kernel: protection fault trap, code=0 Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace in_delmulti(bf3fffffefffffff) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000a49200) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000a10800) at in_ifdetach+0x74 sys/netinet/in.c:969 if_detach(ffff800000a10800) at if_detach+0x140 sys/net/if.c:1151 tun_clone_destroy(ffff800000a10800) at tun_clone_destroy+0x179 sys/net/if_tun.c:312 spec_close(ffff800022d98b40) at spec_close+0x311 sys/kern/spec_vnops.c:555 VOP_CLOSE(fffffd806e0bd278,7,fffffd807f7c68a0,ffff800020acec70) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:175 vn_closefile(fffffd8065a79c90,ffff800020acec70) at vn_closefile+0xd8 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd8065a79c90,ffff800020acec70) at vn_closefile+0xd8 sys/kern/vfs_vnops.c:610 fdrop(fffffd8065a79c90,ffff800020acec70) at fdrop+0xc2 sys/kern/kern_descrip.c:1273 closef(fffffd8065a79c90,ffff800020acec70) at closef+0x11d sys/kern/kern_descrip.c:1257 fdfree(ffff800020acec70) at fdfree+0x101 sys/kern/kern_descrip.c:1189 exit1(ffff800020acec70,19,1) at exit1+0x32f sys/kern/kern_exit.c:196 postsig(ffff800020acec70,19) at postsig+0x4e3 sigexit sys/kern/kern_sig.c:1499 [inline] postsig(ffff800020acec70,19) at postsig+0x4e3 sys/kern/kern_sig.c:1431 userret(ffff800020acec70) at userret+0x199 sys/kern/kern_sig.c:1889 syscall(ffff800022d98fc0) at syscall+0x55f mi_syscall_return sys/sys/syscall_mi.h:115 [inline] syscall(ffff800022d98fc0) at syscall+0x55f sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff11f0, count: -16 ddb{1}> show registers rdi 0x2 rsi 0 rbp 0xffff800022d98970 rbx 0 rdx 0xffff800020acec70 rcx 0 rax 0 r8 0xffffffff81342423 rt_ifa_purge+0x153 r9 0x5 r10 0x2f r11 0x3e59a0003310d0f1 r12 0 r13 0x3 r14 0xbf3fffffefffffff r15 0x1 rip 0xffffffff81eee24d in_delmulti+0x8d cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800022d98910 ss 0x10 in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb{1}> show proc PROC (syz-executor.1) pid=43438 stat=onproc flags process=a proc=2000 pri=73, usrpri=73, nice=20 forw=0xffffffffffffffff, list=0xffff800020aceee8,0xffff800020ace790 process=0xffff800020aece00 user=0xffff800022d94000, vmspace=0xfffffd807f0088a0 estcpu=36, cpticks=2, pctcpu=0.22 user=0, sys=2, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 27854 366514 2330 0 2 0 syz-executor.0 27854 480987 2330 0 3 0x4000080 fsleep syz-executor.0 27854 174753 2330 0 3 0x4000080 fsleep syz-executor.0 27854 66903 2330 0 3 0x4000080 fsleep syz-executor.0 19295 481317 0 0 3 0x14200 acct acct 76047 178709 0 0 3 0x14200 bored sosplice 2330 156090 6824 0 3 0x82 nanosleep syz-executor.0 6824 360401 96026 0 3 0x82 thrsleep syz-fuzzer 6824 218256 96026 0 3 0x4000082 nanosleep syz-fuzzer 6824 417159 96026 0 3 0x4000082 thrsleep syz-fuzzer 6824 341309 96026 0 3 0x4000082 thrsleep syz-fuzzer 6824 265794 96026 0 3 0x4000082 thrsleep syz-fuzzer 6824 328489 96026 0 3 0x4000082 thrsleep syz-fuzzer 6824 177270 96026 0 3 0x4000082 thrsleep