[Bug 228599] iflib / arp : Memory modified after free 0xfffff8009a1a9c00(504) val=8ff4fc00 @ 0xfffff8009a1a9c90 [
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed May 30 00:15:15 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228599
Bug ID: 228599
Summary: iflib / arp : Memory modified after free
0xfffff8009a1a9c00(504) val=8ff4fc00 @
0xfffff8009a1a9c90 [
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Keywords: crash, panic
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: eadler at FreeBSD.org
Unread portion of the kernel message buffer:
[60500] Memory modified after free 0xfffff8009a1a9c00(504) val=8ff4fc00 @
0xfffff8009a1a9c90
[60500] panic: Most recently used by ifaddr
[60500]
[60500] cpuid = 25
[60500] time = 1527628213
[60500] KDB: stack backtrace:
[60500] db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
0xfffffe0174463360
[60500] vpanic() at vpanic+0x1a3/frame 0xfffffe01744633c0
[60500] panic() at panic+0x43/frame 0xfffffe0174463420
[60500] mtrash_dtor() at mtrash_dtor/frame 0xfffffe0174463440
[60500] uma_zalloc_arg() at uma_zalloc_arg+0x523/frame 0xfffffe01744634b0
[60500] malloc() at malloc+0x110/frame 0xfffffe0174463500
[60500] in_lltable_alloc() at in_lltable_alloc+0x1fb/frame 0xfffffe01744635f0
[60500] arp_add_ifa_lle() at arp_add_ifa_lle+0x2e/frame 0xfffffe0174463640
[60500] arp_ifinit() at arp_ifinit+0xf3/frame 0xfffffe0174463680
[60500] iflib_if_ioctl() at iflib_if_ioctl+0x2bd/frame 0xfffffe01744636f0
[60500] in_control() at in_control+0x904/frame 0xfffffe0174463780
[60500] ifioctl() at ifioctl+0x17a3/frame 0xfffffe0174463850
[60500] kern_ioctl() at kern_ioctl+0x2ca/frame 0xfffffe01744638b0
[60500] sys_ioctl() at sys_ioctl+0x158/frame 0xfffffe0174463980
[60500] amd64_syscall() at amd64_syscall+0x28c/frame 0xfffffe0174463ab0
[60500] fast_syscall_common() at fast_syscall_common+0x101/frame
0xfffffe0174463ab0
[60500] --- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x8004597ca, rsp =
0x7fffffffd268, rbp = 0x7fffffffd2b0 ---
[60500] KDB: enter: panic
#0 __curthread () at ./machine/pcpu.h:231
td = <optimized out>
#1 doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:366
error = <error reading variable error (Cannot access memory at address
0x0)>
coredump = <optimized out>
#2 0xffffffff804350bb in db_dump (dummy=<optimized out>, dummy2=<unavailable>,
dummy3=<unavailable>, dummy4=<unavailable>)
at /usr/src/sys/ddb/db_command.c:574
error = <optimized out>
#3 0xffffffff80434e7d in db_command (last_cmdp=<optimized out>,
cmd_table=<optimized out>, dopager=<optimized out>) at
/usr/src/sys/ddb/db_command.c:481
modif = ""
have_addr = false
t = <optimized out>
result = <optimized out>
cmd = 0xffffffff81a5ce20 <db_cmds+480>
addr = <unavailable>
count = <unavailable>
#4 0xffffffff80434c14 in db_command_loop () at
/usr/src/sys/ddb/db_command.c:534
No locals.
#5 0xffffffff80437dff in db_trap (type=<optimized out>, code=<optimized out>)
at /usr/src/sys/ddb/db_main.c:252
jb = {{
_jb = {-2193054773040,
-2193054773048,
-2193054772912,
-2115128448,
-2119837784,
0,
12,
-2143060599,
-2193054772944,
-2140630981,
-2116086448,
0}
}}
bkpt = false
watchpt = false
prev_jb = 0x0
why = <optimized out>
#6 0xffffffff80ba3923 in kdb_trap (type=12, code=0, tf=<optimized out>) at
/usr/src/sys/kern/subr_kdb.c:697
be = 0xffffffff81a5d7a8 <ddb_dbbe>
intr = 582
did_stop_cpus = <error reading variable did_stop_cpus (Cannot access
memory at address 0x1)>
handled = <optimized out>
other_cpus = <optimized out>
#7 0xffffffff8101fbef in trap_fatal (frame=0xfffffe0163bfd380, eva=<optimized
out>) at /usr/src/sys/amd64/amd64/trap.c:883
code = <optimized out>
softseg = {
ssd_base = 0,
ssd_limit = 1048575,
ssd_type = 27,
ssd_dpl = 0,
ssd_p = 1,
ssd_long = 1,
ssd_def32 = 0,
ssd_gran = 1
}
msg = <optimized out>
ss = 40
type = <optimized out>
handled = <optimized out>
#8 0xffffffff8101fd12 in trap_pfault (frame=0xfffffe0163bfd380,
usermode=<optimized out>) at /usr/src/sys/amd64/amd64/trap.c:728
td = 0xfffff80e2432e000
eva = 0
p = <optimized out>
va = <optimized out>
map = <optimized out>
ftype = <optimized out>
rv = <optimized out>
#9 0xffffffff8101f391 in trap (frame=0xfffffe0163bfd380) at
/usr/src/sys/amd64/amd64/trap.c:427
td = 0xfffff80e2432e000
dr6 = <error reading variable dr6 (Cannot access memory at address
0x0)>
addr = -2193054772352
ucode = <error reading variable ucode (Cannot access memory at address
0x3)>
signo = <error reading variable signo (Cannot access memory at address
0xa)>
p = <optimized out>
type = 12
ksi = <optimized out>
#10 <signal handler called>
No locals.
