kernel: protection fault trap, code=0 Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace in_delmulti(bfffffffffffffff) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000aff800) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000af3000) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000af3000) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000af3000) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:326 tun_dev_close(5d00,7) at tun_dev_close+0x160 sys/net/if_tun.c:477 spec_close(ffff8000209c51b0) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd805dbcf4e0,7,fffffd806c3bfa80,ffff80001e7fe2a0) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174 vn_closefile(fffffd805d7ec698,ffff80001e7fe2a0) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd805d7ec698,ffff80001e7fe2a0) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614 fdrop(fffffd805d7ec698,ffff80001e7fe2a0) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd805d7ec698,ffff80001e7fe2a0) at closef+0x117 sys/kern/kern_descrip.c:1263 fdfree(ffff80001e7fe2a0) at fdfree+0x100 sys/kern/kern_descrip.c:1195 exit1(ffff80001e7fe2a0,0,9,1) at exit1+0x32c sys/kern/kern_exit.c:197 postsig(ffff80001e7fe2a0,9) at postsig+0x4b2 sigexit sys/kern/kern_sig.c:1483 [inline] postsig(ffff80001e7fe2a0,9) at postsig+0x4b2 sys/kern/kern_sig.c:1415 userret(ffff80001e7fe2a0) at userret+0x159 sys/kern/kern_sig.c:1872 syscall(ffff8000209c5630) at syscall+0x42e mi_syscall_return sys/sys/syscall_mi.h:129 [inline] syscall(ffff8000209c5630) at syscall+0x42e sys/arch/amd64/amd64/trap.c:592 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffcbfe0, count: -17 ddb> show registers rdi 0x2 rsi 0 rbp 0xffff8000209c4f80 rbx 0 rdx 0 rcx 0x1 rax 0xffff80001e7fe2a0 r8 0xffff800000aff800 r9 0xffffffff81256843 rt_ifa_purge+0x153 r10 0x5 r11 0x1710fc0665b4b32c r12 0 r13 0x3 r14 0xbfffffffffffffff r15 0x1 rip 0xffffffff817ba21d in_delmulti+0x8d cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000209c4f20 ss 0x10 in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb> show proc PROC (syz-executor.0) pid=436142 stat=onproc flags process=a proc=2000 pri=32, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff80001e7fe518,0xffff80001e7ffb60 process=0xffff80001e825650 user=0xffff8000209c0000, vmspace=0xfffffd806bc0add0 estcpu=0, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 99643 176145 0 0 3 0x14280 nfsidl nfsio 59836 111576 0 0 3 0x14280 nfsidl nfsio 15712 104318 0 0 3 0x14280 nfsidl nfsio 96213 295761 0 0 3 0x14280 nfsidl nfsio 87314 256676 0 0 3 0x14280 nfsidl nfsio 82972 340223 0 0 3 0x14280 nfsidl nfsio 10136 510111 0 0 3 0x14280 nfsidl nfsio 95946 46660 0 0 3 0x14280 nfsidl nfsio 78133 327194 0 0 3 0x14280 nfsidl nfsio 73345 64388 0 0 3 0x14280 nfsidl nfsio 41138 85766 0 0 3 0x14280 nfsidl nfsio 2678 465023 0 0 3 0x14280 nfsidl nfsio 25859 49773 0 0 3 0x14280 nfsidl nfsio 84795 271277 0 0 3 0x14280 nfsidl nfsio 61845 386713 0 0 3 0x14280 nfsidl nfsio 59069 21890 0 0 3 0x14280 nfsidl