H+@Kq:Qu.4b$pˇqWCEFhb] 283@թ“"Hr;I:F,-zi&kernel: protection fault trap, code=0 Stopped at pfi_ifhead_RB_REMOVE+0x58: movq 0x10(%r15),%rbx ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace pfi_ifhead_RB_REMOVE(ffffffff8239fac8,ffff800000a10500) at pfi_ifhead_RB_REMOVE+0x58 sys/net/pf_if.c:80 pfi_detach_ifnet(ffff800000a03800) at pfi_detach_ifnet+0x11e pfi_kif_unref sys/net/pf_if.c:199 [inline] pfi_detach_ifnet(ffff800000a03800) at pfi_detach_ifnet+0x11e sys/net/pf_if.c:257 if_detach(ffff800000a03800) at if_detach+0x15d sys/net/if.c:1118 tun_clone_destroy(ffff800000a03800) at tun_clone_destroy+0x1cd sys/net/if_tun.c:278 spec_close(ffff800022e37bd8) at spec_close+0x3b0 sys/kern/spec_vnops.c:553 VOP_CLOSE(fffffd807d99b070,1,fffffd807f7c68a0,ffff800020b38c48) at VOP_CLOSE+0x64 sys/kern/vfs_vops.c:174 vn_closefile(fffffd80675f0ef0,ffff800020b38c48) at vn_closefile+0x14b vn_close sys/kern/vfs_vnops.c:289 [inline] vn_closefile(fffffd80675f0ef0,ffff800020b38c48) at vn_closefile+0x14b sys/kern/vfs_vnops.c:575 fdrop(fffffd80675f0ef0,ffff800020b38c48) at fdrop+0xc9 sys/kern/kern_descrip.c:1260 closef(fffffd80675f0ef0,ffff800020b38c48) at closef+0x11d sys/kern/kern_descrip.c:1244 fdrelease(ffff800020b38c48,3) at fdrelease+0xb4 sys/kern/kern_descrip.c:744 sys_close(ffff800020b38c48,ffff800022e37e28,ffff800022e37e90) at sys_close+0xa8 sys/kern/kern_descrip.c:762 syscall(ffff800022e37f00) at syscall+0x552 mi_syscall sys/sys/syscall_mi.h:90 [inline] syscall(ffff800022e37f00) at syscall+0x552 sys/arch/amd64/amd64/trap.c:554 Xsyscall(6,0,fffffffffffffed5,0,1,857e046f010) at Xsyscall+0x128 end of kernel end trace frame: 0x85a481ab100, count: -13 ddb{0}> show registers rdi 0xffffffff81f2641b pfi_ifhead_RB_REMOVE+0x2b rsi 0x8c8 rbp 0xffff800022e37a60 rbx 0xdeadbeefdeadbeef rdx 0x8c9 rcx 0xffff800020c14000 rax 0xffff800000a10510 r8 0xffffffff8149b69b refcnt_rele_wake+0x3b r9 0x5 r10 0x1 r11 0x1b0786b88f72f550 r12 0xffffffff8239fac8 pfi_ifs r13 0 r14 0xffff800000a10500 r15 0xdeadbeefdeadbeef rip 0xffffffff81f26448 pfi_ifhead_RB_REMOVE+0x58 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff800022e37a00 ss 0x10 pfi_ifhead_RB_REMOVE+0x58: movq 0x10(%r15),%rbx ddb{0}> show proc PROC (syz-executor.0) pid=315231 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020b39d58,0xffffffff823973a8 process=0xffff800020b8da98 user=0xffff800022e32000, vmspace=0xfffffd807effe5c0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 86650 340755 4988 0 7 0 syz-executor.0 *86650 315231 4988 0 7 0x4000000 syz-executor.0 55488 321556 1 0 3 0x100083 ttyin getty 1868 200052 0 0 3 0x14200 bored sosplice 18187 312800 75597 0 3 0x82 nanosleep syz-executor.1 4988 280068 75597 0 3 0x82 nanosleep syz-executor.0 75597 143352 11348 0 3 0x82 thrsleep syz-fuzzer 75597 134619 11348 0 3 0x4000082 thrsleep syz-fuzzer 75597 343346 11348 0 3 0x4000082 thrsleep syz-fuzzer 75597 16637 11348 0 3 0x4000082 thrsleep syz-fuzzer 75597 184903 11348 0 3 0x4000082 thrsleep syz-fuzzer 75597 288393 11348 0 3 0x4000082 thrsleep syz-fuzzer 75597 130047 11348 0 3 0x4000082 thrsleep syz-fuzzer 75597 324336 11348 0 3 0x4000082 kqread syz-fuzzer 75597 33802 11348 0 3 0x4000082 thrsleep syz-fuzzer 75597 285831 11348 0 3 0x4000082 thrsleep syz-fuzzer 11348 348721 76979 0 3 0x10008a