last executing test programs: 22.546149ms ago: executing program 1 (id=2): r0 = socket(0x18, 0x1, 0x0) r1 = openat$bpf(0xffffffffffffff9c, &(0x7f00000002c0), 0x280, 0x0) ioctl$BIOCSETIF(r1, 0x8020426c, &(0x7f0000000240)={'tap', 0x0}) ioctl$BIOCSETF(r1, 0x80104267, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x84, 0x3d, 0x4, 0xfffd}, {0x24, 0x2, 0x5, 0x5}, {0x1006, 0x8, 0x1, 0x4}]}) r2 = socket(0x18, 0xc001, 0x0) setsockopt(r2, 0x1000000000029, 0x37, 0x0, 0x0) syz_emit_ethernet(0x1000e, &(0x7f0000000000)=ANY=[]) setegid(0xffffffffffffffff) ioctl$BIOCSETF(0xffffffffffffffff, 0x80104267, &(0x7f0000000040)={0x2, &(0x7f0000000080)=[{0x84, 0x91, 0xff, 0x4c}, {0x6a, 0x0, 0xff, 0x9}]}) sysctl$hw(0x0, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000240)="2a5f4cd9b73c31d629e8d68e605e5940744ef138960b671d42c56f79fcb70549247e5504e02f85a6099eff9291731e94399a7e966e783d4073ecd5dc8e540f32190bb47050aee3907495ecf7708d1c295a0836f79ba03ea13db12836c2441989726ffbf7fd1da55bfe2caaf081a1ef55599935c0e60cb0866ee48d420b77a6e269bc30b2650349e16792252c6be8bcc6e9ce2b941299ab505e4779fa1960bb7cf924dcbc53c82e76bcd80731a694d12e8a139d8ecef6f5560939054b7842d25cd73963774d9bcfe2a2383feea17b87393cd892b90742631718b1877d8d83d5f66587e3e5b1e129433ead750143a4c51aa46e78e3b1a54a4634eea2846511719b1637b19ea8c96a95332abd69014f53e91a7319a36efb4052387dc6330aa00b5680142650e8dab5eb6b83ff7d0bbf1293338a8d3e8a6dcd7ed4916279eac230dda46e6fcdebe8a4c12d598883d9392da05791e153d905ce19021189c3503466bf850f59e6649dd0b40d935ba155a9d7e065df6d90a500be9d7e1e77607d495898a8d6c9c48dda88533e75e760dceae91d670f97ebbe68b845c72eb698a9e0389b15cfe768cd4e524dbe939bc2d8363ae3b71a454a0a0378cd1f36565ab9d1b92263688195df65151ee9b8158c7a5280019a38f00ea05142b3cc832ece46e326e36a55d7a30f866ca97da61a3877612f0d9f23c052edf60a430d3a9acbae3d9f14f22f38a1eeac7df37ae17748a960b9e0d265bf6cdec73bd2a7b5f25035d845d936936cbfe6f013f8d7c73eba2bd9876ff6db3224e50e75c051979f4cdc41d28ea54e28f560fb0291cd6b6ba527e0f358ffa46b988f0b063d2024380071709ac00ed463e08fd1718a857b567d8b3eda143915e943d9530d25ed15743e117be375dc08e241328a53fa05b58c7c72a35d471a72706afce82b6c57eef81444269e06338bfd0af6f6ef6479dcc26aab0b10c7e58572aa507a69831d63c78c947cecda2c57bb8ae6b2ad7862d160b423de941be69928467db10ee4817536196ad0c5cc02a74ba1a1fb467e472f025f200846112b6b3efd298284d8c0cc498fb9203db18e48e34c137d1285120d809a774d56a62b3dbe8f202cb9cf18c33099f5b9651fc7ae41de53842f327fd40bcfaa601a791da1103351a64cc9815ff1f32cde6fbfe4c92f55a9aff41c055d4edce9c656ecd1becb9035bb8bd46cf47bca0dcb1848da94d05d1475c83a48c02f8f808597eaa9e88a4e4b12d0ef95458eeab115cb189fa7e368186bb68610af4651e27feab061c4ada46e8c12d6d33fe32cd40485b02120418a9aaba8f04c17ea1abdcb9e68f5d8090c0780b3b5ae0382efbb64f62c825527b7e3d60ad9c73ba7f174ea7c7f2d155808052a0ef6ab2af85cf9a758a8c1227c85f2986fc06c5f54807968b18b6b5f9168d0b2de2728689d75f0efaedf79bd8bbbbc1d46b0f6072d46d46687bc92c0b16c4ad36c3fe4c7b3fde0cfec859052dd78d841464a6b4432342ea973bf18f1f5abd7b2fe7962faef39ff38bd88a40dbab0f8c08541e38efe924f9ec1addbd47362e349bfca42fd62cf18fef8db7d3cbf0b1733d37dcdae5b9c738b8426a1cfa205c9671870210508c614f256d199fb822613518b1a6fccfee08c48f0feae1ca4baaf0a02635282d4f630a8df115dc73e72d9f7b8feb4333b2c796f1d3f2cfb398ba1e9c81584185b8b578bac3c64d667da7d91062f0c2ccec0c9d09e0c15c62e7bc509c3204d054c22d4eac685626e48e25cff2fc382279d9cb941c2ca182b1f65b05ff05db880a37b1e7f9b3d89755503000000bbea9213a885b7d43451230e0624403baa77839baa33ae92de771ca76319c2353e9f98ea8191fbb686aed6d08e87bcc2bb80", 