Re: octeon: cnmac: KERNEL_INTERRUPT drops into ddb

Mon, 19 Jan 2026 13:55:56 -0800 

20.01.2026 00:29, Klemens Nanni пишет:
> 19.01.2026 22:55, Miod Vallat пишет:
>>> Nothing besides nd6 spam (about addresses of non-OpenBSD devices that work 
>>> just fine):
>>>
>>> ddb{0}> dmesg
>>> <7>nd6_resolve: xxxx:xxxx:xxxx:xxxx:397f:4b51:7bcb:c6ff: incorrect nd6 
>>> information
>>> ...
>>> Trap cause = 2 Frame 0x980000000fd97878
>>> Trap PC 0xffffffff8119dbdc RA 0xffffffff8119df2c fault 0x0
>>
>> This is a NULL pointer dereference happening at 0xffffffff8119dbdc. If
>> you x/i 0xffffffff8119dbdc this will show you where in cnmac_recv_mbuf
>> this happens, and then we can figure out the corresponding line in
>> if_cnmac.c.
> 
> x/i gives the same address from my previous mail:
> 
>>> Stopped at      cnmac_recv_mbuf+0x134:  ld      v1,32(t8)
> 
> I tried this:
> 
>       router# objdump -d /bsd | grep -m1 cnmac_recv_mbuf  
>       ffffffff8119daa8 <cnmac_recv_mbuf>:
>       router# addr2line -e/bsd $(python3 
> -c'print(hex(0xffffffff8119daa8+0x134))')     
>       ??:0
> 
> Then against a fresh COPTS=-O0 DEBUG=-g kernel, but same result, also with:
> 
>       builder# egdb -q -batch -ex 'info line *cnmac_recv_mbuf+0x134' obj/bsd  
>   
>       No line number information available for address 0xffffffff814954e4 
> <cnmac_recv_mbuf+308>


tb@ pointed me at https://www.openbsd.org/ddb.html, but here on octeon
'objdump -dlr obj/if_cnmac.o' does not yield line info and prints this:

BFD: Dwarf Error: found dwarf version '0', this reader only handles version 2 
information.

With llvm-objdump (thanks jca@) I do get this:

; /sys/arch/octeon/dev/if_cnmac.c:1146
    3aec: df 03 00 20   ld      $3, 0x20($24)
    3af0: 14 43 00 30   bne     $2, $3, 0x3bb4 <cnmac_recv_mbuf+0x1fc>
    3af4: 00 00 00 00   nop <cnmac_match>
    3af8: 7c 83 38 01   dext    $3, $4, 0x0, 0x28 <cnmac_match+0x28>


   1139         for (i = 0; i < nbufs; i++) {
   1140                 addr = word3 & PIP_WQE_WORD3_ADDR;
   1141                 back = (word3 & PIP_WQE_WORD3_BACK) >> 
PIP_WQE_WORD3_BACK_SHIFT;
   1142                 pktbuf = (addr & ~(CACHELINESIZE - 1)) - back * 
CACHELINESIZE;
   1143                 pm = (struct mbuf **)PHYS_TO_XKPHYS(pktbuf, CCA_CACHED) 
- 1;
   1144                 m = *pm;
   1145                 *pm = NULL;
   1146                 if ((paddr_t)m->m_pkthdr.ph_cookie != pktbuf)
   1147                         panic("%s: packet pool is corrupted, mbuf 
cookie %p != "
   1148                             "pktbuf %p", __func__, 
m->m_pkthdr.ph_cookie,
   1149                             (void *)pktbuf);
   1150 


So m == NULL.

Reply via email to