Previous history is here:
http://www.mail-archive.com/tech@openbsd.org/msg02735.html
On Fri, Nov 19, 2010 at 11:19 PM, Greg Steuck <g...@nest.cx> wrote:
> Believe it or not, I just got this reproduced with a patch to print
> the mbuf (courtesy of Claudio).
>
> Running 4.8-sparc64 with the 2 patches below. Here's the output. Maybe
> this will give somebody an idea about why such weird mbufs are making
> it to wi_start.
>
> This one is the real offender that would have crashed the kernel had
> it not been for my work around part of the patch that just discarded
> it:
>
> Dropping too short packet: 7 bytes 1 timesmbuf 0x40006bb0d60
> m_type: 1 m_flags: 20b<M_EXT,M_PKTHDR,M_CLUSTER,M_MCAST>
> m_next: 0x0 m_nextpkt: 0x0
> m_data: 0x40006cc9002 m_len: 7
> m_dat: 0x40006bb0d80 m_pktdat: 0x40006bb0db8
> m_pkthdr.len: 7 m_ptkhdr.rcvif: 0x400006f4048 m_ptkhdr.rdomain: 0
> m_ptkhdr.tags: 0x0 m_pkthdr.tagsset: 0
> m_pkthdr.csum_flags: 0 m_pkthdr.ether_vtag: 0
> m_pkthdr.pf.flags: 0
> m_pkthdr.pf.hdr: 0x0 m_pkthdr.pf.statekey: 0x0
> m_pkthdr.pf.qid: 0 m_pkthdr.pf.tag: 0
> m_pkthdr.pf.routed: 0
> m_ext.ext_buf: 0x40006cc9000 m_ext.ext_size: 2048
> m_ext.ext_type: 0 m_ext.ext_backend: 0
> m_ext.ext_ifp: 0x0
> m_ext.ext_free: 0x0 m_ext.ext_arg: 0x0
> m_ext.ext_nextref: 0x40006bb1e60 m_ext.ext_prevref: 0x40006bb1e60
>
> Patches:
>
> --- sys/dev/ic/if_wi.c.orig Fri Jul 9 16:41:52 2010
> +++ sys/dev/ic/if_wi.c Fri Nov 19 21:05:39 2010
> @@ -2336,6 +2336,8 @@
> return 0;
> }
>
> +void m_print(struct mbuf *);
> +
> void
> wi_start(struct ifnet *ifp)
> {
> @@ -2445,6 +2447,11 @@
> (m0->m_pkthdr.len -
> sizeof(struct ether_header)) + 18);
> } else {
> + if (m0->m_pkthdr.len >= sizeof(struct ether_header)) {
> + static int fire_trigger = 0;
> + if (fire_trigger++ == 3) {
> + m_print(m0);
> + }
> m_copydata(m0, sizeof(struct ether_header),
> m0->m_pkthdr.len - sizeof(struct ether_header),
> (caddr_t)&sc->wi_txbuf);
> @@ -2456,6 +2463,14 @@
> (caddr_t)&sc->wi_txbuf,
> (m0->m_pkthdr.len -
> sizeof(struct ether_header)) + 2);
> + } else {
> + static int dropped_packets = 0;
> + dropped_packets++;
> + printf("Dropping too short packet: %d bytes %d
times",
> + m0->m_pkthdr.len,
> + dropped_packets);
> + m_print(m0);
> + }
> }
> } else {
> tx_frame.wi_dat_len = htole16(m0->m_pkthdr.len);
>
> This one straight from Claudio's email:
>
> --- uipc_mbuf.c 5 Oct 2010 13:29:40 -0000 1.145
> +++ uipc_mbuf.c 28 Oct 2010 11:58:11 -0000
> @@ -1370,3 +1370,49 @@ m_dup_pkthdr(struct mbuf *to, struct mbu
>
> return (0);
> }
> +
> +#ifdef DDB
> +void m_print(struct mbuf *);
> +
> +void
> +m_print(struct mbuf *m)
> +{
> + printf("mbuf %p\n", m);
> + printf("m_type: %hi\tm_flags: %b\n", m->m_type, m->m_flags,
> + "\20\1M_EXT\2M_PKTHDR\3M_EOR\4M_CLUSTER\5M_PROTO1\6M_VLANTAG"
> + "\7M_LOOP\10M_FILDROP\11M_BCAST\12M_MCAST\13M_CONF\14M_AUTH"
> + "\15M_TUNNEL\16M_AUTH_AH\17M_LINK0");
> + printf("m_next: %p\tm_nextpkt: %p\n", m->m_next, m->m_nextpkt);
> + printf("m_data: %p\tm_len: %u\n", m->m_data, m->m_len);
> + printf("m_dat: %p m_pktdat: %p\n", m->m_dat, m->m_pktdat);
> + if (m->m_flags & M_PKTHDR) {
