kernel: protection fault trap, code=0
Stopped at pf_anchor_global_RB_REMOVE+0x81: movq 0(%r12),%r15
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
pf_anchor_global_RB_REMOVE(ffffffff839ee860,ffff800010fdb250) at pf_anchor_global_RB_REMOVE+0x81 sys/net/pf_ruleset.c:82
pf_remove_if_empty_ruleset(ffff800010fdb6e0) at pf_remove_if_empty_ruleset+0x12d sys/net/pf_ruleset.c:301
pfi_dynaddr_setup(ffff800001646d48,0,1) at pfi_dynaddr_setup+0x671 sys/net/pf_if.c:508
pf_addr_setup(ffffffff839eecf8,ffff800001646d48,0) at pf_addr_setup+0x46 sys/net/pf_ioctl.c:948
pfioctl(14900,cd60441a,ffff8000015d6000,83,ffff800035cdb248) at pfioctl+0x9aee sys/net/pf_ioctl.c:2651
VOP_IOCTL(fffffd806ade0988,cd60441a,ffff8000015d6000,83,fffffd8007ffd820,ffff800035cdb248) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd8075b45078,cd60441a,ffff8000015d6000,ffff800035cdb248) at vn_ioctl+0xea sys/kern/vfs_vnops.c:531
sys_ioctl(ffff800035cdb248,ffff80003c921a80,ffff80003c9219d0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1
syscall(ffff80003c921a80) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c921a80) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x6e6e893c3e0, count: -10
ddb> show registers
rdi 0xffff80002ccbc000
rsi 0x113f __ALIGN_SIZE+0x13f
rbp 0xffff80003c921450
rbx 0xffffffff839ee860 pf_anchors
rdx 0xffff80002ccbc000
rcx 0x113e __ALIGN_SIZE+0x13e
rax 0xffffffff8227ae9f pf_anchor_global_RB_REMOVE+0x2f
r8 0x3fc
r9 0x8080808080808080
r10 0xca12368cd86dafb
r11 0xdaf222314d9d6d5b
r12 0xc4b5496fe0397ce9
r13 0x1
r14 0xffff800010fdb250
r15 0xcac321545c1a8a44
rip 0xffffffff8227aef1 pf_anchor_global_RB_REMOVE+0x81
cs 0x8
rflags 0x10282 __ALIGN_SIZE+0xf282
rsp 0xffff80003c921400
ss 0x10
pf_anchor_global_RB_REMOVE+0x81: movq 0(%r12),%r15
ddb> show proc
PROC (syz-executor) tid=228983 pid=5768 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=86, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff800035cdba10,0xffff800035cd9260
process=0xffff800035cdd218 user=0xffff80003c91c000, vmspace=0xfffffd806d67d188
estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
81061 334427 72212 0 2 0x10 syz-executor
81061 285702 72212 0 3 0x4000090 fsleep syz-executor
5768 238987 11551 0 2 0 syz-executor
* 5768 228983 11551 0 7 0x4000000 syz-executor
29664 145483 42937 0 3 0x80 nanoslp syz-executor
29664 239510 42937 0 3 0x4000080 fsleep syz-executor
29664 405729 42937 0 3 0x4000080 fsleep syz-executor
98225 253198 7463 0 3 0x80 nanoslp syz-executor
98225 506951 7463 0 3 0x4000080 ttyretype syz-executor
75794 512476 73152 0 3 0x80 nanoslp syz-executor
75794 298702 73152 0 3 0x4000080 sbwait syz-executor
75794 187155 73152 0 3 0x4000080 fsleep syz-executor
27540 153662 99263 0 3 0x80 nanoslp syz-executor
27540 259372 99263 0 3 0x4000080 sbwait syz-executor
27540 482337 99263 0 3 0x4000080 fsleep syz-executor
15033 115962 10328 0 3 0x3010 suspend syz-executor
15033 37322 10328 0 2 0x4081010 syz-executor
15033 260830 10328 0 3 0x4081010 inode syz-executor
99263 169098 55432 0 3 0x82 nanoslp syz-executor
10328 356905 55432 0 3 0x82 wait syz-executor
7463 415247 55432 0 3 0x82 nanoslp syz-executor
42937 517500 55432 0 3 0x82 nanoslp syz-executor
72212 258069 55432 0 3 0x82 nanoslp syz-executor
38265 385981 55432 0 3 0x82 wait syz-executor
11551 388002 55432 0 3 0x82 nanoslp syz-executor
73152 162580 55432 0 3 0x82 nanoslp syz-executor
55432 228931 37407 0 3 0x82 kqread syz-executor
37407 435413 26838 0 3 0x10008a sigsusp ksh
26838 436021 92336 0 3 0x98 kqread sshd-session
92336 426591 86099 0 3 0x92 kqread sshd-session
88044 265064 1 0 3 0x100083 ttyin getty
86099 303 1 0 3 0x88 kqread sshd
33060 377754 75607 73 3 0x1100090 kqread syslogd
75607 44711 1 0 3 0x100082 sbwait syslogd
25888 217499 1 0 3 0x100080 kqread resolvd
39205 85067 51177 77 3 0x100092 kqread dhcpleased
25846 358734 51177 77 3 0x100092 kqread dhcpleased
51177 208900 1 0 3 0x80 kqread dhcpleased
47459 288247 0 0 3 0x14200 bored smr
41128 142072 0 0 2 0x14200 zerothread
3931 86471 0 0 3 0x14200 aiodoned aiodoned
61351 1509 0 0 3 0x14200 syncer update
84596 365439 0 0 3 0x14200 cleaner cleaner
14192 270192 0 0 3 0x14200 reaper reaper
82108 25172 0 0 3 0x14200 pgdaemon pagedaemon
62375 430337 0 0 3 0x14200 bored viomb
6442 90805 0 0 3 0x40014200 acpi0 acpi0
56669 65827 0 0 3 0x14200 bored softnet0
45901 75581 0 0 3 0x14200 bored systqmp
98527 110977 0 0 3 0x14200 bored systq
24735 10728 0 0 3 0x40014200 tmoslp softclock
65927 250691 0 0 3 0x40014200 idle0
1 409135 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11041 12120K 12368K 166960K 12328 0
pcb 17 12K 12K 166960K 53 0
rtable 217 7K 8K 166960K 395 0
pf 35 14K 17K 166960K 60 0
ifaddr 40 7K 7K 166960K 53 0
ifgroup 50 2K 2K 166960K 67 0
sysctl 4 1K 9K 166960K 8 0
counters 33 17K 18K 166960K 46 0
ioctlops 1 4K 4K 166960K 70 0
iov 0 0K 12K 166960K 3 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1333 84K 84K 166960K 1505 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 5 0
VM map 2 1K 1K 166960K 2 0
sem 8 0K 0K 166960K 10 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 85K 166960K 294 0
sigio 0 0K 0K 166960K 2 0
proc 60 59K 91K 166960K 512 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 20 0
in_multi 92 7K 7K 166960K 100 0
ether_multi 1 0K 0K 166960K 1 0
mrt 1 0K 0K 166960K 7 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 79 360K 360K 166960K 79 0
exec 0 0K 1K 166960K 388 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 238 143K 160K 166960K 4307 0
UVM aobj 7 4K 4K 166960K 9 0
pinsyscall 39 78K 90K 166960K 1395 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 9 0
NDP 11 0K 2K 166960K 34 0
temp 38 9063K 9128K 166960K 6206 0
kqueue 14 22K 30K 166960K 52 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 53 0 47 1 0 1 1 0 8 0
rtentry 136 113 0 19 4 0 4 4 0 8 0
unpcb 144 198 0 181 4 3 1 4 0 8 0
syncache 336 5 0 5 1 1 0 1 0 8 0
tcpqe 32 1 0 1 1 1 0 1 0 8 0
tcpcb 736 58 0 52 2 1 1 2 0 8 0
arp 96 18 0 0 1 0 1 1 0 8 0
inpcb 328 189 0 177 2 0 2 2 0 8 0
ip6q 72 2 0 0 1 0 1 1 0 8 0
ip6af 40 3 0 1 1 0 1 1 0 8 0
nd6 112 25 0 3 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 1 0 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
ppxss 1072 12 0 12 1 1 0 1 0 8 0
pfstscr 40 1 0 1 1 1 0 1 0 8 0
pfrktable 1344 2 1 2 2 1 1 1 0 8 1
pfanchor 1288 1 0 1 1 0 1 1 0 8 1
pftag 88 1 0 1 1 1 0 1 0 8 0
pfstkey 128 1 0 1 1 1 0 1 0 8 0
pfstate 384 1 0 1 1 1 0 1 0 8 0
pfrule 1360 3 0 2 2 1 1 1 0 8 0
rttmr 136 1 0 1 1 1 0 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 455 0 59 29 1 28 29 0 8 0
art_table 40 456 0 59 5 0 5 5 0 8 0
art_node 32 113 0 28 1 0 1 1 0 8 0
sysvmsgpl 40 41 0 1 1 0 1 1 0 8 0
semapl 112 7 0 1 1 0 1 1 0 8 0
shmpl 112 6 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1845 0 382 92 0 92 92 0 8 0
ffsino 256 1845 0 382 92 0 92 92 0 8 0
nchpl 144 2257 0 562 64 0 64 64 0 8 0
rtmask 32 4 0 4 1 1 0 1 0 8 0
vnodes 216 2027 0 0 113 0 113 113 0 8 0
namei 1024 7028 0 7027 1 0 1 1 0 8 0
pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0
kstatmem 264 36 0 14 2 0 2 2 0 8 0
scxspl 216 11255 0 11255 8 7 1 8 1 8 1
plimitpl 152 123 0 104 1 0 1 1 0 8 0
sigapl 424 590 0 547 6 1 5 6 0 8 0
knotepl 120 10013 0 9728 15 6 9 15 0 8 0
kqueuepl 184 67 0 56 1 0 1 1 0 8 0
pipepl 304 130 0 103 3 0 3 3 0 8 0
fdescpl 448 576 0 546 4 0 4 4 0 8 0
filepl 120 2589 0 2325 13 2 11 13 0 8 0
lockfpl 104 69 0 65 1 0 1 1 0 8 0
lockfspl 48 34 0 30 1 0 1 1 0 8 0
sessionpl 144 24 0 16 1 0 1 1 0 8 0
pgrppl 48 32 0 16 1 0 1 1 0 8 0
ucredpl 104 302 0 289 1 0 1 1 0 8 0
zombiepl 144 549 0 547 1 0 1 1 0 8 0
processpl 1152 590 0 547 4 0 4 4 0 8 0
procpl 664 835 0 781 6 1 5 6 0 8 0
sockpl 552 453 0 418 8 5 3 8 0 8 0
mcl64k 65536 7 0 7 1 1 0 1 0 8 0
mcl16k 16384 1 0 1 1 1 0 1 0 8 0
mcl8k 8192 8 0 8 1 1 0 1 0 8 0
mcl4k 4096 2696 0 2643 14 6 8 14 0 8 0
mcl2k 2048 280 0 279 2 1 1 2 0 8 0
mtagpl 96 10 0 7 1 0 1 1 0 8 0
mbufpl 256 5882 0 5681 14 0 14 14 0 8 0
bufpl 280 4427 0 105 309 0 309 309 0 8 0
anonpl 24 120796 0 114597 55 0 55 55 0 187 0
amapchunkpl 152 12898 0 12370 27 6 21 26 0 158 0
amappl16 200 2403 0 2213 19 3 16 19 0 8 0
amappl15 192 6 0 6 1 1 0 1 0 8 0
amappl14 184 415 0 413 1 0 1 1 0 8 0
amappl13 176 145 0 135 1 0 1 1 0 8 0
amappl12 168 812 0 783 2 0 2 2 0 8 0
amappl11 160 5 0 5 1 1 0 1 0 8 0
amappl10 152 91 0 81 1 0 1 1 0 8 0
amappl9 144 260 0 260 1 1 0 1 0 8 0
amappl8 136 109 0 107 1 0 1 1 0 8 0
amappl7 128 165 0 154 1 0 1 1 0 8 0
amappl6 120 154 0 153 1 0 1 1 0 8 0
amappl5 112 87 0 79 1 0 1 1 0 8 0
amappl4 104 257 0 242 1 0 1 1 0 8 0
amappl3 96 2471 0 2353 4 0 4 4 0 8 0
