uvm_fault(0xffffffff827961d8, 0xfffffd0000000018, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at tun_dev_read+0x138: movl 0x18(%rbx),%r12d
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
kernel page fault
uvm_fault(0xffffffff827961d8, 0xfffffd0000000018, 0, 1) -> e
tun_dev_read(5d01,ffff800022fa99e8,10) at tun_dev_read+0x138 sys/net/if_tun.c:790
end trace frame: 0xffff800022fa9820, count: 0
ddb{1}> trace
tun_dev_read(5d01,ffff800022fa99e8,10) at tun_dev_read+0x138 sys/net/if_tun.c:790
spec_read(ffff800022fa9830) at spec_read+0xf1 sys/kern/spec_vnops.c:222
VOP_READ(fffffd807a97f008,ffff800022fa99e8,10,fffffd807f7bf900) at VOP_READ+0xbf sys/kern/vfs_vops.c:247
vn_read(fffffd80687c5d28,ffff800022fa99e8,0) at vn_read+0x124 sys/kern/vfs_vnops.c:375
dofilereadv(ffff800020e47878,f0,ffff800022fa99e8,0,ffff800022fa9ad0) at dofilereadv+0x1a1 sys/kern/sys_generic.c:237
sys_read(ffff800020e47878,ffff800022fa9a80,ffff800022fa9ad0) at sys_read+0x83 sys/kern/sys_generic.c:157
syscall(ffff800022fa9b50) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800022fa9b50) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xef758edb880, count: -8
ddb{1}> show registers
rdi 0
rsi 0x3da
rbp 0xffff800022fa9770
rbx 0xfffffd0000000000
rdx 0x153
rcx 0xffff800000aa1400
rax 0xffffffff817a1563 tun_dev_read+0x133
r8 0x7f7fffffc000
r9 0x5
r10 0xf851a96e8a796e
r11 0x19ef8828004488e1
r12 0
r13 0x3da
r14 0xffff800000af3660
r15 0xffff800022fa99e8
rip 0xffffffff817a1568 tun_dev_read+0x138
cs 0x8
rflags 0x10202 __ALIGN_SIZE+0xf202
rsp 0xffff800022fa9710
ss 0x10
tun_dev_read+0x138: movl 0x18(%rbx),%r12d
ddb{1}> show proc
PROC (syz-executor.1) pid=523394 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020ddc4e8,0xffffffff828ea9e0
process=0xffff800020dfcba8 user=0xffff800022fa4000, vmspace=0xfffffd8064d9de70
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
2106 73471 72080 0 2 0 syz-executor.1
* 2106 523394 72080 0 7 0x4000000 syz-executor.1
48870 469517 1555 0 3 0x82 piperd syz-executor.0
4962 383954 0 0 3 0x14200 acct acct
79501 380018 0 0 3 0x14280 nfsidl nfsio
128 395677 0 0 3 0x14280 nfsidl nfsio
48395 340 0 0 3 0x14280 nfsidl nfsio
4063 165236 0 0 3 0x14280 nfsidl nfsio
25932 19622 0 0 3 0x14280 nfsidl nfsio
88737 389238 0 0 3 0x14280 nfsidl nfsio
90982 93462 0 0 3 0x14280 nfsidl nfsio
78797 237006 0 0 3 0x14280 nfsidl nfsio
1815 382317 0 0 3 0x14280 nfsidl nfsio
30139 418746 0 0 3 0x14280 nfsidl nfsio
63023 400999 0 0 3 0x14280 nfsidl nfsio
52787 445532 0 0 3 0x14280 nfsidl nfsio
51931 433712 0 0 3 0x14280 nfsidl nfsio
95296 219164 0 0 3 0x14280 nfsidl nfsio
7195 326137 0 0 3 0x14280 nfsidl nfsio
57919 418385 0 0 3 0x14280 nfsidl nfsio
72010 140792 0 0 3 0x14280 nfsidl nfsio
29196 411247 0 0 3 0x14280 nfsidl nfsio
4310 125048 0 0 3 0x14280 nfsidl nfsio
98416 105960 0 0 3 0x14280 nfsidl nfsio
