kernel: protection fault trap, code=0 Stopped at pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace pf_anchor_global_RB_REMOVE(ffffffff829d1858,ffff800000c81800) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000c81c90) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfioctl(4900,cd60441a,ffff800000c62000,3,ffff80002994afc0) at pfioctl+0x8f53 sys/net/pf_ioctl.c:1713 VOP_IOCTL(fffffd807baa04d8,cd60441a,ffff800000c62000,3,fffffd807f7d8840,ffff80002994afc0) at VOP_IOCTL+0x8d sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8079586448,cd60441a,ffff800000c62000,ffff80002994afc0) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80002994afc0,ffff80002e785b68,ffff80002e785bc0) at sys_ioctl+0x49e syscall(ffff80002e785c30) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3ae8db52030, count: -8 ddb> show registers rdi 0xffffffff829d1858 pf_anchors rsi 0xffff800000c81800 rbp 0xffff80002e7856d0 rbx 0xffffffff829d1858 pf_anchors rdx 0 rcx 0x4000 __ALIGN_SIZE+0x3000 rax 0xffff80002994afc0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x74a6601b037e261e r11 0x891d59a2ba393c95 r12 0x9137c33cbb4394c5 r13 0xffffffff829d1860 pf_main_anchor r14 0xffff800000c81800 r15 0xdeaf007fdeafbead rip 0xffffffff8164cc88 pf_anchor_global_RB_REMOVE+0x58 cs 0x8 rflags 0x10286 __ALIGN_SIZE+0xf286 rsp 0xffff80002e785680 ss 0x10 pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb> show proc PROC (syz-executor.7) pid=251286 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff80002994a7e0,0xffff8000ffff82b8 process=0xffff8000216113a0 user=0xffff80002e780000, vmspace=0xfffffd8061b16990 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 45785 6295 47918 0 2 0 syz-executor.0 83082 312541 47573 0 2 0 syz-executor.2 83082 279826 47573 0 2 0x4000000 syz-executor.2 54930 439750 12276 0 2 0 syz-executor.6 54930 262729 12276 0 2 0x4000000 syz-executor.6 73962 429215 71451 0 2 0 syz-executor.4 73962 175192 71451 0 2 0x4000000 syz-executor.4 65747 42290 9483 0 2 0 syz-executor.5 65747 516036 9483 0 3 0x4000080 fsleep syz-executor.5 70993 259301 34516 0 2 0 syz-executor.3 70993 470593 34516 0 2 0x4000000 syz-executor.3 87980 99305 60990 0 2 0 syz-executor.7 *87980 251286 60990 0 7 0x4000000 syz-executor.7 90192 399366 0 0 3 0x14200 acct acct 12276 457846 29714 0 3 0x82 nanoslp syz-executor.6 71451 483114 29714 0 3 0x82 nanoslp syz-executor.4 47918 475326 29714 0 3 0x82 nanoslp syz-executor.0 34516 422806 29714 0 3 0x82 nanoslp syz-executor.3 47573 378686 29714 0 3 0x82 nanoslp syz-executor.2 58206 510964 29714 0 2 0x2 syz-executor.1 9483 493627 29714 0 3 0x82 nanoslp syz-executor.5 60990 121741 29714 0 3 0x82 nanoslp syz-executor.7 80060 511415 0 0 3 0x14200 bored sosplice 42932 185883 0 0 3 0x14280 nfsidl nfsio 33886 426178 0 0 3 0x14280 nfsidl nfsio 38643 390313 0 0 3 0x14280 nfsidl nfsio 47208 38968 0 0 3 0x14280 nfsidl nfsio 25770 172058 0 0 3 0x14280 nfsidl nfsio 77332 22940 0 0 3 0x14280 nfsidl nfsio 37072 79277 0 0 3 0x14280 nfsidl nfsio 