uvm_fault(0xffffffff827a84a8, 0xffffffff8269dba8, 0, 2) -> e kernel: page fault trap, code=0 Stopped at m_copyback+0x119: addq $0x1,0x8(%rcx,%rbx,8) ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic kernel page fault uvm_fault(0xffffffff827a84a8, 0xffffffff8269dba8, 0, 2) -> e m_copyback(ffff800024113160,ac,0,ffff800024113324,2) at m_copyback+0x119 m_get sys/sys/percpu.h:125 [inline] m_copyback(ffff800024113160,ac,0,ffff800024113324,2) at m_copyback+0x119 sys/kern/uipc_mbuf.c:756 end trace frame: 0xffff8000241133e0, count: 0 ddb{0}> trace m_copyback(ffff800024113160,ac,0,ffff800024113324,2) at m_copyback+0x119 m_get sys/sys/percpu.h:125 [inline] m_copyback(ffff800024113160,ac,0,ffff800024113324,2) at m_copyback+0x119 sys/kern/uipc_mbuf.c:756 pflog_mtap(ffff800000044a00,ffff800024113408,fffffd8067ce7300) at pflog_mtap+0x446 sys/net/if_pflog.c:390 pflog_packet(ffff800024113508,0,ffff800000abfff8,0,ffffffff8287f990,0) at pflog_packet+0x3a4 pf_test(2,1,ffff800000b67800,ffff800024113728) at pf_test+0xfc5 sys/net/pf.c:7226 ip_input_if(ffff800024113728,ffff800024113734,4,0,ffff800000b67800) at ip_input_if+0x578 sys/netinet/ip_input.c:331 ipv4_input(ffff800000b67800,fffffd8067ce7300) at ipv4_input+0x48 sys/netinet/ip_input.c:230 tun_dev_write(5d00,ffff800024113a18,ffff8000241e0000,2) at tun_dev_write+0x204 sys/net/if_tun.c:867 spec_write(ffff800024113870) at spec_write+0xd4 sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd806e3ac688,ffff800024113a18,11,fffffd807f7bf420) at VOP_WRITE+0xc6 sys/kern/vfs_vops.c:268 vn_write(fffffd806c786ef0,ffff800024113a18,0) at vn_write+0x14e sys/kern/vfs_vnops.c:414 dofilewritev(ffff800020ec82a8,f0,ffff800024113a18,0,ffff800024113b00) at dofilewritev+0x1ab sys/kern/sys_generic.c:365 sys_write(ffff800020ec82a8,ffff800024113ab0,ffff800024113b00) at sys_write+0x83 sys/kern/sys_generic.c:285 syscall(ffff800024113b80) at syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800024113b80) at syscall+0x4a1 sys/arch/amd64/amd64/trap.c:568 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc0cd37a9760, count: -14 ddb{0}> show registers rdi 0 rsi 0x8c543 acpi_pdirpa+0x783ab rbp 0xffff800024113140 rbx 0xffffffffffff9f3c rdx 0x8c542 acpi_pdirpa+0x783aa rcx 0xffffffff826ce1c0 mbstat_boot_boot_cpumem rax 0 r8 0x2 r9 0xffffffff81bf8cd8 pf_translate_a+0x1a8 r10 0x1 r11 0x563bbf70f577585e r12 0xfffffd8073a76e00 r13 0x8c r14 0x20 r15 0xffff800024113340 rip 0xffffffff813bc589 m_copyback+0x119 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800024113080 ss 0x10 m_copyback+0x119: addq $0x1,0x8(%rcx,%rbx,8) ddb{0}> show proc PROC (syz-executor.0) pid=192419 stat=onproc flags process=0 proc=4000000 pri=82, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020ec8520,0xffffffff828882a8 