kernel: protection fault trap, code=0 Stopped at pf_anchor_global_RB_REMOVE+0x81: movq 0(%r12),%r15 ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace pf_anchor_global_RB_REMOVE(ffffffff839b5d10,ffff800001528f28) at pf_anchor_global_RB_REMOVE+0x81 sys/net/pf_ruleset.c:82 pf_remove_if_empty_ruleset(ffff8000015293b8) at pf_remove_if_empty_ruleset+0x12d sys/net/pf_ruleset.c:301 pfi_dynaddr_setup(ffff8000013f5508,0,1) at pfi_dynaddr_setup+0x671 sys/net/pf_if.c:508 pf_addr_setup(ffffffff839b61a8,ffff8000013f5508,0) at pf_addr_setup+0x46 sys/net/pf_ioctl.c:917 pfioctl(24900,cd50441a,ffff800001506000,3,ffff80003a001cc0) at pfioctl+0x976a sys/net/pf_ioctl.c:1681 VOP_IOCTL(fffffd805e46bb50,cd50441a,ffff800001506000,3,fffffd80097fb138,ffff80003a001cc0) at VOP_IOCTL+0xac sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806c31d3d8,cd50441a,ffff800001506000,ffff80003a001cc0) at vn_ioctl+0xf8 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80003a001cc0,ffff80003c4071f0,ffff80003c407140) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1 syscall(ffff80003c4071f0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c4071f0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x54494a24490, count: -10 ddb{1}> show registers rdi 0xffff800037be8000 rsi 0x17e9 __ALIGN_SIZE+0x7e9 rbp 0xffff80003c406bb0 rbx 0xffffffff839b5d10 pf_anchors rdx 0xffff800037be8000 rcx 0x17e8 __ALIGN_SIZE+0x7e8 rax 0xffffffff82b3bbdf pf_anchor_global_RB_REMOVE+0x2f r8 0x3fc r9 0x8080808080808080 r10 0x6c601f01cea918c0 r11 0x1856a2f19ec36f44 r12 0x8716fb66a7f09622 r13 0x1 r14 0xffff800001528f28 r15 0x320d18a407c5d3aa rip 0xffffffff82b3bc31 pf_anchor_global_RB_REMOVE+0x81 cs 0x8 rflags 0x10286 __ALIGN_SIZE+0xf286 rsp 0xffff80003c406b60 ss 0x10 pf_anchor_global_RB_REMOVE+0x81: movq 0(%r12),%r15 ddb{1}> show proc PROC (syz-executor) tid=478253 pid=58212 tcnt=2 stat=onproc flags process=10 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003a0014f8,0xffff80003c4122d8 process=0xffff80003c4661d8 user=0xffff80003c402000, vmspace=0xfffffd806b2d7b98 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 3239 363770 26506 0 2 0 syz-executor 3239 148317 26506 0 3 0x4000080 fsleep syz-executor 58212 409962 93364 60928 7 0x10 syz-executor *58212 478253 93364 60928 7 0x4000010 syz-executor 24334 180212 72993 0 2 0 syz-executor 24334 451239 72993 0 3 0x4000080 fsleep syz-executor 76134 175180 39380 0 2 0 syz-executor 76134 161678 39380 0 3 0x4000080 fsleep syz-executor 32920 461119 55534 0 3 0x80 nanoslp syz-executor 32920 96782 55534 0 3 0x4000080 sbwait syz-executor 32920 330942 55534 0 3 0x4000080 fsleep syz-executor 80870 490352 1 0 3 0x82 nanoslp getty 11503 120903 40309 0 2 0 syz-executor 11503 440092 40309 0 3 0x4000080 fsleep syz-executor 11503 307056 40309 0 3 0x4000080 fsleep syz-executor 11503 315839 40309 0 3 0x4000080 fsleep syz-executor 11503 135624 40309 0 3 0x4000080 fsleep syz-executor 72993 194360 75096 0 3 0x82 nanoslp syz-executor 19006 319082 40948 0 3 0x82 sbwait sshd-session 16707 314258 75096 0 3 0x2 biowait syz-executor 67950 84294 0 0 3 0x14280 nfsidl nfsio 56045 174384 0 0 3 0x14280 nfsidl nfsio 61693 471341 0 0 3 0x14280 nfsidl nfsio 26041 61380 0 0 3 0x14280 nfsidl nfsio 85713 132964 0 0 3 0x14280 nfsidl nfsio 41552 219644 0 0 3 0x14280 nfsidl nfsio 9954 197942 0 0 3 0x14280 nfsidl nfsio 53503 428866 0 0 3 0x14280 nfsidl nfsio 80937 367266 0 0 3 0x14280 nfsidl nfsio 85619 17275 0 0 3 0x14280 nfsidl nfsio 23494 425399 0 0 3 0x14280 nfsidl nfsio 86578 258352 0 0 3 0x14280 nfsidl nfsio 91510 76321 0 0 3 0x14280 nfsidl nfsio 55316 290678 0 0 3 0x14280 nfsidl nfsio 69618 30266 0 0 3 0x14280 nfsidl nfsio 19414 450974 0 0 3 0x14280 nfsidl nfsio 95923 294679 0 0 3 0x14280 nfsidl nfsio 88165 107507 0 0 3 0x14280 nfsidl nfsio 82078 16533 0 0 3 0x14280 nfsidl nfsio 93580 34879 0 0 3 0x14280 nfsidl nfsio 40309 213701 75096 0 3 0x82 nanoslp syz-executor 81139 516588 0 0 3 0x14200 bored sosplice 39380 402820 75096 0 3 0x82 nanoslp syz-executor 93364 471525 75096 0 3 0x82 nanoslp syz-executor 23147 220169 75096 0 3 0x82 nanoslp syz-executor 26506 436329 75096 0 3 0x82 nanoslp syz-executor 55534 318577 75096 0 3 0x82 nanoslp syz-executor 75096 149959 18117 0 3 0x82 kqread syz-executor 18117 113362 46836 0 3 0x10008a sigsusp ksh 46836 250516 53961 0 3 0x98 kqread sshd-session 53961 357526 40948 0 3 0x92 kqread sshd-session 40948 114223 1 0 3 0x88 kqread sshd 6103 286143 37362 74 3 0x1100092 bpf pflogd 37362 227025 1 0 3 0x80 sbwait pflogd 83231 216046 365 73 3 0x1100090 kqread syslogd 365 113483 1 0 3 0x100082 sbwait syslogd 30255 240345 1 0 3 0x100080 kqread resolvd 42507 166542 63852 77 3 0x100092 kqread dhcpleased 63133 456733 63852 77 3 0x100092 kqread dhcpleased 63852 297054 1 0 3 0x80 kqread dhcpleased 97976 7283 0 0 2 0x40014200 smr 41679 132097 0 0 2 0x14200 zerothread 45886 59735 0 0 3 0x14200 aiodoned aiodoned 46318 3429 0 0 3 0x14200 syncer update 68836 74251 0 0 3 0x14200 cleaner cleaner 67711 267873 0 0 3 0x14200 reaper reaper 59475 265801 0 0 3 0x14200 pgdaemon pagedaemon 28825 10231 0 0 3 0x14200 bored viomb 52990 250650 0 0 3 0x40014200 acpi0 acpi0 63668 172593 0 0 3 0x40014200 idle1 30982 382200 0 0 3 0x14200 bored softnet1 9212 273631 0 0 3 0x14200 bored softnet0 53939 319724 0 0 3 0x14200 bored systqmp 33767 184782 0 0 3 0x14200 bored systq 14963 158467 0 0 3 0x14200 tmoslp softclockmp 92401 482648 0 0 3 0x40014200 tmoslp softclock 57706 234223 0 0 3 0x40014200 idle0 1 518699 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 58212 (syz-executor) thread 0xffff80003a001cc0 (478253) Process 16707 (syz-executor) thread 0xffff80003c412560 (314258) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10232 11180K 11364K 166960K 12854 0 pcb 18 16K 32K 166960K 519 0 rtable 239 18K 19K 166960K 567 0 pf 42 19K 22K 166960K 239 0 ifaddr 49 9K 9K 166960K 138 0 ifgroup 66 2K 3K 166960K 234 0 sysctl 4 1K 9K 166960K 19 0 counters 72 37K 38K 166960K 266 0 ioctlops 1 4K 4K 166960K 1799 0 iov 0 0K 24K 166960K 67 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1424 90K 90K 166960K 2504 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 9K 166960K 24 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 48 0 dirhash 12 2K 3K 166960K 48 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 240K 166960K 1391 0 sigio 0 0K 0K 166960K 27 0 proc 72 