Frequent panics with v1.97
amshafer opened this issue · 3 comments
I've noticed some major instability with version 1.97 that rendered my system almost unusable. I added the details to an existing bug that seems to already be filed for this issue.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267704#c10
I'm reporting this again here since this was the link mentioned in the ports Makefile, and given that the kernel panic's are 1.97 specific it seemed appropriate to track things here too.
The most common panic is:
panic: Memory modified after free 0xfffff802d0430800(256) val=deadf5ee @ 0xfffff802d0430808
cpuid = 18
time = 1673024801
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0108c22620
vpanic() at vpanic+0x151/frame 0xfffffe0108c22670
panic() at panic+0x43/frame 0xfffffe0108c226d0
trash_ctor() at trash_ctor+0x49/frame 0xfffffe0108c226e0
item_ctor() at item_ctor+0x108/frame 0xfffffe0108c22730
tcp_default_output() at tcp_default_output+0x127d/frame 0xfffffe0108c22920
tcp_output() at tcp_output+0x34/frame 0xfffffe0108c22940
tcp_do_segment() at tcp_do_segment+0x25e1/frame 0xfffffe0108c22a30
tcp_input_with_port() at tcp_input_with_port+0x114b/frame 0xfffffe0108c22b80
tcp_input() at tcp_input+0xb/frame 0xfffffe0108c22b90
ip_input() at ip_input+0x26c/frame 0xfffffe0108c22bf0
netisr_dispatch_src() at netisr_dispatch_src+0xaf/frame 0xfffffe0108c22c50
ether_demux() at ether_demux+0x162/frame 0xfffffe0108c22c80
ether_nh_input() at ether_nh_input+0x402/frame 0xfffffe0108c22ce0
netisr_dispatch_src() at netisr_dispatch_src+0xaf/frame 0xfffffe0108c22d40
ether_input() at ether_input+0x99/frame 0xfffffe0108c22da0
re_rxeof() at re_rxeof+0x442/frame 0xfffffe0108c22e00
re_int_task_8125() at re_int_task_8125+0x137/frame 0xfffffe0108c22e40
taskqueue_run_locked() at taskqueue_run_locked+0xaa/frame 0xfffffe0108c22ec0
taskqueue_thread_loop() at taskqueue_thread_loop+0xc2/frame 0xfffffe0108c22ef0
fork_exit() at fork_exit+0x80/frame 0xfffffe0108c22f30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0108c22f30
As I mentioned in the bug, it seems that there is a use after free issue with a region of memory allocated from UMA.
Version 196.04 works fine on my system.
The problem reported is on FreeBSD 14-CURRENT .
Does it still persist on 14.0-RELEASE ?
I haven't updated the port yet, because I haven't performed any testint. Can you try to manually build the 1.99 branch at the latest commit (9d48464) and provide an updated feedback?
Unfortunately the computer I originally encountered this on is a work system, so I can't just switch it around to experiment. I can try another system later but I don't know of the top of my head if it will reproduce the original issue.