#11 strncmp (s1=0x0, s2=0xffffffff812626a6 "set_", n=4) at
/usr/src/sys/libkern/strncmp.c:44
No locals.
#12 0xffffffff81156b94 in link_elf_lookup_set (lf=0xfffff802db0ae400,
name=0xffffffff83ba9bc2 "sdt_providers_set", startp=0xfffffe0163bfd4a0,
stopp=0xfffffe0163bfd4a8, countp=0x0) at
/usr/src/sys/kern/link_elf_obj.c:1272
ef = 0xfffff802db0ae400
i = 12
start = <optimized out>
stop = <optimized out>
count = <optimized out>
#13 0xffffffff83ba9509 in sdt_kld_unload_try (arg=<optimized out>,
lf=0xfffff802db0ae200, error=0xfffffe0163bfd504) at
/usr/src/sys/cddl/dev/sdt/sdt.c:321
curr = <optimized out>
begin = <optimized out>
prov = <optimized out>
tmp = <optimized out>
end = <optimized out>
#14 0xffffffff80b2c68b in linker_file_unload (file=0xfffff802db0ae400, flags=1)
at /usr/src/sys/kern/kern_linker.c:656
_ep = <optimized out>
_t = 0xfffff800983b6840
_el = <optimized out>
error = 0
mod = <optimized out>
next = <optimized out>
ml = <optimized out>
nextml = <optimized out>
i = <optimized out>
cp = <optimized out>
#15 0xffffffff81155233 in link_elf_load_file (cls=<optimized out>,
filename=<optimized out>, result=0xfffffe0163bfd788)
at /usr/src/sys/kern/link_elf_obj.c:1002
mapsize = <error reading variable mapsize (Cannot access memory at
address 0x0)>
error = 28
td = 0xfffff80e2432e000
nd = 0xfffff800a29ae200
flags = 1
hdr = 0xfffff80786571d00
resid = 0
lf = <optimized out>
ef = <optimized out>
nbytes = <optimized out>
shdr = <optimized out>
nsym = <optimized out>
symtabindex = <optimized out>
symstrindex = <optimized out>
i = <optimized out>
shstrindex = <optimized out>
alignmask = <optimized out>
mapbase = <optimized out>
ra = <optimized out>
rl = <optimized out>
pb = <optimized out>
j = <optimized out>
es = <optimized out>
#16 0xffffffff80b2bf87 in LINKER_LOAD_FILE (cls=0xffffffff81b827e0
<link_elf_class>, result=0x0, filename=<optimized out>) at ./linker_if.h:180
_m = <optimized out>
rc = <optimized out>
_desc = <optimized out>
_ce = <optimized out>
_cep = <optimized out>
#17 linker_load_file (filename=<optimized out>, result=<optimized out>) at
/usr/src/sys/kern/kern_linker.c:447
lf = <optimized out>
foundfile = <error reading variable foundfile (Cannot access memory at
address 0x0)>
error = <error reading variable error (Cannot access memory at address
0x0)>
lc = <optimized out>
modules = <optimized out>
_el = <optimized out>
_ep = <optimized out>
_t = <optimized out>
#18 linker_load_module (kldname=<optimized out>, modname=0xfffff800a29b0800
"ipl", parent=0x0, verinfo=<optimized out>, lfpp=0xfffffe0163bfd918)
at /usr/src/sys/kern/kern_linker.c:2092
pathname = <optimized out>
filename = <optimized out>
error = <error reading variable error (Cannot access memory at address
0x0)>
lfdep = <optimized out>
#19 0xffffffff80b2d8b1 in kern_kldload (td=<optimized out>, file=<optimized
out>, fileid=<optimized out>) at /usr/src/sys/kern/kern_linker.c:1071
error = 0
saved_vnet = 0x0
modname = 0xfffff800a29b0800 "ipl"
kldname = 0x0
lf = 0x6
#20 0xffffffff80b2d9db in sys_kldload (td=0xfffff80e2432e000, uap=<optimized
out>) at /usr/src/sys/kern/kern_linker.c:1097
pathname = 0xfffff800a29b0800 "ipl"
error = 0
fileid = -1
#21 0xffffffff810205fc in syscallenter (td=0xfffff80e2432e000) at
/usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
p = 0xfffff802e5ba6a70
error = <optimized out>
sa = 0xfffff80e2432e3b0
traced = <optimized out>
#22 amd64_syscall (td=0xfffff80e2432e000, traced=0) at
/usr/src/sys/amd64/amd64/trap.c:1006
ksi = <optimized out>
error = <optimized out>
#23 <signal handler called>
No locals.
#24 0x00000008002cc44a in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7fffffffd458
#11 strncmp (s1=0x0, s2=0xffffffff812626a6 "set_", n=4) at
/usr/src/sys/libkern/strncmp.c:44
44 if (*s1 != *s2++)
$1 = 115 's'
$2 = 0xffffffff812626a6 "set_"
#12 0xffffffff81156b94 in link_elf_lookup_set (lf=0xfffff802db0ae400,
name=0xffffffff83ba9bc2 "sdt_providers_set", startp=0xfffffe0163bfd4a0,
stopp=0xfffffe0163bfd4a8, countp=0x0) at
/usr/src/sys/kern/link_elf_obj.c:1272
1272 if ((strncmp(ef->progtab[i].name, "set_", 4) == 0) &&
$3 = {
addr = 0xffffffff8456b000 <sysctl_ipf_int>,
size = 296178,
flags = 0,
sec = 1,
name = 0xfffff800a279fc20 ".text"
}
Structure has no component named operator*.
Structure has no component named operator*.