52815 139214 0 0 3 0x14280 nfsidl nfsio 12997 502506 0 0 3 0x14280 nfsidl nfsio 56657 203265 0 0 3 0x14280 nfsidl nfsio 31689 257513 0 0 3 0x14280 nfsidl nfsio 26404 428088 0 0 3 0x14280 nfsidl nfsio 38457 208199 0 0 3 0x14280 nfsidl nfsio 57440 118277 0 0 3 0x14280 nfsidl nfsio 17175 86340 0 0 3 0x14280 nfsidl nfsio 74795 276338 0 0 3 0x14280 nfsidl nfsio 96444 62374 0 0 3 0x14280 nfsidl nfsio 30245 22417 0 0 3 0x14280 nfsidl nfsio 61975 261424 0 0 3 0x14280 nfsidl nfsio 19905 453129 0 0 3 0x14280 nfsidl nfsio 2932 370870 1 0 3 0x100083 ttyopn getty 29714 164953 58113 0 3 0x82 thrsleep syz-fuzzer 29714 33538 58113 0 3 0x4000082 nanoslp syz-fuzzer 29714 206064 58113 0 3 0x4000082 thrsleep syz-fuzzer 29714 420658 58113 0 3 0x4000082 thrsleep syz-fuzzer 29714 328599 58113 0 3 0x4000082 kqread syz-fuzzer 29714 311268 58113 0 3 0x4000082 thrsleep syz-fuzzer 29714 498960 58113 0 3 0x4000082 thrsleep syz-fuzzer 29714 174832 58113 0 3 0x4000082 thrsleep syz-fuzzer 58113 523196 59592 0 3 0x10008a sigsusp ksh 59592 374176 60144 0 3 0x9a kqread sshd 60144 345692 1 0 3 0x88 kqread sshd 87977 181715 71224 73 3 0x1100090 kqread syslogd 71224 497865 1 0 3 0x100082 netio syslogd 10819 14383 1 0 3 0x100080 kqread resolvd 36980 522133 72153 77 3 0x100092 kqread dhcpleased 39896 200555 72153 77 3 0x100092 kqread dhcpleased 72153 339853 1 0 3 0x80 kqread dhcpleased 2841 83548 0 0 3 0x14200 bored smr 32319 503190 0 0 2 0x14200 zerothread 76338 280973 0 0 3 0x14200 aiodoned aiodoned 8101 322081 0 0 3 0x14200 syncer update 62382 412404 0 0 3 0x14200 cleaner cleaner 9735 352574 0 0 3 0x14200 reaper reaper 42070 131375 0 0 3 0x14200 pgdaemon pagedaemon 87306 183688 0 0 3 0x14200 bored viomb 5318 201908 0 0 3 0x40014200 acpi0 acpi0 73297 433345 0 0 3 0x14200 bored softnet 8604 108642 0 0 3 0x14200 bored systqmp 49655 153004 0 0 3 0x14200 bored systq 88345 58375 0 0 3 0x40014200 bored softclock 4251 420200 0 0 3 0x40014200 idle0 1 413904 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10210 6448K 7754K 78643K 71397 0 pcb 13 24K 27K 78643K 2453 0 rtable 255 27K 29K 78643K 3835 0 ifaddr 113 26K 29K 78643K 1763 0 sysctl 3 1K 1K 78643K 5 0 counters 28 17K 17K 78643K 216 0 ioctlops 1 4K 4K 78643K 3626 0 iov 0 0K 32K 78643K 2176 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1396 87K 88K 78643K 19132 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 169 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 3671 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 17 61K 69K 78643K 16265 0 sigio 0 0K 0K 78643K 1006 0 proc 74 56K 72K 78643K 2371 0 subproc 104 6K 6K 78643K 771 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 784 0 in_multi 79 5K 7K 78643K 1350 0 ether_multi 1 0K 0K 78643K 231 0 mrt 1 0K 0K 78643K 144 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 241 1076K 1076K 78643K 241 0 exec 0 0K 2K 78643K 4417 0 pfkey data 0 0K 0K 78643K 4 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 565 1095K 1295K 78643K 198528 0 UVM aobj 131 5K 