uvm_fault(0xffffffff827c8bb0, 0xffff91316027c1c0, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xffffffff827c8bb0, 0xffff91316027c1c0, 0, 1) -> e
pool_do_put(ffffffff827d16a0,fffffd8064513100) at pool_do_put+0x12e sys/kern/subr_pool.c:836
end trace frame: 0xffff80001e7881a0, count: 0
ddb> trace
pool_do_put(ffffffff827d16a0,fffffd8064513100) at pool_do_put+0x12e sys/kern/subr_pool.c:836
pool_put(ffffffff827d16a0,fffffd8064513100) at pool_put+0x4b sys/kern/subr_pool.c:794
m_free(fffffd8064513100) at m_free+0x119 sys/kern/uipc_mbuf.c:459
rt_ifa_del(ffff800000b17a00,800100,ffff800000b17a40,0) at rt_ifa_del+0x402 sys/net/route.c:1197
in6_unlink_ifa(ffff800000b17a00,ffff800000ad3000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943
in6_update_ifa(ffff800000ad3000,ffff80001e788700,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875
in6_ioctl_change_ifaddr(8080691a,ffff80001e788700,ffff800000ad3000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352
ifioctl(fffffd8062365af0,8080691a,ffff80001e788700,ffff80001d6c2608) at ifioctl+0xe60 sys/net/if.c:2288
sys_ioctl(ffff80001d6c2608,ffff80001e788818,ffff80001e788860) at sys_ioctl+0x4a1
syscall(ffff80001e7888e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x8a930441cc0, count: -11
ddb> show registers
rdi 0xffffffff814ee285 pool_do_put+0x125
rsi 0x13c
rbp 0xffff80001e788150
rbx 0xffff91316027c1b8
rdx 0x13d
rcx 0xffff80001e7a9000
rax 0xffff80001e7a9000
r8 0x4
r9 0x5
r10 0xbea3bf082bdcbe7c
r11 0xc9571ef0db582f4b
r12 0xfffffd8064513100
r13 0x7e2991316027c1b8
r14 0xffffffff827d16a0 mbpool
r15 0xfffffd805bc7b730
rip 0xffffffff814ee28e pool_do_put+0x12e
cs 0x8
rflags 0x10216 __ALIGN_SIZE+0xf216
rsp 0xffff80001e7880a0
ss 0x10
pool_do_put+0x12e: movq 0x8(%rbx),%rbx
ddb> show proc
PROC (syz-executor.0) pid=107442 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff80001d6c2398,0xffffffff827f9938
process=0xffff8000ffffa010 user=0xffff80001e783000, vmspace=0xfffffd806bc0add0
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
44665 354958 27798 0 2 0 syz-executor.0
*44665 107442 27798 0 7 0x4000000 syz-executor.0
79529 245004 22139 0 3 0x2 biowait syz-executor.1
51909 335648 0 0 3 0x14200 bored sosplice
27798 69965 22139 0 3 0x82 nanosleep syz-executor.0
22139 53141 58232 0 3 0x82 thrsleep syz-fuzzer
22139 250162 58232 0 3 0x4000082 nanosleep syz-fuzzer
22139 463903 58232 0 3 0x4000082 kqread syz-fuzzer
22139 383003 58232 0 3 0x4000082 thrsleep syz-fuzzer
22139 443548 58232 0 3 0x4000082 thrsleep syz-fuzzer
22139 340609 58232 0 3 0x4000082 thrsleep syz-fuzzer
22139 94000 58232 0 3 0x4000082 thrsleep syz-fuzzer
22139 288215 58232 0 3 0x4000082 thrsleep syz-fuzzer
58232 318122 40324 0 3 0x10008a pause ksh
40324 392274 26007 0 3 0x92 select sshd
47562 202106 1 0 3 0x100083 ttyin getty
26007 211586 1 0 3 0x80 select sshd
67338 435345 63797 73 3 0x100090 kqread syslogd
63797 160584 1 0 3 0x100082 netio syslogd
90238 264320 1 77 3 0x100090 poll dhclient
35164 306073 1 0 3 0x80 poll dhclient
90348 382452 0 0 3 0x14200 bored smr
74601 356628 0 0 2 0x14200 zerothread
32358 349 0 0 3 0x14200 aiodoned aiodoned
85966 207642 0 0 3 0x14200 syncer update
52590 356034 0 0 3 0x14200 cleaner cleaner
88014 161024 0 0 3 0x14200 reaper reaper
39882 384049 0 0 3 0x14200 pgdaemon pagedaemon
32065 476879 0 0 3 0x14200 bored crynlk
46744 401897 0 0 3 0x14200 bored crypto
57040 134350 0 0 3 0x40014200 acpi0 acpi0
