kernel: protection fault trap, code=0 Stopped at pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace pf_anchor_global_RB_REMOVE(ffffffff82a41b58,ffff800000be4800) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000be4c90) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfi_dynaddr_setup(ffff800001080818,0) at pfi_dynaddr_setup+0x411 sys/net/pf_if.c:485 pfioctl(4900,cd60441a,ffff800000685000,3,ffff8000266b6548) at pfioctl+0x8d37 pf_addr_setup sys/net/pf_ioctl.c:894 [inline] pfioctl(4900,cd60441a,ffff800000685000,3,ffff8000266b6548) at pfioctl+0x8d37 sys/net/pf_ioctl.c:1653 VOP_IOCTL(fffffd806f684b88,cd60441a,ffff800000685000,3,fffffd807f7d7900,ffff8000266b6548) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806c7a1740,cd60441a,ffff800000685000,ffff8000266b6548) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 sys_ioctl(ffff8000266b6548,ffff8000250685e8,ffff800025068640) at sys_ioctl+0x4a2 syscall(ffff8000250686b0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000250686b0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xbf07e8cb4c0, count: -9 ddb{0}> show registers rdi 0xffff80002af2b000 rsi 0x14f1 __ALIGN_SIZE+0x4f1 rbp 0xffff8000250680c0 rbx 0xffffffff82a41b58 pf_anchors rdx 0xffff80002af2b000 rcx 0x14f0 __ALIGN_SIZE+0x4f0 rax 0xffffffff814642fb pf_anchor_global_RB_REMOVE+0x2b r8 0x400 r9 0x8080808080808080 r10 0x913d123fa44dd306 r11 0x41c5c462c3c01872 r12 0x232c5b4f1f3ff297 r13 0xffffffff82a41b60 pf_main_anchor r14 0xffff800000be4800 r15 0xdead007fdeadbeef rip 0xffffffff81464328 pf_anchor_global_RB_REMOVE+0x58 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff800025068070 ss 0x10 pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb{0}> show proc PROC (syz-executor.7) pid=149450 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff80002890b510,0xffffffff829f96f0 process=0xffff80002c9c50c0 user=0xffff800025063000, vmspace=0xfffffd805d614bb0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 8135 153799 30970 0 2 0 syz-executor.7 * 8135 149450 30970 0 7 0x4000000 syz-executor.7 99310 71179 64811 0 2 0 syz-executor.2 99310 457895 64811 0 3 0x4000080 fsleep syz-executor.2 42624 6752 92960 0 2 0 syz-executor.0 42624 115329 92960 0 3 0x4000080 fsleep syz-executor.0 71728 453628 60813 0 2 0 syz-executor.4 71728 83348 60813 0 3 0x4000080 fsleep syz-executor.4 47322 166614 57177 0 2 0 syz-executor.5 47322 38782 57177 0 3 0x4000080 fsleep syz-executor.5 17974 122011 9622 0 3 0x82 piperd syz-executor.6 88821 478603 9622 0 3 0x82 nanoslp syz-executor.3 60813 183477 9622 0 3 0x82 nanoslp syz-executor.4 69508 127719 9622 0 3 0x82 piperd syz-executor.1 64811 374148 9622 0 3 0x82 nanoslp syz-executor.2 92960 184713 9622 0 3 0x82 nanoslp syz-executor.0 25973 487182 0 0 3 0x14200 acct acct 57177 124369 9622 0 3 0x82 nanoslp syz-executor.5 30970 388465 9622 0 3 0x82 nanoslp syz-executor.7 26447 175801 0 0 3 0x14280 nfsidl nfsio 42185 60741 0 0 3 0x14280 nfsidl nfsio 92593 353296 0 0 3 0x14280 nfsidl nfsio 28191 304330 0 0 3 0x14280 nfsidl nfsio 49863 181790 0 0 3 0x14280 nfsidl nfsio 36953 217161 0 0 3 0x14280 nfsidl nfsio 3886 375158 0 0 3 0x14280 nfsidl nfsio 46372 481888 0 0 3 0x14280 nfsidl nfsio 83761 339500 0 0 3 0x14280 nfsidl nfsio 94331 106336 0 0 3 0x14280 nfsidl nfsio 77413 295840 0 0 3 0x14280 nfsidl