Bug 204453

Summary: panic: vnic0: Received packet fragment with NULL mbuf from ThunderX VNIC driver
Product: Base System Reporter: Ed Maste <emaste>
Component: kernAssignee: Zbigniew Bodek <zbb>
Status: Closed FIXED    
Severity: Affects Only Me CC: zbb
Priority: --- Keywords: ThunderX, crash, needs-qa, patch
Version: CURRENTFlags: koobs: mfc-stable10?
koobs: mfc-stable9?
Hardware: arm64   
OS: Any   
URL: https://reviews.freebsd.org/D4234
Bug Depends on:    
Bug Blocks: 203349    

Description Ed Maste freebsd_committer 2015-11-11 02:21:55 UTC
I don't know how to reproduce, but this happened while I was installing packages from a fast local repository:

panic: vnic0: Received packet fragment with NULL mbuf

cpuid = 0
KDB: stack backtrace:
db_trace_self() at db_trace_self_wrapper+0x28
         pc = 0xffffff80005aa694  lr = 0xffffff8000071048
         sp = 0xffffff875119d540  fp = 0xffffff875119d660

db_trace_self_wrapper() at vpanic+0x170
         pc = 0xffffff8000071048  lr = 0xffffff80002b5db8
         sp = 0xffffff875119d670  fp = 0xffffff875119d6f0

vpanic() at panic+0x4c
         pc = 0xffffff80002b5db8  lr = 0xffffff80002b5c44
         sp = 0xffffff875119d700  fp = 0xffffff875119d780

panic() at nicvf_rb_ptr_to_mbuf+0x80
         pc = 0xffffff80002b5c44  lr = 0xffffff80005cc54c
         sp = 0xffffff875119d790  fp = 0xffffff875119d7b0

nicvf_rb_ptr_to_mbuf() at nicvf_cq_intr_handler+0x410
         pc = 0xffffff80005cc54c  lr = 0xffffff80005cc1c4
         sp = 0xffffff875119d7c0  fp = 0xffffff875119d870

nicvf_cq_intr_handler() at nicvf_cmp_task+0x20
         pc = 0xffffff80005cc1c4  lr = 0xffffff80005cbd1c
         sp = 0xffffff875119d880  fp = 0xffffff875119d8a0

nicvf_cmp_task() at taskqueue_run_locked+0x14c
         pc = 0xffffff80005cbd1c  lr = 0xffffff800030c8f8
         sp = 0xffffff875119d8b0  fp = 0xffffff875119d920

taskqueue_run_locked() at taskqueue_thread_loop+0x12c
         pc = 0xffffff800030c8f8  lr = 0xffffff800030da5c
         sp = 0xffffff875119d930  fp = 0xffffff875119d950

taskqueue_thread_loop() at fork_exit+0xb4
         pc = 0xffffff800030da5c  lr = 0xffffff800026f6b8
         sp = 0xffffff875119d960  fp = 0xffffff875119d990

fork_exit() at fork_trampoline+0x10
         pc = 0xffffff800026f6b8  lr = 0xffffff80005bc90c
         sp = 0xffffff875119d9a0  fp = 0x0000000000000000

KDB: enter: panic
[ thread pid 0 tid 100389 ]
Stopped at      kdb_enter+0x40:
Comment 1 Ed Maste freebsd_committer 2015-11-20 20:24:09 UTC
Workaround in review at https://reviews.freebsd.org/D4234
Comment 2 zbb 2016-03-03 17:36:10 UTC
Fixed here: https://reviews.freebsd.org/D5533
Comment 3 zbb 2016-03-12 07:35:03 UTC
Fixed here https://svnweb.freebsd.org/changeset/base/296601

I don't know how to close this bug now.
Comment 4 Ed Maste freebsd_committer 2016-03-15 02:28:19 UTC
Fixed in r296601