uvm_fault(0xffffffff82851588, 0xfffffd0000000018, 0, 1) -> e kernel: page fault trap, code=0 Stopped at tun_dev_read+0x138: movl 0x18(%rbx),%r12d ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic kernel page fault uvm_fault(0xffffffff82851588, 0xfffffd0000000018, 0, 1) -> e tun_dev_read(5d01,ffff80002257ae88,10) at tun_dev_read+0x138 sys/net/if_tun.c:790 end trace frame: 0xffff80002257acc0, count: 0 ddb{0}> trace tun_dev_read(5d01,ffff80002257ae88,10) at tun_dev_read+0x138 sys/net/if_tun.c:790 spec_read(ffff80002257acd0) at spec_read+0xf1 sys/kern/spec_vnops.c:222 VOP_READ(fffffd806e37b1a8,ffff80002257ae88,10,fffffd807f7bf900) at VOP_READ+0xbf sys/kern/vfs_vops.c:247 vn_read(fffffd806877cef0,ffff80002257ae88,0) at vn_read+0x124 sys/kern/vfs_vnops.c:375 dofilereadv(ffff800021eeb3a8,f0,ffff80002257ae88,0,ffff80002257af70) at dofilereadv+0x1a1 sys/kern/sys_generic.c:237 sys_read(ffff800021eeb3a8,ffff80002257af20,ffff80002257af70) at sys_read+0x83 sys/kern/sys_generic.c:157 syscall(ffff80002257aff0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002257aff0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5bfc5eedc20, count: -8 ddb{0}> show registers rdi 0 rsi 0x3da rbp 0xffff80002257ac10 rbx 0xfffffd0000000000 rdx 0x152 rcx 0xffff800000aeafc0 rax 0xffffffff8227d563 tun_dev_read+0x133 r8 0x7f7fffffc000 r9 0x5 r10 0xb3ceb1d699efdd2c r11 0x8beff37e18efd88b r12 0 r13 0x3da r14 0xffff800000b5de60 r15 0xffff80002257ae88 rip 0xffffffff8227d568 tun_dev_read+0x138 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff80002257abb0 ss 0x10 tun_dev_read+0x138: movl 0x18(%rbx),%r12d ddb{0}> show proc PROC (syz-executor.1) pid=123232 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800021eeb138,0xffffffff828d88c0 process=0xffff800020df03e8 user=0xffff800022576000, vmspace=0xfffffd80643a38b8 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 16875 367732 4898 0 2 0 syz-executor.1 16875 220612 4898 0 2 0x4000000 syz-executor.1 *16875 123232 4898 0 7 0x4000000 syz-executor.1 46147 464208 0 0 3 0x14200 acct acct 4898 211038 78115 0 3 0x82 nanosleep syz-executor.1 19413 292540 78115 0 3 0x82 piperd syz-executor.0 65141 323563 0 0 3 0x14200 bored sosplice 99302 117741 0 0 3 0x14280 nfsidl nfsio 21215 484150 0 0 3 0x14280 nfsidl nfsio 20353 264347 0 0 3 0x14280 nfsidl nfsio 96043 283343 0 0 3 0x14280 nfsidl nfsio 62612 447835 0 0 3 0x14280 nfsidl nfsio 45681 452427 0 0 3 0x14280 nfsidl nfsio 64682 331906 0 0 3 0x14280 nfsidl nfsio 89399 263208 0 0 3 0x14280 nfsidl nfsio 31598 418105 0 0 3 0x14280 nfsidl nfsio 14297 424412 0 0 3 0x14280 nfsidl nfsio 13503 436002 0 0 3 0x14280 nfsidl nfsio 88892 344511 0 0 3 0x14280 nfsidl nfsio 12670 3509 0 0 3 0x14280 nfsidl nfsio 9118 273445 0 0 3 0x14280 nfsidl nfsio 92786 128851 0 0 3 0x14280 nfsidl nfsio 66508 493422 0 0 3 0x14280 nfsidl nfsio 60056 259680 0 0 3 0x14280 nfsidl nfsio 54348 384199 0 0 3 0x14280 nfsidl nfsio 29414 89388 0 0 3 0x14280 nfsidl nfsio 56790 239580 0 0 3 0x14280 nfsidl nfsio 78115 485933 3628 0 3 0x82 thrsleep syz-fuzzer 78115 3250 3628 0 3 0x4000082 nanosleep syz-fuzzer 78115 449338 3628 0 3 0x4000082 thrsleep syz-fuzzer 78115 272348 3628 0 7 0x4000002 syz-fuzzer 78115 194010 3628 0 3 0x4000082 thrsleep syz-fuzzer 78115 186905 3628 0 3 0x4000082 thrsleep syz-fuzzer 78115 173001 3628 0 3 0x4000082 thrsleep syz-fuzzer 78115 418429 3628 0 3 0x4000082 thrsleep syz-fuzzer 78115 413290 3628 0 3 0x4000082 kqread syz-fuzzer 78115 204797 3628 0 3 0x4000082 thrsleep syz-fuzzer 3628 367061 56311 0 3 0x10008a pause ksh 56311 197528 88439 0 3 0x92 select sshd 41390 200838 1 0 3 0x100083 ttyin getty 88439 140652 1 0 3 0x80 select sshd 23161 334247 49743 74 3 0x100092 bpf pflogd 49743 305839 1 0 3 0x80 netio pflogd 69014 320232 2814 73 3 0x100090 kqread syslogd 2814 241853 1 0 3 0x100082 netio syslogd 82493 291587 1 77 3 0x100090 poll dhclient 31193 493543 1 0 3 0x80 poll dhclient 30114 4608 0 0 3 0x14200 bored smr 92612 486024 0 0 2 0x14200 zerothread 56565 418790 0 0 3 0x14200 aiodoned aiodoned 40397 280649 0 0 3 0x14200 syncer update 61576 168291 0 0 3 0x14200 cleaner cleaner 92988 441865 0 0 3 0x14200 reaper reaper 64897 422766 0 0 3 0x14200 pgdaemon pagedaemon 53926 341279 0 0 3 0x14200 bored crynlk 23225 496531 0 0 3 0x14200 bored crypto 85081 161720 0 0 3 0x40014200 acpi0 acpi0 91957 369532 0 0 3 0x40014200 idle1 91444 493431 0 0 3 0x14200 bored softnet 59474 456156 0 0 3 0x14200 bored systqmp 88092 356383 0 0 3 0x14200 bored systq 96343 97555 0 0 3 0x40014200 bored softclock 45675 71728 0 0 3 0x40014200 idle0 1 361501 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 16875 (syz-executor.1) thread 0xffff800021eeb3a8 (123232) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff828c2b40) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 vn_read+0x45 sys/kern/vfs_vnops.c:357 #2 dofilereadv+0x1a1 sys/kern/sys_generic.c:237 #3 sys_read+0x83 sys/kern/sys_generic.c:157 #4 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] #4 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 #5 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9566 6452K 7612K 78643K 17199 0 pcb 13 8K 8K 78643K 1671 0 rtable 124 18K 18K 78643K 902 0 ifaddr 112 21K 21K 78643K 395 0 sysctl 2 0K 0K 78643K 2 0 counters 43 33K 34K 78643K 121 0 ioctlops 0 0K 4K 78643K 1680 0 iov 0 0K 36K 78643K 249 0 mount 1 1K 1K 78643K 1 0 vnodes 1247 78K 79K 78643K 3032 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 25 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 280 0 dirhash 9 1K 2K 78643K 12 0 ACPI 1824 197K 290K 78643K 13058 0 file desc 5 13K 25K 78643K 3658 0 sigio 0 0K 0K 78643K 10 0 proc 62 