uvm_fault(0xfffffd803f013440, 0x5c7, 0, 2) -> e
kernel: page fault trap, code=0
Stopped at tun_clone_destroy+0x14f: movq %rax,0x5c8(%r12)
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xfffffd803f013440, 0x5c7, 0, 2) -> e
tun_clone_destroy(ffff800000a63800) at tun_clone_destroy+0x14f sys/net/if_tun.c:271
end trace frame: 0xffff80001596e5d0, count: 0
ddb> trace
tun_clone_destroy(ffff800000a63800) at tun_clone_destroy+0x14f sys/net/if_tun.c:271
ifioctl(fffffd803de7bda0,80206979,ffff80001596e860,ffff8000ffff3160) at ifioctl+0x3d4 sys/net/if.c:1877
fifo_ioctl(ffff80001596e6a8) at fifo_ioctl+0x99 sys/miscfs/fifofs/fifo_vnops.c:276
VOP_IOCTL(fffffd802d858420,80206979,ffff80001596e860,3,fffffd803f7c69c0,ffff8000ffff3160) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291
vn_ioctl(fffffd802afd3888,80206979,ffff80001596e860,ffff8000ffff3160) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:524
sys_ioctl(ffff8000ffff3160,ffff80001596e978,ffff80001596e9c0) at sys_ioctl+0x5b9
syscall(ffff80001596ea40) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff36,0,3,468f02db0e0) at Xsyscall+0x128
end of kernel
end trace frame: 0x46bdb7e6c70, count: -8
ddb> show registers
rdi 0xffffffff81f98c58 tun_clone_destroy+0x148
rsi 0x59
rbp 0xffff80001596e500
rbx 0xffff80001596e860
rdx 0x5a
rcx 0xffff800016d45000
rax 0xffffffffffffffff
r8 0x101010101010101
r9 0x8080808080808080
r10 0x62f8dd567a2b0ce5
r11 0x14a3ba3376d711fd
r12 0xffffffffffffffff
r13 0
r14 0xffff800000a63800
r15 0xffff800000a63800
rip 0xffffffff81f98c5f tun_clone_destroy+0x14f
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80001596e4c0
ss 0x10
tun_clone_destroy+0x14f: movq %rax,0x5c8(%r12)
ddb> show proc
PROC (syz-executor.0) pid=308888 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=52, usrpri=52, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff2ee8,0xffff8000ffff38d8
process=0xffff8000ffff70f0 user=0xffff800015969000, vmspace=0xfffffd803f013440
estcpu=2, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
4078 315746 13942 0 3 0x80 nanosleep syz-executor.1
4078 35814 13942 0 3 0x4000080 netio syz-executor.1
4078 174171 13942 0 3 0x4000080 fsleep syz-executor.1
90291 58514 22461 0 2 0 syz-executor.0
90291 122939 22461 0 3 0x4000000 tqbar syz-executor.0
*90291 308888 22461 0 7 0x4000000 syz-executor.0
66969 365062 0 0 3 0x14200 bored sosplice
22461 464086 65332 0 3 0x82 nanosleep syz-executor.0
13942 521423 65332 0 3 0x82 nanosleep syz-executor.1
65332 118173 33582 0 3 0x82 thrsleep syz-fuzzer
65332 404026 33582 0 3 0x4000082 thrsleep syz-fuzzer
65332 213127 33582 0 3 0x4000082 thrsleep syz-fuzzer
65332 143382 33582 0 3 0x4000082 thrsleep syz-fuzzer
65332 107367 33582 0 3 0x4000082 thrsleep syz-fuzzer
65332 53262 33582 0 3 0x4000082 kqread syz-fuzzer
65332 61596 33582 0 3 0x4000082 thrsleep syz-fuzzer
33582 370400 98882 0 3 0x10008a pause ksh
98882 344675 4189 0 3 0x92 select sshd
55311 97582 1 0 3 0x100083 ttyin getty
4189 362581 1 0 3 0x80 select sshd
10695 180753 49560 73 3 0x100090 kqread syslogd
49560 193510 1 0 3 0x100082 netio syslogd
49370 92699 1 77 3 0x100090 poll dhclient
40481 496106 1 0 3 0x80 poll dhclient
94008 186971 0 0 3 0x14200 pgzero zerothread
7383 471548 0 0 3 0x14200 aiodoned aiodoned
34550 167155 0 0 3 0x14200 syncer update
80845 302040 0 0 3 0x14200 cleaner cleaner
96649 18918 0 0 3 0x14200 reaper reaper
28955 420482 0 0 3 0x14200 pgdaemon pagedaemon
31407 190215 0 0 3 0x14200 bored crynlk
36474 351276 0 0 3 0x14200 bored crypto
91702 455157 0 0 3 0x40014200 acpi0 acpi0
38221 339364 0 0 3 0x14200 bored softnet
16531 334974 0 0 3 0x14200 bored systqmp
75799 215496 0 0 3 0x14200 tqbar systq
18784 355220 0 0 3 0x40014200 bored softclock
83812 64335 0 0 3 0x40014200 idle0
36562 389714 0 0 3 0x14200 bored smr
1 454513 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9462 6445K 6635K 78643K 10671 0 0
pcb 13 8K 8K 78643K 33 0 0
rtable 100 3K 3K 78643K 203 0 0
