Date: Wed, 24 Apr 2019 15:16:49 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 237329] Panic in mld_fasttimo() during reboot or shutdown Message-ID: <bug-237329-7501-O7jCOfOoxf@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-237329-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-237329-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D237329 --- Comment #6 from Trond.Endrestol@ximalas.info --- Good news everyone! I've recompiled r346627 with options INVARIANTS and opt= ions INVARIANT_SUPPORT, and I simply wanted to return to singleuser mode when th= is happened. Unread portion of the kernel message buffer: <118>[797] Stopping rpcbind. <118>[797] Waiting for PIDS: 884. <118>[797] Stopping devd. <118>[797] Waiting for PIDS: 786. [797] panic: Assertion inm->in6m_ifp =3D=3D NULL failed at /usr/src/sys/netinet6/in6_var.h:794 [797] cpuid =3D 1 [797] time =3D 1556117159 [797] KDB: stack backtrace: [797] db_trace_self_wrapper() at 0xffffffff8059cf6b =3D db_trace_self_wrapper+0x2b/frame 0xfffffe00004e9340 [797] vpanic() at 0xffffffff808bb56d =3D vpanic+0x19d/frame 0xfffffe00004e9= 390 [797] panic() at 0xffffffff808bb333 =3D panic+0x43/frame 0xfffffe00004e93f0 [797] mld_set_version() at 0xffffffff80ad00a5 =3D mld_set_version+0x2a5/fra= me 0xfffffe00004e9450 [797] mld_input() at 0xffffffff80acdd0d =3D mld_input+0x2fd/frame 0xfffffe00004e9500 [797] icmp6_input() at 0xffffffff80aac86c =3D icmp6_input+0x41c/frame 0xfffffe00004e96a0 [797] ip6_input() at 0xffffffff80ac69ce =3D ip6_input+0xdde/frame 0xfffffe00004e9790 [797] netisr_dispatch_src() at 0xffffffff809db842 =3D netisr_dispatch_src+0xa2/frame 0xfffffe00004e9800 [797] ether_demux() at 0xffffffff809bfbf7 =3D ether_demux+0x157/frame 0xfffffe00004e9830 [797] ether_nh_input() at 0xffffffff809c1003 =3D ether_nh_input+0x403/frame 0xfffffe00004e9890 [797] netisr_dispatch_src() at 0xffffffff809db842 =3D netisr_dispatch_src+0xa2/frame 0xfffffe00004e9900 [797] ether_input() at 0xffffffff809c0063 =3D ether_input+0x73/frame 0xfffffe00004e9930 [797] t4_eth_rx() at 0xffffffff805fb8c8 =3D t4_eth_rx+0xa8/frame 0xfffffe00004e9950 [797] service_iq_fl() at 0xffffffff805fff4a =3D service_iq_fl+0x45a/frame 0xfffffe00004e99f0 [797] t4_intr() at 0xffffffff805ffadd =3D t4_intr+0x2d/frame 0xfffffe00004e= 9a10 [797] ithread_loop() at 0xffffffff8087ee97 =3D ithread_loop+0x187/frame 0xfffffe00004e9a70 [797] fork_exit() at 0xffffffff8087bb04 =3D fork_exit+0x84/frame 0xfffffe00004e9ab0 [797] fork_trampoline() at 0xffffffff80be002e =3D fork_trampoline+0xe/frame 0xfffffe00004e9ab0 [797] --- trap 0, rip =3D 0, rsp =3D 0, rbp =3D 0 --- [797] Uptime: 13m17s [797] Dumping 4546 out of 32705 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91% Here's the backtrace: (kgdb) bt #0 __curthread () at /usr/src/sys/amd64/include/pcpu.h:230 #1 doadump (textdump=3D1) at /usr/src/sys/kern/kern_shutdown.c:371 #2 0xffffffff808bb180 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:451 #3 0xffffffff808bb5c9 in vpanic (fmt=3D<optimized