kernel: protection fault trap, code=0 Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace in_delmulti(fffdfeffffffffff) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000af0300) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000adf800) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000adf800) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000adf800) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:326 ifioctl(fffffd805da6baf8,80206979,ffff80001d77b780,ffff80001d6be780) at ifioctl+0x3de sys/net/if.c:1821 sys_ioctl(ffff80001d6be780,ffff80001d77b898,ffff80001d77b8e0) at sys_ioctl+0x4a1 syscall(ffff80001d77b960) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9d5bc1c6610, count: -9 ddb> show registers rdi 0xffff8000209b4000 rsi 0x19ef2 acpi_pdirpa+0x5d5a rbp 0xffff80001d77b560 rbx 0 rdx 0xffff8000209b4000 rcx 0x19ef1 acpi_pdirpa+0x5d59 rax 0xffffffff817ba21d in_delmulti+0x8d r8 0xffff800000af0300 r9 0xffffffff81256843 rt_ifa_purge+0x153 r10 0x5 r11 0x8a331e1a27107105 r12 0 r13 0x3 r14 0xfffdfeffffffffff r15 0x1 rip 0xffffffff817ba21d in_delmulti+0x8d cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80001d77b500 ss 0x10 in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb> show proc PROC (syz-executor.0) pid=61011 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=71, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6be290,0xffffffff8280e530 process=0xffff80001d6c0ed0 user=0xffff80001d776000, vmspace=0xfffffd8054d25008 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 83741 436983 51110 0 3 0x80 nanosleep syz-executor.0 *83741 61011 51110 0 7 0x4000000 syz-executor.0 51110 207552 39004 0 3 0x82 nanosleep syz-executor.0 52585 265694 0 0 3 0x14200 bored sosplice 22349 167794 39004 0 3 0x82 nanosleep syz-executor.1 39004 141903 80261 0 3 0x82 thrsleep syz-fuzzer 39004 1252 80261 0 3 0x4000082 thrsleep syz-fuzzer 39004 115450 80261 0 3 0x4000082 thrsleep syz-fuzzer 39004 515924 80261 0 3 0x4000082 thrsleep syz-fuzzer 39004 322819 80261 0 3 0x4000082 thrsleep syz-fuzzer 39004 397842 80261 0 3 0x4000082 kqread syz-fuzzer 39004 96567 80261 0 3 0x4000082 thrsleep syz-fuzzer 39004 457345 80261 0 3 0x4000082 thrsleep syz-fuzzer 80261 390497 83893 0 3 0x10008a pause ksh 83893 163656 56528 0 3 0x92 select sshd 9543 156920 1 0 3 0x100083 ttyin getty 56528 46058 1 0 3 0x80 select sshd 86118 217574 98720 73 3 0x100090 kqread syslogd 98720 206920 1 0 3 0x100082 netio syslogd 33715 265453 1 77 3 0x100090 poll dhclient 98975 98996 1 0 3 0x80 poll dhclient 15768 126684 0 0 3 0x14200 bored smr 42943 50185 0 0 3 0x14200 pgzero zerothread 66868 287654 0 0 3 0x14200 aiodoned aiodoned 46756 152755 0 0 3 0x14200 syncer update 99128 493654 0 0 3 0x14200 cleaner cleaner 91596 83297 0 0 3 0x14200 reaper reaper 29644 103271 0 0 3 0x14200 pgdaemon pagedaemon 27639 10413 0 0 3 0x14200 bored crynlk 53400 371196 0 0 3 0x14200 bored crypto 81537 408477 0 0 3 0x40014200 acpi0 acpi0 91694 424778 0 0 3 0x14200 bored softnet 82880 264485 0 0 3 0x14200 bored systqmp 