login: kernel: protection fault trap, code=0 Stopped at bpfdetach+0x70: movq 0(%r15),%r12 ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace bpfdetach(ffff8000013f7800) at bpfdetach+0x70 sys/net/bpf.c:1769 if_detach(ffff8000013f7800) at if_detach+0x153 sys/net/if.c:1194 tun_clone_destroy(ffff8000013f7800) at tun_clone_destroy+0x2d6 sys/net/if_tun.c:346 if_clone_destroy(ffff80003c5245c0) at if_clone_destroy+0x1d7 sys/net/if.c:1383 ifioctl(ffff800001493068,80206979,ffff80003c5245c0,ffff80002a3f99d8) at ifioctl+0x5c5 sys_ioctl(ffff80002a3f99d8,ffff80003c5247a0,ffff80003c5246f0) at sys_ioctl+0x5c3 syscall(ffff80003c5247a0) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c5247a0) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5f161925940, count: -8 ddb{0}> show registers rdi 0xffff80003149d000 rsi 0x54ddd acpi_pdirpa+0x40c4e rbp 0xffff80003c5243e0 rbx 0x80206979 __kernel_virt_to_phys+0x206979 rdx 0xffff80003149d000 rcx 0x54ddc acpi_pdirpa+0x40c4d rax 0xffffffff82d8ddb9 bpfdetach+0xb9 r8 0 r9 0xffffffffffffffff r10 0x9248b1bbda1d4490 r11 0xcce2fcce08036905 r12 0xdeaf0002deafbead r13 0x800 r14 0xffff8000013f7800 r15 0xdeaf0002deafbead rip 0xffffffff82d8dd70 bpfdetach+0x70 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c5243b0 ss 0x10 bpfdetach+0x70: movq 0(%r15),%r12 ddb{0}> show proc PROC (syz-executor) tid=433823 pid=99219 tcnt=2 stat=onproc flags process=1000 proc=4080000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80002a3f9748 scnt=1 ecnt=1 forw=0xffffffffffffffff, list=0xffff80003a8b6a68,0xffff80002a3f9758 process=0xffff8000ffff72a8 user=0xffff80003c51f000, vmspace=0xfffffd806e040010 estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 52368 14507 60891 0 2 0 syz-executor 52368 297146 60891 0 2 0x4000000 syz-executor 18934 171228 10627 0 2 0 syz-executor 18934 88605 10627 0 2 0x4000000 syz-executor 18934 4488 10627 0 3 0x4000080 fsleep syz-executor *99219 433823 29450 0 7 0x4081000 syz-executor 99219 232250 29450 0 3 0x4003000 suspend syz-executor 29450 503153 88859 0 3 0x82 nanoslp syz-executor 87677 269350 1 0 3 0x100083 ttyin getty 15467 480371 0 0 3 0x14280 nfsidl nfsio 35611 353952 0 0 3 0x14280 nfsidl nfsio 60310 15493 0 0 3 0x14280 nfsidl nfsio 78564 170118 0 0 3 0x14280 nfsidl nfsio 10768 11971 0 0 3 0x14280 nfsidl nfsio 12169 433020 0 0 3 0x14280 nfsidl nfsio 78088 36762 0 0 3 0x14280 nfsidl nfsio 61659 413238 0 0 3 0x14280 nfsidl nfsio 53455 299242 0 0 3 0x14280 nfsidl nfsio 4119 428322 0 0 3 0x14280 nfsidl nfsio 33188 480147 0 0 3 0x14280 nfsidl nfsio 84281 208820 0 0 3 0x14280 nfsidl nfsio 57962 78387 0 0 3 0x14280 nfsidl nfsio 49151 443058 0 0 3 0x14280 nfsidl nfsio 9936 136108 0 0 3 0x14280 nfsidl nfsio 84109 46355 0 0 3 0x14280 nfsidl nfsio 15222 104611 0 0 3 0x14280 nfsidl nfsio 89448 206833 0 0 3 0x14280 nfsidl nfsio 34402 367299 0 0 3 0x14280 nfsidl nfsio 40005 325136 0 0 3 0x14280 nfsidl nfsio 58538 432910 88859 0 3 0x82 piperd syz-executor 27147 92022 0 0 3 0x14200 bored sosplice 53682 134080 88859 0 3 0x82 piperd syz-executor 29936 305221 88859 0 3 0x82 nanoslp syz-executor 3361 