From scrappy@ki.net  Sat Mar 16 11:37:18 1996
Received: from ki.net (ki.net [142.77.249.8])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id LAA25969
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 16 Mar 1996 11:36:51 -0800 (PST)
Received: (from scrappy@localhost) by ki.net (8.7.4/8.7.4) id OAA01317; Sat, 16 Mar 1996 14:34:51 -0500 (EST)
Message-Id: <199603161934.OAA01317@ki.net>
Date: Sat, 16 Mar 1996 14:34:51 -0500 (EST)
From: "Marc G. Fournier" <scrappy@ki.net>
Reply-To: scrappy@ki.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: Panic: _ed start(f01dc0ec) at ed start+0x315
X-Send-Pr-Version: 3.2

>Number:         1082
>Category:       kern
>Synopsis:       Panic: _ed start(f01dc0ec) at ed start+0x315
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 16 11:40:01 PST 1996
>Closed-Date:    Fri Apr 5 09:31:53 PST 1996
>Last-Modified:  Fri Apr  5 09:37:15 PST 1996
>Originator:     Marc G. Fournier
>Release:        FreeBSD 2.2-CURRENT i386
>Organization:
>Environment:

FreeBSD 2.2-CURRENT #0: Fri Mar 15 12:20:55 EST 1996
    scrappy@freebsd.ki.net:/usr/src/sys/compile/freebsd
CPU: i486DX (486-class CPU)
real memory  = 16777216 (16384K bytes)
avail memory = 14708736 (14364K bytes)
DEVFS: ready for devices
Probing for devices on the ISA bus:
vt0 at 0x60-0x6f irq 1 on motherboard
vt0: mda, mono, 8 scr, mf2-kbd, [R3.20-b24]
ed0 at 0x280-0x29f irq 5 maddr 0xd8000 msize 16384 on isa
ed0: address 00:00:c0:b7:91:71, type WD8013EPC (16 bit) 
fdc0 at 0x3f0-0x3f7 irq 6 drq 2 on isa
fdc0: NEC 72065B
fd0: 1.44MB 3.5in
aha0 at 0x330-0x333 irq 11 drq 5 on isa
aha0 waiting for scsi devices to settle
(aha0:0:0): "UNISYS U0531 ST3600N 8374" type 0 fixed SCSI 2
sd0(aha0:0:0): Direct-Access 500MB (1025920 512 byte sectors)
mcd0 not found at 0x340
npx0 on motherboard
npx0: INT 16 interface
devfs ready to run

>Description:

Out of space for completing savecore...space problem fixed for next
time, but DDB information is all that is available this time :(


Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0x7ea8afb1
fault code		= supervisor read, page not present
instruction pointer	= 0x8:0xf01aead1
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 10868 (ypbind)
interrupt mask		= net
kernel: type 12, code=0
Stopped at ed start+0x315:	movb 0xc5(%esi),%cl
db> tra
_ed start(f01dc0ec) at ed start+0x315
_ether output(f01dc0ec,f0979480,f0976830,f0908200,f09e0900) at ether output+0x2d9
_ip output(f0979480,0,f097682c,20,0) at ip output+0x441
_udp output() at udp output+0x1b1
_udp usrreq() at udp usrreq+0x245
_sosent() at sosend+0x58a
_sendit() at sendit+0x1b8
_sendto() at sendto+0x50
_syscall() at syscall+0x129
_Xsyscall() at Xsyscall+0x35
--- syscall 133, eip = 0x8053285, ebp = 0xefbfd164 ---


Script started on Mon Apr  1 13:39:35 1996
freebsd# gdb -k /usr/src/sys/compile/freebsd/kernel.debug vmcore.5[K4

GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.13 (i386-unknown-freebsd), 
Copyright 1994 Free Software Foundation, Inc...
IdlePTD 20d000
current pcb at 1dae20
panic: from debugger
#0  boot (howto=260) at ../../i386/i386/machdep.c:942
942					dumppcb.pcb_ptd = rcr3();
(kgdb) where
#0  boot (howto=260) at ../../i386/i386/machdep.c:942
#1  0xf0113707 in panic (fmt=0xf01011f8 "from debugger")
    at ../../kern/subr_prf.c:133
#2  0xf0101215 in db_panic (dummy1=-266744989, dummy2=0, dummy3=-1, 
    dummy4=0xf01c9aac "") at ../../ddb/db_command.c:395
#3  0xf01010fe in db_command (last_cmdp=0xf01cab34, cmd_table=0xf01ca994)
    at ../../ddb/db_command.c:288
#4  0xf010127d in db_command_loop () at ../../ddb/db_command.c:417
#5  0xf01035e8 in db_trap (type=3, code=0) at ../../ddb/db_trap.c:73
#6  0xf019c93a in kdb_trap (type=3, code=0, regs=0xf01c9ba8)
    at ../../i386/i386/db_interface.c:136
#7  0xf01a48ec in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -266556620, 
      tf_esi = -267382280, tf_ebp = -266560532, tf_isp = -266560560, 
      tf_ebx = 256, tf_edx = -266745035, tf_ecx = 1920, tf_eax = 18, 
      tf_trapno = 3, tf_err = 0, tf_eip = -266744989, tf_cs = -266600440, 
      tf_eflags = 582, tf_esp = -266745051, tf_ss = -267307362})
    at ../../i386/i386/trap.c:399
#8  0xf019d1b1 in calltrap ()
#9  0xf01136fe in panic (fmt=0xf01011f8 "from debugger")
    at ../../kern/subr_prf.c:129
#10 0xf0101215 in db_panic (dummy1=-266652479, dummy2=0, dummy3=-1, 
    dummy4=0xf01c9c3c "") at ../../ddb/db_command.c:395
#11 0xf01010fe in db_command (last_cmdp=0xf01cab34, cmd_table=0xf01ca994)
    at ../../ddb/db_command.c:288
#12 0xf010127d in db_command_loop () at ../../ddb/db_command.c:417
#13 0xf01035e8 in db_trap (type=12, code=0) at ../../ddb/db_trap.c:73
#14 0xf019c93a in kdb_trap (type=12, code=0, regs=0xf01c9d8c)
    at ../../i386/i386/db_interface.c:136
#15 0xf01a50af in trap_fatal (frame=0xf01c9d8c) at ../../i386/i386/trap.c:736
#16 0xf01a4bac in trap_pfault (frame=0xf01c9d8c, usermode=0)
    at ../../i386/i386/trap.c:651
#17 0xf01a483f in trap (frame={tf_es = -267190256, tf_ds = -266534896, 
      tf_edi = -267583428, tf_esi = -266477172, tf_ebp = -266560020, 
      tf_isp = -266560076, tf_ebx = 656, tf_edx = 662, tf_ecx = 662, 
      tf_eax = -267583488, tf_trapno = 12, tf_err = -266665984, 
      tf_eip = -266652479, tf_cs = -267583480, tf_eflags = 66134, 
      tf_esp = -1073610752, tf_ss = -258322176}) at ../../i386/i386/trap.c:319
#18 0xf019d1b1 in calltrap ()
#19 0xf01387d5 in ether_output (ifp=0xf01de18c, m0=0xf09a5100, dst=0xf09c5d70, 
    rt0=0xf099ab00) at ../../net/if_ethersubr.c:307
#20 0xf0141ee1 in ip_output (m0=0xf09a5100, opt=0x0, ro=0xf09b5d2c, flags=0, 
    imo=0x0) at ../../netinet/ip_output.c:355
#21 0xf0145e4d in tcp_output (tp=0xf094c900) at ../../netinet/tcp_output.c:689
#22 0xf0144cb2 in tcp_input (m=0xf09bf380, iphlen=20)
    at ../../netinet/tcp_input.c:1625
#23 0xf0140bdd in ip_input (m=0xf09bf380) at ../../netinet/ip_input.c:447
#24 0xf0140c54 in ipintr () at ../../netinet/ip_input.c:468
(kgdb) up 17
#17 0xf01a483f in trap (frame={tf_es = -267190256, tf_ds = -266534896, 
      tf_edi = -267583428, tf_esi = -266477172, tf_ebp = -266560020, 
      tf_isp = -266560076, tf_ebx = 656, tf_edx = 662, tf_ecx = 662, 
      tf_eax = -267583488, tf_trapno = 12, tf_err = -266665984, 
      tf_eip = -266652479, tf_cs = -267583480, tf_eflags = 66134, 
      tf_esp = -1073610752, tf_ss = -258322176}) at ../../i386/i386/trap.c:319
319				(void) trap_pfault(&frame, FALSE);
(kgdb) frame frame->tf_ebp frame->tf_eip
#0  ed_start (ifp=0xf01de18c) at ../../i386/isa/if_ed.c:1744
1744		outb(sc->nic_addr + ED_P0_CR, sc->cr_proto | ED_CR_TXP | ED_CR_STA);
(kgdb) list
1739		outb(sc->nic_addr + ED_P0_TBCR1, len >> 8);
1740	
1741		/*
1742		 * Set page 0, Remote DMA complete, Transmit Packet, and *Start*
1743		 */
1744		outb(sc->nic_addr + ED_P0_CR, sc->cr_proto | ED_CR_TXP | ED_CR_STA);
1745		sc->xmit_busy = 1;
1746	
1747		/*
1748		 * Point to next transmit buffer slot and wrap if necessary.
(kgdb) print sc
$1 = (struct ed_softc *) 0xf0905000
(kgdb) print sc->nic_addr
$2 = 61575
(kgdb) up
#1  0xf01387d5 in ether_output (ifp=0xf01de18c, m0=0xf09a5100, dst=0xf09c5d70, 
    rt0=0xf099ab00) at ../../net/if_ethersubr.c:307
307			(*ifp->if_start)(ifp);
(kgdb) up
#2  0xf0141ee1 in ip_output (m0=0xf09a5100, opt=0x0, ro=0xf09b5d2c, flags=0, 
    imo=0x0) at ../../netinet/ip_output.c:355
355			error = (*ifp->if_output)(ifp, m,
(kgdb) up
#3  0xf0145e4d in tcp_output (tp=0xf094c900) at ../../netinet/tcp_output.c:689
689		error = ip_output(m, tp->t_inpcb->inp_options, &tp->t_inpcb->inp_route,
(kgdb) up
#4  0xf0144cb2 in tcp_input (m=0xf09bf380, iphlen=20)
    at ../../netinet/tcp_input.c:1625
1625		(void) tcp_output(tp);
(kgdb) up
#5  0xf0140bdd in ip_input (m=0xf09bf380) at ../../netinet/ip_input.c:447
447		(*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen);
(kgdb) up
#6  0xf0140c54 in ipintr () at ../../netinet/ip_input.c:468
468			ip_input(m);
(kgdb) up
Initial frame selected; you cannot go up.
(kgdb) quit
freebsd# exit

