On Sun, Dec 18, 2022 at 08:53:26PM -0500, Geoff Steckel wrote:
> nc of 0's from one rge to another at full speed crashes
> in the input interrupt path with corruption of the memory
> pool used for the mbufs
> It's 100% reproduceable.
> Probably race condition & use-after-free or some such
> since it takes 200,000+ packets to happen.
> I suspect that the crash happens when the corruption is detected
> some time after it actually occurs.
> This is a ---very--- abbreviated description.
> If this crash hasn't been seen before I'll submit a full bug report.
> Is there any more info from sysctls, ddb, etc. that would help?
> I can put in breakpoints & dump (small) memory areas.
> If running the most recent snapshot would give better info I can do that.
> A serial console to get an exact transcript is possible but not easy.
> Any suggestions of something I can do to help beyond a standard bug
> report welcomed. I can run test patches easily.
> This is with the standard 1500 mtu.
> Setting mtu to 8000 trashes memory enough to cause a kernel protection
> fault.
Could you use the following patch to show the hardware revision?
I guess yours is 0x60900000, thanks.
--- sys/dev/pci/if_rge.c.orig Wed Nov 23 16:29:44 2022
+++ sys/dev/pci/if_rge.c Mon Dec 19 21:50:21 2022
@@ -249,6 +249,7 @@
printf(": unknown version 0x%08x\n", hwrev);
return;
}
+ printf(", hwrev 0x%08x", hwrev);
rge_config_imtype(sc, RGE_IMTYPE_SIM);
