uvm_fault(0xffffffff82dcb8f8, 0x444, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at pf_purge_expired_states+0x187: movl 0x444(%r14,%rbx,4),%r15d
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*227372 52284 0 0x14000 0x200 1 systqmp
369776 19937 0 0x14000 0x40000200 0K softclock
pf_purge_expired_states(40,40) at pf_purge_expired_states+0x187 pf_state_expires sys/net/pf.c:1716 [inline]
pf_purge_expired_states(40,40) at pf_purge_expired_states+0x187 sys/net/pf.c:1946
pf_purge_states(0) at pf_purge_states+0x3e sys/net/pf.c:1642
taskq_thread(ffffffff82cdf3c0) at taskq_thread+0xe5 sys/kern/kern_task.c:450
end trace frame: 0x0, count: 12
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: uvm_fault(0xffffffff82dcb8f8, 0x444, 0, 1) -> e
ddb{1}> trace
pf_purge_expired_states(40,40) at pf_purge_expired_states+0x187 pf_state_expires sys/net/pf.c:1716 [inline]
pf_purge_expired_states(40,40) at pf_purge_expired_states+0x187 sys/net/pf.c:1946
pf_purge_states(0) at pf_purge_states+0x3e sys/net/pf.c:1642
taskq_thread(ffffffff82cdf3c0) at taskq_thread+0xe5 sys/kern/kern_task.c:450
end trace frame: 0x0, count: -3
ddb{1}> show registers
rdi 0x13
rsi 0
rbp 0xffff80002a119f60
rbx 0
rdx 0
rcx 0xffff80002a0fb2a8
rax 0xffff800029cebff0
r8 0
r9 0x1
r10 0
r11 0x838f5155a687b1e4
r12 0x40
r13 0xfffffd80639eec78
r14 0
r15 0xfffffd806f047468
rip 0xffffffff81b64da7 pf_purge_expired_states+0x187
cs 0x8
rflags 0x10293 __ALIGN_SIZE+0xf293
rsp 0xffff80002a119ee0
ss 0
pf_purge_expired_states+0x187: movl 0x444(%r14,%rbx,4),%r15d
ddb{1}> show proc
PROC (systqmp) tid=227372 pid=52284 tcnt=1 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff80002a0fb550,0xffff80002a0fb010
process=0xffff8000ffffc470 user=0xffff80002a115000, vmspace=0xffffffff82dcb8f8
estcpu=0, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
25963 185041 98701 0 2 0 syz-executor.2
25963 323797 98701 0 2 0x4000000 syz-executor.2
92840 299135 53949 0 2 0 syz-executor.7
92840 329450 53949 0 2 0x4000000 syz-executor.7
30871 239780 45420 0 2 0 syz-executor.6
30871 82393 45420 0 3 0x4000080 fsleep syz-executor.6
8030 412133 37549 0 2 0 syz-executor.3
8030 401901 37549 0 3 0x4000080 piperd syz-executor.3
8030 226646 37549 0 3 0x4000080 piperd syz-executor.3
16878 15803 51943 0 2 0 syz-executor.1
16878 181478 51943 0 3 0x4000080 fsleep syz-executor.1
41030 485033 24135 0 2 0 syz-executor.5
24135 249542 18909 0 2 0x482 syz-executor.5
45420 456384 18909 0 3 0x82 nanoslp syz-executor.6
51943 505963 18909 0 2 0x482 syz-executor.1
55275 515616 0 0 3 0x14280 nfsidl nfsio
93725 264282 0 0 3 0x14280 nfsidl nfsio
73916 491978 0 0 3 0x14280 nfsidl nfsio
58256 399383 0 0 3 0x14280 nfsidl nfsio
63093 211872 0 0 3 0x14280 nfsidl nfsio
18493 324222 0 0 3 0x14280 nfsidl nfsio
18172 194228 0 0 3 0x14280 nfsidl nfsio
99128 465050 0 0 3 0x14280 nfsidl nfsio
74209 60155 0 0 3 0x14280 nfsidl nfsio
89555 35027 0 0 3 0x14280 nfsidl nfsio
81204 245889 0 0 3 0x14280 nfsidl nfsio
73022 323188 0 0 3 0x14280 nfsidl nfsio
82084 105034 0 0 3 0x14280 nfsidl nfsio
881 181029 0 0 3 0x14280 nfsidl nfsio
70658 454184 0 0 3 0x14280 nfsidl nfsio
67657 438608 0 0 3 0x14280 nfsidl nfsio
18462 67225 0 0 3 0x14280 nfsidl nfsio
35350 78270 0 0 3 0x14280 nfsidl nfsio
18005 463480 0 0 3 0x14280 nfsidl nfsio
10278 167392 0 0 3 0x14280 nfsidl nfsio
37549 363565 18909 0 2 0x482 syz-executor.3
79961 71817 1 0 3 0x100083 ttyin getty
27567 132582 0 0 3 0x14200 bored sosplice
67929 482997 18909 0 2 0x2 syz-executor.4
25735 432599 18909 0 2 0x2 syz-executor.0
53949 423886 18909 0 2 0x482 syz-executor.7
98701 326577 18909 0 2 0x2 syz-executor.2
18909 141396 39909 0 3 0x2000082 thrsleep syz-fuzzer
18909 275269 39909 0 2 0x6000482 syz-fuzzer
18909 169958 39909 0 2 0x6000002 syz-fuzzer
18909 166652 39909 0 3 0x6000082 wait syz-fuzzer
18909 328326 39909 0 3 0x6000082 wait syz-fuzzer
18909 23659 39909 0 3 0x6000082 thrsleep syz-fuzzer
18909 264216 39909 0 3 0x6000082 thrsleep syz-fuzzer
18909 185325 39909 0 3 0x6000082 wait syz-fuzzer
18909 180589 39909 0 3 0x6000082 thrsleep syz-fuzzer
18909 354030 39909 0 3 0x6000082 wait syz-fuzzer
18909 219294 39909 0 3 0x6000082 wait syz-fuzzer
18909 211755 39909 0 3 0x6000082 thrsleep syz-fuzzer
18909 412662 39909 0 3 0x6000082 wait syz-fuzzer
18909 182905 39909 0 3 0x6000082 wait syz-fuzzer
18909 431757 39909 0 3 0x6000082 wait syz-fuzzer
18909 109496 39909 0 3 0x6000082 kqread syz-fuzzer
39909 392883 75837 0 3 0x10008a sigsusp ksh
75837 521535 72224 0 3 0x9a kqread sshd
72224 27719 1 0 3 0x88 kqread sshd
1996 126326 27035 74 3 0x1100092 bpf pflogd
27035 429654 1 0 3 0x80 netio pflogd
48361 295442 74030 73 3 0x1100090 kqread syslogd
74030 249836 1 0 3 0x100082 netio syslogd
10621 440831 1 0 3 0x100080 kqread resolvd
51123 282740 25124 77 3 0x100092 kqread dhcpleased
67849 455495 25124 77 3 0x100092 kqread dhcpleased
25124 26740 1 0 3 0x80 kqread dhcpleased
88917 353508 0 0 3 0x14200 bored smr
90471 68146 0 0 2 0x14200 zerothread
17651 51891 0 0 3 0x14200 aiodoned aiodoned
43799 240779 0 0 3 0x14200 syncer update
44624 200542 0 0 3 0x14200 cleaner cleaner
50687 250442 0 0 3 0x14200 reaper reaper
20809 372016 0 0 3 0x14200 pgdaemon pagedaemon
89130 3882 0 0 3 0x14200 bored viomb
33315 480929 0 0 3 0x40014200 acpi0 acpi0
69551 33203 0 0 3 0x40014200 idle1
