I'm running 11.0-CURRENT #12 r277858M amd64 with "options VIMAGE" compiled into the kernel. network related stuff in rc.conf: gateway_enable="YES" cloned_interfaces="bridge0 bridge1 tap0 tap1" autobridge_interfaces="bridge0" autobridge_bridge0="tap*" ifconfig_bridge0="inet 192.168.29.1/24" ipv6_activate_all_interfaces="YES" ip6addrctl_enable="YES" ip6addrctl_policy="ipv4_prefer" ipv6_privacy="YES" rtsold_enable="YES" wlans_iwn0="wlan0" ifconfig_wlan0="WPA DHCP country DE" ifconfig_em0="DHCP" ifconfig_em0_ipv6="inet6 accept_rtadv" The machine boots fine, and all interfaces come up. But when I run "service netif restart" from a running system I get a kernel panic: Fatal trap 12: page fault while in kernel mode cpuid = 3; apic id = 03 fault virtual address = 0x28 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80ac49c7 stack pointer = 0x28:0xfffffe04431d67b0 frame pointer = 0x28:0xfffffe04431d6850 code segment = base rx0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 0 (thread taskq) Uptime: 3h55m14s Dumping 857 out of 16050 MB:..2%..12%..21%..32%..42%..51%..62%..71%..81%..92% #0 doadump (textdump=Unhandled dwarf expression opcode 0x93 ) at pcpu.h:219 219 pcpu.h: No such file or directory. in pcpu.h (kgdb) #0 doadump (textdump=Unhandled dwarf expression opcode 0x93 ) at pcpu.h:219 #1 0xffffffff809c6c2f in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:448 #2 0xffffffff809c7170 in panic (fmt=<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:747 #3 0xffffffff803589b7 in db_panic (addr=<value optimized out>, have_addr=Unhandled dwarf expression opcode 0x93) at /usr/src/sys/ddb/db_command.c:473 #4 0xffffffff803585cc in db_command (cmd_table=0x0) at /usr/src/sys/ddb/db_command.c:440 #5 0xffffffff80358334 in db_command_loop () at /usr/src/sys/ddb/db_command.c:493 #6 0xffffffff8035aef0 in db_trap (type=<value optimized out>, code=Unhandled dwarf expression opcode 0x93) at /usr/src/sys/ddb/db_main.c:251 #7 0xffffffff80a0a40e in kdb_trap (type=Unhandled dwarf expression opcode 0x93) at /usr/src/sys/kern/subr_kdb.c:654 #8 0xffffffff80e3d259 in trap_fatal (frame=0xfffffe04431d6700, eva=<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:856 #9 0xffffffff80e3d5d1 in trap_pfault (frame=0xfffffe04431d6700, usermode=<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:678 #10 0xffffffff80e3cc0e in trap (frame=0xfffffe04431d6700) at /usr/src/sys/amd64/amd64/trap.c:426 #11 0xffffffff80e1e602 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:235 #12 0xffffffff80ac49c7 in rt_newmaddrmsg (cmd=Unhandled dwarf expression opcode 0x93) at /usr/src/sys/net/rtsock.c:1366 #13 0xffffffff80aadf90 in if_addmulti (ifp=0xfffff800065cb000, sa=<value optimized out>, retifma=<value optimized out>) at /usr/src/sys/net/if.c:3159 #14 0xffffffff80aed63e in ieee80211_ioctl (ifp=<value optimized out>, cmd=<value optimized out>, data=<value optimized out>) at /usr/src/sys/net80211/ieee80211_ioctl.c:3325 #15 0xffffffff80b1f2df in in_leavegroup (inm=0xfffff80205445500, imf=<value optimized out>) at /usr/src/sys/netinet/in_mcast.c:1291 #16 0xffffffff80b2351d in inp_gcmoptions (context=<value optimized out>, pending=<value optimized out>) at /usr/src/sys/netinet/in_mcast.c:1603 #17 0xffffffff80a1b309 in taskqueue_run_locked (queue=0xfffff80006358b00) at /usr/src/sys/kern/subr_taskqueue.c:431 #18 0xffffffff80a1c1c8 in taskqueue_thread_loop (arg=<value optimized out>) at /usr/src/sys/kern/subr_taskqueue.c:695 #19 0xffffffff8098627a in fork_exit ( callout=0xffffffff80a1c100 <taskqueue_thread_loop>, arg=0xffffffff8189fde0, frame=0xfffffe04431d6ac0) at /usr/src/sys/kern/kern_fork.c:996 #20 0xffffffff80e1eb3e in fork_trampoline () at /usr/src/sys/amd64/amd64/exception.S:610 #21 0x0000000000000000 in ?? () Current language: auto; currently minimal (kgdb) (kgdb) frame 12 #12 0xffffffff80ac49c7 in rt_newmaddrmsg (cmd=Unhandled dwarf expression opcode 0x93 ) at /usr/src/sys/net/rtsock.c:1366 1366 if (V_route_cb.any_count == 0) (kgdb) p $rip $1 = (void (*)()) 0xffffffff80ac49c7 <rt_newmaddrmsg+39> (kgdb) disas *($rip) Dump of assembler code for function rt_newmaddrmsg: 0xffffffff80ac49a0 <rt_newmaddrmsg+0>: push %rbp 0xffffffff80ac49a1 <rt_newmaddrmsg+1>: mov %rsp,%rbp 0xffffffff80ac49a4 <rt_newmaddrmsg+4>: push %r15 0xffffffff80ac49a6 <rt_newmaddrmsg+6>: push %r14 0xffffffff80ac49a8 <rt_newmaddrmsg+8>: push %rbx 0xffffffff80ac49a9 <rt_newmaddrmsg+9>: sub $0x78,%rsp 0xffffffff80ac49ad <rt_newmaddrmsg+13>: mov %rsi,%rbx 0xffffffff80ac49b0 <rt_newmaddrmsg+16>: mov %edi,%r14d 0xffffffff80ac49b3 <rt_newmaddrmsg+19>: mov 0x20(%rbx),%r15 0xffffffff80ac49b7 <rt_newmaddrmsg+23>: mov %gs:0x0,%rax 0xffffffff80ac49c0 <rt_newmaddrmsg+32>: mov 0x440(%rax),%rax 0xffffffff80ac49c7 <rt_newmaddrmsg+39>: mov 0x28(%rax),%rax 0xffffffff80ac49cb <rt_newmaddrmsg+43>: cmpl $0x0,-0x7e9fdc20(%rax) 0xffffffff80ac49d5 <rt_newmaddrmsg+53>: je 0xffffffff80ac4a52 <rt_newmaddrmsg+178> 0xffffffff80ac49d7 <rt_newmaddrmsg+55>: lea -0x88(%rbp),%rdi 0xffffffff80ac49de <rt_newmaddrmsg+62>: mov $0x70,%esi 0xffffffff80ac49e3 <rt_newmaddrmsg+67>: callq 0xffffffff80e3acb0 <bzero> 0xffffffff80ac49e8 <rt_newmaddrmsg+72>: mov 0x10(%rbx),%rax 0xffffffff80ac49ec <rt_newmaddrmsg+76>: mov %rax,-0x58(%rbp) 0xffffffff80ac49f0 <rt_newmaddrmsg+80>: xor %eax,%eax 0xffffffff80ac49f2 <rt_newmaddrmsg+82>: test %r15,%r15 0xffffffff80ac49f5 <rt_newmaddrmsg+85>: je 0xffffffff80ac4a01 <rt_newmaddrmsg+97> 0xffffffff80ac49f7 <rt_newmaddrmsg+87>: mov 0x1d8(%r15),%rax 0xffffffff80ac49fe <rt_newmaddrmsg+94>: mov (%rax),%rax 0xffffffff80ac4a01 <rt_newmaddrmsg+97>: mov %rax,-0x60(%rbp) 0xffffffff80ac4a05 <rt_newmaddrmsg+101>: mov 0x18(%rbx),%rax 0xffffffff80ac4a09 <rt_newmaddrmsg+105>: mov %rax,-0x78(%rbp) 0xffffffff80ac4a0d <rt_newmaddrmsg+109>: lea -0x88(%rbp),%rsi 0xffffffff80ac4a14 <rt_newmaddrmsg+116>: mov %r14d,%edi 0xffffffff80ac4a17 <rt_newmaddrmsg+119>: callq 0xffffffff80ac42e0 <rtsock_msg_mbuf> 0xffffffff80ac4a1c <rt_newmaddrmsg+124>: test %rax,%rax 0xffffffff80ac4a1f <rt_newmaddrmsg+127>: je 0xffffffff80ac4a52 <rt_newmaddrmsg+178> 0xffffffff80ac4a21 <rt_newmaddrmsg+129>: mov 0x10(%rax),%rcx 0xffffffff80ac4a25 <rt_newmaddrmsg+133>: mov 0x5c(%r15),%dx 0xffffffff80ac4a2a <rt_newmaddrmsg+138>: mov %dx,0xc(%rcx) 0xffffffff80ac4a2e <rt_newmaddrmsg+142>: mov -0x88(%rbp),%edx 0xffffffff80ac4a34 <rt_newmaddrmsg+148>: mov %edx,0x4(%rcx) 0xffffffff80ac4a37 <rt_newmaddrmsg+151>: mov 0x10(%rbx),%rcx 0xffffffff80ac4a3b <rt_newmaddrmsg+155>: test %rcx,%rcx 0xffffffff80ac4a3e <rt_newmaddrmsg+158>: je 0xffffffff80ac4a45 <rt_newmaddrmsg+165> 0xffffffff80ac4a40 <rt_newmaddrmsg+160>: mov 0x1(%rcx),%cl 0xffffffff80ac4a43 <rt_newmaddrmsg+163>: jmp 0xffffffff80ac4a47 <rt_newmaddrmsg+167> 0xffffffff80ac4a45 <rt_newmaddrmsg+165>: xor %ecx,%ecx 0xffffffff80ac4a47 <rt_newmaddrmsg+167>: movzbl %cl,%esi ---Type <return> to continue, or q <return> to quit--- 0xffffffff80ac4a4a <rt_newmaddrmsg+170>: mov %rax,%rdi 0xffffffff80ac4a4d <rt_newmaddrmsg+173>: callq 0xffffffff80ac44a0 <rt_dispatch> 0xffffffff80ac4a52 <rt_newmaddrmsg+178>: add $0x78,%rsp 0xffffffff80ac4a56 <rt_newmaddrmsg+182>: pop %rbx 0xffffffff80ac4a57 <rt_newmaddrmsg+183>: pop %r14 0xffffffff80ac4a59 <rt_newmaddrmsg+185>: pop %r15 0xffffffff80ac4a5b <rt_newmaddrmsg+187>: pop %rbp 0xffffffff80ac4a5c <rt_newmaddrmsg+188>: retq End of assembler dump.
This panic was due to the lack of VNET context in np_gcmoptions(), should be fixed after r333967.