syz-fuzzer 6824 15838 96026 0 7 0x4000002 syz-fuzzer 6824 43520 96026 0 3 0x4000082 thrsleep syz-fuzzer 6824 394200 96026 0 3 0x4000082 nanosleep syz-fuzzer 6824 231571 96026 0 3 0x4000082 thrsleep syz-fuzzer 96026 155016 91483 0 3 0x10008a pause ksh 91483 215917 63104 0 3 0x92 select sshd 25780 42227 1 0 3 0x100083 ttyin getty 63104 406596 1 0 3 0x80 select sshd 25264 268744 75592 74 3 0x100092 bpf pflogd 75592 399035 1 0 3 0x80 netio pflogd 34151 394334 97676 73 3 0x100090 kqread syslogd 97676 275442 1 0 3 0x100082 netio syslogd 11442 275463 1 77 2 0x100090 dhclient 33937 253612 1 0 3 0x80 poll dhclient 59431 87091 0 0 2 0x14200 zerothread 45481 15575 0 0 3 0x14200 aiodoned aiodoned 52066 361668 0 0 3 0x14200 syncer update 78973 135694 0 0 3 0x14200 cleaner cleaner 42959 264299 0 0 3 0x14200 reaper reaper 302 407534 0 0 3 0x14200 pgdaemon pagedaemon 52130 18146 0 0 3 0x14200 bored crynlk 34535 82650 0 0 3 0x14200 bored crypto 23663 415860 0 0 3 0x40014200 acpi0 acpi0 41325 147056 0 0 3 0x40014200 idle1 7648 139380 0 0 2 0x14200 softnet 24596 398207 0 0 3 0x14200 bored systqmp 55514 357539 0 0 3 0x14200 bored systq 70706 489603 0 0 3 0x40014200 bored softclock 662 500239 0 0 3 0x40014200 idle0 89624 478984 0 0 3 0x14200 bored smr 1 426494 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9510 6416K 7126K 78643K 11548 0 pcb 13 8K 8K 78643K 95 0 rtable 108 4K 4K 78643K 272 0 ifaddr 81 17K 18K 78643K 121 0 counters 39 33K 33K 78643K 39 0 ioctlops 0 0K 4K 78643K 1494 0 iov 0 0K 16K 78643K 103 0 mount 1 1K 1K 78643K 1 0 vnodes 1216 76K 77K 78643K 1528 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 5 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 349 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 196K 290K 78643K 12766 0 file desc 5 13K 25K 78643K 403 0 sigio 1 0K 0K 78643K 16 0 proc 60 63K 83K 78643K 479 0 subproc 23 1K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 26 0 in_multi 92 4K 4K 78643K 118 0 ether_multi 1 0K 0K 78643K 6 0 mrt 0 0K 0K 78643K 2 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 48 212K 212K 78643K 48 0 exec 0 0K 1K 78643K 254 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 131 39K 40K 78643K 2367 0 UVM aobj 130 4K 4K 78643K 135 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 93 0 NDP 11 0K 0K 78643K 20 0 temp 133 3019K 3094K 78643K 7726 0 kqueue 0 0K 0K 78643K 2 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 7 0 1 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 35 0 33 1 0 1 1 0 8 0 rtentry 112 50 0 6 2 0 2 2 0 8 0 unpcb 120 598 0 588 1 0 1 1 0 8 0 syncache 264 5 0 5 2 1 1 1 0 8 1 tcpqe 32 84 0 84 1 1 0 1 0 8 0 tcpcb 544 433 0 429 3 0 3 3 0 8 2 inpcb 280 791 0 784 3 0 3 3 0 8 2 rttmr 72 1 0 1 1 1 0 1 0 8 0 ip6q 72 1 0 1 1 1 0 1 0 8 0 ip6af 40 3 0 3 1 1 0 1 0 8 0 nd6 48 5 0 1 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 ppxss 1128 5 0 5 2 1 1 1 0 8 1 pffrag 232 14 0 12 2 1 1 1 0 482 0 pffrnode 88 13 0 12 2 1 1 1 0 8 0 pffrent 40 406 0 366 2 1 1 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 