login: kernel: protection fault trap, code=0 Stopped at pfi_ifhead_RB_REMOVE+0x50: movq 0x10(%r12),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace pfi_ifhead_RB_REMOVE(ffffffff8281bd18,ffff800000b75d00) at pfi_ifhead_RB_REMOVE+0x50 sys/net/pf_if.c:80 pfi_detach_ifgroup(ffff800000af6180) at pfi_detach_ifgroup+0x11b pfi_kif_unref sys/net/pf_if.c:211 [inline] pfi_detach_ifgroup(ffff800000af6180) at pfi_detach_ifgroup+0x11b sys/net/pf_if.c:304 if_delgroup(ffff800000b76000,ffff800000af6180) at if_delgroup+0x193 sys/net/if.c:2673 if_detach(ffff800000b76000) at if_detach+0x1ab sys/net/if.c:1036 tun_clone_destroy(ffff800000b76000) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:325 if_clone_destroy(ffff800024734da0) at if_clone_destroy+0x136 sys/net/if.c:1195 tun_dev_close(5d00,7) at tun_dev_close+0x140 sys/net/if_tun.c:476 spec_close(ffff800024734e70) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd807893fda0,7,fffffd807f7b7780,ffff800024759a40) at VOP_CLOSE+0xe2 sys/kern/vfs_vops.c:177 vn_closefile(fffffd806cd514c8,ffff800024759a40) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd806cd514c8,ffff800024759a40) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614 fdrop(fffffd806cd514c8,ffff800024759a40) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd806cd514c8,ffff800024759a40) at closef+0x117 sys/kern/kern_descrip.c:1263 fdfree(ffff800024759a40) at fdfree+0xf3 sys/kern/kern_descrip.c:1195 exit1(ffff800024759a40,0,0,1) at exit1+0x325 sys/kern/kern_exit.c:200 sys_exit(ffff800024759a40,ffff800024735100,ffff800024735150) at sys_exit+0x16 sys/kern/kern_exit.c:96 syscall(ffff8000247351d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:590 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe1660, count: -17 ddb> show registers rdi 0xffffffff8281bd18 pfi_ifs rsi 0xffff800000b75d00 rbp 0xffff800024734c00 rbx 0xdeafbeaddeafbead rdx 0 rcx 0xffff800000af6f00 rax 0xffff800000b75d10 r8 0xf8 r9 0x8080808080808080 r10 0xcdaa794a362085f4 r11 0x13bbe9a238b0c938 r12 0xdeafbeaddeafbead r13 0xffff800000b26320 r14 0xffff800000b75d00 r15 0xffffffff8281bd18 pfi_ifs rip 0xffffffff817bf150 pfi_ifhead_RB_REMOVE+0x50 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff800024734ba0 ss 0x10 pfi_ifhead_RB_REMOVE+0x50: movq 0x10(%r12),%rbx ddb> show proc PROC (syz-executor.0) pid=63965 stat=onproc flags process=1008 proc=2000 pri=32, usrpri=77, nice=20 forw=0xffffffffffffffff, list=0xffff800024758540,0xffff800024759510 process=0xffff8000247393b8 user=0xffff800024730000, vmspace=0xfffffd8066e5e440 estcpu=27, cpticks=2, pctcpu=0.10 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 74719 334469 59688 0 2 0 syz-executor.1 74719 523858 59688 0 3 0x4000080 ttyout syz-executor.1 90228 153551 1 0 3 0x100083 ttyin getty 59688 315404 43732 0 3 0x82 nanoslp syz-executor.1 41264 36687 0 0 3 0x14280 nfsidl nfsio 95804 193832 0 0 3 0x14280 nfsidl nfsio 14643 509648 0 0 3 0x14280 nfsidl nfsio 51187 427727 0 0 3 0x14280 nfsidl nfsio 76228 157278 0 0 3 0x14280 nfsidl nfsio 76236 22798 0 0 3 0x14280 nfsidl nfsio 1515 371666 0 0 3 0x14280 nfsidl nfsio 23630 169439 0 0 3 0x14280 nfsidl nfsio 70775 169966 0 0 3 0x14280 nfsidl nfsio 533 126612 0 0 3 0x14280 nfsidl nfsio 62651 281569 0 0 3 0x14280 nfsidl nfsio 33726 234094 