From owner-freebsd-bugs@freebsd.org Wed May 30 00:15:15 2018 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 837F4FC35CD for ; Wed, 30 May 2018 00:15:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id DCE3185CE5 for ; Wed, 30 May 2018 00:15:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 9D1B9FC35C8; Wed, 30 May 2018 00:15:14 +0000 (UTC) Delivered-To: bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2814AFC35C4 for ; Wed, 30 May 2018 00:15:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5C91B85CE2 for ; Wed, 30 May 2018 00:15:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 6E09CF94C for ; Wed, 30 May 2018 00:15:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w4U0FCQu076474 for ; Wed, 30 May 2018 00:15:12 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w4U0FCUE076465 for bugs@FreeBSD.org; Wed, 30 May 2018 00:15:12 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 228599] iflib / arp : Memory modified after free 0xfffff8009a1a9c00(504) val=8ff4fc00 @ 0xfffff8009a1a9c90 [ Date: Wed, 30 May 2018 00:15:12 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: crash, panic X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: eadler@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status keywords bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 May 2018 00:15:15 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D228599 Bug ID: 228599 Summary: iflib / arp : Memory modified after free 0xfffff8009a1a9c00(504) val=3D8ff4fc00 @ 0xfffff8009a1a9c90 [ Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Keywords: crash, panic Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: eadler@FreeBSD.org Unread portion of the kernel message buffer: [60500] Memory modified after free 0xfffff8009a1a9c00(504) val=3D8ff4fc00 @ 0xfffff8009a1a9c90 [60500] panic: Most recently used by ifaddr [60500] [60500] cpuid =3D 25 [60500] time =3D 1527628213 [60500] KDB: stack backtrace: [60500] db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0174463360 [60500] vpanic() at vpanic+0x1a3/frame 0xfffffe01744633c0 [60500] panic() at panic+0x43/frame 0xfffffe0174463420 [60500] mtrash_dtor() at mtrash_dtor/frame 0xfffffe0174463440 [60500] uma_zalloc_arg() at uma_zalloc_arg+0x523/frame 0xfffffe01744634b0 [60500] malloc() at malloc+0x110/frame 0xfffffe0174463500 [60500] in_lltable_alloc() at in_lltable_alloc+0x1fb/frame 0xfffffe01744635= f0 [60500] arp_add_ifa_lle() at arp_add_ifa_lle+0x2e/frame 0xfffffe0174463640 [60500] arp_ifinit() at arp_ifinit+0xf3/frame 0xfffffe0174463680 [60500] iflib_if_ioctl() at iflib_if_ioctl+0x2bd/frame 0xfffffe01744636f0 [60500] in_control() at in_control+0x904/frame 0xfffffe0174463780 [60500] ifioctl() at ifioctl+0x17a3/frame 0xfffffe0174463850 [60500] kern_ioctl() at kern_ioctl+0x2ca/frame 0xfffffe01744638b0 [60500] sys_ioctl() at sys_ioctl+0x158/frame 0xfffffe0174463980 [60500] amd64_syscall() at amd64_syscall+0x28c/frame 0xfffffe0174463ab0 [60500] fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0174463ab0 [60500] --- syscall (54, FreeBSD ELF64, sys_ioctl), rip =3D 0x8004597ca, rs= p =3D 0x7fffffffd268, rbp =3D 0x7fffffffd2b0 --- [60500] KDB: enter: panic #0 __curthread () at ./machine/pcpu.h:231 td =3D #1 doadump (textdump=3D0) at /usr/src/sys/kern/kern_shutdown.c:366 error =3D coredump =3D #2 0xffffffff804350bb in db_dump (dummy=3D, dummy2=3D, dummy3=3D, dummy4=3D) at /usr/src/sys/ddb/db_command.c:574 error =3D #3 0xffffffff80434e7d in db_command (last_cmdp=3D, cmd_table=3D, dopager=3D) at /usr/src/sys/ddb/db_command.c:481 modif =3D "" have_addr =3D false t =3D result =3D cmd =3D 0xffffffff81a5ce20 addr =3D