209081 88859 0 3 0x82 piperd syz-executor 60891 462708 88859 0 2 0x3 syz-executor 10627 470408 88859 0 3 0x82 nanoslp syz-executor 13766 323379 88859 0 3 0x82 wait syz-executor 88859 326182 90474 0 2 0x2 syz-executor 90474 487838 69458 0 3 0x10008a sigsusp ksh 69458 167393 41738 0 3 0x98 kqread sshd-session 41738 183289 79172 0 3 0x92 kqread sshd-session 79172 300171 1 0 3 0x88 kqread sshd 14870 280005 9708 74 3 0x1100092 bpf pflogd 9708 161272 1 0 3 0x80 sbwait pflogd 16262 4485 10089 73 3 0x1100090 kqread syslogd 10089 438374 1 0 3 0x100082 sbwait syslogd 47280 461014 1 0 3 0x100080 kqread resolvd 55490 474590 37532 77 3 0x100092 kqread dhcpleased 99814 1496 37532 77 3 0x100092 kqread dhcpleased 37532 47869 1 0 3 0x80 kqread dhcpleased 86888 296301 0 0 3 0x14200 bored smr 4454 400736 0 0 2 0x14200 zerothread 80556 459955 0 0 3 0x14200 aiodoned aiodoned 22871 334164 0 0 3 0x14200 syncer update 80689 47324 0 0 3 0x14200 cleaner cleaner 28733 388466 0 0 7 0x14200 reaper 1176 157060 0 0 3 0x14200 pgdaemon pagedaemon 31728 66912 0 0 3 0x14200 bored viomb 21910 433483 0 0 3 0x40014200 acpi0 acpi0 61796 208741 0 0 3 0x40014200 idle1 26334 170429 0 0 3 0x14200 bored softnet3 5861 149247 0 0 3 0x14200 bored softnet2 44425 311118 0 0 3 0x14200 bored softnet1 64024 481645 0 0 3 0x14200 bored softnet0 75708 225633 0 0 3 0x14200 bored systqmp 69566 61875 0 0 3 0x14200 bored systq 2306 150000 0 0 3 0x14200 tmoslp softclockmp 37498 216612 0 0 3 0x40014200 tmoslp softclock 99634 477979 0 0 3 0x40014200 idle0 1 280892 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 52368 (syz-executor) thread 0xffff80002a2f8f68 (297146) exclusive rwlock futex r = 0 (0xffffffff83801278) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316 #2 sys_futex+0x69 sys/kern/sys_futex.c:98 #3 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] #3 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577 #4 Xsyscall+0x128 Process 99219 (syz-executor) thread 0xffff80002a3f99d8 (433823) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83973e58) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 __mp_acquire_count+0x58 #2 mi_switch+0x4b7 sys/kern/sched_bsd.c:441 #3 sleep_finish+0x24f sys/kern/kern_synch.c:414 #4 rw_do_enter_write+0x1de sys/kern/kern_rwlock.c:292 #5 lf_purgelocks+0x2f sys/kern/vfs_lockf.c:731 #6 vgonel+0x497 sys/kern/vfs_subr.c:1224 #7 vop_generic_revoke+0x3e6 sys/kern/vfs_default.c:128 #8 VOP_REVOKE+0x65 sys/kern/vfs_vops.c:291 #9 vdevgone+0x17b #10 bpfsdetach+0x140 sys/net/bpf.c:1793 #11 bpfdetach+0xa6 #12 if_detach+0x153 sys/net/if.c:1194 #13 tun_clone_destroy+0x2d6 sys/net/if_tun.c:346 #14 if_clone_destroy+0x1d7 sys/net/if.c:1383 #15 ifioctl+0x5c5 #16 sys_ioctl+0x5c3 #17 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] #17 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577 #18 Xsyscall+0x128 exclusive rwlock clonelk r = 0 (0xffffffff8381e5a8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316 #2 if_clone_destroy+0x67 #3 ifioctl+0x5c5 #4 sys_ioctl+0x5c3 #5 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] #5 