0 0 3 0x14280 nfsidl nfsio 99779 345662 0 0 3 0x14280 nfsidl nfsio 47838 390725 0 0 3 0x14280 nfsidl nfsio 90039 378361 0 0 3 0x14280 nfsidl nfsio 87639 207629 0 0 3 0x14280 nfsidl nfsio 54444 261107 0 0 3 0x14280 nfsidl nfsio 63134 155099 0 0 3 0x14280 nfsidl nfsio 5930 39235 0 0 3 0x14280 nfsidl nfsio 161 414744 0 0 3 0x14280 nfsidl nfsio 23071 516333 0 0 3 0x14200 bored sosplice 44074 516728 0 0 3 0x14200 acct acct 43732 178965 82644 0 3 0x82 thrsleep syz-fuzzer 43732 188977 82644 0 3 0x4000082 thrsleep syz-fuzzer 43732 396463 82644 0 3 0x4000082 kqread syz-fuzzer 43732 488993 82644 0 3 0x4000082 thrsleep syz-fuzzer 43732 150283 82644 0 3 0x4000082 thrsleep syz-fuzzer 43732 503051 82644 0 3 0x4000082 thrsleep syz-fuzzer 43732 503270 82644 0 3 0x4000082 thrsleep syz-fuzzer 82644 143099 98382 0 3 0x10008a sigsusp ksh 98382 493209 78463 0 3 0x92 kqread sshd 78463 476267 1 0 3 0x80 kqread sshd 23919 287907 20585 73 3 0x100090 kqread syslogd 20585 162422 1 0 3 0x100082 netio syslogd 68708 498583 1 77 2 0x100090 dhclient 24554 194143 1 0 3 0x80 poll dhclient 96928 407247 0 0 3 0x14200 bored smr 92643 445413 0 0 2 0x14200 zerothread 48738 195020 0 0 3 0x14200 aiodoned aiodoned 71542 246649 0 0 3 0x14200 syncer update 88148 411258 0 0 3 0x14200 cleaner cleaner 77237 261665 0 0 3 0x14200 reaper reaper 55473 336950 0 0 3 0x14200 pgdaemon pagedaemon 92635 21104 0 0 3 0x14200 bored crynlk 87125 93880 0 0 3 0x14200 bored crypto 99590 479665 0 0 3 0x14200 bored viomb 11381 158856 0 0 3 0x40014200 acpi0 acpi0 24094 127772 0 0 3 0x14200 bored softnet 77525 130090 0 0 2 0x14200 systqmp 41716 56691 0 0 3 0x14200 bored systq 23700 2403 0 0 3 0x40014200 bored softclock 41412 272711 0 0 3 0x40014200 idle0 1 317482 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9528 6371K 6999K 78643K 15602 0 pcb 13 8K 8K 78643K 380 0 rtable 88 3K 4K 78643K 840 0 ifaddr 71 14K 15K 78643K 197 0 counters 21 16K 16K 78643K 44 0 ioctlops 0 0K 4K 78643K 216 0 iov 0 0K 16K 78643K 238 0 mount 1 1K 1K 78643K 1 0 vnodes 1226 77K 77K 78643K 3025 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 453 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 5 13K 25K 78643K 5507 0 sigio 0 0K 0K 78643K 19 0 proc 50 38K 63K 78643K 877 0 subproc 23 1K 2K 78643K 153 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 333 0 in_multi 22 1K 2K 78643K 345 0 ether_multi 1 0K 0K 78643K 114 0 mrt 0 0K 0K 78643K 27 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 67 307K 307K 78643K 67 0 exec 0 0K 2K 78643K 642 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 142 88K 92K 78643K 12511 0 UVM aobj 44 2K 2K 78643K 44 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 279 0 NDP 13 0K 0K 78643K 54 0 temp 145 3985K 4049K 78643K 50228 0 kqueue 6 10K 18K 78643K 249 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 20 0 16 1 0 1 1 0 8 0 rtpcb 120 131 0 129 1 0 1 1 0 8 0 rtentry 112 131 0 98 2 0 2 2 0 8 0 unpcb 120 835 0 826 1 0 1 1 0 8 0 syncache 296 40 0 40 3 3 0 1 0 8 0 tcpqe 32 24 0 24 2 2 0 1 0 8 0 tcpcb 736 733 0 729 20 18 2 7 0 8 1 inpcb 296 1930 0 1923 6 5 1 3 0 8 0 rttmr 72 4 0 4 1 1 0 1 0 8 0 nd6 48 27 0 24 1 0 1 1 0 8 0 pkpcb 40 54 0 54 4 4 0 1 0 8 0 kcovpl 48 9 0 8 1 0 1 1 0 8 0 swfcl 56 18 0 0 1 0 1 1 0 8 0 ppxss 1128 8 0 8 1 1 0 1 0 8 0 