https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=148807
--- Comment #31 from Hiren Panchasara <hi...@freebsd.org> ---
(In reply to Robert Watson from comment #29)
Robert,
Thanks for your response.
On a slightly modified (nothing in driver space) stable/11, I am seeing
repeated panic in sbsndptr() with igb while box is pretty much idle or doing
very low traffic.
(kgdb) bt
#0 __curthread () at ./machine/pcpu.h:221
#1 doadump (textdump=-2121667464) at
/d2/hiren/freebsd/sys/kern/kern_shutdown.c:298
#2 0xffffffff80389f86 in db_fncall_generic (nargs=0, addr=<optimized out>,
rv=<optimized out>,
args=<optimized out>) at /d2/hiren/freebsd/sys/ddb/db_command.c:568
#3 db_fncall (dummy1=<optimized out>, dummy2=<optimized out>,
dummy3=<optimized out>, dummy4=<optimized out>)
at /d2/hiren/freebsd/sys/ddb/db_command.c:616
#4 0xffffffff80389a29 in db_command (last_cmdp=<optimized out>,
cmd_table=<optimized out>,
dopager=<optimized out>) at /d2/hiren/freebsd/sys/ddb/db_command.c:440
#5 0xffffffff80389784 in db_command_loop () at
/d2/hiren/freebsd/sys/ddb/db_command.c:493
#6 0xffffffff8038c76b in db_trap (type=<optimized out>, code=<optimized out>)
at /d2/hiren/freebsd/sys/ddb/db_main.c:251
#7 0xffffffff809a6f33 in kdb_trap (type=<optimized out>, code=<optimized out>,
tf=<optimized out>)
at /d2/hiren/freebsd/sys/kern/subr_kdb.c:654
#8 0xffffffff80d93521 in trap_fatal (frame=0xfffffe1f2bb38210, eva=24)
at /d2/hiren/freebsd/sys/amd64/amd64/trap.c:836
#9 0xffffffff80d93753 in trap_pfault (frame=0xfffffe1f2bb38210, usermode=0)
at /d2/hiren/freebsd/sys/amd64/amd64/trap.c:691
#10 0xffffffff80d92cdc in trap (frame=0xfffffe1f2bb38210) at
/d2/hiren/freebsd/sys/amd64/amd64/trap.c:442
#11 <signal handler called>
#12 sbsndptr (sb=0xfffff8060f8a5518, off=0, len=4294967287,
moff=0xfffffe1f2bb38420)
at /d2/hiren/freebsd/sys/kern/uipc_sockbuf.c:1191
#13 0xffffffff80ab9382 in tcp_output (tp=<optimized out>) at
/d2/hiren/freebsd/sys/netinet/tcp_output.c:1099
#14 0xffffffff80ab6105 in tcp_do_segment (m=<optimized out>, th=<optimized
out>, so=0xfffff8060f8a5360,
tp=<optimized out>, drop_hdrlen=60, tlen=<optimized out>, iptos=<optimized
out>,
ti_locked=<error reading variable: Cannot access memory at address 0x1>)
at /d2/hiren/freebsd/sys/netinet/tcp_input.c:3182
#15 0xffffffff80ab2803 in tcp_input (mp=<optimized out>, offp=<optimized out>,
proto=<optimized out>)
at /d2/hiren/freebsd/sys/netinet/tcp_input.c:1444
#16 0xffffffff80aa6bc5 in ip_input (m=<error reading variable: Cannot access
memory at address 0x0>)
at /d2/hiren/freebsd/sys/netinet/ip_input.c:809
#17 0xffffffff80a82b35 in netisr_dispatch_src (proto=1, source=<optimized out>,
m=0x0)
at /d2/hiren/freebsd/sys/net/netisr.c:1120
#18 0xffffffff80a6c2ca in ether_demux (ifp=<optimized out>, m=0x0) at
/d2/hiren/freebsd/sys/net/if_ethersubr.c:850
#19 0xffffffff80a6cf22 in ether_input_internal (ifp=<optimized out>, m=0x0)
at /d2/hiren/freebsd/sys/net/if_ethersubr.c:639
#20 ether_nh_input (m=<optimized out>) at
/d2/hiren/freebsd/sys/net/if_ethersubr.c:669
#21 0xffffffff80a82b35 in netisr_dispatch_src (proto=5, source=<optimized out>,
m=0x0)
at /d2/hiren/freebsd/sys/net/netisr.c:1120
#22 0xffffffff80a6c546 in ether_input (ifp=<optimized out>, m=0x0) at
/d2/hiren/freebsd/sys/net/if_ethersubr.c:759
#23 0xffffffff804e2b3c in igb_rx_input (rxr=<optimized out>,
ifp=0xfffff80115614800, m=0xfffff8014eee7600,
ptype=<optimized out>) at /d2/hiren/freebsd/sys/dev/e1000/if_igb.c:4957
#24 igb_rxeof (que=<optimized out>, count=358700136, done=<optimized out>)
at /d2/hiren/freebsd/sys/dev/e1000/if_igb.c:5185
#25 0xffffffff804e1daf in igb_msix_que (arg=<optimized out>) at
/d2/hiren/freebsd/sys/dev/e1000/if_igb.c:1612
#26 0xffffffff8091425f in intr_event_execute_handlers (p=<optimized out>,
ie=<optimized out>)
at /d2/hiren/freebsd/sys/kern/kern_intr.c:1262
#27 0xffffffff80914876 in ithread_execute_handlers (ie=<optimized out>,
p=<optimized out>)
at /d2/hiren/freebsd/sys/kern/kern_intr.c:1275
#28 ithread_loop (arg=<optimized out>) at
/d2/hiren/freebsd/sys/kern/kern_intr.c:1356
#29 0xffffffff80910ea5 in fork_exit (callout=0xffffffff809147b0 <ithread_loop>,
arg=0xfffff8011561a0e0,
frame=0xfffffe1f2bb38ac0) at /d2/hiren/freebsd/sys/kern/kern_fork.c:1040
#30 <signal handler called>
----------------------------------------------------------------
Most interesting frames are these 2:
#22 0xffffffff80a6c546 in ether_input (ifp=<optimized out>, m=0x0) at
/d2/hiren/freebsd/sys/net/if_ethersubr.c:759
#23 0xffffffff804e2b3c in igb_rx_input (rxr=<optimized out>,
ifp=0xfffff80115614800, m=0xfffff8014eee7600,
ptype=<optimized out>) at /d2/hiren/freebsd/sys/dev/e1000/if_igb.c:4957
#23 has an mbuf while #22 has it null.
Does this point to your hunch of
"device-driver bugs involving modifications to the mbuf chain after submitting
the mbuf to the network stack (e.g., due to concurrency bugs in the device
driver)" ?
OR something else is going on?
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
