uvm_fault(0xfffffd8053b2cab0, 0xe141, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd8053b2cab0, 0xe141, 0, 1) -> e pool_do_put(ffffffff828100c8,fffffd8057b7ae00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff80001e7a5d80, count: 0 ddb> trace pool_do_put(ffffffff828100c8,fffffd8057b7ae00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff828100c8,fffffd8057b7ae00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8057b7ae00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000b02400,800100,ffff800000b02440,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000b02400,ffff800000ace800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ace800,ffff80001e7a62e0,0) at in6_update_ifa+0x13e7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e7a62e0,ffff800000ace800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805da6bc88,8080691a,ffff80001e7a62e0,ffff80001d6c1768) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d6c1768,ffff80001e7a63f8,ffff80001e7a6440) at sys_ioctl+0x4a1 syscall(ffff80001e7a64c0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2c7c85929e0, count: -11 ddb> show registers rdi 0xffffffff819da595 pool_do_put+0x125 rsi 0x143 rbp 0xffff80001e7a5d30 rbx 0xe139 __ALIGN_SIZE+0xd139 rdx 0x144 rcx 0xffff80001f983000 rax 0xffff80001f983000 r8 0x4 r9 0x5 r10 0x44af9f5ec64f8c08 r11 0x682701a937553e48 r12 0xfffffd8057b7ae00 r13 0xc7b19430a8be139 r14 0xffffffff828100c8 mbpool r15 0xfffffd805bb11960 rip 0xffffffff819da59e pool_do_put+0x12e cs 0x8 rflags 0x10292 __ALIGN_SIZE+0xf292 rsp 0xffff80001e7a5c80 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.1) pid=102058 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6c1288,0xffffffff827f9fc0 process=0xffff8000ffff9940 user=0xffff80001e7a1000, vmspace=0xfffffd8053b2cab0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 51196 302169 38466 0 2 0 syz-executor.1 *51196 102058 38466 0 7 0x4000000 syz-executor.1 84545 467362 0 0 3 0x14200 acct acct 38466 85770 94252 0 3 0x82 nanosleep syz-executor.1 61927 336391 94252 0 3 0x2 biowait syz-executor.0 94252 268348 59198 0 3 0x82 kqread syz-fuzzer 94252 368993 59198 0 3 0x4000082 nanosleep syz-fuzzer 94252 462899 59198 0 3 0x4000082 thrsleep syz-fuzzer 94252 281882 59198 0 3 0x4000082 thrsleep syz-fuzzer 94252 421782 59198 0 3 0x4000082 thrsleep syz-fuzzer 94252 253496 59198 0 3 0x4000082 thrsleep syz-fuzzer 94252 470844 59198 0 3 0x4000082 thrsleep syz-fuzzer 94252 369607 59198 0 3 0x4000082 thrsleep syz-fuzzer 59198 182834 39592 0 3 0x10008a pause ksh 39592 342599 24686 0 3 0x92 select sshd 97489 195292 1 0 3 0x100083 ttyin getty 24686 122086 1 0 3 0x80 select sshd 46783 4915 94315 73 3 0x100090 kqread syslogd 94315 56471 1 0 3 0x100082 netio syslogd 27454 86136 1 77 3 0x100090 poll dhclient 58822 389985 1 0 3 0x80 poll dhclient 87738 106489 0 0 3 0x14200 bored smr 7677 86084 0 0 2 0x14200 zerothread 15999 296082 0 0 3 0x14200 aiodoned aiodoned 48170 98916 0 0 3 0x14200 syncer update 49480 168053 0 0 3 0x14200 cleaner cleaner 94713 33992 0 0 3 0x14200 reaper reaper 27257 507260 0 0 3 0x14200 pgdaemon pagedaemon 94862 41201 0 0 3 0x14200 bored crynlk 9386 475638 0 0 3 0x14200 bored crypto 60614 45855 0 0 3 0x40014200 acpi0 acpi0 43145 473561 0 0 3 0x14200 bored softnet 