Date: Tue, 26 Oct 2021 15:30:16 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 259458] iflib_rxeof NULL pointer crash with vmxnet3 driver Message-ID: <bug-259458-227-BnJkMpay2E@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-259458-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259458 --- Comment #7 from Andriy Gapon <avg@FreeBSD.org> --- In the end, it looks like somehow index 327 was not re-filled earlier. Or it was somehow consumed twice in a row... (kgdb) p/x *$2.ifl_rx_bitmap@8 $73 = {0xffffffffffffffff, 0xffffffffffffffff, 0x3fff, 0x0, 0x0, 0xffffffffffffff00, 0xffffffffffffffff, 0xffffffffffffffff} (kgdb) p $2.ifl_sds.ifsd_m[327] $74 = (struct mbuf *) 0x0 (kgdb) p $2.ifl_sds.ifsd_m[328] $75 = (struct mbuf *) 0xfffff80123211b00 (kgdb) p $2.ifl_sds.ifsd_cl[327] $76 = (caddr_t) 0x0 (kgdb) p $2.ifl_sds.ifsd_cl[328] $77 = (caddr_t) 0xfffff8012322b800 "\377\377\377\377\377\377" ifl_rx_bitmap has bits [0, 141] set, bits [142, 327] clear and bits [328, 511] set again. Given ifl_fragidx = 142 the latest refill went up to 141 which was what we actually see. So, it was not the latest refill. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-259458-227-BnJkMpay2E>