9367 380645 0 0 3 0x14200 bored sosplice
72080 188652 1555 0 3 0x82 nanosleep syz-executor.1
1555 473594 76661 0 3 0x82 thrsleep syz-fuzzer
1555 449265 76661 0 3 0x4000082 nanosleep syz-fuzzer
1555 1095 76661 0 3 0x4000082 thrsleep syz-fuzzer
1555 333642 76661 0 3 0x4000082 thrsleep syz-fuzzer
1555 469264 76661 0 7 0x4000002 syz-fuzzer
1555 376327 76661 0 3 0x4000082 kqread syz-fuzzer
1555 25594 76661 0 3 0x4000082 thrsleep syz-fuzzer
1555 442596 76661 0 3 0x4000082 thrsleep syz-fuzzer
1555 438901 76661 0 3 0x4000082 thrsleep syz-fuzzer
1555 229183 76661 0 3 0x4000082 thrsleep syz-fuzzer
76661 512530 96639 0 3 0x10008a pause ksh
96639 146269 13020 0 3 0x92 select sshd
79927 379971 1 0 3 0x100083 ttyin getty
13020 236655 1 0 3 0x80 select sshd
2897 419638 99784 74 3 0x100092 bpf pflogd
99784 364710 1 0 3 0x80 netio pflogd
29944 439535 84105 73 3 0x100090 kqread syslogd
84105 361697 1 0 3 0x100082 netio syslogd
52248 412594 1 77 3 0x100090 poll dhclient
63308 15434 1 0 3 0x80 poll dhclient
23408 440726 0 0 3 0x14200 bored smr
89697 62754 0 0 2 0x14200 zerothread
79565 78160 0 0 3 0x14200 aiodoned aiodoned
5246 469129 0 0 3 0x14200 syncer update
76524 294458 0 0 3 0x14200 cleaner cleaner
78494 310242 0 0 3 0x14200 reaper reaper
22138 24962 0 0 3 0x14200 pgdaemon pagedaemon
69424 442004 0 0 3 0x14200 bored crynlk
7125 76942 0 0 3 0x14200 bored crypto
85161 227343 0 0 3 0x40014200 acpi0 acpi0
2705 72159 0 0 3 0x40014200 idle1
34155 284831 0 0 3 0x14200 bored softnet
27813 475864 0 0 3 0x14200 bored systqmp
51958 330274 0 0 3 0x14200 bored systq
85896 244692 0 0 3 0x40014200 bored softclock
95185 81751 0 0 3 0x40014200 idle0
1 520774 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 2106 (syz-executor.1) thread 0xffff800020e47878 (523394)
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff8290bf70)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 vn_read+0x45 sys/kern/vfs_vnops.c:357
#2 dofilereadv+0x1a1 sys/kern/sys_generic.c:237
#3 sys_read+0x83 sys/kern/sys_generic.c:157
#4 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#4 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#5 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9543 6437K 7342K 78643K 16172 0
pcb 13 8K 8K 78643K 173 0
rtable 117 4K 6K 78643K 687 0
ifaddr 106 21K 22K 78643K 317 0
sysctl 2 0K 0K 78643K 2 0
counters 43 33K 34K 78643K 91 0
ioctlops 0 0K 4K 78643K 1942 0
iov 0 0K 16K 78643K 122 0
mount 1 1K 1K 78643K 1 0
vnodes 1240 78K 78K 78643K 2744 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 16 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 245 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1824 197K 290K 78643K 13058 0
file desc 5 13K 25K 78643K 1480 0
sigio 0 0K 0K 78643K 73 0
proc 63 63K 95K 78643K 675 0
subproc 32 2K 2K 78643K 102 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 86 0
