uvm_fault(0xfffffd8060564ab0, 0x637703fd06, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd8060564ab0, 0x637703fd06, 0, 1) -> e pool_do_put(ffffffff825768b8,fffffd805e52e200) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff80001d426680, count: 0 ddb> trace pool_do_put(ffffffff825768b8,fffffd805e52e200) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff825768b8,fffffd805e52e200) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd805e52e200) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a67400,800100,ffff800000a67440,0) at rt_ifa_del+0x402 sys/net/route.c:1196 in6_unlink_ifa(ffff800000a67400,ffff8000009f1800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff8000009f1800,ffff80001d426be0,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001d426be0,ffff8000009f1800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd8052786e30,8080691a,ffff80001d426be0,ffff80001d35e608) at ifioctl+0xe60 sys/net/if.c:2290 sys_ioctl(ffff80001d35e608,ffff80001d426cf8,ffff80001d426d40) at sys_ioctl+0x4a1 syscall(ffff80001d426dc0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x24ac18dc3a0, count: -11 ddb> show registers rdi 0xffffffff817347b5 pool_do_put+0x125 rsi 0x134 rbp 0xffff80001d426630 rbx 0x637703fcfe rdx 0x135 rcx 0xffff80001d42f000 rax 0xffff80001d42f000 r8 0x4 r9 0x5 r10 0x8f13f1d10d087478 r11 0xc90f3271e3b1d791 r12 0xfffffd805e52e200 r13 0x9c317a637703fcfe r14 0xffffffff825768b8 mbpool r15 0xfffffd806c3c49a0 rip 0xffffffff817347be pool_do_put+0x12e cs 0x8 rflags 0x10292 __ALIGN_SIZE+0xf292 rsp 0xffff80001d426580 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) pid=250953 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=69, nice=20 forw=0xffffffffffffffff, list=0xffff80001d35e878,0xffffffff8256a938 process=0xffff8000ffffb190 user=0xffff80001d421000, vmspace=0xfffffd8060564ab0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 57892 342815 91757 0 2 0 syz-executor.0 *57892 250953 91757 0 7 0x4000000 syz-executor.0 11610 418122 85070 0 3 0x80 nanosleep syz-executor.1 11610 499850 85070 0 3 0x4000080 ttyout syz-executor.1 11610 274748 85070 0 3 0x4000080 fsleep syz-executor.1 22850 196245 0 0 3 0x14200 acct acct 74911 468560 0 0 3 0x14200 bored sosplice 85070 497227 93292 0 3 0x82 nanosleep syz-executor.1 91757 456313 93292 0 3 0x82 nanosleep syz-executor.0 93292 381008 38681 0 3 0x82 thrsleep syz-fuzzer 93292 494429 38681 0 3 0x4000082 nanosleep syz-fuzzer 93292 140179 38681 0 3 0x4000082 thrsleep syz-fuzzer 93292 370585 38681 0 3 0x4000082 thrsleep syz-fuzzer 93292 513053 38681 0 3 0x4000082 thrsleep syz-fuzzer 93292 87203 38681 0 3 0x4000082 thrsleep syz-fuzzer 93292 175202 38681 0 3 0x4000082 thrsleep syz-fuzzer 93292 418548 38681 0 3 0x4000082 kqread syz-fuzzer 38681 205940 32445 0 3 