kernel: protection fault trap, code=0 Stopped at pfi_ifhead_RB_REMOVE+0x50: movq 0x10(%r12),%rbx ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace pfi_ifhead_RB_REMOVE(ffffffff82923b98,ffff800000b7c200) at pfi_ifhead_RB_REMOVE+0x50 sys/net/pf_if.c:80 pfi_detach_ifgroup(ffff800000af6380) at pfi_detach_ifgroup+0x11b pfi_kif_unref sys/net/pf_if.c:211 [inline] pfi_detach_ifgroup(ffff800000af6380) at pfi_detach_ifgroup+0x11b sys/net/pf_if.c:304 if_delgroup(ffff800000ac8800,ffff800000af6380) at if_delgroup+0x193 sys/net/if.c:2711 if_detach(ffff800000ac8800) at if_detach+0x1cb sys/net/if.c:1049 tun_clone_destroy(ffff800000ac8800) at tun_clone_destroy+0x1e1 sys/net/if_tun.c:325 if_clone_destroy(ffff8000228cb8d0) at if_clone_destroy+0x136 sys/net/if.c:1212 tun_dev_close(5d01,7) at tun_dev_close+0x140 sys/net/if_tun.c:479 spec_close(ffff8000228cb9a0) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd806ed9e948,7,fffffd807f7b78a0,ffff80002123d7a0) at VOP_CLOSE+0xeb sys/kern/vfs_vops.c:177 vn_closefile(fffffd806c8d1c90,ffff80002123d7a0) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd806c8d1c90,ffff80002123d7a0) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614 fdrop(fffffd806c8d1c90,ffff80002123d7a0) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd806c8d1c90,ffff80002123d7a0) at closef+0x11c sys/kern/kern_descrip.c:1263 fdfree(ffff80002123d7a0) at fdfree+0xf4 sys/kern/kern_descrip.c:1195 exit1(ffff80002123d7a0,0,19,1) at exit1+0x335 sys/kern/kern_exit.c:200 postsig(ffff80002123d7a0,19) at postsig+0x59c sigexit sys/kern/kern_sig.c:1494 [inline] postsig(ffff80002123d7a0,19) at postsig+0x59c sys/kern/kern_sig.c:1423 userret(ffff80002123d7a0) at userret+0x189 sys/kern/kern_sig.c:1914 syscall(ffff8000228cbe20) at syscall+0x55c mi_syscall_return sys/sys/syscall_mi.h:129 [inline] syscall(ffff8000228cbe20) at syscall+0x55c sys/arch/amd64/amd64/trap.c:612 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe8880, count: -18 ddb{0}> show registers rdi 0xffffffff82923b98 pfi_ifs rsi 0xffff800000b7c200 rbp 0xffff8000228cb730 rbx 0xdeadbeefdeadbeef rdx 0 rcx 0xffff800000af6900 rax 0xffff800000b7c210 r8 0xf8 r9 0x8080808080808080 r10 0x5fd55589e79d80ad r11 0xde8ce247e8e2dcf3 r12 0xdeadbeefdeadbeef r13 0xffff800000afb220 r14 0xffff800000b7c200 r15 0xffffffff82923b98 pfi_ifs rip 0xffffffff81b32220 pfi_ifhead_RB_REMOVE+0x50 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff8000228cb6d0 ss 0x10 pfi_ifhead_RB_REMOVE+0x50: movq 0x10(%r12),%rbx ddb{0}> show proc PROC (syz-executor.1) pid=53109 stat=onproc flags process=a proc=2000 pri=32, usrpri=76, nice=20 forw=0xffffffffffffffff, list=0xffff80002123da40,0xffff80002123c550 process=0xffff800021234cb8 user=0xffff8000228c6000, vmspace=0xfffffd807effa5c0 estcpu=36, cpticks=2, pctcpu=0.87 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 93748 514495 29233 0 7 0 syz-executor.0 16302 149509 1 0 3 0x100083 ttyin getty 42959 240068 0 0 3 0x14280 nfsidl nfsio 79316 338999 0 0 3 0x14280 nfsidl nfsio 33459 7657 0 0 3 0x14280 nfsidl nfsio 66152 502840 0 0 3 0x14280 nfsidl nfsio 42913 