uvm_fault(0xffffffff828aca30, 0xfffffd0000000008, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at ml_dequeue+0x28: movq 0x8(%r14),%rax
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
kernel page fault
uvm_fault(0xffffffff828aca30, 0xfffffd0000000008, 0, 1) -> e
ml_dequeue(ffff800000b12648) at ml_dequeue+0x28 sys/kern/uipc_mbuf.c:1597
end trace frame: 0xffff800021f1d770, count: 0
ddb{0}> trace
ml_dequeue(ffff800000b12648) at ml_dequeue+0x28 sys/kern/uipc_mbuf.c:1597
ifq_deq_sleep(ffff800000af3a78,ffff800021f1d788,10,117,ffffffff82427d01,ffff800000af3e7c) at ifq_deq_sleep+0x118 sys/net/ifq.c:475
tun_dev_read(5d01,ffff800021f1da58,10) at tun_dev_read+0xd6 sys/net/if_tun.c:775
spec_read(ffff800021f1d8a0) at spec_read+0xf1 sys/kern/spec_vnops.c:222
VOP_READ(fffffd806eceb0d8,ffff800021f1da58,10,fffffd807f7bf7e0) at VOP_READ+0xbf sys/kern/vfs_vops.c:247
vn_read(fffffd807d2880b8,ffff800021f1da58,0) at vn_read+0x124 sys/kern/vfs_vnops.c:375
dofilereadv(ffff800020e38878,f0,ffff800021f1da58,0,ffff800021f1db40) at dofilereadv+0x1a1 sys/kern/sys_generic.c:237
sys_read(ffff800020e38878,ffff800021f1daf0,ffff800021f1db40) at sys_read+0x83 sys/kern/sys_generic.c:157
syscall(ffff800021f1dbc0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800021f1dbc0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe33d0ca3f90, count: -10
ddb{0}> show registers
rdi 0xffffffff821c1e40 ml_dequeue+0x20
rsi 0x134
rbp 0xffff800021f1d6c0
rbx 0xfffffd0000000000
rdx 0x135
rcx 0xffff8000230d4000
rax 0xffff8000230d4000
r8 0xffffffff82427d01 pp_r600_decoded_lanes+0x6850
r9 0xffff800000af3e7c
r10 0xa
r11 0x668350b9328b6a9d
r12 0x117
r13 0xffff800000af3e7c
r14 0xfffffd0000000000
r15 0xffff800000b12648
rip 0xffffffff821c1e48 ml_dequeue+0x28
cs 0x8
rflags 0x10286 __ALIGN_SIZE+0xf286
rsp 0xffff800021f1d690
ss 0x10
ml_dequeue+0x28: movq 0x8(%r14),%rax
ddb{0}> show proc
PROC (syz-executor.1) pid=69237 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020e37c48,0xffffffff8292eea0
process=0xffff800020df1370 user=0xffff800021f18000, vmspace=0xfffffd807effea10
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
8294 219498 96160 0 2 0 syz-executor.1
* 8294 69237 96160 0 7 0x4000000 syz-executor.1
85644 263714 41722 0 7 0 syz-executor.0
85644 183416 41722 0 2 0x4000000 syz-executor.0
96160 48446 25295 0 3 0x82 nanosleep syz-executor.1
41722 359575 25295 0 3 0x82 nanosleep syz-executor.0
25295 427337 93870 0 3 0x82 thrsleep syz-fuzzer
25295 348849 93870 0 3 0x4000082 nanosleep syz-fuzzer
25295 520784 93870 0 3 0x4000082 thrsleep syz-fuzzer
25295 138636 93870 0 3 0x4000082 thrsleep syz-fuzzer
25295 226740 93870 0 3 0x4000082 thrsleep syz-fuzzer
25295 419576 93870 0 3 0x4000082 thrsleep syz-fuzzer
25295 372475 93870 0 3 0x4000082 thrsleep syz-fuzzer
25295 188017 93870 0 3 0x4000082 thrsleep syz-fuzzer
25295 225674 93870 0 3 0x4000082 kqread syz-fuzzer
25295 522873 93870 0 3 0x4000082 thrsleep syz-fuzzer
93870 156474 58946 0 3 0x10008a pause ksh
58946 487030 59742 0 3 0x92 select sshd
62047 190961 1 0 3 0x100083 ttyin getty
59742 309571 1 0 3 0x80 select sshd
10508 160689 80699 74 3 0x100092 bpf pflogd
80699 46786 1 0 3 0x80 netio pflogd
49069 4425 74199 73 3 0x100090 kqread syslogd
74199 363276 1 0 3 0x100082 netio syslogd
81646 159850 1 77 3 0x100090 poll dhclient
91445 79972 1 0 3 0x80 poll dhclient
6563 455529 0 0 3 0x14200 bored smr
51809 249475 0 0 2 0x14200 zerothread
93322 104265 0 0 3 0x14200 aiodoned aiodoned
34948 174324 0 0 3 0x14200 syncer update
17531 277509 0 0 3 0x14200 cleaner cleaner
45318 469533 0 0 3 0x14200 reaper reaper
47797 426046 0 0 3 0x14200 pgdaemon pagedaemon
61905 463027 0 0 3 0x14200 bored crynlk
55909 265192 0 0 3 0x14200 bored crypto
54959 354930 0 0 3 0x40014200 acpi0 acpi0
98613 451878 0 0 3 0x40014200 idle1
2305 111379 0 0 3 0x14200 bored softnet
26592 397436 0 0 3 0x14200 bored systqmp
62923 319442 0 0 3 0x14200 bored systq
33008 471356 0 0 3 0x40014200 bored softclock
8400 36712 0 0 3 0x40014200 idle0
1 44948 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &ifq->ifq_mtx r = 0 (0xffff800000af3aa0)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 ifq_deq_sleep+0x4c sys/net/ifq.c:468
#4 tun_dev_read+0xd6 sys/net/if_tun.c:775
#5 spec_read+0xf1 sys/kern/spec_vnops.c:222
#6 VOP_READ+0xbf sys/kern/vfs_vops.c:247
#7 vn_read+0x124 sys/kern/vfs_vnops.c:375
#8 dofilereadv+0x1a1 sys/kern/sys_generic.c:237
#9 sys_read+0x83 sys/kern/sys_generic.c:157
#10 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#10 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#11 Xsyscall+0x128
Process 8294 (syz-executor.1) thread 0xffff800020e38878 (69237)
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff828c5528)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 vn_read+0x45 sys/kern/vfs_vnops.c:357
#2 dofilereadv+0x1a1 sys/kern/sys_generic.c:237
#3 sys_read+0x83 sys/kern/sys_generic.c:157
#4 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#4 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#5 Xsyscall+0x128
exclusive mutex &ifq->ifq_mtx r = 0 (0xffff800000af3aa0)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 ifq_deq_sleep+0x4c sys/net/ifq.c:468
#4 tun_dev_read+0xd6 sys/net/if_tun.c:775
#5 spec_read+0xf1 sys/kern/spec_vnops.c:222
#6 VOP_READ+0xbf sys/kern/vfs_vops.c:247
#7 vn_read+0x124 sys/kern/vfs_vnops.c:375
#8 dofilereadv+0x1a1 sys/kern/sys_generic.c:237
#9 sys_read+0x83 sys/kern/sys_generic.c:157
#10 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#10 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#11 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9493 6410K 6672K 78643K 10913 0
pcb 13 8K 8K 78643K 67 0
rtable 115 4K 5K 78643K 372 0
ifaddr 60 12K 13K 78643K 105 0
sysctl 2 0K 0K 78643K 4 0
counters 43 33K 34K 78643K 51 0
ioctlops 0 0K 4K 78643K 1490 0
iov 0 0K 16K 78643K 50 0
mount 1 1K 1K 78643K 1 0
vnodes 1219 77K 77K 78643K 1336 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 6 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 89 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1824 197K 290K 78643K 13058 0
file desc 6 17K 25K 78643K 330 0
sigio 0 0K 0K 78643K 6 0
proc 60 63K 95K 78643K 491 0
subproc 32 2K 2K 78643K 51 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 419 0
in_multi 44 2K 3K 78643K 137 0
ether_multi 1 0K 0K 78643K 2 0
mrt 0 0K 0K 78643K 2 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 37 175K 175K 78643K 37 0
exec 0 0K 1K 78643K 228 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 120 39K 39K 78643K 2015 0
UVM aobj 11 2K 2K 78643K 11 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 30 0
NDP 9 0K 0K 78643K 30 0
temp 104 3858K 3922K 78643K 4457 0
kqueue 3 4K 8K 78643K 10 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 10 0 4 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 33 0 31 1 0 1 1 0 8 0
rtentry 112 86 0 39 2 0 2 2 0 8 0
unpcb 120 131 0 121 1 0 1 1 0 8 0
syncache 264 6 0 6 2 2 0 1 0 8 0
tcpqe 32 9 0 9 1 1 0 1 0 8 0
tcpcb 544 319 0 311 1 0 1 1 0 8 0
inpcb 296 723 0 710 2 0 2 2 0 8 1
rttmr 72 1 0 1 1 0 1 1 0 8 1
nd6 48 27 0 19 1 0 1 1 0 8 0
pffrag 232 4 0 4 2 1 1 1 0 482 1
pffrnode 88 4 0 4 2 1 1 1 0 8 1
pffrent 40 94 0 94 2 1 1 1 0 8 1
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 9 0 9 2 1 1 1 0 8 1
pfstitem 24 37 0 6 1 0 1 1 0 8 0
pfstkey 112 37 0 6 1 0 1 1 0 8 0
pfstate 328 37 0 6 3 0 3 3 0 8 0
pfrule 1360 24 0 18 2 0 2 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 322 0 103 15 1 14 14 0 8 0
art_table 32 323 0 103 2 0 2 2 0 8 0
art_node 16 85 0 43 1 0 1 1 0 8 0
sysvmsgpl 40 30 0 18 1 0 1 1 0 8 0
semupl 112 3 0 3 1 1 0 1 0 8 0
semapl 112 86 0 76 1 0 1 1 0 8 0
shmpl 112 8 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1770 0 365 89 1 88 89 0 8 0
ffsino 272 1770 0 365 96 2 94 95 0 8 0
nchpl 144 2390 0 794 60 0 60 60 0 8 0
uvmvnodes 72 1908 0 0 35 0 35 35 0 8 0
vnodes 208 1908 0 0 101 0 101 101 0 8 0
namei 1024 6359 0 6359 2 1 1 1 0 8 1
percpumem 16 36 0 4 1 0 1 1 0 8 0
vcpupl 1984 1 0 0 1 0 1 1 0 8 0
vmpool 560 1 0 0 1 0 1 1 0 8 0
pfiaddrpl 120 3 0 3 2 1 1 1 0 8 1
scxspl 192 7309 0 7309 8 7 1 7 0 8 1
plimitpl 152 38 0 30 1 0 1 1 0 8 0
sigapl 424 542 0 510 4 0 4 4 0 8 0
futexpl 56 4293 0 4293 1 0 1 1 0 8 1
knotepl 112 83 0 64 1 0 1 1 0 8 0
kqueuepl 144 28 0 26 1 0 1 1 0 8 0
pipepl 304 105 0 95 2 1 1 2 0 8 0
fdescpl 496 527 0 510 3 0 3 3 0 8 0
filepl 152 2834 0 2728 6 1 5 5 0 8 0
lockfpl 104 54 0 53 1 0 1 1 0 8 0
lockfspl 48 20 0 19 1 0 1 1 0 8 0
sessionpl 112 19 0 8 1 0 1 1 0 8 0
pgrppl 48 23 0 12 1 0 1 1 0 8 0
ucredpl 96 184 0 175 1 0 1 1 0 8 0
zombiepl 144 510 0 510 2 1 1 1 0 8 1
processpl 992 542 0 510 6 1 5 5 0 8 1
procpl 624 1193 0 1150 4 0 4 4 0 8 0
sockpl 400 887 0 862 6 3 3 4 0 8 0
mcl64k 65536 12 0 0 2 0 2 2 0 8 0