count =3D #4 0xffffffff80434c14 in db_command_loop () at /usr/src/sys/ddb/db_command.c:534 No locals. #5 0xffffffff80437dff in db_trap (type=3D, code=3D) at /usr/src/sys/ddb/db_main.c:252 jb =3D {{ _jb =3D {-2193054773040, -2193054773048, -2193054772912, -2115128448, -2119837784, 0, 12, -2143060599, -2193054772944, -2140630981, -2116086448, 0} }} bkpt =3D false watchpt =3D false prev_jb =3D 0x0 why =3D #6 0xffffffff80ba3923 in kdb_trap (type=3D12, code=3D0, tf=3D) at /usr/src/sys/kern/subr_kdb.c:697 be =3D 0xffffffff81a5d7a8 intr =3D 582 did_stop_cpus =3D handled =3D other_cpus =3D #7 0xffffffff8101fbef in trap_fatal (frame=3D0xfffffe0163bfd380, eva=3D) at /usr/src/sys/amd64/amd64/trap.c:883 code =3D softseg =3D { ssd_base =3D 0,=20 ssd_limit =3D 1048575,=20 ssd_type =3D 27,=20 ssd_dpl =3D 0,=20 ssd_p =3D 1,=20 ssd_long =3D 1,=20 ssd_def32 =3D 0,=20 ssd_gran =3D 1 } msg =3D ss =3D 40 type =3D handled =3D #8 0xffffffff8101fd12 in trap_pfault (frame=3D0xfffffe0163bfd380, usermode=3D) at /usr/src/sys/amd64/amd64/trap.c:728 td =3D 0xfffff80e2432e000 eva =3D 0 p =3D va =3D map =3D ftype =3D rv =3D #9 0xffffffff8101f391 in trap (frame=3D0xfffffe0163bfd380) at /usr/src/sys/amd64/amd64/trap.c:427 td =3D 0xfffff80e2432e000 dr6 =3D addr =3D -2193054772352 ucode =3D signo =3D p =3D type =3D 12 ksi =3D #10 No locals. #11 strncmp (s1=3D0x0, s2=3D0xffffffff812626a6 "set_", n=3D4) at /usr/src/sys/libkern/strncmp.c:44 No locals. #12 0xffffffff81156b94 in link_elf_lookup_set (lf=3D0xfffff802db0ae400, name=3D0xffffffff83ba9bc2 "sdt_providers_set", startp=3D0xfffffe0163bfd4a0,= =20 stopp=3D0xfffffe0163bfd4a8, countp=3D0x0) at /usr/src/sys/kern/link_elf_obj.c:1272 ef =3D 0xfffff802db0ae400 i =3D 12 start =3D stop =3D count =3D #13 0xffffffff83ba9509 in sdt_kld_unload_try (arg=3D, lf=3D0xfffff802db0ae200, error=3D0xfffffe0163bfd504) at /usr/src/sys/cddl/dev/sdt/sdt.c:321 curr =3D begin =3D prov =3D tmp =3D end =3D #14 0xffffffff80b2c68b in linker_file_unload (file=3D0xfffff802db0ae400, fl= ags=3D1) at /usr/src/sys/kern/kern_linker.c:656 _ep =3D _t =3D 0xfffff800983b6840 _el =3D error =3D 0 mod =3D next =3D ml =3D nextml =3D i =3D cp =3D #15 0xffffffff81155233 in link_elf_load_file (cls=3D, filename=3D, result=3D0xfffffe0163bfd788) at /usr/src/sys/kern/link_elf_obj.c:1002 mapsize =3D error =3D 28 td =3D 0xfffff80e2432e000 nd =3D 0xfffff800a29ae200 flags =3D 1 hdr =3D 0xfffff80786571d00 resid =3D 0 lf =3D ef =3D nbytes =3D shdr =3D nsym =3D symtabindex =3D symstrindex =3D i =3D shstrindex =3D alignmask =3D mapbase =3D ra =3D rl =3D pb =3D j =3D es =3D #16 0xffffffff80b2bf87 in LINKER_LOAD_FILE (cls=3D0xffffffff81b827e0 , result=3D0x0, filename=3D) at ./linker_if.= h:180 _m =3D rc =3D _desc =3D _ce =3D _cep =3D #17 linker_load_file (filename=3D, result=3D)= at /usr/src/sys/kern/kern_linker.c:447 lf =3D foundfile =3D error =3D lc =3D modules =3D _el =3D _ep =3D _t =3D #18 linker_load_module (kldname=3D, modname=3D0xfffff800a29b= 0800 "ipl", parent=3D0x0, verinfo=3D, lfpp=3D0xfffffe0163bfd918) at /usr/src/sys/kern/kern_linker.c:2092 pathname =3D filename =3D error =3D lfdep =3D #19 0xffffffff80b2d8b1 in kern_kldload (td=3D, file=3D, fileid=3D) at /usr/src/sys/kern/kern_linker.c:1071 error =3D 0 saved_vnet =3D 0x0 modname =3D 0xfffff800a29b0800 "ipl" kldname =3D 0x0 lf =3D 0x6 #20 0xffffffff80b2d9db in sys_kldload (td=3D0xfffff80e2432e000, uap=3D) at /usr/src/sys/kern/kern_linker.c:1097 pathname =3D 0xfffff800a29b0800 "ipl" error =3D 0 fileid =3D -1 #21 0xffffffff810205fc in syscallenter (td=3D0xfffff80e2432e000) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135 p =3D 0xfffff802e5ba6a70 error =3D sa =3D 0xfffff80e2432e3b0 traced =3D #22 amd64_syscall (td=3D0xfffff80e2432e000, traced=3D0) at /usr/src/sys/amd64/amd64/trap.c:1006 ksi =3D error =3D #23 No locals. #24 0x00000008002cc44a in ?? () No symbol table info available. Backtrace stopped: Cannot access memory at address 0x7fffffffd458 #11 strncmp (s1=3D0x0, s2=3D0xffffffff812626a6 "set_", n=3D4) at /usr/src/sys/libkern/strncmp.c:44 44 if (*s1 !