uvm_fault(0xfffffd806bc0acc0, 0x4, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pfi_address_add+0x1eb: movl 0x4(%rax),%eax ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd806bc0acc0, 0x4, 0, 1) -> e pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 end trace frame: 0xffff80001e7a1210, count: 0 ddb> trace pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 pfi_instance_add(ffff800000ac6000,0,c3) at pfi_instance_add+0x5e5 pfi_table_update(ffff800000af4550,ffff800000ad8200,0,c3) at pfi_table_update+0x174 pfi_kif_update(ffff800000ad8200) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline] pfi_kif_update(ffff800000ad8200) at pfi_kif_update+0xba sys/net/pf_if.c:442 pfi_dynaddr_setup(ffff800000adb338,0) at pfi_dynaddr_setup+0x3fa sys/net/pf_if.c:420 pfioctl(4900,cd604404,ffff800000acd000,3,ffff80001d6a99c8) at pfioctl+0x51b2 pf_addr_setup sys/net/pf_ioctl.c:893 [inline] pfioctl(4900,cd604404,ffff800000acd000,3,ffff80001d6a99c8) at pfioctl+0x51b2 sys/net/pf_ioctl.c:1265 VOP_IOCTL(fffffd806351c680,cd604404,ffff800000acd000,3,fffffd806c3bfae0,ffff80001d6a99c8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd8057362628,cd604404,ffff800000acd000,ffff80001d6a99c8) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80001d6a99c8,ffff80001e7a17b8,ffff80001e7a1800) at sys_ioctl+0x4a1 syscall(ffff80001e7a1880) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4c36b17da20, count: -11 ddb> show registers rdi 0xffffffff81c3a8b7 pfi_address_add+0x1e7 rsi 0xc5a rbp 0xffff80001e7a1170 rbx 0 rdx 0xc5b rcx 0xffff80001d79c000 rax 0 r8 0xffffffff81c3a171 pfi_instance_add+0xf1 r9 0x1 r10 0x2 r11 0x14bc8fb8f34b307b r12 0x34 r13 0x2 r14 0xffff800000654034 r15 0 rip 0xffffffff81c3a8bb pfi_address_add+0x1eb cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80001e7a1100 ss 0x10 pfi_address_add+0x1eb: movl 0x4(%rax),%eax ddb> show proc PROC (syz-executor.1) pid=282612 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=75, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6aa868,0xffffffff82837f10 process=0xffff80001d6c5970 user=0xffff80001e79c000, vmspace=0xfffffd806bc0acc0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 80437 437658 78874 0 2 0 syz-executor.1 *80437 282612 78874 0 7 0x4000000 syz-executor.1 9119 237012 57279 0 3 0x82 piperd syz-executor.0 78874 206131 57279 0 3 0x82 nanosleep syz-executor.1 57279 181882 49742 0 3 0x82 thrsleep syz-fuzzer 57279 228737 49742 0 3 0x4000082 nanosleep syz-fuzzer 57279 277038 49742 0 3 0x4000082 thrsleep syz-fuzzer 57279 276753 49742 0 3 0x4000082 thrsleep syz-fuzzer 57279 18077 49742 0 3 0x4000082 thrsleep syz-fuzzer 57279 195975 49742 0 2 0x4000002 syz-fuzzer 57279 507769 49742 0 3 0x4000082 thrsleep syz-fuzzer 57279 257968 49742 0 3 0x4000082 thrsleep syz-fuzzer 49742 239846 36558 0 3 0x10008a pause ksh 36558 509971 90971 0 3 0x92 select sshd 34380 430829 1 0 3 0x100083 ttyin getty 90971 94412 1 0 3 0x80 select sshd 739 336608 36379 73 3 0x100090 kqread syslogd 36379 144919 1 0 3 0x100082 netio syslogd 41945 470134 1 77 3 0x100090 poll dhclient 75417 483599 1 0 3 0x80 poll dhclient 58285 221874 0 0 3 0x14200 bored smr 39435 427910 0 0 2 0x14200 zerothread 71271 176307 0 0 3 0x14200 aiodoned aiodoned 74651 479767 0 0 3 0x14200 syncer update 6190 214014 0 0 3 0x14200 cleaner cleaner 41642 382866 0 0 3 0x14200 reaper reaper 59871 94193 0 0 3 0x14200 pgdaemon pagedaemon 70384 486341 0 0 3 0x14200 bored crynlk 82606 402335 0 0 3 0x14200 bored crypto 43523 146871 0 0 3 0x40014200 acpi0 acpi0 13190 174554 0 0 3 0x14200 bored softnet 31263 88879 0 0 3 0x14200 bored systqmp 83144 484238 0 0 3 0x14200 bored systq 88427 433217 0 0 3 0x40014200 bored softclock 3433 208638 0 0 3 0x40014200 idle0 1 408112 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9484 6351K 6728K 78643K 11004 0 pcb 13 8K 8K 78643K 71 0 rtable 104 7K 8K 78643K 409 0 ifaddr 66 14K 15K 78643K 136 0 counters 21 16K 17K 78643K 26 0 ioctlops 1 4K 4K 78643K 76 0 iov 0 0K 12K 78643K 29 0 mount 1 1K 1K 78643K 1 0 vnodes 1227 77K 77K 78643K 1356 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 6 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 44 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 292 0 sigio 0 0K 0K 78643K 8 0 proc 50 38K 63K 78643K 377 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 12 0 in_multi 42 2K 2K 78643K 87 0 ether_multi 1 0K 0K 78643K 6 0 mrt 0 0K 0K 78643K 2 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 199 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 134 23K 43K 78643K 1547 0 UVM aobj 10 2K 2K 78643K 11 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 31 0 NDP 9 0K 0K 78643K 19 0 temp 96 3859K 3923K 78643K 19111 0 kqueue 3 4K 8K 78643K 10 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 2 1 0 1 1 0 8 0 rtpcb 80 29 0 27 1 0 1 1 0 8 0 rtentry 112 62 0 29 2 0 2 2 0 8 0 unpcb 120 101 0 93 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 136 0 136 1 1 0 1 0 8 0 tcpcb 544 108 0 104 2 0 2 2 0 8 1 ipq 40 2 0 2 1 1 0 1 0 8 0 ipqe 40 8 0 8 1 1 0 1 0 8 0 inpcb 296 640 0 632 3 1 2 2 0 8 1 rttmr 72 1 0 1 1 1 0 1 0 8 0 nd6 48 10 0 5 1 0 1 1 0 8 0 ppxss 1136 1 0 1 1 1 0 1 0 8 0 pfstscr 40 4 0 3 1 0 1 1 0 8 0 pfrke_plain 160 2 0 0 1 0 1 1 0 8 0 pfrktable 1344 62 0 54 3 2 1 1 0 8 0 pftag 88 15 0 12 3 2 1 1 0 8 0 pfstitem 24 6 0 4 1 0 1 1 0 8 0 pfstkey 112 8 0 6 1 0 1 1 0 8 0 pfstate 328 4 0 3 1 0 1 1 0 8 0 pfrule 1360 20 0 10 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 323 0 137 13 1 12 12 0 8 0 art_table 32 324 0 137 2 0 2 2 0 8 0 art_node 16 61 0 31 1 0 1 1 0 8 0 sysvmsgpl 40 20 0 10 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 40 0 30 1 0 1 1 0 8 0 shmpl 112 8 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1831 0 432 88 0 88 88 0 8 0 ffsino 240 1831 0 432 83 0 83 83 0 8 0 nchpl 144 2491 0 898 60 0 60 60 0 8 0 rtmask 32 2 0 1 1 0 1 1 0 8 0 uvmvnodes 72 1975 0 0 36 0 36 36 0 8 0 vnodes 208 1975 0 0 104 0 104 104 0 8 0 namei 1024 6524 0 6524 2 1 1 1 0 8 1 vmpool 528 3 0 3 2 2 0 1 0 8 0 pfiaddrpl 120 19 0 14 3 2 1 1 0 8 0 scxspl 192 7194 0 7194 1 0 1 1 0 8 1 plimitpl 152 41 0 34 1 0 1 1 0 8 0 sigapl 424 478 0 450 4 0 4 4 0 8 0 futexpl 56 5961 0 5961 2 1 1 1 0 8 1 knotepl 112 72 0 53 1 0 1 1 0 8 0 kqueuepl 144 28 0 25 1 0 1 1 0 8 0 pipepl 272 102 0 92 1 0 1 1 0 8 0 fdescpl 432 464 0 450 2 0 2 2 0 8 0 filepl 120 2963 0 2867 4 0 4 4 0 8 1 lockfpl 104 584 0 583 1 0 1 1 0 8 0 lockfspl 48 99 0 98 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 266 0 259 1 0 1 1 0 8 0 zombiepl 144 450 0 450 1 0 1 1 0 8 1 processpl 928 478 0 450 4 0 4 4 0 8 0 procpl 624 807 0 771 7 3 4 4 0 8 1 sockpl 400 772 0 755 6 2 4 4 0 8 2 mcl64k 65536 268 0 268 34 21 13 32 0 8 13 mcl16k 16384 2 0 2 2 2 0 1 0 8 0 mcl12k 12288 11 0 11 4 3 1 1 0 8 1 mcl9k 9216 5 0 5 3 3 0 1 0 8 0 mcl8k 8192 17 0 17 5 4 1 1 0 8 1 mcl4k 4096 27 0 26 6 5 1 1 0 8 0 mcl2k2 2112 5 0 5 3 3 0 1 0 8 0 mcl2k 2048 93390 0 93339 18 11 7 14 0 8 0 