0x539}], 0x1) r3 = openat$pf(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$WSMOUSEIO_SRES(r3, 0x80045721, &(0x7f00000000c0)=0x2) ioctl$TIOCSETA(r3, 0xc0404469, &(0x7f0000000740)={0x0, 0x0, 0x4, 0xfffffffd, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x008\x00', 0x0, 0xfffffffc}) setsockopt(r0, 0x1000000029, 0xc, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) socket(0x18, 0x1, 0x0) (async) openat$bpf(0xffffffffffffff9c, &(0x7f00000002c0), 0x280, 0x0) (async) ioctl$BIOCSETIF(r1, 0x8020426c, &(0x7f0000000240)={'tap', 0x0}) (async) ioctl$BIOCSETF(r1, 0x80104267, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x84, 0x3d, 0x4, 0xfffd}, {0x24, 0x2, 0x5, 0x5}, {0x1006, 0x8, 0x1, 0x4}]}) (async) socket(0x18, 0xc001, 0x0) (async) setsockopt(r2, 0x1000000000029, 0x37, 0x0, 0x0) (async) syz_emit_ethernet(0x1000e, &(0x7f0000000000)=ANY=[]) (async) setegid(0xffffffffffffffff) (async) ioctl$BIOCSETF(0xffffffffffffffff, 0x80104267, &(0x7f0000000040)={0x2, &(0x7f0000000080)=[{0x84, 0x91, 0xff, 0x4c}, {0x6a, 0x0, 0xff, 0x9}]}) (async) sysctl$hw(0x0, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) (async) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000240)="2a5f4cd9b73c31d629e8d68e605e5940744ef138960b671d42c56f79fcb70549247e5504e02f85a6099eff9291731e94399a7e966e783d4073ecd5dc8e540f32190bb47050aee3907495ecf7708d1c295a0836f79ba03ea13db12836c2441989726ffbf7fd1da55bfe2caaf081a1ef55599935c0e60cb0866ee48d420b77a6e269bc30b2650349e16792252c6be8bcc6e9ce2b941299ab505e4779fa1960bb7cf924dcbc53c82e76bcd80731a694d12e8a139d8ecef6f5560939054b7842d25cd73963774d9bcfe2a2383feea17b87393cd892b90742631718b1877d8d83d5f66587e3e5b1e129433ead750143a4c51aa46e78e3b1a54a4634eea2846511719b1637b19ea8c96a95332abd69014f53e91a7319a36efb4052387dc6330aa00b5680142650e8dab5eb6b83ff7d0bbf1293338a8d3e8a6dcd7ed4916279eac230dda46e6fcdebe8a4c12d598883d9392da05791e153d905ce19021189c3503466bf850f59e6649dd0b40d935ba155a9d7e065df6d90a500be9d7e1e77607d495898a8d6c9c48dda88533e75e760dceae91d670f97ebbe68b845c72eb698a9e0389b15cfe768cd4e524dbe939bc2d8363ae3b71a454a0a0378cd1f36565ab9d1b92263688195df65151ee9b8158c7a5280019a38f00ea05142b3cc832ece46e326e36a55d7a30f866ca97da61a3877612f0d9f23c052edf60a430d3a9acbae3d9f14f22f38a1eeac7df37ae17748a960b9e0d265bf6cdec73bd2a7b5f25035d845d936936cbfe6f013f8d7c73eba2bd9876ff6db3224e50e75c051979f4cdc41d28ea54e28f560fb0291cd6b6ba527e0f358ffa46b988f0b063d2024380071709ac00ed463e08fd1718a857b567d8b3eda143915e943d9530d25ed15743e117be375dc08e241328a53fa05b58c7c72a35d471a72706afce82b6c57eef81444269e06338bfd0af6f6ef6479dcc26aab0b10c7e58572aa507a69831d63c78c947cecda2c57bb8ae6b2ad7862d160b423de941be69928467db10ee4817536196ad0c5cc02a74ba1a1fb467e472f025f200846112b6b3efd298284d8c0cc498fb9203db18e