kernel: protection fault trap, code=0 Stopped at pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace pf_anchor_global_RB_REMOVE(ffffffff82ad39c8,ffff800000d3b800) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000d3bc90) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfi_dynaddr_setup(ffff800000e05ad8,0) at pfi_dynaddr_setup+0x411 sys/net/pf_if.c:485 pfioctl(4900,cd60441a,ffff800000bea000,3,ffff8000ffff5500) at pfioctl+0x8492 pf_addr_setup sys/net/pf_ioctl.c:892 [inline] pfioctl(4900,cd60441a,ffff800000bea000,3,ffff8000ffff5500) at pfioctl+0x8492 sys/net/pf_ioctl.c:1643 VOP_IOCTL(fffffd806f7d3c68,cd60441a,ffff800000bea000,3,fffffd807f7d8720,ffff8000ffff5500) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd80671dfda8,cd60441a,ffff800000bea000,ffff8000ffff5500) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 sys_ioctl(ffff8000ffff5500,ffff8000248b91f8,ffff8000248b9250) at sys_ioctl+0x4a2 syscall(ffff8000248b92c0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000248b92c0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3677e3af470, count: -9 ddb{0}> show registers rdi 0xffffffff82ad39c8 pf_anchors rsi 0xffff800000d3b800 rbp 0xffff8000248b8ce0 rbx 0xffffffff82ad39c8 pf_anchors rdx 0 rcx 0xfffffd8003708ce0 rax 0xffff8000ffff5500 r8 0x400 r9 0x8080808080808080 r10 0x21df0272578b0fcf r11 0x186e7cf73765fcac r12 0x7a57a70793cc91d2 r13 0xffffffff82ad39d0 pf_main_anchor r14 0xffff800000d3b800 r15 0xdeaf007fdeaf4152 rip 0xffffffff81f92b38 pf_anchor_global_RB_REMOVE+0x58 cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff8000248b8c90 ss 0x10 pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb{0}> show proc PROC (syz-executor.7) pid=468605 stat=onproc flags process=0 proc=4000000 pri=83, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff80002469bce0,0xffff8000ffff5a50 process=0xffff8000ffffba38 user=0xffff8000248b4000, vmspace=0xfffffd8070c97a20 estcpu=33, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 46783 440108 62107 0 2 0 syz-executor.6 2938 303964 28209 0 2 0 syz-executor.4 2938 92840 28209 0 3 0x4000080 fsleep syz-executor.4 22385 507864 40083 0 2 0 syz-executor.7 22385 190830 40083 0 2 0x4000000 syz-executor.7 *22385 468605 40083 0 7 0x4000000 syz-executor.7 96590 368951 86679 0 2 0 syz-executor.2 96590 186841 86679 0 3 0x4000080 fsleep syz-executor.2 96590 369648 86679 0 3 0x4000080 fsleep syz-executor.2 41642 411779 8218 0 2 0 syz-executor.0 41642 299536 8218 0 3 0x4000080 fsleep syz-executor.0 65536 11628 21667 0 2 0 syz-executor.1 65536 363822 21667 0 3 0x4000080 fsleep syz-executor.1 40083 440074 30934 0 3 0x82 nanoslp syz-executor.7 86679 138528 30934 0 3 0x82 nanoslp syz-executor.2 62107 323057 30934 0 3 0x82 nanoslp syz-executor.6 12328 94590 0 0 3 0x14200 acct acct 70608 80290 30934 0 2 0x2 syz-executor.3 59255 230481 30934 0 2 0x2 syz-executor.5 8218 286579 30934 0 3 0x82 nanoslp syz-executor.0 21667 470629 30934 0 3 0x82 nanoslp syz-executor.1 28209 292821 30934 0 3 0x82 nanoslp syz-executor.4 77129 15158 1 0 3 0x100083 ttyin getty 48993 168690 0 0 3 0x14280 nfsidl nfsio 37826 300189 0 0 3 0x14280 nfsidl nfsio 69225 299754 0 0 3 0x14280 nfsidl nfsio 23621 323657 0 0 3 0x14280 nfsidl nfsio 93398 123722 0 0 3 0x14280 nfsidl