Date: Mon, 16 Sep 2019 07:45:31 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 240608] [iflib] [panic] with INVARIANTS: Memory modified after free (12.1-pre-QA) Message-ID: <bug-240608-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240608 Bug ID: 240608 Summary: [iflib] [panic] with INVARIANTS: Memory modified after free (12.1-pre-QA) Product: Base System Version: 12.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: bugzilla.freebsd@omnilan.de Hello, testing 12.1-PRERELEASE updates with debug kernel on cold-standby hardware revealed some unexpected panics related to iflib. Not sure if I shall file individual bug reports or collect them here in one report. Need to collect the others one after another, so let's start here with the most unexpected, happened during traffic test utilizing if_vmx(4): panic: Memory modified after free 0xfffff801381d0000(2048) val=0 @ 0xfffff801381d0000 cpuid = 0 time = 1568618749 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0041352670 vpanic() at vpanic+0x19d/frame 0xfffffe00413526c0 panic() at panic+0x43/frame 0xfffffe0041352720 trash_ctor() at trash_ctor+0x49/frame 0xfffffe0041352730 mb_ctor_clust() at mb_ctor_clust+0x18/frame 0xfffffe0041352760 uma_zalloc_arg() at uma_zalloc_arg+0x8a0/frame 0xfffffe00413527e0 m_cljget() at m_cljget+0x8a/frame 0xfffffe0041352810 _iflib_fl_refill() at _iflib_fl_refill+0x2f1/frame 0xfffffe0041352900 _task_fn_rx() at _task_fn_rx+0xb29/frame 0xfffffe00413529f0 gtaskqueue_run_locked() at gtaskqueue_run_locked+0xf9/frame 0xfffffe0041352a40 gtaskqueue_thread_loop() at gtaskqueue_thread_loop+0x88/frame 0xfffffe0041352a70 fork_exit() at fork_exit+0x84/frame 0xfffffe0041352ab0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0041352ab0 #9 0xffffffff805cf4ca in vpanic (fmt=<value optimized out>, ap=<value optimized out>) at /usr/local/share/deploy-tools/RELENG_12/src/sys/kern/kern_shutdown.c:866 #10 0xffffffff805cf273 in panic (fmt=<value optimized out>) at /usr/local/share/deploy-tools/RELENG_12/src/sys/kern/kern_shutdown.c:804 #11 0xffffffff808da039 in trash_ctor (mem=<value optimized out>, size=<value optimized out>) at /usr/local/share/deploy-tools/RELENG_12/src/sys/vm/uma_dbg.c:82 #12 0xffffffff805b2b08 in mb_ctor_clust (mem=0xfffff801381d0000, size=2048, arg=0x0, how=<value optimized out>) at /usr/local/share/deploy-tools/RELENG_12/src/sys/kern/kern_mbuf.c:702 #13 0xffffffff808d5030 in uma_zalloc_arg (zone=<value optimized out>, udata=0x0, flags=1) at /usr/local/share/deploy-tools/RELENG_12/src/sys/vm/uma_core.c:2506 #14 0xffffffff805b18fa in m_cljget (m=0x0, how=1, size=2048) at /usr/local/share/deploy-tools/RELENG_12/src/sys/kern/kern_mbuf.c:956 #15 0xffffffff80703e41 in _iflib_fl_refill (ctx=0xfffff800028ec800, fl=0xfffff8000293eac0, count=<value optimized out>) at /usr/local/share/deploy-tools/RELENG_12/src/sys/net/iflib.c:2025 #16 0xffffffff806fea59 in _task_fn_rx (context=0xfffff8000293d000) at /usr/local/share/deploy-tools/RELENG_12/src/sys/net/iflib.c:2117 #17 0xffffffff80616539 in gtaskqueue_run_locked (queue=0xfffff80002360a00) at /usr/local/share/deploy-tools/RELENG_12/src/sys/kern/subr_gtaskqueue.c:378 #18 0xffffffff806162f8 in gtaskqueue_thread_loop (arg=<value optimized out>) at /usr/local/share/deploy-tools/RELENG_12/src/sys/kern/subr_gtaskqueue.c:559 #19 0xffffffff80596274 in fork_exit (callout=0xffffffff80616270 <gtaskqueue_thread_loop>, arg=0xfffffe000029b008, frame=0xfffffe0041352ac0) at /usr/local/share/deploy-tools/RELENG_12/src/sys/kern/kern_fork.c:1065 #20 0xffffffff80912c6e in fork_trampoline () at /usr/local/share/deploy-tools/RELENG_12/src/sys/amd64/amd64/exception.S:1077 #21 0x0000000000000000 in ?? () Hope someone can use that information. Happily providing more info on request. Guess I'd better open individual bug reports... Thanks, -harry -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-240608-227>