./file0./file0./file0./file0./file0À 27 ./file0./file0€ ‡dÀ ˜. ./file0W./file0./file0./file0./file0./file0./file0À 27 ./file0./file0€ ‡dÀ ˜. ./file0W./file0./file0./file0./file0./file0À 27 ./file0./file0€ ‡dÀ ˜. ./file0Wkernel: protection fault trap, code=0 Stopped at in6_addmulti+0xc4: movzbl 0x1(%rax),%ebx ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace in6_addmulti(ffff800024b95b38,ffff800000bf4000,ffff800024b95bcc) at in6_addmulti+0xc4 sys/netinet6/in6.c:1033 in6_update_ifa(ffff800000bf4000,ffff800024b95c40,0) at in6_update_ifa+0x1418 in6_joingroup sys/netinet6/in6.c:1148 [inline] in6_update_ifa(ffff800000bf4000,ffff800024b95c40,0) at in6_update_ifa+0x1418 sys/netinet6/in6.c:772 in6_ifattach_linklocal(ffff800000bf4000,0) at in6_ifattach_linklocal+0x28d sys/netinet6/in6_ifattach.c:281 in6_ifattach(ffff800000bf4000) at in6_ifattach+0x1b7 sys/netinet6/in6_ifattach.c:401 ifnewlladdr(ffff800000bf4000) at ifnewlladdr+0x180 sys/net/if.c:3214 ifioctl(fffffd8068109218,8020691f,ffff800024b95f10,ffff80002130d268) at ifioctl+0x1f3e sys/net/if.c:2271 soo_ioctl(fffffd806cb10b60,8020691f,ffff800024b95f10,ffff80002130d268) at soo_ioctl+0x24e sys/kern/sys_socket.c:133 sys_ioctl(ffff80002130d268,ffff800024b96028,ffff800024b96070) at sys_ioctl+0x4a2 syscall(ffff800024b960f0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline] syscall(ffff800024b960f0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7b6176fc140, count: -10 ddb{0}> show registers rdi 0xffff800022f59000 rsi 0x4b61 __ALIGN_SIZE+0x3b61 rbp 0xffff800024b95a20 rbx 0 rdx 0xffff800022f59000 rcx 0x4b60 __ALIGN_SIZE+0x3b60 rax 0xdead0036deadbeef r8 0x2 r9 0xfffffd8067725318 r10 0xf2fc8493daadea43 r11 0xf52ce29957c6db01 r12 0xffff800000c28280 r13 0xffff800024b95b38 r14 0xffff800024b95bcc r15 0xffff800000bf4000 rip 0xffffffff81ebc164 in6_addmulti+0xc4 cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff800024b958a0 ss 0x10 in6_addmulti+0xc4: movzbl 0x1(%rax),%ebx ddb{0}> show proc PROC (syz-executor.1) pid=509665 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=76, nice=20 forw=0xffffffffffffffff, list=0xffff80002130c548,0xffffffff82a61a90 process=0xffff8000290190c0 user=0xffff800024b91000, vmspace=0xfffffd8067f92a30 estcpu=26, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 77036 345646 37244 0 7 0 syz-executor.0 77036 398009 37244 0 3 0x4000080 fsleep syz-executor.0 77036 57611 37244 0 2 0x4000000 syz-executor.0 90446 88161 5990 0 2 0 syz-executor.1 90446 342414 5990 0 3 0x4000000 ifrm syz-executor.1 *90446 509665 5990 0 7 0x4000000 syz-executor.1 46587 103002 0 0 3 0x14280 nfsidl nfsio 8985 399279 0 0 3 0x14280 nfsidl nfsio 5065 517366 0 0 3 0x14280 nfsidl nfsio 19482 36445 0 0 3 0x14280 nfsidl nfsio 4914 10753 0 0 3 0x14280 nfsidl nfsio 28143 309748 0 0 3 0x14280 nfsidl nfsio 44737 510271 0 0 3 0x14280 nfsidl nfsio 55864 281300 0 0 3 0x14280 nfsidl nfsio 93275 123382 0 0 3 0x14280 nfsidl nfsio 3019 414339 0 0 3 0x14280 nfsidl nfsio 45342 103911 0 0 3 0x14280 nfsidl nfsio 65995 334582 0 0 3 0x14280 nfsidl nfsio 49130 222452 0 0 3 0x14280 nfsidl nfsio 60418 219852 0 0 3 0x14280 nfsidl nfsio 62506 51670 0 0 3 0x14280 nfsidl nfsio 99130 61503 0 0 3 0x14280 nfsidl nfsio 66607 457750 0 0 3 0x14280 nfsidl nfsio 53379 328423 0 0 3 0x14280 