[Bug 259458] iflib_rxeof NULL pointer crash with vmxnet3 driver
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 259458] iflib_rxeof NULL pointer crash with vmxnet3 driver"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 26 Oct 2021 13:21:16 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259458 --- Comment #2 from Andriy Gapon <avg@FreeBSD.org> --- (kgdb) fr 20 #20 iflib_rxeof (rxq=<optimized out>, budget=<optimized out>) at /usr/src/sys/net/iflib.c:2879 2879 in /usr/src/sys/net/iflib.c (kgdb) i loc ri = {iri_qsidx = 0, iri_vtag = 0, iri_len = 60, iri_cidx = 328, iri_ifp = 0xfffff80002d9e000, iri_frags = 0xfffffe00ea9f5180, iri_flowid = 0, iri_csum_flags = 0, iri_csum_data = 0, iri_flags = 0 '\000', iri_nfrags = 1 '\001', iri_rsstype = 0 '\000', iri_pad = 0 '\000'} ctx = 0xfffff80002dd2000 lro_possible = <error reading variable lro_possible (Cannot access memory at address 0x0)> v4_forwarding = <error reading variable v4_forwarding (Cannot access memory at address 0x0)> v6_forwarding = <error reading variable v6_forwarding (Cannot access memory at address 0x0)> retval = <error reading variable retval (Cannot access memory at address 0x0)> scctx = <optimized out> sctx = 0xffffffff810f1100 <vmxnet3_sctx_init> rx_pkts = <error reading variable rx_pkts (Cannot access memory at address 0x0)> rx_bytes = <error reading variable rx_bytes (Cannot access memory at address 0x0)> mh = 0xfffff800b371d100 mt = 0xfffff800b371d100 ifp = 0xfffff80002d9e000 cidxp = 0xfffffe00ea9f5018 avail = 1 budget_left = 15 err = <optimized out> m = <optimized out> i = <optimized out> fl = <optimized out> mf = <optimized out> lro_enabled = <optimized out> (kgdb) p *cidxp $4 = 328 (kgdb) p ri.iri_frags[0] $5 = {irf_flid = 0 '\000', irf_idx = 327, irf_len = 60} (kgdb) fr 19 #19 0xffffffff8084d049 in iflib_rxd_pkt_get (rxq=0xfffffe00ea9f5000, ri=<optimized out>) at /usr/src/sys/net/iflib.c:2737 2737 /usr/src/sys/net/iflib.c: No such file or directory. (kgdb) p *rxq $6 = {ifr_ctx = 0xfffff80002dd2000, ifr_fl = 0xfffff80002d93400, ifr_rx_irq = 0, ifr_cq_cidx = 328, ifr_id = 0, ifr_nfl = 2 '\002', ifr_ntxqirq = 1 '\001', ifr_txqid = "\000\000\000", ifr_fl_offset = 1 '\001', ifr_lc = { ifp = 0xfffff80002d9e000, lro_mbuf_data = 0xfffffe00ea9f1000, lro_queued = 0, lro_flushed = 0, lro_bad_csum = 0, lro_cnt = 8, lro_mbuf_count = 0, lro_mbuf_max = 512, lro_ackcnt_lim = 65535, lro_length_lim = 65535, lro_hashsz = 509, lro_hash = 0xfffff8000410d000, lro_active = {lh_first = 0x0}, lro_free = {lh_first = 0xfffffe00ea9f33f0}}, ifr_task = {gt_task = {ta_link = {stqe_next = 0x0}, ta_flags = 2, ta_priority = 0, ta_func = 0xffffffff8084cd90 <_task_fn_rx>, ta_context = 0xfffffe00ea9f5000}, gt_taskqueue = 0xfffff800020c7200, gt_list = {le_next = 0x0, le_prev = 0xfffffe00015f08a8}, gt_uniq = 0xfffffe00ea9f5000, gt_name = "rxq0", '\000' <repeats 27 times>, gt_irq = 257, gt_cpu = 0}, ifr_watchdog = {c_links = {le = {le_next = 0x0, le_prev = 0x0}, sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, tqe_prev = 0x0}}, c_time = 0, c_precision = 0, c_arg = 0x0, c_func = 0x0, c_lock = 0x0, c_flags = 0, c_iflags = 16, c_cpu = 0, c_exec_time = 0, c_lines = {u128 = 1528, u16 = {1528, 0, 0, 0, 0, 0, 0, 0}}}, ifr_filter_info = { ifi_filter = 0xffffffff80a3c580 <vmxnet3_rxq_intr>, ifi_filter_arg = 0xfffff80004110000, ifi_task = 0xfffffe00ea9f5088, ifi_ctx = 0xfffffe00ea9f5000}, ifr_ifdi = 0xfffff80002d99400, ifr_frags = {{irf_flid = 0 '\000', irf_idx = 327, irf_len = 60}, {irf_flid = 0 '\000', irf_idx = 0, irf_len = 0} <repeats 63 times>}} (kgdb) p rxq->ifr_fl[0] $7 = {ifl_cidx = 328, ifl_pidx = 341, ifl_credits = 509, ifl_gen = 0 '\000', ifl_rxd_size = 0 '\000', ifl_rx_bitmap = 0xfffff80002cb5ec0, ifl_fragidx = 142, ifl_size = 512, ifl_buf_size = 2048, ifl_cltype = 1, ifl_zone = 0xfffff800029c6000, ifl_sds = {ifsd_map = 0xfffff80002d5f000, ifsd_m = 0xfffff80002d62000, ifsd_cl = 0xfffff80002d61000, ifsd_ba = 0xfffff80002d60000}, ifl_rxq = 0xfffffe00ea9f5000, ifl_id = 0 '\000', ifl_buf_tag = 0xfffff80002d74400, ifl_ifdi = 0xfffff80002d99428, ifl_bus_addrs = {4884103168, 4884094976, 4887971840, 4887965696, 4898656256, 4898662400, 4898660352, 4898617344, 4753053696, 4753018880, 4753020928, 4883597312, 4898639872, 4898646016, 4898643968, 4898650112, 4884144128, 4884150272, 4884148224, 4884154368, 4884152320, 4884158464, 4884156416, 4884162560, 4884160512, 4884166656, 4884111360, 4884117504, 4884115456, 4884121600, 4884119552, 4884125696}, ifl_rxd_idxs = {141, 137, 120, 121, 323, 324, 325, 326, 0, 1, 2, 3, 315, 316, 317, 318, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511}} (kgdb) p $7.ifl_sds.ifsd_cl[327] $8 = (caddr_t) 0x0 (kgdb) p $7.ifl_sds.ifsd_cl[326] $9 = (caddr_t) 0xfffff80123faf800 "\377\377\377\377\377\377" (kgdb) p $7.ifl_sds.ifsd_cl[328] $10 = (caddr_t) 0xfffff8012322b800 "\377\377\377\377\377\377" -- You are receiving this mail because: You are the assignee for the bug.