kernel: protection fault trap, code=0 Stopped at pfi_ifhead_RB_REMOVE+0x50: movq 0x10(%r12),%rbx ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace pfi_ifhead_RB_REMOVE(ffffffff828e8ef0,ffff800000b64f00) at pfi_ifhead_RB_REMOVE+0x50 sys/net/pf_if.c:80 pfi_detach_ifgroup(ffff800000af6180) at pfi_detach_ifgroup+0x11b pfi_kif_unref sys/net/pf_if.c:211 [inline] pfi_detach_ifgroup(ffff800000af6180) at pfi_detach_ifgroup+0x11b sys/net/pf_if.c:304 if_delgroup(ffff800000ae5000,ffff800000af6180) at if_delgroup+0x193 sys/net/if.c:2700 if_detach(ffff800000ae5000) at if_detach+0x1cb sys/net/if.c:1049 tun_clone_destroy(ffff800000ae5000) at tun_clone_destroy+0x1e1 sys/net/if_tun.c:325 if_clone_destroy(ffff8000212c8c20) at if_clone_destroy+0x136 sys/net/if.c:1212 tun_dev_close(5d01,7) at tun_dev_close+0x140 sys/net/if_tun.c:479 spec_close(ffff8000212c8cf0) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd807dd54948,7,fffffd807f7b7840,ffff800021282d20) at VOP_CLOSE+0xeb sys/kern/vfs_vops.c:177 vn_closefile(fffffd806a3f7c90,ffff800021282d20) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd806a3f7c90,ffff800021282d20) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614 fdrop(fffffd806a3f7c90,ffff800021282d20) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd806a3f7c90,ffff800021282d20) at closef+0x11c sys/kern/kern_descrip.c:1263 fdfree(ffff800021282d20) at fdfree+0xf4 sys/kern/kern_descrip.c:1195 exit1(ffff800021282d20,0,19,1) at exit1+0x335 sys/kern/kern_exit.c:200 postsig(ffff800021282d20,19) at postsig+0x59c sigexit sys/kern/kern_sig.c:1494 [inline] postsig(ffff800021282d20,19) at postsig+0x59c sys/kern/kern_sig.c:1423 userret(ffff800021282d20) at userret+0x189 sys/kern/kern_sig.c:1914 syscall(ffff8000212c9170) at syscall+0x55c mi_syscall_return sys/sys/syscall_mi.h:129 [inline] syscall(ffff8000212c9170) at syscall+0x55c sys/arch/amd64/amd64/trap.c:612 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd8750, count: -18 ddb{1}> show registers rdi 0xffffffff828e8ef0 pfi_ifs rsi 0xffff800000b64f00 rbp 0xffff8000212c8a80 rbx 0xdeadbeefdeadbeef rdx 0 rcx 0xffff800000af6600 rax 0xffff800000b64f10 r8 0xf8 r9 0x8080808080808080 r10 0x8891045c65a280a2 r11 0xfbe149141ae6046b r12 0xdeadbeefdeadbeef r13 0xffff800000afbaa0 r14 0xffff800000b64f00 r15 0xffffffff828e8ef0 pfi_ifs rip 0xffffffff81b0dae0 pfi_ifhead_RB_REMOVE+0x50 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff8000212c8a20 ss 0x10 pfi_ifhead_RB_REMOVE+0x50: movq 0x10(%r12),%rbx ddb{1}> show proc PROC (syz-executor.1) pid=250963 stat=onproc flags process=a proc=2000 pri=32, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff8000211c27e8,0xffff800021283510 process=0xffff800021234010 user=0xffff8000212c4000, vmspace=0xfffffd8008492730 estcpu=30, cpticks=1, pctcpu=0.75 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 30081 201518 1 0 3 0x100083 ttyin getty 45401 195089 69614 0 3 0x82 piperd syz-executor.0 33158 510993 0 0 3 0x14280 nfsidl nfsio 18862 325036 0 0 3 0x14280 nfsidl nfsio 53152 426306 0 0 3 0x14280 nfsidl nfsio 35813 297860 0 0 3 0x14280 nfsidl nfsio 57636 286032 0 0 3 0x14280 nfsidl nfsio 53563 275525 0 0 3 0x14280 nfsidl nfsio 42285 200489 0 0 3 0x14280 nfsidl nfsio 57346 228890 0 0 3 0x14280 nfsidl nfsio 19502 420929 0 0 3 0x14280 nfsidl nfsio 43029 184974 0 0 3 0x14280 nfsidl nfsio 18760 441278 