>Number:         24245
>Category:       kern
>Synopsis:       Kernel deads by transferring to tty with PPP tightly.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jan 26 11:51:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Yuji Tateno
>Release:        1.5.2(evbsh3)
>Organization:
IP Square
>Environment:
It doesn't have uname. Sorry!
It has 32MB RAM, no strage, two NICs and a CF slot.
>Description:
Kernel deads by transferring to tty with PPP with unstable com device in AirH" CF card tightly.
AirH":a kind of celler phone with 32/128kbps packet mode. It looks like com(16660) device from kernel.

1. Kernel deads in putc and kern(in kern/tty_subr.c) with tlb_handler#NOGO(va=0 spc=xxx(address in these function)).

2. Kernel deads in memmove/memcpy/bcopy(in libkern/bcopy.c) with tlb_handler#NOGO(va=0 spc=xxx(address in these function)).

3. Kernel panics by empty of mbpl or mclpl even increase buffer size of them by two or four.
#This can occors only 15 minites from boot.
>How-To-Repeat:
Send and send with TCP tightly. It appers faster as tightness and unstableness of the line.
>Fix:
Orginaly,getc and p_to_b sets 0 into c_cf(member of clist) and c_cl when the buffer becomes empty. Also clalloc initializes them with 0.
I fix it "clear/initialize them with c_cs instead 0 except at clfree". And also initialize them when they are 0 in putc and b_to_p.

Then, It becomes much better. "1" was gone. But "2" and "3" still are.
>Release-Note:
>Audit-Trail:
>Unformatted: