kernel: protection fault trap, code=0 Stopped at pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace pf_anchor_global_RB_REMOVE(ffffffff82a180a0,ffff800000dd4800) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000dd4c90) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfi_dynaddr_setup(ffff800000b9ed88,0) at pfi_dynaddr_setup+0x411 sys/net/pf_if.c:485 pfioctl(4900,cd60441a,ffff800000bf3000,3,ffff80002e35d260) at pfioctl+0x8d37 pf_addr_setup sys/net/pf_ioctl.c:894 [inline] pfioctl(4900,cd60441a,ffff800000bf3000,3,ffff80002e35d260) at pfioctl+0x8d37 sys/net/pf_ioctl.c:1653 VOP_IOCTL(fffffd806f6909c8,cd60441a,ffff800000bf3000,3,fffffd807f7d7840,ffff80002e35d260) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8067d4ce40,cd60441a,ffff800000bf3000,ffff80002e35d260) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80002e35d260,ffff8000212027d8,ffff800021202830) at sys_ioctl+0x4a2 syscall(ffff8000212028a0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000212028a0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x695d36ec880, count: -9 ddb{0}> show registers rdi 0xffff8000284cd000 rsi 0x181a __ALIGN_SIZE+0x81a rbp 0xffff8000212022b0 rbx 0xffffffff82a180a0 pf_anchors rdx 0xffff8000284cd000 rcx 0x1819 __ALIGN_SIZE+0x819 rax 0xffffffff81afaa9b pf_anchor_global_RB_REMOVE+0x2b r8 0x400 r9 0x8080808080808080 r10 0x80cc7f13e8f55b31 r11 0x84615d45a9f00489 r12 0xeb8db98e788dd4db r13 0xffffffff82a180a8 pf_main_anchor r14 0xffff800000dd4800 r15 0xdead007fdeadbeef rip 0xffffffff81afaac8 pf_anchor_global_RB_REMOVE+0x58 cs 0x8 rflags 0x10286 __ALIGN_SIZE+0xf286 rsp 0xffff800021202260 ss 0x10 pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb{0}> show proc PROC (syz-executor.2) pid=277858 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=84, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff37a8,0xffff80002e35b510 process=0xffff8000fffe8870 user=0xffff8000211fd000, vmspace=0xfffffd806aa808b0 estcpu=34, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 66068 355229 24250 0 2 0 syz-executor.5 93707 3208 19433 0 2 0 syz-executor.1 4275 505062 2421 0 2 0 syz-executor.7 10144 350454 86506 0 2 0 syz-executor.0 10144 48864 86506 0 3 0x4000080 fsleep syz-executor.0 10144 367300 86506 0 3 0x4000080 fsleep syz-executor.0 10144 45658 86506 0 3 0x4000080 fsleep syz-executor.0 54152 231892 94488 0 2 0 syz-executor.3 54152 491350 94488 0 3 0x4000080 kqpoll syz-executor.3 54152 236054 94488 0 3 0x4000080 fsleep syz-executor.3 71243 111166 91984 0 2 0 syz-executor.2 *71243 277858 91984 0 7 0x4000000 syz-executor.2 71243 295060 91984 0 3 0x4000080 fsleep syz-executor.2 31450 146783 0 0 3 0x14200 acct acct 94488 276314 71444 0 2 0x482 syz-executor.3 97584 190621 1 0 3 0x100083 ttyin getty 56968 336130 71444 0 2 0x2 syz-executor.4 19433 206215 71444 0 3 0x82 nanoslp syz-executor.1 1233 361185 71444 0 2 0x482 syz-executor.6 91984 63791 71444 0 2 0x482 syz-executor.2 2421 221516 71444 0 3 0x82 nanoslp syz-executor.7 86506 509164 71444 0 3 0x82 nanoslp syz-executor.0 59102 462839 0 0 3 0x14280 nfsidl nfsio 75474 10426 0 0 3 0x14280 nfsidl nfsio 454 365446 0 0 3 0x14280 nfsidl nfsio 78854 107727 0 0 3 0x14280 nfsidl nfsio 12412 57059 0 0 3 0x14280 nfsidl nfsio 96193 157939 0 0 3 0x14280 nfsidl nfsio 88782 449588 0 0 3 0x14280 