kernel: protection fault trap, code=0 Stopped at pf_anchor_global_RB_REMOVE+0130: movq 0(%r12),%rbx ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace pf_anchor_global_RB_REMOVE(ffffffff82b3a778,ffff800000dd2800) at pf_anchor_global_RB_REMOVE+0130 pf_remove_if_empty_ruleset(ffff800000dd2c90) at pf_remove_if_empty_ruleset+0335 pfi_dynaddr_setup(ffff800000e62d78,0) at pfi_dynaddr_setup+02021 pfioctl(4900,cd60441a,ffff800000bf9000,3,ffff80002121b7a0) at pfioctl+0107007 VOP_IOCTL(fffffd806f677aa8,cd60441a,ffff800000bf9000,3,fffffd807f7d7840,ffff80002121b7a0) at VOP_IOCTL+0226 vn_ioctl(fffffd806c6d03a8,cd60441a,ffff800000bf9000,ffff80002121b7a0) at vn_ioctl+0274 sys_ioctl(ffff80002121b7a0,ffff80002e199ca8,ffff80002e199d00) at sys_ioctl+02242 syscall(ffff80002e199d70) at syscall+02211 Xsyscall() at Xsyscall+0450 end of kernel end trace frame: 0xea1b5e64720, count: -9 ddb{0}> show registers rdi 01777774000004733470000 rsi 011356 __ALIGN_SIZE+01356 rbp 01777774000005606313600 rbx 01777777777760254723570 pf_anchors rdx 01777774000004733470000 rcx 011355 __ALIGN_SIZE+01355 rax 01777777777760151701413 pf_anchor_global_RB_REMOVE+053 r8 02000 r9 01002004010020040100200 r10 01464706665206374546367 r11 0403653720426337676725 r12 0721677616600400565725 r13 01777777777760254723600 pf_main_anchor r14 01777774000000067224000 r15 01572550007773653240420 rip 01777777777760151701470 pf_anchor_global_RB_REMOVE+0130 cs 010 rflags 0201002 __ALIGN_SIZE+0171002 rsp 01777774000005606313460 ss 020 pf_anchor_global_RB_REMOVE+0130: movq 0(%r12),%rbx ddb{0}> show proc PROC (syz-executor.5) pid=145296 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff80002121b260,0xffff80002121a7f0 process=0xffff8000ffff0010 user=0xffff80002e194000, vmspace=0xfffffd806233cb88 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 70621 11607 98968 0 2 0 syz-executor.2 27368 277927 92137 0 2 0 syz-executor.0 27368 393278 92137 0 2 0x4000000 syz-executor.0 75050 523872 90658 0 2 0 syz-executor.1 75050 257359 90658 0 3 0x4000080 fsleep syz-executor.1 47884 276841 12587 0 2 0 syz-executor.6 47884 404743 12587 0 3 0x4000080 fsleep syz-executor.6 38017 523537 36925 0 2 0 syz-executor.5 *38017 145296 36925 0 7 0x4000000 syz-executor.5 89511 388807 20925 0 2 0 syz-executor.7 89511 406984 20925 0 3 0x4000080 fsleep syz-executor.7 99849 475045 5237 0 2 0 syz-executor.4 51880 59475 81967 0 2 0 syz-executor.3 51880 352693 81967 0 3 0x4000080 fsleep syz-executor.3 92137 164784 24900 0 3 0x82 nanoslp syz-executor.0 12587 207947 24900 0 3 0x82 nanoslp syz-executor.6 20925 32218 24900 0 3 0x82 nanoslp syz-executor.7 81967 28528 24900 0 3 0x82 nanoslp syz-executor.3 90658 101646 24900 0 3 0x82 nanoslp syz-executor.1 36925 388559 24900 0 2 0x2 syz-executor.5 98968 313067 24900 0 3 0x82 nanoslp syz-executor.2 5237 394684 24900 0 3 0x82 nanoslp syz-executor.4 36863 406245 1 0 3 0x100083 ttyin getty 55056 455389 0 0 3 0x14200 bored sosplice 24900 421636 65447 0 3 0x82 kqread syz-fuzzer 24900 431537 