uvm_fault(0xffffffff8277aa10, 0xffffffff82697e60, 0, 2) -> e kernel: page fault trap, code=0 Stopped at m_copyback+0x119: addq $0x1,0x8(%rcx,%rbx,8) ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic kernel page fault uvm_fault(0xffffffff8277aa10, 0xffffffff82697e60, 0, 2) -> e m_copyback(ffff800020ee35b0,158,0,ffff800020ee3774,2) at m_copyback+0x119 m_get sys/sys/percpu.h:125 [inline] m_copyback(ffff800020ee35b0,158,0,ffff800020ee3774,2) at m_copyback+0x119 sys/kern/uipc_mbuf.c:756 end trace frame: 0xffff800020ee3830, count: 0 ddb{0}> trace m_copyback(ffff800020ee35b0,158,0,ffff800020ee3774,2) at m_copyback+0x119 m_get sys/sys/percpu.h:125 [inline] m_copyback(ffff800020ee35b0,158,0,ffff800020ee3774,2) at m_copyback+0x119 sys/kern/uipc_mbuf.c:756 pflog_mtap(ffff8000000449c0,ffff800020ee3858,fffffd80675aa100) at pflog_mtap+0x446 sys/net/if_pflog.c:389 pflog_packet(ffff800020ee3958,0,ffff800000b99018,0,ffffffff82879b30,0) at pflog_packet+0x3a4 pf_test(18,1,ffff800000b84000,ffff800020ee3c28) at pf_test+0xfc5 sys/net/pf.c:7226 ip6_input_if(ffff800020ee3c28,ffff800020ee3c34,29,0,ffff800000b84000) at ip6_input_if+0x945 sys/netinet6/ip6_input.c:300 ipv6_input(ffff800000b84000,fffffd80675aa100) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 tun_dev_write(5d01,ffff800020ee3f18,ffff800023106000,2) at tun_dev_write+0x204 sys/net/if_tun.c:868 spec_write(ffff800020ee3d70) at spec_write+0xd4 sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd806e30d4e8,ffff800020ee3f18,11,fffffd807f7bfb40) at VOP_WRITE+0xc6 sys/kern/vfs_vops.c:268 vn_write(fffffd806eabcd18,ffff800020ee3f18,0) at vn_write+0x14e sys/kern/vfs_vnops.c:414 dofilewritev(ffff800022b04790,f0,ffff800020ee3f18,0,ffff800020ee4000) at dofilewritev+0x1ab sys/kern/sys_generic.c:365 sys_write(ffff800022b04790,ffff800020ee3fb0,ffff800020ee4000) at sys_write+0x83 sys/kern/sys_generic.c:285 syscall(ffff800020ee4080) at syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800020ee4080) at syscall+0x4a1 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5fbdb1bc690, count: -14 ddb{0}> show registers rdi 0 rsi 0x84619 acpi_pdirpa+0x70481 rbp 0xffff800020ee3590 rbx 0xffffffffffffcc83 rdx 0x84618 acpi_pdirpa+0x70480 rcx 0xffffffff826b1a40 mbstat_boot_boot_cpumem rax 0 r8 0x2 r9 0xffffffff81e7a848 pf_translate_a+0x1a8 r10 0x1 r11 0xa5b4e0ec06590d48 r12 0xfffffd807a96f600 r13 0x128 r14 0x30 r15 0xffff800020ee3790 rip 0xffffffff81142cf9 m_copyback+0x119 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800020ee34d0 ss 0x10 m_copyback+0x119: addq $0x1,0x8(%rcx,%rbx,8) ddb{0}> show proc PROC (syz-executor.1) pid=216347 stat=onproc flags process=10 proc=4000000 pri=32, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff800022b05660,0xffff800022b04038 