$4 = {
addr = 0xffffffff8456b000 <sysctl_ipf_int>,
size = 296178,
flags = 0,
sec = 1,
name = 0xfffff800a279fc20 ".text"
}
$5 = {
addr = 0xffffffff845b34f2,
size = 12137,
flags = 0,
sec = 3,
name = 0xfffff800a279fc26 ".rodata.str1.1"
}
A syntax error in expression, near `]'.
$6 = {
addr = 0xffffffff845b6460 <sysctl___net_inet_ipf>,
size = 100848,
flags = 0,
sec = 4,
name = 0xfffff800a279fc3a ".data"
}
$7 = {
addr = 0xffffffff845cee50 <__set_sysctl_set_sym_sysctl___net_inet_ipf>,
size = 128,
flags = 0,
sec = 6,
name = 0xfffff800a279fc45 "set_sysctl_set"
}
$8 = {
addr = 0xffffffff845ceed0
<__set_sysinit_set_sym_vnet_init_vnet_ipf_init_sys_init>,
size = 24,
flags = 0,
sec = 8,
name = 0xfffff800a279fc59 "set_sysinit_set"
}
$9 = {
addr = 0xffffffff845ceee8
<__set_sysuninit_set_sym_vnet_init_vnet_ipf_init_sys_uninit>,
size = 16,
flags = 0,
sec = 10,
name = 0xfffff800a279fc6e "set_sysuninit_set"
}
$10 = {
addr = 0xffffffff845ceef8
<__set_modmetadata_set_sym__mod_metadata_md_ipfilter_on_kernel>,
size = 24,
flags = 0,
sec = 12,
name = 0xfffff800a279fc85 "set_modmetadata_set"
}
$11 = {
addr = 0xffffffff845cef10 <ipf_devs>,
size = 6584,
flags = 0,
sec = 14,
name = 0xfffff800a279fc99 ".bss"
}
$12 = {
addr = 0xffffffff845d08d0 <ipf_devfiles>,
size = 5496,
flags = 0,
sec = 15,
name = 0xfffff800a279fca3 ".rodata"
}
$13 = {
addr = 0xffffffff845d1e48
<ipf_nat_ioctl.__set_sdt_probes_set_sym_sdt_sdt___user_error>,
size = 5360,
flags = 0,
sec = 18,
name = 0xfffff800a279fcb9 "set_sdt_probes_set"
}
$14 = {
addr = 0xffffffff845d3338
<ipf_nat_ioctl.__set_sdt_argtypes_set_sym_sdta_sdt___user_error0>,
size = 4736,
flags = 0,
sec = 20,
name = 0xfffff800a279fcd1 "set_sdt_argtypes_set"
}
$15 = {
addr = 0x0,
size = 0,
flags = 0,
sec = 0,
name = 0xfffff800a279fce6 "set_vnet"
}
$16 = {
addr = 0x0,
size = 0,
flags = 0,
sec = 0,
name = 0x0
}
$17 = {
addr = 0x0,
size = 0,
flags = 0,
sec = 0,
name = 0x0
}
quit
#0 __curthread () at ./machine/pcpu.h:231
td = <optimized out>
#1 doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:366
error = <error reading variable error (Cannot access memory at address
0x0)>
coredump = <optimized out>
#2 0xffffffff804350bb in db_dump (dummy=<optimized out>, dummy2=<unavailable>,
dummy3=<unavailable>, dummy4=<unavailable>)
at /usr/src/sys/ddb/db_command.c:574
error = <optimized out>
#3 0xffffffff80434e7d in db_command (last_cmdp=<optimized out>,
cmd_table=<optimized out>, dopager=<optimized out>) at
/usr/src/sys/ddb/db_command.c:481
modif = ""
have_addr = false
t = <optimized out>
result = <optimized out>
cmd = 0xffffffff81a5ce20 <db_cmds+480>
addr = <unavailable>
count = <unavailable>
#4 0xffffffff80434c14 in db_command_loop () at
/usr/src/sys/ddb/db_command.c:534
No locals.
#5 0xffffffff80437dff in db_trap (type=<optimized out>, code=<optimized out>)
at /usr/src/sys/ddb/db_main.c:252
jb = {{
_jb = {-2192777531264,
-2192777531272,
-2192777531136,
-2115128448,
-2119837784,
0,
3,
-2143060599,
-2192777531168,
-2137136836,
-2116086448,
0}
}}
bkpt = false
watchpt = false
prev_jb = 0x0
why = <optimized out>
#6 0xffffffff80ba3923 in kdb_trap (type=3, code=0, tf=<optimized out>) at
/usr/src/sys/kern/subr_kdb.c:697
be = 0xffffffff81a5d7a8 <ddb_dbbe>
intr = 70
did_stop_cpus = <error reading variable did_stop_cpus (Cannot access
memory at address 0x1)>
handled = <optimized out>
other_cpus = <optimized out>
#7 0xffffffff8101f881 in trap (frame=0xfffffe0174463290) at
/usr/src/sys/amd64/amd64/trap.c:605
td = 0xfffff8008d076000
dr6 = 0
addr = -2192777530736
ucode = -2093870928
signo = 25
p = 0xfffffe0174463400
type = 3
ksi = {
ksi_link = {
tqe_next = 0x20fffe0100000012,
tqe_prev = 0xfffffe01744631d8
},
ksi_info = {
si_signo = -2118462976,
si_errno = -1,
si_code = -2106818494,
si_pid = -351901867,
si_uid = 54,
si_status = 0,
si_addr = 0x0,
si_value = {
sival_int = -1009,
sival_ptr = 0xfffffc0f,
sigval_int = -1009,
sigval_ptr = 0xfffffc0f
},
_reason = {
_fault = {
_trapno = 4560842
},
_timer = {
_timerid = 4560842,
_overrun = 8
},
_mesgq = {
_mqd = 4560842
},
_poll = {
_band = 34364299210
},
__spare__ = {
__spare1__ = 34364299210,
__spare2__ = {-4096,
511,
1950757456,
-511,
-2143060083,
-1,
-2106818494}
}
}
},
ksi_flags = -2127898362,
ksi_sigq = 0x16c8a801
}
#8 <signal handler called>
No locals.
