uvm_fault(0xfffffd806bc0a550, 0x47c47271da39, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd806bc0a550, 0x47c47271da39, 0, 1) -> e pool_do_put(ffffffff825ab430,fffffd8059df3b00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff80001e837880, count: 0 ddb> trace pool_do_put(ffffffff825ab430,fffffd8059df3b00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff825ab430,fffffd8059df3b00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8059df3b00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a09400,800100,ffff800000a09440,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000a09400,ffff800000a02800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a02800,ffff80001e837de0,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e837de0,ffff800000a02800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805dad0968,8080691a,ffff80001e837de0,ffff80001d7394e8) at ifioctl+0xe60 sys/net/if.c:2289 sys_ioctl(ffff80001d7394e8,ffff80001e837ef8,ffff80001e837f40) at sys_ioctl+0x4a1 syscall(ffff80001e837fc0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xad1bad19340, count: -11 ddb> show registers rdi 0xffffffff816229a5 pool_do_put+0x125 rsi 0x12f rbp 0xffff80001e837830 rbx 0x47c47271da31 rdx 0x130 rcx 0xffff80001fa33000 rax 0xffff80001fa33000 r8 0x4 r9 0x5 r10 0xec594d828e78d57 r11 0xc430745186ba2cce r12 0xfffffd8059df3b00 r13 0x47c47271da31 r14 0xffffffff825ab430 mbpool r15 0xfffffd805e131bd8 rip 0xffffffff816229ae pool_do_put+0x12e cs 0x8 rflags 0x10296 __ALIGN_SIZE+0xf296 rsp 0xffff80001e837780 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) pid=24607 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=58, nice=20 forw=0xffffffffffffffff, list=0xffff80001d739278,0xffffffff8258af98 process=0xffff8000ffffaad8 user=0xffff80001e833000, vmspace=0xfffffd806bc0a550 estcpu=33, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 88668 54664 281 0 2 0 syz-executor.0 *88668 24607 281 0 7 0x4000000 syz-executor.0 281 7497 13859 0 3 0x82 nanosleep syz-executor.0 24443 165790 13859 0 3 0x2 biowait syz-executor.1 13859 272047 63523 0 3 0x82 thrsleep syz-fuzzer 13859 392458 63523 0 3 0x4000082 nanosleep syz-fuzzer 13859 113254 63523 0 3 0x4000082 thrsleep syz-fuzzer 13859 125816 63523 0 3 0x4000082 thrsleep syz-fuzzer 13859 328945 63523 0 3 0x4000082 thrsleep syz-fuzzer 13859 372984 63523 0 3 0x4000082 kqread syz-fuzzer 13859 227274 63523 0 3 0x4000082 thrsleep syz-fuzzer 63523 443540 34602 0 3 0x10008a pause ksh 34602 305025 55472 0 3 0x92 select sshd 66614 28691 1 0 3 0x100083 ttyin getty 55472 406787 1 0 3 0x80 select sshd 41319 398094 73566 73 3 0x100090 kqread syslogd 73566 419468 1 0 3 0x100082 netio syslogd 26699 401748 1 77 3 0x100090 poll dhclient 97619 111329 1 0 3 0x80 poll dhclient 19846 83852 0 0 3 0x14200 bored smr 20956 141945 0 0 2 0x14200 zerothread 35571 399130 0 0 3 0x14200 aiodoned aiodoned 31960 481491 0 0 3 0x14200 syncer update 78681 179073 0 0 3 0x14200 cleaner cleaner 47811 81967 0 0 3 0x14200 reaper reaper 31666 457666 0 0 3 0x14200 pgdaemon pagedaemon 21 212976 0 0 3 0x14200 bored crynlk 47326 403893 0 0 3 0x14200 bored crypto 35158 243633 0 0 3 0x40014200 acpi0 acpi0 83437 255136 0 0 3 0x14200 bored softnet 64726 24904 0 0 3 0x14200 bored systqmp 36154 216543 0 0 3 0x14200 bored systq 7224 368436 0 0 3 0x40014200 bored softclock 71845 184972 0 0 3 0x40014200 idle0 1 138356 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9461 6515K 6515K 78643K 10569 0 pcb 13 8K 8K 78643K 13 0 rtable 83 2K 3K 78643K 195 0 ifaddr 33 9K 10K 78643K 40 0 counters 20 16K 16K 78643K 21 0 ioctlops 0 0K 2K 78643K 15 0 iov 0 0K 0K 78643K 2 0 mount 1 1K 1K 78643K 1 0 vnodes 1215 76K 76K 78643K 1225 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 40 0 proc 48 38K 54K 78643K 359 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 22 1K 2K 78643K 33 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 1K 78643K 183 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 119 23K 23K 78643K 927 0 UVM aobj 2 2K 2K 78643K 2 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 4 0K 0K 78643K 9 0 temp 56 3031K 3095K 78643K 1776 0 kqueue 3 4K 4K 78643K 3 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 2 1 0 1 1 0 8 0 rtpcb 80 19 0 17 1 0 1 1 0 8 0 rtentry 112 45 0 12 2 0 2 2 0 8 0 unpcb 120 27 0 19 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 40 0 40 1 0 1 1 0 8 1 tcpcb 544 12 0 8 1 0 1 1 0 8 0 inpcb 280 37 0 29 1 0 1 1 0 8 0 nd6 48 6 0 3 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 188 0 44 12 0 12 12 0 8 2 art_table 32 189 0 44 2 0 2 2 0 8 0 art_node 16 44 0 14 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1427 0 31 88 0 88 88 0 8 0 ffsino 240 1427 0 31 83 0 83 83 0 8 0 nchpl 144 1654 0 55 60 0 60 60 0 8 0 uvmvnodes 72 1473 0 0 27 0 27 27 0 8 0 vnodes 208 1473 0 0 78 0 78 78 0 8 0 namei 1024 4063 0 4062 1 0 1 1 0 8 0 scxspl 192 4036 0 4035 1 0 1 1 0 8 0 plimitpl 152 14 0 7 1 0 1 1 0 8 0 sigapl 424 226 0 198 4 0 4 4 0 8 0 futexpl 56 177 0 177 1 0 1 1 0 8 1 knotepl 112 61 0 42 1 0 1 1 0 8 0 kqueuepl 144 4 0 2 1 0 1 1 0 8 0 pipelkpl 16 72 0 62 1 0 1 1 0 8 0 pipepl 120 144 0 125 1 0 1 1 0 8 0 fdescpl 432 212 0 198 2 0 2 2 0 8 0 filepl 120 1054 0 957 4 0 4 4 0 8 1 lockfpl 104 9 0 8 1 0 1 1 0 8 0 lockfspl 48 5 0 4 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 62 0 55 1 0 1 1 0 8 0 zombiepl 144 198 0 198 1 0 1 1 0 8 1 processpl 920 226 0 198 4 0 4 4 0 8 0 procpl 624 239 0 204 3 0 3 3 0 8 0 sockpl 400 83 0 65 3 0 3 3 0 8 1 mcl64k 65536 1 0 1 1 0 1 1 0 8 1 mcl12k 12288 1 0 1 1 0 1 1 0 8 1 mcl4k 4096 8 0 8 1 1 0 1 0 8 0 mcl2k 2048 65664 0 65627 12 1 11 11 0 8 6 mtagpl 80 3 0 3 2 1 1 1 0 8 1 mbufpl 256 104191 0 104138 10 1 9 9 0 8 1 mbufpl: pool(0xffffffff825ab430:mbufpl): free list modified: page 0xfffffd8059df3000; item ordinal 0; addr 0xfffffd8059df3c00 (p 0xfffffd805e131000); offset 0x0=0x0 pool(mbufpl): free list modified: page 0xfffffd8059df3000; item ordinal 0; addr 0xfffffd8059df3c00 (p 0xfffffd805e131000); offset 0x0=0x0 mbufpl: pool(0xffffffff825ab430:mbufpl): page inconsistency: page 0xfffffd8059df3000; item ordinal 1; addr 0x47c47271da31 bufpl 280 3216 0 126 221 0 221 221 0 8 0 anonpl 16 35140 0 21011 59 2 57 57 0 107 0 amapchunkpl 152 954 0 815 8 0 8 8 0 158 2 amappl16 192 883 0 130 38 0 38 38 0 8 0 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 25 0 21 1 0 1 1 0 8 0 amappl13 168 32 0 29 1 0 1 1 0 8 0 amappl12 160 11 0 7 2 1 1 1 0 8 0 amappl11 152 50 0 40 1 0 1 1 0 8 0 amappl10 144 22 0 14 1 0 1 1 0 8 0 amappl9 136 368 0 367 1 0 1 1 0 8 0 amappl8 128 314 0 278 2 0 2 2 0 8 0 amappl7 120 108 0 95 1 0 1 1 0 8 0 amappl6 112 24 0 19 1 0 1 1 0 8 0 amappl5 104 160 0 149 1 0 1 1 0 8 0 amappl4 96 420 0 391 1 0 1 1 0 8 0 amappl3 88 101 0 95 1 0 1 1 0 8 0 amappl2 80 857 0 795 2 0 2 2 0 8 0 amappl1 72 13697 0 13287 24 7 17 17 0 8 8 amappl 80 461 0 419 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 212 0 198 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 212 0 198 1 0 1 1 0 8 0 vmmpekpl 168 5708 0 5684 2 0 2 2 0 8 0 vmmpepl 168 32540 0 30713 106 6 100 100 0 357 20 vmsppl 272 211 0 198 2 0 2 2 0 8 1 pdppl 4096 430 0 396 6 0 6 6 0 8 1 pvpl 32 125620 0 108556 141 0 141 141 0 265 1 pmappl 200 211 0 198 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 229 0 5 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff825ab430,fffffd8059df3b00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff825ab430,fffffd8059df3b00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8059df3b00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a09400,800100,ffff800000a09440,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000a09400,ffff800000a02800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a02800,ffff80001e837de0,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e837de0,ffff800000a02800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805dad0968,8080691a,ffff80001e837de0,ffff80001d7394e8) at ifioctl+0xe60 sys/net/if.c:2289 sys_ioctl(ffff80001d7394e8,ffff80001e837ef8,ffff80001e837f40) at sys_ioctl+0x4a1 syscall(ffff80001e837fc0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xad1bad19340, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff825ab430,fffffd8059df3b00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff825ab430,fffffd8059df3b00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8059df3b00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a09400,800100,ffff800000a09440,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000a09400,ffff800000a02800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a02800,ffff80001e837de0,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e837de0,ffff800000a02800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805dad0968,8080691a,ffff80001e837de0,ffff80001d7394e8) at ifioctl+0xe60 sys/net/if.c:2289 sys_ioctl(ffff80001d7394e8,ffff80001e837ef8,ffff80001e837f40) at sys_ioctl+0x4a1 syscall(ffff80001e837fc0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xad1bad19340, count: -11