54693 317637 0 0 3 0x14200 bored systq 58702 137338 0 0 3 0x40014200 bored softclock 21267 392974 0 0 3 0x40014200 idle0 1 103639 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9503 6346K 6728K 78643K 11294 0 pcb 13 8K 8K 78643K 100 0 rtable 89 11K 12K 78643K 524 0 ifaddr 83 16K 16K 78643K 175 0 sysctl 2 0K 0K 78643K 2 0 counters 21 16K 16K 78643K 32 0 ioctlops 0 0K 4K 78643K 108 0 iov 0 0K 16K 78643K 72 0 mount 1 1K 1K 78643K 1 0 vnodes 1224 77K 77K 78643K 1474 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 10 0 VM map 2 0K 0K 78643K 2 0 sem 12 1K 1K 78643K 49 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 668 0 sigio 0 0K 0K 78643K 2 0 proc 49 38K 54K 78643K 447 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 457 0 in_multi 71 3K 3K 78643K 171 0 ether_multi 1 0K 0K 78643K 12 0 mrt 2 0K 0K 78643K 3 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 61 281K 281K 78643K 61 0 exec 0 0K 1K 78643K 221 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 139 72K 93K 78643K 2427 0 UVM aobj 19 2K 2K 78643K 29 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 70 0 NDP 13 0K 0K 78643K 39 0 temp 135 3866K 3934K 78643K 7342 0 kqueue 3 4K 12K 78643K 49 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 12 0 7 1 0 1 1 0 8 0 rtpcb 88 55 0 53 1 0 1 1 0 8 0 rtentry 112 113 0 83 2 0 2 2 0 8 0 unpcb 120 963 0 955 1 0 1 1 0 8 0 syncache 272 13 0 13 4 4 0 1 0 8 0 tcpqe 32 56 0 56 2 2 0 1 0 8 0 tcpcb 592 196 0 188 4 2 2 3 0 8 1 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 45 0 45 1 1 0 1 0 8 0 inpcb 296 1085 0 1077 3 1 2 2 0 8 1 rttmr 72 2 0 2 1 1 0 1 0 8 0 nd6 48 25 0 22 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 ppxss 1136 3 0 3 3 3 0 1 0 8 0 pfrktable 1344 16 0 16 1 1 0 1 0 8 0 pftag 88 8 0 8 1 1 0 1 0 8 0 pfrule 1360 4 0 4 1 1 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 729 0 541 21 6 15 15 0 8 1 art_table 32 730 0 541 2 0 2 2 0 8 0 art_node 16 112 0 86 1 0 1 1 0 8 0 sysvmsgpl 40 6 0 4 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 41 0 31 1 0 1 1 0 8 0 shmpl 112 26 0 10 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2240 0 843 88 0 88 88 0 8 0 ffsino 240 2240 0 843 83 0 83 83 0 8 0 nchpl 144 3291 0 1715 60 0 60 60 0 8 0 uvmvnodes 72 2465 0 0 45 0 45 45 0 8 0 vnodes 208 2465 0 0 130 0 130 130 0 8 0 namei 1024 10382 0 10382 1 0 1 1 0 8 1 vcpupl 1984 8 0 0 1 0 1 1 0 8 0 vmpool 528 17 0 9 1 0 1 1 0 8 0 pfiaddrpl 120 4 0 4 1 1 0 1 0 8 0 scxspl 200 10096 0 10096 1 0 1 1 0 8 1 plimitpl 152 65 0 58 1 0 1 1 0 8 0 sigapl 424 852 0 823 4 0 4 4 0 8 0 futexpl 56 14513 0 14513 1 0 1 1 0 8 1 knotepl 112 120 0 100 1 0 1 1 0 8 0 kqueuepl 152 112 0 106 1 0 1 1 0 8 0 pipepl 272 159 0 148 3 1 2 2 0 8 1 fdescpl 432 837 0 823 2 0 2 2 0 8 0 filepl 120 6499 0 6401 4 0 4 4 0 8 0 lockfpl 104 141 0 140 1 0 1 1 0 8 0 lockfspl 48 55 0 54 1 0 1 1 0 8 0 sessionpl 120 18 0 8 1 0 1 1 0 8 0 pgrppl 48 22 0 12 1 0 1 1 0 8 0 ucredpl 96 1610 0 1603 1 0 1 1 0 8 0 zombiepl 144 823 0 822 1 0 1 1 0 8 0 processpl 944 852 0 822 4 0 4 4 0 8 0 procpl 632 1625 0 