S.~M\BI_Qwd!8g=Kj&azP,}'}LG0nJ*79m`#.% Um$+0|/LWRӦ7CHn EN-^4Y wGd2,Qo%eLzfKe ;k?o|a+RlSDi‰~p˲.ԭgYKCbAu)ԣjq8B'ݑDV^-?k#rib?>KΈb]WjSnUnn,$䆕|9WWƽQVhʴ`Â.|~0WD8ݢ6-_D]]#ZVeAț0Xgw;@߀-xGu ; f`ni7h~0-0g|w mwJWv&P0?f_LeC5O+H\0bR$Oȟ]w7 nPji]E{*xeMuM(WXP);E%sWh^3KT:\o+芜#^T3tnkK35{ .y~-0 ù( ܳ*6ۃ^TuP!(%2! ;>}M_!ŊqƯ~Xuvm_fault(0xfffffd803d383780, 0xfc, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd803d383780, 0xfc, 0, 1) -> e pool_do_put(ffffffff82589120,fffffd8032b37900) at pool_do_put+0x12e sys/kern/subr_pool.c:844 end trace frame: 0xffff80001494e5a0, count: 0 ddb> trace pool_do_put(ffffffff82589120,fffffd8032b37900) at pool_do_put+0x12e sys/kern/subr_pool.c:844 pool_put(ffffffff82589120,fffffd8032b37900) at pool_put+0x4b sys/kern/subr_pool.c:802 m_free(fffffd8032b37900) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a0be00,800100,ffff800000a0be40,0) at rt_ifa_del+0x436 sys/net/route.c:1201 in6_unlink_ifa(ffff800000a0be00,ffff8000009e3800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff8000009e3800,ffff80001494eb00,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001494eb00,ffff8000009e3800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd8036fafc00,8080691a,ffff80001494eb00,ffff8000ffff2508) at ifioctl+0xe60 sys/net/if.c:2291 sys_ioctl(ffff8000ffff2508,ffff80001494ec18,ffff80001494ec60) at sys_ioctl+0x5b9 syscall(ffff80001494ece0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa927897bf80, count: -11 ddb> show registers rdi 0xffffffff815c67c5 pool_do_put+0x125 rsi 0x194 rbp 0xffff80001494e550 rbx 0xf4 rdx 0x195 rcx 0xffff800016b57000 rax 0xffff800016b57000 r8 0x4 r9 0x5 r10 0x34ee44d68f2d2ce5 r11 0x8665bbd5c2f30557 r12 0xfffffd8032b37900 r13 0xf1b6febafa0e1ff4 r14 0xffffffff82589120 mbpool r15 0xfffffd803595a408 rip 0xffffffff815c67ce pool_do_put+0x12e cs 0x8 rflags 0x10296 __ALIGN_SIZE+0xf296 rsp 0xffff80001494e4a0 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) pid=505560 stat=onproc flags process=0 proc=4000000 pri=77, usrpri=77, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff2ee8,0xffffffff82541e00 process=0xffff8000ffff77b0 user=0xffff800014949000, vmspace=0xfffffd803d383780 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 36909 364828 62143 0 2 0 syz-executor.0 *36909 505560 62143 0 7 0x4000000 syz-executor.0 89239 398278 0 0 3 0x14200 bored sosplice 15966 337056 1970 0 3 0x2 biowait syz-executor.1 62143 387247 1970 0 3 0x82 nanosleep syz-executor.0 1970 315197 22395 0 3 0x82 thrsleep syz-fuzzer 1970 123275 22395 0 3 0x4000082 nanosleep syz-fuzzer 1970 124613 22395 0 3 0x4000082 thrsleep syz-fuzzer 1970 121998 22395 0 3 0x4000082 thrsleep syz-fuzzer 1970 191631 22395 0 3 0x4000082 thrsleep syz-fuzzer 1970 324228 22395 0 3 0x4000082 kqread