nfsio 99876 284532 0 0 3 0x14280 nfsidl nfsio 9801 32784 0 0 3 0x14280 nfsidl nfsio 29123 353622 0 0 3 0x14280 nfsidl nfsio 63896 225072 0 0 3 0x14280 nfsidl nfsio 49270 155342 0 0 3 0x14280 nfsidl nfsio 19209 425357 0 0 3 0x14280 nfsidl nfsio 39435 201392 0 0 3 0x14280 nfsidl nfsio 96990 454248 0 0 3 0x14280 nfsidl nfsio 94772 98450 0 0 3 0x14280 nfsidl nfsio 69326 414938 0 0 3 0x14280 nfsidl nfsio 97403 401966 0 0 3 0x14280 nfsidl nfsio 55129 511675 0 0 3 0x14280 nfsidl nfsio 86539 412975 0 0 3 0x14280 nfsidl nfsio 9740 181542 0 0 3 0x14280 nfsidl nfsio 70914 338346 0 0 3 0x14280 nfsidl nfsio 34061 519936 0 0 3 0x14200 bored sosplice 30934 62810 2148 0 3 0x82 thrsleep syz-fuzzer 30934 291115 2148 0 3 0x4000082 nanoslp syz-fuzzer 30934 253875 2148 0 3 0x4000082 thrsleep syz-fuzzer 30934 255419 2148 0 3 0x4000082 kqread syz-fuzzer 30934 87128 2148 0 3 0x4000082 thrsleep syz-fuzzer 30934 399990 2148 0 3 0x4000082 nanoslp syz-fuzzer 30934 232861 2148 0 3 0x4000082 thrsleep syz-fuzzer 30934 278068 2148 0 3 0x4000082 thrsleep syz-fuzzer 30934 140787 2148 0 3 0x4000082 thrsleep syz-fuzzer 2148 425832 33531 0 3 0x10008a sigsusp ksh 33531 463307 71424 0 3 0x9a kqread sshd 71424 276852 1 0 3 0x88 kqread sshd 88240 212716 9955 74 3 0x1100092 bpf pflogd 9955 179276 1 0 3 0x80 netio pflogd 54682 307160 38893 73 3 0x1100090 kqread syslogd 38893 33860 1 0 3 0x100082 netio syslogd 85683 116137 1 0 3 0x100080 kqread resolvd 40606 400014 42021 77 3 0x100092 kqread dhcpleased 34181 239940 42021 77 3 0x100092 kqread dhcpleased 42021 354031 1 0 3 0x80 kqread dhcpleased 95545 301197 0 0 3 0x14200 bored smr 88268 274925 0 0 2 0x14200 zerothread 7170 13752 0 0 3 0x14200 aiodoned aiodoned 57063 171889 0 0 3 0x14200 syncer update 7324 338237 0 0 3 0x14200 cleaner cleaner 85077 41008 0 0 3 0x14200 reaper reaper 98762 41855 0 0 3 0x14200 pgdaemon pagedaemon 45529 502982 0 0 3 0x14200 bored viomb 31516 301768 0 0 3 0x40014200 acpi0 acpi0 1913 472956 0 0 7 0x40014200 idle1 94979 365985 0 0 3 0x14200 bored softnet 6736 241030 0 0 3 0x14200 bored systqmp 4273 318660 0 0 3 0x14200 bored systq 43108 173266 0 0 3 0x40014200 bored softclock 17351 16421 0 0 3 0x40014200 idle0 1 337924 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 22385 (syz-executor.7) thread 0xffff8000ffff5500 (468605) exclusive rwlock pf_lock r = 0 (0xffffffff829731e0) #0 witness_lock+0x44d #1 pfioctl+0x5b38 sys/net/pf_ioctl.c:1601 #2 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #3 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4a2 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 exclusive rwlock netlock r = 0 (0xffffffff829a0cc0) #0 witness_lock+0x44d #1 pfioctl+0x3690 sys/net/pf_ioctl.c:1601 #2 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #3 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4a2 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82a37cc0) #0 witness_lock+0x44d #1 vn_ioctl+0x41 sys/kern/vfs_vnops.c:514 #2 sys_ioctl+0x4a2 #3 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #3 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #4 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10204 6582K 14772K 78643K 57646 0 pcb 13 20K 25K 78643K 6295 0 rtable 196 16K 28K 78643K 6896 0 ifaddr 