last executing test programs: 1.474032337s ago: executing program 7 (id=604): sysctl$net_inet_tcp(&(0x7f0000000100)={0x4, 0x2, 0x6, 0xe}, 0x4, 0x0, 0x0, 0xfffffffffffffffe, 0x0) 1.378493458s ago: executing program 2 (id=613): open(&(0x7f0000000180)='./file0\x00', 0x75f493fec6515f78, 0x0) 1.352543676s ago: executing program 2 (id=615): select(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0) 1.132061919s ago: executing program 7 (id=636): sysctl$ddb(&(0x7f0000000000)={0x9, 0x5}, 0x2, 0x0, 0x0, 0x0, 0x0) 638.71773ms ago: executing program 5 (id=691): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) msync(&(0x7f00002b6000/0x3000)=nil, 0x3000, 0x6) 576.972593ms ago: executing program 7 (id=693): sync() 570.345124ms ago: executing program 0 (id=694): poll(&(0x7f0000000400)=[{0xffffffffffffffff, 0xa0}, {0xffffffffffffffff, 0x100}, {0xffffffffffffffff, 0x2}, {0xffffffffffffffff, 0x8}], 0x200000000000007f, 0xa) 497.787055ms ago: executing program 2 (id=698): sysctl$net_inet_udp(&(0x7f0000000000)={0x4, 0x2, 0x11, 0x2}, 0x4, &(0x7f0000000500)="bb739455b7254e44287eefaa1885aa28e3a1393adebbfe4e13764042ffe1fd18975a823df33056d7f31c1dc49bee1d98cf0db0dafb0e2e06148bfd5651e46df22bd1cfdda37cfa72533ba4ea7b456e00ff77c001f16edac83f7f678188252ad9b3be56dc61db5088f07633afd66b3156888ad7321eee02cdb6aa8bda51adfee0ead001eb204d5ca80e49fc458416b3a29921c99924e6de9cd2d240d02ab44081a91c038b735bf5f0cdd5c53f844ba001d42c57f0e2e2770e38dbbf6997a941ebe6ef6674ad8db2eb6235319aedda03f130fe75061d38c0c826bbbaf0d02d7e3fc402e9833d2d78f4d64f57517431a0c68150324003927e886ad5d004e9cc54e40ba362bbfb2edcf185f8075206e91c496309081a1013a0c69621eb643caea9c100"/302, &(0x7f00000000c0)=0xfffffffffffffe7a, &(0x7f0000000100)="c9edd234cce540433688fad55bfe3753888b46100000007f623cc289aa49f6f937b755be3b44b6f7424d512f3939c80abac35d8f02461863cb425949a67a821386c518e80c2861b40dc7321133189da8b0c2fa2ef9cb656b258126097075fe29cca92160124df3a52dc9c7d0e0e2c7154ee84bad040af64c73fbb2187825c34889fe1ec8ab94ef1effaa588f0e9f571d4baeba5102389cc22723602905f3d83b4ecd3df8fb098a18883f162dea6a4ac31ff1379c791412cc52a0fbab6c3d1d333b81379d50d3f1059b1153bb2a0e8b73a82935205a533b309e970705639712b87765ee8dd6902f280f865b2277706226", 0xf0) 453.607209ms ago: executing program 4 (id=701): sysctl$kern(&(0x7f0000000040)={0x1, 0x26}, 0x2, 0x0, 0x0, &(0x7f0000000180), 0x0) 438.914392ms ago: executing program 2 (id=703): munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) sysctl$net_inet_carp(&(0x7f0000000040)={0x4, 0x2, 0x6, 0x17}, 0x4, 0x0, 0x0, &(0x7f00000010c0)="c4993ffc", 0x4) 423.562386ms ago: executing program 4 (id=705): syz_emit_ethernet(0x2a, &(0x7f0000000b80)={@broadcast, @local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x64, 0x0, 0xff, 0x1}, @icmp=@info_reply={0x10, 0x0, 0x0, 0x9, 0x74}}}}}) 387.484219ms ago: executing program 0 (id=707): msync(&(0x7f0000343000/0x2000)=nil, 0x2000, 0x0) 329.743918ms ago: executing program 5 (id=708): setrlimit(0x8, &(0x7f0000000000)={0x4, 0x9}) pipe(0x0) 328.132623ms ago: executing program 3 (id=709): sysctl$vm_swapencrypt(&(0x7f00000000c0), 0x3, 0x0, 0x0, 0x0, 0x0) 311.164286ms ago: executing program 3 (id=711): munmap(&(0x7f0000000000/0x3000)=nil, 0x3000) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1) 306.221866ms ago: executing program 5 (id=712): r0 = socket(0x1e, 0x3, 0x0) getsockname$unix(r0, 0x0, &(0x7f0000000040)) 286.037755ms ago: executing program 3 (id=714): socket(0x18, 0x3, 0x0) syz_emit_ethernet(0x10004, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "db8344", 0xc8c8fb6356f239c1, 0x16, 0x0, @rand_addr="fe000000010000ff80d14400002000", @local={0xfe, 0x80, '\x00', 0x0}, {[], @udp={{0x0, 0x0, 0x8}}}}}}}) 284.463282ms ago: executing program 0 (id=715): munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) sysctl$kern(&(0x7f0000000000)={0x1, 0x4d}, 0x2, &(0x7f0000000180)="5f2a1ff1", &(0x7f00000000c0)=0x4, &(0x7f0000001180), 0x4) 277.358361ms ago: executing program 5 (id=717): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$unix(r0, 0x0, &(0x7f00000000c0)) 267.037808ms ago: executing program 1 (id=718): sysctl$net_inet6_ip6(&(0x7f0000000080)={0x4, 0x18, 0x29, 0x35}, 0x4, &(0x7f00000000c0), 0x0, 0x0, 0x0) 228.926739ms ago: executing program 1 (id=719): socket$inet(0x2, 0x5, 0x0) 221.510838ms ago: executing program 0 (id=720): r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) ioctl$FIONREAD(r0, 0x4004667f, &(0x7f0000000140)) 215.042628ms ago: executing program 6 (id=721): r0 = openat$wsmuxmouse(0xffffffffffffff9c, &(0x7f00000000c0), 0x84c7aa6835e42185, 0x0) ioctl$WSMUXIO_ADD_DEVICE(r0, 0x80085761, &(0x7f0000000200)={0x3, 0x1}) 208.926314ms ago: executing program 1 (id=722): r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000440), 0x1, 0x0) ioctl$BIOCSETWF(r0, 0x80104277, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x8d15, 0x6, 0x9, 0x5}]}) 200.427916ms ago: executing program 4 (id=723): r0 = shmget$private(0x0, 0x3000, 0x30, &(0x7f0000ffd000/0x3000)=nil) shmctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/34) 193.388877ms ago: executing program 0 (id=724): r0 = openat$wsmuxmouse(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) poll(&(0x7f0000000080)=[{r0, 0x40}], 0x1, 0x1ff) 175.866023ms ago: executing program 6 (id=725): r0 = openat$wsmouse(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$WSMOUSEIO_SCALIBCOORDS(r0, 0x80047476, &(0x7f00000001c0)={0x80000000, 0x200, 0x0, 0xfffffff0, 0x3b, 0x100, 0x10, 0x10, [{0xfffffffb, 0x7, 0x9, 0x4}, {0x7, 0x0, 0xf, 0x1}, {0x8001, 0xffffffff, 0x1, 0x9}, {0x2, 0x3, 0xdb4d, 0x6}, {0x6, 0x2, 0x3, 0xa}, {0xfffffffd, 0xce63, 0x9, 0x2d6}, {0xb, 0x6, 0x80009, 0x56d6}, {0x4, 0x100, 0x2, 0x8000017}, {0x0, 0x10, 0x6, 0x6}, {0x1d, 0x5, 0x40, 0x7f}, {0x400, 0xa82, 0x6, 0x1}, {0x387, 0x7, 0x6c}, {0x20002c13, 0x10, 0x8, 0xda}, {0x8eb, 0x200, 0x220, 0xde17}, {0x2, 0xffff, 0xfff, 0x5}, {0x200, 0x1, 0x6d2, 0x6}]}) 162.773926ms ago: executing program 1 (id=726): r0 = socket(0x11, 0x3, 0x0) sendto$unix(r0, &(0x7f0000000000)="b1000513000000000000000004000000000013fecea10500fef96ecf2ac72fd3357ae30200004e3039d2d236acf20b7804be38164991f7c8cf7f882b297be1aa0500000051e2f0ad3ebbc257699a1f139b672f335c223e7d0c032bfa896443a41002000000720fd38bfbb770c1f5a872c88106002ec5890400000000000000361b1257aea8c500002002fbfe0c2300008abfba0900000008e371a3f8343712051eeab7196fcbd80407000000c011200000", 0xb1, 0x0, 0x0, 0x0) 162.679578ms ago: executing program 4 (id=727): pledge(0x0, &(0x7f00000000c0)='\x00') pledge(0x0, &(0x7f0000002840)='tty \x00\x02\x00!\a\x9bp^|#\xcbhl\x97\xa3_\xbc\x04\x9d!\xd9\x9f\x9f\xb4\x96\x13\x12\xe0\r\xe7\xb9E\b\x00\x00\x00l\xaaY\xe1Q<\x19\xc0\xf6Yf\x9au^\xa0\xc9j\xdd-I\x01R\x00w\xf7\x15\x04\xa6\x82aY\x1d\xd7\f>Y\x06\"\xad\xb6\x88_\xeb\at\x91\xd3\xbf\xea\xddt\xe0\bt\x06S,\xdbH\xa7-\xaaw\xcet\x044\xc5\xa9e\xa9\xf6\x1b\x8e\x05\x86\x91IsC\xb9ul\xaeu\x94\x9b\xaf\x04\xc4\x03\"F\x8f\xd5\xe8\r\x8d\xa1\x00\xcc\xd7\xa0\xe1\xeb\xc1>\xbd\t\xc8\x15\v\xb0, \xee\xa4\xa6\xb9a\x01&\xadrj\xd5\xc26p\xa14\xe0\xbf\xa0\x1es\x01=\xdbd\xf0?=\x8afcJ\x8eYEn\xd4<\x00\xec\xe4^\x00\x00\x00\xca\x90\xfa\x98\xc9gty\xce\xab\xd2\xa1\x85E\xe4\xa9\xd5\xab\x83\xda?w\x83\xbc\xcf\xd20(L&b\xed\x8c\x1d\x1a\x9fd\x99H\x9e\x82\x10\xea\x05\xf8\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\xa6\x8c\x05n\x83\x83\x12+\x16\xc1\x00\x04\x00\x00\x13:o\x0f\x1fB\xa4\x00wB\x92h\xde\xfal3\x88e\x04J\\\x00D\xae`\x8e\xadd\xa8;\xee\xc4K\xe8]\x84\x90\xb8d\xfb\x95\xb3\xe9(x_\x80]\xadW\xd5\xa9\xaa\x03\x9c6\xa9\xc4\x01\x03\xea\xe5\x90\x85\x16\xb0DV\x13\x01\xab\x01\xf0\x8f\x02\xc2\xc8\x9b\x03\x1f\xd7\xdbN\\\xc0\xcd?Pg\xd5q\x13\xbd \xfa\xab\xccJK\x11\\\x16~#P.\xc9K\x15r\x04\xd9Z;\xc0\x8dOze\x96\xe9\xc3\x93\xed\x94.\xc2\xa0\x1fU#\x96\xe6\xb6C\xfa\x03/\x8b\x0e2\xec\x96v\x9b/.\v\x9e\x80\x18s\xae.\xf4\x14KS`\x87\x8b4\t\x00\x87{\xa8@e\xbfe\xeb\xee\xa2\xe72\xb8Q:\x9f\xc2b\x897\xbe\r\x04\xdf\xe2\xc0\xf0FV\'m\xcbm\x80%\xfc\x9e\x9f\x87\x80A\xbe\xc2\x00\x00\x00\x00\x00\x006\x96\xbb\x9f\x85\x98\xbb\xbc;\xaa\x97c\xfe\x82jz&t\xa7\xc4\xcd\xb0\b9G\xcag\fY\xe6\r\xcdT\xd3\x1c(\xef\xc0\x038\xbd\xdd\xd9\xc9\x93a]q\xd2\x9b\a\x1e\xf8\xc3\"\xc8:\xb8$\x9f\'P\x17\xfa\xf3Xa\trB-\xf2g\xe6Z\xd5F\xd2\x80\xe0\x99\"\xc12\xe8\b\xc58\x00'/659) 161.634443ms ago: executing program 7 (id=728): r0 = open(&(0x7f0000000000)='./file0\x00', 0x9cab835cfdc52675, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0xa010, r0, 0x0) 146.772177ms ago: executing program 6 (id=729): r0 = openat$pf(0xffffffffffffff9c, &(0x7f0000000080), 0x20, 0x0) ioctl$TIOCSETA(r0, 0xc0084427, &(0x7f0000000000)={0x2, 0x2, 0x2, 0x0, "cd002200002181baab4c8c6d09b975390a000004", 0x8000, 0x6}) 137.634326ms ago: executing program 4 (id=730): syz_emit_ethernet(0x6e, &(0x7f00000003c0)={@local, @random="d0b5049f6b63", [], {@ipv6={0x86dd, {0x0, 0x6, "36ea07", 0x38, 0x3a, 0x0, @local={0xfe, 0x80, '\x00', 0x0}, @mcast2, {[], @icmpv6=@dest_unreach={0x1, 0x2, 0x0, 0x0, '\x00', {0x0, 0x6, "5adf00", 0x0, 0x2c, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr}, @mcast1, [@routing={0x3c, 0x0, 0x0, 0x3}]}}}}}}}) 104.471624ms ago: executing program 6 (id=731): mknod(&(0x7f0000000000)='./file0\x00', 0x2060, 0xcd5331e3) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 103.05587ms ago: executing program 2 (id=732): r0 = openat$pf(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TIOCSETA(r0, 0xc4504445, &(0x7f0000000740)={0x2f, 0xffff, 0x44a9, 0x20000003, "0400000000800000ebb178d952d6d31962fff0d1", 0x9, 0x2}) 96.893693ms ago: executing program 5 (id=733): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt(r0, 0x2784000, 0xb, 0x0, 0x0) 92.566783ms ago: executing program 7 (id=734): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb5219f1000b913f1, 0x0) truncate(&(0x7f00000000c0)='./file0\x00', 0x7ffffffffff) 79.86399ms ago: executing program 6 (id=735): r0 = kqueue() readv(r0, &(0x7f00000000c0)=[{0x0}], 0x1) 77.717181ms ago: executing program 2 (id=736): r0 = openat$pf(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) ioctl$TIOCSETA(r0, 0xc0284414, &(0x7f0000000240)={0xffff, 0x2, 0x0, 0x80, "561a8ebd000200", 0x10001, 0xe62}) 69.673694ms ago: executing program 3 (id=737): r0 = socket(0x11, 0x3, 0x0) sendto$unix(r0, &(0x7f0000000500)="94010513000000000000002797888fd1f838a311000000000000b13886ca3849451ae3c3051020741038f5538551f30ce390500e08fecea11ea8fef96e4fc748e93f0b780486aebdbe781e4d8f5eef9187a869a4d3a4cbba982fd825582fe223ed00f4c8b2ca3ebbc259699a1f132e27acb5d62934e4fd89070000000000000070c1f5a872c88dff7cc53c894303b2a0a85ff3faa800000000009ec7ab3a34c29000000000000000000000000000002d7e4a5d76cc3f9cff2ed2243e56fa277603c5cc1e047326bcf6b67b75d00bf6ee330b6a80874b70559d9975ebd13da2447a78aa4b00cd0ba1870215607bb912e3d7325183ce69456b4b6ca927871c81672a54ec695c5bdeb842836656f917945cc076f87dc714dfe0aa2947252df350707b22884a7730cb6dba8742110fbe9ec7481885274387e0b1dbe5695122604819b0b2294b7b20726a5d4fcb44f62d00fabb2f247a166d8d79d05b8cc370f5c11db58aedca632a83acd58ff0ea0a3dca58ccb03cce466cda735017196ff346c32717397d6ec6952ec90de81ed297b2509e130f0000", 0x194, 0x0, 0x0, 0x0) 62.521024ms ago: executing program 4 (id=738): r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000000080)={{0x5, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x10, 0x4000}, 0x6, 0x9b68, 0xffffffffffffffff, 0x0, 0xff00000000000000, 0x100000000, 0xa, 0x200000000005}) 43.090775ms ago: executing program 3 (id=739): r0 = socket(0x24, 0x2, 0x0) sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000140)=@in={0x2, 0x2}, 0xc, 0x0, 0x0, 0x0}, 0x6) 37.528129ms ago: executing program 1 (id=740): getrusage(0xfffffffffffffffe, 0x0) 33.608003ms ago: executing program 5 (id=741): r0 = socket(0x11, 0x3, 0x0) sendto$unix(r0, &(0x7f0000000000)="b1000501600000040000000007000000087c156610c18125d7f96ecfc73fd3d89815a9c61d3952ddb06b36ac970bff03000000000000000000000000ebe1aa5323edeb51e2f0ca3ebbc2c4699a09000000acb5b302000d7d010000000100000021020000742fe2458bfbb770c1f5a8aec872ea772ec58904000000008d9810361b1257aba8c500002012010000de5000000000000000000000000000000000000000000000000000001f00000000000000", 0xb1, 0x808, 0x0, 0x0) 26.594935ms ago: executing program 7 (id=742): mknod(&(0x7f0000000980)='./file0\x00', 0x2020, 0x4000) open(&(0x7f0000000000)='./file0\x00', 0x2, 0x0) 24.70549ms ago: executing program 6 (id=743): r0 = socket(0x18, 0x3, 0x0) setsockopt(r0, 0x3a, 0x0, 0x0, 0x0) 18.169004ms ago: executing program 0 (id=744): r0 = socket(0x2, 0x400000000002, 0x0) setsockopt(r0, 0x0, 0x21, 0x0, 0x0) 2.293073ms ago: executing program 3 (id=745): syz_emit_ethernet(0x10d, &(0x7f0000000400)={@local, @random="7004f5b37527", [], {@ipv4={0x800, {{0x9, 0x4, 0x3, 0x5, 0xff, 0x68, 0x1000, 0x7, 0xc, 0x0, @broadcast, @broadcast, {[@timestamp={0x44, 0xc, 0x9, 0x3, 0xc, [{[], 0x4}, {[], 0x2a5b}]}, @end]}}, @generic="e10417193967eb91347fcedacae10fef30242267f956fc3b678296d85996e64b44573451dbbb8a81a702452bf0b33d26c47f5d6f20ee8870b69cc92b8847fc551635bba507b6b1f1f1fb1b6579dbce412ffed5695aab803cf766e19801eaf6f3cb54c0d558adb6c467f385ea6ebd9b48e0ba92150a829e5348c7625a1e2e491afaab6e2643991040315d5d0c083254a3d790bba67874c2ea7d1ff484ed7567869fd5a11badc3dbde14330be87775cf19afa807b9472c6b7c63ea2baeff8e6e2e748684ef28e40590c144366f8fb9af3411fba37186726c278a8a72"}}}}) 0s ago: executing program 1 (id=746): shmget(0x0, 0x2000, 0x3e0, &(0x7f0000ffe000/0x2000)=nil) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.15.194' (ED25519) to the list of known hosts. denied attempt to set clock back -9223372035104654494 seconds uvm_fault(0xffffffff83a03db8, 0xffff8000014aa06a, 0, 1) -> e kernel: page fault trap, code=0 Stopped at arp_rtrequest+0x66f: movzwl 0xc(%r15,%rbx,1),%ecx TID PID UID PRFLAGS PFLAGS CPU COMMAND *210641 64529 0 0 0x4000000 0 syz-executor 119454 95012 0 0x2 0 1 syz-executor arp_rtrequest(ffff800000039058,1,fffffd80652809c8) at arp_rtrequest+0x66f rtrequest(1,ffff80003b4099f0,0,ffff80003b409970,0) at rtrequest+0xc5c rtm_output(ffff8000014a2f00,ffff80003b409a98,ffff80003b4099f0,0,0) at rtm_output+0x876 route_output(fffffd806ec3b300,ffff8000013fc5c8) at route_output+0x9a1 route_send(ffff8000013fc5c8,fffffd806ec3b300,0,0) at route_send+0xd7 sosend(ffff8000013fc5c8,0,ffff80003b409c38,0,0,808) at sosend+0x804 sendit(ffff80002a281730,3,ffff80003b409d30,808,ffff80003b409de0) at sendit+0x721 sys_sendto(ffff80002a281730,ffff80003b409e90,ffff80003b409de0) at sys_sendto+0x8d syscall(ffff80003b409e90) at syscall+0xbc6 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x58e0f6a80, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xffffffff83a03db8, 0xffff8000014aa06a, 0, 1) -> e ddb{0}> trace arp_rtrequest(ffff800000039058,1,fffffd80652809c8) at arp_rtrequest+0x66f rtrequest(1,ffff80003b4099f0,0,ffff80003b409970,0) at rtrequest+0xc5c rtm_output(ffff8000014a2f00,ffff80003b409a98,ffff80003b4099f0,0,0) at rtm_output+0x876 route_output(fffffd806ec3b300,ffff8000013fc5c8) at route_output+0x9a1 route_send(ffff8000013fc5c8,fffffd806ec3b300,0,0) at route_send+0xd7 sosend(ffff8000013fc5c8,0,ffff80003b409c38,0,0,808) at sosend+0x804 sendit(ffff80002a281730,3,ffff80003b409d30,808,ffff80003b409de0) at sendit+0x721 sys_sendto(ffff80002a281730,ffff80003b409e90,ffff80003b409de0) at sys_sendto+0x8d syscall(ffff80003b409e90) at syscall+0xbc6 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x58e0f6a80, count: -10 ddb{0}> show registers rdi 0xffff8000337ec000 rsi 0x891 rbp 0xffff80003b409840 rbx 0xde rdx 0xffff8000337ec000 rcx 0x100040600080100 rax 0xfffffd806ed660e0 r8 0x10 r9 0xfffffd80652809c8 r10 0xba985bcb27488d72 r11 0x903587d88fbaedf4 r12 0x25 r13 0xfffffd806ed66000 r14 0xfffffd80652809c8 r15 0xffff8000014a9f80 rip 0xffffffff82da6ebf arp_rtrequest+0x66f cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003b4097c0 ss 0x10 arp_rtrequest+0x66f: movzwl 0xc(%r15,%rbx,1),%ecx ddb{0}> show proc PROC (syz-executor) tid=210641 pid=64529 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a2819c0,0xffff80002a2802c0 process=0xffff80002a395d28 user=0xffff80003b404000, vmspace=0xfffffd806c2d7018 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 42727 245465 94773 0 2 0 syz-executor 34903 150497 81325 0 2 0 syz-executor 34903 137403 81325 0 2 0x4000000 syz-executor 3227 473858 93504 0 2 0 syz-executor 3227 432782 93504 0 2 0x4000000 syz-executor 50383 172008 86361 0 2 0 syz-executor 50383 401530 86361 0 3 0x4000080 fsleep syz-executor 64529 420536 95012 0 2 0 syz-executor *64529 210641 95012 0 7 0x4000000 syz-executor 82750 34826 5378 0 2 0 syz-executor 39716 285600 33808 0 2 0 syz-executor 39716 103215 33808 0 3 0x4000080 fsleep syz-executor 93504 109683 99441 0 3 0x82 nanoslp syz-executor 86361 261964 99441 0 2 0xc82 syz-executor 95012 119454 99441 0 7 0x2 syz-executor 5378 154171 99441 0 2 0x2 syz-executor 50481 505588 99441 0 2 0x2 syz-executor 33808 302119 99441 0 3 0x82 nanoslp syz-executor 94773 327505 99441 0 2 0xc82 syz-executor 81325 149633 99441 0 2 0xc82 syz-executor 99441 121423 57803 0 2 0x2 syz-executor 57803 55107 72616 0 3 0x10008a sigsusp ksh 72616 67970 24499 0 3 0x98 kqread sshd-session 24499 352285 21161 0 3 0x92 kqread sshd-session 75715 198962 1 0 3 0x100083 ttyin getty 21161 337804 1 0 3 0x88 kqread sshd 16975 471330 26450 74 3 0x1100092 bpf pflogd 26450 76948 1 0 3 0x80 sbwait pflogd 238 74828 69873 73 3 0x1100090 kqread syslogd 69873 44171 1 0 3 0x100082 sbwait syslogd 14222 509304 1 0 3 0x100080 kqread resolvd 382 207586 35252 77 3 0x100092 kqread dhcpleased 19103 345450 35252 77 3 0x100092 kqread dhcpleased 35252 399246 1 0 3 0x80 kqread dhcpleased 90698 107814 0 0 3 0x14200 bored smr 92447 74427 0 0 2 0x14200 zerothread 50445 17079 0 0 3 0x14200 aiodoned aiodoned 19298 17940 0 0 3 0x14200 syncer update 86743 241783 0 0 3 0x14200 cleaner cleaner 53014 114789 0 0 3 0x14200 reaper reaper 60953 275165 0 0 3 0x14200 pgdaemon pagedaemon 46352 518957 0 0 3 0x14200 bored viomb 53656 139847 0 0 3 0x40014200 acpi0 acpi0 49948 177507 0 0 3 0x40014200 idle1 46291 291006 0 0 3 0x14200 bored softnet3 15691 463829 0 0 3 0x14200 bored softnet2 37045 240648 0 0 3 0x14200 bored softnet1 62489 65880 0 0 3 0x14200 bored softnet0 92049 216922 0 0 3 0x14200 bored systqmp 10050 412873 0 0 3 0x14200 bored systq 72339 170308 0 0 3 0x14200 tmoslp softclockmp 8399 242186 0 0 2 0x40014200 softclock 15532 262214 0 0 3 0x40014200 idle0 1 483569 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 3227 (syz-executor) thread 0xffff8000ffff2ce0 (432782) exclusive rwlock amaplk r = 0 (0xfffffd8069707738) #0 witness_lock+0x5bb #1 rw_do_enter_write+0x377 #2 uvm_fault_check+0x5a9 #3 uvm_fault+0x106 #4 upageflttrap+0xa9 #5 usertrap+0x2d8 #6 recall_trap+0x8 shared rwlock vmmaplk r = 0 (0xfffffd806c2d74d8) #0 witness_lock+0x5bb #1 rw_do_enter_read+0x36e #2 uvmfault_lookup+0x122 #3 uvm_fault_check+0x4a #4 uvm_fault+0x106 #5 upageflttrap+0xa9 #6 usertrap+0x2d8 #7 recall_trap+0x8 Process 64529 (syz-executor) thread 0xffff80002a281730 (210641) exclusive rwlock netlock r = 0 (0xffffffff837bffb0) #0 witness_lock+0x5bb #1 rw_do_enter_write+0x377 #2 rtm_output+0x78c #3 route_output+0x9a1 #4 route_send+0xd7 #5 sosend+0x804 #6 sendit+0x721 #7 sys_sendto+0x8d #8 syscall+0xbc6 #9 Xsyscall+0x128 exclusive rwlock sbufsnd r = 0 (0xffff8000013fc7a0) #0 witness_lock+0x5bb #1 rw_do_enter_write+0x377 #2 sblock+0xb7 #3 sosend+0x2e2 #4 sendit+0x721 #5 sys_sendto+0x8d #6 syscall+0xbc6 #7 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10188 11021K 11029K 166960K 11270 0 pcb 18 12K 12K 166960K 21 0 rtable 249 7K 7K 166960K 365 0 pf 34 17K 18K 166960K 45 0 ifaddr 43 7K 7K 166960K 45 0 ifgroup 55 2K 2K 166960K 55 0 sysctl 4 1K 9K 166960K 12 0 counters 68 36K 36K 166960K 68 0 ioctlops 0 0K 4K 166960K 1484 0 iov 0 0K 16K 166960K 3 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1336 84K 84K 166960K 1364 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 3 0 VM map 2 1K 1K 166960K 2 0 sem 4 0K 0K 166960K 4 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 93K 166960K 876 0 proc 70 91K 140K 166960K 536 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 99 7K 7K 166960K 99 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 25 122K 122K 166960K 25 0 exec 0 0K 1K 166960K 362 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 208 150K 161K 166960K 8642 0 UVM aobj 5 4K 4K 166960K 5 0 pinsyscall 42 84K 104K 166960K 1957 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 12 0K 2K 166960K 28 0 temp 35 8682K 8747K 166960K 6802 0 kqueue 13 20K 22K 166960K 27 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 38 0 34 1 0 1 1 0 8 0 rtentry 176 118 0 1 6 0 6 6 0 8 0 unpcb 144 41 0 24 1 0 1 1 0 8 0 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 736 7 0 3 1 0 1 1 0 8 0 arp 128 19 0 0 1 0 1 1 0 8 0 inpcb 328 72 0 64 1 0 1 1 0 8 0 nd6 144 29 0 0 2 0 2 2 0 8 0 pkpcb 40 3 0 3 1 0 1 1 0 8 1 kcovpl 48 8 0 0 1 0 1 1 0 8 0 pffrag 232 9 0 1 1 0 1 1 0 482 0 pffrnode 88 7 0 1 1 0 1 1 0 8 0 pffrent 40 17 0 8 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 57 0 0 1 0 1 1 0 8 0 pfstkey 128 57 0 0 2 0 2 2 0 8 0 pfstate 384 57 0 0 6 0 6 6 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 491 0 0 31 0 31 31 0 8 0 art_table 32 492 0 0 4 0 4 4 0 8 0 art_node 16 117 0 11 1 0 1 1 0 8 0 semapl 112 2 0 0 1 0 1 1 0 8 0 shmpl 112 2 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2308 0 798 95 0 95 95 0 8 0 ffsino 288 2308 0 798 109 0 109 109 0 8 0 nchpl 144 3254 0 1569 63 0 63 63 0 8 0 uvmvnodes 80 2158 0 0 45 0 45 45 0 8 0 vnodes 216 2158 0 0 120 0 120 120 0 8 0 namei 1024 8344 0 8344 5 3 2 2 0 8 2 percpumem 16 49 0 0 1 0 1 1 0 8 0 kstatmem 264 26 0 0 2 0 2 2 0 8 0 scxspl 216 10598 0 10598 11 3 8 8 1 8 8 plimitpl 152 33 0 16 1 0 1 1 0 8 0 sigapl 424 1175 0 1126 7 1 6 7 0 8 0 knotepl 120 172 0 0 6 0 6 6 0 8 0 kqueuepl 224 36 0 27 1 0 1 1 0 8 0 pipepl 336 106 0 79 4 1 3 3 0 8 0 fdescpl 520 1157 0 1126 3 0 3 3 0 8 0 filepl 160 2210 0 1999 9 0 9 9 0 8 0 lockfpl 104 20 0 18 1 0 1 1 0 8 0 lockfspl 48 11 0 9 1 0 1 1 0 8 0 sessionpl 144 22 0 13 1 0 1 1 0 8 0 pgrppl 48 32 0 15 1 0 1 1 0 8 0 ucredpl 104 72 0 59 1 0 1 1 0 8 0 zombiepl 144 1126 0 1126 4 3 1 1 0 8 1 processpl 1240 1175 0 1126 5 1 4 5 0 8 0 procpl 656 1921 0 1867 5 0 5 5 0 8 0 sockpl 728 157 0 128 4 1 3 3 0 8 0 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl16k 16384 6 0 0 1 0 1 1 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 4 0 0 1 0 1 1 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 130 0 0 17 0 17 17 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 21 0 0 3 0 3 3 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 172 0 0 11 0 11 11 0 8 0 bufpl 280 3048 0 122 209 0 209 209 0 8 0 anonpl 32 5226 0 0 43 0 43 43 0 246 0 amapchunkpl 152 27772 0 27385 28 3 25 25 0 158 9 amappl16 200 2398 0 2379 6 4 2 5 0 8 0 amappl15 192 3 0 3 1 1 0 1 0 8 0 amappl14 184 108 0 96 1 0 1 1 0 8 0 amappl13 176 6 0 5 1 0 1 1 0 8 0 amappl12 168 1794 0 1765 3 1 2 2 0 8 0 amappl11 160 50 0 36 1 0 1 1 0 8 0 amappl10 152 3 0 3 1 1 0 1 0 8 0 amappl9 144 257 0 254 1 0 1 1 0 8 0 amappl8 136 27 0 25 1 0 1 1 0 8 0 amappl7 128 108 0 96 1 0 1 1 0 8 0 amappl6 120 179 0 176 2 1 1 1 0 8 0 amappl5 112 121 0 112 1 0 1 1 0 8 0 amappl4 104 329 0 309 1 0 1 1 0 8 0 amappl3 96 5824 0 5731 4 1 3 3 0 8 0 amappl2 88 627 0 568 2 0 2 2 0 8 0 amappl1 80 11003 0 10400 17 4 13 15 0 8 0 amappl 88 7913 0 7775 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 4 0 0 1 0 1 1 0 8 0 uaddrrnd 24 1157 0 1126 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1157 0 1126 1 0 1 1 0 8 0 vmmpekpl 168 9254 0 9219 2 0 2 2 0 8 0 vmmpepl 168 72275 0 70379 92 5 87 88 0 357 2 vmsppl 480 1156 0 1126 5 1 4 5 0 8 0 rwobjpl 72 21150 0 18107 57 0 57 57 0 8 1 pdppl 4096 2321 0 2252 103 32 71 85 0 8 2 pvpl 32 11890 0 0 99 3 96 96 0 265 0 pmappl 256 1156 0 1126 3 0 3 3 0 8 1 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 395 0 39 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace arp_rtrequest(ffff800000039058,1,fffffd80652809c8) at arp_rtrequest+0x66f rtrequest(1,ffff80003b4099f0,0,ffff80003b409970,0) at rtrequest+0xc5c rtm_output(ffff8000014a2f00,ffff80003b409a98,ffff80003b4099f0,0,0) at rtm_output+0x876 route_output(fffffd806ec3b300,ffff8000013fc5c8) at route_output+0x9a1 route_send(ffff8000013fc5c8,fffffd806ec3b300,0,0) at route_send+0xd7 sosend(ffff8000013fc5c8,0,ffff80003b409c38,0,0,808) at sosend+0x804 sendit(ffff80002a281730,3,ffff80003b409d30,808,ffff80003b409de0) at sendit+0x721 sys_sendto(ffff80002a281730,ffff80003b409e90,ffff80003b409de0) at sys_sendto+0x8d syscall(ffff80003b409e90) at syscall+0xbc6 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x58e0f6a80, count: -10 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 x86_ipi_handler() at x86_ipi_handler+0xd9 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83975ae8) at __mp_lock+0x192 syscall(ffff80002a392ed0) at syscall+0xae6 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x78880a9ca290, count: 9 ddb{1}> trace x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 x86_ipi_handler() at x86_ipi_handler+0xd9 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83975ae8) at __mp_lock+0x192 syscall(ffff80002a392ed0) at syscall+0xae6 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x78880a9ca290, count: -6