kernel: protection fault trap, code=0 Stopped at in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace in_delmulti(bffffbdfffeffbff) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000b06900) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000ac7800) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000ac7800) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000ac7800) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:326 tun_dev_close(5d00,7) at tun_dev_close+0x160 sys/net/if_tun.c:477 spec_close(ffff800020819b10) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd805d822680,7,fffffd806c3bf780,ffff8000209cb8d0) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174 vn_closefile(fffffd80579f3e28,ffff8000209cb8d0) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd80579f3e28,ffff8000209cb8d0) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614 fdrop(fffffd80579f3e28,ffff8000209cb8d0) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd80579f3e28,ffff8000209cb8d0) at closef+0x117 sys/kern/kern_descrip.c:1263 fdfree(ffff8000209cb8d0) at fdfree+0x100 sys/kern/kern_descrip.c:1195 exit1(ffff8000209cb8d0,0,0,1) at exit1+0x32c sys/kern/kern_exit.c:197 sys_exit(ffff8000209cb8d0,ffff800020819da0,ffff800020819df0) at sys_exit+0x16 sys/kern/kern_exit.c:95 syscall(ffff800020819e70) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff2f20, count: -16 ddb> show registers rdi 0x2 rsi 0 rbp 0xffff8000208198e0 rbx 0 rdx 0 rcx 0x1 rax 0xffff8000209cb8d0 r8 0xffff800000b06900 r9 0xffffffff81256843 rt_ifa_purge+0x153 r10 0x5 r11 0xdcbec53cb22c3e22 r12 0 r13 0x3 r14 0xbffffbdfffeffbff r15 0x1 rip 0xffffffff817ba21d in_delmulti+0x8d cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800020819880 ss 0x10 in_delmulti+0x8d: movl 0xc(%r14),%r15d ddb> show proc PROC (syz-executor.0) pid=471280 stat=onproc flags process=1008 proc=2000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6be018,0xffff8000209cb668 process=0xffff80001d7a6030 user=0xffff800020814000, vmspace=0xfffffd80551f8aa8 estcpu=36, cpticks=15, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 34624 515036 51776 0 2 0 syz-executor.1 34624 120448 51776 0 3 0x4000080 fsleep syz-executor.1 51776 32480 98573 0 3 0x82 nanosleep syz-executor.1 57587 350875 0 0 3 0x14280 nfsidl nfsio 36656 185639 0 0 3 0x14280 nfsidl nfsio 4495 514407 0 0 3 0x14280 nfsidl nfsio 47945 9998 0 0 3 0x14280 nfsidl nfsio 93443 2270 0 0 3 0x14280 nfsidl nfsio 77403 429339 0 0 3 0x14280 nfsidl nfsio 44766 345196 0 0 3 0x14280 nfsidl nfsio 50738 431174 0 0 3 0x14280 nfsidl nfsio 83298 502373 0 0 3 0x14280 nfsidl nfsio 73121 171584 0 0 3 0x14280 nfsidl nfsio 19302 247520 0 0 3 0x14280 nfsidl nfsio 1318 166179 0 0 3 0x14280 nfsidl nfsio 36627 41640 0 0 3 0x14280 nfsidl nfsio 22221 120176 0 0 3 0x14280 nfsidl nfsio 16670 71001 0 0 3 0x14280 nfsidl nfsio 50861 517106 0 0 3 0x14280 nfsidl nfsio 80025 496753 0 0 3 0x14280 nfsidl nfsio 93861 400177 0 0 3 0x14280 