’gÓÿO ‡–Ÿ’gÓÿO ‡–Ÿg Ãuvm_fault(0xfffffd80588f8ab0, 0x1e2e5b6ed350, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd80588f8ab0, 0x1e2e5b6ed350, 0, 1) -> e pool_do_put(ffffffff825e0030,fffffd806bc21800) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff80001e8fb660, count: 0 ddb> trace pool_do_put(ffffffff825e0030,fffffd806bc21800) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff825e0030,fffffd806bc21800) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd806bc21800) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a5d100,800100,ffff800000a5d140,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000a5d100,ffff800000a43000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a43000,ffff80001e8fbbc0,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e8fbbc0,ffff800000a43000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd8057af94d0,8080691a,ffff80001e8fbbc0,ffff80001d789ec0) at ifioctl+0xe60 sys/net/if.c:2288 sys_ioctl(ffff80001d789ec0,ffff80001e8fbcd8,ffff80001e8fbd20) at sys_ioctl+0x4a1 syscall(ffff80001e8fbda0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4606457daa0, count: -11 ddb> show registers rdi 0xffffffff8166b995 pool_do_put+0x125 rsi 0x143 rbp 0xffff80001e8fb610 rbx 0x1e2e5b6ed348 rdx 0x144 rcx 0xffff80001fa1f000 rax 0xffff80001fa1f000 r8 0x4 r9 0x5 r10 0x92a83377b361ce8b r11 0x72edcf78559fcbb0 r12 0xfffffd806bc21800 r13 0x88dc1e2e5b6ed348 r14 0xffffffff825e0030 mbpool r15 0xfffffd806c3c49a0 rip 0xffffffff8166b99e pool_do_put+0x12e cs 0x8 rflags 0x10296 __ALIGN_SIZE+0xf296 rsp 0xffff80001e8fb560 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.1) pid=514064 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff80001d742ae8,0xffffffff825e3e00 process=0xffff80001e8bee90 user=0xffff80001e8f6000, vmspace=0xfffffd80588f8ab0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 56345 10089 26996 0 2 0 syz-executor.1 *56345 514064 26996 0 7 0x4000000 syz-executor.1 49905 297673 1 0 3 0x82 nanosleep getty 44992 512343 0 0 3 0x14200 acct acct 26996 187703 34080 0 3 0x82 nanosleep syz-executor.1 82705 260598 0 0 3 0x14280 nfsidl nfsio 59180 232966 0 0 3 0x14280 nfsidl nfsio 59080 44083 0 0 3 0x14280 nfsidl nfsio 70706 504439 0 0 3 0x14280 nfsidl nfsio 65354 504360 0 0 3 0x14280 nfsidl nfsio 75944 348779 0 0 3 0x14280 nfsidl nfsio 9779 429022 0 0 3 0x14280 nfsidl nfsio 64730 359838 0 0 3 0x14280 nfsidl nfsio 65251 91474 0 0 3 0x14280 nfsidl nfsio 58619 303305 0 0 3 0x14280 nfsidl nfsio 99771 433987 0 0 3 0x14280 nfsidl nfsio 47695 77857 0 0 3 0x14280 nfsidl nfsio 84441 133986 0 0 3 0x14280 nfsidl nfsio 51022 108268 0 0 3 0x14280 nfsidl nfsio 73427 236059 0 0 3 0x14280 nfsidl nfsio 23452 239341 0 0 3 0x14280 nfsidl nfsio 94181 468608 0 0 3 0x14280 nfsidl nfsio 22277 434899 0 0 3 0x14280 nfsidl nfsio 35948 52857 0 0 3 0x14280 nfsidl nfsio 78750 407902 0 0 3 0x14280 nfsidl nfsio 47265 61807 0 0 3 0x14200 bored sosplice 91488 182046 34080 0 3 0x82 nanosleep syz-executor.0 34080 344593 20680 0 3 0x82 thrsleep syz-fuzzer 34080 354793 20680 0 3 0x4000082 thrsleep syz-fuzzer 34080 17165 20680 0 3 0x4000082 kqread syz-fuzzer 34080 170732 20680 0 3 0x4000082 thrsleep syz-fuzzer 34080 202902 20680 0 3 0x4000082 thrsleep syz-fuzzer 34080 308800 20680 0 3 0x4000082 thrsleep syz-fuzzer 34080 447569 20680 0 3 0x4000082 thrsleep syz-fuzzer 34080 456847 20680 0 3 0x4000082 thrsleep syz-fuzzer 20680 332494 57343 0 3 0x10008a pause ksh 57343 318062 46780 0 3 0x92 select sshd 46780 494457 1 0 3 0x80 select sshd 69290 199862 58662 73 3 0x100090 kqread syslogd 58662 229571 1 0 3 0x100082 netio syslogd 74180 194239 1 77 3 0x100090 poll dhclient 66665 155085 1 0 3 0x80 poll dhclient 47509 342259 0 0 3 0x14200 bored smr 17749 517837 0 0 2 0x14200 zerothread 79833 285938 0 0 3 0x14200 aiodoned aiodoned 12765 139350 0 0 3 0x14200 syncer update 28002 138173 0 0 3 0x14200 cleaner cleaner 48550 400317 0 0 3 0x14200 reaper reaper 27833 436480 0 0 3 0x14200 pgdaemon pagedaemon 55505 362642 0 0 3 0x14200 bored crynlk 23322 166397 0 0 3 0x14200 bored crypto 94875 505793 0 0 3 0x40014200 acpi0 acpi0 14006 503011 0 0 3 0x14200 bored softnet 53071 203433 0 0 3 0x14200 bored systqmp 57323 342722 0 0 3 0x14200 bored systq 79117 449947 0 0 3 0x40014200 bored softclock 57249 71758 0 0 3 0x40014200 idle0 1 74417 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9532 6385K 6902K 78643K 11873 0 pcb 13 8K 8K 78643K 175 0 rtable 118 6K 9K 78643K 703 0 ifaddr 104 20K 21K 78643K 294 0 sysctl 2 0K 0K 78643K 2 0 counters 21 16K 16K 78643K 42 0 ioctlops 0 0K 4K 78643K 114 0 iov 0 0K 32K 78643K 898 0 mount 1 1K 1K 78643K 1 0 vnodes 1215 76K 77K 78643K 1664 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 16 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 109 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 784 0 sigio 0 0K 0K 78643K 32 0 proc 50 38K 63K 78643K 486 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 82 0 in_multi 85 3K 4K 78643K 196 0 ether_multi 1 0K 0K 78643K 33 0 mrt 0 0K 0K 78643K 11 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 61 281K 281K 78643K 61 0 exec 0 0K 1K 78643K 243 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 157 170K 170K 78643K 2703 0 UVM aobj 29 2K 2K 78643K 35 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 1K 78643K 142 0 NDP 15 0K 0K 78643K 43 0 temp 137 3041K 3105K 78643K 8944 0 kqueue 4 6K 14K 78643K 29 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 10 0 3 1 0 1 1 0 8 0 rtpcb 80 61 0 59 1 0 1 1 0 8 0 rtentry 112 69 0 26 2 0 2 2 0 8 0 unpcb 120 352 0 344 1 0 1 1 0 8 0 syncache 264 12 0 12 4 3 1 1 0 8 1 tcpqe 32 923 0 923 2 2 0 1 0 8 0 tcpcb 544 258 0 254 1 0 1 1 0 8 0 ipq 40 4 0 4 2 1 1 1 0 8 1 ipqe 40 96 0 96 2 1 1 1 0 8 1 inpcb 280 763 0 753 5 3 2 2 0 8 1 rttmr 72 4 0 4 3 2 1 1 0 8 1 nd6 48 10 0 6 1 0 1 1 0 8 0 pkpcb 40 4 0 4 2 2 0 1 0 8 0 ppxss 1128 1 0 1 1 0 1 1 0 8 1 pfstscr 40 2 0 0 1 0 1 1 0 8 0 pfrktable 1344 134 0 128 4 2 2 2 0 8 1 pftag 88 30 0 26 3 2 1 1 0 8 0 pfstitem 24 5 0 0 1 0 1 1 0 8 0 pfstkey 112 5 0 0 1 0 1 1 0 8 0 pfstate 328 3 0 0 1 0 1 1 0 8 0 pfrule 1360 45 0 33 2 0 2 2 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 270 0 86 15 2 13 13 0 8 0 art_table 32 272 0 86 2 0 2 2 0 8 0 art_node 16 68 0 28 1 0 1 1 0 8 0 sysvmsgpl 40 30 0 6 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 105 0 95 1 0 1 1 0 8 0 shmpl 112 33 0 6 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2498 0 1103 88 0 88 88 0 8 0 ffsino 240 2498 0 1103 83 0 83 83 0 8 0 nchpl 144 4161 0 2570 60 0 60 60 0 8 0 uvmvnodes 72 2850 0 0 52 0 52 52 0 8 0 vnodes 208 2850 0 0 150 0 150 150 0 8 0 namei 1024 11578 0 11578 3 2 1 1 0 8 1 vcpupl 1984 18 0 0 3 0 3 3 0 8 0 vmpool 528 22 0 4 2 0 2 2 0 8 0 pfiaddrpl 120 40 0 36 3 2 1 1 0 8 0 scxspl 192 10532 0 10532 1 0 1 1 0 8 1 plimitpl 152 74 0 67 1 0 1 1 0 8 0 sigapl 424 990 0 940 6 0 6 6 0 8 0 futexpl 56 15832 0 15832 3 2 1 1 0 8 1 knotepl 112 109 0 90 1 0 1 1 0 8 0 kqueuepl 144 90 0 87 1 0 1 1 0 8 0 pipelkpl 16 222 0 212 1 0 1 1 0 8 0 pipepl 120 444 0 425 2 1 1 2 0 8 0 fdescpl 432 954 0 940 2 0 2 2 0 8 0 filepl 120 6310 0 6215 6 2 4 5 0 8 1 lockfpl 104 567 0 566 1 0 1 1 0 8 0 lockfspl 48 141 0 140 1 0 1 1 0 8 0 sessionpl 112 18 0 9 1 0 1 1 0 8 0 pgrppl 48 20 0 11 1 0 1 1 0 8 0 ucredpl 96 758 0 750 1 0 1 1 0 8 0 zombiepl 144 940 0 939 3 2 1 1 0 8 0 processpl 920 990 0 939 7 0 7 7 0 8 0 procpl 624 1878 0 1819 6 1 5 6 0 8 0 sosppl 128 22 0 22 4 3 1 1 0 8 1 sockpl 400 1192 0 1172 7 3 4 4 0 8 1 mcl64k 65536 327 0 327 36 31 5 33 0 8 5 mcl16k 16384 9 0 9 4 3 1 1 0 8 1 mcl12k 12288 19 0 19 4 3 1 1 0 8 1 mcl9k 9216 14 0 14 3 3 0 1 0 8 0 mcl8k 8192 14 0 14 4 3 1 1 0 8 1 mcl4k 4096 84 0 84 4 3 1 1 0 8 1 mcl2k2 2112 5 0 5 3 2 1 1 0 8 1 mcl2k 2048 73973 0 73885 30 18 12 21 0 8 0 mtagpl 80 95 0 32 3 1 2 2 0 8 0 mbufpl 256 123044 0 122769 42 16 26 29 0 8 8 mbufpl: pool(0xffffffff825e0030:mbufpl): free list modified: page 0xfffffd806bc21000; item ordinal 0; addr 0xfffffd806bc21900 (p 0xfffffd806c3c4000); offset 0x0=0x0 mbufpl: pool(0xffffffff825e0030:mbufpl): page inconsistency: page 0xfffffd806bc21000; item ordinal 1; addr 0x1e2e5b6ed348 bufpl 280 4599 0 138 319 0 319 319 0 8 0 anonpl 16 108281 0 93027 100 22 78 79 0 107 13 amapchunkpl 152 5997 0 5875 32 25 7 19 0 158 0 amappl16 192 5396 0 4522 80 24 56 56 0 8 9 amappl15 184 9 0 7 1 0 1 1 0 8 0 amappl14 176 194 0 187 1 0 1 1 0 8 0 amappl13 168 33 0 30 1 0 1 1 0 8 0 amappl12 160 196 0 191 1 0 1 1 0 8 0 amappl11 152 51 0 42 1 0 1 1 0 8 0 amappl10 144 14 0 11 1 0 1 1 0 8 0 amappl9 136 741 0 738 1 0 1 1 0 8 0 amappl8 128 745 0 697 2 0 2 2 0 8 0 amappl7 120 122 0 110 1 0 1 1 0 8 0 amappl6 112 31 0 21 1 0 1 1 0 8 0 amappl5 104 890 0 875 1 0 1 1 0 8 0 amappl4 96 443 0 418 1 0 1 1 0 8 0 amappl3 88 137 0 131 1 0 1 1 0 8 0 amappl2 80 6676 0 6609 2 0 2 2 0 8 0 amappl1 72 25414 0 25006 23 14 9 17 0 8 0 amappl 80 2137 0 2089 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 34 0 6 1 0 1 1 0 8 0 uaddrrnd 24 976 0 944 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 976 0 944 1 0 1 1 0 8 0 vmmpekpl 168 9707 0 9669 2 0 2 2 0 8 0 vmmpepl 168 117202 0 115212 177 74 103 139 0 357 11 vmsppl 272 975 0 944 3 0 3 3 0 8 0 pdppl 4096 1958 0 1906 8 1 7 7 0 8 0 pvpl 32 298791 0 280470 229 41 188 188 0 265 33 pmappl 200 975 0 944 2 0 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 343 0 85 9 0 9 9 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff825e0030,fffffd806bc21800) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff825e0030,fffffd806bc21800) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd806bc21800) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a5d100,800100,ffff800000a5d140,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000a5d100,ffff800000a43000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a43000,ffff80001e8fbbc0,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e8fbbc0,ffff800000a43000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd8057af94d0,8080691a,ffff80001e8fbbc0,ffff80001d789ec0) at ifioctl+0xe60 sys/net/if.c:2288 sys_ioctl(ffff80001d789ec0,ffff80001e8fbcd8,ffff80001e8fbd20) at sys_ioctl+0x4a1 syscall(ffff80001e8fbda0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4606457daa0, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff825e0030,fffffd806bc21800) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff825e0030,fffffd806bc21800) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd806bc21800) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a5d100,800100,ffff800000a5d140,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000a5d100,ffff800000a43000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a43000,ffff80001e8fbbc0,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e8fbbc0,ffff800000a43000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd8057af94d0,8080691a,ffff80001e8fbbc0,ffff80001d789ec0) at ifioctl+0xe60 sys/net/if.c:2288 sys_ioctl(ffff80001d789ec0,ffff80001e8fbcd8,ffff80001e8fbd20) at sys_ioctl+0x4a1 syscall(ffff80001e8fbda0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4606457daa0, count: -11