uvm_fault(0xffffffff825d8fc8, 0xfffffd0000000018, 0, 1) -> e kernel: page fault trap, code=0 Stopped at tun_dev_read+0x2ab: movl 0x18(%r14),%r15d ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic kernel page fault uvm_fault(0xffffffff825d8fc8, 0xfffffd0000000018, 0, 1) -> e tun_dev_read(ffff800000a97000,ffff800023b95858,10) at tun_dev_read+0x2ab sys/net/if_tun.c:826 end trace frame: 0xffff800023b95690, count: 0 ddb{0}> trace tun_dev_read(ffff800000a97000,ffff800023b95858,10) at tun_dev_read+0x2ab sys/net/if_tun.c:826 spec_read(ffff800023b956a0) at spec_read+0xf1 sys/kern/spec_vnops.c:222 VOP_READ(fffffd807afc7758,ffff800023b95858,10,fffffd807f7bea20) at VOP_READ+0xbf sys/kern/vfs_vops.c:248 vn_read(fffffd8065c35ef0,ffff800023b95858,0) at vn_read+0x124 sys/kern/vfs_vnops.c:375 dofilereadv(ffff800020ac89f8,f0,ffff800023b95858,0,ffff800023b95940) at dofilereadv+0x1a2 sys/kern/sys_generic.c:236 sys_read(ffff800020ac89f8,ffff800023b958f0,ffff800023b95940) at sys_read+0x83 sys/kern/sys_generic.c:156 syscall(ffff800023b959c0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] syscall(ffff800023b959c0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x51bcb10fec0, count: -8 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff800023b955e0 rbx 0x3da rdx 0x43b rcx 0xffff800000a15fc0 rax 0xffffffff81aadb91 tun_dev_read+0x2a1 r8 0x7f7fffffc000 r9 0x5 r10 0xdadcbd20e86ea1e3 r11 0x4b74d22f75e7e7da r12 0xffff800023b95858 r13 0x10 r14 0xfffffd0000000000 r15 0 rip 0xffffffff81aadb9b tun_dev_read+0x2ab cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff800023b95570 ss 0x10 tun_dev_read+0x2ab: movl 0x18(%r14),%r15d ddb{0}> show proc PROC (syz-executor.1) pid=236723 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020ad8500,0xffffffff8264d160 process=0xffff800020af58d0 user=0xffff800023b90000, vmspace=0xfffffd807efff170 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 95740 65958 18366 0 2 0 syz-executor.1 *95740 236723 18366 0 7 0x4000000 syz-executor.1 67130 114522 67561 0 7 0x482 syz-executor.0 63176 66968 1 0 3 0x100083 ttyin getty 18366 375102 67561 0 3 0x82 nanosleep syz-executor.1 94133 75535 0 0 3 0x14200 bored sosplice 67561 24561 12224 0 3 0x82 kqread syz-fuzzer 67561 126206 12224 0 3 0x4000082 thrsleep syz-fuzzer 67561 225679 12224 0 3 0x4000082 thrsleep syz-fuzzer 67561 455179 12224 0 3 0x4000082 thrsleep syz-fuzzer 67561 436201 12224 0 3 0x4000082 thrsleep syz-fuzzer 67561 308448 12224 0 3 0x4000082 thrsleep syz-fuzzer 67561 447836 12224 0 3 0x4000082 thrsleep syz-fuzzer 67561 229824 12224 0 3 0x4000082 thrsleep syz-fuzzer 67561 358686 12224 0 3 0x4000082 thrsleep syz-fuzzer 67561 140609 12224 0 3 0x4000082 thrsleep syz-fuzzer 67561 100616 12224 0 3 0x4000082 thrsleep syz-fuzzer 12224 155417 36738 0 3 0x10008a pause ksh 36738 449348 33842 0 3 0x92 select sshd 33842 489464 1 0 3 0x80 select sshd 51725 242155 4975 74 3 0x100092 bpf pflogd 4975 39369 1 0 3 0x80 netio pflogd 72882 159742 8321 73 3 0x100090 kqread syslogd 8321 115482 1 0 3 0x100082 netio