nfsio 36337 113386 0 0 3 0x14280 nfsidl nfsio 29251 175218 0 0 3 0x14280 nfsidl nfsio 7717 136963 0 0 3 0x14280 nfsidl nfsio 48545 429216 0 0 3 0x14280 nfsidl nfsio 67690 300791 0 0 3 0x14200 bored sosplice 12421 413962 75803 0 2 0x82 syz-fuzzer 12421 219886 75803 0 2 0x4000002 syz-fuzzer 12421 335906 75803 0 3 0x4000082 thrsleep syz-fuzzer 12421 206983 75803 0 3 0x4000082 thrsleep syz-fuzzer 12421 395842 75803 0 3 0x4000082 thrsleep syz-fuzzer 12421 164824 75803 0 3 0x4000082 kqread syz-fuzzer 75803 315614 95270 0 3 0x10008a pause ksh 95270 504607 9061 0 3 0x92 select sshd 28689 506897 1 0 3 0x100083 ttyin getty 9061 78717 1 0 3 0x80 select sshd 65165 160632 81322 73 3 0x100010 ffs_fsync syslogd 81322 201314 1 0 3 0x100082 netio syslogd 13095 203472 1 77 2 0x100090 dhclient 29467 184932 1 0 3 0x80 poll dhclient 44532 194506 0 0 3 0x14200 bored smr 41135 166805 0 0 3 0x14200 pgzero zerothread 95362 368645 0 0 3 0x14200 aiodoned aiodoned 68520 486798 0 0 3 0x14200 syncer update 50609 344346 0 0 3 0x14200 cleaner cleaner 66417 432501 0 0 3 0x14200 reaper reaper 28525 247767 0 0 3 0x14200 pgdaemon pagedaemon 10972 191524 0 0 3 0x14200 bored crynlk 33253 210950 0 0 3 0x14200 bored crypto 83810 366772 0 0 3 0x40014200 acpi0 acpi0 22143 169307 0 0 3 0x14200 bored softnet 8199 68207 0 0 2 0x14200 systqmp 18402 511625 0 0 3 0x14200 bored systq 45618 270625 0 0 3 0x40014200 bored softclock 99358 217433 0 0 3 0x40014200 idle0 1 67159 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9480 6343K 7243K 78643K 12221 0 pcb 13 8K 8K 78643K 87 0 rtable 103 11K 12K 78643K 429 0 ifaddr 57 12K 12K 78643K 105 0 counters 21 16K 16K 78643K 24 0 ioctlops 0 0K 4K 78643K 76 0 iov 0 0K 24K 78643K 312 0 mount 1 1K 1K 78643K 1 0 vnodes 1227 77K 77K 78643K 1702 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 10 0 VM map 2 0K 0K 78643K 2 0 sem 11 0K 0K 78643K 21 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 4 9K 25K 78643K 497 0 sigio 0 0K 0K 78643K 36 0 proc 50 38K 55K 78643K 490 0 subproc 14 0K 2K 78643K 85 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 41 0 in_multi 39 2K 2K 78643K 158 0 ether_multi 1 0K 0K 78643K 11 0 mrt 0 0K 0K 78643K 3 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 244 0 pfkey data 0 0K 1K 78643K 2 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 136 39K 43K 78643K 2113 0 UVM aobj 23 2K 2K 78643K 27 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 136 0 NDP 9 0K 0K 78643K 33 0 temp 105 3859K 3922K 78643K 6950 0 kqueue 3 4K 11K 78643K 24 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 14 0 10 1 0 1 1 0 8 0 rtpcb 88 39 0 37 1 0 1 1 0 8 0 rtentry 112 111 0 71 2 0 2 2 0 8 0 unpcb 120 294 0 285 1 0 1 1 0 8 0 syncache 272 11 0 11 4 4 0 1 0 8 0 tcpqe 32 200 0 200 2 2 0 1 0 8 0 tcpcb 592 163 0 159 5 4 1 2 0 8 0 ipq 40 3 0 3 2 2 0 1 0 8 0 ipqe 40 8 0 8 2 2 0 1 0 8 0 inpcb 296 609 0 602 5 4 1 2 0 8 0 rttmr 72 1 0 1 1 1 0 1 0 8 0 nd6 48 32 0 26 1 0 1 1 0 8 0 pkpcb 40 8 0 8 3 3 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 443 0 256 18 6 12 16 0 8 0 art_table 32 444 0 256 2 0 2 2 0 8 0 art_node 16 110 0 70 1 0 1 1 0 8 0 sysvmsgpl 40 22 0 5 1 0 1 1 0 8 0 semupl 112 6 0 6 2 2 0 1 0 8 0 semapl 112 13 0 4 1 0 1 1 0 8 0 shmpl 112 24 0 4 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2036 0 641 88 0 88 88 0 8 0 ffsino 240 2036 0 641 83 0 83 83 0 8 0 nchpl 144 2908 0 1316 60 0 60 60 0 8 0 uvmvnodes 72 2506 0 0 46 0 46 46 0 8 0 vnodes 208 2506 0 0 132 0 132 132 0 8 0 namei 1024 8574 0 8574 2 2 0 1 0 8 0 vcpupl 1984 2 0 0 1 0 1 1 0 8 0 vmpool 528 5 0 3 2 1 1 1 0 8 0 scxspl 200 9070 0 9069 1 0 1 1 0 8 0 plimitpl 152 41 0 33 1 0 1 1 0 8 0 sigapl 424 695 0 647 6 0 6 6 0 8 0 futexpl 56 9938 0 9938 3 3 0 1 0 8 0 knotepl 112 137 0 121 1 0 1 1 0 8 0 kqueuepl 152 74 0 72 1 0 1 1 0 8 0 pipepl 272 139 0 130 3 2 1 2 0 8 0 fdescpl 432 660 0 647 2 0 2 2 0 8 0 filepl 120 4208 0 4133 4 1 3 4 0 8 0 lockfpl 104 87 0 86 1 0 1 1 0 8 0 lockfspl 48 33 0 32 1 0 1 1 0 8 0 sessionpl 120 20 0 10 1 0 1 1 0 8 0 pgrppl 48 20 0 10 1 0 1 1 0 8 0 ucredpl 96 502 0 495 1 0 1 1 0 8 0 zombiepl 144 649 0 645 1 0 1 1 0 8 0 processpl 944 695 0 645 7 0 7 7 0 8 0 procpl 632 1261 0 1206 8 2 6 6 0 8 0 sosppl 144 11 0 11 2 2 0 1 0 8 0 sockpl 400 951 0 933 5 2 3 4 0 8 0 mcl64k 65536 17 0 17 2 2 0 1 0 8 0 mcl16k 16384 3 0 3 3 3 0 1 0 8 0 mcl12k 12288 6 0 6 3 3 0 1 0 8 0 mcl9k 9216 4 0 4 2 2 0 1 0 8 0 mcl8k 8192 20 0 20 3 3 0 1 0 8 0 mcl4k 4096 54 0 54 5 5 0 1 0 8 0 mcl2k2 2112 3 0 3 3 3 0 1 0 8 0 mcl2k 2048 90442 0 90380 20 10 10 16 0 8 0 mtagpl 96 234 0 234 5 1 4 4 0 8 4 mbufpl 256 147306 0 147159 40 13 27 29 0 8 2 bufpl 280 5587 0 233 383 0 383 383 0 8 0 anonpl 16 100342 0 80437 113 14 99 99 0 107 17 amapchunkpl 152 4926 0 4720 42 23 19 23 0 158 8 amappl16 192 3882 0 2832 76 22 54 65 0 8 0 amappl15 184 69 0 68 1 0 1 1 0 8 0 amappl14 176 2 0 1 1 0 1 1 0 8 0 amappl13 168 145 0 142 1 0 1 1 0 8 0 amappl12 160 133 0 130 1 0 1 1 0 8 0 amappl11 152 63 0 53 1 0 1 1 0 8 0 amappl10 144 171 0 166 1 0 1 1 0 8 0 amappl9 136 353 0 352 1 0 1 1 0 8 0 amappl8 128 366 0 332 2 0 2 2 0 8 0 amappl7 120 217 0 201 1 0 1 1 0 8 0 amappl6 112 30 0 24 1 0 1 1 0 8 0 amappl5 104 595 0 585 1 0 1 1 0 8 0 amappl4 96 472 0 443 1 0 1 1 0 8 0 amappl3 88 130 0 122 1 0 1 1 0 8 0 amappl2 80 4425 0 4368 2 0 2 2 0 8 0 amappl1 72 24647 0 24253 23 14 9 17 0 8 0 amappl 80 1543 0 1489 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 26 0 4 1 0 1 1 0 8 0 uaddrrnd 24 665 0 650 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 665 0 650 1 0 1 1 0 8 0 vmmpekpl 168 8283 0 8254 2 0 2 2 0 8 0 vmmpepl 168 90953 0 88910 198 78 120 161 0 357 22 vmsppl 272 664 0 650 4 2 2 2 0 8 1 pdppl 4096 1336 0 1302 6 1 5 6 0 8 0 pvpl 32 306661 0 283758 357 35 322 337 0 265 131 pmappl 200 664 0 650 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 292 0 57 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace in_delmulti(bfffffffffffffff) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000aff800) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000af3000) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000af3000) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000af3000) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:326 tun_dev_close(5d00,7) at tun_dev_close+0x160 sys/net/if_tun.c:477 spec_close(ffff8000209c51b0) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd805dbcf4e0,7,fffffd806c3bfa80,ffff80001e7fe2a0) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174 vn_closefile(fffffd805d7ec698,ffff80001e7fe2a0) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd805d7ec698,ffff80001e7fe2a0) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614 fdrop(fffffd805d7ec698,ffff80001e7fe2a0) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd805d7ec698,ffff80001e7fe2a0) at closef+0x117 sys/kern/kern_descrip.c:1263 fdfree(ffff80001e7fe2a0) at fdfree+0x100 sys/kern/kern_descrip.c:1195 exit1(ffff80001e7fe2a0,0,9,1) at exit1+0x32c sys/kern/kern_exit.c:197 postsig(ffff80001e7fe2a0,9) at postsig+0x4b2 sigexit sys/kern/kern_sig.c:1483 [inline] postsig(ffff80001e7fe2a0,9) at postsig+0x4b2 sys/kern/kern_sig.c:1415 userret(ffff80001e7fe2a0) at userret+0x159 sys/kern/kern_sig.c:1872 syscall(ffff8000209c5630) at syscall+0x42e mi_syscall_return sys/sys/syscall_mi.h:129 [inline] syscall(ffff8000209c5630) at syscall+0x42e sys/arch/amd64/amd64/trap.c:592 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffcbfe0, count: -17 ddb> machine ddbcpu 1 No such command ddb> trace in_delmulti(bfffffffffffffff) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000aff800) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000af3000) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000af3000) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000af3000) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:326 tun_dev_close(5d00,7) at tun_dev_close+0x160 sys/net/if_tun.c:477 spec_close(ffff8000209c51b0) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd805dbcf4e0,7,fffffd806c3bfa80,ffff80001e7fe2a0) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174 vn_closefile(fffffd805d7ec698,ffff80001e7fe2a0) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd805d7ec698,ffff80001e7fe2a0) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614 fdrop(fffffd805d7ec698,ffff80001e7fe2a0) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd805d7ec698,ffff80001e7fe2a0) at closef+0x117 sys/kern/kern_descrip.c:1263 fdfree(ffff80001e7fe2a0) at fdfree+0x100 sys/kern/kern_descrip.c:1195 exit1(ffff80001e7fe2a0,0,9,1) at exit1+0x32c sys/kern/kern_exit.c:197 postsig(ffff80001e7fe2a0,9) at postsig+0x4b2 sigexit sys/kern/kern_sig.c:1483 [inline] postsig(ffff80001e7fe2a0,9) at postsig+0x4b2 sys/kern/kern_sig.c:1415 userret(ffff80001e7fe2a0) at userret+0x159 sys/kern/kern_sig.c:1872 syscall(ffff8000209c5630) at syscall+0x42e mi_syscall_return sys/sys/syscall_mi.h:129 [inline] syscall(ffff8000209c5630) at syscall+0x42e sys/arch/amd64/amd64/trap.c:592 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffcbfe0, count: -17