[Bug 256439] kernel panic on FreeBSD 13.0-RELEASE

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 256439] kernel panic"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 09 Jun 2021 13:48:04 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256439

Mark Johnston <markj@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|bugs@FreeBSD.org            |net@FreeBSD.org

--- Comment #17 from Mark Johnston <markj@FreeBSD.org> ---
Thanks, this helps.

So we're getting #GP in the bridge transmit code, seemingly because the mbuf
was freed at some point.  With INVARIANTS enabled, UMA trashing makes the panic
deterministic, all stacks look like this:

#7  <signal handler called>
#8  bridge_rthash (sc=0xfffff8000fdca400, addr=0xdeadc0dedeadc0de <error:
Cannot access memory at address 0xdeadc0dedeadc0de>)
    at /freebsdsrc/sys/net/if_bridge.c:2970
#9  bridge_rtnode_lookup (sc=sc@entry=0xfffff8000fdca400,
addr=addr@entry=0xdeadc0dedeadc0de <error: Cannot access memory at address
0xdeadc0dedeadc0de>, 
    vlan=vlan@entry=1) at /freebsdsrc/sys/net/if_bridge.c:3011
#10 0xffffffff82b2d3b2 in bridge_rtlookup (sc=0xfffff8000fdca400,
addr=0xdeadc0dedeadc0de <error: Cannot access memory at address
0xdeadc0dedeadc0de>, 
    vlan=1) at /freebsdsrc/sys/net/if_bridge.c:2769
#11 bridge_transmit (ifp=0xfffff8000f92b000, m=0xfffff800233f5000) at
/freebsdsrc/sys/net/if_bridge.c:2170
#12 0xffffffff80d1bb1b in ether_output_frame (ifp=ifp@entry=0xfffff8000f92b000,
m=0x0) at /freebsdsrc/sys/net/if_ethersubr.c:511
#13 0xffffffff80d1ba21 in ether_output (ifp=<optimized out>, m=0x0,
dst=0xfffffe00351795a0, ro=<optimized out>) at
/freebsdsrc/sys/net/if_ethersubr.c:438
#14 0xffffffff80db199f in ip_output_send (inp=inp@entry=0x0,
ifp=0xffffffff81d38ef0 <w_locklistdata+276896>, ifp@entry=0xfffff8000f92b000, 
    m=m@entry=0xfffff80023804e00, gw=gw@entry=0xfffffe00351795a0, ro=0x246,
ro@entry=0x0, stamp_tag=<optimized out>)
    at /freebsdsrc/sys/netinet/ip_output.c:275
#15 0xffffffff80db1655 in ip_output (m=m@entry=0xfffff80023804e00,
opt=opt@entry=0x0, ro=<optimized out>, ro@entry=0x0, flags=<optimized out>, 
    flags@entry=0, imo=imo@entry=0x0, inp=<optimized out>, inp@entry=0x0) at
/freebsdsrc/sys/netinet/ip_output.c:812
#16 0xffffffff80dabf8a in icmp_send (m=0xfffff80023804e00, opts=0x0) at
/freebsdsrc/sys/netinet/ip_icmp.c:1017
#17 icmp_reflect (m=<optimized out>, m@entry=0xfffff80023804e00) at
/freebsdsrc/sys/netinet/ip_icmp.c:929
#18 0xffffffff80dab9ce in icmp_error (n=0xfffff80023804b00, type=type@entry=5,
code=<optimized out>, code@entry=1, dest=0, mtu=<optimized out>, mtu@entry=0)
    at /freebsdsrc/sys/netinet/ip_icmp.c:393
#19 0xffffffff80daafd7 in ip_tryforward (m=<optimized out>,
m@entry=0xfffff8007db10c00) at /freebsdsrc/sys/netinet/ip_fastfwd.c:511
#20 0xffffffff80dad930 in ip_input (m=0xfffff8007db10c00) at
/freebsdsrc/sys/netinet/ip_input.c:579
#21 0xffffffff80d38b31 in netisr_dispatch_src (proto=1, source=source@entry=0,
m=0xfffff8007db10c00) at /freebsdsrc/sys/net/netisr.c:1143
#22 0xffffffff80d38e7f in netisr_dispatch (proto=2177714816, m=0x1) at
/freebsdsrc/sys/net/netisr.c:1234
#23 0xffffffff80d1bcbe in ether_demux (ifp=ifp@entry=0xfffff8000f92b000, m=0x0)
at /freebsdsrc/sys/net/if_ethersubr.c:923
#24 0xffffffff80d1d371 in ether_input_internal (ifp=0xfffff8000f92b000, m=0x0)
at /freebsdsrc/sys/net/if_ethersubr.c:709
#25 ether_nh_input (m=<optimized out>) at
/freebsdsrc/sys/net/if_ethersubr.c:739
#26 0xffffffff80d38b31 in netisr_dispatch_src (proto=proto@entry=5,
source=source@entry=0, m=m@entry=0xfffff8007db10c00) at
/freebsdsrc/sys/net/netisr.c:1143
#27 0xffffffff80d38e7f in netisr_dispatch (proto=2177714816, proto@entry=5,
m=0x1, m@entry=0xfffff8007db10c00) at /freebsdsrc/sys/net/netisr.c:1234
#28 0xffffffff80d1c1b1 in ether_input (ifp=0xfffff80003ec3800,
m=0xfffff8007db10c00) at /freebsdsrc/sys/net/if_ethersubr.c:830
#29 0xffffffff80d34bf7 in iflib_rxeof (rxq=<optimized out>,
rxq@entry=0xfffff80003ec3000, budget=<optimized out>) at
/freebsdsrc/sys/net/iflib.c:3006
#30 0xffffffff80d2e76a in _task_fn_rx (context=0xfffff80003ec3000) at
/freebsdsrc/sys/net/iflib.c:3949
#31 0xffffffff80c439e7 in gtaskqueue_run_locked
(queue=queue@entry=0xfffff800039af300) at
/freebsdsrc/sys/kern/subr_gtaskqueue.c:371
#32 0xffffffff80c437e4 in gtaskqueue_thread_loop
(arg=arg@entry=0xfffffe0038ff2008) at
/freebsdsrc/sys/kern/subr_gtaskqueue.c:547
#33 0xffffffff80bb6120 in fork_exit (callout=0xffffffff80c43750
<gtaskqueue_thread_loop>, arg=0xfffffe0038ff2008, frame=0xfffffe0035179c00)

-- 
You are receiving this mail because:
You are the assignee for the bug.