kernel: protection fault trap, code=0 Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace in_delmulti(fdff7fffffffffff) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000ad6100) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000ac7800) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000ac7800) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000ac7800) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:326 tun_dev_close(5d01,7) at tun_dev_close+0x160 sys/net/if_tun.c:477 spec_close(ffff80001d7a3460) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd805e27f820,7,fffffd806c3bfb40,ffff8000ffff8770) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174 vn_closefile(fffffd80571509e8,ffff8000ffff8770) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd80571509e8,ffff8000ffff8770) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614 fdrop(fffffd80571509e8,ffff8000ffff8770) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd80571509e8,ffff8000ffff8770) at closef+0x117 sys/kern/kern_descrip.c:1263 fdfree(ffff8000ffff8770) at fdfree+0x100 sys/kern/kern_descrip.c:1195 exit1(ffff8000ffff8770,0,19,1) at exit1+0x32c sys/kern/kern_exit.c:197 postsig(ffff8000ffff8770,19) at postsig+0x4b2 sigexit sys/kern/kern_sig.c:1483 [inline] postsig(ffff8000ffff8770,19) at postsig+0x4b2 sys/kern/kern_sig.c:1415 userret(ffff8000ffff8770) at userret+0x159 sys/kern/kern_sig.c:1872 syscall(ffff80001d7a38e0) at syscall+0x42e mi_syscall_return sys/sys/syscall_mi.h:129 [inline] syscall(ffff80001d7a38e0) at syscall+0x42e sys/arch/amd64/amd64/trap.c:592 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc8f40, count: -17 ddb> show registers rdi 0x2 rsi 0 rbp 0xffff80001d7a3230 rbx 0 rdx 0 rcx 0x1 rax 0xffff8000ffff8770 r8 0xffff800000ad6100 r9 0xffffffff81256843 rt_ifa_purge+0x153 r10 0x5 r11 0x7a741bab2832411f r12 0 r13 0x8da1216f __kernel_virt_to_phys+0xda1216f r14 0xfdff7fffffffffff r15 0x1 rip 0xffffffff817ba21d in_delmulti+0x8d cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80001d7a31d0 ss 0 in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb> show proc PROC (syz-executor.1) pid=134211 stat=onproc flags process=a proc=2000 pri=32, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff8280,0xffff80001d6bf660 process=0xffff80001d6c19e0 user=0xffff80001d79e000, vmspace=0xfffffd806bc0a220 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 14337 377934 0 0 3 0x14280 nfsidl nfsio 63548 462199 0 0 3 0x14280 nfsidl nfsio 91111 133560 0 0 3 0x14280 nfsidl nfsio 78406 236072 0 0 3 0x14280 nfsidl nfsio 97935 184090 0 0 3 0x14280 nfsidl nfsio 53789 23019 0 0 3 0x14280 nfsidl nfsio 12755 59017 0 0 3 0x14280 nfsidl nfsio 78042 271619 0 0 3 0x14280 nfsidl nfsio 59060 492224 0 0 3 0x14280 nfsidl nfsio 7513 186089 0 0 3 0x14280 nfsidl nfsio 699 333944 0 0 3 0x14280 nfsidl nfsio 92168 374546 0 0 3 0x14280 nfsidl nfsio 761 31327 0 0 3 0x14280 nfsidl nfsio 47540 99539 0 0 3 0x14280 nfsidl nfsio 98565 252076 0 0 3 0x14280 nfsidl nfsio 29690 85420 0 0 3 0x14280 