nfsidl nfsio 88778 84638 0 0 3 0x14280 nfsidl nfsio 76683 486413 0 0 3 0x14280 nfsidl nfsio 63154 55055 0 0 3 0x14280 nfsidl nfsio 9251 391076 0 0 3 0x14280 nfsidl nfsio 94550 252979 0 0 3 0x14280 nfsidl nfsio 43801 262545 0 0 3 0x14280 nfsidl nfsio 96360 228956 0 0 3 0x14280 nfsidl nfsio 95746 480907 0 0 3 0x14280 nfsidl nfsio 30695 51751 0 0 3 0x14280 nfsidl nfsio 27063 260599 0 0 3 0x14280 nfsidl nfsio 52850 209803 0 0 3 0x14280 nfsidl nfsio 23905 203898 0 0 3 0x14280 nfsidl nfsio 92091 234946 0 0 3 0x14280 nfsidl nfsio 24250 408994 71444 0 2 0x2 syz-executor.5 1178 371670 0 0 3 0x14200 bored sosplice 71444 368549 92222 0 3 0x82 thrsleep syz-fuzzer 71444 141685 92222 0 2 0x4000482 syz-fuzzer 71444 378006 92222 0 3 0x4000082 thrsleep syz-fuzzer 71444 82195 92222 0 3 0x4000082 thrsleep syz-fuzzer 71444 63393 92222 0 3 0x4000082 thrsleep syz-fuzzer 71444 396086 92222 0 2 0x4000482 syz-fuzzer 71444 455059 92222 0 3 0x4000082 kqread syz-fuzzer 71444 101402 92222 0 3 0x4000082 thrsleep syz-fuzzer 92222 75807 58197 0 3 0x10008a sigsusp ksh 58197 302056 97457 0 3 0x9a kqread sshd 97457 214297 1 0 3 0x88 kqread sshd 86875 91910 49452 74 3 0x1100092 bpf pflogd 49452 89020 1 0 3 0x80 netio pflogd 55920 447219 67242 73 3 0x1100090 kqread syslogd 67242 112973 1 0 3 0x100082 netio syslogd 83221 513936 1 0 3 0x100080 kqread resolvd 9244 379332 18074 77 3 0x100092 kqread dhcpleased 86866 66830 18074 77 3 0x100092 kqread dhcpleased 18074 20141 1 0 3 0x80 kqread dhcpleased 44449 494966 0 0 3 0x14200 bored smr 52185 81734 0 0 2 0x14200 zerothread 38548 207960 0 0 3 0x14200 aiodoned aiodoned 21811 354669 0 0 3 0x14200 syncer update 56074 357911 0 0 3 0x14200 cleaner cleaner 89982 484359 0 0 3 0x14200 reaper reaper 92813 427842 0 0 3 0x14200 pgdaemon pagedaemon 32328 133008 0 0 3 0x14200 bored viomb 38726 217050 0 0 3 0x40014200 acpi0 acpi0 12941 38681 0 0 7 0x40014200 idle1 10471 444607 0 0 3 0x14200 bored softnet 3220 184561 0 0 3 0x14200 bored systqmp 730 498051 0 0 3 0x14200 bored systq 83412 157315 0 0 2 0x40014200 softclock 45266 388499 0 0 3 0x40014200 idle0 1 397155 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 71243 (syz-executor.2) thread 0xffff80002e35d260 (277858) exclusive rwlock pf_lock r = 0 (0xffffffff829340c0) #0 witness_lock+0x44d #1 pfioctl+0x5dc5 sys/net/pf_ioctl.c:1608 #2 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #3 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4a2 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 exclusive rwlock netlock r = 0 (0xffffffff82909990) #0 witness_lock+0x44d #1 pfioctl+0x38c8 sys/net/pf_ioctl.c:1608 #2 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #3 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4a2 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 exclusive rwlock pfioctl_rw r = 0 (0xffffffff82934120) #0 witness_lock+0x44d #1 pfioctl+0x15e sys/net/pf_ioctl.c:1148 #2 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #3 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4a2 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82a0d548) #0 witness_lock+0x44d #1 vn_ioctl+0x41 sys/kern/vfs_vnops.c:514 #2 sys_ioctl+0x4a2 #3 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #3 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #4 