102 28K 35K 78643K 4337 0 sysctl 3 1K 1K 78643K 9 0 counters 56 35K 36K 78643K 798 0 ioctlops 1 4K 8K 78643K 18570 0 iov 0 0K 28K 78643K 3522 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1576 98K 99K 78643K 17374 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 330 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 6055 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 16 57K 89K 78643K 36880 0 sigio 0 0K 0K 78643K 363 0 proc 77 111K 148K 78643K 4372 0 subproc 104 6K 6K 78643K 1140 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 1 0K 0K 78643K 1830 0 in_multi 80 5K 6K 78643K 4133 0 ether_multi 1 0K 0K 78643K 681 0 mrt 1 0K 0K 78643K 111 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 85 387K 387K 78643K 85 0 exec 0 0K 3K 78643K 6986 0 pfkey data 0 0K 1K 78643K 10 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 771 1783K 1799K 78643K 459316 0 UVM aobj 131 9K 9K 78643K 150 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 4453 0 NDP 14 0K 2K 78643K 976 0 temp 483 5389K 9473K 78643K 226576 0 kqueue 12 18K 27K 78643K 2409 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 2822 0 2819 44 43 1 5 0 8 0 rtentry 112 1827 0 1749 4 1 3 4 0 8 0 unpcb 136 18575 0 18560 216 215 1 8 0 8 0 syncache 296 66 0 66 21 21 0 1 0 8 0 tcpqe 32 14 0 14 7 7 0 1 0 8 0 tcpcb 736 17327 0 17221 449 439 10 22 0 8 0 arp 120 200 0 187 1 0 1 1 0 8 0 inpcb 304 41516 0 41444 448 442 6 19 0 8 0 rttmr 72 40 0 40 13 13 0 1 0 8 0 ip6q 72 5 0 5 1 1 0 1 0 8 0 ip6af 40 10 0 10 1 1 0 1 0 8 0 nd6 48 700 0 680 1 0 1 1 0 8 0 pkpcb 40 102 0 102 20 20 0 1 0 8 0 kcovpl 48 87 0 79 1 0 1 1 0 8 0 ppxss 1248 136 0 136 35 35 0 1 0 8 0 pfstscr 40 1063 0 1063 11 11 0 1 0 8 0 pffrag 232 247 0 247 15 14 1 1 0 482 1 pffrnode 88 247 0 247 15 14 1 1 0 8 1 pffrent 40 1398 0 1398 16 15 1 1 0 8 1 pfosfp 40 1429 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1429 0 714 21 0 21 21 0 8 0 pfrktable 1344 540 31 537 20 19 1 3 0 8 0 pftag 88 43 0 27 1 0 1 1 0 8 0 pfqueue 264 21 0 21 5 5 0 1 0 8 0 pfstitem 24 59 0 57 1 0 1 1 0 8 0 pfstkey 112 2264 0 2262 1 0 1 1 0 8 0 pfstate 320 1148 0 1146 3 2 1 3 0 8 0 pfrule 1360 5395 0 5344 50 45 5 45 0 8 0 art_heap8 4096 5 0 4 5 4 1 3 0 8 0 art_heap4 256 8641 0 8270 67 43 24 30 0 8 0 art_table 32 8646 0 8274 4 0 4 4 0 8 0 art_node 16 1769 0 1701 1 0 1 1 0 8 0 sysvmsgpl 40 10 0 0 1 0 1 1 0 8 0 semapl 112 6014 0 6004 1 0 1 1 0 8 0 shmpl 112 147 0 19 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 47573 0 46060 95 0 95 95 0 8 0 ffsino 272 47573 0 46060 102 0 102 102 0 8 0 nchpl 144 94072 0 92377 64 0 64 64 0 8 0 uvmvnodes 80 5942 0 0 122 0 122 122 0 8 0 vnodes 224 5942 0 0 350 0 350 350 0 8 0 namei 1024 409075 0 409075 5 4 1 2 0 8 1 percpumem 16 411 0 371 1 0 1 1 0 8 0 vcpupl 2048 369 0 1 46 0 46 46 0 8 0 vmpool 560 513 0 145 29 2 27 27 0 8 0 pfiaddrpl 120 350 0 349 8 7 1 2 0 8 0 scxspl 216 265320 0 265320 35 34 1 8 0 8 1 plimitpl 152 4582 0 4567 1 0 1 1 0 8 0 sigapl 424 37063 0 36998 9 1 8 8 0 8 0 futexpl 64 360339 0 360334 5 4 1 1 0 8 0 knotepl 120 1852 0 0 12 1 11 11 0 8 0 kqueuepl 216 7357 0 7348 134 131 3 7 0 8 2 pipepl 336 6460 0 6432 184 176 8 10 0 8 5 fdescpl 496 37005 0 36976 11 7 4 5 0 8 0 filepl 152 282735 0 282424 368 351 17 23 0 8 5 lockfpl 