[Bug 253587] iflib (?): reproducible mbuf-related crashes

Sun Feb 21 19:46:54 UTC 2021

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253587

--- Comment #6 from Kamigishi Rei <spambox at haruhiism.net> ---
With pf and ipfw inactive and without a bridge present (pf and if_bridge are
compiled into the kernel), IPv6 traffic from outside via igb0 to a LAN host via
igb1:

Unread portion of the kernel message buffer:
panic: Assertion m->m_nextpkt == NULL failed at /usr/src/sys/net/iflib.c:4089
cpuid = 3
time = 1613936205
KDB: stack backtrace:
#0 0xffffffff807fcfe5 at kdb_backtrace+0x65
#1 0xffffffff807b2cd1 at vpanic+0x181
#2 0xffffffff807b2aa3 at panic+0x43
#3 0xffffffff808f15db at iflib_if_transmit+0x15b
#4 0xffffffff808d751b at ether_output_frame+0xab
#5 0xffffffff808d7421 at ether_output+0x6b1
#6 0xffffffff80984025 at nd6_flush_holdchain+0x35
#7 0xffffffff80987950 at nd6_na_input+0x5a0
#8 0xffffffff8095cc0e at icmp6_input+0xb3e
#9 0xffffffff80976009 at ip6_input+0xe89
#10 0xffffffff808f4491 at netisr_dispatch_src+0xb1
#11 0xffffffff808d76be at ether_demux+0x17e
#12 0xffffffff808d8d4c at ether_nh_input+0x40c
#13 0xffffffff808f4491 at netisr_dispatch_src+0xb1
#14 0xffffffff808d7bb1 at ether_input+0xa1
#15 0xffffffff808f0556 at iflib_rxeof+0xe06
#16 0xffffffff808ea0ca at _task_fn_rx+0x7a
#17 0xffffffff807fb977 at gtaskqueue_run_locked+0xa7
Uptime: 1m8s
Dumping 357 out of 4051 MB:..5%..14%..23%..32%..41%..54%..63%..72%..81%..95%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct
pcpu,
(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:399
#2  0xffffffff807b28fb in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:486
#3  0xffffffff807b2d40 in vpanic (fmt=<optimized out>, ap=<optimized out>) at
/usr/src/sys/kern/kern_shutdown.c:919
#4  0xffffffff807b2aa3 in panic (fmt=<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:843
#5  0xffffffff808f15db in iflib_if_transmit (ifp=0xfffff800026ac800,
m=0xfffff800237adc00) at /usr/src/sys/net/iflib.c:4089
#6  0xffffffff808d751b in ether_output_frame (ifp=ifp at entry=0xfffff800026ac800,
m=<unavailable>) at /usr/src/sys/net/if_ethersubr.c:511
#7  0xffffffff808d7421 in ether_output (ifp=<optimized out>, m=<unavailable>,
dst=0xfffffe0007f8d408, ro=<optimized out>) at
/usr/src/sys/net/if_ethersubr.c:438
#8  0xffffffff80984025 in nd6_flush_holdchain
(ifp=ifp at entry=0xfffff800026ac800, chain=<optimized out>,
dst=dst at entry=0xfffffe0007f8d408) at /usr/src/sys/netinet6/nd6.c:2463
#9  0xffffffff80987950 in nd6_na_input (m=m at entry=0xfffff800232ee800,
off=<optimized out>, off at entry=40, icmp6len=<optimized out>, icmp6len at entry=32)
at /usr/src/sys/netinet6/nd6_nbr.c:909
#10 0xffffffff8095cc0e in icmp6_input (mp=0xfffffe0007f8d778, mp at entry=<error
reading variable: value is not available>, offp=0xfffffe0007f8d770,
    offp at entry=<error reading variable: value is not available>,
proto=<unavailable>, proto at entry=<error reading variable: value is not
available>) at /usr/src/sys/netinet6/icmp6.c:817
#11 0xffffffff80976009 in ip6_input (m=0xfffff800232ee800, m at entry=<error
reading variable: value is not available>) at
/usr/src/sys/netinet6/ip6_input.c:930
#12 0xffffffff808f4491 in netisr_dispatch_src (proto=6, source=source at entry=0,
m=0xfffff800232ee800) at /usr/src/sys/net/netisr.c:1143
#13 0xffffffff808f47df in netisr_dispatch (proto=<unavailable>,
m=<unavailable>) at /usr/src/sys/net/netisr.c:1234
#14 0xffffffff808d76be in ether_demux (ifp=ifp at entry=0xfffff800026ac800,
m=<unavailable>) at /usr/src/sys/net/if_ethersubr.c:923
#15 0xffffffff808d8d4c in ether_input_internal (ifp=0xfffff800026ac800,
m=<unavailable>) at /usr/src/sys/net/if_ethersubr.c:709
#16 ether_nh_input (m=<optimized out>, m at entry=<error reading variable: value
is not available>) at /usr/src/sys/net/if_ethersubr.c:739
#17 0xffffffff808f4491 in netisr_dispatch_src (proto=proto at entry=5,
source=source at entry=0, m=m at entry=0xfffff800232ee800) at
/usr/src/sys/net/netisr.c:1143
#18 0xffffffff808f47df in netisr_dispatch (proto=<unavailable>, proto at entry=5,
m=<unavailable>, m at entry=0xfffff800232ee800) at /usr/src/sys/net/netisr.c:1234
#19 0xffffffff808d7bb1 in ether_input (ifp=0xfffff800026ac800,
m=0xfffff800232ee800) at /usr/src/sys/net/if_ethersubr.c:830
#20 0xffffffff808f0556 in iflib_rxeof (rxq=<optimized out>,
rxq at entry=0xfffff800026ac300, budget=<optimized out>) at
/usr/src/sys/net/iflib.c:3008
#21 0xffffffff808ea0ca in _task_fn_rx (context=0xfffff800026ac300) at
/usr/src/sys/net/iflib.c:3951
#22 0xffffffff807fb977 in gtaskqueue_run_locked
(queue=queue at entry=0xfffff80002423100) at
/usr/src/sys/kern/subr_gtaskqueue.c:371
#23 0xffffffff807fb774 in gtaskqueue_thread_loop
(arg=arg at entry=0xfffffe0008d54050) at /usr/src/sys/kern/subr_gtaskqueue.c:547
#24 0xffffffff8076efb0 in fork_exit (callout=0xffffffff807fb6e0
<gtaskqueue_thread_loop>, arg=0xfffffe0008d54050, frame=0xfffffe0007f8dc00) at
/usr/src/sys/kern/kern_fork.c:1069
#25 <signal handler called>

-- 
You are receiving this mail because:
You are the assignee for the bug.