uvm_fault(0xffffffff8256dc28, 0xfffffdffdf34fe92, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff8256dc28, 0xfffffdffdf34fe92, 0, 1) -> e pool_do_put(ffffffff825a9190,fffffd806bc22200) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff80001e85b240, count: 0 ddb> trace pool_do_put(ffffffff825a9190,fffffd806bc22200) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff825a9190,fffffd806bc22200) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd806bc22200) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000a15f00,800100,ffff800000a15f40,0) at rt_ifa_del+0x402 sys/net/route.c:1196 in6_unlink_ifa(ffff800000a15f00,ffff800000a08000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a08000,ffff80001e85b7a0,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001e85b7a0,ffff800000a08000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805e56a960,8080691a,ffff80001e85b7a0,ffff80001d7a8120) at ifioctl+0xe60 sys/net/if.c:2289 sys_ioctl(ffff80001d7a8120,ffff80001e85b8b8,ffff80001e85b900) at sys_ioctl+0x4a1 syscall(ffff80001e85b980) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe50d744f760, count: -11 ddb> show registers rdi 0xffffffff8102abc5 pool_do_put+0x125 rsi 0x137 rbp 0xffff80001e85b1f0 rbx 0xfffffdffdf34fe8a rdx 0x138 rcx 0xffff80001fa37000 rax 0xffff80001fa37000 r8 0x4 r9 0x5 r10 0x7f607545f1abfb4c r11 0x59e4521e8b0e2aa1 r12 0xfffffd806bc22200 r13 0xb26040ffdf34fe8a r14 0xffffffff825a9190 mbpool r15 0xfffffd806c3c4cb0 rip 0xffffffff8102abce pool_do_put+0x12e cs 0x8 rflags 0x10293 __ALIGN_SIZE+0xf293 rsp 0xffff80001e85b140 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.1) pid=389057 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff80001d7a8870,0xffffffff8256f8f0 process=0xffff8000ffffb208 user=0xffff80001e856000, vmspace=0xfffffd806bc0a220 estcpu=14, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 15296 17196 81525 0 2 0 syz-executor.1 *15296 389057 81525 0 7 0x4000000 syz-executor.1 31133 270950 18755 0 2 0 syz-executor.0 31133 442159 18755 0 3 0x4000080 fsleep syz-executor.0 6210 412211 0 0 3 0x14200 bored sosplice 81525 285356 87127 0 3 0x82 nanosleep syz-executor.1 18755 318537 87127 0 3 0x82 nanosleep syz-executor.0 87127 192548 8486 0 3 0x82 thrsleep syz-fuzzer 87127 91688 8486 0 3 0x4000082 nanosleep syz-fuzzer 87127 269509 8486 0 3 0x4000082 thrsleep syz-fuzzer 87127 158017 8486 0 3 0x4000082 thrsleep syz-fuzzer 87127 352805 8486 0 3 0x4000082 thrsleep syz-fuzzer 87127 238762 8486 0 3 0x4000082 thrsleep syz-fuzzer 87127 465916 8486 0 3 0x4000082 thrsleep syz-fuzzer 87127 134898 8486 0 2 0x4000002 syz-fuzzer 8486 367479 99926 0 3 0x10008a pause ksh 99926 231175 32471 0 3 0x92 select sshd 32144 475705 1 0 3 0x100083 ttyin getty 