b•øŠ+:ƒÊ÷¯¹ØÜÑa4../busÀ ÿÿÿÿ./busuvm_fault(0xffffffff825124e8, 0xfffffd5ea9d7723f, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff825124e8, 0xfffffd5ea9d7723f, 0, 1) -> e pool_do_put(ffffffff825810e0,fffffd8056804500) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff80001d42c480, count: 0 ddb> trace pool_do_put(ffffffff825810e0,fffffd8056804500) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff825810e0,fffffd8056804500) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8056804500) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff8000009c8200,800100,ffff8000009c8240,0) at rt_ifa_del+0x402 sys/net/route.c:1196 in6_unlink_ifa(ffff8000009c8200,ffff800000a02000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000a02000,ffff80001d42c9e0,0) at in6_update_ifa+0x13f7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001d42c9e0,ffff800000a02000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd805e569960,8080691a,ffff80001d42c9e0,ffff80001d35dc48) at ifioctl+0xe60 sys/net/if.c:2289 sys_ioctl(ffff80001d35dc48,ffff80001d42caf8,ffff80001d42cb40) at sys_ioctl+0x4a1 syscall(ffff80001d42cbc0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf195fcd300, count: -11 ddb> show registers rdi 0xffffffff81b835c5 pool_do_put+0x125 rsi 0x139 rbp 0xffff80001d42c430 rbx 0xfffffd5ea9d77237 rdx 0x13a rcx 0xffff80001f635000 rax 0xffff80001f635000 r8 0x4 r9 0x5 r10 0x620fdc9b2d82b004 r11 0xe4cf6b7bf8f13c0 r12 0xfffffd8056804500 r13 0xddf7315ea9d77237 r14 0xffffffff825810e0 mbpool r15 0xfffffd80666e7640 rip 0xffffffff81b835ce pool_do_put+0x12e cs 0x8 rflags 0x10216 __ALIGN_SIZE+0xf216 rsp 0xffff80001d42c380 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.1) pid=374223 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff80001d35e878,0xffffffff825ba778 process=0xffff8000ffffaa90 user=0xffff80001d427000, vmspace=0xfffffd806bc0a660 estcpu=36, cpticks=5, pctcpu=0.0 user=0, sys=5, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 66049 159005 31537 0 2 0 syz-executor.1 *66049 374223 31537 0 7 0x4000000 syz-executor.1 24162 491323 1152 0 3 0x80 nanosleep syz-executor.0 24162 170314 1152 0 3 0x4000080 ttyout syz-executor.0 24162 303916 1152 0 3 0x4000080 fsleep syz-executor.0 25591 317297 0 0 3 0x14200 bored sosplice 1152 292456 40178 0 3 0x82 nanosleep syz-executor.0 31537 100643 40178 0 3 0x82 nanosleep syz-executor.1 40178 113813 30740 0 3 0x82 kqread syz-fuzzer 40178 100949 30740 0 3 0x4000082 thrsleep syz-fuzzer 40178 350942 30740 0 3 0x4000082 thrsleep syz-fuzzer 40178 192506 30740 0 3 0x4000082 thrsleep syz-fuzzer 40178 234436 30740 0 3 0x4000082 thrsleep syz-fuzzer 40178 124823 30740 0 3 0x4000082 thrsleep syz-fuzzer 40178 199440 30740 0 3 0x4000082 thrsleep syz-fuzzer 40178 381893 30740 0 3 0x4000082 thrsleep syz-fuzzer 30740 108964 69091 0 3 