> + printf("m_pkthdr.len: %i\tm_ptkhdr.rcvif: %p\t"
> + "m_ptkhdr.rdomain: %u\n", m->m_pkthdr.len,
> + m->m_pkthdr.rcvif, m->m_pkthdr.rdomain);
> + printf("m_ptkhdr.tags: %p\tm_pkthdr.tagsset: %hx\n",
> + SLIST_FIRST(&m->m_pkthdr.tags), m->m_pkthdr.tagsset);
> + printf("m_pkthdr.csum_flags: %hx\tm_pkthdr.ether_vtag:
%hu\n",
> + m->m_pkthdr.csum_flags, m->m_pkthdr.ether_vtag);
> + printf("m_pkthdr.pf.flags: %b\n",
> + m->m_pkthdr.pf.flags, "\20\1GENERATED\2FRAGCACHE"
> + "\3TRANSLATE_LOCALHOST\4DIVERTED\5DIVERTED_PACKET"
> + "\6PF_TAG_REROUTE");
> + printf("m_pkthdr.pf.hdr: %p\tm_pkthdr.pf.statekey: %p\n",
> + m->m_pkthdr.pf.hdr, m->m_pkthdr.pf.statekey);
> + printf("m_pkthdr.pf.qid:\t%u m_pkthdr.pf.tag: %hu\n",
> + m->m_pkthdr.pf.qid, m->m_pkthdr.pf.tag);
> + printf("m_pkthdr.pf.routed: %hhx\n",
m->m_pkthdr.pf.routed);
> + }
> + if (m->m_flags & M_EXT) {
> + printf("m_ext.ext_buf: %p\tm_ext.ext_size: %u\n",
> + m->m_ext.ext_buf, m->m_ext.ext_size);
> + printf("m_ext.ext_type: %x\tm_ext.ext_backend: %i\n",
> + m->m_ext.ext_type, m->m_ext.ext_backend);
> + printf("m_ext.ext_ifp: %p\n", m->m_ext.ext_ifp);
> + printf("m_ext.ext_free: %p\tm_ext.ext_arg: %p\n",
> + m->m_ext.ext_free, m->m_ext.ext_arg);
> + printf("m_ext.ext_nextref: %p\tm_ext.ext_prevref: %p\n",
> + m->m_ext.ext_nextref, m->m_ext.ext_prevref);
> + }
> +}
> +#endif
>
> Copyright (c) 1982, 1986, 1989, 1991, 1993
> The Regents of the University of California. All rights reserved.
> Copyright (c) 1995-2010 OpenBSD. All rights reserved.
http://www.OpenBSD.org
>
> OpenBSD 4.8 (GENERIC) #0: Fri Nov 19 22:32:29 PST 2010
> g...@u5.nest.cx:/usr/src/sys/arch/sparc64/compile/GENERIC
> real mem = 402653184 (384MB)
> avail mem = 383975424 (366MB)
> mainbus0 at root: Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 360MHz)
> cpu0 at mainbus0: SUNW,UltraSPARC-IIi (rev 9.1) @ 360 MHz
> cpu0: physical 16K instruction (32 b/l), 16K data (32 b/l), 256K
> external (64 b/l)
> psycho0 at mainbus0 addr 0xfffc4000: SUNW,sabre, impl 0, version 0, ign 7c0
> psycho0: bus range 0-2, PCI bus 0
> psycho0: dvma map c0000000-dfffffff
> pci0 at psycho0
> ppb0 at pci0 dev 1 function 1 "Sun Simba PCI-PCI" rev 0x13
> pci1 at ppb0 bus 1
> ebus0 at pci1 dev 1 function 0 "Sun PCIO EBus2" rev 0x01
> auxio0 at ebus0 addr 726000-726003, 728000-728003, 72a000-72a003,
> 72c000-72c003, 72f000-72f003
> power0 at ebus0 addr 724000-724003 ivec 0x25
> "SUNW,pll" at ebus0 addr 504000-504002 not configured
> sab0 at ebus0 addr 400000-40007f ivec 0x2b: rev 3.2
> sabtty0 at sab0 port 0: console
> sabtty1 at sab0 port 1
> comkbd0 at ebus0 addr 3083f8-3083ff ivec 0x29: no keyboard
> comms0 at ebus0 addr 3062f8-3062ff ivec 0x2a
> wsmouse0 at comms0 mux 0
> lpt0 at ebus0 addr 3043bc-3043cb, 30015c-30015d, 700000-70000f ivec 0x22:
polled
> clock1 at ebus0 addr 0-1fff: mk48t59
> "flashprom" at ebus0 addr 0-fffff not configured
> audioce0 at ebus0 addr 200000-2000ff, 702000-70200f, 704000-70400f,
> 722000-722003 ivec 0x23 ivec 0x24: nvaddrs 0
> audio0 at audioce0
> hme0 at pci1 dev 1 function 1 "Sun HME" rev 0x01: ivec 0x7e1, address
> 08:00:20:xx:xx:xx
