uvm_fault(0xfffffd8061052aa8, 0x52, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd8061052aa8, 0x52, 0, 1) -> e pool_do_put(ffffffff8258a898,fffffd805e116400) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff800020441980, count: 0 ddb> trace pool_do_put(ffffffff8258a898,fffffd805e116400) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff8258a898,fffffd805e116400) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd805e116400) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a16800,800100,ffff800000a16840,0) at rt_ifa_del+0x402 sys/net/route.c:1196 in6_unlink_ifa(ffff800000a16800,ffff8000009f2800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff8000009f2800,ffff800020441ee0,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff800020441ee0,ffff8000009f2800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805e562af0,8080691a,ffff800020441ee0,ffff80001d3a8600) at ifioctl+0xe60 sys/net/if.c:2289 sys_ioctl(ffff80001d3a8600,ffff800020441ff8,ffff800020442040) at sys_ioctl+0x4a1 syscall(ffff8000204420c0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xec6a12b0720, count: -11 ddb> show registers rdi 0xffffffff81ce0415 pool_do_put+0x125 rsi 0x154 rbp 0xffff800020441930 rbx 0x4a rdx 0x155 rcx 0xffff80001d437000 rax 0xffff80001d437000 r8 0x4 r9 0x5 r10 0xe6fee5525171b170 r11 0xef9facb95287720a r12 0xfffffd805e116400 r13 0x7aaf5d0343ccf34a r14 0xffffffff8258a898 mbpool r15 0xfffffd806c3c49a0 rip 0xffffffff81ce041e pool_do_put+0x12e cs 0x8 rflags 0x10292 __ALIGN_SIZE+0xf292 rsp 0xffff800020441880 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) pid=99339 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=77, nice=20 forw=0xffffffffffffffff, list=0xffff80001d339278,0xffffffff8257ce50 process=0xffff8000ffffb510 user=0xffff80002043d000, vmspace=0xfffffd8061052aa8 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 63665 132663 19466 0 2 0 syz-executor.0 *63665 99339 19466 0 7 0x4000000 syz-executor.0 27998 8566 12769 0 2 0 syz-executor.1 27998 123132 12769 0 3 0x4000080 fsleep syz-executor.1 4664 219574 0 0 3 0x14200 bored sosplice 19466 398092 93401 0 3 0x82 nanosleep syz-executor.0 12769 14213 93401 0 3 0x82 nanosleep syz-executor.1 93401 185833 42503 0 3 0x82 thrsleep syz-fuzzer 93401 178217 42503 0 3 0x4000082 nanosleep syz-fuzzer 93401 294144 42503 0 3 0x4000082 thrsleep syz-fuzzer 93401 476002 42503 0 3 0x4000082 thrsleep syz-fuzzer 93401 465388 42503 0 3 0x4000082 thrsleep syz-fuzzer 93401 500746 42503 0 3 0x4000082 kqread syz-fuzzer 93401 274250 42503 0 3 0x4000082 thrsleep syz-fuzzer 42503 129045 91655 0 3 0x10008a pause ksh 91655 426643 74911 0 3 0x92 select sshd 93869 487831 1 0 3 0x100083 ttyin getty 74911 51594 1 0 3 0x80 select sshd 44915 323234 27633 73 3 0x100090 kqread syslogd 27633 352095 1 0 3 0x100082 netio syslogd 79068 412273 1 77 3 0x100090 poll dhclient 60097 393831 1 0 3 0x80 poll dhclient 31552 167256 0 0 3 0x14200 bored smr 95872 78276 0 0 2 0x14200 zerothread 86958 62217 0 0 3 0x14200 aiodoned aiodoned 84381 156955 0 0 3 0x14200 syncer update 67679 237775 0 0 3 0x14200 cleaner cleaner 67410 388666 0 0 3 0x14200 reaper reaper 14140 505713 0 0 3 0x14200 pgdaemon pagedaemon 10169 189041 0 0 3 0x14200 bored crynlk 89900 24043 0 0 3 0x14200 bored crypto 17219 397821 0 0 3 0x40014200 acpi0 acpi0 77565 339713 0 0 3 0x14200 bored softnet 34618 460617 0 0 3 0x14200 bored systqmp 34908 19207 0 0 3 0x14200 bored systq 19474 412122 0 0 3 0x40014200 bored softclock 32884 177428 0 0 3 0x40014200 idle0 1 207971 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9473 6332K 6725K 78643K 10864 0 pcb 13 8K 8K 78643K 63 0 rtable 113 11K 12K 78643K 270 0 ifaddr 55 12K 12K 78643K 92 0 counters 21 16K 16K 78643K 28 0 ioctlops 0 0K 2K 78643K 27 0 iov 0 0K 16K 78643K 376 0 mount 1 1K 1K 78643K 1 0 vnodes 1217 77K 77K 78643K 1317 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 6 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 25 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 6 17K 25K 78643K 347 