uvm_fault(0xfffffd805388e450, 0x4, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pfi_address_add+0x1eb: movl 0x4(%rax),%eax ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd805388e450, 0x4, 0, 1) -> e pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 end trace frame: 0xffff8000207cf2a0, count: 0 ddb> trace pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 pfi_instance_add(ffff800000ac6000,0,c3) at pfi_instance_add+0x5e5 pfi_table_update(ffff800000adda40,ffff800000b22200,0,c3) at pfi_table_update+0x174 pfi_kif_update(ffff800000b22200) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline] pfi_kif_update(ffff800000b22200) at pfi_kif_update+0xba sys/net/pf_if.c:442 pfi_dynaddr_setup(ffff800000b518e8,0) at pfi_dynaddr_setup+0x3fa sys/net/pf_if.c:420 pfioctl(4900,cd604404,ffff800000675000,3,ffff80001d6c24f8) at pfioctl+0x51b2 pf_addr_setup sys/net/pf_ioctl.c:893 [inline] pfioctl(4900,cd604404,ffff800000675000,3,ffff80001d6c24f8) at pfioctl+0x51b2 sys/net/pf_ioctl.c:1265 VOP_IOCTL(fffffd8064a7d0d0,cd604404,ffff800000675000,3,fffffd806c3bfa20,ffff80001d6c24f8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd8057aab5b0,cd604404,ffff800000675000,ffff80001d6c24f8) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80001d6c24f8,ffff8000207cf848,ffff8000207cf890) at sys_ioctl+0x4a1 syscall(ffff8000207cf910) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x209d9937c0, count: -11 ddb> show registers rdi 0xffffffff815218d7 pfi_address_add+0x1e7 rsi 0x44b rbp 0xffff8000207cf200 rbx 0 rdx 0x44c rcx 0xffff80001d7a6000 rax 0 r8 0xffffffff81521191 pfi_instance_add+0xf1 r9 0x1 r10 0x2 r11 0x61d71cbe261a0a5c r12 0 r13 0x2 r14 0xffff800000654000 r15 0 rip 0xffffffff815218db pfi_address_add+0x1eb cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000207cf190 ss 0x10 pfi_address_add+0x1eb: movl 0x4(%rax),%eax ddb> show proc PROC (syz-executor.0) pid=142902 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=73, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6c3128,0xffffffff8283e8c8 process=0xffff800020862030 user=0xffff8000207ca000, vmspace=0xfffffd805388e450 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 13721 121614 47982 0 2 0 syz-executor.0 *13721 142902 47982 0 7 0x4000000 syz-executor.0 8430 328599 0 0 3 0x14280 nfsidl nfsio 2392 242241 0 0 3 0x14280 nfsidl nfsio 64903 423893 0 0 3 0x14280 nfsidl nfsio 15088 495089 0 0 3 0x14280 nfsidl nfsio 44059 435280 0 0 3 0x14280 nfsidl nfsio 4617 316860 0 0 3 0x14280 nfsidl nfsio 11422 171696 0 0 3 0x14280 nfsidl nfsio 99300 280378 0 0 3 0x14280 nfsidl nfsio 45047 183555 0 0 3 0x14280 nfsidl nfsio 71908 232073 0 0 3 0x14280 nfsidl nfsio 31562 453524 0 0 3 0x14280 nfsidl nfsio 79794 386838 0 0 3 0x14280 nfsidl nfsio 79327 333550 0 0 3 0x14280 nfsidl nfsio 57710 94799 0 0 3 0x14280 nfsidl nfsio 64415 205449 0 0 3 0x14280 nfsidl nfsio 259 34451 0 0 