process=0xffff800020ecd7a8 user=0xffff80002410e000, vmspace=0xfffffd8068c7da28 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 44059 507789 69467 0 2 0 syz-executor.0 *44059 192419 69467 0 7 0x4000000 syz-executor.0 69467 456252 74340 0 3 0x82 nanosleep syz-executor.0 43870 20140 1 0 3 0x100083 ttyin getty 31641 133833 74340 0 3 0x82 nanosleep syz-executor.1 23205 144398 0 0 3 0x14280 nfsidl nfsio 95461 398726 0 0 3 0x14280 nfsidl nfsio 59060 430379 0 0 3 0x14280 nfsidl nfsio 91206 314216 0 0 3 0x14280 nfsidl nfsio 80418 141786 0 0 3 0x14280 nfsidl nfsio 13073 407463 0 0 3 0x14280 nfsidl nfsio 53376 106727 0 0 3 0x14280 nfsidl nfsio 77642 511130 0 0 3 0x14280 nfsidl nfsio 20578 164478 0 0 3 0x14280 nfsidl nfsio 20637 285989 0 0 3 0x14280 nfsidl nfsio 59457 416454 0 0 3 0x14280 nfsidl nfsio 67253 423811 0 0 3 0x14280 nfsidl nfsio 84036 224132 0 0 3 0x14280 nfsidl nfsio 20466 477476 0 0 3 0x14280 nfsidl nfsio 77054 171093 0 0 3 0x14280 nfsidl nfsio 51143 151531 0 0 3 0x14280 nfsidl nfsio 99209 382790 0 0 3 0x14280 nfsidl nfsio 20866 281913 0 0 3 0x14280 nfsidl nfsio 49356 468009 0 0 3 0x14280 nfsidl nfsio 7399 301057 0 0 3 0x14280 nfsidl nfsio 20470 516551 0 0 3 0x14200 bored sosplice 74340 77664 1942 0 3 0x82 kqread syz-fuzzer 74340 43742 1942 0 3 0x4000082 nanosleep syz-fuzzer 74340 336912 1942 0 3 0x4000082 thrsleep syz-fuzzer 74340 488586 1942 0 3 0x4000082 thrsleep syz-fuzzer 74340 192093 1942 0 3 0x4000082 thrsleep syz-fuzzer 74340 121075 1942 0 3 0x4000082 thrsleep syz-fuzzer 74340 24892 1942 0 3 0x4000082 thrsleep syz-fuzzer 74340 25671 1942 0 3 0x4000082 thrsleep syz-fuzzer 1942 55658 22904 0 3 0x10008a pause ksh 22904 14095 53470 0 3 0x92 select sshd 53470 51132 1 0 3 0x80 select sshd 51799 200789 72133 74 3 0x100092 bpf pflogd 72133 25027 1 0 3 0x80 netio pflogd 63090 60756 1340 73 3 0x100090 kqread syslogd 1340 150670 1 0 3 0x100082 netio syslogd 20391 257928 1 77 3 0x100090 poll dhclient 21080 408550 1 0 3 0x80 poll dhclient 1295 212704 0 0 3 0x14200 bored smr 24450 406033 0 0 2 0x14200 zerothread 62990 205850 0 0 3 0x14200 aiodoned aiodoned 25987 122532 0 0 3 0x14200 syncer update 72748 69931 0 0 3 0x14200 cleaner cleaner 96074 439398 0 0 7 0x14200 reaper 64142 388505 0 0 3 0x14200 pgdaemon pagedaemon 42769 295631 0 0 3 0x14200 bored crynlk 76149 101440 0 0 3 0x14200 bored crypto 41162 206429 0 0 3 0x40014200 acpi0 acpi0 20410 207345 0 0 3 0x40014200 idle1 28710 238760 0 0 3 0x14200 bored softnet 4757 270239 0 0 3 0x14200 bored systqmp 92747 296175 0 0 3 0x14200 bored systq 59562 459993 0 0 3 0x40014200 bored softclock 29624 147372 0 0 3 0x40014200 idle0 1 233920 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 44059 (syz-executor.0) thread 0xffff800020ec82a8 (192419) exclusive rwlock netlock r = 0 (0xffffffff8270f870) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164 #1 tun_dev_write+0x1f9 sys/net/if_tun.c:866 #2 spec_write+0xd4 sys/kern/spec_vnops.c:309 #3 VOP_WRITE+0xc6 sys/kern/vfs_vops.c:268 #4 vn_write+0x14e sys/kern/vfs_vnops.c:414 #5 dofilewritev+0x1ab sys/kern/sys_generic.c:365 #6 sys_write+0x83 sys/kern/sys_generic.c:285 #7 syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline] #7 syscall+0x4a1 sys/arch/amd64/amd64/trap.c:568 #8 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 1 (0xffffffff828884d0) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164 #1 vn_write+0x42 sys/kern/vfs_vnops.c:399 #2 dofilewritev+0x1ab sys/kern/sys_generic.c:365 #3 sys_write+0x83 sys/kern/sys_generic.c:285 #4 syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline] #4 syscall+0x4a1 sys/arch/amd64/amd64/trap.c:568 #5 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9588 6591K 7229K 78643K 18965 0 pcb 13 8K 8K 78643K 642 0 rtable 88 3K 5K 78643K 963 0 ifaddr 105 19K 21K 78643K 366 0 sysctl 1 1K 1K 78643K 1 0 counters 43 33K 34K 78643K 133 0 ioctlops 0 0K 4K 78643K 1988 0 iov 0 0K 28K 78643K 338 0 mount 1 1K 1K 78643K 1 0 vnodes 1226 77K 77K 78643K 3831 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 47 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 1009 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1824 197K 290K 78643K 13058 0 file desc 5 13K 25K 78643K 7863 0 sigio 0 0K 0K 78643K 52 0 proc 63 63K 95K 78643K 819 0 subproc 32 2K 2K 78643K 85 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 596 0 in_multi 26 1K 2K 78643K 406 0 ether_multi 1 0K 0K 78643K 141 0 mrt 1 0K 0K 78643K 34 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 67 307K 307K 78643K 67 0 exec 0 0K 2K 78643K 677 0 pfkey data 0 0K 1K 78643K 2 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 240 163K 163K 78643K 19917 0 UVM aobj 131 8K 8K 78643K 131 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 417 0 NDP 20 0K 0K 78643K 80 0 temp 176 3981K 4052K 78643K 86256 0 kqueue 3 4K 16K 78643K 505 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 17 0 10 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 96 203 0 201 1 0 1 1 0 8 0 rtentry 112 139 0 107 2 0 2 2 0 8 0 unpcb 120 2392 0 2374 3 2 1 2 0 8 0 syncache 272 46 0 46 10 10 0 1 0 8 0 tcpqe 32 84 0 84 5 5 0 1 0 8 0 tcpcb 592 1407 0 1398 29 27 2 5 0 8 1 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 3 0 3 1 1 0 1 0 8 0 inpcb 296 4092 0 4082 12 10 2 2 0 8 1 rttmr 72 9 0 9 4 4 0 1 0 8 0 nd6 48 20 0 15 1 0 1 1 0 8 0 pkpcb 40 24 0 24 6 6 0 1 0 8 0 kcovpl 48 5 0 3 1 0 1 1 0 8 0 swfcl 56 1 0 0 1 0 1 1 0 8 0 ppxss 1128 14 0 14 5 5 0 1 0 8 0 pfstscr 40 14 0 14 3 3 0 1 0 8 0 pffrag 