nfsidl nfsio 71141 949 0 0 3 0x14280 nfsidl nfsio 47427 335698 0 0 3 0x14280 nfsidl nfsio 74066 332746 0 0 3 0x14200 bored sosplice 98573 443030 15498 0 3 0x82 thrsleep syz-fuzzer 98573 476203 15498 0 3 0x4000082 nanosleep syz-fuzzer 98573 359511 15498 0 3 0x4000082 thrsleep syz-fuzzer 98573 39984 15498 0 2 0x4000002 syz-fuzzer 98573 144496 15498 0 3 0x4000082 thrsleep syz-fuzzer 98573 490948 15498 0 3 0x4000082 thrsleep syz-fuzzer 98573 54367 15498 0 3 0x4000082 thrsleep syz-fuzzer 98573 192625 15498 0 3 0x4000082 thrsleep syz-fuzzer 15498 185302 72851 0 3 0x10008a pause ksh 72851 303105 50837 0 3 0x92 select sshd 37303 9916 1 0 3 0x100083 ttyin getty 50837 106177 1 0 3 0x80 select sshd 8971 299528 75950 73 3 0x100090 kqread syslogd 75950 394801 1 0 3 0x100082 netio syslogd 47907 149484 1 77 3 0x100090 poll dhclient 11191 306212 1 0 3 0x80 poll dhclient 17814 265681 0 0 3 0x14200 bored smr 6686 483850 0 0 2 0x14200 zerothread 77360 210300 0 0 3 0x14200 aiodoned aiodoned 50054 316397 0 0 3 0x14200 syncer update 35801 344905 0 0 3 0x14200 cleaner cleaner 3837 299947 0 0 3 0x14200 reaper reaper 76561 505331 0 0 3 0x14200 pgdaemon pagedaemon 65486 141932 0 0 3 0x14200 bored crynlk 42620 400378 0 0 3 0x14200 bored crypto 45735 472496 0 0 3 0x40014200 acpi0 acpi0 10123 392332 0 0 3 0x14200 bored softnet 11285 84903 0 0 3 0x14200 bored systqmp 56229 221112 0 0 3 0x14200 bored systq 7379 138944 0 0 3 0x40014200 bored softclock 75725 4010 0 0 3 0x40014200 idle0 1 7015 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9486 6346K 6862K 78643K 11267 0 pcb 13 8K 8K 78643K 61 0 rtable 101 6K 9K 78643K 547 0 ifaddr 69 14K 15K 78643K 177 0 sysctl 2 0K 0K 78643K 2 0 counters 21 16K 16K 78643K 32 0 ioctlops 0 0K 4K 78643K 89 0 iov 0 0K 16K 78643K 40 0 mount 1 1K 1K 78643K 1 0 vnodes 1215 76K 77K 78643K 1445 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 9 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 148 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 573 0 sigio 0 0K 0K 78643K 5 0 proc 49 38K 63K 78643K 479 0 subproc 23 1K 2K 78643K 68 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 28 0 in_multi 53 3K 3K 78643K 138 0 ether_multi 1 0K 0K 78643K 12 0 mrt 0 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 276 0 pfkey data 0 0K 1K 78643K 4 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 140 56K 56K 78643K 2218 0 UVM aobj 28 2K 2K 78643K 42 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 56 0 NDP 10 0K 0K 78643K 35 0 temp 123 3866K 3930K 78643K 6995 0 kqueue 3 4K 10K 78643K 24 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 13 0 7 1 0 1 1 0 8 0 rtpcb 88 47 0 45 1 0 1 1 0 8 0 rtentry 112 102 0 68 2 0 2 2 0 8 0 unpcb 120 315 0 307 1 0 1 1 0 8 0 syncache 272 8 0 8 3 3 0 1 0 8 0 tcpqe 32 87 0 87 1 1 0 1 0 8 0 tcpcb 592 172 0 168 4 2 2 2 0 8 1 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 2 0 2 1 1 0 1 0 8 0 inpcb 296 486 0 479 3 1 2 2 0 8 1 nd6 48 20 0 17 1 0 1 1 0 