uvm_fault(0xffffffff82dcb8f8, 0x444, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pf_purge_expired_states+0x187: movl 0x444(%r14,%rbx,4),%r15d TID PID UID PRFLAGS PFLAGS CPU COMMAND *227372 52284 0 0x14000 0x200 1 systqmp 369776 19937 0 0x14000 0x40000200 0K softclock pf_purge_expired_states(40,40) at pf_purge_expired_states+0x187 pf_state_expires sys/net/pf.c:1716 [inline] pf_purge_expired_states(40,40) at pf_purge_expired_states+0x187 sys/net/pf.c:1946 pf_purge_states(0) at pf_purge_states+0x3e sys/net/pf.c:1642 taskq_thread(ffffffff82cdf3c0) at taskq_thread+0xe5 sys/kern/kern_task.c:450 end trace frame: 0x0, count: 12 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xffffffff82dcb8f8, 0x444, 0, 1) -> e ddb{1}> trace pf_purge_expired_states(40,40) at pf_purge_expired_states+0x187 pf_state_expires sys/net/pf.c:1716 [inline] pf_purge_expired_states(40,40) at pf_purge_expired_states+0x187 sys/net/pf.c:1946 pf_purge_states(0) at pf_purge_states+0x3e sys/net/pf.c:1642 taskq_thread(ffffffff82cdf3c0) at taskq_thread+0xe5 sys/kern/kern_task.c:450 end trace frame: 0x0, count: -3 ddb{1}> show registers rdi 0x13 rsi 0 rbp 0xffff80002a119f60 rbx 0 rdx 0 rcx 0xffff80002a0fb2a8 rax 0xffff800029cebff0 r8 0 r9 0x1 r10 0 r11 0x838f5155a687b1e4 r12 0x40 r13 0xfffffd80639eec78 r14 0 r15 0xfffffd806f047468 rip 0xffffffff81b64da7 pf_purge_expired_states+0x187 cs 0x8 rflags 0x10293 __ALIGN_SIZE+0xf293 rsp 0xffff80002a119ee0 ss 0 pf_purge_expired_states+0x187: movl 0x444(%r14,%rbx,4),%r15d ddb{1}> show proc PROC (systqmp) tid=227372 pid=52284 tcnt=1 stat=onproc flags process=14000 proc=200 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a0fb550,0xffff80002a0fb010 process=0xffff8000ffffc470 user=0xffff80002a115000, vmspace=0xffffffff82dcb8f8 estcpu=0, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 25963 185041 98701 0 2 0 syz-executor.2 25963 323797 98701 0 2 0x4000000 syz-executor.2 92840 299135 53949 0 2 0 syz-executor.7 92840 329450 53949 0 2 0x4000000 syz-executor.7 30871 239780 45420 0 2 0 syz-executor.6 30871 82393 45420 0 3 0x4000080 fsleep syz-executor.6 8030 412133 37549 0 2 0 syz-executor.3 8030 401901 37549 0 3 0x4000080 piperd syz-executor.3 8030 226646 37549 0 3 0x4000080 piperd syz-executor.3 16878 15803 51943 0 2 0 syz-executor.1 16878 181478 51943 0 3 0x4000080 fsleep syz-executor.1 41030 485033 24135 0 2 0 syz-executor.5 24135 249542 18909 0 2 0x482 syz-executor.5 45420 456384 18909 0 3 0x82 nanoslp syz-executor.6 51943 505963 18909 0 2 0x482 syz-executor.1 55275 515616 0 0 3 0x14280 nfsidl nfsio 93725 264282 0 0 3 0x14280 nfsidl nfsio 73916 491978 0 0 3 0x14280 nfsidl nfsio 58256 399383 0 0 3 0x14280 nfsidl nfsio 63093 211872 0 0 3 0x14280 nfsidl nfsio 18493 324222 0 0 3 0x14280 nfsidl nfsio 18172 194228 0 0 3 0x14280 nfsidl nfsio 99128 465050 0 0 3 0x14280 nfsidl nfsio 74209 60155 0 0 3 0x14280 nfsidl nfsio 89555 35027 0 0 3 0x14280 nfsidl nfsio 81204 245889 0 0 3 0x14280 nfsidl nfsio 73022 323188 0 0 3 0x14280 nfsidl nfsio 82084 105034 0 0 3 0x14280 nfsidl nfsio 881 181029 0 0 3 0x14280 nfsidl nfsio 70658 454184 0 0 3 0x14280 nfsidl nfsio 67657 438608 0 0 3 0x14280 nfsidl nfsio 18462 67225 0 0 3 0x14280 nfsidl nfsio 35350 78270 0 0 3 0x14280 nfsidl nfsio 18005 463480 0 0 3 0x14280 nfsidl nfsio 10278 167392 0 0 3 