uvm_fault(0xffffffff8254f1f0, 0xfffffdad5da0812f, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff8254f1f0, 0xfffffdad5da0812f, 0, 1) -> e pool_do_put(ffffffff8258c300,fffffd805bdf7300) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff80001e436680, count: 0 ddb> trace pool_do_put(ffffffff8258c300,fffffd805bdf7300) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff8258c300,fffffd805bdf7300) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd805bdf7300) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a2ad00,800100,ffff800000a2ad40,0) at rt_ifa_del+0x402 sys/net/route.c:1196 in6_unlink_ifa(ffff800000a2ad00,ffff800000a09000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a09000,ffff80001e436be0,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e436be0,ffff800000a09000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805ed017d0,8080691a,ffff80001e436be0,ffff80001d339ea8) at ifioctl+0xe60 sys/net/if.c:2289 sys_ioctl(ffff80001d339ea8,ffff80001e436cf8,ffff80001e436d40) at sys_ioctl+0x4a1 syscall(ffff80001e436dc0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x844e7052a50, count: -11 ddb> show registers rdi 0xffffffff8209eaf5 pool_do_put+0x125 rsi 0x141 rbp 0xffff80001e436630 rbx 0xfffffdad5da08127 rdx 0x142 rcx 0xffff80001f631000 rax 0xffff80001f631000 r8 0x4 r9 0x5 r10 0x4dc8420cc3904fa7 r11 0xd50792387a4b6373 r12 0xfffffd805bdf7300 r13 0x3f2afaad5da08127 r14 0xffffffff8258c300 mbpool r15 0xfffffd805d843398 rip 0xffffffff8209eafe pool_do_put+0x12e cs 0x8 rflags 0x10293 __ALIGN_SIZE+0xf293 rsp 0xffff80001e436580 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.0) pid=318311 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=58, nice=20 forw=0xffffffffffffffff, list=0xffff80001d339c38,0xffffffff8259cbb8 process=0xffff8000ffffb938 user=0xffff80001e431000, vmspace=0xfffffd8056fd4ee8 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 66557 261898 69213 0 2 0 syz-executor.0 *66557 318311 69213 0 7 0x4000000 syz-executor.0 69213 369948 5424 0 3 0x82 nanosleep syz-executor.0 31564 61656 5424 0 2 0x2 syz-executor.1 5424 272987 45574 0 3 0x82 thrsleep syz-fuzzer 5424 314350 45574 0 3 0x4000082 nanosleep syz-fuzzer 5424 262792 45574 0 3 0x4000082 kqread syz-fuzzer 5424 76649 45574 0 3 0x4000082 thrsleep syz-fuzzer 5424 326624 45574 0 3 0x4000082 thrsleep syz-fuzzer 5424 269139 45574 0 3 0x4000082 thrsleep syz-fuzzer 5424 496808 45574 0 3 0x4000082 thrsleep syz-fuzzer 45574 64296 76157 0 3 0x10008a pause ksh 76157 336855 50961 0 3 0x92 select sshd 79652 291490 1 0 3 0x100083 ttyin getty 50961 214551 1 0 3 0x80 select sshd 69250 129517 80601 73 3 0x100090 kqread syslogd 80601 338682 1 0 3 0x100082 netio syslogd 45661 366941 1 77 3 0x100090 poll dhclient 25286 119053 1 0 3 0x80 poll dhclient 59514 293284 0 0 3 0x14200 bored smr 82080 493917 0 0 2 0x14200 zerothread 31243 35183 0 0 3 0x14200 aiodoned aiodoned 77554 155422 0 0 3 0x14200 syncer update 7400 13430 0 0 3 0x14200 cleaner cleaner 60946 111130 0 0 3 0x14200 reaper reaper 66570 69546 0 0 3 0x14200 pgdaemon pagedaemon 76593 334119 0 0 3 0x14200 bored crynlk 60680 513813 0 0 3 0x14200 bored crypto 75163 147538 0 0 3 0x40014200 acpi0 acpi0 5252 102648 0 0 3 0x14200 bored softnet 91345 93581 0 0 3 0x14200 bored systqmp 87303 507810 0 0 3 0x14200 bored systq 83303 115446 0 0 3 0x40014200 bored softclock 73149 116259 0 0 3 0x40014200 idle0 1 296840 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9490 6599K 6731K 78643K 10756 0 pcb 13 8K 8K 78643K 45 0 rtable 105 3K 3K 78643K 208 0 ifaddr 57 12K 13K 78643K 76 0 counters 21 16K 16K 78643K 23 0 ioctlops 0 0K 2K 78643K 25 0 iov 0 0K 12K 78643K 18 0 mount 1 1K 1K 78643K 1 0 vnodes 1223 77K 77K 78643K 1293 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 5 0 VM map 2 0K 0K 78643K 2 0 sem 6 0K 0K 78643K 8 