0 0 3 0x14280 nfsidl nfsio 28000 253664 0 0 3 0x14280 nfsidl nfsio 2474 468105 0 0 3 0x14280 nfsidl nfsio 51738 272221 0 0 3 0x14280 nfsidl nfsio 87 237517 0 0 3 0x14280 nfsidl nfsio 30902 109433 0 0 3 0x14280 nfsidl nfsio 36431 494284 0 0 3 0x14280 nfsidl nfsio 85009 256821 0 0 3 0x14280 nfsidl nfsio 7233 29484 0 0 3 0x14280 nfsidl nfsio 3282 332508 0 0 3 0x14280 nfsidl nfsio 88885 369720 0 0 3 0x14200 bored sosplice 69614 147013 19671 0 3 0x82 kqread syz-fuzzer 69614 100461 19671 0 3 0x4000082 thrsleep syz-fuzzer 69614 373464 19671 0 3 0x4000082 thrsleep syz-fuzzer 69614 221891 19671 0 3 0x4000082 thrsleep syz-fuzzer 69614 318800 19671 0 3 0x4000082 thrsleep syz-fuzzer 69614 266722 19671 0 3 0x4000082 thrsleep syz-fuzzer 69614 205182 19671 0 3 0x4000082 thrsleep syz-fuzzer 69614 511001 19671 0 3 0x4000082 thrsleep syz-fuzzer 19671 54716 31580 0 3 0x10008a sigsusp ksh 31580 444912 11199 0 3 0x92 select sshd 11199 65700 1 0 3 0x80 select sshd 89260 378206 35473 74 3 0x100092 bpf pflogd 35473 243390 1 0 3 0x80 netio pflogd 80204 38846 86173 73 3 0x100090 kqread syslogd 86173 27879 1 0 3 0x100082 netio syslogd 86101 59065 1 77 7 0x100090 dhclient 61519 71591 1 0 3 0x80 poll dhclient 70098 64880 0 0 3 0x14200 bored smr 65270 117216 0 0 3 0x14200 pgzero zerothread 36304 357321 0 0 3 0x14200 aiodoned aiodoned 48277 87311 0 0 3 0x14200 syncer update 85382 523195 0 0 3 0x14200 cleaner cleaner 20212 394877 0 0 3 0x14200 reaper reaper 12321 225555 0 0 3 0x14200 pgdaemon pagedaemon 65432 18382 0 0 3 0x14200 bored crynlk 29721 304484 0 0 3 0x14200 bored crypto 71939 21111 0 0 3 0x14200 bored viomb 86632 396194 0 0 3 0x40014200 acpi0 acpi0 77980 301520 0 0 3 0x40014200 idle1 44983 499905 0 0 3 0x14200 bored softnet 32224 147570 0 0 2 0x14200 systqmp 18563 265004 0 0 3 0x14200 bored systq 44361 82735 0 0 3 0x40014200 bored softclock 30697 293797 0 0 3 0x40014200 idle0 1 411786 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9533 6447K 7450K 78643K 17399 0 pcb 13 8K 8K 78643K 362 0 rtable 84 2K 5K 78643K 786 0 ifaddr 65 13K 14K 78643K 290 0 sysctl 2 0K 0K 78643K 2 0 counters 44 34K 34K 78643K 130 0 ioctlops 0 0K 4K 78643K 1713 0 iov 0 0K 32K 78643K 114 0 mount 1 1K 1K 78643K 1 0 vnodes 1233 78K 78K 78643K 3522 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 91 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 414 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 4 9K 25K 78643K 6438 0 sigio 0 0K 0K 78643K 32 0 proc 62 63K 95K 78643K 876 0 subproc 23 1K 2K 78643K 85 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 326 0 in_multi 22 1K 2K 78643K 324 0 ether_multi 1 0K 0K 78643K 94 0 mrt 0 0K 0K 78643K 100 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 67 307K 307K 78643K 67 0 exec 0 0K 2K 78643K 573 0 pfkey data 0 0K 0K 78643K 5 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 194 273K 273K 78643K 15872 0 UVM aobj 89 8K 8K 78643K 90 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 212 0 NDP 12 0K 0K 78643K 70 0 temp 139 3987K 4055K 78643K 29540 0 kqueue 3 4K 12K 78643K 184 0 SYN cache 2 1208K 1216K 78643K 3 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 12 0 8 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 120 135 0 133 1 0 1 1 0 8 0 rtentry 112 128 0 95 2 0 2 2 0 8 0 unpcb 120 926 0 908 1 0 1 1 0 8 0 syncache 296 52 0 52 7 7 0 1 0 8 0 tcpqe 32 149 0 149 6 6 0 1 0 8 0 tcpcb 736 808 0 796 20 18 2 5 0 8 0 inpcb 304 2253 0 2246 9 7 2 2 0 8 1 rttmr 72 34 0 34 2 2 0 1 0 8 0 nd6 48 26 0 23 1 0 1 1 0 8 0 pkpcb 40 41 0 41 6 6 0 1 0 8 0 kcovpl 48 5 0 4 1 0 1 1 0 8 0 ppxss 1128 6 0 6 3 3 0 1 0 8 0 pffrag 232 4 0 4 1 1 0 1 0 482 0 pffrnode 88 4 0 4 1 1 0 1 0 8 0 pffrent 40 12 0 12 3 2 1 1 0 8 1 pfosfp 40 1450 0 1014 5 0 5 5 0 8 0 pfosfpen 112 1450 0 714 22 0 22 22 0 8 0 pfrktable 1344 3 0 3 1 1 0 1 0 8 0 pfstitem 24 12 0 10 1 0 1 1 0 8 0 pfstkey 112 12 0 10 1 0 1 1 0 8 0 pfstate 320 12 0 10 1 0 1 1 0 8 0 pfrule 1360 93 0 82 3 1 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 331 0 140 13 1 12 13 0 8 0 art_table 32 332 0 140 2 0 2 2 0 8 0 art_node 16 127 0 89 1 0 1 1 0 8 0 semupl 112 9 0 9 1 1 0 1 0 8 0 semapl 112 412 0 402 1 0 1 1 0 8 0 shmpl 112 87 0 11 3 0 3 3 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 9079 0 7675 89 1 88 89 0 8 0 ffsino 272 9079 0 7675 94 0 94 94 0 8 0 nchpl 144 16517 0 14927 60 0 60 60 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 41232 0 41232 2 1 1 1 0 8 1 percpumem 16 76 0 43 1 0 1 1 0 8 0 vcpupl 1984 16 0 0 2 0 2 2 0 8 0 vmpool 560 17 0 1 2 0 2 2 0 8 0 pfiaddrpl 120 5 0 5 1 1 0 1 0 8 0 scxspl 216 52791 0 52791 16 15 1 8 0 8 1 plimitpl 152 273 0 265 1 0 1 1 0 8 0 sigapl 424 6667 0 6615 8 1 7 7 0 8 0 futexpl 56 44030 0 44030 2 1 1 1 0 8 1 knotepl 112 309 0 291 1 0 1 1 0 8 0 kqueuepl 168 3118 0 3111 1 0 1 1 0 8 0 pipepl 336 280 0 270 11 10 1 2 0 8 0 fdescpl 496 6630 0 6615 3 0 3 3 0 8 0 filepl 152 20821 0 20730 7 2 5 6 0 8 0 lockfpl 104 878 0 877 1 0 1 1 0 8 0 lockfspl 48 304 0 303 1 0 1 1 0 8 0 sessionpl 144 22 0 11 1 0 1 1 0 8 0 pgrppl 48 53 0 42 1 0 1 1 0 8 0 ucredpl 96 2727 0 2718 1 0 1 1 0 8 0 zombiepl 144 6616 0 6615 1 0 1 1 0 8 0 processpl 1080 6667 0 6615 4 0 4 4 0 8 0 procpl 672 14736 0 14677 6 0 6 6 0 8 0 sosppl 168 55 0 55 7 6 1 1 0 8 1 sockpl 432 3387 0 3360 13 9 4 7 0 8 0 mcl64k 65536 26 0 0 3 0 3 3 0 8 0 mcl16k 16384 5 0 0 1 0 1 1 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 10 0 0 2 0 2 2 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 350 0 0 25 0 25 25 0 8 0 mtagpl 96 231 0 0 6 0 6 6 0 8 0 mbufpl 256 1080 0 0 60 0 60 60 0 8 0 bufpl 280 15017 0 8768 447 0 447 447 0 8 0 anonpl 24 513521 0 505600 134 85 49 97 0 186 0 amapchunkpl 152 26928 0 26678 23 12 11 15 0 158 0 amappl16 200 25467 0 25198 71 56 15 37 0 8 0 amappl15 192 991 0 990 1 0 1 1 0 8 0 amappl14 184 1791 0 1787 1 0 1 1 0 8 0 amappl13 176 504 0 502 1 0 1 1 0 8 0 amappl12 168 5 0 1 1 0 1 1 0 8 0 amappl11 160 67 0 50 1 0 1 1 0 8 0 amappl10 152 9 0 6 1 0 1 1 0 8 0 amappl9 144 18 0 17 2 1 1 1 0 8 0 amappl8 136 294 0 217 4 1 3 3 0 8 0 amappl7 128 283 0 276 1 0 1 1 0 8 0 amappl6 120 92 0 75 1 0 1 1 0 8 0 amappl5 112 6959 0 6940 1 0 1 1 0 8 0 amappl4 104 760 0 733 1 0 1 1 0 8 0 amappl3 96 695 0 688 1 0 1 1 0 8 0 amappl2 88 54224 0 54155 3 1 2 3 0 8 0 amappl1 80 190818 0 190358 37 26 11 21 0 8 0 amappl 88 15119 0 15038 2 0 2 2 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 89 0 1 2 0 2 2 0 8 0 uaddrrnd 24 6647 0 6616 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 6647 0 6616 1 0 1 1 0 8 0 vmmpekpl 168 36180 0 36144 3 0 3 3 0 8 0 vmmpepl 168 830524 0 829072 135 60 75 92 0 357 0 vmsppl 368 6646 0 6616 3 0 3 3 0 8 0 rwobjpl 56 176946 0 175938 41 25 16 21 0 8 0 pdppl 4096 13301 0 13248 75 18 57 57 