8 0 pkpcb 40 468 0 468 2 1 1 1 0 8 1 ppxss 1136 3 0 3 2 2 0 1 0 8 0 pfstscr 40 8 0 5 2 1 1 1 0 8 0 pfrktable 1344 57 0 51 2 1 1 2 0 8 0 pftag 88 6 0 6 1 1 0 1 0 8 0 pfstitem 24 5 0 1 1 0 1 1 0 8 0 pfstkey 112 12 0 8 2 1 1 1 0 8 0 pfstate 328 6 0 4 2 1 1 1 0 8 0 pfrule 1360 20 0 8 2 1 1 2 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 469 0 289 13 1 12 13 0 8 0 art_table 32 471 0 289 2 0 2 2 0 8 0 art_node 16 101 0 71 1 0 1 1 0 8 0 sysvmsgpl 40 3 0 2 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 144 0 134 1 0 1 1 0 8 0 shmpl 112 39 0 14 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2078 0 688 88 0 88 88 0 8 0 ffsino 240 2078 0 688 83 0 83 83 0 8 0 nchpl 144 3026 0 1446 60 0 60 60 0 8 0 uvmvnodes 72 2294 0 0 42 0 42 42 0 8 0 vnodes 208 2294 0 0 121 0 121 121 0 8 0 namei 1024 8743 0 8743 2 1 1 1 0 8 1 vcpupl 1984 3 0 0 1 0 1 1 0 8 0 vmpool 528 3 0 0 1 0 1 1 0 8 0 pfiaddrpl 120 20 0 14 1 0 1 1 0 8 0 scsiplug 72 1 0 1 1 1 0 1 0 8 0 scxspl 200 9193 0 9193 2 1 1 1 0 8 1 plimitpl 152 71 0 64 1 0 1 1 0 8 0 sigapl 424 774 0 725 6 0 6 6 0 8 0 futexpl 56 11108 0 11107 2 1 1 1 0 8 0 knotepl 112 111 0 97 1 0 1 1 0 8 0 kqueuepl 152 81 0 79 1 0 1 1 0 8 0 pipepl 272 149 0 141 3 2 1 2 0 8 0 fdescpl 432 739 0 725 2 0 2 2 0 8 0 filepl 120 4532 0 4450 4 0 4 4 0 8 0 lockfpl 104 105 0 104 1 0 1 1 0 8 0 lockfspl 48 42 0 41 1 0 1 1 0 8 0 sessionpl 120 19 0 9 1 0 1 1 0 8 0 pgrppl 48 25 0 15 1 0 1 1 0 8 0 ucredpl 96 456 0 449 1 0 1 1 0 8 0 zombiepl 144 726 0 725 1 0 1 1 0 8 0 processpl 944 774 0 725 7 0 7 7 0 8 0 procpl 632 1402 0 1345 6 0 6 6 0 8 1 sosppl 144 16 0 16 1 1 0 1 0 8 0 sockpl 400 1325 0 1308 5 2 3 4 0 8 1 mcl64k 65536 32 0 32 2 1 1 2 0 8 1 mcl16k 16384 4 0 4 2 2 0 1 0 8 0 mcl12k 12288 9 0 9 3 2 1 1 0 8 1 mcl9k 9216 21 0 21 3 2 1 1 0 8 1 mcl8k 8192 21 0 21 3 2 1 1 0 8 1 mcl4k 4096 50 0 50 4 3 1 1 0 8 1 mcl2k2 2112 1 0 1 1 0 1 1 0 8 1 mcl2k 2048 92350 0 92303 20 13 7 15 0 8 0 mtagpl 96 50 0 40 2 1 1 1 0 8 0 mbufpl 256 149978 0 149836 45 4 41 42 0 8 21 bufpl 280 4369 0 117 304 0 304 304 0 8 0 anonpl 16 99012 0 80280 95 19 76 90 0 107 0 amapchunkpl 152 3599 0 3388 20 11 9 15 0 158 0 amappl16 192 3719 0 2732 66 16 50 60 0 8 0 amappl15 184 9 0 8 1 0 1 1 0 8 0 amappl14 176 265 0 261 1 0 1 1 0 8 0 amappl13 168 141 0 137 1 0 1 1 0 8 0 amappl12 160 119 0 117 1 0 1 1 0 8 0 amappl11 152 303 0 293 1 0 1 1 0 8 0 amappl10 144 13 0 9 1 0 1 1 0 8 0 amappl9 136 516 0 513 1 0 1 1 0 8 0 amappl8 128 496 0 461 2 0 2 2 0 8 0 amappl7 120 114 0 103 1 0 1 1 0 8 0 amappl6 112 27 0 19 1 0 1 1 0 8 0 amappl5 104 402 0 391 1 0 1 1 0 8 0 amappl4 96 716 0 681 1 0 1 1 0 8 0 amappl3 88 407 0 397 1 0 1 1 0 8 0 amappl2 80 5031 0 4960 2 0 2 2 0 8 0 amappl1 72 25546 0 25100 22 13 9 17 0 8 0 amappl 80 1677 0 1616 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 41 0 14 1 0 1 1 0 8 0 uaddrrnd 24 742 0 725 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 742 0 725 1 0 1 1 0 8 0 vmmpekpl 168 8375 0 8346 2 0 2 2 0 8 0 vmmpepl 168 98113 0 95952 149 31 118 128 0 357 24 vmsppl 272 741 0 725 2 0 2 2 0 8 0 pdppl 4096 1490 0 1453 6 1 5 6 0 8 0 pvpl 32 276427 0 254563 206 20 186 204 0 265 9 pmappl 200 741 0 725 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 290 0 38 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace in_delmulti(bffffbdfffeffbff) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000b06900) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000ac7800) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000ac7800) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000ac7800) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:326 tun_dev_close(5d00,7) at tun_dev_close+0x160 sys/net/if_tun.c:477 spec_close(ffff800020819b10) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd805d822680,7,fffffd806c3bf780,ffff8000209cb8d0) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174 vn_closefile(fffffd80579f3e28,ffff8000209cb8d0) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd80579f3e28,ffff8000209cb8d0) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614 fdrop(fffffd80579f3e28,ffff8000209cb8d0) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd80579f3e28,ffff8000209cb8d0) at closef+0x117 sys/kern/kern_descrip.c:1263 fdfree(ffff8000209cb8d0) at fdfree+0x100 sys/kern/kern_descrip.c:1195 exit1(ffff8000209cb8d0,0,0,1) at exit1+0x32c sys/kern/kern_exit.c:197 sys_exit(ffff8000209cb8d0,ffff800020819da0,ffff800020819df0) at sys_exit+0x16 sys/kern/kern_exit.c:95 syscall(ffff800020819e70) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff2f20, count: -16 ddb> machine ddbcpu 1 No such command ddb> trace in_delmulti(bffffbdfffeffbff) at in_delmulti+0x8d sys/netinet/in.c:914 in_purgeaddr(ffff800000b06900) at in_purgeaddr+0x156 sys/netinet/in.c:760 in_ifdetach(ffff800000ac7800) at in_ifdetach+0x74 sys/netinet/in.c:971 if_detach(ffff800000ac7800) at if_detach+0x140 sys/net/if.c:1032 tun_clone_destroy(ffff800000ac7800) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:326 tun_dev_close(5d00,7) at tun_dev_close+0x160 sys/net/if_tun.c:477 spec_close(ffff800020819b10) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd805d822680,7,fffffd806c3bf780,ffff8000209cb8d0) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174 vn_closefile(fffffd80579f3e28,ffff8000209cb8d0) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd80579f3e28,ffff8000209cb8d0) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614 fdrop(fffffd80579f3e28,ffff8000209cb8d0) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd80579f3e28,ffff8000209cb8d0) at closef+0x117 sys/kern/kern_descrip.c:1263 fdfree(ffff8000209cb8d0) at fdfree+0x100 sys/kern/kern_descrip.c:1195 exit1(ffff8000209cb8d0,0,0,1) at exit1+0x32c sys/kern/kern_exit.c:197 sys_exit(ffff8000209cb8d0,ffff800020819da0,ffff800020819df0) at sys_exit+0x16 sys/kern/kern_exit.c:95 syscall(ffff800020819e70) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff2f20, count: -16