uvm_fault(0xfffffd806bc09000, 0x509c7fc280, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd806bc09000, 0x509c7fc280, 0, 1) -> e pool_do_put(ffffffff827e3950,fffffd8057e74d00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff8000209b9990, count: 0 ddb> trace pool_do_put(ffffffff827e3950,fffffd8057e74d00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff827e3950,fffffd8057e74d00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8057e74d00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000b72a00,800100,ffff800000b72a40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000b72a00,ffff800000ac2800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ac2800,ffff8000209b9ef0,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff8000209b9ef0,ffff800000ac2800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd806876dc90,8080691a,ffff8000209b9ef0,ffff80001d6c19e0) at ifioctl+0xe60 sys/net/if.c:2288 sys_ioctl(ffff80001d6c19e0,ffff8000209ba008,ffff8000209ba050) at sys_ioctl+0x4a1 syscall(ffff8000209ba0d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xb11c79d5a00, count: -11 ddb> show registers rdi 0xffffffff812e1fe5 pool_do_put+0x125 rsi 0x160 rbp 0xffff8000209b9940 rbx 0x509c7fc278 rdx 0x161 rcx 0xffff80001d79f000 rax 0xffff80001d79f000 r8 0x4 r9 0x5 r10 0xec887f02e20f1471 r11 0x31d7ec713a8af7a6 r12 0xfffffd8057e74d00 r13 0x3144a2509c7fc278 r14 0xffffffff827e3950 mbpool r15 0xfffffd805a7ab6c0 rip 0xffffffff812e1fee pool_do_put+0x12e cs 0x8 rflags 0x10296 __ALIGN_SIZE+0xf296 rsp 0xffff8000209b9890 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) pid=427106 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=71, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6c1c50,0xffffffff827f7a58 process=0xffff8000ffffb208 user=0xffff8000209b5000, vmspace=0xfffffd806bc09000 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 33359 259371 9994 0 2 0 syz-executor.0 *33359 427106 9994 0 7 0x4000000 syz-executor.0 82224 153693 0 0 3 0x14200 bored sosplice 56744 157375 22820 0 3 0x2 biowait syz-executor.1 9994 167259 22820 0 3 0x82 nanosleep syz-executor.0 22820 53235 45416 0 3 0x82 thrsleep syz-fuzzer 22820 402280 45416 0 3 0x4000082 nanosleep syz-fuzzer 22820 369958 45416 0 3 0x4000082 kqread syz-fuzzer 22820 361651 45416 0 3 0x4000082 thrsleep syz-fuzzer 22820 464566 45416 0 3 0x4000082 thrsleep syz-fuzzer 22820 313909 45416 0 3 0x4000082 thrsleep syz-fuzzer 22820 300308 45416 0 3 0x4000082 thrsleep syz-fuzzer 22820 215757 45416 0 3 0x4000082 thrsleep syz-fuzzer 45416 436477 11077 0 3 0x10008a pause ksh 11077 167289 70115 0 3 0x92 select sshd 15454 435278 1 0 3 0x100083 ttyin getty 70115 210517 1 0 3 0x80 select sshd 48701 288344 44207 73 3 0x100090 kqread syslogd 44207 197081 1 0 3 0x100082 netio syslogd 47117 440359 1 77 3 0x100090 poll dhclient 68018 88522 1 0 3 0x80 poll dhclient 4893 308217 0 0 3 0x14200 bored smr 13097 348848 0 0 2 0x14200 zerothread 20206 57494 0 0 3 0x14200 aiodoned aiodoned 95445 446940 0 0 3 0x14200 syncer update 34773 316797 0 0 3 0x14200 cleaner cleaner 92310 479898 0 0 3 0x14200 reaper reaper 59632 89209 0 0 3 0x14200 pgdaemon pagedaemon 26 293499 0 0 3 0x14200 bored crynlk 22011 329226 