uvm_fault(0xfffffd8067416aa8, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pfsync_state_import+0x108: movq 0(%rax,%rbx,8),%r15 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd8067416aa8, 0x0, 0, 1) -> e pfsync_state_import(ffff800000b26600,1) at pfsync_state_import+0x108 sys/net/if_pfsync.c:529 end trace frame: 0xffff80001e7a5000, count: 0 ddb> trace pfsync_state_import(ffff800000b26600,1) at pfsync_state_import+0x108 sys/net/if_pfsync.c:529 pfioctl(4900,c1084425,ffff800000b26600,3,ffff80001d6be508) at pfioctl+0x2764 sys/net/pf_ioctl.c:1688 VOP_IOCTL(fffffd805da631a0,c1084425,ffff800000b26600,3,fffffd806c3bf900,ffff80001d6be508) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd8067419cc0,c1084425,ffff800000b26600,ffff80001d6be508) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80001d6be508,ffff80001e7a52e8,ffff80001e7a5330) at sys_ioctl+0x4ac syscall(ffff80001e7a53b0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe8a98b0f490, count: -7 ddb> show registers rdi 0xffff80001f9a0000 rsi 0xeb rbp 0xffff80001e7a4ea0 rbx 0 rdx 0xffff80001f9a0000 rcx 0xea rax 0 r8 0x101010101010101 r9 0x8080808080808080 r10 0xd192a92fc0a0dc18 r11 0x46a37b811f13c49c r12 0xffff800000b2f500 r13 0xffff800000b26600 r14 0x1 r15 0x11 rip 0xffffffff82330928 pfsync_state_import+0x108 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80001e7a4e20 ss 0x10 pfsync_state_import+0x108: movq 0(%rax,%rbx,8),%r15 ddb> show proc PROC (syz-executor.0) pid=307435 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=76, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6bf3d8,0xffffffff827ac148 process=0xffff80001d6e83e0 user=0xffff80001e7a0000, vmspace=0xfffffd8067416aa8 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 53955 183014 14913 0 2 0 syz-executor.0 *53955 307435 14913 0 7 0x4000000 syz-executor.0 7830 193750 0 0 3 0x14280 nfsidl nfsio 31795 296985 0 0 3 0x14280 nfsidl nfsio 5899 440320 0 0 3 0x14280 nfsidl nfsio 66080 500329 0 0 3 0x14280 nfsidl nfsio 30561 403961 0 0 3 0x14280 nfsidl nfsio 26447 16381 0 0 3 0x14280 nfsidl nfsio 71577 430892 0 0 3 0x14280 nfsidl nfsio 61089 350991 0 0 3 0x14280 nfsidl nfsio 91187 279508 0 0 3 0x14280 nfsidl nfsio 75847 338936 0 0 3 0x14280 nfsidl nfsio 24399 190246 0 0 3 0x14280 nfsidl nfsio 94285 515690 0 0 3 0x14280 nfsidl nfsio 7434 411597 0 0 3 0x14280 nfsidl nfsio 2309 244417 0 0 3 0x14280 nfsidl nfsio 88551 104745 0 0 3 0x14280 nfsidl nfsio 78751 511991 0 0 3 0x14280 nfsidl nfsio 25511 254686 0 0 3 0x14280 nfsidl nfsio 48678 315524 0 0 3 0x14280 nfsidl nfsio 14197 515787 0 0 3 0x14280 nfsidl nfsio 46418 340653 0 0 3 0x14280 nfsidl nfsio 78525 166483 0 0 3 0x14200 bored sosplice 14913 124781 90266 0 3 0x82 nanosleep syz-executor.0 32832 501301 90266 0 2 0x2 syz-executor.1 90266 52904 77525 0 3 0x82 thrsleep syz-fuzzer 90266 519534 77525 0 3 0x4000082 nanosleep syz-fuzzer 90266 45916 77525 0 3 0x4000082 thrsleep syz-fuzzer 90266 352491 77525 0 3 0x4000082 thrsleep syz-fuzzer 90266 12342 77525 0 3 0x4000082 thrsleep syz-fuzzer 90266 463105 77525 0 3 0x4000082 kqread syz-fuzzer 77525 244941 16117 0 3 0x10008a pause ksh 16117 244937 20919 0 3 0x92 select sshd 37793 490419 1 0 3 0x100083 ttyin getty 20919 174434 1 0 3 0x80 select sshd 79573 