65447 0 3 0x4000082 thrsleep syz-fuzzer 24900 26125 65447 0 3 0x4000082 thrsleep syz-fuzzer 24900 445472 65447 0 3 0x4000082 thrsleep syz-fuzzer 24900 76735 65447 0 3 0x4000082 thrsleep syz-fuzzer 24900 95959 65447 0 3 0x4000082 thrsleep syz-fuzzer 24900 451390 65447 0 3 0x4000082 thrsleep syz-fuzzer 24900 397524 65447 0 3 0x4000082 thrsleep syz-fuzzer 24900 279804 65447 0 3 0x4000082 thrsleep syz-fuzzer 65447 49413 41791 0 3 0x10008a sigsusp ksh 41791 288743 74536 0 3 0x9a kqread sshd 74536 520158 1 0 3 0x88 kqread sshd 37754 239708 50236 74 3 0x1100092 bpf pflogd 50236 185239 1 0 3 0x80 netio pflogd 66398 246258 35605 73 3 0x1100090 kqread syslogd 35605 168025 1 0 3 0x100082 netio syslogd 20676 341949 1 0 3 0x100080 kqread resolvd 80089 501781 36746 77 3 0x100092 kqread dhcpleased 19085 100042 36746 77 3 0x100092 kqread dhcpleased 36746 261096 1 0 3 0x80 kqread dhcpleased 78745 407543 0 0 3 0x14200 bored smr 74964 355832 0 0 2 0x14200 zerothread 71710 242201 0 0 3 0x14200 aiodoned aiodoned 29741 78071 0 0 3 0x14200 syncer update 36864 426748 0 0 3 0x14200 cleaner cleaner 48867 74910 0 0 3 0x14200 reaper reaper 38924 44740 0 0 3 0x14200 pgdaemon pagedaemon 37420 155751 0 0 3 0x14200 bored viomb 45533 505780 0 0 3 0x40014200 acpi0 acpi0 68878 468101 0 0 7 0x40014200 idle1 37463 508986 0 0 3 0x14200 bored softnet 68873 446132 0 0 3 0x14200 bored softnet 94374 459807 0 0 3 0x14200 bored softnet 5897 142632 0 0 3 0x14200 bored softnet 96351 392080 0 0 3 0x14200 bored systqmp 64061 56853 0 0 3 0x14200 bored systq 18748 431920 0 0 3 0x40014200 bored softclock 21497 323025 0 0 3 0x40014200 idle0 1 498666 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 38017 (syz-executor.5) thread 0xffff80002121b7a0 (145296) exclusive rwlock pf_lock r = 0 (0xffffffff829308c0) #0 witness_lock+02115 #1 pfioctl+057220 #2 VOP_IOCTL+0226 #3 vn_ioctl+0274 #4 sys_ioctl+02242 #5 syscall+02211 #6 Xsyscall+0450 exclusive rwlock netlock r = 0 (0xffffffff829609e0) #0 witness_lock+02115 #1 pfioctl+034370 #2 VOP_IOCTL+0226 #3 vn_ioctl+0274 #4 sys_ioctl+02242 #5 syscall+02211 #6 Xsyscall+0450 exclusive rwlock pfioctl_rw r = 0 (0xffffffff82930920) #0 witness_lock+02115 #1 pfioctl+0536 #2 VOP_IOCTL+0226 #3 vn_ioctl+0274 #4 sys_ioctl+02242 #5 syscall+02211 #6 Xsyscall+0450 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82b69cc0) #0 witness_lock+02115 #1 vn_ioctl+0101 #2 sys_ioctl+02242 #3 syscall+02211 #4 Xsyscall+0450 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10212 6520K 7565K 78643K 76759 0 pcb 13 22K 24K 78643K 4976 0 rtable 122 14K 17K 78643K 3465 0 ifaddr 79 19K 24K 78643K 2013 0 sysctl 3 1K 1K 78643K 5 0 counters 50 34K 36K 78643K 430 0 ioctlops 1 4K 4K 78643K 6880 0 iov 0 0K 28K 78643K 1840 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1486 93K 93K 78643K 20688 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 13K 78643K 418 0 VM map 2 1K 1K 78643K 2 0 sem 22 5K 10K 78643K 573 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 18 65K 93K 78643K 16467 0 sigio 0 0K 0K 78643K 517 0 proc 73 91K 128K 78643K 2785 0 subproc 104 6K 6K 78643K 832 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1349 0 in_multi 44 2K 6K 78643K 1192 0 ether_multi 1 0K 0K 78643K 76 0 mrt 1 0K 0K 78643K 42 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 181 811K 811K 78643K 181 0 exec 0 0K 2K 78643K 4594 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 597 1346K 1350K 78643K 94046 0 UVM aobj 131 4K 4K 78643K 166 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 754 0 NDP 12 0K 2K 78643K 388 0 temp 133 4738K 5006K 78643K 188492 0 kqueue 12 18K 26K 78643K 1207 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 973 0 970 12 11 1 5 0 8 0 rtentry 112 1129 0 1086 4 1 3 4 0 8 0 unpcb 136 10010 0 9995 127 124 3 8 0 8 2 syncache 296 72 0 72 18 18 0 1 0 8 0 tcpqe 32 45 0 45 6 6 0 1 0 8 0 tcpcb 736 6142 0 6129 203 201 2 14 0 8 0 arp 120 162 0 154 1 0 1 1 0 8 0 inpcb 312 19007 0 18999 272 266 6 22 0 8 5 ip6q 72 7 0 7 2 2 0 1 0 8 0 ip6af 40 21 0 21 2 2 0 1 0 8 0 nd6 48 259 0 252 1 0 1 1 0 8 0 pkpcb 40 109 0 109 11 11 0 1 0 8 0 kcovpl 48 64 0 56 1 0 1 1 0 8 0 ppxss 1248 71 0 71 16 16 0 1 0 8 0 pfstscr 40 234 0 234 12 12 0 1 0 8 0 pffrag 232 149 0 149 11 10 1 1 0 482 1 pffrnode 88 149 0 149 11 10 1 1 0 8 1 pffrent 40 357 0 357 13 12 1 1 0 8 1 pfosfp 40 1558 0 1128 5 0 5 5 0 8 0 pfosfpen 112 1558 0 765 23 0 23 23 0 8 0 pfrktable 1344 83 341 80 5 4 1 1 0 8 0 pftag 88 37 0 29 2 1 1 1 0 8 0 pfstitem 24 28 0 26 1 0 1 1 0 8 0 pfstkey 112 476 0 474 1 0 1 1 0 8 0 pfstate 336 248 0 246 2 1 1 2 0 8 0 pfrule 1360 1715 0 1603 33 11 22 22 0 8 9 art_heap8 4096 7 0 6 5 4 1 3 0 8 0 art_heap4 256 4789 0 4575 51 25 26 30 0 8 1 art_table 32 4796 0 4581 4 0 4 4 0 8 0 art_node 16 1092 0 1056 1 0 1 1 0 8 0 sysvmsgpl 40 73 0 48 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 559 0 539 1 0 1 1 0 8 0 shmpl 112 163 0 35 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 23085 0 21583 96 1 95 95 0 8 0 ffsino 272 23085 0 21583 101 0 101 101 0 8 0 nchpl 144 45312 0 43660 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 179135 0 179135 18 17 1 2 0 8 1 percpumem 16 227 0 190 1 0 1 1 0 8 0 vcpupl 2048 277 0 0 35 0 35 35 0 8 0 vmpool 560 336 0 59 20 0 20 20 0 8 0 pfiaddrpl 120 178 0 177 5 4 1 1 0 8 0 kstatmem 264 404 0 380 7 5 2 3 0 8 0 scsiplug 72 13 0 13 3 3 0 1 0 8 0 scxspl 216 121518 0 121518 32 31 1 8 0 8 1 plimitpl 152 2179 0 2163 1 0 1 1 0 8 0 sigapl 424 16683 0 16634 11 5 6 8 0 8 0 futexpl 64 171117 0 171113 9 8 1 1 0 8 0 knotepl 120 1574 0 0 17 0 17 17 0 8 0 kqueuepl 216 3545 0 3537 56 55 1 8 0 8 0 pipepl 336 3707 0 3679 118 115 3 13 0 8 0 fdescpl 496 16643 0 16612 7 3 4 5 0 8 0 filepl 152 125859 0 125617 232 219 13 23 0 8 1 lockfpl 104 5135 0 5133 12 11 1 4 0 8 0 lockfspl 48 1368 0 1366 1 0 1 1 0 8 0 sessionpl 144 81 0 64 1 0 1 1 0 8 0 pgrppl 48 198 0 181 1 0 1 1 0 8 0 ucredpl 96 12884 0 12868 1 0 1 1 0 8 0 zombiepl 144 16634 0 16634 9 8 1 1 0 8 1 processpl 1064 16683 0 16634 5 1 4 5 0 8 0 procpl 672 44057 