=3D *s2++) $1 =3D 115 's' $2 =3D 0xffffffff812626a6 "set_" #12 0xffffffff81156b94 in link_elf_lookup_set (lf=3D0xfffff802db0ae400, name=3D0xffffffff83ba9bc2 "sdt_providers_set", startp=3D0xfffffe0163bfd4a0,= =20 stopp=3D0xfffffe0163bfd4a8, countp=3D0x0) at /usr/src/sys/kern/link_elf_obj.c:1272 1272 if ((strncmp(ef->progtab[i].name, "set_", 4) =3D=3D= 0) && $3 =3D { addr =3D 0xffffffff8456b000 ,=20 size =3D 296178,=20 flags =3D 0,=20 sec =3D 1,=20 name =3D 0xfffff800a279fc20 ".text" } Structure has no component named operator*. Structure has no component named operator*. $4 =3D { addr =3D 0xffffffff8456b000 ,=20 size =3D 296178,=20 flags =3D 0,=20 sec =3D 1,=20 name =3D 0xfffff800a279fc20 ".text" } $5 =3D { addr =3D 0xffffffff845b34f2,=20 size =3D 12137,=20 flags =3D 0,=20 sec =3D 3,=20 name =3D 0xfffff800a279fc26 ".rodata.str1.1" } A syntax error in expression, near `]'. $6 =3D { addr =3D 0xffffffff845b6460 ,=20 size =3D 100848,=20 flags =3D 0,=20 sec =3D 4,=20 name =3D 0xfffff800a279fc3a ".data" } $7 =3D { addr =3D 0xffffffff845cee50 <__set_sysctl_set_sym_sysctl___net_inet_ipf>,= =20 size =3D 128,=20 flags =3D 0,=20 sec =3D 6,=20 name =3D 0xfffff800a279fc45 "set_sysctl_set" } $8 =3D { addr =3D 0xffffffff845ceed0 <__set_sysinit_set_sym_vnet_init_vnet_ipf_init_sys_init>,=20 size =3D 24,=20 flags =3D 0,=20 sec =3D 8,=20 name =3D 0xfffff800a279fc59 "set_sysinit_set" } $9 =3D { addr =3D 0xffffffff845ceee8 <__set_sysuninit_set_sym_vnet_init_vnet_ipf_init_sys_uninit>,=20 size =3D 16,=20 flags =3D 0,=20 sec =3D 10,=20 name =3D 0xfffff800a279fc6e "set_sysuninit_set" } $10 =3D { addr =3D 0xffffffff845ceef8 <__set_modmetadata_set_sym__mod_metadata_md_ipfilter_on_kernel>,=20 size =3D 24,=20 flags =3D 0,=20 sec =3D 12,=20 name =3D 0xfffff800a279fc85 "set_modmetadata_set" } $11 =3D { addr =3D 0xffffffff845cef10 ,=20 size =3D 6584,=20 flags =3D 0,=20 sec =3D 14,=20 name =3D 0xfffff800a279fc99 ".bss" } $12 =3D { addr =3D 0xffffffff845d08d0 ,=20 size =3D 5496,=20 flags =3D 0,=20 sec =3D 15,=20 name =3D 0xfffff800a279fca3 ".rodata" } $13 =3D { addr =3D 0xffffffff845d1e48 ,=20 size =3D 5360,=20 flags =3D 0,=20 sec =3D 18,=20 name =3D 0xfffff800a279fcb9 "set_sdt_probes_set" } $14 =3D { addr =3D 0xffffffff845d3338 ,=20 size =3D 4736,=20 flags =3D 0,=20 sec =3D 20,=20 name =3D 0xfffff800a279fcd1 "set_sdt_argtypes_set" } $15 =3D { addr =3D 0x0,=20 size =3D 0,=20 flags =3D 0,=20 sec =3D 0,=20 name =3D 0xfffff800a279fce6 "set_vnet" } $16 =3D { addr =3D 0x0,=20 size =3D 0,=20 flags =3D 0,=20 sec =3D 0,=20 name =3D 0x0 } $17 =3D { addr =3D 0x0,=20 size =3D 0,=20 flags =3D 0,=20 sec =3D 0,=20 name =3D 0x0 } quit #0 __curthread () at ./machine/pcpu.h:231 td =3D #1 doadump (textdump=3D0) at /usr/src/sys/kern/kern_shutdown.c:366 error =3D coredump =3D #2 0xffffffff804350bb in db_dump (dummy=3D, dummy2=3D, dummy3=3D, dummy4=3D) at /usr/src/sys/ddb/db_command.c:574 error =3D #3 0xffffffff80434e7d in db_command (last_cmdp=3D, cmd_table=3D, dopager=3D) at /usr/src/sys/ddb/db_command.c:481 modif =3D "" have_addr =3D false t =3D result =3D cmd =3D 0xffffffff81a5ce20 addr =3D count =3D #4 0xffffffff80434c14 in db_command_loop () at /usr/src/sys/ddb/db_command.c:534 No locals. #5 0xffffffff80437dff