ifaddr 38 10K 10K 78643K 39 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 21 0 0
iov 0 0K 16K 78643K 22 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1217 76K 76K 78643K 1262 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 3 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 12 0K 0K 78643K 27 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 6 17K 25K 78643K 88 0 0
sigio 0 0K 0K 78643K 2 0 0
proc 47 38K 63K 78643K 354 0 0
subproc 32 2K 2K 78643K 34 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
in_multi 33 2K 2K 78643K 33 0 0
ether_multi 1 0K 0K 78643K 2 0 0
mrt 0 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 54 238K 238K 78643K 54 0 0
exec 0 0K 1K 78643K 186 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 95 21K 21K 78643K 1076 0 0
UVM aobj 6 2K 2K 78643K 6 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 20 0 0
NDP 6 0K 0K 78643K 10 0 0
temp 93 3529K 3593K 78643K 3429 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 6 0 1 1 0 1 1 0 8 0
rtpcb 80 19 0 17 1 0 1 1 0 8 0
rtentry 112 45 0 4 2 0 2 2 0 8 0
unpcb 120 200 0 182 2 0 2 2 0 8 1
syncache 264 4 0 4 1 1 0 1 0 8 0
tcpqe 32 5576 0 5576 2 2 0 1 0 8 0
tcpcb 544 41 0 35 1 0 1 1 0 8 0
inpcb 280 110 0 100 1 0 1 1 0 8 0
nd6 48 4 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 212 0 2 14 0 14 14 0 8 0
art_table 32 213 0 2 2 0 2 2 0 8 0
art_node 16 44 0 7 1 0 1 1 0 8 0
semapl 112 25 0 15 1 0 1 1 0 8 0
shmpl 112 4 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1504 0 105 46 0 46 46 0 8 0
ffsino 240 1504 0 105 83 0 83 83 0 8 0
nchpl 144 1846 0 231 60 0 60 60 0 8 0
uvmvnodes 72 1573 0 0 29 0 29 29 0 8 0
vnodes 208 1573 0 0 83 0 83 83 0 8 0
namei 1024 4551 0 4551 3 2 1 1 0 8 1
scxspl 192 5029 0 5029 10 8 2 7 0 8 2
plimitpl 152 18 0 11 1 0 1 1 0 8 0
sigapl 432 259 0 245 2 0 2 2 0 8 0
futexpl 56 1836 0 1835 1 0 1 1 0 8 0
knotepl 112 61 0 42 1 0 1 1 0 8 0
kqueuepl 104 22 0 20 1 0 1 1 0 8 0
pipepl 112 162 0 143 2 1 1 1 0 8 0
fdescpl 424 260 0 245 2 0 2 2 0 8 0
filepl 120 1657 0 1545 5 0 5 5 0 8 1
lockfpl 104 21 0 20 1 0 1 1 0 8 0
lockfspl 48 9 0 8 1 0 1 1 0 8 0
sessionpl 112 17 0 7 1 0 1 1 0 8 0
pgrppl 48 17 0 7 1 0 1 1 0 8 0
ucredpl 96 119 0 111 1 0 1 1 0 8 0
zombiepl 144 245 0 245 3 2 1 1 0 8 1
processpl 864 275 0 245 4 0 4 4 0 8 0
procpl 632 384 0 344 4 0 4 4 0 8 0
sosppl 128 5 0 5 1 0 1 1 0 8 1
sockpl 384 329 0 298 5 0 5 5 0 8 1
mcl64k 65536 11 0 9 1 0 1 1 0 8 0
mcl12k 12288 4 0 4 1 0 1 1 0 8 1
mcl9k 9216 1 0 1 1 0 1 1 0 8 1
mcl8k 8192 6 0 6 1 0 1 1 0 8 1
mcl4k 4096 19 0 19 2 1 1 1 0 8 1
mcl2k2 2112 1 0 1 1 0 1 1 0 8 1
mcl2k 2048 61845 0 61806 19 9 10 17 0 8 4
mtagpl 80 7 0 7 2 1 1 1 0 8 1
mbufpl 256 100663 0 100593 11 1 10 10 0 8 2
bufpl 256 6290 0 1451 303 0 303 303 0 8 0
anonpl 16 41973 0 25008 72 2 70 70 0 62 1
amapchunkpl 152 1320 0 1206 8 3 5 7 0 158 0
amappl16 192 1308 0 353 49 0 49 49 0 8 1
amappl15 184 2 0 1 1 0 1 1 0 8 0
amappl14 176 30 0 27 2 1 1 1 0 8 0
amappl13 168 24 0 22 1 0 1 1 0 8 0
amappl12 160 38 0 32 1 0 1 1 0 8 0
amappl11 152 44 0 33 1 0 1 1 0 8 0
amappl10 144 8 0 7 1 0 1 1 0 8 0
amappl9 136 573 0 567 1 0 1 1 0 8 0
amappl8 128 150 0 124 1 0 1 1 0 8 0
amappl7 120 36 0 33 1 0 1 1 0 8 0
amappl6 112 68 0 58 1 0 1 1 0 8 0
amappl5 104 173 0 160 1 0 1 1 0 8 0
amappl4 96 443 0 415 1 0 1 1 0 8 0
amappl3 88 143 0 136 1 0 1 1 0 8 0
amappl2 80 1323 0 1246 4 2 2 3 0 8 0
amappl1 72 14298 0 13856 27 18 9 20 0 8 0
amappl 80 622 0 582 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 17 0 17 1 1 0 1 0 8 0
aobjpl 64 5 0 0 1 0 1 1 0 8 0
uaddrrnd 24 260 0 245 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 260 0 245 1 0 1 1 0 8 0
vmmpekpl 168 6089 0 6066 2 0 2 2 0 8 0
vmmpepl 168 38835 0 36699 144 28 116 118 0 357 23
vmsppl 272 259 0 245 2 1 1 2 0 8 0
pdppl 4096 526 0 490 6 1 5 6 0 8 0
pvpl 32 138596 0 118478 175 9 166 166 0 265 3
pmappl 200 259 0 245 1 0 1 1 0 8 0
extentpl 40 41 0 26 1 0 1 1 0 8 0
phpool 112 452 0 17 13 0 13 13 0 8 0