kernel: protection fault trap, code=0 Stopped at pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace pf_anchor_global_RB_REMOVE(ffffffff82a128d0,ffff800000e87800) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000e87c90) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfi_dynaddr_setup(ffff800000e8a2d0,0) at pfi_dynaddr_setup+0x411 sys/net/pf_if.c:485 pfioctl(4900,cd60441a,ffff800000e33000,3,ffff8000ffff4fc0) at pfioctl+0x84eb pf_addr_setup sys/net/pf_ioctl.c:892 [inline] pfioctl(4900,cd60441a,ffff800000e33000,3,ffff8000ffff4fc0) at pfioctl+0x84eb sys/net/pf_ioctl.c:1646 VOP_IOCTL(fffffd806f81bd48,cd60441a,ffff800000e33000,3,fffffd807f7d8660,ffff8000ffff4fc0) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8066e26900,cd60441a,ffff800000e33000,ffff8000ffff4fc0) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 sys_ioctl(ffff8000ffff4fc0,ffff800022b6b088,ffff800022b6b0e0) at sys_ioctl+0x4a2 syscall(ffff800022b6b150) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800022b6b150) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8be212658f0, count: -9 ddb{0}> show registers rdi 0xffff800027ac0000 rsi 0xf0f rbp 0xffff800022b6ab70 rbx 0xffffffff82a128d0 pf_anchors rdx 0xffff800027ac0000 rcx 0xf0e rax 0xffffffff81a8714b pf_anchor_global_RB_REMOVE+0x2b r8 0x400 r9 0x8080808080808080 r10 0xd76a398bcd90f713 r11 0x2835a84a672164c7 r12 0x5e68cc7748fcb27c r13 0xffffffff82a128d8 pf_main_anchor r14 0xffff800000e87800 r15 0xdeaf007fdeaf4152 rip 0xffffffff81a87178 pf_anchor_global_RB_REMOVE+0x58 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff800022b6ab20 ss 0x10 pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb{0}> show proc PROC (syz-executor.4) pid=204316 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=84, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff5500,0xffff8000ffff5a50 process=0xffff8000ffff0440 user=0xffff800022b66000, vmspace=0xfffffd8063d0e8a8 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 30097 415828 1720 0 2 0 syz-executor.3 30097 152981 1720 0 3 0x4000080 fsleep syz-executor.3 10830 248304 98157 0 2 0 syz-executor.2 10830 261700 98157 0 3 0x4000080 fsleep syz-executor.2 52497 187556 53880 0 2 0 syz-executor.1 52497 483232 53880 0 3 0x4000080 fsleep syz-executor.1 42930 225550 28314 0 2 0 syz-executor.6 42930 313225 28314 0 3 0x4000080 fsleep syz-executor.6 93592 51850 79724 0 2 0 syz-executor.4 *93592 204316 79724 0 7 0x4000000 syz-executor.4 27733 284659 47285 0 2 0 syz-executor.7 27733 375049 47285 0 3 0x4000080 fsleep syz-executor.7 45342 82683 48058 0 2 0 syz-executor.5 45342 323564 48058 0 3 0x4000080 fsleep syz-executor.5 17335 461396 81370 0 2 0 syz-executor.0 17335 96266 81370 0 3 0x4000080 fsleep syz-executor.0 48058 401478 24419 0 3 0x82 nanoslp syz-executor.5 28314 243200 24419 0 2 0x482 syz-executor.6 53880 372836 24419 0 2 0x482 syz-executor.1 98157 472807 24419 0 3 0x82 nanoslp syz-executor.2 1720 283084 24419 0 3 0x82 nanoslp syz-executor.3 38842 204714 1 0 3 0x100083 ttyin getty 81370 192047 24419 0 2 0x482 syz-executor.0 79724 389050 24419 0 3 0x82 nanoslp syz-executor.4 48965 118560 0 0 3 0x14280 nfsidl nfsio 96134 121693 0 0 3 0x14280 nfsidl nfsio 33923 241866 0 0 3 0x14280 nfsidl nfsio 