0 0 3 0x14200 bored crypto 98845 415694 0 0 3 0x40014200 acpi0 acpi0 73858 198157 0 0 3 0x14200 bored softnet 35037 393102 0 0 3 0x14200 bored systqmp 58928 139429 0 0 3 0x14200 bored systq 18753 506930 0 0 3 0x40014200 bored softclock 35318 231456 0 0 3 0x40014200 idle0 1 424320 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9479 6397K 7620K 78643K 11039 0 pcb 13 8K 8K 78643K 29 0 rtable 106 3K 7K 78643K 273 0 ifaddr 59 13K 13K 78643K 78 0 counters 21 16K 16K 78643K 22 0 ioctlops 0 0K 4K 78643K 25 0 iov 0 0K 16K 78643K 19 0 mount 1 1K 1K 78643K 1 0 vnodes 1224 77K 77K 78643K 1334 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 3 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 26 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 21K 78643K 114 0 sigio 0 0K 0K 78643K 6 0 proc 49 38K 54K 78643K 370 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 3 0 in_multi 52 2K 2K 78643K 56 0 ether_multi 1 0K 0K 78643K 3 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 1K 78643K 185 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 123 23K 23K 78643K 1128 0 UVM aobj 2 2K 2K 78643K 2 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 12 0 NDP 8 0K 0K 78643K 13 0 temp 85 3842K 3910K 78643K 9235 0 kqueue 3 4K 8K 78643K 5 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 2 1 0 1 1 0 8 0 rtpcb 80 32 0 30 1 0 1 1 0 8 0 rtentry 112 50 0 6 2 0 2 2 0 8 0 unpcb 120 47 0 39 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 230 0 230 1 1 0 1 0 8 0 tcpcb 544 68 0 64 1 0 1 1 0 8 0 inpcb 280 146 0 138 1 0 1 1 0 8 0 nd6 48 6 0 0 1 0 1 1 0 8 0 pfrktable 1344 20 0 20 1 1 0 1 0 8 0 pftag 88 4 0 4 1 1 0 1 0 8 0 pfrule 1360 4 0 2 2 1 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 196 0 3 13 0 13 13 0 8 0 art_table 32 198 0 3 2 0 2 2 0 8 0 art_node 16 49 0 10 1 0 1 1 0 8 0 sysvmsgpl 40 12 0 2 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 24 0 14 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1535 0 136 88 0 88 88 0 8 0 ffsino 240 1535 0 136 83 0 83 83 0 8 0 nchpl 144 1921 0 317 60 0 60 60 0 8 0 uvmvnodes 72 1678 0 0 31 0 31 31 0 8 0 vnodes 208 1678 0 0 89 0 89 89 0 8 0 namei 1024 4871 0 4871 1 0 1 1 0 8 1 pfiaddrpl 120 6 0 6 1 1 0 1 0 8 0 scxspl 192 5792 0 5791 1 0 1 1 0 8 0 plimitpl 152 18 0 11 1 0 1 1 0 8 0 sigapl 424 301 0 272 4 0 4 4 0 8 0 futexpl 56 2074 0 2074 1 0 1 1 0 8 1 knotepl 112 63 0 44 1 0 1 1 0 8 0 kqueuepl 144 10 0 8 1 0 1 1 0 8 0 pipelkpl 16 89 0 79 1 0 1 1 0 8 0 pipepl 120 178 0 159 1 0 1 1 0 8 0 fdescpl 432 286 0 272 2 0 2 2 0 8 0 filepl 120 1619 0 1522 4 0 4 4 0 8 1 lockfpl 104 22 0 21 1 0 1 1 0 8 0 lockfspl 48 10 0 9 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 156 0 149 1 0 1 1 0 8 0 zombiepl 144 272 0 272 1 0 1 1 0 8 1 processpl 920 301 0 272 4 0 4 4 0 8 0 procpl 624 409 0 372 5 1 4 4 0 8 0 sockpl 400 226 0 208 3 0 3 3 0 8 0 mcl64k 65536 14 0 14 2 1 1 1 0 8 1 mcl16k 16384 1 0 1 1 1 0 1 0 8 0 mcl12k 12288 4 0 4 2 1 1 1 0 8 1 mcl9k 9216 2 0 2 2 1 1 1 0 8 1 mcl8k 8192 9 0 9 2 1 1 1 0 8 1 mcl4k 4096 25 0 25 2 1 1 1 0 8 1 mcl2k2 2112 1 0 1 1 1 0 1 0 8 0 mcl2k 2048 72702 0 72642 17 6 11 16 0 8 3 mtagpl 80 18 0 2 2 1 1 1 0 8 0 mbufpl 256 115831 0 115657 14 2 12 12 0 8 0 