[Bug 257268] [Panic] Reproducible panic via kyua test netpfil/common/tos:ipfw_tos

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 257268] [Panic] Reproducible panic via kyua test netpfil/common/tos:ipfw_tos"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 19 Jul 2021 07:43:56 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257268

            Bug ID: 257268
           Summary: [Panic] Reproducible panic via kyua test
                    netpfil/common/tos:ipfw_tos
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: gbe@FreeBSD.org

When running the kyua test suite as root on a recent -CURRENT (virtualized via
Hyper-V) I get the following kernel panic.
----------------------------------------------------------------------------
Panic: Bad link elm 0xfffff8003d66ffd8 prev->next != elm
cpuid = 0
time = 1626335568
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe005b5cf770
vpanic() at vpanic+0x187/frame 0xfffffe005b5cf7d0
panic() at panic+0x43/frame 0xfffffe005b5cf830
zone_release() at zone_release+0x413/frame 0xfffffe005b5cf890
bucket_drain() at bucket_drain+0x1fd/frame 0xfffffe005b5cf8d0
bucket_free() at bucket_free+0x25/frame 0xfffffe005b5cf900
zone_dtor() at zone_dtor+0xd6/frame 0xfffffe005b5cf930
zone_free_item() at zone_free_item+0x13f/frame 0xfffffe005b5cf980
uma_zdestroy() at uma_zdestroy+0x53/frame 0xfffffe005b5cf9a0
in_pcbinfo_destroy() at in_pcbinfo_destroy+0x64/frame 0xfffffe005b5cf9c0
tcp_destroy() at tcp_destroy+0xd0/frame 0xfffffe005b5cf9f0
vnet_destroy() at vnet_destroy+0x170/frame 0xfffffe005b5cfa20
prison_deref() at prison_deref+0x9b0/frame 0xfffffe005b5cfa90
sys_jail_remove() at sys_jail_remove+0x119/frame 0xfffffe005b5cfac0
amd64_syscall() at amd64_syscall+0x5c0/frame 0xfffffe005b5cfbf0
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe005b5cfbf0
--- syscall (508, FreeBSD ELF64, sys_jail_remove), rip = 0x77b7a3746fa, rsp =
0x7fffffbb1d98, rbp = 0x7fffffbb1e30 ---
Uptime: 16h0m9s

----------------------------------------------------------------------------
Backtrace is the following
#0  __curthread () at /boiler/nfs/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=textdump@entry=1) at
/boiler/nfs/src/sys/kern/kern_shutdown.c:399
#2  0xffffffff80c20da0 in kern_reboot (howto=260) at
/boiler/nfs/src/sys/kern/kern_shutdown.c:486
#3  0xffffffff80c21206 in vpanic (fmt=0xffffffff812e6754 "Bad link elm %p
prev->next != elm", ap=<optimized out>)
    at /boiler/nfs/src/sys/kern/kern_shutdown.c:919
#4  0xffffffff80c20f53 in panic (fmt=<unavailable>) at
/boiler/nfs/src/sys/kern/kern_shutdown.c:843
#5  0xffffffff80f6f663 in slab_free_item (zone=0xfffff8000cb68280,
slab=0xfffff8003d66ffd8, item=0xfffff8003d66fd90)
    at /boiler/nfs/src/sys/vm/uma_core.c:4733
#6  zone_release (arg=<optimized out>, bucket=0xfffff8003a339810,
cnt=<optimized out>)
    at /boiler/nfs/src/sys/vm/uma_core.c:4729
#7  0xffffffff80f75e0d in bucket_drain (zone=zone@entry=0xfffff8000cb68280,
bucket=bucket@entry=0xfffff8003a339800)
    at /boiler/nfs/src/sys/vm/uma_core.c:1308
#8  0xffffffff80f75b85 in bucket_free (zone=zone@entry=0xfffff8000cb68280,
bucket=0xfffff8003a339800, udata=udata@entry=0x0)
    at /boiler/nfs/src/sys/vm/uma_core.c:520
#9  0xffffffff80f6e856 in cache_drain (zone=0xfffff8000cb68280) at
/boiler/nfs/src/sys/vm/uma_core.c:1353
#10 zone_dtor (arg=0xfffff8000cb68280, arg@entry=<error reading variable: value
is not available>, size=<unavailable>,
    size@entry=<error reading variable: value is not available>,
udata=<unavailable>,
    udata@entry=<error reading variable: value is not available>) at
/boiler/nfs/src/sys/vm/uma_core.c:2970
#11 0xffffffff80f6f7bf in item_dtor (zone=0xfffff80002f01000,
item=0xfffff8000cb68280, size=640, udata=0x0, skip=SKIP_NONE)
    at /boiler/nfs/src/sys/vm/uma_core.c:3433
#12 zone_free_item (zone=0xfffff80002f01000, item=<optimized out>,
item@entry=0xfffff8000cb68280, udata=udata@entry=0x0,
    skip=skip@entry=SKIP_NONE) at /boiler/nfs/src/sys/vm/uma_core.c:4757
#13 0xffffffff80f6f223 in uma_zdestroy (zone=0xfffff8000cb68280) at
/boiler/nfs/src/sys/vm/uma_core.c:3321
#14 0xffffffff80ddf674 in in_pcbinfo_destroy (pcbinfo=0xfffffe009a3b2788) at
/boiler/nfs/src/sys/netinet/in_pcb.c:573
#15 0xffffffff80e16820 in tcp_destroy (unused=<optimized out>) at
/boiler/nfs/src/sys/netinet/tcp_subr.c:1554
#16 0xffffffff80d81730 in vnet_sysuninit () at
/boiler/nfs/src/sys/net/vnet.c:601
#17 vnet_destroy (vnet=0xfffff8004c41b5c0) at
/boiler/nfs/src/sys/net/vnet.c:287
#18 0xffffffff80be2dd0 in prison_deref (pr=<optimized out>,
pr@entry=0xfffff8004a4dd000, flags=<optimized out>,
    flags@entry=84) at /boiler/nfs/src/sys/kern/kern_jail.c:2850
#19 0xffffffff80be3fa9 in sys_jail_remove (td=<optimized out>, td@entry=<error
reading variable: value is not available>,
    uap=<optimized out>, uap@entry=<error reading variable: value is not
available>)
    at /boiler/nfs/src/sys/kern/kern_jail.c:2305
#20 0xffffffff810ecd60 in syscallenter (td=<optimized out>) at
/boiler/nfs/src/sys/amd64/amd64/../../kern/subr_syscall.c:161
#21 amd64_syscall (td=0xfffffe00988041e0, traced=0) at
/boiler/nfs/src/sys/amd64/amd64/trap.c:1185
#22 <signal handler called>
#23 0x0000077b7a3746fa in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffffbb1d98


KERNCONF
include         GENERIC
options         RATELIMIT
options         TCPHPTS
options         KERN_TLS
options         ROUTE_MPATH
options         FIB_ALGO
options         RANDOM_FENESTRASX

src.conf
WITH_EXTRA_TCP_STACKS=1
WITH_BEARSSL=1
WITH_PIE=1
WITH_RETPOLINE=1
WITH_INIT_ALL_ZERO=1

-- 
You are receiving this mail because:
You are the assignee for the bug.