uvm_fault(0xfffffd80572bd990, 0x46241a, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd80572bd990, 0x46241a, 0, 1) -> e pool_do_put(ffffffff8258b0b0,fffffd80542d5500) at pool_do_put+0x12e sys/kern/subr_pool.c:844 end trace frame: 0xffff800020477fe0, count: 0 ddb> trace pool_do_put(ffffffff8258b0b0,fffffd80542d5500) at pool_do_put+0x12e sys/kern/subr_pool.c:844 pool_put(ffffffff8258b0b0,fffffd80542d5500) at pool_put+0x4b sys/kern/subr_pool.c:802 m_free(fffffd80542d5500) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a51900,800100,ffff800000a51940,0) at rt_ifa_del+0x402 sys/net/route.c:1196 in_purgeaddr(ffff800000a51900) at in_purgeaddr+0xc6 in_remove_prefix sys/netinet/in.c:812 [inline] in_purgeaddr(ffff800000a51900) at in_purgeaddr+0xc6 in_ifscrub sys/netinet/in.c:636 [inline] in_purgeaddr(ffff800000a51900) at in_purgeaddr+0xc6 sys/netinet/in.c:752 in_ifdetach(ffff800000a12000) at in_ifdetach+0x74 sys/netinet/in.c:969 if_detach(ffff800000a12000) at if_detach+0x140 sys/net/if.c:1151 tun_clone_destroy(ffff800000a12000) at tun_clone_destroy+0x14c sys/net/if_tun.c:320 spec_close(ffff800020478370) at spec_close+0x311 sys/kern/spec_vnops.c:555 VOP_CLOSE(fffffd8067023d00,7,fffffd806c3bea80,ffff8000ffff3650) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:175 vn_closefile(fffffd805604e628,ffff8000ffff3650) at vn_closefile+0xd3 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd805604e628,ffff8000ffff3650) at vn_closefile+0xd3 sys/kern/vfs_vnops.c:610 fdrop(fffffd805604e628,ffff8000ffff3650) at fdrop+0xc2 sys/kern/kern_descrip.c:1271 closef(fffffd805604e628,ffff8000ffff3650) at closef+0x118 sys/kern/kern_descrip.c:1255 fdfree(ffff8000ffff3650) at fdfree+0x100 sys/kern/kern_descrip.c:1187 exit1(ffff8000ffff3650,0,19,1) at exit1+0x334 sys/kern/kern_exit.c:196 postsig(ffff8000ffff3650,19) at postsig+0x4a8 sigexit sys/kern/kern_sig.c:1476 [inline] postsig(ffff8000ffff3650,19) at postsig+0x4a8 sys/kern/kern_sig.c:1408 userret(ffff8000ffff3650) at userret+0x159 sys/kern/kern_sig.c:1860 Xsyscall() at Xsyscall+0x156 end of kernel end trace frame: 0x7f7fffffa3b0, count: -18 ddb> show registers rdi 0 rsi 0x462412 acpi_pdirpa+0x44e27a rbp 0xffff800020477f90 rbx 0x462412 acpi_pdirpa+0x44e27a rdx 0xffff800020477ee0 rcx 0x1000 __ALIGN_SIZE rax 0 r8 0x4 r9 0x1 r10 0x2c149b1a371ea35 r11 0x3afc27bff8944007 r12 0xfffffd80542d5500 r13 0xcdd444531a462412 r14 0xffffffff8258b0b0 mbpool r15 0xfffffd8055f25258 rip 0xffffffff81f9118e pool_do_put+0x12e cs 0x8 rflags 0x10296 __ALIGN_SIZE+0xf296 rsp 0xffff800020477ee0 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) pid=258571 stat=onproc flags process=a proc=2000 pri=17, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff84f8,0xffff8000ffff2a08 process=0xffff8000ffff6d90 user=0xffff800020473000, vmspace=0xfffffd80572bd990 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 78051 487852 37361 0 2 0 syz-executor.1 78051 187942 37361 0 2 0x4000000 syz-executor.1 78051 2783 37361 0 2 0x4000000 syz-executor.1 45938 269355 1 0 3 0x100083 ttyin getty 37361 378908 54386 0 3 0x82 nanosleep syz-executor.1 32446 33973 0 0 3 0x14200 bored sosplice 54386 506525 97619 0 3 0x82 thrsleep syz-fuzzer 54386 155549 97619 0 3 0x4000082 nanosleep syz-fuzzer 54386 495485 97619 0 3 0x4000082 thrsleep syz-fuzzer 54386 278999 97619 0 3 0x4000082 thrsleep syz-fuzzer 54386 278531 97619 0 3 0x4000082 thrsleep syz-fuzzer 54386 466908 97619 0 2 0x4000082 syz-fuzzer 54386 117768 97619 0 3 0x4000082 thrsleep syz-fuzzer 54386 153851 97619 0 3 0x4000082 thrsleep syz-fuzzer 97619 111812 42745 0 3 0x10008a pause ksh 42745 176233 8485 0 2 0x92 sshd 8485 30890 1 0 2 0x80 sshd 50623 255283 69509 73 3 0x100090 kqread syslogd 69509 437522 1 0 3 0x100082 netio syslogd 84501 132968 1 77 2 0x100090 dhclient 10492 196414 1 0 2 0x80 dhclient 52061 129069 0 0 2 0x14200 zerothread 90119 91597 0 0 3 0x14200 aiodoned aiodoned 41418 400210 0 0 3 0x14200 syncer update 92340 306365 0 0 3 0x14200 cleaner cleaner 9023 424891 0 0 3 0x14200 reaper reaper 75204 176060 0 0 3 0x14200 pgdaemon pagedaemon 69102 521444 0 0 3 0x14200 bored crynlk 76737 386519 0 0 3 0x14200 bored crypto 85200 320941 0 0 3 0x40014200 acpi0 acpi0 96296 131735 0 0 2 0x14200 softnet 87275 45234 0 0 3 0x14200 bored systqmp 91232 237326 0 0 3 0x14200 bored systq 28155 224964 0 0 3 0x40014200 bored softclock 34271 286818 0 0 3 0x40014200 idle0 77721 112979 0 0 3 0x14200 bored smr 1 522718 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9549 6505K 7073K 78643K 12171 0 pcb 13 8K 8K 78643K 147 0 rtable 84 11K 12K 78643K 522 0 ifaddr 109 19K 21K 78643K 214 0 counters 19 16K 16K 78643K 19 0 ioctlops 0 0K 2K 78643K 70 0 iov 0 0K 24K 78643K 149 0 mount 1 1K 1K 78643K 1 0 vnodes 1217 76K 77K 78643K 1734 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 9 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 1K 78643K 122 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 5 13K 25K 78643K 676 0 sigio 0 0K 0K 78643K 15 0 proc 51 38K 55K 78643K 543 0 subproc 23 1K 2K 78643K 85 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 1K 78643K 97 0 in_multi 99 4K 5K 78643K 216 0 ether_multi 1 0K 0K 78643K 25 0 mrt 0 0K 0K 78643K 5 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 61 281K 281K 78643K 61 0 exec 0 0K 1K 78643K 305 0 pfkey data 0 0K 0K 78643K 15 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 122 103K 103K 78643K 2534 0 UVM aobj 37 2K 2K 78643K 44 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 115 0 NDP 18 0K 0K 78643K 42 0 temp 155 3015K 3079K 78643K 15246 0 kqueue 3 4K 20K 78643K 67 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 16 0 12 1 0 1 1 0 8 0 rtpcb 80 99 0 97 1 0 1 1 0 8 0 rtentry 112 95 0 66 2 0 2 2 0 8 0 unpcb 120 612 0 603 1 0 1 1 0 8 0 syncache 264 15 0 15 5 4 1 1 0 8 1 tcpqe 32 407 0 407 4 3 1 1 0 8 1 tcpcb 544 331 0 326 2 1 1 2 0 8 0 ipq 40 6 0 6 4 4 0 1 0 8 0 ipqe 40 104 0 104 4 4 0 1 0 8 0 inpcb 280 1847 0 1839 5 2 3 3 0 8 2 rttmr 72 1 0 1 1 1 0 1 0 8 0 ip6q 72 2 0 2 1 0 1 1 0 8 1 ip6af 40 6 0 6 1 0 1 1 0 8 1 nd6 48 11 0 11 1 0 1 1 0 8 1 pkpcb 40 951 0 951 2 1 1 1 0 8 1 swfcl 56 3 0 0 1 0 1 1 0 8 0 ppxss 1128 7 0 7 5 4 1 1 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 423 0 276 16 0 16 16 0 8 4 