process=0xffff800022900bd0 user=0xffff800020edf000, vmspace=0xfffffd807da89a28 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 48406 436825 37267 0 2 0 syz-executor.0 48406 449161 37267 0 2 0x4000000 syz-executor.0 94697 367030 11728 60928 2 0x10 syz-executor.1 94697 291110 11728 60928 7 0x4000010 syz-executor.1 *94697 216347 11728 60928 7 0x4000010 syz-executor.1 11728 407622 7480 0 3 0x82 nanosleep syz-executor.1 37267 244128 7480 0 3 0x82 nanosleep syz-executor.0 69005 415574 1 0 3 0x100083 ttyin getty 72899 184199 0 0 3 0x14200 acct acct 94663 260712 0 0 3 0x14280 nfsidl nfsio 20611 287865 0 0 3 0x14280 nfsidl nfsio 70306 144941 0 0 3 0x14280 nfsidl nfsio 63691 492423 0 0 3 0x14280 nfsidl nfsio 44418 397009 0 0 3 0x14280 nfsidl nfsio 12728 310246 0 0 3 0x14280 nfsidl nfsio 24830 476579 0 0 3 0x14280 nfsidl nfsio 71889 37352 0 0 3 0x14280 nfsidl nfsio 44575 12140 0 0 3 0x14280 nfsidl nfsio 19874 215695 0 0 3 0x14280 nfsidl nfsio 77139 437144 0 0 3 0x14280 nfsidl nfsio 2993 382358 0 0 3 0x14280 nfsidl nfsio 81253 408422 0 0 3 0x14280 nfsidl nfsio 88017 226269 0 0 3 0x14280 nfsidl nfsio 21051 8300 0 0 3 0x14280 nfsidl nfsio 85858 508105 0 0 3 0x14280 nfsidl nfsio 70625 396910 0 0 3 0x14280 nfsidl nfsio 71825 438426 0 0 3 0x14280 nfsidl nfsio 36489 244623 0 0 3 0x14280 nfsidl nfsio 55731 483673 0 0 3 0x14280 nfsidl nfsio 58408 474696 0 0 3 0x14200 bored sosplice 7480 459979 75709 0 3 0x82 thrsleep syz-fuzzer 7480 277725 75709 0 3 0x4000082 thrsleep syz-fuzzer 7480 105095 75709 0 3 0x4000082 kqread syz-fuzzer 7480 394833 75709 0 3 0x4000082 thrsleep syz-fuzzer 7480 326784 75709 0 3 0x4000082 thrsleep syz-fuzzer 7480 319734 75709 0 3 0x4000082 thrsleep syz-fuzzer 7480 357895 75709 0 3 0x4000082 thrsleep syz-fuzzer 7480 427088 75709 0 3 0x4000082 thrsleep syz-fuzzer 75709 79631 27711 0 3 0x10008a pause ksh 27711 278256 86116 0 3 0x92 select sshd 86116 129324 1 0 3 0x80 select sshd 72343 342660 4090 74 3 0x100092 bpf pflogd 4090 415536 1 0 3 0x80 netio pflogd 76797 411777 93854 73 3 0x100090 kqread syslogd 93854 217083 1 0 3 0x100082 netio syslogd 79402 340275 1 77 3 0x100090 poll dhclient 63524 385103 1 0 3 0x80 poll dhclient 52615 433421 0 0 3 0x14200 bored smr 73004 473135 0 0 2 0x14200 zerothread 42999 509059 0 0 3 0x14200 aiodoned aiodoned 38582 505875 0 0 3 0x14200 syncer update 41257 126477 0 0 3 0x14200 cleaner cleaner 77523 130625 0 0 3 0x14200 reaper reaper 28716 397641 0 0 3 0x14200 pgdaemon pagedaemon 69594 232157 0 0 3 0x14200 bored crynlk 71419 31097 0 0 3 0x14200 bored crypto 71761 191769 0 0 3 0x40014200 acpi0 acpi0 98338 163684 0 0 3 0x40014200 idle1 73867 161039 0 0 3 0x14200 bored softnet 42492 338562 0 0 3 