’gÓ˙O ‡–Ÿ’gÓ˙O ‡–Ÿuvm_fault(0xfffffd8053aac230, 0x76aaa821d3, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd8053aac230, 0x76aaa821d3, 0, 1) -> e pool_do_put(ffffffff825da818,fffffd80665cc100) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff80001e8564e0, count: 0 ddb> trace pool_do_put(ffffffff825da818,fffffd80665cc100) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff825da818,fffffd80665cc100) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd80665cc100) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a3db00,800100,ffff800000a3db40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000a3db00,ffff800000a36000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a36000,ffff80001e856a40,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e856a40,ffff800000a36000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd80540397e8,8080691a,ffff80001e856a40,ffff80001d741500) at ifioctl+0xe60 sys/net/if.c:2288 sys_ioctl(ffff80001d741500,ffff80001e856b58,ffff80001e856ba0) at sys_ioctl+0x4a1 syscall(ffff80001e856c20) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3ec1afb6ba0, count: -11 ddb> show registers rdi 0xffffffff82137015 pool_do_put+0x125 rsi 0x143 rbp 0xffff80001e856490 rbx 0x76aaa821cb rdx 0x144 rcx 0xffff80001fa1b000 rax 0xffff80001fa1b000 r8 0x4 r9 0x5 r10 0x3cf3b5bbfc0bf484 r11 0x6df84bfa859c3b0b r12 0xfffffd80665cc100 r13 0x78496476aaa821cb r14 0xffffffff825da818 mbpool r15 0xfffffd806c3c4c40 rip 0xffffffff8213701e pool_do_put+0x12e cs 0x8 rflags 0x10296 __ALIGN_SIZE+0xf296 rsp 0xffff80001e8563e0 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) pid=197749 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff80001d742af0,0xffffffff825b67d0 process=0xffff8000ffffb5a0 user=0xffff80001e851000, vmspace=0xfffffd8053aac230 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 49452 25155 47931 0 2 0 syz-executor.0 *49452 197749 47931 0 7 0x4000000 syz-executor.0 47931 157601 35726 0 3 0x82 nanosleep syz-executor.0 10806 65813 1 0 3 0x100083 ttyin getty 17892 228106 0 0 3 0x14200 bored sosplice 82240 490179 35726 0 3 0x82 piperd syz-executor.1 35726 423378 34574 0 3 0x82 thrsleep syz-fuzzer 35726 423437 34574 0 3 0x4000082 nanosleep syz-fuzzer 35726 310025 34574 0 3 0x4000082 thrsleep syz-fuzzer 35726 504736 34574 0 3 0x4000082 thrsleep syz-fuzzer 35726 121049 34574 0 3 0x4000082 thrsleep syz-fuzzer 35726 184463 34574 0 2 0x4000002 syz-fuzzer 35726 264223 34574 0 3 0x4000082 thrsleep syz-fuzzer 35726 204518 34574 0 3 0x4000082 thrsleep syz-fuzzer 34574 331569 66748 0 3 0x10008a pause ksh 66748 348906 91662 0 3 0x92 select sshd 91662 2243 1 0 3 0x80 select sshd 6010 442717 89305 73 3 0x100090 kqread syslogd 89305 411161 1 0 3 0x100082 netio syslogd 27464 272347 1 77 3 0x100090 poll dhclient 49394 152938 1 0 3 0x80 poll dhclient 15206 145917 0 0 3 0x14200 bored smr 26480 369340 0 0 2 0x14200 zerothread 47209 47540 0 0 3 0x14200 aiodoned aiodoned 75595 173163 0 0 3 0x14200 syncer update 66788 288025 0 0 3 0x14200 cleaner cleaner 37881 35006 0 0 3 0x14200 reaper reaper 71306 173740 0 0 3 0x14200 pgdaemon pagedaemon 54098 129631 0 0 3 0x14200 bored crynlk 46814 111823 0 0 3 0x14200 bored crypto 15202 49858 0 0 3 0x40014200 acpi0 acpi0 96151 61756 0 0 3 0x14200 bored softnet 11467 94914 0 0 3 0x14200 bored systqmp 11787 132938 0 0 3 0x14200 bored systq 