syslogd 28695 235740 1 77 3 0x100090 poll dhclient 85425 437367 1 0 3 0x80 poll dhclient 23050 131489 0 0 3 0x14200 pgzero zerothread 86168 70877 0 0 3 0x14200 aiodoned aiodoned 91283 452712 0 0 3 0x14200 syncer update 2214 472641 0 0 3 0x14200 cleaner cleaner 13050 319142 0 0 3 0x14200 reaper reaper 32717 134134 0 0 3 0x14200 pgdaemon pagedaemon 86169 501270 0 0 3 0x14200 bored crynlk 71820 112891 0 0 3 0x14200 bored crypto 18384 112883 0 0 3 0x40014200 acpi0 acpi0 19515 433032 0 0 3 0x40014200 idle1 98287 426563 0 0 3 0x14200 bored softnet 42611 303499 0 0 3 0x14200 bored systqmp 95692 276996 0 0 3 0x14200 bored systq 48127 494810 0 0 3 0x40014200 bored softclock 91901 349219 0 0 3 0x40014200 idle0 61162 84497 0 0 3 0x14200 bored smr 1 519856 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 95740 (syz-executor.1) thread 0xffff800020ac89f8 (236723) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff8261bc48) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 vn_read+0x45 sys/kern/vfs_vnops.c:357 #2 dofilereadv+0x1a2 sys/kern/sys_generic.c:236 #3 sys_read+0x83 sys/kern/sys_generic.c:156 #4 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] #4 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 #5 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9533 6424K 6922K 78643K 11627 0 pcb 13 10K 12K 78643K 295 0 rtable 116 5K 6K 78643K 536 0 ifaddr 88 16K 17K 78643K 253 0 counters 39 33K 33K 78643K 39 0 ioctlops 0 0K 4K 78643K 1495 0 iov 0 0K 32K 78643K 94 0 mount 1 1K 1K 78643K 1 0 vnodes 1214 76K 77K 78643K 1594 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 7 0 VM map 2 1K 1K 78643K 2 0 sem 12 1K 1K 78643K 19 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 196K 290K 78643K 12766 0 file desc 5 13K 25K 78643K 476 0 sigio 0 0K 0K 78643K 21 0 proc 60 63K 83K 78643K 622 0 subproc 32 2K 2K 78643K 68 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 33 0 in_multi 76 4K 4K 78643K 134 0 ether_multi 1 0K 0K 78643K 4 0 mrt 0 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 1K 78643K 289 0 pfkey data 0 0K 0K 78643K 2 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 131 55K 56K 78643K 2599 0 UVM aobj 115 3K 3K 78643K 117 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 1K 78643K 234 0 NDP 15 0K 0K 78643K 55 0 temp 147 3027K 3095K 78643K 32536 0 kqueue 0 0K 0K 78643K 8 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 12 0 4 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 62 0 60 1 0 1 1 0 8 0 rtentry 112 80 0 35 2 0 2 2 0 8 0 unpcb 120 268 0 257 1 0 1 1 0 8 0 syncache 264 6 0 6 2 1 1 1 0 8 1 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 207 0 207 2 1 1 1 0 8 1 tcpcb 544 646 0 639 12 11 1 12 0 8 0 inpcb 280 1292 0 1282 10 7 3 9 0 8 1 nd6 48 11 0 8 1 0 1 1 0 8 0 pkpcb 40 4 0 4 2 1 1 1 0 8 1 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 23 0 23 1 0 1 1 0 8 1 pffrag 232 7 0 7 2 1 1 1 0 482 1 pffrnode 88 7 0 7 2 1 1 1 0 8 1 pffrent 40 317 0 317 2 1 1 1 0 8 1 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 46 0 