in db_trap (type=3D, code=3D) at /usr/src/sys/ddb/db_main.c:252 jb =3D {{ _jb =3D {-2192777531264, -2192777531272, -2192777531136, -2115128448, -2119837784, 0, 3, -2143060599, -2192777531168, -2137136836, -2116086448, 0} }} bkpt =3D false watchpt =3D false prev_jb =3D 0x0 why =3D #6 0xffffffff80ba3923 in kdb_trap (type=3D3, code=3D0, tf=3D) at /usr/src/sys/kern/subr_kdb.c:697 be =3D 0xffffffff81a5d7a8 intr =3D 70 did_stop_cpus =3D handled =3D other_cpus =3D #7 0xffffffff8101f881 in trap (frame=3D0xfffffe0174463290) at /usr/src/sys/amd64/amd64/trap.c:605 td =3D 0xfffff8008d076000 dr6 =3D 0 addr =3D -2192777530736 ucode =3D -2093870928 signo =3D 25 p =3D 0xfffffe0174463400 type =3D 3 ksi =3D { ksi_link =3D { tqe_next =3D 0x20fffe0100000012,=20 tqe_prev =3D 0xfffffe01744631d8 },=20 ksi_info =3D { si_signo =3D -2118462976,=20 si_errno =3D -1,=20 si_code =3D -2106818494,=20 si_pid =3D -351901867,=20 si_uid =3D 54,=20 si_status =3D 0,=20 si_addr =3D 0x0,=20 si_value =3D { sival_int =3D -1009,=20 sival_ptr =3D 0xfffffc0f,=20 sigval_int =3D -1009,=20 sigval_ptr =3D 0xfffffc0f },=20 _reason =3D { _fault =3D { _trapno =3D 4560842 },=20 _timer =3D { _timerid =3D 4560842,=20 _overrun =3D 8 },=20 _mesgq =3D { _mqd =3D 4560842 },=20 _poll =3D { _band =3D 34364299210 },=20 __spare__ =3D { __spare1__ =3D 34364299210,=20 __spare2__ =3D {-4096, 511, 1950757456, -511, -2143060083, -1, -2106818494} } } },=20 ksi_flags =3D -2127898362,=20 ksi_sigq =3D 0x16c8a801 } #8 No locals. #9 kdb_enter (why=3D0xffffffff812ad906 "panic", msg=3D) at /usr/src/sys/kern/subr_kdb.c:479 No locals. #10 0xffffffff80b5c7a0 in vpanic (fmt=3D, ap=3D0xfffffe01744= 63400) at /usr/src/sys/kern/kern_shutdown.c:852 buf =3D "Most recently used by ifaddr\n" td =3D 0xfffff8008d076000 bootopt =3D newpanic =3D other_cpus =3D #11 0xffffffff80b5c833 in panic (fmt=3D0xffffffff81df1598 "\276\061'\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:790 ap =3D {{ gp_offset =3D 16,=20 fp_offset =3D 48,=20 overflow_arg_area =3D 0xfffffe0174463430,=20 reg_save_area =3D 0xfffffe01744633d0 }} #12 0xffffffff80e84f10 in mtrash_ctor (mem=3D0xfffff8009a1a9c00, size=3D, arg=3D, flags=3D) at /usr/src/sys/vm/uma_dbg.c:162 p =3D cnt =3D ksp =3D #13 0xffffffff80e804b3 in uma_zalloc_arg (zone=3D0xfffffe000032d000, udata= =3D0x0, flags=3D257) at /usr/src/sys/vm/uma_core.c:2268 cache =3D 0xfffffe000032de00 bucket =3D 0xfffff80005176500 domain =3D -2047 lockfail =3D zdom =3D item =3D 0xfffff8009a1a9c00 cpu =3D #14 0xffffffff80b35fd0 in uma_zalloc (zone=3D0xfffffe000032d000, flags=3D) at /usr/src/sys/vm/uma.h:361 No locals. #15 malloc (size=3D336, mtp=3D0xffffffff81b30780 , flags=3D257) = at /usr/src/sys/kern/kern_malloc.c:575 va =3D 0x80 zone =3D 0xfffffe000032d000 indx =3D #16 0xffffffff80cdb08b in in_lltable_new (flags=3D0, addr4=3D...) at /usr/src/sys/netinet/in.c:1098 lle =3D #17 in_lltable_alloc (llt=3D, flags=3D6, l3addr=3D0xfffff800= 8ff4fc98) at /usr/src/sys/netinet/in.c:1343 linkhdr =3D "" sin =3D 0xfffff8008ff4fc98 ifp =3D 0xfffff80005095800 lle =3D linkhdrsize =3D lladdr_off =3D #18 0xffffffff80cd133e in arp_add_ifa_lle (ifp=3D0xfffff80005095800, dst=3D) at /usr/src/sys/netinet/if_ether.c:1280 lle =3D lle_tmp =3D #19 0xffffffff80cd12d3 in arp_ifinit (ifp=3D0xfffff80005095800, ifa=3D0xfffff8008ff4fc00) at /usr/src/sys/netinet/if_ether.c:1428 dst_in =3D 0xfffff8008ff4fc98 dst =3D 0xfffff8008ff4fc98 #20 0xffffffff80c7a3ed in iflib_if_ioctl (ifp=3D0xfffff80005095800, command=3D, data=3D0xfffff8008ff4fc00 "\230\374\364\217") at /usr/src/sys/net/iflib.c:4022 ifr =3D 0xfffff8008ff4fc00 ifa =3D 0xfffff8008ff4fc00 ctx =3D 0xfffff80005093000 