kernel: protection fault trap, code=0 Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace in_delmulti(bf3fffffefffffff) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000ad8300) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000ac7800) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000ac7800) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000ac7800) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:326 ifioctl(fffffd806b632320,80206979,ffff80001e7b9090,ffff80001d6bf8c8) at ifioctl+0x3de sys/net/if.c:1821 sys_ioctl(ffff80001d6bf8c8,ffff80001e7b91a8,ffff80001e7b91f0) at sys_ioctl+0x4a1 syscall(ffff80001e7b9270) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x55b6fad4f10, count: -9 ddb> show registers rdi 0xffff80001d784000 rsi 0x25067 acpi_pdirpa+0x10ecf rbp 0xffff80001e7b8e70 rbx 0 rdx 0xffff80001d784000 rcx 0x25066 acpi_pdirpa+0x10ece rax 0xffffffff817ba21d in_delmulti+0x8d r8 0xffff800000ad8300 r9 0xffffffff81256843 rt_ifa_purge+0x153 r10 0x5 r11 0x45c015f0db0bae02 r12 0 r13 0x55d8ed09 r14 0xbf3fffffefffffff r15 0x1 rip 0xffffffff817ba21d in_delmulti+0x8d cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80001e7b8e10 ss 0x10 in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb> show proc PROC (syz-executor.0) pid=289120 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=76, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6bec70,0xffffffff8280e530 process=0xffff80001d6c19e0 user=0xffff80001e7b4000, vmspace=0xfffffd806bc0a220 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 61446 145779 96859 0 3 0x80 nanosleep syz-executor.0 *61446 289120 96859 0 7 0x4000000 syz-executor.0 36822 16675 12011 0 2 0x2 syz-executor.1 9027 60503 0 0 3 0x14200 bored sosplice 96859 453758 12011 0 3 0x82 nanosleep syz-executor.0 12011 346664 18866 0 3 0x82 thrsleep syz-fuzzer 12011 203255 18866 0 2 0x4000082 syz-fuzzer 12011 376064 18866 0 3 0x4000082 thrsleep syz-fuzzer 12011 356094 18866 0 3 0x4000082 thrsleep syz-fuzzer 12011 334548 18866 0 3 0x4000082 thrsleep syz-fuzzer 12011 366386 18866 0 3 0x4000082 thrsleep syz-fuzzer 12011 478489 18866 0 2 0x4000002 syz-fuzzer 18866 502260 68963 0 3 0x10008a pause ksh 68963 206160 93273 0 3 0x92 select sshd 44388 511213 1 0 3 0x100083 ttyin getty 93273 236271 1 0 3 0x80 select sshd 1047 128480 47986 73 3 0x100090 kqread syslogd 47986 143529 1 0 3 0x100082 netio syslogd 74509 510481 1 77 2 0x100090 dhclient 15008 99843 1 0 3 0x80 poll dhclient 52554 107528 0 0 3 0x14200 bored smr 21992 286029 0 0 3 0x14200 pgzero zerothread 49785 215351 0 0 3 0x14200 aiodoned aiodoned 21993 272156 0 0 3 0x14200 syncer update 5503 343786 0 0 3 0x14200 cleaner cleaner 3623 363282 0 0 3 0x14200 reaper reaper 2367 189586 0 0 3 0x14200 pgdaemon pagedaemon 54330 414169 0 0 3 0x14200 bored crynlk 94995 88254 0 0 3 0x14200 bored crypto 53010 315623 0 0 3 0x40014200 acpi0 acpi0 84579 34129 0 0 3 0x14200 bored softnet 60508 237159 0 0 2 0x14200 systqmp 85473 417698 0 0 3 0x14200 bored systq 9320 451428 0 0 3 0x40014200 bored softclock 57757 106345 0 0 3 0x40014200 idle0 1 461335 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9463 6329K 6713K 78643K 10895 0 pcb 13 8K 8K 78643K 53 0 rtable 116 14K 16K 78643K 356 0 ifaddr 59 13K 14K 78643K 119 0 counters 21 16K 16K 78643K 27 0 ioctlops 0 0K 4K 78643K 65 0 iov 0 0K 16K 78643K 26 0 mount 1 1K 1K 78643K 1 0 vnodes 1221 77K 77K 78643K 1354 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 3 0 VM map 2 0K 0K 78643K 2 0 sem 11 0K 1K 78643K 44 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 266 0 sigio 0 0K 0K 78643K 2 0 proc 48 38K 63K 78643K 411 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 18 0 in_multi 51 2K 2K 78643K 112 0 ether_multi 1 0K 0K 78643K 7 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 205 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 123 22K 26K 78643K 1470 0 UVM aobj 6 2K 2K 78643K 7 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 33 0 NDP 7 0K 0K 78643K 27 0 temp 88 3874K 3938K 78643K 3570 0 kqueue 3 4K 16K 78643K 34 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 4 1 0 1 1 0 8 0 rtpcb 88 31 0 29 1 0 1 1 0 8 0 rtentry 112 64 0 24 2 0 2 2 0 8 0 unpcb 120 135 0 127 1 0 1 1 0 8 0 syncache 272 8 0 8 2 2 0 1 0 8 0 tcpqe 32 452 0 452 1 1 0 1 0 8 0 tcpcb 592 82 0 76 2 0 2 2 0 8 1 inpcb 296 248 0 239 2 0 2 2 