kernel: protection fault trap, code=0 Stopped at in6_addmulti+0xc4: movzbl 0x1(%rax),%ebx ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace in6_addmulti(ffff800024b22bd8,ffff800000d1d000,ffff800024b22c6c) at in6_addmulti+0xc4 sys/netinet6/in6.c:1037 in6_update_ifa(ffff800000d1d000,ffff800024b22ce0,0) at in6_update_ifa+0x1418 in6_joingroup sys/netinet6/in6.c:1154 [inline] in6_update_ifa(ffff800000d1d000,ffff800024b22ce0,0) at in6_update_ifa+0x1418 sys/netinet6/in6.c:776 in6_ifattach_linklocal(ffff800000d1d000,0) at in6_ifattach_linklocal+0x28d sys/netinet6/in6_ifattach.c:281 in6_ifattach(ffff800000d1d000) at in6_ifattach+0x1bb sys/netinet6/in6_ifattach.c:405 ifnewlladdr(ffff800000d1d000) at ifnewlladdr+0x180 sys/net/if.c:3204 ifioctl(fffffd8067f265e8,8020691f,ffff800024b22f40,ffff8000211f58d0) at ifioctl+0x1f5e sys/net/if.c:2253 sys_ioctl(ffff8000211f58d0,ffff800024b23058,ffff800024b230a0) at sys_ioctl+0x4a2 syscall(ffff800024b23120) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff800024b23120) at syscall+0x606 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5fb17d5bd30, count: -9 ddb{1}> show registers rdi 0xffff80002c7f0000 rsi 0x4a52 __ALIGN_SIZE+0x3a52 rbp 0xffff800024b22ac0 rbx 0 rdx 0xffff80002c7f0000 rcx 0x4a51 __ALIGN_SIZE+0x3a51 rax 0xdeaf0036deafbead r8 0x2 r9 0xfffffd8073423010 r10 0x4b937265e1a97644 r11 0x49527ecf01d27b08 r12 0xffff800000cf9400 r13 0xffff800024b22bd8 r14 0xffff800024b22c6c r15 0xffff800000d1d000 rip 0xffffffff810e3c54 in6_addmulti+0xc4 cs 0x8 rflags 0x10286 __ALIGN_SIZE+0xf286 rsp 0xffff800024b22940 ss 0x10 in6_addmulti+0xc4: movzbl 0x1(%rax),%ebx ddb{1}> show proc PROC (syz-executor.5) pid=299598 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000211f4b38,0xffff8000211f4320 process=0xffff8000212a6e28 user=0xffff800024b1e000, vmspace=0xfffffd8008a06898 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 66708 418342 60902 0 3 0x80 nanoslp syz-executor.0 66708 366363 60902 0 3 0x4000080 fsleep syz-executor.0 66708 160490 60902 0 3 0x4000080 netio syz-executor.0 6461 272866 40090 0 2 0 syz-executor.4 6461 184366 40090 0 2 0x4000000 syz-executor.4 67915 489719 93841 0 7 0 syz-executor.5 67915 184629 93841 0 3 0x4000000 smrbar syz-executor.5 *67915 299598 93841 0 7 0x4000000 syz-executor.5 79635 363531 69444 0 3 0x82 piperd syz-executor.3 40090 376899 69444 0 2 0x482 syz-executor.4 72956 346018 1 0 3 0 vmmaplk syz-executor.4 72956 507786 1 0 3 0x4000000 vmmaplk syz-executor.4 72956 98142 1 0 3 0x4000080 fsleep syz-executor.4 72956 237057 1 0 3 0x4000000 vmmaplk syz-executor.4 68549 16015 69444 0 3 0x2 biowait syz-executor.6 93841 295837 69444 0 2 0x482 syz-executor.5 69235 377918 0 0 3 0x14200 acct acct 37871 234474 0 0 3 0x14200 bored sosplice 60125 4668 69444 0 3 0x82 piperd syz-executor.7 61558 266191 69444 0 2 0x482 syz-executor.2 84010 445995 69444 0 2 0x482 syz-executor.1 60902 74395 69444 0 2 0x482 syz-executor.0 69444 224479 14226 0 3 