>s_IM)5ӎ|+▒di@\&1LwT4E}^Jmgly>mp|'myvlYxZsUMİfEy䕢F:bG^p>Xȩy?༓"m߆,.D;mZؠ.Z~%fMrϕ~<|;xt3Po4m35rOl¥7Guvm_fault(0xffffffff828abf90, 0xfffffd0000000010, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_cache_get+0x1b1: movq 0x10(%r14),%r13 ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic kernel page fault uvm_fault(0xffffffff828abf90, 0xfffffd0000000010, 0, 1) -> e pool_cache_get(ffffffff828d7d80) at pool_cache_get+0x1b1 pool_cache_item_magic_check sys/kern/subr_pool.c:1770 [inline] pool_cache_get(ffffffff828d7d80) at pool_cache_get+0x1b1 sys/kern/subr_pool.c:1884 end trace frame: 0xffff8000230db090, count: 0 ddb{0}> trace pool_cache_get(ffffffff828d7d80) at pool_cache_get+0x1b1 pool_cache_item_magic_check sys/kern/subr_pool.c:1770 [inline] pool_cache_get(ffffffff828d7d80) at pool_cache_get+0x1b1 sys/kern/subr_pool.c:1884 pool_get(ffffffff828d7d80,2) at pool_get+0x91 sys/kern/subr_pool.c:572 m_gethdr(2,1) at m_gethdr+0x4c sys/kern/uipc_mbuf.c:283 rtm_msg1(1,ffff8000230db1a0) at rtm_msg1+0x6e sys/net/rtsock.c:1534 rtm_send(fffffd8064bb0158,1,0,0) at rtm_send+0x120 rtm_miss sys/net/rtsock.c:1679 [inline] rtm_send(fffffd8064bb0158,1,0,0) at rtm_send+0x120 sys/net/rtsock.c:1657 rt_ifa_add(ffff800000b23000,240404,ffff800000b23040,0) at rt_ifa_add+0x2b9 sys/net/route.c:1141 rt_ifa_addlocal(ffff800000b23000) at rt_ifa_addlocal+0x16d sys/net/route.c:1238 in6_update_ifa(ffff800000afb800,ffff8000230db7f0,0) at in6_update_ifa+0x13ab sys/netinet6/in6.c:723 in6_ioctl_change_ifaddr(8080691a,ffff8000230db7f0,ffff800000afb800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd80669e8338,8080691a,ffff8000230db7f0,ffff800020e09608) at ifioctl+0xe70 sys/net/if.c:2282 soo_ioctl(fffffd806fc36be0,8080691a,ffff8000230db7f0,ffff800020e09608) at soo_ioctl+0x27c sys/kern/sys_socket.c:138 sys_ioctl(ffff800020e09608,ffff8000230db908,ffff8000230db950) at sys_ioctl+0x4a5 syscall(ffff8000230db9d0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000230db9d0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xef1e1a58d30, count: -14 ddb{0}> show registers rdi 0xffffffff819f377a pool_cache_get+0x6a rsi 0xd63 rbp 0xffff8000230dafd0 rbx 0xb5a9902f328bfbff rdx 0xd64 rcx 0xffff800021ed6000 rax 0xffff800021ed6000 r8 0xa0 r9 0x5 r10 0xfc486ae24b5739fa r11 0x2140797dbc71113c r12 0xffffffff828d7d80 mbpool r13 0 r14 0xfffffd0000000000 r15 0xfffffd807f008e80 rip 0xffffffff819f38c1 pool_cache_get+0x1b1 cs 0x8 rflags 0x10286 __ALIGN_SIZE+0xf286 rsp 0xffff8000230daf70 ss 0x10 pool_cache_get+0x1b1: movq 0x10(%r14),%r13 ddb{0}> show proc PROC (syz-executor.1) pid=161404 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=65, nice=20 forw=0xffffffffffffffff, list=0xffff800020e089d8,0xffff800020e08508 process=0xffff800020e23738 user=0xffff8000230d6000, vmspace=0xfffffd807efff8a0 estcpu=30, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 61259 53117 34509 0 2 0 syz-executor.1 *61259 161404 34509 0 7 0x4000000 syz-executor.1 61259 498398 34509 0 3 0x4000080 fsleep syz-executor.1 34509 39893 3189 0 3 0x82 nanosleep syz-executor.1 5668 117319 0 0 3 0x14200 bored sosplice 56497 256713 3189 0 3 0x2 biowait syz-executor.0 3189 321146 17396 0 3 0x82 thrsleep syz-fuzzer 3189 77207 17396 0 3 0x4000082 nanosleep syz-fuzzer 3189 410877 17396 0 3 0x4000082 thrsleep syz-fuzzer 3189 356618 17396 0 3 0x4000082 nanosleep syz-fuzzer 3189 319076 17396 0 