kernel: protection fault trap, code=0 Stopped at bpfdetach+0x40: movq 0(%r15),%r12 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace bpfdetach(ffff800001569800) at bpfdetach+0x40 sys/net/bpf.c:1770 if_detach(ffff800001569800) at if_detach+0x12b sys/net/if.c:1288 tun_clone_destroy(ffff800001569800) at tun_clone_destroy+0x2a2 sys/net/if_tun.c:347 if_clone_destroy(ffff8000314fd580) at if_clone_destroy+0x1d5 sys/net/if.c:1478 sys_ioctl(ffff80003c940550,ffff8000314fd750,ffff8000314fd6a0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff8000314fd750) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff8000314fd750) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x13e1dc76190, count: -7 ddb> show registers rdi 0xffff80003691c000 rsi 0x11c22 __ALIGN_SIZE+0x10c22 rbp 0xffff8000314fd470 rbx 0 rdx 0xffff80003691c000 rcx 0x11c21 __ALIGN_SIZE+0x10c21 rax 0xffffffff8137c939 bpfdetach+0x89 r8 0xffffffffffffffff r9 0 r10 0xb98479ba41d3c2d5 r11 0x690d2d402e503ce6 r12 0xdeaf0002deaf4152 r13 0xffff800001569d60 r14 0xffff800001569800 r15 0xdeaf0002deaf4152 rip 0xffffffff8137c8f0 bpfdetach+0x40 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000314fd440 ss 0x10 bpfdetach+0x40: movq 0(%r15),%r12 ddb> show proc PROC (syz-executor) tid=285059 pid=77978 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=82, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c941a10,0xffff80003c12c570 process=0xffff800035d19b18 user=0xffff8000314f8000, vmspace=0xfffffd8077350188 estcpu=32, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 90383 3536 60260 0 2 0 syz-executor 90383 498212 60260 0 3 0x4000080 fsleep syz-executor 27124 363358 51063 0 2 0 syz-executor 27124 465888 51063 0 3 0x4000080 fsleep syz-executor 76083 398803 79922 0 2 0 syz-executor 76083 424303 79922 0 2 0x4000000 syz-executor 76083 456812 79922 0 3 0x4000080 fsleep syz-executor 8689 265884 61717 0 2 0 syz-executor 8689 374555 61717 0 3 0x4000080 fsleep syz-executor 8689 432454 61717 0 2 0x4000000 syz-executor 49470 369440 92526 0 2 0x1 syz-executor 77978 296572 34554 0 2 0 syz-executor *77978 285059 34554 0 7 0x4000000 syz-executor 77978 280001 34554 0 2 0x4000000 syz-executor 43737 335919 54169 0 2 0x10 syz-executor 43737 34358 54169 0 3 0x4000090 fsleep syz-executor 43737 144805 54169 0 3 0x4000090 fsleep syz-executor 27820 292255 1 0 3 0x100083 ttyin getty 34554 364224 25679 0 3 0x82 nanoslp syz-executor 12144 224237 25679 0 3 0x82 nanoslp syz-executor 51063 335893 25679 0 3 0x82 nanoslp syz-executor 54169 135103 25679 0 3 0x82 nanoslp syz-executor 79922 404867 25679 0 3 0x82 nanoslp syz-executor 61717 393995 25679 0 3 0x82 nanoslp syz-executor 92526 321705 25679 0 3 0x82 nanoslp syz-executor 60260 501351 25679 0 3 0x82 nanoslp syz-executor 25679 70203 45078 0 3 0x82 kqread syz-executor 45078 412534 85262 0 3 0x10008a sigsusp ksh 85262 513558 90675 0 3 0x98 kqread sshd-session 90675 168135 20232 0 3 0x92 kqread sshd-session 20232 93032 1 0 3 0x88 kqread sshd 18654 410758 15750 73 3 0x1100090 kqread syslogd 15750 157187 1 0 3 0x100082 sbwait syslogd 62162 390071 1 0 3 0x100080 kqread resolvd 35743 29145 34971 77 3 0x100092 kqread dhcpleased 49679 400084 34971 77 3 0x100092 kqread dhcpleased 34971 22400 1 0 3 0x80 kqread dhcpleased 4827 386591 0 0 3 0x14200 bored smr 34550 13657 0 0 2 0x14200 zerothread 62740 315173 0 0 3 0x14200 aiodoned