uvm_fault(0xffffffff827c8bb0, 0xffff91316027c1c0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff827c8bb0, 0xffff91316027c1c0, 0, 1) -> e pool_do_put(ffffffff827d16a0,fffffd8064513100) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff80001e7881a0, count: 0 ddb> trace pool_do_put(ffffffff827d16a0,fffffd8064513100) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff827d16a0,fffffd8064513100) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8064513100) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000b17a00,800100,ffff800000b17a40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000b17a00,ffff800000ad3000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ad3000,ffff80001e788700,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e788700,ffff800000ad3000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd8062365af0,8080691a,ffff80001e788700,ffff80001d6c2608) at ifioctl+0xe60 sys/net/if.c:2288 sys_ioctl(ffff80001d6c2608,ffff80001e788818,ffff80001e788860) at sys_ioctl+0x4a1 syscall(ffff80001e7888e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8a930441cc0, count: -11 ddb> show registers rdi 0xffffffff814ee285 pool_do_put+0x125 rsi 0x13c rbp 0xffff80001e788150 rbx 0xffff91316027c1b8 rdx 0x13d rcx 0xffff80001e7a9000 rax 0xffff80001e7a9000 r8 0x4 r9 0x5 r10 0xbea3bf082bdcbe7c r11 0xc9571ef0db582f4b r12 0xfffffd8064513100 r13 0x7e2991316027c1b8 r14 0xffffffff827d16a0 mbpool r15 0xfffffd805bc7b730 rip 0xffffffff814ee28e pool_do_put+0x12e cs 0x8 rflags 0x10216 __ALIGN_SIZE+0xf216 rsp 0xffff80001e7880a0 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) pid=107442 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6c2398,0xffffffff827f9938 process=0xffff8000ffffa010 user=0xffff80001e783000, vmspace=0xfffffd806bc0add0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 44665 354958 27798 0 2 0 syz-executor.0 *44665 107442 27798 0 7 0x4000000 syz-executor.0 79529 245004 22139 0 3 0x2 biowait syz-executor.1 51909 335648 0 0 3 0x14200 bored sosplice 27798 69965 22139 0 3 0x82 nanosleep syz-executor.0 22139 53141 58232 0 3 0x82 thrsleep syz-fuzzer 22139 250162 58232 0 3 0x4000082 nanosleep syz-fuzzer 22139 463903 58232 0 3 0x4000082 kqread syz-fuzzer 22139 383003 58232 0 3 0x4000082 thrsleep syz-fuzzer 22139 443548 58232 0 3 0x4000082 thrsleep syz-fuzzer 22139 340609 58232 0 3 0x4000082 thrsleep syz-fuzzer 22139 94000 58232 0 3 0x4000082 thrsleep syz-fuzzer 22139 288215 58232 0 3 0x4000082 thrsleep syz-fuzzer 58232 318122 40324 0 3 0x10008a pause ksh 40324 392274 26007 0 3 0x92 select sshd 47562 202106 1 0 3 0x100083 ttyin getty 26007 211586 1 0 3 0x80 select sshd 67338 435345 63797 73 3 0x100090 kqread syslogd 63797 160584 1 0 3 0x100082 netio syslogd 90238 264320 1 77 3 0x100090 poll dhclient 35164 306073 1 0 3 0x80 poll dhclient 90348 382452 0 0 3 0x14200 bored smr 74601 356628 0 0 2 0x14200 zerothread 32358 349 0 0 3 0x14200 aiodoned aiodoned 85966 207642 0 0 3 0x14200 syncer update 52590 356034 0 0 3 0x14200 cleaner cleaner 88014 161024 0 0 3 0x14200 reaper reaper 39882 384049 0 0 3 0x14200 pgdaemon pagedaemon 32065 476879 0 0 3 0x14200 bored crynlk 46744 401897 0 0 3 0x14200 bored crypto 57040 134350 0 0 3 