48e34c137d1285120d809a774d56a62b3dbe8f202cb9cf18c33099f5b9651fc7ae41de53842f327fd40bcfaa601a791da1103351a64cc9815ff1f32cde6fbfe4c92f55a9aff41c055d4edce9c656ecd1becb9035bb8bd46cf47bca0dcb1848da94d05d1475c83a48c02f8f808597eaa9e88a4e4b12d0ef95458eeab115cb189fa7e368186bb68610af4651e27feab061c4ada46e8c12d6d33fe32cd40485b02120418a9aaba8f04c17ea1abdcb9e68f5d8090c0780b3b5ae0382efbb64f62c825527b7e3d60ad9c73ba7f174ea7c7f2d155808052a0ef6ab2af85cf9a758a8c1227c85f2986fc06c5f54807968b18b6b5f9168d0b2de2728689d75f0efaedf79bd8bbbbc1d46b0f6072d46d46687bc92c0b16c4ad36c3fe4c7b3fde0cfec859052dd78d841464a6b4432342ea973bf18f1f5abd7b2fe7962faef39ff38bd88a40dbab0f8c08541e38efe924f9ec1addbd47362e349bfca42fd62cf18fef8db7d3cbf0b1733d37dcdae5b9c738b8426a1cfa205c9671870210508c614f256d199fb822613518b1a6fccfee08c48f0feae1ca4baaf0a02635282d4f630a8df115dc73e72d9f7b8feb4333b2c796f1d3f2cfb398ba1e9c81584185b8b578bac3c64d667da7d91062f0c2ccec0c9d09e0c15c62e7bc509c3204d054c22d4eac685626e48e25cff2fc382279d9cb941c2ca182b1f65b05ff05db880a37b1e7f9b3d89755503000000bbea9213a885b7d43451230e0624403baa77839baa33ae92de771ca76319c2353e9f98ea8191fbb686aed6d08e87bcc2bb80", 0x539}], 0x1) (async) openat$pf(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) (async) ioctl$WSMOUSEIO_SRES(r3, 0x80045721, &(0x7f00000000c0)=0x2) (async) ioctl$TIOCSETA(r3, 0xc0404469, &(0x7f0000000740)={0x0, 0x0, 0x4, 0xfffffffd, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x008\x00', 0x0, 0xfffffffc}) (async) setsockopt(r0, 0x1000000029, 0xc, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) (async) 0s ago: executing program 0 (id=1): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) shutdown(r0, 0x2) sendmsg$unix(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="28000000ffff000001"], 0x28, 0x3010b}, 0x0) (async) r2 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000440), 0x80, 0x0) ioctl$BIOCSETIF(r2, 0x8020426c, &(0x7f0000000280)={'tap', 0x0}) (async) ioctl$BIOCSETF(r2, 0x80104267, &(0x7f0000000200)={0x3, &(0x7f00000001c0)=[{0x3, 0x20, 0x2, 0x7}, {0x4, 0x64, 0x9, 0x1000}, {0x7ffe, 0xf5, 0x2a, 0x1}]}) (async) r3 = open(&(0x7f0000000000)='./file0\x00', 0x9cab835cfdc52675, 0x40) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0xa011, r3, 0x0) (async) ftruncate(r3, 0x79c8) (async) writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000001dc0)="2a5f4cd9b73c31d629e8d68e605e5940744ef138960b671d42c56f79fcb70549247e5504e02f85a6099eff9291731e94399a7e966e783d4073ecd5dc8e540f32190bb47050aee3907495ecf7708d1c295a0836f79ba03ea13db12836c2441989726ffbf7fd1da55bfe2caaf081a1ef55599935c0e60cb0866ee48d420b77a6e269bc30b2650349e16792252c6be8bcc6e9ce2b941299ab505e4779fa1960bb7cf924dcbc53c82e76bcd80731a694d12e8a139d8ecef6f5560939054b7842d25cd7396377f39bcfe2a2383feea17b87393cd892b90742631718b1877d8d83d5f66587e3e5b1e129433ead750143a4c51aa46e78e3b1a54a4634eea2846511719b1637b19ea8c96a95332abd69014f53e91a7319a36efb4052387dc6330aa00b5680142650e8dab5eb6b83ff7d0bbf1293338a8d3e8a6dcd7ed4916279eac230dda46e6fcdebe8a4c12d598883d9392da05791e153d905ce1930aebfc5dfc0fc22a88777c9fbc24c0b021189c3503466bf850f59e6649dd0b40d935ba155a9d7e065df6d90a500be9d7e1e77607d495898a8d6c9c48dda88533e75e760dceae91d670f97ebbe68b845c72eb698a9e0389b15cfe768cd4e524dbe939bc2d8363ae3b71a454a0a0378cd1f36565ab9d1b92263688195df65151ee9b8158c7a5280019a38f00ea05142b3cc832ece46e326e36a55d7a30f866ca97da61a3877612f0d9f23c052edf60a430d3a9acbae3d9f14f22f38a1eeac7df37ae17748a960b9e0d265bf6cdec73bd2a7b5f25035d845d936936cbfe6f013f8d7c73eba2bd9876ff6", 