kernel: protection fault trap, code=0 Stopped at pf_anchor_global_RB_REMOVE+0x81: movq 0(%r12),%r15 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace pf_anchor_global_RB_REMOVE(ffffffff83935398,ffff800001659928) at pf_anchor_global_RB_REMOVE+0x81 sys/net/pf_ruleset.c:82 pf_remove_if_empty_ruleset(ffff800001659db8) at pf_remove_if_empty_ruleset+0x12d sys/net/pf_ruleset.c:301 pfi_dynaddr_setup(ffff80000161fa90,0,1) at pfi_dynaddr_setup+0x671 sys/net/pf_if.c:508 pf_addr_setup(ffffffff83935830,ffff80000161fa90,0) at pf_addr_setup+0x46 sys/net/pf_ioctl.c:948 pfioctl(14900,cd60441a,ffff8000015dc000,2,ffff8000348c8a80) at pfioctl+0x9a85 sys/net/pf_ioctl.c:2618 VOP_IOCTL(fffffd806bc976e8,cd60441a,ffff8000015dc000,2,fffffd8007ffd068,ffff8000348c8a80) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8069349718,cd60441a,ffff8000015dc000,ffff8000348c8a80) at vn_ioctl+0xea sys/kern/vfs_vnops.c:537 sys_ioctl(ffff8000348c8a80,ffff80003c94f660,ffff80003c94f5b0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c94f660) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c94f660) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x15e52a6a90, count: -10 ddb> show registers rdi 0xffff80003a4f2000 rsi 0x562 rbp 0xffff80003c94f030 rbx 0xffffffff83935398 pf_anchors rdx 0xffff80003a4f2000 rcx 0x561 rax 0xffffffff814ea0af pf_anchor_global_RB_REMOVE+0x2f r8 0x3fc r9 0x8080808080808080 r10 0x4d7e5a2709108431 r11 0x89e812458e58b459 r12 0xc393f839e8d4c0b6 r13 0x1 r14 0xffff800001659928 r15 0x17c6da105f20d8d rip 0xffffffff814ea101 pf_anchor_global_RB_REMOVE+0x81 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff80003c94efe0 ss 0x10 pf_anchor_global_RB_REMOVE+0x81: movq 0(%r12),%r15 ddb> show proc PROC (syz-executor) tid=121042 pid=18323 tcnt=2 stat=onproc flags process=10 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000348c9248,0xffff8000348c94f0 process=0xffff8000ffffba98 user=0xffff80003c94a000, vmspace=0xfffffd8070424a28 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 19321 24501 8280 0 2 0 syz-executor 19321 194880 8280 0 3 0x4000080 msgwait syz-executor 10398 354626 17557 0 2 0 syz-executor 10398 323222 17557 0 3 0x4000080 sbwait syz-executor 18323 282038 16491 0 2 0x10 syz-executor *18323 121042 16491 0 7 0x4000010 syz-executor 68405 430227 15981 0 2 0xc80 syz-executor 68405 159833 15981 0 3 0x4000080 ttyretype syz-executor 38750 463738 28236 0 3 0x3000 suspend syz-executor 38750 460948 28236 0 3 0x4081000 inode syz-executor 38750 95366 28236 0 2 0x4081000 syz-executor 38750 25871 28236 0 3 0x4081000 inode syz-executor 7204 15430 57169 0 3 0x80 nanoslp syz-executor 7204 291604 57169 0 3 0x4000080 kqsel syz-executor 7204 477465 57169 0 3 0x4000080 fsleep syz-executor 50482 504081 31124 0 2 0xc80 syz-executor 50482 127741 31124 0 3 0x4000080 kqread syz-executor 50482 74524 31124 0 3 0x4000080 fsleep syz-executor 66621 462140 11190 0 3 0x90 nanoslp syz-executor 