kernel: protection fault trap, code=0 Stopped at pfi_ifhead_RB_REMOVE+0x50: movq 0x10(%r12),%rbx ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace pfi_ifhead_RB_REMOVE(ffffffff828eac88,ffff800000b48e00) at pfi_ifhead_RB_REMOVE+0x50 sys/net/pf_if.c:80 pfi_detach_ifgroup(ffff800000b4be00) at pfi_detach_ifgroup+0x11b pfi_kif_unref sys/net/pf_if.c:211 [inline] pfi_detach_ifgroup(ffff800000b4be00) at pfi_detach_ifgroup+0x11b sys/net/pf_if.c:304 if_delgroup(ffff800000b16800,ffff800000b4be00) at if_delgroup+0x193 sys/net/if.c:2700 if_detach(ffff800000b16800) at if_detach+0x1cb sys/net/if.c:1049 tun_clone_destroy(ffff800000b16800) at tun_clone_destroy+0x1e1 sys/net/if_tun.c:325 if_clone_destroy(ffff800021ad1580) at if_clone_destroy+0x136 sys/net/if.c:1212 tun_dev_close(5d00,7) at tun_dev_close+0x140 sys/net/if_tun.c:479 spec_close(ffff800021ad1650) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd807cd73248,7,fffffd807f7b77e0,ffff80002123c000) at VOP_CLOSE+0xeb sys/kern/vfs_vops.c:177 vn_closefile(fffffd806a9330b0,ffff80002123c000) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd806a9330b0,ffff80002123c000) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614 fdrop(fffffd806a9330b0,ffff80002123c000) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd806a9330b0,ffff80002123c000) at closef+0x11c sys/kern/kern_descrip.c:1263 fdfree(ffff80002123c000) at fdfree+0xf4 sys/kern/kern_descrip.c:1195 exit1(ffff80002123c000,0,0,1) at exit1+0x335 sys/kern/kern_exit.c:200 sys_exit(ffff80002123c000,ffff800021ad18e0,ffff800021ad1930) at sys_exit+0x16 sys/kern/kern_exit.c:96 syscall(ffff800021ad19b0) at syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800021ad19b0) at syscall+0x4a1 sys/arch/amd64/amd64/trap.c:590 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffbc940, count: -17 ddb{0}> show registers rdi 0xffffffff828eac88 pfi_ifs rsi 0xffff800000b48e00 rbp 0xffff800021ad13e0 rbx 0xdeadbeefdeadbeef rdx 0 rcx 0xffff800000b4b000 rax 0xffff800000b48e10 r8 0xf8 r9 0x8080808080808080 r10 0x75bfb7b04008bcc1 r11 0xa4a3d1acd2195e6e r12 0xdeadbeefdeadbeef r13 0xffff800000afbf60 r14 0xffff800000b48e00 r15 0xffffffff828eac88 pfi_ifs rip 0xffffffff81b89ed0 pfi_ifhead_RB_REMOVE+0x50 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff800021ad1380 ss 0x10 pfi_ifhead_RB_REMOVE+0x50: movq 0x10(%r12),%rbx ddb{0}> show proc PROC (syz-executor.0) pid=122450 stat=onproc flags process=1008 proc=2000 pri=32, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff80002123cfc0,0xffffffff828d6428 process=0xffff8000212350f0 user=0xffff800021acc000, vmspace=0xfffffd8066a14a20 estcpu=30, cpticks=0, pctcpu=0.6 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 93554 330910 0 0 3 0x14200 acct acct 62300 472513 61663 0 3 0x82 nanoslp syz-executor.1 36777 245553 0 0 3 0x14200 bored sosplice 61663 73363 25536 0 3 0x82 thrsleep syz-fuzzer 61663 94925 25536 0 3 0x4000082 thrsleep syz-fuzzer 61663 292102 25536 0 3 0x4000082 thrsleep syz-fuzzer 61663 81475 25536 0 3 