panic: vm_fault: fault on stack guard, addr: 0xffffffe01dbea000

Matthew Dillon dillon at
Sat May 28 11:06:02 PDT 2011

:Hi. I get this on x86_64 master. I don't know how to reproduce, but it happened on my box just now three times within one hour.

    It looks like rl_rxeof() is making an illegal call to m_devget(). The
    comment in the code says it all:

	     * Fool m_devget() into thinking we want to copy
	     * the whole buffer so we don't end up fragmenting
	     * the data.
	    m = m_devget(rxbufpos - RL_ETHER_ALIGN,
		total_len + RL_ETHER_ALIGN, 0, ifp, NULL);

    The 'fool' part is that it's calling m_devget() with a buffer range
    that goes beyond the buffer's EOF, and then using m_copyback() to
    re-copy the real data.

    The panic will depend heavily on what memory is beyond the
    sc->rl_cdata.rl_rx_buf buffer... if the buffer was allocated next
    to a stack guard, you'd get that error.


More information about the Bugs mailing list