63K 95K 78643K 719 0 subproc 32 2K 3K 78643K 170 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1820 0 in_multi 105 5K 5K 78643K 3025 0 ether_multi 1 0K 0K 78643K 1196 0 mrt 0 0K 0K 78643K 15 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 67 307K 307K 78643K 67 0 exec 0 0K 1K 78643K 339 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 164 106K 106K 78643K 11265 0 UVM aobj 93 5K 5K 78643K 105 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 1K 78643K 4045 0 NDP 18 0K 0K 78643K 93 0 temp 162 3875K 3943K 78643K 37488 0 kqueue 3 4K 16K 78643K 78 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 13 0 9 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 120 0 118 1 0 1 1 0 8 0 rtentry 112 150 0 114 2 0 2 2 0 8 0 unpcb 120 1172 0 1161 1 0 1 1 0 8 0 syncache 264 15 0 15 7 7 0 1 0 8 0 sackhl 24 3 0 3 3 3 0 1 0 8 0 tcpqe 32 616 0 616 2 2 0 1 0 8 0 tcpcb 544 5053 0 5049 1 0 1 1 0 8 0 inpcb 296 9963 0 9956 10 9 1 2 0 8 0 rttmr 72 7 0 7 4 4 0 1 0 8 0 nd6 48 52 0 49 1 0 1 1 0 8 0 pkpcb 40 9 0 9 3 3 0 1 0 8 0 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 2 0 2 2 2 0 1 0 8 0 pfstscr 40 11 0 11 2 2 0 1 0 8 0 pffrag 232 6 0 5 3 2 1 1 0 482 0 pffrnode 88 6 0 5 3 2 1 1 0 8 0 pffrent 40 184 0 183 3 2 1 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrke_plain 160 7 0 0 1 0 1 1 0 8 0 pfrktable 1344 56 0 45 3 2 1 2 0 8 0 pftag 88 5 0 2 1 0 1 1 0 8 0 pfqueue 264 3 0 2 1 0 1 1 0 8 0 pfstitem 24 1392 0 1356 8 5 3 8 0 8 0 pfstkey 112 1553 0 1518 36 33 3 36 0 8 0 pfstate 328 941 0 922 60 57 3 60 0 8 0 pfsrctr 152 6 0 6 1 1 0 1 0 8 0 pfrule 1360 49 0 28 4 2 2 2 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 730 0 535 19 5 14 16 0 8 0 art_table 32 732 0 535 2 0 2 2 0 8 0 art_node 16 147 0 113 1 0 1 1 0 8 0 sysvmsgpl 40 38 0 23 1 0 1 1 0 8 0 semupl 112 2 0 2 2 2 0 1 0 8 0 semapl 112 274 0 264 1 0 1 1 0 8 0 shmpl 112 103 0 12 3 0 3 3 0 8 0 dirhash 1024 17 0 10 3 1 2 3 0 8 0 dino2pl 256 5534 0 4125 89 0 89 89 0 8 0 ffsino 272 5534 0 4125 96 1 95 95 0 8 0 nchpl 144 12446 0 10855 60 0 60 60 0 8 0 rtmask 32 8 0 4 1 0 1 1 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 208 5926 0 0 312 0 312 312 0 8 0 namei 1024 29308 0 29308 8 7 1 1 0 8 1 percpumem 16 71 0 39 1 0 1 1 0 8 0 vcpupl 1984 11 0 0 2 0 2 2 0 8 0 vmpool 560 15 0 4 1 0 1 1 0 8 0 pfiaddrpl 120 19 0 8 2 1 1 1 0 8 0 scsiplug 64 2 0 2 1 1 0 1 0 8 0 scxspl 192 30620 0 30620 24 22 2 7 0 8 2 plimitpl 152 86 0 78 1 0 1 1 0 8 0 sigapl 424 3871 0 3818 10 4 6 7 0 8 0 futexpl 56 58799 0 58799 8 7 1 1 0 8 1 knotepl 112 250 0 231 1 0 1 1 0 8 0 kqueuepl 144 235 0 230 1 0 1 1 0 8 0 pipelkpl 48 364 0 354 1 0 1 1 0 8 0 pipepl 120 728 0 709 2 1 1 2 0 8 0 fdescpl 496 3834 0 3818 3 0 3 3 0 8 0 filepl 152 24437 0 24337 7 2 5 5 0 8 1 lockfpl 104 321 0 320 1 0 1 1 0 8 0 lockfspl 48 109 0 108 1 0 1 1 0 8 0 sessionpl 