0x4000082 kqread syz-fuzzer 61663 168096 25536 0 3 0x4000082 thrsleep syz-fuzzer 61663 93334 25536 0 3 0x4000082 thrsleep syz-fuzzer 61663 262328 25536 0 3 0x4000082 thrsleep syz-fuzzer 61663 236821 25536 0 3 0x4000082 thrsleep syz-fuzzer 25536 8162 48296 0 3 0x10008a sigsusp ksh 48296 425874 35383 0 3 0x92 select sshd 25834 12798 1 0 3 0x100083 ttyin getty 35383 406753 1 0 3 0x80 select sshd 30052 198329 86936 74 3 0x100092 bpf pflogd 86936 347340 1 0 3 0x80 netio pflogd 36923 454606 8281 73 3 0x100090 kqread syslogd 8281 19985 1 0 3 0x100082 netio syslogd 41092 239194 1 77 7 0x100090 dhclient 55826 290818 1 0 3 0x80 poll dhclient 89723 306161 0 0 3 0x14200 bored smr 75800 344173 0 0 3 0x14200 pgzero zerothread 30366 250552 0 0 3 0x14200 aiodoned aiodoned 47298 273151 0 0 3 0x14200 syncer update 17656 170059 0 0 3 0x14200 cleaner cleaner 22827 463193 0 0 3 0x14200 reaper reaper 91612 514067 0 0 3 0x14200 pgdaemon pagedaemon 98407 504374 0 0 3 0x14200 bored crynlk 1905 344512 0 0 3 0x14200 bored crypto 54049 120325 0 0 3 0x14200 bored viomb 42805 42427 0 0 3 0x40014200 acpi0 acpi0 3478 502236 0 0 3 0x40014200 idle1 41579 396499 0 0 3 0x14200 bored softnet 55700 141187 0 0 2 0x14200 systqmp 90831 178997 0 0 3 0x14200 bored systq 47386 234260 0 0 3 0x40014200 bored softclock 57344 34158 0 0 3 0x40014200 idle0 1 206787 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9495 6428K 7194K 78643K 14955 0 pcb 13 8K 8K 78643K 156 0 rtable 84 2K 4K 78643K 639 0 ifaddr 45 10K 12K 78643K 145 0 counters 44 34K 34K 78643K 62 0 ioctlops 0 0K 4K 78643K 1630 0 iov 0 0K 24K 78643K 118 0 mount 1 1K 1K 78643K 1 0 vnodes 1220 77K 77K 78643K 2912 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 74 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 331 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 4 9K 25K 78643K 4515 0 sigio 0 0K 0K 78643K 4 0 proc 63 63K 96K 78643K 809 0 subproc 23 1K 2K 78643K 68 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 158 0 in_multi 22 1K 2K 78643K 236 0 ether_multi 1 0K 0K 78643K 16 0 mrt 0 0K 0K 78643K 26 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 61 281K 281K 78643K 61 0 exec 0 0K 2K 78643K 567 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 176 140K 141K 78643K 11141 0 UVM aobj 123 3K 3K 78643K 169 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 140 0 NDP 7 0K 0K 78643K 53 0 temp 117 3982K 4610K 78643K 47143 0 kqueue 13 24K 32K 78643K 259 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 21 0 17 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 120 127 0 125 1 0 1 1 0 8 0 rtentry 112 164 0 131 2 0 2 2 0 8 0 unpcb 120 913 0 903 2 1 1 2 0 8 0 syncache 296 43 0 43 6 6 0 1 0 8 0 tcpqe 32 40 0 40 3 3 0 1 0 8 0 tcpcb 736 707 0 701 15 12 3 6 0 8 1 inpcb 304 1612 0 1594 3 0 3 3 0 8 0 rttmr 72 11 0 11 2 2 0 1 0 8 0 nd6 48 42 0 39 1 0 1 1 0 8 0 pkpcb 40 16 0 16 1 1 0 1 0 8 0 kcovpl 48 4 0 3 1 0 1 1 0 8 0 pffrag 232 8 0 8 1 1 0 1 0 482 0 pffrnode 88 8 0 8 1 1 0 1 0 8 0 pffrent 40 21 0 21 2 2 0 