kernel: protection fault trap, code=0 Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace in_delmulti(fdf7bffffffffffb) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000b2e900) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000af6000) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000af6000) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000af6000) at tun_clone_destroy+0x1e1 sys/net/if_tun.c:326 ifioctl(fffffd8063d33cb8,80206979,ffff8000246fbfc0,ffff800021f72030) at ifioctl+0x3ea sys/net/if.c:1821 soo_ioctl(fffffd8063fcd008,80206979,ffff8000246fbfc0,ffff800021f72030) at soo_ioctl+0x27c sys/kern/sys_socket.c:138 sys_ioctl(ffff800021f72030,ffff8000246fc0d8,ffff8000246fc120) at sys_ioctl+0x4a5 syscall(ffff8000246fc1a0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000246fc1a0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x97f75779a50, count: -10 ddb{0}> show registers rdi 0xffff8000230f7000 rsi 0x20caa acpi_pdirpa+0xcb12 rbp 0xffff8000246fbd30 rbx 0 rdx 0xffff8000230f7000 rcx 0x20ca9 acpi_pdirpa+0xcb11 rax 0xffffffff823bf7bd in_delmulti+0x8d r8 0xffff800000b2e900 r9 0xffffffff81e56833 rt_ifa_purge+0x153 r10 0x5 r11 0x77f74ac2d30b6378 r12 0 r13 0x3 r14 0xfdf7bffffffffffb r15 0x1 rip 0xffffffff823bf7bd in_delmulti+0x8d cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000246fbcd0 ss 0x10 in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb{0}> show proc PROC (syz-executor.1) pid=188886 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=78, nice=20 forw=0xffffffffffffffff, list=0xffff800021f73178,0xffffffff828cde18 process=0xffff8000ffffa008 user=0xffff8000246f7000, vmspace=0xfffffd806e9105c8 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 47617 315487 50825 0 3 0x80 nanosleep syz-executor.1 *47617 188886 50825 0 7 0x4000000 syz-executor.1 86705 178791 1593 0 3 0x80 nanosleep syz-executor.0 86705 12799 1593 0 3 0x4000080 netcon2 syz-executor.0 86705 87077 1593 0 3 0x4000080 netcon2 syz-executor.0 86705 374487 1593 0 3 0x4000080 fsleep syz-executor.0 93966 37958 0 0 3 0x14200 acct acct 84639 322787 0 0 3 0x14200 bored sosplice 33723 350197 0 0 3 0x14280 nfsidl nfsio 29470 240594 0 0 3 0x14280 nfsidl nfsio 28670 477761 0 0 3 0x14280 nfsidl nfsio 59322 138379 0 0 3 0x14280 nfsidl nfsio 7481 49001 0 0 3 0x14280 nfsidl nfsio 52859 97856 0 0 3 0x14280 nfsidl nfsio 29530 433520 0 0 3 0x14280 nfsidl nfsio 52266 311498 0 0 3 0x14280 nfsidl nfsio 38459 149496 0 0 3 0x14280 nfsidl nfsio 28921 173221 0 0 3 0x14280 nfsidl nfsio 17528 260387 0 0 3 0x14280 nfsidl nfsio 14375 311597 0 0 3 0x14280 nfsidl nfsio 81431 4708 0 0 3 0x14280 nfsidl nfsio 17963 425565 0 0 3 0x14280 nfsidl nfsio 95804 87678 0 0 3 0x14280 nfsidl nfsio 40439 224615 0 0 3 0x14280 nfsidl nfsio 62582 379055 0 0 3 0x14280 nfsidl nfsio 44800 248416 0 0 3 0x14280 nfsidl nfsio 93084 164866 0 0 3 0x14280 nfsidl nfsio 23904 337508 0 0 3 0x14280 nfsidl nfsio 50825 28355 82485 0 3 0x82 nanosleep syz-executor.1 1593 352186 82485 0 3 0x82 nanosleep syz-executor.0 82485 262793 64297 0 3 0x82 thrsleep syz-fuzzer 82485 498471 64297 0 3 0x4000082 thrsleep syz-fuzzer 82485 301637 64297 0 3 0x4000082 kqread syz-fuzzer 82485 40543 64297 0 3 0x4000082 thrsleep syz-fuzzer 82485 209722 64297 0 3 0x4000082 thrsleep syz-fuzzer 82485 440655 64297 0 3 0x4000082 thrsleep syz-fuzzer 82485 214223 64297 0 3 0x4000082 thrsleep syz-fuzzer 82485 503194 64297 0 3 0x4000082 thrsleep syz-fuzzer 64297 256839 44521 0 3 0x10008a pause ksh 44521 278508 13479 0 3 0x92 select sshd 88574 370197 1 0 3 0x100083 ttyin getty 13479 411536 1 0 3 0x80 select sshd 12377 132735 31003 74 3 0x100092 bpf pflogd 31003 76117 1 0 3 0x80 netio pflogd 75045 250690 29949 73 3 0x100090 kqread syslogd 29949 7594 1 0 3 0x100082 netio syslogd 62729 170603 1 77 2 0x100090 dhclient 85845 113896 1 0 2 0x80 dhclient 