uvm_fault(0xffffffff827d7c08, 0xfffffd0000000010, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_cache_get+0x1b1: movq 0x10(%r14),%r13 ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic kernel page fault uvm_fault(0xffffffff827d7c08, 0xfffffd0000000010, 0, 1) -> e pool_cache_get(ffffffff82914d78) at pool_cache_get+0x1b1 pool_cache_item_magic_check sys/kern/subr_pool.c:1770 [inline] pool_cache_get(ffffffff82914d78) at pool_cache_get+0x1b1 sys/kern/subr_pool.c:1884 end trace frame: 0xffff800020d912b0, count: 0 ddb{0}> trace pool_cache_get(ffffffff82914d78) at pool_cache_get+0x1b1 pool_cache_item_magic_check sys/kern/subr_pool.c:1770 [inline] pool_cache_get(ffffffff82914d78) at pool_cache_get+0x1b1 sys/kern/subr_pool.c:1884 pool_get(ffffffff82914d78,2) at pool_get+0x91 sys/kern/subr_pool.c:572 m_clget(0,2,800) at m_clget+0x1c9 m_gethdr sys/kern/uipc_mbuf.c:283 [inline] m_clget(0,2,800) at m_clget+0x1c9 sys/kern/uipc_mbuf.c:400 vio_populate_rx_mbufs(ffff80000017b000) at vio_populate_rx_mbufs+0xf9 vio_add_rx_mbuf sys/dev/pv/if_vio.c:908 [inline] vio_populate_rx_mbufs(ffff80000017b000) at vio_populate_rx_mbufs+0xf9 sys/dev/pv/if_vio.c:951 vio_rx_intr(ffff80000017b050) at vio_rx_intr+0x69 intr_handler(ffff800020d91460,ffff800000255b80) at intr_handler+0x8f sys/arch/amd64/amd64/intr.c:536 Xintr_ioapic_edge19_untramp() at Xintr_ioapic_edge19_untramp+0x19f acpicpu_idle() at acpicpu_idle+0x331 sys/dev/acpi/acpicpu.c:1187 sched_idle(ffffffff82759ff0) at sched_idle+0x3f7 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -9 ddb{0}> show registers rdi 0x7 rsi 0x7 rbp 0xffff800020d911f0 rbx 0xa6e4f277bcbf1bff rdx 0x800 rcx 0xffffffff82759ff0 cpu_info_full_primary+0x1ff0 rax 0xffffffff82759ff0 cpu_info_full_primary+0x1ff0 r8 0xffffffff81e5ae12 vio_populate_rx_mbufs+0xc2 r9 0x5 r10 0x2 r11 0xb7515fe80fa9a64 r12 0xffffffff82914d78 mbpool r13 0 r14 0xfffffd0000000000 r15 0xfffffd807f009f00 rip 0xffffffff822d70e1 pool_cache_get+0x1b1 cs 0x8 rflags 0x10286 __ALIGN_SIZE+0xf286 rsp 0xffff800020d91190 ss 0x10 pool_cache_get+0x1b1: movq 0x10(%r14),%r13 ddb{0}> show proc PROC (idle0) pid=267635 stat=onproc flags process=14000 proc=40000200 pri=0, usrpri=50, nice=20 forw=0xa98f95987e16265e, list=0xffff800020d89ad0,0xffff800020d89120 process=0xffff800020d8b338 user=0xffff800020d8c000, vmspace=0xffffffff82928a30 estcpu=0, cpticks=8133, pctcpu=0.0 user=0, sys=0, intr=1 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 42113 361165 81948 0 3 0x80 nanosleep syz-executor.0 42113 80884 81948 0 3 0x4000080 lockf syz-executor.0 42113 76486 81948 0 3 0x4000080 fsleep syz-executor.0 93490 177837 0 0 3 0x14200 acct acct 81948 257903 33194 0 3 0x82 nanosleep syz-executor.0 95743 273537 0 0 3 0x14200 bored sosplice 21272 33162 1 0 3 0x100083 ttyin getty 38599 149557 33194 0 3 0x2 biowait syz-executor.1 33194 343215 92136 0 3 0x82 kqread syz-fuzzer 33194 140134 92136 0 3 0x4000082 nanosleep syz-fuzzer 33194 488872 92136 0 3 0x4000082 thrsleep syz-fuzzer 33194 133568 92136 0 3 0x4000082 thrsleep syz-fuzzer 33194 256907 92136 0 3 0x4000082 thrsleep syz-fuzzer 33194 45206 92136 0 3 0x4000082 thrsleep syz-fuzzer 33194 322826 92136 0 3 0x4000082 thrsleep syz-fuzzer 33194 522100 92136 0 3 0x4000082 thrsleep syz-fuzzer 33194 170612 92136 0 3 0x4000082 thrsleep syz-fuzzer 33194 403985 92136 0 3 0x4000082 nanosleep syz-fuzzer 92136 111653 47668 0 3 0x10008a pause ksh 47668 415320 47817 0 3 0x92 select sshd 47817 68604 1 0 3 0x80 select sshd 73200 299761 88215 74 3 0x100092 bpf pflogd 88215 473105 1 0 3 0x80 netio pflogd 39478 80717 76244 73 3 0x100090 kqread syslogd 76244 121819 1 0 3 0x100082 netio syslogd 86165 188012 1 77 3 0x100090 poll dhclient 10952 267876 1 0 3 0x80 poll dhclient 65992 275305 0 0 3 0x14200 bored smr 7824 268904 0 0 3 0x14200 pgzero zerothread 83259 376072 0 0 3 0x14200 aiodoned aiodoned 29772 450999 0 0 3 0x14200 syncer update 32468 198005 0 0 3 0x14200 cleaner cleaner 83045 323038 0 0 3 0x14200 reaper reaper 59590 303042 0 0 3 0x14200 pgdaemon pagedaemon 57829 18369 0 0 3 0x14200 bored crynlk 96011 224770 0 0 3 0x14200 bored crypto 88287 318002 0 0 3 0x40014200 acpi0 acpi0 82833 228833 0 0 7 0x40014200 idle1 7965 402290 0 0 3 0x14200 bored softnet 16162 5278 0 0 3 0x14200 bored systqmp 3905 305771 0 0 3 0x14200 bored systq 73451 308521 0 0 3 0x40014200 bored softclock *91258 267635 0 0 7 0x40014200 idle0 1 309799 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 38599 (syz-executor.1) thread 0xffff800020e23128 (149557) exclusive rrwlock inode r = 0 (0xfffffd806f6e6d60) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 rw_enter+0x453 sys/kern/kern_rwlock.c:311 #2 rrw_enter+0x88 sys/kern/kern_rwlock.c:462 #3 ufs_ihashins+0x45 sys/ufs/ufs/ufs_ihash.c:140 #4 ffs_vget+0x13e sys/ufs/ffs/ffs_vfsops.c:1358 #5 ffs_inode_alloc+0x1e2 sys/ufs/ffs/ffs_alloc.c:394 #6 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162 #7 VOP_MKDIR+0xc6 sys/kern/vfs_vops.c:450 #8 domkdirat+0x121 sys/kern/vfs_syscalls.c:3051 #9 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] #9 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 #10 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806b1ea3c8) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 rw_enter+0x453 sys/kern/kern_rwlock.c:311 #2 rrw_enter+0x88 sys/kern/kern_rwlock.c:462 #3 VOP_LOCK+0x4b sys/kern/vfs_vops.c:603 #4 vn_lock+0x81 sys/kern/vfs_vnops.c:575 #5 vfs_lookup+0xe6 sys/kern/vfs_lookup.c:419 #6 namei+0x63c sys/kern/vfs_lookup.c:249 #7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3036 #8 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] #8 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 #9 Xsyscall+0x128 Process 91258 (idle0) thread 0xffff800020d89380 (267635) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff828f7850) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532 #2 Xintr_ioapic_edge19_untramp+0x19f #3 acpicpu_idle+0x331 sys/dev/acpi/acpicpu.c:1187 #4 sched_idle+0x3f7 sys/kern/kern_sched.c:178 #5 proc_trampoline+0x1c ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9555 6564K 7070K 78643K 11865 0 pcb 13 8K 8K 78643K 136 0 rtable 111 16K 18K 78643K 774 0 ifaddr 97 18K 18K 78643K 252 0 counters 43 33K 34K 78643K 87 0 ioctlops 0 0K 4K 78643K 1600 0 iov 0 0K 24K 78643K 97 0 mount 1 1K 1K 78643K 1 0 vnodes 1212 76K 77K 78643K 1660 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 17 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 169 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1824 197K 290K 78643K 13058 0 file desc 5 13K 25K 78643K 857 0 sigio 0 0K 0K 78643K 15 0 proc 62 63K 95K 78643K 625 0 subproc 32 2K 2K 78643K 85 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 92 0 in_multi 64 3K 3K 78643K 176 0 ether_multi 1 0K 0K 78643K 23 0 mrt 0 0K 0K 78643K 4 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 1K 78643K 320 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 133 88K 88K 78643K 3847 0 UVM aobj 52 4K 4K 78643K 54 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 1 0K 1K 78643K 422 0 NDP 16 0K 0K 78643K 49 0 temp 137 3869K 3935K 78643K 13849 0 kqueue 3 4K 11K 78643K 66 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 16 0 11 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 73 0 71 1 0 1 1 0 8 0 rtentry 112 97 0 64 2 0 2 2 0 8 0 unpcb 120 513 0 503 1 0 1 1 0 8 0 syncache 264 8 0 8 3 3 0 1 0 8 0 tcpqe 32 274 0 274 2 2 0 1 0 8 0 tcpcb 544 687 0 683 1 0 1 1 0 8 0 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 2 0 2 1 1 0 1 0 8 0 inpcb 296 1698 0 1690 5 3 2 2 0 8 1 rttmr 72 3 0 2 2 1 1 1 0 8 0 nd6 48 17 0 12 1 0 1 1 0 8 0 pkpcb 40 8 0 8 2 2 0 1 0 8 0 ppxss 1128 3 0 3 2 1 1 1 0 8 1 pfstscr 40 4 0 4 1 1 0 1 0 8 0 pffrag 232 4 0 3 2 1 1 1 0 482 0 pffrnode 88 4 0 3 2 1 1 1 0 8 0 pffrent 40 94 0 93 2 1 1 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 94 0 86 3 2 1 2 0 8 0 pftag 88 4 0 4 2 2 0 1 0 8 0 pfstitem 24 26 0 18 1 0 1 1 0 8 0 pfstkey 112 30 0 22 1 0 1 1 0 8 0 pfstate 328 28 0 20 2 0 2 2 0 8 0 pfrule 1360 52 0 35 3 1 2 2 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 509 0 278 19 4 15 15 0 8 0 art_table 32 512 0 278 2 0 2 2 0 8 0 art_node 16 96 0 68 1 0 1 1 0 8 0 sysvmsgpl 40 23 0 12 2 1 1 1 0 8 0 semupl 112 2 0 2 2 2 0 1 0 8 0 semapl 112 165 0 155 1 0 1 1 0 8 0 shmpl 112 52 0 2 3 1 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2514 0 1116 89 1 88 89 0 8 0 ffsino 272 2514 0 1116 94 0 94 94 0 8 0 nchpl 144 4069 0 2470 60 0 60 60 0 8 0 uvmvnodes 72 2878 0 0 53 0 53 53 0 8 0 vnodes 208 2878 0 0 152 0 152 152 0 8 0 namei 1024 11582 0 11581 4 3 1 1 0 8 0 percpumem 16 54 0 22 1 0 1 1 0 8 0 vcpupl 1984 7 0 0 1 0 1 1 0 8 0 vmpool 560 9 0 2 1 0 1 1 0 8 0 pfiaddrpl 120 33 0 23 2 1 1 1 0 8 0 scxspl 192 12098 0 12097 11 10 1 7 0 8 0 plimitpl 152 72 0 64 1 0 1 1 0 8 0 sigapl 424 1066 0 1033 4 0 4 4 0 8 0 futexpl 56 12897 0 12896 3 2 1 1 0 8 0 knotepl 112 172 0 153 1 0 1 1 0 8 0 kqueuepl 144 134 0 131 1 0 1 1 0 8 0 pipelkpl 48 206 0 195 1 0 1 1 0 8 0 pipepl 120 412 0 391 3 2 1 3 0 8 0 fdescpl 496 1049 0 1033 3 0 3 3 0 8 0 filepl 152 6933 0 6829 6 1 5 6 0 8 0 lockfpl 104 125 0 122 1 0 1 1 0 8 0 lockfspl 48 52 0 50 1 0 1 1 0 8 0 sessionpl 112 22 0 11 1 0 1 1 0 8 0 pgrppl 48 24 0 13 1 0 1 1 0 8 0 ucredpl 96 738 0 729 1 0 1 1 0 8 0 zombiepl 144 1033 0 1033 2 1 1 1 0 8 1 processpl 984 1066 0 1033 6 1 5 5 0 8 0 procpl 624 2896 0 2852 4 0 4 4 0 8 0 srpgc 64 2 0 2 1 1 0 1 0 8 0 sosppl 128 17 0 17 5 4 1 1 0 8 1 sockpl 400 2292 0 2272 7 4 3 4 0 8 1 mcl64k 65536 15 0 0 2 0 2 2 0 8 0 mcl16k 16384 3 0 0 1 0 1 1 0 8 0 mcl12k 12288 8 0 0 1 0 1 1 0 8 0 mcl9k 9216 7 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 11 0 0 2 0 2 2 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 166 0 0 20 0 20 20 0 8 0 mtagpl 96 58 0 0 2 0 2 2 0 8 0 mbufpl 256 327 0 0 18 0 18 18 0 8 0 bufpl 280 5347 0 140 372 0 372 372 0 8 0 anonpl 16 130732 0 113838 102 18 84 84 0 124 15 amapchunkpl 152 7172 0 7008 29 17 12 20 0 158 3 amappl16 192 5100 0 4193 82 29 53 58 0 8 7 amappl15 184 82 0 81 1 0 1 1 0 8 0 amappl14 176 417 0 413 1 0 1 1 0 8 0 amappl13 168 219 0 214 1 0 1 1 0 8 0 amappl12 160 436 0 434 1 0 1 1 0 8 0 amappl11 152 152 0 137 1 0 1 1 0 8 0 amappl10 144 128 0 121 1 0 1 1 0 8 0 amappl9 136 386 0 385 1 0 1 1 0 8 0 amappl8 128 427 0 392 2 0 2 2 0 8 0 amappl7 120 240 0 226 1 0 1 1 0 8 0 amappl6 112 23 0 20 1 0 1 1 0 8 0 amappl5 104 980 0 961 1 0 1 1 0 8 0 amappl4 96 703 0 675 1 0 1 1 0 8 0 amappl3 88 139 0 134 1 0 1 1 0 8 0 amappl2 80 7727 0 7658 2 0 2 2 0 8 0 amappl1 72 32977 0 32518 23 13 10 18 0 8 0 amappl 80 3216 0 3165 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 53 0 2 1 0 1 1 0 8 0 uaddrrnd 24 1058 0 1035 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1058 0 1035 1 0 1 1 0 8 0 vmmpekpl 168 11896 0 11860 2 0 2 2 0 8 0 vmmpepl 168 136689 0 134594 167 60 107 129 0 357 10 vmsppl 368 1057 0 1035 3 0 3 3 0 8 1 pdppl 4096 2123 0 2077 7 0 7 7 0 8 1 pvpl 32 363263 0 343424 238 39 199 199 0 265 36 pmappl 232 1057 0 1035 4 2 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 283 0 15 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace pool_cache_get(ffffffff82914d78) at pool_cache_get+0x1b1 pool_cache_item_magic_check sys/kern/subr_pool.c:1770 [inline] pool_cache_get(ffffffff82914d78) at pool_cache_get+0x1b1 sys/kern/subr_pool.c:1884 pool_get(ffffffff82914d78,2) at pool_get+0x91 sys/kern/subr_pool.c:572 m_clget(0,2,800) at m_clget+0x1c9 m_gethdr sys/kern/uipc_mbuf.c:283 [inline] m_clget(0,2,800) at m_clget+0x1c9 sys/kern/uipc_mbuf.c:400 vio_populate_rx_mbufs(ffff80000017b000) at vio_populate_rx_mbufs+0xf9 vio_add_rx_mbuf sys/dev/pv/if_vio.c:908 [inline] vio_populate_rx_mbufs(ffff80000017b000) at vio_populate_rx_mbufs+0xf9 sys/dev/pv/if_vio.c:951 vio_rx_intr(ffff80000017b050) at vio_rx_intr+0x69 intr_handler(ffff800020d91460,ffff800000255b80) at intr_handler+0x8f sys/arch/amd64/amd64/intr.c:536 Xintr_ioapic_edge19_untramp() at Xintr_ioapic_edge19_untramp+0x19f acpicpu_idle() at acpicpu_idle+0x331 sys/dev/acpi/acpicpu.c:1187 sched_idle(ffffffff82759ff0) at sched_idle+0x3f7 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020d70ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x331 sys/dev/acpi/acpicpu.c:1187 sched_idle(ffff800020d70ff0) at sched_idle+0x3f7 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5