uvm_fault(0xfffffd8057495338, 0x4, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pfi_address_add+0x1eb: movl 0x4(%rax),%eax ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd8057495338, 0x4, 0, 1) -> e pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 end trace frame: 0xffff80001d778e20, count: 0 ddb> trace pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 pfi_instance_add(ffff800000ac6800,0,c3) at pfi_instance_add+0x5e5 pfi_table_update(ffff800000b0f480,ffff800000b09a00,0,c3) at pfi_table_update+0x174 pfi_kif_update(ffff800000b09a00) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline] pfi_kif_update(ffff800000b09a00) at pfi_kif_update+0xba sys/net/pf_if.c:442 if_addgroup(ffff800000ac6800,ffff80001d779038) at if_addgroup+0x280 sys/net/if.c:2739 ifioctl(fffffd8065147960,80286987,ffff80001d779020,ffff80001d7a29e0) at ifioctl+0x13e7 sys/net/if.c:2151 sys_ioctl(ffff80001d7a29e0,ffff80001d779138,ffff80001d779180) at sys_ioctl+0x4a1 syscall(ffff80001d779200) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x41b299729d0, count: -9 ddb> show registers rdi 0xffffffff81b39ef7 pfi_address_add+0x1e7 rsi 0x15f rbp 0xffff80001d778d80 rbx 0 rdx 0x160 rcx 0xffff80001f9aa000 rax 0 r8 0xffffffff81b397b1 pfi_instance_add+0xf1 r9 0x1 r10 0x2 r11 0x7a433c91f06964fb r12 0x34 r13 0x2 r14 0xffff800000654034 r15 0 rip 0xffffffff81b39efb pfi_address_add+0x1eb cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80001d778d10 ss 0x10 pfi_address_add+0x1eb: movl 0x4(%rax),%eax ddb> show proc PROC (syz-executor.1) pid=491190 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff80001d7a33a0,0xffffffff82853eb0 process=0xffff80001d6c5970 user=0xffff80001d774000, vmspace=0xfffffd8057495338 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 93174 5225 15920 0 2 0 syz-executor.1 *93174 491190 15920 0 7 0x4000000 syz-executor.1 50903 63027 1 0 3 0x100083 ttyin getty 93732 28245 5682 0 2 0x2 syz-executor.0 82756 95887 0 0 3 0x14200 bored sosplice 15920 216888 5682 0 3 0x82 nanosleep syz-executor.1 5682 185186 99043 0 3 0x82 kqread syz-fuzzer 5682 65649 99043 0 3 0x4000082 nanosleep syz-fuzzer 5682 408204 99043 0 3 0x4000082 thrsleep syz-fuzzer 5682 208208 99043 0 3 0x4000082 thrsleep syz-fuzzer 5682 221018 99043 0 3 0x4000082 thrsleep syz-fuzzer 5682 413264 99043 0 3 0x4000082 thrsleep syz-fuzzer 5682 116500 99043 0 3 0x4000082 thrsleep syz-fuzzer 5682 348086 99043 0 3 0x4000082 thrsleep syz-fuzzer 99043 109493 27528 0 3 0x10008a pause ksh 27528 297053 24741 0 3 0x92 select sshd 24741 446029 1 0 3 0x80 select sshd 98832 200661 42413 73 3 0x100090 kqread syslogd 42413 146401 1 0 3 0x100082 netio syslogd 60790 322944 1 77 3 0x100090 poll dhclient 56823 253660 1 0 3 0x80 poll dhclient 60346 102816 0 0 3 0x14200 bored smr 14432 519464 0 0 2 0x14200 zerothread 44223 414264 0 0 3 0x14200 aiodoned aiodoned 96017 224596 0 0 3 0x14200 syncer update 62182 146338 0 0 3 0x14200 cleaner cleaner 37896 194222 0 0 3 0x14200 reaper reaper 51661 422454 0 0 3 0x14200 pgdaemon pagedaemon 96827 404010 0 0 3 0x14200 bored crynlk 68940 60412 0 0 3 0x14200 bored crypto 42647 188942 0 0 3 0x40014200 acpi0 acpi0 86165 403687 0 0 3 0x14200 