61127 369372 0 0 3 0x14200 bored smr 68331 385365 0 0 3 0x14200 pgzero zerothread 77383 32974 0 0 3 0x14200 aiodoned aiodoned 10071 88020 0 0 3 0x14200 syncer update 45395 136998 0 0 3 0x14200 cleaner cleaner 49419 259804 0 0 3 0x14200 reaper reaper 12533 119599 0 0 3 0x14200 pgdaemon pagedaemon 52485 112421 0 0 3 0x14200 bored crynlk 57097 79842 0 0 3 0x14200 bored crypto 71866 460504 0 0 3 0x40014200 acpi0 acpi0 57681 225831 0 0 7 0x40014200 idle1 97768 443788 0 0 3 0x14200 bored softnet 42188 178226 0 0 2 0x14200 systqmp 11973 304586 0 0 2 0x14200 systq 4701 206436 0 0 3 0x40014200 bored softclock 10022 59610 0 0 3 0x40014200 idle0 1 335988 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 47617 (syz-executor.1) thread 0xffff800021f72030 (188886) exclusive rwlock netlock r = 0 (0xffffffff827713e0) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 if_detach+0x70 sys/net/if.c:1010 #2 tun_clone_destroy+0x1e1 sys/net/if_tun.c:326 #3 ifioctl+0x3ea sys/net/if.c:1821 #4 soo_ioctl+0x27c sys/kern/sys_socket.c:138 #5 sys_ioctl+0x4a5 #6 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] #6 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 #7 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82933348) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 __mp_acquire_count+0x51 sys/kern/kern_lock.c:227 #2 mi_switch+0x392 sys/kern/sched_bsd.c:435 #3 sleep_finish+0x113 sys/kern/kern_synch.c:418 #4 cond_wait+0x76 sys/kern/kern_synch.c:907 #5 smr_barrier_impl+0xf9 sys/kern/kern_smr.c:271 #6 tun_clone_destroy+0x136 sys/net/if_tun.c:311 #7 ifioctl+0x3ea sys/net/if.c:1821 #8 soo_ioctl+0x27c sys/kern/sys_socket.c:138 #9 sys_ioctl+0x4a5 #10 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] #10 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 #11 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9529 6497K 7701K 78643K 12797 0 pcb 13 8K 8K 78643K 94 0 rtable 114 7K 7K 78643K 407 0 ifaddr 85 16K 17K 78643K 161 0 sysctl 2 0K 0K 78643K 2 0 counters 43 33K 34K 78643K 61 0 ioctlops 0 0K 4K 78643K 1589 0 iov 0 0K 16K 78643K 264 0 mount 1 1K 1K 78643K 1 0 vnodes 1228 77K 78K 78643K 1725 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 10 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 1K 78643K 150 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1824 197K 290K 78643K 13058 0 file desc 6 17K 25K 78643K 599 0 sigio 0 0K 0K 78643K 32 0 proc 62 63K 95K 78643K 483 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 73 0 in_multi 60 3K 3K 78643K 178 0 ether_multi 1 0K 0K 78643K 14 0 mrt 0 0K 0K 78643K 8 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 1K 78643K 249 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 195 46K 61K 78643K 2589 0 UVM aobj 24 4K 4K 78643K 34 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 80 0 NDP 13 0K 0K 78643K 36 0 temp 120 3872K 3936K 78643K 4137 0 kqueue 3 4K 12K 78643K 19 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 7 0 2 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 88 35 0 33 1 0 1 1 0 8 0 rtentry 112 94 0 54 2 0 2 2 0 8 0 unpcb 120 356 0 346 1 0 1 1 0 8 0 syncache 272 10 0 10 2 2 0 1 0 8 0 tcpqe 32 204 0 204 1 1 0 1 0 8 0 tcpcb 592 200 0 192 3 2 1 2 0 8 0 inpcb 296 659 0 646 3 1 2 2 0 8 1 rttmr 72 4 0 4 1 1 0 1 0 8 0 nd6 48 30 0 25 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 ppxss 1136 1 0 1 1 1 0 1 0 8 0 pffrag 232 2 0 2 2 1 1 1 0 482 1 pffrnode 88 2 0 2 2 1 1 1 0 8 1 pffrent 40 47 0 47 2 1 1 1 0 8 1 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 10 0 3 1 0 1 1 0 8 0 pfstitem 24 64 0 11 1 0 1 1 0 8 0 pfstkey 112 64 0 11 2 0 2 2 0 8 0 pfstate 328 64 0 11 5 0 5 5 0 8 0 pfrule 1360 23 0 17 2 1 1 2 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 379 0 171 16 0 16 16 0 8 1 art_table 32 381 0 171 3 0 3 3 0 8 0 art_node 16 93 0 52 1 0 1 1 0 8 0 