login: kernel: protection fault trap, code=0
Stopped at pfi_ifhead_RB_REMOVE+0x50: movq 0x10(%r12),%rbx
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
pfi_ifhead_RB_REMOVE(ffffffff8281bd18,ffff800000b75d00) at pfi_ifhead_RB_REMOVE+0x50 sys/net/pf_if.c:80
pfi_detach_ifgroup(ffff800000af6180) at pfi_detach_ifgroup+0x11b pfi_kif_unref sys/net/pf_if.c:211 [inline]
pfi_detach_ifgroup(ffff800000af6180) at pfi_detach_ifgroup+0x11b sys/net/pf_if.c:304
if_delgroup(ffff800000b76000,ffff800000af6180) at if_delgroup+0x193 sys/net/if.c:2673
if_detach(ffff800000b76000) at if_detach+0x1ab sys/net/if.c:1036
tun_clone_destroy(ffff800000b76000) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:325
if_clone_destroy(ffff800024734da0) at if_clone_destroy+0x136 sys/net/if.c:1195
tun_dev_close(5d00,7) at tun_dev_close+0x140 sys/net/if_tun.c:476
spec_close(ffff800024734e70) at spec_close+0x311 sys/kern/spec_vnops.c:560
VOP_CLOSE(fffffd807893fda0,7,fffffd807f7b7780,ffff800024759a40) at VOP_CLOSE+0xe2 sys/kern/vfs_vops.c:177
vn_closefile(fffffd806cd514c8,ffff800024759a40) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd806cd514c8,ffff800024759a40) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614
fdrop(fffffd806cd514c8,ffff800024759a40) at fdrop+0xc2 sys/kern/kern_descrip.c:1279
closef(fffffd806cd514c8,ffff800024759a40) at closef+0x117 sys/kern/kern_descrip.c:1263
fdfree(ffff800024759a40) at fdfree+0xf3 sys/kern/kern_descrip.c:1195
exit1(ffff800024759a40,0,0,1) at exit1+0x325 sys/kern/kern_exit.c:200
sys_exit(ffff800024759a40,ffff800024735100,ffff800024735150) at sys_exit+0x16 sys/kern/kern_exit.c:96
syscall(ffff8000247351d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:590
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe1660, count: -17
ddb> show registers
rdi 0xffffffff8281bd18 pfi_ifs
rsi 0xffff800000b75d00
rbp 0xffff800024734c00
rbx 0xdeafbeaddeafbead
rdx 0
rcx 0xffff800000af6f00
rax 0xffff800000b75d10
r8 0xf8
r9 0x8080808080808080
r10 0xcdaa794a362085f4
r11 0x13bbe9a238b0c938
r12 0xdeafbeaddeafbead
r13 0xffff800000b26320
r14 0xffff800000b75d00
r15 0xffffffff8281bd18 pfi_ifs
rip 0xffffffff817bf150 pfi_ifhead_RB_REMOVE+0x50
cs 0x8
rflags 0x10282 __ALIGN_SIZE+0xf282
rsp 0xffff800024734ba0
ss 0x10
pfi_ifhead_RB_REMOVE+0x50: movq 0x10(%r12),%rbx
ddb> show proc
PROC (syz-executor.0) pid=63965 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
pri=32, usrpri=77, nice=20
forw=0xffffffffffffffff, list=0xffff800024758540,0xffff800024759510
process=0xffff8000247393b8 user=0xffff800024730000, vmspace=0xfffffd8066e5e440
estcpu=27, cpticks=2, pctcpu=0.10
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
74719 334469 59688 0 2 0 syz-executor.1
74719 523858 59688 0 3 0x4000080 ttyout syz-executor.1
90228 153551 1 0 3 0x100083 ttyin getty
59688 315404 43732 0 3 0x82 nanoslp syz-executor.1
41264 36687 0 0 3 0x14280 nfsidl nfsio
95804 193832 0 0 3 0x14280 nfsidl nfsio
14643 509648 0 0 3 0x14280 nfsidl nfsio
51187 427727 0 0 3 0x14280 nfsidl nfsio
76228 157278 0 0 3 0x14280 nfsidl nfsio
76236 22798 0 0 3 0x14280 nfsidl nfsio
1515 371666 0 0 3 0x14280 nfsidl nfsio
23630 169439 0 0 3 0x14280 nfsidl nfsio
70775 169966 0 0 3 0x14280 nfsidl nfsio
533 126612 0 0 3 0x14280 nfsidl nfsio
62651 281569 0 0 3 0x14280 nfsidl nfsio
33726 234094 0 0 3 0x14280 nfsidl nfsio
99779 345662 0 0 3 0x14280 nfsidl nfsio
47838 390725 0 0 3 0x14280 nfsidl nfsio
90039 378361 0 0 3 0x14280 nfsidl nfsio
87639 207629 0 0 3 0x14280 nfsidl nfsio
54444 261107 0 0 3 0x14280 nfsidl nfsio
63134 155099 0 0 3 0x14280 nfsidl nfsio
5930 39235 0 0 3 0x14280 nfsidl nfsio
161 414744 0 0 3 0x14280 nfsidl nfsio
23071 516333 0 0 3 0x14200 bored sosplice
44074 516728 0 0 3 0x14200 acct acct
43732 178965 82644 0 3 0x82 thrsleep syz-fuzzer
43732 188977 82644 0 3 0x4000082 thrsleep syz-fuzzer
43732 396463 82644 0 3 0x4000082 kqread syz-fuzzer
43732 488993 82644 0 3 0x4000082 thrsleep syz-fuzzer
43732 150283 82644 0 3 0x4000082 thrsleep syz-fuzzer
43732 503051 82644 0 3 0x4000082 thrsleep syz-fuzzer
43732 503270 82644 0 3 0x4000082 thrsleep syz-fuzzer
82644 143099 98382 0 3 0x10008a sigsusp ksh
98382 493209 78463 0 3 0x92 kqread sshd
78463 476267 1 0 3 0x80 kqread sshd
23919 287907 20585 73 3 0x100090 kqread syslogd
20585 162422 1 0 3 0x100082 netio syslogd
68708 498583 1 77 2 0x100090 dhclient
24554 194143 1 0 3 0x80 poll dhclient
96928 407247 0 0 3 0x14200 bored smr
92643 445413 0 0 2 0x14200 zerothread
48738 195020 0 0 3 0x14200 aiodoned aiodoned
71542 246649 0 0 3 0x14200 syncer update
88148 411258 0 0 3 0x14200 cleaner cleaner
77237 261665 0 0 3 0x14200 reaper reaper
55473 336950 0 0 3 0x14200 pgdaemon pagedaemon
92635 21104 0 0 3 0x14200 bored crynlk
87125 93880 0 0 3 0x14200 bored crypto
99590 479665 0 0 3 0x14200 bored viomb
11381 158856 0 0 3 0x40014200 acpi0 acpi0
24094 127772 0 0 3 0x14200 bored softnet
77525 130090 0 0 2 0x14200 systqmp
41716 56691 0 0 3 0x14200 bored systq
23700 2403 0 0 3 0x40014200 bored softclock
41412 272711 0 0 3 0x40014200 idle0
1 317482 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9528 6371K 6999K 78643K 15602 0
pcb 13 8K 8K 78643K 380 0
rtable 88 3K 4K 78643K 840 0
ifaddr 71 14K 15K 78643K 197 0
counters 21 16K 16K 78643K 44 0
ioctlops 0 0K 4K 78643K 216 0
iov 0 0K 16K 78643K 238 0
mount 1 1K 1K 78643K 1 0
