uvm_fault(0xffffffff8252ad50, 0xfffffde467f62e69, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff8252ad50, 0xfffffde467f62e69, 0, 1) -> e pool_do_put(ffffffff825b1e50,fffffd8051d61b00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff80001d3fc230, count: 0 ddb> trace pool_do_put(ffffffff825b1e50,fffffd8051d61b00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff825b1e50,fffffd8051d61b00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8051d61b00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff8000009c7100,800100,ffff8000009c7140,0) at rt_ifa_del+0x402 sys/net/route.c:1196 in6_unlink_ifa(ffff8000009c7100,ffff800000a03000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a03000,ffff80001d3fc790,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001d3fc790,ffff800000a03000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805e56d7d0,8080691a,ffff80001d3fc790,ffff80001d35d288) at ifioctl+0xe60 sys/net/if.c:2290 sys_ioctl(ffff80001d35d288,ffff80001d3fc8a8,ffff80001d3fc8f0) at sys_ioctl+0x4a1 syscall(ffff80001d3fc970) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf09dafe5e20, count: -11 ddb> show registers rdi 0xffffffff81405bd5 pool_do_put+0x125 rsi 0x187 rbp 0xffff80001d3fc1e0 rbx 0xfffffde467f62e61 rdx 0x188 rcx 0xffff80001f635000 rax 0xffff80001f635000 r8 0x4 r9 0x5 r10 0x18c234557ebd8b94 r11 0x78203c30dea4b2cf r12 0xfffffd8051d61b00 r13 0xc9ed06e467f62e61 r14 0xffffffff825b1e50 mbpool r15 0xfffffd8054dd72c0 rip 0xffffffff81405bde pool_do_put+0x12e cs 0x8 rflags 0x10297 __ALIGN_SIZE+0xf297 rsp 0xffff80001d3fc130 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) pid=224885 stat=onproc flags process=10 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff80001d35e398,0xffffffff825aee48 process=0xffff8000ffffb190 user=0xffff80001d3f7000, vmspace=0xfffffd806bc0acc0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 11137 431761 92997 60928 2 0x10 syz-executor.0 *11137 224885 92997 60928 7 0x4000010 syz-executor.0 84711 195030 40943 0 3 0x2 biowait syz-executor.1 72164 55957 0 0 3 0x14200 acct acct 38447 483313 0 0 3 0x14200 bored sosplice 92997 132481 40943 0 3 0x82 nanosleep syz-executor.0 40943 359662 13705 0 3 0x82 thrsleep syz-fuzzer 40943 276835 13705 0 3 0x4000082 nanosleep syz-fuzzer 40943 88804 13705 0 3 0x4000082 thrsleep syz-fuzzer 40943 96708 13705 0 3 0x4000082 thrsleep syz-fuzzer 40943 194679 13705 0 3 0x4000082 kqread syz-fuzzer 40943 318214 13705 0 3 0x4000082 thrsleep syz-fuzzer 40943 320841 13705 0 3 0x4000082 thrsleep syz-fuzzer 40943 269801 13705 0 3 0x4000082 thrsleep syz-fuzzer 13705 319967 99580 0 3 0x10008a pause ksh 99580 405056 13104 0 3 0x92 select sshd 90116 440047 1 0 3 0x100083 ttyin getty 13104 39963 1 0 3 0x80 select sshd 87792 156480 23471 73 3 0x100090 kqread syslogd 23471 270517 1 0 3 0x100082 netio syslogd 51704 373268 1 77 3 0x100090 poll dhclient 48310 179977 1 0 3 0x80 poll dhclient 25828 118467 0 0 3 0x14200 bored smr 37227 94850 0 0 2 0x14200 zerothread 42019 343429 0 0 3 0x14200 aiodoned aiodoned 85087 408119 0 0 3 0x14200 syncer update 15736 266258 0 0 3 0x14200 cleaner cleaner 19604 117911 0 0 3 0x14200 reaper reaper 16064 329994 0 0 3 0x14200 pgdaemon pagedaemon 85714 469244 0 0 3 0x14200 bored crynlk 59007 199752 0 0 3 0x14200 bored crypto 24336 50191 0 0 3 0x40014200 acpi0 acpi0 31385 477652 0 0 3 0x14200 bored softnet 37114 440921 0 0 3 0x14200 bored systqmp 50458 231126 0 0 3 0x14200 bored systq 18332 135425 0 0 3 0x40014200 bored softclock 22602 43032 0 0 3 0x40014200 idle0 1 478553 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9534 6371K 6917K 78643K 11442 0 pcb 13 8K 8K 78643K 422 0 rtable 71 2K 3K 78643K 520 0 ifaddr 101 19K 19K 78643K 207 0 counters 21 16K 16K 78643K 36 0 ioctlops 0 0K 2K 78643K 46 0 iov 0 0K 24K 78643K 112 0 mount 1 1K 1K 78643K 1 0 vnodes 1218 77K 77K 78643K 1491 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 24 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 478 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 5 13K 25K 78643K 637 0 sigio 0 0K 0K 78643K 14 0 proc 