Bug 228599 - ifaddrs were getting freed prematurely: Memory modified after free 0xfffff8009a1a9c00(504) val=8ff4fc00 @ 0xfffff8009a1a9c90 [
Summary: ifaddrs were getting freed prematurely: Memory modified after free 0xfffff800...
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: Matt Macy
URL:
Keywords: crash, panic
Depends on:
Blocks:
 
Reported: 2018-05-30 00:15 UTC by Eitan Adler
Modified: 2018-05-30 00:16 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Eitan Adler freebsd_committer freebsd_triage 2018-05-30 00:15:12 UTC
Unread portion of the kernel message buffer:
[60500] Memory modified after free 0xfffff8009a1a9c00(504) val=8ff4fc00 @ 0xfffff8009a1a9c90
[60500] panic: Most recently used by ifaddr
[60500]
[60500] cpuid = 25
[60500] time = 1527628213
[60500] KDB: stack backtrace:
[60500] db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0174463360
[60500] vpanic() at vpanic+0x1a3/frame 0xfffffe01744633c0
[60500] panic() at panic+0x43/frame 0xfffffe0174463420
[60500] mtrash_dtor() at mtrash_dtor/frame 0xfffffe0174463440
[60500] uma_zalloc_arg() at uma_zalloc_arg+0x523/frame 0xfffffe01744634b0
[60500] malloc() at malloc+0x110/frame 0xfffffe0174463500
[60500] in_lltable_alloc() at in_lltable_alloc+0x1fb/frame 0xfffffe01744635f0
[60500] arp_add_ifa_lle() at arp_add_ifa_lle+0x2e/frame 0xfffffe0174463640
[60500] arp_ifinit() at arp_ifinit+0xf3/frame 0xfffffe0174463680
[60500] iflib_if_ioctl() at iflib_if_ioctl+0x2bd/frame 0xfffffe01744636f0
[60500] in_control() at in_control+0x904/frame 0xfffffe0174463780
[60500] ifioctl() at ifioctl+0x17a3/frame 0xfffffe0174463850
[60500] kern_ioctl() at kern_ioctl+0x2ca/frame 0xfffffe01744638b0
[60500] sys_ioctl() at sys_ioctl+0x158/frame 0xfffffe0174463980
[60500] amd64_syscall() at amd64_syscall+0x28c/frame 0xfffffe0174463ab0
[60500] fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0174463ab0
[60500] --- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x8004597ca, rsp = 0x7fffffffd268, rbp = 0x7fffffffd2b0 ---
[60500] KDB: enter: panic


#0  __curthread () at ./machine/pcpu.h:231
        td = <optimized out>
#1  doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:366
        error = <error reading variable error (Cannot access memory at address 0x0)>
        coredump = <optimized out>
#2  0xffffffff804350bb in db_dump (dummy=<optimized out>, dummy2=<unavailable>, dummy3=<unavailable>, dummy4=<unavailable>)
    at /usr/src/sys/ddb/db_command.c:574
        error = <optimized out>
#3  0xffffffff80434e7d in db_command (last_cmdp=<optimized out>, cmd_table=<optimized out>, dopager=<optimized out>) at /usr/src/sys/ddb/db_command.c:481
        modif =           ""
        have_addr = false
        t = <optimized out>
        result = <optimized out>
        cmd = 0xffffffff81a5ce20 <db_cmds+480>
        addr = <unavailable>
        count = <unavailable>
#4  0xffffffff80434c14 in db_command_loop () at /usr/src/sys/ddb/db_command.c:534
No locals.
#5  0xffffffff80437dff in db_trap (type=<optimized out>, code=<optimized out>) at /usr/src/sys/ddb/db_main.c:252
        jb =           {{
            _jb =               {-2193054773040,
              -2193054773048,
              -2193054772912,
              -2115128448,
              -2119837784,
              0,
              12,
              -2143060599,
              -2193054772944,
              -2140630981,
              -2116086448,
              0}
          }}
        bkpt = false
        watchpt = false
        prev_jb = 0x0
        why = <optimized out>
#6  0xffffffff80ba3923 in kdb_trap (type=12, code=0, tf=<optimized out>) at /usr/src/sys/kern/subr_kdb.c:697
        be = 0xffffffff81a5d7a8 <ddb_dbbe>
        intr = 582
        did_stop_cpus = <error reading variable did_stop_cpus (Cannot access memory at address 0x1)>
        handled = <optimized out>
        other_cpus = <optimized out>
#7  0xffffffff8101fbef in trap_fatal (frame=0xfffffe0163bfd380, eva=<optimized out>) at /usr/src/sys/amd64/amd64/trap.c:883
        code = <optimized out>
        softseg = {
          ssd_base = 0, 
          ssd_limit = 1048575, 
          ssd_type = 27, 
          ssd_dpl = 0, 
          ssd_p = 1, 
          ssd_long = 1, 
          ssd_def32 = 0, 
          ssd_gran = 1
        }
        msg = <optimized out>
        ss = 40
        type = <optimized out>
        handled = <optimized out>
#8  0xffffffff8101fd12 in trap_pfault (frame=0xfffffe0163bfd380, usermode=<optimized out>) at /usr/src/sys/amd64/amd64/trap.c:728
        td = 0xfffff80e2432e000
        eva = 0
        p = <optimized out>
        va = <optimized out>
        map = <optimized out>
        ftype = <optimized out>
        rv = <optimized out>
#9  0xffffffff8101f391 in trap (frame=0xfffffe0163bfd380) at /usr/src/sys/amd64/amd64/trap.c:427
        td = 0xfffff80e2432e000
        dr6 = <error reading variable dr6 (Cannot access memory at address 0x0)>
        addr = -2193054772352
        ucode = <error reading variable ucode (Cannot access memory at address 0x3)>
        signo = <error reading variable signo (Cannot access memory at address 0xa)>
        p = <optimized out>
        type = 12
        ksi = <optimized out>
#10 <signal handler called>
No locals.
