[Bug 240608] [iflib] [panic] with INVARIANTS: Memory modified after free (12.1-pre-QA)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Sep 16 07:45:32 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240608
Bug ID: 240608
Summary: [iflib] [panic] with INVARIANTS: Memory modified after
free (12.1-pre-QA)
Product: Base System
Version: 12.0-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: bugzilla.freebsd at omnilan.de
Hello,
testing 12.1-PRERELEASE updates with debug kernel on cold-standby hardware
revealed some unexpected panics related to iflib.
Not sure if I shall file individual bug reports or collect them here in one
report.
Need to collect the others one after another, so let's start here with the most
unexpected, happened during traffic test utilizing if_vmx(4):
panic: Memory modified after free 0xfffff801381d0000(2048) val=0 @
0xfffff801381d0000
cpuid = 0
time = 1568618749
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0041352670
vpanic() at vpanic+0x19d/frame 0xfffffe00413526c0
panic() at panic+0x43/frame 0xfffffe0041352720
trash_ctor() at trash_ctor+0x49/frame 0xfffffe0041352730
mb_ctor_clust() at mb_ctor_clust+0x18/frame 0xfffffe0041352760
uma_zalloc_arg() at uma_zalloc_arg+0x8a0/frame 0xfffffe00413527e0
m_cljget() at m_cljget+0x8a/frame 0xfffffe0041352810
_iflib_fl_refill() at _iflib_fl_refill+0x2f1/frame 0xfffffe0041352900
_task_fn_rx() at _task_fn_rx+0xb29/frame 0xfffffe00413529f0
gtaskqueue_run_locked() at gtaskqueue_run_locked+0xf9/frame 0xfffffe0041352a40
gtaskqueue_thread_loop() at gtaskqueue_thread_loop+0x88/frame
0xfffffe0041352a70
fork_exit() at fork_exit+0x84/frame 0xfffffe0041352ab0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0041352ab0
#9 0xffffffff805cf4ca in vpanic (fmt=<value optimized out>, ap=<value
optimized out>)
at /usr/local/share/deploy-tools/RELENG_12/src/sys/kern/kern_shutdown.c:866
#10 0xffffffff805cf273 in panic (fmt=<value optimized out>)
at /usr/local/share/deploy-tools/RELENG_12/src/sys/kern/kern_shutdown.c:804
#11 0xffffffff808da039 in trash_ctor (mem=<value optimized out>, size=<value
optimized out>)
at /usr/local/share/deploy-tools/RELENG_12/src/sys/vm/uma_dbg.c:82
#12 0xffffffff805b2b08 in mb_ctor_clust (mem=0xfffff801381d0000, size=2048,
arg=0x0, how=<value optimized out>)
at /usr/local/share/deploy-tools/RELENG_12/src/sys/kern/kern_mbuf.c:702
#13 0xffffffff808d5030 in uma_zalloc_arg (zone=<value optimized out>,
udata=0x0, flags=1)
at /usr/local/share/deploy-tools/RELENG_12/src/sys/vm/uma_core.c:2506
#14 0xffffffff805b18fa in m_cljget (m=0x0, how=1, size=2048)
at /usr/local/share/deploy-tools/RELENG_12/src/sys/kern/kern_mbuf.c:956
#15 0xffffffff80703e41 in _iflib_fl_refill (ctx=0xfffff800028ec800,
fl=0xfffff8000293eac0, count=<value optimized out>)
at /usr/local/share/deploy-tools/RELENG_12/src/sys/net/iflib.c:2025
#16 0xffffffff806fea59 in _task_fn_rx (context=0xfffff8000293d000)
at /usr/local/share/deploy-tools/RELENG_12/src/sys/net/iflib.c:2117
#17 0xffffffff80616539 in gtaskqueue_run_locked (queue=0xfffff80002360a00)
at
/usr/local/share/deploy-tools/RELENG_12/src/sys/kern/subr_gtaskqueue.c:378
#18 0xffffffff806162f8 in gtaskqueue_thread_loop (arg=<value optimized out>)
at
/usr/local/share/deploy-tools/RELENG_12/src/sys/kern/subr_gtaskqueue.c:559
#19 0xffffffff80596274 in fork_exit (callout=0xffffffff80616270
<gtaskqueue_thread_loop>, arg=0xfffffe000029b008,
frame=0xfffffe0041352ac0) at
/usr/local/share/deploy-tools/RELENG_12/src/sys/kern/kern_fork.c:1065
#20 0xffffffff80912c6e in fork_trampoline () at
/usr/local/share/deploy-tools/RELENG_12/src/sys/amd64/amd64/exception.S:1077
#21 0x0000000000000000 in ?? ()
Hope someone can use that information. Happily providing more info on request.
Guess I'd better open individual bug reports...
Thanks,
-harry
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list