kernel: protection fault trap, code=0 Stopped at pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace pf_anchor_global_RB_REMOVE(ffffffff82a18590,ffff800000d66800) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000d66c90) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfioctl(4900,cd60441a,ffff800000bbc000,3,ffff800021679508) at pfioctl+0x8f53 sys/net/pf_ioctl.c:1713 VOP_IOCTL(fffffd80716e9698,cd60441a,ffff800000bbc000,3,fffffd807f7d89c0,ffff800021679508) at VOP_IOCTL+0x8d sys/kern/vfs_vops.c:264 vn_ioctl(fffffd80665deda8,cd60441a,ffff800000bbc000,ffff800021679508) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff800021679508,ffff800029770ec8,ffff800029770f20) at sys_ioctl+0x49e syscall(ffff800029770f90) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x95516acf610, count: -8 ddb> show registers rdi 0xffff8000232c4000 rsi 0x210 rbp 0xffff800029770a30 rbx 0xffffffff82a18590 pf_anchors rdx 0xffff8000232c4000 rcx 0x20f rax 0xffffffff81cb14ab pf_anchor_global_RB_REMOVE+0x2b r8 0x101010101010101 r9 0x8080808080808080 r10 0xe91b9756b7c8319d r11 0x7e3d91913d5f4760 r12 0x41a69cfe76f0e690 r13 0xffffffff82a18598 pf_main_anchor r14 0xffff800000d66800 r15 0xdead007fdead4110 rip 0xffffffff81cb14d8 pf_anchor_global_RB_REMOVE+0x58 cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff8000297709e0 ss 0x10 pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb> show proc PROC (syz-executor.7) pid=218152 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff800021678fc8,0xffff8000216787f8 process=0xffff80002168afe0 user=0xffff80002976c000, vmspace=0xfffffd807396e670 estcpu=31, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 30709 226836 17215 0 2 0 syz-executor.5 14215 296760 87743 0 2 0 syz-executor.7 *14215 218152 87743 0 7 0x4000000 syz-executor.7 65027 511091 10760 0 2 0 syz-executor.4 65027 488118 10760 0 3 0x4000080 netcon2 syz-executor.4 65027 506478 10760 0 2 0x4000000 syz-executor.4 10322 418653 13316 0 2 0 syz-executor.3 10322 216592 13316 0 3 0x4000080 fsleep syz-executor.3 42631 282929 52194 0 2 0 syz-executor.1 42631 281358 52194 0 3 0x4000080 fsleep syz-executor.1 42631 34363 52194 0 2 0x4000000 syz-executor.1 41265 172217 965 0 2 0 syz-executor.6 41265 147995 965 0 3 0x4000080 pipewr syz-executor.6 41265 402517 965 0 3 0x4000080 pipewr syz-executor.6 41265 444433 965 0 3 0x4000080 fsleep syz-executor.6 13316 47894 6205 0 3 0x82 nanoslp syz-executor.3 52194 441848 6205 0 3 0x82 nanoslp syz-executor.1 87743 264274 6205 0 3 0x82 nanoslp syz-executor.7 10760 171679 6205 0 3 0x82 nanoslp syz-executor.4 52854 201287 6205 0 2 0x2 syz-executor.0 965 190587 6205 0 3 0x82 nanoslp syz-executor.6 51860 168376 6205 0 2 0x2 syz-executor.2 17215 378933 6205 0 3 0x82 nanoslp syz-executor.5 57393 120593 1 0 3 0x100083 ttyin getty 1629 73571 0 0 3 0x14200 bored sosplice 6205 353392 17815 0 3 0x82 thrsleep syz-fuzzer 6205 150828 17815 0 3 0x4000082 nanoslp syz-fuzzer 6205 224145 17815 0 3 0x4000082 thrsleep syz-fuzzer 6205 504468 17815 0 3 0x4000082 thrsleep syz-fuzzer 6205 67130 17815 0 3 0x4000082 kqread syz-fuzzer 6205 503387 17815 0 3 0x4000082 thrsleep syz-fuzzer 6205 220975 17815 0 3 0x4000082 thrsleep syz-fuzzer 6205 482273 17815 0 3 0x4000082 thrsleep syz-fuzzer 6205 191625 17815 0 3 0x4000082 thrsleep syz-fuzzer 17815 146396 33585 0 3 0x10008a sigsusp ksh 33585 198244 46518 0 3 0x9a kqread sshd 46518 194265 1 0 3 0x88 kqread sshd 68774 332071 10326 73 3 0x1100090 kqread syslogd 10326 488371 1 0 3 0x100082 netio syslogd 62965 261986 1 0 3 0x100080 kqread resolvd 4168 167632 59273 77 3 0x100092 kqread dhcpleased 57876 312024 59273 77 3 0x100092 kqread dhcpleased 59273 444065 1 0 3 0x80 kqread dhcpleased 15172 87838 0 0 3 0x14200 bored smr 65880 445999 0 0 2 0x14200 zerothread 12593 153431 0 0 3 0x14200 aiodoned aiodoned 61657 118565 0 0 3 0x14200 syncer update 4778 64374 0 0 3 0x14200 cleaner cleaner 13926 39012 0 0 3 0x14200 reaper reaper 27218 433174 0 0 3 0x14200 pgdaemon pagedaemon 59836 75663 0 0 3 0x14200 bored viomb 10645 450971 0 0 3 0x40014200 acpi0 acpi0 59146 327361 0 0 3 0x14200 bored softnet 26727 313408 0 0 3 0x14200 bored systqmp 67403 16564 0 0 3 0x14200 bored systq 59070 80718 0 0 2 0x40014200 softclock 99081 282552 0 0 3 0x40014200 idle0 1 324469 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10210 6452K 7163K 78643K 53141 0 pcb 13 24K 28K 78643K 6162 0 rtable 230 16K 27K 78643K 13544 0 ifaddr 103 32K 43K 78643K 5242 0 sysctl 3 1K 1K 78643K 3 0 counters 29 17K 17K 78643K 548 0 ioctlops 1 4K 4K 78643K 7332 0 iov 0 0K 32K 78643K 4180 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1497 94K 94K 78643K 20032 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 13K 78643K 318 0 VM map 2 0K 0K 78643K 2 0 sem 15 33K 65K 78643K 2438 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 16 57K 89K 78643K 32546 0 sigio 0 0K 0K 78643K 276 0 proc 74 56K 88K 78643K 7093 0 subproc 104 6K 6K 78643K 2580 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1545 0 in_multi 86 5K 7K 78643K 3391 0 ether_multi 1 0K 0K 78643K 432 0 mrt 1 0K 0K 78643K 404 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 259 1155K 1155K 78643K 259 0 exec 0 0K 2K 78643K 8735 0 pfkey data 0 0K 0K 78643K 10 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 651 1498K 1514K 78643K 387163 0 UVM aobj 131 4K 4K 78643K 134 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 3313 0 NDP 14 0K 2K 78643K 1004 0 temp 215 4847K 4957K 78643K 443598 0 kqueue 14 22K 26K 78643K 1582 0 SYN cache 2 0K 16K 78643K 4 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 2258 0 2255 28 27 1 3 0 8 0 rtentry 112 3166 0 3068 5 2 3 4 0 8 0 unpcb 136 20698 0 20685 168 167 1 8 0 8 0 syncache 296 21 0 