0x14280 nfsidl nfsio 37549 363565 18909 0 2 0x482 syz-executor.3 79961 71817 1 0 3 0x100083 ttyin getty 27567 132582 0 0 3 0x14200 bored sosplice 67929 482997 18909 0 2 0x2 syz-executor.4 25735 432599 18909 0 2 0x2 syz-executor.0 53949 423886 18909 0 2 0x482 syz-executor.7 98701 326577 18909 0 2 0x2 syz-executor.2 18909 141396 39909 0 3 0x2000082 thrsleep syz-fuzzer 18909 275269 39909 0 2 0x6000482 syz-fuzzer 18909 169958 39909 0 2 0x6000002 syz-fuzzer 18909 166652 39909 0 3 0x6000082 wait syz-fuzzer 18909 328326 39909 0 3 0x6000082 wait syz-fuzzer 18909 23659 39909 0 3 0x6000082 thrsleep syz-fuzzer 18909 264216 39909 0 3 0x6000082 thrsleep syz-fuzzer 18909 185325 39909 0 3 0x6000082 wait syz-fuzzer 18909 180589 39909 0 3 0x6000082 thrsleep syz-fuzzer 18909 354030 39909 0 3 0x6000082 wait syz-fuzzer 18909 219294 39909 0 3 0x6000082 wait syz-fuzzer 18909 211755 39909 0 3 0x6000082 thrsleep syz-fuzzer 18909 412662 39909 0 3 0x6000082 wait syz-fuzzer 18909 182905 39909 0 3 0x6000082 wait syz-fuzzer 18909 431757 39909 0 3 0x6000082 wait syz-fuzzer 18909 109496 39909 0 3 0x6000082 kqread syz-fuzzer 39909 392883 75837 0 3 0x10008a sigsusp ksh 75837 521535 72224 0 3 0x9a kqread sshd 72224 27719 1 0 3 0x88 kqread sshd 1996 126326 27035 74 3 0x1100092 bpf pflogd 27035 429654 1 0 3 0x80 netio pflogd 48361 295442 74030 73 3 0x1100090 kqread syslogd 74030 249836 1 0 3 0x100082 netio syslogd 10621 440831 1 0 3 0x100080 kqread resolvd 51123 282740 25124 77 3 0x100092 kqread dhcpleased 67849 455495 25124 77 3 0x100092 kqread dhcpleased 25124 26740 1 0 3 0x80 kqread dhcpleased 88917 353508 0 0 3 0x14200 bored smr 90471 68146 0 0 2 0x14200 zerothread 17651 51891 0 0 3 0x14200 aiodoned aiodoned 43799 240779 0 0 3 0x14200 syncer update 44624 200542 0 0 3 0x14200 cleaner cleaner 50687 250442 0 0 3 0x14200 reaper reaper 20809 372016 0 0 3 0x14200 pgdaemon pagedaemon 89130 3882 0 0 3 0x14200 bored viomb 33315 480929 0 0 3 0x40014200 acpi0 acpi0 69551 33203 0 0 3 0x40014200 idle1 69959 180495 0 0 3 0x14200 bored softnet3 60559 210551 0 0 3 0x14200 bored softnet2 74895 356575 0 0 3 0x14200 bored softnet1 43739 23757 0 0 3 0x14200 bored softnet0 *52284 227372 0 0 7 0x14200 systqmp 90831 359858 0 0 3 0x14200 bored systq 42732 425254 0 0 3 0x14200 tmoslp softclockmp 19937 369776 0 0 7 0x40014200 softclock 39086 67128 0 0 3 0x40014200 idle0 1 289902 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 52284 (systqmp) thread 0xffff80002a0fb2a8 (227372) shared rwlock pfstates r = 0 (0xffffffff82cfb400) #0 witness_lock+0x447 #1 pf_purge_expired_states+0x88 sys/net/pf.c:1924 #2 pf_purge_states+0x3e sys/net/pf.c:1642 #3 taskq_thread+0xe5 sys/kern/kern_task.c:450 #4 proc_trampoline+0x10 shared rwlock systqmp r = 0 (0xffffffff82cdf430) #0 witness_lock+0x447 #1 taskq_thread+0xca sys/kern/kern_task.c:446 #2 proc_trampoline+0x10 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10203 6634K 15023K 166960K 42168 0 pcb 15 13K 14K 166960K 282 0 rtable 219 6K 8K 166960K 1931 0 pf 30 9K 10K 166960K 100 0 ifaddr 39 14K 15K 166960K 134 0 ifgroup 51 2K 2K 166960K 154 0 sysctl 3 0K 0K 166960K 9 0 counters 62 36K 36K 166960K 114 0 ioctlops 0 0K 4K 166960K 3574 0 iov 0 0K 32K 166960K 513 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1414 88K 88K 166960K 11119 