login: kernel: protection fault trap, code=0 Stopped at pf_anchor_global_RB_REMOVE+0x81: movq 0(%r12),%r15 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace pf_anchor_global_RB_REMOVE(ffffffff839b0be8,ffff80000164f760) at pf_anchor_global_RB_REMOVE+0x81 sys/net/pf_ruleset.c:82 pf_remove_if_empty_ruleset(ffff80000164fbf0) at pf_remove_if_empty_ruleset+0x12d sys/net/pf_ruleset.c:301 pfi_dynaddr_setup(ffff800001643fd0,0,1) at pfi_dynaddr_setup+0x671 sys/net/pf_if.c:508 pf_addr_setup(ffffffff839b1080,ffff800001643fd0,0) at pf_addr_setup+0x46 sys/net/pf_ioctl.c:948 pfioctl(24900,cd60441a,ffff8000015c5000,83,ffff8000380ec020) at pfioctl+0x9a85 sys/net/pf_ioctl.c:2618 VOP_IOCTL(fffffd806a2766d8,cd60441a,ffff8000015c5000,83,fffffd8007ffd820,ffff8000380ec020) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806e800538,cd60441a,ffff8000015c5000,ffff8000380ec020) at vn_ioctl+0xea sys/kern/vfs_vnops.c:537 sys_ioctl(ffff8000380ec020,ffff80003c921ee0,ffff80003c921e30) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c921ee0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c921ee0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x810bfa8da80, count: -10 ddb> show registers rdi 0xffffffff839b0be8 pf_anchors rsi 0xffff80000164f760 rbp 0xffff80003c9218b0 rbx 0xffffffff839b0be8 pf_anchors rdx 0 rcx 0xffffffff839b1000 pf_main_anchor+0x410 rax 0xffff8000380ec020 r8 0x3fc r9 0x8080808080808080 r10 0x7b831b0cb32ffd19 r11 0x7fe52508af005c7a r12 0x52e850423a3d8ff6 r13 0x1 r14 0xffff80000164f760 r15 0xa82e2c1153daf4c7 rip 0xffffffff821e2db1 pf_anchor_global_RB_REMOVE+0x81 cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff80003c921860 ss 0x10 pf_anchor_global_RB_REMOVE+0x81: movq 0(%r12),%r15 ddb> show proc PROC (syz-executor) tid=6128 pid=98342 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000380ecd18,0xffff8000380edcb8 process=0xffff8000ffffad18 user=0xffff80003c91c000, vmspace=0xfffffd80791bda28 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 19700 105967 19623 0 2 0 syz-executor 19700 40586 19623 0 3 0x4000080 fsleep syz-executor 98342 514142 15290 0 2 0 syz-executor *98342 6128 15290 0 7 0x4000000 syz-executor 33373 440292 34150 0 2 0 syz-executor 33373 24656 34150 0 3 0x4000080 fsleep syz-executor 49890 428260 61587 0 2 0x2 sh 61587 92858 73082 0 3 0x82 wait syz-executor 10314 308366 8943 0 2 0 syz-executor 10314 262955 8943 0 3 0x4000080 fsleep syz-executor 10314 307623 8943 0 3 0x4000080 fsleep syz-executor 10314 347628 8943 0 3 0x4000080 fsleep syz-executor 4453 340280 36921 0 2 0 syz-executor 4453 260799 36921 0 3 0x4000080 fsleep syz-executor 44665 458935 83411 0 2 0 syz-executor 44665 5244 83411 0 3 0x4000080 fsleep syz-executor 52534 27429 29486 0 2 0 syz-executor 52534 511464 29486 0 3 0x4000080 fsleep syz-executor 52534 117305 29486 