Lv2;:`NgU#? A-ph_9O(kUKN 0NNI. NkHY_q`<}\e)I=(%u4 \8 02RMq[)f^]KX*oERU0Y6gTm"6o z8> 'EOGS{%rx [quvm_fault(0xfffffd803f00b000, 0x100000008, 0, 2) -> e kernel: page fault trap, code=0 Stopped at arp_rtrequest+0x15f: movq %rcx,0x8(%r15) ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd803f00b000, 0x100000008, 0, 2) -> e arp_rtrequest() at arp_rtrequest+0x15f sys/netinet/if_ether.c:201 end trace frame: 0xffff8000178043e0, count: 0 ddb> trace arp_rtrequest() at arp_rtrequest+0x15f sys/netinet/if_ether.c:201 rtrequest_delete(ffff800017804490,40,ffff8000001722a8,ffff800017804408,0) at rtrequest_delete+0x21c _atomic_inc_int sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:139 [inline] rtrequest_delete(ffff800017804490,40,ffff8000001722a8,ffff800017804408,0) at rtrequest_delete+0x21c sys/net/route.c:792 rtm_output(ffff8000009cf400,ffff800017804538,ffff800017804490,40,0) at rtm_output+0x5dc sys/net/rtsock.c:955 route_output(fffffd803f027300,fffffd80392de900,0,0) at route_output+0x7d7 sys/net/rtsock.c:814 route_usrreq(fffffd80392de900,9,fffffd803f027300,0,0,ffff8000149512e8) at route_usrreq+0x363 sys/net/rtsock.c:271 sosend(fffffd80392de900,0,ffff800017804730,0,0,80) at sosend+0x660 sys/kern/uipc_socket.c:513 sendit(ffff8000149512e8,3,ffff800017804810,0,ffff800017804920) at sendit+0x53c sys/kern/uipc_syscalls.c:662 sys_sendto(ffff8000149512e8,ffff8000178048b8,ffff800017804920) at sys_sendto+0x80 sys/kern/uipc_syscalls.c:527 syscall(ffff800017804990) at syscall+0x511 Xsyscall(6,0,ffffffffffffffd8,0,6,771ee633010) at Xsyscall+0x128 end of kernel end trace frame: 0x774a132a0c0, count: -10 ddb> show registers rdi 0xffffffff812f5717 arp_rtrequest+0x157 rsi 0x1c9 rbp 0xffff800017804350 rbx 0xffff80000005bca0 rdx 0x1ca rcx 0xdeaf4152deaf4152 rax 0xffff80000005bca8 r8 0x40 r9 0x5 r10 0xffff800000994500 r11 0xc0dfe20c0636962a r12 0xffff8000001722a8 r13 0x2 r14 0xfffffd803b9e8858 r15 0x100000000 rip 0xffffffff812f571f arp_rtrequest+0x15f cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000178042d0 ss 0x10 arp_rtrequest+0x15f: movq %rcx,0x8(%r15) ddb> show proc PROC (syz-executor.1) pid=211607 stat=onproc flags process=0 proc=4000000 pri=80, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff800014951540,0xffffffff822ccf20 process=0xffff800014952360 user=0xffff8000177ff000, vmspace=0xfffffd803f00b000 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 16312 253573 18709 0 2 0 syz-executor.1 *16312 211607 18709 0 7 0x4000000 syz-executor.1 56790 457217 1 0 3 0x100083 ttyin getty 18709 26824 96362 0 3 0x82 nanosleep syz-executor.1 12466 355576 96362 0 2 0x2 syz-executor.0 15186 183240 0 0 3 0x14200 bored sosplice 96362 442676 3606 0 3 0x82 thrsleep syz-fuzzer 96362 381514 3606 0 3 0x4000082 nanosleep syz-fuzzer 96362 506451 3606 0 3 0x4000082 