https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=148807
--- Comment #31 from Hiren Panchasara <hi...@freebsd.org> --- (In reply to Robert Watson from comment #29) Robert, Thanks for your response. On a slightly modified (nothing in driver space) stable/11, I am seeing repeated panic in sbsndptr() with igb while box is pretty much idle or doing very low traffic. (kgdb) bt #0 __curthread () at ./machine/pcpu.h:221 #1 doadump (textdump=-2121667464) at /d2/hiren/freebsd/sys/kern/kern_shutdown.c:298 #2 0xffffffff80389f86 in db_fncall_generic (nargs=0, addr=<optimized out>, rv=<optimized out>, args=<optimized out>) at /d2/hiren/freebsd/sys/ddb/db_command.c:568 #3 db_fncall (dummy1=<optimized out>, dummy2=<optimized out>, dummy3=<optimized out>, dummy4=<optimized out>) at /d2/hiren/freebsd/sys/ddb/db_command.c:616 #4 0xffffffff80389a29 in db_command (last_cmdp=<optimized out>, cmd_table=<optimized out>, dopager=<optimized out>) at /d2/hiren/freebsd/sys/ddb/db_command.c:440 #5 0xffffffff80389784 in db_command_loop () at /d2/hiren/freebsd/sys/ddb/db_command.c:493 #6 0xffffffff8038c76b in db_trap (type=<optimized out>, code=<optimized out>) at /d2/hiren/freebsd/sys/ddb/db_main.c:251 #7 0xffffffff809a6f33 in kdb_trap (type=<optimized out>, code=<optimized out>, tf=<optimized out>) at /d2/hiren/freebsd/sys/kern/subr_kdb.c:654 #8 0xffffffff80d93521 in trap_fatal (frame=0xfffffe1f2bb38210, eva=24) at /d2/hiren/freebsd/sys/amd64/amd64/trap.c:836 #9 0xffffffff80d93753 in trap_pfault (frame=0xfffffe1f2bb38210, usermode=0) at /d2/hiren/freebsd/sys/amd64/amd64/trap.c:691 #10 0xffffffff80d92cdc in trap (frame=0xfffffe1f2bb38210) at /d2/hiren/freebsd/sys/amd64/amd64/trap.c:442 #11 <signal handler called> #12 sbsndptr (sb=0xfffff8060f8a5518, off=0, len=4294967287, moff=0xfffffe1f2bb38420) at /d2/hiren/freebsd/sys/kern/uipc_sockbuf.c:1191 #13 0xffffffff80ab9382 in tcp_output (tp=<optimized out>) at /d2/hiren/freebsd/sys/netinet/tcp_output.c:1099 #14 0xffffffff80ab6105 in tcp_do_segment (m=<optimized out>, th=<optimized out>, so=0xfffff8060f8a5360, tp=<optimized out>, drop_hdrlen=60, tlen=<optimized out>, iptos=<optimized out>, ti_locked=<error reading variable: Cannot access memory at address 0x1>) at /d2/hiren/freebsd/sys/netinet/tcp_input.c:3182 #15 0xffffffff80ab2803 in tcp_input (mp=<optimized out>, offp=<optimized out>, proto=<optimized out>) at /d2/hiren/freebsd/sys/netinet/tcp_input.c:1444 #16 0xffffffff80aa6bc5 in ip_input (m=<error reading variable: Cannot access memory at address 0x0>) at /d2/hiren/freebsd/sys/netinet/ip_input.c:809 #17 0xffffffff80a82b35 in netisr_dispatch_src (proto=1, source=<optimized out>, m=0x0) at /d2/hiren/freebsd/sys/net/netisr.c:1120 #18 0xffffffff80a6c2ca in ether_demux (ifp=<optimized out>, m=0x0) at /d2/hiren/freebsd/sys/net/if_ethersubr.c:850 #19 0xffffffff80a6cf22 in ether_input_internal (ifp=<optimized out>, m=0x0) at /d2/hiren/freebsd/sys/net/if_ethersubr.c:639 #20 ether_nh_input (m=<optimized out>) at /d2/hiren/freebsd/sys/net/if_ethersubr.c:669 #21 0xffffffff80a82b35 in netisr_dispatch_src (proto=5, source=<optimized out>, m=0x0) at /d2/hiren/freebsd/sys/net/netisr.c:1120 #22 0xffffffff80a6c546 in ether_input (ifp=<optimized out>, m=0x0) at /d2/hiren/freebsd/sys/net/if_ethersubr.c:759 #23 0xffffffff804e2b3c in igb_rx_input (rxr=<optimized out>, ifp=0xfffff80115614800, m=0xfffff8014eee7600, ptype=<optimized out>) at /d2/hiren/freebsd/sys/dev/e1000/if_igb.c:4957 #24 igb_rxeof (que=<optimized out>, count=358700136, done=<optimized out>) at /d2/hiren/freebsd/sys/dev/e1000/if_igb.c:5185 #25 0xffffffff804e1daf in igb_msix_que (arg=<optimized out>) at /d2/hiren/freebsd/sys/dev/e1000/if_igb.c:1612 #26 0xffffffff8091425f in intr_event_execute_handlers (p=<optimized out>, ie=<optimized out>) at /d2/hiren/freebsd/sys/kern/kern_intr.c:1262 #27 0xffffffff80914876 in ithread_execute_handlers (ie=<optimized out>, p=<optimized out>) at /d2/hiren/freebsd/sys/kern/kern_intr.c:1275 #28 ithread_loop (arg=<optimized out>) at /d2/hiren/freebsd/sys/kern/kern_intr.c:1356 #29 0xffffffff80910ea5 in fork_exit (callout=0xffffffff809147b0 <ithread_loop>, arg=0xfffff8011561a0e0, frame=0xfffffe1f2bb38ac0) at /d2/hiren/freebsd/sys/kern/kern_fork.c:1040 #30 <signal handler called> ---------------------------------------------------------------- Most interesting frames are these 2: #22 0xffffffff80a6c546 in ether_input (ifp=<optimized out>, m=0x0) at /d2/hiren/freebsd/sys/net/if_ethersubr.c:759 #23 0xffffffff804e2b3c in igb_rx_input (rxr=<optimized out>, ifp=0xfffff80115614800, m=0xfffff8014eee7600, ptype=<optimized out>) at /d2/hiren/freebsd/sys/dev/e1000/if_igb.c:4957 #23 has an mbuf while #22 has it null. Does this point to your hunch of "device-driver bugs involving modifications to the mbuf chain after submitting the mbuf to the network stack (e.g., due to concurrency bugs in the device driver)" ? OR something else is going on? -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"