uvm_fault(0xffffffff827e4070, 0xfffffda0ff23644d, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff827e4070, 0xfffffda0ff23644d, 0, 1) -> e pool_do_put(ffffffff82842350,fffffd805c6a3000) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff8000209ccc40, count: 0 ddb> trace pool_do_put(ffffffff82842350,fffffd805c6a3000) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff82842350,fffffd805c6a3000) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd805c6a3000) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000ad6700,800100,ffff800000ad6740,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000ad6700,ffff800000ac4800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ac4800,ffff8000209cd1a0,0) at in6_update_ifa+0x13e7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff8000209cd1a0,ffff800000ac4800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd806b6d4960,8080691a,ffff8000209cd1a0,ffff80001d6a9278) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d6a9278,ffff8000209cd2b8,ffff8000209cd300) at sys_ioctl+0x4a1 syscall(ffff8000209cd380) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4a6882e1ad0, count: -11 ddb> show registers rdi 0xffffffff81b1a2b5 pool_do_put+0x125 rsi 0x151 rbp 0xffff8000209ccbf0 rbx 0xfffffda0ff236445 rdx 0x152 rcx 0xffff80001f9a4000 rax 0xffff80001f9a4000 r8 0x4 r9 0x5 r10 0x8b08c483c5d5243d r11 0x16b61611c8b8ca95 r12 0xfffffd805c6a3000 r13 0x957935a0ff236445 r14 0xffffffff82842350 mbpool r15 0xfffffd80615e6958 rip 0xffffffff81b1a2be pool_do_put+0x12e cs 0x8 rflags 0x10297 __ALIGN_SIZE+0xf297 rsp 0xffff8000209ccb40 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.1) pid=34483 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6a94e8,0xffffffff828369a0 process=0xffff80001d6c5230 user=0xffff8000209c8000, vmspace=0xfffffd806bc0a220 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 93769 166803 59507 0 2 0 syz-executor.1 *93769 34483 59507 0 7 0x4000000 syz-executor.1 67421 148175 64795 0 2 0 syz-executor.0 67421 392642 64795 0 3 0x4000080 fsleep syz-executor.0 67421 475612 64795 0 3 0x4000080 fsleep syz-executor.0 67421 292272 64795 0 3 0x4000000 getblk syz-executor.0 59507 198366 24613 0 3 0x82 nanosleep syz-executor.1 64795 509481 24613 0 3 0x82 nanosleep syz-executor.0 24613 358405 37151 0 3 0x82 thrsleep syz-fuzzer 24613 367356 37151 0 3 0x4000082 nanosleep syz-fuzzer 24613 105017 37151 0 3 0x4000082 kqread syz-fuzzer 24613 465657 37151 0 3 0x4000082 thrsleep syz-fuzzer 24613 371237 37151 0 3 0x4000082 thrsleep syz-fuzzer 24613 216667 37151 0 3 0x4000082 thrsleep syz-fuzzer 24613 184759 37151 0 3 0x4000082 thrsleep syz-fuzzer 37151 76659 14374 0 3 0x10008a pause ksh 14374 222552 37658 0 3 0x92 select sshd 57468 99452 1 0 3 0x100083 ttyin getty 37658 501615 1 0 3 0x80 select sshd 20503 83525 75546 73 3 0x100090 kqread syslogd 75546 360254 1 0 3 0x100082 netio syslogd 38686 421319 1 77 3 0x100090 poll dhclient 66759 379430 1 0 3 0x80 poll dhclient 63763 156468 0 0 3 0x14200 bored smr 266 157494 0 0 2 0x14200 zerothread 33009 143786 0 0 3 0x14200 aiodoned aiodoned 14907 210035 0 0 3 0x14200 syncer update 69430 323817 0 0 3 