0 43994 25 18 7 9 0 8 0 srpgc 96 92 0 92 16 15 1 1 0 8 1 sosppl 168 127 0 127 22 21 1 1 0 8 1 sockpl 480 30116 0 30090 655 643 12 37 0 8 8 mcl64k 65536 27 0 0 3 0 3 3 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 25 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 21 0 0 3 0 3 3 0 8 0 mcl4k 4096 25 0 0 4 1 3 3 0 8 0 mcl2k2 2112 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 571 0 0 38 5 33 38 0 8 0 mtagpl 96 2415 0 0 46 0 46 46 0 8 0 mbufpl 256 2906 0 0 149 0 149 149 0 8 0 bufpl 288 26788 0 20460 453 0 453 453 0 8 0 anonpl 24 3215689 0 3195132 293 161 132 156 0 186 0 amapchunkpl 152 272227 0 271388 87 50 37 43 0 158 0 amappl16 200 45430 0 44750 222 185 37 48 0 8 0 amappl15 192 3405 0 3405 2 2 0 1 0 8 0 amappl14 184 2849 0 2844 1 0 1 1 0 8 0 amappl13 176 1879 0 1872 1 0 1 1 0 8 0 amappl12 168 723 0 718 1 0 1 1 0 8 0 amappl11 160 2148 0 2127 2 0 2 2 0 8 0 amappl10 152 2493 0 2483 1 0 1 1 0 8 0 amappl9 144 2749 0 2744 1 0 1 1 0 8 0 amappl8 136 4651 0 4505 7 1 6 6 0 8 0 amappl7 128 3209 0 3180 2 0 2 2 0 8 1 amappl6 120 2860 0 2829 2 1 1 2 0 8 0 amappl5 112 14903 0 14883 1 0 1 1 0 8 0 amappl4 104 6734 0 6705 2 0 2 2 0 8 0 amappl3 96 49252 0 49198 2 0 2 2 0 8 0 amappl2 88 19394 0 19302 5 2 3 3 0 8 0 amappl1 80 397673 0 397000 20 5 15 20 0 8 0 amappl 88 92122 0 91836 8 1 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 165 0 35 3 0 3 3 0 8 0 uaddrrnd 24 16979 0 16671 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 16979 0 16671 2 0 2 2 0 8 0 vmmpekpl 168 114177 0 114079 5 0 5 5 0 8 0 vmmpepl 168 1632921 0 1629313 538 367 171 187 0 357 8 vmsppl 368 16978 0 16671 30 2 28 28 0 8 0 rwobjpl 56 398331 0 390343 134 20 114 116 0 8 0 pdppl 4096 33965 0 33619 1186 840 346 346 0 8 0 pvpl 32 6199000 0 6174846 582 379 203 242 0 265 4 pmappl 248 16978 0 16671 21 1 20 20 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 2809 0 1491 38 0 38 38 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace pf_anchor_global_RB_REMOVE(ffffffff82b3a778,ffff800000dd2800) at pf_anchor_global_RB_REMOVE+0130 pf_remove_if_empty_ruleset(ffff800000dd2c90) at pf_remove_if_empty_ruleset+0335 pfi_dynaddr_setup(ffff800000e62d78,0) at pfi_dynaddr_setup+02021 pfioctl(4900,cd60441a,ffff800000bf9000,3,ffff80002121b7a0) at pfioctl+0107007 VOP_IOCTL(fffffd806f677aa8,cd60441a,ffff800000bf9000,3,fffffd807f7d7840,ffff80002121b7a0) at VOP_IOCTL+0226 vn_ioctl(fffffd806c6d03a8,cd60441a,ffff800000bf9000,ffff80002121b7a0) at vn_ioctl+0274 sys_ioctl(ffff80002121b7a0,ffff80002e199ca8,ffff80002e199d00) at sys_ioctl+02242 syscall(ffff80002e199d70) at syscall+02211 Xsyscall() at Xsyscall+0450 end of kernel end trace frame: 0xea1b5e64720, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+032: addq $010,%rsp ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+032 x86_ipi_handler() at x86_ipi_handler+0267 Xresume_lapic_ipi() at Xresume_lapic_ipi+043 acpicpu_idle() at acpicpu_idle+01422 sched_idle(ffff800020ce8ff0) at sched_idle+02027 end trace frame: 0x0, count: -5