uvm_fault(0xffffff002bdc1b60, 0x6000118, 0, 1) -> e kernel: page fault trap, code=0 Stopped at tun_dev_read+0x1fa: movl 0x18(%r15),%ebx ddb> ddb> set $lines = 0 ddb> show panic kernel page fault uvm_fault(0xffffff002bdc1b60, 0x6000118, 0, 1) -> e tun_dev_read(ffff800014b06ad8,ffffff0035ff5db8,ffffff0035ff5db8) at tun_dev_read+0x1fa end trace frame: 0xffff800014b06990, count: 0 ddb> trace tun_dev_read(ffff800014b06ad8,ffffff0035ff5db8,ffffff0035ff5db8) at tun_dev_read+0x1fa spec_read(10) at spec_read+0x9d VOP_READ(ffff800014b06ad8,ffffff0035ff5db8,ffffff0030acc970,0) at VOP_READ+0x5evn_read(ffffff0030acc970,ffff800014a1d7f8,3e8) at vn_read+0x130 dofilereadv(ffff800014a1d7f8,ffff800014b06b80,3e8,ffff800014b06b90,655993151e8) at dofilereadv+0x14f sys_read(ffff800014b06c20,ffff800014a1d7f8,ffff8000149f9668) at sys_read+0x6e syscall(0) at syscall+0x3e4 Xsyscall(6,3,0,3,1,65581f1a400) at Xsyscall+0x128 end of kernel end trace frame: 0x65599315200, count: -8 ddb> show registers rdi 0 rsi 0xffffffff81847b54 tun_dev_read+0x244 rbp 0xffff800014b068f0 rbx 0 rdx 0xffff800002acc000 rcx 0xf1 rax 0x212 r8 0x7f7fffffc000 r9 0 r10 0 r11 0xffffffff8188ec90 pool_lock_mtx_leave r12 0xffff800014b06ad8 r13 0x5 r14 0xffff800000aca000 r15 0x6000100 __kernel_end_phys+0x4000100 rip 0xffffffff81847b0a tun_dev_read+0x1fa cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff800014b068b0 ss 0x10 tun_dev_read+0x1fa: movl 0x18(%r15),%ebx ddb> show proc PROC (syz-executor0) pid=164140 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800014a1c2e0,0xffffffff81e94fe8 process=0xffff8000149f9668 user=0xffff800014b01000, vmspace=0xffffff002bdc1b60 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 63437 501580 91377 0 2 0 syz-executor0 *63437 164140 91377 0 7 0x4000000 syz-executor0 85253 514150 57642 0 2 0 syz-executor1 85253 485955 57642 0 3 0x4000080 fifow syz-executor1 54410 428172 74827 0 3 0x82 netio sshd 60854 79489 74827 0 3 0x82 netio sshd 58763 389883 1 0 3 0x100083 ttyin getty 58827 230925 0 0 3 0x14200 bored sosplice 91377 494715 98695 0 2 0x482 syz-executor0 57642 25113 98695 0 3 0x82 nanosleep syz-executor1 98695 183234 10748 0 3 0x82 thrsleep syz-fuzzer 98695 26427 10748 0 2 0x4000482 syz-fuzzer 98695 27685 10748 0 3 0x4000082 thrsleep syz-fuzzer 98695 190292 10748 0 3 0x4000082 thrsleep syz-fuzzer 98695 126944 10748 0 3 0x4000082 kqread syz-fuzzer 98695 79805 10748 0 3 0x4000082 thrsleep syz-fuzzer 98695 212469 10748 0 3 0x4000082 thrsleep syz-fuzzer 10748 25522 19411 0 3 0x10008a pause ksh 19411 383339 74827 0 3 0x92 select sshd 74827 125960 1 0 3 0x80 select sshd 41535 86516 11657 73 2 0x100090 syslogd 11657 33464 1 0 3 0x100082 netio syslogd 19532 377932 1 77 3 0x100090 poll dhclient 15664 300880 1 0 3 0x80 poll dhclient 76727 444427 0 0 2 0x14200 zerothread 38698 107784 0 0 3 0x14200 aiodoned aiodoned 16130 411597 0 0 3 0x14200 syncer update 36856 13952 0 0 3 0x14200 cleaner cleaner 73933 338251 0 0 3 0x14200 reaper reaper 95309 12443 0 0 3 0x14200 pgdaemon pagedaemon 57068 264523 0 0 3 0x14200 bored crynlk 16981 302598 0 0 3 0x14200 bored crypto 87889 83039 0 0 3 0x40014200 acpi0 acpi0 47272 24285 0 0 3 0x14200 bored softnet 58092 260970 0 0 3 0x14200 bored systqmp 97768 105292 0 0 3 0x14200 bored systq 11195 287455 0 0 3 0x40014200 bored softclock 56216 242477 0 0 3 0x40014200 idle0 1 509338 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper