Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts.
2020/06/24 22:25:07 parsed 1 programs
2020/06/24 22:25:11 executed programs: 0
2020/06/24 22:25:16 executed programs: 176
panic: pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xfffffd806d5d9400+16 0x0!=0xf0af241b38efbec4
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 65343 56831 0 0 0 0K syz-executor.0
db_enter() at db_enter+0x18
panic(ffffffff823fdf6d) at panic+0x15c
pool_cache_get(ffffffff8291f248) at pool_cache_get+0x323
pool_get(ffffffff8291f248,2) at pool_get+0x91
m_get(2,3) at m_get+0x4c
rt_ifa_del(ffff800000aa1b00,800100,ffff800000aa1b40,0) at rt_ifa_del+0xa1
in6_unlink_ifa(ffff800000aa1b00,ffff800000ac5000) at in6_unlink_ifa+0x571
in6_update_ifa(ffff800000ac5000,ffff800020ec6eb0,0) at in6_update_ifa+0x13e7
in6_ioctl_change_ifaddr(8080691a,ffff800020ec6eb0,ffff800000ac5000) at in6_ioctl_change_ifaddr+0x40c
ifioctl(fffffd806f685c80,8080691a,ffff800020ec6eb0,ffff800020ddcc38) at ifioctl+0xe70
soo_ioctl(fffffd806cf79c88,8080691a,ffff800020ec6eb0,ffff800020ddcc38) at soo_ioctl+0x27c
sys_ioctl(ffff800020ddcc38,ffff800020ec6fc8,ffff800020ec7010) at sys_ioctl+0x4a5
syscall(ffff800020ec7090) at syscall+0x4a4
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd6d30, count: 1
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xfffffd806d5d9400+16 0x0!=0xf0af241b38efbec4
ddb{0}> trace
db_enter() at db_enter+0x18
panic(ffffffff823fdf6d) at panic+0x15c
pool_cache_get(ffffffff8291f248) at pool_cache_get+0x323
pool_get(ffffffff8291f248,2) at pool_get+0x91
m_get(2,3) at m_get+0x4c
rt_ifa_del(ffff800000aa1b00,800100,ffff800000aa1b40,0) at rt_ifa_del+0xa1
in6_unlink_ifa(ffff800000aa1b00,ffff800000ac5000) at in6_unlink_ifa+0x571
in6_update_ifa(ffff800000ac5000,ffff800020ec6eb0,0) at in6_update_ifa+0x13e7
in6_ioctl_change_ifaddr(8080691a,ffff800020ec6eb0,ffff800000ac5000) at in6_ioctl_change_ifaddr+0x40c
ifioctl(fffffd806f685c80,8080691a,ffff800020ec6eb0,ffff800020ddcc38) at ifioctl+0xe70
soo_ioctl(fffffd806cf79c88,8080691a,ffff800020ec6eb0,ffff800020ddcc38) at soo_ioctl+0x27c
sys_ioctl(ffff800020ddcc38,ffff800020ec6fc8,ffff800020ec7010) at sys_ioctl+0x4a5
syscall(ffff800020ec7090) at syscall+0x4a4
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd6d30, count: -14
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020ec6720
rbx 0xffff800020ec67d0
rdx 0x8b
rcx 0x2
rax 0x1
r8 0xffffffff817e707f kprintf+0x16f
r9 0x1
r10 0x2
r11 0xdd523f2d965ceab5
r12 0x3000000008
r13 0xffff800020ec6730
r14 0x100
r15 0x1
rip 0xffffffff81354558 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020ec6710
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.0) pid=65343 stat=onproc
flags process=0 proc=0
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020dddad8,0xffffffff8291a7b0
process=0xffff800020df1af8 user=0xffff800020ec2000, vmspace=0xfffffd807f000170
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*56831 65343 14180 0 7 0 syz-executor.0
14180 178443 12433 0 3 0x82 nanosleep syz-executor.0
12433 24153 40301 0 3 0x82 thrsleep syz-execprog
12433 173517 40301 0 3 0x4000082 nanosleep syz-execprog
12433 474537 40301 0 3 0x4000082 thrsleep syz-execprog
12433 175947 40301 0 3 0x4000082 thrsleep syz-execprog
12433 512921 40301 0 3 0x4000082 nanosleep syz-execprog
12433 329410 40301 0 3 0x4000082 thrsleep syz-execprog
12433 291206 40301 0 3 0x4000082 thrsleep syz-execprog
12433 382427 40301 0 3 0x4000082 thrsleep syz-execprog
12433 111901 40301 0 3 0x4000082 kqread syz-execprog
40301 15747 99023 0 3 0x10008a pause ksh
