Ë/bus./bus./bus./bus./file0./file0./bus !þuvm_fault(0xffffffff825107a8, 0xfffffd346aa70680, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff825107a8, 0xfffffd346aa70680, 0, 1) -> e pool_do_put(ffffffff82583768,fffffd806983dd00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff80001d428150, count: 0 ddb> trace pool_do_put(ffffffff82583768,fffffd806983dd00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff82583768,fffffd806983dd00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd806983dd00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a3b400,800100,ffff800000a3b440,0) at rt_ifa_del+0x402 sys/net/route.c:1196 in6_unlink_ifa(ffff800000a3b400,ffff800000a3e800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a3e800,ffff80001d4286b0,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001d4286b0,ffff800000a3e800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805db04008,8080691a,ffff80001d4286b0,ffff80001d35e128) at ifioctl+0xe60 sys/net/if.c:2289 sys_ioctl(ffff80001d35e128,ffff80001d4287c8,ffff80001d428810) at sys_ioctl+0x4a1 syscall(ffff80001d428890) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x10d559ac650, count: -11 ddb> show registers rdi 0xffffffff817f43a5 pool_do_put+0x125 rsi 0x14e rbp 0xffff80001d428100 rbx 0xfffffd346aa70678 rdx 0x14f rcx 0xffff80001ea2f000 rax 0xffff80001ea2f000 r8 0x4 r9 0x5 r10 0x51ded631d8db987 r11 0x477b5acbb51c0a8a r12 0xfffffd806983dd00 r13 0x982e52346aa70678 r14 0xffffffff82583768 mbpool r15 0xfffffd806c3c4a10 rip 0xffffffff817f43ae pool_do_put+0x12e cs 0x8 rflags 0x10216 __ALIGN_SIZE+0xf216 rsp 0xffff80001d428050 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.1) pid=480363 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff80001d35e608,0xffffffff8256bf20 process=0xffff8000ffffa010 user=0xffff80001d423000, vmspace=0xfffffd805293a780 estcpu=36, cpticks=6, pctcpu=0.0 user=0, sys=6, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 33885 216709 65967 0 2 0 syz-executor.1 *33885 480363 65967 0 7 0x4000000 syz-executor.1 22153 217775 0 0 3 0x14200 acct acct 91056 156791 0 0 3 0x14200 bored sosplice 65967 242250 40678 0 3 0x82 nanosleep syz-executor.1 65978 188214 40678 0 3 0x2 biowait syz-executor.0 40678 522994 88418 0 3 0x82 thrsleep syz-fuzzer 40678 303500 88418 0 3 0x4000082 nanosleep syz-fuzzer 40678 35756 88418 0 3 0x4000082 thrsleep syz-fuzzer 40678 235958 88418 0 3 0x4000082 thrsleep syz-fuzzer 40678 6032 88418 0 3 0x4000082 thrsleep syz-fuzzer 40678 430055 88418 0 3 0x4000082 kqread syz-fuzzer 40678 418558 88418 0 3 0x4000082 thrsleep syz-fuzzer 40678 424445 88418 0 3 0x4000082 thrsleep syz-fuzzer 88418 147277 283 0 3 0x10008a pause ksh 283 517312 28947 0 3 0x92 select sshd 82309 128824 1 0 2 0x100083 getty 28947 