kernel: protection fault trap, code=0 Stopped at pfi_ifhead_RB_REMOVE+0x58: movq 0x10(%r15),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace pfi_ifhead_RB_REMOVE(ffffffff822b4e90,ffff800000a2c200) at pfi_ifhead_RB_REMOVE+0x58 sys/net/pf_if.c:80 pfi_detach_ifnet(ffff800000a27800) at pfi_detach_ifnet+0x11e pfi_kif_unref sys/net/pf_if.c:199 [inline] pfi_detach_ifnet(ffff800000a27800) at pfi_detach_ifnet+0x11e sys/net/pf_if.c:257 if_detach(ffff800000a27800) at if_detach+0x15d sys/net/if.c:1120 tun_clone_destroy(ffff800000a27800) at tun_clone_destroy+0x1c6 sys/net/if_tun.c:278 spec_close(ffff800016a1f778) at spec_close+0x3b0 sys/kern/spec_vnops.c:553 VOP_CLOSE(fffffd802f76a6f0,1,fffffd803f7c6b40,ffff800014926610) at VOP_CLOSE+0x64 sys/kern/vfs_vops.c:174 vn_closefile(fffffd802fc0b540,ffff800014926610) at vn_closefile+0x14b vn_close sys/kern/vfs_vnops.c:289 [inline] vn_closefile(fffffd802fc0b540,ffff800014926610) at vn_closefile+0x14b sys/kern/vfs_vnops.c:575 fdrop(fffffd802fc0b540,ffff800014926610) at fdrop+0xc9 sys/kern/kern_descrip.c:1260 closef(fffffd802fc0b540,ffff800014926610) at closef+0x118 sys/kern/kern_descrip.c:1244 finishdup(ffff800014926610,fffffd802fc0bea0,5,3,ffff800016a1fad0,1) at finishdup+0x2b7 sys/kern/kern_descrip.c:679 dodup3(ffff800014926610,5,3,0,ffff800016a1fad0) at dodup3+0x5d5 sys/kern/kern_descrip.c:377 syscall(ffff800016a1fb30) at syscall+0x508 Xsyscall(6,0,fffffffffffffedb,0,2,bff13cf5010) at Xsyscall+0x128 end of kernel end trace frame: 0xc011de13060, count: -13 ddb> show registers rdi 0xffffffff817c495b pfi_ifhead_RB_REMOVE+0x2b rsi 0x27b rbp 0xffff800016a1f600 rbx 0xdeadbeefdeadbeef rdx 0x27c rcx 0xffff800016bfd000 rax 0xffff800000a2c210 r8 0x101010101010101 r9 0x5 r10 0x2b4c2a57d51514ed r11 0x3b51b9240bd24497 r12 0xffffffff822b4e90 pfi_ifs r13 0 r14 0xffff800000a2c200 r15 0xdeadbeefdeadbeef rip 0xffffffff817c4988 pfi_ifhead_RB_REMOVE+0x58 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff800016a1f5a0 ss 0x10 pfi_ifhead_RB_REMOVE+0x58: movq 0x10(%r15),%rbx ddb> show proc PROC (syz-executor.1) pid=102220 stat=onproc flags process=0 proc=4000000 pri=73, usrpri=73, nice=20 forw=0xffffffffffffffff, list=0xffff8000149259e0,0xffffffff822ac008 process=0xffff8000ffffa360 user=0xffff800016a1a000, vmspace=0xfffffd803f00baa0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 10922 515912 80194 0 2 0 syz-executor.1 *10922 102220 80194 0 7 0x4000000 syz-executor.1 41060 65932 32308 0 3 0x80 nanosleep syz-executor.0 41060 308998 32308 0 3 0x4000080 netcon syz-executor.0 41060 290648 32308 0 3 0x4000080 fsleep syz-executor.0 41060 228805 32308 0 3 0x4000080 fsleep syz-executor.0 41060 427248 32308 0 3 0x4000080 fsleep syz-executor.0 32308 340745 36528 0 3 0x82 nanosleep syz-executor.0 9381 174263 1 0 3 0x100083 ttyopn getty 81834 326618 0 0 3 