nfsio 74429 396970 0 0 3 0x14280 nfsidl nfsio 25866 504556 0 0 3 0x14280 nfsidl nfsio 25958 184917 0 0 3 0x14280 nfsidl nfsio 48662 130472 0 0 3 0x14280 nfsidl nfsio 48475 201341 0 0 3 0x14280 nfsidl nfsio 13473 223203 0 0 3 0x14280 nfsidl nfsio 22396 364899 0 0 3 0x14280 nfsidl nfsio 84097 22207 0 0 3 0x14280 nfsidl nfsio 41664 513360 0 0 3 0x14280 nfsidl nfsio 69412 209589 0 0 3 0x14200 bored sosplice 9622 521917 29076 0 3 0x82 thrsleep syz-fuzzer 9622 372582 29076 0 3 0x4000082 thrsleep syz-fuzzer 9622 210275 29076 0 3 0x4000082 thrsleep syz-fuzzer 9622 419435 29076 0 3 0x4000082 kqread syz-fuzzer 9622 502634 29076 0 3 0x4000082 thrsleep syz-fuzzer 9622 140231 29076 0 3 0x4000082 thrsleep syz-fuzzer 9622 447214 29076 0 3 0x4000082 thrsleep syz-fuzzer 9622 385112 29076 0 3 0x4000082 thrsleep syz-fuzzer 9622 189995 29076 0 3 0x4000082 thrsleep syz-fuzzer 29076 467576 10633 0 3 0x10008a sigsusp ksh 10633 15525 62041 0 3 0x9a kqread sshd 71488 29078 1 0 3 0x100083 ttyin getty 62041 313267 1 0 3 0x88 kqread sshd 72373 56038 38688 74 3 0x1100092 bpf pflogd 38688 207108 1 0 3 0x80 netio pflogd 98980 426746 89585 73 3 0x1100090 kqread syslogd 89585 364220 1 0 3 0x100082 netio syslogd 63010 28593 1 0 3 0x100080 kqread resolvd 58176 361234 44878 77 3 0x100092 kqread dhcpleased 22780 463537 44878 77 3 0x100092 kqread dhcpleased 44878 405816 1 0 3 0x80 kqread dhcpleased 94640 110991 0 0 3 0x14200 bored smr 25987 71580 0 0 2 0x14200 zerothread 14354 144424 0 0 3 0x14200 aiodoned aiodoned 15994 449208 0 0 3 0x14200 syncer update 68067 126149 0 0 3 0x14200 cleaner cleaner 90257 377590 0 0 3 0x14200 reaper reaper 77491 391925 0 0 3 0x14200 pgdaemon pagedaemon 32569 366669 0 0 3 0x14200 bored viomb 64317 185620 0 0 3 0x40014200 acpi0 acpi0 13745 298439 0 0 7 0x40014200 idle1 84393 405896 0 0 3 0x14200 bored softnet 98069 134512 0 0 3 0x14200 bored systqmp 3198 163144 0 0 3 0x14200 bored systq 59958 502310 0 0 3 0x40014200 bored softclock 39940 425448 0 0 3 0x40014200 idle0 1 80453 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 8135 (syz-executor.7) thread 0xffff8000266b6548 (149450) exclusive rwlock pf_lock r = 0 (0xffffffff82911960) #0 witness_lock+0x44d #1 pfioctl+0x5dc5 sys/net/pf_ioctl.c:1608 #2 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #3 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4a2 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 exclusive rwlock netlock r = 0 (0xffffffff8291bc10) #0 witness_lock+0x44d #1 pfioctl+0x38c8 sys/net/pf_ioctl.c:1608 #2 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #3 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4a2 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 exclusive rwlock pfioctl_rw r = 0 (0xffffffff829119c0) #0 witness_lock+0x44d #1 pfioctl+0x15e sys/net/pf_ioctl.c:1148 #2 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #3 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4a2 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82a3f538) #0 witness_lock+0x44d #1 vn_ioctl+0x41 sys/kern/vfs_vnops.c:514 #2 sys_ioctl+0x4a2 #3 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #3 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #4 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10224 6518K 7547K 78643K 143043 0 pcb 13 24K 29K 78643K 5551 0 rtable 