kernel: protection fault trap, code=0 Stopped at tun_enqueue+0x52: movl 0x6f4(%r15),%r12d ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace tun_enqueue(ffff800000d76800,fffffd805aba0300) at tun_enqueue+0x52 tun_wakeup sys/net/if_tun.c:656 [inline] tun_enqueue(ffff800000d76800,fffffd805aba0300) at tun_enqueue+0x52 sys/net/if_tun.c:648 ether_output(ffff800000d76800,fffffd805aba0300,ffff800021194000,0) at ether_output+0xb7 sys/net/if_ethersubr.c:369 bpfwrite(41700,ffff800021194420,11) at bpfwrite+0x266 sys/net/bpf.c:663 spec_write(ffff800021194200) at spec_write+0xd4 sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd8066fe8e88,ffff800021194420,11,fffffd807f7d7e40) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 vn_write(fffffd8066358c00,ffff800021194420,0) at vn_write+0x157 sys/kern/vfs_vnops.c:414 dofilewritev(ffff8000ffff6010,b,ffff800021194420,0,ffff800021194520) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_writev(ffff8000ffff6010,ffff8000211944c0,ffff800021194520) at sys_writev+0xa7 sys/kern/sys_generic.c:328 syscall(ffff800021194590) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800021194590) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff4180, count: -10 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff800021193f80 rbx 0xfffffd805aba0300 rdx 0 rcx 0 rax 0xffff8000ffff6010 r8 0xffff800021193f98 r9 0 r10 0x886ab996b152d444 r11 0x406f7a42dda127cd r12 0xffff800000d76ab0 r13 0xffff800021194000 r14 0 r15 0xdead0002dead4110 rip 0xffffffff81375ac2 tun_enqueue+0x52 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800021193f50 ss 0x10 tun_enqueue+0x52: movl 0x6f4(%r15),%r12d ddb{0}> show proc PROC (dhcpleased) pid=35562 stat=onproc flags process=100012 proc=0 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff7510,0xffff8000ffff77c0 process=0xffff8000ffffa998 user=0xffff80002118f000, vmspace=0xfffffd800874ab80 estcpu=0, cpticks=0, pctcpu=1.1 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 616 327909 81075 0 2 0 syz-executor.4 77283 481516 87663 0 2 0 syz-executor.1 77283 173494 87663 0 3 0x4000080 fsleep syz-executor.1 1383 489336 32987 0 2 0 syz-executor.3 1383 154129 32987 0 3 0x4000080 fsleep syz-executor.3 16017 59679 20277 0 2 0 syz-executor.0 25165 196545 14781 0 7 0 syz-executor.7 25165 357431 14781 0 2 0x4000000 syz-executor.7 79573 123383 85797 0 2 0 syz-executor.2 79573 200089 85797 0 2 0x4000000 syz-executor.2 21287 136557 88393 0 2 0 syz-executor.6 21287 191371 88393 0 3 0x4000080 fsleep syz-executor.6 21287 37518 88393 0 3 0x4000080 fsleep syz-executor.6 64390 99216 74468 0 2 0 syz-executor.5 64390 99553 74468 0 2 0x4000000 syz-executor.5 87663 174978 29718 0 3 0x82 nanoslp syz-executor.1 14781 157164 29718 0 3 0x82 nanoslp syz-executor.7 85797 429520 29718 0 3 0x82 nanoslp syz-executor.2 20277 213959 29718 0 3 0x82 nanoslp syz-executor.0 74468 336134 29718 0 2 0x2 syz-executor.5 90894 257875 0 0 3 0x14280 nfsidl nfsio 10280 163218 0 0 3 0x14280 nfsidl nfsio 7601 182876 0 0 3 0x14280 nfsidl nfsio 1595 321615 0 0 3 0x14280 nfsidl nfsio 28944 404313 0 0 3 0x14280 nfsidl nfsio 90760 105907 0 0 3 0x14280 nfsidl nfsio 39984 92051 0 0 3 0x14280 nfsidl nfsio 70501 305812 0 0 3 0x14280 nfsidl nfsio 44982 190413 0 0 3 0x14280 nfsidl nfsio 35521 508305 0 0 3 0x14280 nfsidl nfsio 59755 269882 0 0 3 0x14280 nfsidl nfsio 58619 359664 0 0 3 0x14280 nfsidl nfsio 74734 469914 0 0 3 0x14280 nfsidl nfsio 6009 487053 0 0 3 0x14280 