0x10008a pause ksh 32445 332685 34564 0 3 0x92 select sshd 91343 91560 1 0 3 0x100083 ttyin getty 34564 377387 1 0 3 0x80 select sshd 45749 367075 47313 73 3 0x100090 kqread syslogd 47313 279300 1 0 3 0x100082 netio syslogd 93880 502437 1 77 3 0x100090 poll dhclient 97612 411746 1 0 3 0x80 poll dhclient 96052 227510 0 0 2 0x14200 zerothread 66225 384826 0 0 3 0x14200 aiodoned aiodoned 91976 346928 0 0 3 0x14200 syncer update 24132 216708 0 0 3 0x14200 cleaner cleaner 38108 329914 0 0 3 0x14200 reaper reaper 47501 455049 0 0 3 0x14200 pgdaemon pagedaemon 67216 195537 0 0 3 0x14200 bored crynlk 3158 412277 0 0 3 0x14200 bored crypto 35120 435734 0 0 3 0x40014200 acpi0 acpi0 98616 313469 0 0 3 0x14200 bored softnet 22475 377656 0 0 3 0x14200 bored systqmp 23077 219538 0 0 3 0x14200 bored systq 28064 201903 0 0 3 0x40014200 bored softclock 93260 330595 0 0 3 0x40014200 idle0 55961 427353 0 0 3 0x14200 bored smr 1 273674 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9505 6346K 6857K 78643K 11176 0 pcb 13 8K 8K 78643K 83 0 rtable 112 3K 4K 78643K 233 0 ifaddr 83 16K 16K 78643K 107 0 counters 21 16K 16K 78643K 24 0 ioctlops 0 0K 2K 78643K 41 0 iov 0 0K 12K 78643K 54 0 mount 1 1K 1K 78643K 1 0 vnodes 1219 77K 77K 78643K 1419 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 4 0 VM map 2 0K 0K 78643K 2 0 sem 12 1K 1K 78643K 32 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 6 17K 25K 78643K 269 0 sigio 0 0K 0K 78643K 2 0 proc 49 38K 63K 78643K 386 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 36 0 in_multi 77 3K 3K 78643K 95 0 ether_multi 1 0K 0K 78643K 9 0 mrt 0 0K 0K 78643K 4 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 67 307K 307K 78643K 67 0 exec 0 0K 1K 78643K 215 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 112 38K 38K 78643K 1480 0 UVM aobj 37 2K 2K 78643K 38 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 61 0 NDP 12 0K 0K 78643K 19 0 temp 130 3018K 3082K 78643K 4609 0 kqueue 3 4K 16K 78643K 23 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 80 34 0 32 1 0 1 1 0 8 0 rtentry 112 48 0 2 2 0 2 2 0 8 0 unpcb 120 143 0 135 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 100 0 100 1 1 0 1 0 8 0 tcpcb 544 187 0 183 2 0 2 2 0 8 1 ipq 40 6 0 6 1 0 1 1 0 8 1 ipqe 40 227 0 227 1 0 1 1 0 8 1 inpcb 280 849 0 839 3 0 3 3 0 8 2 rttmr 72 1 0 1 1 1 0 1 0 8 0 nd6 48 7 0 0 1 0 1 1 0 8 0 ppxss 1128 2 0 2 1 0 1 1 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 197 0 0 13 0 13 13 0 8 0 art_table 32 199 0 0 2 0 2 2 0 8 0 art_node 16 47 0 5 1 0 1 1 0 8 0 sysvmsgpl 40 12 0 12 1 0 1 1 0 8 1 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 26 0 16 1 0 1 1 0 8 0 shmpl 112 36 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1788 0 389 46 0 46 46 0 8 0 ffsino 240 1788 0 389 83 0 83 