99023 307726 39922 0 3 0x92 select sshd
40412 496712 1 0 3 0x100083 ttyin getty
39922 406223 1 0 3 0x80 select sshd
33316 508741 9227 74 3 0x100092 bpf pflogd
9227 473529 1 0 3 0x80 netio pflogd
79184 514036 62633 73 3 0x100090 kqread syslogd
62633 148394 1 0 3 0x100082 netio syslogd
33895 469335 1 77 3 0x100090 poll dhclient
23670 280561 1 0 3 0x80 poll dhclient
30338 17059 0 0 3 0x14200 bored smr
54301 65125 0 0 3 0x14200 pgzero zerothread
23391 474281 0 0 3 0x14200 aiodoned aiodoned
41777 324447 0 0 3 0x14200 syncer update
96040 480580 0 0 3 0x14200 cleaner cleaner
8609 330203 0 0 3 0x14200 reaper reaper
8326 29798 0 0 3 0x14200 pgdaemon pagedaemon
44350 262753 0 0 3 0x14200 bored crynlk
95553 231720 0 0 3 0x14200 bored crypto
90857 5036 0 0 3 0x40014200 acpi0 acpi0
31901 224320 0 0 7 0x40014200 idle1
45582 84677 0 0 3 0x14200 bored softnet
91513 223235 0 0 3 0x14200 bored systqmp
22893 279376 0 0 3 0x14200 bored systq
10689 96550 0 0 3 0x40014200 bored softclock
6511 519987 0 0 3 0x40014200 idle0
1 20983 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 56831 (syz-executor.0) thread 0xffff800020ddcc38 (65343)
exclusive rwlock netlock r = 0 (0xffffffff826fbc18)
#0 witness_lock+0x4c7
#1 in6_ioctl_change_ifaddr+0x155
#2 ifioctl+0xe70
#3 soo_ioctl+0x27c
#4 sys_ioctl+0x4a5
#5 syscall+0x4a4
#6 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff828cb930)
#0 witness_lock+0x4c7
#1 soo_ioctl+0x26a
#2 sys_ioctl+0x4a5
#3 syscall+0x4a4
#4 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9467 6396K 6396K 78643K 10560 0
pcb 13 8K 8K 78643K 13 0
rtable 83 2K 2K 78643K 163 0
ifaddr 38 9K 9K 78643K 222 0
counters 41 33K 33K 78643K 41 0
ioctlops 0 0K 4K 78643K 1468 0
mount 1 1K 1K 78643K 1 0
vnodes 1183 74K 75K 78643K 1188 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 1K 1K 78643K 2 0
sem 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1824 197K 290K 78643K 13058 0
file desc 3 8K 12K 78643K 201 0
proc 59 63K 83K 78643K 398 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 22 1K 1K 78643K 22 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 19 95K 95K 78643K 19 0
exec 0 0K 1K 78643K 197 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 75 12K 12K 78643K 1133 0
UVM aobj 2 2K 2K 78643K 2 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 5 0K 0K 78643K 7 0
temp 29 3849K 3913K 78643K 2235 0
kqueue 3 4K 4K 78643K 3 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 4 0 0 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 17 0 15 1 0 1 1 0 8 0
rtentry 112 34 0 1 1 0 1 1 0 8 0
unpcb 120 29 0 19 1 0 1 1 0 8 0
syncache 264 5 0 5 1 1 0 1 0 8 0
tcpcb 544 8 0 5 1 0 1 1 0 8 0
inpcb 296 217 0 210 1 0 1 1 0 8 0
nd6 48 3 0 0 1 0 1 1 0 8 0
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 11 0 0 1 0 1 1 0 8 0
pfstkey 112 11 0 0 1 0 1 1 0 8 0
pfstate 328 11 0 0 1 0 1 1 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 143 0 0 9 0 9 9 0 8 0
art_table 32 144 0 0 2 0 2 2 0 8 0
art_node 16 33 0 3 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1607 0 205 88 0 88 88 0 8 0
ffsino 272 1607 0 205 94 0 94 94 0 8 0
nchpl 144 2009 0 405 60 0 60 60 0 8 0
uvmvnodes 72 1617 0 0 30 0 30 30 0 8 0
vnodes 208 1617 0 0 86 0 86 86 0 8 0
namei 1024 4962 0 4962 1 0 1 1 0 8 1
percpumem 16 31 0 0 1 0 1 1 0 8 0
scxspl 192 5701 0 5701 8 1 7 7 0 8 7
plimitpl 152 15 0 8 1 0 1 1 0 8 0
sigapl 424 424 0 394 4 0 4 4 0 8 0
knotepl 112 47 0 36 1 0 1 1 0 8 0
kqueuepl 144 2 0 0 1 0 1 1 0 8 0
pipelkpl 48 77 0 70 1 0 1 1 0 8 0
pipepl 120 154 0 141 1 0 1 1 0 8 0
fdescpl 496 409 0 394 3 0 3 3 0 8 0
filepl 152 1482 0 1423 3 0 3 3 0 8 0
lockfpl 104 5 0 4 1 0 1 1 0 8 0
lockfspl 48 3 0 2 1 0 1 1 0 8 0
sessionpl 112 19 0 9 1 0 1 1 0 8 0
pgrppl 48 19 0 9 1 0 1 1 0 8 0
ucredpl 96 62 0 53 1 0 1 1 0 8 0
zombiepl 144 394 0 394 1 0 1 1 0 8 1
processpl 984 424 0 394 5 0 5 5 0 8 1
procpl 624 432 0 394 4 0 4 4 0 8 1
sockpl 400 263 0 244 2 0 2 2 0 8 0
mcl4k 4096 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 79 0 0 10 0 10 10 0 8 0
mtagpl 96 1 0 0 1 0 1 1 0 8 0
mbufpl 256 113 0 0 7 0 7 7 0 8 0
mbufpl: pool(0xffffffff8291f248:mbufpl): free list modified: page 0xfffffd806d5d9000; item ordinal 5; addr 0xfffffd806d5d9c00 (p 0xfffffd806ddec000); offset 0x0=0x0
pool(mbufpl): free list modified: page 0xfffffd806d5d9000; item ordinal 5; addr 0xfffffd806d5d9c00 (p 0xfffffd806ddec000); offset 0x0=0x0
mbufpl: pool(0xffffffff8291f248:mbufpl): page inconsistency: page 0xfffffd806d5d9000; item ordinal 6; addr 0x8f82eb14ff0c95e5
mbufpl: pool(0xffffffff8291f248:mbufpl): free list modified: page 0xfffffd806d6b0000; item ordinal 3; addr 0xfffffd806d6b0c00 (p 0xfffffd806ddec000); offset 0x0=0x0
pool(mbufpl): free list modified: page 0xfffffd806d6b0000; item ordinal 3; addr 0xfffffd806d6b0c00 (p 0xfffffd806ddec000); offset 0x0=0x0
mbufpl: pool(0xffffffff8291f248:mbufpl): page inconsistency: page 0xfffffd806d6b0000; item ordinal 4; addr 0xa39c7bd583b6e5cb
bufpl 280 3231 0 132 222 0 222 222 0 8 0
anonpl 16 26917 0 25139 13 1 12 12 0 124 4
amapchunkpl 152 1035 0 968 5 0 5 5 0 158 1
amappl16 192 878 0 834 3 0 3 3 0 8 0
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 29 0 24 1 0 1 1 0 8 0
amappl13 168 22 0 20 1 0 1 1 0 8 0
amappl12 160 19 0 17 2 1 1 1 0 8 0
amappl11 152 239 0 222 1 0 1 1 0 8 0
amappl10 144 14 0 12 1 0 1 1 0 8 0
amappl9 136 233 0 232 1 0 1 1 0 8 0
amappl8 128 270 0 262 1 0 1 1 0 8 0
amappl7 120 114 0 103 1 0 1 1 0 8 0
amappl6 112 206 0 203 2 1 1 1 0 8 0
amappl5 104 305 0 289 1 0 1 1 0 8 0
amappl4 96 496 0 469 1 0 1 1 0 8 0
amappl3 88 107 0 101 1 0 1 1 0 8 0
amappl2 80 1247 0 1184 2 0 2 2 0 8 0
amappl1 72 16914 0 16485 23 5 18 18 0 8 8
amappl 80 659 0 630 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 1 0 0 1 0 1 1 0 8 0
uaddrrnd 24 409 0 394 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 409 0 394 1 0 1 1 0 8 0
vmmpekpl 168 6745 0 6720 2 0 2 2 0 8 0
vmmpepl 168 40378 0 39400 80 8 72 72 0 357 29
vmsppl 368 408 0 394 2 0 2 2 0 8 0
pdppl 4096 825 0 788 6 0 6 6 0 8 1
pvpl 32 133473 0 129258 104 0 104 104 0 265 69
pmappl 232 408 0 394 1 0 1 1 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 233 0 3 7 0 7 7 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18
panic(ffffffff823fdf6d) at panic+0x15c
pool_cache_get(ffffffff8291f248) at pool_cache_get+0x323
pool_get(ffffffff8291f248,2) at pool_get+0x91
m_get(2,3) at m_get+0x4c
rt_ifa_del(ffff800000aa1b00,800100,ffff800000aa1b40,0) at rt_ifa_del+0xa1
in6_unlink_ifa(ffff800000aa1b00,ffff800000ac5000) at in6_unlink_ifa+0x571
in6_update_ifa(ffff800000ac5000,ffff800020ec6eb0,0) at in6_update_ifa+0x13e7
in6_ioctl_change_ifaddr(8080691a,ffff800020ec6eb0,ffff800000ac5000) at in6_ioctl_change_ifaddr+0x40c
ifioctl(fffffd806f685c80,8080691a,ffff800020ec6eb0,ffff800020ddcc38) at ifioctl+0xe70
soo_ioctl(fffffd806cf79c88,8080691a,ffff800020ec6eb0,ffff800020ddcc38) at soo_ioctl+0x27c
sys_ioctl(ffff800020ddcc38,ffff800020ec6fc8,ffff800020ec7010) at sys_ioctl+0x4a5
syscall(ffff800020ec7090) at syscall+0x4a4
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd6d30, count: -14
ddb{0}>