uvm_fault(0xfffffd803f011550, 0x7a355f85cb39, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd803f011550, 0x7a355f85cb39, 0, 1) -> e pool_do_put(ffffffff825871b0,fffffd802e162d00) at pool_do_put+0x12e sys/kern/subr_pool.c:844 end trace frame: 0xffff8000148843f0, count: 0 ddb> trace pool_do_put(ffffffff825871b0,fffffd802e162d00) at pool_do_put+0x12e sys/kern/subr_pool.c:844 pool_put(ffffffff825871b0,fffffd802e162d00) at pool_put+0x4b sys/kern/subr_pool.c:802 m_free(fffffd802e162d00) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000ac9500,800100,ffff800000ac9540,0) at rt_ifa_del+0x436 sys/net/route.c:1201 in6_unlink_ifa(ffff800000ac9500,ffff800000a65800) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a65800,ffff800014884950,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff800014884950,ffff800000a65800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd8037004c00,8080691a,ffff800014884950,ffff8000ffff2ee8) at ifioctl+0xe60 sys/net/if.c:2291 sys_ioctl(ffff8000ffff2ee8,ffff800014884a68,ffff800014884ab0) at sys_ioctl+0x5b9 syscall(ffff800014884b30) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x22aca9c0d0, count: -11 ddb> show registers rdi 0xffffffff81b379f5 pool_do_put+0x125 rsi 0x17f rbp 0xffff8000148843a0 rbx 0x7a355f85cb31 rdx 0x180 rcx 0xffff800016b47000 rax 0xffff800016b47000 r8 0x4 r9 0x5 r10 0x6f0c7867f055ebfd r11 0x38c32c96d2ae0e2 r12 0xfffffd802e162d00 r13 0xc3647a355f85cb31 r14 0xffffffff825871b0 mbpool r15 0xfffffd8032d50be8 rip 0xffffffff81b379fe pool_do_put+0x12e cs 0x8 rflags 0x10296 __ALIGN_SIZE+0xf296 rsp 0xffff8000148842f0 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.1) pid=31589 stat=onproc flags process=0 proc=4000000 pri=80, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff2018,0xffff8000ffff3170 process=0xffff8000ffff6010 user=0xffff80001487f000, vmspace=0xfffffd803f011550 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 31801 386888 93112 0 2 0 syz-executor.1 *31801 31589 93112 0 7 0x4000000 syz-executor.1 41430 15839 17838 0 3 0x3000 suspend syz-executor.0 41430 282692 17838 0 2 0x4081000 syz-executor.0 17838 215399 39341 0 3 0x82 nanosleep syz-executor.0 84826 138833 0 0 3 0x14200 bored sosplice 93112 104584 39341 0 3 0x82 nanosleep syz-executor.1 39341 114578 26082 0 3 0x82 thrsleep syz-fuzzer 39341 220501 26082 0 3 0x4000082 thrsleep syz-fuzzer 39341 137027 26082 0 3 0x4000082 thrsleep syz-fuzzer 39341 247737 26082 0 3 0x4000082 thrsleep syz-fuzzer 39341 51117 26082 0 3 0x4000082 thrsleep syz-fuzzer 39341 351031 26082 0 3 0x4000082 thrsleep syz-fuzzer 39341 255609 26082 0 3 0x4000082 thrsleep syz-fuzzer 39341 94383 26082 0 3 0x4000082 kqread syz-fuzzer 26082 42783 14415 0 3 0x10008a pause ksh 14415 156489 90167 0 3 0x92 select sshd 16385 415430 1 