0x14200 bored sosplice 80194 377311 36528 0 3 0x82 nanosleep syz-executor.1 36528 414872 82477 0 3 0x82 thrsleep syz-fuzzer 36528 240861 82477 0 3 0x4000082 thrsleep syz-fuzzer 36528 404740 82477 0 3 0x4000082 thrsleep syz-fuzzer 36528 103322 82477 0 3 0x4000082 kqread syz-fuzzer 36528 414825 82477 0 3 0x4000082 thrsleep syz-fuzzer 36528 65897 82477 0 3 0x4000082 thrsleep syz-fuzzer 36528 128944 82477 0 3 0x4000082 thrsleep syz-fuzzer 82477 6816 59142 0 3 0x10008a pause ksh 59142 512571 95140 0 3 0x92 select sshd 95140 170118 1 0 3 0x80 select sshd 25452 354679 93274 73 3 0x100090 kqread syslogd 93274 241462 1 0 3 0x100082 netio syslogd 31873 439840 1 77 3 0x100090 poll dhclient 63486 522587 1 0 3 0x80 poll dhclient 62535 88283 0 0 2 0x14200 zerothread 72478 94886 0 0 3 0x14200 aiodoned aiodoned 78727 60923 0 0 3 0x14200 syncer update 72001 258322 0 0 3 0x14200 cleaner cleaner 85647 11932 0 0 3 0x14200 reaper reaper 1269 219581 0 0 3 0x14200 pgdaemon pagedaemon 13085 350930 0 0 3 0x14200 bored crynlk 85256 425601 0 0 3 0x14200 bored crypto 3580 161898 0 0 3 0x40014200 acpi0 acpi0 9948 342943 0 0 2 0x14200 softnet 73637 413426 0 0 3 0x14200 bored systqmp 65601 114792 0 0 3 0x14200 bored systq 43325 503950 0 0 3 0x40014200 bored softclock 55967 312964 0 0 3 0x40014200 idle0 13583 136121 0 0 3 0x14200 bored smr 1 333634 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9518 6357K 6955K 78643K 19842 0 0 pcb 23 9K 11K 78643K 1536 0 0 rtable 115 4K 4K 78643K 743 0 0 ifaddr 60 14K 16K 78643K 320 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 185 0 0 iov 0 0K 28K 78643K 464 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1199 75K 76K 78643K 4520 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 41 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 0K 78643K 285 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 6 17K 25K 78643K 3487 0 0 sigio 0 0K 0K 78643K 46 0 0 proc 43 30K 54K 78643K 698 0 0 subproc 32 2K 2K 78643K 55 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 337 0 0 in_multi 33 2K 2K 78643K 170 0 0 ether_multi 1 0K 0K 78643K 11 0 0 mrt 0 0K 0K 78643K 5 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 96 424K 424K 78643K 96 0 0 exec 0 0K 1K 78643K 506 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 97 21K 31K 78643K 9251 0 0 UVM aobj 125 3K 3K 78643K 145 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 140 0 0 NDP 13 0K 0K 78643K 88 0 0 temp 177 2721K 2791K 78643K 13696 0 0 kqueue 0 0K 0K 78643K 31 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 2 1 0 1 1 0 8 0 inpcbpl 280 1317 0 1308 2 1 1 2 0 8 0 rtentry 112 62 0 17 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 17 0 17 1 1 0 1 0 8 0 tcpcb 544 508 0 503 1 0 1 1 0 8 0 nd6 48 9 0 3 1 0 1 1 0 8 0 ppxss 1128 57 0 57 18 18 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 