uvm_fault(0xfffffd805283b010, 0xb7, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd805283b010, 0xb7, 0, 1) -> e pool_do_put(ffffffff82574230,fffffd805a3f7800) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff80001e43d990, count: 0 ddb> trace pool_do_put(ffffffff82574230,fffffd805a3f7800) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff82574230,fffffd805a3f7800) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd805a3f7800) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a22400,800100,ffff800000a22440,40) at rt_ifa_del+0x402 sys/net/route.c:1196 in6_unlink_ifa(ffff800000a22400,ffff8000009f1800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff8000009f1800,ffff80001e43def0,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e43def0,ffff8000009f1800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805dafce18,8080691a,ffff80001e43def0,ffff80001d35dc48) at ifioctl+0xe60 sys/net/if.c:2290 sys_ioctl(ffff80001d35dc48,ffff80001e43e008,ffff80001e43e050) at sys_ioctl+0x4a1 syscall(ffff80001e43e0d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3542b7ea080, count: -11 ddb> show registers rdi 0xffffffff81ab2325 pool_do_put+0x125 rsi 0x14d rbp 0xffff80001e43d940 rbx 0xaf rdx 0x14e rcx 0xffff80001d417000 rax 0xffff80001d417000 r8 0x4 r9 0x5 r10 0x7d67516f99a0d4e8 r11 0x94f5a497303ee46 r12 0xfffffd805a3f7800 r13 0xcee06ee830a076af r14 0xffffffff82574230 mbpool r15 0xfffffd8066dd61d8 rip 0xffffffff81ab232e pool_do_put+0x12e cs 0x8 rflags 0x10292 __ALIGN_SIZE+0xf292 rsp 0xffff80001e43d890 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) pid=93595 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=72, nice=20 forw=0xffffffffffffffff, list=0xffff80001d35d768,0xffffffff825700a8 process=0xffff80001d38f500 user=0xffff80001e439000, vmspace=0xfffffd805283b010 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 13374 58232 8023 0 2 0 syz-executor.0 *13374 93595 8023 0 7 0x4000000 syz-executor.0 3712 165032 31383 0 3 0x80 nanosleep syz-executor.1 3712 135397 31383 0 3 0x4000080 netio syz-executor.1 3712 51266 31383 0 3 0x4000080 fsleep syz-executor.1 31383 163943 69947 0 3 0x82 nanosleep syz-executor.1 78788 65828 1 0 3 0x100083 ttyin getty 64050 55678 0 0 3 0x14200 acct acct 34563 313885 0 0 3 0x14200 bored sosplice 8023 219070 69947 0 3 0x82 nanosleep syz-executor.0 69947 393707 90868 0 3 0x82 thrsleep syz-fuzzer 69947 466334 90868 0 3 0x4000082 thrsleep syz-fuzzer 69947 493471 90868 0 3 0x4000082 kqread syz-fuzzer 69947 436124 90868 0 3 0x4000082 thrsleep syz-fuzzer 69947 83099 90868 0 3 0x4000082 thrsleep syz-fuzzer 69947 145007 90868 0 3 0x4000082 thrsleep syz-fuzzer 69947 404091 90868 0 3 0x4000082 thrsleep syz-fuzzer 69947 245401 90868 0 3 0x4000082 thrsleep syz-fuzzer 90868 122639 67578 