232 10 0 10 4 4 0 1 0 482 0 pffrnode 88 10 0 10 4 4 0 1 0 8 0 pffrent 40 122 0 122 4 4 0 1 0 8 0 pfosfp 40 846 0 846 5 5 0 5 0 8 0 pfosfpen 112 1428 0 1428 21 21 0 21 0 8 0 pfrktable 1344 30 0 30 2 2 0 1 0 8 0 pftag 88 6 0 6 2 1 1 1 0 8 1 pfstitem 24 25 0 23 1 0 1 1 0 8 0 pfstkey 112 43 0 41 1 0 1 1 0 8 0 pfstate 328 34 0 32 2 1 1 2 0 8 0 pfrule 1360 71 0 67 2 1 1 2 0 8 0 art_heap8 4096 4 0 3 3 2 1 3 0 8 0 art_heap4 256 972 0 823 17 6 11 13 0 8 0 art_table 32 976 0 826 2 0 2 2 0 8 0 art_node 16 138 0 112 1 0 1 1 0 8 0 sysvmsgpl 40 11 0 11 1 1 0 1 0 8 0 semapl 112 1007 0 997 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 11258 0 9848 89 0 89 89 0 8 0 ffsino 272 11258 0 9848 95 0 95 95 0 8 0 nchpl 144 20921 0 19339 60 0 60 60 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 208 5926 0 0 312 0 312 312 0 8 0 namei 1024 52705 0 52705 6 5 1 1 0 8 1 percpumem 16 77 0 45 1 0 1 1 0 8 0 vcpupl 1984 18 0 0 3 0 3 3 0 8 0 vmpool 560 20 0 2 2 0 2 2 0 8 0 pfiaddrpl 120 7 0 7 1 1 0 1 0 8 0 scsiplug 72 3 0 3 2 2 0 1 0 8 0 scxspl 200 64370 0 64370 23 22 1 7 0 8 1 plimitpl 152 446 0 438 1 0 1 1 0 8 0 sigapl 424 8095 0 8043 7 0 7 7 0 8 1 futexpl 56 66974 0 66974 6 5 1 1 0 8 1 knotepl 112 705 0 685 1 0 1 1 0 8 0 kqueuepl 152 4898 0 4870 4 2 2 2 0 8 0 pipepl 304 494 0 483 11 9 2 2 0 8 0 fdescpl 496 8058 0 8042 3 0 3 3 0 8 0 filepl 152 31406 0 31304 6 1 5 6 0 8 1 lockfpl 104 1262 0 1261 1 0 1 1 0 8 0 lockfspl 48 450 0 449 1 0 1 1 0 8 0 sessionpl 120 24 0 13 1 0 1 1 0 8 0 pgrppl 48 44 0 33 1 0 1 1 0 8 0 ucredpl 96 4740 0 4731 1 0 1 1 0 8 0 zombiepl 144 8043 0 8042 4 3 1 1 0 8 0 processpl 1008 8095 0 8042 7 0 7 7 0 8 0 procpl 632 18497 0 18436 7 1 6 6 0 8 0 srpgc 72 2 0 2 1 1 0 1 0 8 0 sosppl 144 44 0 44 7 7 0 1 0 8 0 sockpl 400 6796 0 6768 15 11 4 5 0 8 0 mcl64k 65536 20 0 0 3 0 3 3 0 8 0 mcl16k 16384 9 0 0 2 0 2 2 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 392 0 0 19 0 19 19 0 8 0 mtagpl 96 492 0 0 12 0 12 12 0 8 0 mbufpl 256 1287 0 0 70 0 70 70 0 8 0 bufpl 280 17360 0 11087 449 0 449 449 0 8 0 anonpl 16 699698 0 688006 138 84 54 71 0 124 5 amapchunkpl 152 36876 0 36678 59 50 9 28 0 158 0 amappl16 192 31298 0 30767 99 69 30 45 0 8 3 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 2883 0 2877 1 0 1 1 0 8 0 amappl13 168 3334 0 3333 1 0 1 1 0 8 0 amappl12 160 43 0 39 2 1 1 1 0 8 0 amappl11 152 69 0 54 1 0 1 1 0 8 0 amappl10 144 24 0 20 1 0 1 1 0 8 0 amappl9 136 2032 0 2026 1 0 1 1 0 8 0 amappl8 128 2100 0 1974 5 0 5 5 0 8 0 amappl7 120 292 0 284 1 0 1 1 0 8 0 amappl6 112 142 0 122 1 0 1 1 0 8 0 amappl5 104 5354 0 5341 1 0 1 1 0 8 0 amappl4 96 6561 0 6528 1 0 1 1 0 8 0 amappl3 88 3088 0 3082 1 0 1 1 0 8 0 amappl2 80 55915 0 55830 3 1 2 3 0 8 0 amappl1 72 219948 0 219465 26 16 10 19 0 8 0 