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10230 6504K 8231K 78643K 92302 0 pcb 16 26K 29K 78643K 2698 0 rtable 228 9K 16K 78643K 6231 0 ifaddr 99 23K 27K 78643K 2414 0 sysctl 2 0K 0K 78643K 10 0 counters 54 35K 36K 78643K 452 0 ioctlops 1 4K 4K 78643K 4252 0 iov 0 0K 32K 78643K 2533 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1653 103K 104K 78643K 24148 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 215 0 VM map 2 1K 1K 78643K 2 0 sem 24 10K 10K 78643K 2836 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 16 57K 89K 78643K 21058 0 sigio 0 0K 0K 78643K 207 0 proc 75 91K 128K 78643K 3216 0 subproc 104 6K 6K 78643K 949 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 1 0K 0K 78643K 872 0 in_multi 86 5K 7K 78643K 1529 0 ether_multi 2 0K 0K 78643K 200 0 mrt 1 0K 0K 78643K 94 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 301 1341K 1341K 78643K 301 0 exec 0 0K 2K 78643K 4534 0 pfkey data 0 0K 0K 78643K 8 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 326 91K 107K 78643K 118130 0 UVM aobj 131 9K 9K 78643K 143 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 2 0K 0K 78643K 1106 0 NDP 13 0K 2K 78643K 408 0 temp 187 4828K 5424K 78643K 296229 0 kqueue 12 18K 28K 78643K 1321 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 1162 0 1159 14 13 1 3 0 8 0 rtentry 112 1261 0 1165 4 0 4 4 0 8 0 unpcb 136 16693 0 16676 176 175 1 9 0 8 0 syncache 296 67 0 67 19 19 0 1 0 8 0 tcpqe 32 74 73 74 9 9 0 1 0 8 0 tcpcb 736 7407 0 7395 247 239 8 20 0 8 4 arp 120 184 0 166 1 0 1 1 0 8 0 inpcb 312 19641 0 19516 315 300 15 23 0 8 3 rttmr 72 36 0 36 11 11 0 1 0 8 0 ip6q 72 12 0 12 4 4 0 1 0 8 0 ip6af 40 36 0 36 4 4 0 1 0 8 0 nd6 48 279 0 258 1 0 1 1 0 8 0 pkpcb 40 157 0 157 12 12 0 1 0 8 0 kcovpl 48 73 0 65 1 0 1 1 0 8 0 ppxss 1248 60 0 60 19 19 0 1 0 8 0 pfstscr 40 117 0 110 1 0 1 1 0 8 0 pffrag 232 65 0 62 10 9 1 1 0 482 0 pffrnode 88 65 0 62 10 9 1 1 0 8 0 pffrent 40 171 0 168 12 11 1 1 0 8 0 pfosfp 40 1431 0 1007 5 0 5 5 0 8 0 pfosfpen 112 1431 0 716 21 0 21 21 0 8 0 pfrktable 1344 1273 1 1270 12 11 1 2 0 8 0 pftag 88 24 0 15 1 0 1 1 0 8 0 pfqueue 264 12 0 12 3 3 0 1 0 8 0 pfstitem 24 158 0 142 1 0 1 1 0 8 0 pfstkey 112 234 0 228 1 0 1 1 0 8 0 pfstate 320 182 0 173 3 1 2 3 0 8 0 pfrule 1360 867 0 851 15 13 2 7 0 8 0 art_heap8 4096 2 0 1 2 1 1 2 0 8 0 art_heap4 256 5395 0 4986 58 27 31 31 0 8 0 art_table 32 5397 0 4987 4 0 4 4 0 8 0 art_node 16 1227 0 1143 1 0 1 1 0 8 0 sysvmsgpl 40 5 0 1 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 2832 0 2810 1 0 1 1 0 8 0 shmpl 112 140 0 12 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 29488 0 28003 94 0 94 94 0 8 0 ffsino 272 29488 0 28003 100 0 100 100 0 8 0 nchpl 144 57241 0 55597 63 1 62 63 0 8 0 uvmvnodes 80 17382 0 0 355 0 355 355 0 8 0 vnodes 224 17382 0 0 1023 0 1023 1023 0 8 0 namei 1024 211300 0 211300 17 16 1 2 0 8 1 percpumem 16 238 0 199 1 0 1 1 0 8 0 pfiaddrpl 120 447 0 446 4 3 1 2 0 8 0 scsiplug 72 10 0 10 4 4 0 1 0 8 0 scxspl 216 177162 0 177162 23 22 1 7 0 8 1 plimitpl 152 2549 0 2534 1 0 1 1 0 8 0 sigapl 424 21301 0 21235 10 2 8 8 0 8 0 futexpl 64 216168 0 216163 7 6 1 1 0 8 0 knotepl 120 1344 0 0 11 0 11 11 0 8 0 kqueuepl 216 4565 0 4556 84 83 1 8 0 8 0 pipepl 336 4086 0 4005 118 111 7 13 0 8 0 fdescpl 496 21211 0 21182 7 3 4 