pause ksh 76979 387480 12741 0 3 0x92 select sshd 12741 269204 1 0 3 0x80 select sshd 86408 228617 17142 74 3 0x100092 bpf pflogd 17142 66610 1 0 3 0x80 netio pflogd 80465 157294 43701 73 3 0x100090 kqread syslogd 43701 79707 1 0 3 0x100082 netio syslogd 2824 234357 1 77 3 0x100090 poll dhclient 80282 317655 1 0 3 0x80 poll dhclient 71603 174949 0 0 3 0x14200 pgzero zerothread 51995 376081 0 0 3 0x14200 aiodoned aiodoned 50470 394249 0 0 3 0x14200 syncer update 30333 57963 0 0 3 0x14200 cleaner cleaner 56742 74732 0 0 3 0x14200 reaper reaper 4331 67545 0 0 3 0x14200 pgdaemon pagedaemon 83379 101271 0 0 3 0x14200 bored crynlk 80341 267297 0 0 3 0x14200 bored crypto 80818 298318 0 0 3 0x40014200 acpi0 acpi0 29031 400309 0 0 3 0x40014200 idle1 97088 185968 0 0 2 0x14200 softnet 16010 414925 0 0 3 0x14200 bored systqmp 42245 256524 0 0 3 0x14200 bored systq 9556 42325 0 0 3 0x40014200 bored softclock 34599 277750 0 0 3 0x40014200 idle0 45194 508109 0 0 3 0x14200 bored smr 1 150822 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 86650 (syz-executor.0) thread 0xffff800020b38c48 (315231) exclusive rwlock netlock r = 0 (0xffffffff8220ae58) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 if_detach+0x75 sys/net/if.c:1089 #2 tun_clone_destroy+0x1cd sys/net/if_tun.c:278 #3 spec_close+0x3b0 sys/kern/spec_vnops.c:553 #4 VOP_CLOSE+0x64 sys/kern/vfs_vops.c:174 #5 vn_closefile+0x14b vn_close sys/kern/vfs_vnops.c:289 [inline] #5 vn_closefile+0x14b sys/kern/vfs_vnops.c:575 #6 fdrop+0xc9 sys/kern/kern_descrip.c:1260 #7 closef+0x11d sys/kern/kern_descrip.c:1244 #8 fdrelease+0xb4 sys/kern/kern_descrip.c:744 #9 sys_close+0xa8 sys/kern/kern_descrip.c:762 #10 syscall+0x552 mi_syscall sys/sys/syscall_mi.h:90 [inline] #10 syscall+0x552 sys/arch/amd64/amd64/trap.c:554 #11 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 1 (0xffffffff8234a3b0) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 syscall+0x412 mi_syscall sys/sys/syscall_mi.h:81 [inline] #1 syscall+0x412 sys/arch/amd64/amd64/trap.c:554 #2 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9515 6429K 7061K 78643K 13436 0 0 pcb 25 9K 11K 78643K 576 0 0 rtable 112 4K 5K 78643K 393 0 0 ifaddr 57 13K 14K 78643K 142 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 4K 78643K 1519 0 0 iov 0 0K 24K 78643K 108 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1203 76K 76K 78643K 2234 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 15 0 0 VM map 2 1K 1K 78643K 2 0 0 sem 12 1K 1K 78643K 137 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12765 0 0 file desc 5 13K 25K 78643K 1102 0 0 sigio 0 0K 0K 78643K 10 0 0 proc 54 51K 83K 78643K 472 0 0 subproc 32 2K 2K 78643K 34 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 107 0 0 in_multi 33 2K 2K 78643K 65 0 0 ether_multi 1 0K 0K 78643K 6 0 0 mrt 0 0K 0K 78643K 12 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 72 318K 318K 78643K 72 0 0 exec 0 0K 1K 78643K 282 0 0 pfkey data 0 0K 0K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 94 21K 30K 78643K 4486 0 0 UVM aobj 46 2K 2K 78643K 56 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 48 0 0 NDP 12 0K 0K 78643K 37 0 0 temp 162 2733K 2861K 78643K 6657 0 0 kqueue 0 0K 0K 78643K 4 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 inpcbpl 