uvm_fault(0xffffffff8278f900, 0xfffffdd8e2067b3e, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff8278f900, 0xfffffdd8e2067b3e, 0, 1) -> e pool_do_put(ffffffff827f6228,fffffd80580a9d00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff80001f9a95b0, count: 0 ddb> trace pool_do_put(ffffffff827f6228,fffffd80580a9d00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff827f6228,fffffd80580a9d00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd80580a9d00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000ae2d00,800100,ffff800000ae2d40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000ae2d00,ffff800000ac6000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ac6000,ffff80001f9a9b10,0) at in6_update_ifa+0x13e7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001f9a9b10,ffff800000ac6000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd806334eaf0,8080691a,ffff80001f9a9b10,ffff80001d6aa5f8) at ifioctl+0xe60 sys/net/if.c:2285 sys_ioctl(ffff80001d6aa5f8,ffff80001f9a9c28,ffff80001f9a9c70) at sys_ioctl+0x4a1 syscall(ffff80001f9a9cf0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1c40751e3c0, count: -11 ddb> show registers rdi 0xffffffff81ca3e85 pool_do_put+0x125 rsi 0x14b rbp 0xffff80001f9a9560 rbx 0xfffffdd8e2067b36 rdx 0x14c rcx 0xffff80001e78c000 rax 0xffff80001e78c000 r8 0x4 r9 0x5 r10 0x6b996fc1fedcedfc r11 0xbd52d8241489e5a1 r12 0xfffffd80580a9d00 r13 0x61f67fd8e2067b36 r14 0xffffffff827f6228 mbpool r15 0xfffffd805c348420 rip 0xffffffff81ca3e8e pool_do_put+0x12e cs 0x8 rflags 0x10297 __ALIGN_SIZE+0xf297 rsp 0xffff80001f9a94b0 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.1) pid=7660 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=79, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6a94e8,0xffffffff827ea6f8 process=0xffff80001d6c4010 user=0xffff80001f9a4000, vmspace=0xfffffd8058682990 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 30971 367044 40973 0 2 0 syz-executor.1 *30971 7660 40973 0 7 0x4000000 syz-executor.1 54006 468901 0 0 3 0x14200 bored sosplice 40973 361113 46740 0 3 0x82 nanosleep syz-executor.1 11661 20819 46740 0 3 0x82 piperd syz-executor.0 46740 153018 87991 0 2 0x2 syz-fuzzer 46740 504221 87991 0 3 0x4000082 nanosleep syz-fuzzer 46740 254968 87991 0 3 0x4000082 thrsleep syz-fuzzer 46740 39241 87991 0 3 0x4000082 thrsleep syz-fuzzer 46740 351535 87991 0 3 0x4000082 thrsleep syz-fuzzer 46740 511671 87991 0 3 0x4000082 thrsleep syz-fuzzer 46740 342353 87991 0 3 0x4000082 thrsleep syz-fuzzer 87991 470927 43724 0 3 0x10008a pause ksh 43724 98475 61043 0 3 0x92 select sshd 61347 24678 1 0 3 0x100083 ttyin getty 61043 274626 1 0 3 0x80 select sshd 23467 127240 83488 73 3 0x100090 kqread syslogd 83488 295727 1 0 3 0x100082 netio syslogd 9437 69011 1 77 3 0x100090 poll dhclient 74834 423248 1 0 3 0x80 poll dhclient 68805 297310 0 0 3 0x14200 bored smr 34661 44758 0 0 2 0x14200 zerothread 44471 183830 0 0 3 0x14200 aiodoned aiodoned 45069 202068 0 0 3 0x14200 syncer update 46817 145440 0 0 3 0x14200 cleaner cleaner 37497 167611 0 0 3 0x14200 reaper reaper 86680 20727 0 0 3 0x14200 pgdaemon pagedaemon 77517 367064 0 0 3 0x14200 bored crynlk 86529 70980 0 0 3 0x14200 bored crypto 64789 474171 0 0 3 0x40014200 acpi0 acpi0 55423 380855 0 0 3 0x14200 