11 1 0 1 1 0 8 0 pfstkey 112 46 0 11 2 0 2 2 0 8 0 pfstate 328 46 0 11 3 0 3 3 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 431 0 216 16 1 15 15 0 8 1 art_table 32 434 0 216 2 0 2 2 0 8 0 art_node 16 79 0 37 1 0 1 1 0 8 0 sysvmsgpl 40 10 0 5 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 17 0 7 1 0 1 1 0 8 0 shmpl 112 115 0 2 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2179 0 768 46 0 46 46 0 8 0 ffsino 272 2179 0 768 95 0 95 95 0 8 0 nchpl 144 3088 0 1480 61 0 61 61 0 8 0 uvmvnodes 72 2469 0 0 45 0 45 45 0 8 0 vnodes 208 2469 0 0 130 0 130 130 0 8 0 namei 1024 9462 0 9462 1 0 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 vcpupl 1984 3 0 0 1 0 1 1 0 8 0 vmpool 560 4 0 1 1 0 1 1 0 8 0 scxspl 192 10149 0 10149 9 8 1 7 0 8 1 plimitpl 152 59 0 51 1 0 1 1 0 8 0 sigapl 432 671 0 656 3 1 2 3 0 8 0 futexpl 56 12803 0 12803 1 0 1 1 0 8 1 knotepl 112 156 0 137 2 0 2 2 0 8 0 kqueuepl 104 269 0 267 4 3 1 4 0 8 0 pipepl 112 1392 0 1373 3 1 2 2 0 8 1 fdescpl 488 672 0 656 3 0 3 3 0 8 0 filepl 152 6418 0 6317 15 9 6 14 0 8 2 lockfpl 104 204 0 203 1 0 1 1 0 8 0 lockfspl 48 72 0 71 1 0 1 1 0 8 0 sessionpl 112 22 0 11 1 0 1 1 0 8 0 pgrppl 48 26 0 15 1 0 1 1 0 8 0 ucredpl 96 521 0 512 1 0 1 1 0 8 0 zombiepl 144 656 0 655 1 0 1 1 0 8 0 processpl 904 688 0 655 4 0 4 4 0 8 0 procpl 632 1689 0 1645 5 0 5 5 0 8 1 srpgc 64 4 0 4 2 2 0 1 0 8 0 sosppl 128 9 0 9 2 2 0 1 0 8 0 sockpl 384 1634 0 1611 15 9 6 14 0 8 3 mcl64k 65536 19 0 0 3 0 3 3 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 10 0 0 1 0 1 1 0 8 0 mcl9k 9216 8 0 0 1 0 1 1 0 8 0 mcl8k 8192 10 0 0 2 0 2 2 0 8 0 mcl4k 4096 7 0 0 1 0 1 1 0 8 0 mcl2k2 2112 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 172 0 0 21 0 21 21 0 8 0 mtagpl 80 19 0 0 1 0 1 1 0 8 0 mbufpl 256 337 0 0 20 1 19 19 0 8 0 bufpl 280 7710 0 1354 454 0 454 454 0 8 0 anonpl 16 92333 0 72897 94 13 81 92 0 125 0 amapchunkpl 152 4155 0 3994 12 0 12 12 0 158 4 amappl16 192 3621 0 2547 74 14 60 66 0 8 5 amappl15 184 65 0 62 1 0 1 1 0 8 0 amappl14 176 125 0 121 1 0 1 1 0 8 0 amappl13 168 8 0 8 1 1 0 1 0 8 0 amappl12 160 3 0 2 2 1 1 1 0 8 0 amappl11 152 66 0 49 1 0 1 1 0 8 0 amappl10 144 21 0 14 1 0 1 1 0 8 0 amappl9 136 975 0 970 1 0 1 1 0 8 0 amappl8 128 506 0 472 2 0 2 2 0 8 0 amappl7 120 119 0 105 1 0 1 1 0 8 0 amappl6 112 61 0 53 1 0 1 1 0 8 0 amappl5 104 145 0 131 1 0 1 1 0 8 0 amappl4 96 946 0 909 2 1 1 2 0 8 0 amappl3 88 207 0 199 1 0 1 1 0 8 0 amappl2 80 4353 0 4280 3 1 2 3 0 8 0 amappl1 72 24975 0 24528 25 15 10 20 0 8 0 amappl 80 1992 0 1943 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 116 0 2 2 0 2 2 0 8 0 uaddrrnd 24 676 0 657 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 676 0 657 1 0 1 1 0 8 0 vmmpekpl 168 11236 0 11202 2 0 2 2 0 8 0 vmmpepl 168 94205 0 91932 154 15 139 142 0 357 32 vmsppl 368 675 0 657 2 0 2 2 0 8 0 pdppl 4096 1359 0 1317 6 0 6 6 0 8 0 pvpl 32 286722 0 264085 213 15 198 213 0 265 12 pmappl 232 675 0 657 2 0 2 2 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 194 0 16 6 0 6 6 0 8 0