uvm_fault(0xfffffd806bc09bb0, 0x21698bd4, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd806bc09bb0, 0x21698bd4, 0, 1) -> e pool_do_put(ffffffff82583ae8,fffffd80534cc700) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff800020648040, count: 0 ddb> trace pool_do_put(ffffffff82583ae8,fffffd80534cc700) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff82583ae8,fffffd80534cc700) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd80534cc700) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a40100,800100,ffff800000a40140,0) at rt_ifa_del+0x402 sys/net/route.c:1196 in6_unlink_ifa(ffff800000a40100,ffff800000a08000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a08000,ffff8000206485a0,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff8000206485a0,ffff800000a08000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd80532f3660,8080691a,ffff8000206485a0,ffff80001d35dc48) at ifioctl+0xe60 sys/net/if.c:2289 sys_ioctl(ffff80001d35dc48,ffff8000206486b8,ffff800020648700) at sys_ioctl+0x4a1 syscall(ffff800020648780) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7bf0f7d3300, count: -11 ddb> show registers rdi 0xffffffff815c36a5 pool_do_put+0x125 rsi 0x17b rbp 0xffff800020647ff0 rbx 0x21698bcc rdx 0x17c rcx 0xffff80001d433000 rax 0xffff80001d433000 r8 0x4 r9 0x5 r10 0xc15a1969449e8c73 r11 0x8a6261179d513bc r12 0xfffffd80534cc700 r13 0xf4e7e91921698bcc r14 0xffffffff82583ae8 mbpool r15 0xfffffd8053dce560 rip 0xffffffff815c36ae pool_do_put+0x12e cs 0x8 rflags 0x10292 __ALIGN_SIZE+0xf292 rsp 0xffff800020647f40 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) pid=151532 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=73, nice=20 forw=0xffffffffffffffff, list=0xffff80001d35d9d8,0xffffffff825858a0 process=0xffff8000ffffb5a0 user=0xffff800020643000, vmspace=0xfffffd806bc09bb0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 21999 218176 82520 0 2 0 syz-executor.0 *21999 151532 82520 0 7 0x4000000 syz-executor.0 25331 25323 0 0 3 0x14200 bored sosplice 53821 341998 0 0 3 0x14200 acct acct 43583 137318 97799 0 3 0x2 biowait syz-executor.1 82520 295778 97799 0 3 0x82 nanosleep syz-executor.0 97799 15076 80167 0 3 0x82 thrsleep syz-fuzzer 97799 342235 80167 0 3 0x4000082 nanosleep syz-fuzzer 97799 188438 80167 0 3 0x4000082 thrsleep syz-fuzzer 97799 447667 80167 0 3 0x4000082 thrsleep syz-fuzzer 97799 42568 80167 0 3 0x4000082 thrsleep syz-fuzzer 97799 403207 80167 0 3 0x4000082 thrsleep syz-fuzzer 97799 277191 80167 0 3 0x4000082 thrsleep syz-fuzzer 97799 64433 80167 0 3 0x4000082 kqread syz-fuzzer 80167 321347 19602 0 3 0x10008a pause ksh 19602 63475 42203 0 3 0x92 select sshd 22662 211339 1 0 3 0x100083 ttyin getty 42203 316454 1 0 3 0x80 select sshd 29048 41862 50749 73 3 0x100090 