kernel: protection fault trap, code=0 Stopped at pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace pf_anchor_global_RB_REMOVE(ffffffff829ae840,ffff800001248000) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800001248490) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfioctl(4900,cd60441a,ffff800000bce000,43,ffff8000215dfce0) at pfioctl+0x923b sys/net/pf_ioctl.c:1720 VOP_IOCTL(fffffd806e506a18,cd60441a,ffff800000bce000,43,fffffd807f7d78a0,ffff8000215dfce0) at VOP_IOCTL+0x8d sys/kern/vfs_vops.c:264 vn_ioctl(fffffd800709e5b8,cd60441a,ffff800000bce000,ffff8000215dfce0) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff8000215dfce0,ffff80002b395b78,ffff80002b395bd0) at sys_ioctl+0x49e syscall(ffff80002b395c40) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1f7b51e84d0, count: -8 ddb> show registers rdi 0xffffffff829ae840 pf_anchors rsi 0xffff800001248000 rbp 0xffff80002b3956d0 rbx 0xffffffff829ae840 pf_anchors rdx 0 rcx 0x4000 __ALIGN_SIZE+0x3000 rax 0xffff8000215dfce0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x6f94132e696cc4d4 r11 0xfe36a5ed1c9604f2 r12 0xc90bed2b3e2b6e09 r13 0xffffffff829ae848 pf_main_anchor r14 0xffff800001248000 r15 0xdead007fdeadbeef rip 0xffffffff8139c888 pf_anchor_global_RB_REMOVE+0x58 cs 0x8 rflags 0x10286 __ALIGN_SIZE+0xf286 rsp 0xffff80002b395680 ss 0x10 pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb> show proc PROC (syz-executor.7) pid=404572 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000215de2a0,0xffffffff82a2d540 process=0xffff800021650bd8 user=0xffff80002b390000, vmspace=0xfffffd805bbfbbb0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 92889 273896 52125 0 2 0 syz-executor.7 *92889 404572 52125 0 7 0x4000000 syz-executor.7 19592 522812 10523 0 2 0 syz-executor.5 46678 459781 9929 0 2 0 syz-executor.2 65904 165930 48985 0 2 0 syz-executor.3 65904 52716 48985 0 2 0x4000000 syz-executor.3 59441 42027 86228 0 2 0 syz-executor.6 59441 476699 86228 0 3 0x4000080 rest syz-executor.6 52125 130413 50724 0 3 0x82 nanoslp syz-executor.7 4673 406320 50724 0 2 0x482 syz-executor.0 86228 446896 50724 0 3 0x82 nanoslp syz-executor.6 11974 194585 50724 0 2 0x2 syz-executor.1 48985 377046 50724 0 3 0x82 nanoslp syz-executor.3 9929 255027 50724 0 3 0x82 nanoslp syz-executor.2 10523 189605 50724 0 3 0x82 nanoslp syz-executor.5 16094 441643 50724 0 2 0x2 syz-executor.4 1647 186750 1 0 3 0x100083 ttyin getty 234 276014 0 0 3 0x14200 bored sosplice 8574 413187 0 0 3 0x14280 nfsidl nfsio 10813 329281 0 0 3 0x14280 nfsidl nfsio 98186 365740 0 0 3 0x14280 nfsidl nfsio 43358 468977 0 0 3 0x14280 nfsidl nfsio 50031 327343 0 0 3 0x14280 nfsidl nfsio 61324 246278 0 0 3 0x14280 nfsidl nfsio 15207 52308 0 0 3 0x14280 nfsidl nfsio 61105 377971 0 0 3 0x14280 nfsidl nfsio 44269 31525 0 0 3 0x14280 nfsidl nfsio 23661 194167 0 0 3 0x14280 nfsidl nfsio 36314 320124 0 0 3 