16467 517513 0 0 3 0x40014200 bored softclock 6597 176696 0 0 3 0x40014200 idle0 1 5818 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9505 6354K 6841K 78643K 11469 0 pcb 13 8K 8K 78643K 95 0 rtable 107 6K 8K 78643K 498 0 ifaddr 84 17K 18K 78643K 195 0 sysctl 2 0K 0K 78643K 2 0 counters 21 16K 16K 78643K 38 0 ioctlops 0 0K 4K 78643K 80 0 iov 0 0K 32K 78643K 72 0 mount 1 1K 1K 78643K 1 0 vnodes 1218 77K 77K 78643K 1447 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 5 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 53 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 406 0 sigio 0 0K 0K 78643K 2 0 proc 49 38K 63K 78643K 433 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 34 0 in_multi 71 3K 4K 78643K 122 0 ether_multi 1 0K 0K 78643K 15 0 mrt 0 0K 0K 78643K 5 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 1K 78643K 225 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 127 55K 75K 78643K 1831 0 UVM aobj 14 2K 2K 78643K 22 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 66 0 NDP 12 0K 0K 78643K 36 0 temp 108 3038K 3102K 78643K 21753 0 kqueue 3 4K 16K 78643K 103 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 2 1 0 1 1 0 8 0 rtpcb 80 171 0 169 1 0 1 1 0 8 0 rtentry 112 65 0 28 2 0 2 2 0 8 0 unpcb 120 260 0 250 1 0 1 1 0 8 0 syncache 264 9 0 9 2 2 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 172 0 172 2 2 0 1 0 8 0 tcpcb 544 155 0 151 1 0 1 1 0 8 0 ipq 40 3 0 3 2 2 0 1 0 8 0 ipqe 40 7 0 7 2 2 0 1 0 8 0 inpcb 280 721 0 713 4 3 1 2 0 8 0 rttmr 72 1 0 1 1 1 0 1 0 8 0 nd6 48 11 0 4 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 ppxss 1128 2 0 2 1 1 0 1 0 8 0 pfrktable 1344 48 0 43 2 1 1 1 0 8 0 pftag 88 8 0 6 2 1 1 1 0 8 0 pfrule 1360 22 0 18 2 1 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 283 0 96 13 1 12 13 0 8 0 art_table 32 285 0 96 2 0 2 2 0 8 0 art_node 16 62 0 31 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 8 4 4 0 1 0 8 0 semapl 112 51 0 41 1 0 1 1 0 8 0 shmpl 112 20 0 8 2 1 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1978 0 583 88 0 88 88 0 8 0 ffsino 240 1978 0 583 83 0 83 83 0 8 0 nchpl 144 2711 0 1135 60 0 60 60 0 8 0 uvmvnodes 72 2179 0 0 40 0 40 40 0 8 0 vnodes 208 2179 0 0 115 0 115 115 0 8 0 namei 1024 7747 0 7747 5 4 1 1 0 8 1 vcpupl 1984 4 0 0 1 0 1 1 0 8 0 vmpool 528 7 0 3 1 0 1 1 0 8 0 pfiaddrpl 120 20 0 16 2 1 1 1 0 8 0 scsiplug 64 1 0 1 1 0 1 1 0 8 1 scxspl 192 8288 0 8288 5 4 1 1 0 8 1 plimitpl 152 44 0 37 1 0 1 1 0 8 0 sigapl 424 591 0 562 4 0 4 4 0 8 0 futexpl 56 8966 0 8966 5 4 1 1 0 8 1 knotepl 112 191 0 172 1 0 1 1 0 8 0 kqueuepl 144 194 0 192 1 0 1 1 0 8 0 pipelkpl 16 117 0 106 1 0 1 1 0 8 0 pipepl 120 234 0 213 1 0 1 1 0 8 0 fdescpl 432 576 0 562 2 0 2 2 0 8 0 filepl 120 4020 0 3922 5 1 4 4 0 8 0 lockfpl 104 75 0 74 1 0 1 1 0 8 0 lockfspl 48 26 0 25 1 0 1 1 0 8 0 sessionpl 112 19 0 9 1 0 1 1 0 8 0 pgrppl 48 19 0 9 1 0 1 1 0 8 0 ucredpl 96 399 0 392 1 0 1 1 0 8 0 zombiepl 144 562 0 562 2 1 1 1 0 8 1 processpl 920 591 0 562 4 0 4 4 0 8 0 procpl 624 1060 0 1023 5 1 4 4 0 8 0 sosppl 128 104 0 104 6 5 1 1 0 8 1 sockpl 400 1156 0 1136 7 4 3 4 0 8 0 mcl64k 65536 19 0 19 6 6 0 1 0 8 0 mcl16k 16384 3 0 3 3 3 0 1 0 8 0 mcl12k 12288 11 0 11 5 5 0 1 0 8 0 mcl9k 9216 4 0 4 4 4 0 1 0 8 0 mcl8k 8192 17 0 17 6 6 0 1 0 8 0 mcl4k 4096 52 0 52 10 9 1 1 0 8 1 mcl2k2 2112 2 0 2 2 2 0 1 0 8 