uvm_fault(0xfffffd8057a1fdd8, 0xa5, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd8057a1fdd8, 0xa5, 0, 1) -> e pool_do_put(ffffffff82834208,fffffd8057ba4500) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff80001d777430, count: 0 ddb> trace pool_do_put(ffffffff82834208,fffffd8057ba4500) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff82834208,fffffd8057ba4500) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8057ba4500) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000af6a00,800100,ffff800000af6a40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000af6a00,ffff800000ae4000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ae4000,ffff80001d777990,0) at in6_update_ifa+0x13e7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001d777990,ffff800000ae4000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd806b64f320,8080691a,ffff80001d777990,ffff80001d6a99c8) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d6a99c8,ffff80001d777aa8,ffff80001d777af0) at sys_ioctl+0x4a1 syscall(ffff80001d777b70) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd858827a220, count: -11 ddb> show registers rdi 0xffffffff81b0e965 pool_do_put+0x125 rsi 0x13f rbp 0xffff80001d7773e0 rbx 0x9d rdx 0x140 rcx 0xffff80001e7b8000 rax 0xffff80001e7b8000 r8 0x4 r9 0x5 r10 0x9191682aa8fbd730 r11 0x9d69650a962b2c65 r12 0xfffffd8057ba4500 r13 0xb171ade4460ca19d r14 0xffffffff82834208 mbpool r15 0xfffffd8059bba1f0 rip 0xffffffff81b0e96e pool_do_put+0x12e cs 0x8 rflags 0x10296 __ALIGN_SIZE+0xf296 rsp 0xffff80001d777330 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) pid=322839 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=72, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6aa388,0xffffffff82837320 process=0xffff80001d6c5970 user=0xffff80001d772000, vmspace=0xfffffd8057a1fdd8 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 23890 55379 64381 0 2 0 syz-executor.0 *23890 322839 64381 0 7 0x4000000 syz-executor.0 64381 484869 43272 0 3 0x82 nanosleep syz-executor.0 57929 165899 0 0 3 0x14200 bored sosplice 7326 16190 43272 0 3 0x2 biowait syz-executor.1 43272 471325 74901 0 3 0x82 thrsleep syz-fuzzer 43272 147610 74901 0 3 0x4000082 nanosleep syz-fuzzer 43272 224681 74901 0 3 0x4000082 thrsleep syz-fuzzer 43272 262498 74901 0 3 0x4000082 thrsleep syz-fuzzer 43272 206035 74901 0 3 0x4000082 thrsleep syz-fuzzer 43272 121506 74901 0 3 0x4000082 kqread syz-fuzzer 43272 270596 74901 0 3 0x4000082 thrsleep syz-fuzzer 43272 184201 74901 0 3 0x4000082 thrsleep syz-fuzzer 74901 71340 99786 0 3 0x10008a pause ksh 99786 109361 52629 0 3 0x92 select sshd 14533 136780 1 0 3 0x100083 ttyin getty 52629 23212 1 0 3 0x80 select sshd 86499 252722 20751 73 3 0x100090 kqread syslogd 20751 26704 1 0 3 0x100082 netio syslogd 15477 152578 1 77 3 0x100090 poll dhclient 80662 242557 1 0 3 0x80 poll dhclient 50806 372881 0 0 3 0x14200 bored smr 57155 3185 0 0 2 0x14200 zerothread 87935 495147 0 0 3 0x14200 aiodoned aiodoned 31000 339480 0 0 3 0x14200 syncer update 31442 84433 0 0 3 0x14200 cleaner cleaner 54673 28421 0 0 3 0x14200 reaper reaper 25147 57565 0 0 3 0x14200 pgdaemon pagedaemon 18836 177143 0 0 3 0x14200 bored crynlk 97796 97027 0 0 3 0x14200 bored crypto 30177 64000 0 0 3 0x40014200 acpi0 acpi0 84940 381301 0 0 3 0x14200 bored softnet 25023 216483 0 0 3 