uvm_fault(0xfffffd807f000730, 0x5025a8058, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pfi_dynaddr_remove+0x4a: movq 0x58(%r15),%r12 ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic kernel page fault uvm_fault(0xfffffd807f000730, 0x5025a8058, 0, 1) -> e pfi_dynaddr_remove(ffff800000a9e888) at pfi_dynaddr_remove+0x4a sys/net/pf_if.c:602 end trace frame: 0xffff800021bc4d80, count: 0 ddb{1}> trace pfi_dynaddr_remove(ffff800000a9e888) at pfi_dynaddr_remove+0x4a sys/net/pf_if.c:602 pf_rm_rule(0,ffff800000a9e530) at pf_rm_rule+0x3df sys/net/pf_ioctl.c:274 pfioctl(4900,cd60441a,ffff800000a21000,2,ffff800020ad73d8) at pfioctl+0x4f8c VOP_IOCTL(fffffd806f6ce0f0,cd60441a,ffff800000a21000,2,fffffd807f7be9c0,ffff800020ad73d8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291 vn_ioctl(fffffd806293d130,cd60441a,ffff800000a21000,ffff800020ad73d8) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:533 sys_ioctl(ffff800020ad73d8,ffff800021bc51c8,ffff800021bc5210) at sys_ioctl+0x5b9 syscall(ffff800021bc5290) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] syscall(ffff800021bc5290) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd0cd8f57900, count: -8 ddb{1}> show registers rdi 0x2 rsi 0x2 rbp 0xffff800021bc4d20 rbx 0xffff800000a9e778 rdx 0x1d7 rcx 0xffff8000009d3200 rax 0xffffffff814fee03 pfi_dynaddr_remove+0x33 r8 0xffffffff81acf895 pfioctl+0x4205 r9 0x1 r10 0x18 r11 0xb08d78c3057300be r12 0xffff800000a9e888 r13 0xffff800000a9e800 r14 0xffff800000a9e888 r15 0x5025a8000 rip 0xffffffff814fee1a pfi_dynaddr_remove+0x4a cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff800021bc4cf0 ss 0x10 pfi_dynaddr_remove+0x4a: movq 0x58(%r15),%r12 ddb{1}> show proc PROC (syz-executor.1) pid=174682 stat=onproc flags process=0 proc=4000000 pri=79, usrpri=79, nice=20 forw=0xffffffffffffffff, list=0xffff800020ad6290,0xffffffff82641530 process=0xffff800020af4ab0 user=0xffff800021bc0000, vmspace=0xfffffd807f000730 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 6460 109387 27930 0 7 0 syz-executor.1 * 6460 174682 27930 0 7 0x4000000 syz-executor.1 46403 488179 75102 0 3 0x82 nanosleep syz-executor.0 2636 454420 0 0 3 0x14200 bored sosplice 27930 471142 75102 0 3 0x82 nanosleep syz-executor.1 75102 231346 65792 0 3 0x82 thrsleep syz-fuzzer 75102 285637 65792 0 3 0x4000082 thrsleep syz-fuzzer 75102 123331 65792 0 3 0x4000082 thrsleep syz-fuzzer 75102 176955 65792 0 3 0x4000082 thrsleep syz-fuzzer 75102 459729 65792 0 3 0x4000082 thrsleep syz-fuzzer 75102 442599 65792 0 3 0x4000082 thrsleep syz-fuzzer 75102 353139 65792 0 3 0x4000082 thrsleep syz-fuzzer 75102 227313 65792 0 3 0x4000082 kqread syz-fuzzer 75102 351842 65792 0 3 0x4000082 thrsleep syz-fuzzer 75102 106089 65792 0 3 0x4000082 thrsleep syz-fuzzer 65792 191341 23681 0 3 0x10008a pause ksh 23681 176179 57802 0 3 0x92 select sshd 32174 215189 1 0 3 0x100083 ttyin getty 57802 398620 1 0 3 0x80 select sshd 19830 311896 30974 74 3 0x100092 bpf pflogd 30974 223933 1 0 3 0x80 netio pflogd 93927 507911 98814 73 3 0x100090 kqread syslogd 98814 391801 1 0 3 0x100082 netio syslogd 61542 106871 1 77 3 0x100090 poll dhclient 53649 474377 1 0 3 0x80 poll dhclient 66518 500837 0 0 3 0x14200 pgzero zerothread 35371 388167 0 0 3 0x14200 aiodoned aiodoned 91319 70841 0 0 3 0x14200 syncer update 71449 32237 0 0 3 0x14200 cleaner cleaner 30543 377419 0 0 3 0x14200 reaper reaper 2790 138725 0 0 3 0x14200 pgdaemon pagedaemon 20320 505437 0 0 3 0x14200 bored crynlk 60166 303253 0 0 3 0x14200 bored crypto 21150 327434 0 0 3 0x40014200 acpi0 acpi0 52230 104105 0 0 3 0x40014200 idle1 35682 145436 0 0 3 0x14200 bored softnet 70687 469756 0 0 3 0x14200 bored systqmp 26318 394641 0 0 3 0x14200 bored systq 26302 101675 0 0 3 0x40014200 bored softclock 41868 412634 0 0 3 0x40014200 idle0 73708 384374 0 0 3 0x14200 bored smr 1 147572 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 6460 (syz-executor.1) thread 0xffff800020ad73d8 (174682) exclusive rwlock netlock r = 0 (0xffffffff8246c508) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 pfioctl+0x15f sys/net/pf_ioctl.c:1028 #2 VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291 #3 vn_ioctl+0xb7 sys/kern/vfs_vnops.c:533 #4 sys_ioctl+0x5b9 #5 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] #5 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 #6 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 1 (0xffffffff8265f6c0) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline] #1 syscall+0x400 sys/arch/amd64/amd64/trap.c:555 #2 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9499 6415K 6803K 78643K 12810 0 pcb 13 10K 12K 78643K 255 0 rtable 115 5K 7K 78643K 1500 0 ifaddr 63 13K 14K 78643K 759 0 counters 39 33K 33K 78643K 39 0 ioctlops 1 4K 4K 78643K 2536 0 iov 0 0K 16K 78643K 143 0 mount 1 1K 1K 78643K 1 0 vnodes 1223 77K 77K 78643K 1668 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 44 0 VM map 2 1K 1K 78643K 2 0 sem 11 1K 1K 78643K 11 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 196K 290K 78643K 12766 0 file desc 5 13K 25K 78643K 6161 0 sigio 0 0K 0K 78643K 179 0 proc 95 65K 95K 78643K 598 0 subproc 32 2K 2K 78643K 68 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 431 0 in_multi 46 2K 2K 78643K 80 0 ether_multi 1 0K 0K 78643K 3 0 mrt 0 0K 0K 78643K 3 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 61 281K 281K 78643K 61 0 exec 0 0K 1K 78643K 255 0 pfkey data 0 0K 0K 78643K 1 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 131 23K 26K 78643K 15332 0 UVM aobj 130 4K 4K 78643K 130 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 4 0 NDP 9 0K 0K 78643K 22 0 temp 125 3028K 3094K 78643K 20454 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 11 0 4 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 39 0 37 1 0 1 1 0 8 0 rtentry 112 66 0 21 2 0 2 2 0 8 0 unpcb 120 5882 0 5872 6 4 2 2 0 8 1 syncache 264 6 0 6 2 2 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpcb 544 2871 0 2865 12 11 1 12 0 8 0 inpcb 280 4418 0 4411 12 10 2 9 0 8 1 nd6 48 8 0 4 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 ppxss 1128 3 0 3 2 2 0 1 0 8 0 pffrag 232 6 0 6 2 2 0 1 0 482 0 pffrnode 88 6 0 6 2 2 0 1 0 8 0 pffrent 40 22 0 22 2 2 0 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 590 0 588 1 0 1 1 0 8 0 pfstitem 24 49 0 31 1 0 1 1 0 8 0 pfstkey 112 49 0 31 1 0 1 1 0 8 0 pfstate 328 49 0 31 3 1 2 3 0 8 0 pfrule 1360 399 0 193 19 1 18 18 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 299 0 86 14 0 14 14 0 8 0 art_table 32 300 0 86 2 0 2 2 0 8 0 art_node 16 65 0 24 1 0 1 1 0 8 0 sysvmsgpl 40 20 0 18 3 2 1 1 0 8 0 semapl 112 9 0 0 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 8822 0 7410 46 0 46 46 0 8 0 ffsino 272 8822 0 7410 95 0 95 95 0 8 0 nchpl 144 17824 0 16184 61 0 61 61 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 208 5926 0 0 312 0 312 312 0 8 0 namei 1024 61445 0 61445 1 0 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 pfiaddrpl 120 444 0 292 5 0 5 5 0 8 0 scxspl 192 45385 0 45385 10 9 1 7 0 8 1 plimitpl 152 281 0 273 1 0 1 1 0 8 0 sigapl 432 6354 0 6339 3 1 2 3 0 8 0 futexpl 56 60026 0 60026 1 0 1 1 0 8 1 knotepl 112 154 0 135 1 0 1 1 0 8 0 kqueuepl 104 309 0 307 4 3 1 4 0 8 0 pipepl 112 4502 0 4483 1 0 1 1 0 8 0 fdescpl 488 6355 0 6339 3 0 3 3 0 8 0 filepl 152 37388 0 37282 22 16 6 14 0 8 1 lockfpl 104 329 0 328 1 0 1 1 0 8 0 lockfspl 48 113 0 112 1 0 1 1 0 8 0 sessionpl 112 20 0 9 1 0 1 1 0 8 0 pgrppl 48 28 0 17 1 0 1 1 0 8 0 ucredpl 96 3362 0 3352 1 0 1 1 0 8 0 zombiepl 144 6339 0 6338 1 0 1 1 0 8 0 processpl 904 6371 0 6338 4 0 4 4 0 8 0 procpl 632 14446 0 14403 9 4 5 5 0 8 1 srpgc 64 4 0 4 2 2 0 1 0 8 0 sosppl 128 6 0 6 3 3 0 1 0 8 0 sockpl 384 10354 0 10335 27 21 6 13 0 8 4 mcl64k 65536 7 0 0 1 0 1 1 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 14 0 0 1 0 1 1 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 196 0 0 24 1 23 24 0 8 0 mtagpl 80 5 0 0 1 0 1 1 0 8 0 mbufpl 256 220 0 0 12 0 12 12 0 8 0 bufpl 280 12628 0 5558 506 0 506 506 0 8 0 anonpl 16 360590 0 344486 69 4 65 65 0 125 0 amapchunkpl 152 24064 0 23931 24 16 8 19 0 158 2 amappl16 192 22781 0 21911 57 13 44 55 0 8 0 amappl15 184 62 0 59 1 0 1 1 0 8 0 amappl14 176 2425 0 2421 1 0 1 1 0 8 0 amappl13 168 608 0 607 1 0 1 1 0 8 0 amappl12 160 16 0 14 1 0 1 1 0 8 0 amappl11 152 60 0 45 1 0 1 1 0 8 0 amappl10 144 3059 0 3053 1 0 1 1 0 8 0 amappl9 136 634 0 631 1 0 1 1 0 8 0 amappl8 128 190 0 150 2 0 2 2 0 8 0 amappl7 120 2750 0 2737 1 0 1 1 0 8 0 amappl6 112 72 0 61 1 0 1 1 0 8 0 amappl5 104 166 0 152 1 0 1 1 0 8 0 amappl4 96 6310 0 6276 2 1 1 2 0 8 0 amappl3 88 2267 0 2260 1 0 1 1 0 8 0 amappl2 80 42777 0 42704 3 1 2 3 0 8 0 amappl1 72 109764 0 109313 27 17 10 21 0 8 0 amappl 80 14723 0 14680 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 129 0 0 3 0 3 3 0 8 0 uaddrrnd 24 6355 0 6339 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 6355 0 6339 1 0 1 1 0 8 0 vmmpekpl 168 41611 0 41577 2 0 2 2 0 8 0 vmmpepl 168 699330 0 697262 144 47 97 120 0 357 2 vmsppl 368 6354 0 6339 2 0 2 2 0 8 0 pdppl 4096 12717 0 12678 6 0 6 6 0 8 0 pvpl 32 1102201 0 1082884 185 27 158 161 0 265 1 pmappl 232 6354 0 6339 2 1 1 2 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 205 0 15 6 0 6 6 0 8 0