> nsphy0 at hme0 phy 1: DP83840 10/100 PHY, rev. 1
> machfb0 at pci1 dev 2 function 0 "ATI Mach64" rev 0x5c
> machfb0: ATY,GT-C, 1152x900
> wsdisplay0 at machfb0 mux 1
> wsdisplay0: screen 0 added (std, sun emulation)
> pciide0 at pci1 dev 3 function 0 "CMD Technology PCI0646" rev 0x03:
> DMA, channel 0 configured to native-PCI, channel 1 configured to
> native-PCI
> pciide0: using ivec 0x7e0 for native-PCI interrupt
> atapiscsi0 at pciide0 channel 0 drive 0
> scsibus0 at atapiscsi0: 2 targets
> cd0 at scsibus0 targ 0 lun 0: <LG, CD-ROM CRD-8322B, 1.05> ATAPI
> 5/cdrom removable
> cd0(pciide0:0:0): using PIO mode 4, DMA mode 2
> wd0 at pciide0 channel 1 drive 0: <IBM-DHEA-38451>
> wd0: 16-sector PIO, LBA, 8063MB, 16514064 sectors
> wd0(pciide0:1:0): using PIO mode 4, DMA mode 2
> ppb1 at pci0 dev 1 function 0 "Sun Simba PCI-PCI" rev 0x13
> pci2 at ppb1 bus 2
> wi0 at pci2 dev 1 function 0 "Intersil PRISM2.5" rev 0x01: ivec 0x7d0
> wi0: PRISM2.5 ISL3874A(Mini-PCI) (0x8013), Firmware 1.0.5 (primary),
> 1.3.4 (station), address 00:06:25:xx:xx:xx
> skc0 at pci2 dev 2 function 0 "Linksys EG1032" rev 0x12, Yukon (0x1): ivec
0x7d4
> sk0 at skc0 port A: address 00:0c:41:xx:xx:xx
> eephy0 at sk0 phy 0: 88E1011 Gigabit PHY, rev. 3
> softraid0 at root
> bootpath: /p...@1f,0/p...@1,1/i...@3,0/d...@2,0
> root on wd0a swap on wd0b dump on wd0b
> mbuf 0x40006baa390
> m_type: 1 m_flags: 20b<M_EXT,M_PKTHDR,M_CLUSTER,M_MCAST>
> m_next: 0x0 m_nextpkt: 0x0
> m_data: 0x40006bde802 m_len: 342
> m_dat: 0x40006baa3b0 m_pktdat: 0x40006baa3e8
> m_pkthdr.len: 342 m_ptkhdr.rcvif: 0x400006f4048 m_ptkhdr.rdomain: 0
> m_ptkhdr.tags: 0x0 m_pkthdr.tagsset: 0
> m_pkthdr.csum_flags: 0 m_pkthdr.ether_vtag: 0
> m_pkthdr.pf.flags: 0
> m_pkthdr.pf.hdr: 0x0 m_pkthdr.pf.statekey: 0x0
> m_pkthdr.pf.qid: 0 m_pkthdr.pf.tag: 0
> m_pkthdr.pf.routed: 0
> m_ext.ext_buf: 0x40006bde800 m_ext.ext_size: 2048
> m_ext.ext_type: 0 m_ext.ext_backend: 0
> m_ext.ext_ifp: 0x0
> m_ext.ext_free: 0x0 m_ext.ext_arg: 0x0
> m_ext.ext_nextref: 0x40006baa690 m_ext.ext_prevref: 0x40006baa690
> Dropping too short packet: 7 bytes 1 timesmbuf 0x40006bb0d60
> m_type: 1 m_flags: 20b<M_EXT,M_PKTHDR,M_CLUSTER,M_MCAST>
> m_next: 0x0 m_nextpkt: 0x0
> m_data: 0x40006cc9002 m_len: 7
> m_dat: 0x40006bb0d80 m_pktdat: 0x40006bb0db8
> m_pkthdr.len: 7 m_ptkhdr.rcvif: 0x400006f4048 m_ptkhdr.rdomain: 0
> m_ptkhdr.tags: 0x0 m_pkthdr.tagsset: 0
> m_pkthdr.csum_flags: 0 m_pkthdr.ether_vtag: 0
> m_pkthdr.pf.flags: 0
> m_pkthdr.pf.hdr: 0x0 m_pkthdr.pf.statekey: 0x0
> m_pkthdr.pf.qid: 0 m_pkthdr.pf.tag: 0
> m_pkthdr.pf.routed: 0
> m_ext.ext_buf: 0x40006cc9000 m_ext.ext_size: 2048
> m_ext.ext_type: 0 m_ext.ext_backend: 0
> m_ext.ext_ifp: 0x0
> m_ext.ext_free: 0x0 m_ext.ext_arg: 0x0
> m_ext.ext_nextref: 0x40006bb1e60 m_ext.ext_prevref: 0x40006bb1e60
>
>
> --
> nest.cx is Gmail hosted, use PGP for anything private. Key:
> http://tinyurl.com/ho8qg
> Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
>
--
nest.cx is Gmail hosted, use PGP for anything private. Key:
http://tinyurl.com/ho8qg
Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
