[Bug 259458] iflib_rxeof NULL pointer crash with vmxnet3 driver

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259458

--- Comment #7 from Andriy Gapon <avg@FreeBSD.org> ---
In the end, it looks like somehow index 327 was not re-filled earlier.
Or it was somehow consumed twice in a row...


(kgdb) p/x *$2.ifl_rx_bitmap@8
$73 = {0xffffffffffffffff, 0xffffffffffffffff, 0x3fff, 0x0, 0x0,
0xffffffffffffff00, 0xffffffffffffffff, 0xffffffffffffffff}

(kgdb) p $2.ifl_sds.ifsd_m[327]
$74 = (struct mbuf *) 0x0
(kgdb) p $2.ifl_sds.ifsd_m[328]
$75 = (struct mbuf *) 0xfffff80123211b00
(kgdb) p $2.ifl_sds.ifsd_cl[327]
$76 = (caddr_t) 0x0
(kgdb) p $2.ifl_sds.ifsd_cl[328]
$77 = (caddr_t) 0xfffff8012322b800 "\377\377\377\377\377\377"

ifl_rx_bitmap has bits [0, 141] set, bits [142, 327] clear and bits [328, 511]
set again.
Given ifl_fragidx = 142 the latest refill went up to 141 which was what we
actually see.
So, it was not the latest refill.

-- 
You are receiving this mail because:
You are the assignee for the bug.