0x82 wait syz-fuzzer 69444 69177 14226 0 3 0x4000082 thrsleep syz-fuzzer 69444 445073 14226 0 3 0x4000082 wait syz-fuzzer 69444 41904 14226 0 3 0x4000082 kqread syz-fuzzer 69444 10933 14226 0 3 0x4000082 wait syz-fuzzer 69444 293532 14226 0 3 0x4000082 wait syz-fuzzer 69444 420738 14226 0 3 0x4000082 wait syz-fuzzer 69444 197760 14226 0 3 0x4000082 thrsleep syz-fuzzer 69444 416150 14226 0 3 0x4000082 thrsleep syz-fuzzer 69444 123822 14226 0 3 0x4000082 thrsleep syz-fuzzer 69444 302720 14226 0 3 0x4000082 thrsleep syz-fuzzer 69444 439123 14226 0 3 0x4000082 wait syz-fuzzer 69444 485404 14226 0 3 0x4000082 wait syz-fuzzer 69444 498686 14226 0 3 0x4000082 wait syz-fuzzer 69444 299320 14226 0 3 0x4000082 thrsleep syz-fuzzer 14226 306727 49620 0 3 0x10008a sigsusp ksh 49620 296935 61065 0 3 0x9a kqread sshd 56955 473580 1 0 3 0x100083 ttyin getty 61065 517264 1 0 3 0x88 kqread sshd 20599 245486 68946 74 3 0x1100092 bpf pflogd 68946 397866 1 0 3 0x80 netio pflogd 20959 87449 22938 73 3 0x1100090 kqread syslogd 22938 282774 1 0 3 0x100082 netio syslogd 4816 84360 1 0 3 0x100080 kqread resolvd 11092 403130 92027 77 3 0x100092 kqread dhcpleased 73034 277544 92027 77 3 0x100092 kqread dhcpleased 92027 209563 1 0 3 0x80 kqread dhcpleased 10792 284945 0 0 3 0x14200 bored smr 46488 501805 0 0 2 0x14200 zerothread 52864 280141 0 0 3 0x14200 aiodoned aiodoned 63436 8670 0 0 3 0x14200 syncer update 44990 257203 0 0 3 0x14200 cleaner cleaner 96691 127476 0 0 3 0x14200 reaper reaper 53292 182290 0 0 3 0x14200 pgdaemon pagedaemon 46712 54177 0 0 3 0x14200 bored viomb 90746 264461 0 0 3 0x40014200 acpi0 acpi0 9324 362823 0 0 3 0x40014200 idle1 24869 404318 0 0 3 0x14200 bored softnet 70189 310349 0 0 3 0x14200 bored softnet 74045 379733 0 0 3 0x14200 bored softnet 72074 444296 0 0 2 0x14200 softnet 87845 258188 0 0 3 0x14200 bored systqmp 35276 463841 0 0 3 0x14200 bored systq 97589 506232 0 0 3 0x40014200 bored softclock 87637 276093 0 0 3 0x40014200 idle0 1 202166 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10212 6495K 7311K 78643K 13993 0 pcb 13 16K 18K 78643K 422 0 rtable 175 15K 18K 78643K 892 0 ifaddr 72 23K 26K 78643K 257 0 sysctl 2 0K 0K 78643K 2 0 counters 56 35K 36K 78643K 232 0 ioctlops 0 0K 4K 78643K 1875 0 iov 0 0K 20K 78643K 203 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1443 90K 90K 78643K 3061 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 3 5K 9K 78643K 31 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 163 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 14 49K 81K 78643K 2221 0 sigio 0 0K 0K 78643K 323 0 proc 73 91K 140K 78643K 828 0 subproc 117 7K 7K 78643K 208 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 102 0 in_multi 61 4K 6K 78643K 226 0 ether_multi 1 0K 0K 78643K 4 0 mrt 0 0K 0K 78643K 6 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 73 334K 334K 78643K 73 0 exec 0 0K 1K 78643K 647 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 