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577 #6 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10211 11170K 11493K 166960K 13230 0 pcb 17 13K 14K 166960K 211 0 rtable 268 11K 11K 166960K 701 0 pf 35 17K 22K 166960K 219 0 ifaddr 44 8K 8K 166960K 107 0 ifgroup 55 2K 2K 166960K 189 0 sysctl 4 1K 1K 166960K 4 0 counters 64 36K 37K 166960K 332 0 ioctlops 0 0K 4K 166960K 1873 0 iov 0 0K 16K 166960K 64 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1393 88K 88K 166960K 2301 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 22 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 36 0 dirhash 12 2K 2K 166960K 24 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 14 49K 93K 166960K 1110 0 sigio 0 0K 0K 166960K 13 0 proc 73 91K 140K 166960K 723 0 subproc 72 4K 4K 166960K 90 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 190 0 in_multi 99 7K 7K 166960K 166 0 ether_multi 1 0K 0K 166960K 11 0 mrt 0 0K 0K 166960K 5 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 73 334K 334K 166960K 73 0 exec 0 0K 1K 166960K 550 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 205 72K 77K 166960K 12011 0 UVM aobj 21 2K 2K 166960K 23 0 pinsyscall 39 78K 104K 166960K 2259 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 55 0 NDP 14 0K 1K 166960K 71 0 temp 59 8639K 8893K 166960K 46661 0 kqueue 13 20K 30K 166960K 190 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 135 0 132 2 1 1 2 0 8 0 rtentry 112 159 0 42 4 0 4 4 0 8 0 unpcb 144 596 0 579 7 5 2 4 0 8 1 syncache 336 7 0 7 2 2 0 1 0 8 0 tcpqe 32 2 0 2 1 1 0 1 0 8 0 tcpcb 808 401 0 395 12 10 2 8 0 8 1 arp 120 26 0 5 1 0 1 1 0 8 0 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 2 0 2 1 1 0 1 0 8 0 inpcb 376 1279 0 1269 22 17 5 11 0 8 3 nd6 136 33 0 7 1 0 1 1 0 8 0 pkpcb 40 7 0 7 4 3 1 1 0 8 1 kcovpl 48 10 0 2 1 0 1 1 0 8 0 mppekey 1024 2 0 2 2 1 1 2 0 8 1 ppxss 1168 113 0 113 4 3 1 2 0 8 1 pppxif 1472 77 0 77 4 3 1 2 0 8 1 pfstscr 40 1 0 1 1 1 0 1 0 8 0 pffrag 232 4 0 1 1 0 1 1 0 482 0 pffrnode 88 4 0 1 1 0 1 1 0 8 0 pffrent 40 6 0 3 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 2 0 1 2 1 1 1 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 75 0 26 1 0 1 1 0 8 0 pfstkey 128 76 0 27 2 0 2 2 0 8 0 pfstate 376 76 0 27 5 0 5 5 0 8 0 pfrule 1344 110 0 103 2 1 1 2 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 640 0 169 33 1 32 32 0 8 2 art_table 32 642 0 169 5 0 5 5 0 8 1 art_node 16 153 0 50 1 0 1 1 0 8 0 sysvmsgpl 40 13 0 10 2 1 1 1 0 8 0 semapl 112 34 0 24 1 0 1 1 0 8 0 shmpl 112 20 0 2 1 0 1 1 0 8 0 dirhash 1024 25 0 8 3 0 3 3 0 8 0 dino2pl 256 3307 0 1804 95 0 95 95 0 8 0 ffsino 280 3307 0 1804 109 0 109 109 0 8 0 nchpl 144 4813 0 3123 64 0 64 64 0 8 0 rtmask 32 9 0 9 2 1 1 1 0 8 1 uvmvnodes 80 4045 0 0 83 0 83 83 0 8 0 vnodes 216 4045 0 0 225 0 225 225 0 8 0 namei 1024 16677 0 16677 4 3 1 2 0 8 1 percpumem 16 180 0 134 1 0 1 1 0 8 0 kstatmem 264 102 0 78 3 1 2 3 0 8 0 scsiplug 72 2 0 2 2 2 0 1 0 8 0 scxspl 216 14750 0 14750 10 9 1 8 1 8 1 plimitpl 152 229 0 211 1 0 1 1 0 8 0 sigapl 424 1430 0 1362 9 1 8 8 0 8 0 futexpl 64 14831 0 14829 1 0 1 1 0 8 0 knotepl 120 569 0 0 17 0 17 17 0 8 0 kqueuepl 216 408 0 399 6 5 1 5 0 8 0 pipepl 328 302 0 275 11 5 6 8 0 8 3 fdescpl 504 1390 0 1362 5 0 5 5 0 8 0 filepl 152 8779 0 8560 23 11 12 20 0 8 1 lockfpl 104 288 0 285 1 0 1 1 0 8 0 lockfspl 48 117 0 114 1 0 1 1 0 8 0 sessionpl 144 28 0 19 1 0 1 1 0 8 0 pgrppl 48 91 0 73 1 0 1 1 0 8 0 ucredpl 104 972 0 959 1 0 1 1 0 8 0 zombiepl 144 1585 0 1583 2 1 1 1 0 8 0 processpl 1176 1430 0 1362 6 0 6 6 0 8 0 procpl 656 3106 0 3033 8 0 8 8 0 8 0 srpgc 96 7 0 7 2 1 1 1 0 8 1 sosppl 168 8 0 8 2 2 0 1 0 8 0 sockpl 688 2034 0 2004 22 15 7 13 0 8 3 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl16k 16384 3 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 5 0 0 1 0 1 1 0 8 0 mcl4k 4096 114 0 0 15 0 15 15 0 8 0 mcl2k 2048 33 0 0 4 0 4 4 0 8 0 mtagpl 96 71 0 0 2 0 2 2 0 8 0 mbufpl 256 532 0 0 33 0 33 33 0 8 0 bufpl 280 4159 0 134 288 0 288 288 0 8 0 anonpl 24 193023 0 188130 61 20 41 56 0 184 0 amapchunkpl 152 38910 0 38432 35 9 26 30 0 158 0 amappl16 200 3709 0 3648 20 13 7 16 0 8 0 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 121 0 109 1 0 1 1 0 8 0 amappl13 176 32 0 31 1 0 1 1 0 8 0 amappl12 168 2070 0 2042 3 0 3 3 0 8 0 amappl11 160 55 0 41 1 0 1 1 0 8 0 amappl10 152 6 0 6 1 1 0 1 0 8 0 amappl9 144 248 0 248 1 1 0 1 0 8 0 amappl8 136 23 0 20 1 0 1 1 0 8 0 amappl7 128 116 0 104 1 0 1 1 0 8 0 amappl6 120 201 0 197 1 0 1 1 0 8 0 amappl5 112 148 0 137 1 0 1 1 0 8 0 amappl4 104 333 0 314 1 0 1 1 0 8 0 amappl3 96 7882 0 7789 4 0 4 4 0 8 0 amappl2 88 701 0 638 2 0 2 2 0 8 0 amappl1 80 11580 0 11014 14 0 14 14 0 8 0 amappl 88 11550 0 11401 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 2 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 22 0 2 1 0 1 1 0 8 0 uaddrrnd 24 1390 0 1362 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1390 0 1362 1 0 1 1 0 8 0 vmmpekpl 168 12972 0 12925 3 0 3 3 0 8 0 vmmpepl 168 90326 0 88581 100 12 88 96 0 357 0 vmsppl 456 1389 0 1362 6 1 5 5 0 8 0 rwobjpl 64 29498 0 24494 82 0 82 82 0 8 0 pdppl 4096 2788 0 2724 108 36 72 86 0 8 8 pvpl 32 16326 0 0 132 0 132 132 0 265 0 pmappl 248 1389 0 1362 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 328 0 58 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace bpfdetach(ffff8000013f7800) at bpfdetach+0x70 sys/net/bpf.c:1769 if_detach(ffff8000013f7800) at if_detach+0x153 sys/net/if.c:1194 tun_clone_destroy(ffff8000013f7800) at tun_clone_destroy+0x2d6 sys/net/if_tun.c:346 if_clone_destroy(ffff80003c5245c0) at if_clone_destroy+0x1d7 sys/net/if.c:1383 ifioctl(ffff800001493068,80206979,ffff80003c5245c0,ffff80002a3f99d8) at ifioctl+0x5c5 sys_ioctl(ffff80002a3f99d8,ffff80003c5247a0,ffff80003c5246f0) at sys_ioctl+0x5c3 syscall(ffff80003c5247a0) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c5247a0) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5f161925940, count: -8 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800029a9bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf sys/dev/kcov.c:149 reaper(ffff80002a2f8cd8) at reaper+0x24b sys/kern/kern_exit.c:481 end trace frame: 0x0, count: -5