88720 158312 0 0 3 0x14200 bored softnet
92503 185503 0 0 3 0x14200 bored systqmp
79147 47550 0 0 3 0x14200 bored systq
67314 278117 0 0 3 0x40014200 bored softclock
54113 167212 0 0 3 0x40014200 idle0
1 257278 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9480 6335K 6592K 78643K 10784 0
pcb 13 8K 8K 78643K 27 0
rtable 108 3K 4K 78643K 258 0
ifaddr 60 12K 13K 78643K 84 0
counters 21 16K 16K 78643K 25 0
ioctlops 0 0K 4K 78643K 22 0
iov 0 0K 12K 78643K 16 0
mount 1 1K 1K 78643K 1 0
vnodes 1218 77K 77K 78643K 1296 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 3 0
VM map 2 0K 0K 78643K 2 0
sem 11 0K 1K 78643K 24 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 195K 288K 78643K 12938 0
file desc 5 13K 25K 78643K 146 0
proc 48 38K 54K 78643K 404 0
subproc 32 2K 2K 78643K 51 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 6 0
in_multi 49 3K 3K 78643K 67 0
ether_multi 1 0K 0K 78643K 4 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 37 175K 175K 78643K 37 0
exec 0 0K 1K 78643K 204 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 131 23K 23K 78643K 1205 0
UVM aobj 8 2K 2K 78643K 8 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 12 0
NDP 11 0K 0K 78643K 19 0
temp 81 3841K 3905K 78643K 9764 0
kqueue 3 4K 12K 78643K 7 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 8 0 2 1 0 1 1 0 8 0
rtpcb 80 27 0 25 1 0 1 1 0 8 0
rtentry 112 56 0 12 2 0 2 2 0 8 0
unpcb 120 89 0 81 1 0 1 1 0 8 0
syncache 264 6 0 6 2 1 1 1 0 8 1
tcpqe 32 110 0 110 2 1 1 1 0 8 1
tcpcb 544 48 0 44 1 0 1 1 0 8 0
inpcb 280 113 0 105 1 0 1 1 0 8 0
nd6 48 9 0 3 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 0 1 1 0 8 1
ppxss 1128 1 0 1 1 0 1 1 0 8 1
pfrule 1360 4 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 232 0 44 12 0 12 12 0 8 0
art_table 32 233 0 44 2 0 2 2 0 8 0
art_node 16 55 0 15 1 0 1 1 0 8 0
sysvmsgpl 40 3 0 3 2 1 1 1 0 8 1
semupl 112 2 0 2 1 0 1 1 0 8 1
semapl 112 14 0 5 1 0 1 1 0 8 0
shmpl 112 6 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1561 0 164 88 0 88 88 0 8 0
ffsino 240 1561 0 164 83 0 83 83 0 8 0
nchpl 144 1915 0 328 60 0 60 60 0 8 0
uvmvnodes 72 1655 0 0 31 0 31 31 0 8 0
vnodes 208 1655 0 0 88 0 88 88 0 8 0
namei 1024 5030 0 5030 1 0 1 1 0 8 1
scxspl 192 5557 0 5556 1 0 1 1 0 8 0
plimitpl 152 22 0 15 1 0 1 1 0 8 0
sigapl 424 330 0 301 4 0 4 4 0 8 0
futexpl 56 1995 0 1995 1 0 1 1 0 8 1
knotepl 112 79 0 60 1 0 1 1 0 8 0
kqueuepl 144 22 0 20 1 0 1 1 0 8 0
pipelkpl 16 86 0 76 1 0 1 1 0 8 0
pipepl 120 172 0 153 1 0 1 1 0 8 0
fdescpl 432 315 0 301 2 0 2 2 0 8 0
filepl 120 1706 0 1610 4 0 4 4 0 8 1
lockfpl 104 37 0 36 1 0 1 1 0 8 0
lockfspl 48 14 0 13 1 0 1 1 0 8 0
sessionpl 112 18 0 8 1 0 1 1 0 8 0
pgrppl 48 20 0 10 1 0 1 1 0 8 0
ucredpl 96 137 0 130 1 0 1 1 0 8 0
zombiepl 144 301 0 301 1 0 1 1 0 8 1
processpl 920 330 0 301 4 0 4 4 0 8 0
procpl 624 465 0 428 4 0 4 4 0 8 0
sosppl 128 2 0 2 1 0 1 1 0 8 1
sockpl 400 231 0 213 4 1 3 3 0 8 1
mcl64k 65536 8 0 8 2 1 1 1 0 8 1
mcl16k 16384 2 0 2 1 0 1 1 0 8 1
mcl12k 12288 1 0 1 1 0 1 1 0 8 1
mcl9k 9216 1 0 1 1 0 1 1 0 8 1
mcl8k 8192 5 0 5 2 1 1 1 0 8 1
mcl4k 4096 16 0 16 3 2 1 1 0 8 1
mcl2k 2048 75283 0 75234 17 10 7 15 0 8 0
mtagpl 80 8 0 2 2 1 1 1 0 8 0
mbufpl 256 119975 0 119880 11 2 9 9 0 8 0
mbufpl: pool(0xffffffff827d16a0:mbufpl): free list modified: page 0xfffffd8064513000; item ordinal 7; addr 0xfffffd8064513200 (p 0xfffffd805bc7b000); offset 0x0=0x0
