kernel: protection fault trap, code=0 Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace in_delmulti(bf7fffc000000000) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000b11c00) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000ac7000) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000ac7000) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000ac7000) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:326 ifioctl(fffffd80564c0018,80206979,ffff80001d781b70,ffff80001d6be508) at ifioctl+0x3de sys/net/if.c:1821 sys_ioctl(ffff80001d6be508,ffff80001d781c88,ffff80001d781cd0) at sys_ioctl+0x4a1 syscall(ffff80001d781d50) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2c2fa118c50, count: -9 ddb> show registers rdi 0xffff80001d78a000 rsi 0x11d26 __ALIGN_SIZE+0x10d26 rbp 0xffff80001d781950 rbx 0 rdx 0xffff80001d78a000 rcx 0x11d25 __ALIGN_SIZE+0x10d25 rax 0xffffffff817ba21d in_delmulti+0x8d r8 0xffff800000b11c00 r9 0xffffffff81256843 rt_ifa_purge+0x153 r10 0x5 r11 0x67121b4a04455437 r12 0 r13 0x3 r14 0xbf7fffc000000000 r15 0x1 rip 0xffffffff817ba21d in_delmulti+0x8d cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80001d7818f0 ss 0x10 in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb> show proc PROC (syz-executor.0) pid=128733 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=79, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6bec70,0xffff80001d6beef8 process=0xffff80001d6c0ed0 user=0xffff80001d77c000, vmspace=0xfffffd805714bcd0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 34249 444407 55749 0 3 0x80 nanosleep syz-executor.0 *34249 128733 55749 0 7 0x4000000 syz-executor.0 34249 130641 55749 0 3 0x4000080 fsleep syz-executor.0 44828 270869 0 0 3 0x14200 bored sosplice 26530 385416 65268 0 2 0x2 syz-executor.1 55749 419756 65268 0 3 0x82 nanosleep syz-executor.0 65268 212210 48035 0 3 0x82 thrsleep syz-fuzzer 65268 108812 48035 0 2 0x4000082 syz-fuzzer 65268 452054 48035 0 3 0x4000082 thrsleep syz-fuzzer 65268 457397 48035 0 3 0x4000082 thrsleep syz-fuzzer 65268 207726 48035 0 2 0x4000002 syz-fuzzer 65268 251790 48035 0 3 0x4000082 thrsleep syz-fuzzer 48035 164005 82222 0 3 0x10008a pause ksh 82222 488911 66868 0 3 0x92 select sshd 51141 176927 1 0 3 0x100083 ttyin getty 66868 509877 1 0 3 0x80 select sshd 50537 235625 33253 73 3 0x100090 kqread syslogd 33253 14778 1 0 3 0x100082 netio syslogd 66258 69017 1 77 2 0x100090 dhclient 11433 398159 1 0 3 0x80 poll dhclient 66682 240067 0 0 3 0x14200 bored smr 81347 484405 0 0 3 0x14200 pgzero zerothread 29312 97141 0 0 3 0x14200 aiodoned aiodoned 8118 321408 0 0 3 0x14200 syncer update 5067 250236 0 0 3 0x14200 cleaner cleaner 21231 281448 0 0 3 0x14200 reaper reaper 48517 182668 0 0 3 0x14200 pgdaemon pagedaemon 67302 88566 0 0 3 0x14200 bored crynlk 42638 322618 0 0 3 0x14200 bored crypto 4121 251720 0 0 3 0x40014200 acpi0 acpi0 31041 475405 0 0 3 0x14200 bored softnet 410 313990 0 0 2 0x14200 systqmp 74282 