nfsidl nfsio 21149 521676 0 0 3 0x14280 nfsidl nfsio 23546 316471 0 0 3 0x14280 nfsidl nfsio 39886 448888 0 0 3 0x14280 nfsidl nfsio 39720 209148 0 0 3 0x14280 nfsidl nfsio 45903 159818 0 0 3 0x14280 nfsidl nfsio 78030 50973 0 0 3 0x14280 nfsidl nfsio 32987 222603 29718 0 3 0x82 nanoslp syz-executor.3 88393 5102 29718 0 3 0x82 nanoslp syz-executor.6 94345 511836 0 0 3 0x14200 acct acct 34724 408949 0 0 3 0x14200 bored sosplice 81075 292630 29718 0 2 0x482 syz-executor.4 29718 52265 39198 0 3 0x82 kqread syz-fuzzer 29718 75164 39198 0 3 0x4000082 nanoslp syz-fuzzer 29718 455137 39198 0 3 0x4000082 thrsleep syz-fuzzer 29718 516433 39198 0 3 0x4000082 thrsleep syz-fuzzer 29718 127635 39198 0 3 0x4000082 thrsleep syz-fuzzer 29718 173408 39198 0 3 0x4000082 thrsleep syz-fuzzer 29718 459214 39198 0 3 0x4000082 thrsleep syz-fuzzer 29718 9447 39198 0 3 0x4000082 thrsleep syz-fuzzer 29718 473871 39198 0 3 0x4000082 thrsleep syz-fuzzer 39198 121860 35215 0 3 0x10008a sigsusp ksh 35215 216072 20428 0 3 0x9a kqread sshd 62364 492646 1 0 3 0x100083 ttyin getty 20428 425606 1 0 3 0x88 kqread sshd 17455 190558 34121 74 3 0x1100092 bpf pflogd 34121 303099 1 0 3 0x80 netio pflogd 38537 432267 749 73 3 0x1100090 kqread syslogd 749 188095 1 0 3 0x100082 netio syslogd 62611 95769 1 0 3 0x100080 kqread resolvd * 7769 35562 16023 77 7 0x100012 dhcpleased 65663 163668 16023 77 3 0x100092 kqread dhcpleased 16023 100794 1 0 3 0x80 kqread dhcpleased 55903 508768 0 0 3 0x14200 bored smr 71480 30467 0 0 2 0x14200 zerothread 85479 212302 0 0 3 0x14200 aiodoned aiodoned 61775 102970 0 0 3 0x14200 syncer update 51834 48283 0 0 3 0x14200 cleaner cleaner 73541 264093 0 0 3 0x14200 reaper reaper 64293 430203 0 0 3 0x14200 pgdaemon pagedaemon 27484 195704 0 0 3 0x14200 bored viomb 85539 491011 0 0 3 0x40014200 acpi0 acpi0 35729 403941 0 0 3 0x40014200 idle1 89147 468034 0 0 3 0x14200 bored softnet 17735 364896 0 0 3 0x14200 bored softnet 43563 301602 0 0 3 0x14200 bored softnet 81614 318111 0 0 3 0x14200 bored softnet 59701 511777 0 0 3 0x14200 bored systqmp 5664 151478 0 0 3 0x14200 bored systq 47260 105436 0 0 3 0x40014200 bored softclock 75576 273863 0 0 3 0x40014200 idle0 1 19029 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 7769 (dhcpleased) thread 0xffff8000ffff6010 (35562) exclusive rwlock netlock r = 0 (0xffffffff8290cd40) #0 witness_lock+0x44d #1 bpfwrite+0x24b sys/net/bpf.c:663 #2 spec_write+0xd4 sys/kern/spec_vnops.c:309 #3 VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 #4 vn_write+0x157 sys/kern/vfs_vnops.c:414 #5 dofilewritev+0x19c sys/kern/sys_generic.c:381 #6 sys_writev+0xa7 sys/kern/sys_generic.c:328 #7 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #7 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #8 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82b3ee50) #0 witness_lock+0x44d #1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227 #2 mi_switch+0x3d3 sys/kern/sched_bsd.c:416 #3 preempt+0x5a sys/kern/sched_bsd.c:310 #4 uiomove+0x1b4 sys/kern/kern_subr.c:80 #5 bpf_movein+0x2bc sys/net/bpf.c:236 #6 bpfwrite+0x175 sys/net/bpf.c:646 #7 spec_write+0xd4 sys/kern/spec_vnops.c:309 #8 VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 #9 vn_write+0x157 sys/kern/vfs_vnops.c:414 #10 dofilewritev+0x19c sys/kern/sys_generic.c:381 #11 sys_writev+0xa7 sys/kern/sys_generic.c:328 #12 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #12 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #13 