Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 21 Jan 2019 21:29:07 +0000
From:      bugzilla-noreply@freebsd.org
To:        net@FreeBSD.org
Subject:   [Bug 235097] ci runs failing with panic in IPv6 code with use-after-free in epair/pfctl when running sys/netpfil/pf/nat tests
Message-ID:  <bug-235097-7501-2mshTUOw4O@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-235097-7501@https.bugs.freebsd.org/bugzilla/>
References:  <bug-235097-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235097

--- Comment #2 from Kristof Provost <kp@freebsd.org> ---
It seems to be pretty non-deterministic. 

I've just now produced this panic:
panic: Memory modified after free 0xfffffe00a4442ac0(8) val=deadc0df @
0xfffffe00a4442ac0

cpuid = 4
time = 1548105766
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe009ddff2d0
vpanic() at vpanic+0x1b4/frame 0xfffffe009ddff330
panic() at panic+0x43/frame 0xfffffe009ddff390
trash_ctor() at trash_ctor+0x4c/frame 0xfffffe009ddff3a0
uma_zalloc_arg() at uma_zalloc_arg+0x9ff/frame 0xfffffe009ddff430
uma_zalloc_pcpu_arg() at uma_zalloc_pcpu_arg+0x23/frame 0xfffffe009ddff460
bpfopen() at bpfopen+0x8f/frame 0xfffffe009ddff4a0
devfs_open() at devfs_open+0x134/frame 0xfffffe009ddff510
VOP_OPEN_APV() at VOP_OPEN_APV+0x60/frame 0xfffffe009ddff530
vn_open_vnode() at vn_open_vnode+0x1b1/frame 0xfffffe009ddff5d0
vn_open_cred() at vn_open_cred+0x34c/frame 0xfffffe009ddff720
kern_openat() at kern_openat+0x1fd/frame 0xfffffe009ddff890
amd64_syscall() at amd64_syscall+0x276/frame 0xfffffe009ddff9b0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe009ddff9b0
--- syscall (499, FreeBSD ELF64, sys_openat), rip = 0x80061e3ca, rsp =
0x7fffffffa918, rbp = 0x7fffffffa990 ---
KDB: enter: panic
[ thread pid 5254 tid 100499 ]
Stopped at      kdb_enter+0x3b: movq    $0,kdb_why

MY current thinking is that it's more fallout of the epochification work done
recently. Something's still being used after being released and depending on
the timing of that we get different panics.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-235097-7501-2mshTUOw4O>