kernel: protection fault trap, code=0
Stopped at pf_anchor_global_RB_REMOVE+0x81: movq 0(%r12),%r15
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
the kernel did not panic
ddb{1}> trace
pf_anchor_global_RB_REMOVE(ffffffff83a61578,ffff800001643250) at pf_anchor_global_RB_REMOVE+0x81 sys/net/pf_ruleset.c:82
pf_remove_if_empty_ruleset(ffff8000016436e0) at pf_remove_if_empty_ruleset+0x12d sys/net/pf_ruleset.c:301
pfi_dynaddr_setup(ffff80000156c580,0,1) at pfi_dynaddr_setup+0x671 sys/net/pf_if.c:508
pf_addr_setup(ffffffff83a61a10,ffff80000156c580,0) at pf_addr_setup+0x46 sys/net/pf_ioctl.c:948
pfioctl(14900,cd60441a,ffff8000015fb000,83,ffff800035b9cd20) at pfioctl+0x9aba sys/net/pf_ioctl.c:2621
VOP_IOCTL(fffffd8064b0d0e0,cd60441a,ffff8000015fb000,83,fffffd80097fd5b0,ffff800035b9cd20) at VOP_IOCTL+0xac sys/kern/vfs_vops.c:264
vn_ioctl(fffffd800f8d9728,cd60441a,ffff8000015fb000,ffff800035b9cd20) at vn_ioctl+0xf8 sys/kern/vfs_vnops.c:537
sys_ioctl(ffff800035b9cd20,ffff800036fa7c70,ffff800036fa7bc0) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1
syscall(ffff800036fa7c70) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff800036fa7c70) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3e069b350e0, count: -10
ddb{1}> show registers
rdi 0xffff80002fb96000
rsi 0x196e __ALIGN_SIZE+0x96e
rbp 0xffff800036fa7630
rbx 0xffffffff83a61578 pf_anchors
rdx 0xffff80002fb96000
rcx 0x196d __ALIGN_SIZE+0x96d
rax 0xffffffff829ca71f pf_anchor_global_RB_REMOVE+0x2f
r8 0x3fc
r9 0x8080808080808080
r10 0x3e04d567974f988e
r11 0xa39ac8b83f81d020
r12 0x8be086d9cf0cc5de
r13 0x1
r14 0xffff800001643250
r15 0xb4e17c2eb4de7ba3
rip 0xffffffff829ca771 pf_anchor_global_RB_REMOVE+0x81
cs 0x8
rflags 0x10286 __ALIGN_SIZE+0xf286
rsp 0xffff800036fa75e0
ss 0x10
pf_anchor_global_RB_REMOVE+0x81: movq 0(%r12),%r15
ddb{1}> show proc
PROC (syz-executor) tid=166872 pid=3568 tcnt=3 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=78, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff800035b9d780,0xffffffff83ac2338
process=0xffff80003c4789c8 user=0xffff800036fa2000, vmspace=0xfffffd806c519d78
estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
31955 150086 58347 0 2 0 syz-executor
31955 484805 58347 0 3 0x4000080 kqsel syz-executor
65705 248847 14466 0 2 0 syz-executor
65705 277785 14466 0 3 0x4000080 fsleep syz-executor
3568 290667 55653 0 2 0 syz-executor
3568 252256 55653 0 3 0x4000080 kqsel syz-executor
* 3568 166872 55653 0 7 0x4000000 syz-executor
7073 271215 99940 0 2 0 syz-executor
7073 136634 99940 0 3 0x4000080 sbwait syz-executor
7073 390175 99940 0 3 0x4000080 fsleep syz-executor
40238 410497 19869 0 2 0x10 syz-executor
40238 323089 19869 0 3 0x4000090 fsleep syz-executor
2761 412636 18985 0 3 0x80 nanoslp syz-executor
2761 28584 18985 0 3 0x4000080 piperd syz-executor
2761 414531 18985 0 3 0x4000080 fsleep syz-executor
56465 420544 0 0 3 0x14280 nfsidl nfsio
20876 133259 0 0 3 0x14280 nfsidl nfsio
15004 230445 0 0 3 0x14280 nfsidl nfsio
73336 62694 0 0 3 0x14280 nfsidl nfsio
84489 487431 0 0 3 0x14280 nfsidl nfsio
15966 82770 0 0 3 0x14280 nfsidl nfsio
81666 202094 0 0 3 0x14280 nfsidl nfsio
69380 446995 0 0 3 0x14280 nfsidl nfsio
17193 491725 0 0 3 0x14280 nfsidl nfsio
