From owner-freebsd-current@FreeBSD.ORG  Mon Dec  1 02:02:05 2008
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7449D1065673;
	Mon,  1 Dec 2008 02:02:05 +0000 (UTC)
	(envelope-from kris@FreeBSD.org)
Received: from [127.0.0.1] (freefall.freebsd.org [IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id BE4598FC30;
	Mon,  1 Dec 2008 02:02:03 +0000 (UTC)
	(envelope-from kris@FreeBSD.org)
Message-ID: <4933459A.5090806@FreeBSD.org>
Date: Sun, 30 Nov 2008 18:02:02 -0800
From: Kris Kennaway <kris@FreeBSD.org>
User-Agent: Thunderbird 2.0.0.18 (Macintosh/20081105)
MIME-Version: 1.0
To: net@freebsd.org, FreeBSD Current <freebsd-current@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: 
Subject: panic from ifconfig in IFAREF
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Dec 2008 02:02:05 -0000

I got this panic on HEAD when trying to configure an IP address on an 
interface immediately after boot:

 > Fatal trap 9: general protection fault while in kernel mode
 > ccpuid = 4; xapic id = 04
 > ginstruction pointer    = 0x8:0xffffffff80494b42
 > bstack pointer          = 0x10:0xffffffff20938490
 > 0frame pointe:r         = 0x10:0xffffffff20938610
 >  code segment           = base 0x0, limit 0xfffff, type 0x1b
 > link state changed to DOWN
 >                         = DPL 0, pres 1, long 1, def32 0, gran 1
 > processor eflags        = interrupt enabled, resume, IOPL = 0
 > current process         = 1073 (ifconfig)
 > [thread pid 1073 tid 100250 ]
 > Stopped at      strlen+0x2:     cmpb    $0,(%rdi)
 > db> wh
 > Tracing pid 1073 tid 100250 td 0xffffff00077ab720
 > strlen() at strlen+0x2
 > vsnprintf() at vsnprintf+0x2e
 > panic() at panic+0x1d8
 > _mtx_lock_flags() at _mtx_lock_flags+0xd9
 > rtrequest1_fib() at rtrequest1_fib+0x3e6
 > rtinit() at rtinit+0x213
 > in_ifinit() at in_ifinit+0x2bd
 > in_control() at in_control+0xe95
 > ifioctl() at ifioctl+0xfa
 > kern_ioctl() at kern_ioctl+0x92
 > ioctl() at ioctl+0xfd
 > syscall() at syscall+0x1bc
 > Xfast_syscall() at Xfast_syscall+0xab
 > --- syscall (54, FreeBSD ELF64, ioctl), rip = 0x140a69dfc, rsp = 
0x7fffffffe588, rbp = 0x7fffffffef7c ---
 > __func__.6541+0xfcb:    mtx_lock() of spin mutex %s @ %s:%d

The panic is here:

                 /*
                  * Note that we now have a reference to the ifa.
                  * This moved from below so that rnh->rnh_addaddr() can
                  * examine the ifa and  ifa->ifa_ifp if it so desires.
                  */
                 IFAREF(ifa);

(net/route.c:1081)

Kris