66621 234064 11190 0 3 0x4000090 fsleep syz-executor 66621 37527 11190 0 3 0x4000090 lockf syz-executor 28236 449628 70478 0 3 0x82 nanoslp syz-executor 36287 437270 0 0 3 0x14200 acct acct 16491 342486 70478 0 2 0xc82 syz-executor 57169 277922 70478 0 3 0x82 nanoslp syz-executor 8280 112068 70478 0 3 0x82 nanoslp syz-executor 11190 473430 70478 0 2 0xc82 syz-executor 15981 168241 70478 0 2 0xc82 syz-executor 17557 483037 70478 0 3 0x82 nanoslp syz-executor 31124 224787 70478 0 2 0xc82 syz-executor 70478 203978 89545 0 2 0x2 syz-executor 89545 14566 70426 0 3 0x10008a sigsusp ksh 70426 324785 41975 0 3 0x98 kqread sshd-session 41975 496467 4719 0 3 0x92 kqread sshd-session 24482 182932 1 0 3 0x100083 ttyopn getty 4719 82313 1 0 3 0x88 kqread sshd 49125 42975 77303 73 3 0x1100090 kqread syslogd 77303 77026 1 0 3 0x100082 sbwait syslogd 5887 161052 1 0 3 0x100080 kqread resolvd 86489 352884 91902 77 3 0x100092 kqread dhcpleased 57706 415342 91902 77 3 0x100092 kqread dhcpleased 91902 88560 1 0 3 0x80 kqread dhcpleased 58844 67252 0 0 3 0x14200 bored smr 40136 240166 0 0 2 0x14200 zerothread 46042 230972 0 0 3 0x14200 aiodoned aiodoned 42126 254202 0 0 3 0x14200 syncer update 81104 407497 0 0 3 0x14200 cleaner cleaner 82581 30928 0 0 3 0x14200 reaper reaper 84082 352235 0 0 3 0x14200 pgdaemon pagedaemon 83371 252328 0 0 3 0x14200 bored viomb 8670 309455 0 0 3 0x40014200 acpi0 acpi0 41470 532 0 0 2 0x14200 softnet0 44030 135820 0 0 3 0x14200 bored systqmp 92454 404662 0 0 3 0x14200 syncxs systq 53073 514450 0 0 3 0x40014200 tmoslp softclock 83380 338259 0 0 3 0x40014200 idle0 1 144623 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11064 12369K 12536K 166960K 12458 0 pcb 18 12K 12K 166960K 71 0 rtable 267 10K 10K 166960K 437 0 pf 35 14K 20K 166960K 90 0 ifaddr 42 7K 7K 166960K 56 0 ifgroup 50 2K 2K 166960K 71 0 sysctl 1 1K 9K 166960K 6 0 counters 33 17K 18K 166960K 47 0 ioctlops 1 4K 4K 166960K 132 0 iov 0 0K 12K 166960K 15 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1322 83K 84K 166960K 1704 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 5 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 23 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 89K 166960K 449 0 sigio 0 0K 0K 166960K 11 0 proc 60 59K 91K 166960K 552 0 subproc 72 4K 4K 166960K 82 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 50 0 in_multi 99 7K 7K 166960K 113 0 ether_multi 1 0K 0K 166960K 1 0 mrt 0 0K 0K 166960K 5 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 115 519K 519K 166960K 115 0 exec 0 0K 1K 166960K 401 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 236 144K 158K 166960K 5587 0 UVM aobj 7 2K 2K 166960K 7 0 pinsyscall 39 78K 94K 166960K 1556 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 19 0 NDP 11 0K 2K 166960K 36 0 temp 50 9069K 9133K 166960K 12683 0 kqueue 16 24K 28K 166960K 74 0 SYN cache 2 16K 24K 166960K 3 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle vscsiccb 40 1 0 0 1 0 1 1 0 8 0 rtpcb 120 56 0 53 1 0 1 1 0 8 0 rtentry 136 124 0 12 4 0 4 4 0 8 0 unpcb 144 250 0 230 3 2 1 3 0 8 0 syncache 336 5 0 5 2 1 1 1 0 8 1 tcpcb 736 70 0 65 1 0 1 1 0 8 0 arp 96 20 0 2 1 0 1 1 0 8 0 ipq 40 8 0 2 1 0 1 1 0 8 0 ipqe 40 10 0 4 1 0 1 1 0 8 0 inpcb 328 254 0 246 2 0 2 2 0 8 0 ip6q 72 1 0 0 1 0 1 1 0 8 0 ip6af 40 1 0 0 1 0 1 1 0 8 0 nd6 112 27 0 3 1 0 1 1 0 8 0 pkpcb 40 2 0 2 2 1 1 1 0 8 1 kcovpl 48 9 0 1 1 0 1 1 0 8 0 ppxss 1072 11 0 11 1 0 1 1 0 8 1 pfstscr 40 2 0 2 1 0 1 1 0 8 1 pfrktable 1344 3 4 2 1 0 1 1 0 8 0 pfanchor 1288 7 0 5 1 0 1 1 0 8 0 pftag 88 4 0 1 1 0 1 1 0 8 0 pfqueue 320 1 0 0 1 0 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 5 0 3 1 0 1 1 0 8 0 pfstate 384 3 0 2 1 0 1 1 0 8 0 pfrule 1360 7 0 4 1 0 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 497 0 44 29 0 29 29 0 8 0 art_table 40 499 0 44 5 0 5 5 0 8 0 art_node 32 124 0 22 1 0 1 1 0 8 0 sysvmsgpl 40 3 0 1 1 0 1 1 0 8 0 semapl 112 19 0 9 1 0 1 1 0 8 0 shmpl 112 4 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2194 0 738 92 0 92 92 0 8 0 ffsino 256 2194 0 738 92 0 92 92 0 8 0 nchpl 144 2870 0 1176 64 0 64 64 0 8 0 rtmask 32 4 0 4 1 0 1 1 0 8 1 vnodes 216 2444 0 0 136 0 136 136 0 8 0 namei 1024 9089 0 9089 2 1 1 1 0 8 1 pfiaddrpl 120 4 0 3 1 0 1 1 0 8 0 kstatmem 264 37 0 14 2 0 2 2 0 8 0 scsiplug 72 2 0 2 1 0 1 1 0 8 1 scxspl 216 9612 0 9611 2 1 1 2 1 8 0 plimitpl 152 171 0 153 1 0 1 1 0 8 0 sigapl 424 738 0 694 7 1 6 6 0 8 1 knotepl 120 98948 0 98896 18 8 10 10 0 8 7 kqueuepl 184 132 0 118 3 0 3 3 0 8 2 pipepl 304 140 0 113 3 0 3 3 0 8 0 fdescpl 448 724 0 694 5 1 4 5 0 8 0 filepl 120 3599 0 3307 11 1 10 10 0 8 0 lockfpl 104 132 0 126 1 0 1 1 0 8 0 lockfspl 48 57 0 52 1 0 1 1 0 8 0 sessionpl 144 35 0 26 1 0 1 1 0 8 0 pgrppl 48 45 0 29 1 0 1 1 0 8 0 ucredpl 104 797 0 784 1 0 1 1 0 8 0 zombiepl 144 695 0 694 1 0 1 1 0 8 0 processpl 1152 738 0 694 4 0 4 4 0 8 0 procpl 664 1200 0 1143 7 1 6 6 0 8 0 sosppl 176 1 0 0 1 0 1 1 0 8 0 sockpl 552 570 0 536 8 4 4 7 0 8 1 mcl64k 65536 32 0 30 1 0 1 1 0 8 0 mcl12k 12288 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 7 0 7 2 1 1 1 0 8 1 mcl4k 4096 2909 0 2856 16 8 8 15 0 8 1 mcl2k2 2112 1 0 1 1 0 1 1 0 8 1 mcl2k 2048 495 0 494 2 0 2 2 0 8 1 mtagpl 96 13 0 7 1 0 1 1 0 8 0 mbufpl 256 7463 0 7306 24 7 17 18 0 8 6 bufpl 280 3376 0 102 234 0 234 234 0 8 0 anonpl 24 133020 0 126577 47 1 46 46 0 187 2 amapchunkpl 152 17679 0 17109 34 4 30 30 0 158 6 amappl16 200 2567 0 2415 11 2 9 11 0 8 0 amappl15 192 7 0 7 2 1 1 1 0 8 1 amappl14 184 421 0 420 1 0 1 1 0 8 0 amappl13 176 117 0 107 1 0 1 1 0 8 0 amappl12 168 963 0 933 2 0 2 2 0 8 0 amappl11 160 20 0 20 1 1 0 1 0 8 0 amappl10 152 56 0 46 1 0 1 1 0 8 0 amappl9 144 256 0 254 1 0 1 1 0 8 0 amappl8 136 116 0 114 1 0 1 1 0 8 0 amappl7 128 176 0 164 1 0 1 1 0 8 0 amappl6 120 161 0 159 1 0 1 1 0 8 0 amappl5 112 90 0 82 1 0 1 1 0 8 0 amappl4 