Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 21 Feb 2021 19:46:53 +0000
From:      bugzilla-noreply@freebsd.org
To:        net@FreeBSD.org
Subject:   [Bug 253587] iflib (?): reproducible mbuf-related crashes
Message-ID:  <bug-253587-7501-89bmU6EW56@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-253587-7501@https.bugs.freebsd.org/bugzilla/>
References:  <bug-253587-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253587

--- Comment #6 from Kamigishi Rei <spambox@haruhiism.net> ---
With pf and ipfw inactive and without a bridge present (pf and if_bridge are
compiled into the kernel), IPv6 traffic from outside via igb0 to a LAN host=
 via
igb1:

Unread portion of the kernel message buffer:
panic: Assertion m->m_nextpkt =3D=3D NULL failed at /usr/src/sys/net/iflib.=
c:4089
cpuid =3D 3
time =3D 1613936205
KDB: stack backtrace:
#0 0xffffffff807fcfe5 at kdb_backtrace+0x65
#1 0xffffffff807b2cd1 at vpanic+0x181
#2 0xffffffff807b2aa3 at panic+0x43
#3 0xffffffff808f15db at iflib_if_transmit+0x15b
#4 0xffffffff808d751b at ether_output_frame+0xab
#5 0xffffffff808d7421 at ether_output+0x6b1
#6 0xffffffff80984025 at nd6_flush_holdchain+0x35
#7 0xffffffff80987950 at nd6_na_input+0x5a0
#8 0xffffffff8095cc0e at icmp6_input+0xb3e
#9 0xffffffff80976009 at ip6_input+0xe89
#10 0xffffffff808f4491 at netisr_dispatch_src+0xb1
#11 0xffffffff808d76be at ether_demux+0x17e
#12 0xffffffff808d8d4c at ether_nh_input+0x40c
#13 0xffffffff808f4491 at netisr_dispatch_src+0xb1
#14 0xffffffff808d7bb1 at ether_input+0xa1
#15 0xffffffff808f0556 at iflib_rxeof+0xe06
#16 0xffffffff808ea0ca at _task_fn_rx+0x7a
#17 0xffffffff807fb977 at gtaskqueue_run_locked+0xa7
Uptime: 1m8s
Dumping 357 out of 4051 MB:..5%..14%..23%..32%..41%..54%..63%..72%..81%..95%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55              __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru=
ct
pcpu,
(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown=
.c:399
#2  0xffffffff807b28fb in kern_reboot (howto=3D260) at
/usr/src/sys/kern/kern_shutdown.c:486
#3  0xffffffff807b2d40 in vpanic (fmt=3D<optimized out>, ap=3D<optimized ou=
t>) at
/usr/src/sys/kern/kern_shutdown.c:919
#4  0xffffffff807b2aa3 in panic (fmt=3D<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:843
#5  0xffffffff808f15db in iflib_if_transmit (ifp=3D0xfffff800026ac800,
m=3D0xfffff800237adc00) at /usr/src/sys/net/iflib.c:4089
#6  0xffffffff808d751b in ether_output_frame (ifp=3Difp@entry=3D0xfffff8000=
26ac800,
m=3D<unavailable>) at /usr/src/sys/net/if_ethersubr.c:511
#7  0xffffffff808d7421 in ether_output (ifp=3D<optimized out>, m=3D<unavail=
able>,
dst=3D0xfffffe0007f8d408, ro=3D<optimized out>) at
/usr/src/sys/net/if_ethersubr.c:438
#8  0xffffffff80984025 in nd6_flush_holdchain
(ifp=3Difp@entry=3D0xfffff800026ac800, chain=3D<optimized out>,
dst=3Ddst@entry=3D0xfffffe0007f8d408) at /usr/src/sys/netinet6/nd6.c:2463
#9  0xffffffff80987950 in nd6_na_input (m=3Dm@entry=3D0xfffff800232ee800,
off=3D<optimized out>, off@entry=3D40, icmp6len=3D<optimized out>, icmp6len=
@entry=3D32)
at /usr/src/sys/netinet6/nd6_nbr.c:909
#10 0xffffffff8095cc0e in icmp6_input (mp=3D0xfffffe0007f8d778, mp@entry=3D=
<error
reading variable: value is not available>, offp=3D0xfffffe0007f8d770,
    offp@entry=3D<error reading variable: value is not available>,
proto=3D<unavailable>, proto@entry=3D<error reading variable: value is not
available>) at /usr/src/sys/netinet6/icmp6.c:817
#11 0xffffffff80976009 in ip6_input (m=3D0xfffff800232ee800, m@entry=3D<err=
or
reading variable: value is not available>) at
/usr/src/sys/netinet6/ip6_input.c:930
#12 0xffffffff808f4491 in netisr_dispatch_src (proto=3D6, source=3Dsource@e=
ntry=3D0,
m=3D0xfffff800232ee800) at /usr/src/sys/net/netisr.c:1143
#13 0xffffffff808f47df in netisr_dispatch (proto=3D<unavailable>,
m=3D<unavailable>) at /usr/src/sys/net/netisr.c:1234
#14 0xffffffff808d76be in ether_demux (ifp=3Difp@entry=3D0xfffff800026ac800,
m=3D<unavailable>) at /usr/src/sys/net/if_ethersubr.c:923
#15 0xffffffff808d8d4c in ether_input_internal (ifp=3D0xfffff800026ac800,
m=3D<unavailable>) at /usr/src/sys/net/if_ethersubr.c:709
#16 ether_nh_input (m=3D<optimized out>, m@entry=3D<error reading variable:=
 value
is not available>) at /usr/src/sys/net/if_ethersubr.c:739
#17 0xffffffff808f4491 in netisr_dispatch_src (proto=3Dproto@entry=3D5,
source=3Dsource@entry=3D0, m=3Dm@entry=3D0xfffff800232ee800) at
/usr/src/sys/net/netisr.c:1143
#18 0xffffffff808f47df in netisr_dispatch (proto=3D<unavailable>, proto@ent=
ry=3D5,
m=3D<unavailable>, m@entry=3D0xfffff800232ee800) at /usr/src/sys/net/netisr=
.c:1234
#19 0xffffffff808d7bb1 in ether_input (ifp=3D0xfffff800026ac800,
m=3D0xfffff800232ee800) at /usr/src/sys/net/if_ethersubr.c:830
#20 0xffffffff808f0556 in iflib_rxeof (rxq=3D<optimized out>,
rxq@entry=3D0xfffff800026ac300, budget=3D<optimized out>) at
/usr/src/sys/net/iflib.c:3008
#21 0xffffffff808ea0ca in _task_fn_rx (context=3D0xfffff800026ac300) at
/usr/src/sys/net/iflib.c:3951
#22 0xffffffff807fb977 in gtaskqueue_run_locked
(queue=3Dqueue@entry=3D0xfffff80002423100) at
/usr/src/sys/kern/subr_gtaskqueue.c:371
#23 0xffffffff807fb774 in gtaskqueue_thread_loop
(arg=3Darg@entry=3D0xfffffe0008d54050) at /usr/src/sys/kern/subr_gtaskqueue=
.c:547
#24 0xffffffff8076efb0 in fork_exit (callout=3D0xffffffff807fb6e0
<gtaskqueue_thread_loop>, arg=3D0xfffffe0008d54050, frame=3D0xfffffe0007f8d=
c00) at
/usr/src/sys/kern/kern_fork.c:1069
#25 <signal handler called>

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-253587-7501-89bmU6EW56>