112 26 0 15 1 0 1 1 0 8 0 pgrppl 48 42 0 31 1 0 1 1 0 8 0 ucredpl 96 1115 0 1103 1 0 1 1 0 8 0 zombiepl 144 3818 0 3818 3 2 1 1 0 8 1 processpl 984 3871 0 3818 8 1 7 7 0 8 0 procpl 624 10264 0 10200 6 0 6 6 0 8 0 sosppl 128 19 0 19 7 6 1 1 0 8 1 sockpl 400 11266 0 11246 12 9 3 4 0 8 0 mcl64k 65536 15 0 0 2 0 2 2 0 8 0 mcl16k 16384 8 0 0 1 0 1 1 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 4 0 0 1 0 1 1 0 8 0 mcl8k 8192 5 0 0 1 0 1 1 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 201 0 0 23 0 23 23 0 8 0 mtagpl 96 473 0 0 11 0 11 11 0 8 0 mbufpl 256 1192 0 0 68 1 67 67 0 8 0 bufpl 280 8979 0 2744 446 0 446 446 0 8 0 anonpl 16 292883 0 275549 126 41 85 86 0 124 12 amapchunkpl 152 19898 0 19735 34 26 8 21 0 158 0 amappl16 192 16909 0 15943 98 37 61 61 0 8 12 amappl15 184 9 0 7 1 0 1 1 0 8 0 amappl14 176 100 0 94 1 0 1 1 0 8 0 amappl13 168 523 0 519 1 0 1 1 0 8 0 amappl12 160 22 0 17 1 0 1 1 0 8 0 amappl11 152 57 0 42 1 0 1 1 0 8 0 amappl10 144 1537 0 1532 1 0 1 1 0 8 0 amappl9 136 2132 0 2129 1 0 1 1 0 8 0 amappl8 128 2234 0 2181 2 0 2 2 0 8 0 amappl7 120 1636 0 1622 1 0 1 1 0 8 0 amappl6 112 25 0 19 1 0 1 1 0 8 0 amappl5 104 3462 0 3446 1 0 1 1 0 8 0 amappl4 96 783 0 752 1 0 1 1 0 8 0 amappl3 88 485 0 479 1 0 1 1 0 8 0 amappl2 80 29157 0 29085 2 0 2 2 0 8 0 amappl1 72 79674 0 79227 23 13 10 18 0 8 0 amappl 80 10576 0 10524 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 104 0 12 2 0 2 2 0 8 0 uaddrrnd 24 3849 0 3822 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3849 0 3822 1 0 1 1 0 8 0 vmmpekpl 168 28703 0 28657 3 0 3 3 0 8 0 vmmpepl 168 457573 0 455390 202 96 106 129 0 357 7 vmsppl 368 3848 0 3822 4 1 3 3 0 8 0 pdppl 4096 7705 0 7655 11 4 7 7 0 8 0 pvpl 32 850986 0 830408 300 99 201 204 0 265 31 pmappl 232 3848 0 3822 3 1 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 355 0 33 10 0 10 10 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace tun_dev_read(5d01,ffff80002257ae88,10) at tun_dev_read+0x138 sys/net/if_tun.c:790 spec_read(ffff80002257acd0) at spec_read+0xf1 sys/kern/spec_vnops.c:222 VOP_READ(fffffd806e37b1a8,ffff80002257ae88,10,fffffd807f7bf900) at VOP_READ+0xbf sys/kern/vfs_vops.c:247 vn_read(fffffd806877cef0,ffff80002257ae88,0) at vn_read+0x124 sys/kern/vfs_vnops.c:375 dofilereadv(ffff800021eeb3a8,f0,ffff80002257ae88,0,ffff80002257af70) at dofilereadv+0x1a1 sys/kern/sys_generic.c:237 sys_read(ffff800021eeb3a8,ffff80002257af20,ffff80002257af70) at sys_read+0x83 sys/kern/sys_generic.c:157 syscall(ffff80002257aff0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002257aff0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5bfc5eedc20, count: -8 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020d70ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 end of kernel end trace frame: 0xc0034e6548, count: -3