out>, ap=3D<optimized ou= t>) at /usr/src/sys/kern/kern_shutdown.c:877 #4 0xffffffff808bb333 in panic (fmt=3D<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:804 #5 0xffffffff80ad00a5 in in6m_rele_locked (inmh=3D<optimized out>, inm=3D<optimized out>) at /usr/src/sys/netinet6/in6_var.h:794 #6 mld_v2_cancel_link_timers (mli=3D<optimized out>) at /usr/src/sys/netinet6/mld6.c:1707 #7 mld_set_version (mli=3D<optimized out>, version=3D<optimized out>) at /usr/src/sys/netinet6/mld6.c:1650 #8 0xffffffff80acdd0d in mld_v1_input_query (ifp=3D<optimized out>, ip6=3D<optimized out>, mld=3D<optimized out>) at /usr/src/sys/netinet6/mld6= .c:699 #9 mld_input (m=3D<optimized out>, off=3D<optimized out>, icmp6len=3D<opti= mized out>) at /usr/src/sys/netinet6/mld6.c:1292 #10 0xffffffff80aac86c in icmp6_input (mp=3D<optimized out>, offp=3D0xfffffe00004e96ec, proto=3D<optimized out>) at /usr/src/sys/netinet6/icmp6.c:622 #11 0xffffffff80ac69ce in ip6_input (m=3D0xfffff80011dde800) at /usr/src/sys/netinet6/ip6_input.c:964 #12 0xffffffff809db842 in netisr_dispatch_src (proto=3D6, source=3D<optimiz= ed out>, m=3D<unavailable>) at /usr/src/sys/net/netisr.c:1122 #13 0xffffffff809bfbf7 in ether_demux (ifp=3D0xfffff8000c8dd800, m=3D<unava= ilable>) at /usr/src/sys/net/if_ethersubr.c:874 #14 0xffffffff809c1003 in ether_input_internal (ifp=3D0xfffff8000c8dd800, m=3D<unavailable>) at /usr/src/sys/net/if_ethersubr.c:662 #15 ether_nh_input (m=3D<optimized out>) at /usr/src/sys/net/if_ethersubr.c= :692 #16 0xffffffff809db842 in netisr_dispatch_src (proto=3D5, source=3D<optimiz= ed out>, m=3D<unavailable>) at /usr/src/sys/net/netisr.c:1122 #17 0xffffffff809c0063 in ether_input (ifp=3D0xfffff8000c8dd800, m=3D0x0) at /usr/src/sys/net/if_ethersubr.c:782 #18 0xffffffff805fb8c8 in t4_eth_rx (iq=3D<optimized out>, rss=3D<optimized= out>, m0=3D0xfffff80011dde800) at /usr/src/sys/dev/cxgbe/t4_sge.c:2055 #19 0xffffffff805fff4a in service_iq_fl (iq=3D<optimized out>, budget=3D0) = at /usr/src/sys/dev/cxgbe/t4_sge.c:1692 #20 0xffffffff805ffadd in t4_intr (arg=3D0xfffffe0096b581c0) at /usr/src/sys/dev/cxgbe/t4_sge.c:1432 #21 0xffffffff8087ee97 in intr_event_execute_handlers (p=3D<optimized out>, ie=3D<optimized out>) at /usr/src/sys/kern/kern_intr.c:1129 #22 ithread_execute_handlers (p=3D<optimized out>, ie=3D<optimized out>) at /usr/src/sys/kern/kern_intr.c:1142 #23 ithread_loop (arg=3D<optimized out>) at /usr/src/sys/kern/kern_intr.c:1= 222 #24 0xffffffff8087bb04 in fork_exit (callout=3D0xffffffff8087ed10 <ithread_= loop>, arg=3D0xfffff8000c8c5300, frame=3D0xfffffe00004e9ac0) at /usr/src/sys/kern/kern_fork.c:1060 #25 <signal handler called> (kgdb) up (kgdb) up (kgdb) up (kgdb) up (kgdb) up #5 0xffffffff80ad00a5 in in6m_rele_locked (inmh=3D<optimized out>, inm=3D<optimized out>) at /usr/src/sys/netinet6/in6_var.h:794 794 MPASS(inm->in6m_ifp =3D=3D NULL); (kgdb) list 789 { 790 KASSERT(inm->in6m_refcount > 0, ("refcount =3D=3D %d inm: %= p", inm->in6m_refcount, inm)); 791 IN6_MULTI_LIST_LOCK_ASSERT(); 