69959 180495 0 0 3 0x14200 bored softnet3
60559 210551 0 0 3 0x14200 bored softnet2
74895 356575 0 0 3 0x14200 bored softnet1
43739 23757 0 0 3 0x14200 bored softnet0
*52284 227372 0 0 7 0x14200 systqmp
90831 359858 0 0 3 0x14200 bored systq
42732 425254 0 0 3 0x14200 tmoslp softclockmp
19937 369776 0 0 7 0x40014200 softclock
39086 67128 0 0 3 0x40014200 idle0
1 289902 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 52284 (systqmp) thread 0xffff80002a0fb2a8 (227372)
shared rwlock pfstates r = 0 (0xffffffff82cfb400)
#0 witness_lock+0x447
#1 pf_purge_expired_states+0x88 sys/net/pf.c:1924
#2 pf_purge_states+0x3e sys/net/pf.c:1642
#3 taskq_thread+0xe5 sys/kern/kern_task.c:450
#4 proc_trampoline+0x10
shared rwlock systqmp r = 0 (0xffffffff82cdf430)
#0 witness_lock+0x447
#1 taskq_thread+0xca sys/kern/kern_task.c:446
#2 proc_trampoline+0x10
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10203 6634K 15023K 166960K 42168 0
pcb 15 13K 14K 166960K 282 0
rtable 219 6K 8K 166960K 1931 0
pf 30 9K 10K 166960K 100 0
ifaddr 39 14K 15K 166960K 134 0
ifgroup 51 2K 2K 166960K 154 0
sysctl 3 0K 0K 166960K 9 0
counters 62 36K 36K 166960K 114 0
ioctlops 0 0K 4K 166960K 3574 0
iov 0 0K 32K 166960K 513 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1414 88K 88K 166960K 11119 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 82 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 803 0
dirhash 12 2K 2K 166960K 24 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 16 57K 93K 166960K 17237 0
sigio 1 0K 0K 166960K 329 0
proc 70 91K 140K 166960K 1278 0
subproc 104 6K 6K 166960K 299 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 477 0
in_multi 83 6K 7K 166960K 423 0
ether_multi 1 0K 0K 166960K 2 0
mrt 1 0K 0K 166960K 2 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 85 387K 387K 166960K 85 0
exec 0 0K 1K 166960K 984 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 421 121K 121K 166960K 160724 0
UVM aobj 131 4K 4K 166960K 131 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 1253 0
NDP 13 0K 1K 166960K 89 0
temp 75 6772K 6852K 166960K 55083 0
kqueue 12 18K 27K 166960K 3055 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 297 0 294 1 0 1 1 0 8 0
rtentry 112 588 0 487 6 2 4 4 0 8 0
unpcb 144 7787 0 7772 46 45 1 6 0 8 0
syncache 336 51 0 51 7 7 0 1 0 8 0
sackhl 24 1 0 1 1 1 0 1 0 8 0
tcpqe 32 298 0 298 6 6 0 1 0 8 0
tcpcb 808 3073 0 3068 49 41 8 9 0 8 7
arp 120 110 0 98 1 0 1 1 0 8 0
ipq 40 1 0 1 1 1 0 1 0 8 0
ipqe 40 3 0 3 1 1 0 1 0 8 0
inpcb 392 7537 0 7529 105 94 11 14 0 8 10
nd6 136 97 0 67 2 0 2 2 0 8 0
pkpcb 40 13 0 13 4 4 0 1 0 8 0
kcovpl 48 23 0 15 1 0 1 1 0 8 0
ppxss 1168 4 0 4 2 2 0 1 0 8 0
pffrag 232 30 0 30 4 4 0 1 0 482 0
pffrnode 88 30 0 30 4 4 0 1 0 8 0
pffrent 40 108 0 108 4 4 0 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 472 0 358 1 0 1 1 0 8 0
pfstkey 128 472 0 358 6 1 5 5 0 8 0
pfstate 376 472 0 358 24 12 12 14 0 8 0
pfstate: pool(0xffffffff82e1bce0:pfstate): page inconsistency: page 0x0; at page head addr 0xfffffd80639eef90 (p 0xfffffd80639ee000)
pfrule 1344 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1935 0 1486 56 23 33 35 0 8 4
art_table 32 1936 0 1486 7 2 5 5 0 8 0
art_node 16 547 0 454 1 0 1 1 0 8 0
sysvmsgpl 40 15 0 0 1 0 1 1 0 8 0
semapl 112 801 0 791 1 0 1 1 0 8 0
shmpl 112 128 0 0 4 0 4 4 0 8 0
dirhash 1024 25 0 8 3 0 3 3 0 8 0
dino2pl 256 21680 0 20220 92 0 92 92 0 8 0
ffsino 272 21680 0 20220 98 0 98 98 0 8 0
nchpl 144 43446 0 41793 64 1 63 64 0 8 0
uvmvnodes 80 8206 0 0 168 0 168 168 0 8 0
vnodes 216 8206 0 0 456 0 456 456 0 8 0
namei 1024 126323 0 126323 8 7 1 2 0 8 1
percpumem 16 71 0 26 1 0 1 1 0 8 0
vcpupl 2048 8 0 1 1 0 1 1 0 8 0
vmpool 696 12 0 5 1 0 1 1 0 8 0
kstatmem 264 74 0 52 3 1 2 2 0 8 0
scxspl 216 127106 0 127106 22 21 1 8 1 8 1
plimitpl 152 248 0 232 1 0 1 1 0 8 0
sigapl 424 17549 0 17481 15 7 8 9 0 8 0
futexpl 64 104888 0 104886 6 5 1 1 0 8 0
knotepl 120 413 0 0 11 0 11 11 0 8 0
kqueuepl 216 5586 0 5578 55 54 1 8 0 8 0
pipepl 320 2615 0 2586 61 58 3 8 0 8 0
fdescpl 496 17509 0 17480 10 6 4 5 0 8 0
filepl 152 82238 0 81993 76 61 15 19 0 8 4
lockfpl 104 2780 0 2778 5 4 1 2 0 8 0
lockfspl 48 1112 0 1110 1 0 1 1 0 8 0
sessionpl 144 40 0 23 1 0 1 1 0 8 0
pgrppl 48 217 0 200 1 0 1 1 0 8 0
ucredpl 104 4710 0 4697 1 0 1 1 0 8 0
zombiepl 144 17481 0 17481 1 0 1 1 0 8 1
processpl 1136 17549 0 17481 7 1 6 6 0 8 0
procpl 680 42839 0 42750 14 5 9 9 0 8 0
srpgc 96 12 0 12 5 4 1 1 0 8 1
sosppl 168 47 0 47 5 5 0 1 0 8 0
sockpl 584 15738 0 15712 107 97 10 13 0 8 8
mcl64k 65536 23 0 0 3 1 2 3 0 8 0
mcl16k 16384 13 0 0 2 0 2 2 0 8 0
mcl12k 12288 24 0 0 2 0 2 2 0 8 0
mcl9k 9216 17 0 0 2 0 2 2 0 8 0
mcl8k 8192 27 0 0 4 1 3 3 0 8 0
mcl4k 4096 33 0 0 4 1 3 3 0 8 0
mcl2k2 2112 10 0 0 1 0 1 1 0 8 0
mcl2k 2048 671 0 0 48 17 31 36 0 8 0
mtagpl 96 1264 0 0 27 0 27 27 0 8 0
mbufpl 256 1771 0 0 84 0 84 84 0 8 0
bufpl 280 28646 0 20441 587 0 587 587 0 8 0
anonpl 24 1485489 0 1476178 201 128 73 167 0 186 0
amapchunkpl 152 507209 0 506454 81 47 34 77 0 158 0
amappl16 200 25949 0 25720 78 65 13 25 0 8 0
amappl15 192 41 0 40 1 0 1 1 0 8 0
amappl14 184 211 0 195 2 1 1 2 0 8 0
amappl13 176 16 0 16 1 1 0 1 0 8 0
amappl12 168 18409 0 18374 3 1 2 2 0 8 0
amappl11 160 84 0 69 1 0 1 1 0 8 0
amappl10 152 72 0 58 2 1 1 1 0 8 0
amappl9 144 248 0 246 1 0 1 1 0 8 0
amappl8 136 881 0 706 8 1 7 7 0 8 0
amappl7 128 257 0 232 2 0 2 2 0 8 0
amappl6 120 531 0 515 1 0 1 1 0 8 0
amappl5 112 307 0 296 1 0 1 1 0 8 0
amappl4 104 699 0 663 2 0 2 2 0 8 0
amappl3 96 100493 0 100402 5 2 3 3 0 8 0
amappl2 88 18374 0 18292 3 1 2 3 0 8 0
amappl1 80 69254 0 68700 23 10 13 23 0 8 0
amappl 88 159808 0 159586 6 0 6 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 130 0 0 3 0 3 3 0 8 0
uaddrrnd 24 17521 0 17485 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 17521 0 17485 1 0 1 1 0 8 0
vmmpekpl 168 119993 0 119939 4 0 4 4 0 8 0
vmmpepl 168 987172 0 984903 247 132 115 120 0 357 9
vmsppl 448 17520 0 17485 11 6 5 5 0 8 0
rwobjpl 56 228226 0 218460 151 12 139 140 0 8 0
pdppl 4096 35049 0 34977 421 345 76 83 0 8 4
pvpl 32 52086 0 0 420 0 420 420 0 265 0
pmappl 248 17520 0 17485 5 2 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1018 0 555 14 0 14 14 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffffffff82d41ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82e73e38) at __mp_lock+0xe7 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82e73e38,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
msleep(ffffffff82dcc1c0,ffffffff82ccac80,0,ffffffff82880535,0) at msleep+0x164
softclock_thread(ffff80002a0fbff0) at softclock_thread+0xd0 sys/kern/kern_timeout.c:810
end trace frame: 0x0, count: 8
ddb{0}> trace
x86_ipi_db(ffffffff82d41ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82e73e38) at __mp_lock+0xe7 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82e73e38,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
msleep(ffffffff82dcc1c0,ffffffff82ccac80,0,ffffffff82880535,0) at msleep+0x164
softclock_thread(ffff80002a0fbff0) at softclock_thread+0xd0 sys/kern/kern_timeout.c:810
end trace frame: 0x0, count: -7
ddb{0}> machine ddbcpu 1
Stopped at pf_purge_expired_states+0x187: movl 0x444(%r14,%rbx,4),%r15d
pf_purge_expired_states(40,40) at pf_purge_expired_states+0x187 pf_state_expires sys/net/pf.c:1716 [inline]
pf_purge_expired_states(40,40) at pf_purge_expired_states+0x187 sys/net/pf.c:1946
pf_purge_states(0) at pf_purge_states+0x3e sys/net/pf.c:1642
taskq_thread(ffffffff82cdf3c0) at taskq_thread+0xe5 sys/kern/kern_task.c:450
end trace frame: 0x0, count: 12
ddb{1}> trace
pf_purge_expired_states(40,40) at pf_purge_expired_states+0x187 pf_state_expires sys/net/pf.c:1716 [inline]
pf_purge_expired_states(40,40) at pf_purge_expired_states+0x187 sys/net/pf.c:1946
pf_purge_states(0) at pf_purge_states+0x3e sys/net/pf.c:1642
taskq_thread(ffffffff82cdf3c0) at taskq_thread+0xe5 sys/kern/kern_task.c:450
end trace frame: 0x0, count: -3