uvm_fault(0xffffffff82510fa0, 0xfffffd618afbb20a, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff82510fa0, 0xfffffd618afbb20a, 0, 1) -> e pool_do_put(ffffffff82571728,fffffd80527c0800) at pool_do_put+0x12e sys/kern/subr_pool.c:844 end trace frame: 0xffff80001d420850, count: 0 ddb> trace pool_do_put(ffffffff82571728,fffffd80527c0800) at pool_do_put+0x12e sys/kern/subr_pool.c:844 pool_put(ffffffff82571728,fffffd80527c0800) at pool_put+0x4b sys/kern/subr_pool.c:802 m_free(fffffd80527c0800) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff8000009c5300,800100,ffff8000009c5340,0) at rt_ifa_del+0x436 sys/net/route.c:1201 in_ioctl_set_ifaddr(8020690c,ffff80001d420be0,ffff800000a0f000,1) at in_ioctl_set_ifaddr+0x1f2 in_remove_prefix sys/netinet/in.c:812 [inline] in_ioctl_set_ifaddr(8020690c,ffff80001d420be0,ffff800000a0f000,1) at in_ioctl_set_ifaddr+0x1f2 in_ifscrub sys/netinet/in.c:636 [inline] in_ioctl_set_ifaddr(8020690c,ffff80001d420be0,ffff800000a0f000,1) at in_ioctl_set_ifaddr+0x1f2 sys/netinet/in.c:398 in_ioctl(8020690c,ffff80001d420be0,ffff800000a0f000,1) at in_ioctl+0x2d8 sys/netinet/in.c:243 ifioctl(fffffd805e4e5a80,8020690c,ffff80001d420be0,ffff80001d40f160) at ifioctl+0xe60 sys/net/if.c:2291 sys_ioctl(ffff80001d40f160,ffff80001d420cf8,ffff80001d420d40) at sys_ioctl+0x5b9 syscall(ffff80001d420dc0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc0b881b790, count: -10 ddb> show registers rdi 0xffffffff81779605 pool_do_put+0x125 rsi 0xb0 rbp 0xffff80001d420800 rbx 0xfffffd618afbb202 rdx 0xb1 rcx 0xffff80002063d000 rax 0xffff80002063d000 r8 0x4 r9 0x1 r10 0xccfb7188fbb4dfed r11 0xd02d22c275ef12c5 r12 0xfffffd80527c0800 r13 0xd4f910618afbb202 r14 0xffffffff82571728 mbpool r15 0xfffffd80515078e0 rip 0xffffffff8177960e pool_do_put+0x12e cs 0x8 rflags 0x10212 __ALIGN_SIZE+0xf212 rsp 0xffff80001d420750 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) pid=66930 stat=onproc flags process=0 proc=4000000 pri=70, usrpri=70, nice=20 forw=0xffffffffffffffff, list=0xffff80001d40fb40,0xffffffff82557028 process=0xffff8000ffff7b50 user=0xffff80001d41b000, vmspace=0xfffffd8050f98450 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 74250 129367 65329 0 2 0 syz-executor.0 *74250 66930 65329 0 7 0x4000000 syz-executor.0 65329 345931 97596 0 3 0x82 nanosleep syz-executor.0 60086 79733 0 0 3 0x14200 bored sosplice 30670 245755 97596 0 2 0x2 syz-executor.1 97596 75500 26208 0 3 0x82 thrsleep syz-fuzzer 97596 508073 26208 0 3 0x4000082 thrsleep syz-fuzzer 97596 443620 26208 0 3 0x4000082 thrsleep syz-fuzzer 97596 252308 26208 0 3 0x4000082 thrsleep syz-fuzzer 97596 170352 26208 0 3 0x4000082 thrsleep syz-fuzzer 97596 277687 26208 0 3 0x4000082 thrsleep syz-fuzzer 97596 170119 26208 0 3 0x4000082 thrsleep syz-fuzzer 97596 404394 26208 0 3 0x4000082 