57 0 11 1 0 1 1 0 8 0 pfstkey 112 57 0 11 2 0 2 2 0 8 0 pfstate 328 57 0 11 4 0 4 4 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 221 0 3 14 0 14 14 0 8 0 art_table 32 222 0 3 2 0 2 2 0 8 0 art_node 16 49 0 9 1 0 1 1 0 8 0 sysvmsgpl 40 22 0 11 1 0 1 1 0 8 0 semupl 112 5 0 5 1 1 0 1 0 8 0 semapl 112 347 0 337 1 0 1 1 0 8 0 shmpl 112 133 0 5 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2201 0 797 46 0 46 46 0 8 0 ffsino 272 2201 0 797 95 0 95 95 0 8 0 nchpl 144 3112 0 1493 61 0 61 61 0 8 0 uvmvnodes 72 2462 0 0 45 0 45 45 0 8 0 vnodes 208 2462 0 0 130 0 130 130 0 8 0 namei 1024 9658 0 9658 1 0 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 vcpupl 1984 7 0 0 1 0 1 1 0 8 0 vmpool 560 7 0 0 1 0 1 1 0 8 0 scxspl 192 9147 0 9147 11 7 4 7 0 8 4 plimitpl 152 49 0 41 1 0 1 1 0 8 0 sigapl 432 602 0 587 3 1 2 3 0 8 0 futexpl 56 12692 0 12689 1 0 1 1 0 8 0 knotepl 112 97 0 78 1 0 1 1 0 8 0 kqueuepl 104 133 0 118 2 0 2 2 0 8 0 pipepl 160 418 0 392 2 0 2 2 0 8 0 fdescpl 488 603 0 587 3 0 3 3 0 8 0 filepl 152 5545 0 5433 7 0 7 7 0 8 1 lockfpl 104 124 0 123 1 0 1 1 0 8 0 lockfspl 48 46 0 45 1 0 1 1 0 8 0 sessionpl 112 18 0 7 1 0 1 1 0 8 0 pgrppl 48 21 0 10 1 0 1 1 0 8 0 ucredpl 96 569 0 560 1 0 1 1 0 8 0 zombiepl 144 588 0 587 1 0 1 1 0 8 0 processpl 896 620 0 587 4 0 4 4 0 8 0 procpl 632 1557 0 1511 5 0 5 5 0 8 0 srpgc 64 2 0 0 1 0 1 1 0 8 0 sosppl 128 5 0 5 2 1 1 1 0 8 1 sockpl 384 1438 0 1419 8 0 8 8 0 8 6 mcl64k 65536 12 0 0 2 0 2 2 0 8 0 mcl16k 16384 3 0 0 1 0 1 1 0 8 0 mcl12k 12288 6 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 6 0 0 1 0 1 1 0 8 0 mcl4k 4096 8 0 0 1 0 1 1 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 172 0 0 21 0 21 21 0 8 0 mtagpl 80 30 0 0 1 0 1 1 0 8 0 mbufpl 256 788 0 0 48 0 48 48 0 8 0 bufpl 280 7710 0 1340 455 0 455 455 0 8 0 anonpl 16 84926 0 64035 101 6 95 99 0 125 10 amapchunkpl 152 3373 0 3203 13 1 12 12 0 158 5 amappl16 192 3676 0 2534 75 15 60 68 0 8 2 amappl15 184 66 0 62 1 0 1 1 0 8 0 amappl14 176 27 0 26 1 0 1 1 0 8 0 amappl13 168 1 0 1 1 1 0 1 0 8 0 amappl12 160 11 0 10 2 1 1 1 0 8 0 amappl11 152 59 0 43 1 0 1 1 0 8 0 amappl10 144 386 0 376 1 0 1 1 0 8 0 amappl9 136 589 0 586 1 0 1 1 0 8 0 amappl8 128 133 0 101 2 0 2 2 0 8 0 amappl7 120 471 0 458 1 0 1 1 0 8 0 amappl6 112 60 0 51 1 0 1 1 0 8 0 amappl5 104 175 0 162 1 0 1 1 0 8 0 amappl4 96 865 0 832 2 1 1 2 0 8 0 amappl3 88 132 0 125 1 0 1 1 0 8 0 amappl2 80 3963 0 3889 3 1 2 3 0 8 0 amappl1 72 22926 0 22467 27 17 10 21 0 8 0 amappl 80 1814 0 1761 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 134 0 5 3 0 3 3 0 8 0 uaddrrnd 24 610 0 587 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 610 0 587 1 0 1 1 0 8 0 vmmpekpl 168 8335 0 8296 2 0 2 2 0 8 0 vmmpepl 168 82576 0 80213 144 28 116 137 0 357 7 vmsppl 368 609 0 587 3 0 3 3 0 8 0 pdppl 4096 1227 0 1181 7 0 7 7 0 8 0 pvpl 32 244019 0 219500 229 5 224 228 0 265 26 pmappl 232 609 0 587 2 0 2 2 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 205 0 3 6 0 6 6 0 8 0