uvm_fault(0xffffffff827e41d8, 0xfffffd000000001c, 0, 1) -> e kernel: page fault trap, code=0 Stopped at m_free+0x3b: movswq 0x1c(%r14),%rdx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff827e41d8, 0xfffffd000000001c, 0, 1) -> e m_free(fffffd0000000000) at m_free+0x3b sys/kern/uipc_mbuf.c:435 end trace frame: 0xffff80001f8639f0, count: 0 ddb> trace m_free(fffffd0000000000) at m_free+0x3b sys/kern/uipc_mbuf.c:435 ml_purge(ffff80001f863a08) at ml_purge+0x50 m_freem sys/kern/uipc_mbuf.c:538 [inline] ml_purge(ffff80001f863a08) at ml_purge+0x50 sys/kern/uipc_mbuf.c:1628 ifq_purge(ffff800000acea78) at ifq_purge+0x97 sys/net/ifq.c:462 tun_dev_close(5d01,7) at tun_dev_close+0xc8 sys/net/if_tun.c:460 spec_close(ffff80001f863b30) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd805d7a8a90,7,fffffd806c3bfa80,ffff80001d6ce3a0) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174 vn_closefile(fffffd80572f1d30,ffff80001d6ce3a0) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd80572f1d30,ffff80001d6ce3a0) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614 fdrop(fffffd80572f1d30,ffff80001d6ce3a0) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd80572f1d30,ffff80001d6ce3a0) at closef+0x117 sys/kern/kern_descrip.c:1263 fdfree(ffff80001d6ce3a0) at fdfree+0x100 sys/kern/kern_descrip.c:1195 exit1(ffff80001d6ce3a0,0,0,1) at exit1+0x32c sys/kern/kern_exit.c:197 sys_exit(ffff80001d6ce3a0,ffff80001f863dc0,ffff80001f863e10) at sys_exit+0x16 sys/kern/kern_exit.c:95 syscall(ffff80001f863e90) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffed520, count: -14 ddb> show registers rdi 0 rsi 0x7 rbp 0xffff80001f8639b0 rbx 0 rdx 0xffff80001f863860 rcx 0xffffffff827e4920 mbstat_boot_boot_cpumem rax 0 r8 0xffffffff816949b2 spec_close+0x52 r9 0x5 r10 0xa5b8d093514dcdc2 r11 0x8d00f516e0846b0a r12 0xfffffd80597e6c00 r13 0x2000 __ALIGN_SIZE+0x1000 r14 0xfffffd0000000000 r15 0xfffffd0000000000 rip 0xffffffff821c458b m_free+0x3b cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80001f863970 ss 0x10 m_free+0x3b: movswq 0x1c(%r14),%rdx ddb> show proc PROC (syz-executor.1) pid=457253 stat=onproc flags process=1008 proc=2000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6ce880,0xffff80001d6ce620 process=0xffff80001f8383d0 user=0xffff80001f85e000, vmspace=0xfffffd8067c24880 estcpu=36, cpticks=14, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 56606 461364 46940 0 2 0 syz-executor.0 56606 381452 46940 0 3 0x4000080 fsleep syz-executor.0 56606 401544 46940 0 3 0x4000080 fsleep syz-executor.0 60685 282917 0 0 3 0x14280 nfsidl nfsio 97711 207063 0 0 3 0x14280 nfsidl nfsio 3671 214861 0 0 3 0x14280 nfsidl nfsio 1556 48031 0 0 3 0x14280 nfsidl nfsio 1926 44753 0 0 3 0x14280 nfsidl nfsio 79631 439267 0 0 3 0x14280 nfsidl nfsio 87289 161410 0 0 3 0x14280 nfsidl nfsio 64575 113871 0 0 3 0x14280 nfsidl nfsio 51751 164161 0 0 3 0x14280 nfsidl nfsio 47114 63063 0 0 3 0x14280 nfsidl nfsio 27786 430894 0 0 3 0x14280 nfsidl nfsio 48365 485475 0 0 3 0x14280 nfsidl nfsio 71933 114815 0 0 3 0x14280 nfsidl nfsio 14414 456940 0 0 3 0x14280 nfsidl nfsio 53744 311597 0 0 3 0x14280 nfsidl nfsio 83657 107638 0 0 3 0x14280 nfsidl nfsio 10890 176133 0 0 3 0x14280 nfsidl nfsio 78833 376343 0 0 3 0x14280 nfsidl nfsio 50702 283252 0 0 3 0x14280 nfsidl nfsio 71769 29704 0 0 3 0x14280 nfsidl nfsio 46940 294412 54673 0 3 0x82 nanosleep syz-executor.0 79592 190101 0 0 3 0x14200 acct acct 22859 57749 0 0 3 0x14200 bored sosplice 54673 338378 46161 0 3 0x82 thrsleep syz-fuzzer 54673 136979 46161 0 3 0x4000082 thrsleep syz-fuzzer 54673 221437 46161 0 2 0x4000082 syz-fuzzer 54673 371814 46161 0 3 0x4000082 thrsleep syz-fuzzer 54673 511650 46161 0 3 0x4000082 thrsleep syz-fuzzer 54673 59938 46161 0 3 0x4000082 thrsleep syz-fuzzer 54673 368293 46161 0 3 0x4000082 thrsleep syz-fuzzer 54673 11414 46161 0 3 0x4000082 thrsleep syz-fuzzer 46161 378196 93123 0 3 0x10008a pause ksh 93123 522805 62984 0 3 0x92 select sshd 51154 187881 1 0 3 0x100083 ttyin getty 62984 94705 1 0 3 0x80 select sshd 49742 405553 48203 73 3 0x100090 kqread syslogd 48203 333677 1 0 3 0x100082 netio syslogd 90267 68089 1 77 3 0x100090 poll dhclient 44837 171924 1 0 3 0x80 poll dhclient 2383 83445 0 0 3 0x14200 bored smr 61897 236037 0 0 2 0x14200 zerothread 45238 200348 0 0 3 0x14200 aiodoned aiodoned 44028 205943 0 0 3 0x14200 syncer update 61124 341264 0 0 3 0x14200 cleaner cleaner 71234 333040 0 0 3 0x14200 reaper reaper 3566 63596 0 0 3 0x14200 pgdaemon pagedaemon 10485 131268 0 0 3 0x14200 bored crynlk 88954 332093 0 0 3 0x14200 bored crypto 78677 514520 0 0 3 0x40014200 acpi0 acpi0 33555 133255 0 0 3 0x14200 bored softnet 91749 163710 0 0 3 0x14200 bored systqmp 68491 124778 0 0 3 0x14200 bored systq 53348 517372 0 0 3 0x40014200 bored softclock 74540 30232 0 0 3 0x40014200 idle0 1 480245 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9526 6369K 6756K 78643K 11774 0 pcb 13 8K 8K 78643K 140 0 rtable 123 19K 20K 78643K 1045 0 ifaddr 107 21K 22K 78643K 362 0 counters 21 16K 16K 78643K 40 0 ioctlops 0 0K 4K 78643K 145 0 iov 0 0K 16K 78643K 143 0 mount 1 1K 1K 78643K 1 0 vnodes 1221 77K 77K 78643K 1593 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 13 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 1K 78643K 170 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 733 0 sigio 0 0K 0K 78643K 51 0 proc 52 38K 55K 78643K 468 0 subproc 23 1K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 65 0 in_multi 81 3K 4K 78643K 265 0 ether_multi 1 0K 0K 78643K 25 0 mrt 0 0K 0K 78643K 18 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 259 0 pfkey data 0 0K 1K 78643K 2 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 141 72K 73K 78643K 2700 0 UVM aobj 16 2K 2K 78643K 34 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 116 0 NDP 15 0K 0K 78643K 61 0 temp 140 3878K 3942K 78643K 24366 0 kqueue 3 4K 8K 78643K 28 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 9 0 2 1 0 1 1 0 8 0 rtpcb 80 77 0 75 1 0 1 1 0 8 0 rtentry 112 130 0 99 2 0 2 2 0 8 0 unpcb 120 280 0 271 1 0 1 1 0 8 0 syncache 264 18 0 