424637 23877 73 3 0x100090 kqread syslogd 23877 460429 1 0 3 0x100082 netio syslogd 4145 130720 1 77 3 0x100090 poll dhclient 43476 348883 1 0 3 0x80 poll dhclient 93994 103533 0 0 3 0x14200 bored smr 65101 37905 0 0 2 0x14200 zerothread 48486 60382 0 0 3 0x14200 aiodoned aiodoned 5033 470814 0 0 3 0x14200 syncer update 37594 167342 0 0 3 0x14200 cleaner cleaner 52807 353630 0 0 3 0x14200 reaper reaper 52048 324229 0 0 3 0x14200 pgdaemon pagedaemon 61365 169495 0 0 3 0x14200 bored crynlk 46467 137591 0 0 3 0x14200 bored crypto 83464 197404 0 0 3 0x40014200 acpi0 acpi0 55907 384312 0 0 3 0x14200 bored softnet 82777 270713 0 0 3 0x14200 bored systqmp 70823 509688 0 0 3 0x14200 bored systq 20677 195304 0 0 3 0x40014200 bored softclock 36774 149055 0 0 3 0x40014200 idle0 1 398255 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9459 6334K 6980K 78643K 12293 0 pcb 13 8K 8K 78643K 143 0 rtable 100 4K 4K 78643K 366 0 ifaddr 46 11K 11K 78643K 165 0 counters 21 16K 16K 78643K 44 0 ioctlops 1 0K 4K 78643K 182 0 iov 0 0K 16K 78643K 47 0 mount 1 1K 1K 78643K 1 0 vnodes 1215 76K 77K 78643K 1770 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 11 1K 1K 78643K 18 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 1718 0 sigio 0 0K 0K 78643K 68 0 proc 49 38K 62K 78643K 486 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 109 0 in_multi 23 1K 2K 78643K 81 0 ether_multi 1 0K 0K 78643K 24 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 2K 78643K 355 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 99 86K 88K 78643K 4292 0 UVM aobj 20 2K 2K 78643K 20 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 48 0 NDP 6 0K 0K 78643K 33 0 temp 99 3952K 4016K 78643K 7474 0 kqueue 3 4K 6K 78643K 43 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 96 109 0 107 1 0 1 1 0 8 0 rtentry 112 45 0 8 2 0 2 2 0 8 0 unpcb 120 640 0 632 1 0 1 1 0 8 0 syncache 272 23 0 23 3 3 0 1 0 8 0 tcpqe 32 10 0 10 1 1 0 1 0 8 0 tcpcb 592 308 0 301 8 5 3 4 0 8 2 inpcb 296 735 0 728 4 2 2 2 0 8 1 nd6 48 6 0 3 1 0 1 1 0 8 0 kcovpl 48 3 0 1 1 0 1 1 0 8 0 pfosfp 40 6 0 0 1 0 1 1 0 8 0 pfosfpen 112 10 0 0 1 0 1 1 0 8 0 pfrktable 1344 4 0 0 1 0 1 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfqueue 264 23 0 23 1 1 0 1 0 8 0 pfrule 1360 17 0 0 2 0 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 188 0 40 12 1 11 12 0 8 0 art_table 32 189 0 40 2 0 2 2 0 8 0 art_node 16 44 0 10 1 0 1 1 0 8 0 sysvmsgpl 40 34 0 23 1 0 1 1 0 8 0 semupl 112 6 0 6 1 1 0 1 0 8 0 semapl 112 9 0 0 1 0 1 1 0 8 0 shmpl 112 17 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 3715 0 2272 91 0 91 91 0 8 0 ffsino 240 3715 0 2272 86 0 86 86 0 8 0 nchpl 144 6217 0 4626 60 0 60 60 0 8 0 uvmvnodes 72 4095 0 0 75 0 75 75 0 8 0 vnodes 208 4095 0 0 216 0 216 216 0 8 0 namei 1024 15493 0 15493 1 0 1 1 0 8 1 vcpupl 1984 5 0 0 1 0 1 1 0 8 0 vmpool 528 5 0 0 1 0 1 1 0 8 0 scxspl 200 18417 0 18417 1 0 1 1 0 8 1 plimitpl 152 86 0 79 1 0 1 1 0 8 0 sigapl 424 1923 0 1874 6 0 6 6 0 8 0 futexpl 56 17365 0 17365 1 0 1 1 0 8 1 knotepl 112 119 0 99 1 0 1 1 0 8 0 kqueuepl 152 657 0 648 1 0 1 1 0 8 0 pipepl 272 175 0 164 1 0 1 1 0 8 0 fdescpl 432 1888 0 1874 2 0 2 2 0 8 0 filepl 120 7537 0 7439 4 0 4 4 0 8 0 lockfpl 104 185 0 184 1 0 1 1 