port-i386: strange traps on i386

Subject: strange traps on i386
To: None <port-i386@netbsd.org>
From: David Young <dyoung@pobox.com>
List: port-i386
Date: 08/09/2007 16:10:45
I see strange traps on my Soekris net4521.  (See fault, stack trace,
and disassembly, below.)  I've noticed that the traps are not occurring
at instruction boundaries.  The traps ordinarily happen as the kernel
"unwinds" its stack following a packet transmission.  I'm guessing that
while the stack unwinds, a transmit interrupt occurs; after the interrupt
handler has run, the kernel jumps back to almost but not quite the right
instruction.  Perhaps the kernel stack has overflowed?  Stack corruption?

Incidentally, sometimes I can type 'continue' at the db> prompt and the
system keeps running like nothing happened.

(I'm not subscribed to port-i386, please cc: me on replies.)

Dave

***

rtw0: tx fifo underflow
uvm_fault(0xc606a6a0, 0xb1d8f000, 1) -> 0xe
kernel: supervisor trap page fault, code=0
Stopped in pid 418.1 (hslsd) at netbsd:in_pcbdisconnect+0x22:   incl    %ebp
db> bt
in_pcbdisconnect(c054dea0,c054dea0,c6a40e00,c0555100,c69edc14) at netbsd:in_pcbd
isconnect+0x22
udp_usrreq(c054c9a0,9,c0555100,c0701a00,0) at netbsd:udp_usrreq+0x329
sosend(c054c9a0,c0701a00,c69edb88,c0555100,0) at netbsd:sosend+0x425
do_sys_sendmsg(c6a40e00,5,c69edbf8,0,c69edc68) at netbsd:do_sys_sendmsg+0x250
sys_sendto(c6a40e00,c69edc48,c69edc68,0,806a000) at netbsd:sys_sendto+0x54
syscall_plain() at netbsd:syscall_plain+0x10d
--- syscall (number 133) ---
0xbbb1b6e7:
db> show registers
ds          0x10
es          0x10
fs          0x30
gs          0x10
edi         0xc054dea0
esi         0xb1d8fea9
ebp         0xc69eda5c
ebx         0xc054dea0
edx         0x8004d39
ecx         0x5
eax         0xc0555100
eip         0xc0125092  in_pcbdisconnect+0x22
cs          0x8
eflags      0x10206
esp         0xb1d8fea9
ss          0
netbsd:in_pcbdisconnect+0x22:   incl    %ebp
db> continue
sip0: receive FIFO overrun
sip0: receive ring overrun
uvm_fault(0xc035efa0, 0xc7665000, 1) -> 0xe
kernel: supervisor trap page fault, code=0
Stopped in pid 418.1 (hslsd) at netbsd:in_pcbdisconnect+0x23:   rorb    $0x43,%s
s:0xc7665843(%ecx)
db> continue
uvm_fault(0xc035efa0, 0xc7665000, 1) -> 0xe
kernel: supervisor trap page fault, code=0
Stopped in pid 418.1 (hslsd) at netbsd:in_pcbdisconnect+0x23:   rorb    $0x43,%s
s:0xc7665843(%ecx)
db> examine/i in_pcbdisconnect,100
netbsd:in_pcbdisconnect:        pushl   %ebp
netbsd:in_pcbdisconnect+0x1:    movl    %esp,%ebp
netbsd:in_pcbdisconnect+0x3:    pushl   %ebx
netbsd:in_pcbdisconnect+0x4:    subl    $0x4,%esp
netbsd:in_pcbdisconnect+0x7:    movl    0x8(%ebp),%ebx
netbsd:in_pcbdisconnect+0xa:    cmpl    $0x2,0x18(%ebx)
netbsd:in_pcbdisconnect+0xe:    jz      netbsd:in_pcbdisconnect+0x20
netbsd:in_pcbdisconnect+0x10:   movl    0xfffffffc(%ebp),%ebx
netbsd:in_pcbdisconnect+0x13:   leave
netbsd:in_pcbdisconnect+0x14:   ret
netbsd:in_pcbdisconnect+0x15:   leal    0(%esi),%esi
netbsd:in_pcbdisconnect+0x19:   leal    0(%edi),%edi
netbsd:in_pcbdisconnect+0x20:   movl    netbsd:zeroin_addr,%eax
netbsd:in_pcbdisconnect+0x25:   movl    %eax,0x58(%ebx)
netbsd:in_pcbdisconnect+0x28:   movw    $0,0x40(%ebx)
netbsd:in_pcbdisconnect+0x2e:   pushl   $0x1
netbsd:in_pcbdisconnect+0x30:   pushl   %ebx
netbsd:in_pcbdisconnect+0x31:   call    netbsd:in_pcbstate
netbsd:in_pcbdisconnect+0x36:   movl    0x24(%ebx),%eax
netbsd:in_pcbdisconnect+0x39:   popl    %ecx
netbsd:in_pcbdisconnect+0x3a:   popl    %edx
netbsd:in_pcbdisconnect+0x3b:   testb   $0x1,0x6(%eax)
netbsd:in_pcbdisconnect+0x3f:   jz      netbsd:in_pcbdisconnect+0x10
netbsd:in_pcbdisconnect+0x41:   movl    %ebx,0x8(%ebp)
netbsd:in_pcbdisconnect+0x44:   movl    0xfffffffc(%ebp),%ebx
netbsd:in_pcbdisconnect+0x47:   leave
netbsd:in_pcbdisconnect+0x48:   jmp     netbsd:in_pcbdetach
netbsd:in_pcbdisconnect+0x4d:   leal    0(%esi),%esi
netbsd:in_pcbbind:      pushl   %ebp
netbsd:in_pcbbind+0x1:  movl    %esp,%ebp
netbsd:in_pcbbind+0x3:  pushl   %edi
netbsd:in_pcbbind+0x4:  pushl   %esi
netbsd:in_pcbbind+0x5:  pushl   %ebx
netbsd:in_pcbbind+0x6:  subl    $0x4c,%esp
netbsd:in_pcbbind+0x9:  movl    0xc(%ebp),%eax
netbsd:in_pcbbind+0xc:  movl    0x8(%ebp),%edx
netbsd:in_pcbbind+0xf:  movl    0x24(%edx),%edi
netbsd:in_pcbbind+0x12: movl    0x28(%edx),%ecx
netbsd:in_pcbbind+0x15: movl    %ecx,0xffffffc4(%ebp)
netbsd:in_pcbbind+0x18: movswl  0x2(%edi),%ebx
netbsd:in_pcbbind+0x1c: movl    %ebx,%esi
netbsd:in_pcbbind+0x1e: andl    $0x200,%esi
netbsd:in_pcbbind+0x24: movl    %esi,0xffffffcc(%ebp)
netbsd:in_pcbbind+0x27: cmpl    $0x2,0x18(%edx)
netbsd:in_pcbbind+0x2b: jnz     netbsd:in_pcbbind+0x110
--db_more--

Dave

-- 
David Young             OJC Technologies
dyoung@ojctech.com      Urbana, IL * (217) 278-3933 ext 24