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 4 0 4 1 1 0 1 0 8 0 pfstitem 24 77 0 61 1 0 1 1 0 8 0 pfstkey 112 77 0 61 2 0 2 2 0 8 0 pfstate 320 77 0 61 4 1 3 4 0 8 0 pfrule 1360 46 0 33 3 1 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 335 0 143 13 0 13 13 0 8 0 art_table 32 336 0 143 2 0 2 2 0 8 0 art_node 16 151 0 113 1 0 1 1 0 8 0 sysvmsgpl 40 82 0 42 3 2 1 1 0 8 0 semapl 112 329 0 319 1 0 1 1 0 8 0 shmpl 112 166 0 46 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 7140 0 5727 91 2 89 89 0 8 0 ffsino 272 7140 0 5727 95 0 95 95 0 8 0 nchpl 144 12404 0 10816 60 0 60 60 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 30560 0 30560 2 1 1 1 0 8 1 percpumem 16 42 0 9 1 0 1 1 0 8 0 vcpupl 1984 8 0 0 1 0 1 1 0 8 0 vmpool 560 13 0 5 1 0 1 1 0 8 0 scxspl 216 38458 0 38458 11 10 1 8 0 8 1 plimitpl 152 53 0 45 1 0 1 1 0 8 0 sigapl 424 4732 0 4699 4 0 4 4 0 8 0 futexpl 56 31333 0 31333 1 0 1 1 0 8 1 knotepl 112 362 0 348 1 0 1 1 0 8 0 kqueuepl 168 2193 0 2171 2 0 2 2 0 8 1 pipepl 336 225 0 217 9 7 2 2 0 8 1 fdescpl 496 4709 0 4694 3 0 3 3 0 8 0 filepl 152 15034 0 14947 6 1 5 6 0 8 1 lockfpl 104 695 0 694 1 0 1 1 0 8 0 lockfspl 48 272 0 271 1 0 1 1 0 8 0 sessionpl 144 20 0 9 1 0 1 1 0 8 0 pgrppl 48 25 0 14 1 0 1 1 0 8 0 ucredpl 96 2156 0 2147 1 0 1 1 0 8 0 zombiepl 144 4700 0 4698 2 1 1 1 0 8 0 processpl 1080 4732 0 4698 3 0 3 3 0 8 0 procpl 672 10168 0 10127 7 3 4 5 0 8 0 sosppl 168 31 0 31 4 4 0 1 0 8 0 sockpl 432 2669 0 2650 13 9 4 7 0 8 1 mcl64k 65536 6 0 0 1 0 1 1 0 8 0 mcl16k 16384 5 0 0 1 0 1 1 0 8 0 mcl12k 12288 10 0 0 1 0 1 1 0 8 0 mcl9k 9216 15 0 0 2 0 2 2 0 8 0 mcl8k 8192 9 0 0 2 0 2 2 0 8 0 mcl4k 4096 14 0 0 2 0 2 2 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 236 0 0 16 0 16 16 0 8 0 mtagpl 96 227 0 0 5 0 5 5 0 8 0 mbufpl 256 899 0 0 53 0 53 53 0 8 0 bufpl 280 10183 0 3934 447 0 447 447 0 8 0 anonpl 24 354119 0 348700 91 52 39 61 0 186 0 amapchunkpl 152 16984 0 16799 10 2 8 8 0 158 0 amappl16 200 15754 0 15549 47 35 12 24 0 8 0 amappl15 192 2 0 0 1 0 1 1 0 8 0 amappl14 184 23 0 19 1 0 1 1 0 8 0 amappl13 176 55 0 52 1 0 1 1 0 8 0 amappl12 168 1275 0 1273 1 0 1 1 0 8 0 amappl11 160 64 0 47 1 0 1 1 0 8 0 amappl10 152 1842 0 1837 1 0 1 1 0 8 0 amappl9 144 1382 0 1381 2 1 1 1 0 8 0 amappl8 136 268 0 185 4 1 3 3 0 8 0 amappl7 128 1631 0 1623 1 0 1 1 0 8 0 amappl6 120 1902 0 1887 1 0 1 1 0 8 0 amappl5 112 5410 0 5392 1 0 1 1 0 8 0 amappl4 104 1612 0 1581 1 0 1 1 0 8 0 amappl3 96 207 0 199 1 0 1 1 0 8 0 amappl2 88 36806 0 36729 3 1 2 3 0 8 0 amappl1 80 138045 0 137576 32 21 11 21 0 8 0 amappl 88 10491 0 10423 2 0 2 2 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 168 0 46 2 0 2 2 0 8 0 uaddrrnd 24 4722 0 4699 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4722 0 4699 1 0 1 1 0 8 0 vmmpekpl 168 26415 0 26377 2 0 2 2 0 8 0 vmmpepl 168 593478 0 592056 115 43 72 81 0 357 1 vmsppl 368 4721 0 4699 3 0 3 3 0 8 0 rwobjpl 56 123917 0 122953 32 17 15 19 0 8 0 pdppl 4096 9451 0 9406 67 18 49 51 0 8 4 pvpl 32 1767520 0 