mtagpl 96 40 0 2 2 1 1 1 0 8 0 mbufpl 256 149860 0 149653 29 15 14 28 0 8 0 bufpl 280 3899 0 126 270 0 270 270 0 8 0 anonpl 16 65011 0 47553 87 13 74 84 0 107 3 amapchunkpl 152 2217 0 2078 20 14 6 20 0 158 0 amappl16 192 2422 0 1444 62 13 49 61 0 8 0 amappl15 184 79 0 77 1 0 1 1 0 8 0 amappl14 176 26 0 21 1 0 1 1 0 8 0 amappl13 168 27 0 24 1 0 1 1 0 8 0 amappl12 160 18 0 17 2 1 1 1 0 8 0 amappl11 152 230 0 219 1 0 1 1 0 8 0 amappl10 144 92 0 86 1 0 1 1 0 8 0 amappl9 136 374 0 373 1 0 1 1 0 8 0 amappl8 128 333 0 286 2 0 2 2 0 8 0 amappl7 120 104 0 93 1 0 1 1 0 8 0 amappl6 112 206 0 198 1 0 1 1 0 8 0 amappl5 104 407 0 394 1 0 1 1 0 8 0 amappl4 96 425 0 396 1 0 1 1 0 8 0 amappl3 88 116 0 111 1 0 1 1 0 8 0 amappl2 80 2975 0 2907 2 0 2 2 0 8 0 amappl1 72 19550 0 19138 23 14 9 17 0 8 0 amappl 80 1054 0 1011 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 10 0 1 1 0 1 1 0 8 0 uaddrrnd 24 467 0 453 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 467 0 453 1 0 1 1 0 8 0 vmmpekpl 168 6775 0 6747 2 0 2 2 0 8 0 vmmpepl 168 63833 0 61747 130 37 93 114 0 357 2 vmsppl 272 466 0 453 2 1 1 2 0 8 0 pdppl 4096 940 0 906 6 1 5 6 0 8 0 pvpl 32 193801 0 173347 204 17 187 197 0 265 19 pmappl 200 466 0 453 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 311 0 69 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 pfi_instance_add(ffff800000ac6000,0,c3) at pfi_instance_add+0x5e5 pfi_table_update(ffff800000af4550,ffff800000ad8200,0,c3) at pfi_table_update+0x174 pfi_kif_update(ffff800000ad8200) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline] pfi_kif_update(ffff800000ad8200) at pfi_kif_update+0xba sys/net/pf_if.c:442 pfi_dynaddr_setup(ffff800000adb338,0) at pfi_dynaddr_setup+0x3fa sys/net/pf_if.c:420 pfioctl(4900,cd604404,ffff800000acd000,3,ffff80001d6a99c8) at pfioctl+0x51b2 pf_addr_setup sys/net/pf_ioctl.c:893 [inline] pfioctl(4900,cd604404,ffff800000acd000,3,ffff80001d6a99c8) at pfioctl+0x51b2 sys/net/pf_ioctl.c:1265 VOP_IOCTL(fffffd806351c680,cd604404,ffff800000acd000,3,fffffd806c3bfae0,ffff80001d6a99c8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd8057362628,cd604404,ffff800000acd000,ffff80001d6a99c8) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80001d6a99c8,ffff80001e7a17b8,ffff80001e7a1800) at sys_ioctl+0x4a1 syscall(ffff80001e7a1880) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4c36b17da20, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 pfi_instance_add(ffff800000ac6000,0,c3) at pfi_instance_add+0x5e5 pfi_table_update(ffff800000af4550,ffff800000ad8200,0,c3) at pfi_table_update+0x174 pfi_kif_update(ffff800000ad8200) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline] pfi_kif_update(ffff800000ad8200) at pfi_kif_update+0xba sys/net/pf_if.c:442 pfi_dynaddr_setup(ffff800000adb338,0) at pfi_dynaddr_setup+0x3fa sys/net/pf_if.c:420 pfioctl(4900,cd604404,ffff800000acd000,3,ffff80001d6a99c8) at pfioctl+0x51b2 pf_addr_setup sys/net/pf_ioctl.c:893 [inline] pfioctl(4900,cd604404,ffff800000acd000,3,ffff80001d6a99c8) at pfioctl+0x51b2 sys/net/pf_ioctl.c:1265 VOP_IOCTL(fffffd806351c680,cd604404,ffff800000acd000,3,fffffd806c3bfae0,ffff80001d6a99c8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd8057362628,cd604404,ffff800000acd000,ffff80001d6a99c8) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80001d6a99c8,ffff80001e7a17b8,ffff80001e7a1800) at sys_ioctl+0x4a1 syscall(ffff80001e7a1880) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4c36b17da20, count: -11