bored softnet 43682 476367 0 0 3 0x14200 bored systqmp 48822 302739 0 0 3 0x14200 bored systq 98802 105526 0 0 3 0x40014200 bored softclock 42811 441685 0 0 3 0x40014200 idle0 1 421218 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9482 6335K 6723K 78643K 10846 0 pcb 14 8K 8K 78643K 62 0 rtable 108 5K 8K 78643K 304 0 ifaddr 60 12K 12K 78643K 81 0 counters 21 16K 16K 78643K 21 0 ioctlops 0 0K 4K 78643K 40 0 iov 0 0K 12K 78643K 18 0 mount 1 1K 1K 78643K 1 0 vnodes 1223 77K 77K 78643K 1317 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 5 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 1K 78643K 62 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 203 0 sigio 0 0K 0K 78643K 4 0 proc 49 38K 63K 78643K 375 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 17 0 in_multi 36 2K 2K 78643K 79 0 ether_multi 1 0K 0K 78643K 7 0 mrt 0 0K 0K 78643K 3 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 191 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 129 39K 39K 78643K 1330 0 UVM aobj 15 4K 4K 78643K 19 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 28 0 NDP 9 0K 0K 78643K 17 0 temp 89 3854K 3918K 78643K 2281 0 kqueue 3 4K 8K 78643K 5 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 80 19 0 17 1 0 1 1 0 8 0 rtentry 112 62 0 21 2 0 2 2 0 8 0 unpcb 120 99 0 91 1 0 1 1 0 8 0 syncache 264 12 0 12 4 4 0 1 0 8 0 tcpqe 32 62 0 62 1 1 0 1 0 8 0 tcpcb 544 96 0 92 1 0 1 1 0 8 0 inpcb 296 408 0 400 7 5 2 2 0 8 1 rttmr 72 1 0 1 1 1 0 1 0 8 0 ip6q 72 1 0 1 1 1 0 1 0 8 0 ip6af 40 2 0 2 1 1 0 1 0 8 0 nd6 48 14 0 10 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 pfrktable 1344 32 0 28 2 1 1 1 0 8 0 pftag 88 2 0 2 1 1 0 1 0 8 0 pfrule 1360 8 0 4 2 1 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 268 0 96 13 0 13 13 0 8 0 art_table 32 269 0 96 2 0 2 2 0 8 0 art_node 16 60 0 22 1 0 1 1 0 8 0 sysvmsgpl 40 20 0 12 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 50 0 40 1 0 1 1 0 8 0 shmpl 112 16 0 4 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1651 0 252 88 0 88 88 0 8 0 ffsino 240 1651 0 252 83 0 83 83 0 8 0 nchpl 144 2096 0 494 60 0 60 60 0 8 0 uvmvnodes 72 1748 0 0 32 0 32 32 0 8 0 vnodes 208 1748 0 0 92 0 92 92 0 8 0 namei 1024 5820 0 5820 3 2 1 1 0 8 1 vcpupl 1984 2 0 0 1 0 1 1 0 8 0 vmpool 528 2 0 0 1 0 1 1 0 8 0 pfiaddrpl 120 12 0 8 2 1 1 1 0 8 0 scxspl 192 5998 0 5998 2 1 1 1 0 8 1 plimitpl 152 35 0 28 1 0 1 1 0 8 0 sigapl 424 390 0 361 4 0 4 4 0 8 0 futexpl 56 4039 0 4039 3 2 1 1 0 8 1 knotepl 112 63 0 44 1 0 1 1 0 8 0 kqueuepl 144 126 0 124 1 0 1 1 0 8 0 pipepl 272 88 0 78 1 0 1 1 0 8 0 fdescpl 432 375 0 361 2 0 2 2 0 8 0 filepl 120 2537 0 2441 4 0 4 4 0 8 1 lockfpl 104 40 0 39 1 0 1 1 0 8 0 lockfspl 48 17 0 16 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 19 0 9 1 0 1 1 0 8 0 ucredpl 96 619 0 612 1 0 1 1 0 8 0 zombiepl 144 361 0 361 1 0 1 1 0 8 1 processpl 928 390 0 361 4 0 4 4 0 8 0 procpl 624 614 0 578 4 1 3 4 0 8 0 sosppl 128 2 0 2 1 1 0 1 0 8 0 sockpl 400 545 0 527 4 1 3 3 0 8 1 mcl64k 65536 8 0 8 4 4 0 1 0 8 0 mcl12k 12288 9 0 9 6 5 1 1 0 8 1 mcl9k 9216 3 0 3 3 3 0 1 0 8 0 mcl8k 8192 11 0 11 7 6 1 1 0 8 1 mcl4k 4096 32 0 32 6 6 0 1 0 8 0 mcl2k 2048 92218 0 92171 16 9 7 13 0 8 0 mtagpl 96 40 0 5 2 1 1 1 0 8 0 mbufpl 256 146636 0 146422 19 5 14 14 