kernel: protection fault trap, code=0
Stopped at in6_addmulti+0xf4: movzbl 0x1(%rax),%r15d
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
in6_addmulti(ffff8000329975b8,ffff8000011c4800,ffff800032997644) at in6_addmulti+0xf4 sys/netinet6/in6.c:1047
in6_joingroup(ffff8000011c4800,ffff8000329975b8,ffff800032997644) at in6_joingroup+0x6c
in6_update_ifa(ffff8000011c4800,ffff8000329976c0,0) at in6_update_ifa+0x190d
in6_ifattach_linklocal(ffff8000011c4800,0) at in6_ifattach_linklocal+0x331 sys/netinet6/in6_ifattach.c:281
in6_ifattach(ffff8000011c4800) at in6_ifattach+0x2b4 sys/netinet6/in6_ifattach.c:405
ifnewlladdr(ffff8000011c4800) at ifnewlladdr+0x236 sys/net/if.c:3366
ifioctl(ffff800001238fe8,8020691f,ffff800032997910,ffff8000ffff76e8) at ifioctl+0x2ca0 sys/net/if.c:2357
sys_ioctl(ffff8000ffff76e8,ffff800032997af0,ffff800032997a40) at sys_ioctl+0x67c
syscall(ffff800032997af0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff800032997af0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x4850f30bef0, count: -10
ddb{0}> show registers
rdi 0xffff80002ed74000
rsi 0x3298b acpi_pdirpa+0x1e7fc
rbp 0xffff800032997430
rbx 0xffff8000011c4800
rdx 0xffff80002ed74000
rcx 0x3298a acpi_pdirpa+0x1e7fb
rax 0xdeaf0036deaf4152
r8 0
r9 0xfffffd806bebd160
r10 0xe06c3b5961548c55
r11 0x8a92f517ea36a4a1
r12 0xffff800001147c00
r13 0xffff8000329975b8
r14 0xffff800032997644
r15 0x3
rip 0xffffffff819f3904 in6_addmulti+0xf4
cs 0x8
rflags 0x10286 __ALIGN_SIZE+0xf286
rsp 0xffff8000329972b0
ss 0
in6_addmulti+0xf4: movzbl 0x1(%rax),%r15d
ddb{0}> show proc
PROC (syz-executor) tid=244020 pid=36230 tcnt=3 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=84, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000329af990,0xffff8000ffff67c8
process=0xffff8000329c4490 user=0xffff800032992000, vmspace=0xfffffd806ce751d0
estcpu=34, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
35787 333435 8890 0 2 0 syz-executor
15929 68836 16238 0 7 0 syz-executor
47355 611 9028 0 2 0 syz-executor
47355 215218 9028 0 3 0x4000080 fsleep syz-executor
90668 266601 45416 0 2 0 syz-executor
90668 303077 45416 0 3 0x4000080 kqread syz-executor
36230 340796 58794 0 2 0 syz-executor
36230 469854 58794 0 3 0x4000000 smrbar syz-executor
*36230 244020 58794 0 7 0x4000000 syz-executor
98748 260054 20732 0 2 0 syz-executor
98748 217842 20732 0 3 0x4000080 msgwait syz-executor
98748 431649 20732 0 3 0x4000080 fsleep syz-executor
58794 59918 43495 0 2 0x482 syz-executor
9028 439758 43495 0 2 0x482 syz-executor
45416 353960 43495 0 2 0x2 syz-executor
6990 347325 43495 0 3 0x82 wait syz-executor
20732 427573 43495 0 2 0x482 syz-executor
8890 337937 43495 0 2 0x2 syz-executor
93612 331811 43495 0 2 0x482 syz-executor
16238 381198 43495 0 2 0x482 syz-executor
25235 86061 0 0 3 0x14280 nfsidl nfsio
26656 426307 0 0 3 0x14280 nfsidl nfsio
3140 120203 0 0 3 0x14280 nfsidl nfsio
29707 62712 0 0 3 0x14280 nfsidl nfsio
