uvm_fault(0xfffffd806bc09880, 0x4, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pfi_address_add+0x1eb: movl 0x4(%rax),%eax ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd806bc09880, 0x4, 0, 1) -> e pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 end trace frame: 0xffff8000209a1160, count: 0 ddb> trace pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 pfi_instance_add(ffff800000ac6000,0,c3) at pfi_instance_add+0x5e5 pfi_table_update(ffff800000b02a20,ffff800000ae7800,0,c3) at pfi_table_update+0x174 pfi_kif_update(ffff800000ae7800) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline] pfi_kif_update(ffff800000ae7800) at pfi_kif_update+0xba sys/net/pf_if.c:442 pfi_dynaddr_setup(ffff800000b2dde0,0) at pfi_dynaddr_setup+0x3fa sys/net/pf_if.c:420 pfioctl(4900,cd604404,ffff800000ac8000,3,ffff8000209a2508) at pfioctl+0x51b2 pf_addr_setup sys/net/pf_ioctl.c:893 [inline] pfioctl(4900,cd604404,ffff800000ac8000,3,ffff8000209a2508) at pfioctl+0x51b2 sys/net/pf_ioctl.c:1265 VOP_IOCTL(fffffd805d7c50d0,cd604404,ffff800000ac8000,3,fffffd806c3bf6c0,ffff8000209a2508) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd80575025b0,cd604404,ffff800000ac8000,ffff8000209a2508) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff8000209a2508,ffff8000209a1708,ffff8000209a1750) at sys_ioctl+0x4a1 syscall(ffff8000209a17d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6dfe8b45870, count: -11 ddb> show registers rdi 0xffffffff815218d7 pfi_address_add+0x1e7 rsi 0x7c0 rbp 0xffff8000209a10c0 rbx 0 rdx 0x7c1 rcx 0xffff80001d77e000 rax 0 r8 0xffffffff81521191 pfi_instance_add+0xf1 r9 0x1 r10 0x2 r11 0xa2b39731ba80c7a r12 0x34 r13 0x2 r14 0xffff800000654034 r15 0 rip 0xffffffff815218db pfi_address_add+0x1eb cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000209a1050 ss 0x10 pfi_address_add+0x1eb: movl 0x4(%rax),%eax ddb> show proc PROC (syz-executor.0) pid=179895 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=69, nice=20 forw=0xffffffffffffffff, list=0xffff8000209a2c58,0xffffffff8283e8c8 process=0xffff80001d6ef250 user=0xffff80002099c000, vmspace=0xfffffd806bc09880 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 18337 148459 28135 0 2 0 syz-executor.0 *18337 179895 28135 0 7 0x4000000 syz-executor.0 51920 225743 0 0 3 0x14280 nfsidl nfsio 60552 389935 0 0 3 0x14280 nfsidl nfsio 60511 342148 0 0 3 0x14280 nfsidl nfsio 85851 275069 0 0 3 0x14280 nfsidl nfsio 60241 123885 0 0 3 0x14280 nfsidl nfsio 43760 201608 0 0 3 0x14280 nfsidl nfsio 76025 32650 0 0 3 0x14280 nfsidl nfsio 37804 101365 0 0 3 0x14280 nfsidl nfsio 15798 63123 0 0 3 0x14280 nfsidl nfsio 89378 446885 0 0 3 0x14280 nfsidl nfsio 6554 10608 0 0 3 0x14280 nfsidl nfsio 86620 362868 0 0 3 0x14280 nfsidl nfsio 19152 59255 0 0 3 0x14280 nfsidl nfsio 26782 195625 0 0 3 0x14280 