kernel: protection fault trap, code=0 Stopped at pf_anchor_global_RB_REMOVE+0x81: movq 0(%r12),%r15 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace pf_anchor_global_RB_REMOVE(ffffffff839ed298,ffff800010fdb758) at pf_anchor_global_RB_REMOVE+0x81 sys/net/pf_ruleset.c:82 pf_remove_if_empty_ruleset(ffff800010fdbbe8) at pf_remove_if_empty_ruleset+0x12d sys/net/pf_ruleset.c:301 pfi_dynaddr_setup(ffff800001642ab0,0,1) at pfi_dynaddr_setup+0x671 sys/net/pf_if.c:508 pf_addr_setup(ffffffff839ed730,ffff800001642ab0,0) at pf_addr_setup+0x46 sys/net/pf_ioctl.c:948 pfioctl(24900,cd60441a,ffff8000015f7000,83,ffff80002ccbefb8) at pfioctl+0x9aba sys/net/pf_ioctl.c:2621 VOP_IOCTL(fffffd800de7a6f8,cd60441a,ffff8000015f7000,83,fffffd8007ffd7b8,ffff80002ccbefb8) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806c677720,cd60441a,ffff8000015f7000,ffff80002ccbefb8) at vn_ioctl+0xea sys/kern/vfs_vnops.c:537 sys_ioctl(ffff80002ccbefb8,ffff80003c8fde00,ffff80003c8fdd50) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c8fde00) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c8fde00) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5c27e42ba00, count: -10 ddb> show registers rdi 0xffff8000370d4000 rsi 0xfc3 rbp 0xffff80003c8fd7d0 rbx 0xffffffff839ed298 pf_anchors rdx 0xffff8000370d4000 rcx 0xfc2 rax 0xffffffff82738b4f pf_anchor_global_RB_REMOVE+0x2f r8 0x3fc r9 0x8080808080808080 r10 0xc1e9c2ca7f67f113 r11 0xd8c5d5b23b1bb080 r12 0x9ac9a3fde48ceab r13 0x1 r14 0xffff800010fdb758 r15 0x60c9029d4946e91e rip 0xffffffff82738ba1 pf_anchor_global_RB_REMOVE+0x81 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff80003c8fd780 ss 0x10 pf_anchor_global_RB_REMOVE+0x81: movq 0(%r12),%r15 ddb> show proc PROC (syz-executor) tid=280526 pid=49682 tcnt=2 stat=onproc flags process=4000000 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002ccbea88,0xffffffff83a255b8 process=0xffff8000ffffad18 user=0xffff80003c8f8000, vmspace=0xfffffd806c7f4740 estcpu=2, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 49682 336563 41331 0 2 0x4000000 syz-executor *49682 280526 41331 0 7 0x4000000 syz-executor 35086 93747 24355 0 2 0 syz-executor 35086 383590 24355 0 3 0x4000080 ttyin syz-executor 72202 512503 59877 0 2 0 syz-executor 72202 227543 59877 0 3 0x4000080 netcon syz-executor 34247 507797 39234 0 3 0x90 nanoslp syz-executor 34247 496969 39234 0 3 0x4000090 semwait syz-executor 34247 465025 39234 0 3 0x4000090 fsleep syz-executor 46664 155994 32820 0 2 0xc80 syz-executor 46664 97056 32820 0 3 0x4000080 kqsel syz-executor 46664 294225 32820 0 3 0x4000080 fsleep syz-executor 25954 4511 6578 0 2 0xc81 syz-executor 25954 133100 6578 0 3 0x4000081 fsleep syz-executor 25954 118862 6578 0 3 0x4000081 ttyopn syz-executor 63346 259602 91289 0 3 0x3000 suspend syz-executor 63346 331315 91289 0 2 0x4081000 syz-executor 63346 171156 91289 0 