uvm_fault(0xfffffd807efff5c0, 0x10, 0, 1) -> e kernel: page fault trap, code=0 Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic kernel page fault uvm_fault(0xfffffd807efff5c0, 0x10, 0, 1) -> e in_delmulti(4) at in_delmulti+0x8d sys/netinet/in.c:914 end trace frame: 0xffff8000230fd420, count: 0 ddb{1}> trace in_delmulti(4) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000b0f100) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000af5000) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000af5000) at if_detach+0x140 sys/net/if.c:1039 tun_clone_destroy(ffff800000af5000) at tun_clone_destroy+0x1e1 sys/net/if_tun.c:326 tun_dev_close(5d01,7) at tun_dev_close+0x160 sys/net/if_tun.c:477 spec_close(ffff8000230fd600) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd806ecdd1a8,7,fffffd807f7bf8a0,ffff800020e0ad58) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174 vn_closefile(fffffd80683f7dc8,ffff800020e0ad58) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd80683f7dc8,ffff800020e0ad58) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614 fdrop(fffffd80683f7dc8,ffff800020e0ad58) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd80683f7dc8,ffff800020e0ad58) at closef+0x11c sys/kern/kern_descrip.c:1263 fdfree(ffff800020e0ad58) at fdfree+0x101 sys/kern/kern_descrip.c:1195 exit1(ffff800020e0ad58,0,19,1) at exit1+0x32c sys/kern/kern_exit.c:197 postsig(ffff800020e0ad58,19) at postsig+0x4ed sigexit sys/kern/kern_sig.c:1483 [inline] postsig(ffff800020e0ad58,19) at postsig+0x4ed sys/kern/kern_sig.c:1415 userret(ffff800020e0ad58) at userret+0x199 sys/kern/kern_sig.c:1872 Xsyscall() at Xsyscall+0x156 end of kernel end trace frame: 0x7f7ffffe3190, count: -16 ddb{1}> show registers rdi 0x2 rsi 0 rbp 0xffff8000230fd3d0 rbx 0 rdx 0xffff800020e0ad58 rcx 0 rax 0 r8 0xffffffff8182f843 rt_ifa_purge+0x153 r9 0x5 r10 0x3 r11 0xab8b876c4c2db22f r12 0 r13 0x3 r14 0x4 r15 0x1 rip 0xffffffff81d192ad in_delmulti+0x8d cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000230fd370 ss 0x10 in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb{1}> show proc PROC (syz-executor.1) pid=428060 stat=onproc flags process=a proc=2000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020ddcc38,0xffff800020e0aaf8 process=0xffff800020df1b30 user=0xffff8000230f8000, vmspace=0xfffffd807efff5c0 estcpu=36, cpticks=6, pctcpu=0.20 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 35688 390581 9194 0 3 0x80 nanosleep syz-executor.0 35688 402101 9194 0 3 0x4000080 ttyin syz-executor.0 35688 133109 9194 0 3 0x4000080 ttyin syz-executor.0 9194 461110 79353 0 3 0x82 nanosleep syz-executor.0 61822 312302 0 0 3 0x14280 nfsidl nfsio 88913 448494 0 0 3 0x14280 nfsidl nfsio 99178 320786 0 0 3 0x14280 nfsidl nfsio 41086 87595 0 0 3 0x14280 nfsidl nfsio 60148 328626 0 0 3 0x14280 nfsidl nfsio 83742 415930 0 0 3 0x14280 nfsidl nfsio 21674 126558 0 0 3 0x14280 nfsidl