#9 kdb_enter (why=0xffffffff812ad906 "panic", msg=<optimized out>) at
/usr/src/sys/kern/subr_kdb.c:479
No locals.
#10 0xffffffff80b5c7a0 in vpanic (fmt=<optimized out>, ap=0xfffffe0174463400)
at /usr/src/sys/kern/kern_shutdown.c:852
buf = "Most recently used by ifaddr\n"
td = 0xfffff8008d076000
bootopt = <error reading variable bootopt (Cannot access memory at
address 0x4)>
newpanic = <error reading variable newpanic (Cannot access memory at
address 0x1)>
other_cpus = <optimized out>
#11 0xffffffff80b5c833 in panic (fmt=0xffffffff81df1598 <cnputs_mtx>
"\276\061'\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:790
ap = {{
gp_offset = 16,
fp_offset = 48,
overflow_arg_area = 0xfffffe0174463430,
reg_save_area = 0xfffffe01744633d0
}}
#12 0xffffffff80e84f10 in mtrash_ctor (mem=0xfffff8009a1a9c00, size=<optimized
out>, arg=<optimized out>, flags=<optimized out>)
at /usr/src/sys/vm/uma_dbg.c:162
p = <optimized out>
cnt = <optimized out>
ksp = <optimized out>
#13 0xffffffff80e804b3 in uma_zalloc_arg (zone=0xfffffe000032d000, udata=0x0,
flags=257) at /usr/src/sys/vm/uma_core.c:2268
cache = 0xfffffe000032de00
bucket = 0xfffff80005176500
domain = -2047
lockfail = <optimized out>
zdom = <optimized out>
item = 0xfffff8009a1a9c00
cpu = <optimized out>
#14 0xffffffff80b35fd0 in uma_zalloc (zone=0xfffffe000032d000, flags=<optimized
out>) at /usr/src/sys/vm/uma.h:361
No locals.
#15 malloc (size=336, mtp=0xffffffff81b30780 <M_LLTABLE>, flags=257) at
/usr/src/sys/kern/kern_malloc.c:575
va = 0x80 <error: Cannot access memory at address 0x80>
zone = 0xfffffe000032d000
indx = <optimized out>
#16 0xffffffff80cdb08b in in_lltable_new (flags=0, addr4=...) at
/usr/src/sys/netinet/in.c:1098
lle = <optimized out>
#17 in_lltable_alloc (llt=<optimized out>, flags=6, l3addr=0xfffff8008ff4fc98)
at /usr/src/sys/netinet/in.c:1343
linkhdr = ""
sin = 0xfffff8008ff4fc98
ifp = 0xfffff80005095800
lle = <optimized out>
linkhdrsize = <optimized out>
lladdr_off = <optimized out>
#18 0xffffffff80cd133e in arp_add_ifa_lle (ifp=0xfffff80005095800,
dst=<optimized out>) at /usr/src/sys/netinet/if_ether.c:1280
lle = <optimized out>
lle_tmp = <optimized out>
#19 0xffffffff80cd12d3 in arp_ifinit (ifp=0xfffff80005095800,
ifa=0xfffff8008ff4fc00) at /usr/src/sys/netinet/if_ether.c:1428
dst_in = 0xfffff8008ff4fc98
dst = 0xfffff8008ff4fc98
#20 0xffffffff80c7a3ed in iflib_if_ioctl (ifp=0xfffff80005095800,
command=<optimized out>, data=0xfffff8008ff4fc00 "\230\374\364\217")
at /usr/src/sys/net/iflib.c:4022
ifr = 0xfffff8008ff4fc00
ifa = 0xfffff8008ff4fc00
ctx = 0xfffff80005093000
reinit = 0
err = <optimized out>
avoid_reset = <error reading variable avoid_reset (Cannot access memory
at address 0x1)>
bits = <optimized out>
#21 0xffffffff80cd9784 in in_aifaddr_ioctl (cmd=<optimized out>, ifp=<optimized
out>, td=<optimized out>, data=<optimized out>)
at /usr/src/sys/netinet/in.c:473
ifra = <optimized out>
addr = <optimized out>
error = <error reading variable error (Cannot access memory at address
0x0)>
broadaddr = 0xfffff8008ff4fc80
dstaddr = <optimized out>
mask = 0xfffff8008ff4fc90
vhid = 0
iaIsFirst = <error reading variable iaIsFirst (Cannot access memory at
address 0x0)>
ifa = <optimized out>
ia = <optimized out>
it = <optimized out>
i = <optimized out>
ii = <optimized out>
allhosts_addr = <optimized out>
flags = <optimized out>
curelm = <optimized out>
curelm = <optimized out>
eia = <optimized out>
_el = <optimized out>
_ep = <optimized out>
_t = <optimized out>
#22 in_control (so=<optimized out>, cmd=<optimized out>, data=<optimized out>,
ifp=<optimized out>, td=<optimized out>) at /usr/src/sys/netinet/in.c:256
ifr = <optimized out>
addr = 0xfffff800050959a0
ifa = <optimized out>
ia = <optimized out>
error = <error reading variable error (Cannot access memory at address
0x0)>
#23 0xffffffff80c5af33 in ifioctl (so=0xfffff8010c52ea08, cmd=<optimized out>,
data=<optimized out>, td=0xfffff8008d076000) at /usr/src/sys/net/if.c:3089
saved_vnet = <optimized out>
error = <optimized out>
ifmr = {
ifm_name = "\220\017",
ifm_current = 1,
ifm_mask = 0,
ifm_status = -1493875568,
ifm_active = -2044,
ifm_count = 0,
ifm_ulist = 0xfffff804a6f54490
}
ifmrp = 0xf90
ifr = <optimized out>
ifp = <optimized out>
saved_data = <optimized out>
oif_flags = 35079
shutdown = <optimized out>
#24 0xffffffff80bc931a in fo_ioctl (fp=<optimized out>, com=<optimized out>,
active_cred=0x80, td=<optimized out>, data=<optimized out>)
at /usr/src/sys/sys/file.h:325
No locals.