99097 1 0 3 0x80 select sshd 39881 379376 70855 73 3 0x100090 kqread syslogd 70855 441089 1 0 3 0x100082 netio syslogd 30783 264556 1 77 3 0x100090 poll dhclient 48676 44022 1 0 3 0x80 poll dhclient 54005 300052 0 0 3 0x14200 bored smr 46354 161373 0 0 2 0x14200 zerothread 56752 36160 0 0 3 0x14200 aiodoned aiodoned 86617 53394 0 0 3 0x14200 syncer update 43280 518139 0 0 3 0x14200 cleaner cleaner 58078 499241 0 0 3 0x14200 reaper reaper 16249 375022 0 0 3 0x14200 pgdaemon pagedaemon 89717 385847 0 0 3 0x14200 bored crynlk 6091 2180 0 0 3 0x14200 bored crypto 73591 160473 0 0 3 0x40014200 acpi0 acpi0 79854 357471 0 0 3 0x14200 bored softnet 11560 233402 0 0 3 0x14200 bored systqmp 94698 232523 0 0 3 0x14200 bored systq 81793 351068 0 0 3 0x40014200 bored softclock 89346 88882 0 0 3 0x40014200 idle0 1 357698 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9520 6726K 7369K 78643K 11496 0 pcb 13 10K 12K 78643K 113 0 rtable 101 2K 3K 78643K 347 0 ifaddr 72 15K 15K 78643K 105 0 counters 21 16K 16K 78643K 25 0 ioctlops 0 0K 2K 78643K 46 0 iov 0 0K 16K 78643K 108 0 mount 1 1K 1K 78643K 1 0 vnodes 1224 77K 77K 78643K 1486 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 10 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 1K 78643K 56 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 5 13K 25K 78643K 362 0 sigio 0 0K 0K 78643K 8 0 proc 49 38K 63K 78643K 423 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 47 0 in_multi 67 3K 3K 78643K 147 0 ether_multi 1 0K 0K 78643K 16 0 mrt 0 0K 0K 78643K 6 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 61 281K 281K 78643K 61 0 exec 0 0K 1K 78643K 238 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 120 87K 87K 78643K 1765 0 UVM aobj 25 2K 2K 78643K 30 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 76 0 NDP 10 0K 0K 78643K 25 0 temp 121 3022K 3098K 78643K 6592 0 kqueue 3 4K 20K 78643K 34 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 10 0 4 1 0 1 1 0 8 0 rtpcb 80 51 0 49 1 0 1 1 0 8 0 rtentry 112 87 0 45 2 0 2 2 0 8 0 unpcb 120 855 0 847 2 0 2 2 0 8 1 syncache 264 12 0 12 3 3 0 1 0 8 0 tcpqe 32 146 0 146 1 1 0 1 0 8 0 tcpcb 544 406 0 401 15 12 3 15 0 8 2 ipq 40 11 0 11 2 1 1 1 0 8 1 ipqe 40 243 0 243 2 1 1 1 0 8 1 inpcb 280 771 0 762 9 6 3 9 0 8 2 rttmr 72 2 0 2 2 2 0 1 0 8 0 nd6 48 16 0 12 1 0 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 389 0 209 15 1 14 14 0 8 1 art_table 32 391 0 209 2 0 2 2 0 8 0 art_node 16 86 0 47 1 0 1 1 0 8 0 sysvmsgpl 40 42 0 21 1 0 1 1 0 8 0 semupl 112 2 0 2 2 2 0 1 0 8 0 semapl 112 54 0 44 1 0 1 1 0 8 0 shmpl 112 28 0 6 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1899 0 503 46 0 46 46 0 8 0 ffsino 240 1899 0 503 83 0 83 83 0 8 0 nchpl 144 2584 0 987 60 0 60 60 0 8 0 uvmvnodes 