0x14200 cleaner cleaner 3459 504980 0 0 3 0x14200 reaper reaper 19671 125797 0 0 3 0x14200 pgdaemon pagedaemon 7714 360943 0 0 3 0x14200 bored crynlk 8483 469742 0 0 3 0x14200 bored crypto 85906 136687 0 0 3 0x40014200 acpi0 acpi0 72418 170952 0 0 3 0x14200 bored softnet 67452 3007 0 0 3 0x14200 bored systqmp 80271 142702 0 0 3 0x14200 bored systq 17030 374471 0 0 3 0x40014200 bored softclock 60761 325037 0 0 3 0x40014200 idle0 1 173612 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9484 6524K 6849K 78643K 10794 0 pcb 13 8K 8K 78643K 35 0 rtable 109 3K 3K 78643K 203 0 ifaddr 50 11K 11K 78643K 55 0 counters 21 16K 16K 78643K 21 0 ioctlops 0 0K 4K 78643K 21 0 iov 0 0K 4K 78643K 2 0 mount 1 1K 1K 78643K 1 0 vnodes 1225 77K 77K 78643K 1281 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 10 0K 0K 78643K 10 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 6 17K 25K 78643K 93 0 proc 47 38K 54K 78643K 366 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1 0 in_multi 37 2K 2K 78643K 43 0 ether_multi 1 0K 0K 78643K 2 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 1K 78643K 183 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 130 23K 23K 78643K 1079 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 12 0 NDP 8 0K 0K 78643K 13 0 temp 73 3848K 3912K 78643K 1950 0 kqueue 3 4K 10K 78643K 11 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 80 23 0 21 1 0 1 1 0 8 0 rtentry 112 49 0 3 2 0 2 2 0 8 0 unpcb 120 41 0 33 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 52 0 52 1 1 0 1 0 8 0 tcpcb 544 56 0 52 1 0 1 1 0 8 0 inpcb 296 136 0 127 2 0 2 2 0 8 1 nd6 48 8 0 1 1 0 1 1 0 8 0 pfrule 1360 2 0 2 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 188 0 0 12 0 12 12 0 8 0 art_table 32 189 0 0 2 0 2 2 0 8 0 art_node 16 48 0 7 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 4 1 0 1 1 0 8 1 semapl 112 8 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1499 0 99 88 0 88 88 0 8 0 ffsino 240 1499 0 99 83 0 83 83 0 8 0 nchpl 144 1800 0 195 60 0 60 60 0 8 0 uvmvnodes 72 1592 0 0 29 0 29 29 0 8 0 vnodes 208 1592 0 0 84 0 84 84 0 8 0 namei 1024 4556 0 4556 1 0 1 1 0 8 1 scxspl 192 5295 0 5294 1 0 1 1 0 8 0 plimitpl 152 18 0 11 1 0 1 1 0 8 0 sigapl 424 279 0 250 4 0 4 4 0 8 0 futexpl 56 1371 0 1369 1 0 1 1 0 8 0 knotepl 112 74 0 55 1 0 1 1 0 8 0 kqueuepl 144 32 0 29 1 0 1 1 0 8 0 pipepl 272 82 0 72 1 0 1 1 0 8 0 fdescpl 432 265 0 250 2 0 2 2 0 8 0 filepl 120 1459 0 1353 4 0 4 4 0 8 0 lockfpl 104 37 0 36 1 0 1 1 0 8 0 lockfspl 48 8 0 7 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 126 0 119 1 0 1 1 0 8 0 zombiepl 144 250 0 250 1 0 1 1 0 8 1 processpl 928 279 0 250 4 0 4 4 0 8 0 procpl 624 380 0 341 4 0 4 4 0 8 1 sockpl 400 200 0 181 3 0 3 3 0 8 1 mcl64k 65536 3 0 3 1 0 1 1 0 8 1 mcl16k 16384 1 0 1 1 0 1 1 0 8 1 mcl12k 12288 1 0 1 1 1 0 1 0 8 0 mcl9k 9216 1 0 1 1 1 0 1 0 8 0 mcl8k 8192 3 0 3 1 0 1 1 0 8 1 mcl4k 4096 14 0 14 2 1 1 1 0 8 1 mcl2k 2048 78026 0 77983 15 4 11 13 0 8 5 mtagpl 96 34 0 2 2 1 1 1 0 8 0 mbufpl 256 123843 0 123673 14 1 13 13 0 8 0 mbufpl: pool(0xffffffff82842350:mbufpl): free list modified: page 0xfffffd805c6a3000; item ordinal 5; addr 