0x241}], 0x1) (async) madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4) (async) ioctl$FIOASYNC(0xffffffffffffffff, 0x8004667d, &(0x7f0000002d00)) (async) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3, 0x5012, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000540)=ANY=[]) r4 = openat$wskbd(0xffffffffffffff9c, &(0x7f0000000000), 0x10, 0x0) ioctl$WSKBDIO_COMPLEXBELL(r4, 0x80105702, &(0x7f0000000040)={0x8001, 0xa8, 0x56, 0x6}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.131' (ED25519) to the list of known hosts. witness: shared lock of (rwlock) maddr while exclusively locked panic: excl->share Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 26511 64577 0 0x100002 0 0 ndp *270146 66279 0 0x2 0 1K ifconfig db_enter() at db_enter+0x25 panic(ffffffff833b4a35) at panic+0x1e5 witness_checkorder(ffff800001596078,1,0) at witness_checkorder+0x122c rw_do_enter_read(ffff800001596060,0) at rw_do_enter_read+0x99 in6_hasmulti(fffffd806c5c07f0,ffff800001596000) at in6_hasmulti+0x41 ip6_output(fffffd806c5c0700,ffffffff839eee58,0,1,ffff80003c411270,0) at ip6_output+0x13bd mld6_sendpkt(ffff8000015aa480,83,0) at mld6_sendpkt+0x385 mld6_start_listening(ffff8000015aa480,ffff800001596000) at mld6_start_listening+0xe7 in6_addmulti(ffff80003c411618,ffff800001596000,ffff80003c41168c) at in6_addmulti+0x3d7 in6_joingroup(ffff800001596000,ffff80003c411618,ffff80003c41168c) at in6_joingroup+0x6c in6_update_ifa(ffff800001596000,ffff80003c411860,0) at in6_update_ifa+0x1a86 in6_ioctl_change_ifaddr(8080691a,ffff80003c411860,ffff800001596000) at in6_ioctl_change_ifaddr+0x64e ifioctl(ffff800010fdb4a0,8080691a,ffff80003c411860,ffff8000fffee7e0) at ifioctl+0x1714 sys_ioctl(ffff8000fffee7e0,ffff80003c411a40,ffff80003c411990) at sys_ioctl+0x674 end trace frame: 0xffff80003c411a30, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: excl->share ddb{1}> trace db_enter() at db_enter+0x25 panic(ffffffff833b4a35) at panic+0x1e5 witness_checkorder(ffff800001596078,1,0) at witness_checkorder+0x122c rw_do_enter_read(ffff800001596060,0) at rw_do_enter_read+0x99 in6_hasmulti(fffffd806c5c07f0,ffff800001596000) at in6_hasmulti+0x41 ip6_output(fffffd806c5c0700,ffffffff839eee58,0,1,ffff80003c411270,0) at ip6_output+0x13bd mld6_sendpkt(ffff8000015aa480,83,0) at mld6_sendpkt+0x385 mld6_start_listening(ffff8000015aa480,ffff800001596000) at mld6_start_listening+0xe7 in6_addmulti(ffff80003c411618,ffff800001596000,ffff80003c41168c) at in6_addmulti+0x3d7 in6_joingroup(ffff800001596000,ffff80003c411618,ffff80003c41168c) at in6_joingroup+0x6c in6_update_ifa(ffff800001596000,ffff80003c411860,0) at in6_update_ifa+0x1a86 in6_ioctl_change_ifaddr(8080691a,ffff80003c411860,ffff800001596000) at in6_ioctl_change_ifaddr+0x64e ifioctl(ffff800010fdb4a0,8080691a,ffff80003c411860,ffff8000fffee7e0) at ifioctl+0x1714 sys_ioctl(ffff8000fffee7e0,ffff80003c411a40,ffff80003c411990) at sys_ioctl+0x674 syscall(ffff80003c411a40) at syscall+0xbd4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x72fe8de96970, count: -16 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff80003c410ec0 rbx 0xffff8000299dee07 rdx 0 rcx 0xffff8000fffee7e0 rax 0xffff8000299ddff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x4691c55723bca6c4 r11 0xf4fca4ab7b486b7f r12 0xffff8000299dec08 r13 0 r14 0 r15 0x1 rip 0xffffffff810e0165 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c410eb0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{1}> show proc PROC (ifconfig) tid=270146 pid=66279 tcnt=1 stat=onproc flags process=2 proc=0 runpri=86, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000fffee548,0xffff8000fffee028 process=0xffff800038fe4020 user=0xffff80003c40c000, vmspace=0xfffffd806c9643e8 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 56626 87883 85712 0 2 0 syz-executor 56626 283717 85712 0 3 0x4000080 fsleep syz-executor 88742 303160 66099 0 2 0 syz-executor 88742 203347 66099 0 2 0x4000000 syz-executor 30504 443468 69103 0 2 0 syz-executor 30504 287986 69103 0 3 0x4000000 biowait syz-executor 3409 11019 81222 0 2 0 syz-executor 3409 49276 81222 0 3 0x4000080 msgwait syz-executor 3409 312006 81222 0 3 0x4000080 fsleep syz-executor 42452 424363 53439 0 2 0x100000 sh 64577 26511 12508 0 7 0x100002 ndp 12508 168395 74639 0 3 0x10008a sigsusp sh 96293 76639 39598 0 2 0x100000 sh *66279 270146 15192 0 7 0x2 ifconfig 53439 198928 18936 0 3 0x10008a sigsusp sh 39598 215783 49637 0 2 0x100002 sh 15192 450184 76601 0 3 0x10008a sigsusp sh 18936 416364 57429 0 3 0x82 wait syz-executor 49637 277792 57429 0 3 0x82 wait syz-executor 74639 484803 57429 0 3 0x82 wait syz-executor 76601 319385 57429 0 3 0x82 wait syz-executor 69103 516368 57429 0 3 0x82 nanoslp syz-executor 66099 229188 57429 0 3 0x82 nanoslp syz-executor 81222 206083 57429 0 3 0x82 nanoslp syz-executor 85712 198044 57429 0 3 0x82 nanoslp syz-executor 57429 299591 54241 0 3 0x82 kqread syz-executor 54241 363943 26982 0 3 0x10008a sigsusp ksh 26982 379634 56955 0 3 0x98 kqread sshd-session 56955 498595 82806 0 3 0x92 kqread sshd-session 92941 372792 1 0 3 0x100083 ttyin getty 82806 465379 1 0 3 0x88 kqread sshd 99016 478450 18960 74 3 0x1100092 bpf pflogd 18960 210864 1 0 3 0x80 sbwait pflogd 76707 150836 85604 73 3 0x1100090 kqread syslogd 85604 472937 1 0 3 0x100082 sbwait syslogd 83293 217077 1 0 3 0x100080 kqread resolvd 3782 72310 38378 77 3 0x100092 kqread dhcpleased 16177 341074 38378 77 3 0x100092 kqread dhcpleased 38378 440562 1 0 3 0x80 kqread dhcpleased 7353 115890 0 0 3 0x14200 bored smr 67041 274756 0 0 2 0x14200 zerothread 49120 362728 0 0 3 0x14200 aiodoned aiodoned 66240 199601 0 0 3 0x14200 syncer update 6394 488104 0 0 3 0x14200 cleaner cleaner 6163 300143 0 0 3 0x14200 reaper reaper 71874 123858 0 0 3 0x14200 pgdaemon pagedaemon 56844 