0x14200 bored systqmp 11639 95511 0 0 3 0x14200 bored systq 57839 42473 0 0 3 0x40014200 bored softclock 3720 440613 0 0 3 0x40014200 idle0 1 329583 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 94697 (syz-executor.1) thread 0xffff800022b04790 (216347) exclusive rwlock netlock r = 0 (0xffffffff827435e0) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164 #1 tun_dev_write+0x1f9 sys/net/if_tun.c:867 #2 spec_write+0xd4 sys/kern/spec_vnops.c:309 #3 VOP_WRITE+0xc6 sys/kern/vfs_vops.c:268 #4 vn_write+0x14e sys/kern/vfs_vnops.c:414 #5 dofilewritev+0x1ab sys/kern/sys_generic.c:365 #6 sys_write+0x83 sys/kern/sys_generic.c:285 #7 syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline] #7 syscall+0x4a1 sys/arch/amd64/amd64/trap.c:570 #8 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 1 (0xffffffff8289f9d8) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164 #1 vn_write+0x42 sys/kern/vfs_vnops.c:399 #2 dofilewritev+0x1ab sys/kern/sys_generic.c:365 #3 sys_write+0x83 sys/kern/sys_generic.c:285 #4 syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline] #4 syscall+0x4a1 sys/arch/amd64/amd64/trap.c:570 #5 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9547 6440K 7008K 78643K 13188 0 pcb 13 8K 8K 78643K 294 0 rtable 139 17K 18K 78643K 1816 0 ifaddr 98 19K 20K 78643K 310 0 sysctl 3 1K 1K 78643K 4 0 counters 43 33K 34K 78643K 95 0 ioctlops 0 0K 4K 78643K 1941 0 iov 0 0K 32K 78643K 189 0 mount 1 1K 1K 78643K 1 0 vnodes 1217 77K 77K 78643K 2114 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 44 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 501 0 dirhash 6 1K 2K 78643K 12 0 ACPI 1824 197K 290K 78643K 13058 0 file desc 6 17K 25K 78643K 2457 0 sigio 0 0K 0K 78643K 22 0 proc 62 63K 95K 78643K 838 0 subproc 32 2K 2K 78643K 136 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 203 0 in_multi 28 1K 2K 78643K 290 0 ether_multi 1 0K 0K 78643K 30 0 mrt 0 0K 0K 78643K 32 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 73 334K 334K 78643K 73 0 exec 0 0K 2K 78643K 667 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 185 173K 173K 78643K 8673 0 UVM aobj 130 8K 8K 78643K 150 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 1K 78643K 216 0 NDP 16 0K 0K 78643K 71 0 temp 152 3981K 4047K 78643K 30849 0 kqueue 3 4K 18K 78643K 78 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 102 0 98 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 88 134 0 132 1 0 1 1 0 8 0 rtentry 112 363 0 333 2 0 2 2 0 8 0 unpcb 120 958 0 948 1 0 1 1 0 8 0 syncache 272 19 0 19 6 6 0 1 0 8 0 tcpqe 32 25 0 25 3 3 0 1 0 8 0 tcpcb 592 897 0 889 14 12 2 3 0 8 1 inpcb 296 2279 0 2267 10 8 2 3 0 8 0 rttmr 72 15 0 15 5 5 0 1 0 8 0 nd6 48 54 0 49 1 0 1 1 0 8 0 pkpcb 