Bug 257268 - Panic via kyua test netpfil/common/tos:ipfw_tos: Bad link elm 0xfffff8003d66ffd8 prev->next != elm in slab_free_item * at /boiler/nfs/src/sys/vm/uma_core.c:4733
Summary: Panic via kyua test netpfil/common/tos:ipfw_tos: Bad link elm 0xfffff8003d66f...
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-net (Nobody)
URL:
Keywords: crash, needs-qa
Depends on:
Blocks:
 
Reported: 2021-07-19 07:43 UTC by Gordon Bergling
Modified: 2021-07-21 02:07 UTC (History)
0 users

See Also:
koobs: mfc-stable13?
koobs: mfc-stable12?


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gordon Bergling freebsd_committer 2021-07-19 07:43:56 UTC
When running the kyua test suite as root on a recent -CURRENT (virtualized via Hyper-V) I get the following kernel panic.
----------------------------------------------------------------------------
Panic: Bad link elm 0xfffff8003d66ffd8 prev->next != elm
cpuid = 0
time = 1626335568
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe005b5cf770
vpanic() at vpanic+0x187/frame 0xfffffe005b5cf7d0
panic() at panic+0x43/frame 0xfffffe005b5cf830
zone_release() at zone_release+0x413/frame 0xfffffe005b5cf890
bucket_drain() at bucket_drain+0x1fd/frame 0xfffffe005b5cf8d0
bucket_free() at bucket_free+0x25/frame 0xfffffe005b5cf900
zone_dtor() at zone_dtor+0xd6/frame 0xfffffe005b5cf930
zone_free_item() at zone_free_item+0x13f/frame 0xfffffe005b5cf980
uma_zdestroy() at uma_zdestroy+0x53/frame 0xfffffe005b5cf9a0
in_pcbinfo_destroy() at in_pcbinfo_destroy+0x64/frame 0xfffffe005b5cf9c0
tcp_destroy() at tcp_destroy+0xd0/frame 0xfffffe005b5cf9f0
vnet_destroy() at vnet_destroy+0x170/frame 0xfffffe005b5cfa20
prison_deref() at prison_deref+0x9b0/frame 0xfffffe005b5cfa90
sys_jail_remove() at sys_jail_remove+0x119/frame 0xfffffe005b5cfac0
amd64_syscall() at amd64_syscall+0x5c0/frame 0xfffffe005b5cfbf0
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe005b5cfbf0
--- syscall (508, FreeBSD ELF64, sys_jail_remove), rip = 0x77b7a3746fa, rsp = 0x7fffffbb1d98, rbp = 0x7fffffbb1e30 ---
Uptime: 16h0m9s

----------------------------------------------------------------------------
Backtrace is the following
#0  __curthread () at /boiler/nfs/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=textdump@entry=1) at /boiler/nfs/src/sys/kern/kern_shutdown.c:399
#2  0xffffffff80c20da0 in kern_reboot (howto=260) at /boiler/nfs/src/sys/kern/kern_shutdown.c:486
#3  0xffffffff80c21206 in vpanic (fmt=0xffffffff812e6754 "Bad link elm %p prev->next != elm", ap=<optimized out>)
    at /boiler/nfs/src/sys/kern/kern_shutdown.c:919
#4  0xffffffff80c20f53 in panic (fmt=<unavailable>) at /boiler/nfs/src/sys/kern/kern_shutdown.c:843
#5  0xffffffff80f6f663 in slab_free_item (zone=0xfffff8000cb68280, slab=0xfffff8003d66ffd8, item=0xfffff8003d66fd90)
    at /boiler/nfs/src/sys/vm/uma_core.c:4733
#6  zone_release (arg=<optimized out>, bucket=0xfffff8003a339810, cnt=<optimized out>)
    at /boiler/nfs/src/sys/vm/uma_core.c:4729
#7  0xffffffff80f75e0d in bucket_drain (zone=zone@entry=0xfffff8000cb68280, bucket=bucket@entry=0xfffff8003a339800)
    at /boiler/nfs/src/sys/vm/uma_core.c:1308
#8  0xffffffff80f75b85 in bucket_free (zone=zone@entry=0xfffff8000cb68280, bucket=0xfffff8003a339800, udata=udata@entry=0x0)
    at /boiler/nfs/src/sys/vm/uma_core.c:520
#9  0xffffffff80f6e856 in cache_drain (zone=0xfffff8000cb68280) at /boiler/nfs/src/sys/vm/uma_core.c:1353
#10 zone_dtor (arg=0xfffff8000cb68280, arg@entry=<error reading variable: value is not available>, size=<unavailable>,
    size@entry=<error reading variable: value is not available>, udata=<unavailable>,
    udata@entry=<error reading variable: value is not available>) at /boiler/nfs/src/sys/vm/uma_core.c:2970
#11 0xffffffff80f6f7bf in item_dtor (zone=0xfffff80002f01000, item=0xfffff8000cb68280, size=640, udata=0x0, skip=SKIP_NONE)
    at /boiler/nfs/src/sys/vm/uma_core.c:3433
#12 zone_free_item (zone=0xfffff80002f01000, item=<optimized out>, item@entry=0xfffff8000cb68280, udata=udata@entry=0x0,
    skip=skip@entry=SKIP_NONE) at /boiler/nfs/src/sys/vm/uma_core.c:4757
#13 0xffffffff80f6f223 in uma_zdestroy (zone=0xfffff8000cb68280) at /boiler/nfs/src/sys/vm/uma_core.c:3321
#14 0xffffffff80ddf674 in in_pcbinfo_destroy (pcbinfo=0xfffffe009a3b2788) at /boiler/nfs/src/sys/netinet/in_pcb.c:573
#15 0xffffffff80e16820 in tcp_destroy (unused=<optimized out>) at /boiler/nfs/src/sys/netinet/tcp_subr.c:1554
#16 0xffffffff80d81730 in vnet_sysuninit () at /boiler/nfs/src/sys/net/vnet.c:601
#17 vnet_destroy (vnet=0xfffff8004c41b5c0) at /boiler/nfs/src/sys/net/vnet.c:287
#18 0xffffffff80be2dd0 in prison_deref (pr=<optimized out>, pr@entry=0xfffff8004a4dd000, flags=<optimized out>,
    flags@entry=84) at /boiler/nfs/src/sys/kern/kern_jail.c:2850
#19 0xffffffff80be3fa9 in sys_jail_remove (td=<optimized out>, td@entry=<error reading variable: value is not available>,
    uap=<optimized out>, uap@entry=<error reading variable: value is not available>)
    at /boiler/nfs/src/sys/kern/kern_jail.c:2305
#20 0xffffffff810ecd60 in syscallenter (td=<optimized out>) at /boiler/nfs/src/sys/amd64/amd64/../../kern/subr_syscall.c:161
#21 amd64_syscall (td=0xfffffe00988041e0, traced=0) at /boiler/nfs/src/sys/amd64/amd64/trap.c:1185
#22 <signal handler called>
#23 0x0000077b7a3746fa in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffffbb1d98


KERNCONF
include		GENERIC
options		RATELIMIT
options		TCPHPTS
options		KERN_TLS
options		ROUTE_MPATH
options		FIB_ALGO
options		RANDOM_FENESTRASX

src.conf
WITH_EXTRA_TCP_STACKS=1
WITH_BEARSSL=1
WITH_PIE=1
WITH_RETPOLINE=1
WITH_INIT_ALL_ZERO=1