kernel: protection fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace pool_do_put(ffffffff82820de0,fffffd8056b0cb00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff82820de0,fffffd8056b0cb00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8056b0cb00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000b23300,800100,ffff800000b23340,6) at rt_ifa_del+0x402 sys/net/route.c:1199 in6_unlink_ifa(ffff800000b23300,ffff800000adf000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000adf000,ffff80001e57af70,0) at in6_update_ifa+0x13e7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e57af70,ffff800000adf000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805733fe20,8080691a,ffff80001e57af70,ffff80001f99a040) at ifioctl+0xe60 sys/net/if.c:2174 sys_ioctl(ffff80001f99a040,ffff80001e57b088,ffff80001e57b0d0) at sys_ioctl+0x4a1 syscall(ffff80001e57b150) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc766d7a5b0, count: -11 ddb> show registers rdi 0xffff80001d776000 rsi 0x147 rbp 0xffff80001e57a9c0 rbx 0x2e47271049a4aa4 rdx 0xffff80001d776000 rcx 0x146 rax 0xffffffff813b59f5 pool_do_put+0x125 r8 0x4 r9 0xffffffff81252796 rtrequest+0x146 r10 0xf6eca966eca547de r11 0x690d1044d73896a3 r12 0xfffffd8056b0cb00 r13 0x2e47271049a4aa4 r14 0xffffffff82820de0 mbpool r15 0xfffffd8057aeed58 rip 0xffffffff813b59fe pool_do_put+0x12e cs 0x8 rflags 0x10296 __ALIGN_SIZE+0xf296 rsp 0xffff80001e57a910 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.1) pid=320860 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=73, nice=20 forw=0xffffffffffffffff, list=0xffff80001f99a7a8,0xffffffff8280e530 process=0xffff80001d6c0ed0 user=0xffff80001e576000, vmspace=0xfffffd80584afbc0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 20920 384029 84251 0 2 0 syz-executor.1 *20920 320860 84251 0 7 0x4000000 syz-executor.1 64508 469436 0 0 3 0x14280 nfsidl nfsio 90434 170294 0 0 3 0x14280 nfsidl nfsio 18354 10245 0 0 3 0x14280 nfsidl nfsio 23740 200779 0 0 3 0x14280 nfsidl nfsio 57583 5894 0 0 3 0x14280 nfsidl nfsio 63011 431868 0 0 3 0x14280 nfsidl nfsio 45403 295003 0 0 3 0x14280 nfsidl nfsio 92423 338178 0 0 3 0x14280 nfsidl nfsio 439 13639 0 0 3 0x14280 nfsidl nfsio 27278 505725 0 0 3 0x14280 nfsidl nfsio 98914 39381 0 0 3 0x14280 nfsidl nfsio 93595 6205 0 0 3 0x14280 nfsidl nfsio 99106 227117 0 0 3 0x14280 nfsidl nfsio 25314 412818 0 0 3 0x14280 nfsidl nfsio 42963 320376 0 0 3 0x14280 nfsidl nfsio 38488 262227 0 0 3 0x14280 nfsidl nfsio 11490 451340 0 0 3 0x14280 nfsidl nfsio 53175 177878 0 0 3 0x14280 nfsidl nfsio 26305 299177 0 0 3 0x14280 nfsidl nfsio 89020 440355 0 0 3 0x14280 nfsidl nfsio 84251 476806 88360 0 3 0x82 nanosleep syz-executor.1 18254 469377 88360 0 3 0x82 piperd syz-executor.0 88360 348366 51681 0 3 0x82 thrsleep syz-fuzzer 88360 481768 51681 0 3 0x4000082 nanosleep syz-fuzzer 88360 20316 51681 0 3 0x4000082 thrsleep syz-fuzzer 88360 206073 51681 0 2 0x4000002 syz-fuzzer 88360 82669 51681 0 3 0x4000082 thrsleep syz-fuzzer 88360 360581 51681 0 3 0x4000082 thrsleep syz-fuzzer 51681 483824 9852 0 3 0x10008a pause ksh 9852 444395 50276 0 3 0x92 select sshd 31316 76811 1 0 3 0x100083 ttyin getty 50276 46254 1 0 3 0x80 select sshd 21954 400360 66086 73 3 0x100090 kqread syslogd 66086 156088 1 0 3 0x100082 netio syslogd 20532 40689 1 77 3 0x100090 poll dhclient 54870 53506 1 0 3 0x80 poll dhclient 14832 347652 0 0 3 0x14200 bored smr 39095 51801 0 0 2 0x14200 zerothread 99713 382889 0 0 3 0x14200 aiodoned aiodoned 13113 133228 0 0 3 0x14200 syncer update 93158 472480 0 0 3 0x14200 cleaner cleaner 79480 359501 0 0 3 0x14200 reaper reaper 71526 505571 0 0 3 0x14200 pgdaemon pagedaemon 92111 135633 0 0 3 0x14200 bored crynlk 18786 235325 0 0 3 0x14200 bored crypto 36501 165251 0 0 3 0x40014200 acpi0 acpi0 97466 505788 0 0 3 0x14200 bored softnet 14993 395764 0 0 3 0x14200 bored systqmp 37576 256233 0 0 3 0x14200 bored systq 19264 483245 0 0 3 0x40014200 bored softclock 61240 211331 0 0 3 0x40014200 idle0 1 482233 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9503 6347K 6729K 78643K 12365 0 pcb 13 8K 8K 78643K 284 0 rtable 124 16K 16K 78643K 555 0 ifaddr 77 14K 14K 78643K 198 0 counters 21 16K 17K 78643K 33 0 ioctlops 0 0K 4K 78643K 97 0 iov 0 0K 16K 78643K 40 0 mount 1 1K 1K 78643K 1 0 vnodes 1217 77K 77K 78643K 1682 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 8 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 1K 78643K 97 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 634 0 sigio 1 0K 0K 78643K 9 0 proc 49 38K 63K 78643K 423 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 134 0 in_multi 28 1K 2K 78643K 131 0 ether_multi 1 0K 0K 78643K 11 0 mrt 0 0K 0K 78643K 6 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 61 281K 281K 78643K 61 0 exec 0 0K 1K 78643K 225 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 136 57K 59K 78643K 2265 0 UVM aobj 12 2K 3K 78643K 14 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 153 0 NDP 13 0K 0K 78643K 42 0 temp 142 3878K 3942K 78643K 14928 0 kqueue 3 4K 8K 78643K 11 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 9 0 4 1 0 1 1 0 8 0 rtpcb 88 785 0 781 1 0 1 1 0 8 0 rtentry 112 82 0 43 2 0 2 2 0 8 0 unpcb 120 156 0 147 1 0 1 1 0 8 0 syncache 272 8 0 8 4 4 0 1 0 8 0 tcpqe 32 240 0 240 2 2 0 1 0 8 0 tcpcb 592 400 0 396 6 5 1 3 0 8 0 inpcb 296 858 0 848 6 4 2 2 0 8 1 rttmr 72 2 0 2 2 2 0 1 0 8 0 nd6 48 23 0 18 1 0 1 1 0 8 0 pfstscr 40 6 0 4 2 1 1 1 0 8 0 pfosfp 40 1 0 0 1 0 1 1 0 8 0 pfosfpen 112 1 0 0 1 0 1 1 0 8 0 pfrktable 1344 71 0 62 3 2 1 1 0 8 0 pftag 88 10 0 8 3 2 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 112 8 0 6 2 1 1 1 0 8 0 pfstate 328 4 0 3 2 1 1 1 0 8 0 pfrule 1360 19 0 9 2 1 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 438 0 236 20 7 13 15 0 8 0 art_table 32 439 0 236 2 0 2 2 0 8 0 art_node 16 81 0 45 1 0 1 1 0 8 0 sysvmsgpl 40 17 0 7 1 0 1 1 0 8 0 semupl 112 4 0 4 1 1 0 1 0 8 0 semapl 112 95 0 85 1 0 1 1 0 8 0 shmpl 112 11 0 2 2 1 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2145 0 753 88 0 88 88 0 8 0 ffsino 240 2145 0 753 83 0 83 83 0 8 0 nchpl 144 3135 0 1549 60 0 60 60 0 8 0 uvmvnodes 72 2592 0 0 48 0 48 48 0 8 0 vnodes 208 2592 0 0 137 0 137 137 0 8 0 namei 1024 8366 0 8366 1 0 1 1 0 8 1 vcpupl 1984 3 0 0 1 0 1 1 0 8 0 vmpool 528 5 0 2 1 0 1 1 0 8 0 pfiaddrpl 120 26 0 18 3 2 1 1 0 8 0 scxspl 200 9482 0 9482 1 0 1 1 0 8 1 plimitpl 152 45 0 38 1 0 1 1 0 8 0 sigapl 424 837 0 789 6 0 6 6 0 8 0 futexpl 56 11434 0 11434 1 0 1 1 0 8 1 knotepl 112 86 0 66 1 0 1 1 0 8 0 kqueuepl 152 35 0 33 1 0 1 1 0 8 0 pipepl 272 135 0 124 2 1 1 2 0 8 0 fdescpl 432 803 0 789 2 0 2 2 0 8 0 filepl 120 4725 0 4625 4 0 4 4 0 8 0 lockfpl 104 95 0 94 1 0 1 1 0 8 0 lockfspl 48 36 0 35 1 0 1 1 0 8 0 sessionpl 120 18 0 8 1 0 1 1 0 8 0 pgrppl 48 26 0 16 1 0 1 1 0 8 0 ucredpl 96 393 0 386 1 0 1 1 0 8 0 zombiepl 144 789 0 789 1 0 1 1 0 8 1 processpl 944 837 0 789 7 0 7 7 0 8 1 procpl 632 1506 0 1452 9 4 5 5 0 8 0 sockpl 400 1811 0 1790 7 4 3 4 0 8 0 mcl64k 65536 19 0 19 5 5 0 1 0 8 0 mcl16k 16384 4 0 4 2 2 0 1 0 8 0 mcl12k 12288 15 0 15 6 5 1 1 0 8 1 mcl9k 9216 5 0 5 3 3 0 1 0 8 0 mcl8k 8192 12 0 12 4 4 0 1 0 8 0 mcl4k 4096 38 0 38 8 7 1 1 0 8 1 mcl2k2 2112 2 0 2 2 2 0 1 0 8 0 mcl2k 2048 95638 0 95577 18 10 8 16 0 8 0 mtagpl 96 241 0 18 7 1 6 6 0 8 0 mbufpl 256 155053 0 154478 47 10 37 37 0 8 0 mbufpl: pool(0xffffffff82820de0:mbufpl): free list modified: page 0xfffffd8056b0c000; item ordinal 1; addr 0xfffffd8056b0cc00 (p 0xfffffd8057aee000); offset 0x0=0x0 pool(mbufpl): free list modified: page 0xfffffd8056b0c000; item ordinal 1; addr 0xfffffd8056b0cc00 (p 0xfffffd8057aee000); offset 0x0=0x0 mbufpl: pool(0xffffffff82820de0:mbufpl): page inconsistency: page 0xfffffd8056b0c000; item ordinal 2; addr 0x2e47271049a4aa4 bufpl 280 4305 0 125 299 0 299 299 0 8 0 anonpl 16 90763 0 72093 84 1 83 83 0 107 0 amapchunkpl 152 3659 0 3441 18 2 16 16 0 158 4 amappl16 192 3748 0 2697 62 9 53 56 0 8 0 amappl15 184 57 0 54 1 0 1 1 0 8 0 amappl14 176 2 0 1 1 0 1 1 0 8 0 amappl13 168 53 0 48 1 0 1 1 0 8 0 amappl12 160 555 0 551 1 0 1 1 0 8 0 amappl11 152 57 0 46 1 0 1 1 0 8 0 amappl10 144 15 0 12 1 0 1 1 0 8 0 amappl9 136 338 0 337 1 0 1 1 0 8 0 amappl8 128 335 0 300 2 0 2 2 0 8 0 amappl7 120 109 0 97 1 0 1 1 0 8 0 amappl6 112 29 0 23 1 0 1 1 0 8 0 amappl5 104 1258 0 1245 1 0 1 1 0 8 0 amappl4 96 462 0 432 1 0 1 1 0 8 0 amappl3 88 152 0 144 1 0 1 1 0 8 0 amappl2 80 5591 0 5527 2 0 2 2 0 8 0 amappl1 72 26304 0 25884 22 13 9 17 0 8 0 amappl 80 1764 0 1704 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 13 0 2 1 0 1 1 0 8 0 uaddrrnd 24 808 0 791 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 808 0 791 1 0 1 1 0 8 0 vmmpekpl 168 8512 0 8483 2 0 2 2 0 8 0 vmmpepl 168 103606 0 101434 141 44 97 136 0 357 0 vmsppl 272 807 0 791 3 1 2 2 0 8 0 pdppl 4096 1622 0 1585 6 1 5 6 0 8 0 pvpl 32 271037 0 249268 190 0 190 190 0 265 0 pmappl 200 807 0 791 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 306 0 59 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff82820de0,fffffd8056b0cb00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff82820de0,fffffd8056b0cb00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8056b0cb00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000b23300,800100,ffff800000b23340,6) at rt_ifa_del+0x402 sys/net/route.c:1199 in6_unlink_ifa(ffff800000b23300,ffff800000adf000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000adf000,ffff80001e57af70,0) at in6_update_ifa+0x13e7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e57af70,ffff800000adf000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805733fe20,8080691a,ffff80001e57af70,ffff80001f99a040) at ifioctl+0xe60 sys/net/if.c:2174 sys_ioctl(ffff80001f99a040,ffff80001e57b088,ffff80001e57b0d0) at sys_ioctl+0x4a1 syscall(ffff80001e57b150) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc766d7a5b0, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff82820de0,fffffd8056b0cb00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff82820de0,fffffd8056b0cb00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8056b0cb00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000b23300,800100,ffff800000b23340,6) at rt_ifa_del+0x402 sys/net/route.c:1199 in6_unlink_ifa(ffff800000b23300,ffff800000adf000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000adf000,ffff80001e57af70,0) at in6_update_ifa+0x13e7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e57af70,ffff800000adf000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805733fe20,8080691a,ffff80001e57af70,ffff80001f99a040) at ifioctl+0xe60 sys/net/if.c:2174 sys_ioctl(ffff80001f99a040,ffff80001e57b088,ffff80001e57b0d0) at sys_ioctl+0x4a1 syscall(ffff80001e57b150) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc766d7a5b0, count: -11