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10218 6514K 7306K 78643K 21163 0 pcb 15 15K 17K 78643K 765 0 rtable 183 11K 12K 78643K 2172 0 ifaddr 80 18K 21K 78643K 577 0 sysctl 2 0K 0K 78643K 2 0 counters 50 34K 35K 78643K 162 0 ioctlops 0 0K 8K 78643K 2458 0 iov 0 0K 16K 78643K 647 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1477 92K 93K 78643K 7308 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 328K 336K 78643K 58 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 776 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 18 65K 77K 78643K 5975 0 sigio 0 0K 0K 78643K 103 0 proc 72 91K 116K 78643K 1523 0 subproc 104 6K 7K 78643K 485 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 146 0 in_multi 66 4K 6K 78643K 545 0 ether_multi 1 0K 0K 78643K 42 0 mrt 1 0K 0K 78643K 39 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 199 890K 890K 78643K 199 0 exec 0 0K 2K 78643K 1723 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 359 432K 449K 78643K 37533 0 UVM aobj 238 10K 10K 78643K 243 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 189 0 NDP 11 0K 1K 78643K 147 0 temp 176 4832K 21178K 78643K 65532 0 kqueue 13 20K 26K 78643K 419 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 241 0 238 2 1 1 2 0 8 0 rtentry 112 509 0 441 4 0 4 4 0 8 0 unpcb 136 5573 0 5558 60 59 1 9 0 8 0 syncache 296 33 0 33 8 8 0 1 0 8 0 tcpqe 32 16 0 16 4 4 0 1 0 8 0 tcpcb 736 2232 0 2228 71 68 3 14 0 8 2 arp 120 77 0 65 1 0 1 1 0 8 0 inpcb 312 5248 0 5237 76 72 4 12 0 8 3 nd6 48 116 0 103 1 0 1 1 0 8 0 pkpcb 40 101 0 101 6 6 0 1 0 8 0 kcovpl 48 34 0 26 1 0 1 1 0 8 0 ppxss 1248 16 0 16 6 6 0 1 0 8 0 pfstscr 40 23 0 23 4 4 0 1 0 8 0 pffrag 232 19 0 18 1 0 1 1 0 482 0 pffrnode 88 19 0 18 1 0 1 1 0 8 0 pffrent 40 49 0 48 1 0 1 1 0 8 0 pfosfp 40 1431 0 1007 5 0 5 5 0 8 0 pfosfpen 112 1431 0 716 21 0 21 21 0 8 0 pfrktable 1344 336 0 325 3 2 1 2 0 8 0 pftag 88 10 0 2 1 0 1 1 0 8 0 pfstitem 24 74 0 72 1 0 1 1 0 8 0 pfstkey 112 106 0 104 2 1 1 2 0 8 0 pfstate 336 89 0 87 3 2 1 3 0 8 0 pfsrctr 152 13 0 13 2 1 1 1 0 8 1 pfrule 1360 264 0 236 8 5 3 3 0 8 0 rttmr 64 12 0 12 5 5 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2227 0 1908 42 16 26 29 0 8 0 art_table 32 2228 0 1908 4 0 4 4 0 8 0 art_node 16 508 0 449 1 0 1 1 0 8 0 sysvmsgpl 40 20 0 8 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 769 0 759 1 0 1 1 0 8 0 shmpl 112 240 0 5 7 0 7 7 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 11691 0 10231 92 0 92 92 0 8 0 ffsino 272 11691 0 10231 98 0 98 98 0 8 0 nchpl 144 20186 0 18542 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 77699 0 77699 3 2 1 2 0 8 1 percpumem 16 93 0 56 1 0 1 1 0 8 0 vcpupl 2048 90 0 0 12 0 12 12 0 8 0 vmpool 560 100 0 10 8 1 7 7 0 8 0 pfiaddrpl 120 93 0 82 2 1 1 1 0 8 0 kstatmem 264 134 0 112 2 0 2 2 0 8 0 scsiplug 72 5 0 5 1 1 0 1 0 8 0 scxspl 216 50340 0 50340 19 18 1 8 0 8 1 plimitpl 152 1168 0 1153 1 0 1 1 0 8 0 sigapl 424 6249 0 6179 8 0 8 8 0 8 0 futexpl 64 51564 0 51560 1 0 1 1 0 8 0 knotepl 120 584 0 0 11 1 10 10 0 8 0 kqueuepl 216 1281 0 1272 27 26 1 5 0 8 0 pipepl 336 1406 0 1378 48 45 3 8 0 8 0 fdescpl 496 6210 0 6179 5 1 4 5 0 8 0 filepl 152 53655 0 53407 110 97 13 22 0 8 3 lockfpl 104 2005 0 2002 4 3 1 2 0 8 0 lockfspl 48 464 0 461 1 0 1 1 0 8 0 sessionpl 144 50 0 33 1 0 1 1 0 8 0 pgrppl 48 57 0 40 1 0 1 1 0 8 0 ucredpl 96 16757 0 16745 1 0 1 1 0 8 0 zombiepl 144 6179 0 6179 2 1 1 1 0 8 1 