bored softnet 56378 300650 0 0 3 0x14200 bored systqmp 74987 495287 0 0 3 0x14200 bored systq 30840 492462 0 0 3 0x40014200 bored softclock 704 221276 0 0 3 0x40014200 idle0 1 108458 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9513 6359K 6739K 78643K 11580 0 pcb 14 8K 8K 78643K 120 0 rtable 106 8K 8K 78643K 502 0 ifaddr 90 18K 19K 78643K 215 0 sysctl 2 0K 0K 78643K 2 0 counters 21 16K 17K 78643K 41 0 ioctlops 0 0K 4K 78643K 552 0 iov 0 0K 16K 78643K 419 0 mount 1 1K 1K 78643K 1 0 vnodes 1217 77K 77K 78643K 1557 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 16 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 1K 78643K 158 0 dirhash 6 1K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 755 0 sigio 0 0K 0K 78643K 2 0 proc 53 39K 63K 78643K 459 0 subproc 32 2K 2K 78643K 53 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 53 0 in_multi 63 3K 3K 78643K 148 0 ether_multi 1 0K 0K 78643K 9 0 mrt 0 0K 0K 78643K 8 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 61 281K 281K 78643K 61 0 exec 0 0K 1K 78643K 279 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 139 88K 104K 78643K 2727 0 UVM aobj 51 2K 2K 78643K 55 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 75 0 NDP 13 0K 0K 78643K 46 0 temp 138 3862K 3926K 78643K 20736 0 kqueue 3 4K 10K 78643K 44 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 11 0 4 1 0 1 1 0 8 0 rtpcb 80 39 0 37 1 0 1 1 0 8 0 rtentry 112 87 0 56 2 0 2 2 0 8 0 unpcb 120 469 0 461 1 0 1 1 0 8 0 syncache 264 12 0 12 3 3 0 1 0 8 0 tcpqe 32 888 0 888 2 2 0 1 0 8 0 tcpcb 544 193 0 189 1 0 1 1 0 8 0 ipq 40 4 0 4 2 1 1 1 0 8 1 ipqe 40 51 0 51 2 1 1 1 0 8 1 inpcb 296 612 0 602 7 5 2 2 0 8 1 rttmr 72 4 0 4 1 1 0 1 0 8 0 nd6 48 17 0 14 1 0 1 1 0 8 0 ppxss 1136 4 0 4 2 2 0 1 0 8 0 pfstscr 40 1 0 1 1 1 0 1 0 8 0 pfrktable 1344 14 0 5 1 0 1 1 0 8 0 pftag 88 3 0 0 1 0 1 1 0 8 0 pfstkey 112 2 0 2 1 1 0 1 0 8 0 pfstate 328 1 0 1 1 1 0 1 0 8 0 pfrule 1360 12 0 4 1 0 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 414 0 227 18 6 12 13 0 8 0 art_table 32 416 0 227 2 0 2 2 0 8 0 art_node 16 83 0 58 1 0 1 1 0 8 0 sysvmsgpl 40 34 0 16 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 152 0 142 1 0 1 1 0 8 0 shmpl 112 52 0 4 2 0 2 2 0 8 0 dirhash 1024 17 0 13 3 1 2 3 0 8 0 dino2pl 256 2425 0 1030 88 0 88 88 0 8 0 ffsino 240 2425 0 1030 83 0 83 83 0 8 0 nchpl 144 3774 0 2194 60 0 60 60 0 8 0 uvmvnodes 72 2712 0 0 50 0 50 50 0 8 0 vnodes 208 2712 0 0 143 0 143 143 0 8 0 namei 1024 10498 0 10497 3 2 1 1 0 8 0 vcpupl 1984 10 0 1 2 0 2 2 0 8 0 vmpool 528 12 0 3 1 0 1 1 0 8 0 pfiaddrpl 120 6 0 0 1 0 1 1 0 8 0 scxspl 192 10762 0 10762 1 0 1 1 0 8 1 plimitpl 152 81 0 74 1 0 1 1 0 8 0 sigapl 424 960 0 931 6 1 5 6 0 8 0 futexpl 56 14797 0 14797 3 2 1 1 0 8 1 knotepl 112 115 0 96 1 0 1 1 0 8 0 kqueuepl 144 112 0 110 1 0 1 1 0 8 0 pipepl 272 484 0 474 6 4 2 2 0 8 1 fdescpl 432 925 0 911 2 0 2 2 0 8 0 filepl 120 6163 0 6063 5 1 4 5 0 8 0 lockfpl 104 450 0 449 1 0 1 1 0 8 0 lockfspl 48 123 0 122 1 0 1 1 0 8 0 sessionpl 112 19 0 9 1 0 1 1 0 8 0 pgrppl 48 23 0 13 1 0 1 1 0 8 0 ucredpl 96 557 0 550 1 0 1 1 0 8 0 zombiepl 144 931 0 931 2 1 1 1 0 8 1 processpl 928 960 0 931 7 2 