mbufpl: pool(0xffffffff827e3950:mbufpl): free list modified: page 0xfffffd8057e74000; item ordinal 12; addr 0xfffffd8057e74e00 (p 0xfffffd805a7ab000); offset 0x0=0x0 mbufpl: pool(0xffffffff827e3950:mbufpl): page inconsistency: page 0xfffffd8057e74000; item ordinal 13; addr 0x509c7fc278 bufpl 280 3670 0 126 254 0 254 254 0 8 0 anonpl 16 47153 0 32313 78 1 77 77 0 107 11 amapchunkpl 152 1351 0 1222 7 0 7 7 0 158 1 amappl16 192 1483 0 662 54 2 52 54 0 8 8 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 65 0 58 1 0 1 1 0 8 0 amappl13 168 35 0 31 1 0 1 1 0 8 0 amappl12 160 51 0 47 1 0 1 1 0 8 0 amappl11 152 45 0 36 1 0 1 1 0 8 0 amappl10 144 60 0 52 1 0 1 1 0 8 0 amappl9 136 374 0 373 1 0 1 1 0 8 0 amappl8 128 321 0 279 2 0 2 2 0 8 0 amappl7 120 147 0 132 1 0 1 1 0 8 0 amappl6 112 25 0 21 1 0 1 1 0 8 0 amappl5 104 221 0 209 1 0 1 1 0 8 0 amappl4 96 417 0 391 1 0 1 1 0 8 0 amappl3 88 104 0 98 1 0 1 1 0 8 0 amappl2 80 1512 0 1444 2 0 2 2 0 8 0 amappl1 72 14779 0 14362 21 11 10 17 0 8 0 amappl 80 654 0 614 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 286 0 272 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 286 0 272 1 0 1 1 0 8 0 vmmpekpl 168 6107 0 6083 2 0 2 2 0 8 0 vmmpepl 168 41661 0 39749 107 8 99 104 0 357 15 vmsppl 272 285 0 272 2 1 1 2 0 8 0 pdppl 4096 578 0 544 5 0 5 5 0 8 0 pvpl 32 146355 0 128546 181 0 181 181 0 265 33 pmappl 200 285 0 272 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 248 0 17 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff827e3950,fffffd8057e74d00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff827e3950,fffffd8057e74d00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8057e74d00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000b72a00,800100,ffff800000b72a40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000b72a00,ffff800000ac2800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ac2800,ffff8000209b9ef0,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff8000209b9ef0,ffff800000ac2800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd806876dc90,8080691a,ffff8000209b9ef0,ffff80001d6c19e0) at ifioctl+0xe60 sys/net/if.c:2288 sys_ioctl(ffff80001d6c19e0,ffff8000209ba008,ffff8000209ba050) at sys_ioctl+0x4a1 syscall(ffff8000209ba0d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xb11c79d5a00, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff827e3950,fffffd8057e74d00) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff827e3950,fffffd8057e74d00) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8057e74d00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000b72a00,800100,ffff800000b72a40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000b72a00,ffff800000ac2800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ac2800,ffff8000209b9ef0,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff8000209b9ef0,ffff800000ac2800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd806876dc90,8080691a,ffff8000209b9ef0,ffff80001d6c19e0) at ifioctl+0xe60 sys/net/if.c:2288 sys_ioctl(ffff80001d6c19e0,ffff8000209ba008,ffff8000209ba050) at sys_ioctl+0x4a1 syscall(ffff8000209ba0d0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xb11c79d5a00, count: -11