269580 0 0 3 0x14200 bored systq 36812 384056 0 0 3 0x40014200 bored softclock 48759 355871 0 0 3 0x40014200 idle0 1 304481 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9487 6342K 7182K 78643K 11992 0 pcb 13 8K 8K 78643K 60 0 rtable 103 4K 7K 78643K 346 0 ifaddr 68 14K 15K 78643K 119 0 sysctl 2 0K 0K 78643K 2 0 counters 21 16K 16K 78643K 27 0 ioctlops 0 0K 4K 78643K 67 0 iov 0 0K 12K 78643K 34 0 mount 1 1K 1K 78643K 1 0 vnodes 1225 77K 77K 78643K 1593 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 7 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 96 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 387 0 sigio 0 0K 0K 78643K 16 0 proc 49 38K 54K 78643K 385 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 20 0 in_multi 54 2K 3K 78643K 102 0 ether_multi 1 0K 0K 78643K 10 0 mrt 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 212 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 134 55K 55K 78643K 1745 0 UVM aobj 28 4K 4K 78643K 28 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 8 0 NDP 10 0K 0K 78643K 25 0 temp 128 3876K 3940K 78643K 6622 0 kqueue 3 4K 13K 78643K 38 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 7 0 2 1 0 1 1 0 8 0 rtpcb 88 41 0 39 1 0 1 1 0 8 0 rtentry 112 61 0 22 2 0 2 2 0 8 0 unpcb 120 572 0 564 1 0 1 1 0 8 0 syncache 272 7 0 7 3 2 1 1 0 8 1 tcpqe 32 390 0 390 2 1 1 1 0 8 1 tcpcb 592 135 0 130 3 1 2 2 0 8 1 ipq 40 1 0 0 1 0 1 1 0 8 0 ipqe 40 2 0 1 1 0 1 1 0 8 0 inpcb 296 473 0 465 3 1 2 2 0 8 1 nd6 48 13 0 9 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 ppxss 1136 1 0 1 1 1 0 1 0 8 0 pfrktable 1344 29 0 27 1 0 1 1 0 8 0 pftag 88 6 0 6 2 1 1 1 0 8 1 pfrule 1360 10 0 6 1 0 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 240 0 58 14 0 14 14 0 8 0 art_table 32 242 0 58 2 0 2 2 0 8 0 art_node 16 60 0 20 1 0 1 1 0 8 0 sysvmsgpl 40 10 0 8 2 1 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 92 0 82 1 0 1 1 0 8 0 shmpl 112 25 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1872 0 479 88 0 88 88 0 8 0 ffsino 240 1872 0 479 83 0 83 83 0 8 0 nchpl 144 2600 0 1012 60 0 60 60 0 8 0 uvmvnodes 72 2242 0 0 41 0 41 41 0 8 0 vnodes 208 2242 0 0 118 0 118 118 0 8 0 namei 1024 6950 0 6950 2 1 1 1 0 8 1 vcpupl 1984 4 0 0 1 0 1 1 0 8 0 vmpool 528 6 0 2 1 0 1 1 0 8 0 pfiaddrpl 120 10 0 8 1 0 1 1 0 8 0 scxspl 200 7478 0 7478 1 0 1 1 0 8 1 plimitpl 152 36 0 29 1 0 1 1 0 8 0 sigapl 424 574 0 545 4 0 4 4 0 8 0 futexpl 56 8741 0 8740 2 1 1 1 0 8 0 knotepl 112 109 0 89 1 0 1 1 0 8 0 kqueuepl 152 64 0 62 1 0 1 1 0 8 0 pipepl 272 131 0 120 3 1 2 2 0 8 1 fdescpl 432 559 0 545 2 0 2 2 0 8 0 filepl 120 3509 0 3411 5 1 4 4 0 8 1 lockfpl 104 59 0 58 1 0 1 1 0 8 0 lockfspl 48 26 0 25 1 0 1 1 0 8 0 sessionpl 120 17 0 7 1 0 1 1 0 8 0 pgrppl 48 19 0 9 1 0 1 1 0 8 0 ucredpl 96 267 0 260 1 0 1 1 0 8 0 zombiepl 144 545 0 545 2 1 1 1 0 8 1 processpl 944 574 0 545 4 0 4 4 0 8 0 procpl 632 1036 0 1000 4 0 4 4 0 8 0 sosppl 144 2 0 2 1 1 0 1 0 8 0 