1759114 213 131 82 117 0 265 4 pmappl 232 4721 0 4699 3 1 2 2 0 8 0 extentpl 40 58 0 40 1 0 1 1 0 8 0 phpool 112 380 0 43 10 0 10 10 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace pfi_ifhead_RB_REMOVE(ffffffff828eac88,ffff800000b48e00) at pfi_ifhead_RB_REMOVE+0x50 sys/net/pf_if.c:80 pfi_detach_ifgroup(ffff800000b4be00) at pfi_detach_ifgroup+0x11b pfi_kif_unref sys/net/pf_if.c:211 [inline] pfi_detach_ifgroup(ffff800000b4be00) at pfi_detach_ifgroup+0x11b sys/net/pf_if.c:304 if_delgroup(ffff800000b16800,ffff800000b4be00) at if_delgroup+0x193 sys/net/if.c:2700 if_detach(ffff800000b16800) at if_detach+0x1cb sys/net/if.c:1049 tun_clone_destroy(ffff800000b16800) at tun_clone_destroy+0x1e1 sys/net/if_tun.c:325 if_clone_destroy(ffff800021ad1580) at if_clone_destroy+0x136 sys/net/if.c:1212 tun_dev_close(5d00,7) at tun_dev_close+0x140 sys/net/if_tun.c:479 spec_close(ffff800021ad1650) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd807cd73248,7,fffffd807f7b77e0,ffff80002123c000) at VOP_CLOSE+0xeb sys/kern/vfs_vops.c:177 vn_closefile(fffffd806a9330b0,ffff80002123c000) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd806a9330b0,ffff80002123c000) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614 fdrop(fffffd806a9330b0,ffff80002123c000) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd806a9330b0,ffff80002123c000) at closef+0x11c sys/kern/kern_descrip.c:1263 fdfree(ffff80002123c000) at fdfree+0xf4 sys/kern/kern_descrip.c:1195 exit1(ffff80002123c000,0,0,1) at exit1+0x335 sys/kern/kern_exit.c:200 sys_exit(ffff80002123c000,ffff800021ad18e0,ffff800021ad1930) at sys_exit+0x16 sys/kern/kern_exit.c:96 syscall(ffff800021ad19b0) at syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800021ad19b0) at syscall+0x4a1 sys/arch/amd64/amd64/trap.c:590 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffbc940, count: -17 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020d68ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff828be180) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828be180) at __mp_lock+0x122 sys/kern/kern_lock.c:147 __mp_acquire_count(ffffffff828be180,2) at __mp_acquire_count+0x4c sys/kern/kern_lock.c:227 mi_switch() at mi_switch+0x390 sys/kern/sched_bsd.c:433 sleep_finish(ffff8000212000f8,1) at sleep_finish+0x111 sys/kern/kern_synch.c:427 sleep_finish_all(ffff8000212000f8,1) at sleep_finish_all+0x32 sleep_finish_timeout sys/kern/kern_synch.c:457 [inline] sleep_finish_all(ffff8000212000f8,1) at sleep_finish_all+0x32 sys/kern/kern_synch.c:402 tsleep(ffffffff828c9bc4,118,ffffffff82422407,41aa29) at tsleep+0x1f2 sys/kern/kern_synch.c:163 doppoll(ffff8000211c37a8,7f7fffff43c0,3,ffff800021200288,0,ffff800021200340) at doppoll+0x577 sys_poll(ffff8000211c37a8,ffff8000212002f0,ffff800021200340) at sys_poll+0xa7 syscall(ffff8000212003c0) at syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000212003c0) at syscall+0x4a1 sys/arch/amd64/amd64/trap.c:590 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff43a0, count: -13