0x14280 nfsidl nfsio 5267 486602 0 0 3 0x14280 nfsidl nfsio 22719 295302 0 0 3 0x14280 nfsidl nfsio 59943 470605 0 0 3 0x14280 nfsidl nfsio 1065 290413 0 0 3 0x14280 nfsidl nfsio 96232 111719 0 0 3 0x14280 nfsidl nfsio 67814 186982 0 0 3 0x14280 nfsidl nfsio 50485 237353 0 0 3 0x14280 nfsidl nfsio 66266 262764 0 0 3 0x14280 nfsidl nfsio 49922 49727 0 0 3 0x14280 nfsidl nfsio 50724 261847 85279 0 3 0x82 thrsleep syz-fuzzer 50724 47154 85279 0 3 0x4000082 nanoslp syz-fuzzer 50724 470177 85279 0 3 0x4000082 thrsleep syz-fuzzer 50724 384134 85279 0 3 0x4000082 thrsleep syz-fuzzer 50724 152507 85279 0 3 0x4000082 thrsleep syz-fuzzer 50724 27295 85279 0 3 0x4000082 thrsleep syz-fuzzer 50724 451330 85279 0 3 0x4000082 kqread syz-fuzzer 50724 86900 85279 0 3 0x4000082 thrsleep syz-fuzzer 85279 138354 47603 0 3 0x10008a sigsusp ksh 47603 472298 2891 0 3 0x9a kqread sshd 2891 256243 1 0 3 0x88 kqread sshd 44517 378159 80528 73 3 0x1100090 kqread syslogd 80528 276628 1 0 3 0x100082 netio syslogd 30622 88810 1 0 3 0x100080 kqread resolvd 16608 274688 13419 77 3 0x100092 kqread dhcpleased 98913 83996 13419 77 3 0x100092 kqread dhcpleased 13419 132606 1 0 3 0x80 kqread dhcpleased 84354 197546 0 0 3 0x14200 bored smr 45026 473229 0 0 2 0x14200 zerothread 74589 128183 0 0 3 0x14200 aiodoned aiodoned 1297 201774 0 0 3 0x14200 syncer update 605 204747 0 0 3 0x14200 cleaner cleaner 9100 105508 0 0 3 0x14200 reaper reaper 23252 93959 0 0 3 0x14200 pgdaemon pagedaemon 59323 280447 0 0 3 0x14200 bored viomb 20754 6992 0 0 3 0x40014200 acpi0 acpi0 38887 364952 0 0 3 0x14200 bored softnet 23454 506804 0 0 3 0x14200 bored systqmp 25904 178962 0 0 3 0x14200 bored systq 29933 363617 0 0 3 0x40014200 bored softclock 82939 297284 0 0 3 0x40014200 idle0 1 335615 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10193 6480K 6878K 78643K 14208 0 pcb 13 20K 22K 78643K 1512 0 rtable 220 24K 24K 78643K 2785 0 ifaddr 112 27K 30K 78643K 1166 0 sysctl 2 0K 0K 78643K 2 0 counters 28 17K 17K 78643K 158 0 ioctlops 1 4K 4K 78643K 4702 0 iov 0 0K 36K 78643K 1890 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1324 83K 84K 78643K 4552 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 96 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 2277 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 15 53K 85K 78643K 12502 0 sigio 0 0K 0K 78643K 175 0 proc 65 59K 83K 78643K 1859 0 subproc 104 6K 6K 78643K 585 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 5476 0 in_multi 74 5K 6K 78643K 654 0 ether_multi 1 0K 0K 78643K 45 0 mrt 1 0K 0K 78643K 58 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 181 811K 811K 78643K 181 0 exec 0 0K 2K 78643K 3313 0 pfkey data 0 0K 1K 78643K 6 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 418 813K 813K 78643K 68347 0 UVM aobj 131 8K 8K 78643K 134 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 417 0 