40 18 0 18 5 5 0 1 0 8 0 ppxss 1136 3 0 3 3 3 0 1 0 8 0 pfstscr 40 11 0 11 4 4 0 1 0 8 0 pffrag 232 9 0 9 4 4 0 1 0 482 0 pffrnode 88 9 0 9 4 4 0 1 0 8 0 pffrent 40 194 0 194 4 4 0 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 153 0 127 7 4 3 3 0 8 0 pftag 88 1 0 1 1 1 0 1 0 8 0 pfstitem 24 23 0 21 1 0 1 1 0 8 0 pfstkey 112 32 0 30 1 0 1 1 0 8 0 pfstate 328 26 0 24 2 1 1 2 0 8 0 pfsrctr 152 84 0 84 2 2 0 1 0 8 0 pfrule 1360 97 0 53 6 2 4 4 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1012 0 836 21 8 13 15 0 8 0 art_table 32 1013 0 836 2 0 2 2 0 8 0 art_node 16 362 0 337 1 0 1 1 0 8 0 sysvmsgpl 40 11 0 10 1 0 1 1 0 8 0 semapl 112 499 0 489 1 0 1 1 0 8 0 shmpl 112 147 0 21 5 1 4 4 0 8 0 dirhash 1024 17 0 13 3 1 2 3 0 8 0 dino2pl 256 4384 0 2983 88 0 88 88 0 8 0 ffsino 272 4384 0 2983 94 0 94 94 0 8 0 nchpl 144 7989 0 6401 60 0 60 60 0 8 0 uvmvnodes 72 5111 0 0 93 0 93 93 0 8 0 vnodes 208 5111 0 0 269 0 269 269 0 8 0 namei 1024 26462 0 26462 8 7 1 1 0 8 1 percpumem 16 58 0 26 1 0 1 1 0 8 0 vcpupl 1984 21 0 0 3 0 3 3 0 8 0 vmpool 560 40 0 19 2 0 2 2 0 8 0 pfiaddrpl 120 55 0 25 4 3 1 1 0 8 0 scxspl 200 23737 0 23737 28 27 1 7 0 8 1 plimitpl 152 168 0 160 1 0 1 1 0 8 0 sigapl 424 2678 0 2624 9 2 7 7 0 8 0 futexpl 56 34042 0 34042 6 5 1 1 0 8 1 knotepl 112 252 0 232 2 1 1 2 0 8 0 kqueuepl 152 304 0 299 1 0 1 1 0 8 0 pipepl 304 418 0 407 14 12 2 2 0 8 1 fdescpl 496 2641 0 2624 3 0 3 3 0 8 0 filepl 152 16393 0 16289 9 4 5 6 0 8 1 lockfpl 104 435 0 434 1 0 1 1 0 8 0 lockfspl 48 153 0 152 1 0 1 1 0 8 0 sessionpl 120 26 0 15 1 0 1 1 0 8 0 pgrppl 48 51 0 40 1 0 1 1 0 8 0 ucredpl 96 1560 0 1549 1 0 1 1 0 8 0 zombiepl 144 2624 0 2624 2 1 1 1 0 8 1 processpl 1008 2678 0 2624 7 0 7 7 0 8 0 procpl 632 7801 0 7737 6 0 6 6 0 8 0 sosppl 144 41 0 41 9 9 0 1 0 8 0 sockpl 400 3399 0 3375 14 10 4 5 0 8 1 mcl64k 65536 18 0 0 3 0 3 3 0 8 0 mcl16k 16384 6 0 0 1 0 1 1 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 11 0 0 1 0 1 1 0 8 0 mcl8k 8192 21 0 0 3 1 2 3 0 8 0 mcl4k 4096 13 0 0 2 0 2 2 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 202 0 0 22 3 19 22 0 8 0 mtagpl 96 128 0 0 4 1 3 4 0 8 0 mbufpl 256 737 0 0 37 0 37 37 0 8 0 bufpl 280 7562 0 1304 448 0 448 448 0 8 0 anonpl 16 295966 0 278302 154 76 78 91 0 124 0 amapchunkpl 152 15909 0 15596 50 36 14 26 0 158 0 amappl16 192 10807 0 9913 111 57 54 57 0 8 8 amappl15 184 511 0 508 1 0 1 1 0 8 0 amappl14 176 971 0 965 1 0 1 1 0 8 0 amappl13 168 382 0 381 1 0 1 1 0 8 0 amappl12 160 32 0 25 1 0 1 1 0 8 0 amappl11 152 228 0 213 1 0 1 1 0 8 0 amappl10 144 415 0 409 1 0 1 1 0 8 0 amappl9 136 386 0 385 2 1 1 1 0 8 0 amappl8 128 250 0 193 2 0 2 2 0 8 0 amappl7 120 733 0 721 1 0 1 1 0 8 0 amappl6 112 320 0 302 1 0 1 1 0 