vnodes 1226 77K 77K 78643K 3025 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 0K 78643K 453 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12598 0
file desc 5 13K 25K 78643K 5507 0
sigio 0 0K 0K 78643K 19 0
proc 50 38K 63K 78643K 877 0
subproc 23 1K 2K 78643K 153 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 333 0
in_multi 22 1K 2K 78643K 345 0
ether_multi 1 0K 0K 78643K 114 0
mrt 0 0K 0K 78643K 27 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 67 307K 307K 78643K 67 0
exec 0 0K 2K 78643K 642 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 142 88K 92K 78643K 12511 0
UVM aobj 44 2K 2K 78643K 44 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 279 0
NDP 13 0K 0K 78643K 54 0
temp 145 3985K 4049K 78643K 50228 0
kqueue 6 10K 18K 78643K 249 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 20 0 16 1 0 1 1 0 8 0
rtpcb 120 131 0 129 1 0 1 1 0 8 0
rtentry 112 131 0 98 2 0 2 2 0 8 0
unpcb 120 835 0 826 1 0 1 1 0 8 0
syncache 296 40 0 40 3 3 0 1 0 8 0
tcpqe 32 24 0 24 2 2 0 1 0 8 0
tcpcb 736 733 0 729 20 18 2 7 0 8 1
inpcb 296 1930 0 1923 6 5 1 3 0 8 0
rttmr 72 4 0 4 1 1 0 1 0 8 0
nd6 48 27 0 24 1 0 1 1 0 8 0
pkpcb 40 54 0 54 4 4 0 1 0 8 0
kcovpl 48 9 0 8 1 0 1 1 0 8 0
swfcl 56 18 0 0 1 0 1 1 0 8 0
ppxss 1128 8 0 8 1 1 0 1 0 8 0
pfstscr 40 8 0 7 1 0 1 1 0 8 0
pfosfp 40 2 0 1 1 0 1 1 0 8 0
pfosfpen 112 2 0 1 1 0 1 1 0 8 0
pfrktable 1344 1 0 0 1 0 1 1 0 8 0
pftag 88 8 0 0 1 0 1 1 0 8 0
pfqueue 264 10 0 5 2 1 1 1 0 8 0
pfstitem 24 2 0 0 1 0 1 1 0 8 0
pfstkey 112 16 0 14 1 0 1 1 0 8 0
pfstate 328 8 0 7 1 0 1 1 0 8 0
pfrule 1360 91 0 29 6 0 6 6 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 508 0 317 13 0 13 13 0 8 0
art_table 32 509 0 317 2 0 2 2 0 8 0
art_node 16 125 0 85 1 0 1 1 0 8 0
sysvmsgpl 40 12 0 12 1 1 0 1 0 8 0
semupl 112 18 0 18 1 1 0 1 0 8 0
semapl 112 441 0 431 1 0 1 1 0 8 0
shmpl 112 41 0 0 2 0 2 2 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 8374 0 6977 88 0 88 88 0 8 0
ffsino 240 8374 0 6977 83 0 83 83 0 8 0
nchpl 144 15068 0 13490 60 0 60 60 0 8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0
vnodes 224 5926 0 0 349 0 349 349 0 8 0
namei 1024 37363 0 37363 1 0 1 1 0 8 1
vcpupl 1984 4 0 0 1 0 1 1 0 8 0
vmpool 528 4 0 0 1 0 1 1 0 8 0
scxspl 216 42308 0 42308 1 0 1 1 0 8 1
plimitpl 152 278 0 270 1 0 1 1 0 8 0
sigapl 424 5696 0 5645 6 0 6 6 0 8 0
futexpl 56 44126 0 44126 1 0 1 1 0 8 1
knotepl 112 57242 0 57222 1 0 1 1 0 8 0
kqueuepl 168 3144 0 3131 1 0 1 1 0 8 0
pipepl 304 205 0 197 8 6 2 2 0 8 1
fdescpl 432 5659 0 5645 2 0 2 2 0 8 0
filepl 120 18564 0 18478 4 0 4 4 0 8 0
lockfpl 104 673 0 672 1 0 1 1 0 8 0
lockfspl 48 257 0 256 1 0 1 1 0 8 0