3 0x4081000 inode syz-executor 63346 103165 91289 0 3 0x4081000 inode syz-executor 24355 226814 88976 0 2 0xc82 syz-executor 6578 506822 88976 0 2 0xc82 syz-executor 41331 407770 88976 0 2 0xc82 syz-executor 39234 177922 88976 0 3 0x82 nanoslp syz-executor 59877 68871 88976 0 3 0x82 nanoslp syz-executor 32820 215638 88976 0 3 0x82 nanoslp syz-executor 91289 195353 88976 0 3 0x82 nanoslp syz-executor 33076 40237 88976 0 2 0x2 syz-executor 88976 34301 17697 0 3 0x82 kqread syz-executor 17697 354701 44097 0 3 0x10008a sigsusp ksh 44097 319646 9794 0 3 0x98 kqread sshd-session 9794 256955 87713 0 3 0x92 kqread sshd-session 18333 103496 1 0 3 0x100083 ttyin getty 87713 16315 1 0 3 0x88 kqread sshd 78270 303723 82856 73 3 0x1100090 kqread syslogd 82856 319907 1 0 3 0x100082 sbwait syslogd 70068 380993 1 0 3 0x100080 kqread resolvd 96317 195652 27580 77 3 0x100092 kqread dhcpleased 98009 369240 27580 77 3 0x100092 kqread dhcpleased 27580 66235 1 0 3 0x80 kqread dhcpleased 11792 516977 0 0 3 0x14200 bored smr 28866 388981 0 0 2 0x14200 zerothread 61883 358488 0 0 3 0x14200 aiodoned aiodoned 47907 398955 0 0 3 0x14200 syncer update 46144 448519 0 0 3 0x14200 cleaner cleaner 17000 313745 0 0 3 0x14200 reaper reaper 89692 224284 0 0 3 0x14200 pgdaemon pagedaemon 6902 295649 0 0 3 0x14200 bored viomb 61521 128593 0 0 3 0x40014200 acpi0 acpi0 40516 168834 0 0 3 0x14200 bored softnet0 56643 284075 0 0 3 0x14200 bored systqmp 40959 128056 0 0 3 0x14200 bored systq 95348 464138 0 0 3 0x40014200 tmoslp softclock 28432 154461 0 0 3 0x40014200 idle0 1 78602 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11043 12165K 12383K 166960K 12298 0 pcb 17 12K 12K 166960K 50 0 rtable 256 8K 9K 166960K 388 0 pf 35 14K 19K 166960K 57 0 ifaddr 42 7K 7K 166960K 51 0 ifgroup 50 2K 2K 166960K 63 0 sysctl 1 1K 9K 166960K 72 0 counters 33 17K 18K 166960K 38 0 ioctlops 1 4K 4K 166960K 59 0 iov 0 0K 16K 166960K 6 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1297 82K 82K 166960K 1504 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 5K 166960K 4 0 VM map 2 1K 1K 166960K 2 0 sem 6 0K 0K 166960K 8 0 dirhash 12 2K 2K 166960K 15 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 106K 166960K 286 0 sigio 0 0K 0K 166960K 1 0 proc 60 59K 91K 166960K 504 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 64 0 in_multi 99 7K 7K 166960K 104 0 ether_multi 1 0K 0K 166960K 1 0 mrt 0 0K 0K 166960K 5 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 61 281K 281K 166960K 61 0 exec 0 0K 1K 166960K 447 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 228 159K 172K 166960K 4208 0 UVM aobj 7 2K 2K 166960K 7 0 pinsyscall 38 76K 94K 166960K 1373 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 9 0 NDP 11 0K 2K 166960K 32 0 temp 40 9067K 9139K 166960K 12038 0 kqueue 15 24K 28K 166960K 53 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 