2319 182849 0 0 3 0x14280 nfsidl nfsio
34991 240065 0 0 3 0x14280 nfsidl nfsio
35456 294477 0 0 3 0x14280 nfsidl nfsio
76543 478332 0 0 3 0x14280 nfsidl nfsio
14431 368692 0 0 3 0x14280 nfsidl nfsio
98045 369999 0 0 3 0x14280 nfsidl nfsio
20246 358736 0 0 3 0x14280 nfsidl nfsio
76285 127054 0 0 3 0x14280 nfsidl nfsio
8247 273334 0 0 3 0x14280 nfsidl nfsio
21138 126283 0 0 3 0x14280 nfsidl nfsio
75375 480546 0 0 3 0x14280 nfsidl nfsio
47723 203735 0 0 3 0x14280 nfsidl nfsio
68921 322309 0 0 3 0x14280 nfsidl nfsio
84740 189663 0 0 3 0x14280 nfsidl nfsio
55219 9472 0 0 3 0x14280 nfsidl nfsio
2798 434828 0 0 3 0x14280 nfsidl nfsio
87962 118339 1 0 3 0x100083 ttyopn getty
41311 150416 0 0 3 0x14200 bored sosplice
43495 325026 20110 0 3 0x82 kqread syz-executor
20110 155808 39390 0 3 0x10008a sigsusp ksh
39390 516311 93694 0 3 0x98 kqread sshd-session
93694 462502 82496 0 3 0x92 kqread sshd-session
82496 435764 1 0 3 0x88 kqread sshd
34668 502211 14673 74 3 0x1100092 bpf pflogd
14673 100458 1 0 3 0x80 sbwait pflogd
41688 481637 76355 73 2 0x1100010 syslogd
76355 151834 1 0 3 0x100082 sbwait syslogd
82716 31338 1 0 3 0x100080 kqread resolvd
83015 339056 86455 77 3 0x100092 kqread dhcpleased
38794 201456 86455 77 3 0x100092 kqread dhcpleased
86455 195185 1 0 3 0x80 kqread dhcpleased
35233 449838 0 0 3 0x14200 bored smr
67641 286247 0 0 2 0x14200 zerothread
55467 315264 0 0 3 0x14200 aiodoned aiodoned
64280 179805 0 0 3 0x14200 syncer update
44837 72403 0 0 3 0x14200 cleaner cleaner
10214 395815 0 0 2 0x14200 reaper
19641 93279 0 0 3 0x14200 pgdaemon pagedaemon
56917 107283 0 0 3 0x14200 bored viomb
76276 404474 0 0 3 0x40014200 acpi0 acpi0
46677 447512 0 0 3 0x40014200 idle1
5158 349913 0 0 3 0x14200 bored softnet3
44880 13985 0 0 3 0x14200 bored softnet2
85753 252358 0 0 3 0x14200 bored softnet1
66217 55827 0 0 2 0x14200 softnet0
86975 311347 0 0 2 0x14200 systqmp
8476 131790 0 0 3 0x14200 bored systq
72364 3423 0 0 3 0x14200 tmoslp softclockmp
41083 76858 0 0 3 0x40014200 tmoslp softclock
14516 518822 0 0 3 0x40014200 idle0
1 310040 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 36230 (syz-executor) thread 0xffff8000ffff62a8 (469854)
Process 36230 (syz-executor) thread 0xffff8000ffff76e8 (244020)
Process 41688 (syslogd) thread 0xffff8000ffffd450 (481637)
Process 10214 (reaper) thread 0xffff800029fd8cb0 (395815)
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10208 10191K 10517K 166960K 12548 0
pcb 21 14K 16K 166960K 386 0
rtable 208 6K 8K 166960K 1141 0
pf 41 19K 27K 166960K 143 0
ifaddr 42 7K 8K 166960K 155 0
ifgroup 55 2K 2K 166960K 178 0
sysctl 3 0K 0K 166960K 5 0
counters 64 36K 36K 166960K 124 0
ioctlops 0 0K 4K 166960K 1596 0
iov 0 0K 16K 166960K 101 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1459 92K 92K 166960K 2520 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 15 0
VM map 2 1K 1K 166960K 2 0
sem 12 1K 1K 166960K 168 0
dirhash 12 2K 2K 166960K 42 0