art_table 32 425 0 276 2 0 2 2 0 8 0 art_node 16 94 0 67 1 0 1 1 0 8 0 sysvmsgpl 40 32 0 18 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 120 0 110 1 0 1 1 0 8 0 shmpl 112 42 0 7 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2358 0 960 46 0 46 46 0 8 0 ffsino 240 2358 0 960 83 0 83 83 0 8 0 nchpl 144 3545 0 1954 60 0 60 60 0 8 0 uvmvnodes 72 2796 0 0 51 0 51 51 0 8 0 vnodes 208 2796 0 0 148 0 148 148 0 8 0 namei 1024 10450 0 10450 2 1 1 1 0 8 1 vcpupl 1984 9 0 0 2 0 2 2 0 8 0 vmpool 528 9 0 0 1 0 1 1 0 8 0 scxspl 192 15246 0 15246 1 0 1 1 0 8 1 plimitpl 152 76 0 69 1 0 1 1 0 8 0 sigapl 432 839 0 826 2 0 2 2 0 8 0 futexpl 56 18210 0 18210 2 1 1 1 0 8 1 knotepl 112 200 0 181 2 0 2 2 0 8 1 kqueuepl 104 154 0 152 1 0 1 1 0 8 0 pipelkpl 16 264 0 254 1 0 1 1 0 8 0 pipepl 120 528 0 510 1 0 1 1 0 8 0 fdescpl 432 840 0 826 2 0 2 2 0 8 0 filepl 120 7656 0 7569 8 3 5 5 0 8 2 lockfpl 104 190 0 189 1 0 1 1 0 8 0 lockfspl 48 65 0 64 1 0 1 1 0 8 0 sessionpl 112 21 0 11 1 0 1 1 0 8 0 pgrppl 48 29 0 19 1 0 1 1 0 8 0 ucredpl 96 689 0 682 1 0 1 1 0 8 0 zombiepl 144 827 0 826 1 0 1 1 0 8 0 processpl 864 855 0 826 4 0 4 4 0 8 0 procpl 632 1660 0 1622 4 0 4 4 0 8 0 sosppl 128 11 0 11 2 1 1 1 0 8 1 sockpl 400 3578 0 3559 16 9 7 8 0 8 4 mcl64k 65536 327 0 327 33 32 1 33 0 8 1 mcl16k 16384 12 0 12 2 1 1 1 0 8 1 mcl12k 12288 20 0 20 4 3 1 1 0 8 1 mcl9k 9216 15 0 15 3 2 1 1 0 8 1 mcl8k 8192 25 0 25 4 3 1 1 0 8 1 mcl4k 4096 74 0 74 3 2 1 1 0 8 1 mcl2k2 2112 2 0 2 1 0 1 1 0 8 1 mcl2k 2048 64141 0 64083 22 13 9 18 0 8 1 mtagpl 80 77 0 75 2 1 1 1 0 8 0 mbufpl 256 107996 0 107918 54 39 15 32 0 8 3 mbufpl: pool(0xffffffff8258b0b0:mbufpl): free list modified: page 0xfffffd80542d5000; item ordinal 3; addr 0xfffffd80542d5600 (p 0xfffffd8055f25000); offset 0x0=0x0 mbufpl: pool(0xffffffff8258b0b0:mbufpl): page inconsistency: page 0xfffffd80542d5000; item ordinal 4; addr 0x462412 bufpl 280 10193 0 3746 461 0 461 461 0 8 0 anonpl 16 96110 0 79956 87 16 71 79 0 107 5 amapchunkpl 152 4255 0 4125 22 14 8 16 0 158 1 amappl16 192 4080 0 3191 62 13 49 53 0 8 4 amappl15 184 57 0 53 1 0 1 1 0 8 0 amappl14 176 288 0 286 1 0 1 1 0 8 0 amappl13 168 57 0 57 1 1 0 1 0 8 0 amappl12 160 74 0 72 1 0 1 1 0 8 0 amappl11 152 64 0 52 1 0 1 1 0 8 0 amappl10 144 261 0 257 1 0 1 1 0 8 0 amappl9 136 611 0 608 1 0 1 1 0 8 0 amappl8 128 132 0 109 1 0 1 1 0 8 0 amappl7 120 351 0 337 1 0 1 1 0 8 0 amappl6 112 58 0 51 1 0 1 1 0 8 0 amappl5 104 215 0 202 1 0 1 1 0 8 0 amappl4 96 1131 0 1099 1 0 1 1 0 8 0 amappl3 88 146 0 139 1 0 1 1 0 8 0 amappl2 80 5797 0 5723 3 1 2 3 0 8 0 amappl1 72 25159 0 24737 27 18 9 20 0 8 0 amappl 80 1938 0 1892 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 43 0 7 1 0 1 1 0 8 0 uaddrrnd 24 849 0 826 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 849 0 826 1 0 1 1 0 8 0 vmmpekpl 168 9639 0 9611 2 0 2 2 0 8 0 vmmpepl 168 107169 0 105133 148 50 98 138 0 357 6 vmsppl 272 848 0 826 4 2 2 2 0 8 0 pdppl 4096 1704 0 1661 7 1 6 6 0 8 0 pvpl 32 327212 0 308462 290 50 240 290 0 265 88 pmappl 200 848 0 826 2 0 2 2 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 255 0 106 6 0 6 6 0 8 0