uvm_fault(0xfffffd8056938998, 0x77, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd8056938998, 0x77, 0, 1) -> e pool_do_put(ffffffff82583768,fffffd805ba4b800) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff800020463390, count: 0 ddb> trace pool_do_put(ffffffff82583768,fffffd805ba4b800) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff82583768,fffffd805ba4b800) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd805ba4b800) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a10d00,800100,ffff800000a10d40,0) at rt_ifa_del+0x402 sys/net/route.c:1196 in6_unlink_ifa(ffff800000a10d00,ffff8000009f2800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff8000009f2800,ffff8000204638f0,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff8000204638f0,ffff8000009f2800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805daffaf8,8080691a,ffff8000204638f0,ffff80001d339ea8) at ifioctl+0xe60 sys/net/if.c:2289 sys_ioctl(ffff80001d339ea8,ffff800020463a08,ffff800020463a50) at sys_ioctl+0x4a1 syscall(ffff800020463ad0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x644f68462a0, count: -11 ddb> show registers rdi 0xffffffff817f43a5 pool_do_put+0x125 rsi 0x139 rbp 0xffff800020463340 rbx 0x6f rdx 0x13a rcx 0xffff80001d435000 rax 0xffff80001d435000 r8 0x4 r9 0x5 r10 0xc9d196ebb40deefa r11 0x1007f7000f33ee7e r12 0xfffffd805ba4b800 r13 0x566d98cc472ce86f r14 0xffffffff82583768 mbpool r15 0xfffffd80697e5328 rip 0xffffffff817f43ae pool_do_put+0x12e cs 0x8 rflags 0x10292 __ALIGN_SIZE+0xf292 rsp 0xffff800020463290 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) pid=274807 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=69, nice=20 forw=0xffffffffffffffff, list=0xffff80001d3a8ae0,0xffffffff8256bf20 process=0xffff8000ffffae10 user=0xffff80002045e000, vmspace=0xfffffd8056938998 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 6144 328027 12261 0 2 0 syz-executor.0 * 6144 274807 12261 0 7 0x4000000 syz-executor.0 55382 231686 69178 0 2 0 syz-executor.1 55382 280188 69178 0 3 0x4000080 piperd syz-executor.1 55382 367454 69178 0 3 0x4000080 wsevent_read syz-executor.1 12261 263558 8017 0 3 0x82 nanosleep syz-executor.0 69178 369034 8017 0 3 0x82 nanosleep syz-executor.1 8017 406424 56946 0 3 0x82 thrsleep syz-fuzzer 8017 39044 56946 0 3 0x4000082 nanosleep syz-fuzzer 8017 23981 56946 0 3 0x4000082 thrsleep syz-fuzzer 8017 162781 56946 0 3 0x4000082 thrsleep syz-fuzzer 8017 352874 56946 0 3 0x4000082 kqread syz-fuzzer 8017 235701 56946 0 3 0x4000082 thrsleep syz-fuzzer 8017 108342 56946 0 3 0x4000082 thrsleep syz-fuzzer 56946 206653 90409 0 3 0x10008a pause ksh 90409 222083 53099 0 3 0x92 select sshd 44890 386418 1 0 3 0x100083 ttyin getty 53099 341598 1 0 3 0x80 select sshd 47315 268963 79447 73 3 0x100090 kqread syslogd 79447 306634 1 0 3 0x100082 netio syslogd 9374 217701 1 77 3 0x100090 poll dhclient 24676 54753 1 0 3 0x80 poll dhclient 53501 397553 0 0 3 0x14200 bored smr 4006 200604 0 0 2 0x14200 zerothread 11178 306252 0 0 3 0x14200 aiodoned aiodoned 3545 222491 0 0 3 0x14200 syncer update 89811 202390 0 0 3 0x14200 cleaner cleaner 92004 324204 0 0 3 0x14200 reaper reaper 59732 501401 0 0 3 0x14200 pgdaemon pagedaemon 56657 5870 0 0 3 0x14200 bored crynlk 60654 20610 0 0 3 0x14200 bored crypto 10407 270866 0 0 3 0x40014200 acpi0 acpi0 11443 40868 0 0 3 0x14200 bored softnet 75124 281008 0 0 3 0x14200 bored systqmp 19585 58772 0 0 3 0x14200 bored systq 26631 206496 0 0 3 0x40014200 bored softclock 48842 287510 0 0 3 0x40014200 idle0 1 482835 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9479 6469K 6596K 78643K 10783 0 pcb 13 8K 8K 78643K 69 0 rtable 105 3K 3K 78643K 219 0 ifaddr 57 12K 12K 78643K 81 0 counters 21 16K 16K 78643K 25 0 ioctlops 0 0K 2K 78643K 24 0 iov 0 0K 12K 78643K 28 0 mount 1 1K 1K 78643K 1 0 vnodes 1219 77K 77K 78643K 1297 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 3 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 17 