335 96K 112K 78643K 17152 0 UVM aobj 131 4K 4K 78643K 131 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 72 0 NDP 13 0K 0K 78643K 89 0 temp 137 5778K 6802K 78643K 16924 0 kqueue 12 18K 24K 78643K 231 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 253 0 250 5 4 1 3 0 8 0 rtentry 112 241 0 169 4 0 4 4 0 8 0 unpcb 144 4478 0 4461 31 25 6 8 0 8 5 syncache 296 21 0 21 7 7 0 1 0 8 0 tcpqe 32 530 0 530 5 5 0 2 0 8 0 tcpcb 776 847 0 842 35 34 1 14 0 8 0 arp 120 40 0 27 1 0 1 1 0 8 0 inpcb 368 2410 0 2398 41 39 2 16 0 8 0 nd6 48 53 0 40 1 0 1 1 0 8 0 kcovpl 48 16 0 7 1 0 1 1 0 8 0 ppxss 1256 68 0 68 5 5 0 1 0 8 0 pppxif 1456 6 0 6 2 2 0 1 0 8 0 pfstscr 40 6 0 6 2 2 0 1 0 8 0 pffrag 232 25 0 25 1 1 0 1 0 482 0 pffrnode 88 25 0 25 1 1 0 1 0 8 0 pffrent 40 49 0 49 1 1 0 1 0 8 0 pfosfp 40 1474 0 1048 5 0 5 5 0 8 0 pfosfpen 112 1474 0 753 21 0 21 21 0 8 0 pfanchor 1280 7 0 0 1 0 1 1 0 8 0 pfstitem 24 52 0 42 1 0 1 1 0 8 0 pfstkey 128 60 0 50 2 1 1 2 0 8 0 pfstate 384 54 0 44 4 2 2 4 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 3 0 2 3 2 1 2 0 8 0 art_heap4 256 1089 0 769 32 11 21 30 0 8 0 art_table 32 1092 0 771 4 0 4 4 0 8 0 art_node 16 240 0 174 1 0 1 1 0 8 0 sysvmsgpl 40 74 0 70 1 0 1 1 0 8 0 semapl 112 156 0 146 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 4318 0 2873 91 0 91 91 0 8 0 ffsino 272 4318 0 2873 97 0 97 97 0 8 0 nchpl 144 7813 0 6169 63 0 63 63 0 8 0 rtmask 32 9 0 9 4 4 0 1 0 8 0 uvmvnodes 80 5824 0 0 119 0 119 119 0 8 0 vnodes 216 5824 0 0 324 0 324 324 0 8 0 namei 1024 27190 0 27189 5 4 1 2 0 8 0 percpumem 16 129 0 88 1 0 1 1 0 8 0 vmpool 696 4 0 4 1 1 0 1 0 8 0 kstatmem 264 106 0 80 2 0 2 2 0 8 0 scsiplug 72 3 0 3 1 1 0 1 0 8 0 scxspl 216 21430 0 21429 19 18 1 8 0 8 0 plimitpl 152 244 0 227 1 0 1 1 0 8 0 sigapl 424 2549 0 2501 9 3 6 8 0 8 0 futexpl 64 19392 0 19390 1 0 1 1 0 8 0 knotepl 120 338 0 0 9 0 9 9 0 8 0 kqueuepl 216 685 0 677 19 18 1 5 0 8 0 pipepl 320 600 0 571 16 13 3 8 0 8 0 fdescpl 496 2510 0 2483 8 3 5 5 0 8 1 filepl 152 20485 0 20226 50 33 17 19 0 8 6 lockfpl 104 600 0 598 1 0 1 1 0 8 0 lockfspl 48 208 0 206 1 0 1 1 0 8 0 sessionpl 144 32 0 14 1 0 1 1 0 8 0 pgrppl 48 74 0 56 1 0 1 1 0 8 0 ucredpl 104 1680 0 1668 1 0 1 1 0 8 0 zombiepl 144 2503 0 2501 3 2 1 1 0 8 0 processpl 1072 2549 0 2501 5 1 4 5 0 8 0 procpl 696 6446 0 6376 12 4 8 9 0 8 0 srpgc 96 18 0 18 9 8 1 1 0 8 1 sosppl 168 20 0 20 5 5 0 1 0 8 0 sockpl 488 7208 0 7177 158 137 21 28 0 8 16 mcl64k 65536 14 0 0 2 0 2 2 0 8 0 mcl16k 16384 7 0 0 1 0 1 1 0 8 0 mcl12k 12288 22 0 0 2 0 2 2 0 8 0 mcl9k 9216 4 0 0 1 0 1 1 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 18 0 0 3 0 3 3 0 8 0 mcl2k2 2112 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 397 0 0 49 0 49 49 0 8 0 mtagpl 96 76 0 0 2 0 2 2 0 8 0 mbufpl 256 1832 0 0 105 0 105 105 0 8 0 bufpl 288 7011 0 686 452 0 452 452 0 8 0 anonpl 24 560286 0 542455 168 45 123 147 0 186 0 amapchunkpl 152 49055 0 48293 51 18 33 43 0 158 0 