3 0x14280 nfsidl nfsio 81205 174610 0 0 3 0x14280 nfsidl nfsio 6573 134038 0 0 3 0x14280 nfsidl nfsio 91244 162831 0 0 3 0x14280 nfsidl nfsio 67859 327912 0 0 3 0x14280 nfsidl nfsio 32242 230444 0 0 3 0x14200 acct acct 4127 225531 0 0 3 0x14200 bored sosplice 47982 200269 60414 0 3 0x82 nanosleep syz-executor.0 81829 353501 60414 0 2 0x2 syz-executor.1 60414 385583 46675 0 3 0x82 kqread syz-fuzzer 60414 31513 46675 0 3 0x4000082 thrsleep syz-fuzzer 60414 177895 46675 0 3 0x4000082 thrsleep syz-fuzzer 60414 32000 46675 0 3 0x4000082 thrsleep syz-fuzzer 60414 320477 46675 0 3 0x4000082 thrsleep syz-fuzzer 60414 423651 46675 0 3 0x4000082 thrsleep syz-fuzzer 60414 302938 46675 0 3 0x4000082 thrsleep syz-fuzzer 60414 90829 46675 0 3 0x4000082 thrsleep syz-fuzzer 46675 475216 26771 0 3 0x10008a pause ksh 26771 276792 45498 0 3 0x92 select sshd 19323 522901 1 0 3 0x100083 ttyin getty 45498 179533 1 0 3 0x80 select sshd 87225 23154 4642 73 3 0x100090 kqread syslogd 4642 217055 1 0 3 0x100082 netio syslogd 90129 249647 1 77 3 0x100090 poll dhclient 37372 236403 1 0 3 0x80 poll dhclient 80946 297104 0 0 3 0x14200 bored smr 98285 252969 0 0 2 0x14200 zerothread 35229 518949 0 0 3 0x14200 aiodoned aiodoned 70458 434218 0 0 3 0x14200 syncer update 86618 416296 0 0 3 0x14200 cleaner cleaner 28191 356634 0 0 3 0x14200 reaper reaper 25433 517003 0 0 3 0x14200 pgdaemon pagedaemon 40071 419146 0 0 3 0x14200 bored crynlk 5800 62159 0 0 3 0x14200 bored crypto 36913 47440 0 0 3 0x40014200 acpi0 acpi0 18349 134899 0 0 3 0x14200 bored softnet 47958 160955 0 0 3 0x14200 bored systqmp 32425 37861 0 0 3 0x14200 bored systq 52634 378593 0 0 3 0x40014200 bored softclock 94694 458777 0 0 3 0x40014200 idle0 1 478834 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9506 6349K 6989K 78643K 11589 0 pcb 13 8K 8K 78643K 302 0 rtable 136 9K 12K 78643K 1678 0 ifaddr 82 17K 18K 78643K 1467 0 sysctl 2 0K 0K 78643K 2 0 counters 21 16K 17K 78643K 42 0 ioctlops 1 4K 4K 78643K 1201 0 iov 0 0K 16K 78643K 92 0 mount 1 1K 1K 78643K 1 0 vnodes 1228 77K 77K 78643K 1532 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 11 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 1K 78643K 176 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 1679 0 sigio 0 0K 0K 78643K 76 0 proc 50 38K 54K 78643K 409 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 23 0 in_multi 65 3K 3K 78643K 128 0 ether_multi 1 0K 0K 78643K 9 0 mrt 0 0K 0K 78643K 13 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 249 0 pfkey data 0 0K 0K 78643K 2 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 127 55K 56K 78643K 4454 0 UVM aobj 52 6K 6K 78643K 58 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 66 0 NDP 12 0K 0K 78643K 42 0 temp 139 3872K 3950K 78643K 16296 0 kqueue 3 4K 12K 78643K 49 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 2 1 0 1 1 0 8 0 rtpcb 80 59 