kernel: protection fault trap, code=0 Stopped at pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace pf_anchor_global_RB_REMOVE(ffffffff82ad9738,ffff800000c31000) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000c31490) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfioctl(4900,cd60441a,ffff800000bf8000,3,ffff80002e5b42b0) at pfioctl+0x8f7c sys/net/pf_ioctl.c:1713 VOP_IOCTL(fffffd806f768c68,cd60441a,ffff800000bf8000,3,fffffd807f7d8660,ffff80002e5b42b0) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd80598d48f8,cd60441a,ffff800000bf8000,ffff80002e5b42b0) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80002e5b42b0,ffff80002121c4b8,ffff80002121c510) at sys_ioctl+0x4a2 syscall(ffff80002121c580) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002121c580) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x76360b63640, count: -8 ddb{0}> show registers rdi 0xffffffff82ad9738 pf_anchors rsi 0xffff800000c31000 rbp 0xffff80002121c020 rbx 0xffffffff82ad9738 pf_anchors rdx 0 rcx 0xfffffd80036f8740 rax 0xffff80002e5b42b0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x65a7f963aa80b00b r11 0x233dae004a009c62 r12 0x262a006b589a17cf r13 0xffffffff82ad9740 pf_main_anchor r14 0xffff800000c31000 r15 0xdeaf007fdeafbead rip 0xffffffff8159ef58 pf_anchor_global_RB_REMOVE+0x58 cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff80002121bfd0 ss 0x10 pf_anchor_global_RB_REMOVE+0x58: movq 0(%r12),%rbx ddb{0}> show proc PROC (syz-executor.1) pid=402038 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff80002e5b5270,0xffffffff829f6450 process=0xffff80002bd2f1f8 user=0xffff800021217000, vmspace=0xfffffd807e49a020 estcpu=33, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 80806 515101 10519 0 2 0 syz-executor.1 *80806 402038 10519 0 7 0x4000000 syz-executor.1 5256 492537 99310 0 3 0x80 nanoslp syz-executor.4 5256 85668 99310 0 3 0x4000080 bpf syz-executor.4 5256 236881 99310 0 3 0x4000080 fsleep syz-executor.4 53846 215295 95409 0 3 0x80 nanoslp syz-executor.7 53846 172439 95409 0 3 0x4000080 kqread syz-executor.7 95098 277603 80933 0 3 0x82 piperd syz-executor.5 45121 149690 80933 0 3 0x82 nanoslp syz-executor.6 97770 78732 80933 0 2 0x2 syz-executor.2 62224 382298 80933 0 3 0x82 nanoslp syz-executor.3 95409 263206 80933 0 3 0x82 nanoslp syz-executor.7 99310 296357 80933 0 3 0x82 nanoslp syz-executor.4 10519 64710 80933 0 3 0x82 nanoslp syz-executor.1 46579 190911 80933 0 3 0x82 piperd syz-executor.0 56159 184245 0 0 3 0x14280 nfsidl nfsio 10707 76480 0 0 3 0x14280 nfsidl nfsio 33726 217180 0 0 3 0x14280 nfsidl nfsio 83276 72164 0 0 3 0x14280 nfsidl nfsio 27796 291483 0 0 3 0x14280 nfsidl nfsio 48207 396203 0 0 3 0x14280 nfsidl nfsio 26494 497189 0 0 3 0x14280 nfsidl nfsio 69448 19714 0 0 3 0x14280 nfsidl nfsio 95575 73182 0 0 3 0x14280 nfsidl nfsio 21639 182385 0 0 3 0x14280 nfsidl nfsio 72725 471692 0 0 3 0x14280 nfsidl nfsio 88826 110278 0 0 3 0x14280 nfsidl nfsio 59946 420870 0 0 3 0x14280 nfsidl nfsio 31498 2661 0 0 3 0x14280 nfsidl nfsio 41442 361481 0 0 3 0x14280 nfsidl nfsio 16385 197700 0 0 3 0x14280 nfsidl nfsio 85640 236433 0 0 3 0x14280 nfsidl nfsio 73338 260955 0 0 3 0x14280 nfsidl nfsio 3159 376165 0 0 3 0x14280 nfsidl nfsio 97727 81871 0 0 3 0x14280 nfsidl nfsio 87521 181179 1 0 3 0x100083 ttyin getty 69276 209061 0 0 3 0x14200 bored sosplice 80933 176922 73718 0 3 0x82 nanoslp syz-fuzzer 80933 331416 73718 0 3 0x4000082 nanoslp syz-fuzzer 80933 26189 73718 0 3 0x4000082 thrsleep syz-fuzzer 80933 28574 73718 0 3 0x4000082 thrsleep syz-fuzzer 80933 23272 73718 0 3 0x4000082 thrsleep syz-fuzzer 80933 106271 73718 0 3 0x4000082 kqread syz-fuzzer 80933 275669 73718 0 3 0x4000082 thrsleep syz-fuzzer 80933 123260 73718 0 3 0x4000082 thrsleep syz-fuzzer 80933 158114 73718 0 3 0x4000082 thrsleep syz-fuzzer 73718 143752 5562 0 3 0x10008a sigsusp ksh 5562 271949 63804 0 3 0x9a kqread sshd 63804 233590 1 0 3 0x88 kqread sshd 3237 417554 82282 74 3 0x1100092 bpf pflogd 82282 442205 1 0 3 0x80 netio pflogd 45948 256446 90689 73 3 0x1100090 kqread syslogd 90689 499346 1 0 3 0x100082 netio syslogd 62697 395114 1 0 3 0x100080 kqread resolvd 86792 306725 76467 77 3 0x100092 kqread dhcpleased 49846 473210 76467 77 3 0x100092 kqread dhcpleased 76467 281603 1 0 3 0x80 kqread dhcpleased 20483 417829 0 0 3 0x14200 bored smr 26481 420730 0 0 2 0x14200 zerothread 69843 239733 0 0 3 0x14200 aiodoned aiodoned 52526 495989 0 0 3 0x14200 syncer update 97602 74147 0 0 3 0x14200 cleaner cleaner 30447 286997 0 0 3 0x14200 reaper reaper 34009 285010 0 0 3 0x14200 pgdaemon pagedaemon 41831 76662 0 0 3 0x14200 bored viomb 85306 384946 0 0 3 0x40014200 acpi0 acpi0 11733 477615 0 0 7 0x40014200 idle1 50920 292903 0 0 3 0x14200 bored softnet 47093 498882 0 0 3 0x14200 bored systqmp 58490 200615 0 0 3 0x14200 bored systq 5499 211892 0 0 3 0x40014200 bored softclock 90630 21189 0 0 3 0x40014200 idle0 1 180458 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 80806 (syz-executor.1) thread 0xffff80002e5b42b0 (402038) exclusive rwlock pf_lock r = 0 (0xffffffff828d3610) #0 witness_lock+0x44d #1 pfioctl+0x5b38 sys/net/pf_ioctl.c:1601 #2 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #3 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4a2 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 exclusive rwlock netlock r = 0 (0xffffffff8293a440) #0 witness_lock+0x44d #1 pfioctl+0x3690 sys/net/pf_ioctl.c:1601 #2 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #3 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 #4 sys_ioctl+0x4a2 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82aa6470) #0 witness_lock+0x44d #1 vn_ioctl+0x41 sys/kern/vfs_vnops.c:514 #2 sys_ioctl+0x4a2 #3 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #3 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #4 Xsyscall+0x128 Process 97770 (syz-executor.2) thread 0xffff8000ffff47e0 (78732) exclusive rrwlock inode r = 0 (0xfffffd80676f40a0) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534 #4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140 #5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1347 #6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394 #7 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162 #8 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404 #9 domkdirat+0x121 sys/kern/vfs_syscalls.c:3101 #10 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #10 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd8068c14e70) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:579 #5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413 #6 namei+0x36a sys/kern/vfs_lookup.c:245 #7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3086 #8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #9 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10234 6839K 7451K 78643K 38802 0 pcb 13 20K 22K 78643K 3146 0 rtable 249 26K 27K 78643K 8353 0 ifaddr 101 23K 25K 78643K 2311 0 sysctl 2 0K 2K 78643K 4 0 counters 54 35K 36K 78643K 520 0 ioctlops 1 4K 6K 78643K 8818 0 iov 0 0K 32K 78643K 1908 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1489 93K 93K 78643K 9657 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 163 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 1885 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 13 45K 97K 78643K 17293 0 sigio 0 0K 0K 78643K 210 0 proc 73 87K 111K 78643K 2471 0 subproc 104 6K 6K 78643K 749 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 901 0 in_multi 85 5K 6K 78643K 1233 0 ether_multi 1 0K 0K 78643K 216 0 mrt 2 0K 0K 78643K 89 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 169 758K 758K 78643K 169 0 exec 0 0K 2K 78643K 3748 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 637 1419K 1420K 78643K 218855 0 UVM aobj 131 8K 8K 78643K 139 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 932 0 NDP 14 0K 2K 78643K 385 0 temp 197 4817K 4889K 78643K 191514 0 kqueue 13 20K 27K 78643K 1041 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 4577 0 4574 44 43 1 5 0 8 0 rtentry 112 874 0 789 4 0 4 4 0 8 0 unpcb 136 9188 0 9172 98 95 3 10 0 8 2 syncache 296 45 0 45 18 18 0 1 0 8 0 tcpqe 32 41 0 41 11 11 0 1 0 8 0 tcpcb 736 5940 0 5936 190 188 2 14 0 8 1 arp 120 140 0 123 1 0 1 1 0 8 0 inpcb 304 16486 0 16475 211 209 2 14 0 8 0 rttmr 72 67 0 67 8 8 0 1 0 8 0 ip6q 72 6 0 6 2 2 0 1 0 8 0 ip6af 40 12 0 12 2 2 0 1 0 8 0 nd6 48 208 0 186 1 0 1 1 0 8 0 pkpcb 40 67 0 67 7 7 0 1 0 8 0 kcovpl 48 57 0 49 1 0 1 1 0 8 0 ppxss 1248 79 0 79 17 16 1 1 0 8 1 pfstscr 40 67 0 67 12 11 1 1 0 8 1 pffrag 232 88 0 87 12 11 1 1 0 482 0 pffrnode 88 88 0 87 12 11 1 1 0 8 0 pffrent 40 509 0 508 13 12 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 529 0 506 7 5 2 3 0 8 0 pftag 88 54 0 42 2 1 1 1 0 8 0 pfqueue 264 76 0 76 4 4 0 1 0 8 0 pfstitem 24 50 0 48 1 0 1 1 0 8 0 pfstkey 112 130 0 128 1 0 1 1 0 8 0 pfstate 320 83 0 81 2 1 1 2 0 8 0 pfrule 1360 973 0 863 15 5 10 10 0 8 0 art_heap8 4096 4 0 3 4 3 1 2 0 8 0 art_heap4 256 3895 0 3506 62 34 28 30 0 8 2 art_table 32 3899 0 3509 5 1 4 4 0 8 0 art_node 16 869 0 793 1 0 1 1 0 8 0 sysvmsgpl 40 52 0 36 1 0 1 1 0 8 0 semapl 112 1883 0 1873 1 0 1 1 0 8 0 shmpl 112 136 0 8 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 23132 0 21659 93 0 93 93 0 8 0 ffsino 272 23132 0 21659 99 0 99 99 0 8 0 nchpl 144 48227 0 46600 63 0 63 63 0 8 0 uvmvnodes 80 6158 0 0 126 0 126 126 0 8 0 vnodes 224 6158 0 0 363 0 363 363 0 8 0 namei 1024 170203 0 170202 8 7 1 2 0 8 0 percpumem 16 272 0 233 1 0 1 1 0 8 0 vcpupl 2048 228 0 0 29 0 29 29 0 8 0 vmpool 560 267 0 39 17 0 17 17 0 8 0 pfiaddrpl 120 144 0 108 5 3 2 2 0 8 0 scsiplug 72 11 0 11 4 4 0 1 0 8 0 scxspl 216 141068 0 141068 32 31 1 8 0 8 1 plimitpl 152 1846 0 1831 1 0 1 1 0 8 0 sigapl 424 17542 0 17479 9 1 8 8 0 8 0 futexpl 64 161282 0 161281 8 7 1 1 0 8 0 knotepl 120 662 0 0 17 2 15 17 0 8 0 kqueuepl 216 4114 0 4105 77 72 5 6 0 8 4 pipepl 336 7246 0 7218 162 156 6 13 0 8 3 fdescpl 496 17485 0 17459 8 4 4 5 0 8 0 filepl 152 129959 0 129712 217 202 15 22 0 8 4 lockfpl 104 3265 0 3262 5 4 1 2 0 8 0 lockfspl 48 1165 0 1162 1 0 1 1 0 8 0 sessionpl 144 76 0 59 1 0 1 1 0 8 0 pgrppl 48 162 0 145 1 0 1 1 0 8 0 ucredpl 96 14929 0 14917 1 0 1 1 0 8 0 zombiepl 144 17481 0 17479 5 4 1 1 0 8 0 processpl 1064 17542 0 17479 5 0 5 5 0 8 0 procpl 672 48978 0 48903 22 13 9 9 0 8 1 srpgc 96 73 0 73 22 21 1 1 0 8 1 sosppl 168 200 0 199 32 31 1 1 0 8 0 sockpl 480 30364 0 30337 577 565 12 37 0 8 7 mcl64k 65536 40 0 0 3 0 3 3 0 8 0 mcl16k 16384 25 0 0 4 1 3 3 0 8 0 mcl12k 12288 25 0 0 2 0 2 2 0 8 0 mcl9k 9216 32 0 0 2 0 2 2 0 8 0 mcl8k 8192 57 0 0 5 2 3 3 0 8 0 mcl4k 4096 41 0 0 4 1 3 3 0 8 0 mcl2k2 2112 14 0 0 1 0 1 1 0 8 0 mcl2k 2048 449 0 0 24 5 19 23 0 8 0 mtagpl 96 1056 0 0 13 1 12 12 0 8 0 mbufpl 256 8103 0 0 456 0 456 456 0 8 0 bufpl 288 29912 0 23576 453 0 453 453 0 8 0 anonpl 24 4875283 0 4855421 280 142 138 200 0 186 0 amapchunkpl 152 541499 0 540641 161 121 40 66 0 158 1 amappl16 200 42307 0 41650 162 125 37 49 0 8 0 amappl15 192 3633 0 3626 1 0 1 1 0 8 0 amappl14 184 1183 0 1179 1 0 1 1 0 8 0 amappl13 176 2416 0 2413 1 0 1 1 0 8 0 amappl12 168 3148 0 3144 1 0 1 1 0 8 0 amappl11 160 1368 0 1350 1 0 1 1 0 8 0 amappl10 152 2005 0 1996 1 0 1 1 0 8 0 amappl9 144 3282 0 3275 1 0 1 1 0 8 0 amappl8 136 3911 0 3744 6 0 6 6 0 8 0 amappl7 128 2353 0 2340 1 0 1 1 0 8 0 amappl6 120 3167 0 3131 4 2 2 2 0 8 0 amappl5 112 15872 0 15854 1 0 1 1 0 8 0 amappl4 104 5192 0 5159 2 0 2 2 0 8 0 amappl3 96 6229 0 6217 1 0 1 1 0 8 0 amappl2 88 4576 0 4518 3 1 2 3 0 8 0 amappl1 80 314153 0 313609 24 10 14 19 0 8 0 amappl 88 217027 0 216691 11 2 9 9 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 138 0 8 3 0 3 3 0 8 0 uaddrrnd 24 17752 0 17498 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 17752 0 17498 2 0 2 2 0 8 0 vmmpekpl 168 142813 0 142711 5 0 5 5 0 8 0 vmmpepl 168 1587536 0 1584583 427 268 159 179 0 357 1 vmsppl 368 17751 0 17498 25 1 24 24 0 8 0 rwobjpl 56 381148 0 373041 131 15 116 116 0 8 0 pdppl 4096 35511 0 35224 1012 715 297 297 0 8 10 pvpl 32 8235388 0 8211225 578 360 218 335 0 265 0 pmappl 248 17751 0 17498 18 1 17 17 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 2654 0 1120 44 0 44 44 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace pf_anchor_global_RB_REMOVE(ffffffff82ad9738,ffff800000c31000) at pf_anchor_global_RB_REMOVE+0x58 sys/net/pf_ruleset.c:84 pf_remove_if_empty_ruleset(ffff800000c31490) at pf_remove_if_empty_ruleset+0xdd sys/net/pf_ruleset.c:300 pfioctl(4900,cd60441a,ffff800000bf8000,3,ffff80002e5b42b0) at pfioctl+0x8f7c sys/net/pf_ioctl.c:1713 VOP_IOCTL(fffffd806f768c68,cd60441a,ffff800000bf8000,3,fffffd807f7d8660,ffff80002e5b42b0) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd80598d48f8,cd60441a,ffff800000bf8000,ffff80002e5b42b0) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80002e5b42b0,ffff80002121c4b8,ffff80002121c510) at sys_ioctl+0x4a2 syscall(ffff80002121c580) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002121c580) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x76360b63640, count: -8 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5