#25 kern_ioctl (td=0xfffff8008d076000, fd=<optimized out>, com=<optimized out>,
data=0xfffffe0174463250 "") at /usr/src/sys/kern/sys_generic.c:800
fdp = 0xfffff804a6f54450
locked = <optimized out>
fp = 0xfffff8008ffeeeb0
error = <optimized out>
tmp = <optimized out>
#26 0xffffffff80bc8fd8 in sys_ioctl (td=0xfffff8008d076000,
uap=0xfffff8008d0763c0) at /usr/src/sys/kern/sys_generic.c:712
smalldata = "igb0"
com = 2151967019
size = <optimized out>
arg = <optimized out>
data = 0xfffffe01744638d0 "igb0"
error = <optimized out>
#27 0xffffffff810205fc in syscallenter (td=0xfffff8008d076000) at
/usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
p = 0xfffff8008f6e5538
error = <optimized out>
sa = 0xfffff8008d0763b0
traced = <optimized out>
#28 amd64_syscall (td=0xfffff8008d076000, traced=0) at
/usr/src/sys/amd64/amd64/trap.c:1006
ksi = <optimized out>
error = <optimized out>
#29 <signal handler called>
No locals.
#30 0x00000008004597ca in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7fffffffd268
Already logging to /home/eax/out.
#0 __curthread () at ./machine/pcpu.h:231
td = <optimized out>
#1 doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:366
error = <error reading variable error (Cannot access memory at address
0x0)>
coredump = <optimized out>
#2 0xffffffff804350bb in db_dump (dummy=<optimized out>, dummy2=<unavailable>,
dummy3=<unavailable>, dummy4=<unavailable>)
at /usr/src/sys/ddb/db_command.c:574
error = <optimized out>
#3 0xffffffff80434e7d in db_command (last_cmdp=<optimized out>,
cmd_table=<optimized out>, dopager=<optimized out>) at
/usr/src/sys/ddb/db_command.c:481
modif = ""
have_addr = false
t = <optimized out>
result = <optimized out>
cmd = 0xffffffff81a5ce20 <db_cmds+480>
addr = <unavailable>
count = <unavailable>
#4 0xffffffff80434c14 in db_command_loop () at
/usr/src/sys/ddb/db_command.c:534
No locals.
#5 0xffffffff80437dff in db_trap (type=<optimized out>, code=<optimized out>)
at /usr/src/sys/ddb/db_main.c:252
jb = {{
_jb = {-2192777531264,
-2192777531272,
-2192777531136,
-2115128448,
-2119837784,
0,
3,
-2143060599,
-2192777531168,
-2137136836,
-2116086448,
0}
}}
bkpt = false
watchpt = false
prev_jb = 0x0
why = <optimized out>
#6 0xffffffff80ba3923 in kdb_trap (type=3, code=0, tf=<optimized out>) at
/usr/src/sys/kern/subr_kdb.c:697
be = 0xffffffff81a5d7a8 <ddb_dbbe>
intr = 70
did_stop_cpus = <error reading variable did_stop_cpus (Cannot access
memory at address 0x1)>
handled = <optimized out>
other_cpus = <optimized out>
#7 0xffffffff8101f881 in trap (frame=0xfffffe0174463290) at
/usr/src/sys/amd64/amd64/trap.c:605
td = 0xfffff8008d076000
dr6 = 0
addr = -2192777530736
ucode = -2093870928
signo = 25
p = 0xfffffe0174463400
type = 3
ksi = {
ksi_link = {
tqe_next = 0x20fffe0100000012,
tqe_prev = 0xfffffe01744631d8
},
ksi_info = {
si_signo = -2118462976,
si_errno = -1,
si_code = -2106818494,
si_pid = -351901867,
si_uid = 54,
si_status = 0,
si_addr = 0x0,
si_value = {
sival_int = -1009,
sival_ptr = 0xfffffc0f,
sigval_int = -1009,
sigval_ptr = 0xfffffc0f
},
_reason = {
_fault = {
_trapno = 4560842
},
_timer = {
_timerid = 4560842,
_overrun = 8
},
_mesgq = {
_mqd = 4560842
},
_poll = {
_band = 34364299210
},
__spare__ = {
__spare1__ = 34364299210,
__spare2__ = {-4096,
511,
1950757456,
-511,
-2143060083,
-1,
-2106818494}
}
}
},
ksi_flags = -2127898362,
ksi_sigq = 0x16c8a801
}
#8 <signal handler called>
No locals.
#9 kdb_enter (why=0xffffffff812ad906 "panic", msg=<optimized out>) at
/usr/src/sys/kern/subr_kdb.c:479
No locals.