21 7 7 0 1 0 8 0 tcpqe 32 119 0 119 3 3 0 1 0 8 0 tcpcb 736 13209 0 13199 465 460 5 21 0 8 4 arp 88 430 0 412 1 0 1 1 0 8 0 ipq 40 42 0 40 14 13 1 1 0 8 0 ipqe 40 142 0 140 14 13 1 1 0 8 0 inpcb 304 48729 0 48719 561 556 5 19 0 8 3 rttmr 72 15 0 15 5 5 0 1 0 8 0 ip6q 72 16 0 16 5 5 0 1 0 8 0 ip6af 40 27 0 27 5 5 0 1 0 8 0 nd6 48 734 0 709 1 0 1 1 0 8 0 pkpcb 40 612 0 612 8 8 0 1 0 8 0 kcovpl 48 198 0 190 1 0 1 1 0 8 0 ppxss 1152 147 0 147 23 23 0 1 0 8 0 pfstscr 40 120 0 120 10 10 0 1 0 8 0 pffrag 232 2 0 2 1 1 0 1 0 482 0 pffrnode 88 2 0 2 1 1 0 1 0 8 0 pffrent 40 3 0 3 1 1 0 1 0 8 0 pfosfp 40 14 0 10 1 0 1 1 0 8 0 pfosfpen 112 14 0 5 1 0 1 1 0 8 0 pfrktable 1344 1861 0 1859 19 18 1 3 0 8 0 pftag 88 38 0 19 1 0 1 1 0 8 0 pfqueue 264 8 0 8 2 2 0 1 0 8 0 pfstitem 24 65 0 65 8 8 0 1 0 8 0 pfstkey 112 196 0 196 10 10 0 1 0 8 0 pfstate 320 98 0 98 10 10 0 1 0 8 0 pfrule 1360 1779 0 1763 28 20 8 13 0 8 6 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 10434 0 10036 110 83 27 30 0 8 0 art_table 32 10435 0 10036 7 3 4 4 0 8 0 art_node 16 2776 0 2689 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 0 1 0 1 1 0 8 0 semupl 112 5 0 5 1 1 0 1 0 8 0 semapl 112 2418 0 2405 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 42582 0 40991 100 0 100 100 0 8 0 ffsino 240 42582 0 40991 94 0 94 94 0 8 0 nchpl 144 83054 0 81429 63 1 62 63 0 8 0 uvmvnodes 80 10888 0 0 223 0 223 223 0 8 0 vnodes 224 10888 0 0 641 0 641 641 0 8 0 namei 1024 328833 0 328833 16 15 1 2 0 8 1 vcpupl 1984 144 0 0 18 0 18 18 0 8 0 vmpool 528 284 0 140 12 2 10 10 0 8 0 pfiaddrpl 120 679 0 674 8 7 1 2 0 8 0 scsiplug 72 35 0 35 10 10 0 1 0 8 0 scxspl 216 284609 0 284609 86 84 2 8 0 8 2 plimitpl 152 3215 0 3201 1 0 1 1 0 8 0 sigapl 424 32453 0 32412 11 5 6 8 0 8 0 futexpl 64 331858 0 331855 12 11 1 1 0 8 0 knotepl 120 266397 0 266315 36 33 3 10 0 8 0 kqueuepl 184 7660 0 7650 144 140 4 7 0 8 3 pipepl 304 7286 0 7257 157 154 3 12 0 8 0 fdescpl 432 32409 0 32382 7 3 4 4 0 8 0 filepl 120 249326 0 249083 331 319 12 17 0 8 4 lockfpl 104 8805 0 8803 19 18 1 3 0 8 0 lockfspl 48 2360 0 2358 1 0 1 1 0 8 0 sessionpl 144 218 0 202 1 0 1 1 0 8 0 pgrppl 48 393 0 377 1 0 1 1 0 8 0 ucredpl 96 25775 0 25760 1 0 1 1 0 8 0 zombiepl 144 32412 0 32412 2 1 1 1 0 8 1 processpl 1000 32453 0 32412 10 3 7 8 0 8 0 procpl 672 81514 0 81456 53 47 6 8 0 8 0 sosppl 168 228 0 228 39 39 0 1 0 8 0 sockpl 448 72309 0 72283 1236 1226 10 33 0 8 6 mcl64k 65536 1260 0 1260 88 87 1 1 0 8 1 mcl16k 16384 221 0 221 67 67 0 1 0 8 0 mcl12k 12288 1009 0 1009 79 78 1 1 0 8 1 mcl9k 9216 443 0 443 80 79 1 1 0 8 1 mcl8k 8192 2955 0 2955 70 69 1 1 0 8 1 mcl4k 4096 3377 0 3377 51 50 1 1 0 8 1 mcl2k2 2112 305 0 305 89 88 1 1 0 8 1 mcl2k 2048 144202 0 144109 92 79 13 18 0 8 1 mtagpl 96 6156 0 5739 74 61 13 13 0 8 0 mbufpl 256 481607 0 480915 975 925 50 285 0 8 1 bufpl 288 73020 0 62118 