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 82 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 803 0 dirhash 12 2K 2K 166960K 24 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 16 57K 93K 166960K 17237 0 sigio 1 0K 0K 166960K 329 0 proc 70 91K 140K 166960K 1278 0 subproc 104 6K 6K 166960K 299 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 477 0 in_multi 83 6K 7K 166960K 423 0 ether_multi 1 0K 0K 166960K 2 0 mrt 1 0K 0K 166960K 2 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 85 387K 387K 166960K 85 0 exec 0 0K 1K 166960K 984 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 421 121K 121K 166960K 160724 0 UVM aobj 131 4K 4K 166960K 131 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 1253 0 NDP 13 0K 1K 166960K 89 0 temp 75 6772K 6852K 166960K 55083 0 kqueue 12 18K 27K 166960K 3055 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 297 0 294 1 0 1 1 0 8 0 rtentry 112 588 0 487 6 2 4 4 0 8 0 unpcb 144 7787 0 7772 46 45 1 6 0 8 0 syncache 336 51 0 51 7 7 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 298 0 298 6 6 0 1 0 8 0 tcpcb 808 3073 0 3068 49 41 8 9 0 8 7 arp 120 110 0 98 1 0 1 1 0 8 0 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 3 0 3 1 1 0 1 0 8 0 inpcb 392 7537 0 7529 105 94 11 14 0 8 10 nd6 136 97 0 67 2 0 2 2 0 8 0 pkpcb 40 13 0 13 4 4 0 1 0 8 0 kcovpl 48 23 0 15 1 0 1 1 0 8 0 ppxss 1168 4 0 4 2 2 0 1 0 8 0 pffrag 232 30 0 30 4 4 0 1 0 482 0 pffrnode 88 30 0 30 4 4 0 1 0 8 0 pffrent 40 108 0 108 4 4 0 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 472 0 358 1 0 1 1 0 8 0 pfstkey 128 472 0 358 6 1 5 5 0 8 0 pfstate 376 472 0 358 24 12 12 14 0 8 0 pfstate: pool(0xffffffff82e1bce0:pfstate): page inconsistency: page 0x0; at page head addr 0xfffffd80639eef90 (p 0xfffffd80639ee000) pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1935 0 1486 56 23 33 35 0 8 4 art_table 32 1936 0 1486 7 2 5 5 0 8 0 art_node 16 547 0 454 1 0 1 1 0 8 0 sysvmsgpl 40 15 0 0 1 0 1 1 0 8 0 semapl 112 801 0 791 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 25 0 8 3 0 3 3 0 8 0 dino2pl 256 21680 0 20220 92 0 92 92 0 8 0 ffsino 272 21680 0 20220 98 0 98 98 0 8 0 nchpl 144 43446 0 41793 64 1 63 64 0 8 0 uvmvnodes 80 8206 0 0 168 0 168 168 0 8 0 vnodes 216 8206 0 0 456 0 456 456 0 8 0 namei 1024 126323 0 126323 8 7 1 2 0 8 1 percpumem 16 71 0 26 1 0 1 1 0 8 0 vcpupl 2048 8 0 1 1 0 1 1 0 8 0 vmpool 696 12 0 5 1 0 1 1 0 8 0 kstatmem 264 74 0 52 3 1 2 2 0 8 0 scxspl 216 127106 0 127106 22 21 1 8 1 8 1 plimitpl 152 248 0 232 1 0 1 1 0 8 0 sigapl 424 17549 0 17481 15 7 8 9 0 8 0 futexpl 64 104888 0 104886 6 5 1 1 0 8 0 knotepl 120 413 0 0 11 0 11 11 0 8 0 kqueuepl 216 5586 0 5578 55 54 1 8 0 8 0 pipepl 320 2615 0 2586 61 58 3 8 0 8 0 fdescpl 496 17509 0 17480 10 6 4 5 0 8 0 filepl 152 82238 0 81993 76 61 15 19 0 8 4 lockfpl 104 2780 0 2778 5 4 1 2 0 8 0 lockfspl 48 1112 0 1110 1 0 1 1 0 8 0 sessionpl 144 40 0 23 1 0 1 1 0 8 0 pgrppl 48 217 0 200 1 0 1 1 0 8 0 ucredpl 104 4710 0 4697 1 0 1 1 0 8 0 zombiepl 144 17481 0 17481 1 0 1 1 0 8 1 processpl 1136 17549 0 17481 7 1 6 6 0 8 0 procpl 680 42839 0 42750 14 5 9 9 0 8 0 srpgc 96 12 0 12 5 4 1 1 0 8 1 sosppl 168 47 0 47 5 5 0 1 0 8 0 sockpl 584 15738 0 15712 107 97 10 13 0 8 8 mcl64k 65536 23 0 0 3 1 2 3 0 8 0 mcl16k 16384 13 0 0 2 0 2 2 0 8 0 