459356 0 0 3 0x14200 bored viomb 37565 124703 0 0 3 0x40014200 acpi0 acpi0 51686 80466 0 0 3 0x40014200 idle1 73988 105333 0 0 3 0x14200 bored softnet1 68838 484305 0 0 3 0x14200 bored softnet0 98691 147642 0 0 3 0x14200 smrbar systqmp 81782 134102 0 0 3 0x14200 bored systq 73265 95065 0 0 3 0x14200 tmoslp softclockmp 13904 192685 0 0 3 0x40014200 tmoslp softclock 29946 15048 0 0 3 0x40014200 idle0 1 258354 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 30504 (syz-executor) thread 0xffff800038ff8fb0 (287986) exclusive rrwlock inode r = 0 (0xfffffd806c5820e0) #0 witness_lock+0x5f1 #1 rw_do_enter_write+0x419 #2 rrw_enter+0xc6 #3 VOP_LOCK+0xbd #4 ufs_ihashins+0x4f #5 ffs_vget+0x187 #6 ffs_inode_alloc+0x279 #7 ufs_makeinode+0xcd #8 ufs_mknod+0x5b #9 VOP_MKNOD+0x101 #10 domknodat+0x469 #11 syscall+0xb17 #12 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806c5828f8) #0 witness_lock+0x5f1 #1 rw_do_enter_write+0x419 #2 rrw_enter+0xc6 #3 VOP_LOCK+0xbd #4 vn_lock+0xa4 #5 vfs_lookup+0x11c #6 namei+0x7ca #7 domknodat+0xb4 #8 syscall+0xb17 #9 Xsyscall+0x128 Process 66279 (ifconfig) thread 0xffff8000fffee7e0 (270146) exclusive rwlock maddr r = 0 (0xffff800001596078) #0 witness_lock+0x5f1 #1 rw_do_enter_write+0x419 #2 in6_addmulti+0x28c #3 in6_joingroup+0x6c #4 in6_update_ifa+0x1a86 #5 in6_ioctl_change_ifaddr+0x64e #6 ifioctl+0x1714 #7 sys_ioctl+0x674 #8 syscall+0xbd4 #9 Xsyscall+0x128 exclusive rwlock netlock r = 0 (0xffffffff83891cc0) #0 witness_lock+0x5f1 #1 rw_do_enter_write+0x419 #2 in6_ioctl_change_ifaddr+0x10b #3 ifioctl+0x1714 #4 sys_ioctl+0x674 #5 syscall+0xbd4 #6 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 1 (0xffffffff83902dc8) #0 witness_lock+0x5f1 #1 ifioctl+0x47f #2 sys_ioctl+0x674 #3 syscall+0xbd4 #4 Xsyscall+0x128 Process 98691 (systqmp) thread 0xffff8000ffffea60 (147642) shared rwlock systqmp r = 0 (0xffffffff83892ca8) #0 witness_lock+0x5f1 #1 taskq_thread+0x12a #2 proc_trampoline+0x10 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11061 12214K 12214K 166960K 12152 0 pcb 18 12K 12K 166960K 18 0 rtable 215 6K 6K 166960K 313 0 pf 34 17K 18K 166960K 45 0 ifaddr 41 7K 7K 166960K 43 0 ifgroup 55 2K 2K 166960K 55 0 sysctl 1 1K 9K 166960K 5 0 counters 70 37K 37K 166960K 70 0 ioctlops 0 0K 4K 166960K 1482 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1339 84K 84K 166960K 1363 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 22 81K 89K 166960K 132 0 proc 76 131K 147K 166960K 520 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 1 0 in_multi 87 6K 6K 166960K 87 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 25 122K 122K 166960K 25 0 exec 0 0K 1K 166960K 367 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 239 149K 152K 166960K 3075 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 48 96K 103K 166960K 1241 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 25 1K 1K 166960K 25 0 temp 36 8666K 8730K 166960K 3970 0 kqueue 13 20K 20K 166960K 22 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 30 0 26 1 0 1 1 0 8 0 rtentry 176 100 0 1 5 0 5 5 0 8 0 unpcb 144 35 0 18 1 0 1 1 0 8 0 