ACPI 1690 195K 286K 166960K 12418 0
file desc 16 57K 93K 166960K 1427 0
sigio 0 0K 0K 166960K 93 0
proc 72 91K 140K 166960K 1243 0
subproc 104 6K 6K 166960K 391 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 281 0
in_multi 90 6K 7K 166960K 409 0
ether_multi 1 0K 0K 166960K 5 0
mrt 1 0K 0K 166960K 5 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 85 387K 387K 166960K 85 0
exec 0 0K 1K 166960K 1012 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 244 91K 93K 166960K 13707 0
UVM aobj 101 3K 3K 166960K 102 0
pinsyscall 41 82K 105K 166960K 3092 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 62 0
NDP 12 0K 2K 166960K 110 0
temp 71 6822K 7458K 166960K 39719 0
kqueue 14 22K 28K 166960K 189 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 208 0 204 3 2 1 3 0 8 0
rtentry 112 397 0 303 5 2 3 4 0 8 0
unpcb 144 1036 0 1013 10 7 3 6 0 8 2
syncache 336 5 0 5 3 3 0 1 0 8 0
tcpcb 808 438 0 433 18 10 8 8 0 8 7
arp 120 66 0 49 1 0 1 1 0 8 0
inpcb 336 1671 0 1655 30 21 9 12 0 8 7
nd6 136 104 0 82 1 0 1 1 0 8 0
pkpcb 40 7 0 7 3 3 0 1 0 8 0
kcovpl 48 30 0 22 1 0 1 1 0 8 0
ppxss 1168 2 0 2 2 2 0 1 0 8 0
pfstscr 40 3 0 2 1 0 1 1 0 8 0
pffrag 232 9 0 7 1 0 1 1 0 482 0
pffrnode 88 9 0 7 1 0 1 1 0 8 0
pffrent 40 64 0 62 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 1 0 0 1 0 1 1 0 8 0
pfanchor 1288 2 0 0 1 0 1 1 0 8 0
pftag 88 2 0 0 1 0 1 1 0 8 0
pfstitem 24 133 0 83 1 0 1 1 0 8 0
pfstkey 128 137 0 87 3 0 3 3 0 8 0
pfstate 376 133 0 86 7 1 6 7 0 8 0
pfrule 1344 36 0 24 2 0 2 2 0 8 1
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 1688 0 1231 34 5 29 30 0 8 0
art_table 32 1690 0 1231 4 0 4 4 0 8 0
art_node 16 395 0 310 1 0 1 1 0 8 0
sysvmsgpl 40 44 0 38 1 0 1 1 0 8 0
semapl 112 166 0 156 1 0 1 1 0 8 0
shmpl 112 99 0 1 3 0 3 3 0 8 0
dirhash 1024 38 0 21 3 0 3 3 0 8 0
dino2pl 256 3426 0 1885 97 0 97 97 0 8 0
ffsino 272 3426 0 1885 104 0 104 104 0 8 0
nchpl 144 5022 0 3306 64 0 64 64 0 8 0
uvmvnodes 80 4340 0 0 89 0 89 89 0 8 0
vnodes 216 4340 0 0 242 0 242 242 0 8 0
namei 1024 19030 0 19030 4 3 1 2 0 8 1
percpumem 16 76 0 30 1 0 1 1 0 8 0
kstatmem 264 84 0 60 2 0 2 2 0 8 0
acpiwqpl 32 3 0 3 1 0 1 1 1 8 1
scsiplug 72 4 0 4 4 3 1 1 0 8 1
scxspl 216 26022 0 26022 12 11 1 8 1 8 1
plimitpl 152 291 0 273 1 0 1 1 0 8 0
sigapl 424 1709 0 1638 11 2 9 9 0 8 0
futexpl 64 15710 0 15708 4 3 1 1 0 8 0
knotepl 120 630 0 0 18 0 18 18 0 8 0
kqueuepl 216 341 0 329 3 2 1 3 0 8 0
pipepl 320 376 0 349 11 8 3 8 0 8 0
fdescpl 496 1669 0 1639 6 1 5 5 0 8 0
filepl 152 10284 0 10025 29 14 15 16 0 8 3
lockfpl 104 499 0 497 2 0 2 2 0 8 1
lockfspl 48 164 0 162 1 0 1 1 0 8 0
sessionpl 144 47 0 38 1 0 1 1 0 8 0
pgrppl 48 93 0 76 1 0 1 1 0 8 0
ucredpl 104 1730 0 1716 1 0 1 1 0 8 0
zombiepl 144 1640 0 1638 1 0 1 1 0 8 0
processpl 1160 1709 0 1638 7 1 6 6 0 8 0
procpl 648 3311 0 3234 9 1 8 8 0 8 0
sosppl 168 5 0 5 3 3 0 1 0 8 0
sockpl 664 2933 0 2890 42 30 12 15 0 8 8
mcl64k 65536 6 0 0 1 0 1 1 0 8 0