104 10135 0 10133 25 24 1 4 0 8 0 lockfspl 48 2866 0 2864 1 0 1 1 0 8 0 sessionpl 144 107 0 90 1 0 1 1 0 8 0 pgrppl 48 288 0 271 1 0 1 1 0 8 0 ucredpl 96 36280 0 36263 1 0 1 1 0 8 0 zombiepl 144 36998 0 36998 3 2 1 1 0 8 1 processpl 1064 37063 0 36998 5 0 5 5 0 8 0 procpl 672 98134 0 98054 23 15 8 9 0 8 0 srpgc 96 88 0 88 27 27 0 1 0 8 0 sosppl 168 212 0 212 33 32 1 1 0 8 1 sockpl 480 63154 0 63064 1197 1185 12 34 0 8 0 mcl64k 65536 28 0 0 3 0 3 3 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 30 0 0 2 1 1 2 0 8 0 mcl8k 8192 27 0 0 4 1 3 3 0 8 0 mcl4k 4096 33 0 0 4 1 3 3 0 8 0 mcl2k2 2112 16 0 0 2 0 2 2 0 8 0 mcl2k 2048 934 0 0 64 13 51 54 0 8 0 mtagpl 96 1366 0 0 11 0 11 11 0 8 0 mbufpl 256 14383 0 0 831 0 831 831 0 8 0 bufpl 288 51395 0 45058 453 0 453 453 0 8 0 anonpl 24 11632232 0 11612004 572 424 148 200 0 186 0 amapchunkpl 152 1124630 0 1123754 214 166 48 65 0 158 11 amappl16 200 175746 0 174945 370 319 51 67 0 8 0 amappl15 192 4214 0 4209 1 0 1 1 0 8 0 amappl14 184 4810 0 4806 1 0 1 1 0 8 0 amappl13 176 8977 0 8975 1 0 1 1 0 8 0 amappl12 168 433 0 423 1 0 1 1 0 8 0 amappl11 160 4973 0 4953 2 1 1 2 0 8 0 amappl10 152 3557 0 3551 1 0 1 1 0 8 0 amappl9 144 6861 0 6855 1 0 1 1 0 8 0 amappl8 136 7279 0 7079 8 1 7 7 0 8 0 amappl7 128 4825 0 4815 1 0 1 1 0 8 0 amappl6 120 6892 0 6856 3 1 2 2 0 8 0 amappl5 112 35944 0 35925 1 0 1 1 0 8 0 amappl4 104 9568 0 9534 2 0 2 2 0 8 0 amappl3 96 5322 0 5307 1 0 1 1 0 8 0 amappl2 88 11560 0 11465 3 0 3 3 0 8 0 amappl1 80 653677 0 653095 25 11 14 19 0 8 0 amappl 88 456748 0 456351 14 4 10 10 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 149 0 19 3 0 3 3 0 8 0 uaddrrnd 24 37518 0 37121 3 0 3 3 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 37518 0 37121 3 0 3 3 0 8 0 vmmpekpl 168 254450 0 254347 5 0 5 5 0 8 0 vmmpepl 168 3429056 0 3425320 664 476 188 254 0 357 1 vmsppl 368 37517 0 37121 38 1 37 37 0 8 0 rwobjpl 56 859835 0 851657 159 39 120 121 0 8 0 pdppl 4096 75043 0 74610 1565 1128 437 437 0 8 4 pvpl 32 18517010 0 18493169 960 737 223 325 0 265 0 pmappl 248 37517 0 37121 27 2 25 25 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 3974 0 1857 61 0 61 61 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace pf_anchor_global_RB_REMOVE(ffffffff82ad39c8,ffff800000d3b800) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000d3bc90) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfi_dynaddr_setup(ffff800000e05ad8,0) at pfi_dynaddr_setup+0x411 sys/net/pf_if.c:485 pfioctl(4900,cd60441a,ffff800000bea000,3,ffff8000ffff5500) at pfioctl+0x8492 pf_addr_setup sys/net/pf_ioctl.c:892 [inline] pfioctl(4900,cd60441a,ffff800000bea000,3,ffff8000ffff5500) at pfioctl+0x8492 sys/net/pf_ioctl.c:1643 VOP_IOCTL(fffffd806f7d3c68,cd60441a,ffff800000bea000,3,fffffd807f7d8720,ffff8000ffff5500) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd80671dfda8,cd60441a,ffff800000bea000,ffff8000ffff5500) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 sys_ioctl(ffff8000ffff5500,ffff8000248b91f8,ffff8000248b9250) at sys_ioctl+0x4a2 syscall(ffff8000248b92c0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000248b92c0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3677e3af470, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5