login: uvm_fault(0xfffffd806bc0a770, 0x4, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pfi_address_add+0x1eb: movl 0x4(%rax),%eax ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd806bc0a770, 0x4, 0, 1) -> e pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 end trace frame: 0xffff80001d7758d0, count: 0 ddb> trace pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 pfi_instance_add(ffff800000ac6800,0,c3) at pfi_instance_add+0x5e5 pfi_table_update(ffff800000ae39c0,ffff800000ad5300,0,c3) at pfi_table_update+0x174 pfi_kif_update(ffff800000ad5300) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline] pfi_kif_update(ffff800000ad5300) at pfi_kif_update+0xba sys/net/pf_if.c:442 if_addgroup(ffff800000ac6800,ffff80001d775ae8) at if_addgroup+0x280 sys/net/if.c:2736 ifioctl(fffffd806a777e20,80286987,ffff80001d775ad0,ffff80001d6a9278) at ifioctl+0x13e7 sys/net/if.c:2148 sys_ioctl(ffff80001d6a9278,ffff80001d775be8,ffff80001d775c30) at sys_ioctl+0x4a1 syscall(ffff80001d775cb0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf30e2351e70, count: -9 ddb> show registers rdi 0xffffffff81c3a8b7 pfi_address_add+0x1e7 rsi 0x164 rbp 0xffff80001d775830 rbx 0 rdx 0x165 rcx 0xffff80001d77e000 rax 0 r8 0xffffffff81c3a171 pfi_instance_add+0xf1 r9 0x1 r10 0x2 r11 0x41ba9c1a399f783 r12 0x34 r13 0x2 r14 0xffff800000654034 r15 0 rip 0xffffffff81c3a8bb pfi_address_add+0x1eb cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80001d7757c0 ss 0x10 pfi_address_add+0x1eb: movl 0x4(%rax),%eax ddb> show proc PROC (syz-executor.1) pid=338711 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=76, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6a9008,0xffffffff82837f10 process=0xffff80001d6c5230 user=0xffff80001d770000, vmspace=0xfffffd806bc0a770 estcpu=26, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 10709 130575 10696 0 2 0 syz-executor.1 *10709 338711 10696 0 7 0x4000000 syz-executor.1 16962 20902 69363 0 2 0x2 syz-executor.0 10696 365521 69363 0 3 0x82 nanosleep syz-executor.1 69363 465215 14754 0 3 0x82 thrsleep syz-fuzzer 69363 184298 14754 0 3 0x4000082 nanosleep syz-fuzzer 69363 477509 14754 0 3 0x4000082 kqread syz-fuzzer 69363 430301 14754 0 3 0x4000082 thrsleep syz-fuzzer 69363 397069 14754 0 3 0x4000082 thrsleep syz-fuzzer 69363 48450 14754 0 3 0x4000082 thrsleep syz-fuzzer 69363 279878 14754 0 3 0x4000082 thrsleep syz-fuzzer 14754 194457 99552 0 3 0x10008a pause ksh 99552 384998 53178 0 3 0x92 select sshd 23113 141420 1 0 3 0x100083 ttyin getty 53178 156666 1 0 3 0x80 select sshd 55048 371659 37838 73 3 0x100090 kqread syslogd 37838 271873 1 0 3 0x100082 netio syslogd 18006 116623 1 77 3 0x100090 poll dhclient 35263 494865 1 0 3 0x80 poll dhclient 80287 361579 0 0 3 0x14200 bored smr 1188 42517 0 0 2 0x14200 zerothread 12732 79186 0 0 3 0x14200 aiodoned aiodoned 15069 160651 0 0 3 0x14200 syncer update 