kernel: protection fault trap, code=0 Stopped at pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace pf_anchor_global_RB_REMOVE(ffffffff829ecf30,ffff800000cb4800) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000cb4c90) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfi_dynaddr_setup(ffff800000ba52b8,0) at pfi_dynaddr_setup+0x411 sys/net/pf_if.c:485 pfioctl(4900,cd60441a,ffff800000bfe000,3,ffff8000266a5ce8) at pfioctl+0x8e07 pf_addr_setup sys/net/pf_ioctl.c:894 [inline] pfioctl(4900,cd60441a,ffff800000bfe000,3,ffff8000266a5ce8) at pfioctl+0x8e07 sys/net/pf_ioctl.c:1653 VOP_IOCTL(fffffd806f68ec68,cd60441a,ffff800000bfe000,3,fffffd807f7d77e0,ffff8000266a5ce8) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8073a7def8,cd60441a,ffff800000bfe000,ffff8000266a5ce8) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 sys_ioctl(ffff8000266a5ce8,ffff800021224d68,ffff800021224dc0) at sys_ioctl+0x4a2 syscall(ffff800021224e30) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800021224e30) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x51385994810, count: -9 ddb{0}> show registers rdi 0xffff8000290d7000 rsi 0x157a __ALIGN_SIZE+0x57a rbp 0xffff800021224840 rbx 0xffffffff829ecf30 pf_anchors rdx 0xffff8000290d7000 rcx 0x1579 __ALIGN_SIZE+0x579 rax 0xffffffff815b6d1b pf_anchor_global_RB_REMOVE+0x2b r8 0x400 r9 0x8080808080808080 r10 0x563adfeda5eaa29b r11 0xff7da621c2a2db8 r12 0x1e33e63e5638b700 r13 0xffffffff829ecf38 pf_main_anchor r14 0xffff800000cb4800 r15 0xdead007fdeadbeef rip 0xffffffff815b6d48 pf_anchor_global_RB_REMOVE+0x58 cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff8000212247f0 ss 0x10 pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb{0}> show proc PROC (syz-executor.4) pid=55406 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff800023074550,0xffff8000ffff5a50 process=0xffff8000ffff0020 user=0xffff80002121f000, vmspace=0xfffffd8062f35470 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 7256 361960 41985 0 2 0 syz-executor.3 7256 522021 41985 0 3 0x4000080 fifow syz-executor.3 98611 19528 75920 0 2 0 syz-executor.5 98611 351722 75920 0 3 0x4000080 fsleep syz-executor.5 50998 46423 72003 0 2 0 syz-executor.4 *50998 55406 72003 0 7 0x4000000 syz-executor.4 14426 94663 10207 0 3 0x80 nanoslp syz-executor.1 14426 44267 10207 0 3 0x4000080 fsleep syz-executor.1 63214 295397 90969 0 2 0 syz-executor.7 28159 487751 22137 0 2 0 syz-executor.6 28159 242466 22137 0 3 0x4000080 fsleep syz-executor.6 31006 384543 50060 0 2 0 syz-executor.0 31006 76858 50060 0 3 0x4000080 fsleep syz-executor.0 90969 366197 80610 0 2 0x482 syz-executor.7 41985 247501 80610 0 2 0x482 syz-executor.3 10207 107962 80610 0 3 0x82 nanoslp syz-executor.1 72003 484638 80610 0 2 0x482 syz-executor.4 65816 384244 80610 0 2 0x482 syz-executor.2 50060 260774 80610 0 3 0x82 nanoslp syz-executor.0 75920 437547 80610 0 3 0x82 nanoslp syz-executor.5 22754 404622 1 0 3 0x100083 ttyin getty 22137 172759 80610 0 3 0x82 nanoslp syz-executor.6 49994 5291 0 0 3 0x14280 nfsidl nfsio 21922 437488 0 0 3 0x14280 nfsidl nfsio 24658 33434 0 0 3 0x14280 nfsidl nfsio 91457 131349 0 0 3 0x14280 nfsidl nfsio 76496 302535 0 0 3 0x14280 nfsidl nfsio 59304 520907 0 0 3 0x14280 nfsidl nfsio 97972 103861 0 0 3 0x14280 nfsidl nfsio 47370 344155 0 0 3 0x14280 nfsidl nfsio 64214 341128 0 0 3 0x14280 nfsidl nfsio 80459 266388 0 0 3 0x14280 nfsidl nfsio 44883 172991 0 0 3 0x14280 nfsidl nfsio 41683 503705 0 0 3 0x14280 nfsidl nfsio 92602 214538 0 0 3 0x14280 nfsidl nfsio 49095 464511 0 0 3 0x14280 nfsidl nfsio 69978 524283 0 0 3 0x14280 nfsidl nfsio 57438 175599 0 0 3 0x14280 nfsidl nfsio 29028 291732 0 0 3 0x14280 nfsidl nfsio 25319 220406 0 0 3 0x14280 nfsidl nfsio 23109 6226 0 0 3 0x14280 nfsidl nfsio 24849 422607 0 0 3 0x14280 nfsidl nfsio 96176 241616 0 0 3 0x14200 bored sosplice 80610 305637 65764 0 3 0x82 thrsleep syz-fuzzer 80610 117015 65764 0 3 0x4000082 thrsleep syz-fuzzer 80610 154254 65764 0 3 0x4000082 thrsleep syz-fuzzer 80610 138474 65764 0 3 0x4000082 thrsleep syz-fuzzer 80610 12614 65764 0 3 0x4000082 kqread syz-fuzzer 80610 174967 65764 0 3 0x4000082 thrsleep syz-fuzzer 80610 158512 65764 0 3 0x4000082 thrsleep syz-fuzzer 80610 119513 65764 0 3 0x4000082 thrsleep syz-fuzzer 80610 86553 65764 0 3 0x4000082 thrsleep syz-fuzzer 80610 517968 65764 0 3 0x4000082 thrsleep syz-fuzzer 65764 418581 90544 0 3 0x10008a sigsusp ksh 90544 412074 47487 0 3 0x9a kqread sshd 47487 36415 1 0 3 0x88 kqread sshd 63177 445900 1302 74 3 0x1100092 bpf pflogd 1302 13860 1 0 3 0x80 netio pflogd 99183 80657 2761 73 3 0x1100090 kqread syslogd 2761 127786 1 0 3 0x100082 netio syslogd 49495 178273 1 0 3 0x100080 kqread resolvd 40889 109361 26188 77 3 0x100092 kqread dhcpleased 23471 400957 26188 77 3 0x100092 kqread dhcpleased 26188 130298 1 0 3 0x80 kqread dhcpleased 91692 70917 0 0 3 0x14200 bored smr 53702 100743 0 0 2 0x14200 zerothread 4322 327430 0 0 3 0x14200 aiodoned aiodoned 61799 75452 0 0 3 0x14200 syncer update 13592 270926 0 0 3 0x14200 cleaner cleaner 18278 205299 0 0 3 0x14200 reaper reaper 50289 8057 0 0 3 0x14200 pgdaemon pagedaemon 9966 316087 0 0 3 0x14200 bored viomb 38496 449673 0 0 3 0x40014200 acpi0 acpi0 53408 390823 0 0 7 0x40014200 idle1 91866 147240 0 0 3 0x14200 bored softnet 32785 441460 0 0 3 0x14200 bored systqmp 5353 351837 0 0 3 0x14200 bored systq 57730 389168 0 0 2 0x40014200 softclock 43663 109214 0 0 3 0x40014200 idle0 1 193814 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 50998 (syz-executor.4) thread 0xffff8000266a5ce8 (55406) exclusive rwlock pf_lock r = 0 (0xffffffff82929b60) #0 witness_lock+0x44d #1 pfioctl+0x5e90 sys/net/pf_ioctl.c:1608 #2 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #3 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4a2 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 exclusive rwlock netlock r = 0 (0xffffffff829ba820) #0 witness_lock+0x44d #1 pfioctl+0x38f8 sys/net/pf_ioctl.c:1608 #2 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #3 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4a2 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 exclusive rwlock pfioctl_rw r = 0 (0xffffffff82929bc0) #0 witness_lock+0x44d #1 pfioctl+0x15e sys/net/pf_ioctl.c:1148 #2 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #3 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4a2 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82a74400) #0 witness_lock+0x44d #1 vn_ioctl+0x41 sys/kern/vfs_vnops.c:514 #2 sys_ioctl+0x4a2 #3 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #3 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #4 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10215 6696K 7668K 78643K 38564 0 pcb 13 15K 17K 78643K 390 0 rtable 228 8K 9K 78643K 1562 0 ifaddr 93 20K 20K 78643K 692 0 sysctl 2 0K 0K 78643K 4 0 counters 56 35K 36K 78643K 156 0 ioctlops 1 4K 4K 78643K 2700 0 iov 0 0K 16K 78643K 659 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1453 91K 91K 78643K 9718 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 30 0 VM map 2 1K 1K 78643K 2 0 sem 16 3K 5K 78643K 26 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 17 61K 77K 78643K 5591 0 sigio 0 0K 0K 78643K 17 0 proc 70 91K 116K 78643K 1366 0 subproc 104 6K 7K 78643K 364 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 441 0 in_multi 103 6K 6K 78643K 441 0 ether_multi 1 0K 0K 78643K 23 0 mrt 1 0K 0K 78643K 27 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 163 731K 731K 78643K 163 0 exec 0 0K 2K 78643K 1886 0 pfkey data 0 0K 0K 78643K 3 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 321 331K 339K 78643K 34186 0 UVM aobj 131 4K 4K 78643K 134 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 209 0 NDP 14 0K 1K 78643K 126 0 temp 136 4744K 4824K 78643K 71836 0 kqueue 12 18K 24K 78643K 356 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 394 0 391 5 2 3 3 0 8 2 rtentry 112 403 0 301 4 0 4 4 0 8 0 unpcb 136 2705 0 2688 27 26 1 6 0 8 0 syncache 296 28 0 28 7 7 0 1 0 8 0 tcpqe 32 22 0 22 4 4 0 1 0 8 0 tcpcb 736 1820 0 1813 70 68 2 13 0 8 1 arp 120 60 0 42 1 0 1 1 0 8 0 inpcb 312 4420 0 4413 84 75 9 16 0 8 8 nd6 48 94 0 70 1 0 1 1 0 8 0 pkpcb 40 22 0 22 5 5 0 1 0 8 0 kcovpl 48 28 0 20 1 0 1 1 0 8 0 ppxss 1248 18 0 18 6 5 1 1 0 8 1 pfstscr 40 9 0 9 2 2 0 1 0 8 0 pffrag 232 46 0 46 3 3 0 1 0 482 0 pffrnode 88 46 0 46 3 3 0 1 0 8 0 pffrent 40 109 0 109 4 4 0 1 0 8 0 pfosfp 40 1482 0 1479 6 5 1 5 0 8 0 pfosfpen 112 1482 0 1474 22 21 1 21 0 8 0 pfrktable 1344 109 1 106 4 3 1 1 0 8 0 pftag 88 11 0 5 1 0 1 1 0 8 0 pfqueue 264 3 0 3 1 1 0 1 0 8 0 pfstitem 24 40 0 38 1 0 1 1 0 8 0 pfstkey 112 68 0 66 1 0 1 1 0 8 0 pfstate 336 51 0 49 3 2 1 3 0 8 0 pfrule 1360 307 0 300 3 2 1 2 0 8 0 rttmrq 48 16 0 10 1 0 1 1 0 8 0 rttmr 72 4 0 4 2 1 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1887 0 1419 41 11 30 30 0 8 0 art_table 32 1888 0 1419 4 0 4 4 0 8 0 art_node 16 402 0 311 1 0 1 1 0 8 0 sysvmsgpl 40 25 0 3 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 15 0 1 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 8655 0 7193 92 0 92 92 0 8 0 ffsino 272 8655 0 7193 98 0 98 98 0 8 0 nchpl 144 16351 0 14708 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 65267 0 65267 6 5 1 2 0 8 1 percpumem 16 90 0 50 1 0 1 1 0 8 0 vcpupl 2048 81 0 0 11 0 11 11 0 8 0 vmpool 560 88 0 7 6 0 6 6 0 8 0 pfiaddrpl 120 35 0 34 4 3 1 1 0 8 0 kstatmem 264 124 0 100 2 0 2 2 0 8 0 scsiplug 72 2 0 2 1 1 0 1 0 8 0 scxspl 216 57949 0 57949 13 12 1 8 0 8 1 plimitpl 152 804 0 788 1 0 1 1 0 8 0 sigapl 424 5874 0 5808 9 1 8 8 0 8 0 futexpl 64 54165 0 54161 7 6 1 1 0 8 0 knotepl 120 531 0 0 11 0 11 11 0 8 0 kqueuepl 216 1219 0 1209 25 20 5 5 0 8 4 pipepl 336 1091 0 1063 27 24 3 8 0 8 0 fdescpl 496 5838 0 5808 7 2 5 5 0 8 0 filepl 152 40150 0 39904 76 60 16 18 0 8 4 lockfpl 104 1734 0 1732 3 2 1 2 0 8 0 lockfspl 48 534 0 532 1 0 1 1 0 8 0 sessionpl 144 46 0 29 1 0 1 1 0 8 0 pgrppl 48 115 0 98 1 0 1 1 0 8 0 ucredpl 96 4153 0 4140 1 0 1 1 0 8 0 zombiepl 144 5809 0 5808 2 1 1 1 0 8 0 processpl 1064 5874 0 5808 5 0 5 5 0 8 0 procpl 672 16036 0 15955 20 12 8 9 0 8 0 srpgc 96 10 0 10 5 4 1 1 0 8 1 sosppl 168 51 0 51 7 6 1 1 0 8 1 sockpl 480 7542 0 7510 170 157 13 29 0 8 8 mcl64k 65536 25 0 0 4 1 3 3 0 8 0 mcl16k 16384 16 0 0 2 0 2 2 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 18 0 0 3 0 3 3 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 331 0 0 24 1 23 24 0 8 0 mtagpl 96 1465 0 0 35 0 35 35 0 8 0 mbufpl 256 1830 0 0 104 0 104 104 0 8 0 bufpl 288 13239 0 6909 453 0 453 453 0 8 0 anonpl 24 1143572 0 1127966 238 120 118 185 0 186 0 amapchunkpl 152 100668 0 99980 78 44 34 58 0 158 1 amappl16 200 13548 0 12964 56 15 41 44 0 8 4 amappl15 192 165 0 161 1 0 1 1 0 8 0 amappl14 184 424 0 420 1 0 1 1 0 8 0 amappl13 176 720 0 716 1 0 1 1 0 8 0 amappl12 168 58 0 48 1 0 1 1 0 8 0 amappl11 160 749 0 729 2 0 2 2 0 8 0 amappl10 152 2133 0 2126 1 0 1 1 0 8 0 amappl9 144 1186 0 1179 1 0 1 1 0 8 0 amappl8 136 1791 0 1703 4 0 4 4 0 8 0 amappl7 128 990 0 971 1 0 1 1 0 8 0 amappl6 120 1053 0 1026 2 1 1 2 0 8 0 amappl5 112 7092 0 7072 1 0 1 1 0 8 0 amappl4 104 1997 0 1970 1 0 1 1 0 8 0 amappl3 96 16995 0 16939 2 0 2 2 0 8 0 amappl2 88 6867 0 6802 3 1 2 3 0 8 0 amappl1 80 140480 0 139801 23 7 16 20 0 8 1 amappl 88 33272 0 33082 6 1 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 5926 0 5815 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5926 0 5815 1 0 1 1 0 8 0 vmmpekpl 168 47854 0 47789 4 0 4 4 0 8 0 vmmpepl 168 573157 0 570279 230 80 150 150 0 357 17 vmsppl 368 5925 0 5815 13 2 11 11 0 8 0 rwobjpl 56 144006 0 136271 114 3 111 113 0 8 0 pdppl 4096 11859 0 11711 439 289 150 152 0 8 2 pvpl 32 2394229 0 2373677 453 254 199 323 0 265 4 pmappl 248 5925 0 5815 8 0 8 8 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 1487 0 482 29 0 29 29 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace pf_anchor_global_RB_REMOVE(ffffffff829ecf30,ffff800000cb4800) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000cb4c90) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfi_dynaddr_setup(ffff800000ba52b8,0) at pfi_dynaddr_setup+0x411 sys/net/pf_if.c:485 pfioctl(4900,cd60441a,ffff800000bfe000,3,ffff8000266a5ce8) at pfioctl+0x8e07 pf_addr_setup sys/net/pf_ioctl.c:894 [inline] pfioctl(4900,cd60441a,ffff800000bfe000,3,ffff8000266a5ce8) at pfioctl+0x8e07 sys/net/pf_ioctl.c:1653 VOP_IOCTL(fffffd806f68ec68,cd60441a,ffff800000bfe000,3,fffffd807f7d77e0,ffff8000266a5ce8) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8073a7def8,cd60441a,ffff800000bfe000,ffff8000266a5ce8) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 sys_ioctl(ffff8000266a5ce8,ffff800021224d68,ffff800021224dc0) at sys_ioctl+0x4a2 syscall(ffff800021224e30) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800021224e30) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x51385994810, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5