#10 0xffffffff80b5c7a0 in vpanic (fmt=<optimized out>, ap=0xfffffe0174463400)
at /usr/src/sys/kern/kern_shutdown.c:852
buf = "Most recently used by ifaddr\n"
td = 0xfffff8008d076000
bootopt = <error reading variable bootopt (Cannot access memory at
address 0x4)>
newpanic = <error reading variable newpanic (Cannot access memory at
address 0x1)>
other_cpus = <optimized out>
#11 0xffffffff80b5c833 in panic (fmt=0xffffffff81df1598 <cnputs_mtx>
"\276\061'\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:790
ap = {{
gp_offset = 16,
fp_offset = 48,
overflow_arg_area = 0xfffffe0174463430,
reg_save_area = 0xfffffe01744633d0
}}
#12 0xffffffff80e84f10 in mtrash_ctor (mem=0xfffff8009a1a9c00, size=<optimized
out>, arg=<optimized out>, flags=<optimized out>)
at /usr/src/sys/vm/uma_dbg.c:162
p = <optimized out>
cnt = <optimized out>
ksp = <optimized out>
#13 0xffffffff80e804b3 in uma_zalloc_arg (zone=0xfffffe000032d000, udata=0x0,
flags=257) at /usr/src/sys/vm/uma_core.c:2268
cache = 0xfffffe000032de00
bucket = 0xfffff80005176500
domain = -2047
lockfail = <optimized out>
zdom = <optimized out>
item = 0xfffff8009a1a9c00
cpu = <optimized out>
#14 0xffffffff80b35fd0 in uma_zalloc (zone=0xfffffe000032d000, flags=<optimized
out>) at /usr/src/sys/vm/uma.h:361
No locals.
#15 malloc (size=336, mtp=0xffffffff81b30780 <M_LLTABLE>, flags=257) at
/usr/src/sys/kern/kern_malloc.c:575
va = 0x80 <error: Cannot access memory at address 0x80>
zone = 0xfffffe000032d000
indx = <optimized out>
#16 0xffffffff80cdb08b in in_lltable_new (flags=0, addr4=...) at
/usr/src/sys/netinet/in.c:1098
lle = <optimized out>
#17 in_lltable_alloc (llt=<optimized out>, flags=6, l3addr=0xfffff8008ff4fc98)
at /usr/src/sys/netinet/in.c:1343
linkhdr = ""
sin = 0xfffff8008ff4fc98
ifp = 0xfffff80005095800
lle = <optimized out>
linkhdrsize = <optimized out>
lladdr_off = <optimized out>
#18 0xffffffff80cd133e in arp_add_ifa_lle (ifp=0xfffff80005095800,
dst=<optimized out>) at /usr/src/sys/netinet/if_ether.c:1280
lle = <optimized out>
lle_tmp = <optimized out>
#19 0xffffffff80cd12d3 in arp_ifinit (ifp=0xfffff80005095800,
ifa=0xfffff8008ff4fc00) at /usr/src/sys/netinet/if_ether.c:1428
dst_in = 0xfffff8008ff4fc98
dst = 0xfffff8008ff4fc98
#20 0xffffffff80c7a3ed in iflib_if_ioctl (ifp=0xfffff80005095800,
command=<optimized out>, data=0xfffff8008ff4fc00 "\230\374\364\217")
at /usr/src/sys/net/iflib.c:4022
ifr = 0xfffff8008ff4fc00
ifa = 0xfffff8008ff4fc00
ctx = 0xfffff80005093000
reinit = 0
err = <optimized out>
avoid_reset = <error reading variable avoid_reset (Cannot access memory
at address 0x1)>
bits = <optimized out>
#21 0xffffffff80cd9784 in in_aifaddr_ioctl (cmd=<optimized out>, ifp=<optimized
out>, td=<optimized out>, data=<optimized out>)
at /usr/src/sys/netinet/in.c:473
ifra = <optimized out>
addr = <optimized out>
error = <error reading variable error (Cannot access memory at address
0x0)>
broadaddr = 0xfffff8008ff4fc80
dstaddr = <optimized out>
mask = 0xfffff8008ff4fc90
vhid = 0
iaIsFirst = <error reading variable iaIsFirst (Cannot access memory at
address 0x0)>
ifa = <optimized out>
ia = <optimized out>
it = <optimized out>
i = <optimized out>
ii = <optimized out>
allhosts_addr = <optimized out>
flags = <optimized out>
curelm = <optimized out>
curelm = <optimized out>
eia = <optimized out>
_el = <optimized out>
_ep = <optimized out>
_t = <optimized out>
#22 in_control (so=<optimized out>, cmd=<optimized out>, data=<optimized out>,
ifp=<optimized out>, td=<optimized out>) at /usr/src/sys/netinet/in.c:256
ifr = <optimized out>
addr = 0xfffff800050959a0
ifa = <optimized out>
ia = <optimized out>
error = <error reading variable error (Cannot access memory at address
0x0)>
#23 0xffffffff80c5af33 in ifioctl (so=0xfffff8010c52ea08, cmd=<optimized out>,
data=<optimized out>, td=0xfffff8008d076000) at /usr/src/sys/net/if.c:3089
saved_vnet = <optimized out>
error = <optimized out>
ifmr = {
ifm_name = "\220\017",
ifm_current = 1,
ifm_mask = 0,
ifm_status = -1493875568,
ifm_active = -2044,
ifm_count = 0,
ifm_ulist = 0xfffff804a6f54490
}
ifmrp = 0xf90
ifr = <optimized out>
ifp = <optimized out>
saved_data = <optimized out>
oif_flags = 35079
shutdown = <optimized out>
#24 0xffffffff80bc931a in fo_ioctl (fp=<optimized out>, com=<optimized out>,
active_cred=0x80, td=<optimized out>, data=<optimized out>)
at /usr/src/sys/sys/file.h:325
No locals.
