kernel: protection fault trap, code=0 Stopped at mrouter6_rtwalk_delete+0x2b: movl 0x5c(%r15),%r12d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace mrouter6_rtwalk_delete(7dbc20fc05e98398,0,0) at mrouter6_rtwalk_delete+0x2b sys/netinet6/ip6_mroute.c:500 rtable_walk_helper(fffffd8036dadab0,ffff8000161f87f8) at rtable_walk_helper+0x58 sys/net/rtable.c:682 art_table_walk(ffff800000075780,fffffd8036dac0a0,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x226 art_walk_apply sys/net/art.c:676 [inline] art_table_walk(ffff800000075780,fffffd8036dac0a0,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x226 sys/net/art.c:648 art_table_walk(ffff800000075780,fffffd8036dac080,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac060,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac000,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac020,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac040,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac0e0,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac100,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac140,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac160,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac180,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac1c0,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac1e0,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac220,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac240,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac260,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac280,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac2c0,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac2e0,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac300,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac360,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac380,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac3a0,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac3c0,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac3e0,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac460,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac4c0,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac4e0,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac500,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac520,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dac540,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_table_walk(ffff800000075780,fffffd8036dacf60,ffffffff8198c3c0,ffff8000161f87f8) at art_table_walk+0x2a6 sys/net/art.c:657 art_walk(ffff800000075780,ffffffff8198c3c0,ffff8000161f87f8) at art_walk+0xcf sys/net/art.c:595 rtable_walk(0,18,ffffffff811416d0,0) at rtable_walk+0xc7 sys/net/rtable.c:706 ip6_mrouter_done(fffffd8037034a80) at ip6_mrouter_done+0xb8 sys/netinet6/ip6_mroute.c:529 rip6_detach(fffffd8037034a80) at rip6_detach+0x56 sys/netinet6/raw_ip6.c:757 soclose(fffffd8037034a80,0) at soclose+0xb2 sys/kern/uipc_socket.c:292 soo_close(fffffd802f9e2e20,ffff800014901c38) at soo_close+0x40 fdrop(fffffd802f9e2e20,ffff800014901c38) at fdrop+0xc9 sys/kern/kern_descrip.c:1260 closef(fffffd802f9e2e20,ffff800014901c38) at closef+0x118 sys/kern/kern_descrip.c:1244 fdfree(ffff800014901c38) at fdfree+0xf7 sys/kern/kern_descrip.c:1176 exit1(ffff800014901c38,0,1) at exit1+0x32f sys/kern/kern_exit.c:196 sys_exit(ffff800014901c38,ffff8000161f8c70,ffff8000161f8ce0) at sys_exit+0x17 sys/kern/kern_exit.c:94 syscall(ffff8000161f8d40) at syscall+0x508 Xsyscall(6,1,0,1,0,7f7ffffe5784) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe5750, count: -47 ddb> show registers rdi 0x7dbc20fc05e98398 rsi 0 rbp 0xffff8000161f7530 rbx 0xffff800000075788 rdx 0 rcx 0 rax 0x204 r8 0 r9 0x5 r10 0 r11 0x2cd3604580decd61 r12 0 r13 0xfffffd8036dac0a0 r14 0 r15 0x7dbc20fc05e98398 rip 0xffffffff811416fb mrouter6_rtwalk_delete+0x2b cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000161f74f0 ss 0x10 mrouter6_rtwalk_delete+0x2b: movl 0x5c(%r15),%r12d ddb> show proc PROC (syz-executor.1) pid=164419 stat=onproc flags process=1008 proc=2000 pri=50, usrpri=58, nice=20 forw=0xffffffffffffffff, list=0xffff8000149019c8,0xffffffff822a5810 process=0xffff8000ffffa360 user=0xffff8000161f3000, vmspace=0xfffffd803f013990 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 89022 106389 47867 0 3 0x82 nanosleep syz-executor.1 6110 160602 47867 0 2 0x2 syz-executor.0 47867 68199 34314 0 3 0x82 thrsleep syz-fuzzer 47867 289418 34314 0 3 0x4000082 nanosleep syz-fuzzer 47867 212960 34314 0 3 0x4000082 thrsleep syz-fuzzer 47867 439587 34314 0 3 0x4000082 kqread syz-fuzzer 47867 184920 34314 0 3 0x4000082 thrsleep syz-fuzzer 47867 164601 34314 0 3 0x4000082 thrsleep syz-fuzzer 47867 501248 34314 0 3 0x4000082 