in_multi 109 5K 5K 78643K 230 0
ether_multi 1 0K 0K 78643K 27 0
mrt 0 0K 0K 78643K 4 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 55 254K 254K 78643K 55 0
exec 0 0K 1K 78643K 326 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 146 104K 106K 78643K 5698 0
UVM aobj 37 4K 4K 78643K 41 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 140 0
NDP 15 0K 0K 78643K 53 0
temp 147 3863K 3929K 78643K 18912 0
kqueue 3 4K 9K 78643K 45 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 19 0 12 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 65 0 63 1 0 1 1 0 8 0
rtentry 112 103 0 55 2 0 2 2 0 8 0
unpcb 120 421 0 411 1 0 1 1 0 8 0
syncache 264 10 0 10 4 4 0 1 0 8 0
sackhl 24 1 0 1 1 1 0 1 0 8 0
tcpqe 32 1 0 1 1 1 0 1 0 8 0
tcpcb 544 302 0 298 1 0 1 1 0 8 0
inpcb 280 1285 0 1278 3 2 1 2 0 8 0
nd6 48 21 0 13 1 0 1 1 0 8 0
pkpcb 40 3 0 3 2 2 0 1 0 8 0
pffrag 232 7 0 5 2 1 1 1 0 482 0
pffrnode 88 7 0 5 2 1 1 1 0 8 0
pffrent 40 15 0 13 2 1 1 1 0 8 0
pfosfp 40 846 0 846 5 5 0 5 0 8 0
pfosfpen 112 1428 0 1428 21 21 0 21 0 8 0
pfrktable 1344 57 0 56 3 2 1 1 0 8 0
pftag 88 4 0 4 1 1 0 1 0 8 0
pfstitem 24 107 0 60 1 0 1 1 0 8 0
pfstkey 112 107 0 60 2 0 2 2 0 8 0
pfstate 328 107 0 60 5 0 5 5 0 8 0
pfrule 1360 35 0 28 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 466 0 222 17 1 16 16 0 8 0
art_table 32 467 0 222 3 0 3 3 0 8 0
art_node 16 102 0 58 1 0 1 1 0 8 0
sysvmsgpl 40 53 0 22 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 239 0 229 1 0 1 1 0 8 0
shmpl 112 39 0 4 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 3260 0 1856 89 0 89 89 0 8 0
ffsino 272 3260 0 1856 95 0 95 95 0 8 0
nchpl 144 5823 0 4224 60 0 60 60 0 8 0
uvmvnodes 72 4647 0 0 85 0 85 85 0 8 0
vnodes 208 4647 0 0 245 0 245 245 0 8 0
namei 1024 17886 0 17886 2 1 1 1 0 8 1
percpumem 16 56 0 24 1 0 1 1 0 8 0
vcpupl 1984 11 0 2 2 0 2 2 0 8 0
vmpool 560 15 0 6 1 0 1 1 0 8 0
pfiaddrpl 120 14 0 14 4 4 0 1 0 8 0
scsiplug 64 5 0 5 3 2 1 1 0 8 1
scxspl 192 15728 0 15728 14 13 1 7 0 8 1
plimitpl 152 86 0 78 1 0 1 1 0 8 0
sigapl 424 1705 0 1652 8 2 6 7 0 8 0
futexpl 56 20490 0 20490 2 1 1 1 0 8 1
knotepl 112 166 0 147 1 0 1 1 0 8 0
kqueuepl 144 119 0 117 1 0 1 1 0 8 0
pipelkpl 48 258 0 248 1 0 1 1 0 8 0
pipepl 120 516 0 497 1 0 1 1 0 8 0
fdescpl 496 1668 0 1652 3 0 3 3 0 8 0
filepl 152 9790 0 9690 5 0 5 5 0 8 1
lockfpl 104 312 0 311 1 0 1 1 0 8 0
lockfspl 48 96 0 95 1 0 1 1 0 8 0
sessionpl 112 22 0 11 1 0 1 1 0 8 0
pgrppl 48 28 0 17 1 0 1 1 0 8 0
ucredpl 96 1242 0 1233 1 0 1 1 0 8 0
zombiepl 144 1652 0 1652 1 0 1 1 0 8 1
processpl 984 1705 0 1652 7 0 7 7 0 8 0
procpl 624 4704 0 4641 7 1 6 6 0 8 1
srpgc 64 2 0 2 1 1 0 1 0 8 0
sosppl 128 16 0 16 3 3 0 1 0 8 0
sockpl 400 1776 0 1757 6 3 3 4 0 8 1
mcl64k 65536 14 0 0 2 0 2 2 0 8 0
mcl16k 16384 4 0 0 1 0 1 1 0 8 0