0x10008a pause ksh 69091 104272 7106 0 3 0x92 select sshd 28371 510922 1 0 2 0x100083 getty 7106 318616 1 0 3 0x80 select sshd 93343 304216 41158 73 3 0x100090 kqread syslogd 41158 357888 1 0 3 0x100082 netio syslogd 75760 24345 1 77 3 0x100090 poll dhclient 72274 383335 1 0 3 0x80 poll dhclient 54353 357828 0 0 3 0x14200 bored smr 40300 18010 0 0 2 0x14200 zerothread 48717 217318 0 0 3 0x14200 aiodoned aiodoned 50075 478699 0 0 3 0x14200 syncer update 55783 421765 0 0 3 0x14200 cleaner cleaner 81446 84450 0 0 3 0x14200 reaper reaper 95978 509399 0 0 3 0x14200 pgdaemon pagedaemon 50849 245879 0 0 3 0x14200 bored crynlk 55776 62792 0 0 3 0x14200 bored crypto 10291 163437 0 0 3 0x40014200 acpi0 acpi0 11996 134786 0 0 3 0x14200 bored softnet 34484 552 0 0 3 0x14200 bored systqmp 42790 441270 0 0 3 0x14200 bored systq 96877 119966 0 0 3 0x40014200 bored softclock 28891 241228 0 0 3 0x40014200 idle0 1 343874 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9489 6338K 6721K 78643K 11131 0 pcb 13 8K 8K 78643K 79 0 rtable 106 3K 4K 78643K 256 0 ifaddr 64 13K 13K 78643K 79 0 counters 21 16K 16K 78643K 23 0 ioctlops 0 0K 2K 78643K 33 0 iov 1 12K 24K 78643K 57 0 mount 1 1K 1K 78643K 1 0 vnodes 1219 77K 77K 78643K 1381 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 7 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 54 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 6 17K 25K 78643K 283 0 sigio 0 0K 0K 78643K 12 0 proc 52 38K 55K 78643K 404 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 42 0 in_multi 43 2K 3K 78643K 98 0 ether_multi 1 0K 0K 78643K 19 0 mrt 0 0K 0K 78643K 4 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 1K 78643K 213 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 109 22K 38K 78643K 1526 0 UVM aobj 37 2K 3K 78643K 42 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 61 0 NDP 11 0K 0K 78643K 17 0 temp 121 3022K 3093K 78643K 19932 0 kqueue 3 4K 10K 78643K 27 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 9 0 2 1 0 1 1 0 8 0 rtpcb 80 39 0 37 1 0 1 1 0 8 0 rtentry 112 60 0 17 2 0 2 2 0 8 0 unpcb 120 263 0 255 1 0 1 1 0 8 0 syncache 264 12 0 12 2 2 0 1 0 8 0 tcpqe 32 95 0 95 2 2 0 1 0 8 0 tcpcb 544 242 0 238 2 1 1 2 0 8 0 ipq 40 5 0 3 1 0 1 1 0 8 0 ipqe 40 137 0 135 1 0 1 1 0 8 0 inpcb 280 606 0 597 2 0 2 2 0 8 1 rttmr 72 2 0 2 1 0 1 1 0 8 1 ip6q 72 1 0 1 1 0 1 1 0 8 1 ip6af 40 2 0 2 1 0 1 1 0 8 1 nd6 48 8 0 4 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 ppxss 1128 1 0 1 1 1 0 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 242 0 58 14 0 14 14 0 8 1 art_table 32 244 0 58 2 0 2 2 0 8 0 art_node 16 59 0 19 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 2 1 0 1 1 0 8 0 semupl 112 3 0 3 2 2 0 1 0 8 0 semapl 112 52 0 42 1 0 1 1 0 8 0 shmpl 112 40 0 5 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1797 