5 7 0 8 0 procpl 624 1961 0 1924 6 1 5 6 0 8 0 sosppl 128 2 0 2 1 1 0 1 0 8 0 sockpl 400 1122 0 1102 7 4 3 4 0 8 1 mcl64k 65536 1020 0 1020 71 70 1 33 0 8 1 mcl16k 16384 7 0 7 4 3 1 1 0 8 1 mcl12k 12288 13 0 13 5 4 1 1 0 8 1 mcl9k 9216 15 0 15 6 5 1 1 0 8 1 mcl8k 8192 24 0 24 6 5 1 1 0 8 1 mcl4k 4096 67 0 67 4 3 1 1 0 8 1 mcl2k2 2112 4 0 4 3 3 0 1 0 8 0 mcl2k 2048 94866 0 94802 27 17 10 19 0 8 0 mtagpl 96 74 0 18 3 1 2 2 0 8 0 mbufpl 256 156751 0 156489 73 55 18 39 0 8 0 bufpl 280 4726 0 134 328 0 328 328 0 8 0 anonpl 16 132007 0 114334 99 16 83 87 0 107 0 amapchunkpl 152 4354 0 4206 20 13 7 13 0 158 0 amappl16 192 5421 0 4346 94 39 55 66 0 8 0 amappl15 184 2 0 0 1 0 1 1 0 8 0 amappl14 176 104 0 101 1 0 1 1 0 8 0 amappl13 168 661 0 655 1 0 1 1 0 8 0 amappl12 160 357 0 353 2 1 1 1 0 8 0 amappl11 152 49 0 40 1 0 1 1 0 8 0 amappl10 144 25 0 15 1 0 1 1 0 8 0 amappl9 136 312 0 311 1 0 1 1 0 8 0 amappl8 128 360 0 313 2 0 2 2 0 8 0 amappl7 120 114 0 100 1 0 1 1 0 8 0 amappl6 112 19 0 17 2 1 1 1 0 8 0 amappl5 104 1007 0 994 1 0 1 1 0 8 0 amappl4 96 723 0 695 1 0 1 1 0 8 0 amappl3 88 200 0 195 1 0 1 1 0 8 0 amappl2 80 6878 0 6812 2 0 2 2 0 8 0 amappl1 72 30705 0 30288 24 15 9 17 0 8 0 amappl 80 2189 0 2140 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 54 0 4 1 0 1 1 0 8 0 uaddrrnd 24 937 0 914 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 937 0 914 1 0 1 1 0 8 0 vmmpekpl 168 11257 0 11220 2 0 2 2 0 8 0 vmmpepl 168 121084 0 118884 157 54 103 124 0 357 5 vmsppl 272 936 0 914 2 0 2 2 0 8 0 pdppl 4096 1880 0 1837 7 1 6 6 0 8 0 pvpl 32 328465 0 308283 234 51 183 202 0 265 0 pmappl 200 936 0 914 2 0 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 414 0 174 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 pfi_instance_add(ffff800000ac6800,0,c3) at pfi_instance_add+0x5e5 pfi_table_update(ffff800000b0f480,ffff800000b09a00,0,c3) at pfi_table_update+0x174 pfi_kif_update(ffff800000b09a00) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline] pfi_kif_update(ffff800000b09a00) at pfi_kif_update+0xba sys/net/pf_if.c:442 if_addgroup(ffff800000ac6800,ffff80001d779038) at if_addgroup+0x280 sys/net/if.c:2739 ifioctl(fffffd8065147960,80286987,ffff80001d779020,ffff80001d7a29e0) at ifioctl+0x13e7 sys/net/if.c:2151 sys_ioctl(ffff80001d7a29e0,ffff80001d779138,ffff80001d779180) at sys_ioctl+0x4a1 syscall(ffff80001d779200) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x41b299729d0, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 pfi_instance_add(ffff800000ac6800,0,c3) at pfi_instance_add+0x5e5 pfi_table_update(ffff800000b0f480,ffff800000b09a00,0,c3) at pfi_table_update+0x174 pfi_kif_update(ffff800000b09a00) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline] pfi_kif_update(ffff800000b09a00) at pfi_kif_update+0xba sys/net/pf_if.c:442 if_addgroup(ffff800000ac6800,ffff80001d779038) at if_addgroup+0x280 sys/net/if.c:2739 ifioctl(fffffd8065147960,80286987,ffff80001d779020,ffff80001d7a29e0) at ifioctl+0x13e7 sys/net/if.c:2151 sys_ioctl(ffff80001d7a29e0,ffff80001d779138,ffff80001d779180) at sys_ioctl+0x4a1 syscall(ffff80001d779200) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x41b299729d0, count: -9