104 256 0 240 1 0 1 1 0 8 0 amappl3 96 3384 0 3271 4 0 4 4 0 8 0 amappl2 88 506 0 452 2 0 2 2 0 8 0 amappl1 80 10232 0 9677 14 2 12 14 0 8 0 amappl 88 4841 0 4667 5 0 5 5 0 92 0 uvmvnodes 80 107 0 0 3 0 3 3 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 1 1 1 0 8 1 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 6 0 0 1 0 1 1 0 8 0 uaddrrnd 24 724 0 694 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 724 0 694 1 0 1 1 0 8 0 vmmpekpl 168 7167 0 7130 3 0 3 3 0 8 0 vmmpepl 168 53033 0 51054 91 4 87 89 0 357 0 vmsppl 368 723 0 694 4 1 3 4 0 8 0 rwobjpl 40 17039 0 15936 12 0 12 12 0 8 0 pdppl 4096 1454 0 1388 94 28 66 78 0 8 0 pvpl 32 333925 0 321821 117 11 106 116 0 265 3 pmappl 216 723 0 694 2 0 2 2 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 376 0 50 10 0 10 10 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pf_anchor_global_RB_REMOVE(ffffffff83935398,ffff800001659928) at pf_anchor_global_RB_REMOVE+0x81 sys/net/pf_ruleset.c:82 pf_remove_if_empty_ruleset(ffff800001659db8) at pf_remove_if_empty_ruleset+0x12d sys/net/pf_ruleset.c:301 pfi_dynaddr_setup(ffff80000161fa90,0,1) at pfi_dynaddr_setup+0x671 sys/net/pf_if.c:508 pf_addr_setup(ffffffff83935830,ffff80000161fa90,0) at pf_addr_setup+0x46 sys/net/pf_ioctl.c:948 pfioctl(14900,cd60441a,ffff8000015dc000,2,ffff8000348c8a80) at pfioctl+0x9a85 sys/net/pf_ioctl.c:2618 VOP_IOCTL(fffffd806bc976e8,cd60441a,ffff8000015dc000,2,fffffd8007ffd068,ffff8000348c8a80) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8069349718,cd60441a,ffff8000015dc000,ffff8000348c8a80) at vn_ioctl+0xea sys/kern/vfs_vnops.c:537 sys_ioctl(ffff8000348c8a80,ffff80003c94f660,ffff80003c94f5b0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c94f660) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c94f660) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x15e52a6a90, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace pf_anchor_global_RB_REMOVE(ffffffff83935398,ffff800001659928) at pf_anchor_global_RB_REMOVE+0x81 sys/net/pf_ruleset.c:82 pf_remove_if_empty_ruleset(ffff800001659db8) at pf_remove_if_empty_ruleset+0x12d sys/net/pf_ruleset.c:301 pfi_dynaddr_setup(ffff80000161fa90,0,1) at pfi_dynaddr_setup+0x671 sys/net/pf_if.c:508 pf_addr_setup(ffffffff83935830,ffff80000161fa90,0) at pf_addr_setup+0x46 sys/net/pf_ioctl.c:948 pfioctl(14900,cd60441a,ffff8000015dc000,2,ffff8000348c8a80) at pfioctl+0x9a85 sys/net/pf_ioctl.c:2618 VOP_IOCTL(fffffd806bc976e8,cd60441a,ffff8000015dc000,2,fffffd8007ffd068,ffff8000348c8a80) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8069349718,cd60441a,ffff8000015dc000,ffff8000348c8a80) at vn_ioctl+0xea sys/kern/vfs_vnops.c:537 sys_ioctl(ffff8000348c8a80,ffff80003c94f660,ffff80003c94f5b0) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c94f660) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c94f660) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x15e52a6a90, count: -10