25383 222494 0 0 3 0x14280 nfsidl nfsio 62893 99263 0 0 3 0x14280 nfsidl nfsio 60155 78258 0 0 3 0x14280 nfsidl nfsio 84499 307288 0 0 3 0x14280 nfsidl nfsio 6207 122123 0 0 3 0x14280 nfsidl nfsio 42412 78004 0 0 3 0x14280 nfsidl nfsio 36073 475891 0 0 3 0x14280 nfsidl nfsio 23510 51879 0 0 3 0x14280 nfsidl nfsio 43434 6957 0 0 3 0x14280 nfsidl nfsio 625 43183 0 0 3 0x14280 nfsidl nfsio 57411 482298 0 0 3 0x14280 nfsidl nfsio 36451 134268 0 0 3 0x14280 nfsidl nfsio 96566 111288 0 0 3 0x14280 nfsidl nfsio 37462 515916 0 0 3 0x14280 nfsidl nfsio 51016 482998 0 0 3 0x14280 nfsidl nfsio 63097 425560 0 0 3 0x14280 nfsidl nfsio 82141 163824 0 0 3 0x14280 nfsidl nfsio 4446 156079 0 0 3 0x14200 bored sosplice 47285 232700 24419 0 2 0x482 syz-executor.7 24419 317505 60455 0 3 0x82 thrsleep syz-fuzzer 24419 425148 60455 0 3 0x4000082 thrsleep syz-fuzzer 24419 355074 60455 0 3 0x4000082 thrsleep syz-fuzzer 24419 322380 60455 0 3 0x4000082 thrsleep syz-fuzzer 24419 442165 60455 0 3 0x4000082 kqread syz-fuzzer 24419 190957 60455 0 3 0x4000082 thrsleep syz-fuzzer 24419 320602 60455 0 3 0x4000082 thrsleep syz-fuzzer 24419 434733 60455 0 3 0x4000082 thrsleep syz-fuzzer 24419 393291 60455 0 3 0x4000082 thrsleep syz-fuzzer 60455 151683 84383 0 3 0x10008a sigsusp ksh 84383 235681 15080 0 3 0x9a kqread sshd 15080 367238 1 0 3 0x88 kqread sshd 69599 37654 17236 74 3 0x1100092 bpf pflogd 17236 331438 1 0 3 0x80 netio pflogd 54156 521891 37270 73 3 0x1100090 kqread syslogd 37270 449933 1 0 3 0x100082 netio syslogd 11147 50485 1 0 3 0x100080 kqread resolvd 84756 522899 31382 77 3 0x100092 kqread dhcpleased 31132 110063 31382 77 3 0x100092 kqread dhcpleased 31382 308830 1 0 3 0x80 kqread dhcpleased 63482 356245 0 0 2 0x14200 smr 36429 14719 0 0 2 0x14200 zerothread 61590 321535 0 0 3 0x14200 aiodoned aiodoned 21703 60232 0 0 3 0x14200 syncer update 80809 349139 0 0 3 0x14200 cleaner cleaner 60688 22370 0 0 3 0x14200 reaper reaper 45246 433129 0 0 3 0x14200 pgdaemon pagedaemon 31043 297207 0 0 3 0x14200 bored viomb 88077 171903 0 0 3 0x40014200 acpi0 acpi0 57467 47083 0 0 7 0x40014200 idle1 12647 457572 0 0 3 0x14200 bored softnet 63396 263840 0 0 3 0x14200 bored systqmp 77886 374753 0 0 3 0x14200 bored systq 97242 246481 0 0 2 0x40014200 softclock 90046 161406 0 0 3 0x40014200 idle0 1 24749 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 93592 (syz-executor.4) thread 0xffff8000ffff4fc0 (204316) exclusive rwlock pf_lock r = 0 (0xffffffff8290f230) #0 witness_lock+0x44d #1 pfioctl+0x5b38 sys/net/pf_ioctl.c:1601 #2 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #3 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4a2 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 exclusive rwlock netlock r = 0 (0xffffffff828ef130) #0 witness_lock+0x44d #1 pfioctl+0x3690 sys/net/pf_ioctl.c:1601 #2 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #3 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4a2 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82ad3b18) #0 witness_lock+0x44d #1 vn_ioctl+0x41 sys/kern/vfs_vnops.c:514 #2 sys_ioctl+0x4a2 #3 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #3 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #4 