0 3 0x10008a pause ksh 67578 154588 60943 0 3 0x92 select sshd 60943 486611 1 0 3 0x80 select sshd 56034 507836 55699 73 3 0x100090 kqread syslogd 55699 507837 1 0 3 0x100082 netio syslogd 16373 396605 1 77 3 0x100090 poll dhclient 61669 351285 1 0 3 0x80 poll dhclient 83781 283895 0 0 3 0x14200 bored smr 60199 675 0 0 2 0x14200 zerothread 32782 152826 0 0 3 0x14200 aiodoned aiodoned 36368 445522 0 0 3 0x14200 syncer update 27222 97330 0 0 3 0x14200 cleaner cleaner 5661 252834 0 0 3 0x14200 reaper reaper 33366 462578 0 0 3 0x14200 pgdaemon pagedaemon 93704 406748 0 0 3 0x14200 bored crynlk 26419 318631 0 0 3 0x14200 bored crypto 19195 453153 0 0 3 0x40014200 acpi0 acpi0 35259 61235 0 0 3 0x14200 bored softnet 8069 198826 0 0 3 0x14200 bored systqmp 52511 185724 0 0 3 0x14200 bored systq 67391 197449 0 0 3 0x40014200 bored softclock 57710 199006 0 0 3 0x40014200 idle0 1 404896 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9490 6354K 6518K 78643K 10671 0 pcb 13 8K 8K 78643K 93 0 rtable 80 7K 7K 78643K 387 0 ifaddr 62 13K 13K 78643K 123 0 counters 21 16K 16K 78643K 28 0 ioctlops 0 0K 2K 78643K 37 0 iov 0 0K 16K 78643K 75 0 mount 1 1K 1K 78643K 1 0 vnodes 1214 76K 77K 78643K 1317 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 3 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 83 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 6 17K 25K 78643K 383 0 sigio 0 0K 0K 78643K 8 0 proc 50 38K 55K 78643K 459 0 subproc 32 2K 2K 78643K 55 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 73 0 in_multi 41 2K 2K 78643K 130 0 ether_multi 1 0K 0K 78643K 14 0 mrt 0 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 67 307K 307K 78643K 67 0 exec 0 0K 1K 78643K 233 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 115 38K 42K 78643K 1776 0 UVM aobj 11 2K 2K 78643K 11 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 52 0 NDP 10 0K 0K 78643K 29 0 temp 122 3022K 3086K 78643K 21169 0 kqueue 3 4K 20K 78643K 50 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 12 0 8 1 0 1 1 0 8 0 rtpcb 80 216 0 214 1 0 1 1 0 8 0 rtentry 112 90 0 63 2 1 1 2 0 8 0 unpcb 120 263 0 254 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 290 0 286 4 2 2 3 0 8 1 ipq 40 5 0 5 2 1 1 1 0 8 1 ipqe 40 224 0 224 2 1 1 1 0 8 1 inpcb 280 1254 0 1241 5 2 3 4 0 8 2 nd6 48 15 0 13 1 0 1 1 0 8 0 ppxss 1128 1 0 1 1 1 0 1 0 8 0 art_heap8 4096 3 0 1 3 0 3 3 0 8 1 art_heap4 256 496 0 361 14 2 12 12 0 8 0 art_table 32 499 0 362 2 0 2 2 0 8 0 art_node 16 89 0 66 1 0 1 1 0 8 0 sysvmsgpl 40 10 0 8 2 1 1 1 0 8 0 semupl 112 3 0 3 2 2 0 1 0 8 0 semapl 112 78 0 68 1 0 1 1 0 8 0 shmpl 112 9 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1948 0 550 46 0 46 46 0 8 0 ffsino 240 1948 0 550 83 0 83 83 0 8 0 nchpl 144 2718 0 1120 60 0 60 60 