45 0 42 1 0 1 1 0 8 0 rtentry 136 114 0 2 4 0 4 4 0 8 0 unpcb 144 109 0 92 1 0 1 1 0 8 0 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 736 137 0 131 7 6 1 7 0 8 0 arp 96 18 0 0 1 0 1 1 0 8 0 ipq 40 1 0 0 1 0 1 1 0 8 0 ipqe 40 4 0 3 1 0 1 1 0 8 0 inpcb 328 365 0 355 13 11 2 12 0 8 1 ip6q 72 3 0 0 1 0 1 1 0 8 0 ip6af 40 3 0 0 1 0 1 1 0 8 0 nd6 112 26 0 0 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 0 1 1 0 8 1 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1072 4 0 4 2 1 1 1 0 8 1 pfstscr 40 2 0 0 1 0 1 1 0 8 0 pfrktable 1344 2 1 1 1 0 1 1 0 8 0 pfanchor 1288 1 0 1 1 0 1 1 0 8 1 pfstitem 24 4 0 0 1 0 1 1 0 8 0 pfstkey 128 4 0 0 1 0 1 1 0 8 0 pfstate 384 2 0 0 1 0 1 1 0 8 0 pfrule 1360 3 0 2 2 1 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 457 0 0 29 0 29 29 0 8 0 art_table 40 458 0 0 5 0 5 5 0 8 0 art_node 32 113 0 11 1 0 1 1 0 8 0 sysvmsgpl 40 2 0 0 1 0 1 1 0 8 0 semapl 112 6 0 2 1 0 1 1 0 8 0 shmpl 112 4 0 0 1 0 1 1 0 8 0 dirhash 1024 19 0 2 3 0 3 3 0 8 0 dino2pl 256 1863 0 405 92 0 92 92 0 8 0 ffsino 256 1863 0 405 92 0 92 92 0 8 0 nchpl 144 2265 0 573 64 0 64 64 0 8 0 vnodes 216 2015 0 0 112 0 112 112 0 8 0 namei 1024 6934 0 6931 1 0 1 1 0 8 0 pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0 kstatmem 264 33 0 10 2 0 2 2 0 8 0 scsiplug 72 1 0 1 1 0 1 1 0 8 1 scxspl 216 10702 0 10702 8 7 1 8 1 8 1 plimitpl 152 43 0 26 1 0 1 1 0 8 0 sigapl 424 573 0 531 6 1 5 6 0 8 0 knotepl 120 7885 0 7838 9 0 9 9 0 8 7 kqueuepl 184 62 0 49 1 0 1 1 0 8 0 pipepl 304 129 0 102 3 0 3 3 0 8 0 fdescpl 448 560 0 531 5 1 4 5 0 8 0 filepl 120 2519 0 2296 11 3 8 11 0 8 0 lockfpl 104 49 0 46 1 0 1 1 0 8 0 lockfspl 48 26 0 23 1 0 1 1 0 8 0 sessionpl 144 94 0 85 1 0 1 1 0 8 0 pgrppl 48 104 0 87 1 0 1 1 0 8 0 ucredpl 104 336 0 324 1 0 1 1 0 8 0 zombiepl 144 532 0 531 1 0 1 1 0 8 0 processpl 1152 573 0 531 4 0 4 4 0 8 0 procpl 664 777 0 723 6 0 6 6 0 8 0 sosppl 176 4 0 4 2 1 1 1 0 8 1 sockpl 552 529 0 499 12 9 3 12 0 8 0 mcl64k 65536 10 0 9 2 1 1 1 0 8 0 mcl16k 16384 1 0 1 1 1 0 1 0 8 0 mcl8k 8192 4 0 4 1 1 0 1 0 8 0 mcl4k 4096 2686 0 2633 14 6 8 14 0 8 1 mcl2k 2048 237 0 233 1 0 1 1 0 8 0 mtagpl 96 11 0 7 1 0 1 1 0 8 0 mbufpl 256 5638 0 5369 19 1 18 18 0 8 0 bufpl 280 4158 0 104 290 0 290 290 0 8 0 anonpl 24 120431 0 115062 75 18 57 60 0 187 0 amapchunkpl 152 12626 0 12140 27 4 23 27 0 158 0 amappl16 200 2322 0 2157 25 4 21 21 0 8 1 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 414 0 413 1 0 1 1 0 8 0 amappl13 176 113 0 103 1 0 1 1 0 8 0 amappl12 168 850 0 822 2 0 2 2 0 8 0 amappl11 160 37 0 37 1 1 0 1 0 8 0 amappl10 152 91 0 80 1 0 1 1 0 8 0 amappl9 144 257 0 257 1 1 0 1 0 8 0 amappl8 136 100 0 99 1 0 1 1 0 8 0 amappl7 128 143 0 131 1 0 1 1 0 8 0 amappl6 120 147 0 145 1 0 1 1 0 8 0 amappl5 112 93 0 84 1 0 1 1 0 8 0 amappl4 104 252 0 238 1 0 1 1 0 8 0 amappl3 96 2319 0 2208 5 1 4 4 0 8 0 