0 mcl2k 2048 70712 0 70642 25 14 11 20 0 8 1 mtagpl 80 27 0 14 2 1 1 1 0 8 0 mbufpl 256 116167 0 116020 36 24 12 29 0 8 0 mbufpl: pool(0xffffffff825da818:mbufpl): free list modified: page 0xfffffd80665cc000; item ordinal 4; addr 0xfffffd80665cc200 (p 0xfffffd806c3c4000); offset 0x0=0x0 mbufpl: pool(0xffffffff825da818:mbufpl): page inconsistency: page 0xfffffd80665cc000; item ordinal 5; addr 0x76aaa821cb bufpl 280 5911 0 551 383 0 383 383 0 8 0 anonpl 16 74685 0 59005 93 29 64 78 0 107 0 amapchunkpl 152 3717 0 3586 43 35 8 19 0 158 0 amappl16 192 2599 0 1743 56 13 43 51 0 8 0 amappl15 184 109 0 106 1 0 1 1 0 8 0 amappl14 176 98 0 90 1 0 1 1 0 8 0 amappl13 168 33 0 30 1 0 1 1 0 8 0 amappl12 160 76 0 74 2 1 1 1 0 8 0 amappl11 152 157 0 146 1 0 1 1 0 8 0 amappl10 144 193 0 186 1 0 1 1 0 8 0 amappl9 136 367 0 366 1 0 1 1 0 8 0 amappl8 128 339 0 300 2 0 2 2 0 8 0 amappl7 120 294 0 282 1 0 1 1 0 8 0 amappl6 112 24 0 19 1 0 1 1 0 8 0 amappl5 104 527 0 512 1 0 1 1 0 8 0 amappl4 96 450 0 422 1 0 1 1 0 8 0 amappl3 88 122 0 115 1 0 1 1 0 8 0 amappl2 80 3903 0 3834 2 0 2 2 0 8 0 amappl1 72 19680 0 19268 24 15 9 17 0 8 0 amappl 80 1312 0 1268 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 21 0 8 1 0 1 1 0 8 0 uaddrrnd 24 583 0 565 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 583 0 565 1 0 1 1 0 8 0 vmmpekpl 168 7906 0 7876 2 0 2 2 0 8 0 vmmpepl 168 74812 0 72860 151 63 88 119 0 357 0 vmsppl 272 582 0 565 3 1 2 2 0 8 0 pdppl 4096 1172 0 1134 7 1 6 6 0 8 0 pvpl 32 256357 0 237614 309 156 153 271 0 265 1 pmappl 200 582 0 565 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 307 0 77 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff825da818,fffffd80665cc100) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff825da818,fffffd80665cc100) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd80665cc100) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a3db00,800100,ffff800000a3db40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000a3db00,ffff800000a36000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a36000,ffff80001e856a40,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e856a40,ffff800000a36000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd80540397e8,8080691a,ffff80001e856a40,ffff80001d741500) at ifioctl+0xe60 sys/net/if.c:2288 sys_ioctl(ffff80001d741500,ffff80001e856b58,ffff80001e856ba0) at sys_ioctl+0x4a1 syscall(ffff80001e856c20) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3ec1afb6ba0, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff825da818,fffffd80665cc100) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff825da818,fffffd80665cc100) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd80665cc100) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a3db00,800100,ffff800000a3db40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000a3db00,ffff800000a36000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a36000,ffff80001e856a40,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e856a40,ffff800000a36000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd80540397e8,8080691a,ffff80001e856a40,ffff80001d741500) at ifioctl+0xe60 sys/net/if.c:2288 sys_ioctl(ffff80001d741500,ffff80001e856b58,ffff80001e856ba0) at sys_ioctl+0x4a1 syscall(ffff80001e856c20) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3ec1afb6ba0, count: -11