mbufpl: pool(0xffffffff827d16a0:mbufpl): page inconsistency: page 0xfffffd8064513000; item ordinal 8; addr 0xffff91316027c1b8
bufpl 280 3470 0 125 239 0 239 239 0 8 0
anonpl 16 53442 0 41264 78 2 76 76 0 107 9
amapchunkpl 152 1607 0 1477 8 1 7 8 0 158 0
amappl16 192 1867 0 970 57 4 53 57 0 8 8
amappl15 184 49 0 47 1 0 1 1 0 8 0
amappl14 176 75 0 70 1 0 1 1 0 8 0
amappl13 168 37 0 32 1 0 1 1 0 8 0
amappl12 160 10 0 7 1 0 1 1 0 8 0
amappl11 152 97 0 88 1 0 1 1 0 8 0
amappl10 144 12 0 8 1 0 1 1 0 8 0
amappl9 136 382 0 379 1 0 1 1 0 8 0
amappl8 128 353 0 306 2 0 2 2 0 8 0
amappl7 120 112 0 102 1 0 1 1 0 8 0
amappl6 112 25 0 20 1 0 1 1 0 8 0
amappl5 104 256 0 244 1 0 1 1 0 8 0
amappl4 96 438 0 409 1 0 1 1 0 8 0
amappl3 88 153 0 147 1 0 1 1 0 8 0
amappl2 80 1658 0 1596 2 0 2 2 0 8 0
amappl1 72 15726 0 15320 23 13 10 17 0 8 0
amappl 80 705 0 661 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 7 0 0 1 0 1 1 0 8 0
uaddrrnd 24 315 0 301 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 315 0 301 1 0 1 1 0 8 0
vmmpekpl 168 6234 0 6208 2 0 2 2 0 8 0
vmmpepl 168 46200 0 44218 159 19 140 152 0 357 51
vmsppl 272 314 0 301 2 1 1 2 0 8 0
pdppl 4096 636 0 602 6 1 5 6 0 8 0
pvpl 32 158360 0 143210 181 0 181 181 0 265 24
pmappl 200 314 0 301 1 0 1 1 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 244 0 21 7 0 7 7 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
pool_do_put(ffffffff827d16a0,fffffd8064513100) at pool_do_put+0x12e sys/kern/subr_pool.c:836
pool_put(ffffffff827d16a0,fffffd8064513100) at pool_put+0x4b sys/kern/subr_pool.c:794
m_free(fffffd8064513100) at m_free+0x119 sys/kern/uipc_mbuf.c:459
rt_ifa_del(ffff800000b17a00,800100,ffff800000b17a40,0) at rt_ifa_del+0x402 sys/net/route.c:1197
in6_unlink_ifa(ffff800000b17a00,ffff800000ad3000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943
in6_update_ifa(ffff800000ad3000,ffff80001e788700,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875
in6_ioctl_change_ifaddr(8080691a,ffff80001e788700,ffff800000ad3000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352
ifioctl(fffffd8062365af0,8080691a,ffff80001e788700,ffff80001d6c2608) at ifioctl+0xe60 sys/net/if.c:2288
sys_ioctl(ffff80001d6c2608,ffff80001e788818,ffff80001e788860) at sys_ioctl+0x4a1
syscall(ffff80001e7888e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x8a930441cc0, count: -11
ddb> machine ddbcpu 1
No such command
ddb> trace
pool_do_put(ffffffff827d16a0,fffffd8064513100) at pool_do_put+0x12e sys/kern/subr_pool.c:836
pool_put(ffffffff827d16a0,fffffd8064513100) at pool_put+0x4b sys/kern/subr_pool.c:794
m_free(fffffd8064513100) at m_free+0x119 sys/kern/uipc_mbuf.c:459
rt_ifa_del(ffff800000b17a00,800100,ffff800000b17a40,0) at rt_ifa_del+0x402 sys/net/route.c:1197
in6_unlink_ifa(ffff800000b17a00,ffff800000ad3000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943
in6_update_ifa(ffff800000ad3000,ffff80001e788700,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875
in6_ioctl_change_ifaddr(8080691a,ffff80001e788700,ffff800000ad3000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352
ifioctl(fffffd8062365af0,8080691a,ffff80001e788700,ffff80001d6c2608) at ifioctl+0xe60 sys/net/if.c:2288
sys_ioctl(ffff80001d6c2608,ffff80001e788818,ffff80001e788860) at sys_ioctl+0x4a1
syscall(ffff80001e7888e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x8a930441cc0, count: -11