32471 113653 1 0 3 0x80 select sshd 38256 25973 11283 73 3 0x100090 kqread syslogd 11283 225384 1 0 3 0x100082 netio syslogd 44243 429923 1 77 3 0x100090 poll dhclient 92853 255122 1 0 3 0x80 poll dhclient 37313 519571 0 0 3 0x14200 bored smr 45743 91477 0 0 2 0x14200 zerothread 62714 330452 0 0 3 0x14200 aiodoned aiodoned 8846 264381 0 0 3 0x14200 syncer update 42307 520335 0 0 3 0x14200 cleaner cleaner 67232 104706 0 0 3 0x14200 reaper reaper 95443 258273 0 0 3 0x14200 pgdaemon pagedaemon 86944 81066 0 0 3 0x14200 bored crynlk 63413 327903 0 0 3 0x14200 bored crypto 59483 270787 0 0 3 0x40014200 acpi0 acpi0 28015 11253 0 0 3 0x14200 bored softnet 94296 327070 0 0 3 0x14200 bored systqmp 70106 28006 0 0 3 0x14200 bored systq 67543 395984 0 0 3 0x40014200 bored softclock 38245 334439 0 0 3 0x40014200 idle0 1 61044 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9485 6338K 6653K 78643K 10818 0 pcb 13 8K 8K 78643K 57 0 rtable 108 3K 3K 78643K 253 0 ifaddr 61 12K 12K 78643K 72 0 counters 21 16K 16K 78643K 22 0 ioctlops 0 0K 2K 78643K 31 0 iov 0 0K 16K 78643K 24 0 mount 1 1K 1K 78643K 1 0 vnodes 1218 77K 77K 78643K 1299 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 4 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 20 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 6 17K 25K 78643K 178 0 sigio 0 0K 0K 78643K 29 0 proc 48 38K 63K 78643K 369 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 16 0 in_multi 33 2K 2K 78643K 51 0 ether_multi 1 0K 0K 78643K 8 0 mrt 0 0K 0K 78643K 2 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 31 148K 148K 78643K 31 0 exec 0 0K 1K 78643K 199 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 94 21K 37K 78643K 1226 0 UVM aobj 8 2K 2K 78643K 8 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 53 0 NDP 10 0K 0K 78643K 15 0 temp 96 3031K 3095K 78643K 4270 0 kqueue 3 4K 16K 78643K 20 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 2 1 0 1 1 0 8 0 rtpcb 80 34 0 31 1 0 1 1 0 8 0 rtentry 112 52 0 8 2 0 2 2 0 8 0 unpcb 120 141 0 133 1 0 1 1 0 8 0 syncache 264 8 0 8 2 1 1 1 0 8 1 tcpqe 32 91 0 91 1 1 0 1 0 8 0 tcpcb 544 102 0 98 1 0 1 1 0 8 0 ipq 40 2 0 2 1 0 1 1 0 8 1 ipqe 40 4 0 4 1 0 1 1 0 8 1 inpcb 280 309 0 301 2 0 2 2 0 8 1 rttmr 72 1 0 1 1 0 1 1 0 8 1 ip6q 72 1 0 1 1 0 1 1 0 8 1 ip6af 40 3 0 3 1 0 1 1 0 8 1 nd6 48 6 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 202 0 9 13 0 13 13 0 8 0 art_table 32 203 0 9 2 0 2 2 0 8 0 art_node 16 51 0 11 1 0 1 1 0 8 0 sysvmsgpl 40 18 0 14 1 0 1 1 0 8 0 semupl 112 1 0 1 1 0 1 1 0 8 1 semapl 112 18 0 8 1 0 1 1 0 8 0 shmpl 112 6 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1671 0 273 46 0 46 46 0 8 0 ffsino 240 1671 0 273 83 0 83 83 0 8 0 nchpl 144 2129 0 