72 2148 0 0 40 0 40 40 0 8 0 vnodes 208 2148 0 0 114 0 114 114 0 8 0 namei 1024 7196 0 7196 2 1 1 1 0 8 1 vcpupl 1984 8 0 0 1 0 1 1 0 8 0 vmpool 528 11 0 3 1 0 1 1 0 8 0 scxspl 192 8569 0 8568 1 0 1 1 0 8 0 plimitpl 152 39 0 32 1 0 1 1 0 8 0 sigapl 424 547 0 517 4 0 4 4 0 8 0 futexpl 56 9799 0 9799 1 0 1 1 0 8 1 knotepl 112 102 0 83 1 0 1 1 0 8 0 kqueuepl 144 396 0 394 5 4 1 5 0 8 0 pipelkpl 16 180 0 170 1 0 1 1 0 8 0 pipepl 120 360 0 341 1 0 1 1 0 8 0 fdescpl 432 531 0 517 2 0 2 2 0 8 0 filepl 120 4557 0 4461 11 6 5 11 0 8 2 lockfpl 104 136 0 135 1 0 1 1 0 8 0 lockfspl 48 49 0 48 1 0 1 1 0 8 0 sessionpl 112 18 0 8 1 0 1 1 0 8 0 pgrppl 48 26 0 16 1 0 1 1 0 8 0 ucredpl 96 351 0 344 1 0 1 1 0 8 0 zombiepl 144 517 0 517 1 0 1 1 0 8 1 processpl 896 547 0 517 4 0 4 4 0 8 0 procpl 624 1004 0 966 4 0 4 4 0 8 0 sosppl 128 13 0 13 2 1 1 1 0 8 1 sockpl 400 1679 0 1660 14 9 5 14 0 8 3 mcl64k 65536 41 0 41 1 0 1 1 0 8 1 mcl16k 16384 2 0 2 1 0 1 1 0 8 1 mcl12k 12288 7 0 7 2 1 1 1 0 8 1 mcl9k 9216 5 0 5 3 2 1 1 0 8 1 mcl8k 8192 15 0 15 2 1 1 1 0 8 1 mcl4k 4096 50 0 50 2 1 1 1 0 8 1 mcl2k2 2112 3 0 3 2 1 1 1 0 8 1 mcl2k 2048 61587 0 61532 22 14 8 18 0 8 0 mtagpl 80 83 0 14 3 1 2 2 0 8 0 mbufpl 256 102583 0 102276 61 28 33 35 0 8 8 mbufpl: pool(0xffffffff82583768:mbufpl): free list modified: page 0xfffffd806983d000; item ordinal 9; addr 0xfffffd806983de00 (p 0xfffffd806c3c4000); offset 0x0=0x0 mbufpl: pool(0xffffffff82583768:mbufpl): page inconsistency: page 0xfffffd806983d000; item ordinal 10; addr 0xfffffd346aa70678 bufpl 280 5326 0 165 369 0 369 369 0 8 0 anonpl 16 72235 0 55283 85 13 72 83 0 107 3 amapchunkpl 152 2708 0 2571 11 5 6 10 0 158 0 amappl16 192 2968 0 2034 60 11 49 57 0 8 2 amappl15 184 2 0 0 1 0 1 1 0 8 0 amappl14 176 3 0 2 2 1 1 1 0 8 0 amappl13 168 37 0 35 1 0 1 1 0 8 0 amappl12 160 51 0 51 2 2 0 1 0 8 0 amappl11 152 76 0 64 1 0 1 1 0 8 0 amappl10 144 281 0 273 1 0 1 1 0 8 0 amappl9 136 379 0 375 1 0 1 1 0 8 0 amappl8 128 300 0 277 1 0 1 1 0 8 0 amappl7 120 381 0 367 1 0 1 1 0 8 0 amappl6 112 20 0 19 2 1 1 1 0 8 0 amappl5 104 508 0 497 1 0 1 1 0 8 0 amappl4 96 487 0 456 1 0 1 1 0 8 0 amappl3 88 117 0 112 1 0 1 1 0 8 0 amappl2 80 3394 0 3327 3 1 2 3 0 8 0 amappl1 72 19374 0 18960 27 18 9 20 0 8 0 amappl 80 1247 0 1200 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 29 0 5 1 0 1 1 0 8 0 uaddrrnd 24 542 0 520 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 542 0 520 1 0 1 1 0 8 0 vmmpekpl 168 7696 0 7669 2 0 2 2 0 8 0 vmmpepl 168 70518 0 68505 137 27 110 123 0 357 20 vmsppl 272 541 0 520 3 1 2 2 0 8 0 pdppl 4096 1090 0 1048 7 1 6 6 0 8 0 pvpl 32 214131 0 194199 196 19 177 195 0 265 15 pmappl 200 541 0 520 2 0 2 2 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 239 0 71 5 0 5 5 0 8 0