201 12K 21K 78643K 16385 0 ifaddr 103 23K 25K 78643K 10300 0 sysctl 3 1K 1K 78643K 5 0 counters 58 35K 36K 78643K 400 0 ioctlops 1 4K 4K 78643K 37090 0 iov 0 0K 32K 78643K 4273 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1572 98K 98K 78643K 32519 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 244 0 VM map 2 1K 1K 78643K 2 0 sem 10 20K 36K 78643K 53 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 15 53K 89K 78643K 37149 0 sigio 0 0K 0K 78643K 372 0 proc 75 91K 128K 78643K 2585 0 subproc 104 6K 7K 78643K 764 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 7147 0 in_multi 68 4K 6K 78643K 6500 0 ether_multi 1 0K 0K 78643K 176 0 mrt 1 0K 0K 78643K 64 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 235 1049K 1049K 78643K 235 0 exec 0 0K 2K 78643K 4036 0 pfkey data 0 0K 0K 78643K 10 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 634 1376K 1376K 78643K 204514 0 UVM aobj 16 2K 2K 78643K 16 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 820 0 NDP 15 0K 2K 78643K 1211 0 temp 415 5267K 5848K 78643K 253149 0 kqueue 12 18K 26K 78643K 1052 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 4696 0 4693 25 24 1 3 0 8 0 rtentry 112 4921 0 4842 4 1 3 4 0 8 0 unpcb 136 14082 0 14067 166 165 1 9 0 8 0 syncache 296 63 0 63 19 19 0 1 0 8 0 tcpqe 32 173 0 173 7 7 0 1 0 8 0 tcpcb 736 19821 0 19815 455 454 1 26 0 8 0 arp 120 136 0 118 1 0 1 1 0 8 0 inpcb 312 36214 0 36207 379 378 1 21 0 8 0 rttmr 72 7 0 7 3 3 0 1 0 8 0 ip6q 72 3 0 3 1 1 0 1 0 8 0 ip6af 40 9 0 9 1 1 0 1 0 8 0 nd6 48 1089 0 1076 1 0 1 1 0 8 0 pkpcb 40 114 0 114 12 12 0 1 0 8 0 kcovpl 48 58 0 50 1 0 1 1 0 8 0 ppxss 1248 65 0 65 18 18 0 1 0 8 0 pfstscr 40 877 0 870 1 0 1 1 0 8 0 pffrag 232 100 0 98 15 14 1 1 0 482 0 pffrnode 88 100 0 98 15 14 1 1 0 8 0 pffrent 40 324 0 322 16 15 1 1 0 8 0 pfosfp 40 1435 0 1010 5 0 5 5 0 8 0 pfosfpen 112 1435 0 719 21 0 21 21 0 8 0 pfrktable 1344 1574 3875 1571 14 13 1 2 0 8 0 pftag 88 32 0 23 3 2 1 1 0 8 0 pfqueue 264 7 0 7 2 2 0 1 0 8 0 pfstitem 24 417 0 404 1 0 1 1 0 8 0 pfstkey 112 1786 0 1777 1 0 1 1 0 8 0 pfstate 320 950 0 941 2 1 1 2 0 8 0 pfsrctr 152 3 0 3 1 1 0 1 0 8 0 pfrule 1360 11326 0 10586 106 17 89 89 0 8 0 art_heap8 4096 508 0 507 5 4 1 4 0 8 0 art_heap4 256 28634 0 28318 48 23 25 29 0 8 0 art_table 32 29142 0 28825 4 0 4 4 0 8 0 art_node 16 4893 0 4823 1 0 1 1 0 8 0 sysvmsgpl 40 40 0 0 1 0 1 1 0 8 0 semupl 112 6 0 6 1 1 0 1 0 8 0 semapl 112 45 0 37 1 0 1 1 0 8 0 shmpl 112 13 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 45882 0 44377 95 0 95 95 0 8 0 ffsino 272 45882 0 44377 101 0 101 101 0 8 0 nchpl 144 93299 0 91648 63 0 63 63 0 8 0 uvmvnodes 80 7051 0 0 144 0 144 144 0 8 0 vnodes 224 7051 0 0 415 0 415 415 0 8 0 namei 1024 327798 0 327798 11 10 1 1 0 8 1 percpumem 16 212 0 171 1 0 1 1 0 8 0 vcpupl 2048 91 0 0 12 0 12 12 0 8 0 vmpool 560 116 0 25 7 0 7 7 0 8 0 pfiaddrpl 120 5611 0 5610 12 11 1 3 0 8 0 kstatmem 264 372 0 342 10 7 3 3 0 8 0 scsiplug 72 12 0 12 3 3 0 1 0 8 0 scxspl 216 279531 0 279531 22 21 1 8 0 8 1 plimitpl 152 2377 0 2362 1 0 1 1 0 8 0 sigapl 424 37376 0 37311 8 0 8 8 0 8 0 futexpl 64 380828 0 380824 12 11 1 1 0 8 0 knotepl 120 2036 0 0 26 2 24 24 0 8 0 kqueuepl 216 4714 0 4706 97 96 1 5 0 8 0 pipepl 336 5287 0 5259 150 147 3 8 0 8 0 fdescpl 496 37338 0 37310 8 4 4 5 0 8 0 