0 3 0x100083 ttyin getty 90167 24724 1 0 3 0x80 select sshd 85713 115008 91750 73 3 0x100090 kqread syslogd 91750 147970 1 0 3 0x100082 netio syslogd 86256 372639 0 0 2 0x14200 zerothread 48497 260185 0 0 3 0x14200 aiodoned aiodoned 10401 232054 0 0 3 0x14200 syncer update 31242 138268 0 0 3 0x14200 cleaner cleaner 29288 130510 0 0 3 0x14200 reaper reaper 44420 305108 0 0 3 0x14200 pgdaemon pagedaemon 88056 158354 0 0 3 0x14200 bored crynlk 45330 200764 0 0 3 0x14200 bored crypto 75882 108216 0 0 3 0x40014200 acpi0 acpi0 18030 456266 0 0 3 0x14200 bored softnet 99761 278281 0 0 3 0x14200 bored systqmp 21452 136920 0 0 3 0x14200 bored systq 53020 329278 0 0 3 0x40014200 bored softclock 21023 446422 0 0 3 0x40014200 idle0 11713 182319 0 0 3 0x14200 bored smr 1 163271 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9514 6287K 7510K 78643K 12484 0 0 pcb 13 10K 12K 78643K 129 0 0 rtable 103 4K 4K 78643K 262 0 0 ifaddr 84 16K 16K 78643K 156 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 30 0 0 iov 0 0K 24K 78643K 99 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1223 77K 77K 78643K 1738 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 1K 78643K 2 0 0 VM map 6 1K 1K 78643K 6 0 0 sem 12 0K 1K 78643K 70 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1794 195K 288K 78643K 12646 0 0 file desc 6 17K 25K 78643K 347 0 0 sigio 0 0K 0K 78643K 52 0 0 proc 43 30K 63K 78643K 420 0 0 subproc 32 2K 2K 78643K 53 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 84 0 0 in_multi 55 2K 3K 78643K 96 0 0 ether_multi 1 0K 0K 78643K 4 0 0 mrt 0 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 78 344K 344K 78643K 78 0 0 exec 0 0K 1K 78643K 228 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 114 54K 58K 78643K 1739 0 0 UVM aobj 23 2K 2K 78643K 25 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 92 0 0 NDP 14 0K 0K 78643K 34 0 0 temp 143 3539K 3607K 78643K 16587 0 0 kqueue 0 0K 0K 78643K 2 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 11 0 5 1 0 1 1 0 8 0 rtpcb 80 137 0 137 1 0 1 1 0 8 1 rtentry 112 64 0 24 2 0 2 2 0 8 0 unpcb 120 316 0 310 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 52 0 52 1 1 0 1 0 8 0 tcpcb 544 390 0 384 14 5 9 14 0 8 8 ipq 40 6 0 6 2 2 0 1 0 8 0 ipqe 40 184 0 184 2 2 0 1 0 8 0 inpcb 280 758 0 752 10 2 8 8 0 8 7 nd6 48 7 0 4 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 ppxss 1128 6 0 6 2 1 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 294 0 87 15 1 14 14 0 8 0 art_table 32 295 0 87 2 0 2 2 0 8 0 art_node 16 63 0 26 1 0 1 1 0 8 0 sysvmsgpl 40 20 0 16 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 66 0 56 1 0 1 1 0 8 0 shmpl 112 23 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1994 0 599 46 0 46 46 0 8 0 ffsino 240 1994 0 599 83 0 