5K 78643K 133 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 865 0 NDP 14 0K 1K 78643K 366 0 temp 164 4751K 70293K 78643K 161396 0 kqueue 12 18K 28K 78643K 892 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 2099 0 2096 32 30 2 5 0 8 1 rtentry 112 892 0 803 4 1 3 4 0 8 0 unpcb 136 23550 0 23537 164 159 5 10 0 8 4 syncache 296 48 0 48 14 14 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 660 0 660 6 6 0 1 0 8 0 tcpcb 736 5201 0 5197 176 174 2 17 0 8 1 arp 88 127 0 111 1 0 1 1 0 8 0 ipq 40 22 0 21 7 6 1 1 0 8 0 ipqe 40 129 0 128 7 6 1 1 0 8 0 inpcb 304 20770 0 20763 208 199 9 16 0 8 8 rttmr 72 51 0 51 7 6 1 1 0 8 1 ip6q 72 8 0 8 3 3 0 1 0 8 0 ip6af 40 14 0 14 3 3 0 1 0 8 0 nd6 48 235 0 213 1 0 1 1 0 8 0 pkpcb 40 48 0 48 6 6 0 1 0 8 0 kcovpl 48 59 0 51 1 0 1 1 0 8 0 ppxss 1152 52 0 52 12 12 0 1 0 8 0 pfstscr 40 26 0 16 1 0 1 1 0 8 0 pfosfp 40 23 0 16 1 0 1 1 0 8 0 pfosfpen 112 23 0 3 1 0 1 1 0 8 0 pfrke_plain 168 10 0 10 2 2 0 1 0 8 0 pfrktable 1344 195 0 171 9 7 2 3 0 8 0 pftag 88 21 0 9 1 0 1 1 0 8 0 pfqueue 264 6 0 6 2 2 0 1 0 8 0 pfstitem 24 168 0 148 1 0 1 1 0 8 0 pfstkey 112 201 0 199 1 0 1 1 0 8 0 pfstate 320 104 0 94 1 0 1 1 0 8 0 pfrule 1360 448 0 355 19 10 9 9 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 4901 0 4550 58 31 27 31 0 8 1 art_table 32 4902 0 4550 4 0 4 4 0 8 0 art_node 16 891 0 814 1 0 1 1 0 8 0 sysvmsgpl 40 11 0 0 1 0 1 1 0 8 0 semapl 112 3669 0 3659 1 0 1 1 0 8 0 shmpl 112 130 0 2 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 24529 0 23018 95 0 95 95 0 8 0 ffsino 240 24529 0 23018 89 0 89 89 0 8 0 nchpl 144 45098 0 43478 62 0 62 62 0 8 0 rtmask 32 14 0 14 2 2 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 170674 0 170673 10 9 1 2 0 8 0 vcpupl 1984 141 0 1 18 0 18 18 0 8 0 vmpool 528 258 0 118 11 1 10 10 0 8 0 pfiaddrpl 120 245 0 186 2 0 2 2 0 8 0 scsiplug 72 27 0 27 9 9 0 1 0 8 0 scxspl 216 132694 0 132694 25 23 2 8 0 8 2 plimitpl 152 1776 0 1762 1 0 1 1 0 8 0 sigapl 424 16458 0 16395 8 0 8 8 0 8 0 futexpl 64 186915 0 186914 4 3 1 1 0 8 0 knotepl 120 165809 0 165729 48 43 5 10 0 8 2 kqueuepl 184 3657 0 3649 51 50 1 7 0 8 0 pipepl 304 3942 0 3914 111 103 8 8 0 8 5 fdescpl 432 16421 0 16393 4 0 4 4 0 8 0 filepl 120 139244 0 139009 170 156 14 19 0 8 6 lockfpl 104 4417 0 4415 12 10 2 2 0 8 1 lockfspl 48 1212 0 1210 1 0 1 1 0 8 0 sessionpl 144 75 0 59 1 0 1 1 0 8 0 pgrppl 48 249 0 233 1 0 1 1 0 8 0 ucredpl 96 20137 0 20121 1 0 1 1 0 8 0 zombiepl 144 16395 0 16395 2 1 1 1 0 8 1 processpl 1000 16458 0 16395 10 1 9 9 0 8 0 procpl 672 41394 0 41318 37 29 8 9 0 8 1 sosppl 168 108 0 108 23 23 0 1 0 8 0 sockpl 448 46487 0 46464 917 906 11 32 0 8 8 mcl64k 65536 558 0 558 33 32 1 1 0 8 1 mcl16k 16384 138 0 138 38 37 1 1 0 8 1 mcl12k 12288 594 0 594 26 25 1 1 0 8 1 mcl9k 9216 476 0 476 41 40 1 1 0 8 1 mcl8k 8192 1705 0 1705 16 15 1 1 0 8 1 mcl4k 4096 2052 0 2052 18 17 1 1 0 8 1 mcl2k2 2112 151 0 151 38 37 1 1 0 8 1 mcl2k 2048 110577 0 110314 101 62 39 40 0 8 5 mtagpl 96 13609 0 12519 78 