7 0x4000002 syz-fuzzer 3189 394723 17396 0 3 0x4000082 thrsleep syz-fuzzer 3189 104185 17396 0 3 0x4000082 thrsleep syz-fuzzer 3189 57366 17396 0 3 0x4000082 thrsleep syz-fuzzer 3189 364418 17396 0 3 0x4000082 thrsleep syz-fuzzer 3189 56290 17396 0 3 0x4000082 thrsleep syz-fuzzer 17396 322714 38406 0 3 0x10008a pause ksh 38406 373481 96032 0 3 0x92 select sshd 44203 182020 1 0 3 0x100083 ttyin getty 96032 175294 1 0 3 0x80 select sshd 72833 466178 7175 74 3 0x100092 bpf pflogd 7175 278416 1 0 3 0x80 netio pflogd 40356 159183 78422 73 3 0x100090 kqread syslogd 78422 446528 1 0 3 0x100082 netio syslogd 94004 109382 1 77 3 0x100090 poll dhclient 39462 262080 1 0 3 0x80 poll dhclient 97816 143396 0 0 3 0x14200 bored smr 46112 394033 0 0 2 0x14200 zerothread 86474 405411 0 0 3 0x14200 aiodoned aiodoned 26539 263598 0 0 3 0x14200 syncer update 33880 418747 0 0 3 0x14200 cleaner cleaner 3527 35096 0 0 3 0x14200 reaper reaper 35873 517392 0 0 3 0x14200 pgdaemon pagedaemon 82849 408427 0 0 3 0x14200 bored crynlk 79204 233828 0 0 3 0x14200 bored crypto 99272 363789 0 0 3 0x40014200 acpi0 acpi0 73735 200843 0 0 3 0x40014200 idle1 15383 41285 0 0 3 0x14200 bored softnet 32112 288086 0 0 2 0x14200 systqmp 33798 389312 0 0 3 0x14200 bored systq 55201 90895 0 0 3 0x40014200 bored softclock 19031 102255 0 0 3 0x40014200 idle0 1 369880 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 61259 (syz-executor.1) thread 0xffff800020e09608 (161404) exclusive rwlock netlock r = 0 (0xffffffff82726bb8) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 in6_ioctl_change_ifaddr+0xab #2 ifioctl+0xe70 sys/net/if.c:2282 #3 soo_ioctl+0x27c sys/kern/sys_socket.c:138 #4 sys_ioctl+0x4a5 #5 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 #6 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 1 (0xffffffff828c68b0) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 soo_ioctl+0x26a sys/kern/sys_socket.c:138 #2 sys_ioctl+0x4a5 #3 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] #3 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 #4 Xsyscall+0x128 Process 56497 (syz-executor.0) thread 0xffff800020dddad8 (256713) exclusive rrwlock inode r = 0 (0xfffffd80685b7928) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 rw_enter+0x453 sys/kern/kern_rwlock.c:311 #2 rrw_enter+0x88 sys/kern/kern_rwlock.c:462 #3 VOP_LOCK+0x4b sys/kern/vfs_vops.c:603 #4 vn_lock+0x81 sys/kern/vfs_vnops.c:575 #5 vget+0x1c8 sys/kern/vfs_subr.c:671 #6 ufs_ihashget+0x141 sys/ufs/ufs/ufs_ihash.c:119 #7 ffs_vget+0x74 sys/ufs/ffs/ffs_vfsops.c:1329 #8 ufs_lookup+0x14b7 sys/ufs/ufs/ufs_lookup.c:487 #9 VOP_LOOKUP+0x5b sys/kern/vfs_vops.c:90 #10 vfs_lookup+0x7a6 sys/kern/vfs_lookup.c:568 #11 namei+0x63c sys/kern/vfs_lookup.c:249 #12 dounlinkat+0x99 sys/kern/vfs_syscalls.c:1853 #13 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] #13 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd8068580700) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 rw_enter+0x453 sys/kern/kern_rwlock.c:311 #2 rrw_enter+0x88 sys/kern/kern_rwlock.c:462 #3 VOP_LOCK+0x4b sys/kern/vfs_vops.c:603 #4 vn_lock+0x81 sys/kern/vfs_vnops.c:575 #5 vfs_lookup+0xe6 sys/kern/vfs_lookup.c:419 #6 namei+0x63c sys/kern/vfs_lookup.c:249 #7 dounlinkat+0x99 sys/kern/vfs_syscalls.c:1853 #8 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] #8 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 #9 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9522 6424K 6869K 78643K 11076 0 pcb 13 8K 8K 78643K 101 0 rtable 119 4K 8K 78643K 502 0 ifaddr 78 15K 16K 78643K 160 0 counters 43 33K 34K 78643K 57 0 ioctlops 0 0K 4K 78643K 1543 0 iov 0 0K 16K 78643K 41 0 mount 1 1K 1K 78643K 1 0 vnodes 1221 77K 77K 78643K 1375 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 5 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 72 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1824 197K 290K 78643K 13058 0 file desc 5 13K 25K 78643K 383 0 proc 61 63K 95K 78643K 501 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 43 0 in_multi 65 3K 3K 78643K 171 0 ether_multi 1 0K 0K 78643K 10 0 mrt 0 0K 0K 78643K 2 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 1K 78643K 254 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 128 39K 39K 78643K 2160 0 UVM aobj 12 2K 2K 78643K 12 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 38 0 NDP 12 0K 0K 78643K 34 0 temp 106 3861K 3936K 78643K 9702 0 kqueue 3 4K 10K 78643K 28 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 11 0 3 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 25 0 23 1 0 1 1 0 8 0 rtentry 112 82 0 34 2 0 2 2 0 8 0 unpcb 120 99 0 88 1 0 1 1 0 8 0 syncache 264 6 0 6 2 2 0 1 0 8 0 tcpqe 32 999 0 999 1 1 0 1 0 8 0 tcpcb 544 121 0 117 1 0 1 1 0 8 0 inpcb 296 440 0 427 7 5 2 2 0 8 0 nd6 48 29 0 21 1 0 1 1 0 8 0 pkpcb 40 4 0 4 1 1 0 1 0 8 0 ppxss 1128 2 0 2 2 2 0 1 0 8 0 pfstscr 40 4 0 4 1 1 0 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrke_plain 160 4 0 4 1 1 0 1 0 8 0 pfrktable 1344 71 0 70 1 0 1 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 13 0 11 1 0 1 1 0 8 0 pfstkey 112 15 0 13 1 0 1 1 0 8 0 pfstate 328 13 0 11 1 0 1 1 0 8 0 pfsrctr 152 8 0 7 2 1 1 1 0 8 0 pfrule 1360 37 0 25 4 2 2 2 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 256 0 46 15 1 14 14 0 8 0 art_table 32 257 0 46 2 0 2 2 0 8 0 art_node 16 81 0 37 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 3 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 68 0 58 1 0 1 1 0 8 0 shmpl 112 10 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1907 0 501 93 4 89 89 0 8 0 ffsino 272 1907 0 501 96 1 95 95 0 8 0 nchpl 144 2613 0 1018 60 0 60 60 0 8 0 rtmask 32 8 0 8 1 1 0 1 0 8 0 uvmvnodes 72 2060 0 0 38 0 38 38 0 8 0 vnodes 208 2060 0 0 109 0 109 109 0 8 0 namei 1024 7717 0 7717 11 10 1 1 0 8 1 percpumem 16 39 0 7 1 0 1 1 0 8 0 vcpupl 1984 2 0 0 1 0 1 1 0 8 0 vmpool 560 4 0 2 2 1 1 1 0 8 0 pfiaddrpl 120 20 0 20 4 3 1 1 0 8 1 scxspl 192 7800 0 7799 12 11 1 7 0 8 0 plimitpl 152 39 0 31 1 0 1 1 0 8 0 sigapl 424 596 0 564 4 0 4 4 0 8 0 futexpl 56 4354 0 4353 10 9 1 1 0 8 0 knotepl 112 111 0 92 1 0 1 1 0 8 0 kqueuepl 144 62 0 60 1 0 1 1 0 8 0 pipepl 304 110 0 100 2 1 1 2 0 8 0 fdescpl 496 580 0 564 3 0 3 3 0 8 0 filepl 152 3240 0 3136 7 2 5 5 0 8 0 lockfpl 104 61 0 60 1 0 1 1 0 8 0 lockfspl 48 24 0 23 1 0 1 1 0 8 0 sessionpl 112 19 0 8 1 0 1 1 0 8 0 pgrppl 48 19 0 8 1 0 1 1 0 8 0 ucredpl 96 498 0 489 1 0 1 1 0 8 0 zombiepl 144 564 0 564 3 2 1 1 0 8 1 processpl 984 596 0 564 6 1 5 5 0 8 0 procpl 624 1335 0 1292 4 0 4 4 0 8 0 srpgc 64 2 0 2 1 1 0 1 0 8 0 sosppl 128 2 0 2 1 1 0 1 0 8 0 sockpl 400 568 0 544 5 2 3 4 0 8 0 mcl64k 65536 7 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 3 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 