0 3 0x4000080 fsleep syz-executor 52534 192151 29486 0 3 0x4000080 fsleep syz-executor 5215 292782 1 0 3 0x100083 ttyin getty 83411 448476 73082 0 3 0x82 nanoslp syz-executor 19623 206631 73082 0 3 0x82 nanoslp syz-executor 29486 335703 73082 0 3 0x82 nanoslp syz-executor 15290 326797 73082 0 3 0x82 nanoslp syz-executor 8943 442730 73082 0 3 0x82 nanoslp syz-executor 34150 176887 73082 0 3 0x82 nanoslp syz-executor 36921 371306 73082 0 3 0x82 nanoslp syz-executor 73082 351331 54832 0 3 0x82 kqread syz-executor 54832 195818 50259 0 3 0x10008a sigsusp ksh 50259 131898 41583 0 3 0x98 kqread sshd-session 41583 35189 14005 0 3 0x92 kqread sshd-session 14005 127002 1 0 3 0x88 kqread sshd 61979 167013 19542 73 3 0x1100090 kqread syslogd 19542 486534 1 0 3 0x100082 sbwait syslogd 19714 222472 1 0 3 0x100080 kqread resolvd 24191 55385 56191 77 3 0x100092 kqread dhcpleased 11003 223877 56191 77 3 0x100092 kqread dhcpleased 56191 373940 1 0 3 0x80 kqread dhcpleased 11519 123815 0 0 3 0x14200 bored smr 22670 103444 0 0 2 0x14200 zerothread 52611 160014 0 0 3 0x14200 aiodoned aiodoned 4400 100936 0 0 3 0x14200 syncer update 26931 472267 0 0 3 0x14200 cleaner cleaner 47047 133692 0 0 3 0x14200 reaper reaper 86491 400347 0 0 3 0x14200 pgdaemon pagedaemon 23568 89226 0 0 3 0x14200 bored viomb 81933 203047 0 0 3 0x40014200 acpi0 acpi0 12894 44693 0 0 3 0x14200 bored softnet0 85001 201985 0 0 3 0x14200 bored systqmp 69734 244785 0 0 3 0x14200 bored systq 77122 354010 0 0 3 0x40014200 tmoslp softclock 14390 187192 0 0 3 0x40014200 idle0 1 361866 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11038 12105K 12367K 166960K 12359 0 pcb 22 12K 12K 166960K 47 0 rtable 228 7K 8K 166960K 385 0 pf 34 13K 17K 166960K 181 0 ifaddr 39 6K 7K 166960K 47 0 ifgroup 50 2K 2K 166960K 58 0 sysctl 1 1K 9K 166960K 7 0 counters 33 17K 17K 166960K 38 0 ioctlops 1 4K 4K 166960K 121 0 iov 0 0K 16K 166960K 5 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1293 81K 82K 166960K 1502 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 6 0 VM map 2 1K 1K 166960K 2 0 sem 5 0K 0K 166960K 5 0 dirhash 12 2K 2K 166960K 15 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 85K 166960K 240 0 sigio 0 0K 0K 166960K 2 0 proc 59 59K 91K 166960K 531 0 subproc 72 4K 4K 166960K 81 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 15 0 in_multi 88 6K 7K 166960K 102 0 ether_multi 2 0K 0K 166960K 2 0 mrt 1 0K 0K 166960K 5 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 85 387K 387K 166960K 85 0 exec 0 0K 1K 166960K 376 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 225 159K 176K 166960K 3913 0 UVM aobj 7 2K 2K 166960K 7 0 pinsyscall 39 78K 94K 166960K 1341 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 1 0K 0K 166960K 3 0 NDP 11 0K 2K 166960K 30 0 temp 41 9067K 9131K 166960K 4357 0 