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 5 13K 25K 78643K 126 0 sigio 0 0K 0K 78643K 4 0 proc 49 38K 63K 78643K 382 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 2 0K 0K 78643K 186 0 in_multi 47 2K 2K 78643K 54 0 ether_multi 1 0K 0K 78643K 4 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 1K 78643K 185 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 96 53K 53K 78643K 1136 0 UVM aobj 16 2K 2K 78643K 16 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 20 0 NDP 8 0K 0K 78643K 14 0 temp 74 3032K 3098K 78643K 4268 0 kqueue 3 4K 6K 78643K 10 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 80 37 0 35 1 0 1 1 0 8 0 rtentry 112 45 0 1 2 0 2 2 0 8 0 unpcb 120 75 0 67 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 35 0 35 1 1 0 1 0 8 0 tcpcb 544 52 0 48 1 0 1 1 0 8 0 ipq 40 3 0 3 1 0 1 1 0 8 1 ipqe 40 135 0 135 1 0 1 1 0 8 1 inpcb 280 260 0 251 2 0 2 2 0 8 1 nd6 48 6 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 189 0 0 12 0 12 12 0 8 0 art_table 32 190 0 0 2 0 2 2 0 8 0 art_node 16 44 0 4 1 0 1 1 0 8 0 semupl 112 1 0 1 1 0 1 1 0 8 1 semapl 112 4 0 0 1 0 1 1 0 8 0 shmpl 112 14 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1553 0 153 46 0 46 46 0 8 0 ffsino 240 1553 0 153 83 0 83 83 0 8 0 nchpl 144 1916 0 306 60 0 60 60 0 8 0 uvmvnodes 72 1650 0 0 30 0 30 30 0 8 0 vnodes 208 1650 0 0 87 0 87 87 0 8 0 namei 1024 4809 0 4809 1 0 1 1 0 8 1 vcpupl 1984 4 0 0 1 0 1 1 0 8 0 vmpool 528 6 0 2 1 0 1 1 0 8 0 scxspl 192 5948 0 5948 1 0 1 1 0 8 1 plimitpl 152 18 0 11 1 0 1 1 0 8 0 sigapl 424 312 0 284 4 0 4 4 0 8 0 futexpl 56 2312 0 2312 1 0 1 1 0 8 1 knotepl 112 59 0 40 1 0 1 1 0 8 0 kqueuepl 144 12 0 10 1 0 1 1 0 8 0 pipelkpl 16 77 0 67 1 0 1 1 0 8 0 pipepl 120 154 0 135 1 0 1 1 0 8 0 fdescpl 432 298 0 284 2 0 2 2 0 8 0 filepl 120 1736 0 1639 4 0 4 4 0 8 1 lockfpl 104 21 0 20 1 0 1 1 0 8 0 lockfspl 48 9 0 8 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 118 0 111 1 0 1 1 0 8 0 zombiepl 144 284 0 284 1 0 1 1 0 8 1 processpl 920 312 0 284 4 0 4 4 0 8 0 procpl 624 430 0 395 4 0 4 4 0 8 1 sockpl 400 376 0 357 4 0 4 4 0 8 2 mcl64k 65536 16 0 16 1 0 1 1 0 8 1 mcl12k 12288 4 0 4 1 0 1 1 0 8 1 mcl9k 9216 1 0 1 1 0 1 1 0 8 1 mcl4k 4096 15 0 15 2 1 1 1 0 8 1 mcl2k 2048 62940 0 62893 15 3 12 13 0 8 5 mtagpl 80 11 0 2 2 1 1 1 0 8 0 mbufpl 256 100740 0 100634 20 2 18 18 0 8 9 mbufpl: pool(0xffffffff8258c300:mbufpl): free list modified: page 0xfffffd805bdf7000; item ordinal 10; addr 0xfffffd805bdf7400 (p 0xfffffd805d843000); offset 0x0=0x0 mbufpl: pool(0xffffffff8258c300:mbufpl): page inconsistency: page 0xfffffd805bdf7000; item ordinal 11; addr 0xfffffdad5da08127 bufpl 280 4394 0 164 303 0 303 303 0 8 0 anonpl 16 48635 0 35288 78 1 77 77 0 107 15 amapchunkpl 152 1538 0 1407 9 0 9 9 0 158 2 amappl16 192 1606 0 779 54 3 51 54 0 8 8 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 46 0 44 2 1 1 1 0 8 0 amappl13 168 31 0 29 1 0 1 1 0 8 0 amappl12 160 8 0 8 2 2 0 1 0 8 0 amappl11 152 63 0 51 1 0 1 1 0 8 0 amappl10 144 69 0 62 1 0 1 1 0 8 0 amappl9 136 377 0 373 1 0 1 1 0 8 0 amappl8 128 260 0 249 1 0 1 1 0 8 0 amappl7 120 156 0 144 1 0 1 1 0 8 0 amappl6 112 23 0 19 1 0 1 1 0 8 0 amappl5 104 236 0 224 1 0 1 1 0 8 0 amappl4 96 437 0 409 1 0 1 1 0 8 0 amappl3 88 110 0 103 1 0 1 1 0 8 0 amappl2 80 1582 0 1517 3 1 2 3 0 8 0 amappl1 72 14959 0 14543 26 14 12 20 0 8 2 amappl 80 686 0 643 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 15 0 0 1 0 1 1 0 8 0 uaddrrnd 24 304 0 286 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 304 0 286 1 0 1 1 0 8 0 vmmpekpl 168 5988 0 5963 2 0 2 2 0 8 0 vmmpepl 168 42479 0 40583 130 6 124 124 0 357 39 vmsppl 272 303 0 286 2 0 2 2 0 8 0 pdppl 4096 614 0 576 6 0 6 6 0 8 1 pvpl 32 148053 0 132017 186 0 186 186 0 265 40 pmappl 200 303 0 286 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 157 0 8 5 0 5 5 0 8 0