reinit =3D 0 err =3D avoid_reset =3D bits =3D #21 0xffffffff80cd9784 in in_aifaddr_ioctl (cmd=3D, ifp=3D, td=3D, data=3D) at /usr/src/sys/netinet/in.c:473 ifra =3D addr =3D error =3D broadaddr =3D 0xfffff8008ff4fc80 dstaddr =3D mask =3D 0xfffff8008ff4fc90 vhid =3D 0 iaIsFirst =3D ifa =3D ia =3D it =3D i =3D ii =3D allhosts_addr =3D flags =3D curelm =3D curelm =3D eia =3D _el =3D _ep =3D _t =3D #22 in_control (so=3D, cmd=3D, data=3D, ifp=3D, td=3D) at /usr/src/sys/netinet/in.c:2= 56 ifr =3D addr =3D 0xfffff800050959a0 ifa =3D ia =3D error =3D #23 0xffffffff80c5af33 in ifioctl (so=3D0xfffff8010c52ea08, cmd=3D, data=3D, td=3D0xfffff8008d076000) at /usr/src/sys/net/if.c:3= 089 saved_vnet =3D error =3D ifmr =3D { ifm_name =3D "\220\017",=20 ifm_current =3D 1,=20 ifm_mask =3D 0,=20 ifm_status =3D -1493875568,=20 ifm_active =3D -2044,=20 ifm_count =3D 0,=20 ifm_ulist =3D 0xfffff804a6f54490 } ifmrp =3D 0xf90 ifr =3D ifp =3D saved_data =3D oif_flags =3D 35079 shutdown =3D #24 0xffffffff80bc931a in fo_ioctl (fp=3D, com=3D, active_cred=3D0x80, td=3D, data=3D) at /usr/src/sys/sys/file.h:325 No locals. #25 kern_ioctl (td=3D0xfffff8008d076000, fd=3D, com=3D, data=3D0xfffffe0174463250 "") at /usr/src/sys/kern/sys_generic.c:800 fdp =3D 0xfffff804a6f54450 locked =3D fp =3D 0xfffff8008ffeeeb0 error =3D tmp =3D #26 0xffffffff80bc8fd8 in sys_ioctl (td=3D0xfffff8008d076000, uap=3D0xfffff8008d0763c0) at /usr/src/sys/kern/sys_generic.c:712 smalldata =3D "igb0" com =3D 2151967019 size =3D arg =3D data =3D 0xfffffe01744638d0 "igb0" error =3D #27 0xffffffff810205fc in syscallenter (td=3D0xfffff8008d076000) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135 p =3D 0xfffff8008f6e5538 error =3D sa =3D 0xfffff8008d0763b0 traced =3D #28 amd64_syscall (td=3D0xfffff8008d076000, traced=3D0) at /usr/src/sys/amd64/amd64/trap.c:1006 ksi =3D error =3D #29 No locals. #30 0x00000008004597ca in ?? () No symbol table info available. Backtrace stopped: Cannot access memory at address 0x7fffffffd268 Already logging to /home/eax/out. #0 __curthread () at ./machine/pcpu.h:231 td =3D #1 doadump (textdump=3D0) at /usr/src/sys/kern/kern_shutdown.c:366 error =3D coredump =3D #2 0xffffffff804350bb in db_dump (dummy=3D, dummy2=3D, dummy3=3D, dummy4=3D) at /usr/src/sys/ddb/db_command.c:574 error =3D #3 0xffffffff80434e7d in db_command (last_cmdp=3D, cmd_table=3D, dopager=3D) at /usr/src/sys/ddb/db_command.c:481 modif =3D "" have_addr =3D false t =3D result =3D cmd =3D 0xffffffff81a5ce20 addr =3D count =3D #4 0xffffffff80434c14 in db_command_loop () at /usr/src/sys/ddb/db_command.c:534 No locals. #5 0xffffffff80437dff in db_trap (type=3D, code=3D) at /usr/src/sys/ddb/db_main.c:252 jb =3D {{ _jb =3D {-2192777531264, -2192777531272, -2192777531136, -2115128448, -2119837784, 0, 3, -2143060599, -2192777531168, -2137136836, -2116086448, 0} }} bkpt =3D false watchpt =3D false prev_jb =3D 0x0 why =3D #6 0xffffffff80ba3923 in kdb_trap (type=3D3, code=3D0, tf=3D) at /usr/src/sys/kern/subr_kdb.c:697 be =3D 0xffffffff81a5d7a8 intr =3D 70 did_stop_cpus =3D handled =3D other_cpus =3D #7 0xffffffff8101f881 in trap (frame=3D0xfffffe0174463290) at /usr/src/sys/amd64/amd64/trap.c:605 td =3D 0xfffff8008d076000 dr6 =3D 0 addr =3D -2192777530736 ucode =3D -2093870928 signo =3D 25 p =3D 0xfffffe0174463400 type =3D 3 ksi =3D { ksi_link =3D { tqe_next =3D 0x20fffe0100000012,=20 tqe_prev =3D 0xfffffe01744631d8 },=20 ksi_info =3D { si_signo =3D -2118462976,=20 si_errno =3D -1,=20 si_code =3D -2106818494,=20 si_pid =3D -351901867,=20 si_uid =3D 54,=20 si_status =3D 0,=20 si_addr =3D 0x0,=20 si_value =3D { sival_int =3D -1009,=20 sival_ptr =3D 