kqread syslogd 50749 58947 1 0 3 0x100082 netio syslogd 26989 5125 1 77 3 0x100090 poll dhclient 46238 500151 1 0 3 0x80 poll dhclient 1711 439625 0 0 3 0x14200 bored smr 84924 109249 0 0 2 0x14200 zerothread 43255 261296 0 0 3 0x14200 aiodoned aiodoned 71659 172011 0 0 3 0x14200 syncer update 3290 31743 0 0 3 0x14200 cleaner cleaner 54371 43791 0 0 3 0x14200 reaper reaper 17124 378299 0 0 3 0x14200 pgdaemon pagedaemon 21816 255070 0 0 3 0x14200 bored crynlk 66632 473112 0 0 3 0x14200 bored crypto 16310 119880 0 0 3 0x40014200 acpi0 acpi0 61064 464768 0 0 3 0x14200 bored softnet 70937 440835 0 0 3 0x14200 bored systqmp 75643 134112 0 0 3 0x14200 bored systq 60727 515500 0 0 3 0x40014200 bored softclock 94775 43551 0 0 3 0x40014200 idle0 1 355186 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9505 6352K 14676K 78643K 11578 0 pcb 13 8K 8K 78643K 129 0 rtable 106 3K 4K 78643K 621 0 ifaddr 81 16K 16K 78643K 159 0 counters 21 16K 16K 78643K 34 0 ioctlops 0 0K 2K 78643K 30 0 iov 0 0K 16K 78643K 90 0 mount 1 1K 1K 78643K 1 0 vnodes 1220 77K 77K 78643K 1575 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 10 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 56 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 5 13K 25K 78643K 645 0 sigio 0 0K 0K 78643K 9 0 proc 50 38K 63K 78643K 427 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 46 0 in_multi 70 3K 3K 78643K 130 0 ether_multi 1 0K 0K 78643K 17 0 mrt 0 0K 0K 78643K 6 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 1K 78643K 233 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 100 37K 42K 78643K 2314 0 UVM aobj 19 2K 3K 78643K 23 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 110 0 NDP 12 0K 0K 78643K 32 0 temp 117 3035K 3099K 78643K 9912 0 kqueue 3 4K 18K 78643K 59 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 2 1 0 1 1 0 8 0 rtpcb 80 204 0 202 1 0 1 1 0 8 0 rtentry 112 163 0 120 2 0 2 2 0 8 0 unpcb 120 445 0 437 1 0 1 1 0 8 0 syncache 264 8 0 8 2 2 0 1 0 8 0 tcpqe 32 142 0 142 1 1 0 1 0 8 0 tcpcb 544 230 0 226 2 1 1 2 0 8 0 ipq 40 7 0 7 2 2 0 1 0 8 0 ipqe 40 14 0 14 2 2 0 1 0 8 0 inpcb 280 1274 0 1265 2 0 2 2 0 8 1 rttmr 72 1 0 1 1 1 0 1 0 8 0 ip6q 72 1 0 1 1 1 0 1 0 8 0 ip6af 40 2 0 2 1 1 0 1 0 8 0 nd6 48 12 0 7 1 0 1 1 0 8 0 pkpcb 40 6 0 6 2 1 1 1 0 8 1 ppxss 1128 6 0 6 2 2 0 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 316 0 122 14 0 14 14 0 8 1 art_table 32 318 0 122 2 0 2 2 0 8 0 art_node 16 65 0 25 1 0 1 1 0 8 0 sysvmsgpl 40 23 0 13 2 1 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 54 0 44 1 0 1 1 0 8 0 shmpl 112 21 0 4 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2311 0 917 46 0 46 46 0 8 0 ffsino 240 2311 0 917 83 0 83 83 0 8 0 nchpl 144 3341 0 1744 60 0 60 60 0 8 0 uvmvnodes 72 2612 0 0 48 0 48 48 0 8 0 vnodes 208 2612 0 0 138 0 138 138 0 8 0 namei 1024 8765 0 8765 1 0 1 1 0 8 1 vcpupl 1984 1 0 0 1 0 1 1 0 8 0 vmpool 528 1 0 0 1 0 1 1 0 8 0 scsiplug 64 1 0 1 1 1 0 1 0 8 0 scxspl 192 10781 0 10780 1 0 1 1 0 8 0 plimitpl 152 53 0 46 1 0 1 1 0 8 0 sigapl 424 833 0 803 4 0 4 4 0 8 0 futexpl 56 12192 0 12192 1 0 1 1 0 8 1 knotepl 112 124 0 105 1 0 1 1 0 8 0 kqueuepl 144 116 0 114 1 0 1 1 0 8 0 pipelkpl 16 155 0 145 1 0 1 1 0 8 0 pipepl 120 310 0 291 1 0 1 1 0 8 0 fdescpl 432 817 0 803 2 0 2 2 0 8 0 filepl 120 5339 0 5242 4 0 4 4 0 8 1 lockfpl 104 159 0 158 1 0 1 1 0 8 0 lockfspl 48 57 0 56 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 19 0 9 1 0 1 1 0 8 0 ucredpl 96 435 0 428 1 0 1 1 0 8 0 zombiepl 144 803 0 803 1 0 1 1 0 8 1 processpl 920 833 0 803 4 0 4 4 0 8 0 procpl 624 1586 0 1548 4 0 4 4 0 8 0 sosppl 128 17 0 17 1 1 0 1 0 8 0 sockpl 400 1947 0 1926 7 2 5 5 0 8 2 mcl64k 65536 69 0 69 1 0 1 1 0 8 1 mcl16k 16384 2 0 2 1 1 0 1 0 8 0 mcl12k 12288 27 0 27 1 0 1 1 0 8 1 mcl9k 9216 5 0 5 3 2 1 1 0 8 1 mcl8k 8192 14 0 14 2 1 1 1 0 8 1 mcl4k 4096 38 0 38 1 0 1 1 0 8 1 mcl2k2 2112 9 0 9 2 1 1 1 0 8 1 mcl2k 2048 62672 0 62631 17 10 7 15 0 8 1 mtagpl 80 78 0 5 3 1 2 2 0 8 0 mbufpl 256 104253 0 103973 31 4 27 27 0 8 0 mbufpl: pool(0xffffffff82583ae8:mbufpl): free list modified: page 0xfffffd80534cc000; item ordinal 2; addr 0xfffffd80534cc800 (p 0xfffffd8053dce000); offset 0x0=0x0 mbufpl: pool(0xffffffff82583ae8:mbufpl): page inconsistency: page 0xfffffd80534cc000; item ordinal 3; addr 0x21698bcc bufpl 280 5647 0 263 385 0 385 385 0 8 0 anonpl 16 82076 0 68020 76 16 60 73 0 107 0 amapchunkpl 152 3532 0 3401 17 11 6 13 0 158 0 amappl16 192 4264 0 3468 54 12 42 52 0 8 2 amappl15 184 2 0 0 1 0 1 1 0 8 0 amappl14 176 291 0 286 2 1 1 1 0 8 0 amappl13 168 23 0 22 1 0 1 1 0 8 0 amappl12 160 7 0 7 2 2 0 1 0 8 0 amappl11 152 63 0 51 1 0 1 1 0 8 0 amappl10 144 14 0 10 1 0 1 1 0 8 0 amappl9 136 363 0 360 1 0 1 1 0 8 0 amappl8 128 259 0 246 1 0 1 1 0 8 0 amappl7 120 116 0 104 1 0 1 1 0 8 0 amappl6 112 19 0 18 1 0 1 1 0 8 0 amappl5 104 499 0 488 1 0 1 1 0 8 0 amappl4 96 733 0 704 1 0 1 1 0 8 0 amappl3 88 427 0 420 1 0 1 1 0 8 0 amappl2 80 5764 0 5697 3 1 2 3 0 8 0 amappl1 72 23955 0 23543 26 16 10 20 0 8 0 amappl 80 1838 0 1795 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 22 0 4 1 0 1 1 0 8 0 uaddrrnd 24 818 0 803 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 818 0 803 1 0 1 1 0 8 0 vmmpekpl 168 8566 0 8539 2 0 2 2 0 8 0 vmmpepl 168 101000 0 99155 109 23 86 97 0 357 3 vmsppl 272 817 0 803 3 1 2 2 0 8 1 pdppl 4096 1642 0 1607 6 1 5 6 0 8 0 pvpl 32 243373 0 226339 179 22 157 175 0 265 17 pmappl 200 817 0 803 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 180 0 23 5 0 5 5 0 8 0