sessionpl 144 25 0 15 1 0 1 1 0 8 0
pgrppl 48 44 0 34 1 0 1 1 0 8 0
ucredpl 96 2544 0 2537 1 0 1 1 0 8 0
zombiepl 144 5646 0 5645 1 0 1 1 0 8 0
processpl 1008 5696 0 5645 8 1 7 7 0 8 0
procpl 672 11489 0 11431 7 1 6 6 0 8 0
sosppl 168 65 0 65 6 6 0 1 0 8 0
sockpl 432 2955 0 2937 8 5 3 6 0 8 0
mcl64k 65536 223 0 223 5 5 0 1 0 8 0
mcl16k 16384 38 0 38 2 2 0 1 0 8 0
mcl12k 12288 133 0 133 8 8 0 1 0 8 0
mcl9k 9216 34 0 34 5 5 0 1 0 8 0
mcl8k 8192 33 0 33 6 6 0 1 0 8 0
mcl4k 4096 140 0 140 7 7 0 1 0 8 0
mcl2k2 2112 8 0 8 2 1 1 1 0 8 1
mcl2k 2048 37730 0 37691 45 37 8 17 0 8 2
mtagpl 96 394 0 335 7 4 3 3 0 8 0
mbufpl 256 193874 0 193601 63 39 24 28 0 8 0
bufpl 280 10043 0 3724 452 0 452 452 0 8 0
anonpl 16 432995 0 427479 70 42 28 52 0 126 0
amapchunkpl 152 20846 0 20680 24 17 7 15 0 158 0
amappl16 192 20493 0 20246 43 29 14 33 0 8 1
amappl15 184 537 0 535 1 0 1 1 0 8 0
amappl14 176 454 0 450 1 0 1 1 0 8 0
amappl13 168 737 0 733 1 0 1 1 0 8 0
amappl12 160 14 0 10 1 0 1 1 0 8 0
amappl11 152 74 0 63 1 0 1 1 0 8 0
amappl10 144 1524 0 1520 1 0 1 1 0 8 0
amappl9 136 760 0 759 2 1 1 1 0 8 0
amappl8 128 254 0 197 2 0 2 2 0 8 0
amappl7 120 1046 0 1040 1 0 1 1 0 8 0
amappl6 112 1618 0 1606 1 0 1 1 0 8 0
amappl5 104 5713 0 5697 1 0 1 1 0 8 0
amappl4 96 302 0 274 1 0 1 1 0 8 0
amappl3 88 1532 0 1521 1 0 1 1 0 8 0
amappl2 80 44668 0 44594 2 0 2 2 0 8 0
amappl1 72 154833 0 154374 24 14 10 18 0 8 0
amappl 80 11815 0 11761 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 43 0 0 1 0 1 1 0 8 0
uaddrrnd 24 5663 0 5645 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 5663 0 5645 1 0 1 1 0 8 0
vmmpekpl 168 25323 0 25291 2 0 2 2 0 8 0
vmmpepl 168 696044 0 694602 119 50 69 82 0 357 3
vmsppl 272 5662 0 5645 4 2 2 2 0 8 0
pdppl 4096 11332 0 11294 56 16 40 40 0 8 2
pvpl 32 2002237 0 1993161 223 137 86 137 0 265 4
pmappl 200 5662 0 5645 1 0 1 1 0 8 0
extentpl 40 58 0 40 1 0 1 1 0 8 0
phpool 112 406 0 134 9 0 9 9 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
pfi_ifhead_RB_REMOVE(ffffffff8281bd18,ffff800000b75d00) at pfi_ifhead_RB_REMOVE+0x50 sys/net/pf_if.c:80
pfi_detach_ifgroup(ffff800000af6180) at pfi_detach_ifgroup+0x11b pfi_kif_unref sys/net/pf_if.c:211 [inline]
pfi_detach_ifgroup(ffff800000af6180) at pfi_detach_ifgroup+0x11b sys/net/pf_if.c:304
if_delgroup(ffff800000b76000,ffff800000af6180) at if_delgroup+0x193 sys/net/if.c:2673
if_detach(ffff800000b76000) at if_detach+0x1ab sys/net/if.c:1036
tun_clone_destroy(ffff800000b76000) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:325
if_clone_destroy(ffff800024734da0) at if_clone_destroy+0x136 sys/net/if.c:1195
tun_dev_close(5d00,7) at tun_dev_close+0x140 sys/net/if_tun.c:476