kqread syz-fuzzer 26208 358499 32127 0 3 0x10008a pause ksh 32127 511832 2958 0 3 0x92 select sshd 56749 119747 1 0 3 0x100083 ttyin getty 2958 183446 1 0 3 0x80 select sshd 58583 324988 78221 73 3 0x100090 kqread syslogd 78221 453264 1 0 3 0x100082 netio syslogd 44449 11536 1 77 3 0x100090 poll dhclient 93470 32285 1 0 3 0x80 poll dhclient 4789 331846 0 0 2 0x14200 zerothread 72925 517576 0 0 3 0x14200 aiodoned aiodoned 49227 204188 0 0 3 0x14200 syncer update 66760 287597 0 0 3 0x14200 cleaner cleaner 55679 37743 0 0 3 0x14200 reaper reaper 655 274764 0 0 3 0x14200 pgdaemon pagedaemon 8362 135180 0 0 3 0x14200 bored crynlk 63267 392476 0 0 3 0x14200 bored crypto 5207 385569 0 0 3 0x40014200 acpi0 acpi0 61996 113791 0 0 3 0x14200 bored softnet 35454 382016 0 0 3 0x14200 bored systqmp 93794 456542 0 0 3 0x14200 bored systq 96378 506739 0 0 3 0x40014200 bored softclock 343 352056 0 0 3 0x40014200 idle0 53261 364182 0 0 3 0x14200 bored smr 1 391139 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9504 6346K 7248K 78643K 11283 0 pcb 13 8K 8K 78643K 102 0 rtable 107 4K 4K 78643K 357 0 ifaddr 77 14K 15K 78643K 132 0 counters 19 16K 16K 78643K 19 0 ioctlops 0 0K 2K 78643K 32 0 iov 0 0K 16K 78643K 70 0 mount 1 1K 1K 78643K 1 0 vnodes 1224 77K 77K 78643K 1447 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 5 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 174 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 5 13K 25K 78643K 376 0 sigio 0 0K 0K 78643K 30 0 proc 48 38K 63K 78643K 427 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 30 0 in_multi 64 3K 3K 78643K 106 0 ether_multi 1 0K 0K 78643K 2 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 42 185K 185K 78643K 42 0 exec 0 0K 1K 78643K 234 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 129 87K 88K 78643K 1815 0 UVM aobj 12 2K 2K 78643K 13 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 186 0 NDP 13 0K 0K 78643K 30 0 temp 138 3031K 3107K 78643K 14153 0 kqueue 0 0K 0K 78643K 2 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 9 0 3 1 0 1 1 0 8 0 rtpcb 80 53 0 51 1 0 1 1 0 8 0 rtentry 112 78 0 36 2 0 2 2 0 8 0 unpcb 120 183 0 175 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 sackhl 24 1 0 1 1 0 1 1 0 8 1 tcpqe 32 57 0 57 1 1 0 1 0 8 0 tcpcb 544 285 0 281 3 2 1 2 0 8 0 ipq 40 2 0 2 1 1 0 1 0 8 0 ipqe 40 6 0 6 1 1 0 1 0 8 0 inpcb 280 1020 0 1011 4 2 2 3 0 8 1 nd6 48 11 0 8 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 ppxss 1128 4 0 4 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 439 0 234 16 3 13 16 0 8 0 art_table 32 440 0 234 3 0 3 3 0 8 0 art_node 16 77 0 38 1 0 1 1 0 8 0 sysvmsgpl 40 41 0 19 1 0 1 1 0 8 0 semapl 112 172 0 162 1 0 1 1 0 8 0 shmpl 112 11 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1892 0 493 46 0 46 46 0 8 