#11 strncmp (s1=0x0, s2=0xffffffff812626a6 "set_", n=4) at /usr/src/sys/libkern/strncmp.c:44
No locals.
#12 0xffffffff81156b94 in link_elf_lookup_set (lf=0xfffff802db0ae400, name=0xffffffff83ba9bc2 "sdt_providers_set", startp=0xfffffe0163bfd4a0, 
    stopp=0xfffffe0163bfd4a8, countp=0x0) at /usr/src/sys/kern/link_elf_obj.c:1272
        ef = 0xfffff802db0ae400
        i = 12
        start = <optimized out>
        stop = <optimized out>
        count = <optimized out>
#13 0xffffffff83ba9509 in sdt_kld_unload_try (arg=<optimized out>, lf=0xfffff802db0ae200, error=0xfffffe0163bfd504) at /usr/src/sys/cddl/dev/sdt/sdt.c:321
        curr = <optimized out>
        begin = <optimized out>
        prov = <optimized out>
        tmp = <optimized out>
        end = <optimized out>
#14 0xffffffff80b2c68b in linker_file_unload (file=0xfffff802db0ae400, flags=1) at /usr/src/sys/kern/kern_linker.c:656
        _ep = <optimized out>
        _t = 0xfffff800983b6840
        _el = <optimized out>
        error = 0
        mod = <optimized out>
        next = <optimized out>
        ml = <optimized out>
        nextml = <optimized out>
        i = <optimized out>
        cp = <optimized out>
#15 0xffffffff81155233 in link_elf_load_file (cls=<optimized out>, filename=<optimized out>, result=0xfffffe0163bfd788)
    at /usr/src/sys/kern/link_elf_obj.c:1002
        mapsize = <error reading variable mapsize (Cannot access memory at address 0x0)>
        error = 28
        td = 0xfffff80e2432e000
        nd = 0xfffff800a29ae200
        flags = 1
        hdr = 0xfffff80786571d00
        resid = 0
        lf = <optimized out>
        ef = <optimized out>
        nbytes = <optimized out>
        shdr = <optimized out>
        nsym = <optimized out>
        symtabindex = <optimized out>
        symstrindex = <optimized out>
        i = <optimized out>
        shstrindex = <optimized out>
        alignmask = <optimized out>
        mapbase = <optimized out>
        ra = <optimized out>
        rl = <optimized out>
        pb = <optimized out>
        j = <optimized out>
        es = <optimized out>
#16 0xffffffff80b2bf87 in LINKER_LOAD_FILE (cls=0xffffffff81b827e0 <link_elf_class>, result=0x0, filename=<optimized out>) at ./linker_if.h:180
        _m = <optimized out>
        rc = <optimized out>
        _desc = <optimized out>
        _ce = <optimized out>
        _cep = <optimized out>
#17 linker_load_file (filename=<optimized out>, result=<optimized out>) at /usr/src/sys/kern/kern_linker.c:447
        lf = <optimized out>
        foundfile = <error reading variable foundfile (Cannot access memory at address 0x0)>
        error = <error reading variable error (Cannot access memory at address 0x0)>
        lc = <optimized out>
        modules = <optimized out>
        _el = <optimized out>
        _ep = <optimized out>
        _t = <optimized out>
#18 linker_load_module (kldname=<optimized out>, modname=0xfffff800a29b0800 "ipl", parent=0x0, verinfo=<optimized out>, lfpp=0xfffffe0163bfd918)
    at /usr/src/sys/kern/kern_linker.c:2092
        pathname = <optimized out>
        filename = <optimized out>
        error = <error reading variable error (Cannot access memory at address 0x0)>
        lfdep = <optimized out>
#19 0xffffffff80b2d8b1 in kern_kldload (td=<optimized out>, file=<optimized out>, fileid=<optimized out>) at /usr/src/sys/kern/kern_linker.c:1071
        error = 0
        saved_vnet = 0x0
        modname = 0xfffff800a29b0800 "ipl"
        kldname = 0x0
        lf = 0x6
#20 0xffffffff80b2d9db in sys_kldload (td=0xfffff80e2432e000, uap=<optimized out>) at /usr/src/sys/kern/kern_linker.c:1097
        pathname = 0xfffff800a29b0800 "ipl"
        error = 0
        fileid = -1
#21 0xffffffff810205fc in syscallenter (td=0xfffff80e2432e000) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
        p = 0xfffff802e5ba6a70
        error = <optimized out>
        sa = 0xfffff80e2432e3b0
        traced = <optimized out>
#22 amd64_syscall (td=0xfffff80e2432e000, traced=0) at /usr/src/sys/amd64/amd64/trap.c:1006
        ksi = <optimized out>
        error = <optimized out>
#23 <signal handler called>
No locals.
#24 0x00000008002cc44a in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7fffffffd458
#11 strncmp (s1=0x0, s2=0xffffffff812626a6 "set_", n=4) at /usr/src/sys/libkern/strncmp.c:44
44			if (*s1 != *s2++)
$1 = 115 's'
$2 = 0xffffffff812626a6 "set_"
#12 0xffffffff81156b94 in link_elf_lookup_set (lf=0xfffff802db0ae400, name=0xffffffff83ba9bc2 "sdt_providers_set", startp=0xfffffe0163bfd4a0, 
    stopp=0xfffffe0163bfd4a8, countp=0x0) at /usr/src/sys/kern/link_elf_obj.c:1272
1272			if ((strncmp(ef->progtab[i].name, "set_", 4) == 0) &&
$3 = {
  addr = 0xffffffff8456b000 <sysctl_ipf_int>, 
  size = 296178, 
  flags = 0, 
  sec = 1, 
  name = 0xfffff800a279fc20 ".text"
}
Structure has no component named operator*.
Structure has no component named operator*.
$4 = {
  addr = 0xffffffff8456b000 <sysctl_ipf_int>, 
  size = 296178, 
  flags = 0, 
  sec = 1, 
  name = 0xfffff800a279fc20 ".text"
}
$5 = {
  addr = 0xffffffff845b34f2, 
  size = 12137, 
  flags = 0, 
  sec = 3, 
  name = 0xfffff800a279fc26 ".rodata.str1.1"
}
A syntax error in expression, near `]'.
$6 = {
  addr = 0xffffffff845b6460 <sysctl___net_inet_ipf>, 
  size = 100848, 
  flags = 0, 
  sec = 4, 
  name = 0xfffff800a279fc3a ".data"
}
$7 = {
  addr = 0xffffffff845cee50 <__set_sysctl_set_sym_sysctl___net_inet_ipf>, 
  size = 128, 
  flags = 0, 
  sec = 6, 
  name = 0xfffff800a279fc45 "set_sysctl_set"
}
$8 = {
  addr = 0xffffffff845ceed0 <__set_sysinit_set_sym_vnet_init_vnet_ipf_init_sys_init>, 
  size = 24, 
  flags = 0, 
  sec = 8, 
  name = 0xfffff800a279fc59 "set_sysinit_set"
}
$9 = {
  addr = 0xffffffff845ceee8 <__set_sysuninit_set_sym_vnet_init_vnet_ipf_init_sys_uninit>, 
  size = 16, 
  flags = 0, 
  sec = 10, 
  name = 0xfffff800a279fc6e "set_sysuninit_set"
}
$10 = {
  addr = 0xffffffff845ceef8 <__set_modmetadata_set_sym__mod_metadata_md_ipfilter_on_kernel>, 
  size = 24, 
  flags = 0, 
  sec = 12, 
  name = 0xfffff800a279fc85 "set_modmetadata_set"
}
$11 = {
  addr = 0xffffffff845cef10 <ipf_devs>, 
  size = 6584, 
  flags = 0, 
  sec = 14, 
  name = 0xfffff800a279fc99 ".bss"
}
$12 = {
  addr = 0xffffffff845d08d0 <ipf_devfiles>, 
  size = 5496, 
  flags = 0, 
  sec = 15, 
  name = 0xfffff800a279fca3 ".rodata"
}
$13 = {
  addr = 0xffffffff845d1e48 <ipf_nat_ioctl.__set_sdt_probes_set_sym_sdt_sdt___user_error>, 
  size = 5360, 
  flags = 0, 
  sec = 18, 
  name = 0xfffff800a279fcb9 "set_sdt_probes_set"
}
$14 = {
  addr = 0xffffffff845d3338 <ipf_nat_ioctl.__set_sdt_argtypes_set_sym_sdta_sdt___user_error0>, 
  size = 4736, 
  flags = 0, 
  sec = 20, 
  name = 0xfffff800a279fcd1 "set_sdt_argtypes_set"
}
$15 = {
  addr = 0x0, 
  size = 0, 
  flags = 0, 
  sec = 0, 
  name = 0xfffff800a279fce6 "set_vnet"
}
$16 = {
  addr = 0x0, 
  size = 0, 
  flags = 0, 
  sec = 0, 
  name = 0x0
}
$17 = {
  addr = 0x0, 
  size = 0, 
  flags = 0, 
  sec = 0, 
  name = 0x0
}
quit
#0  __curthread () at ./machine/pcpu.h:231
        td = <optimized out>
#1  doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:366
        error = <error reading variable error (Cannot access memory at address 0x0)>
        coredump = <optimized out>
#2  0xffffffff804350bb in db_dump (dummy=<optimized out>, dummy2=<unavailable>, dummy3=<unavailable>, dummy4=<unavailable>)
    at /usr/src/sys/ddb/db_command.c:574
        error = <optimized out>
#3  0xffffffff80434e7d in db_command (last_cmdp=<optimized out>, cmd_table=<optimized out>, dopager=<optimized out>) at /usr/src/sys/ddb/db_command.c:481
        modif =           ""
        have_addr = false
        t = <optimized out>
        result = <optimized out>
        cmd = 0xffffffff81a5ce20 <db_cmds+480>
        addr = <unavailable>
        count = <unavailable>
#4  0xffffffff80434c14 in db_command_loop () at /usr/src/sys/ddb/db_command.c:534
No locals.
#5  0xffffffff80437dff in db_trap (type=<optimized out>, code=<optimized out>) at /usr/src/sys/ddb/db_main.c:252
        jb =           {{
            _jb =               {-2192777531264,
              -2192777531272,
              -2192777531136,
              -2115128448,
              -2119837784,
              0,
              3,
              -2143060599,
              -2192777531168,
              -2137136836,
              -2116086448,
              0}
          }}
        bkpt = false
        watchpt = false
        prev_jb = 0x0
        why = <optimized out>
#6  0xffffffff80ba3923 in kdb_trap (type=3, code=0, tf=<optimized out>) at /usr/src/sys/kern/subr_kdb.c:697
        be = 0xffffffff81a5d7a8 <ddb_dbbe>
        intr = 70
        did_stop_cpus = <error reading variable did_stop_cpus (Cannot access memory at address 0x1)>
        handled = <optimized out>
        other_cpus = <optimized out>
#7  0xffffffff8101f881 in trap (frame=0xfffffe0174463290) at /usr/src/sys/amd64/amd64/trap.c:605
        td = 0xfffff8008d076000
        dr6 = 0
        addr = -2192777530736
        ucode = -2093870928
        signo = 25
        p = 0xfffffe0174463400
        type = 3
        ksi = {
          ksi_link = {
            tqe_next = 0x20fffe0100000012, 
            tqe_prev = 0xfffffe01744631d8
          }, 
          ksi_info = {
            si_signo = -2118462976, 
            si_errno = -1, 
            si_code = -2106818494, 
            si_pid = -351901867, 
            si_uid = 54, 
            si_status = 0, 
            si_addr = 0x0, 
            si_value = {
              sival_int = -1009, 
              sival_ptr = 0xfffffc0f, 
              sigval_int = -1009, 
              sigval_ptr = 0xfffffc0f
            }, 
            _reason = {
              _fault = {
                _trapno = 4560842
              }, 
              _timer = {
                _timerid = 4560842, 
                _overrun = 8
              }, 
              _mesgq = {
                _mqd = 4560842
              }, 
              _poll = {
                _band = 34364299210
              }, 
              __spare__ = {
                __spare1__ = 34364299210, 
                __spare2__ =                   {-4096,
                  511,
                  1950757456,
                  -511,
                  -2143060083,
                  -1,
                  -2106818494}
              }
            }
          }, 
          ksi_flags = -2127898362, 
          ksi_sigq = 0x16c8a801
        }
#8  <signal handler called>
No locals.
#9  kdb_enter (why=0xffffffff812ad906 "panic", msg=<optimized out>) at /usr/src/sys/kern/subr_kdb.c:479
No locals.
#10 0xffffffff80b5c7a0 in vpanic (fmt=<optimized out>, ap=0xfffffe0174463400) at /usr/src/sys/kern/kern_shutdown.c:852
        buf =           "Most recently used by ifaddr\n"
        td = 0xfffff8008d076000
        bootopt = <error reading variable bootopt (Cannot access memory at address 0x4)>
        newpanic = <error reading variable newpanic (Cannot access memory at address 0x1)>
        other_cpus = <optimized out>
#11 0xffffffff80b5c833 in panic (fmt=0xffffffff81df1598 <cnputs_mtx> "\276\061'\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:790
        ap =           {{
            gp_offset = 16, 
            fp_offset = 48, 
            overflow_arg_area = 0xfffffe0174463430, 
            reg_save_area = 0xfffffe01744633d0
          }}
#12 0xffffffff80e84f10 in mtrash_ctor (mem=0xfffff8009a1a9c00, size=<optimized out>, arg=<optimized out>, flags=<optimized out>)
    at /usr/src/sys/vm/uma_dbg.c:162
        p = <optimized out>
        cnt = <optimized out>
        ksp = <optimized out>
#13 0xffffffff80e804b3 in uma_zalloc_arg (zone=0xfffffe000032d000, udata=0x0, flags=257) at /usr/src/sys/vm/uma_core.c:2268
        cache = 0xfffffe000032de00
        bucket = 0xfffff80005176500
        domain = -2047
        lockfail = <optimized out>
        zdom = <optimized out>
        item = 0xfffff8009a1a9c00
        cpu = <optimized out>
#14 0xffffffff80b35fd0 in uma_zalloc (zone=0xfffffe000032d000, flags=<optimized out>) at /usr/src/sys/vm/uma.h:361
No locals.
#15 malloc (size=336, mtp=0xffffffff81b30780 <M_LLTABLE>, flags=257) at /usr/src/sys/kern/kern_malloc.c:575
        va = 0x80 <error: Cannot access memory at address 0x80>
        zone = 0xfffffe000032d000
        indx = <optimized out>
#16 0xffffffff80cdb08b in in_lltable_new (flags=0, addr4=...) at /usr/src/sys/netinet/in.c:1098
        lle = <optimized out>
#17 in_lltable_alloc (llt=<optimized out>, flags=6, l3addr=0xfffff8008ff4fc98) at /usr/src/sys/netinet/in.c:1343
        linkhdr =           ""
        sin = 0xfffff8008ff4fc98
        ifp = 0xfffff80005095800
        lle = <optimized out>
        linkhdrsize = <optimized out>
        lladdr_off = <optimized out>
#18 0xffffffff80cd133e in arp_add_ifa_lle (ifp=0xfffff80005095800, dst=<optimized out>) at /usr/src/sys/netinet/if_ether.c:1280
        lle = <optimized out>
        lle_tmp = <optimized out>
#19 0xffffffff80cd12d3 in arp_ifinit (ifp=0xfffff80005095800, ifa=0xfffff8008ff4fc00) at /usr/src/sys/netinet/if_ether.c:1428
        dst_in = 0xfffff8008ff4fc98
        dst = 0xfffff8008ff4fc98
#20 0xffffffff80c7a3ed in iflib_if_ioctl (ifp=0xfffff80005095800, command=<optimized out>, data=0xfffff8008ff4fc00 "\230\374\364\217")
    at /usr/src/sys/net/iflib.c:4022
        ifr = 0xfffff8008ff4fc00
        ifa = 0xfffff8008ff4fc00
        ctx = 0xfffff80005093000
        reinit = 0
        err = <optimized out>
        avoid_reset = <error reading variable avoid_reset (Cannot access memory at address 0x1)>
        bits = <optimized out>
#21 0xffffffff80cd9784 in in_aifaddr_ioctl (cmd=<optimized out>, ifp=<optimized out>, td=<optimized out>, data=<optimized out>)
    at /usr/src/sys/netinet/in.c:473
        ifra = <optimized out>
        addr = <optimized out>
        error = <error reading variable error (Cannot access memory at address 0x0)>
        broadaddr = 0xfffff8008ff4fc80
        dstaddr = <optimized out>
        mask = 0xfffff8008ff4fc90
        vhid = 0
        iaIsFirst = <error reading variable iaIsFirst (Cannot access memory at address 0x0)>
        ifa = <optimized out>
        ia = <optimized out>
        it = <optimized out>
        i = <optimized out>
        ii = <optimized out>
        allhosts_addr = <optimized out>
        flags = <optimized out>
        curelm = <optimized out>
        curelm = <optimized out>
        eia = <optimized out>
        _el = <optimized out>
        _ep = <optimized out>
        _t = <optimized out>
#22 in_control (so=<optimized out>, cmd=<optimized out>, data=<optimized out>, ifp=<optimized out>, td=<optimized out>) at /usr/src/sys/netinet/in.c:256
        ifr = <optimized out>
        addr = 0xfffff800050959a0
        ifa = <optimized out>
        ia = <optimized out>
        error = <error reading variable error (Cannot access memory at address 0x0)>
#23 0xffffffff80c5af33 in ifioctl (so=0xfffff8010c52ea08, cmd=<optimized out>, data=<optimized out>, td=0xfffff8008d076000) at /usr/src/sys/net/if.c:3089
        saved_vnet = <optimized out>
        error = <optimized out>
        ifmr = {
          ifm_name =             "\220\017", 
          ifm_current = 1, 
          ifm_mask = 0, 
          ifm_status = -1493875568, 
          ifm_active = -2044, 
          ifm_count = 0, 
          ifm_ulist = 0xfffff804a6f54490
        }
        ifmrp = 0xf90
        ifr = <optimized out>
        ifp = <optimized out>
        saved_data = <optimized out>
        oif_flags = 35079
        shutdown = <optimized out>
#24 0xffffffff80bc931a in fo_ioctl (fp=<optimized out>, com=<optimized out>, active_cred=0x80, td=<optimized out>, data=<optimized out>)
    at /usr/src/sys/sys/file.h:325
No locals.
#25 kern_ioctl (td=0xfffff8008d076000, fd=<optimized out>, com=<optimized out>, data=0xfffffe0174463250 "") at /usr/src/sys/kern/sys_generic.c:800
        fdp = 0xfffff804a6f54450
        locked = <optimized out>
        fp = 0xfffff8008ffeeeb0
        error = <optimized out>
        tmp = <optimized out>
#26 0xffffffff80bc8fd8 in sys_ioctl (td=0xfffff8008d076000, uap=0xfffff8008d0763c0) at /usr/src/sys/kern/sys_generic.c:712
        smalldata =           "igb0"
        com = 2151967019
        size = <optimized out>
        arg = <optimized out>
        data = 0xfffffe01744638d0 "igb0"
        error = <optimized out>
#27 0xffffffff810205fc in syscallenter (td=0xfffff8008d076000) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
        p = 0xfffff8008f6e5538
        error = <optimized out>
        sa = 0xfffff8008d0763b0
        traced = <optimized out>
#28 amd64_syscall (td=0xfffff8008d076000, traced=0) at /usr/src/sys/amd64/amd64/trap.c:1006
        ksi = <optimized out>
        error = <optimized out>
#29 <signal handler called>
No locals.
#30 0x00000008004597ca in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7fffffffd268
Already logging to /home/eax/out.
#0  __curthread () at ./machine/pcpu.h:231
        td = <optimized out>
#1  doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:366
        error = <error reading variable error (Cannot access memory at address 0x0)>
        coredump = <optimized out>
#2  0xffffffff804350bb in db_dump (dummy=<optimized out>, dummy2=<unavailable>, dummy3=<unavailable>, dummy4=<unavailable>)
    at /usr/src/sys/ddb/db_command.c:574
        error = <optimized out>
#3  0xffffffff80434e7d in db_command (last_cmdp=<optimized out>, cmd_table=<optimized out>, dopager=<optimized out>) at /usr/src/sys/ddb/db_command.c:481
        modif =           ""
        have_addr = false
        t = <optimized out>
        result = <optimized out>
        cmd = 0xffffffff81a5ce20 <db_cmds+480>
        addr = <unavailable>
        count = <unavailable>
#4  0xffffffff80434c14 in db_command_loop () at /usr/src/sys/ddb/db_command.c:534
No locals.
#5  0xffffffff80437dff in db_trap (type=<optimized out>, code=<optimized out>) at /usr/src/sys/ddb/db_main.c:252
        jb =           {{
            _jb =               {-2192777531264,
              -2192777531272,
              -2192777531136,
              -2115128448,
              -2119837784,
              0,
              3,
              -2143060599,
              -2192777531168,
              -2137136836,
              -2116086448,
              0}
          }}
        bkpt = false
        watchpt = false
        prev_jb = 0x0
        why = <optimized out>
#6  0xffffffff80ba3923 in kdb_trap (type=3, code=0, tf=<optimized out>) at /usr/src/sys/kern/subr_kdb.c:697
        be = 0xffffffff81a5d7a8 <ddb_dbbe>
        intr = 70
        did_stop_cpus = <error reading variable did_stop_cpus (Cannot access memory at address 0x1)>
        handled = <optimized out>
        other_cpus = <optimized out>
#7  0xffffffff8101f881 in trap (frame=0xfffffe0174463290) at /usr/src/sys/amd64/amd64/trap.c:605
        td = 0xfffff8008d076000
        dr6 = 0
        addr = -2192777530736
        ucode = -2093870928
        signo = 25
        p = 0xfffffe0174463400
        type = 3
        ksi = {
          ksi_link = {
            tqe_next = 0x20fffe0100000012, 
            tqe_prev = 0xfffffe01744631d8
          }, 
          ksi_info = {
            si_signo = -2118462976, 
            si_errno = -1, 
            si_code = -2106818494, 
            si_pid = -351901867, 
            si_uid = 54, 
            si_status = 0, 
            si_addr = 0x0, 
            si_value = {
              sival_int = -1009, 
              sival_ptr = 0xfffffc0f, 
              sigval_int = -1009, 
              sigval_ptr = 0xfffffc0f
            }, 
            _reason = {
              _fault = {
                _trapno = 4560842
              }, 
              _timer = {
                _timerid = 4560842, 
                _overrun = 8
              }, 
              _mesgq = {
                _mqd = 4560842
              }, 
              _poll = {
                _band = 34364299210
              }, 
              __spare__ = {
                __spare1__ = 34364299210, 
                __spare2__ =                   {-4096,
                  511,
                  1950757456,
                  -511,
                  -2143060083,
                  -1,
                  -2106818494}
              }
            }
          }, 
          ksi_flags = -2127898362, 
          ksi_sigq = 0x16c8a801
        }
#8  <signal handler called>
No locals.
#9  kdb_enter (why=0xffffffff812ad906 "panic", msg=<optimized out>) at /usr/src/sys/kern/subr_kdb.c:479
No locals.
#10 0xffffffff80b5c7a0 in vpanic (fmt=<optimized out>, ap=0xfffffe0174463400) at /usr/src/sys/kern/kern_shutdown.c:852
        buf =           "Most recently used by ifaddr\n"
        td = 0xfffff8008d076000
        bootopt = <error reading variable bootopt (Cannot access memory at address 0x4)>
        newpanic = <error reading variable newpanic (Cannot access memory at address 0x1)>
        other_cpus = <optimized out>
#11 0xffffffff80b5c833 in panic (fmt=0xffffffff81df1598 <cnputs_mtx> "\276\061'\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:790
        ap =           {{
            gp_offset = 16, 
            fp_offset = 48, 
            overflow_arg_area = 0xfffffe0174463430, 
            reg_save_area = 0xfffffe01744633d0
          }}
#12 0xffffffff80e84f10 in mtrash_ctor (mem=0xfffff8009a1a9c00, size=<optimized out>, arg=<optimized out>, flags=<optimized out>)
    at /usr/src/sys/vm/uma_dbg.c:162
        p = <optimized out>
        cnt = <optimized out>
        ksp = <optimized out>
#13 0xffffffff80e804b3 in uma_zalloc_arg (zone=0xfffffe000032d000, udata=0x0, flags=257) at /usr/src/sys/vm/uma_core.c:2268
        cache = 0xfffffe000032de00
        bucket = 0xfffff80005176500
        domain = -2047
        lockfail = <optimized out>
        zdom = <optimized out>
        item = 0xfffff8009a1a9c00
        cpu = <optimized out>
#14 0xffffffff80b35fd0 in uma_zalloc (zone=0xfffffe000032d000, flags=<optimized out>) at /usr/src/sys/vm/uma.h:361
No locals.
#15 malloc (size=336, mtp=0xffffffff81b30780 <M_LLTABLE>, flags=257) at /usr/src/sys/kern/kern_malloc.c:575
        va = 0x80 <error: Cannot access memory at address 0x80>
        zone = 0xfffffe000032d000
        indx = <optimized out>
#16 0xffffffff80cdb08b in in_lltable_new (flags=0, addr4=...) at /usr/src/sys/netinet/in.c:1098
        lle = <optimized out>
#17 in_lltable_alloc (llt=<optimized out>, flags=6, l3addr=0xfffff8008ff4fc98) at /usr/src/sys/netinet/in.c:1343
        linkhdr =           ""
        sin = 0xfffff8008ff4fc98
        ifp = 0xfffff80005095800
        lle = <optimized out>
        linkhdrsize = <optimized out>
        lladdr_off = <optimized out>
#18 0xffffffff80cd133e in arp_add_ifa_lle (ifp=0xfffff80005095800, dst=<optimized out>) at /usr/src/sys/netinet/if_ether.c:1280
        lle = <optimized out>
        lle_tmp = <optimized out>
#19 0xffffffff80cd12d3 in arp_ifinit (ifp=0xfffff80005095800, ifa=0xfffff8008ff4fc00) at /usr/src/sys/netinet/if_ether.c:1428
        dst_in = 0xfffff8008ff4fc98
        dst = 0xfffff8008ff4fc98
#20 0xffffffff80c7a3ed in iflib_if_ioctl (ifp=0xfffff80005095800, command=<optimized out>, data=0xfffff8008ff4fc00 "\230\374\364\217")
    at /usr/src/sys/net/iflib.c:4022
        ifr = 0xfffff8008ff4fc00
        ifa = 0xfffff8008ff4fc00
        ctx = 0xfffff80005093000
        reinit = 0
        err = <optimized out>
        avoid_reset = <error reading variable avoid_reset (Cannot access memory at address 0x1)>
        bits = <optimized out>
#21 0xffffffff80cd9784 in in_aifaddr_ioctl (cmd=<optimized out>, ifp=<optimized out>, td=<optimized out>, data=<optimized out>)
    at /usr/src/sys/netinet/in.c:473
        ifra = <optimized out>
        addr = <optimized out>
        error = <error reading variable error (Cannot access memory at address 0x0)>
        broadaddr = 0xfffff8008ff4fc80
        dstaddr = <optimized out>
        mask = 0xfffff8008ff4fc90
        vhid = 0
        iaIsFirst = <error reading variable iaIsFirst (Cannot access memory at address 0x0)>
        ifa = <optimized out>
        ia = <optimized out>
        it = <optimized out>
        i = <optimized out>
        ii = <optimized out>
        allhosts_addr = <optimized out>
        flags = <optimized out>
        curelm = <optimized out>
        curelm = <optimized out>
        eia = <optimized out>
        _el = <optimized out>
        _ep = <optimized out>
        _t = <optimized out>
#22 in_control (so=<optimized out>, cmd=<optimized out>, data=<optimized out>, ifp=<optimized out>, td=<optimized out>) at /usr/src/sys/netinet/in.c:256
        ifr = <optimized out>
        addr = 0xfffff800050959a0
        ifa = <optimized out>
        ia = <optimized out>
        error = <error reading variable error (Cannot access memory at address 0x0)>
#23 0xffffffff80c5af33 in ifioctl (so=0xfffff8010c52ea08, cmd=<optimized out>, data=<optimized out>, td=0xfffff8008d076000) at /usr/src/sys/net/if.c:3089
        saved_vnet = <optimized out>
        error = <optimized out>
        ifmr = {
          ifm_name =             "\220\017", 
          ifm_current = 1, 
          ifm_mask = 0, 
          ifm_status = -1493875568, 
          ifm_active = -2044, 
          ifm_count = 0, 
          ifm_ulist = 0xfffff804a6f54490
        }
        ifmrp = 0xf90
        ifr = <optimized out>
        ifp = <optimized out>
        saved_data = <optimized out>
        oif_flags = 35079
        shutdown = <optimized out>
#24 0xffffffff80bc931a in fo_ioctl (fp=<optimized out>, com=<optimized out>, active_cred=0x80, td=<optimized out>, data=<optimized out>)
    at /usr/src/sys/sys/file.h:325
No locals.
#25 kern_ioctl (td=0xfffff8008d076000, fd=<optimized out>, com=<optimized out>, data=0xfffffe0174463250 "") at /usr/src/sys/kern/sys_generic.c:800
        fdp = 0xfffff804a6f54450
        locked = <optimized out>
        fp = 0xfffff8008ffeeeb0
        error = <optimized out>
        tmp = <optimized out>
#26 0xffffffff80bc8fd8 in sys_ioctl (td=0xfffff8008d076000, uap=0xfffff8008d0763c0) at /usr/src/sys/kern/sys_generic.c:712
        smalldata =           "igb0"
        com = 2151967019
        size = <optimized out>
        arg = <optimized out>
        data = 0xfffffe01744638d0 "igb0"
        error = <optimized out>
#27 0xffffffff810205fc in syscallenter (td=0xfffff8008d076000) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
        p = 0xfffff8008f6e5538
        error = <optimized out>
        sa = 0xfffff8008d0763b0
        traced = <optimized out>
#28 amd64_syscall (td=0xfffff8008d076000, traced=0) at /usr/src/sys/amd64/amd64/trap.c:1006
        ksi = <optimized out>
        error = <optimized out>
#29 <signal handler called>
No locals.
#30 0x00000008004597ca in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7fffffffd268
quit
#0  __curthread () at ./machine/pcpu.h:231
        td = <optimized out>
#1  doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:366
        error = <error reading variable error (Cannot access memory at address 0x0)>
        coredump = <optimized out>
#2  0xffffffff804350bb in db_dump (dummy=<optimized out>, dummy2=<unavailable>, dummy3=<unavailable>, dummy4=<unavailable>)
    at /usr/src/sys/ddb/db_command.c:574
        error = <optimized out>
#3  0xffffffff80434e7d in db_command (last_cmdp=<optimized out>, cmd_table=<optimized out>, dopager=<optimized out>) at /usr/src/sys/ddb/db_command.c:481
        modif =           ""
        have_addr = false
        t = <optimized out>
        result = <optimized out>
        cmd = 0xffffffff81a5ce20 <db_cmds+480>
        addr = <unavailable>
        count = <unavailable>
#4  0xffffffff80434c14 in db_command_loop () at /usr/src/sys/ddb/db_command.c:534
No locals.
#5  0xffffffff80437dff in db_trap (type=<optimized out>, code=<optimized out>) at /usr/src/sys/ddb/db_main.c:252
        jb =           {{
            _jb =               {-2192777531264,
              -2192777531272,
              -2192777531136,
              -2115128448,
              -2119837784,
              0,
              3,
              -2143060599,
              -2192777531168,
              -2137136836,
              -2116086448,
              0}
          }}
        bkpt = false
        watchpt = false
        prev_jb = 0x0
        why = <optimized out>
#6  0xffffffff80ba3923 in kdb_trap (type=3, code=0, tf=<optimized out>) at /usr/src/sys/kern/subr_kdb.c:697
        be = 0xffffffff81a5d7a8 <ddb_dbbe>
        intr = 70
        did_stop_cpus = <error reading variable did_stop_cpus (Cannot access memory at address 0x1)>
        handled = <optimized out>
        other_cpus = <optimized out>
#7  0xffffffff8101f881 in trap (frame=0xfffffe0174463290) at /usr/src/sys/amd64/amd64/trap.c:605
        td = 0xfffff8008d076000
        dr6 = 0
        addr = -2192777530736
        ucode = -2093870928
        signo = 25
        p = 0xfffffe0174463400
        type = 3
        ksi = {
          ksi_link = {
            tqe_next = 0x20fffe0100000012, 
            tqe_prev = 0xfffffe01744631d8
          }, 
          ksi_info = {
            si_signo = -2118462976, 
            si_errno = -1, 
            si_code = -2106818494, 
            si_pid = -351901867, 
            si_uid = 54, 
            si_status = 0, 
            si_addr = 0x0, 
            si_value = {
              sival_int = -1009, 
              sival_ptr = 0xfffffc0f, 
              sigval_int = -1009, 
              sigval_ptr = 0xfffffc0f
            }, 
            _reason = {
              _fault = {
                _trapno = 4560842
              }, 
              _timer = {
                _timerid = 4560842, 
                _overrun = 8
              }, 
              _mesgq = {
                _mqd = 4560842
              }, 
              _poll = {
                _band = 34364299210
              }, 
              __spare__ = {
                __spare1__ = 34364299210, 
                __spare2__ =                   {-4096,
                  511,
                  1950757456,
                  -511,
                  -2143060083,
                  -1,
                  -2106818494}
              }
            }
          }, 
          ksi_flags = -2127898362, 
          ksi_sigq = 0x16c8a801
        }
#8  <signal handler called>
No locals.
#9  kdb_enter (why=0xffffffff812ad906 "panic", msg=<optimized out>) at /usr/src/sys/kern/subr_kdb.c:479
No locals.
#10 0xffffffff80b5c7a0 in vpanic (fmt=<optimized out>, ap=0xfffffe0174463400) at /usr/src/sys/kern/kern_shutdown.c:852
        buf =           "Most recently used by ifaddr\n"
        td = 0xfffff8008d076000
        bootopt = <error reading variable bootopt (Cannot access memory at address 0x4)>
        newpanic = <error reading variable newpanic (Cannot access memory at address 0x1)>
        other_cpus = <optimized out>
#11 0xffffffff80b5c833 in panic (fmt=0xffffffff81df1598 <cnputs_mtx> "\276\061'\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:790
        ap =           {{
            gp_offset = 16, 
            fp_offset = 48, 
            overflow_arg_area = 0xfffffe0174463430, 
            reg_save_area = 0xfffffe01744633d0
          }}
#12 0xffffffff80e84f10 in mtrash_ctor (mem=0xfffff8009a1a9c00, size=<optimized out>, arg=<optimized out>, flags=<optimized out>)
    at /usr/src/sys/vm/uma_dbg.c:162
        p = <optimized out>
        cnt = <optimized out>
        ksp = <optimized out>
#13 0xffffffff80e804b3 in uma_zalloc_arg (zone=0xfffffe000032d000, udata=0x0, flags=257) at /usr/src/sys/vm/uma_core.c:2268
        cache = 0xfffffe000032de00
        bucket = 0xfffff80005176500
        domain = -2047
        lockfail = <optimized out>
        zdom = <optimized out>
        item = 0xfffff8009a1a9c00
        cpu = <optimized out>
#14 0xffffffff80b35fd0 in uma_zalloc (zone=0xfffffe000032d000, flags=<optimized out>) at /usr/src/sys/vm/uma.h:361
No locals.