0 8 0 uvmvnodes 72 2020 0 0 37 0 37 37 0 8 0 vnodes 208 2020 0 0 107 0 107 107 0 8 0 namei 1024 7667 0 7667 1 0 1 1 0 8 1 vcpupl 1984 2 0 0 1 0 1 1 0 8 0 vmpool 528 2 0 0 1 0 1 1 0 8 0 scxspl 192 8986 0 8986 1 0 1 1 0 8 1 plimitpl 152 62 0 55 1 0 1 1 0 8 0 sigapl 424 569 0 538 4 0 4 4 0 8 0 futexpl 56 12492 0 12491 1 0 1 1 0 8 0 knotepl 112 117 0 98 1 0 1 1 0 8 0 kqueuepl 144 108 0 106 1 0 1 1 0 8 0 pipelkpl 16 173 0 163 1 0 1 1 0 8 0 pipepl 120 346 0 327 1 0 1 1 0 8 0 fdescpl 432 553 0 538 2 0 2 2 0 8 0 filepl 120 4734 0 4633 5 1 4 5 0 8 0 lockfpl 104 112 0 111 1 0 1 1 0 8 0 lockfspl 48 34 0 33 1 0 1 1 0 8 0 sessionpl 112 19 0 9 1 0 1 1 0 8 0 pgrppl 48 21 0 11 1 0 1 1 0 8 0 ucredpl 96 549 0 542 1 0 1 1 0 8 0 zombiepl 144 538 0 538 1 0 1 1 0 8 1 processpl 896 569 0 538 4 0 4 4 0 8 0 procpl 624 1011 0 970 4 0 4 4 0 8 0 sosppl 128 15 0 15 2 1 1 1 0 8 1 sockpl 400 1787 0 1763 8 3 5 7 0 8 2 mcl64k 65536 265 0 265 29 28 1 29 0 8 1 mcl16k 16384 4 0 4 2 1 1 1 0 8 1 mcl12k 12288 15 0 15 1 0 1 1 0 8 1 mcl9k 9216 7 0 7 2 1 1 1 0 8 1 mcl8k 8192 24 0 24 1 0 1 1 0 8 1 mcl4k 4096 56 0 56 2 1 1 1 0 8 1 mcl2k2 2112 3 0 3 1 0 1 1 0 8 1 mcl2k 2048 65514 0 65472 17 10 7 13 0 8 1 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 109445 0 109333 36 15 21 25 0 8 8 mbufpl: pool(0xffffffff82574230:mbufpl): free list modified: page 0xfffffd805a3f7000; item ordinal 0; addr 0xfffffd805a3f7900 (p 0xfffffd8066dd6000); offset 0x0=0x0 mbufpl: pool(0xffffffff82574230:mbufpl): page inconsistency: page 0xfffffd805a3f7000; item ordinal 1; addr 0xaf bufpl 280 5539 0 173 384 0 384 384 0 8 0 anonpl 16 75218 0 58177 87 3 84 84 0 107 15 amapchunkpl 152 3394 0 3251 31 11 20 20 0 158 13 amappl16 192 3226 0 2292 64 9 55 59 0 8 8 amappl15 184 180 0 177 1 0 1 1 0 8 0 amappl14 176 85 0 80 2 1 1 1 0 8 0 amappl13 168 30 0 28 1 0 1 1 0 8 0 amappl12 160 6 0 6 1 1 0 1 0 8 0 amappl11 152 70 0 58 1 0 1 1 0 8 0 amappl10 144 16 0 10 1 0 1 1 0 8 0 amappl9 136 381 0 378 1 0 1 1 0 8 0 amappl8 128 311 0 285 1 0 1 1 0 8 0 amappl7 120 122 0 110 1 0 1 1 0 8 0 amappl6 112 24 0 20 1 0 1 1 0 8 0 amappl5 104 484 0 470 1 0 1 1 0 8 0 amappl4 96 462 0 431 1 0 1 1 0 8 0 amappl3 88 129 0 123 1 0 1 1 0 8 0 amappl2 80 3740 0 3665 3 1 2 3 0 8 0 amappl1 72 19944 0 19501 27 18 9 20 0 8 0 amappl 80 1270 0 1224 3 1 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 10 0 0 1 0 1 1 0 8 0 uaddrrnd 24 555 0 538 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 555 0 538 1 0 1 1 0 8 0 vmmpekpl 168 7745 0 7718 2 0 2 2 0 8 0 vmmpepl 168 73018 0 70878 136 16 120 122 0 357 26 vmsppl 272 554 0 538 3 1 2 2 0 8 0 pdppl 4096 1116 0 1078 6 1 5 6 0 8 0 pvpl 32 217668 0 197795 200 3 197 198 0 265 36 pmappl 200 554 0 538 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 218 0 66 6 0 6 6 0 8 0