mcl12k 12288 5 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 6 0 0 1 0 1 1 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 192 0 0 23 0 23 23 0 8 0
mtagpl 96 33 0 0 1 0 1 1 0 8 0
mbufpl 256 552 0 0 33 0 33 33 0 8 0
bufpl 280 4001 0 132 277 0 277 277 0 8 0
anonpl 16 79436 0 62442 85 1 84 84 0 124 11
amapchunkpl 152 3069 0 2906 14 7 7 14 0 158 0
amappl16 192 2786 0 1854 67 8 59 59 0 8 12
amappl15 184 9 0 8 2 1 1 1 0 8 0
amappl14 176 171 0 165 1 0 1 1 0 8 0
amappl13 168 74 0 71 1 0 1 1 0 8 0
amappl12 160 49 0 46 1 0 1 1 0 8 0
amappl11 152 209 0 191 1 0 1 1 0 8 0
amappl10 144 21 0 15 1 0 1 1 0 8 0
amappl9 136 478 0 475 1 0 1 1 0 8 0
amappl8 128 466 0 432 2 0 2 2 0 8 0
amappl7 120 125 0 113 1 0 1 1 0 8 0
amappl6 112 175 0 168 1 0 1 1 0 8 0
amappl5 104 238 0 221 1 0 1 1 0 8 0
amappl4 96 697 0 665 1 0 1 1 0 8 0
amappl3 88 152 0 147 1 0 1 1 0 8 0
amappl2 80 3166 0 3091 2 0 2 2 0 8 0
amappl1 72 24864 0 24403 23 13 10 18 0 8 0
amappl 80 1466 0 1418 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 10 0 0 1 0 1 1 0 8 0
uaddrrnd 24 528 0 510 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 528 0 510 1 0 1 1 0 8 0
vmmpekpl 168 7989 0 7955 2 0 2 2 0 8 0
vmmpepl 168 75796 0 73586 131 13 118 128 0 357 21
vmsppl 368 527 0 510 2 0 2 2 0 8 0
pdppl 4096 1063 0 1021 7 1 6 6 0 8 0
pvpl 32 230198 0 209950 202 4 198 198 0 265 30
pmappl 232 527 0 510 3 1 2 2 0 8 1
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 290 0 11 8 0 8 8 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
ml_dequeue(ffff800000b12648) at ml_dequeue+0x28 sys/kern/uipc_mbuf.c:1597
ifq_deq_sleep(ffff800000af3a78,ffff800021f1d788,10,117,ffffffff82427d01,ffff800000af3e7c) at ifq_deq_sleep+0x118 sys/net/ifq.c:475
tun_dev_read(5d01,ffff800021f1da58,10) at tun_dev_read+0xd6 sys/net/if_tun.c:775
spec_read(ffff800021f1d8a0) at spec_read+0xf1 sys/kern/spec_vnops.c:222
VOP_READ(fffffd806eceb0d8,ffff800021f1da58,10,fffffd807f7bf7e0) at VOP_READ+0xbf sys/kern/vfs_vops.c:247
vn_read(fffffd807d2880b8,ffff800021f1da58,0) at vn_read+0x124 sys/kern/vfs_vnops.c:375
dofilereadv(ffff800020e38878,f0,ffff800021f1da58,0,ffff800021f1db40) at dofilereadv+0x1a1 sys/kern/sys_generic.c:237
sys_read(ffff800020e38878,ffff800021f1daf0,ffff800021f1db40) at sys_read+0x83 sys/kern/sys_generic.c:157
syscall(ffff800021f1dbc0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800021f1dbc0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe33d0ca3f90, count: -10
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800020d70ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352
x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
sys_clock_gettime(ffff800020e37eb8,ffff800021ee9140,ffff800021ee9190) at sys_clock_gettime+0x67 sys/kern/kern_time.c:168
syscall(ffff800021ee9210) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800021ee9210) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffde4c0, count: -6