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10229 6648K 10671K 78643K 48986 0 pcb 15 16K 18K 78643K 2205 0 rtable 214 16K 16K 78643K 2973 0 ifaddr 88 21K 23K 78643K 1210 0 sysctl 3 1K 1K 78643K 3 0 counters 56 35K 36K 78643K 382 0 ioctlops 1 4K 6K 78643K 3802 0 iov 0 0K 24K 78643K 1502 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1590 99K 100K 78643K 19257 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 124 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 1983 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 18 65K 85K 78643K 15155 0 sigio 0 0K 0K 78643K 496 0 proc 71 87K 111K 78643K 2257 0 subproc 104 6K 6K 78643K 605 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 1 0K 0K 78643K 1031 0 in_multi 79 5K 7K 78643K 986 0 ether_multi 2 0K 0K 78643K 163 0 mrt 1 0K 0K 78643K 124 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 235 1049K 1049K 78643K 235 0 exec 0 0K 2K 78643K 3237 0 pfkey data 0 0K 0K 78643K 2 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 649 1206K 1206K 78643K 192049 0 UVM aobj 131 8K 8K 78643K 146 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 698 0 NDP 13 0K 2K 78643K 292 0 temp 333 5101K 9193K 78643K 156637 0 kqueue 12 18K 30K 78643K 967 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 786 0 783 11 10 1 5 0 8 0 rtentry 112 813 0 724 4 0 4 4 0 8 0 unpcb 136 10237 0 10220 79 78 1 8 0 8 0 syncache 296 49 0 49 17 17 0 1 0 8 0 tcpqe 32 80 0 80 9 9 0 1 0 8 0 tcpcb 736 4845 0 4836 179 177 2 14 0 8 1 arp 120 108 0 89 1 0 1 1 0 8 0 inpcb 304 12872 0 12857 176 172 4 12 0 8 2 rttmr 72 37 0 37 11 10 1 1 0 8 1 nd6 48 181 0 164 1 0 1 1 0 8 0 pkpcb 40 84 0 84 4 4 0 1 0 8 0 kcovpl 48 46 0 38 1 0 1 1 0 8 0 ppxss 1248 69 0 69 15 15 0 1 0 8 0 pfstscr 40 19 0 19 5 5 0 1 0 8 0 pffrag 232 46 0 45 10 9 1 1 0 482 0 pffrnode 88 46 0 45 10 9 1 1 0 8 0 pffrent 40 489 0 488 11 10 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 107 17 104 7 6 1 1 0 8 0 pftag 88 8 0 3 1 0 1 1 0 8 0 pfqueue 264 46 0 46 4 4 0 1 0 8 0 pfstitem 24 52 0 50 1 0 1 1 0 8 0 pfstkey 112 106 0 104 2 1 1 2 0 8 0 pfstate 320 73 0 71 4 3 1 4 0 8 0 pfsrctr 152 18 0 18 1 1 0 1 0 8 0 pfrule 1360 656 0 609 14 9 5 5 0 8 0 art_heap8 4096 3 0 2 3 2 1 2 0 8 0 art_heap4 256 3323 0 2960 49 23 26 33 0 8 0 art_table 32 3326 0 2962 6 1 5 5 0 8 0 art_node 16 742 0 662 1 0 1 1 0 8 0 sysvmsgpl 40 54 0 14 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 1981 0 1971 1 0 1 1 0 8 0 shmpl 112 143 0 15 5 1 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 20496 0 19018 93 0 93 93 0 8 0 ffsino 272 20496 0 19018 99 0 99 99 0 8 0 nchpl 144 41816 0 40192 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 149915 0 149915 4 3 1 2 0 8 1 percpumem 16 203 0 163 1 0 1 1 0 8 0 vcpupl 2048 191 0 1 24 0 24 24 0 8 0 vmpool 560 260 0 70 16 2 14 14 0 8 0 pfiaddrpl 120 50 0 49 10 9 1 1 0 8 0 scsiplug 72 16 0 16 5 5 0 1 0 8 0 scxspl 216 119123 0 119123 24 22 2 8 0 8 2 plimitpl 152 2289 0 2274 1 0 1 1 0 8 0 sigapl 424 15412 0 15346 8 0 8 8 0 8 0 futexpl 64 132740 0 132733 4 3 1 1 0 8 0 knotepl 120 675 0 0 12 1 11 11 0 8 0 kqueuepl 216 3660 0 3651 33 32 1 5 0 8 0 pipepl 336 3384 0 3356 95 90 5 9 0 8 2 fdescpl 496 15373 0 15342 7 3 4 5 0 8 0 filepl 152 106095 0 105840 157 143 14 21 0 8 2 lockfpl 104 