syncache 336 3 0 3 1 0 1 1 0 8 1 tcpcb 736 10 0 6 1 0 1 1 0 8 0 arp 136 18 0 0 1 0 1 1 0 8 0 inpcb 328 70 0 59 1 0 1 1 0 8 0 nd6 152 18 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 14 0 0 1 0 1 1 0 8 0 pfstkey 128 14 0 0 1 0 1 1 0 8 0 pfstate 448 14 0 0 2 0 2 2 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 409 0 0 26 0 26 26 0 8 0 art_table 40 410 0 0 5 0 5 5 0 8 0 art_node 32 100 0 5 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1562 0 51 95 0 95 95 0 8 0 ffsino 296 1562 0 51 117 0 117 117 0 8 0 nchpl 144 1752 0 58 63 0 63 63 0 8 0 vnodes 216 1651 0 0 92 0 92 92 0 8 0 namei 1024 5224 0 5223 2 0 2 2 0 8 1 percpumem 16 50 0 0 1 0 1 1 0 8 0 kstatmem 264 26 0 0 2 0 2 2 0 8 0 scxspl 216 5809 0 5808 3 1 2 2 1 8 1 plimitpl 152 27 0 10 1 0 1 1 0 8 0 sigapl 424 440 0 388 7 0 7 7 0 8 0 knotepl 120 54 0 0 2 0 2 2 0 8 0 kqueuepl 224 18 0 9 1 0 1 1 0 8 0 pipepl 344 116 0 89 3 0 3 3 0 8 0 fdescpl 528 424 0 388 3 0 3 3 0 8 0 filepl 160 1479 0 1265 10 0 10 10 0 8 0 lockfpl 104 8 0 6 1 0 1 1 0 8 0 lockfspl 48 5 0 3 1 0 1 1 0 8 0 sessionpl 144 22 0 13 1 0 1 1 0 8 0 pgrppl 48 30 0 13 1 0 1 1 0 8 0 ucredpl 104 69 0 56 1 0 1 1 0 8 0 zombiepl 144 388 0 388 1 0 1 1 0 8 1 processpl 1232 440 0 388 5 0 5 5 0 8 0 procpl 664 453 0 396 5 0 5 5 0 8 0 sockpl 752 135 0 103 4 0 4 4 0 8 0 mcl64k 65536 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 116 0 0 15 0 15 15 0 8 0 mcl2k 2048 41 0 0 6 0 6 6 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 188 0 0 12 0 12 12 0 8 0 bufpl 280 2299 0 130 155 0 155 155 0 8 0 anonpl 32 3963 0 0 32 0 32 32 0 246 0 amapchunkpl 152 8342 0 7890 18 0 18 18 0 158 0 amappl16 200 2082 0 2070 5 0 5 5 0 8 4 amappl15 192 6 0 6 1 0 1 1 0 8 1 amappl14 184 6 0 6 1 0 1 1 0 8 1 amappl13 176 420 0 414 1 0 1 1 0 8 0 amappl12 168 773 0 727 3 0 3 3 0 8 0 amappl11 160 7 0 7 1 0 1 1 0 8 1 amappl10 152 69 0 55 1 0 1 1 0 8 0 amappl9 144 250 0 250 1 0 1 1 0 8 1 amappl8 136 30 0 29 1 0 1 1 0 8 0 amappl7 128 80 0 77 1 0 1 1 0 8 0 amappl6 120 330 0 311 1 0 1 1 0 8 0 amappl5 112 77 0 67 1 0 1 1 0 8 0 amappl4 104 405 0 374 1 0 1 1 0 8 0 amappl3 96 1291 0 1202 4 1 3 3 0 8 0 amappl2 88 523 0 450 2 0 2 2 0 8 0 amappl1 80 8862 0 8221 14 0 14 14 0 8 0 amappl 88 2372 0 2216 4 0 4 4 0 92 0 uvmvnodes 80 99 0 0 3 0 3 3 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 424 0 388 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 424 0 388 1 0 1 1 0 8 0 vmmpekpl 168 5263 0 5233 2 0 2 2 0 8 0 vmmpepl 168 35171 0 33227 86 0 86 86 0 357 1 vmsppl 488 423 0 388 5 0 5 5 0 8 0 rwobjpl 80 13359 0 12283 23 0 23 23 0 8 0 pdppl 4096 856 0 776 96 12 84 84 0 8 4 pvpl 32 9034 0 0 74 0 74 74 0 265 1 pmappl 256 423 0 388 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 268 0 14 8 0 8 8 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff837e3ff0) at x86_ipi_db+0x27 x86_ipi_handler() at x86_ipi_handler+0xd9 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83902bc0) at __mp_lock+0x192 intr_handler(ffff8000317cad00,ffff8000002a3480) at intr_handler+0xe9 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f __mp_lock(ffffffff83902bc0) at __mp_lock+0x192 doopenat(ffff800038ff9a10,ffffff9c,a72e6bd139,10000,0,ffff8000317cb060) at doopenat+0x345 syscall(ffff8000317cb110) at syscall+0xbd4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x73170cb0dae0, count: 5 ddb{0}> trace x86_ipi_db(ffffffff837e3ff0) at x86_ipi_db+0x27 x86_ipi_handler() at x86_ipi_handler+0xd9 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83902bc0) at __mp_lock+0x192 intr_handler(ffff8000317cad00,ffff8000002a3480) at intr_handler+0xe9 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f __mp_lock(ffffffff83902bc0) at __mp_lock+0x192 doopenat(ffff800038ff9a10,ffffff9c,a72e6bd139,10000,0,ffff8000317cb060) at doopenat+0x345 syscall(ffff8000317cb110) at syscall+0xbd4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x73170cb0dae0, count: -10 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x25: addq $0x8,%rsp db_enter() at db_enter+0x25 panic(ffffffff833b4a35) at panic+0x1e5 witness_checkorder(ffff800001596078,1,0) at witness_checkorder+0x122c rw_do_enter_read(ffff800001596060,0) at rw_do_enter_read+0x99 in6_hasmulti(fffffd806c5c07f0,ffff800001596000) at in6_hasmulti+0x41 ip6_output(fffffd806c5c0700,ffffffff839eee58,0,1,ffff80003c411270,0) at ip6_output+0x13bd mld6_sendpkt(ffff8000015aa480,83,0) at mld6_sendpkt+0x385 mld6_start_listening(ffff8000015aa480,ffff800001596000) at mld6_start_listening+0xe7 in6_addmulti(ffff80003c411618,ffff800001596000,ffff80003c41168c) at in6_addmulti+0x3d7 in6_joingroup(ffff800001596000,ffff80003c411618,ffff80003c41168c) at in6_joingroup+0x6c in6_update_ifa(ffff800001596000,ffff80003c411860,0) at in6_update_ifa+0x1a86 in6_ioctl_change_ifaddr(8080691a,ffff80003c411860,ffff800001596000) at in6_ioctl_change_ifaddr+0x64e ifioctl(ffff800010fdb4a0,8080691a,ffff80003c411860,ffff8000fffee7e0) at ifioctl+0x1714 sys_ioctl(ffff8000fffee7e0,ffff80003c411a40,ffff80003c411990) at sys_ioctl+0x674 end trace frame: 0xffff80003c411a30, count: 0 ddb{1}> trace db_enter() at db_enter+0x25 panic(ffffffff833b4a35) at panic+0x1e5 witness_checkorder(ffff800001596078,1,0) at witness_checkorder+0x122c rw_do_enter_read(ffff800001596060,0) at rw_do_enter_read+0x99 in6_hasmulti(fffffd806c5c07f0,ffff800001596000) at in6_hasmulti+0x41 ip6_output(fffffd806c5c0700,ffffffff839eee58,0,1,ffff80003c411270,0) at ip6_output+0x13bd mld6_sendpkt(ffff8000015aa480,83,0) at mld6_sendpkt+0x385 mld6_start_listening(ffff8000015aa480,ffff800001596000) at mld6_start_listening+0xe7 in6_addmulti(ffff80003c411618,ffff800001596000,ffff80003c41168c) at in6_addmulti+0x3d7 in6_joingroup(ffff800001596000,ffff80003c411618,ffff80003c41168c) at in6_joingroup+0x6c in6_update_ifa(ffff800001596000,ffff80003c411860,0) at in6_update_ifa+0x1a86 in6_ioctl_change_ifaddr(8080691a,ffff80003c411860,ffff800001596000) at in6_ioctl_change_ifaddr+0x64e ifioctl(ffff800010fdb4a0,8080691a,ffff80003c411860,ffff8000fffee7e0) at ifioctl+0x1714 sys_ioctl(ffff8000fffee7e0,ffff80003c411a40,ffff80003c411990) at sys_ioctl+0x674 syscall(ffff80003c411a40) at syscall+0xbd4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x72fe8de96970, count: -16