mcl12k 12288 24 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 27 0 0 4 1 3 3 0 8 0 mcl4k 4096 33 0 0 4 1 3 3 0 8 0 mcl2k2 2112 10 0 0 1 0 1 1 0 8 0 mcl2k 2048 671 0 0 48 17 31 36 0 8 0 mtagpl 96 1264 0 0 27 0 27 27 0 8 0 mbufpl 256 1771 0 0 84 0 84 84 0 8 0 bufpl 280 28646 0 20441 587 0 587 587 0 8 0 anonpl 24 1485489 0 1476178 201 128 73 167 0 186 0 amapchunkpl 152 507209 0 506454 81 47 34 77 0 158 0 amappl16 200 25949 0 25720 78 65 13 25 0 8 0 amappl15 192 41 0 40 1 0 1 1 0 8 0 amappl14 184 211 0 195 2 1 1 2 0 8 0 amappl13 176 16 0 16 1 1 0 1 0 8 0 amappl12 168 18409 0 18374 3 1 2 2 0 8 0 amappl11 160 84 0 69 1 0 1 1 0 8 0 amappl10 152 72 0 58 2 1 1 1 0 8 0 amappl9 144 248 0 246 1 0 1 1 0 8 0 amappl8 136 881 0 706 8 1 7 7 0 8 0 amappl7 128 257 0 232 2 0 2 2 0 8 0 amappl6 120 531 0 515 1 0 1 1 0 8 0 amappl5 112 307 0 296 1 0 1 1 0 8 0 amappl4 104 699 0 663 2 0 2 2 0 8 0 amappl3 96 100493 0 100402 5 2 3 3 0 8 0 amappl2 88 18374 0 18292 3 1 2 3 0 8 0 amappl1 80 69254 0 68700 23 10 13 23 0 8 0 amappl 88 159808 0 159586 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 17521 0 17485 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 17521 0 17485 1 0 1 1 0 8 0 vmmpekpl 168 119993 0 119939 4 0 4 4 0 8 0 vmmpepl 168 987172 0 984903 247 132 115 120 0 357 9 vmsppl 448 17520 0 17485 11 6 5 5 0 8 0 rwobjpl 56 228226 0 218460 151 12 139 140 0 8 0 pdppl 4096 35049 0 34977 421 345 76 83 0 8 4 pvpl 32 52086 0 0 420 0 420 420 0 265 0 pmappl 248 17520 0 17485 5 2 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1018 0 555 14 0 14 14 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffffffff82d41ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82e73e38) at __mp_lock+0xe7 sys/kern/kern_lock.c:147 __mp_acquire_count(ffffffff82e73e38,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227 msleep(ffffffff82dcc1c0,ffffffff82ccac80,0,ffffffff82880535,0) at msleep+0x164 softclock_thread(ffff80002a0fbff0) at softclock_thread+0xd0 sys/kern/kern_timeout.c:810 end trace frame: 0x0, count: 8 ddb{0}> trace x86_ipi_db(ffffffff82d41ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82e73e38) at __mp_lock+0xe7 sys/kern/kern_lock.c:147 __mp_acquire_count(ffffffff82e73e38,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227 msleep(ffffffff82dcc1c0,ffffffff82ccac80,0,ffffffff82880535,0) at msleep+0x164 softclock_thread(ffff80002a0fbff0) at softclock_thread+0xd0 sys/kern/kern_timeout.c:810 end trace frame: 0x0, count: -7 ddb{0}> machine ddbcpu 1 Stopped at pf_purge_expired_states+0x187: movl 0x444(%r14,%rbx,4),%r15d pf_purge_expired_states(40,40) at pf_purge_expired_states+0x187 pf_state_expires sys/net/pf.c:1716 [inline] pf_purge_expired_states(40,40) at pf_purge_expired_states+0x187 sys/net/pf.c:1946 pf_purge_states(0) at pf_purge_states+0x3e sys/net/pf.c:1642 taskq_thread(ffffffff82cdf3c0) at taskq_thread+0xe5 sys/kern/kern_task.c:450 end trace frame: 0x0, count: 12 ddb{1}> trace pf_purge_expired_states(40,40) at pf_purge_expired_states+0x187 pf_state_expires sys/net/pf.c:1716 [inline] pf_purge_expired_states(40,40) at pf_purge_expired_states+0x187 sys/net/pf.c:1946 pf_purge_states(0) at pf_purge_states+0x3e sys/net/pf.c:1642 taskq_thread(ffffffff82cdf3c0) at taskq_thread+0xe5 sys/kern/kern_task.c:450 end trace frame: 0x0, count: -3