0xfffffc0f,=20 sigval_int =3D -1009,=20 sigval_ptr =3D 0xfffffc0f },=20 _reason =3D { _fault =3D { _trapno =3D 4560842 },=20 _timer =3D { _timerid =3D 4560842,=20 _overrun =3D 8 },=20 _mesgq =3D { _mqd =3D 4560842 },=20 _poll =3D { _band =3D 34364299210 },=20 __spare__ =3D { __spare1__ =3D 34364299210,=20 __spare2__ =3D {-4096, 511, 1950757456, -511, -2143060083, -1, -2106818494} } } },=20 ksi_flags =3D -2127898362,=20 ksi_sigq =3D 0x16c8a801 } #8 No locals. #9 kdb_enter (why=3D0xffffffff812ad906 "panic", msg=3D) at /usr/src/sys/kern/subr_kdb.c:479 No locals. #10 0xffffffff80b5c7a0 in vpanic (fmt=3D, ap=3D0xfffffe01744= 63400) at /usr/src/sys/kern/kern_shutdown.c:852 buf =3D "Most recently used by ifaddr\n" td =3D 0xfffff8008d076000 bootopt =3D newpanic =3D other_cpus =3D #11 0xffffffff80b5c833 in panic (fmt=3D0xffffffff81df1598 "\276\061'\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:790 ap =3D {{ gp_offset =3D 16,=20 fp_offset =3D 48,=20 overflow_arg_area =3D 0xfffffe0174463430,=20 reg_save_area =3D 0xfffffe01744633d0 }} #12 0xffffffff80e84f10 in mtrash_ctor (mem=3D0xfffff8009a1a9c00, size=3D, arg=3D, flags=3D) at /usr/src/sys/vm/uma_dbg.c:162 p =3D cnt =3D ksp =3D #13 0xffffffff80e804b3 in uma_zalloc_arg (zone=3D0xfffffe000032d000, udata= =3D0x0, flags=3D257) at /usr/src/sys/vm/uma_core.c:2268 cache =3D 0xfffffe000032de00 bucket =3D 0xfffff80005176500 domain =3D -2047 lockfail =3D zdom =3D item =3D 0xfffff8009a1a9c00 cpu =3D #14 0xffffffff80b35fd0 in uma_zalloc (zone=3D0xfffffe000032d000, flags=3D) at /usr/src/sys/vm/uma.h:361 No locals. #15 malloc (size=3D336, mtp=3D0xffffffff81b30780 , flags=3D257) = at /usr/src/sys/kern/kern_malloc.c:575 va =3D 0x80 zone =3D 0xfffffe000032d000 indx =3D #16 0xffffffff80cdb08b in in_lltable_new (flags=3D0, addr4=3D...) at /usr/src/sys/netinet/in.c:1098 lle =3D #17 in_lltable_alloc (llt=3D, flags=3D6, l3addr=3D0xfffff800= 8ff4fc98) at /usr/src/sys/netinet/in.c:1343 linkhdr =3D "" sin =3D 0xfffff8008ff4fc98 ifp =3D 0xfffff80005095800 lle =3D linkhdrsize =3D lladdr_off =3D #18 0xffffffff80cd133e in arp_add_ifa_lle (ifp=3D0xfffff80005095800, dst=3D) at /usr/src/sys/netinet/if_ether.c:1280 lle =3D lle_tmp =3D #19 0xffffffff80cd12d3 in arp_ifinit (ifp=3D0xfffff80005095800, ifa=3D0xfffff8008ff4fc00) at /usr/src/sys/netinet/if_ether.c:1428 dst_in =3D 0xfffff8008ff4fc98 dst =3D 0xfffff8008ff4fc98 #20 0xffffffff80c7a3ed in iflib_if_ioctl (ifp=3D0xfffff80005095800, command=3D, data=3D0xfffff8008ff4fc00 "\230\374\364\217") at /usr/src/sys/net/iflib.c:4022 ifr =3D 0xfffff8008ff4fc00 ifa =3D 0xfffff8008ff4fc00 ctx =3D 0xfffff80005093000 reinit =3D 0 err =3D avoid_reset =3D bits =3D #21 0xffffffff80cd9784 in in_aifaddr_ioctl (cmd=3D, ifp=3D, td=3D, data=3D) at /usr/src/sys/netinet/in.c:473 ifra =3D addr =3D error =3D broadaddr =3D 0xfffff8008ff4fc80 dstaddr =3D mask =3D 0xfffff8008ff4fc90 vhid =3D 0 iaIsFirst =3D ifa =3D ia =3D it =3D i =3D ii =3D allhosts_addr =3D flags =3D curelm =3D curelm =3D eia =3D _el =3D _ep =3D _t =3D #22 in_control (so=3D, cmd=3D, data=3D, ifp=3D, td=3D) at /usr/src/sys/netinet/in.c:2= 56 ifr =3D addr =3D 0xfffff800050959a0 ifa =3D ia =3D error =3D #23 0xffffffff80c5af33 in ifioctl (so=3D0xfffff8010c52ea08, cmd=3D, data=3D, td=3D0xfffff8008d076000) at /usr/src/sys/net/if.c:3= 089 saved_vnet =3D error =3D ifmr =3D { ifm_name =3D "\220\017",=20 ifm_current =3D 1,=20 ifm_mask =3D 0,=20 ifm_status =3D -1493875568,=20 ifm_active =3D -2044,=20 ifm_count =3D 0,=20 ifm_ulist =3D 0xfffff804a6f54490 } ifmrp =3D 0xf90 ifr =3D ifp =3D saved_data =3D oif_flags =3D 35079 shutdown =3D #24 0xffffffff80bc931a in fo_ioctl (fp=3D, com=3D, active_cred=3D0x80, td=3D, data=3D) at /usr/src/sys/sys/file.h:325 No locals. #25 kern_ioctl (td=3D0xfffff8008d076000, fd=3D, com=3D, data=3D0xfffffe0174463250 "") at /usr/src/sys/kern/sys_generic.c:800 fdp =3D 0xfffff804a6f54450 locked =3D fp =3D 0xfffff8008ffeeeb0 error =3D tmp =3D #26 0xffffffff80bc8fd8 in sys_ioctl (td=3D0xfffff8008d076000, uap=3D0xfffff8008d0763c0) at /usr/src/sys/kern/sys_generic.c:712 smalldata =3D "igb0" com =3D 2151967019 size =3D arg =3D data =3D 0xfffffe01744638d0 "igb0" error =3D #27 0xffffffff810205fc in syscallenter (td=3D0xfffff8008d076000) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135 p =3D 0xfffff8008f6e5538 error =3D sa =3D 0xfffff8008d0763b0 traced =3D #28 amd64_syscall (td=3D0xfffff8008d076000, traced=3D0) at /usr/src/sys/amd64/amd64/trap.c:1006 ksi =3D error =3D #29 No locals. #30 0x00000008004597ca in ?? () No symbol table info available. Backtrace stopped: Cannot access memory at address 0x7fffffffd268 quit #0 __curthread () at ./machine/pcpu.h:231 td =3D #1 doadump (textdump=3D0) at /usr/src/sys/kern/kern_shutdown.c:366 error =3D coredump =3D #2 0xffffffff804350bb in db_dump (dummy=3D, dummy2=3D, dummy3=3D, dummy4=3D) at /usr/src/sys/ddb/db_command.c:574 error =3D #3 0xffffffff80434e7d in db_command (last_cmdp=3D, cmd_table=3D, dopager=3D) at /usr/src/sys/ddb/db_command.c:481 modif =3D "" have_addr =3D false t =3D result =3D cmd =3D 0xffffffff81a5ce20 addr =3D count =3D #4 0xffffffff80434c14 in db_command_loop () at /usr/src/sys/ddb/db_command.c:534 No locals. #5 0xffffffff80437dff in db_trap (type=3D, code=3D) at /usr/src/sys/ddb/db_main.c:252 jb =3D {{ _jb =3D {-2192777531264, -2192777531272, -2192777531136, -2115128448, -2119837784, 0, 3, -2143060599, -2192777531168, -2137136836, -2116086448, 0} }} bkpt =3D false watchpt =3D false prev_jb =3D 0x0 why =3D #6 0xffffffff80ba3923 in kdb_trap (type=3D3, code=3D0, tf=3D) at /usr/src/sys/kern/subr_kdb.c:697 be =3D 0xffffffff81a5d7a8 intr =3D 70 did_stop_cpus =3D handled =3D other_cpus =3D #7 0xffffffff8101f881 in trap (frame=3D0xfffffe0174463290) at /usr/src/sys/amd64/amd64/trap.c:605 td =3D 0xfffff8008d076000 dr6 =3D 0 addr =3D -2192777530736 ucode =3D -2093870928 signo =3D 25 p =3D 0xfffffe0174463400 type =3D 3 ksi =3D { ksi_link =3D { tqe_next =3D 0x20fffe0100000012,=20 tqe_prev =3D 0xfffffe01744631d8 },=20 ksi_info =3D { si_signo =3D -2118462976,=20 si_errno =3D -1,=20 si_code =3D -2106818494,=20 si_pid =3D -351901867,=20 si_uid =3D 54,=20 si_status =3D 0,=20 si_addr =3D 0x0,=20 si_value =3D { sival_int =3D -1009,=20 sival_ptr =3D 0xfffffc0f,=20 sigval_int =3D -1009,=20 sigval_ptr =3D 0xfffffc0f },=20 _reason =3D { _fault =3D { _trapno =3D 4560842 },=20 _timer =3D { _timerid =3D 4560842,=20 _overrun =3D 8 },=20 _mesgq =3D { _mqd =3D 4560842 },=20 _poll =3D { _band =3D 34364299210 },=20 __spare__ =3D { __spare1__ =3D 34364299210,=20 __spare2__ =3D {-4096, 511, 1950757456, -511, -2143060083, -1, -2106818494} } } },=20 ksi_flags =3D -2127898362,=20 ksi_sigq =3D 0x16c8a801 } #8 No locals. #9 kdb_enter (why=3D0xffffffff812ad906 "panic", msg=3D) at /usr/src/sys/kern/subr_kdb.c:479 No locals. #10 0xffffffff80b5c7a0 in vpanic (fmt=3D, ap=3D0xfffffe01744= 63400) at /usr/src/sys/kern/kern_shutdown.c:852 buf =3D "Most recently used by ifaddr\n" td =3D 0xfffff8008d076000 bootopt =3D newpanic =3D other_cpus =3D #11 0xffffffff80b5c833 in panic (fmt=3D0xffffffff81df1598 "\276\061'\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:790 ap =3D {{ gp_offset =3D 16,=20 fp_offset =3D 48,=20 overflow_arg_area =3D 0xfffffe0174463430,=20 reg_save_area =3D 0xfffffe01744633d0 }} #12 