aiodoned 61440 302798 0 0 3 0x14200 syncer update 84712 462680 0 0 3 0x14200 cleaner cleaner 89506 296283 0 0 3 0x14200 reaper reaper 96853 65903 0 0 3 0x14200 pgdaemon pagedaemon 96795 360390 0 0 3 0x14200 bored viomb 72991 496578 0 0 3 0x40014200 acpi0 acpi0 57159 213261 0 0 3 0x14200 bored softnet0 15294 46356 0 0 3 0x14200 bored systqmp 35744 52145 0 0 3 0x14200 bored systq 29717 452309 0 0 3 0x40014200 tmoslp softclock 17613 491942 0 0 3 0x40014200 idle0 1 482183 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11066 12279K 13156K 166960K 15119 0 pcb 17 17K 19K 166960K 392 0 rtable 255 11K 11K 166960K 620 0 pf 36 13K 15K 166960K 192 0 ifaddr 44 7K 8K 166960K 108 0 ifgroup 58 2K 2K 166960K 171 0 sysctl 4 1K 9K 166960K 12 0 counters 36 18K 18K 166960K 157 0 ioctlops 0 0K 4K 166960K 611 0 iov 0 0K 24K 166960K 60 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1493 94K 94K 166960K 2822 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 21 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 169 0 dirhash 12 2K 2K 166960K 33 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 93K 166960K 1203 0 sigio 0 0K 0K 166960K 17 0 proc 60 59K 108K 166960K 697 0 subproc 72 4K 4K 166960K 100 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 169 0 in_multi 94 6K 7K 166960K 180 0 ether_multi 1 0K 0K 166960K 8 0 mrt 1 0K 0K 166960K 12 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 91 413K 413K 166960K 91 0 exec 0 0K 1K 166960K 595 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 244 160K 187K 166960K 12872 0 UVM aobj 33 8K 8K 166960K 37 0 pinsyscall 39 78K 95K 166960K 2401 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 60 0 NDP 14 0K 2K 166960K 72 0 temp 67 8669K 8734K 166960K 57458 0 kqueue 14 22K 30K 166960K 190 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 127 0 123 1 0 1 1 0 8 0 rtentry 136 179 0 78 4 0 4 4 0 8 0 unpcb 144 1038 0 1021 8 4 4 4 0 8 3 syncache 336 11 0 11 4 3 1 1 0 8 1 tcpqe 32 7 0 7 2 2 0 1 0 8 0 tcpcb 736 592 0 546 20 15 5 16 0 8 0 arp 96 27 0 9 1 0 1 1 0 8 0 ipq 40 11 0 7 1 0 1 1 0 8 0 ipqe 40 16 0 12 1 0 1 1 0 8 0 inpcb 328 1445 0 1396 24 17 7 15 0 8 2 ip6q 72 4 0 1 1 0 1 1 0 8 0 ip6af 40 6 0 3 1 0 1 1 0 8 0 nd6 112 39 0 15 1 0 1 1 0 8 0 pkpcb 40 6 0 6 2 1 1 1 0 8 1 kcovpl 48 11 0 3 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1072 107 0 105 2 1 1 1 0 8 0 pppxif 1384 9 0 9 3 2 1 1 0 8 1 pfrktable 1344 2 0 2 2 1 1 1 0 8 1 rttmr 136 3 0 3 1 1 0 1 0 8 0 art_heap8 4096 4 0 1 3 0 3 3 0 8 0 art_heap4 256 842 0 413 30 0 30 30 0 8 1 art_table 40 846 0 414 5 0 5 5 0 8 0 art_node 32 179 0 90 1 0 1 1 0 8 0 sysvmsgpl 40 73 0 70 1 0 1 1 0 8 0 semupl 112 3 0 3 3 2 1 1 0 8 1 semapl 112 164 0 154 1 0 1 1 0 8 0 shmpl 112 31 0 3 1 0 1 1 0 8 0 dirhash 1024 32 0 15 3 0 3 3 0 8 0 dino2pl 256 3636 0 2132 95 0 95 95 0 8 0 ffsino 256 3636 0 2132 95 0 95 95 0 8 0 nchpl 144 5264 0 3562 64 0 64 64 0 8 0 rtmask 32 7 0 7 2 1 1 1 0 8 1 vnodes 216 4637 0 0 258 0 258 258 0 8 0 namei 1024 19602 0 19602 6 5 1 4 0 8 1 vcpupl 3904 3 0 1 1 0 1 1 0 8 0 vmpool 808 3 0 1 1 0 1 1 0 8 0 kstatmem 264 98 0 70 3 0 3 3 0 8 1 scsiplug 72 9 0 9 3 2 1 1 0 8 1 scxspl 216 15771 0 15771 11 9 2 8 1 8 2 plimitpl 152 326 0 309 1 0 1 1 0 8 0 sigapl 424 1496 0 1453 7 1 6 6 0 8 0 knotepl 120 308702 0 308654 32 22 10 10 0 8 8 kqueuepl 184 302 0 291 1 0 1 1 0 8 0 pipepl 304 269 0 241 3 0 