nfsidl nfsio 74001 170311 0 0 3 0x14280 nfsidl nfsio 90630 114103 0 0 3 0x14280 nfsidl nfsio 26263 53264 0 0 3 0x14280 nfsidl nfsio 38486 117987 0 0 3 0x14280 nfsidl nfsio 72707 522978 0 0 3 0x14200 bored sosplice 65477 85087 18094 0 3 0x82 piperd syz-executor.0 18094 179715 53977 0 2 0x2 syz-fuzzer 18094 476533 53977 0 3 0x4000082 nanosleep syz-fuzzer 18094 255117 53977 0 3 0x4000082 thrsleep syz-fuzzer 18094 249737 53977 0 3 0x4000082 thrsleep syz-fuzzer 18094 208687 53977 0 3 0x4000082 thrsleep syz-fuzzer 18094 174938 53977 0 3 0x4000082 thrsleep syz-fuzzer 18094 512670 53977 0 3 0x4000082 thrsleep syz-fuzzer 53977 409739 43529 0 3 0x10008a pause ksh 43529 242943 59684 0 3 0x92 select sshd 48064 161878 1 0 3 0x100083 ttyin getty 59684 253933 1 0 3 0x80 select sshd 93713 340077 7784 73 3 0x100090 kqread syslogd 7784 126249 1 0 3 0x100082 netio syslogd 90501 182762 1 77 2 0x100090 dhclient 88256 125959 1 0 3 0x80 poll dhclient 82647 300519 0 0 3 0x14200 bored smr 33719 113732 0 0 2 0x14200 zerothread 75280 318721 0 0 3 0x14200 aiodoned aiodoned 83449 81324 0 0 3 0x14200 syncer update 73271 280972 0 0 3 0x14200 cleaner cleaner 86809 517159 0 0 3 0x14200 reaper reaper 60504 379710 0 0 3 0x14200 pgdaemon pagedaemon 98845 387813 0 0 3 0x14200 bored crynlk 83718 203758 0 0 3 0x14200 bored crypto 99862 105322 0 0 3 0x40014200 acpi0 acpi0 98105 13962 0 0 3 0x14200 bored softnet 83166 92061 0 0 2 0x14200 systqmp 58121 247056 0 0 3 0x14200 bored systq 67277 173002 0 0 3 0x40014200 bored softclock 31327 288437 0 0 3 0x40014200 idle0 1 121720 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9471 6332K 6456K 78643K 10636 0 pcb 13 8K 8K 78643K 46 0 rtable 104 3K 7K 78643K 334 0 ifaddr 55 12K 13K 78643K 94 0 sysctl 2 0K 0K 78643K 2 0 counters 21 16K 16K 78643K 23 0 ioctlops 0 0K 4K 78643K 37 0 iov 0 0K 12K 78643K 55 0 mount 1 1K 1K 78643K 1 0 vnodes 1221 77K 77K 78643K 1256 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 38 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 4 9K 25K 78643K 157 0 sigio 0 0K 0K 78643K 2 0 proc 50 38K 54K 78643K 364 0 subproc 23 1K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 23 0 in_multi 43 2K 2K 78643K 60 0 ether_multi 1 0K 0K 78643K 4 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 197 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 119 23K 25K 78643K 1233 0 UVM aobj 6 2K 2K 78643K 6 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 18 0 NDP 8 0K 0K 78643K 16 0 temp 81 3855K 3919K 78643K 4014 0 kqueue 3 4K 8K 78643K 6 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 2 1 0 1 1 0 8 0 rtpcb 88 50 0 48 1 0 1 1 0 8 0 rtentry 112 50 0 8 2 0 2 2 0 8 0 unpcb 120 83 0 75 1 0 1 1 0 8 0 syncache 272 4 0 4 1 1 0 1 0 8 0 tcpqe 32 699 0 699 1 1 0 1 0 8 0 tcpcb 592 53 0 49 1 0 1 1 0 8 0 inpcb 296 166 0 159 3 1 2 2 0 8 1 ip6q 72 1 0 1 1 1 0 1 0 8 0 ip6af 40 2 0 2 1 1 0 1 0 8 0 nd6 48 9 0 2 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 pfrktable 1344 41 0 40 2 1 1 1 0 8 0 pftag 88 6 0 6 2 2 0 1 0 8 0 pfrule 