NDP 13 0K 1K 78643K 237 0 temp 203 4866K 5112K 78643K 137586 0 kqueue 12 18K 29K 78643K 808 0 SYN cache 2 4688K 4696K 78643K 4 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 910 0 907 13 12 1 3 0 8 0 rtentry 112 638 0 561 4 1 3 4 0 8 0 unpcb 136 6202 0 6189 56 53 3 8 0 8 2 syncache 296 25 0 25 8 8 0 1 0 8 0 tcpqe 32 70 0 70 1 1 0 1 0 8 0 tcpcb 736 23862 0 23599 614 590 24 40 0 8 0 arp 88 106 0 91 1 0 1 1 0 8 0 ipq 40 8 0 8 2 2 0 1 0 8 0 ipqe 40 48 0 48 2 2 0 1 0 8 0 inpcb 312 30625 0 30614 236 225 11 17 0 8 9 nd6 48 145 0 127 1 0 1 1 0 8 0 pkpcb 40 32 0 32 5 5 0 1 0 8 0 kcovpl 48 45 0 37 1 0 1 1 0 8 0 ppxss 1152 39 0 39 10 10 0 1 0 8 0 pfstscr 40 27 0 27 8 8 0 1 0 8 0 pfosfp 40 57 0 55 3 2 1 1 0 8 0 pfosfpen 112 57 0 53 4 3 1 2 0 8 0 pfrktable 1344 163 0 143 6 4 2 2 0 8 0 pftag 88 14 0 2 1 0 1 1 0 8 0 pfqueue 264 2 0 2 2 2 0 1 0 8 0 pfstitem 24 4 0 4 1 1 0 1 0 8 0 pfstkey 112 51 0 51 8 8 0 1 0 8 0 pfstate 336 27 0 27 8 8 0 1 0 8 0 pfrule 1360 350 0 279 14 7 7 7 0 8 0 rttmrq 48 6 0 0 1 0 1 1 0 8 0 rttmr 72 17 0 17 5 5 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2891 0 2561 51 28 23 30 0 8 0 art_table 32 2892 0 2561 4 0 4 4 0 8 0 art_node 16 637 0 570 1 0 1 1 0 8 0 sysvmsgpl 40 30 0 8 1 0 1 1 0 8 0 semapl 112 2275 0 2265 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 18182 0 16711 93 0 93 93 0 8 0 ffsino 240 18182 0 16711 87 0 87 87 0 8 0 nchpl 144 34309 0 32679 63 0 63 63 0 8 0 uvmvnodes 80 6063 0 0 124 0 124 124 0 8 0 vnodes 224 6063 0 0 357 0 357 357 0 8 0 namei 1024 124180 0 124179 8 7 1 2 0 8 0 vcpupl 1984 190 0 0 24 0 24 24 0 8 0 vmpool 528 257 0 67 15 2 13 13 0 8 0 pfiaddrpl 120 83 0 38 5 3 2 2 0 8 0 kstatmem 264 286 0 260 3 0 3 3 0 8 0 scsiplug 72 17 0 17 6 6 0 1 0 8 0 scxspl 216 109251 0 109251 24 23 1 8 0 8 1 plimitpl 152 1610 0 1596 1 0 1 1 0 8 0 sigapl 424 12733 0 12672 10 2 8 8 0 8 0 futexpl 64 134536 0 134536 7 6 1 1 0 8 1 knotepl 120 125898 0 125818 62 55 7 11 0 8 2 kqueuepl 184 3586 0 3578 58 57 1 4 0 8 0 pipepl 304 2620 0 2592 70 67 3 8 0 8 0 fdescpl 432 12699 0 12673 4 0 4 4 0 8 0 filepl 120 103447 0 103210 143 129 14 19 0 8 5 lockfpl 104 2357 0 2355 4 3 1 2 0 8 0 lockfspl 48 741 0 739 1 0 1 1 0 8 0 sessionpl 144 62 0 46 1 0 1 1 0 8 0 pgrppl 48 188 0 172 1 0 1 1 0 8 0 ucredpl 96 11066 0 11052 1 0 1 1 0 8 0 zombiepl 144 12673 0 12672 2 1 1 1 0 8 0 processpl 1000 12733 0 12672 8 0 8 8 0 8 0 procpl 672 31739 0 31668 27 19 8 9 0 8 0 sosppl 168 108 0 108 18 17 1 1 0 8 1 sockpl 448 37772 0 37748 543 518 25 40 0 8 22 mcl64k 65536 514 0 514 29 29 0 1 0 8 0 mcl16k 16384 133 0 133 35 35 0 1 0 8 0 mcl12k 12288 468 0 468 29 28 1 1 0 8 1 mcl9k 9216 127 0 127 26 26 0 1 0 8 0 mcl8k 8192 618 0 618 29 28 1 1 0 8 1 mcl4k 4096 1195 0 1195 22 21 1 1 0 8 1 mcl2k2 2112 85 0 85 33 33 0 1 0 8 0 mcl2k 2048 88306 0 88259 36 28 8 11 0 8 0 mtagpl 96 291 0 291 8 8 0 7 0 8 0 mbufpl 256 238759 0 238515 596 575 21 549 0 8 0 bufpl 288 24229 0 17816 459 0 459 459 0 8 0 anonpl 24 2413238 0 2399473 278 166 112 129 0 188 0 amapchunkpl 152 237964 0 237384 708 682 26 652 0 158 1 amappl16 200 35449 0 34797 177 142 35 47 0 8 0 amappl15 192 2238 0 2233 2 1 1 1 0 8 0 amappl14 184 1708 0 1701 1 0 1 1 0 8 0 amappl13 176 2918 0 2916 1 0 1 1 0 8 0 amappl12 168 158 0 156 2 1 1 1 0 8 0 amappl11 160 1200 0 1183 1 0 1 1 0 8 0 amappl10 152 2104 0 2099 1 0 1 1 0 8 0 amappl9 144 1219 0 1214 1 0 1 1 0 8 0 amappl8 136 4047 0 3942 4 0 4 4 0 8 0 amappl7 128 2983 0 2971 1 0 1 1 0 8 0 amappl6 120 1158 0 1137 2 0 2 2 0 8 0 amappl5 112 10114 0 10097 1 0 1 1 0 8 0 amappl4 104 4529 0 4497 2 1 1 2 0 8 0 amappl3 96 38052 0 38010 2 0 2 2 0 8 0 amappl2 88 16076 0 16011 3 1 2 3 0 8 0 amappl1 80 295344 0 294758 33 18 15 19 0 8 0 amappl 88 66929 0 66734 6 1 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 12956 0 12740 3 1 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 12956 0 12740 3 1 2 2 0 8 0 vmmpekpl 168 86300 0 86222 4 0 4 4 0 8 0 vmmpepl 168 1225575 0 1222755 348 199 149 152 0 357 9 vmsppl 272 12955 0 12740 19 4 15 15 0 8 0 rwobjpl 24 293802 0 285945 50 1 49 49 0 8 0 pdppl 4096 25918 0 25670 967 715 252 252 0 8 4 pvpl 32 4808417 0 4790086 494 309 185 254 0 265 0 pmappl 216 12955 0 12740 14 1 13 13 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 3853 0 2820 44 12 32 44 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pf_anchor_global_RB_REMOVE(ffffffff829ae840,ffff800001248000) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800001248490) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfioctl(4900,cd60441a,ffff800000bce000,43,ffff8000215dfce0) at pfioctl+0x923b sys/net/pf_ioctl.c:1720 VOP_IOCTL(fffffd806e506a18,cd60441a,ffff800000bce000,43,fffffd807f7d78a0,ffff8000215dfce0) at VOP_IOCTL+0x8d sys/kern/vfs_vops.c:264 vn_ioctl(fffffd800709e5b8,cd60441a,ffff800000bce000,ffff8000215dfce0) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff8000215dfce0,ffff80002b395b78,ffff80002b395bd0) at sys_ioctl+0x49e syscall(ffff80002b395c40) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1f7b51e84d0, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace pf_anchor_global_RB_REMOVE(ffffffff829ae840,ffff800001248000) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800001248490) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfioctl(4900,cd60441a,ffff800000bce000,43,ffff8000215dfce0) at pfioctl+0x923b sys/net/pf_ioctl.c:1720 VOP_IOCTL(fffffd806e506a18,cd60441a,ffff800000bce000,43,fffffd807f7d78a0,ffff8000215dfce0) at VOP_IOCTL+0x8d sys/kern/vfs_vops.c:264 vn_ioctl(fffffd800709e5b8,cd60441a,ffff800000bce000,ffff8000215dfce0) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff8000215dfce0,ffff80002b395b78,ffff80002b395bd0) at sys_ioctl+0x49e syscall(ffff80002b395c40) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1f7b51e84d0, count: -8