Re: hostap / ath: duplicate free in mbuf_jumbo_page
- In reply to: Andriy Gapon : "hostap / ath: duplicate free in mbuf_jumbo_page"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 05 Jan 2022 11:24:12 UTC
On 05/01/2022 13:18, Andriy Gapon wrote: > > Unfortunately I only have a text dump for this panic, so I do not have much hope > of root causing it. Reporting just in case. > > This is on recent-ish stable/13 amd64: > > panic: Duplicate free of 0xfffff80021593000 from zone > 0xfffffe0003573000(mbuf_jumbo_page) slab 0xfffff800213ffb08(0) Oh, and there is another active thread that was in the related code. Perhaps a race between the taskqueue and the callout... Tracing command kernel pid 0 tid 100045 td 0xfffff800025ed000 (CPU 1) cpustop_handler() at 0xffffffff80b9cd7f = cpustop_handler+0x2f/frame 0xfffffe0003412e00 ipi_nmi_handler() at 0xffffffff80b9cd2a = ipi_nmi_handler+0x3a/frame 0xfffffe0003412e10 trap() at 0xffffffff80bc81ed = trap+0x3d/frame 0xfffffe0003412f20 nmi_calltrap() at 0xffffffff80ba5967 = nmi_calltrap+0x8/frame 0xfffffe0003412f20 --- trap 0x13, rip = 0xffffffff80bc47e6, rsp = 0xfffffe0003685820, rbp = 0xfffffe0003685820 --- memcmp() at 0xffffffff80bc47e6 = memcmp+0x66/frame 0xfffffe0003685820 bridge_input() at 0xffffffff80957f4f = bridge_input+0x23f/frame 0xfffffe0003685880 ether_input_internal() at 0xffffffff8095cecd = ether_input_internal+0x24d/frame 0xfffffe00036858b0 ether_nh_input() at 0xffffffff8095cc60 = ether_nh_input+0x20/frame 0xfffffe00036858c0 netisr_dispatch_src() at 0xffffffff8097c3ec = netisr_dispatch_src+0x9c/frame 0xfffffe0003685910 netisr_dispatch() at 0xffffffff8097c77e = netisr_dispatch+0xe/frame 0xfffffe0003685920 ether_input() at 0xffffffff8095c0bd = ether_input+0x5d/frame 0xfffffe0003685970 hostap_deliver_data() at 0xffffffff8099cb4b = hostap_deliver_data+0x17b/frame 0xfffffe00036859b0 hostap_input() at 0xffffffff8099b132 = hostap_input+0xbb2/frame 0xfffffe0003685a50 ampdu_dispatch() at 0xffffffff8099f648 = ampdu_dispatch+0x18/frame 0xfffffe0003685a60 ampdu_dispatch_slot() at 0xffffffff809a2bc6 = ampdu_dispatch_slot+0x56/frame 0xfffffe0003685a90 ampdu_rx_flush() at 0xffffffff8099f772 = ampdu_rx_flush+0x52/frame 0xfffffe0003685ad0 ieee80211_ampdu_reorder() at 0xffffffff8099f437 = ieee80211_ampdu_reorder+0x327/frame 0xfffffe0003685b60 hostap_input() at 0xffffffff8099abe4 = hostap_input+0x664/frame 0xfffffe0003685c00 ieee80211_input_mimo() at 0xffffffff809a67d4 = ieee80211_input_mimo+0xf4/frame 0xfffffe0003685cb0 ath_rx_pkt() at 0xffffffff80607bd4 = ath_rx_pkt+0x5c4/frame 0xfffffe0003685d80 ath_edma_recv_proc_deferred_queue() at 0xffffffff80609cec = ath_edma_recv_proc_deferred_queue+0x13c/frame 0xfffffe0003685e20 ath_edma_recv_tasklet() at 0xffffffff806090f5 = ath_edma_recv_tasklet+0xd5/frame 0xfffffe0003685e50 taskqueue_run_locked() at 0xffffffff808a1651 = taskqueue_run_locked+0x1a1/frame 0xfffffe0003685ed0 taskqueue_thread_loop() at 0xffffffff808a2318 = taskqueue_thread_loop+0x68/frame 0xfffffe0003685ef0 