nfsio 77967 76425 0 0 3 0x14280 nfsidl nfsio 96684 108094 0 0 3 0x14280 nfsidl nfsio 82158 283572 0 0 3 0x14280 nfsidl nfsio 48263 216089 0 0 3 0x14280 nfsidl nfsio 84671 224917 0 0 3 0x14280 nfsidl nfsio 78568 315633 0 0 3 0x14280 nfsidl nfsio 10724 248045 0 0 3 0x14280 nfsidl nfsio 82961 419099 0 0 3 0x14280 nfsidl nfsio 25939 400971 0 0 3 0x14280 nfsidl nfsio 35101 293743 0 0 3 0x14280 nfsidl nfsio 80676 318078 0 0 3 0x14280 nfsidl nfsio 28067 116470 0 0 3 0x14280 nfsidl nfsio 29756 24794 0 0 3 0x14280 nfsidl nfsio 60123 403318 0 0 3 0x14200 bored sosplice 79353 262569 27272 0 3 0x82 thrsleep syz-fuzzer 79353 137374 27272 0 3 0x4000082 thrsleep syz-fuzzer 79353 303778 27272 0 3 0x4000082 thrsleep syz-fuzzer 79353 242140 27272 0 3 0x4000082 thrsleep syz-fuzzer 79353 8087 27272 0 3 0x4000082 thrsleep syz-fuzzer 79353 217576 27272 0 3 0x4000082 thrsleep syz-fuzzer 79353 272910 27272 0 3 0x4000082 thrsleep syz-fuzzer 79353 205470 27272 0 3 0x4000082 thrsleep syz-fuzzer 79353 196061 27272 0 3 0x4000082 kqread syz-fuzzer 79353 131654 27272 0 3 0x4000082 thrsleep syz-fuzzer 27272 300197 7845 0 3 0x10008a pause ksh 7845 141965 40641 0 3 0x92 select sshd 94643 354471 1 0 3 0x100083 ttyin getty 40641 467116 1 0 3 0x80 select sshd 57302 332618 87825 74 3 0x100092 bpf pflogd 87825 183380 1 0 3 0x80 netio pflogd 76344 513765 27855 73 3 0x100090 kqread syslogd 27855 179295 1 0 3 0x100082 netio syslogd 16338 139611 1 77 3 0x100090 poll dhclient 29437 380796 1 0 3 0x80 poll dhclient 28519 160645 0 0 3 0x14200 bored smr 63405 362311 0 0 3 0x14200 pgzero zerothread 89980 495666 0 0 3 0x14200 aiodoned aiodoned 33533 166161 0 0 3 0x14200 syncer update 90224 496359 0 0 3 0x14200 cleaner cleaner 21559 104813 0 0 3 0x14200 reaper reaper 6866 378499 0 0 3 0x14200 pgdaemon pagedaemon 71768 167237 0 0 3 0x14200 bored crynlk 31621 38046 0 0 3 0x14200 bored crypto 49307 194377 0 0 3 0x40014200 acpi0 acpi0 1360 520083 0 0 3 0x40014200 idle1 63209 274215 0 0 3 0x14200 bored softnet 14610 415305 0 0 3 0x14200 bored systqmp 53873 7308 0 0 3 0x14200 bored systq 63536 11075 0 0 3 0x40014200 bored softclock 59034 115766 0 0 7 0x40014200 idle0 1 105474 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9523 6425K 6933K 78643K 11528 0 pcb 13 8K 8K 78643K 108 0 rtable 89 12K 15K 78643K 492 0 ifaddr 82 16K 18K 78643K 186 0 sysctl 2 0K 0K 78643K 2 0 counters 43 33K 34K 78643K 69 0 ioctlops 0 0K 4K 78643K 1557 0 iov 0 0K 16K 78643K 90 0 mount 1 1K 1K 78643K 1 0 vnodes 1224 77K 77K 78643K 1538 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 13 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 1K 78643K 137 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1824 197K 290K 78643K 13058 0 file desc 5 13K 25K 78643K 714 0 sigio 0 0K 0K 78643K 2 0 proc 61 63K 95K 78643K 543 0 subproc 23 1K 2K 78643K 68 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 64 0 in_multi 69 3K 3K 78643K 173 0 ether_multi 1 0K 0K 78643K 12 0 mrt 0 0K 0K 78643K 3 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 263 0 pfkey data 0 0K 1K 78643K 34 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 145 104K 105K 78643K 3327 0 UVM aobj 30 2K 2K 78643K 35 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 84 0 NDP 14 0K 0K 78643K 41 0 temp 133 3867K 3932K 78643K 11791 0 kqueue 3 4K 8K 78643K 14 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 13 0 7 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 43 0 41 1 0 1 1 0 8 0 rtentry 112 99 0 67 2 0 2 2 0 8 0 unpcb 120 444 0 433 1 0 1 1 0 8 0 syncache 264 7 0 7 4 3 1 1 0 8 1 tcpqe 32 77 0 77 2 2 0 1 0 8 0 tcpcb 544 203 0 197 3 2 1 2 0 8 0 inpcb 296 675 0 668 5 3 2 2 0 8 1 rttmr 72 1 0 1 1 1 0 1 0 8 0 nd6 48 24 0 20 1 0 1 1 0 8 0 pkpcb 40 935 0 934 2 1 1 1 0 8 0 pfstscr 40 1 0 1 1 1 0 1 0 8 0 pffrag 232 8 0 6 2 1 1 1 0 482 0 pffrnode 88 8 0 6 2 1 1 1 0 8 0 pffrent 40 189 0 187 2 1 1 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 11 0 9 2 1 1 1 0 8 0 pfstitem 24 64 0 22 1 0 1 1 0 8 0 pfstkey 112 64 0 22 2 0 2 2 0 8 0 pfstate 328 63 0 21 4 0 4 4 0 8 0 pfrule 1360 24 0 18 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 409 0 273 14 3 11 13 0 8 0 art_table 32 410 0 273 2 0 2 2 0 8 0 art_node 16 98 0 71 1 0 1 1 0 8 0 sysvmsgpl 40 15 0 12 1 0 1 1 0 8 0 semupl 112 5 0 5 2 2 0 1 0 8 0 semapl 112 121 0 111 1 0 1 1 0 8 0 shmpl 112 32 0 5 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2281 0 878 89 0 89 89 0 8 0 ffsino 272 2281 0 878 97 2 95 95 0 8 1 nchpl 144 3378 0 1782 60 0 60 60 0 8 0 uvmvnodes 72 2572 0 0 47 0 47 47 0 8 0 vnodes 208 2572 0 0 136 0 136 136 0 8 0 namei 1024 9575 0 9575 3 2 1 1 0 8 1 percpumem 16 45 0 13 1 0 1 1 0 8 0 vcpupl 1984 10 0 0 2 0 2 2 0 8 0 vmpool 560 24 0 14 2 1 1 1 0 8 0 pfiaddrpl 120 4 0 2 2 1 1 1 0 8 0 scxspl 192 10695 0 10695 11 10 1 7 0 8 1 plimitpl 152 53 0 44 1 0 1 1 0 8 0 sigapl 424 944 0 892 6 0 6 6 0 8 0 futexpl 56 10450 0 10450 2 1 1 1 0 8 1 knotepl 112 98 0 81 1 0 1 1 0 8 0 kqueuepl 144 84 0 82 1 0 1 1 0 8 0 pipepl 304 198 0 189 4 2 2 2 0 8 1 fdescpl 496 908 0 892 3 0 3 3 0 8 0 filepl 152 5485 0 5392 7 2 5 5 0 8 0 lockfpl 104 152 0 151 1 0 1 1 0 8 0 lockfspl 48 50 0 49 1 0 1 1 0 8 0 sessionpl 112 20 0 9 1 0 1 1 0 8 0 pgrppl 48 26 0 15 1 0 1 1 0 8 0 ucredpl 96 507 0 498 1 0 1 1 0 8 0 zombiepl 144 893 0 892 3 2 1 1 0 8 0 processpl 992 944 0 892 8 1 7 7 0 8 0 procpl 624 2439 0 2376 6 0 6 6 0 8 1 sosppl 128 9 0 9 3 2 1 1 0 8 1 sockpl 400 2111 0 2090 9 5 4 4 0 8 1 mcl64k 65536 9 0 0 2 0 2 2 0 8 0 mcl16k 16384 5 0 0 1 0 1 1 0 8 0 mcl12k 12288 8 0 0 1 0 1 1 0 8 0 mcl9k 9216 3 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 6 0 0 1 0 1 1 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 212 0 0 26 0 26 26 0 8 0 mtagpl 96 48 0 0 2 0 2 2 0 8 0 mbufpl 256 386 0 0 22 0 22 22 0 8 0 bufpl 280 4737 0 136 329 0 329 329 0 8 0 anonpl 16 