792 793 if (--inm->in6m_refcount =3D=3D 0) { 794 MPASS(inm->in6m_ifp =3D=3D NULL); 795 inm->in6m_ifma->ifma_protospec =3D NULL; 796 MPASS(inm->in6m_ifma->ifma_llifma =3D=3D NULL); 797 SLIST_INSERT_HEAD(inmh, inm, in6m_nrele); 798 } (kgdb) up #6 mld_v2_cancel_link_timers (mli=3D<optimized out>) at /usr/src/sys/netinet6/mld6.c:1707 1707 in6m_rele_locked(&inmh, inm); (kgdb) list 1702 /* 1703 * If we are leaving the group and switching 1704 * version, we need to release the final 1705 * reference held for issuing the INCLUDE {= }. 1706 */ 1707 in6m_rele_locked(&inmh, inm); 1708 /* FALLTHROUGH */ 1709 case MLD_G_QUERY_PENDING_MEMBER: 1710 case MLD_SG_QUERY_PENDING_MEMBER: 1711 in6m_clear_recorded(inm); (kgdb) print inmh $2 =3D {slh_first =3D 0x0} (kgdb) print &inmh $3 =3D (struct in6_multi_head *) 0xfffffe00004e9428 (kgdb) print inm $4 =3D (struct in6_multi *) 0xfffff800382a3100 (kgdb) print *inm $5 =3D {in6m_addr =3D {__u6_addr =3D {__u6_addr8 =3D "\377\002\000\002\000\000\000\000\000\000\000\000\000\000\002\002", __u6_ad= dr16 =3D {767, 512, 0, 0, 0, 0, 0, 514}, __u6_addr32 =3D {33555199, 0, 0, 336855= 04}}}, in6m_ifp =3D 0xfffff8000c8dd800, in6m_ifma =3D 0xfffff8003372d100, in6m_refcount =3D 0, in6m_state =3D 9, in6m_timer =3D 0, in6m_mli =3D 0xfffff80011df1700, in6m_nrele =3D {sle_next =3D 0x0}, in6m_defer =3D {sle_= next =3D 0x0}, in6m_srcs =3D {rbh_root =3D 0x0}, in6m_nsrc =3D 0, in6m_scq =3D {mq_h= ead =3D {stqh_first =3D 0xfffff801939f2d00, stqh_last =3D 0xfffff801939f2d08}, mq_len =3D 1, mq_maxlen =3D 24}, in6m_lastgsrtv =3D {tv_sec =3D 0, tv_usec =3D 0}, in6m_sctimer =3D 7, in6m_= scrv =3D 1, in6m_st =3D {{iss_fmode =3D 0, iss_asm =3D 0, iss_ex =3D 0, iss_in =3D 0, i= ss_rec =3D 0}, {iss_fmode =3D 0, iss_asm =3D 0, iss_ex =3D 0, iss_in =3D 0, iss_rec =3D 0}}} (kgdb) print inm->in6m_ifp $6 =3D (struct ifnet *) 0xfffff8000c8dd800 (kgdb) print *inm->in6m_ifp $7 =3D {if_link =3D {cstqe_next =3D 0xfffff8000c93a800}, if_clones =3D {le_= next =3D 0x0, le_prev =3D 0x0}, if_groups =3D {cstqh_first =3D 0xfffff8000c8db300, cstqh_= last =3D 0xfffff8000c8db308}, if_alloctype =3D 6 '\006', if_softc =3D 0xfffff8000c8b= 1a00, if_llsoftc =3D 0x0, if_l2com =3D 0x0, if_dname =3D 0xfffff8000c397558 "cc", if_dunit =3D 0, if_index =3D 2, if_index_reserved =3D 0, if_xname =3D "cc0", '\000' <repeats 12 times>, if_description =3D 0x0, if_flags =3D 34819, if_drv_flags =3D 64, if_capabil= ities =3D 49072059, if_capenable =3D 49022907, if_linkmib =3D 0x0, if_linkmiblen =3D 0, if_refcount =3D 1, if_type =3D 6 '\006', if_addrlen = =3D 6 '\006', if_hdrlen =3D 14 '\016', if_link_state =3D 2 '\002', if_mtu =3D 150= 0, if_metric =3D 0, if_baudrate =3D 10000000000, if_hwassist =3D 5655, if_epoc= h =3D 1, if_lastchange =3D {tv_sec =3D 1556116386, tv_usec =3D 478762}, if_snd =3D {ifq_head =3D 0x0, ifq_tail =3D 0x0, if= q_len =3D 0, ifq_maxlen =3D 50, ifq_mtx =3D {lock_object =3D {lo_name =3D 0xfffff8000c8d= d858 "cc0", lo_flags =3D 16973824, lo_data =3D 0, lo_witness =3D 