kqueue 14 20K 28K 166960K 45 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 43 0 40 1 0 1 1 0 8 0 rtentry 136 112 0 12 4 0 4 4 0 8 0 unpcb 144 143 0 126 4 3 1 4 0 8 0 syncache 336 4 0 4 1 1 0 1 0 8 0 tcpqe 32 1 0 1 1 1 0 1 0 8 0 tcpcb 736 58 0 50 4 3 1 4 0 8 0 arp 96 18 0 2 1 0 1 1 0 8 0 ipq 40 1 0 0 1 0 1 1 0 8 0 ipqe 40 1 0 0 1 0 1 1 0 8 0 inpcb 328 168 0 150 4 2 2 4 0 8 0 nd6 112 25 0 3 1 0 1 1 0 8 0 pkpcb 40 1 0 1 1 1 0 1 0 8 0 kcovpl 48 9 0 1 1 0 1 1 0 8 0 ppxss 1072 4 0 4 1 1 0 1 0 8 0 pfstscr 40 67 0 65 1 0 1 1 0 8 0 pfrktable 1344 4 2 3 2 1 1 1 0 8 0 pfanchor 1288 2 0 2 2 1 1 1 0 8 1 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 68 0 66 1 0 1 1 0 8 0 pfstate 384 67 0 66 1 0 1 1 0 8 0 pfrule 1360 4 0 2 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 454 0 44 29 2 27 29 0 8 0 art_table 40 455 0 44 5 0 5 5 0 8 0 art_node 32 112 0 21 1 0 1 1 0 8 0 sysvmsgpl 40 3 0 3 1 1 0 1 0 8 0 semapl 112 3 0 0 1 0 1 1 0 8 0 shmpl 112 4 0 0 1 0 1 1 0 8 0 dirhash 1024 19 0 2 3 0 3 3 0 8 0 dino2pl 256 1798 0 337 92 0 92 92 0 8 0 ffsino 256 1798 0 337 92 0 92 92 0 8 0 nchpl 144 2124 0 430 63 0 63 63 0 8 0 vnodes 216 1932 0 0 108 0 108 108 0 8 0 namei 1024 6362 0 6362 3 2 1 2 0 8 1 pfiaddrpl 120 2 0 1 2 1 1 1 0 8 0 kstatmem 264 29 0 6 2 0 2 2 0 8 0 scxspl 216 6627 0 6627 3 2 1 3 1 8 1 plimitpl 152 44 0 28 1 0 1 1 0 8 0 sigapl 424 531 0 488 6 1 5 6 0 8 0 knotepl 120 23263 0 23215 17 15 2 17 0 8 0 kqueuepl 184 53 0 43 1 0 1 1 0 8 0 pipepl 304 125 0 98 3 0 3 3 0 8 0 fdescpl 448 518 0 488 4 0 4 4 0 8 0 filepl 120 2213 0 1988 11 3 8 11 0 8 0 lockfpl 104 46 0 43 1 0 1 1 0 8 0 lockfspl 48 24 0 21 1 0 1 1 0 8 0 sessionpl 144 96 0 88 1 0 1 1 0 8 0 pgrppl 48 105 0 89 1 0 1 1 0 8 0 ucredpl 104 346 0 335 1 0 1 1 0 8 0 zombiepl 144 488 0 488 1 1 0 1 0 8 0 processpl 1152 531 0 488 4 0 4 4 0 8 0 procpl 664 668 0 614 5 0 5 5 0 8 0 sockpl 552 358 0 320 9 6 3 9 0 8 0 mcl64k 65536 7 0 6 1 0 1 1 0 8 0 mcl16k 16384 2 0 2 1 1 0 1 0 8 0 mcl8k 8192 6 0 6 1 1 0 1 0 8 0 mcl4k 4096 2630 0 2576 13 5 8 13 0 8 0 mcl2k2 2112 1 0 1 1 1 0 1 0 8 0 mcl2k 2048 199 0 199 1 1 0 1 0 8 0 mtagpl 96 37 0 4 1 0 1 1 0 8 0 mbufpl 256 5154 0 4976 13 1 12 13 0 8 0 bufpl 280 2348 0 103 161 0 161 161 0 8 0 anonpl 24 120015 0 112766 45 1 44 45 0 187 0 amapchunkpl 152 11217 0 10732 22 3 19 22 0 158 0 amappl16 200 2627 0 2367 14 0 14 14 0 8 0 amappl15 192 3 0 3 1 1 0 1 0 8 0 amappl14 184 413 0 410 1 0 1 1 0 8 0 amappl13 176 116 0 105 1 0 1 1 0 8 0 amappl12 168 758 0 729 2 0 2 2 0 8 0 amappl11 160 5 0 5 1 1 0 1 0 8 0 amappl10 152 63 0 53 1 0 1 1 0 8 0 amappl9 144 328 0 328 1 1 0 1 0 8 0 amappl8 136 118 0 117 1 0 1 1 0 8 0 amappl7 128 147 0 136 1 0 1 1 0 8 0 amappl6 120 157 0 155 1 0 1 1 0 8 0 amappl5 112 94 0 86 1 0 1 1 0 8 0 amappl4 104 323 0 306 1 0 1 1 0 8 0 amappl3 96 2051 0 1943 3 0 3 3 0 8 0 amappl2 