#25 kern_ioctl (td=0xfffff8008d076000, fd=<optimized out>, com=<optimized out>,
data=0xfffffe0174463250 "") at /usr/src/sys/kern/sys_generic.c:800
fdp = 0xfffff804a6f54450
locked = <optimized out>
fp = 0xfffff8008ffeeeb0
error = <optimized out>
tmp = <optimized out>
#26 0xffffffff80bc8fd8 in sys_ioctl (td=0xfffff8008d076000,
uap=0xfffff8008d0763c0) at /usr/src/sys/kern/sys_generic.c:712
smalldata = "igb0"
com = 2151967019
size = <optimized out>
arg = <optimized out>
data = 0xfffffe01744638d0 "igb0"
error = <optimized out>
#27 0xffffffff810205fc in syscallenter (td=0xfffff8008d076000) at
/usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
p = 0xfffff8008f6e5538
error = <optimized out>
sa = 0xfffff8008d0763b0
traced = <optimized out>
#28 amd64_syscall (td=0xfffff8008d076000, traced=0) at
/usr/src/sys/amd64/amd64/trap.c:1006
ksi = <optimized out>
error = <optimized out>
#29 <signal handler called>
No locals.
#30 0x00000008004597ca in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7fffffffd268
quit
#0 __curthread () at ./machine/pcpu.h:231
td = <optimized out>
#1 doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:366
error = <error reading variable error (Cannot access memory at address
0x0)>
coredump = <optimized out>
#2 0xffffffff804350bb in db_dump (dummy=<optimized out>, dummy2=<unavailable>,
dummy3=<unavailable>, dummy4=<unavailable>)
at /usr/src/sys/ddb/db_command.c:574
error = <optimized out>
#3 0xffffffff80434e7d in db_command (last_cmdp=<optimized out>,
cmd_table=<optimized out>, dopager=<optimized out>) at
/usr/src/sys/ddb/db_command.c:481
modif = ""
have_addr = false
t = <optimized out>
result = <optimized out>
cmd = 0xffffffff81a5ce20 <db_cmds+480>
addr = <unavailable>
count = <unavailable>
#4 0xffffffff80434c14 in db_command_loop () at
/usr/src/sys/ddb/db_command.c:534
No locals.
#5 0xffffffff80437dff in db_trap (type=<optimized out>, code=<optimized out>)
at /usr/src/sys/ddb/db_main.c:252
jb = {{
_jb = {-2192777531264,
-2192777531272,
-2192777531136,
-2115128448,
-2119837784,
0,
3,
-2143060599,
-2192777531168,
-2137136836,
-2116086448,
0}
}}
bkpt = false
watchpt = false
prev_jb = 0x0
why = <optimized out>
#6 0xffffffff80ba3923 in kdb_trap (type=3, code=0, tf=<optimized out>) at
/usr/src/sys/kern/subr_kdb.c:697
be = 0xffffffff81a5d7a8 <ddb_dbbe>
intr = 70
did_stop_cpus = <error reading variable did_stop_cpus (Cannot access
memory at address 0x1)>
handled = <optimized out>
other_cpus = <optimized out>
#7 0xffffffff8101f881 in trap (frame=0xfffffe0174463290) at
/usr/src/sys/amd64/amd64/trap.c:605
td = 0xfffff8008d076000
dr6 = 0
addr = -2192777530736
ucode = -2093870928
signo = 25
p = 0xfffffe0174463400
type = 3
ksi = {
ksi_link = {
tqe_next = 0x20fffe0100000012,
tqe_prev = 0xfffffe01744631d8
},
ksi_info = {
si_signo = -2118462976,
si_errno = -1,
si_code = -2106818494,
si_pid = -351901867,
si_uid = 54,
si_status = 0,
si_addr = 0x0,
si_value = {
sival_int = -1009,
sival_ptr = 0xfffffc0f,
sigval_int = -1009,
sigval_ptr = 0xfffffc0f
},
_reason = {
_fault = {
_trapno = 4560842
},
_timer = {
_timerid = 4560842,
_overrun = 8
},
_mesgq = {
_mqd = 4560842
},
_poll = {
_band = 34364299210
},
__spare__ = {
__spare1__ = 34364299210,
__spare2__ = {-4096,
511,
1950757456,
-511,
-2143060083,
-1,
-2106818494}
}
}
},
ksi_flags = -2127898362,
ksi_sigq = 0x16c8a801
}
#8 <signal handler called>
No locals.
#9 kdb_enter (why=0xffffffff812ad906 "panic", msg=<optimized out>) at
/usr/src/sys/kern/subr_kdb.c:479
No locals.
#10 0xffffffff80b5c7a0 in vpanic (fmt=<optimized out>, ap=0xfffffe0174463400)
at /usr/src/sys/kern/kern_shutdown.c:852
buf = "Most recently used by ifaddr\n"
td = 0xfffff8008d076000
bootopt = <error reading variable bootopt (Cannot access memory at
address 0x4)>
newpanic = <error reading variable newpanic (Cannot access memory at
address 0x1)>
other_cpus = <optimized out>
#11 0xffffffff80b5c833 in panic (fmt=0xffffffff81df1598 <cnputs_mtx>
"\276\061'\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:790
ap = {{
gp_offset = 16,
fp_offset = 48,
overflow_arg_area = 0xfffffe0174463430,
reg_save_area = 0xfffffe01744633d0
}}
#12 0xffffffff80e84f10 in mtrash_ctor (mem=0xfffff8009a1a9c00, size=<optimized
out>, arg=<optimized out>, flags=<optimized out>)
at /usr/src/sys/vm/uma_dbg.c:162
p = <optimized out>
cnt = <optimized out>
ksp = <optimized out>
#13 0xffffffff80e804b3 in uma_zalloc_arg (zone=0xfffffe000032d000, udata=0x0,
flags=257) at /usr/src/sys/vm/uma_core.c:2268
cache = 0xfffffe000032de00
bucket = 0xfffff80005176500
domain = -2047
lockfail = <optimized out>
zdom = <optimized out>
item = 0xfffff8009a1a9c00
cpu = <optimized out>
#14 0xffffffff80b35fd0 in uma_zalloc (zone=0xfffffe000032d000, flags=<optimized
out>) at /usr/src/sys/vm/uma.h:361
No locals.
