uvm_fault(0xfffffd803f012dd0, 0x77b8f7f3ae, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd803f012dd0, 0x77b8f7f3ae, 0, 1) -> e pool_do_put(ffffffff82574cc8,fffffd80350ed000) at pool_do_put+0x12e sys/kern/subr_pool.c:844 end trace frame: 0xffff80001595b400, count: 0 ddb> trace pool_do_put(ffffffff82574cc8,fffffd80350ed000) at pool_do_put+0x12e sys/kern/subr_pool.c:844 pool_put(ffffffff82574cc8,fffffd80350ed000) at pool_put+0x4b sys/kern/subr_pool.c:802 m_free(fffffd80350ed000) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000abf700,800100,ffff800000abf740,0) at rt_ifa_del+0x436 sys/net/route.c:1201 in6_unlink_ifa(ffff800000abf700,ffff800000a69800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a69800,ffff80001595b960,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001595b960,ffff800000a69800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd8039619a80,8080691a,ffff80001595b960,ffff800014914528) at ifioctl+0xe60 sys/net/if.c:2291 sys_ioctl(ffff800014914528,ffff80001595ba78,ffff80001595bac0) at sys_ioctl+0x5b9 syscall(ffff80001595bb40) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa9f46ca69f0, count: -11 ddb> show registers rdi 0xffffffff81a74b75 pool_do_put+0x125 rsi 0x13e rbp 0xffff80001595b3b0 rbx 0x77b8f7f3a6 rdx 0x13f rcx 0xffff800014943000 rax 0xffff800014943000 r8 0x4 r9 0x5 r10 0x8b2bc6fa78c33f7e r11 0xf6e866375bb1aa99 r12 0xfffffd80350ed000 r13 0x8cb19977b8f7f3a6 r14 0xffffffff82574cc8 mbpool r15 0xfffffd803ad95868 rip 0xffffffff81a74b7e pool_do_put+0x12e cs 0x8 rflags 0x10296 __ALIGN_SIZE+0xf296 rsp 0xffff80001595b300 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) pid=369289 stat=onproc flags process=0 proc=4000000 pri=74, usrpri=74, nice=20 forw=0xffffffffffffffff, list=0xffff800014914018,0xffffffff82573ce8 process=0xffff8000ffff6710 user=0xffff800015956000, vmspace=0xfffffd803f012dd0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 90930 186742 9450 0 2 0 syz-executor.0 *90930 369289 9450 0 7 0x4000000 syz-executor.0 39323 517534 59259 0 2 0 syz-executor.1 39323 361186 59259 0 3 0x4000080 fsleep syz-executor.1 59259 327205 52578 0 3 0x82 nanosleep syz-executor.1 9450 486463 52578 0 3 0x82 nanosleep syz-executor.0 52578 359911 88599 0 3 0x82 thrsleep syz-fuzzer 52578 400518 88599 0 3 0x4000082 thrsleep syz-fuzzer 52578 287321 88599 0 3 0x4000082 thrsleep syz-fuzzer 52578 116755 88599 0 3 0x4000082 thrsleep syz-fuzzer 52578 115436 88599 0 3 0x4000082 kqread syz-fuzzer 52578 399658 88599 0 3 0x4000082 thrsleep syz-fuzzer 52578 367959 88599 0 3 0x4000082 thrsleep syz-fuzzer 88599 420327 9348 0 3 0x10008a pause ksh 9348 295284 24561 0 3 0x92 select sshd 66291 400805 1 0 3 0x100083 ttyin getty 24561 360332 1 0 3 0x80 select sshd 74 135586 54252 73 3 0x100090 kqread syslogd 54252 439730 1 0 3 0x100082 netio syslogd 91715 401331 1 77 3 0x100090 poll dhclient 75092 384177 1 0 3 0x80 poll dhclient 25767 8880 0 0 2 0x14200 zerothread 77738 39651 0 0 3 0x14200 aiodoned aiodoned 55104 38099 0 0 3 0x14200 syncer update 43223 89587 0 0 3 0x14200 cleaner cleaner 53173 338802 0 0 3 0x14200 reaper reaper 49823 175202 0 0 3 0x14200 pgdaemon pagedaemon 75280 217085 0 0 3 0x14200 bored crynlk 67763 413289 0 0 3 0x14200 bored crypto 7127 316924 0 0 3 0x40014200 acpi0 acpi0 99228 269317 0 0 3 0x14200 bored softnet 19831 310710 0 0 3 0x14200 bored systqmp 74723 100107 0 0 3 0x14200 bored systq 35530 515866 0 0 3 0x40014200 bored softclock 33034 181024 0 0 3 0x40014200 idle0 25306 93251 0 0 3 0x14200 bored smr 1 379901 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9476 6396K 6840K 78643K 10784 0 pcb 13 8K 8K 78643K 27 0 rtable 108 3K 4K 78643K 234 0 ifaddr 55 12K 13K 78643K 81 0 counters 19 16K 16K 78643K 19 0 ioctlops 0 0K 2K 78643K 17 0 iov 0 0K 12K 78643K 7 0 mount 1 1K 1K 78643K 1 0 vnodes 1219 77K 77K 78643K 1278 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 4 0 VM map 2 0K 0K 78643K 2 0 sem 7 0K 0K 78643K 7 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 6 17K 25K 78643K 83 0 proc 48 38K 63K 78643K 361 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 10 0 in_multi 40 2K 2K 78643K 40 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 42 185K 185K 78643K 42 0 exec 0 0K 1K 78643K 183 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 101 21K 21K 78643K 1021 0 UVM aobj 10 2K 2K 78643K 10 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 12 0 NDP 8 0K 0K 78643K 17 0 temp 89 3556K 3621K 78643K 3373 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 96 27 0 25 1 0 1 1 0 8 0 rtentry 112 45 0 1 2 0 2 2 0 8 0 unpcb 120 43 0 35 1 0 1 1 0 8 0 syncache 280 4 0 4 1 1 0 1 0 8 0 tcpqe 32 211 0 211 1 0 1 1 0 8 1 tcpcb 640 26 0 22 1 0 1 1 0 8 0 inpcb 280 71 0 63 1 0 1 1 0 8 0 nd6 48 4 0 0 1 0 1 1 0 8 0 ppxss 1128 3 0 3 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 212 0 0 14 0 14 14 0 8 0 art_table 32 213 0 0 2 0 2 2 0 8 0 art_node 16 44 0 4 1 0 1 1 0 8 0 sysvmsgpl 40 6 0 2 1 0 1 1 0 8 0 semupl 112 2 0 2 1 0 1 1 0 8 1 semapl 112 5 0 0 1 0 1 1 0 8 0 shmpl 112 8 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1499 0 104 46 0 46 46 0 8 0 ffsino 240 1499 0 104 83 0 83 83 0 8 0 nchpl 144 1807 0 200 60 0 60 60 0 8 0 uvmvnodes 72 1588 0 0 29 0 29 29 0 8 0 vnodes 208 1588 0 0 84 0 84 84 0 8 0 namei 1024 4448 0 4448 1 0 1 1 0 8 1 scxspl 208 4974 0 4974 8 1 7 7 0 8 7 plimitpl 152 19 0 12 1 0 1 1 0 8 0 sigapl 432 253 0 239 2 0 2 2 0 8 0 futexpl 56 1216 0 1215 1 0 1 1 0 8 0 knotepl 112 68 0 48 1 0 1 1 0 8 0 kqueuepl 104 17 0 14 1 0 1 1 0 8 0 pipepl 128 150 0 131 1 0 1 1 0 8 0 fdescpl 424 254 0 239 2 0 2 2 0 8 0 filepl 120 1367 0 1269 4 0 4 4 0 8 1 lockfpl 104 23 0 22 1 0 1 1 0 8 0 lockfspl 48 9 0 8 1 0 1 1 0 8 0 sessionpl 128 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 91 0 84 1 0 1 1 0 8 0 zombiepl 144 239 0 239 1 0 1 1 0 8 1 processpl 896 268 0 239 4 0 4 4 0 8 0 procpl 648 341 0 304 4 0 4 4 0 8 0 sockpl 384 141 0 123 3 0 3 3 0 8 1 mcl64k 65536 11 0 11 1 0 1 1 0 8 1 mcl12k 12288 4 0 4 1 0 1 1 0 8 1 mcl8k 8192 1 0 1 1 0 1 1 0 8 1 mcl4k 4096 13 0 13 2 1 1 1 0 8 1 mcl2k2 2112 1 0 1 1 0 1 1 0 8 1 mcl2k 2048 68545 0 68515 13 2 11 11 0 8 7 mtagpl 80 28 0 2 2 1 1 1 0 8 0 mbufpl 256 108943 0 108829 11 2 9 9 0 8 1 mbufpl: pool(0xffffffff82574cc8:mbufpl): free list modified: page 0xfffffd80350ed000; item ordinal 8; addr 0xfffffd80350ed100 (p 0xfffffd803ad95000); offset 0x0=0x0 mbufpl: pool(0xffffffff82574cc8:mbufpl): page inconsistency: page 0xfffffd80350ed000; item ordinal 9; addr 0x77b8f7f3a6 bufpl 280 6220 0 1443 347 0 347 347 0 8 4 anonpl 16 45704 0 24238 88 1 87 87 0 62 0 amapchunkpl 152 1241 0 1084 9 0 9 9 0 158 2 amappl16 192 1558 0 357 61 0 61 61 0 8 0 amappl14 176 69 0 62 1 0 1 1 0 8 0 amappl13 168 1 0 0 1 0 1 1 0 8 0 amappl12 160 16 0 14 1 0 1 1 0 8 0 amappl11 152 47 0 36 1 0 1 1 0 8 0 amappl10 144 36 0 33 1 0 1 1 0 8 0 amappl9 136 560 0 557 1 0 1 1 0 8 0 amappl8 128 144 0 121 1 0 1 1 0 8 0 amappl7 120 59 0 55 1 0 1 1 0 8 0 amappl6 112 57 0 49 1 0 1 1 0 8 0 amappl5 104 132 0 121 1 0 1 1 0 8 0 amappl4 96 461 0 432 1 0 1 1 0 8 0 amappl3 88 114 0 106 1 0 1 1 0 8 0 amappl2 80 1244 0 1170 3 1 2 3 0 8 0 amappl1 72 14033 0 13613 27 16 11 20 0 8 2 amappl 80 575 0 528 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 9 0 0 1 0 1 1 0 8 0 uaddrrnd 24 254 0 239 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 254 0 239 1 0 1 1 0 8 0 vmmpekpl 168 5903 0 5877 2 0 2 2 0 8 0 vmmpepl 168 38344 0 35987 137 8 129 129 0 357 26 vmsppl 272 253 0 239 2 0 2 2 0 8 1 pdppl 4096 514 0 478 6 0 6 6 0 8 1 pvpl 32 142495 0 117504 202 0 202 202 0 265 0 pmappl 200 253 0 239 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 140 0 7 4 0 4 4 0 8 0