uvm_fault(0xffffffff827b1ca0, 0xfffffd000000001c, 0, 1) -> e kernel: page fault trap, code=0 Stopped at m_free+0x58: movswq 0x1c(%r14),%rsi ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic kernel page fault uvm_fault(0xffffffff827b1ca0, 0xfffffd000000001c, 0, 1) -> e m_free(fffffd0000000000) at m_free+0x58 sys/sys/percpu.h:125 end trace frame: 0xffff800020edf400, count: 0 ddb{1}> trace m_free(fffffd0000000000) at m_free+0x58 sys/sys/percpu.h:125 ml_purge(ffff800020edf418) at ml_purge+0x50 m_freem sys/kern/uipc_mbuf.c:538 [inline] ml_purge(ffff800020edf418) at ml_purge+0x50 sys/kern/uipc_mbuf.c:1628 ifq_purge(ffff800000ac6278) at ifq_purge+0x9a sys/net/ifq.c:462 tun_dev_close(5d00,7) at tun_dev_close+0xc8 sys/net/if_tun.c:460 spec_close(ffff800020edf540) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd806e29f278,7,fffffd807f7bf9c0,ffff800020ddc278) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174 vn_closefile(fffffd8067ff2dc8,ffff800020ddc278) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd8067ff2dc8,ffff800020ddc278) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614 fdrop(fffffd8067ff2dc8,ffff800020ddc278) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd8067ff2dc8,ffff800020ddc278) at closef+0x11c sys/kern/kern_descrip.c:1263 fdfree(ffff800020ddc278) at fdfree+0x101 sys/kern/kern_descrip.c:1195 exit1(ffff800020ddc278,0,19,1) at exit1+0x32c sys/kern/kern_exit.c:197 postsig(ffff800020ddc278,19) at postsig+0x4ed sigexit sys/kern/kern_sig.c:1483 [inline] postsig(ffff800020ddc278,19) at postsig+0x4ed sys/kern/kern_sig.c:1415 userret(ffff800020ddc278) at userret+0x199 sys/kern/kern_sig.c:1872 Xsyscall() at Xsyscall+0x156 end of kernel end trace frame: 0x7f7ffffd3b10, count: -14 ddb{1}> show registers rdi 0 rsi 0x3638d acpi_pdirpa+0x221f5 rbp 0xffff800020edf3c0 rbx 0 rdx 0x3638c acpi_pdirpa+0x221f4 rcx 0xffff800000676d80 rax 0 r8 0xffffffff819a54f7 witness_assert+0x207 r9 0x5 r10 0xca29db5d2cd3ebf7 r11 0xad62e03a78eab0ba r12 0xfffffd80699f7300 r13 0x2000 __ALIGN_SIZE+0x1000 r14 0xfffffd0000000000 r15 0xfffffd0000000000 rip 0xffffffff81c29128 m_free+0x58 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800020edf380 ss 0 m_free+0x58: movswq 0x1c(%r14),%rsi ddb{1}> show proc PROC (syz-executor.0) pid=425170 stat=onproc flags process=a proc=2000 pri=17, usrpri=60, nice=20 forw=0xffffffffffffffff, list=0xffff800020ddcea8,0xffff800020e629e8 process=0xffff800020e39350 user=0xffff800020eda000, vmspace=0xfffffd806e8ff008 estcpu=19, cpticks=2, pctcpu=0.8 user=0, sys=2, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 73898 111342 4410 0 7 0 syz-executor.1 4410 421964 74858 0 3 0x82 nanosleep syz-executor.1 84235 64955 0 0 3 0x14200 bored sosplice 74858 223490 77949 0 2 0x82 syz-fuzzer 74858 122613 77949 0 3 0x4000082 nanosleep syz-fuzzer 74858 121913 77949 0 3 0x4000082 thrsleep syz-fuzzer 74858 67041 77949 0 3 0x4000082 nanosleep syz-fuzzer 74858 181251 77949 0 3 0x4000082 thrsleep syz-fuzzer 74858 499999 77949 0 3 0x4000082 thrsleep syz-fuzzer 74858 374703 77949 0 3 0x4000082 thrsleep syz-fuzzer 74858 346123 77949 0 3 0x4000082 thrsleep syz-fuzzer 74858 219594 77949 0 3 0x4000082 thrsleep syz-fuzzer 74858 183551 77949 0 3 0x4000082 thrsleep syz-fuzzer 77949 334527 91786 0 3 0x10008a pause ksh 91786 73457 4848 0 3 0x92 select sshd 68252 273451 1 0 3 0x100083 ttyin getty 4848 169312 1 0 3 0x80 select sshd 61499 374806 91071 74 3 0x100092 bpf pflogd 91071 293407 1 0 3 0x80 netio pflogd 26112 337303 16705 73 3 0x100090 kqread syslogd 16705 165820 1 0 3 0x100082 netio syslogd 77441 392184 1 77 3 0x100090 poll dhclient 23185 485438 1 0 3 0x80 poll dhclient 248 271344 0 0 3 0x14200 bored smr 13430 93793 0 0 2 0x14200 zerothread 76887 235226 0 0 3 0x14200 aiodoned aiodoned 62164 326705 0 0 3 0x14200 syncer update 84038 97052 0 0 3 0x14200 cleaner cleaner 83618 340135 0 0 3 0x14200 reaper reaper 91897 303739 0 0 3 0x14200 pgdaemon pagedaemon 67584 82988 0 0 3 0x14200 bored crynlk 82239 209818 0 0 3 0x14200 bored crypto 82337 415428 0 0 3 0x40014200 acpi0 acpi0 17290 456132 0 0 3 0x40014200 idle1 23887 366354 0 0 3 0x14200 bored softnet 4920 80635 0 0 3 0x14200 bored systqmp 29348 507704 0 0 3 0x14200 bored systq 1461 200299 0 0 3 0x40014200 bored softclock 29040 362858 0 0 3 0x40014200 idle0 1 255988 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9499 6408K 7249K 78643K 11705 0 pcb 13 8K 8K 78643K 116 0 rtable 114 6K 6K 78643K 380 0 ifaddr 67 14K 14K 78643K 136 0 counters 43 33K 34K 78643K 61 0 ioctlops 0 0K 4K 78643K 1511 0 iov 0 0K 32K 78643K 54 0 mount 1 1K 1K 78643K 1 0 vnodes 1223 77K 77K 78643K 1536 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 8 0 VM map 2 1K 1K 78643K 2 0 sem 12 1K 1K 78643K 49 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1824 197K 290K 78643K 13058 0 file desc 5 13K 25K 78643K 363 0 sigio 0 0K 0K 78643K 7 0 proc 62 63K 83K 78643K 524 0 subproc 23 1K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 58 0 in_multi 54 3K 3K 78643K 155 0 ether_multi 1 0K 0K 78643K 6 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 235 0 pfkey data 0 0K 0K 78643K 2 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 109 38K 38K 78643K 2102 0 UVM aobj 16 4K 4K 78643K 16 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 46 0 NDP 9 0K 0K 78643K 36 0 temp 104 3871K 3939K 78643K 9019 0 kqueue 3 4K 12K 78643K 25 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 13 0 3 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 39 0 37 1 0 1 1 0 8 0 rtentry 112 87 0 45 2 0 2 2 0 8 0 unpcb 120 197 0 187 1 0 1 1 0 8 0 syncache 264 7 0 7 2 2 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 744 0 744 2 2 0 1 0 8 0 tcpcb 544 204 0 200 1 0 1 1 0 8 0 inpcb 296 564 0 557 5 3 2 2 0 8 1 nd6 48 28 0 26 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 ppxss 1128 2 0 2 2 2 0 1 0 8 0 pffrent 40 2 0 2 1 0 1 1 0 8 1 pfosfp 40 847 0 423 5 0 5 5 0 8 0 pfosfpen 112 1430 0 714 21 0 21 21 0 8 0 pfrktable 1344 8 0 3 1 0 1 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfqueue 264 2 0 0 1 0 1 1 0 8 0 pfstitem 24 24 0 14 1 0 1 1 0 8 0 pfstkey 112 24 0 14 1 0 1 1 0 8 0 pfstate 328 24 0 14 2 0 2 2 0 8 0 pfrule 1360 27 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 313 0 131 16 3 13 15 0 8 0 art_table 32 314 0 131 2 0 2 2 0 8 0 art_node 16 86 0 46 1 0 1 1 0 8 0 sysvmsgpl 40 19 0 15 1 0 1 1 0 8 0 semupl 112 4 0 4 1 1 0 1 0 8 0 semapl 112 47 0 37 1 0 1 1 0 8 0 shmpl 112 14 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1896 0 490 89 0 89 89 0 8 0 ffsino 272 1896 0 490 95 0 95 95 0 8 0 nchpl 144 2589 0 988 61 0 61 61 0 8 0 uvmvnodes 72 2214 0 0 41 0 41 41 0 8 0 vnodes 208 2214 0 0 117 0 117 117 0 8 0 namei 1024 7462 0 7462 2 1 1 1 0 8 1 percpumem 16 41 0 9 1 0 1 1 0 8 0 vcpupl 1984 1 0 0 1 0 1 1 0 8 0 vmpool 560 7 0 6 3 2 1 1 0 8 0 pfiaddrpl 120 4 0 0 1 0 1 1 0 8 0 scxspl 192 7828 0 7828 9 8 1 7 0 8 1 plimitpl 152 39 0 31 1 0 1 1 0 8 0 sigapl 424 576 0 544 4 0 4 4 0 8 0 futexpl 56 5765 0 5765 2 1 1 1 0 8 1 knotepl 112 94 0 75 1 0 1 1 0 8 0 kqueuepl 144 55 0 53 1 0 1 1 0 8 0 pipepl 304 109 0 99 2 1 1 2 0 8 0 fdescpl 496 560 0 544 3 0 3 3 0 8 0 filepl 152 3460 0 3370 7 2 5 5 0 8 1 lockfpl 104 78 0 77 1 0 1 1 0 8 0 lockfspl 48 26 0 25 1 0 1 1 0 8 0 sessionpl 112 19 0 8 1 0 1 1 0 8 0 pgrppl 48 19 0 8 1 0 1 1 0 8 0 ucredpl 96 406 0 397 1 0 1 1 0 8 0 zombiepl 144 545 0 544 2 1 1 1 0 8 0 processpl 984 576 0 544 6 1 5 5 0 8 0 procpl 624 1278 0 1237 4 0 4 4 0 8 0 srpgc 64 2 0 2 1 1 0 1 0 8 0 sosppl 128 11 0 11 2 2 0 1 0 8 0 sockpl 400 805 0 786 6 3 3 4 0 8 1 mcl64k 65536 5 0 0 1 0 1 1 0 8 0 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 6 0 0 1 0 1 1 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 273 0 0 34 0 34 34 0 8 0 mtagpl 96 28 0 0 1 0 1 1 0 8 0 mbufpl 256 318 0 0 20 0 20 20 0 8 0 bufpl 280 4084 0 133 283 0 283 283 0 8 0 anonpl 16 71490 0 54908 92 24 68 83 0 124 0 amapchunkpl 152 3279 0 3119 12 4 8 12 0 158 0 amappl16 192 2634 0 1763 59 14 45 56 0 8 1 amappl15 184 5 0 3 1 0 1 1 0 8 0 amappl14 176 38 0 34 1 0 1 1 0 8 0 amappl13 168 35 0 32 1 0 1 1 0 8 0 amappl12 160 21 0 17 1 0 1 1 0 8 0 amappl11 152 99 0 81 1 0 1 1 0 8 0 amappl10 144 24 0 18 1 0 1 1 0 8 0 amappl9 136 644 0 642 1 0 1 1 0 8 0 amappl8 128 621 0 600 1 0 1 1 0 8 0 amappl7 120 127 0 113 1 0 1 1 0 8 0 amappl6 112 63 0 59 1 0 1 1 0 8 0 amappl5 104 487 0 472 1 0 1 1 0 8 0 amappl4 96 506 0 477 1 0 1 1 0 8 0 amappl3 88 111 0 105 1 0 1 1 0 8 0 amappl2 80 3488 0 3423 2 0 2 2 0 8 0 amappl1 72 22115 0 21681 22 12 10 18 0 8 0 amappl 80 1557 0 1511 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 15 0 0 1 0 1 1 0 8 0 uaddrrnd 24 567 0 550 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 567 0 550 1 0 1 1 0 8 0 vmmpekpl 168 7988 0 7945 3 0 3 3 0 8 0 vmmpepl 168 75657 0 73675 142 48 94 121 0 357 6 vmsppl 368 566 0 550 2 0 2 2 0 8 0 pdppl 4096 1141 0 1101 6 0 6 6 0 8 0 pvpl 32 222793 0 203103 213 48 165 197 0 265 4 pmappl 232 566 0 550 5 3 2 2 0 8 1 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 287 0 10 9 0 9 9 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff82751ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff8292a830) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff8292a830) at __mp_lock+0x127 sys/kern/kern_lock.c:147 softintr_dispatch(0) at softintr_dispatch+0x4e sys/arch/amd64/amd64/softintr.c:89 Xsoftclock() at Xsoftclock+0x1f __mp_lock(ffffffff8292a830) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff8292a830) at __mp_lock+0x127 sys/kern/kern_lock.c:147 pageflttrap(ffff800023f13180,1) at pageflttrap+0x7f sys/arch/amd64/amd64/trap.c:180 usertrap(ffff800023f13180) at usertrap+0x21a sys/arch/amd64/amd64/trap.c:384 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffdbe80, count: -10 ddb{0}> machine ddbcpu 1 Stopped at m_free+0x58: movswq 0x1c(%r14),%rsi ddb{1}> trace m_free(fffffd0000000000) at m_free+0x58 sys/sys/percpu.h:125 ml_purge(ffff800020edf418) at ml_purge+0x50 m_freem sys/kern/uipc_mbuf.c:538 [inline] ml_purge(ffff800020edf418) at ml_purge+0x50 sys/kern/uipc_mbuf.c:1628 ifq_purge(ffff800000ac6278) at ifq_purge+0x9a sys/net/ifq.c:462 tun_dev_close(5d00,7) at tun_dev_close+0xc8 sys/net/if_tun.c:460 spec_close(ffff800020edf540) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd806e29f278,7,fffffd807f7bf9c0,ffff800020ddc278) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174 vn_closefile(fffffd8067ff2dc8,ffff800020ddc278) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd8067ff2dc8,ffff800020ddc278) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614 fdrop(fffffd8067ff2dc8,ffff800020ddc278) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd8067ff2dc8,ffff800020ddc278) at closef+0x11c sys/kern/kern_descrip.c:1263 fdfree(ffff800020ddc278) at fdfree+0x101 sys/kern/kern_descrip.c:1195 exit1(ffff800020ddc278,0,19,1) at exit1+0x32c sys/kern/kern_exit.c:197 postsig(ffff800020ddc278,19) at postsig+0x4ed sigexit sys/kern/kern_sig.c:1483 [inline] postsig(ffff800020ddc278,19) at postsig+0x4ed sys/kern/kern_sig.c:1415 userret(ffff800020ddc278) at userret+0x199 sys/kern/kern_sig.c:1872 Xsyscall() at Xsyscall+0x156 end of kernel end trace frame: 0x7f7ffffd3b10, count: -14