Bug #14433
Updated by Marcos M about 1 year ago
Tested in 23.05: # Assign a VLAN interface @vmx0.99@ # Use the interface with limiters (WF2Q+ pipe with Tail Drop queues) # Change the parent interface of the VLAN (to @vmx1.99@) In this case, @vmx0.99@ is also being used for a GIF interface. Potentially related, @vmx0@ is set to 9000 MTU and @vmx1@ is 1500. interface: <pre> <6>vlan0: changing name to 'vmx1.99' <6>gif0: link state changed to DOWN <6>gif0: link state changed to UP --- heap_extract: empty heap 0x0xfffff8013463c9f0 <6>gif0: link state changed to DOWN <6>gif0: link state changed to UP --- heap_extract: empty heap 0x0xfffff8013463c9f0 dummynet: fast io: pkt chain detected! dummynet: fast io: pkt chain detected! dummynet: fast io: pkt chain detected! panic: heap_extract: father -16 out of bound 0..1 cpuid = 3 time = 1685413658 KDB: enter: panic </pre> <pre> db:1:pfs> bt Tracing pid 0 tid 100010 td 0xfffffe00105cc560 kdb_enter() at kdb_enter+0x32/frame 0xfffffe000edd3330 vpanic() at vpanic+0x183/frame 0xfffffe000edd3380 panic() at panic+0x43/frame 0xfffffe000edd33e0 heap_scan() at heap_scan/frame 0xfffffe000edd3410 wf2qp_enqueue() at wf2qp_enqueue+0x72/frame 0xfffffe000edd3450 dummynet_io() at dummynet_io+0x289/frame 0xfffffe000edd34b0 pf_dummynet_route() at pf_dummynet_route+0x392/frame 0xfffffe000edd3590 pf_route() at pf_route+0x235/frame 0xfffffe000edd3650 pf_test() at pf_test+0xc0a/frame 0xfffffe000edd37e0 pf_check_out() at pf_check_out+0x1f/frame 0xfffffe000edd3800 pfil_mbuf_out() at pfil_mbuf_out+0x35/frame 0xfffffe000edd3830 ip_output() at ip_output+0xa8f/frame 0xfffffe000edd3920 ip_forward() at ip_forward+0x3d5/frame 0xfffffe000edd39d0 ip_input() at ip_input+0x686/frame 0xfffffe000edd3a30 netisr_dispatch_src() at netisr_dispatch_src+0x2a0/frame 0xfffffe000edd3a80 ether_demux() at ether_demux+0x149/frame 0xfffffe000edd3ab0 ether_nh_input() at ether_nh_input+0x352/frame 0xfffffe000edd3b10 netisr_dispatch_src() at netisr_dispatch_src+0xb0/frame 0xfffffe000edd3b60 ether_input() at ether_input+0x69/frame 0xfffffe000edd3bc0 ether_demux() at ether_demux+0x9a/frame 0xfffffe000edd3bf0 ether_nh_input() at ether_nh_input+0x352/frame 0xfffffe000edd3c50 netisr_dispatch_src() at netisr_dispatch_src+0xb0/frame 0xfffffe000edd3ca0 ether_input() at ether_input+0x69/frame 0xfffffe000edd3d00 iflib_rxeof() at iflib_rxeof+0xc13/frame 0xfffffe000edd3e00 _task_fn_rx() at _task_fn_rx+0x72/frame 0xfffffe000edd3e40 gtaskqueue_run_locked() at gtaskqueue_run_locked+0x15d/frame 0xfffffe000edd3ec0 gtaskqueue_thread_loop() at gtaskqueue_thread_loop+0xc3/frame 0xfffffe000edd3ef0 fork_exit() at fork_exit+0x7d/frame 0xfffffe000edd3f30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe000edd3f30 --- trap 0x4ed32fa8, rip = 0, rsp = 0, rbp = 0x30646870 --- db:1:pfs> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0x1 rdx 0xfffffe000edd2f50 rbx 0x100 rsp 0xfffffe000edd3330 rbp 0xfffffe000edd3330 rsi 0x20 rdi 0xffffffff82d836d8 vt_conswindow+0x10 r8 0 r9 0x2ff000 r10 0xffffffff82d836c8 vt_conswindow r11 0x139 r12 0 r13 0xfffff8003aca4300 r14 0xfffffe000edd33c0 r15 0xfffffe00105cc560 rip 0xffffffff80d48ff2 kdb_enter+0x32 rflags 0x82 kdb_enter+0x32: movq $0,0x2342e13(%rip) db:1:pfs> show pcpu cpuid = 3 dynamic pcpu = 0xfffffe008d5e6580 curthread = 0xfffffe00105cc560: pid 0 tid 100010 critnest 1 "if_io_tqg_3" curpcb = 0xfffffe00105cca80 fpcurthread = none idlethread = 0xfffffe0010587e40: tid 100006 "idle: cpu3" self = 0xffffffff84013000 curpmap = 0xffffffff8303ff50 tssp = 0xffffffff84013384 rsp0 = 0xfffffe000edd4000 kcr3 = 0x8000000009ec5002 ucr3 = 0xffffffffffffffff scr3 = 0x5cded98c gs32p = 0xffffffff84013404 ldt = 0xffffffff84013444 tss = 0xffffffff84013434 curvnet = 0xfffff800011ba740 </pre>