0x40014200 acpi0 acpi0 88720 158312 0 0 3 0x14200 bored softnet 92503 185503 0 0 3 0x14200 bored systqmp 79147 47550 0 0 3 0x14200 bored systq 67314 278117 0 0 3 0x40014200 bored softclock 54113 167212 0 0 3 0x40014200 idle0 1 257278 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9480 6335K 6592K 78643K 10784 0 pcb 13 8K 8K 78643K 27 0 rtable 108 3K 4K 78643K 258 0 ifaddr 60 12K 13K 78643K 84 0 counters 21 16K 16K 78643K 25 0 ioctlops 0 0K 4K 78643K 22 0 iov 0 0K 12K 78643K 16 0 mount 1 1K 1K 78643K 1 0 vnodes 1218 77K 77K 78643K 1296 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 3 0 VM map 2 0K 0K 78643K 2 0 sem 11 0K 1K 78643K 24 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 146 0 proc 48 38K 54K 78643K 404 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 6 0 in_multi 49 3K 3K 78643K 67 0 ether_multi 1 0K 0K 78643K 4 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 37 175K 175K 78643K 37 0 exec 0 0K 1K 78643K 204 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 131 23K 23K 78643K 1205 0 UVM aobj 8 2K 2K 78643K 8 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 12 0 NDP 11 0K 0K 78643K 19 0 temp 81 3841K 3905K 78643K 9764 0 kqueue 3 4K 12K 78643K 7 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 2 1 0 1 1 0 8 0 rtpcb 80 27 0 25 1 0 1 1 0 8 0 rtentry 112 56 0 12 2 0 2 2 0 8 0 unpcb 120 89 0 81 1 0 1 1 0 8 0 syncache 264 6 0 6 2 1 1 1 0 8 1 tcpqe 32 110 0 110 2 1 1 1 0 8 1 tcpcb 544 48 0 44 1 0 1 1 0 8 0 inpcb 280 113 0 105 1 0 1 1 0 8 0 nd6 48 9 0 3 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 0 1 1 0 8 1 ppxss 1128 1 0 1 1 0 1 1 0 8 1 pfrule 1360 4 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 232 0 44 12 0 12 12 0 8 0 art_table 32 233 0 44 2 0 2 2 0 8 0 art_node 16 55 0 15 1 0 1 1 0 8 0 sysvmsgpl 40 3 0 3 2 1 1 1 0 8 1 semupl 112 2 0 2 1 0 1 1 0 8 1 semapl 112 14 0 5 1 0 1 1 0 8 0 shmpl 112 6 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1561 0 164 88 0 88 88 0 8 0 ffsino 240 1561 0 164 83 0 83 83 0 8 0 nchpl 144 1915 0 328 60 0 60 60 0 8 0 uvmvnodes 72 1655 0 0 31 0 31 31 0 8 0 vnodes 208 1655 0 0 88 0 88 88 0 8 0 namei 1024 5030 0 5030 1 0 1 1 0 8 1 scxspl 192 5557 0 5556 1 0 1 1 0 8 0 plimitpl 152 22 0 15 1 0 1 1 0 8 0 sigapl 424 330 0 301 4 0 4 4 0 8 0 futexpl 56 1995 0 1995 1 0 1 1 0 8 1 knotepl 112 79 0 60 1 0 1 1 0 8 0 kqueuepl 144 22 0 20 1 0 1 1 0 8 0 pipelkpl 16 86 0 76 1 0 1 1 0 8 0 pipepl 120 172 0 153 1 0 1 1 0 8 0 fdescpl 432 315 0 301 2 0 2 2 0 8 0 filepl 120 1706 0 1610 4 0 4 4 0 8 1 lockfpl 104 37 0 36 1 0 1 1 0 8 0 lockfspl 48 14 0 13 1 0 1 1 0 8 0 sessionpl 112 18 0 8 1 0 1 1 0 8 0 pgrppl 48 20 0 10 1 0 1 1 0 8 0 ucredpl 96 137 0 130 1 0 1 1 0 8 0 zombiepl 144 301 0 301 1 0 1 1 0 8 1 processpl 920 330 0 301 4 0 4 4 0 8 0 procpl 624 465 0 428 4 0 4 4 0 8 0 sosppl 128 2 0 2 1 0 1 1 0 8 1 sockpl 400 231 0 213 4 1 3 3 0 8 1 mcl64k 65536 8 0 8 2 1 1 1 0 8 1 mcl16k 16384 2 0 2 1 0 1 1 0 8 1 mcl12k 12288 1 0 1 1 0 1 1 0 8 1 mcl9k 9216 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 5 0 5 2 1 1 1 0 8 1 mcl4k 4096 16 0 16 3 2 1 1 0 8 1 mcl2k 2048 75283 0 75234 17 10 7 15 0 8 0 mtagpl 80 8 0 2 2 1 1 1 0 8 0 mbufpl 256 119975 0 119880 11 2 9 9 0 8 0 mbufpl: pool(0xffffffff827d16a0:mbufpl): free list modified: page 0xfffffd8064513000; item ordinal 7; addr 0xfffffd8064513200 (p 0xfffffd805bc7b000); offset 0x0=0x0 mbufpl: pool(0xffffffff827d16a0:mbufpl): page inconsistency: page 0xfffffd8064513000; item ordinal 8; addr 0xffff91316027c1b8 bufpl 280 3470 0 125 239 0 239 239 0 8 0 anonpl 16 53442 0 41264 78 2 76 76 0 107 9 amapchunkpl 152 1607 0 1477 8 1 7 8 0 158 0 amappl16 192 1867 0 970 57 4 53 57 0 8 8 amappl15 184 49 0 47 1 0 1 1 0 8 0 amappl14 176 75 0 70 1 0 1 1 0 8 0 amappl13 168 37 0 32 1 0 1 1 0 8 0 amappl12 160 10 0 7 1 0 1 1 0 8 0 amappl11 152 97 0 88 1 0 1 1 0 8 0 amappl10 144 12 0 8 1 0 1 1 0 8 0 amappl9 136 382 0 379 1 0 1 1 0 8 0 amappl8 128 353 0 306 2 0 2 2 0 8 0 amappl7 120 112 0 102 1 0 1 1 0 8 0 amappl6 112 25 0 20 1 0 1 1 0 8 0 amappl5 104 256 0 244 1 0 1 1 0 8 0 amappl4 96 438 0 409 1 0 1 1 0 8 0 amappl3 88 153 0 147 1 0 1 1 0 8 0 amappl2 80 1658 0 1596 2 0 2 2 0 8 0 amappl1 72 15726 0 15320 23 13 10 17 0 8 0 amappl 80 705 0 661 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 7 0 0 1 0 1 1 0 8 0 uaddrrnd 24 315 0 301 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 315 0 301 1 0 1 1 0 8 0 vmmpekpl 168 6234 0 6208 2 0 2 2 0 8 0 vmmpepl 168 46200 0 44218 159 19 140 152 0 357 51 vmsppl 272 314 0 301 2 1 1 2 0 8 0 pdppl 4096 636 0 602 6 1 5 6 0 8 0 pvpl 32 158360 0 143210 181 0 181 181 0 265 24 pmappl 200 314 0 301 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 244 0 21 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff827d16a0,fffffd8064513100) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff827d16a0,fffffd8064513100) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8064513100) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000b17a00,800100,ffff800000b17a40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000b17a00,ffff800000ad3000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ad3000,ffff80001e788700,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e788700,ffff800000ad3000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd8062365af0,8080691a,ffff80001e788700,ffff80001d6c2608) at ifioctl+0xe60 sys/net/if.c:2288 sys_ioctl(ffff80001d6c2608,ffff80001e788818,ffff80001e788860) at sys_ioctl+0x4a1 syscall(ffff80001e7888e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8a930441cc0, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff827d16a0,fffffd8064513100) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff827d16a0,fffffd8064513100) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8064513100) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000b17a00,800100,ffff800000b17a40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000b17a00,ffff800000ad3000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ad3000,ffff80001e788700,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e788700,ffff800000ad3000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd8062365af0,8080691a,ffff80001e788700,ffff80001d6c2608) at ifioctl+0xe60 sys/net/if.c:2288 sys_ioctl(ffff80001d6c2608,ffff80001e788818,ffff80001e788860) at sys_ioctl+0x4a1 syscall(ffff80001e7888e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8a930441cc0, count: -11