83 0 8 0 nchpl 144 2394 0 785 60 0 60 60 0 8 0 uvmvnodes 72 1972 0 0 36 0 36 36 0 8 0 vnodes 208 1972 0 0 104 0 104 104 0 8 0 namei 1024 6539 0 6539 1 0 1 1 0 8 1 vcpupl 1984 2 0 0 1 0 1 1 0 8 0 vmpool 528 2 0 0 1 0 1 1 0 8 0 scxspl 192 6788 0 6788 1 0 1 1 0 8 1 plimitpl 152 31 0 23 1 0 1 1 0 8 0 sigapl 432 440 0 426 2 0 2 2 0 8 0 futexpl 56 7377 0 7376 1 0 1 1 0 8 0 knotepl 112 82 0 63 1 0 1 1 0 8 0 kqueuepl 144 62 0 60 1 0 1 1 0 8 0 pipelkpl 16 147 0 137 1 0 1 1 0 8 0 pipepl 120 294 0 275 1 0 1 1 0 8 0 fdescpl 432 441 0 426 2 0 2 2 0 8 0 filepl 120 3351 0 3249 4 0 4 4 0 8 0 lockfpl 104 117 0 116 1 0 1 1 0 8 0 lockfspl 48 43 0 42 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 21 0 11 1 0 1 1 0 8 0 ucredpl 96 436 0 429 1 0 1 1 0 8 0 zombiepl 144 426 0 426 1 0 1 1 0 8 1 processpl 896 457 0 426 4 0 4 4 0 8 0 procpl 624 790 0 749 4 0 4 4 0 8 0 sosppl 128 7 0 7 1 0 1 1 0 8 1 sockpl 400 1027 0 1007 5 0 5 5 0 8 2 mcl64k 65536 28 0 28 1 0 1 1 0 8 1 mcl16k 16384 1 0 1 1 0 1 1 0 8 1 mcl12k 12288 5 0 5 1 0 1 1 0 8 1 mcl9k 9216 3 0 3 1 1 0 1 0 8 0 mcl8k 8192 9 0 9 1 0 1 1 0 8 1 mcl4k 4096 34 0 34 2 1 1 1 0 8 1 mcl2k2 2112 3 0 3 1 0 1 1 0 8 1 mcl2k 2048 65037 0 64994 14 7 7 13 0 8 1 mtagpl 80 42 0 2 2 1 1 1 0 8 0 mbufpl 256 106097 0 105934 32 13 19 25 0 8 8 mbufpl: pool(0xffffffff825768b8:mbufpl): free list modified: page 0xfffffd805e52e000; item ordinal 0; addr 0xfffffd805e52e300 (p 0xfffffd806c3c4000); offset 0x0=0x0 mbufpl: pool(0xffffffff825768b8:mbufpl): page inconsistency: page 0xfffffd805e52e000; item ordinal 1; addr 0x637703fcfe bufpl 280 4358 0 164 300 0 300 300 0 8 0 anonpl 16 51536 0 35024 70 2 68 68 0 107 1 amapchunkpl 152 1883 0 1742 8 2 6 8 0 158 0 amappl16 192 2001 0 1099 46 0 46 46 0 8 0 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 137 0 133 2 1 1 1 0 8 0 amappl13 168 24 0 23 1 0 1 1 0 8 0 amappl12 160 18 0 16 1 0 1 1 0 8 0 amappl11 152 165 0 150 1 0 1 1 0 8 0 amappl10 144 18 0 12 1 0 1 1 0 8 0 amappl9 136 389 0 385 1 0 1 1 0 8 0 amappl8 128 280 0 254 1 0 1 1 0 8 0 amappl7 120 106 0 95 1 0 1 1 0 8 0 amappl6 112 125 0 121 1 0 1 1 0 8 0 amappl5 104 371 0 359 1 0 1 1 0 8 0 amappl4 96 439 0 409 1 0 1 1 0 8 0 amappl3 88 244 0 238 1 0 1 1 0 8 0 amappl2 80 2697 0 2624 3 1 2 3 0 8 0 amappl1 72 17464 0 17035 27 18 9 20 0 8 0 amappl 80 1012 0 966 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 37 0 1 1 0 1 1 0 8 0 uaddrrnd 24 443 0 426 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 443 0 426 1 0 1 1 0 8 0 vmmpekpl 168 7076 0 7046 2 0 2 2 0 8 0 vmmpepl 168 58852 0 56769 119 19 100 112 0 357 8 vmsppl 272 442 0 426 3 1 2 2 0 8 0 pdppl 4096 892 0 854 6 1 5 6 0 8 0 pvpl 32 169971 0 150411 162 0 162 162 0 265 4 pmappl 200 442 0 426 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 175 0 25 5 0 5 5 0 8 0