45 33 37 0 8 1 mbufpl 256 333783 0 332425 1590 1492 98 594 0 8 4 bufpl 288 30600 0 24192 458 0 458 458 0 8 0 anonpl 24 4653404 0 4630924 346 181 165 170 0 188 16 amapchunkpl 152 799903 0 799086 1345 1310 35 664 0 158 1 amappl16 200 51800 0 50896 244 183 61 61 0 8 11 amappl15 192 2559 0 2555 1 0 1 1 0 8 0 amappl14 184 3033 0 3031 1 0 1 1 0 8 0 amappl13 176 2859 0 2852 1 0 1 1 0 8 0 amappl12 168 641 0 636 1 0 1 1 0 8 0 amappl11 160 2041 0 2028 1 0 1 1 0 8 0 amappl10 152 1298 0 1295 1 0 1 1 0 8 0 amappl9 144 2225 0 2219 1 0 1 1 0 8 0 amappl8 136 4383 0 4259 6 1 5 5 0 8 0 amappl7 128 2852 0 2839 1 0 1 1 0 8 0 amappl6 120 2142 0 2115 2 1 1 2 0 8 0 amappl5 112 14157 0 14140 1 0 1 1 0 8 0 amappl4 104 5995 0 5958 12 10 2 2 0 8 1 amappl3 96 3232 0 3218 1 0 1 1 0 8 0 amappl2 88 4737 0 4666 3 1 2 3 0 8 0 amappl1 80 290744 0 290193 20 7 13 18 0 8 0 amappl 88 196706 0 196401 9 1 8 8 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 132 0 2 3 0 3 3 0 8 0 uaddrrnd 24 16679 0 16511 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 16679 0 16511 2 0 2 2 0 8 0 vmmpekpl 168 113811 0 113741 4 0 4 4 0 8 0 vmmpepl 168 1492498 0 1489324 408 250 158 158 0 357 13 vmsppl 272 16678 0 16511 13 1 12 12 0 8 0 rwobjpl 24 356586 0 348549 55 4 51 51 0 8 1 pdppl 4096 33364 0 33162 915 711 204 204 0 8 2 pvpl 32 7701385 0 7676147 563 318 245 255 0 265 25 pmappl 216 16678 0 16511 14 4 10 10 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 4553 0 3499 60 29 31 37 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pf_anchor_global_RB_REMOVE(ffffffff829d1858,ffff800000c81800) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000c81c90) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfioctl(4900,cd60441a,ffff800000c62000,3,ffff80002994afc0) at pfioctl+0x8f53 sys/net/pf_ioctl.c:1713 VOP_IOCTL(fffffd807baa04d8,cd60441a,ffff800000c62000,3,fffffd807f7d8840,ffff80002994afc0) at VOP_IOCTL+0x8d sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8079586448,cd60441a,ffff800000c62000,ffff80002994afc0) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80002994afc0,ffff80002e785b68,ffff80002e785bc0) at sys_ioctl+0x49e syscall(ffff80002e785c30) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3ae8db52030, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace pf_anchor_global_RB_REMOVE(ffffffff829d1858,ffff800000c81800) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000c81c90) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfioctl(4900,cd60441a,ffff800000c62000,3,ffff80002994afc0) at pfioctl+0x8f53 sys/net/pf_ioctl.c:1713 VOP_IOCTL(fffffd807baa04d8,cd60441a,ffff800000c62000,3,fffffd807f7d8840,ffff80002994afc0) at VOP_IOCTL+0x8d sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8079586448,cd60441a,ffff800000c62000,ffff80002994afc0) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80002994afc0,ffff80002e785b68,ffff80002e785bc0) at sys_ioctl+0x49e syscall(ffff80002e785c30) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3ae8db52030, count: -8