sockpl 400 1229 0 1211 5 2 3 4 0 8 0 mcl64k 65536 276 0 276 34 33 1 33 0 8 1 mcl16k 16384 3 0 3 3 2 1 1 0 8 1 mcl12k 12288 12 0 12 2 1 1 1 0 8 1 mcl9k 9216 2 0 2 2 2 0 1 0 8 0 mcl8k 8192 13 0 13 2 1 1 1 0 8 1 mcl4k 4096 50 0 50 3 2 1 1 0 8 1 mcl2k2 2112 3 0 3 2 1 1 1 0 8 1 mcl2k 2048 84655 0 84594 22 13 9 19 0 8 0 mtagpl 96 202 0 101 6 1 5 5 0 8 0 mbufpl 256 138212 0 137891 45 8 37 37 0 8 0 bufpl 280 3764 0 118 261 0 261 261 0 8 0 anonpl 16 70785 0 51235 91 11 80 83 0 107 1 amapchunkpl 152 2728 0 2524 22 13 9 21 0 158 0 amappl16 192 3040 0 2010 60 7 53 55 0 8 1 amappl15 184 162 0 158 1 0 1 1 0 8 0 amappl14 176 3 0 2 1 0 1 1 0 8 0 amappl13 168 27 0 24 1 0 1 1 0 8 0 amappl12 160 24 0 21 1 0 1 1 0 8 0 amappl11 152 44 0 34 1 0 1 1 0 8 0 amappl10 144 13 0 9 1 0 1 1 0 8 0 amappl9 136 558 0 556 1 0 1 1 0 8 0 amappl8 128 307 0 276 1 0 1 1 0 8 0 amappl7 120 103 0 90 1 0 1 1 0 8 0 amappl6 112 28 0 21 1 0 1 1 0 8 0 amappl5 104 477 0 465 1 0 1 1 0 8 0 amappl4 96 432 0 408 1 0 1 1 0 8 0 amappl3 88 146 0 137 1 0 1 1 0 8 0 amappl2 80 3808 0 3742 2 0 2 2 0 8 0 amappl1 72 21875 0 21446 24 15 9 17 0 8 0 amappl 80 1276 0 1220 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 27 0 0 1 0 1 1 0 8 0 uaddrrnd 24 565 0 547 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 565 0 547 1 0 1 1 0 8 0 vmmpekpl 168 7452 0 7425 2 0 2 2 0 8 0 vmmpepl 168 75040 0 72895 134 35 99 117 0 357 3 vmsppl 272 564 0 547 3 1 2 2 0 8 0 pdppl 4096 1136 0 1098 7 1 6 6 0 8 0 pvpl 32 214189 0 191745 208 22 186 190 0 265 3 pmappl 200 564 0 547 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 325 0 69 9 0 9 9 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace in_delmulti(bf7fffc000000000) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000b11c00) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000ac7000) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000ac7000) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000ac7000) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:326 ifioctl(fffffd80564c0018,80206979,ffff80001d781b70,ffff80001d6be508) at ifioctl+0x3de sys/net/if.c:1821 sys_ioctl(ffff80001d6be508,ffff80001d781c88,ffff80001d781cd0) at sys_ioctl+0x4a1 syscall(ffff80001d781d50) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2c2fa118c50, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace in_delmulti(bf7fffc000000000) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000b11c00) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000ac7000) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000ac7000) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000ac7000) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:326 ifioctl(fffffd80564c0018,80206979,ffff80001d781b70,ffff80001d6be508) at ifioctl+0x3de sys/net/if.c:1821 sys_ioctl(ffff80001d6be508,ffff80001d781c88,ffff80001d781cd0) at sys_ioctl+0x4a1 syscall(ffff80001d781d50) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2c2fa118c50, count: -9