88 527 0 471 2 0 2 2 0 8 0 amappl1 80 9858 0 9315 15 2 13 15 0 8 0 amappl 88 3197 0 3035 5 1 4 5 0 92 0 uvmvnodes 80 103 0 0 3 0 3 3 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 6 0 0 1 0 1 1 0 8 0 uaddrrnd 24 518 0 488 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 518 0 488 1 0 1 1 0 8 0 vmmpekpl 168 5971 0 5933 2 0 2 2 0 8 0 vmmpepl 168 42341 0 40332 91 2 89 91 0 357 0 vmsppl 368 517 0 488 4 1 3 4 0 8 0 rwobjpl 40 15541 0 14355 13 1 12 13 0 8 0 pdppl 4096 1042 0 976 94 28 66 76 0 8 0 pvpl 32 267783 0 254542 117 10 107 117 0 265 0 pmappl 216 517 0 488 2 0 2 2 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 361 0 48 10 0 10 10 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pf_anchor_global_RB_REMOVE(ffffffff839b0be8,ffff80000164f760) at pf_anchor_global_RB_REMOVE+0x81 sys/net/pf_ruleset.c:82 pf_remove_if_empty_ruleset(ffff80000164fbf0) at pf_remove_if_empty_ruleset+0x12d sys/net/pf_ruleset.c:301 pfi_dynaddr_setup(ffff800001643fd0,0,1) at pfi_dynaddr_setup+0x671 sys/net/pf_if.c:508 pf_addr_setup(ffffffff839b1080,ffff800001643fd0,0) at pf_addr_setup+0x46 sys/net/pf_ioctl.c:948 pfioctl(24900,cd60441a,ffff8000015c5000,83,ffff8000380ec020) at pfioctl+0x9a85 sys/net/pf_ioctl.c:2618 VOP_IOCTL(fffffd806a2766d8,cd60441a,ffff8000015c5000,83,fffffd8007ffd820,ffff8000380ec020) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806e800538,cd60441a,ffff8000015c5000,ffff8000380ec020) at vn_ioctl+0xea sys/kern/vfs_vnops.c:537 sys_ioctl(ffff8000380ec020,ffff80003c921ee0,ffff80003c921e30) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c921ee0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c921ee0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x810bfa8da80, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace pf_anchor_global_RB_REMOVE(ffffffff839b0be8,ffff80000164f760) at pf_anchor_global_RB_REMOVE+0x81 sys/net/pf_ruleset.c:82 pf_remove_if_empty_ruleset(ffff80000164fbf0) at pf_remove_if_empty_ruleset+0x12d sys/net/pf_ruleset.c:301 pfi_dynaddr_setup(ffff800001643fd0,0,1) at pfi_dynaddr_setup+0x671 sys/net/pf_if.c:508 pf_addr_setup(ffffffff839b1080,ffff800001643fd0,0) at pf_addr_setup+0x46 sys/net/pf_ioctl.c:948 pfioctl(24900,cd60441a,ffff8000015c5000,83,ffff8000380ec020) at pfioctl+0x9a85 sys/net/pf_ioctl.c:2618 VOP_IOCTL(fffffd806a2766d8,cd60441a,ffff8000015c5000,83,fffffd8007ffd820,ffff8000380ec020) at VOP_IOCTL+0xa3 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806e800538,cd60441a,ffff8000015c5000,ffff8000380ec020) at vn_ioctl+0xea sys/kern/vfs_vnops.c:537 sys_ioctl(ffff8000380ec020,ffff80003c921ee0,ffff80003c921e30) at sys_ioctl+0x660 sys/kern/sys_generic.c:-1 syscall(ffff80003c921ee0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c921ee0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x810bfa8da80, count: -10