0xfffffd805c6a3100 (p 0xfffffd80615e6000); offset 0x0=0x0 mbufpl: pool(0xffffffff82842350:mbufpl): page inconsistency: page 0xfffffd805c6a3000; item ordinal 6; addr 0xfffffda0ff236445 bufpl 280 3497 0 124 241 0 241 241 0 8 0 anonpl 16 40941 0 24516 68 2 66 66 0 107 0 amapchunkpl 152 1241 0 1086 9 1 8 9 0 158 2 amappl16 192 1229 0 325 46 0 46 46 0 8 0 amappl15 184 2 0 1 1 0 1 1 0 8 0 amappl14 176 49 0 43 1 0 1 1 0 8 0 amappl13 168 27 0 23 1 0 1 1 0 8 0 amappl12 160 10 0 9 1 0 1 1 0 8 0 amappl11 152 73 0 62 1 0 1 1 0 8 0 amappl10 144 11 0 8 1 0 1 1 0 8 0 amappl9 136 410 0 407 1 0 1 1 0 8 0 amappl8 128 311 0 273 2 0 2 2 0 8 0 amappl7 120 106 0 94 1 0 1 1 0 8 0 amappl6 112 52 0 44 1 0 1 1 0 8 0 amappl5 104 181 0 169 1 0 1 1 0 8 0 amappl4 96 447 0 416 1 0 1 1 0 8 0 amappl3 88 103 0 98 1 0 1 1 0 8 0 amappl2 80 1274 0 1200 2 0 2 2 0 8 0 amappl1 72 14580 0 14134 23 11 12 17 0 8 3 amappl 80 604 0 557 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 265 0 250 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 265 0 250 1 0 1 1 0 8 0 vmmpekpl 168 5898 0 5867 2 0 2 2 0 8 0 vmmpepl 168 39717 0 37594 119 7 112 113 0 357 19 vmsppl 272 264 0 250 2 1 1 2 0 8 0 pdppl 4096 536 0 500 6 1 5 6 0 8 0 pvpl 32 138149 0 118441 159 0 159 159 0 265 0 pmappl 200 264 0 250 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 242 0 10 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff82842350,fffffd805c6a3000) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff82842350,fffffd805c6a3000) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd805c6a3000) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000ad6700,800100,ffff800000ad6740,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000ad6700,ffff800000ac4800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ac4800,ffff8000209cd1a0,0) at in6_update_ifa+0x13e7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff8000209cd1a0,ffff800000ac4800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd806b6d4960,8080691a,ffff8000209cd1a0,ffff80001d6a9278) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d6a9278,ffff8000209cd2b8,ffff8000209cd300) at sys_ioctl+0x4a1 syscall(ffff8000209cd380) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4a6882e1ad0, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff82842350,fffffd805c6a3000) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff82842350,fffffd805c6a3000) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd805c6a3000) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000ad6700,800100,ffff800000ad6740,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000ad6700,ffff800000ac4800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ac4800,ffff8000209cd1a0,0) at in6_update_ifa+0x13e7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff8000209cd1a0,ffff800000ac4800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd806b6d4960,8080691a,ffff8000209cd1a0,ffff80001d6a9278) at ifioctl+0xe60 sys/net/if.c:2282 sys_ioctl(ffff80001d6a9278,ffff8000209cd2b8,ffff8000209cd300) at sys_ioctl+0x4a1 syscall(ffff8000209cd380) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4a6882e1ad0, count: -11