mcl12k 12288 17 0 0 2 0 2 2 0 8 0
mcl9k 9216 7 0 0 1 0 1 1 0 8 0
mcl8k 8192 16 0 0 2 0 2 2 0 8 0
mcl4k 4096 13 0 0 2 0 2 2 0 8 0
mcl2k2 2112 2 0 0 1 0 1 1 0 8 0
mcl2k 2048 163 0 0 20 1 19 20 0 8 0
mtagpl 80 370 0 0 8 0 8 8 0 8 0
mbufpl 256 867 0 0 52 0 52 52 0 8 0
bufpl 280 5816 0 134 406 0 406 406 0 8 0
anonpl 16 166707 0 151237 86 20 66 80 0 124 0
amapchunkpl 152 9810 0 9678 27 21 6 19 0 158 0
amappl16 192 7713 0 6862 75 32 43 55 0 8 0
amappl15 184 223 0 221 1 0 1 1 0 8 0
amappl14 176 27 0 21 1 0 1 1 0 8 0
amappl13 168 56 0 53 1 0 1 1 0 8 0
amappl12 160 92 0 88 1 0 1 1 0 8 0
amappl11 152 283 0 267 1 0 1 1 0 8 0
amappl10 144 61 0 57 1 0 1 1 0 8 0
amappl9 136 1432 0 1429 1 0 1 1 0 8 0
amappl8 128 1524 0 1481 2 0 2 2 0 8 0
amappl7 120 190 0 177 1 0 1 1 0 8 0
amappl6 112 134 0 125 1 0 1 1 0 8 0
amappl5 104 1585 0 1569 1 0 1 1 0 8 0
amappl4 96 673 0 640 1 0 1 1 0 8 0
amappl3 88 321 0 313 1 0 1 1 0 8 0
amappl2 80 12365 0 12291 2 0 2 2 0 8 0
amappl1 72 44051 0 43603 23 13 10 18 0 8 0
amappl 80 5024 0 4976 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 40 0 4 1 0 1 1 0 8 0
uaddrrnd 24 1683 0 1658 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1683 0 1658 1 0 1 1 0 8 0
vmmpekpl 168 15916 0 15876 2 0 2 2 0 8 0
vmmpepl 168 208512 0 206456 173 63 110 123 0 357 15
vmsppl 368 1682 0 1658 3 0 3 3 0 8 0
pdppl 4096 3373 0 3325 8 1 7 7 0 8 0
pvpl 32 467132 0 448397 205 32 173 193 0 265 16
pmappl 232 1682 0 1658 3 1 2 2 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 315 0 11 9 0 9 9 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{0}> trace
x86_ipi_db(ffffffff82718ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352
x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff8290bd68) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff8290bd68) at __mp_lock+0x127 sys/kern/kern_lock.c:147
softintr_dispatch(0) at softintr_dispatch+0x4e sys/arch/amd64/amd64/softintr.c:89
Xsoftclock() at Xsoftclock+0x1f
end of kernel
end trace frame: 0xc0003accd0, count: -6
ddb{0}> machine ddbcpu 1
Stopped at tun_dev_read+0x138: movl 0x18(%rbx),%r12d
ddb{1}> trace
tun_dev_read(5d01,ffff800022fa99e8,10) at tun_dev_read+0x138 sys/net/if_tun.c:790
spec_read(ffff800022fa9830) at spec_read+0xf1 sys/kern/spec_vnops.c:222
VOP_READ(fffffd807a97f008,ffff800022fa99e8,10,fffffd807f7bf900) at VOP_READ+0xbf sys/kern/vfs_vops.c:247
vn_read(fffffd80687c5d28,ffff800022fa99e8,0) at vn_read+0x124 sys/kern/vfs_vnops.c:375
dofilereadv(ffff800020e47878,f0,ffff800022fa99e8,0,ffff800022fa9ad0) at dofilereadv+0x1a1 sys/kern/sys_generic.c:237
sys_read(ffff800020e47878,ffff800022fa9a80,ffff800022fa9ad0) at sys_read+0x83 sys/kern/sys_generic.c:157
syscall(ffff800022fa9b50) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800022fa9b50) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xef758edb880, count: -8