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 6 17K 25K 78643K 151 0 proc 48 38K 63K 78643K 401 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 10 0 in_multi 46 2K 2K 78643K 61 0 ether_multi 1 0K 0K 78643K 7 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 1K 78643K 197 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 103 37K 39K 78643K 1192 0 UVM aobj 9 2K 2K 78643K 9 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 29 0 NDP 8 0K 0K 78643K 16 0 temp 91 3016K 3080K 78643K 15042 0 kqueue 3 4K 12K 78643K 16 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 80 27 0 25 1 0 1 1 0 8 0 rtentry 112 45 0 1 2 0 2 2 0 8 0 unpcb 120 171 0 163 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 320 0 320 1 1 0 1 0 8 0 tcpcb 544 62 0 58 1 0 1 1 0 8 0 ipq 40 6 0 6 1 0 1 1 0 8 1 ipqe 40 104 0 104 1 0 1 1 0 8 1 inpcb 280 197 0 189 2 0 2 2 0 8 1 nd6 48 6 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 188 0 0 12 0 12 12 0 8 0 art_table 32 189 0 0 2 0 2 2 0 8 0 art_node 16 44 0 4 1 0 1 1 0 8 0 sysvmsgpl 40 2 0 0 1 0 1 1 0 8 0 semupl 112 3 0 3 1 0 1 1 0 8 1 semapl 112 12 0 2 1 0 1 1 0 8 0 shmpl 112 7 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1609 0 211 46 0 46 46 0 8 0 ffsino 240 1609 0 211 83 0 83 83 0 8 0 nchpl 144 2059 0 447 60 0 60 60 0 8 0 uvmvnodes 72 1697 0 0 31 0 31 31 0 8 0 vnodes 208 1697 0 0 90 0 90 90 0 8 0 namei 1024 5225 0 5225 1 0 1 1 0 8 1 vcpupl 1984 2 0 0 1 0 1 1 0 8 0 vmpool 528 4 0 2 1 0 1 1 0 8 0 scsiplug 64 1 0 1 1 0 1 1 0 8 1 scxspl 192 5925 0 5925 1 0 1 1 0 8 1 plimitpl 152 22 0 15 1 0 1 1 0 8 0 sigapl 424 337 0 308 4 0 4 4 0 8 0 futexpl 56 2887 0 2887 1 0 1 1 0 8 1 knotepl 112 72 0 53 1 0 1 1 0 8 0 kqueuepl 144 38 0 36 1 0 1 1 0 8 0 pipelkpl 16 96 0 85 1 0 1 1 0 8 0 pipepl 120 192 0 171 1 0 1 1 0 8 0 fdescpl 432 323 0 308 2 0 2 2 0 8 0 filepl 120 1997 0 1895 4 0 4 4 0 8 0 lockfpl 104 45 0 43 1 0 1 1 0 8 0 lockfspl 48 17 0 15 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 19 0 9 1 0 1 1 0 8 0 ucredpl 96 137 0 130 1 0 1 1 0 8 0 zombiepl 144 308 0 308 1 0 1 1 0 8 1 processpl 896 337 0 308 4 0 4 4 0 8 0 procpl 624 485 0 447 4 0 4 4 0 8 1 sockpl 400 395 0 377 4 0 4 4 0 8 2 mcl64k 65536 21 0 21 1 0 1 1 0 8 1 mcl16k 16384 3 0 3 1 0 1 1 0 8 1 mcl12k 12288 3 0 3 1 0 1 1 0 8 1 mcl9k 9216 3 0 3 1 0 1 1 0 8 1 mcl8k 8192 8 0 8 1 0 1 1 0 8 1 mcl4k 4096 19 0 19 2 1 1 1 0 8 1 mcl2k2 2112 3 0 3 1 0 1 1 0 8 1 mcl2k 2048 65080 0 65025 22 8 14 18 0 8 6 mtagpl 80 14 0 2 2 1 1 1 0 8 0 mbufpl 256 104377 0 104266 25 9 16 23 0 8 8 mbufpl: pool(0xffffffff82583768:mbufpl): free list modified: page 0xfffffd805ba4b000; item ordinal 5; addr 0xfffffd805ba4b900 (p 0xfffffd80697e5000); offset 0x0=0x0 mbufpl: pool(0xffffffff82583768:mbufpl): page inconsistency: page 0xfffffd805ba4b000; item ordinal 6; addr 0x6f bufpl 280 4284 0 161 295 0 295 295 0 8 0 anonpl 16 49647 0 32922 84 1 83 83 0 107 15 amapchunkpl 152 1715 0 1582 13 0 13 13 0 158 6 amappl16 192 1819 0 895 58 4 54 58 0 8 7 amappl15 184 2 0 0 1 0 1 1 0 8 0 amappl14 176 65 0 61 2 1 1 1 0 8 0 amappl13 168 82 0 79 1 0 1 1 0 8 0 amappl12 160 8 0 8 1 1 0 1 0 8 0 amappl11 152 60 0 48 1 0 1 1 0 8 0 amappl10 144 23 0 17 1 0 1 1 0 8 0 amappl9 136 393 0 388 1 0 1 1 0 8 0 amappl8 128 276 0 257 1 0 1 1 0 8 0 amappl7 120 106 0 96 1 0 1 1 0 8 0 amappl6 112 22 0 18 1 0 1 1 0 8 0 amappl5 104 248 0 235 1 0 1 1 0 8 0 amappl4 96 497 0 469 1 0 1 1 0 8 0 amappl3 88 167 0 159 1 0 1 1 0 8 0 amappl2 80 1778 0 1706 3 1 2 3 0 8 0 amappl1 72 15370 0 14935 26 13 13 20 0 8 3 amappl 80 735 0 691 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 8 0 0 1 0 1 1 0 8 0 uaddrrnd 24 327 0 310 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 327 0 310 1 0 1 1 0 8 0 vmmpekpl 168 6131 0 6105 2 0 2 2 0 8 0 vmmpepl 168 46135 0 44042 161 9 152 153 0 357 61 vmsppl 272 326 0 310 2 0 2 2 0 8 0 pdppl 4096 660 0 622 6 0 6 6 0 8 1 pvpl 32 154282 0 134520 196 0 196 196 0 265 35 pmappl 200 326 0 310 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 171 0 20 5 0 5 5 0 8 0