nfsidl nfsio 35606 437360 0 0 3 0x14280 nfsidl nfsio 6721 507617 0 0 3 0x14280 nfsidl nfsio 53149 358127 66861 0 3 0x82 piperd syz-executor.7 35033 310480 66861 0 3 0x82 piperd syz-executor.6 26608 13993 66861 0 3 0x82 nanoslp syz-executor.2 37244 303923 66861 0 3 0x82 nanoslp syz-executor.0 71433 359400 66861 0 3 0x82 nanoslp syz-executor.4 65720 508101 66861 0 3 0x82 piperd syz-executor.3 5288 317939 66861 0 3 0x82 piperd syz-executor.5 49620 194704 1 0 3 0 vmmaplk syz-executor.0 49620 32023 1 0 3 0x4000000 vmmaplk syz-executor.0 49620 62084 1 0 3 0x4000080 fsleep syz-executor.0 49620 397330 1 0 3 0x4000000 vmmaplk syz-executor.0 20962 168849 1 0 3 0x100083 ttyin getty 88221 67858 0 0 3 0x14200 bored sosplice 5990 236137 66861 0 3 0x82 nanoslp syz-executor.1 66861 392040 77407 0 3 0x82 thrsleep syz-fuzzer 66861 162197 77407 0 3 0x4000082 thrsleep syz-fuzzer 66861 169652 77407 0 3 0x4000082 wait syz-fuzzer 66861 399243 77407 0 3 0x4000082 thrsleep syz-fuzzer 66861 248742 77407 0 3 0x4000082 wait syz-fuzzer 66861 6919 77407 0 3 0x4000082 thrsleep syz-fuzzer 66861 238656 77407 0 3 0x4000082 thrsleep syz-fuzzer 66861 412051 77407 0 3 0x4000082 wait syz-fuzzer 66861 308146 77407 0 3 0x4000082 thrsleep syz-fuzzer 66861 207623 77407 0 3 0x4000082 wait syz-fuzzer 66861 128868 77407 0 3 0x4000082 wait syz-fuzzer 66861 511945 77407 0 3 0x4000082 wait syz-fuzzer 66861 343484 77407 0 3 0x4000082 thrsleep syz-fuzzer 66861 378337 77407 0 3 0x4000082 wait syz-fuzzer 66861 318539 77407 0 3 0x4000082 kqread syz-fuzzer 66861 166309 77407 0 3 0x4000082 wait syz-fuzzer 77407 340921 47562 0 3 0x10008a sigsusp ksh 47562 131802 30356 0 3 0x9a kqread sshd 30356 278979 1 0 3 0x88 kqread sshd 98012 339373 17186 74 3 0x1100092 bpf pflogd 17186 300748 1 0 3 0x80 netio pflogd 86235 191731 92898 73 3 0x1100090 kqread syslogd 92898 180292 1 0 3 0x100082 netio syslogd 57798 493257 1 0 3 0x100080 kqread resolvd 41861 376708 15208 77 3 0x100092 kqread dhcpleased 18754 260313 15208 77 3 0x100092 kqread dhcpleased 15208 300985 1 0 3 0x80 kqread dhcpleased 2520 3178 0 0 3 0x14200 bored smr 90630 63901 0 0 2 0x14200 zerothread 37838 356377 0 0 3 0x14200 aiodoned aiodoned 27243 369156 0 0 3 0x14200 syncer update 10658 158499 0 0 3 0x14200 cleaner cleaner 4948 304424 0 0 3 0x14200 reaper reaper 75485 57 0 0 3 0x14200 pgdaemon pagedaemon 59609 223903 0 0 3 0x14200 bored viomb 95838 256142 0 0 3 0x40014200 acpi0 acpi0 7525 201735 0 0 3 0x40014200 idle1 17670 448894 0 0 3 0x14200 bored softnet 84965 365874 0 0 3 0x14200 bored softnet 48042 326237 0 0 3 0x14200 bored softnet 90616 400772 0 0 3 0x14200 bored softnet 68984 53157 0 0 2 0x14200 systqmp 1236 416582 0 0 3 0x14200 bored systq 69685 120052 0 0 3 0x40014200 bored softclock 5574 267918 0 0 3 0x40014200 idle0 1 73970 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 49620 (syz-executor.0) thread 0xffff80002130cd28 (32023) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10225 6520K 7231K 78643K 30767 0 pcb 13 16K 18K 78643K 1452 0 rtable 242 24K 27K 78643K 3558 0 ifaddr 182 43K 44K 78643K 1765 0 sysctl 2 0K 0K 78643K 2 0 counters 54 35K 36K 78643K 372 0 ioctlops 0 0K 6K 78643K 3546 0 iov 0 0K 20K 78643K 1655 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1479 92K 93K 78643K 