thrsleep syz-fuzzer 96362 122582 3606 0 3 0x4000082 thrsleep syz-fuzzer 96362 30028 3606 0 3 0x4000082 thrsleep syz-fuzzer 96362 376378 3606 0 3 0x4000082 kqread syz-fuzzer 96362 230104 3606 0 3 0x4000082 thrsleep syz-fuzzer 96362 334742 3606 0 3 0x4000082 thrsleep syz-fuzzer 3606 401435 80996 0 3 0x10008a pause ksh 80996 518538 47068 0 3 0x92 select sshd 47068 415155 1 0 3 0x80 select sshd 97559 168921 1527 73 2 0x100090 syslogd 1527 436103 1 0 3 0x100082 netio syslogd 77043 165407 1 77 3 0x100090 poll dhclient 99843 418307 1 0 3 0x80 poll dhclient 51873 48755 0 0 2 0x14200 zerothread 3902 175252 0 0 3 0x14200 aiodoned aiodoned 26591 308235 0 0 3 0x14200 syncer update 94600 314206 0 0 3 0x14200 cleaner cleaner 66064 438338 0 0 3 0x14200 reaper reaper 64431 454369 0 0 3 0x14200 pgdaemon pagedaemon 29006 441002 0 0 3 0x14200 bored crynlk 23307 85752 0 0 3 0x14200 bored crypto 85458 193216 0 0 3 0x40014200 acpi0 acpi0 59987 318498 0 0 3 0x14200 bored softnet 16961 472622 0 0 3 0x14200 bored systqmp 36115 366724 0 0 3 0x14200 bored systq 43379 369666 0 0 3 0x40014200 bored softclock 12073 264024 0 0 3 0x40014200 idle0 10808 464612 0 0 3 0x14200 bored smr 1 42281 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9541 6365K 14557K 78643K 28332 0 0 pcb 24 9K 11K 78643K 4435 0 0 rtable 135 5K 5K 78643K 1985 0 0 ifaddr 65 17K 20K 78643K 920 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 358 0 0 iov 0 0K 32K 78643K 1127 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1190 75K 76K 78643K 8742 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 112 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 1K 78643K 578 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12537 0 0 file desc 5 13K 25K 78643K 9087 0 0 sigio 0 0K 0K 78643K 100 0 0 proc 42 30K 54K 78643K 1362 0 0 subproc 32 2K 2K 78643K 70 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 972 0 0 in_multi 33 2K 2K 78643K 379 0 0 ether_multi 1 0K 0K 78643K 49 0 0 mrt 0 0K 0K 78643K 38 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 120 530K 530K 78643K 120 0 0 exec 0 0K 1K 78643K 815 0 0 pfkey data 0 0K 4K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 97 21K 39K 78643K 22174 0 0 UVM aobj 130 4K 4K 78643K 139 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 364 0 0 NDP 14 0K 0K 78643K 247 0 0 temp 192 2715K 3355K 78643K 30279 0 0 kqueue 0 0K 0K 78643K 106 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 10 0 4 1 0 1 1 0 8 0 inpcbpl 280 3818 0 3811 1 0 1 1 0 8 0 plimitpl 152 235 0 228 1 0 1 1 0 8 0 rtentry 112 101 0 51 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 1376 0 1372 1 0 1 1 0 8 0 nd6 48 12 0 6 1 0 1 1 0 8 0 ppxss 1128 195 0 195 25 24 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 322 0 92 15 0 15 15 0 8 0 art_table 32 323 0 92 2 0 2 2 