0 ffsino 240 1892 0 493 83 0 83 83 0 8 0 nchpl 144 2650 0 1050 60 0 60 60 0 8 0 uvmvnodes 72 2111 0 0 39 0 39 39 0 8 0 vnodes 208 2111 0 0 112 0 112 112 0 8 0 namei 1024 7148 0 7148 1 0 1 1 0 8 1 vcpupl 1984 10 0 0 2 0 2 2 0 8 0 vmpool 528 10 0 0 1 0 1 1 0 8 0 scxspl 192 7970 0 7970 1 0 1 1 0 8 1 plimitpl 152 27 0 20 1 0 1 1 0 8 0 sigapl 432 544 0 531 2 0 2 2 0 8 0 futexpl 56 10261 0 10261 1 0 1 1 0 8 1 knotepl 112 107 0 88 1 0 1 1 0 8 0 kqueuepl 104 170 0 168 1 0 1 1 0 8 0 pipepl 128 326 0 307 3 2 1 2 0 8 0 fdescpl 424 545 0 531 2 0 2 2 0 8 0 filepl 120 4097 0 4000 6 1 5 5 0 8 2 lockfpl 104 147 0 146 1 0 1 1 0 8 0 lockfspl 48 47 0 46 1 0 1 1 0 8 0 sessionpl 112 18 0 8 1 0 1 1 0 8 0 pgrppl 48 24 0 14 1 0 1 1 0 8 0 ucredpl 96 328 0 321 1 0 1 1 0 8 0 zombiepl 144 531 0 531 1 0 1 1 0 8 1 processpl 872 560 0 531 4 0 4 4 0 8 0 procpl 632 1025 0 988 5 1 4 5 0 8 0 sosppl 128 9 0 9 3 2 1 1 0 8 1 sockpl 384 1263 0 1244 8 4 4 7 0 8 2 mcl64k 65536 17 0 17 1 1 0 1 0 8 0 mcl16k 16384 5 0 5 2 1 1 1 0 8 1 mcl12k 12288 8 0 8 2 1 1 1 0 8 1 mcl9k 9216 3 0 3 2 2 0 1 0 8 0 mcl8k 8192 24 0 24 1 0 1 1 0 8 1 mcl4k 4096 46 0 46 2 1 1 1 0 8 1 mcl2k2 2112 4 0 4 2 2 0 1 0 8 0 mcl2k 2048 70017 0 69972 16 9 7 13 0 8 0 mtagpl 80 24 0 9 2 1 1 1 0 8 0 mbufpl 256 113986 0 113841 16 5 11 11 0 8 0 mbufpl: pool(0xffffffff82571728:mbufpl): free list modified: page 0xfffffd80527c0000; item ordinal 2; addr 0xfffffd80527c0900 (p 0xfffffd8051507000); offset 0x0=0x0 mbufpl: pool(0xffffffff82571728:mbufpl): page inconsistency: page 0xfffffd80527c0000; item ordinal 3; addr 0xfffffd618afbb202 bufpl 280 7777 0 1593 442 0 442 442 0 8 0 anonpl 16 83322 0 64347 96 8 88 94 0 107 9 amapchunkpl 152 2838 0 2686 10 3 7 10 0 158 0 amappl16 192 3415 0 2344 65 6 59 65 0 8 5 amappl15 184 225 0 220 1 0 1 1 0 8 0 amappl14 176 86 0 82 1 0 1 1 0 8 0 amappl13 168 3 0 1 1 0 1 1 0 8 0 amappl12 160 8 0 8 2 2 0 1 0 8 0 amappl11 152 151 0 140 1 0 1 1 0 8 0 amappl10 144 13 0 11 1 0 1 1 0 8 0 amappl9 136 567 0 564 1 0 1 1 0 8 0 amappl8 128 139 0 108 1 0 1 1 0 8 0 amappl7 120 105 0 93 1 0 1 1 0 8 0 amappl6 112 155 0 149 1 0 1 1 0 8 0 amappl5 104 161 0 151 1 0 1 1 0 8 0 amappl4 96 767 0 734 1 0 1 1 0 8 0 amappl3 88 183 0 175 1 0 1 1 0 8 0 amappl2 80 3684 0 3615 3 1 2 3 0 8 0 amappl1 72 19703 0 19282 26 16 10 20 0 8 0 amappl 80 1293 0 1244 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 12 0 1 1 0 1 1 0 8 0 uaddrrnd 24 555 0 531 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 555 0 531 1 0 1 1 0 8 0 vmmpekpl 168 7543 0 7513 2 0 2 2 0 8 0 vmmpepl 168 74912 0 72684 161 24 137 138 0 357 35 vmsppl 272 554 0 531 3 1 2 2 0 8 0 pdppl 4096 1116 0 1072 7 1 6 6 0 8 0 pvpl 32 228857 0 207354 213 6 207 213 0 265 29 pmappl 200 554 0 531 2 0 2 2 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 157 0 26 5 0 5 5 0 8 0