8781 410082 0 0 3 0x14200 cleaner cleaner 3677 412082 0 0 3 0x14200 reaper reaper 44045 113645 0 0 3 0x14200 pgdaemon pagedaemon 76001 476543 0 0 3 0x14200 bored crynlk 42969 487470 0 0 3 0x14200 bored crypto 99722 168132 0 0 3 0x40014200 acpi0 acpi0 66394 426939 0 0 3 0x14200 bored softnet 13042 210278 0 0 3 0x14200 bored systqmp 6166 21580 0 0 3 0x14200 bored systq 9501 21196 0 0 3 0x40014200 bored softclock 69376 152288 0 0 3 0x40014200 idle0 1 127926 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9452 6323K 6453K 78643K 10584 0 pcb 14 8K 8K 78643K 22 0 rtable 112 4K 5K 78643K 202 0 ifaddr 43 11K 11K 78643K 49 0 counters 21 16K 16K 78643K 22 0 ioctlops 0 0K 4K 78643K 19 0 iov 0 0K 4K 78643K 4 0 mount 1 1K 1K 78643K 1 0 vnodes 1218 77K 77K 78643K 1236 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 32 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 100 0 proc 47 38K 54K 78643K 358 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 44 2K 2K 78643K 44 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 1K 78643K 195 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 134 23K 24K 78643K 1123 0 UVM aobj 5 2K 2K 78643K 5 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 5 0K 0K 78643K 10 0 temp 66 3850K 3913K 78643K 2971 0 kqueue 3 4K 12K 78643K 10 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 80 19 0 17 1 0 1 1 0 8 0 rtentry 112 45 0 1 2 0 2 2 0 8 0 unpcb 120 79 0 71 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 218 0 218 2 2 0 1 0 8 0 tcpcb 544 32 0 27 1 0 1 1 0 8 0 inpcb 296 98 0 87 2 1 1 2 0 8 0 nd6 48 6 0 0 1 0 1 1 0 8 0 ppxss 1136 1 0 1 1 1 0 1 0 8 0 pfrktable 1344 3 0 1 1 0 1 1 0 8 0 pfrule 1360 2 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 188 0 0 12 0 12 12 0 8 0 art_table 32 189 0 0 2 0 2 2 0 8 0 art_node 16 44 0 4 1 0 1 1 0 8 0 sysvmsgpl 40 2 0 2 1 1 0 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 30 0 20 1 0 1 1 0 8 0 shmpl 112 2 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1499 0 101 88 0 88 88 0 8 0 ffsino 240 1499 0 101 83 0 83 83 0 8 0 nchpl 144 1803 0 201 60 0 60 60 0 8 0 uvmvnodes 72 1549 0 0 29 0 29 29 0 8 0 vnodes 208 1549 0 0 82 0 82 82 0 8 0 namei 1024 4483 0 4483 2 1 1 1 0 8 1 pfiaddrpl 120 2 0 0 1 0 1 1 0 8 0 scxspl 192 5224 0 5224 1 0 1 1 0 8 1 plimitpl 152 18 0 11 1 0 1 1 0 8 0 sigapl 424 286 0 258 4 0 4 4 0 8 0 futexpl 56 1129 0 1129 2 1 1 1 0 8 1 knotepl 112 70 0 51 1 0 1 1 0 8 0 kqueuepl 144 42 0 40 1 0 1 1 0 8 0 pipepl 272 76 0 66 1 0 1 1 0 8 0 fdescpl 432 272 0 258 2 0 2 2 0 8 0 filepl 120 1388 0 1290 4 0 4 4 0 8 1 lockfpl 104 24 0 23 1 0 1 1 0 8 0 lockfspl 48 8 0 7 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 130 0 123 1 0 1 1 0 8 0 zombiepl 144 258 0 258 1 0 1 1 0 8 1 processpl 928 286 0 258 4 0 4 4 0 8 0 procpl 624 395 0 360 5 1 4 4 0 8 1 sockpl 400 197 0 176 3 0 3 3 0 8 0 mcl16k 16384 1 0 1 1 1 0 1 0 8 0 mcl12k 