115K 147K 166960K 771 0 subproc 72 4K 4K 166960K 99 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 406 0 in_multi 96 6K 7K 166960K 205 0 ether_multi 1 0K 0K 166960K 26 0 mrt 1 0K 0K 166960K 9 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 103 466K 466K 166960K 103 0 exec 0 0K 1K 166960K 892 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 261 170K 184K 166960K 13819 0 UVM aobj 11 2K 4K 166960K 14 0 pinsyscall 44 88K 100K 166960K 2573 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 64 0 NDP 14 0K 1K 166960K 99 0 temp 81 8656K 8732K 166960K 70754 0 kqueue 16 24K 30K 166960K 300 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 152 0 149 2 1 1 2 0 8 0 rtentry 176 175 0 83 5 0 5 5 0 8 0 unpcb 144 844 0 815 5 3 2 4 0 8 0 syncache 336 17 0 17 4 3 1 1 0 8 1 tcpqe 32 4 0 4 3 2 1 1 0 8 1 tcpcb 736 605 0 597 19 17 2 7 0 8 0 arp 136 25 0 12 1 0 1 1 0 8 0 inpcb 328 1798 0 1785 19 12 7 7 0 8 5 nd6 152 27 0 8 1 0 1 1 0 8 0 pkpcb 40 6 0 6 2 1 1 1 0 8 1 kcovpl 48 11 0 3 1 0 1 1 0 8 0 mppekey 1024 2 0 2 1 1 0 1 0 8 0 ppxss 1192 81 0 81 2 1 1 1 0 8 1 pppxif 1504 6 0 6 2 2 0 1 0 8 0 pffrag 232 10 0 1 1 0 1 1 0 482 0 pffrnode 88 10 0 1 1 0 1 1 0 8 0 pffrent 40 16 0 7 1 0 1 1 0 8 0 pfosfp 40 1429 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1429 0 714 21 0 21 21 0 8 0 pfrktable 1344 8 1 8 3 2 1 1 0 8 1 pfanchor 1288 6 0 3 3 2 1 1 0 8 0 pftag 88 2 0 1 2 1 1 1 0 8 0 pfstitem 24 116 0 35 1 0 1 1 0 8 0 pfstkey 128 116 0 35 3 0 3 3 0 8 0 pfstate 384 116 0 35 9 0 9 9 0 8 0 pfrule 1344 29 0 23 2 1 1 2 0 8 0 rttmr 136 2 0 2 2 2 0 1 0 8 0 art_heap8 4096 5 0 1 5 1 4 5 0 8 0 art_heap4 256 778 0 345 32 4 28 29 0 8 0 art_table 40 783 0 346 5 0 5 5 0 8 0 art_node 32 173 0 97 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 2 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 46 0 36 1 0 1 1 0 8 0 shmpl 112 11 0 3 1 0 1 1 0 8 0 dirhash 1024 41 0 24 3 0 3 3 0 8 0 dino2pl 256 4042 0 2534 96 0 96 96 0 8 0 ffsino 296 4042 0 2534 117 0 117 117 0 8 0 nchpl 144 5917 0 4212 64 0 64 64 0 8 0 rtmask 32 19 0 19 2 2 0 1 0 8 0 vnodes 216 4660 0 0 259 0 259 259 0 8 0 namei 1024 21546 0 21546 3 2 1 2 0 8 1 percpumem 16 148 0 97 1 0 1 1 0 8 0 pfiaddrpl 120 3 0 2 2 1 1 1 0 8 0 kstatmem 264 160 0 126 3 0 3 3 0 8 0 scsiplug 72 7 0 7 4 3 1 1 0 8 1 scxspl 216 43168 0 43167 10 9 1 8 1 8 0 plimitpl 152 244 0 224 1 0 1 1 0 8 0 sigapl 424 1681 0 1612 9 1 8 8 0 8 0 knotepl 120 580 0 0 17 0 17 17 0 8 0 kqueuepl 224 600 0 587 8 3 5 5 0 8 4 pipepl 344 251 0 223 6 0 6 6 0 8 3 fdescpl 528 1644 0 1612 3 0 3 3 0 8 0 filepl 160 11198 0 10954 23 7 16 18 0 8 1 lockfpl 104 481 0 478 1 0 1 1 0 8 0 lockfspl 48 168 0 165 1 0 1 1 0 8 0 sessionpl 144 36 0 27 1 0 1 1 0 8 0 pgrppl 48 160 0 143 1 0 1 1 0 8 0 ucredpl 104 1764 0 1749 1 0 1 1 0 8 0 zombiepl 144 1613 0 1612 1 0 1 1 0 8 0 processpl 1232 1681 0 1612 6 0 6 6 0 8 0 procpl 664 3766 0 3687 8 0 8 8 0 8 0 sosppl 168 5 0 5 3 3 0 1 0 8 0 sockpl 752 2964 0 2918 25 14 11 14 0 8 3 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 108 0 0 14 0 14 14 0 8 0 mcl2k 2048 62 0 0 5 0 5 5 0 8 0 mtagpl 96 5 0 0 1 0 1 1 0 8 0 mbufpl 256 4416 0 0 275 0 275 275 0 8 0 bufpl 280 18263 0 12120 439 0 439 439 0 8 0 anonpl 32 16760 0 0 136 1 135 136 0 246 0 amapchunkpl 152 47305 0 46690 49 17 32 32 0 158 2 amappl16 200 6113 0 5834 80 43 37 37 0 8 0 amappl15 192 2 0 2 1 1 0 1 0 8 0 amappl14 184 176 0 162 1 0 1 1 0 8 0 amappl13 176 5 0 5 1 1 0 1 0 8 0 amappl12 168 2348 0 2316 4 2 2 3 0 8 0 amappl11 160 56 0 42 1 0 1 1 0 8 0 amappl10 152 11 0 9 1 0 1 1 0 8 0 amappl9 144 250 0 250 1 1 0 1 0 8 0 amappl8 136 26 0 23 1 0 1 1 0 8 0 amappl7 128 126 0 113 1 0 1 1 0 8 0 amappl6 120 214 0 209 1 0 1 1 0 8 0 amappl5 112 160 0 149 1 0 1 1 0 8 0 amappl4 104 341 0 320 1 0 1 1 0 8 0 amappl3 96 8343 0 8240 3 0 3 3 0 8 0 amappl2 88 1962 0 1877 4 1 3 3 0 8 0 amappl1 80 15916 0 15225 18 1 17 17 0 8 1 amappl 88 12827 0 12647 5 0 5 5 0 92 0 uvmvnodes 80 4660 0 0 96 0 96 96 0 8 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma512 512 3 0 3 2 2 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 256 0 256 3 3 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 13 0 3 1 0 1 1 0 8 0 uaddrrnd 24 1644 0 1612 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1644 0 1612 1 0 1 1 0 8 0 vmmpekpl 168 15344 0 15296 3 0 3 3 0 8 0 vmmpepl 168 111592 0 109184 139 13 126 126 0 357 0 vmsppl 488 1643 0 1612 6 1 5 5 0 8 0 rwobjpl 80 36737 0 30755 132 1 131 131 0 8 0 pdppl 4096 3295 0 3224 115 40 75 83 0 8 4 pvpl 32 24934 0 0 202 1 201 201 0 265 0 pmappl 256 1643 0 1612 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 584 0 73 15 0 15 15 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff83844ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c kd_curproc sys/dev/kcov.c:584 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c sys/dev/kcov.c:153 __mp_lock(ffffffff838cad40) at __mp_lock+0x1a3 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838cad40) at __mp_lock+0x1a3 sys/kern/kern_lock.c:165 intr_handler(ffff8000357e1590,ffff80000007aa80) at intr_handler+0xe9 sys/arch/amd64/amd64/intr.c:559 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f end of kernel end trace frame: 0x7f1847bb19a0, count: -7 ddb{0}> machine ddbcpu 1 Stopped at pf_anchor_global_RB_REMOVE+0x81: movq 0(%r12),%r15 ddb{1}> trace pf_anchor_global_RB_REMOVE(ffffffff839b5d10,ffff800001528f28) at pf_anchor_global_RB_REMOVE+0x81 sys/net/pf_ruleset.c:82 pf_remove_if_empty_ruleset(ffff8000015293b8) at pf_remove_if_empty_ruleset+0x12d sys/net/pf_ruleset.c:301 pfi_dynaddr_setup(ffff8000013f5508,0,1) at pfi_dynaddr_setup+0x671 sys/net/pf_if.c:508 pf_addr_setup(ffffffff839b61a8,ffff8000013f5508,0) at pf_addr_setup+0x46 sys/net/pf_ioctl.c:917 pfioctl(24900,cd50441a,ffff800001506000,3,ffff80003a001cc0) at pfioctl+0x976a sys/net/pf_ioctl.c:1681 VOP_IOCTL(fffffd805e46bb50,cd50441a,ffff800001506000,3,fffffd80097fb138,ffff80003a001cc0) at VOP_IOCTL+0xac sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806c31d3d8,cd50441a,ffff800001506000,ffff80003a001cc0) at vn_ioctl+0xf8 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80003a001cc0,ffff80003c4071f0,ffff80003c407140) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1 syscall(ffff80003c4071f0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c4071f0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x54494a24490, count: -10