nfsidl nfsio 88807 174227 0 0 3 0x14280 nfsidl nfsio 24359 44358 0 0 3 0x14280 nfsidl nfsio 27832 338113 0 0 3 0x14280 nfsidl nfsio 43159 14777 0 0 3 0x14280 nfsidl nfsio 30002 140710 0 0 3 0x14280 nfsidl nfsio 40407 493501 0 0 3 0x14280 nfsidl nfsio 70586 417614 0 0 3 0x14200 bored sosplice 54504 228890 41592 0 2 0x2 syz-executor.1 28135 239685 41592 0 2 0x482 syz-executor.0 41592 463157 50207 0 3 0x82 thrsleep syz-fuzzer 41592 148075 50207 0 3 0x4000082 nanosleep syz-fuzzer 41592 147029 50207 0 3 0x4000082 thrsleep syz-fuzzer 41592 217751 50207 0 3 0x4000082 thrsleep syz-fuzzer 41592 222049 50207 0 3 0x4000082 thrsleep syz-fuzzer 41592 386668 50207 0 3 0x4000082 kqread syz-fuzzer 41592 213961 50207 0 3 0x4000082 thrsleep syz-fuzzer 41592 509085 50207 0 3 0x4000082 thrsleep syz-fuzzer 50207 509151 5582 0 3 0x10008a pause ksh 5582 417354 89116 0 3 0x92 select sshd 47768 279363 1 0 3 0x100083 ttyin getty 89116 177397 1 0 3 0x80 select sshd 97328 468706 30834 73 2 0x100090 syslogd 30834 321836 1 0 3 0x100082 netio syslogd 40264 522035 1 77 3 0x100090 poll dhclient 26827 515687 1 0 3 0x80 poll dhclient 50068 341051 0 0 3 0x14200 bored smr 1520 69290 0 0 2 0x14200 zerothread 10894 484705 0 0 3 0x14200 aiodoned aiodoned 78657 313884 0 0 3 0x14200 syncer update 61378 58373 0 0 3 0x14200 cleaner cleaner 29922 72517 0 0 3 0x14200 reaper reaper 51435 175923 0 0 3 0x14200 pgdaemon pagedaemon 99249 406788 0 0 3 0x14200 bored crynlk 91191 203216 0 0 3 0x14200 bored crypto 3951 440376 0 0 3 0x40014200 acpi0 acpi0 887 217605 0 0 3 0x14200 bored softnet 20744 18616 0 0 3 0x14200 bored systqmp 36641 121393 0 0 3 0x14200 bored systq 94359 203512 0 0 3 0x40014200 bored softclock 44466 94116 0 0 3 0x40014200 idle0 1 449249 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9506 6470K 6599K 78643K 11116 0 pcb 13 8K 8K 78643K 53 0 rtable 138 11K 13K 78643K 429 0 ifaddr 84 17K 18K 78643K 146 0 sysctl 2 0K 0K 78643K 2 0 counters 21 16K 16K 78643K 28 0 ioctlops 1 4K 4K 78643K 60 0 iov 0 0K 16K 78643K 30 0 mount 1 1K 1K 78643K 1 0 vnodes 1222 77K 77K 78643K 1510 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 8 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 1K 78643K 962 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 807 0 proc 50 38K 63K 78643K 393 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 8 0 in_multi 70 3K 3K 78643K 87 0 ether_multi 1 0K 0K 78643K 6 0 mrt 0 0K 0K 78643K 3 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 37 175K 175K 78643K 37 0 exec 0 0K 1K 78643K 200 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 129 23K 39K 78643K 2632 0 UVM aobj 21 6K 6K 78643K 25 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 26 0 NDP 11 0K 0K 78643K 24 0 temp 101 3862K 3926K 78643K 4115 0 kqueue 3 4K 8K 78643K 14 