amappl2 88 521 0 467 2 0 2 2 0 8 0
amappl1 80 10013 0 9467 15 1 14 15 0 8 0
amappl 88 3586 0 3409 5 0 5 5 0 92 0
uvmvnodes 80 101 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 8 0 2 1 0 1 1 0 8 0
uaddrrnd 24 576 0 546 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 576 0 546 1 0 1 1 0 8 0
vmmpekpl 168 6245 0 6218 2 0 2 2 0 8 0
vmmpepl 168 45150 0 43154 99 5 94 99 0 357 0
vmsppl 368 575 0 546 4 1 3 4 0 8 0
rwobjpl 40 15732 0 14608 14 0 14 14 0 8 0
pdppl 4096 1158 0 1092 90 24 66 76 0 8 0
pvpl 32 287585 0 275191 121 0 121 121 0 265 0
pmappl 216 575 0 546 2 0 2 2 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 357 0 41 10 0 10 10 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
pf_anchor_global_RB_REMOVE(ffffffff839ee860,ffff800010fdb250) at pf_anchor_global_RB_REMOVE+0x81 sys/net/pf_ruleset.c:82
pf_remove_if_empty_ruleset(ffff800010fdb6e0) at pf_remove_if_empty_ruleset+0x12d sys/net/pf_ruleset.c:301
pfi_dynaddr_setup(ffff800001646d48,0,1) at pfi_dynaddr_setup+0x671 sys/net/pf_if.c:508
pf_addr_setup(ffffffff839eecf8,ffff800001646d48,0) at pf_addr_setup+0x46 sys/net/pf_ioctl.c:948
pfioctl(14900,cd60441a,ffff8000015d6000,83,ffff800035cdb248) at pfioctl+0x9aee sys/net/pf_ioctl.c:2651
VOP_IOCTL(fffffd806ade0988,cd60441a,ffff8000015d6000,83,fffffd8007ffd820,ffff800035cdb248) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd8075b45078,cd60441a,ffff8000015d6000,ffff800035cdb248) at vn_ioctl+0xea sys/kern/vfs_vnops.c:531
sys_ioctl(ffff800035cdb248,ffff80003c921a80,ffff80003c9219d0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1
syscall(ffff80003c921a80) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c921a80) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x6e6e893c3e0, count: -10
ddb> machine ddbcpu 1
No such command
ddb> trace
pf_anchor_global_RB_REMOVE(ffffffff839ee860,ffff800010fdb250) at pf_anchor_global_RB_REMOVE+0x81 sys/net/pf_ruleset.c:82
pf_remove_if_empty_ruleset(ffff800010fdb6e0) at pf_remove_if_empty_ruleset+0x12d sys/net/pf_ruleset.c:301
pfi_dynaddr_setup(ffff800001646d48,0,1) at pfi_dynaddr_setup+0x671 sys/net/pf_if.c:508
pf_addr_setup(ffffffff839eecf8,ffff800001646d48,0) at pf_addr_setup+0x46 sys/net/pf_ioctl.c:948
pfioctl(14900,cd60441a,ffff8000015d6000,83,ffff800035cdb248) at pfioctl+0x9aee sys/net/pf_ioctl.c:2651
VOP_IOCTL(fffffd806ade0988,cd60441a,ffff8000015d6000,83,fffffd8007ffd820,ffff800035cdb248) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd8075b45078,cd60441a,ffff8000015d6000,ffff800035cdb248) at vn_ioctl+0xea sys/kern/vfs_vnops.c:531
sys_ioctl(ffff800035cdb248,ffff80003c921a80,ffff80003c9219d0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1
syscall(ffff80003c921a80) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c921a80) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x6e6e893c3e0, count: -10