1587 4 0 4 4 0 8 0 sosppl 144 9 0 9 2 2 0 1 0 8 0 sockpl 400 2108 0 2090 5 1 4 4 0 8 2 mcl64k 65536 546 0 546 66 6 60 65 0 8 60 mcl16k 16384 6 0 6 3 2 1 1 0 8 1 mcl12k 12288 20 0 20 2 1 1 1 0 8 1 mcl9k 9216 13 0 13 2 1 1 1 0 8 1 mcl8k 8192 34 0 34 2 1 1 1 0 8 1 mcl4k 4096 61 0 61 3 2 1 1 0 8 1 mcl2k2 2112 3 0 3 2 2 0 1 0 8 0 mcl2k 2048 97800 0 97758 17 11 6 13 0 8 0 mtagpl 96 63 0 40 2 1 1 1 0 8 0 mbufpl 256 160135 0 159993 62 43 19 44 0 8 6 bufpl 280 4559 0 120 318 0 318 318 0 8 0 anonpl 16 113271 0 94572 113 23 90 98 0 107 6 amapchunkpl 152 5300 0 5098 40 18 22 23 0 158 13 amappl16 192 4386 0 3282 89 27 62 68 0 8 6 amappl15 184 403 0 400 1 0 1 1 0 8 0 amappl14 176 223 0 219 1 0 1 1 0 8 0 amappl13 168 34 0 31 1 0 1 1 0 8 0 amappl12 160 21 0 18 1 0 1 1 0 8 0 amappl11 152 270 0 258 1 0 1 1 0 8 0 amappl10 144 327 0 324 1 0 1 1 0 8 0 amappl9 136 358 0 357 1 0 1 1 0 8 0 amappl8 128 329 0 298 2 0 2 2 0 8 0 amappl7 120 108 0 97 1 0 1 1 0 8 0 amappl6 112 250 0 242 1 0 1 1 0 8 0 amappl5 104 538 0 527 1 0 1 1 0 8 0 amappl4 96 674 0 645 1 0 1 1 0 8 0 amappl3 88 155 0 145 1 0 1 1 0 8 0 amappl2 80 6171 0 6102 2 0 2 2 0 8 0 amappl1 72 28584 0 28167 24 15 9 17 0 8 0 amappl 80 1894 0 1837 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 28 0 10 1 0 1 1 0 8 0 uaddrrnd 24 854 0 832 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 854 0 832 1 0 1 1 0 8 0 vmmpekpl 168 8893 0 8870 2 0 2 2 0 8 0 vmmpepl 168 110143 0 107906 158 41 117 139 0 357 14 vmsppl 272 853 0 832 2 0 2 2 0 8 0 pdppl 4096 1714 0 1672 7 1 6 6 0 8 0 pvpl 32 302103 0 280665 232 23 209 225 0 265 18 pmappl 200 853 0 832 2 0 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 374 0 81 10 0 10 10 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace in_delmulti(fffdfeffffffffff) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000af0300) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000adf800) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000adf800) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000adf800) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:326 ifioctl(fffffd805da6baf8,80206979,ffff80001d77b780,ffff80001d6be780) at ifioctl+0x3de sys/net/if.c:1821 sys_ioctl(ffff80001d6be780,ffff80001d77b898,ffff80001d77b8e0) at sys_ioctl+0x4a1 syscall(ffff80001d77b960) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9d5bc1c6610, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace in_delmulti(fffdfeffffffffff) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000af0300) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000adf800) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000adf800) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000adf800) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:326 ifioctl(fffffd805da6baf8,80206979,ffff80001d77b780,ffff80001d6be780) at ifioctl+0x3de sys/net/if.c:1821 sys_ioctl(ffff80001d6be780,ffff80001d77b898,ffff80001d77b8e0) at sys_ioctl+0x4a1 syscall(ffff80001d77b960) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9d5bc1c6610, count: -9