllers
device		ahc		# AHA2940 and onboard AIC7xxx devices

# SCSI peripherals
device		scbus		# SCSI bus (required)
device		da		# Direct Access (disks)
device		sa		# Sequential Access (tape etc)
device		cd		# CD
device		pass		# Passthrough device (direct SCSI access)

# atkbdc0 controls both the keyboard and the PS/2 mouse
device		atkbdc0	at isa? port IO_KBD
device		atkbd0	at atkbdc? irq 1

device		vga0	at isa?

# splash screen/screen saver
pseudo-device	splash

# syscons is the default console driver, resembling an SCO console
device		sc0	at isa?

# Floating point support - do not disable.
device		npx0	at nexus? port IO_NPX irq 13

# Serial (COM) ports
device		sio0	at isa? port IO_COM1 flags 0x10 irq 4
device		sio1	at isa? port IO_COM2 irq 3

# Parallel port
device		ppc0	at isa? irq 7
device		ppbus		# Parallel port bus (required)
device		lpt		# Printer
device		plip		# TCP/IP over parallel
device		ppi		# Parallel port interface device


# PCI Ethernet NICs that use the common MII bus controller code.
device		miibus		# MII bus support
device		rl		# RealTek 8129/8139

# Pseudo devices - the number indicates how many units to allocated.
pseudo-device	loop		# Network loopback
pseudo-device	ether		# Ethernet support
pseudo-device	pty		# Pseudo-ttys (telnet etc)
pseudo-device	md		# Memory "disks"
pseudo-device	bpf		#Berkeley packet filter


--LpQ9ahxlCli8rRTG--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000323054731.W983>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact