login: ukernel: page fault trap, code=0 Stopped at tun_dev_read+0x138: movl 0x18(%rbx),%r12d ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic kernel page fault uvm_fault(0xffffffff82635f00, 0xfffffd0000000018, 0, 1) -> e tun_dev_read(5d01,ffff8000240351f8,10) at tun_dev_read+0x138 sys/net/if_tun.c:790 end trace frame: 0xffff800024035030, count: 0 ddb{1}> trace tun_dev_read(5d01,ffff8000240351f8,10) at tun_dev_read+0x138 sys/net/if_tun.c:790 spec_read(ffff800024035040) at spec_read+0xf1 sys/kern/spec_vnops.c:222 VOP_READ(fffffd806e72f1a8,ffff8000240351f8,10,fffffd807f7bfa80) at VOP_READ+0xbf sys/kern/vfs_vops.c:247 vn_read(fffffd80685f9dc0,ffff8000240351f8,0) at vn_read+0x124 sys/kern/vfs_vnops.c:375 dofilereadv(ffff800020eb6ec8,f0,ffff8000240351f8,0,ffff8000240352e0) at dofilereadv+0x1a1 sys/kern/sys_generic.c:237 sys_read(ffff800020eb6ec8,ffff800024035290,ffff8000240352e0) at sys_read+0x83 sys/kern/sys_generic.c:157 syscall(ffff800024035360) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800024035360) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x33ea0d1c780, count: -8 ddb{1}> show registers rdi 0 rsi 0x3da rbp 0xffff800024034f80 rbx 0xfffffd0000000000 rdx 0x153 rcx 0xffff8000009d8700 rax 0xffffffff81bf2513 tun_dev_read+0x133 r8 0x7f7fffffc000 r9 0x5 r10 0xedfcad35d86b485 r11 0x828c75677844686e r12 0 r13 0x3da r14 0xffff800000a23e60 r15 0xffff8000240351f8 rip 0xffffffff81bf2518 tun_dev_read+0x138 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff800024034f20 ss 0x10 tun_dev_read+0x138: movl 0x18(%rbx),%r12d ddb{1}> show proc PROC (syz-executor.1) pid=301091 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=75, nice=20 forw=0xffffffffffffffff, list=0xffff800020eb6508,0xffffffff8267b150 process=0xffff800020e93358 user=0xffff800024030000, vmspace=0xfffffd806e95a2e8 estcpu=25, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 1398 237154 14811 0 7 0 syz-executor.1 * 1398 301091 14811 0 7 0x4000000 syz-executor.1 75085 56484 0 0 3 0x14200 acct acct 58477 335902 1 0 3 0x100083 ttyin getty 28059 401812 1520 0 3 0x82 nanosleep syz-executor.0 17514 418742 0 0 3 0x14280 nfsidl nfsio 80448 91558 0 0 3 0x14280 nfsidl nfsio 10448 315530 0 0 3 0x14280 nfsidl nfsio 80225 204993 0 0 3 0x14280 nfsidl nfsio 94862 201061 0 0 3 0x14280 nfsidl nfsio 28674 265141 0 0 3 0x14280 nfsidl nfsio 40413 319621 0 0 3 0x14280 nfsidl nfsio 53189 297842 0 0 3 0x14280 nfsidl nfsio 73297 160586 0 0 3 0x14280 nfsidl nfsio 2961 375437 0 0 3 0x14280 nfsidl nfsio 43984 236939 0 0 3 0x14280 nfsidl nfsio 81698 183282 0 0 3 0x14280 nfsidl nfsio 31396 298895 0 0 3 0x14280 nfsidl nfsio 59259 493258 0 0 3 0x14280 nfsidl nfsio 83103 479384 0 0 3 0x14280 nfsidl nfsio 37166 368536 0 0 3 0x14280 nfsidl nfsio 23983 360061 0 0 3 0x14280 nfsidl nfsio 40802 447016 0 0 3 0x14280 nfsidl nfsio 12334 313204 0 0 3 0x14280 nfsidl nfsio 17618 19302 0 0 3 0x14280 nfsidl nfsio 28161 247435 0 0 3 0x14200 bored sosplice 14811 249522 1520 0 3 0x82 nanosleep syz-executor.1 1520 463987 43848 0 3 0x82 thrsleep syz-fuzzer 1520 158669 43848 0 3 0x4000082 nanosleep syz-fuzzer 1520 22619 43848 0 3 0x4000082 kqread syz-fuzzer 1520 462720 43848 0 3 0x4000082 thrsleep syz-fuzzer 1520 466891 43848 0 3 0x4000082 thrsleep syz-fuzzer 1520 297498 43848 0 3 0x4000082 thrsleep syz-fuzzer 1520 106067 43848 0 3 0x4000082 thrsleep syz-fuzzer 1520 134625 43848 0 3 0x4000082 thrsleep syz-fuzzer 1520 469335 43848 0 3 0x4000082 thrsleep syz-fuzzer 1520 15459 43848 0 3 0x4000082 thrsleep syz-fuzzer 43848 274883 81722 0 3 0x10008a pause ksh 81722 74730 75156 0 3 0x92 select sshd 75156 30016 1 0 3 0x80 select sshd 17289 77062 78349 74 3 0x100092 bpf pflogd 78349 22481 1 0 3 0x80 netio pflogd 43815 299481 86675 73 3 0x100090 kqread syslogd 86675 347818 1 0 3 0x100082 netio syslogd 61382 138037 1 77 3 0x100090 poll dhclient 6605 487438 1 0 3 0x80 poll dhclient 38000 478918 0 0 3 0x14200 bored smr 17040 95717 0 0 3 0x14200 pgzero zerothread 23963 401902 0 0 3 0x14200 aiodoned aiodoned 36882 230983 0 0 3 0x14200 syncer update 72988 351232 0 0 3 0x14200 cleaner cleaner 15039 68584 0 0 3 0x14200 reaper reaper 67977 327454 0 0 3 0x14200 pgdaemon pagedaemon 6260 205082 0 0 3 0x14200 bored crynlk 39632 151578 0 0 3 0x14200 bored crypto 68872 355833 0 0 3 0x40014200 acpi0 acpi0 93933 98683 0 0 3 0x40014200 idle1 46147 192491 0 0 3 0x14200 bored softnet 25574 199745 0 0 3 0x14200 bored systqmp 61044 425902 0 0 3 0x14200 bored systq 13092 109609 0 0 3 0x40014200 bored softclock 76703 181199 0 0 3 0x40014200 idle0 1 130001 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 1398 (syz-executor.1) thread 0xffff800020eb6ec8 (301091) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82667d70) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 vn_read+0x45 sys/kern/vfs_vnops.c:357 #2 dofilereadv+0x1a1 sys/kern/sys_generic.c:237 #3 sys_read+0x83 sys/kern/sys_generic.c:157 #4 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] #4 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 #5 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9534 6420K 6817K 78643K 11734 0 pcb 15 8K 8K 78643K 982 0 rtable 105 11K 12K 78643K 415 0 ifaddr 101 20K 20K 78643K 213 0 sysctl 2 0K 0K 78643K 2 0 counters 45 34K 34K 78643K 77 0 ioctlops 0 0K 4K 78643K 1524 0 iov 0 0K 16K 78643K 100 0 mount 1 1K 1K 78643K 1 0 vnodes 1219 77K 77K 78643K 2485 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 8 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 1K 78643K 102 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1824 197K 290K 78643K 13058 0 file desc 6 17K 25K 78643K 1076 0 sigio 0 0K 0K 78643K 11 0 proc 64 63K 95K 78643K 599 