518 60 0 60 60 0 8 0 uvmvnodes 72 1767 0 0 33 0 33 33 0 8 0 vnodes 208 1767 0 0 93 0 93 93 0 8 0 namei 1024 5178 0 5178 1 0 1 1 0 8 1 vmpool 528 2 0 2 1 0 1 1 0 8 1 scsiplug 64 1 0 1 1 0 1 1 0 8 1 scxspl 192 6003 0 6003 1 0 1 1 0 8 1 plimitpl 152 24 0 17 1 0 1 1 0 8 0 sigapl 424 365 0 335 4 0 4 4 0 8 0 futexpl 56 3362 0 3361 1 0 1 1 0 8 0 knotepl 112 71 0 52 1 0 1 1 0 8 0 kqueuepl 144 38 0 36 1 0 1 1 0 8 0 pipelkpl 16 91 0 81 1 0 1 1 0 8 0 pipepl 120 182 0 163 2 1 1 2 0 8 0 fdescpl 432 350 0 335 2 0 2 2 0 8 0 filepl 120 2009 0 1912 4 0 4 4 0 8 1 lockfpl 104 48 0 47 1 0 1 1 0 8 0 lockfspl 48 18 0 17 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 19 0 9 1 0 1 1 0 8 0 ucredpl 96 103 0 96 1 0 1 1 0 8 0 zombiepl 144 335 0 335 1 0 1 1 0 8 1 processpl 920 365 0 335 4 0 4 4 0 8 0 procpl 624 548 0 509 4 0 4 4 0 8 1 sosppl 128 4 0 4 1 0 1 1 0 8 1 sockpl 400 484 0 465 4 0 4 4 0 8 2 mcl64k 65536 17 0 17 1 0 1 1 0 8 1 mcl16k 16384 2 0 2 1 0 1 1 0 8 1 mcl12k 12288 4 0 4 1 0 1 1 0 8 1 mcl9k 9216 3 0 3 1 0 1 1 0 8 1 mcl8k 8192 1 0 1 1 0 1 1 0 8 1 mcl4k 4096 17 0 17 1 0 1 1 0 8 1 mcl2k2 2112 1 0 1 1 0 1 1 0 8 1 mcl2k 2048 62281 0 62233 14 6 8 13 0 8 1 mtagpl 80 14 0 2 2 1 1 1 0 8 0 mbufpl 256 99800 0 99682 11 1 10 10 0 8 0 mbufpl: pool(0xffffffff825a9190:mbufpl): free list modified: page 0xfffffd806bc22000; item ordinal 3; addr 0xfffffd806bc22300 (p 0xfffffd806c3c4000); offset 0x0=0x0 mbufpl: pool(0xffffffff825a9190:mbufpl): page inconsistency: page 0xfffffd806bc22000; item ordinal 4; addr 0xfffffdffdf34fe8a bufpl 280 4284 0 161 295 0 295 295 0 8 0 anonpl 16 44381 0 30535 59 2 57 57 0 107 0 amapchunkpl 152 2297 0 2169 19 0 19 19 0 158 13 amappl16 192 1547 0 758 42 0 42 42 0 8 2 amappl15 184 72 0 69 1 0 1 1 0 8 0 amappl14 176 76 0 73 2 1 1 1 0 8 0 amappl13 168 23 0 22 1 0 1 1 0 8 0 amappl12 160 5 0 5 1 1 0 1 0 8 0 amappl11 152 60 0 47 1 0 1 1 0 8 0 amappl10 144 12 0 8 1 0 1 1 0 8 0 amappl9 136 375 0 370 1 0 1 1 0 8 0 amappl8 128 267 0 253 1 0 1 1 0 8 0 amappl7 120 104 0 94 1 0 1 1 0 8 0 amappl6 112 20 0 19 1 0 1 1 0 8 0 amappl5 104 221 0 210 1 0 1 1 0 8 0 amappl4 96 514 0 483 1 0 1 1 0 8 0 amappl3 88 186 0 178 1 0 1 1 0 8 0 amappl2 80 2081 0 2006 3 1 2 3 0 8 0 amappl1 72 15988 0 15568 26 17 9 20 0 8 0 amappl 80 770 0 729 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 7 0 0 1 0 1 1 0 8 0 uaddrrnd 24 352 0 337 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 352 0 337 1 0 1 1 0 8 0 vmmpekpl 168 6144 0 6113 2 0 2 2 0 8 0 vmmpepl 168 48171 0 46234 101 8 93 96 0 357 8 vmsppl 272 351 0 337 2 0 2 2 0 8 1 pdppl 4096 710 0 674 6 0 6 6 0 8 1 pvpl 32 149471 0 132595 146 0 146 146 0 265 8 pmappl 200 351 0 337 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 149 0 9 5 0 5 5 0 8 0