#
ifa_init 0xffffff00045d5600
ifa_init+0x4e if_attach+0x17a ether_ifattach+0x20 ieee80211_vap_attach+0xb5 rum_vap_create+0x12e wlan_clone_create+0x16b ifc_simple_create+0x89 if_clone_createif+0x64 ifioctl+0x269 kern_ioctl+0x92 ioctl+0xfd syscall+0x1af Xfast_syscall+0xd0
wlan0: Ethernet address: 00:22:b0:51:9e:63
#
SIOCGIFADDR wlan0
#
ifa_init 0xffffff000454bc00
ifa_init+0x4e in6_update_ifa+0x410 in6_ifattach+0x305 ifhwioctl+0x89b ifioctl+0xbc kern_ioctl+0x92 ioctl+0xfd syscall+0x1af Xfast_syscall+0xd0
ifa_ref 0xffffff000454bc00 (now 2)
ifa_ref+0x35 in6_update_ifa+0x49e in6_ifattach+0x305 ifhwioctl+0x89b ifioctl+0xbc kern_ioctl+0x92 ioctl+0xfd syscall+0x1af Xfast_syscall+0xd0
rum0: need multicast update callbackifa_ref 0xffffff000454bc00 (now 3)

ifa_ref+0x35 ifa_ifwithaddr_internal+0x154 ifa_ifwithroute_fib+0x38 rt_getifa_fib+0xf0 rtrequest1_fib+0x476 rtrequest_fib+0x7a rtrequest+0x14 in6_update_ifa+0xc2d in6_ifattach+0x305 ifhwioctl+0x89b ifioctl+0xbc kern_ioctl+0x92 ioctl+0xfd syscall+0x1af Xfast_syscall+0xd0
rum0: ifa_ref 0xffffff000454bc00 (now 4)need multicast update callback

ifa_ref+0x35 ifa_ifwithaddr_internal+0x154 ifa_ifwithroute_fib+0x38 rt_getifa_fib+0xf0 rtrequest1_fib+0x476 rtrequest_fib+0x7a rtrequest+0x14 in6_update_ifa+0xe33 in6_ifattach+0x305 ifhwioctl+0x89b ifioctl+0xbc kern_ioctl+0x92 ioctl+0xfd syscall+0x1af Xfast_syscall+0xd0
rum0: ifa_free 0xffffff000454bc00 (now 3, won't free)need multicast update callback

ifa_free+0x28 in6_update_ifa+0x7cd in6_ifattach+0x305 ifhwioctl+0x89b ifioctl+0xbc kern_ioctl+0x92 ioctl+0xfd syscall+0x1af Xfast_syscall+0xd0
ifa_ref 0xffffff000454bc00 (now 4)
ifa_ref+0x35 in6ifa_ifpforlinklocal+0x7d in6_ifattach+0x45c ifhwioctl+0x89b ifioctl+0xbc kern_ioctl+0x92 ioctl+0xfd syscall+0x1af Xfast_syscall+0xd0
ifa_free 0xffffff000454bc00 (now 3, won't free)
ifa_free+0x28 in6_ifattach+0x464 ifhwioctl+0x89b ifioctl+0xbc kern_ioctl+0x92 ioctl+0xfd s133 nd6_prelist_add+0x1a5 in6_ifattach+0x508 ifhwioctl+0x89b ifioctl+0xbc kern_ioctl+0x92 ioctl+0xfd syscall+0x1af Xfast_syscall+0xd0
ifa_ref 0xffffff000454bc00 (now 5)
ifa_ref+0x35 ifa_ifwithaddr_internal+0x154 ifa_ifwithroute_fib+0x38 rt_getifa_fib+0xf0 rtrequest1_fib+0x476 rtrequest_fib+0x7a rtrequest+0x14 nd6_prefix_onlink+0x1af nd6_prelist_add+0x1a5 in6_ifattach+0x508 ifhwioctl+0x89b ifioctl+0xbc kern_ioctl+0x92 ioctl+0xfd syscall+0x1af Xfast_syscall+0xd0
ifa_ref 0xffffff00045d5600 (now 2)
ifa_ref+0x35 nd6_rtmsg+0x94 nd6_prefix_onlink+0x289 nd6_prelist_add+0x1a5 in6_ifattach+0x508 ifhwioctl+0x89b ifioctl+0xbc kern_ioctl+0x92 ioctl+0xfd syscall+0x1af Xfast_syscall+0xd0
ifa_free 0xffffff00045d5600 (now 1, won't free)
ifa_free+0x28 nd6_rtmsg+0xd3 nd6_prefix_onlink+0x289 nd6_prelist_add+0x1a5 in6_ifattach+0x508 ifhwioctl+0x89b ifioctl+0xbc kern_ioctl+0x92 ioctl+0xfd syscall+0x1af Xfast_syscall+0xd0
ifa_free 0xffffff000454bc00 (now 4, won't free)
ifa_free+0x28 nd6_prefix_onlink+0x340 nd6_prelist_add+0x1a5 in6_ifattach+0x508 ifhwioctl+0x89b ifioctl+0xbc kern_ioctl+0x92 ioctl+0xfd syscall+0x1af Xfast_syscall+0xd0
ifa_ref 0xffffff000454bc00 (now 5)
ifa_ref+0x35 in6ifa_ifpforlinklocal+0x7d mld_dispatch_packet+0x6f mld_dispatch_queue+0x21 mld_fasttimo+0x75e pffasttimo+0x2b softclock+0x291 intr_event_execute_handlers+0x68 ithread_loop+0xb2 fork_exit+0x12a fork_trampoline+0xe
ifa_free 0xffffff000454bc00 (now 4, won't free)
ifa_free+0x28 mld_dispatch_packet+0x137 mld_dispatch_queue+0x21 mld_fasttimo+0x75e pffasttimo+0x2b softclock+0x291 intr_event_execute_handlers+0x68 ithread_loop+0xb2 fork_exit+0x12a fork_trampoline+0xe
ifa_ref 0xffffff000454bc00 (now 5)
ifa_ref+0x35 in6_ifawithifp+0xbd ip6_output+0x10e3 mld_dispatch_packet+0x21e mld_dispatch_queue+0x21 mld_fasttimo+0x75e pffasttimo+0x2b softclock+0x291 intr_event_execute_handlers+0x68 ithread_loop+0xb2 fork_exit+0x12a fork_trampoline+0xe
ifa_d_fasttimo+0x75e pffasttimo+0x2b softclock+0x291 intr_event_execute_handlers+0x68 ithread_loop+0xb2 fork_exit+0x12a fork_trampoline+0xe
ifa_ref 0xffffff000454bc00 (now 5)
ifa_ref+0x35 in6ifa_ifpforlinklocal+0x7d mld_dispatch_packet+0x6f mld_dispatch_queue+0x21 mld_fasttimo+0x75e pffasttimo+0x2b softclock+0x291 intr_event_execute_handlers+0x68 ithread_loop+0xb2 fork_exit+0x12a fork_trampoline+0xe
ifa_free 0xffffff000454bc00 (now 4, won't free)
ifa_free+0x28 mld_dispatch_packet+0x137 mld_dispatch_queue+0x21 mld_fasttimo+0x75e pffasttimo+0x2b softclock+0x291 intr_event_execute_handlers+0x68 ithread_loop+0xb2 fork_exit+0x12a fork_trampoline+0xe
ifa_ref 0xffffff000454bc00 (now 5)
ifa_ref+0x35 in6_ifawithifp+0xbd ip6_output+0x10e3 mld_dispatch_packet+0x21e mld_dispatch_queue+0x21 mld_fasttimo+0x75e pffasttimo+0x2b softclock+0x291 intr_event_execute_handlers+0x68 ithread_loop+0xb2 fork_exit+0x12a fork_trampoline+0xe
ifa_free 0xffffff000454bc00 (now 4, won't free)
ifa_free+0x28 ip6_output+0x1105 mld_dispatch_packet+0x21e mld_dispatch_queue+0x21 mld_fasttimo+0x75e pffasttimo+0x2b softclock+0x291 intr_event_execute_handlers+0x68 ithread_loop+0xb2 fork_exit+0x12a fork_trampoline+0xe
#
#
#
SIOCDIFADDR wlan0
SIOCAIFADDR wlan0
ifa_init 0xffffff0004717c00
ifa_init+0x4e in_control+0x49b ifioctl+0x2de kern_ioctl+0x92 ioctl+0xfd syscall+0x1af Xfast_syscall+0xd0
ifa_ref 0xffffff0004717c00 (now 2)
ifa_ref+0x35 in_control+0x503 ifioctl+0x2de kern_ioctl+0x92 ioctl+0xfd syscall+0x1af Xfast_syscall+0xd0
ifa_ref 0xffffff0004717c00 (now 3)
ifa_ref+0x35 in_control+0x571 ifioctl+0x2de kern_ioctl+0x92 ioctl+0xfd syscall+0x1af Xfast_syscall+0xd0
ifa_ref 0xffffff0004717c00 (now 4)
ifa_ref+0x35 rtrequest1_fib+0x265 rtinit+0x20f in_ifinit+0x349 in_control+0x10df ifioctl+0x2de kern_ioctl+0x92 ioctl+0xfd syscall+0x1af Xfast_syscall+0xd0
ifa_ref 0xffffff000443da00 (now 2)
ifa_ref+0x35 ifaof_ifpforaddr+0x104 rt_getifa_fib+00xd0
rum0: need multicast update callbackifa_free 0xffffff0004717c00 (now 3, won't free)

ifa_free+0x28 in_control+0x6d7 ifioctl+0x2de kern_ioctl+0x92 ioctl+0xfd syscall+0x1af Xfast_syscall+0xd0
#
ifa_free 0xffffff0004717c00 (now 2, won't free)
ifa_free+0x28 ip_input+0x3d9 netisr_dispatch_src+0xba ether_demux+0x18d ether_input+0x178 sta_input+0x3f6 rum_bulk_read_callback+0xce usbd_callback_wrapper+0x124 usb_command_wrapper+0x76 usb_callback_proc+0x76 usb_process+0xc0 fork_exit+0x12a fork_trampoline+0xe
ifa_free 0xffffff0004717c00 (now 1, won't free)
ifa_free+0x28 ip_input+0x3d9 netisr_dispatch_src+0xba ether_demux+0x18d ether_input+0x178 sta_input+0x3f6 rum_bulk_read_callback+0xce usbd_callback_wrapper+0x124 usb_command_wrapper+0x76 usb_callback_proc+0x76 usb_process+0xc0 fork_exit+0x12a fork_trampoline+0xe
ifa_free 0xffffff0004717c00 (now 0, will free)
ifa_free+0x28 ip_input+0x3d9 netisr_dispatch_src+0xba ether_demux+0x18d ether_input+0x178 sta_input+0x3f6 rum_bulk_read_callback+0xce usbd_callback_wrapper+0x124 usb_command_wrapper+0x76 usb_callback_proc+0x76 usb_process+0xc0 fork_exit+0x12a fork_trampoline+0xe



Fatal trap 9: general protection fault while in kernel mode
cpuid = 0; apic id = 00                                    
instruction pointer     = 0x20:0xffffffff80675515          
stack pointer           = 0x28:0xffffff8056a89960          
frame pointer           = 0x28:0xffffff8056a899b0          
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0   
current process         = 44 (usbus7)                           
panic: from debugger                                            
cpuid = 0                                                       
Uptime: 3m2s                                                    
Physical memory: 2905 MB                                        
Dumping 1179 MB: 1164 1148 1132 1116 1100 1084 1068 1052 1036 1020 1004 988 972 956 940 924 908 892 876 860 844 828 812 796 780 764 748 732 716 700 684 668 652 636 620 604 588 572 556 540 524 508 492 476 460 444 428 412 396 380 364 348 332 316 300 284 268 252 236 220 204 188 172 156 140 124 108 92 76 60 44 28 12      





(kgdb) frame 11
#11 0xffffffff80675515 in ip_input (m=0xffffff00046b5900)
    at /usr/src/sys/netinet/ip_input.c:641
641                             if (ifa->ifa_addr->sa_family != AF_INET)
(kgdb) list
636              * into the stack for SIMPLEX interfaces handled by ether_output().
637              */
638             if (ifp != NULL && ifp->if_flags & IFF_BROADCAST) {
639                     IF_ADDR_LOCK(ifp);
640                     TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
641                             if (ifa->ifa_addr->sa_family != AF_INET)
642                                     continue;
643                             ia = ifatoia(ifa);
644                             if (satosin(&ia->ia_broadaddr)->sin_addr.s_addr ==
645                                 ip->ip_dst.s_addr) {






(kgdb) p *ifa
$1 = {ifa_addr = 0xdeadc0dedeadc0de, ifa_dstaddr = 0xdeadc0dedeadc0de,
  ifa_netmask = 0xdeadc0dedeadc0de, if_data = {ifi_type = 222 'Þ',
    ifi_physical = 192 'À', ifi_addrlen = 173 '­', ifi_hdrlen = 222 'Þ',
    ifi_link_state = 222 'Þ', ifi_spare_char1 = 192 'À',
    ifi_spare_char2 = 173 '­', ifi_datalen = 222 'Þ',
    ifi_mtu = 16045693110842147038, ifi_metric = 16045693110842147038,
    ifi_baudrate = 16045693110842147038, ifi_ipackets = 16045693110842147038,
    ifi_ierrors = 16045693110842147038, ifi_opackets = 16045693110842147038,
    ifi_oerrors = 16045693110842147038, ifi_collisions = 16045693110842147038,
    ifi_ibytes = 16045693110842147038, ifi_obytes = 16045693110842147038,
    ifi_imcasts = 16045693110842147038, ifi_omcasts = 16045693110842147038,
    ifi_iqdrops = 16045693110842147038, ifi_noproto = 16045693110842147038,
    ifi_hwassist = 16045693110842147038, ifi_epoch = -2401050962867404578,
    ifi_lastchange = {tv_sec = -2401050962867404578,
      tv_usec = -2401050962867404578}}, ifa_ifp = 0xdeadc0dedeadc0de,
  ifa_link = {tqe_next = 0xdeadc0dedeadc0de, tqe_prev = 0xdeadc0dedeadc0de},
  ifa_rtrequest = 0xdeadc0dedeadc0de, ifa_flags = 49374,
  ifa_refcnt = 3735929054, ifa_metric = -559038242,
  ifa_claim_addr = 0xdeadc0dedeadc0de, ifa_mtx = {lock_object = {
      lo_name = 0xdeadc0dedeadc0de <Address 0xdeadc0dedeadc0de out of bounds>,
      lo_flags = 3735929054, lo_data = 3735929054,
      lo_witness = 0xdeadc0dedeadc0de}, mtx_lock = 16045693110842147038}}





(kgdb) p *ia
Cannot access memory at address 0x0



(kgdb) print ifa
$2 = (struct ifaddr *) 0xffffff0004717c00


(kgdb) l *ip_input+0x3d9
0xffffffff806753a9 is in ip_input (/usr/src/sys/netinet/ip_input.c:750).
745
746             /* Count the packet in the ip address stats */
747             if (ia != NULL) {
748                     ia->ia_ifa.if_ipackets++;
749                     ia->ia_ifa.if_ibytes += m->m_pkthdr.len;
750                     ifa_free(&ia->ia_ifa);
751             }
752
753             /*
754              * Attempt reassembly; if it succeeds, proceed.



(kgdb) p *ip
$3 = {ip_hl = 5, ip_v = 4, ip_tos = 0 '\0', ip_len = 347, ip_id = 33224,
  ip_off = 0, ip_ttl = 4 '\004', ip_p = 17 '\021', ip_sum = 27962, ip_src = {
    s_addr = 16951488}, ip_dst = {s_addr = 4211081199}}


(kgdb) p m->m_hdr.mh_flags
$6 = 1027