amappl 80 18903 0 18816 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 8078 0 8044 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 8078 0 8044 1 0 1 1 0 8 0 vmmpekpl 168 41222 0 41173 3 0 3 3 0 8 0 vmmpepl 168 990654 0 988677 183 91 92 100 0 357 4 vmsppl 368 8077 0 8043 4 0 4 4 0 8 0 pdppl 4096 16163 0 16104 8 0 8 8 0 8 0 pvpl 32 3019991 0 3009164 320 210 110 143 0 265 19 pmappl 232 8077 0 8043 4 1 3 3 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 354 0 37 10 0 10 10 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace m_copyback(ffff800024113160,ac,0,ffff800024113324,2) at m_copyback+0x119 m_get sys/sys/percpu.h:125 [inline] m_copyback(ffff800024113160,ac,0,ffff800024113324,2) at m_copyback+0x119 sys/kern/uipc_mbuf.c:756 pflog_mtap(ffff800000044a00,ffff800024113408,fffffd8067ce7300) at pflog_mtap+0x446 sys/net/if_pflog.c:390 pflog_packet(ffff800024113508,0,ffff800000abfff8,0,ffffffff8287f990,0) at pflog_packet+0x3a4 pf_test(2,1,ffff800000b67800,ffff800024113728) at pf_test+0xfc5 sys/net/pf.c:7226 ip_input_if(ffff800024113728,ffff800024113734,4,0,ffff800000b67800) at ip_input_if+0x578 sys/netinet/ip_input.c:331 ipv4_input(ffff800000b67800,fffffd8067ce7300) at ipv4_input+0x48 sys/netinet/ip_input.c:230 tun_dev_write(5d00,ffff800024113a18,ffff8000241e0000,2) at tun_dev_write+0x204 sys/net/if_tun.c:867 spec_write(ffff800024113870) at spec_write+0xd4 sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd806e3ac688,ffff800024113a18,11,fffffd807f7bf420) at VOP_WRITE+0xc6 sys/kern/vfs_vops.c:268 vn_write(fffffd806c786ef0,ffff800024113a18,0) at vn_write+0x14e sys/kern/vfs_vnops.c:414 dofilewritev(ffff800020ec82a8,f0,ffff800024113a18,0,ffff800024113b00) at dofilewritev+0x1ab sys/kern/sys_generic.c:365 sys_write(ffff800020ec82a8,ffff800024113ab0,ffff800024113b00) at sys_write+0x83 sys/kern/sys_generic.c:285 syscall(ffff800024113b80) at syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800024113b80) at syscall+0x4a1 sys/arch/amd64/amd64/trap.c:568 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc0cd37a9760, count: -14 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020d80ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff828882c8) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828882c8) at __mp_lock+0x122 sys/kern/kern_lock.c:147 uvm_unmap_detach(ffff800020ddf090,1) at uvm_unmap_detach+0xfc sys/uvm/uvm_map.c:1581 uvm_map_teardown(fffffd8068c7db98) at uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2757 uvmspace_free(fffffd8068c7db98) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3646 uvm_exit(ffff800020ecdb98) at uvm_exit+0x29 sys/uvm/uvm_glue.c:297 reaper(ffff800020d998b0) at reaper+0x189 sys/kern/kern_exit.c:456 end trace frame: 0x0, count: -9