0xffffffff80e84f10 in mtrash_ctor (mem=3D0xfffff8009a1a9c00, size=3D, arg=3D, flags=3D) at /usr/src/sys/vm/uma_dbg.c:162 p =3D cnt =3D ksp =3D #13 0xffffffff80e804b3 in uma_zalloc_arg (zone=3D0xfffffe000032d000, udata= =3D0x0, flags=3D257) at /usr/src/sys/vm/uma_core.c:2268 cache =3D 0xfffffe000032de00 bucket =3D 0xfffff80005176500 domain =3D -2047 lockfail =3D zdom =3D item =3D 0xfffff8009a1a9c00 cpu =3D #14 0xffffffff80b35fd0 in uma_zalloc (zone=3D0xfffffe000032d000, flags=3D) at /usr/src/sys/vm/uma.h:361 No locals. #15 malloc (size=3D336, mtp=3D0xffffffff81b30780 , flags=3D257) = at /usr/src/sys/kern/kern_malloc.c:575 va =3D 0x80 zone =3D 0xfffffe000032d000 indx =3D #16 0xffffffff80cdb08b in in_lltable_new (flags=3D0, addr4=3D...) at /usr/src/sys/netinet/in.c:1098 lle =3D #17 in_lltable_alloc (llt=3D, flags=3D6, l3addr=3D0xfffff800= 8ff4fc98) at /usr/src/sys/netinet/in.c:1343 linkhdr =3D "" sin =3D 0xfffff8008ff4fc98 ifp =3D 0xfffff80005095800 lle =3D linkhdrsize =3D lladdr_off =3D #18 0xffffffff80cd133e in arp_add_ifa_lle (ifp=3D0xfffff80005095800, dst=3D) at /usr/src/sys/netinet/if_ether.c:1280 lle =3D lle_tmp =3D #19 0xffffffff80cd12d3 in arp_ifinit (ifp=3D0xfffff80005095800, ifa=3D0xfffff8008ff4fc00) at /usr/src/sys/netinet/if_ether.c:1428 dst_in =3D 0xfffff8008ff4fc98 dst =3D 0xfffff8008ff4fc98 #20 0xffffffff80c7a3ed in iflib_if_ioctl (ifp=3D0xfffff80005095800, command=3D, data=3D0xfffff8008ff4fc00 "\230\374\364\217") at /usr/src/sys/net/iflib.c:4022 ifr =3D 0xfffff8008ff4fc00 ifa =3D 0xfffff8008ff4fc00 ctx =3D 0xfffff80005093000 reinit =3D 0 err =3D avoid_reset =3D bits =3D #21 0xffffffff80cd9784 in in_aifaddr_ioctl (cmd=3D, ifp=3D, td=3D, data=3D) at /usr/src/sys/netinet/in.c:473 ifra =3D addr =3D error =3D broadaddr =3D 0xfffff8008ff4fc80 dstaddr =3D mask =3D 0xfffff8008ff4fc90 vhid =3D 0 iaIsFirst =3D ifa =3D ia =3D it =3D i =3D ii =3D allhosts_addr =3D flags =3D curelm =3D curelm =3D eia =3D _el =3D _ep =3D _t =3D #22 in_control (so=3D, cmd=3D, data=3D, ifp=3D, td=3D) at /usr/src/sys/netinet/in.c:2= 56 ifr =3D addr =3D 0xfffff800050959a0 ifa =3D ia =3D error =3D #23 0xffffffff80c5af33 in ifioctl (so=3D0xfffff8010c52ea08, cmd=3D, data=3D, td=3D0xfffff8008d076000) at /usr/src/sys/net/if.c:3= 089 saved_vnet =3D error =3D ifmr =3D { ifm_name =3D "\220\017",=20 ifm_current =3D 1,=20 ifm_mask =3D 0,=20 ifm_status =3D -1493875568,=20 ifm_active =3D -2044,=20 ifm_count =3D 0,=20 ifm_ulist =3D 0xfffff804a6f54490 } ifmrp =3D 0xf90 ifr =3D ifp =3D saved_data =3D oif_flags =3D 35079 shutdown =3D #24 0xffffffff80bc931a in fo_ioctl (fp=3D, com=3D, active_cred=3D0x80, td=3D, data=3D) at /usr/src/sys/sys/file.h:325 No locals. #25 kern_ioctl (td=3D0xfffff8008d076000, fd=3D, com=3D, data=3D0xfffffe0174463250 "") at /usr/src/sys/kern/sys_generic.c:800 fdp =3D 0xfffff804a6f54450 locked =3D fp =3D 0xfffff8008ffeeeb0 error =3D tmp =3D #26 0xffffffff80bc8fd8 in sys_ioctl (td=3D0xfffff8008d076000, uap=3D0xfffff8008d0763c0) at /usr/src/sys/kern/sys_generic.c:712 smalldata =3D "igb0" com =3D 2151967019 size =3D arg =3D data =3D 0xfffffe01744638d0 "igb0" error =3D #27 0xffffffff810205fc in syscallenter (td=3D0xfffff8008d076000) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135 p =3D 0xfffff8008f6e5538 error =3D sa =3D 0xfffff8008d0763b0 traced =3D #28 amd64_syscall (td=3D0xfffff8008d076000, traced=3D0) at /usr/src/sys/amd64/amd64/trap.c:1006 ksi =3D error =3D #29 No locals. #30 0x00000008004597ca in ?? () No symbol table info available. Backtrace stopped: Cannot access memory at address 0x7fffffffd268 --=20 You are receiving this mail because: You are the assignee for the bug.=