0 8 0 lockfspl 48 62 0 61 1 0 1 1 0 8 0 sessionpl 120 18 0 8 1 0 1 1 0 8 0 pgrppl 48 35 0 25 1 0 1 1 0 8 0 ucredpl 96 1167 0 1160 1 0 1 1 0 8 0 zombiepl 144 1874 0 1874 1 0 1 1 0 8 1 processpl 944 1923 0 1874 7 0 7 7 0 8 0 procpl 632 3751 0 3696 5 0 5 5 0 8 0 sosppl 144 27 0 27 1 1 0 1 0 8 0 sockpl 400 1490 0 1473 4 1 3 3 0 8 1 mcl64k 65536 73 0 73 4 3 1 1 0 8 1 mcl16k 16384 8 0 8 1 1 0 1 0 8 0 mcl12k 12288 7 0 7 1 0 1 1 0 8 1 mcl9k 9216 32 0 32 4 3 1 1 0 8 1 mcl8k 8192 23 0 23 2 1 1 1 0 8 1 mcl4k 4096 52 0 52 4 3 1 1 0 8 1 mcl2k2 2112 50 0 50 2 2 0 1 0 8 0 mcl2k 2048 16985 0 16953 16 8 8 9 0 8 3 mtagpl 96 175 0 18 5 1 4 4 0 8 0 mbufpl 256 59954 0 59548 30 2 28 28 0 8 0 bufpl 280 6622 0 1248 385 0 385 385 0 8 0 anonpl 16 140165 0 136232 22 3 19 19 0 107 2 amapchunkpl 152 8056 0 7931 15 2 13 13 0 158 6 amappl16 192 6151 0 6010 9 1 8 8 0 8 0 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 25 0 19 1 0 1 1 0 8 0 amappl13 168 880 0 877 1 0 1 1 0 8 0 amappl12 160 16 0 14 2 1 1 1 0 8 0 amappl11 152 48 0 39 1 0 1 1 0 8 0 amappl10 144 16 0 11 1 0 1 1 0 8 0 amappl9 136 341 0 341 1 1 0 1 0 8 0 amappl8 128 103 0 81 1 0 1 1 0 8 0 amappl7 120 232 0 227 1 0 1 1 0 8 0 amappl6 112 105 0 95 1 0 1 1 0 8 0 amappl5 104 2016 0 2005 1 0 1 1 0 8 0 amappl4 96 1087 0 1060 1 0 1 1 0 8 0 amappl3 88 76 0 67 1 0 1 1 0 8 0 amappl2 80 12813 0 12750 3 1 2 3 0 8 0 amappl1 72 54911 0 54492 24 14 10 18 0 8 0 amappl 80 3971 0 3925 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 19 0 0 1 0 1 1 0 8 0 uaddrrnd 24 1893 0 1874 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1893 0 1874 1 0 1 1 0 8 0 vmmpekpl 168 12699 0 12670 2 0 2 2 0 8 0 vmmpepl 168 231549 0 230333 77 18 59 71 0 357 1 vmsppl 272 1892 0 1874 2 0 2 2 0 8 0 pdppl 4096 3792 0 3753 6 0 6 6 0 8 1 pvpl 32 640162 0 633137 122 52 70 111 0 265 9 pmappl 200 1892 0 1874 2 0 2 2 0 8 1 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 271 0 25 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pfsync_state_import(ffff800000b26600,1) at pfsync_state_import+0x108 sys/net/if_pfsync.c:529 pfioctl(4900,c1084425,ffff800000b26600,3,ffff80001d6be508) at pfioctl+0x2764 sys/net/pf_ioctl.c:1688 VOP_IOCTL(fffffd805da631a0,c1084425,ffff800000b26600,3,fffffd806c3bf900,ffff80001d6be508) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd8067419cc0,c1084425,ffff800000b26600,ffff80001d6be508) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80001d6be508,ffff80001e7a52e8,ffff80001e7a5330) at sys_ioctl+0x4ac syscall(ffff80001e7a53b0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe8a98b0f490, count: -7 ddb> machine ddbcpu 1 No such command ddb> trace pfsync_state_import(ffff800000b26600,1) at pfsync_state_import+0x108 sys/net/if_pfsync.c:529 pfioctl(4900,c1084425,ffff800000b26600,3,ffff80001d6be508) at pfioctl+0x2764 sys/net/pf_ioctl.c:1688 VOP_IOCTL(fffffd805da631a0,c1084425,ffff800000b26600,3,fffffd806c3bf900,ffff80001d6be508) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd8067419cc0,c1084425,ffff800000b26600,ffff80001d6be508) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80001d6be508,ffff80001e7a52e8,ffff80001e7a5330) at sys_ioctl+0x4ac syscall(ffff80001e7a53b0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe8a98b0f490, count: -7