83 83 0 8 0 nchpl 144 2678 0 1079 60 0 60 60 0 8 0 uvmvnodes 72 2450 0 0 45 0 45 45 0 8 0 vnodes 208 2450 0 0 129 0 129 129 0 8 0 namei 1024 8041 0 8041 1 0 1 1 0 8 1 vcpupl 1984 4 0 0 1 0 1 1 0 8 0 vmpool 520 4 0 0 1 0 1 1 0 8 0 scsiplug 64 1 0 1 1 1 0 1 0 8 0 scxspl 192 7854 0 7854 8 7 1 7 0 8 1 plimitpl 152 48 0 42 1 0 1 1 0 8 0 sigapl 432 514 0 502 2 0 2 2 0 8 0 futexpl 56 11379 0 11379 1 0 1 1 0 8 1 knotepl 112 136 0 117 1 0 1 1 0 8 0 kqueuepl 104 217 0 213 4 0 4 4 0 8 3 pipepl 128 422 0 403 3 2 1 2 0 8 0 fdescpl 424 515 0 502 2 0 2 2 0 8 0 filepl 120 4597 0 4505 10 0 10 10 0 8 7 lockfpl 104 409 0 407 1 0 1 1 0 8 0 lockfspl 48 107 0 105 1 0 1 1 0 8 0 sessionpl 112 18 0 10 1 0 1 1 0 8 0 pgrppl 48 24 0 16 1 0 1 1 0 8 0 ucredpl 96 508 0 502 1 0 1 1 0 8 0 zombiepl 144 503 0 502 1 0 1 1 0 8 0 processpl 864 530 0 502 4 0 4 4 0 8 0 procpl 632 997 0 960 4 0 4 4 0 8 0 sosppl 128 12 0 12 2 2 0 1 0 8 0 sockpl 384 1215 0 1203 15 5 10 13 0 8 8 mcl64k 65536 48 0 48 2 1 1 2 0 8 1 mcl16k 16384 6 0 6 2 2 0 1 0 8 0 mcl12k 12288 17 0 17 2 1 1 1 0 8 1 mcl9k 9216 7 0 7 2 1 1 1 0 8 1 mcl8k 8192 24 0 24 1 0 1 1 0 8 1 mcl4k 4096 59 0 59 2 1 1 1 0 8 1 mcl2k2 2112 3 0 3 2 2 0 1 0 8 0 mcl2k 2048 63676 0 63631 16 9 7 12 0 8 0 mtagpl 80 20 0 6 3 2 1 1 0 8 0 mbufpl 256 104911 0 104814 36 26 10 21 0 8 2 mbufpl: pool(0xffffffff825871b0:mbufpl): free list modified: page 0xfffffd802e162000; item ordinal 0; addr 0xfffffd802e162e00 (p 0xfffffd8032d50000); offset 0x0=0x0 mbufpl: pool(0xffffffff825871b0:mbufpl): page inconsistency: page 0xfffffd802e162000; item ordinal 1; addr 0x7a355f85cb31 bufpl 256 7194 0 2286 307 0 307 307 0 8 0 anonpl 16 70121 0 45976 102 3 99 99 0 62 1 amapchunkpl 152 3063 0 2882 24 4 20 20 0 158 13 amappl16 192 2806 0 1460 70 1 69 69 0 8 1 amappl14 176 88 0 83 1 0 1 1 0 8 0 amappl13 168 8 0 7 1 0 1 1 0 8 0 amappl12 160 7 0 6 2 1 1 1 0 8 0 amappl11 152 175 0 168 1 0 1 1 0 8 0 amappl10 144 11 0 9 1 0 1 1 0 8 0 amappl9 136 722 0 716 1 0 1 1 0 8 0 amappl8 128 314 0 285 1 0 1 1 0 8 0 amappl7 120 40 0 34 1 0 1 1 0 8 0 amappl6 112 172 0 163 1 0 1 1 0 8 0 amappl5 104 153 0 145 1 0 1 1 0 8 0 amappl4 96 734 0 708 1 0 1 1 0 8 0 amappl3 88 129 0 122 1 0 1 1 0 8 0 amappl2 80 3281 0 3214 3 1 2 3 0 8 0 amappl1 72 18891 0 18490 27 18 9 20 0 8 0 amappl 80 1240 0 1193 3 1 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 24 0 2 1 0 1 1 0 8 0 uaddrrnd 24 519 0 502 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 519 0 502 1 0 1 1 0 8 0 vmmpekpl 168 8015 0 7989 2 0 2 2 0 8 0 vmmpepl 168 69493 0 67038 141 31 110 133 0 357 2 vmsppl 272 514 0 502 2 1 1 2 0 8 0 pdppl 4096 1044 0 1008 6 1 5 6 0 8 0 pvpl 32 209149 0 181474 232 7 225 225 0 265 1 pmappl 200 518 0 502 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 493 0 49 13 0 13 13 0 8 0