Date: Fri, 2 Mar 2001 17:19:10 -0600 From: Jonathan Lemon <jlemon@flugsvamp.com> To: Matt Dillon <dillon@earth.backplane.com> Cc: Mike Tancsa <mike@sentex.net>, Bosko Milekic <bmilekic@technokratis.com>, stable@FreeBSD.ORG, jlemon@flugsvamp.com, phk@critter.freebsd.dk Subject: Re: Continued panics on a recent STABLE machine Message-ID: <20010302171910.J25974@prism.flugsvamp.com> In-Reply-To: <200103022307.f22N76Z10552@earth.backplane.com> References: <01a101c0a1ea$77a64b20$becbca18@jehovah> <4.2.2.20010228114855.03d28be0@marble.sentex.net> <4.2.2.20010301151110.01de4650@marble.sentex.net> <200103022307.f22N76Z10552@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 02, 2001 at 03:07:06PM -0800, Matt Dillon wrote: > Try to get a core guys (& keep a copy of the kernel.debug). It looks > like it should be possible to get a core. My guess is someone broke > something associated with mbuf handling. The virtual address is > completely and utterly bogus. Actually, we do have a core dump, but for some reason all the mbufs that I am exmaining are zeroed out. I did make a copy of the mbuf before calling the panic() routine, so I know it isn't null, but I have no idea why it shows up that way in the core. That being said, my suspicion is that something is writing one word past the end of the (physically contigious) previous mbuf. This would be caused by something screwing up a length calculation in the kernel, or if a network driver just happened to DMA in a bit of extra garbage at the end of a network packet. To test this theory, I'm using the following patch to leave a bit of unused space at the end of the mbuf. So far, the site that was having problems hasn't crashed yet, but the jury is still out. -- Jonathan Index: mbuf.h =================================================================== RCS file: /ncvs/src/sys/sys/mbuf.h,v retrieving revision 1.44.2.8 diff -u -r1.44.2.8 mbuf.h --- mbuf.h 2001/02/04 14:49:59 1.44.2.8 +++ mbuf.h 2001/03/02 15:08:39 @@ -45,7 +45,7 @@ * at least MINCLSIZE of data must be stored. */ -#define MLEN (MSIZE - sizeof(struct m_hdr)) /* normal data len */ +#define MLEN (MSIZE - sizeof(struct m_hdr) - 4)/* normal data len */ #define MHLEN (MLEN - sizeof(struct pkthdr)) /* data len w/pkthdr */ #define MINCLSIZE (MHLEN + 1) /* smallest amount to put in cluster */ @@ -108,6 +108,7 @@ } MH; char M_databuf[MLEN]; /* !M_PKTHDR, !M_EXT */ } M_dat; + char M_padding[4]; }; #define m_next m_hdr.mh_next #define m_len m_hdr.mh_len To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010302171910.J25974>