18908 5986 0 0 3 0x14200 bored systqmp 49613 371805 0 0 3 0x14200 bored systq 69145 65167 0 0 3 0x40014200 bored softclock 99902 241775 0 0 3 0x40014200 idle0 1 6800 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9497 6594K 6845K 78643K 10853 0 pcb 13 8K 8K 78643K 39 0 rtable 108 3K 7K 78643K 302 0 ifaddr 64 13K 14K 78643K 95 0 counters 21 16K 16K 78643K 23 0 ioctlops 0 0K 4K 78643K 45 0 iov 0 0K 28K 78643K 26 0 mount 1 1K 1K 78643K 1 0 vnodes 1216 76K 77K 78643K 1297 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 4 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 1K 78643K 26 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 189 0 sigio 0 0K 0K 78643K 2 0 proc 49 38K 54K 78643K 382 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 8 0 in_multi 51 2K 2K 78643K 94 0 ether_multi 1 0K 0K 78643K 4 0 mrt 0 0K 0K 78643K 5 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 183 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 124 39K 39K 78643K 1281 0 UVM aobj 6 2K 2K 78643K 8 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 22 0 NDP 9 0K 0K 78643K 18 0 temp 81 3849K 3913K 78643K 3027 0 kqueue 3 4K 22K 78643K 16 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 80 41 0 39 1 0 1 1 0 8 0 rtentry 112 61 0 16 2 0 2 2 0 8 0 unpcb 120 149 0 141 1 0 1 1 0 8 0 syncache 264 8 0 8 2 1 1 1 0 8 1 tcpqe 32 202 0 202 2 2 0 1 0 8 0 tcpcb 544 78 0 74 2 0 2 2 0 8 1 inpcb 296 417 0 409 3 0 3 3 0 8 2 rttmr 72 2 0 2 1 1 0 1 0 8 0 nd6 48 14 0 9 1 0 1 1 0 8 0 pkpcb 40 4 0 4 1 0 1 1 0 8 1 pfrktable 1344 24 0 24 1 0 1 1 0 8 1 pftag 88 10 0 8 1 0 1 1 0 8 0 pfrule 1360 10 0 6 1 0 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 226 0 40 14 0 14 14 0 8 0 art_table 32 228 0 40 2 0 2 2 0 8 0 art_node 16 60 0 18 1 0 1 1 0 8 0 sysvmsgpl 40 3 0 1 1 0 1 1 0 8 0 semupl 112 3 0 3 1 0 1 1 0 8 1 semapl 112 22 0 12 1 0 1 1 0 8 0 shmpl 112 6 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1651 0 253 88 0 88 88 0 8 0 ffsino 240 1651 0 253 83 0 83 83 0 8 0 nchpl 144 2107 0 506 60 0 60 60 0 8 0 uvmvnodes 72 1747 0 0 32 0 32 32 0 8 0 vnodes 208 1747 0 0 92 0 92 92 0 8 0 namei 1024 5476 0 5476 1 0 1 1 0 8 1 vcpupl 1984 2 0 0 1 0 1 1 0 8 0 vmpool 528 6 0 4 2 1 1 1 0 8 0 pfiaddrpl 120 6 0 6 1 1 0 1 0 8 0 scxspl 192 6614 0 6613 1 0 1 1 0 8 0 plimitpl 152 32 0 25 1 0 1 1 0 8 0 sigapl 424 376 0 347 4 0 4 4 0 8 0 futexpl 56 3793 0 3793 1 0 1 1 0 8 1 knotepl 112 137 0 118 2 0 2 2 0 8 1 kqueuepl 144 34 0 32 1 0 1 1 0 8 0 pipelkpl 16 94 0 84 1 0 1 1 0 8 0 pipepl 120 188 0 169 1 0 1 1 0 8 0 fdescpl 432 361 0 347 2 0 2 2 0 8 0 filepl 120 2200 0 2104 4 0 4 4 0 8 1 lockfpl 104 44 0 43 1 0 1 1 0 8 0 lockfspl 48 18 0 17 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 25 0 15 1 0 1 1 0 8 0 ucredpl 96 193 0 186 1 0 1 1 0 8 0 zombiepl 144 347 0 347 1 0 1 1 0 8 1 processpl 920 376 0 347 4 0 4 4 0 8 0 procpl 624 581 0 544 4 0 4 4 0 8 0 sockpl 400 611 0 593 5 0 5 5 0 8 3 mcl64k 65536 13 0 13 1 0 1 1 0 8 1 mcl16k 16384 2 0 2 1 0 1 1 0 8 1 mcl12k 12288 6 0 6 1 0 1 1 0 8 1 mcl9k 9216 1 0 1 1 1 0 1 0 8 0 mcl8k 8192 2 0 2 1 0 1 1 0 8 1 mcl4k 4096 20 0 20 2 1 1 1 0 8 1 mcl2k2 2112 2 0 2 1 0 1 1 0 8 1 mcl2k 2048 77764 0 77712 21 14 7 18 0 8 0 mtagpl 96 36 0 2 2 1 1 1 0 8 0 mbufpl 256 124167 0 123957 18 1 17 17 0 8 