0x14200 bored systqmp 19025 429991 0 0 3 0x14200 bored systq 73066 478114 0 0 3 0x40014200 bored softclock 5445 63583 0 0 3 0x40014200 idle0 1 79960 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9505 6466K 6846K 78643K 11130 0 pcb 13 8K 8K 78643K 75 0 rtable 104 4K 7K 78643K 576 0 ifaddr 68 13K 15K 78643K 198 0 counters 21 16K 16K 78643K 30 0 ioctlops 0 0K 4K 78643K 58 0 iov 0 0K 16K 78643K 43 0 mount 1 1K 1K 78643K 1 0 vnodes 1215 76K 77K 78643K 1385 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 20 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 339 0 sigio 0 0K 0K 78643K 2 0 proc 49 38K 63K 78643K 405 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 23 0 in_multi 36 2K 2K 78643K 134 0 ether_multi 1 0K 0K 78643K 11 0 mrt 0 0K 0K 78643K 2 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 1K 78643K 200 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 136 55K 71K 78643K 1660 0 UVM aobj 11 2K 2K 78643K 13 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 64 0 NDP 11 0K 0K 78643K 36 0 temp 98 3853K 3917K 78643K 6155 0 kqueue 3 4K 10K 78643K 23 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 9 0 3 1 0 1 1 0 8 0 rtpcb 80 45 0 43 1 0 1 1 0 8 0 rtentry 112 88 0 47 2 0 2 2 0 8 0 unpcb 120 203 0 195 1 0 1 1 0 8 0 syncache 264 11 0 11 4 4 0 1 0 8 0 tcpqe 32 357 0 357 1 1 0 1 0 8 0 tcpcb 544 111 0 107 1 0 1 1 0 8 0 ipq 40 4 0 4 2 2 0 1 0 8 0 ipqe 40 94 0 94 2 2 0 1 0 8 0 inpcb 296 389 0 381 4 2 2 2 0 8 1 rttmr 72 1 0 1 1 1 0 1 0 8 0 ip6q 72 2 0 2 1 1 0 1 0 8 0 ip6af 40 6 0 6 1 1 0 1 0 8 0 nd6 48 21 0 17 1 0 1 1 0 8 0 pkpcb 40 8 0 8 2 2 0 1 0 8 0 pfrktable 1344 104 0 102 4 3 1 1 0 8 0 pftag 88 18 0 16 4 3 1 1 0 8 0 pfrule 1360 20 0 15 4 3 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 377 0 205 15 2 13 13 0 8 1 art_table 32 378 0 205 2 0 2 2 0 8 0 art_node 16 87 0 49 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 2 1 0 1 1 0 8 0 semupl 112 2 0 2 2 2 0 1 0 8 0 semapl 112 18 0 8 1 0 1 1 0 8 0 shmpl 112 10 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1823 0 428 88 0 88 88 0 8 0 ffsino 240 1823 0 428 83 0 83 83 0 8 0 nchpl 144 2468 0 880 60 0 60 60 0 8 0 uvmvnodes 72 1991 0 0 37 0 37 37 0 8 0 vnodes 208 1991 0 0 105 0 105 105 0 8 0 namei 1024 7030 0 7030 4 3 1 1 0 8 1 vcpupl 1984 4 0 0 1 0 1 1 0 8 0 vmpool 528 6 0 2 1 0 1 1 0 8 0 pfiaddrpl 120 34 0 32 4 3 1 1 0 8 0 scxspl 192 6977 0 6976 1 0 1 1 0 8 0 plimitpl 152 45 0 38 1 0 1 1 0 8 0 sigapl 424 523 0 494 4 0 4 4 0 8 0 futexpl 56 6807 0 6807 4 3 1 1 0 8 1 knotepl 112 97 0 78 1 0 1 1 0 8 0 kqueuepl 144 67 0 65 1 0 1 1 0 8 0 pipepl 272 116 0 106 1 0 1 1 0 8 0 fdescpl 432 508 0 494 2 0 2 2 0 8 0 filepl 120 3267 0 3171 5 1 4 4 0 8 1 lockfpl 104 88 0 87 1 0 1 1 0 8 0 lockfspl 48 33 0 32 1 0 1 1 0 8 0 sessionpl 112 18 0 8 1 0 1 1 0 8 0 pgrppl 48 18 0 8 1 0 1 1 0 8 0 ucredpl 96 252 0 244 1 0 1 1 0 8 0 zombiepl 144 494 0 494 2 1 1 1 0 8 1 processpl 928 523 0 494 4 0 4 4 0 8 0 procpl 624 898 0 861 6 2 4 4 0 8 1 sosppl 128 11 0 11 4 3 1 1 0 8 1 sockpl 400 645 0 627 6 3 3 3 0 8 1 mcl64k 65536 25 0 25 3 3 0 1 0 8 0 mcl16k 16384 3 0 3 2 2 0 1 0 8 0 mcl12k 12288 10 0 10 4 3 1 1 0 8 1 mcl9k 9216 7 0 7 2 2 0 1 0 8 0 mcl8k 8192 10 0 10 5 5 0 1 0 8 0 mcl4k 4096 34 0 34 5 4 1 1 0 8 1 mcl2k2 2112 3 0 3 2 2 0 1 0 8 0 mcl2k 2048 75673 0 75611 19 10 9 17 0 8 0 mtagpl 96 37 0 12 2 1 