filepl 152 235799 0 235559 355 342 13 23 0 8 2 lockfpl 104 11162 0 11160 16 15 1 3 0 8 0 lockfspl 48 2888 0 2886 1 0 1 1 0 8 0 sessionpl 144 74 0 57 1 0 1 1 0 8 0 pgrppl 48 269 0 252 1 0 1 1 0 8 0 ucredpl 96 21611 0 21590 1 0 1 1 0 8 0 zombiepl 144 37312 0 37311 2 1 1 1 0 8 0 processpl 1064 37376 0 37311 5 0 5 5 0 8 0 procpl 672 95865 0 95787 42 34 8 9 0 8 1 srpgc 96 62 0 62 14 14 0 1 0 8 0 sosppl 168 100 0 100 23 23 0 1 0 8 0 sockpl 480 55188 0 55163 1034 1028 6 36 0 8 2 mcl64k 65536 17 0 0 3 0 3 3 0 8 0 mcl16k 16384 13 0 0 2 0 2 2 0 8 0 mcl12k 12288 25 0 0 2 0 2 2 0 8 0 mcl9k 9216 21 0 0 2 0 2 2 0 8 0 mcl8k 8192 24 0 0 3 0 3 3 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 8 0 0 1 0 1 1 0 8 0 mcl2k 2048 753 0 0 28 5 23 28 0 8 0 mtagpl 96 3001 0 0 46 0 46 46 0 8 0 mbufpl 256 6205 0 0 350 0 350 350 0 8 0 bufpl 288 52141 0 45090 504 0 504 504 0 8 0 anonpl 24 6680754 0 6661613 489 365 124 178 0 186 0 amapchunkpl 152 592012 0 591278 155 124 31 56 0 158 0 amappl16 200 87787 0 87052 268 228 40 61 0 8 1 amappl15 192 4521 0 4517 1 0 1 1 0 8 0 amappl14 184 4434 0 4425 1 0 1 1 0 8 0 amappl13 176 5041 0 5039 1 0 1 1 0 8 0 amappl12 168 4483 0 4476 1 0 1 1 0 8 0 amappl11 160 5863 0 5839 7 5 2 2 0 8 0 amappl10 152 9477 0 9465 1 0 1 1 0 8 0 amappl9 144 3534 0 3529 1 0 1 1 0 8 0 amappl8 136 5139 0 4934 8 0 8 8 0 8 0 amappl7 128 2926 0 2911 1 0 1 1 0 8 0 amappl6 120 3710 0 3684 2 1 1 2 0 8 0 amappl5 112 35783 0 35766 1 0 1 1 0 8 0 amappl4 104 14359 0 14323 3 1 2 2 0 8 0 amappl3 96 115807 0 115758 2 0 2 2 0 8 0 amappl2 88 46056 0 45977 3 1 2 3 0 8 0 amappl1 80 869590 0 868950 21 6 15 20 0 8 0 amappl 88 202239 0 201978 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 15 0 0 1 0 1 1 0 8 0 uaddrrnd 24 37454 0 37335 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 37454 0 37335 1 0 1 1 0 8 0 vmmpekpl 168 237915 0 237833 4 0 4 4 0 8 0 vmmpepl 168 3549407 0 3546406 408 261 147 170 0 357 0 vmsppl 368 37453 0 37335 14 2 12 12 0 8 0 rwobjpl 56 834261 0 825202 167 37 130 132 0 8 0 pdppl 4096 74915 0 74761 1271 1111 160 161 0 8 6 pvpl 32 13712978 0 13690013 988 783 205 318 0 265 4 pmappl 248 37453 0 37335 10 2 8 8 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 3546 0 2153 41 0 41 41 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace pf_anchor_global_RB_REMOVE(ffffffff82a41b58,ffff800000be4800) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000be4c90) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfi_dynaddr_setup(ffff800001080818,0) at pfi_dynaddr_setup+0x411 sys/net/pf_if.c:485 pfioctl(4900,cd60441a,ffff800000685000,3,ffff8000266b6548) at pfioctl+0x8d37 pf_addr_setup sys/net/pf_ioctl.c:894 [inline] pfioctl(4900,cd60441a,ffff800000685000,3,ffff8000266b6548) at pfioctl+0x8d37 sys/net/pf_ioctl.c:1653 VOP_IOCTL(fffffd806f684b88,cd60441a,ffff800000685000,3,fffffd807f7d7900,ffff8000266b6548) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806c7a1740,cd60441a,ffff800000685000,ffff8000266b6548) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 sys_ioctl(ffff8000266b6548,ffff8000250685e8,ffff800025068640) at sys_ioctl+0x4a2 syscall(ffff8000250686b0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000250686b0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xbf07e8cb4c0, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5