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 80 37 0 35 1 0 1 1 0 8 0 rtentry 112 49 0 5 2 0 2 2 0 8 0 unpcb 120 211 0 203 1 0 1 1 0 8 0 syncache 264 8 0 8 3 3 0 1 0 8 0 tcpqe 32 59 0 59 1 1 0 1 0 8 0 tcpcb 544 199 0 195 1 0 1 1 0 8 0 ipq 40 2 0 2 1 1 0 1 0 8 0 ipqe 40 47 0 47 1 1 0 1 0 8 0 inpcb 296 376 0 369 4 2 2 2 0 8 1 rttmr 72 1 0 1 1 1 0 1 0 8 0 nd6 48 9 0 3 1 0 1 1 0 8 0 pkpcb 40 1 0 1 1 1 0 1 0 8 0 ppxss 1136 1 0 1 1 1 0 1 0 8 0 pfrke_plain 160 2 0 0 1 0 1 1 0 8 0 pfrktable 1344 82 0 67 5 3 2 2 0 8 0 pftag 88 10 0 8 1 0 1 1 0 8 0 pfrule 1360 23 0 10 2 0 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 190 0 2 12 0 12 12 0 8 0 art_table 32 191 0 2 2 0 2 2 0 8 0 art_node 16 48 0 8 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 0 1 0 1 1 0 8 0 semupl 112 6 0 6 1 1 0 1 0 8 0 semapl 112 958 0 948 1 0 1 1 0 8 0 shmpl 112 22 0 4 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2301 0 903 88 0 88 88 0 8 0 ffsino 240 2301 0 903 83 0 83 83 0 8 0 nchpl 144 3438 0 1836 60 0 60 60 0 8 0 rtmask 32 4 0 2 1 0 1 1 0 8 0 uvmvnodes 72 2590 0 0 48 0 48 48 0 8 0 vnodes 208 2590 0 0 137 0 137 137 0 8 0 namei 1024 8527 0 8527 2 1 1 1 0 8 1 vmpool 528 2 0 2 1 1 0 1 0 8 0 pfiaddrpl 120 37 0 22 2 1 1 1 0 8 0 scxspl 192 10221 0 10221 1 0 1 1 0 8 1 plimitpl 152 44 0 37 1 0 1 1 0 8 0 sigapl 424 1014 0 965 6 0 6 6 0 8 0 futexpl 56 13868 0 13868 2 1 1 1 0 8 1 knotepl 112 74 0 55 1 0 1 1 0 8 0 kqueuepl 144 172 0 169 1 0 1 1 0 8 0 pipepl 272 539 0 529 1 0 1 1 0 8 0 fdescpl 432 979 0 965 2 0 2 2 0 8 0 filepl 120 4408 0 4312 4 0 4 4 0 8 1 lockfpl 104 81 0 80 1 0 1 1 0 8 0 lockfspl 48 34 0 33 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 53 0 43 1 0 1 1 0 8 0 ucredpl 96 340 0 333 1 0 1 1 0 8 0 zombiepl 144 965 0 965 1 0 1 1 0 8 1 processpl 928 1014 0 965 7 0 7 7 0 8 0 procpl 624 1916 0 1859 6 1 5 5 0 8 0 sosppl 128 6 0 6 2 2 0 1 0 8 0 sockpl 400 627 0 610 5 2 3 4 0 8 1 mcl64k 65536 13 0 13 4 4 0 1 0 8 0 mcl16k 16384 4 0 4 3 3 0 1 0 8 0 mcl12k 12288 432 0 432 2 1 1 1 0 8 1 mcl9k 9216 11 0 11 2 1 1 1 0 8 1 mcl8k 8192 21 0 21 4 3 1 1 0 8 1 mcl4k 4096 36 0 36 4 4 0 1 0 8 0 mcl2k 2048 94402 0 94355 16 9 7 14 0 8 0 mtagpl 96 36 0 7 2 1 1 1 0 8 0 mbufpl 256 156909 0 156752 29 18 11 18 0 8 0 bufpl 280 4476 0 128 311 0 311 311 0 8 0 anonpl 16 99076 0 83182 99 28 71 81 0 107 0 amapchunkpl 152 3714 0 3570 18 11 7 16 0 158 0 amappl16 192 4805 0 3848 68 19 49 56 0 8 1 amappl15 184 325 0 320 1 0 1 1 0 8 0 amappl14 176 27 0 21 1 0 1 1 0 8 0 amappl13 168 27 0 24 1 0 1 1 0 8 0 amappl12 160 7 0 5 2 1 1 1 0 8 0 amappl11 152 43 0 34 1 0 1 1 0 8 0 amappl10 144 12 0 8 1 0 1 1 0 8 0 amappl9 136 814 0 812 1 0 1 1 0 8 0 amappl8 128 791 0 749 2 0 2 2 0 8 0 amappl7 120 109 0 96 1 0 1 1 0 8 0 amappl6 112 25 0 19 1 0 1 1 0 8 0 amappl5 104 953 0 942 1 0 1 1 0 8 0 amappl4 96 421 0 396 1 0 1 1 