18 6 6 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 253 0 253 3 3 0 1 0 8 0 tcpcb 544 300 0 296 1 0 1 1 0 8 0 ipq 40 3 0 3 2 2 0 1 0 8 0 ipqe 40 49 0 49 2 2 0 1 0 8 0 inpcb 296 822 0 815 7 5 2 2 0 8 1 rttmr 72 7 0 7 3 2 1 1 0 8 1 nd6 48 33 0 31 1 0 1 1 0 8 0 pkpcb 40 4 0 4 2 1 1 1 0 8 1 ppxss 1128 1 0 1 1 0 1 1 0 8 1 pfstscr 40 1 0 1 1 1 0 1 0 8 0 pfrktable 1344 227 0 211 5 3 2 2 0 8 0 pftag 88 24 0 20 1 0 1 1 0 8 0 pfqueue 264 2 0 2 1 1 0 1 0 8 0 pfstkey 112 4 0 4 2 2 0 1 0 8 0 pfstate 328 2 0 2 2 2 0 1 0 8 0 pfrule 1360 65 0 39 3 0 3 3 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 708 0 559 13 3 10 13 0 8 0 art_table 32 709 0 559 2 0 2 2 0 8 0 art_node 16 124 0 98 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 3 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 166 0 156 1 0 1 1 0 8 0 shmpl 112 32 0 18 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2438 0 1043 88 0 88 88 0 8 0 ffsino 240 2438 0 1043 83 0 83 83 0 8 0 nchpl 144 3648 0 2069 60 0 60 60 0 8 0 uvmvnodes 72 2724 0 0 50 0 50 50 0 8 0 vnodes 208 2724 0 0 144 0 144 144 0 8 0 namei 1024 11082 0 11082 3 2 1 1 0 8 1 vcpupl 1984 4 0 0 1 0 1 1 0 8 0 vmpool 528 7 0 3 1 0 1 1 0 8 0 pfiaddrpl 120 88 0 70 1 0 1 1 0 8 0 scxspl 192 11666 0 11666 2 1 1 1 0 8 1 plimitpl 152 70 0 63 1 0 1 1 0 8 0 sigapl 424 938 0 888 6 0 6 6 0 8 0 futexpl 56 16557 0 16555 2 1 1 1 0 8 0 knotepl 112 112 0 93 1 0 1 1 0 8 0 kqueuepl 144 102 0 100 1 0 1 1 0 8 0 pipepl 272 155 0 143 1 0 1 1 0 8 0 fdescpl 432 902 0 888 2 0 2 2 0 8 0 filepl 120 5941 0 5856 5 1 4 4 0 8 0 lockfpl 104 140 0 139 1 0 1 1 0 8 0 lockfspl 48 52 0 51 1 0 1 1 0 8 0 sessionpl 112 18 0 8 1 0 1 1 0 8 0 pgrppl 48 24 0 14 1 0 1 1 0 8 0 ucredpl 96 604 0 597 1 0 1 1 0 8 0 zombiepl 144 889 0 887 2 1 1 1 0 8 0 processpl 920 938 0 887 8 1 7 7 0 8 0 procpl 624 1942 0 1882 5 0 5 5 0 8 0 sosppl 128 5 0 5 3 3 0 1 0 8 0 sockpl 400 1188 0 1170 6 3 3 4 0 8 0 mcl64k 65536 294 0 294 32 30 2 29 0 8 2 mcl16k 16384 4 0 4 4 3 1 1 0 8 1 mcl12k 12288 22 0 22 5 4 1 1 0 8 1 mcl9k 9216 15 0 15 4 4 0 1 0 8 0 mcl8k 8192 31 0 31 5 4 1 1 0 8 1 mcl4k 4096 67 0 67 5 4 1 1 0 8 1 mcl2k2 2112 7 0 7 4 3 1 1 0 8 1 mcl2k 2048 75867 0 75808 21 12 9 17 0 8 1 mtagpl 96 92 0 19 3 1 2 2 0 8 0 mbufpl 256 126883 0 126553 59 31 28 40 0 8 0 bufpl 280 5359 0 128 374 0 374 374 0 8 0 anonpl 16 101276 0 85010 100 18 82 82 0 107 14 amapchunkpl 152 4796 0 4644 24 13 11 20 0 158 4 amappl16 192 4741 0 3802 72 17 55 59 0 8 7 amappl15 184 184 0 183 1 0 1 1 0 8 0 amappl14 176 25 0 19 1 0 1 1 0 8 0 amappl13 168 42 0 38 1 0 1 1 0 8 0 amappl12 160 12 0 9 1 0 1 1 0 8 0 amappl11 152 52 0 43 1 0 1 1 0 8 0 amappl10 144 196 0 187 1 0 1 1 0 8 0 amappl9 136 699 0 697 1 0 1 1 0 8 0 amappl8 128 369 0 326 2 0 2 2 0 8 0 amappl7 120 291 0 277 1 0 1 1 0 8 0 amappl6 112 23 0 20 1 0 1 1 0 8 0 amappl5 104 837 0 824 1 0 1 1 0 8 0 amappl4 96 448 0 418 1 0 1 1 0 8 0 amappl3 88 127 0 122 1 0 1 1 0 8 0 amappl2 80 6541 0 6473 2 0 2 2 0 8 0 amappl1 72 25647 0 25199 24 15 9 17 0 8 0 amappl 80 2170 0 2120 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 