uvm_fault(0xfffffd80573cfbc0, 0x51911c, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd80573cfbc0, 0x51911c, 0, 1) -> e pool_do_put(ffffffff82575fd8,fffffd805262c800) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff80002047ce70, count: 0 ddb> trace pool_do_put(ffffffff82575fd8,fffffd805262c800) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff82575fd8,fffffd805262c800) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd805262c800) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a04a00,800100,ffff800000a04a40,0) at rt_ifa_del+0x402 sys/net/route.c:1196 in6_unlink_ifa(ffff800000a04a00,ffff8000009f0800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff8000009f0800,ffff80002047d3d0,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80002047d3d0,ffff8000009f0800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd8068386010,8080691a,ffff80002047d3d0,ffff80001d36d288) at ifioctl+0xe60 sys/net/if.c:2290 sys_ioctl(ffff80001d36d288,ffff80002047d4e8,ffff80002047d530) at sys_ioctl+0x4a1 syscall(ffff80002047d5b0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7811a20d540, count: -11 ddb> show registers rdi 0xffffffff81fbecf5 pool_do_put+0x125 rsi 0x147 rbp 0xffff80002047ce20 rbx 0x519114 acpi_pdirpa+0x504f7c rdx 0x148 rcx 0xffff80001d43d000 rax 0xffff80001d43d000 r8 0x4 r9 0x5 r10 0x50cc0429b9a8ac45 r11 0x60c1c1d62771c13c r12 0xfffffd805262c800 r13 0x6bae4e1a49519114 r14 0xffffffff82575fd8 mbpool r15 0xfffffd80569f3870 rip 0xffffffff81fbecfe pool_do_put+0x12e cs 0x8 rflags 0x10292 __ALIGN_SIZE+0xf292 rsp 0xffff80002047cd70 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) pid=257033 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff80001d36d768,0xffffffff82590788 process=0xffff8000ffffa710 user=0xffff800020478000, vmspace=0xfffffd80573cfbc0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 36767 213902 94838 0 2 0 syz-executor.0 *36767 257033 94838 0 7 0x4000000 syz-executor.0 72888 166806 34902 0 3 0x80 nanosleep syz-executor.1 72888 488625 34902 0 3 0x4000080 lockf syz-executor.1 72888 109495 34902 0 3 0x4000080 lockf syz-executor.1 72888 210499 34902 0 3 0x4000080 fsleep syz-executor.1 24252 491043 0 0 3 0x14200 acct acct 6679 395048 0 0 3 0x14200 bored sosplice 94838 515782 32592 0 3 0x82 nanosleep syz-executor.0 34902 506826 32592 0 3 0x82 nanosleep syz-executor.1 32592 477596 34262 0 3 0x82 thrsleep syz-fuzzer 32592 380487 34262 0 3 0x4000082 thrsleep syz-fuzzer 32592 451247 34262 0 3 0x4000082 kqread syz-fuzzer 32592 66092 34262 0 3 0x4000082 thrsleep syz-fuzzer 32592 232263 34262 0 3 0x4000082 thrsleep syz-fuzzer 32592 101733 34262 0 3 0x4000082 thrsleep syz-fuzzer 32592 93469 34262 0 3 0x4000082 thrsleep syz-fuzzer 32592 490301 34262 0 3 0x4000082 thrsleep syz-fuzzer 34262 215571 42390 0 3 0x10008a pause ksh 