uvm_fault(0xffffffff8285b1b8, 0xfffffd0000000010, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_cache_get+0x1b1: movq 0x10(%r14),%r13 ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic kernel page fault uvm_fault(0xffffffff8285b1b8, 0xfffffd0000000010, 0, 1) -> e pool_cache_get(ffffffff828b1c48) at pool_cache_get+0x1b1 pool_cache_item_magic_check sys/kern/subr_pool.c:1770 [inline] pool_cache_get(ffffffff828b1c48) at pool_cache_get+0x1b1 sys/kern/subr_pool.c:1884 end trace frame: 0xffff800022ef2b60, count: 0 ddb{1}> trace pool_cache_get(ffffffff828b1c48) at pool_cache_get+0x1b1 pool_cache_item_magic_check sys/kern/subr_pool.c:1770 [inline] pool_cache_get(ffffffff828b1c48) at pool_cache_get+0x1b1 sys/kern/subr_pool.c:1884 pool_get(ffffffff828b1c48,2) at pool_get+0x91 sys/kern/subr_pool.c:572 m_get(2,3) at m_get+0x4c sys/kern/uipc_mbuf.c:250 sbappendaddr(fffffd806f683000,fffffd806f683088,ffffffff82619250,fffffd806f2fd300,0) at sbappendaddr+0x2e9 sys/kern/uipc_socket2.c:804 rtm_sendup(fffffd806f683000,fffffd806f2fd300,0) at rtm_sendup+0xef sys/net/rtsock.c:594 route_input(fffffd806f2fd300,0,18) at route_input+0x489 sys/net/rtsock.c:572 rtm_send(fffffd807984ccb0,2,0,0) at rtm_send+0x18d sys/net/rtsock.c:1659 rtdeletemsg(fffffd807984ccb0,ffff800000af7000,0) at rtdeletemsg+0x199 sys/net/route.c:682 rt_ifa_purge(ffff800000aa2b00) at rt_ifa_purge+0x104 sys/net/route.c:1320 in6_unlink_ifa(ffff800000aa2b00,ffff800000af7000) at in6_unlink_ifa+0x580 sys/netinet6/in6.c:948 in6_purgeaddr(ffff800000aa2b00) at in6_purgeaddr+0x1d7 sys/netinet6/in6.c:929 in6_ifdetach(ffff800000af7000) at in6_ifdetach+0x74 sys/netinet6/in6_ifattach.c:429 if_detach(ffff800000af7000) at if_detach+0x148 sys/net/if.c:1145 tun_clone_destroy(ffff800000af7000) at tun_clone_destroy+0x1f2 sys/net/if_tun.c:329 tun_dev_close(5d01,7) at tun_dev_close+0x160 sys/net/if_tun.c:480 spec_close(ffff800022ef3310) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd806e61a008,7,fffffd807f7bf9c0,ffff800020dddad8) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174 vn_closefile(fffffd8067779c00,ffff800020dddad8) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd8067779c00,ffff800020dddad8) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614 fdrop(fffffd8067779c00,ffff800020dddad8) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd8067779c00,ffff800020dddad8) at closef+0x11c sys/kern/kern_descrip.c:1263 fdfree(ffff800020dddad8) at fdfree+0x101 sys/kern/kern_descrip.c:1195 exit1(ffff800020dddad8,0,19,1) at exit1+0x32c sys/kern/kern_exit.c:197 postsig(ffff800020dddad8,19) at postsig+0x4ed sigexit sys/kern/kern_sig.c:1483 [inline] postsig(ffff800020dddad8,19) at postsig+0x4ed sys/kern/kern_sig.c:1415 userret(ffff800020dddad8) at userret+0x199 sys/kern/kern_sig.c:1872 syscall(ffff800022ef3790) at syscall+0x55f mi_syscall_return sys/sys/syscall_mi.h:129 [inline] syscall(ffff800022ef3790) at syscall+0x55f sys/arch/amd64/amd64/trap.c:592 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffcb350, count: -26 ddb{1}> show registers rdi 0x7 rsi 0x7 rbp 0xffff800022ef2aa0 rbx 0xbfa4d9f07eb6d0fe rdx 0xffff800020dddad8 rcx 0 rax 0 r8 0xffffffff8151c8e5 sbappendaddr+0x1c5 r9 0x5 r10 0x2 r11 0x396f7961330a2955 r12 0xffffffff828b1c48 mbpool r13 0 r14 0xfffffd0000000000 r15 0xfffffd807f009e00 rip 0xffffffff811c3f31 pool_cache_get+0x1b1 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff800022ef2a40 ss 0x10 pool_cache_get+0x1b1: movq 0x10(%r14),%r13 ddb{1}> show proc PROC (syz-executor.1) pid=4056 stat=onproc flags process=a proc=2000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020ddc278,0xffff800020dfcec8 process=0xffff800020df07c0 user=0xffff800022eee000, vmspace=0xfffffd807f000730 estcpu=36, cpticks=9, pctcpu=0.11 user=0, sys=2, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 32277 499869 0 0 3 0x14200 bored sosplice 18987 99862 27934 0 3 0x82 piperd syz-executor.0 27934 438633 97685 0 3 0x82 kqread syz-fuzzer 27934 373149 97685 0 3 0x4000082 nanosleep syz-fuzzer 27934 102605 97685 0 3 0x4000082 thrsleep syz-fuzzer 27934 451599 97685 0 3 0x4000082 thrsleep syz-fuzzer 27934 117773 97685 0 3 0x4000082 thrsleep syz-fuzzer 27934 22136 97685 0 7 0x4000002 syz-fuzzer 27934 315858 97685 0 3 0x4000082 thrsleep syz-fuzzer 27934 462414 97685 0 3 0x4000082 thrsleep syz-fuzzer 27934 56660 97685 0 3 0x4000082 thrsleep syz-fuzzer 27934 290976 97685 0 3 0x4000082 thrsleep syz-fuzzer 97685 172831 64385 0 3 0x10008a pause ksh 64385 464207 30239 0 3 0x92 select sshd 42865 342658 1 0 3 0x100083 ttyin getty 30239 494249 1 0 3 0x80 select sshd 49208 116096 20653 74 3 0x100092 bpf pflogd 20653 467995 1 0 3 0x80 netio pflogd 82813 421720 42046 73 3 0x100090 kqread syslogd 42046 405361 1 0 3 0x100082 netio syslogd 74904 296000 1 77 2 0x100090 dhclient 21293 281049 1 0 3 0x80 poll dhclient 13691 380449 0 0 3 0x14200 bored smr 65245 488121 0 0 3 0x14200 pgzero zerothread 37193 462544 0 0 3 0x14200 aiodoned aiodoned 84090 36829 0 0 3 0x14200 syncer update 84408 206418 0 0 3 0x14200 cleaner cleaner 33833 365405 0 0 3 0x14200 reaper reaper 43464 230158 0 0 3 0x14200 pgdaemon pagedaemon 77771 77219 0 0 3 0x14200 bored crynlk 28234 408993 0 0 3 0x14200 bored crypto 26477 378712 0 0 3 0x40014200 acpi0 acpi0 79574 126855 0 0 3 0x40014200 idle1 31641 341843 0 0 3 0x14200 bored softnet 25921 423414 0 0 2 0x14200 systqmp 11988 200411 0 0 3 0x14200 bored systq 9700 378001 0 0 3 0x40014200 bored softclock 3462 404634 0 0 3 0x40014200 idle0 1 188405 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9494 6407K 6795K 78643K 10878 0 pcb 13 8K 8K 78643K 25 0 rtable 90 4K 5K 78643K 240 0 ifaddr 59 12K 13K 78643K 76 0 counters 43 33K 34K 78643K 45 0 ioctlops 0 0K 4K 78643K 1487 0 iov 0 0K 12K 78643K 9 0 mount 1 1K 1K 78643K 1 0 vnodes 1221 77K 77K 78643K 1369 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 22 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1824 197K 290K 78643K 13058 0 file desc 4 9K 25K 78643K 131 0 sigio 0 0K 0K 78643K 2 0 proc 60 63K 95K 78643K 439 0 subproc 23 1K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 3 0 in_multi 35 2K 2K 78643K 77 0 ether_multi 1 0K 0K 78643K 2 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 37 175K 175K 78643K 37 0 exec 0 0K 1K 78643K 215 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 120 39K 40K 78643K 1343 0 UVM aobj 7 2K 2K 78643K 9 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 17 0 NDP 9 0K 0K 78643K 21 0 temp 98 3862K 3929K 78643K 7264 0 kqueue 3 4K 4K 78643K 3 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 2 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 23 0 21 1 0 1 1 0 8 0 rtentry 112 55 0 21 2 0 2 2 0 8 0 unpcb 120 73 0 63 1 0 1 1 0 8 0 syncache 264 8 0 8 3 3 0 1 0 8 0 tcpqe 32 1042 0 1042 1 1 0 1 0 8 0 tcpcb 544 62 0 58 1 0 1 1 0 8 0 inpcb 296 164 0 157 3 1 2 2 0 8 1 nd6 48 13 0 11 1 0 1 1 0 8 0 pkpcb 40 4 0 4 1 1 0 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 3 0 1 1 0 1 1 0 8 0 pfstitem 24 14 0 5 1 0 1 1 0 8 0 pfstkey 112 14 0 5 1 0 1 1 0 8 0 pfstate 328 14 0 5 1 0 1 1 0 8 0 pfrule 1360 25 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 212 0 40 13 0 13 13 0 8 0 art_table 32 213 0 40 2 0 2 2 0 8 0 art_node 16 54 0 16 1 0 1 1 0 8 0 sysvmsgpl 40 12 0 4 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 20 0 10 1 0 1 1 0 8 0 shmpl 112 7 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1569 0 162 89 0 89 89 0 8 0 ffsino 272 1569 0 162 96 1 95 95 0 8 0 nchpl 144 1923 0 314 60 0 60 60 0 8 0 uvmvnodes 72 1745 0 0 32 0 32 32 0 8 0 vnodes 208 1745 0 0 92 0 92 92 0 8 0 namei 1024 5255 0 5255 4 3 1 1 0 8 1 percpumem 16 33 0 1 1 0 1 1 0 8 0 vcpupl 1984 2 0 0 1 0 1 1 0 8 0 vmpool 560 2 0 0 1 0 1 1 0 8 0 pfiaddrpl 120 2 0 0 1 0 1 1 0 8 0 scxspl 192 5831 0 5831 8 7 1 7 0 8 1 plimitpl 152 17 0 9 1 0 1 1 0 8 0 sigapl 424 348 0 317 4 0 4 4 0 8 0 futexpl 56 1798 0 1798 3 2 1 1 0 8 1 knotepl 112 61 0 44 1 0 1 1 0 8 0 kqueuepl 144 10 0 8 1 0 1 1 0 8 0 pipelkpl 48 95 0 86 1 0 1 1 0 8 0 pipepl 120 190 0 173 1 0 1 1 0 8 0 fdescpl 496 331 0 316 3 0 3 3 0 8 0 filepl 152 1822 0 1733 6 1 5 5 0 8 1 lockfpl 104 17 0 16 1 0 1 1 0 8 0 lockfspl 48 8 0 7 1 0 1 1 0 8 0 sessionpl 112 18 0 7 1 0 1 1 0 8 0 pgrppl 48 18 0 7 1 0 1 1 0 8 0 ucredpl 96 134 0 124 1 0 1 1 0 8 0 zombiepl 144 318 0 317 2 1 1 1 0 8 0 processpl 984 348 0 317 7 2 5 5 0 8 0 procpl 624 565 0 525 4 0 4 4 0 8 0 sockpl 400 264 0 245 5 2 3 3 0 8 1 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 264 0 0 32 0 32 32 0 8 0 mtagpl 96 6 0 0 1 0 1 1 0 8 0 mbufpl 256 302 0 0 18 0 18 18 0 8 0 bufpl 280 3646 0 132 251 0 251 251 0 8 0 anonpl 16 47890 0 31293 73 5 68 71 0 124 0 amapchunkpl 152 2113 0 1970 20 9 11 20 0 158 4 amappl16 192 1437 0 535 46 0 46 46 0 8 0 amappl15 184 57 0 55 1 0 1 1 0 8 0 amappl14 176 35 0 30 1 0 1 1 0 8 0 amappl13 168 28 0 25 1 0 1 1 0 8 0 amappl12 160 12 0 8 2 1 1 1 0 8 0 amappl11 152 57 0 42 1 0 1 1 0 8 0 amappl10 144 17 0 12 1 0 1 1 0 8 0 amappl9 136 427 0 425 1 0 1 1 0 8 0 amappl8 128 401 0 369 2 0 2 2 0 8 0 amappl7 120 116 0 105 1 0 1 1 0 8 0 amappl6 112 27 0 20 1 0 1 1 0 8 0 amappl5 104 227 0 212 1 0 1 1 0 8 0 amappl4 96 492 0 462 1 0 1 1 0 8 0 amappl3 88 110 0 105 1 0 1 1 0 8 0 amappl2 80 1753 0 1691 2 0 2 2 0 8 0 amappl1 72 17202 0 16773 24 14 10 18 0 8 0 amappl 80 817 0 775 3 1 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 8 0 2 1 0 1 1 0 8 0 uaddrrnd 24 333 0 316 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 333 0 316 1 0 1 1 0 8 0 vmmpekpl 168 6652 0 6616 2 0 2 2 0 8 0 vmmpepl 168 