1360 8 0 4 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 200 0 13 13 1 12 13 0 8 0 art_table 32 201 0 13 2 0 2 2 0 8 0 art_node 16 49 0 8 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 2 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 36 0 26 1 0 1 1 0 8 0 shmpl 112 3 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1582 0 184 88 0 88 88 0 8 0 ffsino 240 1582 0 184 83 0 83 83 0 8 0 nchpl 144 2001 0 414 60 0 60 60 0 8 0 uvmvnodes 72 1639 0 0 30 0 30 30 0 8 0 vnodes 208 1639 0 0 87 0 87 87 0 8 0 namei 1024 5451 0 5451 3 2 1 1 0 8 1 vmpool 528 4 0 4 1 1 0 1 0 8 0 pfiaddrpl 120 12 0 12 2 2 0 1 0 8 0 scxspl 200 5990 0 5990 2 1 1 1 0 8 1 plimitpl 152 33 0 26 1 0 1 1 0 8 0 sigapl 424 364 0 316 6 0 6 6 0 8 0 futexpl 56 2906 0 2906 2 1 1 1 0 8 1 knotepl 112 66 0 48 1 0 1 1 0 8 0 kqueuepl 152 15 0 13 1 0 1 1 0 8 0 pipepl 272 89 0 79 1 0 1 1 0 8 0 fdescpl 432 329 0 316 2 0 2 2 0 8 0 filepl 120 2065 0 1979 4 0 4 4 0 8 1 lockfpl 104 33 0 32 1 0 1 1 0 8 0 lockfspl 48 11 0 10 1 0 1 1 0 8 0 sessionpl 120 17 0 7 1 0 1 1 0 8 0 pgrppl 48 19 0 9 1 0 1 1 0 8 0 ucredpl 96 479 0 472 1 0 1 1 0 8 0 zombiepl 144 317 0 316 3 2 1 1 0 8 0 processpl 944 364 0 316 7 0 7 7 0 8 0 procpl 632 541 0 487 6 0 6 6 0 8 1 sosppl 144 4 0 4 2 2 0 1 0 8 0 sockpl 400 301 0 284 5 2 3 4 0 8 1 mcl64k 65536 230 0 230 31 15 16 29 0 8 16 mcl16k 16384 3 0 3 3 3 0 1 0 8 0 mcl12k 12288 7 0 7 5 5 0 1 0 8 0 mcl9k 9216 3 0 3 3 3 0 1 0 8 0 mcl8k 8192 28 0 28 4 3 1 1 0 8 1 mcl4k 4096 15 0 15 4 3 1 1 0 8 1 mcl2k 2048 95898 0 95846 27 20 7 18 0 8 0 mtagpl 96 10 0 10 2 1 1 1 0 8 1 mbufpl 256 152986 0 152883 29 10 19 23 0 8 8 bufpl 280 3551 0 116 246 0 246 246 0 8 0 anonpl 16 59926 0 42173 100 19 81 88 0 107 8 amapchunkpl 152 1748 0 1564 18 9 9 13 0 158 1 amappl16 192 2031 0 1106 69 17 52 59 0 8 5 amappl15 184 112 0 109 1 0 1 1 0 8 0 amappl14 176 2 0 0 1 0 1 1 0 8 0 amappl13 168 27 0 24 1 0 1 1 0 8 0 amappl12 160 32 0 27 1 0 1 1 0 8 0 amappl11 152 58 0 48 1 0 1 1 0 8 0 amappl10 144 122 0 118 1 0 1 1 0 8 0 amappl9 136 361 0 360 1 0 1 1 0 8 0 amappl8 128 294 0 261 2 0 2 2 0 8 0 amappl7 120 102 0 91 1 0 1 1 0 8 0 amappl6 112 39 0 34 1 0 1 1 0 8 0 amappl5 104 255 0 243 1 0 1 1 0 8 0 amappl4 96 423 0 398 1 0 1 1 0 8 0 amappl3 88 129 0 119 1 0 1 1 0 8 0 amappl2 80 1929 0 1871 2 0 2 2 0 8 0 amappl1 72 16059 0 15664 23 14 9 17 0 8 0 amappl 80 779 0 726 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 5 0 0 1 0 1 1 0 8 0 uaddrrnd 24 333 0 320 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 333 0 320 1 0 1 1 0 8 0 vmmpekpl 168 6267 0 6239 2 0 2 2 0 8 0 vmmpepl 168 47721 0 45808 131 37 94 114 0 357 7 vmsppl 272 332 0 320 2 1 1 2 0 8 0 pdppl 4096 672 0 640 6 1 5 6 0 8 0 pvpl 32 169677 0 148927 222 28 194 208 0 265 24 pmappl 200 332 0 320 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 307 0 64 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace in_delmulti(fdff7fffffffffff) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000ad6100) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000ac7800) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000ac7800) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000ac7800) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:326 tun_dev_close(5d01,7) at tun_dev_close+0x160 sys/net/if_tun.c:477 spec_close(ffff80001d7a3460) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd805e27f820,7,fffffd806c3bfb40,ffff8000ffff8770) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174 vn_closefile(fffffd80571509e8,ffff8000ffff8770) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd80571509e8,ffff8000ffff8770) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614 fdrop(fffffd80571509e8,ffff8000ffff8770) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd80571509e8,ffff8000ffff8770) at closef+0x117 sys/kern/kern_descrip.c:1263 fdfree(ffff8000ffff8770) at fdfree+0x100 sys/kern/kern_descrip.c:1195 exit1(ffff8000ffff8770,0,19,1) at exit1+0x32c sys/kern/kern_exit.c:197 postsig(ffff8000ffff8770,19) at postsig+0x4b2 sigexit sys/kern/kern_sig.c:1483 [inline] postsig(ffff8000ffff8770,19) at postsig+0x4b2 sys/kern/kern_sig.c:1415 userret(ffff8000ffff8770) at userret+0x159 sys/kern/kern_sig.c:1872 syscall(ffff80001d7a38e0) at syscall+0x42e mi_syscall_return sys/sys/syscall_mi.h:129 [inline] syscall(ffff80001d7a38e0) at syscall+0x42e sys/arch/amd64/amd64/trap.c:592 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc8f40, count: -17 ddb> machine ddbcpu 1 No such command ddb> trace in_delmulti(fdff7fffffffffff) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000ad6100) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000ac7800) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000ac7800) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000ac7800) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:326 tun_dev_close(5d01,7) at tun_dev_close+0x160 sys/net/if_tun.c:477 spec_close(ffff80001d7a3460) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd805e27f820,7,fffffd806c3bfb40,ffff8000ffff8770) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174 vn_closefile(fffffd80571509e8,ffff8000ffff8770) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd80571509e8,ffff8000ffff8770) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614 fdrop(fffffd80571509e8,ffff8000ffff8770) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd80571509e8,ffff8000ffff8770) at closef+0x117 sys/kern/kern_descrip.c:1263 fdfree(ffff8000ffff8770) at fdfree+0x100 sys/kern/kern_descrip.c:1195 exit1(ffff8000ffff8770,0,19,1) at exit1+0x32c sys/kern/kern_exit.c:197 postsig(ffff8000ffff8770,19) at postsig+0x4b2 sigexit sys/kern/kern_sig.c:1483 [inline] postsig(ffff8000ffff8770,19) at postsig+0x4b2 sys/kern/kern_sig.c:1415 userret(ffff8000ffff8770) at userret+0x159 sys/kern/kern_sig.c:1872 syscall(ffff80001d7a38e0) at syscall+0x42e mi_syscall_return sys/sys/syscall_mi.h:129 [inline] syscall(ffff80001d7a38e0) at syscall+0x42e sys/arch/amd64/amd64/trap.c:592 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc8f40, count: -17