pfstscr 40 8 0 7 1 0 1 1 0 8 0 pfosfp 40 2 0 1 1 0 1 1 0 8 0 pfosfpen 112 2 0 1 1 0 1 1 0 8 0 pfrktable 1344 1 0 0 1 0 1 1 0 8 0 pftag 88 8 0 0 1 0 1 1 0 8 0 pfqueue 264 10 0 5 2 1 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 112 16 0 14 1 0 1 1 0 8 0 pfstate 328 8 0 7 1 0 1 1 0 8 0 pfrule 1360 91 0 29 6 0 6 6 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 508 0 317 13 0 13 13 0 8 0 art_table 32 509 0 317 2 0 2 2 0 8 0 art_node 16 125 0 85 1 0 1 1 0 8 0 sysvmsgpl 40 12 0 12 1 1 0 1 0 8 0 semupl 112 18 0 18 1 1 0 1 0 8 0 semapl 112 441 0 431 1 0 1 1 0 8 0 shmpl 112 41 0 0 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 8374 0 6977 88 0 88 88 0 8 0 ffsino 240 8374 0 6977 83 0 83 83 0 8 0 nchpl 144 15068 0 13490 60 0 60 60 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 37363 0 37363 1 0 1 1 0 8 1 vcpupl 1984 4 0 0 1 0 1 1 0 8 0 vmpool 528 4 0 0 1 0 1 1 0 8 0 scxspl 216 42308 0 42308 1 0 1 1 0 8 1 plimitpl 152 278 0 270 1 0 1 1 0 8 0 sigapl 424 5696 0 5645 6 0 6 6 0 8 0 futexpl 56 44126 0 44126 1 0 1 1 0 8 1 knotepl 112 57242 0 57222 1 0 1 1 0 8 0 kqueuepl 168 3144 0 3131 1 0 1 1 0 8 0 pipepl 304 205 0 197 8 6 2 2 0 8 1 fdescpl 432 5659 0 5645 2 0 2 2 0 8 0 filepl 120 18564 0 18478 4 0 4 4 0 8 0 lockfpl 104 673 0 672 1 0 1 1 0 8 0 lockfspl 48 257 0 256 1 0 1 1 0 8 0 sessionpl 144 25 0 15 1 0 1 1 0 8 0 pgrppl 48 44 0 34 1 0 1 1 0 8 0 ucredpl 96 2544 0 2537 1 0 1 1 0 8 0 zombiepl 144 5646 0 5645 1 0 1 1 0 8 0 processpl 1008 5696 0 5645 8 1 7 7 0 8 0 procpl 672 11489 0 11431 7 1 6 6 0 8 0 sosppl 168 65 0 65 6 6 0 1 0 8 0 sockpl 432 2955 0 2937 8 5 3 6 0 8 0 mcl64k 65536 223 0 223 5 5 0 1 0 8 0 mcl16k 16384 38 0 38 2 2 0 1 0 8 0 mcl12k 12288 133 0 133 8 8 0 1 0 8 0 mcl9k 9216 34 0 34 5 5 0 1 0 8 0 mcl8k 8192 33 0 33 6 6 0 1 0 8 0 mcl4k 4096 140 0 140 7 7 0 1 0 8 0 mcl2k2 2112 8 0 8 2 1 1 1 0 8 1 mcl2k 2048 37730 0 37691 45 37 8 17 0 8 2 mtagpl 96 394 0 335 7 4 3 3 0 8 0 mbufpl 256 193874 0 193601 63 39 24 28 0 8 0 bufpl 280 10043 0 3724 452 0 452 452 0 8 0 anonpl 16 432995 0 427479 70 42 28 52 0 126 0 amapchunkpl 152 20846 0 20680 24 17 7 15 0 158 0 amappl16 192 20493 0 20246 43 29 14 33 0 8 1 amappl15 184 537 0 535 1 0 1 1 0 8 0 amappl14 176 454 0 450 1 0 1 1 0 8 0 amappl13 168 737 0 733 1 0 1 1 0 8 0 amappl12 160 14 0 10 1 0 1 1 0 8 0 amappl11 152 74 0 63 1 0 1 1 0 8 0 amappl10 144 1524 0 1520 1 0 1 1 0 8 0 amappl9 136 760 0 759 2 1 1 1 0 8 0 amappl8 128 254 0 197 2 0 2 2 0 8 0 amappl7 120 1046 0 1040 1 0 1 1 0 8 0 amappl6 112 1618 0 1606 1 0 1 1 0 8 0 amappl5 104 5713 0 5697 1 0 1 1 0 8 0 amappl4 96 302 0 274 1 0 1 1 0 8 0 amappl3 88 1532 0 1521 1 0 1 1 0 8 0 amappl2 80 44668 0 44594 2 0 2 2 0 8 0 amappl1 72 154833 0 154374 24 14 10 18 0 8 0 amappl 80 11815 0 11761 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 43 0 0 1 0 1 1 0 8 0 uaddrrnd 24 5663 0 5645 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5663 0 5645 1 0 1 1 0 8 0 vmmpekpl 168 25323 0 25291 2 0 2 2 0 8 0 vmmpepl 168 696044 0 694602 119 50 69 82 0 357 3 vmsppl 272 5662 0 5645 4 2 2 2 0 8 0 pdppl 4096 11332 0 11294 56 16 40 40 0 8 2 pvpl 32 2002237 0 1993161 223 137 86 137 0 265 4 pmappl 200 5662 0 5645 1 0 1 1 0 8 0 extentpl 40 58 0 40 1 0 1 1 0 8 0 phpool 112 406 0 134 9 0 9 9 