8502 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 114 0 VM map 2 1K 1K 78643K 2 0 sem 17 3K 5K 78643K 811 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 13 45K 89K 78643K 11990 0 sigio 0 0K 0K 78643K 2258 0 proc 70 91K 128K 78643K 2102 0 subproc 117 7K 7K 78643K 585 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 386 0 in_multi 82 5K 6K 78643K 843 0 ether_multi 1 0K 0K 78643K 73 0 mrt 1 0K 0K 78643K 38 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 181 811K 811K 78643K 181 0 exec 0 0K 2K 78643K 2743 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 379 137K 141K 78643K 73164 0 UVM aobj 131 8K 8K 78643K 134 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 325 0 NDP 17 0K 2K 78643K 279 0 temp 145 4735K 5759K 78643K 112412 0 kqueue 12 18K 26K 78643K 786 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 648 0 645 7 6 1 3 0 8 0 rtentry 112 778 0 694 5 2 3 4 0 8 0 unpcb 144 26004 0 25989 141 140 1 11 0 8 0 syncache 296 59 0 59 15 15 0 1 0 8 0 tcpqe 32 178 29 178 2 2 0 1 0 8 0 tcpcb 768 3385 0 3371 131 123 8 15 0 8 6 arp 120 118 0 104 1 0 1 1 0 8 0 inpcb 368 9261 0 9245 134 126 8 13 0 8 5 nd6 48 168 0 148 1 0 1 1 0 8 0 pkpcb 40 45 0 45 8 8 0 1 0 8 0 kcovpl 48 45 0 36 1 0 1 1 0 8 0 ppxss 1256 79 0 79 12 12 0 1 0 8 0 pfstscr 40 43 0 43 6 6 0 1 0 8 0 pffrag 232 57 0 54 2 1 1 1 0 482 0 pffrnode 88 57 0 54 2 1 1 1 0 8 0 pffrent 40 232 0 229 2 1 1 1 0 8 0 pfosfp 40 1479 0 1053 5 0 5 5 0 8 0 pfosfpen 112 1479 0 723 22 0 22 22 0 8 0 pfrktable 1344 595 0 580 14 12 2 2 0 8 0 pfanchor 1280 585 0 92 44 2 42 42 0 8 0 pftag 88 10 0 2 2 1 1 1 0 8 0 pfqueue 264 10 0 10 4 4 0 1 0 8 0 pfstitem 24 67 0 64 1 0 1 1 0 8 0 pfstkey 120 111 0 108 2 1 1 2 0 8 0 pfstate 336 83 0 80 3 2 1 3 0 8 0 pfsrctr 152 6 0 6 1 1 0 1 0 8 0 pfrule 1360 705 0 645 11 5 6 6 0 8 0 rttmr 136 9 0 9 4 3 1 1 0 8 1 art_heap8 4096 4 0 3 4 3 1 2 0 8 0 art_heap4 256 3701 0 3262 64 35 29 31 0 8 0 art_table 32 3705 0 3265 6 2 4 5 0 8 0 art_node 16 737 0 661 1 0 1 1 0 8 0 semupl 112 4 0 4 2 2 0 1 0 8 0 semapl 112 800 0 785 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 17028 0 15544 93 0 93 93 0 8 0 ffsino 272 17028 0 15544 100 0 100 100 0 8 0 nchpl 144 32687 0 32189 63 38 25 63 0 8 0 rtmask 32 5 0 5 2 2 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 115228 0 115228 6 4 2 2 0 8 2 percpumem 16 198 0 159 1 0 1 1 0 8 0 vcpupl 2048 2 0 0 1 0 1 1 0 8 0 vmpool 568 2 0 0 1 0 1 1 0 8 0 pfiaddrpl 120 198 0 162 7 5 2 2 0 8 0 kstatmem 264 322 0 292 10 7 3 3 0 8 0 scsiplug 72 3 0 3 2 2 0 1 0 8 0 scxspl 216 88415 0 88415 24 23 1 8 0 8 1 plimitpl 152 1431 0 1414 1 0 1 1 0 8 0 sigapl 424 12336 0 12270 12 4 8 8 0 8 0 futexpl 64 101793 0 101791 1 0 1 1 0 8 0 knotepl 120 792 0 0 18 0 18 18 0 8 0 kqueuepl 216 1984 0 1976 29 28 1 5 0 8 0 pipepl 320 4719 0 4690 95 92 3 10 0 8 0 fdescpl 496 12216 0 12190 6 1 5 5 0 8 0 filepl 152 95921 0 95663 153 139 14 23 0 8 3 lockfpl 104 3302 0 3300 8 7 1 2 0 8 0 lockfspl 48 1019 0 1017 1 0 1 1 0 8 0 sessionpl 144 61 0 43 1 0 1 1 0 8 0 pgrppl 48 339 0 321 1 0 1 1 0 8 0 ucredpl 104 10904 0 10889 1 0 1 1 0 8 0 zombiepl 144 12272 0 12270 3 2 1 1 0 8 0 processpl 1064 12336 0 12270 5 0 5 5 0 8 0 procpl 672 35388 0 35300 23 14 9 10 0 8 0 srpgc 96 58 0 58 21 20 1 1 0 8 1 sosppl 168 53 0 53 13 13 0 1 0 