78128 450853 0 0 3 0x14280 nfsidl nfsio
266 384275 0 0 3 0x14280 nfsidl nfsio
2107 451646 0 0 3 0x14280 nfsidl nfsio
71651 440963 0 0 3 0x14280 nfsidl nfsio
99058 377262 0 0 3 0x14280 nfsidl nfsio
7967 456319 0 0 3 0x14280 nfsidl nfsio
24473 146471 0 0 3 0x14280 nfsidl nfsio
511 365114 0 0 3 0x14280 nfsidl nfsio
33881 158404 0 0 3 0x14280 nfsidl nfsio
3441 83932 0 0 3 0x14280 nfsidl nfsio
30244 416416 0 0 3 0x14280 nfsidl nfsio
55653 222319 15413 0 3 0x82 nanoslp syz-executor
12925 34633 15413 0 3 0x82 nanoslp syz-executor
77557 126663 15413 0 3 0x82 nanoslp syz-executor
19869 396381 15413 0 3 0x82 nanoslp syz-executor
99940 241204 15413 0 3 0x82 nanoslp syz-executor
18985 132707 15413 0 3 0x82 nanoslp syz-executor
58347 491422 15413 0 3 0x82 nanoslp syz-executor
14466 298058 15413 0 3 0x82 nanoslp syz-executor
15413 285525 33634 0 3 0x82 kqread syz-executor
33634 490050 68176 0 3 0x10008a sigsusp ksh
68176 315186 32255 0 3 0x98 kqread sshd-session
32255 183341 81825 0 3 0x92 kqread sshd-session
49162 34794 1 0 3 0x100083 ttyin getty
81825 392206 1 0 3 0x88 kqread sshd
85906 404590 98351 74 3 0x1100092 bpf pflogd
98351 476522 1 0 3 0x80 sbwait pflogd
19874 407991 33620 73 3 0x1100090 kqread syslogd
33620 53918 1 0 3 0x100082 sbwait syslogd
91484 325270 1 0 3 0x100080 kqread resolvd
39597 396153 18452 77 3 0x100092 kqread dhcpleased
78775 213271 18452 77 3 0x100092 kqread dhcpleased
18452 44476 1 0 3 0x80 kqread dhcpleased
34875 109986 0 0 3 0x14200 bored smr
41843 102254 0 0 2 0x14200 zerothread
23652 432380 0 0 3 0x14200 aiodoned aiodoned
59773 118571 0 0 3 0x14200 syncer update
20419 36702 0 0 3 0x14200 cleaner cleaner
25113 156814 0 0 3 0x14200 reaper reaper
173 230166 0 0 3 0x14200 pgdaemon pagedaemon
28024 495856 0 0 3 0x14200 bored viomb
14753 135760 0 0 3 0x40014200 acpi0 acpi0
19633 297052 0 0 3 0x40014200 idle1
73527 278276 0 0 3 0x14200 bored softnet1
51973 24816 0 0 3 0x14200 bored softnet0
33591 339918 0 0 3 0x14200 bored systqmp
86722 23468 0 0 3 0x14200 bored systq
14285 256359 0 0 3 0x14200 tmoslp softclockmp
35111 313199 0 0 3 0x40014200 tmoslp softclock
57020 221547 0 0 3 0x40014200 idle0
1 197655 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{1}> show all locks
CPU 0:
exclusive mutex &sched_lock r = 0 (0xffffffff839eedb0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 wakeup_n+0x54 sys/kern/kern_synch.c:581
#3 uvm_pmr_freepages+0x442 sys/uvm/uvm_pmemrange.c:1344
#4 uvm_anfree+0xe9 sys/uvm/uvm_anon.c:112
#5 amap_wipeout+0x246 sys/uvm/uvm_amap.c:-1
#6 uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1359
#7 uvm_map_teardown+0x360 sys/uvm/uvm_map.c:2536
#8 exit1+0x6fc sys/kern/kern_exit.c:260
#9 sys_exit+0x1a sys/kern/kern_exit.c:-1
#10 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#10 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
#11 Xsyscall+0x128
exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff83a5cef8)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 uvm_pmr_freepages+0x1a8 sys/uvm/uvm_pmemrange.c:-1
#3 uvm_anfree+0xe9 sys/uvm/uvm_anon.c:112
#4 amap_wipeout+0x246 sys/uvm/uvm_amap.c:-1
#5 uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1359
#6 uvm_map_teardown+0x360 sys/uvm/uvm_map.c:2536
