272909 – [14.0 CURRENT] panic: Bad link elm 0xfffff8018f003f70 next->prev != elm cpuid = 1

Bug 272909 - [14.0 CURRENT] panic: Bad link elm 0xfffff8018f003f70 next->prev != elm cpuid = 1

Summary: [14.0 CURRENT] panic: Bad link elm 0xfffff8018f003f70 next->prev != elm cpuid...

Status:	Open

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	CURRENT
Hardware:	arm64 Any

Importance:	--- Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:	crash

Depends on:
Blocks:

Reported:	2023-08-03 06:44 UTC by Alfa
Modified:	2023-10-08 20:19 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alfa 2023-08-03 06:44:29 UTC


xfilter2 uses obsolete way to create divert (4) socket 
panic: Bad link elm 0xfffff8018f003f70 next->prev != elm cpuid = 1
time = 1690879100
KDB: stack backtrace:
db_trace_self_wrapper () at db_trace_self_wrapper 8x2b/frame 0xfffffe00624218c vpanic() at vpanic+0x149/frame 0xfffffe0062421910
panic() at panic+0x43/frame 0xfffffe0062421970
do_osd_del at do_osd_del 8x377/frame 0xfffffe00624219b0 osd_del() at osd_del+0x57/frame 0xfffffe0062421a20
khelp_destroy_osd() at khelp_destroy_osd+8x85/frame 0xfffffe8862421a40 
tcp_discardcb() at tcp_discardcb 0xab/frame 0xfffffe0062421a90 tcp_usr_detach() at tcp_usr_detach+0x51/frame 0xfffffe0062421ae0 
sorele locked() at sorele_locked+0xf7/frame 0xfffffe0062421ab0
 tcp_close() at tcp_close.0x155/frame 0xfffffe0062421b10 tcp_twstart() at tcp_twstart+0x146/frame 0xfffffe0062421b40
tcp_do_segment() at tcp_do_segment+0x2503/frame 0xfffffe0062421c20 tcp_input_with_port() at tcp_input_with_port+0x1157/frame 0xfffffe0062421d70
tcp_input() at tcp_input+0xb/frame 0xfffffe0062421d80
ip_input() at ip_input+0x2ab/frame 0xfffffe0062421de0
swi_net() at swi_net+0x19b/frame 0xfffffe0062421e60
ithread_loop() at ithread_loop+0x266/frame 0xfffffe0062421ef0
fork_exit() at fork_exit+0x82/frame 0xfffffe0062421f30
fork_trampoline() at fork_trampoline Oxe/frame 0xfffffe0062421f30
trap 0x20202009, rip = 0x796f72747365645f, rsp = 0x206e727574657209, rbp = 0x727009090a7b2029
KDB: enter: panic
[ thread pid 12 tid 100041 ]
Stopped at       kdb_enter +0x32: movq     $0.0xded563(%rip)


:~ # kldstat
you have mail
Id Refs Address                Size Name
 1   74 0xffffffff80200000  1d4f750 kernel
 2    2 0xffffffff81f50000    91da0 pf.ko
 3    1 0xffffffff81fe2000    108e8 carp.ko
 4    2 0xffffffff81ff3000    4c108 ipfw.ko
 5    1 0xffffffff82600000   462be0 zfs.ko
 6    1 0xffffffff82520000     4240 ichsmb.ko
 7    1 0xffffffff82525000     2178 smbus.ko
 8    1 0xffffffff82528000    12808 dummynet.ko
 9    1 0xffffffff8253b000     42a0 ipfw_nat.ko
10    1 0xffffffff82540000     d932 libalias.ko
11    1 0xffffffff8254e000    2e560 if_wg.ko
12    1 0xffffffff8257d000     2240 pflog.ko
13    1 0xffffffff82580000     2224 speaker.ko
14    1 0xffffffff82583000     72f8 if_vxlan.ko
15    1 0xffffffff8258b000     25b8 if_enc.ko
16    1 0xffffffff8258e000     76b0 if_ovpn.ko
17    1 0xffffffff82596000    12848 ipsec.ko
18    1 0xffffffff825a9000     52e0 ng_pppoe.ko
19    8 0xffffffff825af000     bb28 netgraph.ko
20    1 0xffffffff825bb000     38b8 ng_socket.ko
21    1 0xffffffff825bf000     4404 ng_mppc.ko
22    1 0xffffffff825c4000     20b0 rc4.ko
23    1 0xffffffff825c7000     23b8 ng_iface.ko
24    1 0xffffffff825ca000     61e8 ng_ppp.ko
25    1 0xffffffff825d1000     2138 ng_tee.ko
26    1 0xffffffff825d4000     31c8 ng_ether.ko
27    1 0xffffffff825d8000     2138 ng_tcpmss.ko
28    1 0xffffffff825db000     2538 ipdivert.ko

Comment 1 Mark Johnston freebsd_committer

2023-10-02 12:50:54 UTC

Possibly related to https://cgit.freebsd.org/src/commit/?id=2bd446d7f1a03fbf6d98ace4548f8793599f48fb ?

Does the panic occur on the latest main or 14.0 candidates?