amappl16 200 6937 0 6313 76 42 34 46 0 8 0 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 187 0 170 2 0 2 2 0 8 0 amappl13 176 3 0 3 1 1 0 1 0 8 0 amappl12 168 524 0 523 1 0 1 1 0 8 0 amappl11 160 49 0 34 1 0 1 1 0 8 0 amappl10 152 50 0 39 1 0 1 1 0 8 0 amappl9 144 974 0 974 7 6 1 1 0 8 1 amappl8 136 240 0 172 3 0 3 3 0 8 0 amappl7 128 185 0 156 2 0 2 2 0 8 0 amappl6 120 239 0 225 2 1 1 2 0 8 0 amappl5 112 211 0 201 1 0 1 1 0 8 0 amappl4 104 595 0 563 3 2 1 2 0 8 0 amappl3 96 6984 0 6928 2 0 2 2 0 8 0 amappl2 88 3031 0 2952 4 2 2 4 0 8 0 amappl1 80 59407 0 58635 28 10 18 28 0 8 0 amappl 88 16493 0 16301 6 1 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 2516 0 2489 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2516 0 2489 1 0 1 1 0 8 0 vmmpekpl 168 25445 0 25384 3 0 3 3 0 8 0 vmmpepl 168 241670 0 238843 228 88 140 156 0 357 5 vmsppl 440 2515 0 2489 5 1 4 4 0 8 0 rwobjpl 56 71550 0 63733 120 8 112 112 0 8 1 pdppl 4096 5039 0 4978 251 180 71 77 0 8 10 pvpl 32 1135997 0 1112224 392 183 209 367 0 265 0 pmappl 248 2515 0 2489 3 1 2 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1146 0 243 26 0 26 26 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff82b24ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82db6020) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82db6020) at __mp_lock+0x122 sys/kern/kern_lock.c:147 intr_handler(ffff8000293b53e0,ffff80000067c100) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532 Xintr_ioapic_edge24_untramp() at Xintr_ioapic_edge24_untramp+0x18f __mp_lock(ffffffff82db6020) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82db6020) at __mp_lock+0x122 sys/kern/kern_lock.c:147 intr_handler(ffff8000293b5530,ffff80000006ba00) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532 Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f end of kernel end trace frame: 0x7f7fffff2ee0, count: -9 ddb{0}> machine ddbcpu 1 Stopped at in6_addmulti+0xc4: movzbl 0x1(%rax),%ebx ddb{1}> trace in6_addmulti(ffff800024b22bd8,ffff800000d1d000,ffff800024b22c6c) at in6_addmulti+0xc4 sys/netinet6/in6.c:1037 in6_update_ifa(ffff800000d1d000,ffff800024b22ce0,0) at in6_update_ifa+0x1418 in6_joingroup sys/netinet6/in6.c:1154 [inline] in6_update_ifa(ffff800000d1d000,ffff800024b22ce0,0) at in6_update_ifa+0x1418 sys/netinet6/in6.c:776 in6_ifattach_linklocal(ffff800000d1d000,0) at in6_ifattach_linklocal+0x28d sys/netinet6/in6_ifattach.c:281 in6_ifattach(ffff800000d1d000) at in6_ifattach+0x1bb sys/netinet6/in6_ifattach.c:405 ifnewlladdr(ffff800000d1d000) at ifnewlladdr+0x180 sys/net/if.c:3204 ifioctl(fffffd8067f265e8,8020691f,ffff800024b22f40,ffff8000211f58d0) at ifioctl+0x1f5e sys/net/if.c:2253 sys_ioctl(ffff8000211f58d0,ffff800024b23058,ffff800024b230a0) at sys_ioctl+0x4a2 syscall(ffff800024b23120) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff800024b23120) at syscall+0x606 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5fb17d5bd30, count: -9