8 0 amappl5 104 2402 0 2387 1 0 1 1 0 8 0 amappl4 96 695 0 667 1 0 1 1 0 8 0 amappl3 88 1429 0 1420 1 0 1 1 0 8 0 amappl2 80 18273 0 18192 3 1 2 3 0 8 0 amappl1 72 94440 0 93940 23 12 11 19 0 8 0 amappl 80 8228 0 8134 3 1 2 3 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 149 0 20 3 0 3 3 0 8 0 uaddrrnd 24 2681 0 2643 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2681 0 2643 1 0 1 1 0 8 0 vmmpekpl 168 22141 0 22088 3 0 3 3 0 8 0 vmmpepl 168 353628 0 351299 259 127 132 137 0 357 29 vmsppl 368 2680 0 2643 4 0 4 4 0 8 0 pdppl 4096 5369 0 5307 10 2 8 9 0 8 0 pvpl 32 839626 0 819049 319 140 179 218 0 265 0 pmappl 232 2680 0 2643 5 2 3 3 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 325 0 42 9 0 9 9 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace m_copyback(ffff800020ee35b0,158,0,ffff800020ee3774,2) at m_copyback+0x119 m_get sys/sys/percpu.h:125 [inline] m_copyback(ffff800020ee35b0,158,0,ffff800020ee3774,2) at m_copyback+0x119 sys/kern/uipc_mbuf.c:756 pflog_mtap(ffff8000000449c0,ffff800020ee3858,fffffd80675aa100) at pflog_mtap+0x446 sys/net/if_pflog.c:389 pflog_packet(ffff800020ee3958,0,ffff800000b99018,0,ffffffff82879b30,0) at pflog_packet+0x3a4 pf_test(18,1,ffff800000b84000,ffff800020ee3c28) at pf_test+0xfc5 sys/net/pf.c:7226 ip6_input_if(ffff800020ee3c28,ffff800020ee3c34,29,0,ffff800000b84000) at ip6_input_if+0x945 sys/netinet6/ip6_input.c:300 ipv6_input(ffff800000b84000,fffffd80675aa100) at ipv6_input+0x48 sys/netinet6/ip6_input.c:171 tun_dev_write(5d01,ffff800020ee3f18,ffff800023106000,2) at tun_dev_write+0x204 sys/net/if_tun.c:868 spec_write(ffff800020ee3d70) at spec_write+0xd4 sys/kern/spec_vnops.c:309 VOP_WRITE(fffffd806e30d4e8,ffff800020ee3f18,11,fffffd807f7bfb40) at VOP_WRITE+0xc6 sys/kern/vfs_vops.c:268 vn_write(fffffd806eabcd18,ffff800020ee3f18,0) at vn_write+0x14e sys/kern/vfs_vnops.c:414 dofilewritev(ffff800022b04790,f0,ffff800020ee3f18,0,ffff800020ee4000) at dofilewritev+0x1ab sys/kern/sys_generic.c:365 sys_write(ffff800022b04790,ffff800020ee3fb0,ffff800020ee4000) at sys_write+0x83 sys/kern/sys_generic.c:285 syscall(ffff800020ee4080) at syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800020ee4080) at syscall+0x4a1 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5fbdb1bc690, count: -14 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020d80ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff8289f7d0) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff8289f7d0) at __mp_lock+0x133 sys/kern/kern_lock.c:147 syscall(ffff800021f14400) at syscall+0x3fd mi_syscall sys/sys/syscall_mi.h:93 [inline] syscall(ffff800021f14400) at syscall+0x3fd sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5fb6f12cae0, count: -6