Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 21 Jan 2019 21:29:07 +0000
From:      bugzilla-noreply@freebsd.org
To:        net@FreeBSD.org
Subject:   [Bug 235097] ci runs failing with panic in IPv6 code with use-after-free in epair/pfctl when running sys/netpfil/pf/nat tests
Message-ID:  <bug-235097-7501-2mshTUOw4O@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-235097-7501@https.bugs.freebsd.org/bugzilla/>
References:  <bug-235097-7501@https.bugs.freebsd.org/bugzilla/>

next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D235097

--- Comment #2 from Kristof Provost <kp@freebsd.org> ---
It seems to be pretty non-deterministic.=20

I've just now produced this panic:
panic: Memory modified after free 0xfffffe00a4442ac0(8) val=3Ddeadc0df @
0xfffffe00a4442ac0

cpuid =3D 4
time =3D 1548105766
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe009ddff=
2d0
vpanic() at vpanic+0x1b4/frame 0xfffffe009ddff330
panic() at panic+0x43/frame 0xfffffe009ddff390
trash_ctor() at trash_ctor+0x4c/frame 0xfffffe009ddff3a0
uma_zalloc_arg() at uma_zalloc_arg+0x9ff/frame 0xfffffe009ddff430
uma_zalloc_pcpu_arg() at uma_zalloc_pcpu_arg+0x23/frame 0xfffffe009ddff460
bpfopen() at bpfopen+0x8f/frame 0xfffffe009ddff4a0
devfs_open() at devfs_open+0x134/frame 0xfffffe009ddff510
VOP_OPEN_APV() at VOP_OPEN_APV+0x60/frame 0xfffffe009ddff530
vn_open_vnode() at vn_open_vnode+0x1b1/frame 0xfffffe009ddff5d0
vn_open_cred() at vn_open_cred+0x34c/frame 0xfffffe009ddff720
kern_openat() at kern_openat+0x1fd/frame 0xfffffe009ddff890
amd64_syscall() at amd64_syscall+0x276/frame 0xfffffe009ddff9b0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe009ddff9b0
--- syscall (499, FreeBSD ELF64, sys_openat), rip =3D 0x80061e3ca, rsp =3D
0x7fffffffa918, rbp =3D 0x7fffffffa990 ---
KDB: enter: panic
[ thread pid 5254 tid 100499 ]
Stopped at      kdb_enter+0x3b: movq    $0,kdb_why

MY current thinking is that it's more fallout of the epochification work do=
ne
recently. Something's still being used after being released and depending on
the timing of that we get different panics.

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-235097-7501-2mshTUOw4O>