sysvmsgpl 40 20 0 10 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 142 0 132 1 0 1 1 0 8 0 shmpl 112 31 0 10 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2183 0 780 89 0 89 89 0 8 0 ffsino 272 2183 0 780 95 1 94 94 0 8 0 nchpl 144 3355 0 1748 60 0 60 60 0 8 0 uvmvnodes 72 2692 0 0 49 0 49 49 0 8 0 vnodes 208 2692 0 0 142 0 142 142 0 8 0 namei 1024 9329 0 9329 1 0 1 1 0 8 1 percpumem 16 41 0 9 1 0 1 1 0 8 0 vcpupl 1984 1 0 0 1 0 1 1 0 8 0 vmpool 560 5 0 4 1 0 1 1 0 8 0 pfiaddrpl 120 6 0 0 1 0 1 1 0 8 0 scxspl 200 9026 0 9026 8 7 1 7 0 8 1 plimitpl 152 37 0 29 1 0 1 1 0 8 0 sigapl 424 836 0 782 7 0 7 7 0 8 0 futexpl 56 11615 0 11614 2 1 1 1 0 8 0 knotepl 112 89 0 69 1 0 1 1 0 8 0 kqueuepl 152 50 0 48 1 0 1 1 0 8 0 pipepl 304 142 0 131 4 2 2 2 0 8 1 fdescpl 496 799 0 782 3 0 3 3 0 8 0 filepl 152 4775 0 4666 7 2 5 5 0 8 0 lockfpl 104 257 0 256 1 0 1 1 0 8 0 lockfspl 48 116 0 115 1 0 1 1 0 8 0 sessionpl 120 18 0 7 1 0 1 1 0 8 0 pgrppl 48 32 0 21 1 0 1 1 0 8 0 ucredpl 96 334 0 325 1 0 1 1 0 8 0 zombiepl 144 782 0 782 3 2 1 1 0 8 1 processpl 1008 836 0 782 7 0 7 7 0 8 0 procpl 632 1679 0 1614 7 1 6 6 0 8 0 sosppl 144 11 0 9 3 2 1 1 0 8 0 sockpl 400 1052 0 1028 9 5 4 4 0 8 1 mcl64k 65536 5 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 3 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 8 0 0 1 0 1 1 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 230 0 0 28 0 28 28 0 8 0 mtagpl 96 296 0 0 8 0 8 8 0 8 0 mbufpl 256 1153 0 0 72 0 72 72 0 8 0 bufpl 280 3988 0 127 276 0 276 276 0 8 0 anonpl 16 85380 0 66879 92 4 88 91 0 124 13 amapchunkpl 152 4419 0 4109 28 12 16 26 0 158 3 amappl16 192 3893 0 3037 55 7 48 55 0 8 5 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 287 0 284 1 0 1 1 0 8 0 amappl13 168 28 0 25 1 0 1 1 0 8 0 amappl12 160 22 0 16 1 0 1 1 0 8 0 amappl11 152 53 0 38 1 0 1 1 0 8 0 amappl10 144 17 0 11 1 0 1 1 0 8 0 amappl9 136 380 0 376 1 0 1 1 0 8 0 amappl8 128 396 0 331 3 0 3 3 0 8 0 amappl7 120 124 0 111 1 0 1 1 0 8 0 amappl6 112 29 0 23 1 0 1 1 0 8 0 amappl5 104 699 0 681 1 0 1 1 0 8 0 amappl4 96 497 0 467 1 0 1 1 0 8 0 amappl3 88 419 0 410 1 0 1 1 0 8 0 amappl2 80 5425 0 5348 2 0 2 2 0 8 0 amappl1 72 29445 0 28961 23 13 10 18 0 8 0 amappl 80 1959 0 1870 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 33 0 10 1 0 1 1 0 8 0 uaddrrnd 24 804 0 786 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 804 0 786 1 0 1 1 0 8 0 vmmpekpl 168 8778 0 8731 3 0 3 3 0 8 0 vmmpepl 168 104632 0 102406 133 29 104 113 0 357 6 vmsppl 368 803 0 786 2 0 2 2 0 8 0 pdppl 4096 1615 0 1573 6 0 6 6 0 8 0 pvpl 32 274991 0 253009 221 11 210 213 0 265 31 pmappl 232 803 0 786 4 2 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 333 0 11 10 0 10 10 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace in_delmulti(fdf7bffffffffffb) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000b2e900) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000af6000) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000af6000) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000af6000) at tun_clone_destroy+0x1e1 sys/net/if_tun.c:326 ifioctl(fffffd8063d33cb8,80206979,ffff8000246fbfc0,ffff800021f72030) at ifioctl+0x3ea sys/net/if.c:1821 soo_ioctl(fffffd8063fcd008,80206979,ffff8000246fbfc0,ffff800021f72030) at soo_ioctl+0x27c sys/kern/sys_socket.c:138 sys_ioctl(ffff800021f72030,ffff8000246fc0d8,ffff8000246fc120) at sys_ioctl+0x4a5 syscall(ffff8000246fc1a0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000246fc1a0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x97f75779a50, count: -10 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020d70ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x331 sys/dev/acpi/acpicpu.c:1187 sched_idle(ffff800020d70ff0) at sched_idle+0x3f7 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5