uvm_fault(0xffffffff825787b0, 0xfffffdaa33d9eaa2, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff825787b0, 0xfffffdaa33d9eaa2, 0, 1) -> e pool_do_put(ffffffff825c7f60,fffffd80589f0100) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff80001fa15c00, count: 0 ddb> trace pool_do_put(ffffffff825c7f60,fffffd80589f0100) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff825c7f60,fffffd80589f0100) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd80589f0100) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a4ab00,800100,ffff800000a4ab40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000a4ab00,ffff800000a01800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a01800,ffff80001fa16160,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001fa16160,ffff800000a01800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd8066ec1190,8080691a,ffff80001fa16160,ffff80001d742880) at ifioctl+0xe60 sys/net/if.c:2288 sys_ioctl(ffff80001d742880,ffff80001fa16278,ffff80001fa162c0) at sys_ioctl+0x4a1 syscall(ffff80001fa16340) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5a4fd90ca70, count: -11 ddb> show registers rdi 0xffffffff8174cc05 pool_do_put+0x125 rsi 0x13d rbp 0xffff80001fa15bb0 rbx 0xfffffdaa33d9ea9a rdx 0x13e rcx 0xffff80001e7f9000 rax 0xffff80001e7f9000 r8 0x4 r9 0x5 r10 0x5790323dffa87b2b r11 0xb32cffe8afc938d8 r12 0xfffffd80589f0100 r13 0xee9096aa33d9ea9a r14 0xffffffff825c7f60 mbpool r15 0xfffffd8066a086c0 rip 0xffffffff8174cc0e pool_do_put+0x12e cs 0x8 rflags 0x10297 __ALIGN_SIZE+0xf297 rsp 0xffff80001fa15b00 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) pid=31123 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff80001d741500,0xffffffff825c7418 process=0xffff8000ffff95a8 user=0xffff80001fa11000, vmspace=0xfffffd806bc0abb0 estcpu=1, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 8529 403014 3494 0 2 0 syz-executor.0 * 8529 31123 3494 0 7 0x4000000 syz-executor.0 65134 188007 0 0 3 0x14200 bored sosplice 3494 139558 87895 0 3 0x82 nanosleep syz-executor.0 14439 509538 87895 0 3 0x82 nanosleep syz-executor.1 87895 493692 21963 0 3 0x82 thrsleep syz-fuzzer 87895 523666 21963 0 3 0x4000082 thrsleep syz-fuzzer 87895 208291 21963 0 3 0x4000082 thrsleep syz-fuzzer 87895 14584 21963 0 3 0x4000082 thrsleep syz-fuzzer 87895 3257 21963 0 3 0x4000082 thrsleep syz-fuzzer 87895 395822 21963 0 3 0x4000082 kqread syz-fuzzer 87895 2110 21963 0 3 0x4000082 thrsleep syz-fuzzer 87895 418451 21963 0 3 0x4000082 thrsleep syz-fuzzer 21963 130272 27419 0 3 0x10008a pause ksh 27419 262935 75081 0 3 0x92 select sshd 9570 328271 1 0 3 0x100083 ttyin getty 75081 49611 1 0 3 0x80 select sshd 85179 451430 96689 73 3 0x100090 kqread syslogd 96689 364565 1 0 3 0x100082 netio syslogd 48251 107321 1 77 3 0x100090 poll dhclient 23436 498532 1 0 3 0x80 poll dhclient 26480 156857 0 0 3 0x14200 bored smr 53685 11983 0 0 2 0x14200 zerothread 79908 309633 0 0 3 0x14200 aiodoned aiodoned 83766 168946 0 0 3 0x14200 syncer update 7086 436511 0 0 3 0x14200 cleaner cleaner 78545 450383 0 0 3 0x14200 reaper reaper 69730 496288 0 0 3 0x14200 pgdaemon pagedaemon 56926 320784 0 0 3 0x14200 bored crynlk 77405 265031 0 0 3 0x14200 bored crypto 53494 245984 0 0 3 0x40014200 acpi0 acpi0 64844 135648 0 0 3 0x14200 bored softnet 92797 75012 0 0 3 0x14200 bored systqmp 67956 191878 0 0 3 0x14200 bored systq 22149 120020 0 0 3 0x40014200 bored softclock 17410 480652 0 0 3 0x40014200 idle0 1 102407 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9470 6330K 6714K 78643K 10717 0 pcb 13 8K 8K 78643K 19 0 rtable 108 3K 7K 78643K 264 0 ifaddr 50 11K 12K 78643K 81 0 counters 21 16K 16K 78643K 23 0 ioctlops 0 0K 4K 78643K 27 0 iov 0 0K 16K 78643K 8 0 mount 1 1K 1K 78643K 1 0 vnodes 1217 77K 77K 78643K 1266 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 10 0K 1K 78643K 14 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 6 17K 25K 78643K 106 0 proc 49 38K 63K 78643K 373 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1 0 in_multi 33 2K 2K 78643K 35 0 ether_multi 1 0K 0K 78643K 2 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 61 281K 281K 78643K 61 0 exec 0 0K 1K 78643K 185 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 126 23K 23K 78643K 1087 0 UVM aobj 2 2K 2K 78643K 2 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 4 0 NDP 7 0K 0K 78643K 13 0 temp 70 3028K 3092K 78643K 2051 0 kqueue 3 4K 4K 78643K 3 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 80 21 0 19 1 0 1 1 0 8 0 rtentry 112 46 0 1 2 0 2 2 0 8 0 unpcb 120 43 0 35 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 272 0 272 1 1 0 1 0 8 0 tcpcb 544 18 0 14 1 0 1 1 0 8 0 inpcb 280 71 0 63 1 0 1 1 0 8 0 nd6 48 7 0 0 1 0 1 1 0 8 0 pfstscr 40 1 0 0 1 0 1 1 0 8 0 pfrktable 1344 28 0 28 1 1 0 1 0 8 0 pftag 88 6 0 6 1 1 0 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 112 2 0 0 1 0 1 1 0 8 0 pfstate 328 1 0 0 1 0 1 1 0 8 0 pfrule 1360 8 0 8 1 1 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 190 0 0 12 0 12 12 0 8 0 art_table 32 191 0 0 2 0 2 2 0 8 0 art_node 16 45 0 4 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 8 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1527 0 128 88 0 88 88 0 8 0 ffsino 240 1527 0 128 83 0 83 83 0 8 0 nchpl 144 1880 0 278 60 0 60 60 0 8 0 uvmvnodes 72 1600 0 0 30 0 30 30 0 8 0 vnodes 208 1600 0 0 85 0 85 85 0 8 0 namei 1024 5034 0 5034 2 1 1 1 0 8 1 pfiaddrpl 120 8 0 8 1 1 0 1 0 8 0 scxspl 192 4748 0 4748 1 0 1 1 0 8 1 plimitpl 152 20 0 13 1 0 1 1 0 8 0 sigapl 424 293 0 263 4 0 4 4 0 8 0 futexpl 56 1649 0 1649 2 1 1 1 0 8 1 knotepl 112 61 0 42 1 0 1 1 0 8 0 kqueuepl 144 9 0 6 1 0 1 1 0 8 0 pipelkpl 16 88 0 78 1 0 1 1 0 8 0 pipepl 120 176 0 157 1 0 1 1 0 8 0 fdescpl 432 278 0 263 2 0 2 2 0 8 0 filepl 120 1640 0 1540 4 0 4 4 0 8 0 lockfpl 104 26 0 25 1 0 1 1 0 8 0 lockfspl 48 12 0 11 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 19 0 9 1 0 1 1 0 8 0 ucredpl 96 315 0 308 1 0 1 1 0 8 0 zombiepl 144 264 0 263 1 0 1 1 0 8 0 processpl 920 293 0 263 4 0 4 4 0 8 0 procpl 624 397 0 359 5 1 4 4 0 8 0 sockpl 400 135 0 117 4 2 2 3 0 8 0 mcl64k 65536 5 0 5 1 1 0 1 0 8 0 mcl16k 16384 2 0 2 2 1 1 1 0 8 1 mcl12k 12288 6 0 6 1 1 0 1 0 8 0 mcl8k 8192 14 0 14 2 1 1 1 0 8 1 mcl4k 4096 12 0 12 2 2 0 1 0 8 0 mcl2k 2048 70079 0 70020 19 11 8 16 0 8 0 mtagpl 80 8 0 2 2 1 1 1 0 8 0 mbufpl 256 111876 0 111770 13 4 9 10 0 8 0 mbufpl: pool(0xffffffff825c7f60:mbufpl): free list modified: page 0xfffffd80589f0000; item ordinal 2; addr 0xfffffd80589f0200 (p 0xfffffd8066a08000); offset 0x0=0x0 mbufpl: pool(0xffffffff825c7f60:mbufpl): page inconsistency: page 0xfffffd80589f0000; item ordinal 3; addr 0xfffffdaa33d9ea9a bufpl 280 3313 0 126 228 0 228 228 0 8 0 anonpl 16 39835 0 25001 62 2 60 60 0 107 0 amapchunkpl 152 1285 0 1150 7 1 6 7 0 158 0 amappl16 192 1136 0 330 41 0 41 41 0 8 0 amappl15 184 36 0 33 1 0 1 1 0 8 0 amappl14 176 26 0 20 1 0 1 1 0 8 0 amappl13 168 104 0 97 1 0 1 1 0 8 0 amappl12 160 14 0 11 1 0 1 1 0 8 0 amappl11 152 78 0 67 1 0 1 1 0 8 0 amappl10 144 15 0 9 1 0 1 1 0 8 0 amappl9 136 303 0 302 1 0 1 1 0 8 0 amappl8 128 320 0 280 2 0 2 2 0 8 0 amappl7 120 107 0 95 1 0 1 1 0 8 0 amappl6 112 57 0 50 1 0 1 1 0 8 0 amappl5 104 291 0 281 1 0 1 1 0 8 0 amappl4 96 495 0 465 1 0 1 1 0 8 0 amappl3 88 149 0 140 1 0 1 1 0 8 0 amappl2 80 1421 0 1345 2 0 2 2 0 8 0 amappl1 72 14836 0 14415 23 14 9 17 0 8 0 amappl 80 617 0 572 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 278 0 263 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 278 0 263 1 0 1 1 0 8 0 vmmpekpl 168 6124 0 6098 2 0 2 2 0 8 0 vmmpepl 168 40297 0 38302 116 28 88 110 0 357 1 vmsppl 272 277 0 263 2 1 1 2 0 8 0 pdppl 4096 562 0 526 6 1 5 6 0 8 0 pvpl 32 138550 0 120660 148 2 146 147 0 265 1 pmappl 200 277 0 263 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 249 0 29 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff825c7f60,fffffd80589f0100) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff825c7f60,fffffd80589f0100) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd80589f0100) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a4ab00,800100,ffff800000a4ab40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000a4ab00,ffff800000a01800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a01800,ffff80001fa16160,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001fa16160,ffff800000a01800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd8066ec1190,8080691a,ffff80001fa16160,ffff80001d742880) at ifioctl+0xe60 sys/net/if.c:2288 sys_ioctl(ffff80001d742880,ffff80001fa16278,ffff80001fa162c0) at sys_ioctl+0x4a1 syscall(ffff80001fa16340) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5a4fd90ca70, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff825c7f60,fffffd80589f0100) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff825c7f60,fffffd80589f0100) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd80589f0100) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a4ab00,800100,ffff800000a4ab40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000a4ab00,ffff800000a01800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a01800,ffff80001fa16160,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001fa16160,ffff800000a01800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd8066ec1190,8080691a,ffff80001fa16160,ffff80001d742880) at ifioctl+0xe60 sys/net/if.c:2288 sys_ioctl(ffff80001d742880,ffff80001fa16278,ffff80001fa162c0) at sys_ioctl+0x4a1 syscall(ffff80001fa16340) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5a4fd90ca70, count: -11