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 49 0 in_multi 115 5K 5K 78643K 167 0 ether_multi 1 0K 0K 78643K 13 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 1K 78643K 312 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 140 72K 72K 78643K 4338 0 UVM aobj 35 2K 2K 78643K 36 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 2 0K 0K 78643K 707 0 NDP 14 0K 0K 78643K 37 0 temp 122 3042K 3108K 78643K 15149 0 kqueue 3 4K 10K 78643K 21 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 9 0 3 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 56 0 54 1 0 1 1 0 8 0 rtentry 112 63 0 22 2 0 2 2 0 8 0 unpcb 120 1709 0 1699 3 2 1 2 0 8 0 syncache 264 11 0 11 5 4 1 1 0 8 1 tcpqe 32 80 0 80 1 1 0 1 0 8 0 tcpcb 544 220 0 216 1 0 1 1 0 8 0 inpcb 280 2444 0 2435 4 2 2 2 0 8 1 nd6 48 10 0 6 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 swfcl 56 4 0 0 1 0 1 1 0 8 0 pfstscr 40 9 0 8 1 0 1 1 0 8 0 pffrag 232 8 0 8 2 2 0 1 0 482 0 pffrnode 88 8 0 8 2 2 0 1 0 8 0 pffrent 40 145 0 145 2 2 0 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 63 0 41 1 0 1 1 0 8 0 pfstkey 112 67 0 45 1 0 1 1 0 8 0 pfstate 328 62 0 41 3 0 3 3 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 267 0 89 13 1 12 12 0 8 0 art_table 32 268 0 89 2 0 2 2 0 8 0 art_node 16 62 0 24 1 0 1 1 0 8 0 sysvmsgpl 40 19 0 11 2 1 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 94 0 84 1 0 1 1 0 8 0 shmpl 112 34 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 3651 0 2249 90 1 89 89 0 8 0 ffsino 272 3651 0 2249 94 0 94 94 0 8 0 nchpl 144 5220 0 3631 60 0 60 60 0 8 0 uvmvnodes 72 4286 0 0 78 0 78 78 0 8 0 vnodes 208 4286 0 0 226 0 226 226 0 8 0 namei 1024 16137 0 16137 4 3 1 1 0 8 1 percpumem 16 49 0 16 1 0 1 1 0 8 0 vcpupl 1984 4 0 0 1 0 1 1 0 8 0 vmpool 560 6 0 2 2 1 1 1 0 8 0 scsiplug 64 1 0 1 1 1 0 1 0 8 0 scxspl 192 13571 0 13571 9 6 3 3 0 8 3 plimitpl 152 75 0 67 1 0 1 1 0 8 0 sigapl 424 1311 0 1257 7 0 7 7 0 8 0 futexpl 56 17711 0 17711 4 3 1 1 0 8 1 knotepl 112 90 0 71 1 0 1 1 0 8 0 kqueuepl 144 84 0 79 1 0 1 1 0 8 0 pipelkpl 48 176 0 166 1 0 1 1 0 8 0 pipepl 120 352 0 333 1 0 1 1 0 8 0 fdescpl 496 1274 0 1257 3 0 3 3 0 8 0 filepl 152 10523 0 10419 8 3 5 7 0 8 0 lockfpl 104 156 0 155 1 0 1 1 0 8 0 lockfspl 48 48 0 47 1 0 1 1 0 8 0 sessionpl 112 20 0 9 1 0 1 1 0 8 0 pgrppl 48 68 0 57 1 0 1 1 0 8 0 ucredpl 96 2220 0 2211 1 0 1 1 0 8 0 zombiepl 144 1258 0 1257 1 0 1 1 0 8 0 processpl 984 1311 0 1257 7 0 7 7 0 8 0 procpl 624 3495 0 3431 6 0 6 6 0 8 0 sosppl 128 8 0 8 3 2 1 1 0 8 1 sockpl 400 4232 0 4211 12 8 4 7 0 8 1 mcl64k 65536 13 0 0 2 0 2 2 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 8 0 0 1 0 1 1 0 8 0 mcl9k 9216 7 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 11 0 0 2 0 2 2 0 8 0 mcl2k2 2112 16 0 0 2 0 2 2 0 8 0 mcl2k 2048 150 0 0 18 0 18 18 0 8 0 mtagpl 80 80 0 0 2 0 