kernel: protection fault trap, code=0 Stopped at pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace pf_anchor_global_RB_REMOVE(ffffffff82b86580,ffff800000c30000) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000c30490) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfi_dynaddr_setup(ffff800000ba52a8,0) at pfi_dynaddr_setup+0x411 sys/net/pf_if.c:485 pfioctl(4900,cd60441a,ffff800000c09000,3,ffff800027ae7270) at pfioctl+0x8d37 pf_addr_setup sys/net/pf_ioctl.c:894 [inline] pfioctl(4900,cd60441a,ffff800000c09000,3,ffff800027ae7270) at pfioctl+0x8d37 sys/net/pf_ioctl.c:1653 VOP_IOCTL(fffffd806f6889c8,cd60441a,ffff800000c09000,3,fffffd807f7d7240,ffff800027ae7270) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd80669e8010,cd60441a,ffff800000c09000,ffff800027ae7270) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 sys_ioctl(ffff800027ae7270,ffff80002120aa68,ffff80002120aac0) at sys_ioctl+0x4a2 syscall(ffff80002120ab30) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002120ab30) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xbb73561df60, count: -9 ddb{0}> show registers rdi 0xffff800022c6f000 rsi 0x1661 __ALIGN_SIZE+0x661 rbp 0xffff80002120a540 rbx 0xffffffff82b86580 pf_anchors rdx 0xffff800022c6f000 rcx 0x1660 __ALIGN_SIZE+0x660 rax 0xffffffff82370d8b pf_anchor_global_RB_REMOVE+0x2b r8 0x400 r9 0x8080808080808080 r10 0x7bf447c9c3815bf7 r11 0xf8c32d829cab01fe r12 0x832524b968e71e45 r13 0xffffffff82b86588 pf_main_anchor r14 0xffff800000c30000 r15 0xdead007fdeadbeef rip 0xffffffff82370db8 pf_anchor_global_RB_REMOVE+0x58 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff80002120a4f0 ss 0x10 pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb{0}> show proc PROC (syz-executor.1) pid=326058 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff800027ae77b0,0xffff800027ae6800 process=0xffff800027ad50c0 user=0xffff800021205000, vmspace=0xfffffd806651d8c0 estcpu=33, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 23809 313916 6149 0 2 0x81000 syz-executor.2 23809 335606 6149 0 3 0x4003000 suspend syz-executor.2 76375 123820 52736 0 2 0x480 syz-executor.3 76375 292905 52736 0 3 0x4000080 netio syz-executor.3 76375 221826 52736 0 3 0x4000080 fsleep syz-executor.3 3208 274970 63382 0 2 0 syz-executor.1 * 3208 326058 63382 0 7 0x4000000 syz-executor.1 3208 200307 63382 0 3 0x4000080 fsleep syz-executor.1 98644 274071 1 0 2 0 syz-executor.0 98644 509780 1 0 3 0x4000080 fsleep syz-executor.0 98644 285938 1 0 3 0x4000080 fsleep syz-executor.0 18723 409805 0 0 3 0x14280 nfsidl nfsio 82962 230464 0 0 3 0x14280 nfsidl nfsio 86004 30942 0 0 3 0x14280 nfsidl nfsio 28832 46221 0 0 3 0x14280 nfsidl nfsio 66298 488844 0 0 3 0x14280 nfsidl nfsio 87609 413446 0 0 3 0x14280 nfsidl nfsio 71316 324692 0 0 3 0x14280 nfsidl nfsio 80693 223460 0 0 3 0x14280 nfsidl nfsio 99789 346936 0 0 3 0x14280 nfsidl nfsio 33652 195074 0 0 3 0x14280 nfsidl nfsio 16926 320639 0 0 3 0x14280 nfsidl nfsio 81380 43945 0 0 3 0x14280 nfsidl nfsio 32097 29365 0 0 3 0x14280 nfsidl nfsio 22883 212523 0 0 3 0x14280 nfsidl nfsio 52811 332769 0 0 3 0x14280 nfsidl nfsio 83782 293846 0 0 3 0x14280 nfsidl nfsio 51008 375274 0 0 3 0x14280 nfsidl nfsio 37734 24541 0 0 3 0x14280 nfsidl nfsio 12341 82050 0 0 3 0x14280 nfsidl nfsio 2738 501424 0 0 3 0x14280 nfsidl nfsio 52736 158151 58087 0 2 0x482 syz-executor.3 49126 369621 58087 0 2 0x482 syz-executor.5 2141 250057 58087 0 3 0x82 nanoslp syz-executor.6 10834 70123 0 0 3 0x14200 bored sosplice 41713 283565 58087 0 2 0x482 syz-executor.7 94361 49343 58087 0 3 0x82 nanoslp syz-executor.4 6149 438251 58087 0 2 0x482 syz-executor.2 63382 85913 58087 0 2 0x482 syz-executor.1 58087 65829 16216 0 3 0x82 thrsleep syz-fuzzer 58087 146868 16216 0 3 0x4000082 thrsleep syz-fuzzer 58087 4509 16216 0 3 0x4000082 thrsleep syz-fuzzer 58087 316630 16216 0 3 0x4000082 thrsleep syz-fuzzer 58087 483362 16216 0 3 0x4000082 thrsleep syz-fuzzer 58087 137247 16216 0 3 0x4000082 thrsleep syz-fuzzer 58087 496787 16216 0 3 0x4000082 kqread syz-fuzzer 58087 45158 16216 0 3 0x4000082 thrsleep syz-fuzzer 58087 307927 16216 0 3 0x4000082 thrsleep syz-fuzzer 16216 427336 48356 0 3 0x10008a sigsusp ksh 48356 132155 96151 0 3 0x9a kqread sshd 90711 39029 1 0 3 0x100083 ttyin getty 96151 274557 1 0 3 0x88 kqread sshd 76312 122331 94116 74 3 0x1100092 bpf pflogd 94116 157959 1 0 3 0x80 netio pflogd 62212 216091 57599 73 3 0x1100090 kqread syslogd 57599 48558 1 0 3 0x100082 netio syslogd 10575 462635 1 0 3 0x100080 kqread resolvd 27087 431548 68375 77 3 0x100092 kqread dhcpleased 51251 424172 68375 77 3 0x100092 kqread dhcpleased 68375 404115 1 0 3 0x80 kqread dhcpleased 60097 251130 0 0 3 0x14200 bored smr 98366 477697 0 0 2 0x14200 zerothread 73425 288260 0 0 3 0x14200 aiodoned aiodoned 57037 506865 0 0 3 0x14200 syncer update 18832 415233 0 0 3 0x14200 cleaner cleaner 31562 356063 0 0 7 0x14200 reaper 16346 206327 0 0 3 0x14200 pgdaemon pagedaemon 63815 293046 0 0 3 0x14200 bored viomb 42996 459600 0 0 3 0x40014200 acpi0 acpi0 51350 336145 0 0 3 0x40014200 idle1 8565 337503 0 0 3 0x14200 bored softnet 88367 927 0 0 3 0x14200 bored systqmp 18512 466340 0 0 3 0x14200 bored systq 81783 115284 0 0 2 0x40014200 softclock 39394 514991 0 0 3 0x40014200 idle0 1 365897 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 3208 (syz-executor.1) thread 0xffff800027ae7270 (326058) exclusive rwlock pf_lock r = 0 (0xffffffff829767e0) #0 witness_lock+0x44d #1 pfioctl+0x5dc5 sys/net/pf_ioctl.c:1608 #2 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #3 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4a2 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 exclusive rwlock netlock r = 0 (0xffffffff8298fb10) #0 witness_lock+0x44d #1 pfioctl+0x38c8 sys/net/pf_ioctl.c:1608 #2 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #3 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4a2 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 exclusive rwlock pfioctl_rw r = 0 (0xffffffff82976840) #0 witness_lock+0x44d #1 pfioctl+0x15e sys/net/pf_ioctl.c:1148 #2 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #3 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4a2 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82b1de90) #0 witness_lock+0x44d #1 vn_ioctl+0x41 sys/kern/vfs_vnops.c:514 #2 sys_ioctl+0x4a2 #3 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #3 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #4 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10217 6559K 7007K 78643K 15276 0 pcb 13 14K 16K 78643K 440 0 rtable 176 11K 11K 78643K 890 0 ifaddr 91 19K 20K 78643K 426 0 sysctl 2 0K 