5 0 8 0 filepl 152 150083 0 149598 309 290 19 21 0 8 0 lockfpl 104 32139 0 32136 67 63 4 6 0 8 3 lockfspl 48 14970 0 14967 7 5 2 3 0 8 1 sessionpl 144 91 0 74 1 0 1 1 0 8 0 pgrppl 48 114 0 97 1 0 1 1 0 8 0 ucredpl 96 16253 0 16241 1 0 1 1 0 8 0 zombiepl 144 21236 0 21235 5 4 1 1 0 8 0 processpl 1064 21301 0 21235 5 0 5 5 0 8 0 procpl 672 55310 0 55230 32 23 9 9 0 8 1 srpgc 96 85 0 85 25 24 1 1 0 8 1 sosppl 168 98 0 98 20 20 0 1 0 8 0 sockpl 480 37715 0 37570 968 941 27 39 0 8 7 mcl64k 65536 18 0 0 3 0 3 3 0 8 0 mcl16k 16384 12 0 0 2 0 2 2 0 8 0 mcl12k 12288 33 0 0 2 0 2 2 0 8 0 mcl9k 9216 7 0 0 1 0 1 1 0 8 0 mcl8k 8192 25 0 0 4 2 2 3 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 7 0 0 1 0 1 1 0 8 0 mcl2k 2048 623 0 0 28 1 27 27 0 8 0 mtagpl 96 2410 0 0 41 0 41 41 0 8 0 mbufpl 256 4447 0 0 238 0 238 238 0 8 0 bufpl 288 36919 0 30227 479 0 479 479 0 8 0 anonpl 24 4036328 0 4017693 306 176 130 186 0 186 0 amapchunkpl 152 360664 0 359962 112 76 36 58 0 158 0 amappl16 200 53452 0 52831 187 152 35 48 0 8 0 amappl15 192 3355 0 3353 1 0 1 1 0 8 0 amappl14 184 2067 0 2064 1 0 1 1 0 8 0 amappl13 176 2193 0 2188 1 0 1 1 0 8 0 amappl12 168 3541 0 3536 1 0 1 1 0 8 0 amappl11 160 2656 0 2634 2 0 2 2 0 8 0 amappl10 152 1755 0 1749 1 0 1 1 0 8 0 amappl9 144 5104 0 5094 1 0 1 1 0 8 0 amappl8 136 4119 0 4003 7 2 5 5 0 8 0 amappl7 128 2436 0 2424 1 0 1 1 0 8 0 amappl6 120 5234 0 5205 2 1 1 2 0 8 0 amappl5 112 18103 0 18085 1 0 1 1 0 8 0 amappl4 104 7584 0 7558 2 1 1 2 0 8 0 amappl3 96 64973 0 64923 2 0 2 2 0 8 0 amappl2 88 25165 0 25099 3 1 2 3 0 8 0 amappl1 80 498664 0 498035 23 8 15 20 0 8 0 amappl 88 116160 0 115975 6 1 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 142 0 12 3 0 3 3 0 8 0 uaddrrnd 24 21211 0 21182 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 21211 0 21182 1 0 1 1 0 8 0 vmmpekpl 168 149886 0 149827 4 0 4 4 0 8 0 vmmpepl 168 2055807 0 2053156 413 278 135 161 0 357 0 vmsppl 368 21210 0 21182 4 1 3 4 0 8 0 rwobjpl 56 501741 0 482537 287 15 272 272 0 8 0 pdppl 4096 42429 0 42364 1061 992 69 81 0 8 4 pvpl 32 8152317 0 8128925 781 577 204 322 0 265 0 pmappl 248 21210 0 21182 3 1 2 3 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 2794 0 1705 32 0 32 32 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace pf_anchor_global_RB_REMOVE(ffffffff82a180a0,ffff800000dd4800) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000dd4c90) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfi_dynaddr_setup(ffff800000b9ed88,0) at pfi_dynaddr_setup+0x411 sys/net/pf_if.c:485 pfioctl(4900,cd60441a,ffff800000bf3000,3,ffff80002e35d260) at pfioctl+0x8d37 pf_addr_setup sys/net/pf_ioctl.c:894 [inline] pfioctl(4900,cd60441a,ffff800000bf3000,3,ffff80002e35d260) at pfioctl+0x8d37 sys/net/pf_ioctl.c:1653 VOP_IOCTL(fffffd806f6909c8,cd60441a,ffff800000bf3000,3,fffffd807f7d7840,ffff80002e35d260) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8067d4ce40,cd60441a,ffff800000bf3000,ffff80002e35d260) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80002e35d260,ffff8000212027d8,ffff800021202830) at sys_ioctl+0x4a2 syscall(ffff8000212028a0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000212028a0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x695d36ec880, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5