0 8 0 mbufpl: pool(0xffffffff827f6228:mbufpl): free list modified: page 0xfffffd80580a9000; item ordinal 1; addr 0xfffffd80580a9e00 (p 0xfffffd805c348000); offset 0x0=0x0 mbufpl: pool(0xffffffff827f6228:mbufpl): page inconsistency: page 0xfffffd80580a9000; item ordinal 2; addr 0xfffffdd8e2067b36 bufpl 280 3533 0 126 244 0 244 244 0 8 0 anonpl 16 52168 0 35583 75 2 73 73 0 107 0 amapchunkpl 152 1658 0 1524 8 2 6 8 0 158 0 amappl16 192 1814 0 810 52 1 51 51 0 8 0 amappl15 184 10 0 8 1 0 1 1 0 8 0 amappl14 176 27 0 21 1 0 1 1 0 8 0 amappl13 168 178 0 173 1 0 1 1 0 8 0 amappl12 160 8 0 5 2 1 1 1 0 8 0 amappl11 152 48 0 38 1 0 1 1 0 8 0 amappl10 144 20 0 14 1 0 1 1 0 8 0 amappl9 136 396 0 393 1 0 1 1 0 8 0 amappl8 128 338 0 296 2 0 2 2 0 8 0 amappl7 120 104 0 93 1 0 1 1 0 8 0 amappl6 112 28 0 20 1 0 1 1 0 8 0 amappl5 104 306 0 293 1 0 1 1 0 8 0 amappl4 96 568 0 541 1 0 1 1 0 8 0 amappl3 88 109 0 104 1 0 1 1 0 8 0 amappl2 80 2190 0 2120 2 0 2 2 0 8 0 amappl1 72 17382 0 16970 23 14 9 17 0 8 0 amappl 80 854 0 812 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 18 0 4 1 0 1 1 0 8 0 uaddrrnd 24 377 0 361 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 377 0 361 1 0 1 1 0 8 0 vmmpekpl 168 6465 0 6438 2 0 2 2 0 8 0 vmmpepl 168 52796 0 50689 132 39 93 119 0 357 1 vmsppl 272 376 0 361 4 2 2 2 0 8 0 pdppl 4096 760 0 724 6 1 5 6 0 8 0 pvpl 32 164265 0 144698 177 7 170 173 0 265 0 pmappl 200 376 0 361 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 267 0 40 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff827f6228,fffffd80580a9d00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff827f6228,fffffd80580a9d00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd80580a9d00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000ae2d00,800100,ffff800000ae2d40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000ae2d00,ffff800000ac6000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ac6000,ffff80001f9a9b10,0) at in6_update_ifa+0x13e7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001f9a9b10,ffff800000ac6000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd806334eaf0,8080691a,ffff80001f9a9b10,ffff80001d6aa5f8) at ifioctl+0xe60 sys/net/if.c:2285 sys_ioctl(ffff80001d6aa5f8,ffff80001f9a9c28,ffff80001f9a9c70) at sys_ioctl+0x4a1 syscall(ffff80001f9a9cf0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1c40751e3c0, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff827f6228,fffffd80580a9d00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff827f6228,fffffd80580a9d00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd80580a9d00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000ae2d00,800100,ffff800000ae2d40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000ae2d00,ffff800000ac6000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ac6000,ffff80001f9a9b10,0) at in6_update_ifa+0x13e7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001f9a9b10,ffff800000ac6000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd806334eaf0,8080691a,ffff80001f9a9b10,ffff80001d6aa5f8) at ifioctl+0xe60 sys/net/if.c:2285 sys_ioctl(ffff80001d6aa5f8,ffff80001f9a9c28,ffff80001f9a9c70) at sys_ioctl+0x4a1 syscall(ffff80001f9a9cf0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1c40751e3c0, count: -11