exit

Script done on Mon Apr  1 13:41:53 1996

>How-To-Repeat:

	

>Fix:
	
	

>Release-Note:
>Audit-Trail:

From: David Greenman <davidg@Root.COM>
To: scrappy@ki.net
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/1082: Panic: _ed start(f01dc0ec) at ed start+0x315 
Date: Sat, 16 Mar 1996 13:29:44 -0800

 >
 >>Number:         1082
 >>Category:       kern
 >>Synopsis:       Panic: _ed start(f01dc0ec) at ed start+0x315
 
    How does your ed0 line read in your config file?
 
 -DG
 
 David Greenman
 Core-team/Principal Architect, The FreeBSD Project

From: "Marc G. Fournier" <scrappy@ki.net>
To: David Greenman <davidg@Root.COM>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/1082: Panic: _ed start(f01dc0ec) at ed start+0x315 
Date: Sat, 16 Mar 1996 16:42:08 -0500 (EST)

 On Sat, 16 Mar 1996, David Greenman wrote:
 
 > >
 > >>Number:         1082
 > >>Category:       kern
 > >>Synopsis:       Panic: _ed start(f01dc0ec) at ed start+0x315
 > 
 >    How does your ed0 line read in your config file?
 >
 
 device ed0 at isa? port 0x280 net irq 5 iomem 0xd8000 vector edintr
 
 
 
 Marc G. Fournier | POP Mail  Telnet Acct  DNS Hosting
 System           |  WWW Services   Database Services  | Knowledge, 
   Administrator  |                                    | Information and
  scrappy@ki.net  |      WWW: http://www.ki.net        | Communications, Inc
 
State-Changed-From-To: open->closed 
State-Changed-By: scrappy 
State-Changed-When: Fri Apr 5 09:31:53 PST 1996 
State-Changed-Why:  

I submitted the report, and after turning off optimizing for the offending 
kernel module, the system has been running for 3 days straight. 
>Unformatted:
