uvm_fault(0xfffffd80533f6780, 0x4, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pfi_address_add+0x1eb: movl 0x4(%rax),%eax ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd80533f6780, 0x4, 0, 1) -> e pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 end trace frame: 0xffff8000207c5ae0, count: 0 ddb> trace pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 pfi_instance_add(ffff800000ac6000,0,c3) at pfi_instance_add+0x5e5 pfi_table_update(ffff800000ae79c0,ffff800000ad6a00,0,c3) at pfi_table_update+0x174 pfi_kif_update(ffff800000ad6a00) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline] pfi_kif_update(ffff800000ad6a00) at pfi_kif_update+0xba sys/net/pf_if.c:442 if_addgroup(ffff800000ac6000,ffff8000207c5cf8) at if_addgroup+0x280 sys/net/if.c:2736 ifioctl(fffffd805e50baf0,80286987,ffff8000207c5ce0,ffff80001d6c29d8) at ifioctl+0x13e7 sys/net/if.c:2148 sys_ioctl(ffff80001d6c29d8,ffff8000207c5df8,ffff8000207c5e40) at sys_ioctl+0x4a1 syscall(ffff8000207c5ec0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x789dae33410, count: -9 ddb> show registers rdi 0xffffffff81c3a8b7 pfi_address_add+0x1e7 rsi 0x17a rbp 0xffff8000207c5a40 rbx 0 rdx 0x17b rcx 0xffff80001d79e000 rax 0 r8 0xffffffff81c3a171 pfi_instance_add+0xf1 r9 0x1 r10 0x2 r11 0xacd985790a3b3eb6 r12 0x34 r13 0x2 r14 0xffff800000654034 r15 0 rip 0xffffffff81c3a8bb pfi_address_add+0x1eb cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000207c59d0 ss 0x10 pfi_address_add+0x1eb: movl 0x4(%rax),%eax ddb> show proc PROC (syz-executor.1) pid=133635 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=79, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6c2768,0xffffffff82837f10 process=0xffff80001d706758 user=0xffff8000207c0000, vmspace=0xfffffd80533f6780 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 49104 276876 13762 0 2 0 syz-executor.1 *49104 133635 13762 0 7 0x4000000 syz-executor.1 29048 313386 0 0 3 0x14200 acct acct 26033 492582 1 0 3 0x100083 ttyin getty 10920 476782 0 0 3 0x14200 bored sosplice 31323 445568 38618 0 3 0x82 piperd syz-executor.0 13762 84892 38618 0 3 0x82 nanosleep syz-executor.1 38618 276534 98317 0 3 0x82 thrsleep syz-fuzzer 38618 242376 98317 0 3 0x4000082 nanosleep syz-fuzzer 38618 131947 98317 0 3 0x4000082 thrsleep syz-fuzzer 38618 214956 98317 0 3 0x4000082 thrsleep syz-fuzzer 38618 110043 98317 0 3 0x4000082 thrsleep syz-fuzzer 38618 502507 98317 0 2 0x4000002 syz-fuzzer 38618 520810 98317 0 3 0x4000082 thrsleep syz-fuzzer 38618 362531 98317 0 3 0x4000082 thrsleep syz-fuzzer 98317 118246 7306 0 3 0x10008a pause ksh 7306 322623 99520 0 3 0x92 select sshd 99520 279551 1 0 3 0x80 select sshd 27664 274554 45319 73 3 0x100090 kqread syslogd 45319 100514 1 0 3 0x100082 netio syslogd 65985 139593 1 77 3 0x100090 poll dhclient 45574 8201 1 0 3 0x80 poll dhclient 57591 472857 0 0 3 0x14200 bored smr 92138 128060 0 0 2 0x14200 zerothread 91968 399764 0 0 3 0x14200 aiodoned aiodoned 21601 50211 0 0 3 0x14200 syncer update 16414 158710 0 0 3 0x14200 cleaner cleaner 79610 30467 0 0 3 0x14200 reaper reaper 99339 55888 0 0 3 0x14200 pgdaemon pagedaemon 21378 383195 0 0 3 0x14200 bored crynlk 21963 27819 0 0 3 0x14200 bored crypto 83513 212016 0 0 3 0x40014200 acpi0 acpi0 37217 396252 0 0 3 0x14200 bored softnet 5813 309868 0 0 3 0x14200 bored systqmp 19934 11311 0 0 3 0x14200 bored systq 13887 197521 0 0 3 0x40014200 bored softclock 73082 179536 0 0 3 0x40014200 idle0 1 302813 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9499 6343K 6911K 78643K 11471 0 pcb 14 8K 8K 78643K 106 0 rtable 128 10K 11K 78643K 489 0 ifaddr 74 15K 15K 78643K 162 0 sysctl 2 0K 0K 78643K 2 0 counters 21 16K 16K 78643K 29 0 ioctlops 0 0K 4K 78643K 103 0 iov 0 0K 12K 78643K 38 0 mount 1 1K 1K 78643K 1 0 vnodes 1225 77K 77K 78643K 1477 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 5 0 VM map 2 0K 0K 78643K 2 0 sem 12 1K 2K 78643K 21 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 511 0 sigio 0 0K 0K 78643K 6 0 proc 50 38K 63K 78643K 429 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 26 0 in_multi 36 2K 2K 78643K 147 0 ether_multi 1 0K 0K 78643K 12 0 mrt 1 0K 0K 78643K 8 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 61 281K 281K 78643K 61 0 exec 0 0K 1K 78643K 227 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 130 39K 55K 78643K 2066 0 UVM aobj 20 2K 2K 78643K 21 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 66 0 NDP 11 0K 0K 78643K 37 0 temp 104 3866K 3930K 78643K 13082 0 kqueue 3 4K 16K 78643K 32 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 80 43 0 41 1 0 1 1 0 8 0 rtentry 112 88 0 50 2 0 2 2 0 8 0 unpcb 120 1083 0 1075 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 137 0 137 1 1 0 1 0 8 0 tcpcb 544 211 0 207 1 0 1 1 0 8 0 ipq 40 7 0 7 2 2 0 1 0 8 0 ipqe 40 147 0 147 2 2 0 1 0 8 0 inpcb 296 844 0 835 3 1 2 2 0 8 1 rttmr 72 2 0 2 2 2 0 1 0 8 0 ip6q 72 1 0 1 1 1 0 1 0 8 0 ip6af 40 3 0 3 1 1 0 1 0 8 0 nd6 48 25 0 23 1 0 1 1 0 8 0 ppxss 1136 1 0 1 1 1 0 1 0 8 0 pfstscr 40 4 0 2 1 0 1 1 0 8 0 pfrktable 1344 62 0 49 2 0 2 2 0 8 0 pftag 88 11 0 8 1 0 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 112 4 0 2 1 0 1 1 0 8 0 pfstate 328 2 0 1 1 0 1 1 0 8 0 pfrule 1360 34 0 20 2 0 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 368 0 212 13 0 13 13 0 8 1 art_table 32 369 0 212 2 0 2 2 0 8 0 art_node 16 85 0 49 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 11 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 10 0 0 1 0 1 1 0 8 0 shmpl 112 18 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2054 0 655 88 0 88 88 0 8 0 ffsino 240 2054 0 655 83 0 83 83 0 8 0 nchpl 144 2961 0 1371 60 0 60 60 0 8 0 uvmvnodes 72 2294 0 0 42 0 42 42 0 8 0 vnodes 208 2294 0 0 121 0 121 121 0 8 0 namei 1024 7960 0 7960 1 0 1 1 0 8 1 vcpupl 1984 4 0 0 1 0 1 1 0 8 0 vmpool 528 8 0 4 1 0 1 1 0 8 0 pfiaddrpl 120 26 0 16 1 0 1 1 0 8 0 scxspl 192 8631 0 8631 1 0 1 1 0 8 1 plimitpl 152 39 0 32 1 0 1 1 0 8 0 sigapl 424 700 0 670 4 0 4 4 0 8 0 futexpl 56 10962 0 10962 1 0 1 1 0 8 1 knotepl 112 102 0 83 1 0 1 1 0 8 0 kqueuepl 144 72 0 69 1 0 1 1 0 8 0 pipepl 272 149 0 139 3 2 1 2 0 8 0 fdescpl 432 684 0 670 2 0 2 2 0 8 0 filepl 120 4746 0 4649 5 1 4 5 0 8 1 lockfpl 104 88 0 87 1 0 1 1 0 8 0 lockfspl 48 30 0 29 1 0 1 1 0 8 0 sessionpl 112 18 0 8 1 0 1 1 0 8 0 pgrppl 48 18 0 8 1 0 1 1 0 8 0 ucredpl 96 367 0 360 1 0 1 1 0 8 0 zombiepl 144 670 0 670 1 0 1 1 0 8 1 processpl 928 700 0 670 4 0 4 4 0 8 0 procpl 624 1298 0 1260 4 0 4 4 0 8 0 sosppl 128 6 0 6 2 2 0 1 0 8 0 sockpl 400 1971 0 1952 4 1 3 4 0 8 1 mcl64k 65536 16 0 16 2 1 1 1 0 8 1 mcl16k 16384 3 0 3 1 1 0 1 0 8 0 mcl12k 12288 7 0 7 2 2 0 1 0 8 0 mcl9k 9216 11 0 11 2 2 0 1 0 8 0 mcl8k 8192 23 0 23 2 1 1 1 0 8 1 mcl4k 4096 45 0 45 2 2 0 1 0 8 0 mcl2k2 2112 4 0 4 3 3 0 1 0 8 0 mcl2k 2048 93651 0 93595 21 12 9 15 0 8 0 mtagpl 96 107 0 2 4 1 3 3 0 8 0 mbufpl 256 152716 0 152270 46 14 32 32 0 8 0 bufpl 280 4205 0 128 292 0 292 292 0 8 0 anonpl 16 92635 0 75239 93 16 77 86 0 107 0 amapchunkpl 152 3003 0 2851 8 1 7 7 0 158 0 amappl16 192 3753 0 2699 70 17 53 65 0 8 0 amappl15 184 11 0 8 1 0 1 1 0 8 0 amappl14 176 37 0 30 1 0 1 1 0 8 0 amappl13 168 28 0 25 1 0 1 1 0 8 0 amappl12 160 9 0 9 2 2 0 1 0 8 0 amappl11 152 48 0 39 1 0 1 1 0 8 0 amappl10 144 19 0 12 1 0 1 1 0 8 0 amappl9 136 860 0 856 1 0 1 1 0 8 0 amappl8 128 812 0 769 2 0 2 2 0 8 0 amappl7 120 106 0 95 1 0 1 1 0 8 0 amappl6 112 23 0 17 1 0 1 1 0 8 0 amappl5 104 615 0 603 1 0 1 1 0 8 0 amappl4 96 426 0 400 1 0 1 1 0 8 0 amappl3 88 124 0 118 1 0 1 1 0 8 0 amappl2 80 4659 0 4592 2 0 2 2 0 8 0 amappl1 72 24543 0 24118 22 13 9 17 0 8 0 amappl 80 1575 0 1533 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 20 0 1 1 0 1 1 0 8 0 uaddrrnd 24 692 0 674 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 692 0 674 1 0 1 1 0 8 0 vmmpekpl 168 7721 0 7694 2 0 2 2 0 8 0 vmmpepl 168 89676 0 87467 125 27 98 112 0 357 0 vmsppl 272 691 0 674 3 1 2 2 0 8 0 pdppl 4096 1390 0 1352 7 2 5 6 0 8 0 pvpl 32 246852 0 227215 200 26 174 194 0 265 0 pmappl 200 691 0 674 2 1 1 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 289 0 39 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 pfi_instance_add(ffff800000ac6000,0,c3) at pfi_instance_add+0x5e5 pfi_table_update(ffff800000ae79c0,ffff800000ad6a00,0,c3) at pfi_table_update+0x174 pfi_kif_update(ffff800000ad6a00) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline] pfi_kif_update(ffff800000ad6a00) at pfi_kif_update+0xba sys/net/pf_if.c:442 if_addgroup(ffff800000ac6000,ffff8000207c5cf8) at if_addgroup+0x280 sys/net/if.c:2736 ifioctl(fffffd805e50baf0,80286987,ffff8000207c5ce0,ffff80001d6c29d8) at ifioctl+0x13e7 sys/net/if.c:2148 sys_ioctl(ffff80001d6c29d8,ffff8000207c5df8,ffff8000207c5e40) at sys_ioctl+0x4a1 syscall(ffff8000207c5ec0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x789dae33410, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 pfi_instance_add(ffff800000ac6000,0,c3) at pfi_instance_add+0x5e5 pfi_table_update(ffff800000ae79c0,ffff800000ad6a00,0,c3) at pfi_table_update+0x174 pfi_kif_update(ffff800000ad6a00) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline] pfi_kif_update(ffff800000ad6a00) at pfi_kif_update+0xba sys/net/pf_if.c:442 if_addgroup(ffff800000ac6000,ffff8000207c5cf8) at if_addgroup+0x280 sys/net/if.c:2736 ifioctl(fffffd805e50baf0,80286987,ffff8000207c5ce0,ffff80001d6c29d8) at ifioctl+0x13e7 sys/net/if.c:2148 sys_ioctl(ffff80001d6c29d8,ffff8000207c5df8,ffff8000207c5e40) at sys_ioctl+0x4a1 syscall(ffff8000207c5ec0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x789dae33410, count: -9