0 8 1 nd6 48 17 0 11 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 0 1 1 0 8 1 pfrktable 1344 28 0 21 1 0 1 1 0 8 0 pftag 88 4 0 2 1 0 1 1 0 8 0 pfrule 1360 15 0 5 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 260 0 72 13 0 13 13 0 8 1 art_table 32 261 0 72 2 0 2 2 0 8 0 art_node 16 63 0 23 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 5 1 0 1 1 0 8 0 semupl 112 4 0 4 1 1 0 1 0 8 0 semapl 112 36 0 27 1 0 1 1 0 8 0 shmpl 112 4 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1772 0 378 88 0 88 88 0 8 0 ffsino 240 1772 0 378 83 0 83 83 0 8 0 nchpl 144 2358 0 768 60 0 60 60 0 8 0 uvmvnodes 72 1928 0 0 36 0 36 36 0 8 0 vnodes 208 1928 0 0 102 0 102 102 0 8 0 namei 1024 6300 0 6300 1 0 1 1 0 8 1 pfiaddrpl 120 16 0 10 1 0 1 1 0 8 0 scxspl 200 7492 0 7492 1 0 1 1 0 8 1 plimitpl 152 29 0 22 1 0 1 1 0 8 0 sigapl 424 450 0 421 4 0 4 4 0 8 0 futexpl 56 4954 0 4954 1 0 1 1 0 8 1 knotepl 112 108 0 88 1 0 1 1 0 8 0 kqueuepl 152 44 0 42 1 0 1 1 0 8 0 pipepl 272 90 0 79 2 1 1 2 0 8 0 fdescpl 432 435 0 421 2 0 2 2 0 8 0 filepl 120 2533 0 2433 4 0 4 4 0 8 0 lockfpl 104 73 0 72 1 0 1 1 0 8 0 lockfspl 48 30 0 29 1 0 1 1 0 8 0 sessionpl 120 18 0 8 1 0 1 1 0 8 0 pgrppl 48 18 0 8 1 0 1 1 0 8 0 ucredpl 96 210 0 203 1 0 1 1 0 8 0 zombiepl 144 421 0 421 1 0 1 1 0 8 1 processpl 944 450 0 421 4 0 4 4 0 8 0 procpl 632 717 0 681 4 0 4 4 0 8 0 sosppl 144 6 0 6 2 1 1 1 0 8 1 sockpl 400 416 0 397 3 0 3 3 0 8 1 mcl64k 65536 4 0 4 1 0 1 1 0 8 1 mcl16k 16384 1 0 1 1 1 0 1 0 8 0 mcl12k 12288 7 0 7 1 0 1 1 0 8 1 mcl9k 9216 2 0 2 1 0 1 1 0 8 1 mcl8k 8192 13 0 13 1 0 1 1 0 8 1 mcl4k 4096 35 0 35 2 1 1 1 0 8 1 mcl2k2 2112 1 0 1 1 0 1 1 0 8 1 mcl2k 2048 94443 0 94385 20 11 9 18 0 8 1 mtagpl 96 36 0 30 2 1 1 1 0 8 0 mbufpl 256 150911 0 150792 29 2 27 27 0 8 10 bufpl 280 4062 0 120 282 0 282 282 0 8 0 anonpl 16 59095 0 42462 73 1 72 72 0 107 0 amapchunkpl 152 2127 0 1951 21 2 19 21 0 158 11 amappl16 192 2041 0 1092 48 0 48 48 0 8 0 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 111 0 109 2 1 1 1 0 8 0 amappl13 168 113 0 109 1 0 1 1 0 8 0 amappl12 160 95 0 91 1 0 1 1 0 8 0 amappl11 152 47 0 38 1 0 1 1 0 8 0 amappl10 144 47 0 44 1 0 1 1 0 8 0 amappl9 136 362 0 360 1 0 1 1 0 8 0 amappl8 128 308 0 280 1 0 1 1 0 8 0 amappl7 120 144 0 132 1 0 1 1 0 8 0 amappl6 112 25 0 20 1 0 1 1 0 8 0 amappl5 104 367 0 354 1 0 1 1 0 8 0 amappl4 96 438 0 411 1 0 1 1 0 8 0 amappl3 88 237 0 228 1 0 1 1 0 8 0 amappl2 80 2667 0 2599 2 0 2 2 0 8 0 amappl1 72 18544 0 18129 24 15 9 17 0 8 0 amappl 80 977 0 926 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 6 0 1 1 0 1 1 0 8 0 uaddrrnd 24 435 0 421 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 435 0 421 1 0 1 1 0 8 0 vmmpekpl 168 6759 0 6738 2 0 2 2 0 8 0 vmmpepl 168 60851 0 58807 138 12 126 126 0 357 36 vmsppl 272 434 0 421 2 1 1 2 0 8 0 pdppl 4096 876 0 842 6 1 5 6 0 8 0 pvpl 32 186448 0 166810 172 1 171 172 0 265 3 pmappl 200 434 0 421 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 261 0 22 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace in_delmulti(bf3fffffefffffff) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000ad8300) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000ac7800) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000ac7800) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000ac7800) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:326 ifioctl(fffffd806b632320,80206979,ffff80001e7b9090,ffff80001d6bf8c8) at ifioctl+0x3de sys/net/if.c:1821 sys_ioctl(ffff80001d6bf8c8,ffff80001e7b91a8,ffff80001e7b91f0) at sys_ioctl+0x4a1 syscall(ffff80001e7b9270) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x55b6fad4f10, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace in_delmulti(bf3fffffefffffff) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000ad8300) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000ac7800) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000ac7800) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000ac7800) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:326 ifioctl(fffffd806b632320,80206979,ffff80001e7b9090,ffff80001d6bf8c8) at ifioctl+0x3de sys/net/if.c:1821 sys_ioctl(ffff80001d6bf8c8,ffff80001e7b91a8,ffff80001e7b91f0) at sys_ioctl+0x4a1 syscall(ffff80001e7b9270) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x55b6fad4f10, count: -9