49 38K 63K 78643K 444 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 254 0 in_multi 78 3K 3K 78643K 188 0 ether_multi 1 0K 0K 78643K 28 0 mrt 0 0K 0K 78643K 103 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 1K 78643K 234 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 112 22K 38K 78643K 2347 0 UVM aobj 130 4K 4K 78643K 130 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 125 0 NDP 16 0K 0K 78643K 40 0 temp 146 3019K 3092K 78643K 14245 0 kqueue 3 4K 12K 78643K 53 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 10 0 4 1 0 1 1 0 8 0 rtpcb 80 49 0 47 1 0 1 1 0 8 0 rtentry 112 78 0 51 2 0 2 2 0 8 0 unpcb 120 268 0 260 1 0 1 1 0 8 0 syncache 264 7 0 7 3 3 0 1 0 8 0 tcpqe 32 232 0 232 2 2 0 1 0 8 0 tcpcb 544 448 0 444 3 2 1 2 0 8 0 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 45 0 45 1 1 0 1 0 8 0 inpcb 280 1971 0 1962 4 1 3 4 0 8 2 rttmr 72 3 0 3 2 1 1 1 0 8 1 nd6 48 13 0 11 1 0 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 390 0 259 14 4 10 13 0 8 1 art_table 32 392 0 259 2 0 2 2 0 8 0 art_node 16 77 0 55 1 0 1 1 0 8 0 sysvmsgpl 40 54 0 43 1 0 1 1 0 8 0 semupl 112 4 0 4 1 1 0 1 0 8 0 semapl 112 476 0 466 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2230 0 834 46 0 46 46 0 8 0 ffsino 240 2230 0 834 83 0 83 83 0 8 0 nchpl 144 3342 0 1747 60 0 60 60 0 8 0 uvmvnodes 72 2463 0 0 45 0 45 45 0 8 0 vnodes 208 2463 0 0 130 0 130 130 0 8 0 namei 1024 9375 0 9375 1 0 1 1 0 8 1 vmpool 528 4 0 4 1 0 1 1 0 8 1 scxspl 192 10454 0 10453 1 0 1 1 0 8 0 plimitpl 152 59 0 52 1 0 1 1 0 8 0 sigapl 424 822 0 792 4 0 4 4 0 8 0 futexpl 56 20418 0 20418 1 0 1 1 0 8 1 knotepl 112 119 0 100 1 0 1 1 0 8 0 kqueuepl 144 128 0 126 1 0 1 1 0 8 0 pipelkpl 16 187 0 177 1 0 1 1 0 8 0 pipepl 120 374 0 355 1 0 1 1 0 8 0 fdescpl 432 806 0 792 2 0 2 2 0 8 0 filepl 120 6205 0 6107 5 1 4 5 0 8 1 lockfpl 104 130 0 129 1 0 1 1 0 8 0 lockfspl 48 43 0 42 1 0 1 1 0 8 0 sessionpl 112 18 0 8 1 0 1 1 0 8 0 pgrppl 48 201 0 191 1 0 1 1 0 8 0 ucredpl 96 470 0 462 1 0 1 1 0 8 0 zombiepl 144 792 0 792 1 0 1 1 0 8 1 processpl 896 822 0 792 4 0 4 4 0 8 0 procpl 624 1595 0 1557 4 0 4 4 0 8 0 sosppl 128 12 0 12 2 2 0 1 0 8 0 sockpl 400 2294 0 2275 7 2 5 6 0 8 3 mcl64k 65536 73 0 73 2 1 1 1 0 8 1 mcl16k 16384 7 0 7 3 2 1 1 0 8 1 mcl12k 12288 25 0 25 2 1 1 1 0 8 1 mcl9k 9216 10 0 10 1 0 1 1 0 8 1 mcl8k 8192 22 0 22 3 2 1 1 0 8 1 mcl4k 4096 68 0 68 2 1 1 1 0 8 1 mcl2k2 2112 3 0 3 3 2 1 1 0 8 1 mcl2k 2048 64060 0 64007 18 10 8 15 0 8 0 mtagpl 80 30 0 4 2 1 1 1 0 8 0 mbufpl 256 106983 0 106804 22 6 16 19 0 8 2 mbufpl: pool(0xffffffff825b1e50:mbufpl): free list modified: page 0xfffffd8051d61000; item ordinal 0; addr 0xfffffd8051d61c00 (p 0xfffffd8054dd7000); offset 0x0=0x0 mbufpl: pool(0xffffffff825b1e50:mbufpl): page inconsistency: page 0xfffffd8051d61000; item ordinal 1; addr 0xfffffde467f62e61 bufpl 280 8458 0 3074 385 0 385 385 0 8 0 anonpl 16 89672 0 73355 99 16 83 83 0 107 14 amapchunkpl 152 4301 0 4165 23 3 20 20 0 158 14 amappl16 192 3961 0 3044 61 14 47 58 0 8 1 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 144 0 142 2 1 1 1 0 8 0 amappl13 168 155 0 153 1 0 1 1 0 8 0 amappl12 160 327 0 324 1 0 1 1 0 8 0 amappl11 152 65 0 53 1 0 1 1 0 8 0 amappl10 144 15 0 11 1 0 1 1 0 8 0 amappl9 136 390 0 387 1 0 1 1 0 8 0 amappl8 128 313 0 286 1 0 1 1 0 8 0 amappl7 120 114 0 102 1 0 1 1 0 8 0 amappl6 112 23 0 17 1 0 1 1 0 8 0 amappl5 104 606 0 593 1 0 1 1 0 8 0 amappl4 96 586 0 556 1 0 1 1 0 8 0 amappl3 88 404 0 398 1 0 1 1 0 8 0 amappl2 80 5926 0 5860 3 1 2 3 0 8 0 amappl1 72 24174 0 23766 26 16 10 20 0 8 0 amappl 80 1834 0 1792 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 129 0 0 3 0 3 3 0 8 0 uaddrrnd 24 810 0 796 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 810 0 796 1 0 1 1 0 8 0 vmmpekpl 168 8839 0 8811 2 0 2 2 0 8 0 vmmpepl 168 102213 0 100233 148 41 107 121 0 357 16 vmsppl 272 809 0 796 2 1 1 2 0 8 0 pdppl 4096 1626 0 1592 6 1 5 6 0 8 0 pvpl 32 287422 0 268056 274 28 246 246 0 265 83 pmappl 200 809 0 796 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 177 0 34 5 0 5 5 0 8 0