0 8 0 amappl3 88 541 0 536 1 0 1 1 0 8 0 amappl2 80 7341 0 7271 2 0 2 2 0 8 0 amappl1 72 29913 0 29503 24 15 9 17 0 8 0 amappl 80 2114 0 2071 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 24 0 4 1 0 1 1 0 8 0 uaddrrnd 24 981 0 967 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 981 0 967 1 0 1 1 0 8 0 vmmpekpl 168 10517 0 10486 2 0 2 2 0 8 0 vmmpepl 168 123481 0 121420 138 42 96 115 0 357 6 vmsppl 272 980 0 967 2 1 1 2 0 8 0 pdppl 4096 1968 0 1934 6 1 5 6 0 8 0 pvpl 32 283831 0 264861 216 49 167 190 0 265 0 pmappl 200 980 0 967 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 274 0 49 8 1 7 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 pfi_instance_add(ffff800000ac6000,0,c3) at pfi_instance_add+0x5e5 pfi_table_update(ffff800000b02a20,ffff800000ae7800,0,c3) at pfi_table_update+0x174 pfi_kif_update(ffff800000ae7800) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline] pfi_kif_update(ffff800000ae7800) at pfi_kif_update+0xba sys/net/pf_if.c:442 pfi_dynaddr_setup(ffff800000b2dde0,0) at pfi_dynaddr_setup+0x3fa sys/net/pf_if.c:420 pfioctl(4900,cd604404,ffff800000ac8000,3,ffff8000209a2508) at pfioctl+0x51b2 pf_addr_setup sys/net/pf_ioctl.c:893 [inline] pfioctl(4900,cd604404,ffff800000ac8000,3,ffff8000209a2508) at pfioctl+0x51b2 sys/net/pf_ioctl.c:1265 VOP_IOCTL(fffffd805d7c50d0,cd604404,ffff800000ac8000,3,fffffd806c3bf6c0,ffff8000209a2508) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd80575025b0,cd604404,ffff800000ac8000,ffff8000209a2508) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff8000209a2508,ffff8000209a1708,ffff8000209a1750) at sys_ioctl+0x4a1 syscall(ffff8000209a17d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6dfe8b45870, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 pfi_instance_add(ffff800000ac6000,0,c3) at pfi_instance_add+0x5e5 pfi_table_update(ffff800000b02a20,ffff800000ae7800,0,c3) at pfi_table_update+0x174 pfi_kif_update(ffff800000ae7800) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline] pfi_kif_update(ffff800000ae7800) at pfi_kif_update+0xba sys/net/pf_if.c:442 pfi_dynaddr_setup(ffff800000b2dde0,0) at pfi_dynaddr_setup+0x3fa sys/net/pf_if.c:420 pfioctl(4900,cd604404,ffff800000ac8000,3,ffff8000209a2508) at pfioctl+0x51b2 pf_addr_setup sys/net/pf_ioctl.c:893 [inline] pfioctl(4900,cd604404,ffff800000ac8000,3,ffff8000209a2508) at pfioctl+0x51b2 sys/net/pf_ioctl.c:1265 VOP_IOCTL(fffffd805d7c50d0,cd604404,ffff800000ac8000,3,fffffd806c3bf6c0,ffff8000209a2508) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd80575025b0,cd604404,ffff800000ac8000,ffff8000209a2508) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff8000209a2508,ffff8000209a1708,ffff8000209a1750) at sys_ioctl+0x4a1 syscall(ffff8000209a17d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6dfe8b45870, count: -11