On Fri, Jul 23, 2010 at 12:12:24PM +0200, Manuel Bouyer wrote: > On Wed, Jul 21, 2010 at 02:06:11PM +0200, Brad du Plessis wrote: > > I've managed to reproduce this now in netbsd-5 too (source is about > > 3 months old, not sure if there have been any changes since): > > > > re0: discarding oversize frame (len=9041) > > re0: discarding oversize frame (len=16158) > > panic: kernel diagnostic assertion "pcg->pcg_avail == 0" failed: > > file "../../../../kern_subr_pool.c", line 2580 > > > > > > As I think I've said before, the actual crash point is different > > every time but the panic is always preceded by the discarding > > oversize frame. Sometimes the len in the oversize frame message > > is len=-1. > > is it possible that the re device is writting past its buffer (via DMA) and > overwriting random memory ?
Check for buffer overruns by reserving a "guard region" on each side of a DMA buffer. Write guard bytes (0xdeadbeefdeadbeef or something) in each guard region. Check whether any bytes in the guard region were modified before you reclaim a DMA buffer. If that doesn't detect any problems, consider reclaiming DMA buffers lazily: don't reclaim a buffer immediately, put put it on a queue. When the queue grows N buffers deep, reclaim the first buffer you put on it. Maybe an errant DMA lands on the buffer it while it "rests" on the queue? Check a buffer's guard regions before you reclaim it. Consider comparing the whole buffer against a copy you make when you put it on the queue. Dave -- David Young OJC Technologies [email protected] Urbana, IL * (217) 278-3933