0x0}, mtx_lock =3D 0}, ifq_drv_head =3D 0x0, ifq_drv_tail =3D 0x0, ifq_drv_len =3D 0, ifq_drv_maxlen =3D 0, altq_type =3D 0, altq_flags = =3D 0, altq_disc =3D 0x0, altq_ifp =3D 0xfffff8000c8dd800, altq_enqueue =3D 0x0, altq_dequeue =3D 0x0, altq_request =3D 0x0, altq_clfier =3D 0x0, altq_class= ify =3D 0x0, altq_tbr =3D 0x0, altq_cdnr =3D 0x0}, if_linktask =3D { ta_link =3D {stqe_next =3D 0x0}, ta_pending =3D 0, ta_priority =3D 0, t= a_func =3D 0xffffffff809b4810 <do_link_state_change>, ta_context =3D 0xfffff8000c8dd80= 0}, if_addr_lock =3D {lock_object =3D {lo_name =3D 0xffffffff80cd0ca1 "if_addr_= lock", lo_flags =3D 16973824, lo_data =3D 0, lo_witness =3D 0x0}, mtx_lock =3D 18446735277827061120}, if_addrhead = =3D {cstqh_first =3D 0xfffff8000c8dad00, cstqh_last =3D 0xfffff8003376f228}, if_multiaddrs =3D {cstqh_first =3D 0xfffff8003372d100, cstqh_last =3D 0xfffff80028b7b700}, if_amcount =3D 0, if_addr =3D 0xfffff8000c8dad00, if_hw_addr =3D 0xfffff8000c8dab00, if_broadcastaddr =3D 0xffffffff80e6b8f0 <etherbroadcastaddr> "\377\377\377\377\377\377", if_afdata_lock =3D {lock_o= bject =3D {lo_name =3D 0xffffffff80d406b2 "if_afdata", lo_flags =3D 16973824, lo_= data =3D 0, lo_witness =3D 0x0}, mtx_lock =3D 0}, if_afdata =3D {0x0, 0x0, 0xfffff80011e03900, 0x0 <repeats 25 times>, 0xfffff80011e03300, 0x0 <repeats 13 times>}, if_afdata_initialized =3D 2, i= f_fib =3D 0, if_vnet =3D 0xfffff800035ccd00, if_home_vnet =3D 0xfffff800035ccd00, if_vlantrunk =3D 0x0, if_bpf =3D 0xfffff8000c8da500, if_pcount =3D 0, if_bridge =3D 0x0, if_lagg =3D 0x0, if_pf_kif =3D 0x0, i= f_carp =3D 0x0, if_label =3D 0x0, if_netmap =3D 0x0, if_output =3D 0xffffffff809bf2b0 <ether_output>, if_input =3D 0xffffffff809bfff0 <ether_input>, if_bridge_in= put =3D 0x0, if_bridge_output =3D 0x0, if_bridge_linkstate =3D 0x0, if_start =3D 0x0, if_ioctl =3D 0xffffffff805= ed8c0 <cxgbe_ioctl>, if_init =3D 0xffffffff805ed760 <cxgbe_init>, if_resolvemulti= =3D 0xffffffff809c0110 <ether_resolvemulti>, if_qflush =3D 0xffffffff805ee760 <cxgbe_qflush>, if_transmit =3D 0xffffffff805ee610 <cxgbe_transmit>, if_reassign =3D 0xffffffff809c0300 <ether_reassign>, if_get_counter =3D 0xffffffff805e1770 <cxgbe_get_counter>, if_requestencap =3D 0xffffffff809c0230 <ether_requeste= ncap>, if_counters =3D {0xfffffe00004cdd10, 0xfffffe00004cdd00, 0xfffffe00004cdcf0, 0xfffffe00004cdce0, 0xfffffe00004cdcd0, 0xfffffe00004cdcc0, 0xfffffe00004cdcb0, 0xfffffe00004cd= ca0, 0xfffffe00004cdc90, 0xfffffe00004cdc80, 0xfffffe00004cdc70, 0xfffffe00004cdc60}, if_hw_tsomax =3D 65535, if_hw_tsomaxsegcount =3D 38, if_hw_tsomaxsegsize =3D 65536, if_snd_tag_al= loc =3D 0x0, if_snd_tag_modify =3D 0x0, if_snd_tag_query =3D 0x0, if_snd_tag_free = =3D 0x0, if_pcp =3D 255 '\377', if_netdump_methods =3D 0x0, if_epoch_ctx =3D {data = =3D {0x0, 0x0}}, if_unused =3D {0x0, 0x0, 0x0, 0x0}, if_ispare =3D {0, 0, 0, 0}} Please let me know if you need anything else from the dump. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-237329-7501-O7jCOfOoxf>