0K 78643K 2 0 counters 56 35K 35K 78643K 170 0 ioctlops 1 4K 4K 78643K 1722 0 iov 0 0K 24K 78643K 132 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1340 84K 84K 78643K 2535 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 11 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 214 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 13 45K 89K 78643K 2411 0 sigio 0 0K 0K 78643K 9 0 proc 70 91K 115K 78643K 885 0 subproc 104 6K 6K 78643K 234 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 32 0 in_multi 63 4K 6K 78643K 293 0 ether_multi 1 0K 0K 78643K 7 0 mrt 0 0K 0K 78643K 9 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 187 837K 837K 78643K 187 0 exec 0 0K 2K 78643K 1183 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 302 263K 264K 78643K 16058 0 UVM aobj 19 2K 2K 78643K 19 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 70 0 NDP 14 0K 1K 78643K 119 0 temp 137 4726K 4798K 78643K 11391 0 kqueue 12 18K 26K 78643K 194 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 122 0 119 1 0 1 1 0 8 0 rtentry 112 269 0 197 4 0 4 4 0 8 0 unpcb 136 2145 0 2126 22 21 1 6 0 8 0 syncache 296 7 0 7 2 2 0 1 0 8 0 tcpqe 32 446 0 446 1 1 0 1 0 8 0 tcpcb 736 473 0 469 20 19 1 7 0 8 0 arp 120 41 0 27 1 0 1 1 0 8 0 inpcb 312 2015 0 2007 44 40 4 11 0 8 3 nd6 48 68 0 54 1 0 1 1 0 8 0 pkpcb 40 67 0 67 1 1 0 1 0 8 0 kcovpl 48 18 0 10 1 0 1 1 0 8 0 ppxss 1248 41 0 41 2 2 0 1 0 8 0 pfstscr 40 8 0 8 1 1 0 1 0 8 0 pffrag 232 7 0 6 2 1 1 1 0 482 0 pffrnode 88 7 0 6 2 1 1 1 0 8 0 pffrent 40 144 0 143 2 1 1 1 0 8 0 pfosfp 40 1433 0 1008 5 0 5 5 0 8 0 pfosfpen 112 1433 0 715 21 0 21 21 0 8 0 pfrktable 1344 4 1 1 1 0 1 1 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 40 0 38 1 0 1 1 0 8 0 pfstkey 112 54 0 52 1 0 1 1 0 8 0 pfstate 320 47 0 45 3 2 1 3 0 8 0 pfrule 1360 124 0 116 2 1 1 2 0 8 0 rttmrq 48 19 0 15 1 0 1 1 0 8 0 rttmr 72 3 0 3 1 1 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1157 0 841 33 11 22 29 0 8 0 art_table 32 1158 0 841 4 0 4 4 0 8 0 art_node 16 268 0 205 1 0 1 1 0 8 0 sysvmsgpl 40 39 0 11 1 0 1 1 0 8 0 semupl 112 4 0 4 2 2 0 1 0 8 0 semapl 112 206 0 196 1 0 1 1 0 8 0 shmpl 112 16 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 4537 0 3094 91 0 91 91 0 8 0 ffsino 272 4537 0 3094 97 0 97 97 0 8 0 nchpl 144 7899 0 6248 63 0 63 63 0 8 0 uvmvnodes 80 5421 0 0 111 0 111 111 0 8 0 vnodes 224 5421 0 0 319 0 319 319 0 8 0 namei 1024 30381 0 30381 4 3 1 2 0 8 1 percpumem 16 97 0 57 1 0 1 1 0 8 0 vcpupl 2048 14 0 0 2 0 2 2 0 8 0 vmpool 560 18 0 4 1 0 1 1 0 8 0 pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0 kstatmem 264 142 0 114 2 0 2 2 0 8 0 scxspl 216 21001 0 21001 13 12 1 8 0 8 1 plimitpl 152 468 0 453 1 0 1 1 0 8 0 sigapl 424 2722 0 2656 8 0 8 8 0 8 0 futexpl 64 19416 0 19412 1 0 1 1 0 8 0 knotepl 120 368 0 0 10 0 10 10 0 8 0 kqueuepl 216 595 0 587 13 12 1 5 0 8 0 pipepl 336 792 0 761 25 17 8 8 0 8 5 fdescpl 496 2684 0 2658 6 2 4 5 0 8 0 filepl 152 20121 0 19868 58 42 16 25 0 8 3 lockfpl 104 1010 0 1006 4 3 1 2 0 8 0 lockfspl 48 207 0 203 1 0 1 1 0 8 0 sessionpl 144 34 0 17 1 0 1 1 0 8 0 pgrppl 48 34 0 17 1 0 1 1 0 8 0 ucredpl 96 2371 0 2359 1 0 1 1 0 8 0 zombiepl 144 2662 0 2656 1 0 1 1 0 8 0 processpl 1064 2722 0 2656 5 0 5 5 0 8 0 procpl 672 7236 0 7147 12 4 8 8 0 8 0 srpgc 96 24 0 24 4 4 0 1 0 8 0 