0 8 4 pvpl 32 2668216 0 2657416 259 162 97 160 0 265 2 pmappl 232 6646 0 6616 3 1 2 2 0 8 0 extentpl 40 58 0 40 1 0 1 1 0 8 0 phpool 112 411 0 52 11 0 11 11 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff82739ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x37 kd_curproc sys/dev/kcov.c:570 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x37 sys/dev/kcov.c:143 __mp_lock(ffffffff828c64d8) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828c64d8) at __mp_lock+0x133 sys/kern/kern_lock.c:147 __mp_acquire_count(ffffffff828c64d8,2) at __mp_acquire_count+0x4c sys/kern/kern_lock.c:227 mi_switch() at mi_switch+0x390 sys/kern/sched_bsd.c:433 sleep_finish(ffff800021200398,1) at sleep_finish+0x111 sys/kern/kern_synch.c:427 sleep_finish_all(ffff800021200398,1) at sleep_finish_all+0x32 sleep_finish_timeout sys/kern/kern_synch.c:457 [inline] sleep_finish_all(ffff800021200398,1) at sleep_finish_all+0x32 sys/kern/kern_synch.c:402 tsleep(ffffffff8293b0b0,118,ffffffff8242365a,4170bd) at tsleep+0x1f2 sys/kern/kern_synch.c:163 doppoll(ffff8000211c37a8,7f7fffff6450,3,ffff800021200528,0,ffff8000212005e0) at doppoll+0x577 sys_poll(ffff8000211c37a8,ffff800021200590,ffff8000212005e0) at sys_poll+0xa7 syscall(ffff800021200660) at syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800021200660) at syscall+0x4a1 sys/arch/amd64/amd64/trap.c:590 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff6430, count: -14 ddb{0}> machine ddbcpu 1 Stopped at pfi_ifhead_RB_REMOVE+0x50: movq 0x10(%r12),%rbx ddb{1}> trace pfi_ifhead_RB_REMOVE(ffffffff828e8ef0,ffff800000b64f00) at pfi_ifhead_RB_REMOVE+0x50 sys/net/pf_if.c:80 pfi_detach_ifgroup(ffff800000af6180) at pfi_detach_ifgroup+0x11b pfi_kif_unref sys/net/pf_if.c:211 [inline] pfi_detach_ifgroup(ffff800000af6180) at pfi_detach_ifgroup+0x11b sys/net/pf_if.c:304 if_delgroup(ffff800000ae5000,ffff800000af6180) at if_delgroup+0x193 sys/net/if.c:2700 if_detach(ffff800000ae5000) at if_detach+0x1cb sys/net/if.c:1049 tun_clone_destroy(ffff800000ae5000) at tun_clone_destroy+0x1e1 sys/net/if_tun.c:325 if_clone_destroy(ffff8000212c8c20) at if_clone_destroy+0x136 sys/net/if.c:1212 tun_dev_close(5d01,7) at tun_dev_close+0x140 sys/net/if_tun.c:479 spec_close(ffff8000212c8cf0) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd807dd54948,7,fffffd807f7b7840,ffff800021282d20) at VOP_CLOSE+0xeb sys/kern/vfs_vops.c:177 vn_closefile(fffffd806a3f7c90,ffff800021282d20) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd806a3f7c90,ffff800021282d20) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614 fdrop(fffffd806a3f7c90,ffff800021282d20) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd806a3f7c90,ffff800021282d20) at closef+0x11c sys/kern/kern_descrip.c:1263 fdfree(ffff800021282d20) at fdfree+0xf4 sys/kern/kern_descrip.c:1195 exit1(ffff800021282d20,0,19,1) at exit1+0x335 sys/kern/kern_exit.c:200 postsig(ffff800021282d20,19) at postsig+0x59c sigexit sys/kern/kern_sig.c:1494 [inline] postsig(ffff800021282d20,19) at postsig+0x59c sys/kern/kern_sig.c:1423 userret(ffff800021282d20) at userret+0x189 sys/kern/kern_sig.c:1914 syscall(ffff8000212c9170) at syscall+0x55c mi_syscall_return sys/sys/syscall_mi.h:129 [inline] syscall(ffff8000212c9170) at syscall+0x55c sys/arch/amd64/amd64/trap.c:612 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd8750, count: -18