47479 0 45519 128 32 96 114 0 357 7 vmsppl 368 332 0 316 2 0 2 2 0 8 0 pdppl 4096 673 0 634 7 1 6 6 0 8 0 pvpl 32 159746 0 140092 175 11 164 171 0 265 2 pmappl 232 332 0 316 3 1 2 2 0 8 1 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 283 0 10 8 0 8 8 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff826f0ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x6f sys/dev/kcov.c:88 softintr_dispatch(0) at softintr_dispatch+0x4e sys/arch/amd64/amd64/softintr.c:89 Xsoftclock() at Xsoftclock+0x1f end of kernel end trace frame: 0xc0003adae8, count: -6 ddb{0}> machine ddbcpu 1 Stopped at pool_cache_get+0x1b1: movq 0x10(%r14),%r13 ddb{1}> trace pool_cache_get(ffffffff828b1c48) at pool_cache_get+0x1b1 pool_cache_item_magic_check sys/kern/subr_pool.c:1770 [inline] pool_cache_get(ffffffff828b1c48) at pool_cache_get+0x1b1 sys/kern/subr_pool.c:1884 pool_get(ffffffff828b1c48,2) at pool_get+0x91 sys/kern/subr_pool.c:572 m_get(2,3) at m_get+0x4c sys/kern/uipc_mbuf.c:250 sbappendaddr(fffffd806f683000,fffffd806f683088,ffffffff82619250,fffffd806f2fd300,0) at sbappendaddr+0x2e9 sys/kern/uipc_socket2.c:804 rtm_sendup(fffffd806f683000,fffffd806f2fd300,0) at rtm_sendup+0xef sys/net/rtsock.c:594 route_input(fffffd806f2fd300,0,18) at route_input+0x489 sys/net/rtsock.c:572 rtm_send(fffffd807984ccb0,2,0,0) at rtm_send+0x18d sys/net/rtsock.c:1659 rtdeletemsg(fffffd807984ccb0,ffff800000af7000,0) at rtdeletemsg+0x199 sys/net/route.c:682 rt_ifa_purge(ffff800000aa2b00) at rt_ifa_purge+0x104 sys/net/route.c:1320 in6_unlink_ifa(ffff800000aa2b00,ffff800000af7000) at in6_unlink_ifa+0x580 sys/netinet6/in6.c:948 in6_purgeaddr(ffff800000aa2b00) at in6_purgeaddr+0x1d7 sys/netinet6/in6.c:929 in6_ifdetach(ffff800000af7000) at in6_ifdetach+0x74 sys/netinet6/in6_ifattach.c:429 if_detach(ffff800000af7000) at if_detach+0x148 sys/net/if.c:1145 tun_clone_destroy(ffff800000af7000) at tun_clone_destroy+0x1f2 sys/net/if_tun.c:329 tun_dev_close(5d01,7) at tun_dev_close+0x160 sys/net/if_tun.c:480 spec_close(ffff800022ef3310) at spec_close+0x311 sys/kern/spec_vnops.c:560 VOP_CLOSE(fffffd806e61a008,7,fffffd807f7bf9c0,ffff800020dddad8) at VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:174 vn_closefile(fffffd8067779c00,ffff800020dddad8) at vn_closefile+0xd7 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd8067779c00,ffff800020dddad8) at vn_closefile+0xd7 sys/kern/vfs_vnops.c:614 fdrop(fffffd8067779c00,ffff800020dddad8) at fdrop+0xc2 sys/kern/kern_descrip.c:1279 closef(fffffd8067779c00,ffff800020dddad8) at closef+0x11c sys/kern/kern_descrip.c:1263 fdfree(ffff800020dddad8) at fdfree+0x101 sys/kern/kern_descrip.c:1195 exit1(ffff800020dddad8,0,19,1) at exit1+0x32c sys/kern/kern_exit.c:197 postsig(ffff800020dddad8,19) at postsig+0x4ed sigexit sys/kern/kern_sig.c:1483 [inline] postsig(ffff800020dddad8,19) at postsig+0x4ed sys/kern/kern_sig.c:1415 userret(ffff800020dddad8) at userret+0x199 sys/kern/kern_sig.c:1872 syscall(ffff800022ef3790) at syscall+0x55f mi_syscall_return sys/sys/syscall_mi.h:129 [inline] syscall(ffff800022ef3790) at syscall+0x55f sys/arch/amd64/amd64/trap.c:592 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffcb350, count: -26