0 sigio 0 0K 0K 78643K 11 0 proc 50 38K 54K 78643K 384 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 29 0 in_multi 36 2K 2K 78643K 67 0 ether_multi 1 0K 0K 78643K 10 0 mrt 0 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 1K 78643K 197 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 96 37K 41K 78643K 1637 0 UVM aobj 11 2K 2K 78643K 13 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 30 0 NDP 8 0K 0K 78643K 20 0 temp 84 3014K 3094K 78643K 9333 0 kqueue 3 4K 8K 78643K 8 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 7 0 0 1 0 1 1 0 8 0 rtpcb 80 29 0 27 1 0 1 1 0 8 0 rtentry 112 53 0 8 2 0 2 2 0 8 0 unpcb 120 147 0 137 1 0 1 1 0 8 0 syncache 264 6 0 6 2 1 1 1 0 8 1 tcpqe 32 44 0 44 1 1 0 1 0 8 0 tcpcb 544 384 0 380 3 1 2 2 0 8 1 ipq 40 2 0 2 1 0 1 1 0 8 1 ipqe 40 4 0 4 1 0 1 1 0 8 1 inpcb 280 545 0 535 2 0 2 2 0 8 1 nd6 48 7 0 3 1 0 1 1 0 8 0 ppxss 1128 2 0 2 2 1 1 1 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 224 0 40 13 0 13 13 0 8 0 art_table 32 226 0 40 2 0 2 2 0 8 0 art_node 16 52 0 10 1 0 1 1 0 8 0 sysvmsgpl 40 6 0 2 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 23 0 13 1 0 1 1 0 8 0 shmpl 112 11 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1946 0 547 46 0 46 46 0 8 0 ffsino 240 1946 0 547 83 0 83 83 0 8 0 nchpl 144 2814 0 1214 60 0 60 60 0 8 0 uvmvnodes 72 2051 0 0 38 0 38 38 0 8 0 vnodes 208 2051 0 0 108 0 108 108 0 8 0 namei 1024 6840 0 6840 1 0 1 1 0 8 1 vcpupl 1984 6 0 0 1 0 1 1 0 8 0 vmpool 528 8 0 2 1 0 1 1 0 8 0 scxspl 192 16489 0 16489 1 0 1 1 0 8 1 plimitpl 152 30 0 23 1 0 1 1 0 8 0 sigapl 424 534 0 504 4 0 4 4 0 8 0 futexpl 56 6128 0 6127 1 0 1 1 0 8 0 knotepl 112 59 0 40 1 0 1 1 0 8 0 kqueuepl 144 48 0 46 1 0 1 1 0 8 0 pipelkpl 16 101 0 91 1 0 1 1 0 8 0 pipepl 120 202 0 183 2 0 2 2 0 8 1 fdescpl 432 519 0 504 2 0 2 2 0 8 0 filepl 120 3100 0 3000 4 0 4 4 0 8 0 lockfpl 104 85 0 84 1 0 1 1 0 8 0 lockfspl 48 30 0 29 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 165 0 158 1 0 1 1 0 8 0 zombiepl 144 504 0 504 1 0 1 1 0 8 1 processpl 896 534 0 504 4 0 4 4 0 8 0 procpl 624 944 0 906 4 0 4 4 0 8 1 sosppl 128 6 0 6 2 1 1 1 0 8 1 sockpl 400 721 0 701 5 1 4 4 0 8 2 mcl64k 65536 19 0 19 1 0 1 1 0 8 1 mcl16k 16384 1 0 1 1 0 1 1 0 8 1 mcl12k 12288 4 0 4 1 0 1 1 0 8 1 mcl9k 9216 1 0 1 1 1 0 1 0 8 0 mcl8k 8192 5 0 5 1 0 1 1 0 8 1 mcl4k 4096 24 0 24 1 0 1 1 0 8 1 mcl2k2 2112 3 0 3 1 0 1 1 0 8 1 mcl2k 2048 61009 0 60966 13 7 6 12 0 8 0 mtagpl 80 26 0 2 2 1 1 1 0 8 0 mbufpl 256 97648 0 97505 16 2 14 14 0 8 2 mbufpl: pool(0xffffffff8258a898:mbufpl): free list modified: page 0xfffffd805e116000; item ordinal 0; addr 0xfffffd805e116500 (p 0xfffffd806c3c4000); offset 0x0=0x0 mbufpl: pool(0xffffffff8258a898:mbufpl): page inconsistency: page 0xfffffd805e116000; item ordinal 1; addr 0x4a bufpl 280 15793 0 10409 385 0 385 385 0 8 0 anonpl 16 102199 0 87125 79 2 77 77 0 107 14 amapchunkpl 152 2510 0 2370 11 1 10 10 0 158 3 amappl16 192 4841 0 3981 58 8 50 52 0 8 7 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 10 0 9 2 1 1 1 0 8 0 amappl13 168 23 0 22 1 0 1 1 0 8 0 amappl12 160 5 0 4 1 0 1 1 0 8 0 amappl11 152 63 0 50 1 0 1 1 0 8 0 amappl10 144 170 0 164 1 0 1 1 0 8 0 amappl9 136 527 0 522 1 0 1 1 0 8 0 amappl8 128 418 0 404 1 0 1 1 0 8 0 amappl7 120 265 0 251 1 0 1 1 0 8 0 amappl6 112 27 0 22 1 0 1 1 0 8 0 amappl5 104 468 0 456 1 0 1 1 0 8 0 amappl4 96 440 0 412 1 0 1 1 0 8 0 amappl3 88 109 0 103 1 0 1 1 0 8 0 amappl2 80 3355 0 3285 3 1 2 3 0 8 0 amappl1 72 18289 0 17873 27 18 9 20 0 8 0 amappl 80 1184 0 1140 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 12 0 2 1 0 1 1 0 8 0 uaddrrnd 24 527 0 506 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 527 0 506 1 0 1 1 0 8 0 vmmpekpl 168 6910 0 6881 2 0 2 2 0 8 0 vmmpepl 168 69519 0 67453 127 18 109 121 0 357 19 vmsppl 272 526 0 506 2 0 2 2 0 8 0 pdppl 4096 1060 0 1018 7 1 6 6 0 8 0 pvpl 32 249987 0 232740 179 0 179 179 0 265 39 pmappl 200 526 0 506 2 0 2 2 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 158 0 14 5 0 5 5 0 8 0