1 1 0 8 0 mbufpl 256 122854 0 122632 33 14 19 21 0 8 0 mbufpl: pool(0xffffffff82834208:mbufpl): free list modified: page 0xfffffd8057ba4000; item ordinal 2; addr 0xfffffd8057ba4600 (p 0xfffffd8059bba000); offset 0x0=0x0 mbufpl: pool(0xffffffff82834208:mbufpl): page inconsistency: page 0xfffffd8057ba4000; item ordinal 3; addr 0x9d bufpl 280 3689 0 126 255 0 255 255 0 8 0 anonpl 16 67044 0 51236 91 25 66 82 0 107 0 amapchunkpl 152 2554 0 2422 24 18 6 19 0 158 0 amappl16 192 2382 0 1477 62 16 46 58 0 8 0 amappl15 184 2 0 0 1 0 1 1 0 8 0 amappl14 176 317 0 308 1 0 1 1 0 8 0 amappl13 168 33 0 30 1 0 1 1 0 8 0 amappl12 160 12 0 11 1 0 1 1 0 8 0 amappl11 152 275 0 263 1 0 1 1 0 8 0 amappl10 144 14 0 8 1 0 1 1 0 8 0 amappl9 136 375 0 374 1 0 1 1 0 8 0 amappl8 128 348 0 304 2 0 2 2 0 8 0 amappl7 120 115 0 101 1 0 1 1 0 8 0 amappl6 112 173 0 167 1 0 1 1 0 8 0 amappl5 104 226 0 216 1 0 1 1 0 8 0 amappl4 96 667 0 637 1 0 1 1 0 8 0 amappl3 88 262 0 255 1 0 1 1 0 8 0 amappl2 80 3145 0 3075 2 0 2 2 0 8 0 amappl1 72 18658 0 18252 23 13 10 17 0 8 0 amappl 80 1142 0 1097 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 12 0 2 1 0 1 1 0 8 0 uaddrrnd 24 514 0 496 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 514 0 496 1 0 1 1 0 8 0 vmmpekpl 168 6931 0 6899 2 0 2 2 0 8 0 vmmpepl 168 67893 0 65885 156 63 93 124 0 357 4 vmsppl 272 513 0 496 2 0 2 2 0 8 0 pdppl 4096 1034 0 996 7 1 6 6 0 8 0 pvpl 32 204325 0 185532 208 53 155 193 0 265 0 pmappl 200 513 0 496 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 290 0 54 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff82834208,fffffd8057ba4500) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff82834208,fffffd8057ba4500) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8057ba4500) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000af6a00,800100,ffff800000af6a40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000af6a00,ffff800000ae4000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ae4000,ffff80001d777990,0) at in6_update_ifa+0x13e7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001d777990,ffff800000ae4000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd806b64f320,8080691a,ffff80001d777990,ffff80001d6a99c8) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d6a99c8,ffff80001d777aa8,ffff80001d777af0) at sys_ioctl+0x4a1 syscall(ffff80001d777b70) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd858827a220, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff82834208,fffffd8057ba4500) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff82834208,fffffd8057ba4500) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8057ba4500) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000af6a00,800100,ffff800000af6a40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000af6a00,ffff800000ae4000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ae4000,ffff80001d777990,0) at in6_update_ifa+0x13e7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001d777990,ffff800000ae4000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd806b64f320,8080691a,ffff80001d777990,ffff80001d6a99c8) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d6a99c8,ffff80001d777aa8,ffff80001d777af0) at sys_ioctl+0x4a1 syscall(ffff80001d777b70) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd858827a220, count: -11