312363 0 0 3 0x14280 nfsidl nfsio 57013 472921 0 0 3 0x14280 nfsidl nfsio 8827 351499 0 0 3 0x14280 nfsidl nfsio 43374 240276 0 0 3 0x14280 nfsidl nfsio 18321 153945 0 0 3 0x14280 nfsidl nfsio 56878 104233 0 0 3 0x14280 nfsidl nfsio 23607 504347 0 0 3 0x14280 nfsidl nfsio 32891 112340 0 0 3 0x14280 nfsidl nfsio 14350 167880 0 0 3 0x14280 nfsidl nfsio 17387 206504 0 0 3 0x14280 nfsidl nfsio 84486 461933 0 0 3 0x14280 nfsidl nfsio 32807 259725 0 0 3 0x14280 nfsidl nfsio 73453 467031 0 0 3 0x14280 nfsidl nfsio 58634 516746 0 0 3 0x14280 nfsidl nfsio 472 290884 0 0 3 0x14280 nfsidl nfsio 8250 120188 0 0 3 0x14280 nfsidl nfsio 29233 108969 48410 0 2 0x2 syz-executor.0 48410 202792 63203 0 3 0x82 thrsleep syz-fuzzer 48410 155606 63203 0 3 0x4000082 thrsleep syz-fuzzer 48410 121645 63203 0 3 0x4000082 kqread syz-fuzzer 48410 3206 63203 0 3 0x4000082 thrsleep syz-fuzzer 48410 304256 63203 0 3 0x4000082 thrsleep syz-fuzzer 48410 278330 63203 0 3 0x4000082 thrsleep syz-fuzzer 48410 124176 63203 0 3 0x4000082 thrsleep syz-fuzzer 48410 232112 63203 0 3 0x4000082 thrsleep syz-fuzzer 63203 499179 91966 0 3 0x10008a sigsusp ksh 91966 313615 89405 0 3 0x92 select sshd 89405 303174 1 0 3 0x80 select sshd 10413 265496 55326 74 3 0x100092 bpf pflogd 55326 342820 1 0 3 0x80 netio pflogd 96555 291119 46923 73 3 0x100090 kqread syslogd 46923 88204 1 0 3 0x100082 netio syslogd 54068 75480 1 77 3 0x100090 poll dhclient 14473 496704 1 0 3 0x80 poll dhclient 63210 326741 0 0 3 0x14200 bored smr 39513 68912 0 0 2 0x14200 zerothread 19949 222271 0 0 3 0x14200 aiodoned aiodoned 20575 388196 0 0 3 0x14200 syncer update 51645 58416 0 0 3 0x14200 cleaner cleaner 50398 315206 0 0 3 0x14200 reaper reaper 13128 368136 0 0 3 0x14200 pgdaemon pagedaemon 9903 417764 0 0 3 0x14200 bored crynlk 56813 196507 0 0 3 0x14200 bored crypto 31430 12393 0 0 3 0x14200 bored viomb 78836 31749 0 0 3 0x40014200 acpi0 acpi0 36232 342737 0 0 3 0x40014200 idle1 80659 219567 0 0 3 0x14200 bored softnet 87260 369222 0 0 2 0x14200 systqmp 80039 519597 0 0 3 0x14200 bored systq 68003 426993 0 0 3 0x40014200 bored softclock 45873 157800 0 0 3 0x40014200 idle0 1 13764 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9506 6433K 7062K 78643K 12679 0 pcb 13 8K 8K 78643K 100 0 rtable 84 2K 5K 78643K 387 0 ifaddr 53 11K 12K 78643K 126 0 counters 44 34K 34K 78643K 68 0 ioctlops 0 0K 4K 78643K 1527 0 iov 0 0K 12K 78643K 44 0 mount 1 1K 1K 78643K 1 0 vnodes 1222 77K 77K 78643K 1969 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 42 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 117 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 5 13K 25K 78643K 2409 0 sigio 0 0K 0K 78643K 5 0 proc 70 63K 95K 78643K 661 0 subproc 23 1K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 179 0 in_multi 22 1K 2K 78643K 87 0 ether_multi 1 0K 0K 78643K 24 0 mrt 0 0K 0K 78643K 26 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 2K 78643K 420 0 pfkey data 0 0K 0K 78643K 5 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 153 283K 283K 78643K 6139 0 UVM aobj 52 2K 2K 78643K 52 