#7 exit1+0x6fc sys/kern/kern_exit.c:260
#8 sys_exit+0x1a sys/kern/kern_exit.c:-1
#9 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#9 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
#10 Xsyscall+0x128
Process 3568 (syz-executor) thread 0xffff800035b9cd20 (166872)
exclusive rwlock pf_lock r = 0 (0xffffffff838eab08)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 pfioctl+0x40a8 sys/net/pf_ioctl.c:2579
#3 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264
#4 vn_ioctl+0xf8 sys/kern/vfs_vnops.c:537
#5 sys_ioctl+0x674 sys/kern/sys_generic.c:-1
#6 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
#7 Xsyscall+0x128
exclusive rwlock netlock r = 0 (0xffffffff8388bae0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 pfioctl+0x4093 sys/net/pf_ioctl.c:2578
#3 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264
#4 vn_ioctl+0xf8 sys/kern/vfs_vnops.c:537
#5 sys_ioctl+0x674 sys/kern/sys_generic.c:-1
#6 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
#7 Xsyscall+0x128
exclusive rwlock pfioctl_rw r = 0 (0xffffffff838eab98)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 pfioctl+0x1d4 sys/net/pf_ioctl.c:2075
#3 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264
#4 vn_ioctl+0xf8 sys/kern/vfs_vnops.c:537
#5 sys_ioctl+0x674 sys/kern/sys_generic.c:-1
#6 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
#7 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8397ea40)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 vn_ioctl+0x4d sys/kern/vfs_vnops.c:520
#2 sys_ioctl+0x674 sys/kern/sys_generic.c:-1
#3 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#3 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
#4 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11062 12087K 12284K 166960K 12248 0
pcb 18 12K 12K 166960K 33 0
rtable 242 7K 8K 166960K 364 0
pf 38 18K 21K 166960K 63 0
ifaddr 46 7K 7K 166960K 51 0
ifgroup 57 2K 2K 166960K 63 0
sysctl 1 1K 9K 166960K 5 0
counters 74 37K 37K 166960K 84 0
ioctlops 1 4K 4K 166960K 1507 0
iov 0 0K 16K 166960K 2 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1327 83K 84K 166960K 1464 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 1K 166960K 2 0
VM map 2 1K 1K 166960K 2 0
sem 6 0K 0K 166960K 7 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 93K 166960K 232 0
proc 72 115K 164K 166960K 565 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 2 0K 0K 166960K 9 0
in_multi 99 7K 7K 166960K 99 0
ether_multi 1 0K 0K 166960K 2 0
mrt 0 0K 0K 166960K 7 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 61 281K 281K 166960K 61 0
exec 0 0K 1K 166960K 386 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 237 159K 173K 166960K 3999 0
UVM aobj 4 2K 2K 166960K 4 0
pinsyscall 42 84K 104K 166960K 1369 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 2 0K 0K 166960K 7 0
NDP 13 0K 1K 166960K 32 0
temp 38 9070K 9138K 166960K 5757 0
kqueue 13 20K 26K 166960K 36 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 35 0 31 1 0 1 1 0 8 0
rtentry 176 115 0 4 6 0 6 6 0 8 0
unpcb 144 70 0 51 1 0 1 1 0 8 0
syncache 336 3 0 3 1 1 0 1 0 8 0
tcpcb 736 31 0 27 1 0 1 1 0 8 0
arp 136 20 0 1 1 0 1 1 0 8 0
inpcb 328 119 0 108 3 1 2 2 0 8 1
nd6 152 24 0 0 1 0 1 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