42390 52847 31527 0 3 0x92 select sshd 45669 136785 1 0 3 0x100083 ttyin getty 31527 191682 1 0 3 0x80 select sshd 6629 494630 1060 73 3 0x100090 kqread syslogd 1060 102726 1 0 3 0x100082 netio syslogd 99547 96227 1 77 3 0x100090 poll dhclient 39441 44308 1 0 3 0x80 poll dhclient 78419 485420 0 0 2 0x14200 zerothread 44198 479952 0 0 3 0x14200 aiodoned aiodoned 41558 418547 0 0 3 0x14200 syncer update 89823 503068 0 0 3 0x14200 cleaner cleaner 35287 403189 0 0 3 0x14200 reaper reaper 72397 516405 0 0 3 0x14200 pgdaemon pagedaemon 91184 237855 0 0 3 0x14200 bored crynlk 91697 227683 0 0 3 0x14200 bored crypto 94932 77035 0 0 3 0x40014200 acpi0 acpi0 60090 262522 0 0 3 0x14200 bored softnet 15564 380773 0 0 3 0x14200 bored systqmp 57948 151091 0 0 3 0x14200 bored systq 97907 288371 0 0 3 0x40014200 bored softclock 59348 492584 0 0 3 0x40014200 idle0 98227 478392 0 0 3 0x14200 bored smr 1 432866 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9496 6351K 6852K 78643K 11397 0 pcb 13 8K 8K 78643K 93 0 rtable 102 3K 3K 78643K 314 0 ifaddr 76 15K 16K 78643K 142 0 counters 21 16K 16K 78643K 29 0 ioctlops 0 0K 2K 78643K 49 0 iov 0 0K 16K 78643K 103 0 mount 1 1K 1K 78643K 1 0 vnodes 1216 76K 77K 78643K 1488 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 5 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 52 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 6 17K 25K 78643K 420 0 sigio 0 0K 0K 78643K 6 0 proc 53 39K 63K 78643K 429 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 30 0 in_multi 66 3K 3K 78643K 110 0 ether_multi 1 0K 0K 78643K 12 0 mrt 0 0K 0K 78643K 3 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 61 281K 281K 78643K 61 0 exec 0 0K 1K 78643K 218 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 117 70K 71K 78643K 1879 0 UVM aobj 34 2K 2K 78643K 34 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 62 0 NDP 11 0K 0K 78643K 24 0 temp 126 3018K 3098K 78643K 25954 0 kqueue 3 4K 12K 78643K 18 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 7 0 3 1 0 1 1 0 8 0 rtpcb 80 53 0 51 1 0 1 1 0 8 0 rtentry 112 56 0 15 2 0 2 2 0 8 0 unpcb 120 434 0 425 2 1 1 2 0 8 0 syncache 264 8 0 8 2 2 0 1 0 8 0 sackhl 24 2 0 2 2 2 0 1 0 8 0 tcpqe 32 270 0 270 3 3 0 1 0 8 0 tcpcb 544 186 0 180 1 0 1 1 0 8 0 ipq 40 3 0 3 3 2 1 1 0 8 1 ipqe 40 136 0 136 3 2 1 1 0 8 1 inpcb 280 1184 0 1174 4 2 2 3 0 8 1 rttmr 72 1 0 1 1 1 0 1 0 8 0 nd6 48 5 0 2 1 0 1 1 0 8 0 pkpcb 40 4 0 4 2 1 1 1 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 275 0 45 15 0 15 15 0 8 0 art_table 32 277 0 45 2 0 2 2 0 8 0 art_node 16 55 0 17 1 0 1 1 0 8 0 sysvmsgpl 40 58 0 35 1 0 1 1 0 8 0 semapl 112 50 0 40 1 0 1 1 0 8 0 shmpl 112 32 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2035 0 638 46 0 46 46 0 8 0 ffsino 240 2035 0 638 83 0 83 83 0 8 0 nchpl 