779 0 779 779 0 8 0 anonpl 24 9109224 0 9084081 629 460 169 208 0 188 4 amapchunkpl 152 956880 0 955961 304 255 49 63 0 158 9 amappl16 200 99767 0 98660 414 352 62 74 0 8 3 amappl15 192 4658 0 4652 1 0 1 1 0 8 0 amappl14 184 1834 0 1826 1 0 1 1 0 8 0 amappl13 176 4925 0 4922 1 0 1 1 0 8 0 amappl12 168 5502 0 5491 2 1 1 1 0 8 0 amappl11 160 3200 0 3190 1 0 1 1 0 8 0 amappl10 152 3093 0 3087 1 0 1 1 0 8 0 amappl9 144 5447 0 5440 1 0 1 1 0 8 0 amappl8 136 9405 0 9249 6 0 6 6 0 8 0 amappl7 128 5921 0 5911 1 0 1 1 0 8 0 amappl6 120 5779 0 5753 2 1 1 2 0 8 0 amappl5 112 25992 0 25974 1 0 1 1 0 8 0 amappl4 104 11153 0 11115 2 0 2 2 0 8 0 amappl3 96 10090 0 10069 1 0 1 1 0 8 0 amappl2 88 11052 0 10966 10 8 2 3 0 8 0 amappl1 80 567801 0 567245 18 5 13 18 0 8 0 amappl 88 383061 0 382719 12 3 9 9 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 32693 0 32522 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 32693 0 32522 2 0 2 2 0 8 0 vmmpekpl 168 231981 0 231915 4 0 4 4 0 8 0 vmmpepl 168 3028671 0 3025333 742 574 168 193 0 357 0 vmsppl 272 32692 0 32522 15 3 12 12 0 8 0 rwobjpl 24 700111 0 686805 96 15 81 82 0 8 0 pdppl 4096 65392 0 65188 2245 2037 208 208 0 8 4 pvpl 32 15613007 0 15588908 862 638 224 331 0 265 0 pmappl 216 32692 0 32522 14 4 10 10 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 6438 0 5123 50 11 39 44 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pf_anchor_global_RB_REMOVE(ffffffff82a18590,ffff800000d66800) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000d66c90) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfioctl(4900,cd60441a,ffff800000bbc000,3,ffff800021679508) at pfioctl+0x8f53 sys/net/pf_ioctl.c:1713 VOP_IOCTL(fffffd80716e9698,cd60441a,ffff800000bbc000,3,fffffd807f7d89c0,ffff800021679508) at VOP_IOCTL+0x8d sys/kern/vfs_vops.c:264 vn_ioctl(fffffd80665deda8,cd60441a,ffff800000bbc000,ffff800021679508) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff800021679508,ffff800029770ec8,ffff800029770f20) at sys_ioctl+0x49e syscall(ffff800029770f90) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x95516acf610, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace pf_anchor_global_RB_REMOVE(ffffffff82a18590,ffff800000d66800) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000d66c90) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfioctl(4900,cd60441a,ffff800000bbc000,3,ffff800021679508) at pfioctl+0x8f53 sys/net/pf_ioctl.c:1713 VOP_IOCTL(fffffd80716e9698,cd60441a,ffff800000bbc000,3,fffffd807f7d89c0,ffff800021679508) at VOP_IOCTL+0x8d sys/kern/vfs_vops.c:264 vn_ioctl(fffffd80665deda8,cd60441a,ffff800000bbc000,ffff800021679508) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff800021679508,ffff800029770ec8,ffff800029770f20) at sys_ioctl+0x49e syscall(ffff800029770f90) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x95516acf610, count: -8