processpl 1064 6249 0 6179 5 0 5 5 0 8 0 procpl 672 17806 0 17721 17 9 8 9 0 8 0 srpgc 96 61 0 61 9 9 0 1 0 8 0 sosppl 168 48 0 48 8 7 1 1 0 8 1 sockpl 480 11177 0 11148 267 259 8 34 0 8 4 mcl64k 65536 27 0 0 3 1 2 3 0 8 0 mcl16k 16384 11 0 0 2 0 2 2 0 8 0 mcl12k 12288 25 0 0 2 0 2 2 0 8 0 mcl9k 9216 6 0 0 1 0 1 1 0 8 0 mcl8k 8192 25 0 0 4 1 3 3 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 7 0 0 1 0 1 1 0 8 0 mcl2k 2048 200 0 0 19 0 19 19 0 8 0 mtagpl 96 606 0 0 13 0 13 13 0 8 0 mbufpl 256 2439 0 0 142 0 142 142 0 8 0 bufpl 288 12494 0 6162 453 0 453 453 0 8 0 anonpl 24 1223131 0 1204685 210 76 134 140 0 186 14 amapchunkpl 152 108688 0 107892 72 34 38 44 0 158 5 amappl16 200 16223 0 15636 101 69 32 45 0 8 0 amappl15 192 387 0 386 2 1 1 1 0 8 0 amappl14 184 460 0 456 1 0 1 1 0 8 0 amappl13 176 1667 0 1664 1 0 1 1 0 8 0 amappl12 168 943 0 936 1 0 1 1 0 8 0 amappl11 160 1179 0 1158 2 1 1 2 0 8 0 amappl10 152 778 0 772 1 0 1 1 0 8 0 amappl9 144 1201 0 1191 1 0 1 1 0 8 0 amappl8 136 1111 0 1028 3 0 3 3 0 8 0 amappl7 128 236 0 224 1 0 1 1 0 8 0 amappl6 120 1100 0 1077 2 1 1 2 0 8 0 amappl5 112 5474 0 5454 1 0 1 1 0 8 0 amappl4 104 2898 0 2862 3 2 1 2 0 8 0 amappl3 96 19309 0 19251 2 0 2 2 0 8 0 amappl2 88 8362 0 8296 3 1 2 3 0 8 0 amappl1 80 149754 0 149069 20 5 15 20 0 8 0 amappl 88 36521 0 36307 7 1 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 242 0 5 5 0 5 5 0 8 0 uaddrrnd 24 6310 0 6189 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 6310 0 6189 1 0 1 1 0 8 0 vmmpekpl 168 53133 0 53066 4 0 4 4 0 8 0 vmmpepl 168 613882 0 610800 240 104 136 152 0 357 1 vmsppl 368 6309 0 6189 12 1 11 11 0 8 0 rwobjpl 56 156553 0 148710 119 7 112 115 0 8 0 pdppl 4096 12627 0 12468 506 347 159 159 0 8 0 pvpl 32 2490537 0 2467995 395 152 243 248 0 265 48 pmappl 248 6309 0 6189 9 1 8 8 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 1604 0 562 31 0 31 31 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace tun_enqueue(ffff800000d76800,fffffd805aba0300) at tun_enqueue+0x52 tun_wakeup sys/net/if_tun.c:656 [inline] tun_enqueue(ffff800000d76800,fffffd805aba0300) at tun_enqueue+0x52 sys/net/if_tun.c:648 ether_output(ffff800000d76800,fffffd805aba0300,ffff800021194000,0) at ether_output+0xb7 sys/net/if_ethersubr.c:369 bpfwrite(41700,ffff800021194420,11) at bpfwrite+0x266 sys/net/bpf.c:663 spec_write(ffff800021194200) at spec_write+0xd4 sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd8066fe8e88,ffff800021194420,11,fffffd807f7d7e40) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 vn_write(fffffd8066358c00,ffff800021194420,0) at vn_write+0x157 sys/kern/vfs_vnops.c:414 dofilewritev(ffff8000ffff6010,b,ffff800021194420,0,ffff800021194520) at dofilewritev+0x19c sys/kern/sys_generic.c:381 sys_writev(ffff8000ffff6010,ffff8000211944c0,ffff800021194520) at sys_writev+0xa7 sys/kern/sys_generic.c:328 syscall(ffff800021194590) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800021194590) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff4180, count: -10 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020cd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82b3ec48) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82b3ec48) at __mp_lock+0x122 sys/kern/kern_lock.c:147 syscall(ffff80002e19f230) at syscall+0x3ef mi_syscall sys/sys/syscall_mi.h:93 [inline] syscall(ffff80002e19f230) at syscall+0x3ef sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffb5f0, count: -6