Date: Sun, 6 Mar 2005 04:44:26 +0100 From: Maxime Henrion <mux@FreeBSD.org> To: Randy Bush <randy@psg.com> Cc: FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: fxp0 and vlan panic Message-ID: <20050306034426.GY31320@elvis.mu.org> In-Reply-To: <16938.8879.104268.738886@roam.psg.com> References: <20050305020343.GO31320@elvis.mu.org> <16937.62150.818165.837486@roam.psg.com> <20050305182751.GQ31320@elvis.mu.org> <16937.64632.277343.646373@roam.psg.com> <20050305183936.GR31320@elvis.mu.org> <16938.27.784339.206699@roam.psg.com> <20050305185822.GT31320@elvis.mu.org> <16938.1765.391376.38293@roam.psg.com> <20050305192732.GU31320@elvis.mu.org> <16938.8879.104268.738886@roam.psg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Randy Bush wrote: > # addr2line -e kernel.debug -f 0xc047d2d0 > fxp_intr_body > /usr/src/sys/dev/fxp/if_fxp.c:1662 > > this was a feb 6 kernel Hmmm... With an if_fxp.c file from Feb 6 line 1662 is : if ((le16toh(rfa->rfa_status) & FXP_RFA_STATUS_C) == 0) So it would mean that rfa points to an invalid memory address and that the page fault occurs when we dereference it. However, rfa is taken from here (RFA_ALIGNMENT_FUDGE is 2): rfa = (struct fxp_rfa *)(m->m_ext.ext_buf + RFA_ALIGNMENT_FUDGE); Thus it means that m->m_ext.ext_buf points to a foobar'ed memory address too. I have no idea why such a thing would happen, given that every access to the descriptor ring looks properly locked down. A core dump would really be useful here... Cheers, Maxime
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050306034426.GY31320>