From nobody Tue Oct 26 13:21:16 2021 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 0099C1815ACB for ; Tue, 26 Oct 2021 13:21:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HdssR6X9Zz3FCT for ; Tue, 26 Oct 2021 13:21:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C0FC81D4B0 for ; Tue, 26 Oct 2021 13:21:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 19QDLFGl045813 for ; Tue, 26 Oct 2021 13:21:15 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 19QDLFGa045812 for bugs@FreeBSD.org; Tue, 26 Oct 2021 13:21:15 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 259458] iflib_rxeof NULL pointer crash with vmxnet3 driver Date: Tue, 26 Oct 2021 13:21:16 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: avg@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259458 --- Comment #2 from Andriy Gapon --- (kgdb) fr 20=20=20 #20 iflib_rxeof (rxq=3D, budget=3D) at /usr/src/sys/net/iflib.c:2879 2879 in /usr/src/sys/net/iflib.c (kgdb) i loc ri =3D {iri_qsidx =3D 0, iri_vtag =3D 0, iri_len =3D 60, iri_cidx =3D 328, = iri_ifp =3D 0xfffff80002d9e000, iri_frags =3D 0xfffffe00ea9f5180, iri_flowid =3D 0, iri_csum_flags =3D 0, iri_csum_data =3D 0, iri_flags =3D 0 '\000', iri_nfra= gs =3D 1 '\001', iri_rsstype =3D 0 '\000', iri_pad =3D 0 '\000'} ctx =3D 0xfffff80002dd2000 lro_possible =3D v4_forwarding =3D v6_forwarding =3D retval =3D scctx =3D sctx =3D 0xffffffff810f1100 rx_pkts =3D rx_bytes =3D mh =3D 0xfffff800b371d100 mt =3D 0xfffff800b371d100 ifp =3D 0xfffff80002d9e000 cidxp =3D 0xfffffe00ea9f5018 avail =3D 1 budget_left =3D 15 err =3D m =3D i =3D fl =3D mf =3D lro_enabled =3D (kgdb) p *cidxp $4 =3D 328 (kgdb) p ri.iri_frags[0] $5 =3D {irf_flid =3D 0 '\000', irf_idx =3D 327, irf_len =3D 60} (kgdb) fr 19 #19 0xffffffff8084d049 in iflib_rxd_pkt_get (rxq=3D0xfffffe00ea9f5000, ri=3D) at /usr/src/sys/net/iflib.c:2737 2737 /usr/src/sys/net/iflib.c: No such file or directory. (kgdb) p *rxq $6 =3D {ifr_ctx =3D 0xfffff80002dd2000, ifr_fl =3D 0xfffff80002d93400, ifr_= rx_irq =3D 0, ifr_cq_cidx =3D 328, ifr_id =3D 0, ifr_nfl =3D 2 '\002', ifr_ntxqirq =3D= 1 '\001', ifr_txqid =3D "\000\000\000", ifr_fl_offset =3D 1 '\001', ifr_lc =3D { ifp =3D 0xfffff80002d9e000, lro_mbuf_data =3D 0xfffffe00ea9f1000, lro_q= ueued =3D 0, lro_flushed =3D 0, lro_bad_csum =3D 0, lro_cnt =3D 8, lro_mbuf_count =3D= 0, lro_mbuf_max =3D 512, lro_ackcnt_lim =3D 65535, lro_length_lim =3D 65535, lro_hashsz =3D 509, lro_hash =3D 0xfffff8000410d000, lro_active =3D {lh= _first =3D 0x0}, lro_free =3D {lh_first =3D 0xfffffe00ea9f33f0}}, ifr_task =3D {gt_tas= k =3D {ta_link =3D {stqe_next =3D 0x0}, ta_flags =3D 2, ta_priority =3D 0, ta_func =3D 0xffffffff8084cd90 <_task_fn_rx>, ta_context =3D 0xfffffe00ea9f5000}, gt_taskqueue =3D 0xfffff800020c7200, gt_list =3D {le_n= ext =3D 0x0, le_prev =3D 0xfffffe00015f08a8}, gt_uniq =3D 0xfffffe00ea9f5000, gt_name =3D "rxq0", '\000' , gt_irq =3D 257, gt_cpu = =3D 0}, ifr_watchdog =3D {c_links =3D {le =3D {le_next =3D 0x0, le_prev =3D 0x0}, s= le =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D 0x0, tqe_prev =3D 0x0}}, c_time =3D 0, c_precision =3D 0, c_arg =3D 0x0, c_func =3D 0x0, c_lock =3D 0x0, c_fla= gs =3D 0, c_iflags =3D 16, c_cpu =3D 0, c_exec_time =3D 0, c_lines =3D {u128 =3D 1528= , u16 =3D {1528, 0, 0, 0, 0, 0, 0, 0}}}, ifr_filter_info =3D { ifi_filter =3D 0xffffffff80a3c580 , ifi_filter_arg =3D 0xfffff80004110000, ifi_task =3D 0xfffffe00ea9f5088, ifi_ctx =3D 0xfffffe00ea9f5000}, ifr_ifdi =3D 0xfffff80002d99400, ifr_frags =3D {{irf_f= lid =3D 0 '\000', irf_idx =3D 327, irf_len =3D 60}, {irf_flid =3D 0 '\000', irf_idx =3D= 0, irf_len =3D 0} }} (kgdb) p rxq->ifr_fl[0] $7 =3D {ifl_cidx =3D 328, ifl_pidx =3D 341, ifl_credits =3D 509, ifl_gen = =3D 0 '\000', ifl_rxd_size =3D 0 '\000', ifl_rx_bitmap =3D 0xfffff80002cb5ec0, ifl_fragid= x =3D 142, ifl_size =3D 512, ifl_buf_size =3D 2048, ifl_cltype =3D 1, ifl_zone =3D 0xfffff800029c6000, ifl_sds =3D {ifsd_map =3D 0xfffff80002d5= f000, ifsd_m =3D 0xfffff80002d62000, ifsd_cl =3D 0xfffff80002d61000, ifsd_ba =3D 0xfffff80002d60000}, ifl_rxq =3D 0xfffffe00ea9f5000, ifl_id =3D 0 '\000', ifl_buf_tag =3D 0xfffff80002d74400, ifl_ifdi =3D 0xfffff80002d99428, ifl_bus_addrs =3D {4884103168, 4884094976, 4887971840, 4887965696, 48986562= 56, 4898662400, 4898660352, 4898617344, 4753053696, 4753018880, 4753020928, 4883597312, 4898639872, 4898646016, 4898643968, 4898650112, 4884144128, 4884150272, 4884148224, 4884154368, 4884152320, 4884158464, 4884156416, 4884162560, 4884160512, 4884166656, 4884111360, 4884117504, 4884115456, 4884121600, 4884119552, 4884125696}, ifl_rxd_idxs =3D {141, 137, 120, 121, 323, 324= , 325, 326, 0, 1, 2, 3, 315, 316, 317, 318, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511}} (kgdb) p $7.ifl_sds.ifsd_cl[327] $8 =3D (caddr_t) 0x0 (kgdb) p $7.ifl_sds.ifsd_cl[326] $9 =3D (caddr_t) 0xfffff80123faf800 "\377\377\377\377\377\377" (kgdb) p $7.ifl_sds.ifsd_cl[328] $10 =3D (caddr_t) 0xfffff8012322b800 "\377\377\377\377\377\377" --=20 You are receiving this mail because: You are the assignee for the bug.=