3 3 0 8 0 fdescpl 448 1482 0 1452 5 1 4 5 0 8 0 filepl 120 10549 0 10289 18 7 11 14 0 8 2 lockfpl 104 635 0 633 2 1 1 2 0 8 0 lockfspl 48 185 0 183 1 0 1 1 0 8 0 sessionpl 144 31 0 23 1 0 1 1 0 8 0 pgrppl 48 120 0 104 1 0 1 1 0 8 0 ucredpl 104 1849 0 1836 1 0 1 1 0 8 0 zombiepl 144 2037 0 2036 2 1 1 1 0 8 0 processpl 1152 1496 0 1453 4 0 4 4 0 8 0 procpl 664 3260 0 3207 7 1 6 6 0 8 0 sosppl 176 4 0 4 2 2 0 1 0 8 0 sockpl 552 2719 0 2649 28 18 10 19 0 8 5 mcl64k 65536 182 0 181 1 0 1 1 0 8 0 mcl9k 9216 1 0 1 1 1 0 1 0 8 0 mcl8k 8192 18 0 18 4 3 1 1 0 8 1 mcl4k 4096 3873 0 3817 14 6 8 14 0 8 0 mcl2k 2048 1973 0 1966 5 3 2 3 0 8 0 mtagpl 96 272 0 10 8 1 7 7 0 8 0 mbufpl 256 18206 0 17755 94 59 35 86 0 8 4 bufpl 280 5410 0 126 378 0 378 378 0 8 0 anonpl 24 217949 0 210085 94 21 73 73 0 187 0 amapchunkpl 152 43447 0 42873 56 28 28 38 0 158 5 amappl16 200 3815 0 3565 35 9 26 26 0 8 2 amappl15 192 5 0 5 1 1 0 1 0 8 0 amappl14 184 6 0 5 1 0 1 1 0 8 0 amappl13 176 443 0 441 1 0 1 1 0 8 0 amappl12 168 1858 0 1819 2 0 2 2 0 8 0 amappl11 160 6 0 6 1 1 0 1 0 8 0 amappl10 152 70 0 60 1 0 1 1 0 8 0 amappl9 144 257 0 256 1 0 1 1 0 8 0 amappl8 136 18 0 16 1 0 1 1 0 8 0 amappl7 128 95 0 92 1 0 1 1 0 8 0 amappl6 120 305 0 294 1 0 1 1 0 8 0 amappl5 112 76 0 69 1 0 1 1 0 8 0 amappl4 104 432 0 406 1 0 1 1 0 8 0 amappl3 96 8450 0 8340 5 1 4 4 0 8 0 amappl2 88 605 0 551 2 0 2 2 0 8 0 amappl1 80 15265 0 14723 15 2 13 15 0 8 0 amappl 88 11872 0 11698 5 0 5 5 0 92 0 uvmvnodes 80 131 0 0 3 0 3 3 0 8 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 256 0 256 2 2 0 1 0 8 0 dma64 64 7 0 7 2 2 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 36 0 4 1 0 1 1 0 8 0 uaddrrnd 24 1482 0 1452 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1482 0 1452 1 0 1 1 0 8 0 vmmpekpl 168 13742 0 13696 3 0 3 3 0 8 0 vmmpepl 168 101094 0 99017 115 13 102 102 0 357 4 vmsppl 368 1481 0 1452 4 1 3 4 0 8 0 rwobjpl 40 28497 0 27256 18 2 16 16 0 8 0 pdppl 4096 2977 0 2908 136 67 69 81 0 8 0 pvpl 32 642184 0 628588 209 55 154 154 0 265 9 pmappl 216 1484 0 1453 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 525 0 167 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace bpfdetach(ffff800001569800) at bpfdetach+0x40 sys/net/bpf.c:1770 if_detach(ffff800001569800) at if_detach+0x12b sys/net/if.c:1288 tun_clone_destroy(ffff800001569800) at tun_clone_destroy+0x2a2 sys/net/if_tun.c:347 if_clone_destroy(ffff8000314fd580) at if_clone_destroy+0x1d5 sys/net/if.c:1478 sys_ioctl(ffff80003c940550,ffff8000314fd750,ffff8000314fd6a0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff8000314fd750) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff8000314fd750) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x13e1dc76190, count: -7 ddb> machine ddbcpu 1 No such command ddb> trace bpfdetach(ffff800001569800) at bpfdetach+0x40 sys/net/bpf.c:1770 if_detach(ffff800001569800) at if_detach+0x12b sys/net/if.c:1288 tun_clone_destroy(ffff800001569800) at tun_clone_destroy+0x2a2 sys/net/if_tun.c:347 if_clone_destroy(ffff8000314fd580) at if_clone_destroy+0x1d5 sys/net/if.c:1478 sys_ioctl(ffff80003c940550,ffff8000314fd750,ffff8000314fd6a0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff8000314fd750) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff8000314fd750) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x13e1dc76190, count: -7