13 0 0 2 0 2 2 0 8 0 mcl4k 4096 5 0 0 1 0 1 1 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 203 0 0 25 0 25 25 0 8 0 mtagpl 96 41 0 0 1 0 1 1 0 8 0 mbufpl 256 298 0 0 15 1 14 14 0 8 0 bufpl 280 4016 0 132 278 0 278 278 0 8 0 anonpl 16 69969 0 53795 87 20 67 83 0 124 0 amapchunkpl 152 3098 0 2951 8 1 7 8 0 158 0 amappl16 192 2624 0 1735 60 15 45 57 0 8 0 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 110 0 107 1 0 1 1 0 8 0 amappl13 168 35 0 32 1 0 1 1 0 8 0 amappl12 160 81 0 75 2 1 1 1 0 8 0 amappl11 152 338 0 320 1 0 1 1 0 8 0 amappl10 144 18 0 12 1 0 1 1 0 8 0 amappl9 136 375 0 374 1 0 1 1 0 8 0 amappl8 128 377 0 341 2 0 2 2 0 8 0 amappl7 120 124 0 111 1 0 1 1 0 8 0 amappl6 112 296 0 292 1 0 1 1 0 8 0 amappl5 104 468 0 449 1 0 1 1 0 8 0 amappl4 96 602 0 567 1 0 1 1 0 8 0 amappl3 88 106 0 101 1 0 1 1 0 8 0 amappl2 80 3683 0 3615 2 0 2 2 0 8 0 amappl1 72 22338 0 21884 23 13 10 18 0 8 0 amappl 80 1603 0 1558 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 11 0 0 1 0 1 1 0 8 0 uaddrrnd 24 584 0 566 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 584 0 566 1 0 1 1 0 8 0 vmmpekpl 168 8187 0 8156 2 0 2 2 0 8 0 vmmpepl 168 78123 0 76053 162 67 95 125 0 357 1 vmsppl 368 583 0 566 2 0 2 2 0 8 0 pdppl 4096 1175 0 1134 7 1 6 6 0 8 0 pvpl 32 220287 0 200832 202 41 161 197 0 265 0 pmappl 232 583 0 566 4 2 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 289 0 24 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace pool_cache_get(ffffffff828d7d80) at pool_cache_get+0x1b1 pool_cache_item_magic_check sys/kern/subr_pool.c:1770 [inline] pool_cache_get(ffffffff828d7d80) at pool_cache_get+0x1b1 sys/kern/subr_pool.c:1884 pool_get(ffffffff828d7d80,2) at pool_get+0x91 sys/kern/subr_pool.c:572 m_gethdr(2,1) at m_gethdr+0x4c sys/kern/uipc_mbuf.c:283 rtm_msg1(1,ffff8000230db1a0) at rtm_msg1+0x6e sys/net/rtsock.c:1534 rtm_send(fffffd8064bb0158,1,0,0) at rtm_send+0x120 rtm_miss sys/net/rtsock.c:1679 [inline] rtm_send(fffffd8064bb0158,1,0,0) at rtm_send+0x120 sys/net/rtsock.c:1657 rt_ifa_add(ffff800000b23000,240404,ffff800000b23040,0) at rt_ifa_add+0x2b9 sys/net/route.c:1141 rt_ifa_addlocal(ffff800000b23000) at rt_ifa_addlocal+0x16d sys/net/route.c:1238 in6_update_ifa(ffff800000afb800,ffff8000230db7f0,0) at in6_update_ifa+0x13ab sys/netinet6/in6.c:723 in6_ioctl_change_ifaddr(8080691a,ffff8000230db7f0,ffff800000afb800) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd80669e8338,8080691a,ffff8000230db7f0,ffff800020e09608) at ifioctl+0xe70 sys/net/if.c:2282 soo_ioctl(fffffd806fc36be0,8080691a,ffff8000230db7f0,ffff800020e09608) at soo_ioctl+0x27c sys/kern/sys_socket.c:138 sys_ioctl(ffff800020e09608,ffff8000230db908,ffff8000230db950) at sys_ioctl+0x4a5 syscall(ffff8000230db9d0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000230db9d0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xef1e1a58d30, count: -14 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020d70ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff828c66a8) at __mp_lock+0x12e __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828c66a8) at __mp_lock+0x12e sys/kern/kern_lock.c:147 pageflttrap(ffff800020e959d0,1) at pageflttrap+0x7f sys/arch/amd64/amd64/trap.c:180 usertrap(ffff800020e959d0) at usertrap+0x21a sys/arch/amd64/amd64/trap.c:384 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0xc00046ac90, count: -7