Bug 227963

Summary: panic on shutdown - if_delmulti_ifma : Fatal trap 9: general protection fault while in kernel mode
Product: Base System Reporter: Eitan Adler <eadler>
Component: kernAssignee: freebsd-net (Nobody) <net>
Status: New ---    
Severity: Affects Only Me CC: avos, eadler
Priority: --- Keywords: crash
Version: CURRENT   
Hardware: Any   
OS: Any   
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228412

Description Eitan Adler freebsd_committer freebsd_triage 2018-05-04 02:13:49 UTC 
(kgdb) bt
#0  __curthread () at ./machine/pcpu.h:231
#1  doadump (textdump=0x1) at /usr/src/sys/kern/kern_shutdown.c:365
#2  0xffffffff80437eac in db_fncall_generic (addr=<optimized out>, rv=<optimized out>, nargs=<optimized out>, args=<optimized out>)
    at /usr/src/sys/ddb/db_command.c:609
#3  db_fncall (dummy1=<optimized out>, dummy2=<optimized out>, dummy3=<optimized out>, dummy4=<optimized out>) at /usr/src/sys/ddb/db_command.c:657
#4  0xffffffff804379e9 in db_command (last_cmdp=<optimized out>, cmd_table=<optimized out>, dopager=<optimized out>) at /usr/src/sys/ddb/db_command.c:481
#5  0xffffffff80437764 in db_command_loop () at /usr/src/sys/ddb/db_command.c:534
#6  0xffffffff8043a99f in db_trap (type=<optimized out>, code=<optimized out>) at /usr/src/sys/ddb/db_main.c:250
#7  0xffffffff80bb2833 in kdb_trap (type=0x9, code=0x0, tf=<optimized out>) at /usr/src/sys/kern/subr_kdb.c:697
#8  0xffffffff8102f231 in trap_fatal (frame=0xfffffe00004b9870, eva=0x0) at /usr/src/sys/amd64/amd64/trap.c:821
#9  0xffffffff8102e89d in trap (frame=0xfffffe00004b9870) at /usr/src/sys/amd64/amd64/trap.c:200
#10 <signal handler called>
#11 _rw_wlock_cookie (c=0xdeadc0dedeadc286, file=0xffffffff81286e05 "/usr/src/sys/net/if.c", line=0xe3e) at /usr/src/sys/kern/kern_rwlock.c:279
#12 0xffffffff80c6e48b in if_delmulti_ifma (ifma=0xfffff8001f2cfb00) at /usr/src/sys/net/if.c:3646
#13 0xffffffff80daf699 in in6m_release (inm=<optimized out>) at /usr/src/sys/netinet6/in6_mcast.c:545
#14 in6m_release_task (arg=<optimized out>) at /usr/src/sys/netinet6/in6_mcast.c:617
#15 0xffffffff80bb0c99 in gtaskqueue_run_locked (queue=0xfffff80003752b00) at /usr/src/sys/kern/subr_gtaskqueue.c:332
#16 0xffffffff80bb0a18 in gtaskqueue_thread_loop (arg=<optimized out>) at /usr/src/sys/kern/subr_gtaskqueue.c:507
#17 0xffffffff80b2d074 in fork_exit (callout=0xffffffff80bb0990 <gtaskqueue_thread_loop>, arg=0xfffffe00bbcc6008, frame=0xfffffe00004b9ac0)
    at /usr/src/sys/kern/kern_fork.c:1039
#18 <signal handler called>

(kgdb) info frame
Stack level 11, frame at 0xfffffe00004b9970:
 rip = 0xffffffff80b679a5 in _rw_wlock_cookie (/usr/src/sys/kern/kern_rwlock.c:279); saved rip = 0xffffffff80c6e48b
 called by frame at 0xfffffe00004b99a0, caller of frame at 0xfffffe00004b9930
 source language c.
 Arglist at 0xfffffe00004b9960, args: c=0xdeadc0dedeadc286, file=0xffffffff81286e05 "/usr/src/sys/net/if.c", line=0xe3e
 Locals at 0xfffffe00004b9960, Previous frame's sp is 0xfffffe00004b9970
 Saved registers:
  rbx at 0xfffffe00004b9938, rbp at 0xfffffe00004b9960, r12 at 0xfffffe00004b9940, r13 at 0xfffffe00004b9948, r14 at 0xfffffe00004b9950,
  r15 at 0xfffffe00004b9958, rip at 0xfffffe00004b9968
(kgdb) frame
Stack level 11, frame at 0xfffffe00004b9970:
 rip = 0xffffffff80b679a5 in _rw_wlock_cookie (/usr/src/sys/kern/kern_rwlock.c:279); saved rip = 0xffffffff80c6e48b
 called by frame at 0xfffffe00004b99a0, caller of frame at 0xfffffe00004b9930
 source language c.
 Arglist at 0xfffffe00004b9960, args: c=0xdeadc0dedeadc286, file=0xffffffff81286e05 "/usr/src/sys/net/if.c", line=0xe3e
 Locals at 0xfffffe00004b9960, Previous frame's sp is 0xfffffe00004b9970
 Saved registers:
  rbx at 0xfffffe00004b9938, rbp at 0xfffffe00004b9960, r12 at 0xfffffe00004b9940, r13 at 0xfffffe00004b9948, r14 at 0xfffffe00004b9950,
  r15 at 0xfffffe00004b9958, rip at 0xfffffe00004b9968
c = 0xdeadc0dedeadc286
file = 0xffffffff81286e05 "/usr/src/sys/net/if.c"
line = 0xe3e
rw = 0xdeadc0dedeadc26e
v = <optimized out>
tid = <optimized out>


(kgdb) up
#12 0xffffffff80c6e48b in if_delmulti_ifma (ifma=0xfffff8001f2cfb00) at /usr/src/sys/net/if.c:3646
3646                    IF_ADDR_WLOCK(ifp);
(kgdb) p *0xfffff8001f2cfb00
$2 = 0xdeadc0de
Comment 1 Andriy Voskoboinyk freebsd_committer freebsd_triage 2019-02-15 23:54:17 UTC 
Seems to be handled in bug #233535; is it still reproducible on recent CURRENT?