8 0 sockpl 488 35970 0 35934 798 784 14 37 0 8 8 mcl64k 65536 17 0 0 3 0 3 3 0 8 0 mcl16k 16384 25 0 0 4 1 3 3 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 24 0 0 3 0 3 3 0 8 0 mcl4k 4096 18 0 0 3 0 3 3 0 8 0 mcl2k2 2112 11 0 0 1 0 1 1 0 8 0 mcl2k 2048 433 0 0 49 10 39 49 0 8 0 mtagpl 96 822 0 0 17 0 17 17 0 8 0 mbufpl 256 1199 0 0 73 0 73 73 0 8 0 bufpl 288 20575 0 14236 455 2 453 454 0 8 0 anonpl 24 2318148 0 2301943 201 79 122 144 0 186 0 amapchunkpl 152 209142 0 208435 56 21 35 38 0 158 0 amappl16 200 29396 0 28765 116 82 34 57 0 8 0 amappl15 192 1267 0 1266 1 0 1 1 0 8 0 amappl14 184 57 0 53 1 0 1 1 0 8 0 amappl13 176 3342 0 3339 1 0 1 1 0 8 0 amappl12 168 1731 0 1728 1 0 1 1 0 8 0 amappl11 160 1705 0 1684 2 0 2 2 0 8 0 amappl10 152 2137 0 2127 1 0 1 1 0 8 0 amappl9 144 1567 0 1566 2 1 1 1 0 8 0 amappl8 136 2507 0 2365 6 1 5 6 0 8 0 amappl7 128 1146 0 1122 1 0 1 1 0 8 0 amappl6 120 1498 0 1470 2 1 1 2 0 8 0 amappl5 112 9979 0 9963 1 0 1 1 0 8 0 amappl4 104 3984 0 3942 2 0 2 2 0 8 0 amappl3 96 40962 0 40907 5 3 2 3 0 8 0 amappl2 88 4808 0 4748 3 1 2 3 0 8 0 amappl1 80 304572 0 303808 25 6 19 23 0 8 0 amappl 88 71822 0 71627 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 12218 0 12190 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 12218 0 12190 1 0 1 1 0 8 0 vmmpekpl 168 108073 0 107992 5 0 5 5 0 8 0 vmmpepl 168 1198751 0 1195949 310 155 155 163 0 357 1 vmsppl 368 12217 0 12190 5 1 4 4 0 8 0 rwobjpl 56 296762 0 288789 132 17 115 120 0 8 0 pdppl 4096 24443 0 24382 511 438 73 81 0 8 12 pvpl 32 4475658 0 4454456 401 204 197 265 0 265 0 pmappl 248 12217 0 12190 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1540 0 641 26 0 26 26 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace in6_addmulti(ffff800024b95b38,ffff800000bf4000,ffff800024b95bcc) at in6_addmulti+0xc4 sys/netinet6/in6.c:1033 in6_update_ifa(ffff800000bf4000,ffff800024b95c40,0) at in6_update_ifa+0x1418 in6_joingroup sys/netinet6/in6.c:1148 [inline] in6_update_ifa(ffff800000bf4000,ffff800024b95c40,0) at in6_update_ifa+0x1418 sys/netinet6/in6.c:772 in6_ifattach_linklocal(ffff800000bf4000,0) at in6_ifattach_linklocal+0x28d sys/netinet6/in6_ifattach.c:281 in6_ifattach(ffff800000bf4000) at in6_ifattach+0x1b7 sys/netinet6/in6_ifattach.c:401 ifnewlladdr(ffff800000bf4000) at ifnewlladdr+0x180 sys/net/if.c:3214 ifioctl(fffffd8068109218,8020691f,ffff800024b95f10,ffff80002130d268) at ifioctl+0x1f3e sys/net/if.c:2271 soo_ioctl(fffffd806cb10b60,8020691f,ffff800024b95f10,ffff80002130d268) at soo_ioctl+0x24e sys/kern/sys_socket.c:133 sys_ioctl(ffff80002130d268,ffff800024b96028,ffff800024b96070) at sys_ioctl+0x4a2 syscall(ffff800024b960f0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline] syscall(ffff800024b960f0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7b6176fc140, count: -10 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82a7a660) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82a7a660) at __mp_lock+0x122 sys/kern/kern_lock.c:147 uvm_fault(fffffd8067f92020,690f6354000,0,1) at uvm_fault+0x181 sys/uvm/uvm_fault.c:623 upageflttrap(ffff80002a42d7c0,690f6354000) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff80002a42d7c0) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffff22550, count: -8