sosppl 168 24 0 24 3 3 0 1 0 8 0 sockpl 480 4352 0 4322 121 113 8 25 0 8 4 mcl64k 65536 26 0 0 4 1 3 3 0 8 0 mcl16k 16384 8 0 0 1 0 1 1 0 8 0 mcl12k 12288 24 0 0 2 0 2 2 0 8 0 mcl9k 9216 7 0 0 1 0 1 1 0 8 0 mcl8k 8192 18 0 0 3 1 2 3 0 8 0 mcl4k 4096 13 0 0 2 0 2 2 0 8 0 mcl2k2 2112 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 233 0 0 23 0 23 23 0 8 0 mtagpl 96 278 0 0 6 0 6 6 0 8 0 mbufpl 256 556 0 0 30 0 30 30 0 8 0 bufpl 288 6662 0 332 453 0 453 453 0 8 0 anonpl 24 511118 0 492270 145 28 117 128 0 186 0 amapchunkpl 152 44368 0 43664 37 2 35 36 0 158 0 amappl16 200 6293 0 5645 45 10 35 40 0 8 0 amappl15 192 534 0 529 1 0 1 1 0 8 0 amappl14 184 123 0 116 1 0 1 1 0 8 0 amappl13 176 155 0 154 1 0 1 1 0 8 0 amappl12 168 223 0 222 1 0 1 1 0 8 0 amappl11 160 369 0 349 1 0 1 1 0 8 0 amappl10 152 144 0 137 1 0 1 1 0 8 0 amappl9 144 933 0 928 1 0 1 1 0 8 0 amappl8 136 1399 0 1331 3 0 3 3 0 8 0 amappl7 128 737 0 719 1 0 1 1 0 8 0 amappl6 120 703 0 682 2 1 1 2 0 8 0 amappl5 112 1896 0 1879 1 0 1 1 0 8 0 amappl4 104 1642 0 1615 1 0 1 1 0 8 0 amappl3 96 7550 0 7502 2 0 2 2 0 8 0 amappl2 88 3289 0 3229 3 1 2 3 0 8 0 amappl1 80 65762 0 65110 20 5 15 20 0 8 0 amappl 88 15368 0 15180 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 18 0 0 1 0 1 1 0 8 0 uaddrrnd 24 2702 0 2661 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2702 0 2661 1 0 1 1 0 8 0 vmmpekpl 168 25537 0 25473 3 0 3 3 0 8 0 vmmpepl 168 265373 0 262746 220 94 126 180 0 357 1 vmsppl 368 2701 0 2660 6 1 5 5 0 8 1 rwobjpl 56 70537 0 63387 103 1 102 102 0 8 0 pdppl 4096 5411 0 5334 247 166 81 84 0 8 4 pvpl 32 1105939 0 1082184 274 78 196 244 0 265 0 pmappl 248 2701 0 2660 4 1 3 3 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 1094 0 262 25 0 25 25 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace pf_anchor_global_RB_REMOVE(ffffffff82b86580,ffff800000c30000) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000c30490) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfi_dynaddr_setup(ffff800000ba52a8,0) at pfi_dynaddr_setup+0x411 sys/net/pf_if.c:485 pfioctl(4900,cd60441a,ffff800000c09000,3,ffff800027ae7270) at pfioctl+0x8d37 pf_addr_setup sys/net/pf_ioctl.c:894 [inline] pfioctl(4900,cd60441a,ffff800000c09000,3,ffff800027ae7270) at pfioctl+0x8d37 sys/net/pf_ioctl.c:1653 VOP_IOCTL(fffffd806f6889c8,cd60441a,ffff800000c09000,3,fffffd807f7d7240,ffff800027ae7270) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd80669e8010,cd60441a,ffff800000c09000,ffff800027ae7270) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 sys_ioctl(ffff800027ae7270,ffff80002120aa68,ffff80002120aac0) at sys_ioctl+0x4a2 syscall(ffff80002120ab30) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002120ab30) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xbb73561df60, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82b1dc88) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82b1dc88) at __mp_lock+0x122 sys/kern/kern_lock.c:147 uvm_unmap_detach(ffff800021135690,1) at uvm_unmap_detach+0x113 sys/uvm/uvm_map.c:1615 uvm_map_teardown(fffffd806ee78e68) at uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789 uvmspace_free(fffffd806ee78e68) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685 reaper(ffff8000210f9a40) at reaper+0x19a sys/kern/kern_exit.c:454 end trace frame: 0x0, count: -8