Date: Mon, 16 Sep 2019 07:45:31 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 240608] [iflib] [panic] with INVARIANTS: Memory modified after free (12.1-pre-QA) Message-ID: <bug-240608-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240608 Bug ID: 240608 Summary: [iflib] [panic] with INVARIANTS: Memory modified after free (12.1-pre-QA) Product: Base System Version: 12.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: bugzilla.freebsd@omnilan.de Hello, testing 12.1-PRERELEASE updates with debug kernel on cold-standby hardware revealed some unexpected panics related to iflib. Not sure if I shall file individual bug reports or collect them here in one report. Need to collect the others one after another, so let's start here with the = most unexpected, happened during traffic test utilizing if_vmx(4): panic: Memory modified after free 0xfffff801381d0000(2048) val=3D0 @ 0xfffff801381d0000 cpuid =3D 0 time =3D 1568618749 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0041352= 670 vpanic() at vpanic+0x19d/frame 0xfffffe00413526c0 panic() at panic+0x43/frame 0xfffffe0041352720 trash_ctor() at trash_ctor+0x49/frame 0xfffffe0041352730 mb_ctor_clust() at mb_ctor_clust+0x18/frame 0xfffffe0041352760 uma_zalloc_arg() at uma_zalloc_arg+0x8a0/frame 0xfffffe00413527e0 m_cljget() at m_cljget+0x8a/frame 0xfffffe0041352810 _iflib_fl_refill() at _iflib_fl_refill+0x2f1/frame 0xfffffe0041352900 _task_fn_rx() at _task_fn_rx+0xb29/frame 0xfffffe00413529f0 gtaskqueue_run_locked() at gtaskqueue_run_locked+0xf9/frame 0xfffffe0041352= a40 gtaskqueue_thread_loop() at gtaskqueue_thread_loop+0x88/frame 0xfffffe0041352a70 fork_exit() at fork_exit+0x84/frame 0xfffffe0041352ab0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0041352ab0 #9 0xffffffff805cf4ca in vpanic (fmt=3D<value optimized out>, ap=3D<value optimized out>) at /usr/local/share/deploy-tools/RELENG_12/src/sys/kern/kern_shutdown.c= :866 #10 0xffffffff805cf273 in panic (fmt=3D<value optimized out>) at /usr/local/share/deploy-tools/RELENG_12/src/sys/kern/kern_shutdown.c= :804 #11 0xffffffff808da039 in trash_ctor (mem=3D<value optimized out>, size=3D<= value optimized out>) at /usr/local/share/deploy-tools/RELENG_12/src/sys/vm/uma_dbg.c:82 #12 0xffffffff805b2b08 in mb_ctor_clust (mem=3D0xfffff801381d0000, size=3D2= 048, arg=3D0x0, how=3D<value optimized out>) at /usr/local/share/deploy-tools/RELENG_12/src/sys/kern/kern_mbuf.c:702 #13 0xffffffff808d5030 in uma_zalloc_arg (zone=3D<value optimized out>, udata=3D0x0, flags=3D1) at /usr/local/share/deploy-tools/RELENG_12/src/sys/vm/uma_core.c:2506 #14 0xffffffff805b18fa in m_cljget (m=3D0x0, how=3D1, size=3D2048) at /usr/local/share/deploy-tools/RELENG_12/src/sys/kern/kern_mbuf.c:956 #15 0xffffffff80703e41 in _iflib_fl_refill (ctx=3D0xfffff800028ec800, fl=3D0xfffff8000293eac0, count=3D<value optimized out>) at /usr/local/share/deploy-tools/RELENG_12/src/sys/net/iflib.c:2025 #16 0xffffffff806fea59 in _task_fn_rx (context=3D0xfffff8000293d000) at /usr/local/share/deploy-tools/RELENG_12/src/sys/net/iflib.c:2117 #17 0xffffffff80616539 in gtaskqueue_run_locked (queue=3D0xfffff80002360a00) at /usr/local/share/deploy-tools/RELENG_12/src/sys/kern/subr_gtaskqueue.c:378 #18 0xffffffff806162f8 in gtaskqueue_thread_loop (arg=3D<value optimized ou= t>) at /usr/local/share/deploy-tools/RELENG_12/src/sys/kern/subr_gtaskqueue.c:559 #19 0xffffffff80596274 in fork_exit (callout=3D0xffffffff80616270 <gtaskqueue_thread_loop>, arg=3D0xfffffe000029b008,=20 frame=3D0xfffffe0041352ac0) at /usr/local/share/deploy-tools/RELENG_12/src/sys/kern/kern_fork.c:1065 #20 0xffffffff80912c6e in fork_trampoline () at /usr/local/share/deploy-tools/RELENG_12/src/sys/amd64/amd64/exception.S:1077 #21 0x0000000000000000 in ?? () Hope someone can use that information. Happily providing more info on requ= est. Guess I'd better open individual bug reports... Thanks, -harry --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-240608-227>