0 400 46 0 46 46 0 8 0 ffsino 240 1797 0 400 83 0 83 83 0 8 0 nchpl 144 2401 0 790 60 0 60 60 0 8 0 uvmvnodes 72 1955 0 0 36 0 36 36 0 8 0 vnodes 208 1955 0 0 103 0 103 103 0 8 0 namei 1024 6636 0 6636 1 0 1 1 0 8 1 vmpool 528 2 0 2 1 0 1 1 0 8 1 scxspl 192 7603 0 7603 1 0 1 1 0 8 1 plimitpl 152 28 0 21 1 0 1 1 0 8 0 sigapl 424 470 0 440 4 0 4 4 0 8 0 futexpl 56 8525 0 8524 1 0 1 1 0 8 0 knotepl 112 81 0 62 1 0 1 1 0 8 0 kqueuepl 144 325 0 322 1 0 1 1 0 8 0 pipelkpl 16 153 0 143 1 0 1 1 0 8 0 pipepl 120 306 0 287 1 0 1 1 0 8 0 fdescpl 432 455 0 440 2 0 2 2 0 8 0 filepl 120 3675 0 3577 6 1 5 5 0 8 1 lockfpl 104 89 0 88 1 0 1 1 0 8 0 lockfspl 48 29 0 28 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 21 0 11 1 0 1 1 0 8 0 ucredpl 96 327 0 320 1 0 1 1 0 8 0 zombiepl 144 440 0 440 1 0 1 1 0 8 1 processpl 896 470 0 440 4 0 4 4 0 8 0 procpl 624 827 0 787 4 0 4 4 0 8 0 sosppl 128 67 0 67 1 0 1 1 0 8 1 sockpl 400 912 0 894 7 2 5 6 0 8 3 mcl64k 65536 35 0 35 1 0 1 1 0 8 1 mcl16k 16384 6 0 6 3 2 1 1 0 8 1 mcl12k 12288 10 0 10 1 0 1 1 0 8 1 mcl9k 9216 4 0 4 1 1 0 1 0 8 0 mcl8k 8192 16 0 16 1 0 1 1 0 8 1 mcl4k 4096 36 0 36 2 1 1 1 0 8 1 mcl2k2 2112 1 0 1 1 0 1 1 0 8 1 mcl2k 2048 64339 0 64291 16 9 7 13 0 8 0 mtagpl 80 46 0 2 2 1 1 1 0 8 0 mbufpl 256 105417 0 105212 40 10 30 30 0 8 14 mbufpl: pool(0xffffffff825810e0:mbufpl): free list modified: page 0xfffffd8056804000; item ordinal 0; addr 0xfffffd8056804600 (p 0xfffffd80666e7000); offset 0x0=0x0 mbufpl: pool(0xffffffff825810e0:mbufpl): page inconsistency: page 0xfffffd8056804000; item ordinal 1; addr 0xfffffd5ea9d77237 bufpl 280 6516 0 1132 385 0 385 385 0 8 0 anonpl 16 68529 0 51550 93 8 85 85 0 107 15 amapchunkpl 152 2132 0 1987 11 4 7 10 0 158 0 amappl16 192 2798 0 1864 68 13 55 59 0 8 8 amappl15 184 230 0 225 1 0 1 1 0 8 0 amappl14 176 141 0 136 2 1 1 1 0 8 0 amappl13 168 25 0 23 1 0 1 1 0 8 0 amappl12 160 5 0 5 1 1 0 1 0 8 0 amappl11 152 58 0 46 1 0 1 1 0 8 0 amappl10 144 16 0 11 1 0 1 1 0 8 0 amappl9 136 379 0 376 1 0 1 1 0 8 0 amappl8 128 274 0 253 1 0 1 1 0 8 0 amappl7 120 106 0 96 1 0 1 1 0 8 0 amappl6 112 24 0 19 1 0 1 1 0 8 0 amappl5 104 393 0 380 1 0 1 1 0 8 0 amappl4 96 444 0 414 1 0 1 1 0 8 0 amappl3 88 117 0 111 1 0 1 1 0 8 0 amappl2 80 2974 0 2899 3 1 2 3 0 8 0 amappl1 72 17617 0 17190 27 18 9 20 0 8 0 amappl 80 1058 0 1012 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 41 0 5 1 0 1 1 0 8 0 uaddrrnd 24 457 0 442 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 457 0 442 1 0 1 1 0 8 0 vmmpekpl 168 7148 0 7121 2 0 2 2 0 8 0 vmmpepl 168 61001 0 58898 125 22 103 111 0 357 10 vmsppl 272 456 0 442 3 1 2 2 0 8 1 pdppl 4096 920 0 884 6 1 5 6 0 8 0 pvpl 32 194540 0 174509 206 7 199 199 0 265 37 pmappl 200 456 0 442 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 190 0 29 5 0 5 5 0 8 0