fork_exit() at 0xffffffff8080d85c = fork_exit+0xcc/frame 0xfffffe0003685f30 fork_trampoline() at 0xffffffff80ba5c5e = fork_trampoline+0xe/frame 0xfffffe0003685f30 > cpuid = 3 > > time = 1641348396 > > KDB: stack backtrace: > > db_trace_self_wrapper() at 0xffffffff805b632b = db_trace_self_wrapper+0x2b/frame > 0xfffffe005115c7e0 > kdb_backtrace() at 0xffffffff8088c7b7 = kdb_backtrace+0x37/frame 0xfffffe005115c890 > > vpanic() at 0xffffffff8084946c = vpanic+0x18c/frame 0xfffffe005115c8f0 > > panic() at 0xffffffff80849083 = panic+0x43/frame 0xfffffe005115c950 > > uma_dbg_free() at 0xffffffff80b48076 = uma_dbg_free+0xd6/frame 0xfffffe005115c990 > > item_dtor() at 0xffffffff80b41cc3 = item_dtor+0x43/frame 0xfffffe005115c9d0 > > uma_zfree_arg() at 0xffffffff80b416ee = uma_zfree_arg+0x9e/frame 0xfffffe005115ca10 > > uma_zfree() at 0xffffffff808296ab = uma_zfree+0xb/frame 0xfffffe005115ca20 > > mb_free_ext() at 0xffffffff808295eb = mb_free_ext+0xfb/frame 0xfffffe005115ca50 > > m_free() at 0xffffffff80828e4b = m_free+0x8b/frame 0xfffffe005115ca70 > > m_freem() at 0xffffffff808293b8 = m_freem+0x38/frame 0xfffffe005115ca90 > > ieee80211_defrag() at 0xffffffff809a6bc0 = ieee80211_defrag+0x170/frame > 0xfffffe005115cae0 > hostap_input() at 0xffffffff8099af0a = hostap_input+0x98a/frame 0xfffffe005115cb80 > > ampdu_dispatch() at 0xffffffff8099f648 = ampdu_dispatch+0x18/frame > 0xfffffe005115cb90 > ampdu_dispatch_slot() at 0xffffffff809a2bc6 = ampdu_dispatch_slot+0x56/frame > 0xfffffe005115cbc0 > ampdu_rx_flush() at 0xffffffff8099f772 = ampdu_rx_flush+0x52/frame > 0xfffffe005115cc00 > ieee80211_ht_node_age() at 0xffffffff809a009c = ieee80211_ht_node_age+0x6c/frame > 0xfffffe005115cc30 > node_age() at 0xffffffff809b41f7 = node_age+0x47/frame 0xfffffe005115cc50 > > timeout_stations() at 0xffffffff809b826e = timeout_stations+0xde/frame > 0xfffffe005115cc80 > ieee80211_iterate_nodes_vap() at 0xffffffff809b73e2 = > ieee80211_iterate_nodes_vap+0xf2/frame 0xfffffe005115ccd0 > > ieee80211_iterate_nodes() at 0xffffffff809b7461 = > ieee80211_iterate_nodes+0x11/frame 0xfffffe005115cce0 > > ieee80211_timeout_stations() at 0xffffffff809b7299 = > ieee80211_timeout_stations+0x19/frame 0xfffffe005115ccf0 > > ieee80211_node_timeout() at 0xffffffff809b3f06 = > ieee80211_node_timeout+0x26/frame 0xfffffe005115cd20 > > softclock_call_cc() at 0xffffffff8086453a = softclock_call_cc+0x23a/frame > 0xfffffe005115cde0 > softclock() at 0xffffffff808648ec = softclock+0x7c/frame 0xfffffe005115ce10 > > intr_event_execute_handlers() at 0xffffffff8081136f = > intr_event_execute_handlers+0x18f/frame 0xfffffe005115ce60 > > ithread_execute_handlers() at 0xffffffff808110e2 = > ithread_execute_handlers+0x32/frame 0xfffffe005115ce80 > > ithread_loop() at 0xffffffff80810eff = ithread_loop+0x9f/frame 0xfffffe005115cef0 > > fork_exit() at 0xffffffff8080d85c = fork_exit+0xcc/frame 0xfffffe005115cf30 > > fork_trampoline() at 0xffffffff80ba5c5e = fork_trampoline+0xe/frame > 0xfffffe005115cf30 > -- Andriy Gapon