235 0 44 12 0 12 12 0 8 0 art_table 32 236 0 44 2 0 2 2 0 8 0 art_node 16 56 0 16 1 0 1 1 0 8 0 sysvmsgpl 40 17 0 12 1 0 1 1 0 8 0 semapl 112 283 0 273 1 0 1 1 0 8 0 shmpl 112 143 0 20 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 7144 0 5686 48 0 48 48 0 8 0 ffsino 240 7144 0 5686 86 0 86 86 0 8 0 nchpl 144 12134 0 10509 61 0 61 61 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 200 5926 0 0 312 0 312 312 0 8 0 namei 1024 38154 0 38154 2 1 1 1 0 8 1 scsiplug 64 5 0 5 4 4 0 1 0 8 0 scxspl 192 37158 0 37158 16 15 1 6 0 8 1 plimitpl 152 134 0 127 1 0 1 1 0 8 0 sigapl 432 3657 0 3643 2 0 2 2 0 8 0 futexpl 56 56550 0 56547 1 0 1 1 0 8 0 knotepl 112 617 0 598 1 0 1 1 0 8 0 kqueuepl 104 746 0 743 1 0 1 1 0 8 0 pipepl 112 2020 0 1999 4 3 1 2 0 8 0 fdescpl 424 3658 0 3643 2 0 2 2 0 8 0 filepl 120 21647 0 21543 4 0 4 4 0 8 0 lockfpl 104 1328 0 1327 4 3 1 1 0 8 0 lockfspl 48 459 0 458 4 3 1 1 0 8 0 sessionpl 112 20 0 10 1 0 1 1 0 8 0 pgrppl 48 92 0 82 1 0 1 1 0 8 0 ucredpl 96 4795 0 4788 1 0 1 1 0 8 0 zombiepl 144 3643 0 3643 2 1 1 1 0 8 1 processpl 848 3673 0 3643 4 0 4 4 0 8 0 procpl 624 8352 0 8311 5 1 4 4 0 8 0 sosppl 128 45 0 45 12 11 1 1 0 8 1 sockpl 384 2664 0 2645 8 5 3 4 0 8 0 mcl64k 65536 1059 0 1059 86 77 9 32 0 8 9 mcl16k 16384 10 0 10 6 6 0 1 0 8 0 mcl12k 12288 67 0 67 13 12 1 1 0 8 1 mcl9k 9216 41 0 41 11 10 1 1 0 8 1 mcl8k 8192 58 0 58 13 12 1 1 0 8 1 mcl4k 4096 135 0 135 12 11 1 1 0 8 1 mcl2k2 2112 23 0 23 11 10 1 1 0 8 1 mcl2k 2048 57387 0 57345 21 14 7 12 0 8 1 mtagpl 80 13 0 13 3 3 0 1 0 8 0 mbufpl 256 106905 0 106850 43 34 9 21 0 8 1 bufpl 256 14777 0 9150 352 0 352 352 0 8 0 anonpl 16 321228 0 310251 160 102 58 61 0 62 11 amapchunkpl 152 15366 0 15233 38 32 6 15 0 158 0 amappl16 192 19566 0 18971 140 104 36 41 0 8 6 amappl15 184 4 0 4 3 3 0 1 0 8 0 amappl14 176 44 0 41 2 1 1 1 0 8 0 amappl12 160 1557 0 1557 2 2 0 1 0 8 0 amappl11 152 1790 0 1773 1 0 1 1 0 8 0 amappl10 144 73 0 72 2 1 1 1 0 8 0 amappl9 136 549 0 545 1 0 1 1 0 8 0 amappl8 128 134 0 120 1 0 1 1 0 8 0 amappl7 120 37 0 34 1 0 1 1 0 8 0 amappl6 112 1777 0 1769 1 0 1 1 0 8 0 amappl5 104 1738 0 1728 1 0 1 1 0 8 0 amappl4 96 3811 0 3787 1 0 1 1 0 8 0 amappl3 88 296 0 286 1 0 1 1 0 8 0 amappl2 80 28562 0 28489 4 2 2 3 0 8 0 amappl1 72 72088 0 71649 26 17 9 19 0 8 0 amappl 80 8636 0 8591 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 144 0 20 2 0 2 2 0 8 0 uaddrrnd 24 3658 0 3643 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3658 0 3643 1 0 1 1 0 8 0 vmmpekpl 168 24169 0 24141 2 0 2 2 0 8 0 vmmpepl 168 426673 0 424932 171 86 85 89 0 357 8 vmsppl 272 3657 0 3643 2 1 1 2 0 8 0 pdppl 4096 7323 0 7286 6 1 5 6 0 8 0 pvpl 32 894075 0 879497 401 192 209 224 0 265 91 pmappl 200 3657 0 3643 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 653 0 160 16 1 15 15 0 8 0