mppekey 1024 3 0 2 2 1 1 1 0 8 0
ppxss 1192 7 0 5 1 0 1 1 0 8 0
pffrag 232 4 0 0 1 0 1 1 0 482 0
pffrnode 88 4 0 0 1 0 1 1 0 8 0
pffrent 40 4 0 0 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 1 1 1 1 0 1 1 0 8 1
pfanchor 1288 1 0 1 1 0 1 1 0 8 1
pfstitem 24 29 0 0 1 0 1 1 0 8 0
pfstkey 128 29 0 0 1 0 1 1 0 8 0
pfstate 448 28 0 0 4 0 4 4 0 8 0
pfrule 1360 22 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 464 0 2 29 0 29 29 0 8 0
art_table 40 465 0 2 5 0 5 5 0 8 0
art_node 32 115 0 14 1 0 1 1 0 8 0
sysvmsgpl 40 1 0 1 1 1 0 1 0 8 0
semapl 112 4 0 0 1 0 1 1 0 8 0
shmpl 112 1 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1736 0 264 93 0 93 93 0 8 0
ffsino 296 1736 0 264 114 0 114 114 0 8 0
nchpl 144 2060 0 359 64 0 64 64 0 8 0
rtmask 32 3 0 2 2 1 1 1 0 8 0
vnodes 216 1896 0 0 106 0 106 106 0 8 0
namei 1024 6553 0 6553 3 2 1 2 0 8 1
percpumem 16 57 0 5 1 0 1 1 0 8 0
pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0
acpiwqpl 32 1 0 1 1 0 1 1 1 8 1
kstatmem 264 35 0 6 2 0 2 2 0 8 0
scxspl 216 7745 0 7745 11 3 8 8 1 8 8
plimitpl 152 41 0 23 1 0 1 1 0 8 0
sigapl 424 565 0 497 8 0 8 8 0 8 0
knotepl 120 98 0 0 3 0 3 3 0 8 0
kqueuepl 224 42 0 31 1 0 1 1 0 8 0
pipepl 344 126 0 98 3 0 3 3 0 8 0
fdescpl 528 528 0 497 3 0 3 3 0 8 0
filepl 160 2136 0 1917 11 1 10 11 0 8 0
lockfpl 104 35 0 33 1 0 1 1 0 8 0
lockfspl 48 17 0 15 1 0 1 1 0 8 0
sessionpl 144 24 0 15 1 0 1 1 0 8 0
pgrppl 48 32 0 15 1 0 1 1 0 8 0
ucredpl 104 139 0 125 1 0 1 1 0 8 0
zombiepl 144 499 0 497 1 0 1 1 0 8 0
processpl 1232 565 0 497 6 0 6 6 0 8 0
procpl 664 731 0 654 7 0 7 7 0 8 0
sosppl 176 1 0 0 1 0 1 1 0 8 0
sockpl 752 226 0 192 4 0 4 4 0 8 0
mcl64k 65536 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 121 0 0 16 0 16 16 0 8 0
mcl2k 2048 17 0 0 3 0 3 3 0 8 0
mtagpl 96 6 0 0 1 0 1 1 0 8 0
mbufpl 256 156 0 0 10 0 10 10 0 8 0
bufpl 280 3467 0 105 241 0 241 241 0 8 0
anonpl 32 7576 0 0 61 0 61 61 0 246 0
amapchunkpl 152 11558 0 11043 28 7 21 26 0 158 0
amappl16 200 2109 0 1932 17 3 14 14 0 8 0
amappl15 192 3 0 3 1 1 0 1 0 8 0
amappl14 184 430 0 427 1 0 1 1 0 8 0
amappl13 176 116 0 104 1 0 1 1 0 8 0
amappl12 168 800 0 770 3 1 2 2 0 8 0
amappl11 160 11 0 11 1 1 0 1 0 8 0
amappl10 152 70 0 56 1 0 1 1 0 8 0
amappl9 144 271 0 271 1 1 0 1 0 8 0
amappl8 136 113 0 111 1 0 1 1 0 8 0
amappl7 128 149 0 136 1 0 1 1 0 8 0
amappl6 120 156 0 155 1 0 1 1 0 8 0
amappl5 112 93 0 82 1 0 1 1 0 8 0
amappl4 104 286 0 265 1 0 1 1 0 8 0
amappl3 96 2032 0 1914 3 0 3 3 0 8 0
amappl2 88 513 0 455 2 0 2 2 0 8 0
amappl1 80 9712 0 9103 15 2 13 15 0 8 0
amappl 88 3268 0 3102 4 0 4 4 0 92 0
uvmvnodes 80 104 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 8 0 8 2 2 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 3 0 0 1 0 1 1 0 8 0
uaddrrnd 24 528 0 497 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 528 0 497 1 0 1 1 0 8 0
vmmpekpl 168 6090 0 6053 2 0 2 2 0 8 0
vmmpepl 168 41662 0 39570 98 1 97 97 0 357 0
vmsppl 488 527 0 496 5 1 4 5 0 8 0
rwobjpl 80 14789 0 13595 28 1 27 27 0 8 0
pdppl 4096 1063 0 992 99 28 71 85 0 8 0
pvpl 32 15098 0 0 124 2 122 122 0 265 0
pmappl 256 527 0 496 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 275 0 35 7 0 7 7 0 8 0
ddb{1}> machine ddbcpu 0