3862 0 3860 8 7 1 2 0 8 0 lockfspl 48 1281 0 1279 1 0 1 1 0 8 0 sessionpl 144 66 0 49 1 0 1 1 0 8 0 pgrppl 48 131 0 114 1 0 1 1 0 8 0 ucredpl 96 13133 0 13115 1 0 1 1 0 8 0 zombiepl 144 15346 0 15346 1 0 1 1 0 8 1 processpl 1064 15412 0 15346 5 0 5 5 0 8 0 procpl 672 42524 0 42442 26 18 8 9 0 8 0 srpgc 96 48 0 48 12 12 0 1 0 8 0 sosppl 168 107 0 107 15 14 1 1 0 8 1 sockpl 480 23988 0 23954 462 453 9 34 0 8 4 mcl64k 65536 41 0 0 4 1 3 3 0 8 0 mcl16k 16384 25 0 0 4 1 3 3 0 8 0 mcl12k 12288 25 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 25 0 0 3 0 3 3 0 8 0 mcl4k 4096 33 0 0 4 1 3 3 0 8 0 mcl2k2 2112 12 0 0 1 0 1 1 0 8 0 mcl2k 2048 497 0 0 22 3 19 21 0 8 0 mtagpl 96 837 0 0 16 1 15 16 0 8 0 mbufpl 256 9124 0 0 567 0 567 567 0 8 0 bufpl 288 25617 0 19281 453 0 453 453 0 8 0 anonpl 24 4418289 0 4398505 390 251 139 201 0 186 0 amapchunkpl 152 468492 0 467538 132 93 39 66 0 158 0 amappl16 200 43172 0 42475 257 219 38 50 0 8 0 amappl15 192 2426 0 2419 1 0 1 1 0 8 0 amappl14 184 3158 0 3146 1 0 1 1 0 8 0 amappl13 176 1619 0 1615 1 0 1 1 0 8 0 amappl12 168 531 0 525 2 1 1 1 0 8 0 amappl11 160 1021 0 1003 1 0 1 1 0 8 0 amappl10 152 1105 0 1093 1 0 1 1 0 8 0 amappl9 144 3766 0 3760 1 0 1 1 0 8 0 amappl8 136 3970 0 3836 6 1 5 5 0 8 0 amappl7 128 2647 0 2631 1 0 1 1 0 8 0 amappl6 120 3613 0 3580 3 1 2 2 0 8 0 amappl5 112 14691 0 14670 1 0 1 1 0 8 0 amappl4 104 3212 0 3180 2 0 2 2 0 8 0 amappl3 96 2683 0 2665 1 0 1 1 0 8 0 amappl2 88 3100 0 3050 4 2 2 3 0 8 0 amappl1 80 276831 0 276212 19 5 14 19 0 8 0 amappl 88 190415 0 190030 10 1 9 9 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 145 0 15 3 0 3 3 0 8 0 uaddrrnd 24 15633 0 15412 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 15633 0 15412 2 0 2 2 0 8 0 vmmpekpl 168 109809 0 109720 5 0 5 5 0 8 0 vmmpepl 168 1405679 0 1402415 383 234 149 168 0 357 4 vmsppl 368 15632 0 15412 21 1 20 20 0 8 0 rwobjpl 56 338271 0 330312 130 15 115 116 0 8 0 pdppl 4096 31273 0 31014 829 570 259 259 0 8 0 pvpl 32 7371835 0 7347204 677 460 217 335 0 265 0 pmappl 248 15632 0 15412 15 1 14 14 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 2473 0 883 46 0 46 46 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace pf_anchor_global_RB_REMOVE(ffffffff82a128d0,ffff800000e87800) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000e87c90) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfi_dynaddr_setup(ffff800000e8a2d0,0) at pfi_dynaddr_setup+0x411 sys/net/pf_if.c:485 pfioctl(4900,cd60441a,ffff800000e33000,3,ffff8000ffff4fc0) at pfioctl+0x84eb pf_addr_setup sys/net/pf_ioctl.c:892 [inline] pfioctl(4900,cd60441a,ffff800000e33000,3,ffff8000ffff4fc0) at pfioctl+0x84eb sys/net/pf_ioctl.c:1646 VOP_IOCTL(fffffd806f81bd48,cd60441a,ffff800000e33000,3,fffffd807f7d8660,ffff8000ffff4fc0) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8066e26900,cd60441a,ffff800000e33000,ffff8000ffff4fc0) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 sys_ioctl(ffff8000ffff4fc0,ffff800022b6b088,ffff800022b6b0e0) at sys_ioctl+0x4a2 syscall(ffff800022b6b150) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800022b6b150) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8be212658f0, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5