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 50 0 NDP 9 0K 0K 78643K 27 0 temp 123 3982K 4099K 78643K 16173 0 kqueue 3 4K 12K 78643K 95 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 4 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 120 35 0 33 1 0 1 1 0 8 0 rtentry 112 60 0 27 2 0 2 2 0 8 0 unpcb 120 471 0 461 1 0 1 1 0 8 0 syncache 296 52 0 52 2 2 0 1 0 8 0 tcpqe 32 35 0 35 2 2 0 1 0 8 0 tcpcb 736 457 0 449 11 8 3 6 0 8 2 inpcb 296 911 0 904 3 1 2 2 0 8 1 rttmr 72 4 0 4 1 0 1 1 0 8 1 nd6 48 9 0 6 1 0 1 1 0 8 0 pkpcb 40 5 0 5 1 1 0 1 0 8 0 kcovpl 48 3 0 2 1 0 1 1 0 8 0 swfcl 56 14 0 0 1 0 1 1 0 8 0 ppxss 1128 7 0 7 1 1 0 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 24 0 24 1 1 0 1 0 8 0 pfstitem 24 23 0 15 1 0 1 1 0 8 0 pfstkey 112 23 0 15 1 0 1 1 0 8 0 pfstate 328 23 0 15 2 1 1 2 0 8 0 pfrule 1360 37 0 32 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 236 0 52 12 0 12 12 0 8 0 art_table 32 237 0 52 2 0 2 2 0 8 0 art_node 16 59 0 23 1 0 1 1 0 8 0 sysvmsgpl 40 49 0 12 1 0 1 1 0 8 0 semupl 112 9 0 9 1 1 0 1 0 8 0 semapl 112 115 0 105 1 0 1 1 0 8 0 shmpl 112 49 0 0 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 4557 0 3153 90 2 88 89 0 8 0 ffsino 272 4557 0 3153 95 0 95 95 0 8 0 nchpl 144 7627 0 6030 60 0 60 60 0 8 0 uvmvnodes 72 5116 0 0 94 0 94 94 0 8 0 vnodes 224 5116 0 0 301 0 301 301 0 8 0 namei 1024 18688 0 18688 2 1 1 1 0 8 1 percpumem 16 45 0 12 1 0 1 1 0 8 0 vcpupl 1984 17 0 0 3 0 3 3 0 8 0 vmpool 560 17 0 0 2 0 2 2 0 8 0 pfiaddrpl 120 8 0 8 1 1 0 1 0 8 0 scxspl 216 21904 0 21904 10 9 1 8 0 8 1 plimitpl 152 93 0 85 1 0 1 1 0 8 0 sigapl 424 2644 0 2592 6 0 6 6 0 8 0 futexpl 56 15334 0 15334 2 1 1 1 0 8 1 knotepl 112 185 0 167 1 0 1 1 0 8 0 kqueuepl 168 986 0 984 1 0 1 1 0 8 0 pipepl 336 155 0 145 3 2 1 2 0 8 0 fdescpl 496 2608 0 2592 3 0 3 3 0 8 0 filepl 152 8379 0 8288 5 0 5 5 0 8 0 lockfpl 104 207 0 206 1 0 1 1 0 8 0 lockfspl 48 87 0 86 1 0 1 1 0 8 0 sessionpl 144 20 0 9 1 0 1 1 0 8 0 pgrppl 48 24 0 13 1 0 1 1 0 8 0 ucredpl 96 1101 0 1092 1 0 1 1 0 8 0 zombiepl 144 2593 0 2592 2 1 1 1 0 8 0 processpl 1080 2644 0 2592 4 0 4 4 0 8 0 procpl 672 5411 0 5352 6 0 6 6 0 8 0 sockpl 432 1423 0 1404 4 0 4 4 0 8 1 mcl64k 65536 18 0 0 3 0 3 3 0 8 0 mcl16k 16384 7 0 0 1 0 1 1 0 8 0 mcl12k 12288 4 0 0 1 0 1 1 0 8 0 mcl9k 9216 4 0 0 1 0 1 1 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 3 0 0 1 0 1 1 0 8 0 mcl2k2 2112 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 177 0 0 18 1 17 17 0 8 0 mtagpl 96 142 0 0 4 0 4 4 0 8 0 mbufpl 256 519 0 0 28 0 28 28 0 8 0 bufpl 280 6240 0 189 433 0 433 433 0 8 0 anonpl 24 174901 0 170119 34 1 33 33 0 186 1 amapchunkpl 152 9121 0 8948 9 1 8 8 0 158 0 amappl16 200 6912 0 6731 13 1 12 12 0 8 2 amappl15 192 1 0 0 1 0 1 1 0 8 0 amappl14 184 23 0 19 1 0 1 1 0 8 0 amappl13 176 46 0 42 1 0 1 1 0 8 0 amappl12 168 13 0 10 1 0 1 1 0 8 0 amappl11 160 73 0 56 1 0 1 1 0 8 0 amappl10 152 2392 0 2385 1 0 1 1 0 8 0 amappl9 144 281 0 281 1 1 0 1 0 8 0 amappl8 136 188 0 133 2 0 2 2 0 8 0 amappl7 128 256 0 248 1 0 1 1 0 8 0 amappl6 120 2429 0 2417 1 0 1 1 0 8 0 amappl5 112 2803 