144 2834 0 1223 60 0 60 60 0 8 0 uvmvnodes 72 2261 0 0 42 0 42 42 0 8 0 vnodes 208 2261 0 0 119 0 119 119 0 8 0 namei 1024 7860 0 7860 1 0 1 1 0 8 1 vcpupl 1984 6 0 0 1 0 1 1 0 8 0 vmpool 528 12 0 6 2 1 1 1 0 8 0 scsiplug 64 2 0 2 1 1 0 1 0 8 0 scxspl 192 9197 0 9197 1 0 1 1 0 8 1 plimitpl 152 60 0 53 1 0 1 1 0 8 0 sigapl 432 591 0 577 2 0 2 2 0 8 0 futexpl 56 10886 0 10885 1 0 1 1 0 8 0 knotepl 112 71 0 52 1 0 1 1 0 8 0 kqueuepl 104 76 0 74 1 0 1 1 0 8 0 pipelkpl 16 171 0 161 1 0 1 1 0 8 0 pipepl 120 342 0 323 1 0 1 1 0 8 0 fdescpl 432 592 0 577 2 0 2 2 0 8 0 filepl 120 4681 0 4583 5 1 4 5 0 8 0 lockfpl 104 121 0 116 1 0 1 1 0 8 0 lockfspl 48 48 0 46 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 29 0 19 1 0 1 1 0 8 0 ucredpl 96 524 0 517 1 0 1 1 0 8 0 zombiepl 144 577 0 577 1 0 1 1 0 8 1 processpl 896 608 0 577 4 0 4 4 0 8 0 procpl 624 1132 0 1090 4 0 4 4 0 8 0 sosppl 128 8 0 8 3 3 0 1 0 8 0 sockpl 400 1676 0 1655 7 3 4 6 0 8 1 mcl64k 65536 55 0 55 3 2 1 1 0 8 1 mcl16k 16384 3 0 3 3 3 0 1 0 8 0 mcl12k 12288 10 0 10 3 2 1 1 0 8 1 mcl9k 9216 4 0 4 2 2 0 1 0 8 0 mcl8k 8192 20 0 20 2 1 1 1 0 8 1 mcl4k 4096 46 0 46 3 2 1 1 0 8 1 mcl2k2 2112 4 0 4 1 1 0 1 0 8 0 mcl2k 2048 65054 0 65009 15 8 7 14 0 8 0 mtagpl 80 67 0 16 3 1 2 2 0 8 0 mbufpl 256 106490 0 106283 31 8 23 23 0 8 8 mbufpl: pool(0xffffffff82575fd8:mbufpl): free list modified: page 0xfffffd805262c000; item ordinal 7; addr 0xfffffd805262c900 (p 0xfffffd80569f3000); offset 0x0=0x0 mbufpl: pool(0xffffffff82575fd8:mbufpl): page inconsistency: page 0xfffffd805262c000; item ordinal 8; addr 0x519114 bufpl 280 7235 0 1827 387 0 387 387 0 8 0 anonpl 16 67490 0 50928 87 11 76 82 0 107 9 amapchunkpl 152 3190 0 3051 20 13 7 20 0 158 0 amappl16 192 3051 0 2143 61 14 47 57 0 8 1 amappl15 184 50 0 46 1 0 1 1 0 8 0 amappl14 176 221 0 218 1 0 1 1 0 8 0 amappl13 168 1 0 1 1 1 0 1 0 8 0 amappl12 160 4 0 3 2 1 1 1 0 8 0 amappl11 152 251 0 237 1 0 1 1 0 8 0 amappl10 144 13 0 10 1 0 1 1 0 8 0 amappl9 136 552 0 548 1 0 1 1 0 8 0 amappl8 128 114 0 92 1 0 1 1 0 8 0 amappl7 120 91 0 80 1 0 1 1 0 8 0 amappl6 112 242 0 236 1 0 1 1 0 8 0 amappl5 104 160 0 149 1 0 1 1 0 8 0 amappl4 96 807 0 776 1 0 1 1 0 8 0 amappl3 88 128 0 120 1 0 1 1 0 8 0 amappl2 80 3973 0 3897 3 1 2 3 0 8 0 amappl1 72 20172 0 19730 27 18 9 20 0 8 0 amappl 80 1373 0 1325 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 33 0 0 1 0 1 1 0 8 0 uaddrrnd 24 604 0 583 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 604 0 583 1 0 1 1 0 8 0 vmmpekpl 168 7863 0 7835 2 0 2 2 0 8 0 vmmpepl 168 76911 0 74793 121 25 96 109 0 357 3 vmsppl 272 603 0 583 3 1 2 2 0 8 0 pdppl 4096 1214 0 1172 7 1 6 6 0 8 0 pvpl 32 207190 0 187550 200 12 188 194 0 265 29 pmappl 200 603 0 583 2 0 2 2 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 185 0 31 5 0 5 5 0 8 0