From: Matt Mackall <mpm@selenic.com>

> On the other hand, 0x39233030 = "9#00" -> suspiciously like the tail of a
> gdb packet.

And indeed it was: write_buffer was doing skb_reserve wrong, which led to
stuff running off the end of the skbuff and scribbling on the next one
apparently.  Not sure how this worked for you, perhaps luck with slab
alignment.  Here's some improved kgdb debugging and the fix in the last
hunk.



 arch/i386/kernel/kgdb_stub.c |   25 +++++++------------------
 drivers/net/kgdb_eth.c       |    2 +-
 2 files changed, 8 insertions(+), 19 deletions(-)

diff -puN arch/i386/kernel/kgdb_stub.c~kgdb-skb_reserve-fix arch/i386/kernel/kgdb_stub.c
--- 25/arch/i386/kernel/kgdb_stub.c~kgdb-skb_reserve-fix	2003-09-08 21:51:54.000000000 -0700
+++ 25-akpm/arch/i386/kernel/kgdb_stub.c	2003-09-08 21:51:54.000000000 -0700
@@ -119,6 +119,7 @@
 #include <linux/irq.h>
 #include <asm/desc.h>
 #include <linux/inet.h>
+#include <linux/kallsyms.h>
 
 /************************************************************************
  *
@@ -1246,6 +1247,7 @@ kgdb_handle_exception(int exceptionVecto
 	struct task_struct *usethread = NULL;
 	struct task_struct *thread_list_start = 0, *thread = NULL;
 	int addr, length;
+	unsigned long address;
 	int breakno, breaktype;
 	char *ptr;
 	int newPC;
@@ -1277,6 +1279,8 @@ kgdb_handle_exception(int exceptionVecto
 	 * If we're using eth mode, set the 'mode' in the netdevice.
 	 */
 
+	__asm__("movl %%cr2,%0":"=r" (address));
+
 	if (kgdb_eth != -1) {
 		kgdb_eth_set_trapmode(1);
 	}
@@ -1417,29 +1421,14 @@ kgdb_handle_exception(int exceptionVecto
 #endif
 
 	if (remote_debug) {
-		unsigned long *lp = (unsigned long *) &linux_regs;
-
 		printk("handle_exception(exceptionVector=%d, "
 		       "signo=%d, err_code=%d, linux_regs=%p)\n",
 		       exceptionVector, signo, err_code, linux_regs);
+		printk(" address: %lx\n", address);
+
 		if (debug_regs) {
 			print_regs(&regs);
-			printk("Stk: %8lx %8lx %8lx %8lx"
-			       "  %8lx %8lx %8lx %8lx\n",
-			       lp[0], lp[1], lp[2], lp[3],
-			       lp[4], lp[5], lp[6], lp[7]);
-			printk("     %8lx %8lx %8lx %8lx"
-			       "  %8lx %8lx %8lx %8lx\n",
-			       lp[8], lp[9], lp[10], lp[11],
-			       lp[12], lp[13], lp[14], lp[15]);
-			printk("     %8lx %8lx %8lx %8lx  "
-			       "%8lx %8lx %8lx %8lx\n",
-			       lp[16], lp[17], lp[18], lp[19],
-			       lp[20], lp[21], lp[22], lp[23]);
-			printk("     %8lx %8lx %8lx %8lx  "
-			       "%8lx %8lx %8lx %8lx\n",
-			       lp[24], lp[25], lp[26], lp[27],
-			       lp[28], lp[29], lp[30], lp[31]);
+			show_trace(current, (unsigned long *)&regs);
 		}
 	}
 
diff -puN drivers/net/kgdb_eth.c~kgdb-skb_reserve-fix drivers/net/kgdb_eth.c
--- 25/drivers/net/kgdb_eth.c~kgdb-skb_reserve-fix	2003-09-08 21:51:54.000000000 -0700
+++ 25-akpm/drivers/net/kgdb_eth.c	2003-09-08 21:51:54.000000000 -0700
@@ -109,7 +109,7 @@ write_buffer(char *buf, int len)
 	}
 
 	atomic_set(&skb->users, 1);
-	skb_reserve(skb, total_len - 1);
+	skb_reserve(skb, total_len - len);
 
 	memcpy(skb->data, (unsigned char *) buf, len);
 	skb->len += len;

_