Date: Tue, 26 Oct 2021 15:30:16 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 259458] iflib_rxeof NULL pointer crash with vmxnet3 driver Message-ID: <bug-259458-227-BnJkMpay2E@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-259458-227@https.bugs.freebsd.org/bugzilla/> References: <bug-259458-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259458 --- Comment #7 from Andriy Gapon <avg@FreeBSD.org> --- In the end, it looks like somehow index 327 was not re-filled earlier. Or it was somehow consumed twice in a row... (kgdb) p/x *$2.ifl_rx_bitmap@8 $73 =3D {0xffffffffffffffff, 0xffffffffffffffff, 0x3fff, 0x0, 0x0, 0xffffffffffffff00, 0xffffffffffffffff, 0xffffffffffffffff} (kgdb) p $2.ifl_sds.ifsd_m[327] $74 =3D (struct mbuf *) 0x0 (kgdb) p $2.ifl_sds.ifsd_m[328] $75 =3D (struct mbuf *) 0xfffff80123211b00 (kgdb) p $2.ifl_sds.ifsd_cl[327] $76 =3D (caddr_t) 0x0 (kgdb) p $2.ifl_sds.ifsd_cl[328] $77 =3D (caddr_t) 0xfffff8012322b800 "\377\377\377\377\377\377" ifl_rx_bitmap has bits [0, 141] set, bits [142, 327] clear and bits [328, 5= 11] set again. Given ifl_fragidx =3D 142 the latest refill went up to 141 which was what we actually see. So, it was not the latest refill. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-259458-227-BnJkMpay2E>