#15 malloc (size=336, mtp=0xffffffff81b30780 <M_LLTABLE>, flags=257) at
/usr/src/sys/kern/kern_malloc.c:575
va = 0x80 <error: Cannot access memory at address 0x80>
zone = 0xfffffe000032d000
indx = <optimized out>
#16 0xffffffff80cdb08b in in_lltable_new (flags=0, addr4=...) at
/usr/src/sys/netinet/in.c:1098
lle = <optimized out>
#17 in_lltable_alloc (llt=<optimized out>, flags=6, l3addr=0xfffff8008ff4fc98)
at /usr/src/sys/netinet/in.c:1343
linkhdr = ""
sin = 0xfffff8008ff4fc98
ifp = 0xfffff80005095800
lle = <optimized out>
linkhdrsize = <optimized out>
lladdr_off = <optimized out>
#18 0xffffffff80cd133e in arp_add_ifa_lle (ifp=0xfffff80005095800,
dst=<optimized out>) at /usr/src/sys/netinet/if_ether.c:1280
lle = <optimized out>
lle_tmp = <optimized out>
#19 0xffffffff80cd12d3 in arp_ifinit (ifp=0xfffff80005095800,
ifa=0xfffff8008ff4fc00) at /usr/src/sys/netinet/if_ether.c:1428
dst_in = 0xfffff8008ff4fc98
dst = 0xfffff8008ff4fc98
#20 0xffffffff80c7a3ed in iflib_if_ioctl (ifp=0xfffff80005095800,
command=<optimized out>, data=0xfffff8008ff4fc00 "\230\374\364\217")
at /usr/src/sys/net/iflib.c:4022
ifr = 0xfffff8008ff4fc00
ifa = 0xfffff8008ff4fc00
ctx = 0xfffff80005093000
reinit = 0
err = <optimized out>
avoid_reset = <error reading variable avoid_reset (Cannot access memory
at address 0x1)>
bits = <optimized out>
#21 0xffffffff80cd9784 in in_aifaddr_ioctl (cmd=<optimized out>, ifp=<optimized
out>, td=<optimized out>, data=<optimized out>)
at /usr/src/sys/netinet/in.c:473
ifra = <optimized out>
addr = <optimized out>
error = <error reading variable error (Cannot access memory at address
0x0)>
broadaddr = 0xfffff8008ff4fc80
dstaddr = <optimized out>
mask = 0xfffff8008ff4fc90
vhid = 0
iaIsFirst = <error reading variable iaIsFirst (Cannot access memory at
address 0x0)>
ifa = <optimized out>
ia = <optimized out>
it = <optimized out>
i = <optimized out>
ii = <optimized out>
allhosts_addr = <optimized out>
flags = <optimized out>
curelm = <optimized out>
curelm = <optimized out>
eia = <optimized out>
_el = <optimized out>
_ep = <optimized out>
_t = <optimized out>
#22 in_control (so=<optimized out>, cmd=<optimized out>, data=<optimized out>,
ifp=<optimized out>, td=<optimized out>) at /usr/src/sys/netinet/in.c:256
ifr = <optimized out>
addr = 0xfffff800050959a0
ifa = <optimized out>
ia = <optimized out>
error = <error reading variable error (Cannot access memory at address
0x0)>
#23 0xffffffff80c5af33 in ifioctl (so=0xfffff8010c52ea08, cmd=<optimized out>,
data=<optimized out>, td=0xfffff8008d076000) at /usr/src/sys/net/if.c:3089
saved_vnet = <optimized out>
error = <optimized out>
ifmr = {
ifm_name = "\220\017",
ifm_current = 1,
ifm_mask = 0,
ifm_status = -1493875568,
ifm_active = -2044,
ifm_count = 0,
ifm_ulist = 0xfffff804a6f54490
}
ifmrp = 0xf90
ifr = <optimized out>
ifp = <optimized out>
saved_data = <optimized out>
oif_flags = 35079
shutdown = <optimized out>
#24 0xffffffff80bc931a in fo_ioctl (fp=<optimized out>, com=<optimized out>,
active_cred=0x80, td=<optimized out>, data=<optimized out>)
at /usr/src/sys/sys/file.h:325
No locals.
#25 kern_ioctl (td=0xfffff8008d076000, fd=<optimized out>, com=<optimized out>,
data=0xfffffe0174463250 "") at /usr/src/sys/kern/sys_generic.c:800
fdp = 0xfffff804a6f54450
locked = <optimized out>
fp = 0xfffff8008ffeeeb0
error = <optimized out>
tmp = <optimized out>
#26 0xffffffff80bc8fd8 in sys_ioctl (td=0xfffff8008d076000,
uap=0xfffff8008d0763c0) at /usr/src/sys/kern/sys_generic.c:712
smalldata = "igb0"
com = 2151967019
size = <optimized out>
arg = <optimized out>
data = 0xfffffe01744638d0 "igb0"
error = <optimized out>
#27 0xffffffff810205fc in syscallenter (td=0xfffff8008d076000) at
/usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
p = 0xfffff8008f6e5538
error = <optimized out>
sa = 0xfffff8008d0763b0
traced = <optimized out>
#28 amd64_syscall (td=0xfffff8008d076000, traced=0) at
/usr/src/sys/amd64/amd64/trap.c:1006
ksi = <optimized out>
error = <optimized out>
#29 <signal handler called>
No locals.
#30 0x00000008004597ca in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7fffffffd268
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list