0 2783 1 0 1 1 0 8 0 amappl4 104 289 0 263 1 0 1 1 0 8 0 amappl3 96 176 0 167 1 0 1 1 0 8 0 amappl2 88 20138 0 20079 3 1 2 3 0 8 0 amappl1 80 79227 0 78782 26 14 12 21 0 8 0 amappl 88 5669 0 5607 2 0 2 2 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 51 0 0 1 0 1 1 0 8 0 uaddrrnd 24 2625 0 2592 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2625 0 2592 1 0 1 1 0 8 0 vmmpekpl 168 16059 0 16022 2 0 2 2 0 8 0 vmmpepl 168 328019 0 326647 88 19 69 76 0 357 2 vmsppl 368 2624 0 2592 5 1 4 4 0 8 1 rwobjpl 56 67651 0 66775 25 11 14 19 0 8 1 pdppl 4096 5257 0 5201 71 13 58 59 0 8 2 pvpl 32 926570 0 918737 128 54 74 117 0 265 5 pmappl 232 2624 0 2592 2 0 2 2 0 8 0 extentpl 40 58 0 40 1 0 1 1 0 8 0 phpool 112 352 0 31 10 0 10 10 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace pfi_ifhead_RB_REMOVE(ffffffff82923b98,ffff800000b7c200) at pfi_ifhead_RB_REMOVE+0x50 sys/net/pf_if.c:80 pfi_detach_ifgroup(ffff800000af6380) at pfi_detach_ifgroup+0x11b pfi_kif_unref sys/net/pf_if.c:211 [inline] pfi_detach_ifgroup(ffff800000af6380) at pfi_detach_ifgroup+0x11b sys/net/pf_if.c:304 if_delgroup(ffff800000ac8800,ffff800000af6380) at if_delgroup+0x193 sys/net/if.c:2711 if_detach(ffff800000ac8800) at if_detach+0x1cb sys/net/if.c:1049 tun_clone_destroy(ffff800000ac8800) at tun_clone_destroy+0x1e1 sys/net/if_tun.c:325 if_clone_destroy(ffff8000228cb8d0) at if_clone_destroy+0x136 sys/net/if.c:1212 tun_dev_close(5d01,7) at tun_dev_close+0x140 sys/net/if_tun.c:479 spec_close(ffff8000228cb9a0) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd806ed9e948,7,fffffd807f7b78a0,ffff80002123d7a0) at VOP_CLOSE+0xeb sys/kern/vfs_vops.c:177 vn_closefile(fffffd806c8d1c90,ffff80002123d7a0) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd806c8d1c90,ffff80002123d7a0) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614 fdrop(fffffd806c8d1c90,ffff80002123d7a0) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd806c8d1c90,ffff80002123d7a0) at closef+0x11c sys/kern/kern_descrip.c:1263 fdfree(ffff80002123d7a0) at fdfree+0xf4 sys/kern/kern_descrip.c:1195 exit1(ffff80002123d7a0,0,19,1) at exit1+0x335 sys/kern/kern_exit.c:200 postsig(ffff80002123d7a0,19) at postsig+0x59c sigexit sys/kern/kern_sig.c:1494 [inline] postsig(ffff80002123d7a0,19) at postsig+0x59c sys/kern/kern_sig.c:1423 userret(ffff80002123d7a0) at userret+0x189 sys/kern/kern_sig.c:1914 syscall(ffff8000228cbe20) at syscall+0x55c mi_syscall_return sys/sys/syscall_mi.h:129 [inline] syscall(ffff8000228cbe20) at syscall+0x55c sys/arch/amd64/amd64/trap.c:612 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe8880, count: -18 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020d68ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff828bda60) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828bda60) at __mp_lock+0x133 sys/kern/kern_lock.c:147 upageflttrap(ffff800021218b20,7f7ffffc6608) at upageflttrap+0x77 sys/arch/amd64/amd64/trap.c:180 usertrap(ffff800021218b20) at usertrap+0x21a sys/arch/amd64/amd64/trap.c:406 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffc6630, count: -7