Date: Mon, 21 Jan 2019 21:29:07 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 235097] ci runs failing with panic in IPv6 code with use-after-free in epair/pfctl when running sys/netpfil/pf/nat tests Message-ID: <bug-235097-7501-2mshTUOw4O@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-235097-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-235097-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D235097 --- Comment #2 from Kristof Provost <kp@freebsd.org> --- It seems to be pretty non-deterministic.=20 I've just now produced this panic: panic: Memory modified after free 0xfffffe00a4442ac0(8) val=3Ddeadc0df @ 0xfffffe00a4442ac0 cpuid =3D 4 time =3D 1548105766 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe009ddff= 2d0 vpanic() at vpanic+0x1b4/frame 0xfffffe009ddff330 panic() at panic+0x43/frame 0xfffffe009ddff390 trash_ctor() at trash_ctor+0x4c/frame 0xfffffe009ddff3a0 uma_zalloc_arg() at uma_zalloc_arg+0x9ff/frame 0xfffffe009ddff430 uma_zalloc_pcpu_arg() at uma_zalloc_pcpu_arg+0x23/frame 0xfffffe009ddff460 bpfopen() at bpfopen+0x8f/frame 0xfffffe009ddff4a0 devfs_open() at devfs_open+0x134/frame 0xfffffe009ddff510 VOP_OPEN_APV() at VOP_OPEN_APV+0x60/frame 0xfffffe009ddff530 vn_open_vnode() at vn_open_vnode+0x1b1/frame 0xfffffe009ddff5d0 vn_open_cred() at vn_open_cred+0x34c/frame 0xfffffe009ddff720 kern_openat() at kern_openat+0x1fd/frame 0xfffffe009ddff890 amd64_syscall() at amd64_syscall+0x276/frame 0xfffffe009ddff9b0 fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe009ddff9b0 --- syscall (499, FreeBSD ELF64, sys_openat), rip =3D 0x80061e3ca, rsp =3D 0x7fffffffa918, rbp =3D 0x7fffffffa990 --- KDB: enter: panic [ thread pid 5254 tid 100499 ] Stopped at kdb_enter+0x3b: movq $0,kdb_why MY current thinking is that it's more fallout of the epochification work do= ne recently. Something's still being used after being released and depending on the timing of that we get different panics. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-235097-7501-2mshTUOw4O>