111265 0 94584 89 6 83 88 0 124 12 amapchunkpl 152 5954 0 5803 24 17 7 20 0 158 0 amappl16 192 4033 0 3082 65 14 51 61 0 8 3 amappl15 184 119 0 116 1 0 1 1 0 8 0 amappl14 176 238 0 232 1 0 1 1 0 8 0 amappl13 168 364 0 360 1 0 1 1 0 8 0 amappl12 160 332 0 329 1 0 1 1 0 8 0 amappl11 152 67 0 52 1 0 1 1 0 8 0 amappl10 144 53 0 46 1 0 1 1 0 8 0 amappl9 136 391 0 389 1 0 1 1 0 8 0 amappl8 128 406 0 369 2 0 2 2 0 8 0 amappl7 120 166 0 150 1 0 1 1 0 8 0 amappl6 112 32 0 26 2 1 1 1 0 8 0 amappl5 104 812 0 795 1 0 1 1 0 8 0 amappl4 96 520 0 488 1 0 1 1 0 8 0 amappl3 88 345 0 340 1 0 1 1 0 8 0 amappl2 80 6631 0 6559 2 0 2 2 0 8 0 amappl1 72 36086 0 35633 23 13 10 18 0 8 0 amappl 80 2716 0 2665 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 34 0 5 1 0 1 1 0 8 0 uaddrrnd 24 932 0 906 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 932 0 906 1 0 1 1 0 8 0 vmmpekpl 168 10847 0 10808 2 0 2 2 0 8 0 vmmpepl 168 125689 0 123538 170 39 131 131 0 357 31 vmsppl 368 931 0 906 3 0 3 3 0 8 0 pdppl 4096 1871 0 1822 8 1 7 7 0 8 0 pvpl 32 335542 0 315528 223 15 208 213 0 265 40 pmappl 232 931 0 906 3 1 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 293 0 18 8 0 8 8 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff82742ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x331 sys/dev/acpi/acpicpu.c:1187 sched_idle(ffffffff82742ff0) at sched_idle+0x3f7 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5 ddb{0}> machine ddbcpu 1 Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb{1}> trace in_delmulti(4) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000b0f100) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000af5000) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000af5000) at if_detach+0x140 sys/net/if.c:1039 tun_clone_destroy(ffff800000af5000) at tun_clone_destroy+0x1e1 sys/net/if_tun.c:326 tun_dev_close(5d01,7) at tun_dev_close+0x160 sys/net/if_tun.c:477 spec_close(ffff8000230fd600) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd806ecdd1a8,7,fffffd807f7bf8a0,ffff800020e0ad58) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174 vn_closefile(fffffd80683f7dc8,ffff800020e0ad58) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd80683f7dc8,ffff800020e0ad58) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614 fdrop(fffffd80683f7dc8,ffff800020e0ad58) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd80683f7dc8,ffff800020e0ad58) at closef+0x11c sys/kern/kern_descrip.c:1263 fdfree(ffff800020e0ad58) at fdfree+0x101 sys/kern/kern_descrip.c:1195 exit1(ffff800020e0ad58,0,19,1) at exit1+0x32c sys/kern/kern_exit.c:197 postsig(ffff800020e0ad58,19) at postsig+0x4ed sigexit sys/kern/kern_sig.c:1483 [inline] postsig(ffff800020e0ad58,19) at postsig+0x4ed sys/kern/kern_sig.c:1415 userret(ffff800020e0ad58) at userret+0x199 sys/kern/kern_sig.c:1872 Xsyscall() at Xsyscall+0x156 end of kernel end trace frame: 0x7f7ffffe3190, count: -16