2 2 0 8 0 mbufpl 256 392 0 0 21 0 21 21 0 8 0 bufpl 280 5436 0 144 378 0 378 378 0 8 0 anonpl 16 121843 0 106789 102 25 77 77 0 124 15 amapchunkpl 152 7930 0 7763 37 25 12 21 0 158 4 amappl16 192 5255 0 4431 68 18 50 54 0 8 8 amappl15 184 481 0 479 2 1 1 1 0 8 0 amappl14 176 138 0 135 1 0 1 1 0 8 0 amappl13 168 35 0 32 1 0 1 1 0 8 0 amappl12 160 555 0 552 1 0 1 1 0 8 0 amappl11 152 546 0 528 1 0 1 1 0 8 0 amappl10 144 20 0 14 1 0 1 1 0 8 0 amappl9 136 387 0 385 1 0 1 1 0 8 0 amappl8 128 380 0 342 2 0 2 2 0 8 0 amappl7 120 124 0 112 1 0 1 1 0 8 0 amappl6 112 24 0 20 1 0 1 1 0 8 0 amappl5 104 1489 0 1468 1 0 1 1 0 8 0 amappl4 96 631 0 602 1 0 1 1 0 8 0 amappl3 88 243 0 238 1 0 1 1 0 8 0 amappl2 80 9649 0 9569 2 0 2 2 0 8 0 amappl1 72 37118 0 36658 23 13 10 18 0 8 0 amappl 80 3753 0 3699 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 35 0 1 1 0 1 1 0 8 0 uaddrrnd 24 1280 0 1259 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1280 0 1259 1 0 1 1 0 8 0 vmmpekpl 168 12305 0 12268 2 0 2 2 0 8 0 vmmpepl 168 159885 0 157779 155 51 104 116 0 357 12 vmsppl 368 1279 0 1259 2 0 2 2 0 8 0 pdppl 4096 2568 0 2522 6 0 6 6 0 8 0 pvpl 32 361813 0 343398 238 51 187 187 0 265 36 pmappl 232 1279 0 1259 3 1 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 281 0 16 8 0 8 8 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff824cbff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82667b68) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82667b68) at __mp_lock+0x127 sys/kern/kern_lock.c:147 intr_handler(ffff800021f6d990,ffff800000658e00) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:525 Xintr_ioapic_edge4_untramp() at Xintr_ioapic_edge4_untramp+0x19f __sanitizer_cov_trace_cmp4(ffffffff82667b68,ffffffff82667b68) at __sanitizer_cov_trace_cmp4+0xb sys/dev/kcov.c:134 syscall(ffff800021f6db70) at syscall+0x400 mi_syscall sys/sys/syscall_mi.h:93 [inline] syscall(ffff800021f6db70) at syscall+0x400 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc8020, count: -9 ddb{0}> machine ddbcpu 1 Stopped at tun_dev_read+0x138: movl 0x18(%rbx),%r12d ddb{1}> trace tun_dev_read(5d01,ffff8000240351f8,10) at tun_dev_read+0x138 sys/net/if_tun.c:790 spec_read(ffff800024035040) at spec_read+0xf1 sys/kern/spec_vnops.c:222 VOP_READ(fffffd806e72f1a8,ffff8000240351f8,10,fffffd807f7bfa80) at VOP_READ+0xbf sys/kern/vfs_vops.c:247 vn_read(fffffd80685f9dc0,ffff8000240351f8,0) at vn_read+0x124 sys/kern/vfs_vnops.c:375 dofilereadv(ffff800020eb6ec8,f0,ffff8000240351f8,0,ffff8000240352e0) at dofilereadv+0x1a1 sys/kern/sys_generic.c:237 sys_read(ffff800020eb6ec8,ffff800024035290,ffff8000240352e0) at sys_read+0x83 sys/kern/sys_generic.c:157 syscall(ffff800024035360) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800024035360) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x33ea0d1c780, count: -8