amappl2 88 506 0 453 2 0 2 2 0 8 0 amappl1 80 9546 0 8999 13 1 12 13 0 8 0 amappl 88 3505 0 3341 5 0 5 5 0 92 0 uvmvnodes 80 99 0 0 3 0 3 3 0 8 0 dma4096 4096 2 0 2 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 1 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 6 0 0 1 0 1 1 0 8 0 uaddrrnd 24 560 0 531 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 560 0 531 1 0 1 1 0 8 0 vmmpekpl 168 6058 0 6024 2 0 2 2 0 8 0 vmmpepl 168 43218 0 41301 96 0 96 96 0 357 0 vmsppl 368 559 0 531 4 1 3 4 0 8 0 rwobjpl 40 15132 0 14045 14 0 14 14 0 8 0 pdppl 4096 1126 0 1062 100 34 66 80 0 8 2 pvpl 32 279062 0 268192 146 24 122 133 0 265 0 pmappl 216 559 0 531 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 378 0 56 10 0 10 10 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pf_anchor_global_RB_REMOVE(ffffffff839ed298,ffff800010fdb758) at pf_anchor_global_RB_REMOVE+0x81 sys/net/pf_ruleset.c:82 pf_remove_if_empty_ruleset(ffff800010fdbbe8) at pf_remove_if_empty_ruleset+0x12d sys/net/pf_ruleset.c:301 pfi_dynaddr_setup(ffff800001642ab0,0,1) at pfi_dynaddr_setup+0x671 sys/net/pf_if.c:508 pf_addr_setup(ffffffff839ed730,ffff800001642ab0,0) at pf_addr_setup+0x46 sys/net/pf_ioctl.c:948 pfioctl(24900,cd60441a,ffff8000015f7000,83,ffff80002ccbefb8) at pfioctl+0x9aba sys/net/pf_ioctl.c:2621 VOP_IOCTL(fffffd800de7a6f8,cd60441a,ffff8000015f7000,83,fffffd8007ffd7b8,ffff80002ccbefb8) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806c677720,cd60441a,ffff8000015f7000,ffff80002ccbefb8) at vn_ioctl+0xea sys/kern/vfs_vnops.c:537 sys_ioctl(ffff80002ccbefb8,ffff80003c8fde00,ffff80003c8fdd50) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c8fde00) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c8fde00) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5c27e42ba00, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace pf_anchor_global_RB_REMOVE(ffffffff839ed298,ffff800010fdb758) at pf_anchor_global_RB_REMOVE+0x81 sys/net/pf_ruleset.c:82 pf_remove_if_empty_ruleset(ffff800010fdbbe8) at pf_remove_if_empty_ruleset+0x12d sys/net/pf_ruleset.c:301 pfi_dynaddr_setup(ffff800001642ab0,0,1) at pfi_dynaddr_setup+0x671 sys/net/pf_if.c:508 pf_addr_setup(ffffffff839ed730,ffff800001642ab0,0) at pf_addr_setup+0x46 sys/net/pf_ioctl.c:948 pfioctl(24900,cd60441a,ffff8000015f7000,83,ffff80002ccbefb8) at pfioctl+0x9aba sys/net/pf_ioctl.c:2621 VOP_IOCTL(fffffd800de7a6f8,cd60441a,ffff8000015f7000,83,fffffd8007ffd7b8,ffff80002ccbefb8) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806c677720,cd60441a,ffff8000015f7000,ffff80002ccbefb8) at vn_ioctl+0xea sys/kern/vfs_vnops.c:537 sys_ioctl(ffff80002ccbefb8,ffff80003c8fde00,ffff80003c8fdd50) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c8fde00) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c8fde00) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5c27e42ba00, count: -10