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pfi_ifhead_RB_REMOVE(ffffffff8281bd18,ffff800000b75d00) at pfi_ifhead_RB_REMOVE+0x50 sys/net/pf_if.c:80 pfi_detach_ifgroup(ffff800000af6180) at pfi_detach_ifgroup+0x11b pfi_kif_unref sys/net/pf_if.c:211 [inline] pfi_detach_ifgroup(ffff800000af6180) at pfi_detach_ifgroup+0x11b sys/net/pf_if.c:304 if_delgroup(ffff800000b76000,ffff800000af6180) at if_delgroup+0x193 sys/net/if.c:2673 if_detach(ffff800000b76000) at if_detach+0x1ab sys/net/if.c:1036 tun_clone_destroy(ffff800000b76000) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:325 if_clone_destroy(ffff800024734da0) at if_clone_destroy+0x136 sys/net/if.c:1195 tun_dev_close(5d00,7) at tun_dev_close+0x140 sys/net/if_tun.c:476 spec_close(ffff800024734e70) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd807893fda0,7,fffffd807f7b7780,ffff800024759a40) at VOP_CLOSE+0xe2 sys/kern/vfs_vops.c:177 vn_closefile(fffffd806cd514c8,ffff800024759a40) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd806cd514c8,ffff800024759a40) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614 fdrop(fffffd806cd514c8,ffff800024759a40) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd806cd514c8,ffff800024759a40) at closef+0x117 sys/kern/kern_descrip.c:1263 fdfree(ffff800024759a40) at fdfree+0xf3 sys/kern/kern_descrip.c:1195 exit1(ffff800024759a40,0,0,1) at exit1+0x325 sys/kern/kern_exit.c:200 sys_exit(ffff800024759a40,ffff800024735100,ffff800024735150) at sys_exit+0x16 sys/kern/kern_exit.c:96 syscall(ffff8000247351d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:590 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe1660, count: -17 ddb> machine ddbcpu 1 No such command ddb> trace pfi_ifhead_RB_REMOVE(ffffffff8281bd18,ffff800000b75d00) at pfi_ifhead_RB_REMOVE+0x50 sys/net/pf_if.c:80 pfi_detach_ifgroup(ffff800000af6180) at pfi_detach_ifgroup+0x11b pfi_kif_unref sys/net/pf_if.c:211 [inline] pfi_detach_ifgroup(ffff800000af6180) at pfi_detach_ifgroup+0x11b sys/net/pf_if.c:304 if_delgroup(ffff800000b76000,ffff800000af6180) at if_delgroup+0x193 sys/net/if.c:2673 if_detach(ffff800000b76000) at if_detach+0x1ab sys/net/if.c:1036 tun_clone_destroy(ffff800000b76000) at tun_clone_destroy+0x1c7 sys/net/if_tun.c:325 if_clone_destroy(ffff800024734da0) at if_clone_destroy+0x136 sys/net/if.c:1195 tun_dev_close(5d00,7) at tun_dev_close+0x140 sys/net/if_tun.c:476 spec_close(ffff800024734e70) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd807893fda0,7,fffffd807f7b7780,ffff800024759a40) at VOP_CLOSE+0xe2 sys/kern/vfs_vops.c:177 vn_closefile(fffffd806cd514c8,ffff800024759a40) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd806cd514c8,ffff800024759a40) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614 fdrop(fffffd806cd514c8,ffff800024759a40) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd806cd514c8,ffff800024759a40) at closef+0x117 sys/kern/kern_descrip.c:1263 fdfree(ffff800024759a40) at fdfree+0xf3 sys/kern/kern_descrip.c:1195 exit1(ffff800024759a40,0,0,1) at exit1+0x325 sys/kern/kern_exit.c:200 sys_exit(ffff800024759a40,ffff800024735100,ffff800024735150) at sys_exit+0x16 sys/kern/kern_exit.c:96 syscall(ffff8000247351d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:590 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe1660, count: -17