#15 malloc (size=336, mtp=0xffffffff81b30780 <M_LLTABLE>, flags=257) at /usr/src/sys/kern/kern_malloc.c:575
        va = 0x80 <error: Cannot access memory at address 0x80>
        zone = 0xfffffe000032d000
        indx = <optimized out>
#16 0xffffffff80cdb08b in in_lltable_new (flags=0, addr4=...) at /usr/src/sys/netinet/in.c:1098
        lle = <optimized out>
#17 in_lltable_alloc (llt=<optimized out>, flags=6, l3addr=0xfffff8008ff4fc98) at /usr/src/sys/netinet/in.c:1343
        linkhdr =           ""
        sin = 0xfffff8008ff4fc98
        ifp = 0xfffff80005095800
        lle = <optimized out>
        linkhdrsize = <optimized out>
        lladdr_off = <optimized out>
#18 0xffffffff80cd133e in arp_add_ifa_lle (ifp=0xfffff80005095800, dst=<optimized out>) at /usr/src/sys/netinet/if_ether.c:1280
        lle = <optimized out>
        lle_tmp = <optimized out>
#19 0xffffffff80cd12d3 in arp_ifinit (ifp=0xfffff80005095800, ifa=0xfffff8008ff4fc00) at /usr/src/sys/netinet/if_ether.c:1428
        dst_in = 0xfffff8008ff4fc98
        dst = 0xfffff8008ff4fc98
#20 0xffffffff80c7a3ed in iflib_if_ioctl (ifp=0xfffff80005095800, command=<optimized out>, data=0xfffff8008ff4fc00 "\230\374\364\217")
    at /usr/src/sys/net/iflib.c:4022
        ifr = 0xfffff8008ff4fc00
        ifa = 0xfffff8008ff4fc00
        ctx = 0xfffff80005093000
        reinit = 0
        err = <optimized out>
        avoid_reset = <error reading variable avoid_reset (Cannot access memory at address 0x1)>
        bits = <optimized out>
#21 0xffffffff80cd9784 in in_aifaddr_ioctl (cmd=<optimized out>, ifp=<optimized out>, td=<optimized out>, data=<optimized out>)
    at /usr/src/sys/netinet/in.c:473
        ifra = <optimized out>
        addr = <optimized out>
        error = <error reading variable error (Cannot access memory at address 0x0)>
        broadaddr = 0xfffff8008ff4fc80
        dstaddr = <optimized out>
        mask = 0xfffff8008ff4fc90
        vhid = 0
        iaIsFirst = <error reading variable iaIsFirst (Cannot access memory at address 0x0)>
        ifa = <optimized out>
        ia = <optimized out>
        it = <optimized out>
        i = <optimized out>
        ii = <optimized out>
        allhosts_addr = <optimized out>
        flags = <optimized out>
        curelm = <optimized out>
        curelm = <optimized out>
        eia = <optimized out>
        _el = <optimized out>
        _ep = <optimized out>
        _t = <optimized out>
#22 in_control (so=<optimized out>, cmd=<optimized out>, data=<optimized out>, ifp=<optimized out>, td=<optimized out>) at /usr/src/sys/netinet/in.c:256
        ifr = <optimized out>
        addr = 0xfffff800050959a0
        ifa = <optimized out>
        ia = <optimized out>
        error = <error reading variable error (Cannot access memory at address 0x0)>
#23 0xffffffff80c5af33 in ifioctl (so=0xfffff8010c52ea08, cmd=<optimized out>, data=<optimized out>, td=0xfffff8008d076000) at /usr/src/sys/net/if.c:3089
        saved_vnet = <optimized out>
        error = <optimized out>
        ifmr = {
          ifm_name =             "\220\017", 
          ifm_current = 1, 
          ifm_mask = 0, 
          ifm_status = -1493875568, 
          ifm_active = -2044, 
          ifm_count = 0, 
          ifm_ulist = 0xfffff804a6f54490
        }
        ifmrp = 0xf90
        ifr = <optimized out>
        ifp = <optimized out>
        saved_data = <optimized out>
        oif_flags = 35079
        shutdown = <optimized out>
#24 0xffffffff80bc931a in fo_ioctl (fp=<optimized out>, com=<optimized out>, active_cred=0x80, td=<optimized out>, data=<optimized out>)
    at /usr/src/sys/sys/file.h:325
No locals.
#25 kern_ioctl (td=0xfffff8008d076000, fd=<optimized out>, com=<optimized out>, data=0xfffffe0174463250 "") at /usr/src/sys/kern/sys_generic.c:800
        fdp = 0xfffff804a6f54450
        locked = <optimized out>
        fp = 0xfffff8008ffeeeb0
        error = <optimized out>
        tmp = <optimized out>
#26 0xffffffff80bc8fd8 in sys_ioctl (td=0xfffff8008d076000, uap=0xfffff8008d0763c0) at /usr/src/sys/kern/sys_generic.c:712
        smalldata =           "igb0"
        com = 2151967019
        size = <optimized out>
        arg = <optimized out>
        data = 0xfffffe01744638d0 "igb0"
        error = <optimized out>
#27 0xffffffff810205fc in syscallenter (td=0xfffff8008d076000) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
        p = 0xfffff8008f6e5538
        error = <optimized out>
        sa = 0xfffff8008d0763b0
        traced = <optimized out>
#28 amd64_syscall (td=0xfffff8008d076000, traced=0) at /usr/src/sys/amd64/amd64/trap.c:1006
        ksi = <optimized out>
        error = <optimized out>
#29 <signal handler called>
No locals.
#30 0x00000008004597ca in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7fffffffd268
Comment 1 Eitan Adler freebsd_committer freebsd_triage 2018-05-30 00:16:07 UTC
Most likely fixed by r334314. Opened for tracking and to make it googleable.