12288 2 0 2 2 1 1 1 0 8 1 mcl8k 8192 1 0 1 1 1 0 1 0 8 0 mcl4k 4096 11 0 11 3 2 1 1 0 8 1 mcl2k 2048 88226 0 88175 22 15 7 19 0 8 0 mtagpl 96 4 0 2 2 1 1 1 0 8 0 mbufpl 256 139450 0 139374 12 5 7 10 0 8 0 bufpl 280 3372 0 126 232 0 232 232 0 8 0 anonpl 16 113708 0 95785 110 5 105 106 0 107 25 amapchunkpl 152 1469 0 1321 8 0 8 8 0 158 1 amappl16 192 5409 0 4415 78 16 62 74 0 8 10 amappl15 184 9 0 7 1 0 1 1 0 8 0 amappl14 176 26 0 18 1 0 1 1 0 8 0 amappl13 168 68 0 63 1 0 1 1 0 8 0 amappl12 160 8 0 6 1 0 1 1 0 8 0 amappl11 152 45 0 36 1 0 1 1 0 8 0 amappl10 144 21 0 15 1 0 1 1 0 8 0 amappl9 136 390 0 387 1 0 1 1 0 8 0 amappl8 128 358 0 314 2 0 2 2 0 8 0 amappl7 120 107 0 95 1 0 1 1 0 8 0 amappl6 112 25 0 19 1 0 1 1 0 8 0 amappl5 104 234 0 224 1 0 1 1 0 8 0 amappl4 96 459 0 429 1 0 1 1 0 8 0 amappl3 88 102 0 97 1 0 1 1 0 8 0 amappl2 80 1356 0 1292 2 0 2 2 0 8 0 amappl1 72 15068 0 14638 23 13 10 17 0 8 0 amappl 80 640 0 596 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 4 0 0 1 0 1 1 0 8 0 uaddrrnd 24 272 0 258 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 272 0 258 1 0 1 1 0 8 0 vmmpekpl 168 5980 0 5954 2 0 2 2 0 8 0 vmmpepl 168 44840 0 42732 132 14 118 119 0 357 24 vmsppl 272 271 0 258 2 1 1 2 0 8 0 pdppl 4096 550 0 516 6 1 5 6 0 8 0 pvpl 32 224676 0 203797 247 3 244 245 0 265 67 pmappl 200 271 0 258 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 249 0 30 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 pfi_instance_add(ffff800000ac6800,0,c3) at pfi_instance_add+0x5e5 pfi_table_update(ffff800000ae39c0,ffff800000ad5300,0,c3) at pfi_table_update+0x174 pfi_kif_update(ffff800000ad5300) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline] pfi_kif_update(ffff800000ad5300) at pfi_kif_update+0xba sys/net/pf_if.c:442 if_addgroup(ffff800000ac6800,ffff80001d775ae8) at if_addgroup+0x280 sys/net/if.c:2736 ifioctl(fffffd806a777e20,80286987,ffff80001d775ad0,ffff80001d6a9278) at ifioctl+0x13e7 sys/net/if.c:2148 sys_ioctl(ffff80001d6a9278,ffff80001d775be8,ffff80001d775c30) at sys_ioctl+0x4a1 syscall(ffff80001d775cb0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf30e2351e70, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 pfi_instance_add(ffff800000ac6800,0,c3) at pfi_instance_add+0x5e5 pfi_table_update(ffff800000ae39c0,ffff800000ad5300,0,c3) at pfi_table_update+0x174 pfi_kif_update(ffff800000ad5300) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline] pfi_kif_update(ffff800000ad5300) at pfi_kif_update+0xba sys/net/pf_if.c:442 if_addgroup(ffff800000ac6800,ffff80001d775ae8) at if_addgroup+0x280 sys/net/if.c:2736 ifioctl(fffffd806a777e20,80286987,ffff80001d775ad0,ffff80001d6a9278) at ifioctl+0x13e7 sys/net/if.c:2148 sys_ioctl(ffff80001d6a9278,ffff80001d775be8,ffff80001d775c30) at sys_ioctl+0x4a1 syscall(ffff80001d775cb0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf30e2351e70, count: -9