uvm_fault(0xffffffff82562890, 0xfffffd000000001c, 0, 1) -> e kernel: page fault trap, code=0 Stopped at m_free+0x3b: movswq 0x1c(%r14),%rdx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff82562890, 0xfffffd000000001c, 0, 1) -> e m_free(fffffd0000000000) at m_free+0x3b sys/kern/uipc_mbuf.c:435 end trace frame: 0xffff800014924030, count: 0 ddb> trace m_free(fffffd0000000000) at m_free+0x3b sys/kern/uipc_mbuf.c:435 ml_purge(ffff800014924048) at ml_purge+0x50 m_freem sys/kern/uipc_mbuf.c:538 [inline] ml_purge(ffff800014924048) at ml_purge+0x50 sys/kern/uipc_mbuf.c:1628 ifq_purge(ffff800000a65a78) at ifq_purge+0x97 sys/net/ifq.c:423 tapclose(5d00,7,2000,ffff8000ffff29f8) at tapclose+0xed tun_dev_close sys/net/if_tun.c:417 [inline] tapclose(5d00,7,2000,ffff8000ffff29f8) at tapclose+0xed sys/net/if_tun.c:396 spec_close(ffff800014924160) at spec_close+0x311 sys/kern/spec_vnops.c:555 VOP_CLOSE(fffffd8037bf18f0,7,fffffd803f7c6720,ffff8000ffff29f8) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:175 vn_closefile(fffffd8037560258,ffff8000ffff29f8) at vn_closefile+0xd3 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd8037560258,ffff8000ffff29f8) at vn_closefile+0xd3 sys/kern/vfs_vnops.c:610 fdrop(fffffd8037560258,ffff8000ffff29f8) at fdrop+0xc2 sys/kern/kern_descrip.c:1273 closef(fffffd8037560258,ffff8000ffff29f8) at closef+0x118 sys/kern/kern_descrip.c:1257 fdfree(ffff8000ffff29f8) at fdfree+0x100 sys/kern/kern_descrip.c:1189 exit1(ffff8000ffff29f8,9,1) at exit1+0x32f sys/kern/kern_exit.c:196 postsig(ffff8000ffff29f8,9) at postsig+0x4a6 sigexit sys/kern/kern_sig.c:1499 [inline] postsig(ffff8000ffff29f8,9) at postsig+0x4a6 sys/kern/kern_sig.c:1431 userret(ffff8000ffff29f8) at userret+0x159 sys/kern/kern_sig.c:1889 syscall(ffff8000149245e0) at syscall+0x42e mi_syscall_return sys/sys/syscall_mi.h:115 [inline] syscall(ffff8000149245e0) at syscall+0x42e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffdaff0, count: -15 ddb> show registers rdi 0 rsi 0x7 rbp 0xffff800014923ff0 rbx 0 rdx 0xffffffff8258a6b0 mbpool+0x38 rcx 0xffffffff82559c60 mbstat_boot_boot_cpumem rax 0 r8 0 r9 0x5 r10 0x31c1ed8ad337db81 r11 0xf789d6298a1696bf r12 0xfffffd802e31a900 r13 0x2000 __ALIGN_SIZE+0x1000 r14 0xfffffd0000000000 r15 0xfffffd0000000000 rip 0xffffffff8194412b m_free+0x3b cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800014923fb0 ss 0x10 m_free+0x3b: movswq 0x1c(%r14),%rdx ddb> show proc PROC (syz-executor.0) pid=236447 stat=onproc flags process=a proc=2000 pri=32, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff3b40,0xffff8000ffff33e8 process=0xffff8000148a3b18 user=0xffff80001491f000, vmspace=0xfffffd803f011550 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 6571 252509 8214 0 3 0x82 wait syz-executor.1 71837 5791 1 0 3 0x100083 ttyin getty 37179 21222 0 0 3 0x14200 bored sosplice 8214 73340 99884 0 3 0x82 thrsleep syz-fuzzer 8214 293933 99884 0 2 0x4000002 syz-fuzzer 8214 358738 99884 0 3 0x4000082 thrsleep syz-fuzzer 8214 387763 99884 0 3 0x4000082 thrsleep syz-fuzzer 8214 85548 99884 0 2 0x4000002 syz-fuzzer 8214 273517 99884 0 2 0x4000082 syz-fuzzer 8214 224995 99884 0 3 0x4000082 thrsleep syz-fuzzer 8214 15953 99884 0 2 0x4000002 syz-fuzzer 99884 247118 19277 0 3 0x10008a pause ksh 19277 152444 80345 0 3 0x92 select sshd 80345 462681 1 0 3 0x80 select sshd 43863 77257 81955 73 2 0x100010 syslogd 81955 127469 1 0 3 0x100082 netio syslogd 88921 298470 0 0 2 0x14200 zerothread 17671 509126 0 0 3 0x14200 aiodoned aiodoned 20668 263988 0 0 3 0x14200 syncer update 17775 83658 0 0 3 0x14200 cleaner cleaner 82183 575 0 0 2 0x14200 reaper 66431 457809 0 0 3 0x14200 pgdaemon pagedaemon 23866 523263 0 0 3 0x14200 bored crynlk 21029 207234 0 0 3 0x14200 bored crypto 22314 81139 0 0 3 0x40014200 acpi0 acpi0 92740 361360 0 0 2 0x14200 softnet 55896 479475 0 0 3 0x14200 bored systqmp 21635 352875 0 0 3 0x14200 bored systq 69372 193830 0 0 3 0x40014200 bored softclock 15709 189355 0 0 3 0x40014200 idle0 12085 80438 0 0 3 0x14200 bored smr 1 170179 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9550 6311K 8175K 78643K 20779 0 0 pcb 13 9K 9K 78643K 1065 0 0 rtable 104 4K 5K 78643K 903 0 0 ifaddr 108 20K 21K 78643K 480 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 106 0 0 iov 0 0K 28K 78643K 392 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1240 78K 78K 78643K 4133 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 40 0 0 VM map 24 6K 6K 78643K 30 0 0 sem 12 1K 1K 78643K 121 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1794 195K 288K 78643K 12646 0 0 file desc 4 9K 25K 78643K 1881 0 0 sigio 0 0K 0K 78643K 30 0 0 proc 44 30K 63K 78643K 720 0 0 subproc 23 1K 2K 78643K 140 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 258 0 0 in_multi 82 4K 4K 78643K 273 0 0 ether_multi 1 0K 0K 78643K 17 0 0 mrt 0 0K 0K 78643K 10 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 84 371K 371K 78643K 84 0 0 exec 0 0K 1K 78643K 456 0 0 pfkey data 0 0K 0K 78643K 8 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 144 188K 190K 78643K 5424 0 0 UVM aobj 130 8K 8K 78643K 138 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 836 0 0 NDP 19 0K 0K 78643K 114 0 0 temp 162 3539K 3611K 78643K 35369 0 0 kqueue 0 0K 0K 78643K 24 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 29 0 21 1 0 1 1 0 8 0 rtpcb 80 472 0 472 2 2 0 1 0 8 0 rtentry 112 183 0 144 2 0 2 2 0 8 0 unpcb 120 2044 0 2037 3 2 1 2 0 8 0 syncache 264 14 0 14 6 6 0 1 0 8 0 tcpqe 32 80 0 80 3 3 0 1 0 8 0 tcpcb 544 765 0 761 4 2 2 2 0 8 1 ipq 40 24 0 24 6 6 0 1 0 8 0 ipqe 40 703 0 703 6 6 0 1 0 8 0 inpcb 280 2928 0 2924 11 10 1 4 0 8 0 rttmr 72 2 0 2 2 2 0 1 0 8 0 nd6 48 30 0 28 1 0 1 1 0 8 0 pkpcb 40 19 0 19 5 5 0 1 0 8 0 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 44 0 44 10 10 0 1 0 8 0 art_heap8 4096 4 0 2 4 2 2 4 0 8 0 art_heap4 256 1013 0 784 19 3 16 19 0 8 0 art_table 32 1017 0 786 3 0 3 3 0 8 0 art_node 16 182 0 145 1 0 1 1 0 8 0 sysvmsgpl 40 26 0 17 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 118 0 108 1 0 1 1 0 8 0 shmpl 112 136 0 8 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 4234 0 2842 46 0 46 46 0 8 0 ffsino 240 4234 0 2842 83 0 83 83 0 8 0 nchpl 144 7635 0 7215 60 40 20 60 0 8 0 uvmvnodes 72 5930 0 0 108 0 108 108 0 8 0 vnodes 208 5930 0 0 313 0 313 313 0 8 0 namei 1024 25059 0 25059 3 3 0 1 0 8 0 vcpupl 1984 22 0 0 3 0 3 3 0 8 0 vmpool 520 28 0 6 2 0 2 2 0 8 0 scsiplug 64 1 0 1 1 1 0 1 0 8 0 scxspl 192 23415 0 23415 17 16 1 7 0 8 1 plimitpl 152 189 0 182 1 0 1 1 0 8 0 sigapl 432 2034 0 2024 2 0 2 2 0 8 0 futexpl 56 62017 0 62017 4 4 0 1 0 8 0 knotepl 112 453 0 434 3 2 1 3 0 8 0 kqueuepl 104 871 0 869 1 0 1 1 0 8 0 pipepl 128 1206 0 1188 9 8 1 2 0 8 0 fdescpl 424 2035 0 2024 2 0 2 2 0 8 0 filepl 120 19597 0 19523 12 9 3 5 0 8 0 lockfpl 104 602 0 602 1 1 0 1 0 8 0 lockfspl 48 200 0 200 1 1 0 1 0 8 0 sessionpl 112 24 0 16 1 0 1 1 0 8 0 pgrppl 48 44 0 36 1 0 1 1 0 8 0 ucredpl 96 1991 0 1983 1 0 1 1 0 8 0 zombiepl 144 2026 0 2023 2 1 1 1 0 8 0 processpl 864 2051 0 2023 4 0 4 4 0 8 0 procpl 632 4337 0 4301 4 0 4 4 0 8 0 sosppl 128 34 0 34 8 8 0 1 0 8 0 sockpl 384 5493 0 5482 26 24 2 7 0 8 0 mcl64k 65536 226 0 226 11 11 0 3 0 8 0 mcl16k 16384 28 0 28 7 7 0 1 0 8 0 mcl12k 12288 72 0 72 6 6 0 1 0 8 0 mcl9k 9216 29 0 29 7 7 0 1 0 8 0 mcl8k 8192 115 0 115 5 5 0 1 0 8 0 mcl4k 4096 221 0 221 4 4 0 1 0 8 0 mcl2k2 2112 22 0 22 4 4 0 1 0 8 0 mcl2k 2048 73148 0 73105 17 10 7 14 0 8 0 mtagpl 80 112 0 64 3 1 2 2 0 8 0 mbufpl 256 134611 0 134376 111 94 17 33 0 8 0 bufpl 256 12285 0 6236 379 0 379 379 0 8 0 anonpl 16 264567 0 238834 159 55 104 104 0 62 0 amapchunkpl 152 9890 0 9447 42 24 18 18 0 158 0 amappl16 192 12563 0 11387 144 85 59 71 0 8 0 amappl15 184 612 0 611 2 1 1 1 0 8 0 amappl14 176 183 0 177 1 0 1 1 0 8 0 amappl13 168 741 0 738 1 0 1 1 0 8 0 amappl12 160 8 0 6 2 1 1 1 0 8 0 amappl11 152 301 0 295 1 0 1 1 0 8 0 amappl10 144 187 0 182 1 0 1 1 0 8 0 amappl9 136 866 0 862 1 0 1 1 0 8 0 amappl8 128 456 0 414 2 0 2 2 0 8 0 amappl7 120 236 0 228 1 0 1 1 0 8 0 amappl6 112 294 0 281 1 0 1 1 0 8 0 amappl5 104 208 0 201 1 0 1 1 0 8 0 amappl4 96 2933 0 2902 1 0 1 1 0 8 0 amappl3 88 376 0 368 1 0 1 1 0 8 0 amappl2 80 15481 0 15412 3 1 2 3 0 8 0 amappl1 72 44912 0 44501 26 16 10 20 0 8 0 amappl 80 4701 0 4645 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 137 0 8 3 0 3 3 0 8 0 uaddrrnd 24 2063 0 2023 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2063 0 2023 1 0 1 1 0 8 0 vmmpekpl 168 16804 0 16774 2 0 2 2 0 8 0 vmmpepl 168 253707 0 251369 237 131 106 145 0 357 0 vmsppl 272 2034 0 2022 2 1 1 2 0 8 0 pdppl 4096 4132 0 4078 8 1 7 7 0 8 0 pvpl 32 688195 0 663940 418 94 324 339 0 265 119 pmappl 200 2062 0 2028 2 0 2 2 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 662 0 145 15 0 15 15 0 8 0