280 512 0 505 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtentry 112 49 0 5 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 77 0 77 1 1 0 1 0 8 0 tcpcb 544 165 0 161 1 0 1 1 0 8 0 rttmr 72 3 0 3 3 2 1 1 0 8 1 nd6 48 6 0 0 1 0 1 1 0 8 0 ppxss 1128 19 0 19 3 2 1 1 0 8 1 pfosfp 40 846 0 846 5 5 0 5 0 8 0 pfosfpen 112 1428 0 1428 21 21 0 21 0 8 0 pfstitem 24 18 0 8 1 0 1 1 0 8 0 pfstkey 112 18 0 8 1 0 1 1 0 8 0 pfstate 328 18 0 8 2 0 2 2 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 189 0 0 12 0 12 12 0 8 0 art_table 32 190 0 0 2 0 2 2 0 8 0 art_node 16 47 0 7 1 0 1 1 0 8 0 sysvmsgpl 40 3 0 0 1 0 1 1 0 8 0 semapl 112 135 0 125 1 0 1 1 0 8 0 shmpl 112 54 0 10 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 3195 0 1769 47 0 47 47 0 8 0 ffsino 272 3195 0 1769 96 0 96 96 0 8 0 nchpl 144 4917 0 3272 62 0 62 62 0 8 0 uvmvnodes 72 3925 0 0 72 0 72 72 0 8 0 vnodes 200 3925 0 0 207 0 207 207 0 8 0 namei 1024 14634 0 14634 2 1 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 scxspl 192 14437 0 14437 15 12 3 6 0 8 3 plimitpl 152 53 0 45 1 0 1 1 0 8 0 sigapl 432 1304 0 1289 3 1 2 3 0 8 0 futexpl 56 13478 0 13478 1 0 1 1 0 8 1 knotepl 112 230 0 211 1 0 1 1 0 8 0 kqueuepl 104 242 0 240 1 0 1 1 0 8 0 pipepl 112 872 0 853 5 4 1 2 0 8 0 fdescpl 488 1305 0 1289 3 0 3 3 0 8 0 filepl 152 7631 0 7531 8 3 5 7 0 8 1 lockfpl 104 397 0 397 2 1 1 1 0 8 1 lockfspl 48 146 0 146 2 1 1 1 0 8 1 sessionpl 112 20 0 9 1 0 1 1 0 8 0 pgrppl 48 40 0 29 1 0 1 1 0 8 0 ucredpl 96 1513 0 1504 1 0 1 1 0 8 0 zombiepl 144 1289 0 1288 2 1 1 1 0 8 0 processpl 848 1321 0 1288 4 0 4 4 0 8 0 procpl 624 3683 0 3640 4 0 4 4 0 8 0 srpgc 64 3 0 3 3 2 1 1 0 8 1 sosppl 128 15 0 15 6 5 1 1 0 8 1 sockpl 384 990 0 971 5 2 3 4 0 8 1 mcl64k 65536 5 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 10 0 0 1 0 1 1 0 8 0 mcl9k 9216 5 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 6 0 0 1 0 1 1 0 8 0 mcl2k2 2112 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 138 0 0 17 0 17 17 0 8 0 mtagpl 80 2 0 0 1 0 1 1 0 8 0 mbufpl 256 168 0 0 10 0 10 10 0 8 0 bufpl 256 8807 0 1799 439 0 439 439 0 8 0 anonpl 16 115147 0 104334 67 15 52 58 0 125 6 amapchunkpl 152 7261 0 7142 16 6 10 10 0 158 3 amappl16 192 5834 0 5255 44 10 34 40 0 8 3 amappl14 176 563 0 559 2 1 1 1 0 8 0 amappl13 168 545 0 543 1 0 1 1 0 8 0 amappl12 160 9 0 7 1 0 1 1 0 8 0 amappl11 152 54 0 36 1 0 1 1 0 8 0 amappl10 144 74 0 70 1 0 1 1 0 8 0 amappl9 136 598 0 595 1 0 1 1 0 8 0 amappl8 128 148 0 134 1 0 1 1 0 8 0 amappl7 120 35 0 31 1 0 1 1 0 8 0 amappl6 112 63 0 53 1 0 1 1 0 8 0 amappl5 104 126 0 111 1 0 1 1 0 8 0 amappl4 96 1482 0 1454 2 1 1 2 0 8 0 amappl3 88 743 0 732 1 0 1 1 0 8 0 amappl2 80 9528 0 9459 4 2 2 3 0 8 0 amappl1 72 37833 0 37397 25 15 10 20 0 8 0 amappl 80 3939 0 3899 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 55 0 10 1 0 1 1 0 8 0 uaddrrnd 24 1305 0 1289 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1305 0 1289 1 0 1 1 0 8 0 vmmpekpl 168 14635 0 14607 2 0 2 2 0 8 0 vmmpepl 168 162211 0 160542 106 24 82 92 0 357 7 vmsppl 368 1304 0 1289 2 0 2 2 0 8 0 pdppl 4096 2618 0 2578 6 0 6 6 0 8 0 pvpl 32 352145 0 338135 162 28 134 145 0 265 19 pmappl 232 1304 0 1289 2 1 1 2 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 601 0 4 18 0 18 18 0 8 0