syz-fuzzer 1970 338850 22395 0 3 0x4000082 thrsleep syz-fuzzer 1970 442594 22395 0 3 0x4000082 thrsleep syz-fuzzer 22395 108168 53504 0 3 0x10008a pause ksh 53504 331547 97817 0 3 0x92 select sshd 91303 108019 1 0 3 0x100083 ttyin getty 97817 443770 1 0 3 0x80 select sshd 91924 161755 86625 73 3 0x100090 kqread syslogd 86625 137653 1 0 3 0x100082 netio syslogd 14436 409114 0 0 2 0x14200 zerothread 5060 441606 0 0 3 0x14200 aiodoned aiodoned 73154 157414 0 0 3 0x14200 syncer update 36853 225436 0 0 3 0x14200 cleaner cleaner 11181 509742 0 0 3 0x14200 reaper reaper 11713 433874 0 0 3 0x14200 pgdaemon pagedaemon 66066 227480 0 0 3 0x14200 bored crynlk 47625 270293 0 0 3 0x14200 bored crypto 45950 404764 0 0 3 0x40014200 acpi0 acpi0 46253 254705 0 0 3 0x14200 bored softnet 87945 251868 0 0 3 0x14200 bored systqmp 90226 24180 0 0 3 0x14200 bored systq 58420 68212 0 0 3 0x40014200 bored softclock 99138 129386 0 0 3 0x40014200 idle0 51506 412951 0 0 3 0x14200 bored smr 1 469167 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9499 6289K 12288K 78643K 13452 0 pcb 13 8K 8K 78643K 87 0 rtable 112 3K 4K 78643K 309 0 ifaddr 69 15K 15K 78643K 112 0 counters 19 16K 16K 78643K 19 0 ioctlops 0 0K 2K 78643K 34 0 iov 0 0K 32K 78643K 128 0 mount 1 1K 1K 78643K 1 0 vnodes 1266 80K 80K 78643K 1942 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 10 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 101 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 5 13K 25K 78643K 278 0 sigio 0 0K 0K 78643K 4 0 proc 43 30K 63K 78643K 376 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 36 0 in_multi 67 3K 3K 78643K 83 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 192 848K 848K 78643K 192 0 exec 0 0K 1K 78643K 200 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 127 71K 71K 78643K 1539 0 UVM aobj 29 2K 2K 78643K 32 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 88 0 NDP 9 0K 0K 78643K 22 0 temp 122 3014K 3092K 78643K 25505 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 10 0 2 1 0 1 1 0 8 0 rtpcb 80 41 0 41 1 0 1 1 0 8 1 rtentry 112 68 0 22 2 0 2 2 0 8 0 unpcb 120 224 0 216 1 0 1 1 0 8 0 syncache 264 7 0 7 2 2 0 1 0 8 0 tcpqe 32 315 0 315 1 1 0 1 0 8 0 tcpcb 544 139 0 135 2 0 2 2 0 8 1 ipq 40 4 0 4 1 0 1 1 0 8 1 ipqe 40 94 0 94 1 0 1 1 0 8 1 inpcb 280 642 0 634 3 0 3 3 0 8 2 nd6 48 7 0 4 1 0 1 1 0 8 0 ppxss 1128 6 0 6 2 1 1 1 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 305 0 93 15 0 15 15 0 8 0 art_table 32 307 0 93 2 0 2 2 0 8 0 art_node 16 67 0 25 1 0 1 1 0 8 0 sysvmsgpl 40 86 0 54 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 99 0 89 1 0 1 1 0 8 0 shmpl 112 30 0 3 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1821 0 419 46 0 46 46 0 8 0 ffsino 240 1821 0 419 83 0 83 83 0 8 0 nchpl 144 2446 0 836 60 0 60 60 0 8 0 uvmvnodes 72 2518 0 0 46 0 46 46 0 8 0 vnodes 208 2518 0 0 133 0 133 133 0 8 0 namei 1024 8557 0 8557 1 0 1 1 0 8 1 vcpupl 1984 5 0 0 1 0 1 1 0 8 0 vmpool 528 5 0 0 1 0 1 1 0 8 0 scxspl 192 7368 0 7367 8 5 3 5 0 8 2 plimitpl 152 38 0 32 1 0 1 1 0 8 0 sigapl 432 449 0 438 2 0 2 2 0 8 0 futexpl 56 11392 0 11392 1 0 1 1 0 8 1 knotepl 112 86 0 67 1 0 1 1 0 8 0 kqueuepl 104 316 0 310 1 0 1 1 0 8 0 pipepl 128 256 0 237 2 0 2 2 0 8 1 fdescpl 424 450 0 438 2 0 2 2 0 8 0 filepl 120 5445 0 5344 8 0 8 8 0 8 4 lockfpl 104 195 0 195 1 0 1 1 0 8 1 lockfspl 48 86 0 86 1 0 1 1 0 8 1 sessionpl 112 17 0 9 1 0 1 1 0 8 0 pgrppl 48 17 0 9 1 0 1 1 0 8 0 ucredpl 96 1352 0 1346 1 0 1 1 0 8 0 zombiepl 144 438 0 438 1 0 1 1 0 8 1 processpl 864 465 0 438 4 0 4 4 0 8 0 procpl 632 794 0 759 4 0 4 4 0 8 0 sosppl 128 3 0 3 2 1 1 1 0 8 1 sockpl 384 920 0 905 7 1 6 6 0 8 4 mcl64k 65536 18 0 18 1 0 1 1 0 8 1 mcl16k 16384 6 0 6 2 1 1 1 0 8 1 mcl12k 12288 12 0 12 1 0 1 1 0 8 1 mcl9k 9216 7 0 7 1 0 1 1 0 8 1 mcl8k 8192 28 0 28 1 0 1 1 0 8 1 mcl4k 4096 52 0 51 2 1 1 1 0 8 0 mcl2k2 2112 3 0 3 2 1 1 1 0 8 1 mcl2k 2048 68338 0 68291 20 13 7 17 0 8 0 mtagpl 80 16 0 2 2 1 1 1 0 8 0 mbufpl 256 111666 0 111490 23 3 20 21 0 8 5 mbufpl: pool(0xffffffff82589120:mbufpl): free list modified: page 0xfffffd8032b37000; item ordinal 0; addr 0xfffffd8032b37a00 (p 0xfffffd803595a000); offset 0x0=0x0 mbufpl: pool(0xffffffff82589120:mbufpl): page inconsistency: page 0xfffffd8032b37000; item ordinal 1; addr 0xf4 bufpl 280 8416 0 2320 436 0 436 436 0 8 0 anonpl 16 65549 0 45472 99 1 98 98 0 62 16 amapchunkpl 152 2364 0 2206 19 2 17 17 0 158 10 amappl16 192 2389 0 1282 63 2 61 63 0 8 5 amappl15 184 51 0 47 1 0 1 1 0 8 0 amappl14 176 159 0 155 1 0 1 1 0 8 0 amappl12 160 6 0 4 1 0 1 1 0 8 0 amappl11 152 44 0 40 1 0 1 1 0 8 0 amappl10 144 10 0 7 2 1 1 1 0 8 0 amappl9 136 676 0 671 1 0 1 1 0 8 0 amappl8 128 246 0 214 3 1 2 2 0 8 0 amappl7 120 93 0 81 1 0 1 1 0 8 0 amappl6 112 54 0 47 1 0 1 1 0 8 0 amappl5 104 147 0 139 1 0 1 1 0 8 0 amappl4 96 658 0 635 1 0 1 1 0 8 0 amappl3 88 137 0 130 1 0 1 1 0 8 0 amappl2 80 2802 0 2737 3 1 2 3 0 8 0 amappl1 72 17530 0 17146 26 16 10 20 0 8 0 amappl 80 1037 0 993 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 31 0 3 1 0 1 1 0 8 0 uaddrrnd 24 455 0 438 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 455 0 438 1 0 1 1 0 8 0 vmmpekpl 168 7034 0 7011 2 0 2 2 0 8 0 vmmpepl 168 60999 0 58853 135 23 112 129 0 357 14 vmsppl 272 454 0 438 3 1 2 2 0 8 0 pdppl 4096 916 0 881 6 1 5 6 0 8 0 pvpl 32 226743 0 204187 316 1 315 315 0 265 129 pmappl 200 454 0 438 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 166 0 22 5 0 5 5 0 8 0