3 mbufpl: pool(0xffffffff828100c8:mbufpl): free list modified: page 0xfffffd8057b7a000; item ordinal 0; addr 0xfffffd8057b7af00 (p 0xfffffd805bb11000); offset 0x0=0x0 mbufpl: pool(0xffffffff828100c8:mbufpl): page inconsistency: page 0xfffffd8057b7a000; item ordinal 1; addr 0xe139 bufpl 280 4054 0 130 281 0 281 281 0 8 0 anonpl 16 47903 0 31459 69 2 67 67 0 107 0 amapchunkpl 152 1724 0 1589 13 2 11 13 0 158 4 amappl16 192 1717 0 808 46 0 46 46 0 8 0 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 33 0 26 1 0 1 1 0 8 0 amappl13 168 26 0 23 1 0 1 1 0 8 0 amappl12 160 21 0 18 1 0 1 1 0 8 0 amappl11 152 120 0 110 1 0 1 1 0 8 0 amappl10 144 15 0 11 1 0 1 1 0 8 0 amappl9 136 448 0 445 1 0 1 1 0 8 0 amappl8 128 392 0 353 2 0 2 2 0 8 0 amappl7 120 105 0 94 1 0 1 1 0 8 0 amappl6 112 97 0 94 1 0 1 1 0 8 0 amappl5 104 306 0 294 1 0 1 1 0 8 0 amappl4 96 421 0 393 1 0 1 1 0 8 0 amappl3 88 109 0 104 1 0 1 1 0 8 0 amappl2 80 2075 0 2008 2 0 2 2 0 8 0 amappl1 72 15838 0 15429 23 13 10 17 0 8 0 amappl 80 809 0 767 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 7 0 2 1 0 1 1 0 8 0 uaddrrnd 24 367 0 351 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 367 0 351 1 0 1 1 0 8 0 vmmpekpl 168 6449 0 6422 2 0 2 2 0 8 0 vmmpepl 168 49990 0 47989 118 14 104 112 0 357 16 vmsppl 272 366 0 351 3 1 2 2 0 8 0 pdppl 4096 740 0 704 6 1 5 6 0 8 0 pvpl 32 160956 0 141783 167 0 167 167 0 265 11 pmappl 200 366 0 351 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 258 0 20 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff828100c8,fffffd8057b7ae00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff828100c8,fffffd8057b7ae00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8057b7ae00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000b02400,800100,ffff800000b02440,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000b02400,ffff800000ace800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ace800,ffff80001e7a62e0,0) at in6_update_ifa+0x13e7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e7a62e0,ffff800000ace800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805da6bc88,8080691a,ffff80001e7a62e0,ffff80001d6c1768) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d6c1768,ffff80001e7a63f8,ffff80001e7a6440) at sys_ioctl+0x4a1 syscall(ffff80001e7a64c0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2c7c85929e0, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff828100c8,fffffd8057b7ae00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff828100c8,fffffd8057b7ae00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8057b7ae00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000b02400,800100,ffff800000b02440,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000b02400,ffff800000ace800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ace800,ffff80001e7a62e0,0) at in6_update_ifa+0x13e7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e7a62e0,ffff800000ace800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805da6bc88,8080691a,ffff80001e7a62e0,ffff80001d6c1768) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d6c1768,ffff80001e7a63f8,ffff80001e7a6440) at sys_ioctl+0x4a1 syscall(ffff80001e7a64c0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2c7c85929e0, count: -11