0 8 0 art_node 16 72 0 30 1 0 1 1 0 8 0 sysvmsgpl 40 27 0 15 1 0 1 1 0 8 0 semapl 112 574 0 564 1 0 1 1 0 8 0 shmpl 112 137 0 9 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 16561 0 15055 49 0 49 49 0 8 0 ffsino 240 16561 0 15055 90 1 89 89 0 8 0 nchpl 144 29463 0 27850 61 0 61 61 0 8 0 uvmvnodes 72 6800 0 0 124 0 124 124 0 8 0 vnodes 200 6800 0 0 358 0 358 358 0 8 0 namei 1024 92294 0 92294 4 3 1 1 0 8 1 scsiplug 64 23 0 23 19 19 0 1 0 8 0 scxspl 192 103013 0 103013 43 40 3 6 0 8 3 sigapl 432 9260 0 9247 2 0 2 2 0 8 0 futexpl 56 140783 0 140783 4 3 1 1 0 8 1 knotepl 112 1774 0 1755 2 1 1 2 0 8 0 kqueuepl 104 2143 0 2141 1 0 1 1 0 8 0 pipepl 112 5198 0 5179 16 14 2 2 0 8 1 fdescpl 424 9261 0 9247 2 0 2 2 0 8 0 filepl 120 55077 0 54982 10 6 4 5 0 8 1 lockfpl 104 3028 0 3028 6 5 1 1 0 8 1 lockfspl 48 1047 0 1047 6 5 1 1 0 8 1 sessionpl 112 27 0 17 1 0 1 1 0 8 0 pgrppl 48 143 0 133 1 0 1 1 0 8 0 ucredpl 96 12886 0 12879 1 0 1 1 0 8 0 zombiepl 144 9247 0 9247 2 1 1 1 0 8 1 processpl 840 9276 0 9247 4 0 4 4 0 8 0 procpl 600 20960 0 20923 6 2 4 4 0 8 0 sosppl 128 146 0 146 34 33 1 1 0 8 1 sockpl 384 7702 0 7684 9 6 3 4 0 8 1 mcl64k 65536 2402 0 2402 229 228 1 47 0 8 1 mcl16k 16384 31 0 31 17 17 0 1 0 8 0 mcl12k 12288 160 0 160 24 23 1 1 0 8 1 mcl9k 9216 135 0 135 29 28 1 1 0 8 1 mcl8k 8192 120 0 120 31 30 1 1 0 8 1 mcl4k 4096 299 0 299 19 18 1 1 0 8 1 mcl2k2 2112 59 0 59 25 24 1 1 0 8 1 mcl2k 2048 67601 0 67566 23 18 5 9 0 8 0 mtagpl 80 12 0 10 6 5 1 1 0 8 0 mbufpl 256 155681 0 155622 101 95 6 28 0 8 0 bufpl 256 31912 0 24803 445 0 445 445 0 8 0 anonpl 16 777410 0 767630 295 249 46 59 0 62 3 amapchunkpl 152 38088 0 38003 88 83 5 14 0 158 0 amappl16 192 50386 0 49844 282 253 29 41 0 8 0 amappl15 184 1 0 1 1 1 0 1 0 8 0 amappl14 176 52 0 49 2 1 1 1 0 8 0 amappl13 168 4519 0 4517 1 0 1 1 0 8 0 amappl12 160 12 0 11 1 0 1 1 0 8 0 amappl11 152 3144 0 3130 1 0 1 1 0 8 0 amappl10 144 74 0 72 2 1 1 1 0 8 0 amappl9 136 589 0 585 1 0 1 1 0 8 0 amappl8 128 165 0 140 1 0 1 1 0 8 0 amappl7 120 43 0 38 1 0 1 1 0 8 0 amappl6 112 3126 0 3119 1 0 1 1 0 8 0 amappl5 104 213 0 203 1 0 1 1 0 8 0 amappl4 96 13984 0 13961 1 0 1 1 0 8 0 amappl3 88 485 0 474 1 0 1 1 0 8 0 amappl2 80 73734 0 73669 4 2 2 3 0 8 0 amappl1 72 167299 0 166888 27 18 9 19 0 8 0 amappl 80 21299 0 21266 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 138 0 9 3 0 3 3 0 8 0 uaddrrnd 24 9261 0 9247 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 9261 0 9247 1 0 1 1 0 8 0 vmmpekpl 168 60545 0 60516 2 0 2 2 0 8 0 vmmpepl 168 915229 0 913712 273 200 73 86 0 357 0 vmsppl 264 9260 0 9247 3 2 1 2 0 8 0 pdppl 4096 18529 0 18494 7 2 5 6 0 8 0 pvpl 32 2335588 0 2322646 625 492 133 251 0 265 22 pmappl 200 9260 0 9247 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 988 0 414 19 2 17 18 0 8 0