33 0 18 1 0 1 1 0 8 0 uaddrrnd 24 909 0 891 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 909 0 891 1 0 1 1 0 8 0 vmmpekpl 168 9333 0 9292 2 0 2 2 0 8 0 vmmpepl 168 112960 0 110861 165 65 100 130 0 357 7 vmsppl 272 908 0 891 4 2 2 2 0 8 0 pdppl 4096 1824 0 1786 8 2 6 6 0 8 1 pvpl 32 289789 0 270365 226 34 192 192 0 265 30 pmappl 200 908 0 891 2 0 2 2 0 8 1 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 347 0 98 9 0 9 9 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace m_free(fffffd0000000000) at m_free+0x3b sys/kern/uipc_mbuf.c:435 ml_purge(ffff80001f863a08) at ml_purge+0x50 m_freem sys/kern/uipc_mbuf.c:538 [inline] ml_purge(ffff80001f863a08) at ml_purge+0x50 sys/kern/uipc_mbuf.c:1628 ifq_purge(ffff800000acea78) at ifq_purge+0x97 sys/net/ifq.c:462 tun_dev_close(5d01,7) at tun_dev_close+0xc8 sys/net/if_tun.c:460 spec_close(ffff80001f863b30) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd805d7a8a90,7,fffffd806c3bfa80,ffff80001d6ce3a0) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174 vn_closefile(fffffd80572f1d30,ffff80001d6ce3a0) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd80572f1d30,ffff80001d6ce3a0) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614 fdrop(fffffd80572f1d30,ffff80001d6ce3a0) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd80572f1d30,ffff80001d6ce3a0) at closef+0x117 sys/kern/kern_descrip.c:1263 fdfree(ffff80001d6ce3a0) at fdfree+0x100 sys/kern/kern_descrip.c:1195 exit1(ffff80001d6ce3a0,0,0,1) at exit1+0x32c sys/kern/kern_exit.c:197 sys_exit(ffff80001d6ce3a0,ffff80001f863dc0,ffff80001f863e10) at sys_exit+0x16 sys/kern/kern_exit.c:95 syscall(ffff80001f863e90) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffed520, count: -14 ddb> machine ddbcpu 1 No such command ddb> trace m_free(fffffd0000000000) at m_free+0x3b sys/kern/uipc_mbuf.c:435 ml_purge(ffff80001f863a08) at ml_purge+0x50 m_freem sys/kern/uipc_mbuf.c:538 [inline] ml_purge(ffff80001f863a08) at ml_purge+0x50 sys/kern/uipc_mbuf.c:1628 ifq_purge(ffff800000acea78) at ifq_purge+0x97 sys/net/ifq.c:462 tun_dev_close(5d01,7) at tun_dev_close+0xc8 sys/net/if_tun.c:460 spec_close(ffff80001f863b30) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd805d7a8a90,7,fffffd806c3bfa80,ffff80001d6ce3a0) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174 vn_closefile(fffffd80572f1d30,ffff80001d6ce3a0) at vn_closefile+0xd2 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd80572f1d30,ffff80001d6ce3a0) at vn_closefile+0xd2 sys/kern/vfs_vnops.c:614 fdrop(fffffd80572f1d30,ffff80001d6ce3a0) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd80572f1d30,ffff80001d6ce3a0) at closef+0x117 sys/kern/kern_descrip.c:1263 fdfree(ffff80001d6ce3a0) at fdfree+0x100 sys/kern/kern_descrip.c:1195 exit1(ffff80001d6ce3a0,0,0,1) at exit1+0x32c sys/kern/kern_exit.c:197 sys_exit(ffff80001d6ce3a0,ffff80001f863dc0,ffff80001f863e10) at sys_exit+0x16 sys/kern/kern_exit.c:95 syscall(ffff80001f863e90) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffed520, count: -14