mcl16k 16384 1 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 4 0 0 1 0 1 1 0 8 0
mcl2k 2048 235 0 0 30 0 30 30 0 8 0
mtagpl 96 18 0 0 1 0 1 1 0 8 0
mbufpl 256 1789 0 0 109 0 109 109 0 8 0
bufpl 280 8209 0 1949 448 0 448 448 0 8 0
anonpl 24 325361 0 316478 103 49 54 78 0 185 0
amapchunkpl 152 45570 0 44772 51 19 32 40 0 158 0
amappl16 200 7674 0 7643 29 25 4 19 0 8 1
amappl15 192 15 0 15 1 1 0 1 0 8 0
amappl14 184 169 0 157 1 0 1 1 0 8 0
amappl13 176 59 0 59 2 2 0 1 0 8 0
amappl12 168 2700 0 2669 3 1 2 2 0 8 0
amappl11 160 67 0 52 1 0 1 1 0 8 0
amappl10 152 12 0 12 1 1 0 1 0 8 0
amappl9 144 178 0 178 1 1 0 1 0 8 0
amappl8 136 26 0 22 1 0 1 1 0 8 0
amappl7 128 186 0 174 1 0 1 1 0 8 0
amappl6 120 386 0 385 1 0 1 1 0 8 0
amappl5 112 224 0 211 1 0 1 1 0 8 0
amappl4 104 381 0 361 1 0 1 1 0 8 0
amappl3 96 8917 0 8800 5 1 4 4 0 8 0
amappl2 88 1015 0 946 2 0 2 2 0 8 0
amappl1 80 13129 0 12555 14 0 14 14 0 8 0
amappl 88 13060 0 12880 5 0 5 5 0 92 0
dma65536 65536 2 0 2 1 1 0 1 0 8 0
dma4096 4096 2 0 2 2 2 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 7 0 7 2 2 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 101 0 1 2 0 2 2 0 8 0
uaddrrnd 24 1669 0 1638 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1669 0 1638 1 0 1 1 0 8 0
vmmpekpl 168 14668 0 14619 4 1 3 3 0 8 0
vmmpepl 168 109834 0 107922 109 23 86 99 0 357 1
vmsppl 440 1668 0 1637 6 2 4 5 0 8 0
rwobjpl 56 37531 0 32144 80 3 77 77 0 8 0
pdppl 4096 3345 0 3274 137 66 71 85 0 8 0
pvpl 32 44853 0 0 364 2 362 362 0 265 0
pmappl 248 1668 0 1637 3 0 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 582 0 114 14 0 14 14 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
in6_addmulti(ffff8000329975b8,ffff8000011c4800,ffff800032997644) at in6_addmulti+0xf4 sys/netinet6/in6.c:1047
in6_joingroup(ffff8000011c4800,ffff8000329975b8,ffff800032997644) at in6_joingroup+0x6c
in6_update_ifa(ffff8000011c4800,ffff8000329976c0,0) at in6_update_ifa+0x190d
in6_ifattach_linklocal(ffff8000011c4800,0) at in6_ifattach_linklocal+0x331 sys/netinet6/in6_ifattach.c:281
in6_ifattach(ffff8000011c4800) at in6_ifattach+0x2b4 sys/netinet6/in6_ifattach.c:405
ifnewlladdr(ffff8000011c4800) at ifnewlladdr+0x236 sys/net/if.c:3366
ifioctl(ffff800001238fe8,8020691f,ffff800032997910,ffff8000ffff76e8) at ifioctl+0x2ca0 sys/net/if.c:2357
sys_ioctl(ffff8000ffff76e8,ffff800032997af0,ffff800032997a40) at sys_ioctl+0x67c
syscall(ffff800032997af0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff800032997af0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x4850f30bef0, count: -10
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83632228) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff83632228) at __mp_lock+0x192 sys/kern/kern_lock.c:144
syscall(ffff80002a148dc0) at syscall+0xad6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002a148dc0) at syscall+0xad6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7405dbc0c630, count: -6