thrsleep syz-fuzzer 34314 371448 27311 0 3 0x10008a pause ksh 27311 94293 89939 0 3 0x92 select sshd 34321 91685 1 0 3 0x100083 ttyin getty 89939 98985 1 0 3 0x80 select sshd 50150 477860 81073 73 3 0x100090 kqread syslogd 81073 129740 1 0 3 0x100082 netio syslogd 17608 56969 1 77 3 0x100090 poll dhclient 24379 204481 1 0 3 0x80 poll dhclient 39118 443015 0 0 2 0x14200 zerothread 10273 204662 0 0 3 0x14200 aiodoned aiodoned 21710 79835 0 0 3 0x14200 syncer update 30779 508351 0 0 3 0x14200 cleaner cleaner 32737 73439 0 0 3 0x14200 reaper reaper 8214 447823 0 0 3 0x14200 pgdaemon pagedaemon 55943 335463 0 0 3 0x14200 bored crynlk 60192 222243 0 0 3 0x14200 bored crypto 79175 1808 0 0 3 0x40014200 acpi0 acpi0 44729 195625 0 0 3 0x14200 bored softnet 1227 116880 0 0 2 0x14200 systqmp 52778 396935 0 0 3 0x14200 bored systq 22279 492415 0 0 3 0x40014200 bored softclock 73787 81183 0 0 3 0x40014200 idle0 25981 52494 0 0 3 0x14200 bored smr 1 238584 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9438 6311K 6569K 78643K 10566 0 0 pcb 24 9K 9K 78643K 164 0 0 rtable 106 3K 3K 78643K 243 0 0 ifaddr 34 9K 9K 78643K 34 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 15 0 0 iov 0 0K 12K 78643K 2 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1209 76K 76K 78643K 1221 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 1K 78643K 2 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 6 0K 0K 78643K 6 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 168 0 0 proc 40 30K 46K 78643K 287 0 0 subproc 32 2K 2K 78643K 34 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 in_multi 33 2K 2K 78643K 33 0 0 ether_multi 1 0K 0K 78643K 21 0 0 mrt 1 0K 0K 78643K 52 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 30 132K 132K 78643K 30 0 0 exec 0 0K 1K 78643K 184 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 80 20K 21K 78643K 1176 0 0 UVM aobj 4 2K 2K 78643K 30 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 NDP 5 0K 0K 78643K 9 0 0 temp 81 2704K 2768K 78643K 3304 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 inpcbpl 280 141 0 133 1 0 1 1 0 8 0 rtentry 112 46 0 2 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 12 0 8 1 0 1 1 0 8 0 rttmr 72 1 0 1 1 0 1 1 0 8 1 nd6 48 6 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 188 0 0 12 0 12 12 0 8 0 art_table 32 189 0 0 2 0 2 2 0 8 0 art_node 16 45 0 4 1 0 1 1 0 8 0 semapl 112 4 0 0 1 0 1 1 0 8 0 shmpl 112 28 0 26 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1569 0 153 46 0 46 46 0 8 0 ffsino 240 1569 0 153 84 0 84 84 0 8 0 nchpl 144 1944 0 314 61 0 61 61 0 8 0 uvmvnodes 72 1620 0 0 30 0 30 30 0 8 0 vnodes 200 1620 0 0 86 0 86 86 0 8 0 namei 1024 4627 0 4627 2 1 1 1 0 8 1 scxspl 192 4883 0 4883 9 8 1 7 0 8 1 plimitpl 152 14 0 7 1 0 1 1 0 8 0 sigapl 432 339 0 326 2 0 2 2 0 8 0 futexpl 56 1203 0 1203 1 0 1 1 0 8 1 knotepl 112 53 0 34 1 0 1 1 0 8 0 kqueuepl 104 2 0 0 1 0 1 1 0 8 0 pipepl 112 138 0 119 2 1 1 1 0 8 0 fdescpl 424 340 0 326 2 0 2 2 0 8 0 filepl 120 1283 0 1188 4 0 4 4 0 8 1 lockfpl 104 94 0 94 2 1 1 1 0 8 1 lockfspl 48 46 0 46 2 1 1 1 0 8 1 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 46 0 39 1 0 1 1 0 8 0 zombiepl 144 327 0 326 2 1 1 1 0 8 0 processpl 848 354 0 326 4 0 4 4 0 8 0 procpl 624 495 0 461 3 0 3 3 0 8 0 sockpl 384 185 0 167 3 0 3 3 0 8 1 mcl64k 65536 1 0 1 1 0 1 1 0 8 1 mcl16k 16384 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 1 0 1 1 0 1 1 0 8 1 mcl4k 4096 9 0 9 2 1 1 1 0 8 1 mcl2k 2048 51868 0 51823 16 2 14 14 0 8 7 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 81871 0 81728 12 2 10 10 0 8 0 bufpl 256 5729 0 1318 276 0 276 276 0 8 0 anonpl 16 40026 0 29146 47 2 45 45 0 62 1 amapchunkpl 152 1365 0 1262 7 0 7 7 0 158 2 amappl16 192 1237 0 642 31 0 31 31 0 8 1 amappl15 184 8 0 7 1 0 1 1 0 8 0 amappl14 176 35 0 33 2 1 1 1 0 8 0 amappl12 160 13 0 11 1 0 1 1 0 8 0 amappl11 152 130 0 113 1 0 1 1 0 8 0 amappl10 144 124 0 121 2 1 1 1 0 8 0 amappl9 136 546 0 543 1 0 1 1 0 8 0 amappl8 128 122 0 110 1 0 1 1 0 8 0 amappl7 120 96 0 90 1 0 1 1 0 8 0 amappl6 112 125 0 116 1 0 1 1 0 8 0 amappl5 104 137 0 127 1 0 1 1 0 8 0 amappl4 96 473 0 451 1 0 1 1 0 8 0 amappl3 88 170 0 160 1 0 1 1 0 8 0 amappl2 80 1931 0 1864 4 1 3 3 0 8 1 amappl1 72 15141 0 14728 25 9 16 19 0 8 6 amappl 80 743 0 708 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 29 0 26 1 0 1 1 0 8 0 uaddrrnd 24 340 0 326 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 340 0 326 1 0 1 1 0 8 0 vmmpekpl 168 6099 0 6075 2 0 2 2 0 8 0 vmmpepl 168 45702 0 44089 108 17 91 91 0 357 20 vmsppl 272 339 0 326 2 0 2 2 0 8 1 pdppl 4096 686 0 652 6 0 6 6 0 8 1 pvpl 32 136918 0 123062 122 5 117 117 0 265 4 pmappl 200 339 0 326 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 425 0 8 12 0 12 12 0 8 0