spec_close(ffff800024734e70) at spec_close+0x311 sys/kern/spec_vnops.c:560
VOP_CLOSE(fffffd807893fda0,7,fffffd807f7b7780,ffff800024759a40) at VOP_CLOSE+0xe2 sys/kern/vfs_vops.c:177
vn_closefile(fffffd806cd514c8,ffff800024759a40) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd806cd514c8,ffff800024759a40) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614
fdrop(fffffd806cd514c8,ffff800024759a40) at fdrop+0xc2 sys/kern/kern_descrip.c:1279
closef(fffffd806cd514c8,ffff800024759a40) at closef+0x117 sys/kern/kern_descrip.c:1263
fdfree(ffff800024759a40) at fdfree+0xf3 sys/kern/kern_descrip.c:1195
exit1(ffff800024759a40,0,0,1) at exit1+0x325 sys/kern/kern_exit.c:200
sys_exit(ffff800024759a40,ffff800024735100,ffff800024735150) at sys_exit+0x16 sys/kern/kern_exit.c:96
syscall(ffff8000247351d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:590
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe1660, count: -17
ddb> machine ddbcpu 1
No such command
ddb> trace
pfi_ifhead_RB_REMOVE(ffffffff8281bd18,ffff800000b75d00) at pfi_ifhead_RB_REMOVE+0x50 sys/net/pf_if.c:80
pfi_detach_ifgroup(ffff800000af6180) at pfi_detach_ifgroup+0x11b pfi_kif_unref sys/net/pf_if.c:211 [inline]
pfi_detach_ifgroup(ffff800000af6180) at pfi_detach_ifgroup+0x11b sys/net/pf_if.c:304
if_delgroup(ffff800000b76000,ffff800000af6180) at if_delgroup+0x193 sys/net/if.c:2673
if_detach(ffff800000b76000) at if_detach+0x1ab sys/net/if.c:1036
tun_clone_destroy(ffff800000b76000) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:325
if_clone_destroy(ffff800024734da0) at if_clone_destroy+0x136 sys/net/if.c:1195
tun_dev_close(5d00,7) at tun_dev_close+0x140 sys/net/if_tun.c:476
spec_close(ffff800024734e70) at spec_close+0x311 sys/kern/spec_vnops.c:560
VOP_CLOSE(fffffd807893fda0,7,fffffd807f7b7780,ffff800024759a40) at VOP_CLOSE+0xe2 sys/kern/vfs_vops.c:177
vn_closefile(fffffd806cd514c8,ffff800024759a40) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline]
vn_closefile(fffffd806cd514c8,ffff800024759a40) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614
fdrop(fffffd806cd514c8,ffff800024759a40) at fdrop+0xc2 sys/kern/kern_descrip.c:1279
closef(fffffd806cd514c8,ffff800024759a40) at closef+0x117 sys/kern/kern_descrip.c:1263
fdfree(ffff800024759a40) at fdfree+0xf3 sys/kern/kern_descrip.c:1195
exit1(ffff800024759a40,0,0,1) at exit1+0x325 sys/kern/kern_exit.c:200
sys_exit(ffff800024759a40,ffff800024735100,ffff800024735150) at sys_exit+0x16 sys/kern/kern_exit.c:96
syscall(ffff8000247351d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:590
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe1660, count: -17