0 57 1 0 1 1 0 8 0 rtentry 112 93 0 47 2 0 2 2 0 8 0 unpcb 120 599 0 589 1 0 1 1 0 8 0 syncache 264 12 0 12 4 4 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 278 0 278 1 1 0 1 0 8 0 tcpcb 544 160 0 156 2 1 1 2 0 8 0 ipq 40 3 0 3 2 2 0 1 0 8 0 ipqe 40 6 0 6 2 2 0 1 0 8 0 inpcb 296 2727 0 2719 2 0 2 2 0 8 1 rttmr 72 5 0 5 2 2 0 1 0 8 0 nd6 48 22 0 14 1 0 1 1 0 8 0 pkpcb 40 8 0 8 2 2 0 1 0 8 0 ppxss 1136 5 0 5 4 3 1 1 0 8 1 pfrke_plain 160 2 0 0 1 0 1 1 0 8 0 pfrktable 1344 592 0 582 3 1 2 2 0 8 1 pftag 88 4 0 0 1 0 1 1 0 8 0 pfqueue 264 4 0 2 1 0 1 1 0 8 0 pfrule 1360 657 0 445 18 0 18 18 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 348 0 129 16 0 16 16 0 8 0 art_table 32 350 0 129 3 0 3 3 0 8 0 art_node 16 88 0 46 1 0 1 1 0 8 0 sysvmsgpl 40 34 0 19 1 0 1 1 0 8 0 semupl 112 4 0 4 1 1 0 1 0 8 0 semapl 112 170 0 160 1 0 1 1 0 8 0 shmpl 112 55 0 6 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 3305 0 1906 88 0 88 88 0 8 0 ffsino 240 3305 0 1906 83 0 83 83 0 8 0 nchpl 144 5642 0 4047 60 0 60 60 0 8 0 rtmask 32 4 0 2 1 0 1 1 0 8 0 uvmvnodes 72 3571 0 0 65 0 65 65 0 8 0 vnodes 208 3571 0 0 188 0 188 188 0 8 0 namei 1024 14991 0 14991 1 0 1 1 0 8 1 vcpupl 1984 4 0 0 1 0 1 1 0 8 0 vmpool 528 4 0 0 1 0 1 1 0 8 0 pfiaddrpl 120 21 0 12 1 0 1 1 0 8 0 scxspl 192 16290 0 16290 1 0 1 1 0 8 1 plimitpl 152 70 0 63 1 0 1 1 0 8 0 sigapl 424 1887 0 1837 6 0 6 6 0 8 0 futexpl 56 24553 0 24553 1 0 1 1 0 8 1 knotepl 112 116 0 97 1 0 1 1 0 8 0 kqueuepl 144 108 0 106 1 0 1 1 0 8 0 pipepl 272 211 0 201 2 0 2 2 0 8 1 fdescpl 432 1851 0 1837 2 0 2 2 0 8 0 filepl 120 9250 0 9153 4 0 4 4 0 8 1 lockfpl 104 209 0 208 1 0 1 1 0 8 0 lockfspl 48 70 0 69 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 31 0 21 1 0 1 1 0 8 0 ucredpl 96 535 0 528 1 0 1 1 0 8 0 zombiepl 144 1837 0 1837 1 0 1 1 0 8 1 processpl 928 1887 0 1837 7 0 7 7 0 8 0 procpl 624 3733 0 3675 5 0 5 5 0 8 0 sosppl 128 11 0 11 3 3 0 1 0 8 0 sockpl 400 3403 0 3383 8 4 4 5 0 8 1 mcl64k 65536 62 0 62 3 2 1 1 0 8 1 mcl16k 16384 318 0 318 6 5 1 1 0 8 1 mcl12k 12288 122 0 122 3 2 1 1 0 8 1 mcl9k 9216 12 0 12 4 3 1 1 0 8 1 mcl8k 8192 173 0 173 2 1 1 1 0 8 1 mcl4k 4096 205 0 205 3 2 1 1 0 8 1 mcl2k2 2112 3 0 3 3 3 0 1 0 8 0 mcl2k 2048 96351 0 96300 19 11 8 14 0 8 0 mtagpl 96 78 0 29 3 1 2 2 0 8 0 mbufpl 256 168302 0 168044 33 14 19 26 0 8 0 bufpl 280 5586 0 234 383 0 383 383 0 8 0 anonpl 16 150675 0 134090 78 2 76 76 0 107 0 amapchunkpl 152 6414 0 6254 8 0 8 8 0 158 0 amappl16 192 7326 0 6332 52 1 51 51 0 8 0 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 24 0 19 1 0 1 1 0 8 0 amappl13 168 840 0 835 1 0 1 1 0 8 0 amappl12 160 831 0 826 1 0 1 1 0 8 0 amappl11 152 883 0 872 1 0 1 1 0 8 0 amappl10 144 14 0 8 1 0 1 1 0 8 0 amappl9 136 381 0 380 1 0 1 1 0 8 0 amappl8 128 344 0 306 2 0 2 2 0 8 0 amappl7 120 108 0 96 1 0 1 1 0 8 0 amappl6 112 858 0 854 1 0 1 1 0 8 0 amappl5 104 1795 0 1784 1 0 1 1 0 8 0 amappl4 96 749 0 722 1 0 1 1 0 8 0 amappl3 88 228 0 223 1 0 1 1 0 8 0 amappl2 80 14954 0 14889 2 0 2 2 0 8 0 amappl1 72 48011 0 47595 22 13 9 17 0 8 0 amappl 80 3960 0 3914 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 57 0 6 1 0 1 1 0 8 0 uaddrrnd 24 1855 0 1837 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1855 0 1837 1 0 1 1 0 8 0 vmmpekpl 168 12807 0 12773 2 0 2 2 0 8 0 vmmpepl 168 224174 0 222083 156 59 97 148 0 357 5 vmsppl 272 1854 0 1837 3 1 2 2 0 8 0 pdppl 4096 3716 0 3678 7 1 6 6 0 8 1 pvpl 32 443342 0 423650 187 11 176 179 0 265 0 pmappl 200 1854 0 1837 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 306 0 44 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 pfi_instance_add(ffff800000ac6000,0,c3) at pfi_instance_add+0x5e5 pfi_table_update(ffff800000adda40,ffff800000b22200,0,c3) at pfi_table_update+0x174 pfi_kif_update(ffff800000b22200) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline] pfi_kif_update(ffff800000b22200) at pfi_kif_update+0xba sys/net/pf_if.c:442 pfi_dynaddr_setup(ffff800000b518e8,0) at pfi_dynaddr_setup+0x3fa sys/net/pf_if.c:420 pfioctl(4900,cd604404,ffff800000675000,3,ffff80001d6c24f8) at pfioctl+0x51b2 pf_addr_setup sys/net/pf_ioctl.c:893 [inline] pfioctl(4900,cd604404,ffff800000675000,3,ffff80001d6c24f8) at pfioctl+0x51b2 sys/net/pf_ioctl.c:1265 VOP_IOCTL(fffffd8064a7d0d0,cd604404,ffff800000675000,3,fffffd806c3bfa20,ffff80001d6c24f8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd8057aab5b0,cd604404,ffff800000675000,ffff80001d6c24f8) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80001d6c24f8,ffff8000207cf848,ffff8000207cf890) at sys_ioctl+0x4a1 syscall(ffff8000207cf910) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x209d9937c0, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585 pfi_instance_add(ffff800000ac6000,0,c3) at pfi_instance_add+0x5e5 pfi_table_update(ffff800000adda40,ffff800000b22200,0,c3) at pfi_table_update+0x174 pfi_kif_update(ffff800000b22200) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline] pfi_kif_update(ffff800000b22200) at pfi_kif_update+0xba sys/net/pf_if.c:442 pfi_dynaddr_setup(ffff800000b518e8,0) at pfi_dynaddr_setup+0x3fa sys/net/pf_if.c:420 pfioctl(4900,cd604404,ffff800000675000,3,ffff80001d6c24f8) at pfioctl+0x51b2 pf_addr_setup sys/net/pf_ioctl.c:893 [inline] pfioctl(4900,cd604404,ffff800000675000,3,ffff80001d6c24f8) at pfioctl+0x51b2 sys/net/pf_ioctl.c:1265 VOP_IOCTL(fffffd8064a7d0d0,cd604404,ffff800000675000,3,fffffd806c3bfa20,ffff80001d6c24f8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd8057aab5b0,cd604404,ffff800000675000,ffff80001d6c24f8) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80001d6c24f8,ffff8000207cf848,ffff8000207cf890) at sys_ioctl+0x4a1 syscall(ffff8000207cf910) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x209d9937c0, count: -11