uvm_fault(0xfffffd807efffa10, 0x0, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at strlen+0x81: movq 0(%rax),%rdx
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
kernel page fault
uvm_fault(0xfffffd807efffa10, 0x0, 0, 1) -> e
strlen() at strlen+0x81
end trace frame: 0xffff800024112100, count: 0
ddb{1}> trace
strlen() at strlen+0x81
kern_sysctl(ffff800024112124,7,0,ffff800024112158,0,0) at kern_sysctl+0xc74 sys/kern/kern_sysctl.c:518
sys_sysctl(ffff800020e9e018,ffff8000241121c8,ffff800024112210) at sys_sysctl+0x209 sys/kern/kern_sysctl.c:250
syscall(ffff800024112290) at syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800024112290) at syscall+0x4a1 sys/arch/amd64/amd64/trap.c:568
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7bbe949cc60, count: -5
ddb{1}> show registers
rdi 0x5
rsi 0x1
rbp 0xffff800024111dd0
rbx 0x5
rdx 0xffff800021cf7000
rcx 0x128
rax 0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xe49c4ea53864be7e
r11 0x4bd91826425b47e8
r12 0
r13 0x19e
r14 0x240
r15 0xffff800024112158
rip 0xffffffff814bc9e1 strlen+0x81
cs 0x8
rflags 0x10206 __ALIGN_SIZE+0xf206
rsp 0xffff800024111cf8
ss 0x10
strlen+0x81: movq 0(%rax),%rdx
ddb{1}> show proc
PROC (syz-executor.0) pid=140097 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020e9e290,0xffffffff82888b38
process=0xffff800020eccfc8 user=0xffff80002410d000, vmspace=0xfffffd807efffa10
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
51763 4270 6320 0 7 0 syz-executor.0
*51763 140097 6320 0 7 0x4000000 syz-executor.0
74288 124974 0 0 3 0x14200 acct acct
6320 63774 56034 0 3 0x82 nanosleep syz-executor.0
92569 217652 56034 0 3 0x2 biowait syz-executor.1
15691 475934 0 0 3 0x14200 bored sosplice
56034 4123 66339 0 3 0x82 thrsleep syz-fuzzer
56034 180637 66339 0 3 0x4000082 nanosleep syz-fuzzer
56034 420289 66339 0 3 0x4000082 thrsleep syz-fuzzer
56034 477690 66339 0 3 0x4000082 thrsleep syz-fuzzer
56034 411795 66339 0 3 0x4000082 nanosleep syz-fuzzer
56034 346764 66339 0 3 0x4000082 kqread syz-fuzzer
56034 157623 66339 0 3 0x4000082 thrsleep syz-fuzzer
56034 324654 66339 0 3 0x4000082 thrsleep syz-fuzzer
66339 149080 20213 0 3 0x10008a pause ksh
20213 431903 15179 0 3 0x92 select sshd
3639 470219 1 0 3 0x100083 ttyin getty
15179 200786 1 0 3 0x80 select sshd
23271 118201 51194 74 3 0x100092 bpf pflogd
51194 458136 1 0 3 0x80 netio pflogd
62471 15758 75031 73 3 0x100090 kqread syslogd
75031 396149 1 0 3 0x100082 netio syslogd
73947 266829 1 77 3 0x100090 poll dhclient
18146 514828 1 0 3 0x80 poll dhclient
32038 62610 0 0 3 0x14200 bored smr
51614 246733 0 0 3 0x14200 pgzero zerothread
89485 151511 0 0 3 0x14200 aiodoned aiodoned
1973 225738 0 0 3 0x14200 syncer update
91234 308954 0 0 3 0x14200 cleaner cleaner
42093 133610 0 0 3 0x14200 reaper reaper
11053 479665 0 0 3 0x14200 pgdaemon pagedaemon
30388 502915 0 0 3 0x14200 bored crynlk
99474 149020 0 0 3 0x14200 bored crypto
69263 290568 0 0 3 0x40014200 acpi0 acpi0
71420 371142 0 0 3 0x40014200 idle1
95187 130829 0 0 3 0x14200 bored softnet
31445 10603 0 0 3 0x14200 bored systqmp
68334 32577 0 0 3 0x14200 bored systq
63986 306044 0 0 3 0x40014200 bored softclock
23118 504498 0 0 3 0x40014200 idle0
1 403111 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 51763 (syz-executor.0) thread 0xffff800020e9e018 (140097)
exclusive rwlock sysctlklk r = 0 (0xffffffff8271e3e0)
#0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164
#1 rw_enter+0x446 sys/kern/kern_rwlock.c:311
#2 sysctl_malloc+0x1e7 sys/kern/kern_malloc.c:652
#3 kern_sysctl+0xc74 sys/kern/kern_sysctl.c:518
#4 sys_sysctl+0x209 sys/kern/kern_sysctl.c:250
#5 syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#5 syscall+0x4a1 sys/arch/amd64/amd64/trap.c:568
#6 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82888d68)
#0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164
#1 syscall+0x3fd mi_syscall sys/sys/syscall_mi.h:93 [inline]
#1 syscall+0x3fd sys/arch/amd64/amd64/trap.c:568
#2 Xsyscall+0x128
Process 92569 (syz-executor.1) thread 0xffff800020e9f8c8 (217652)
exclusive rrwlock inode r = 0 (0xfffffd806e8102b8)
#0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164
#1 rw_enter+0x446 sys/kern/kern_rwlock.c:311
#2 rrw_enter+0x88 sys/kern/kern_rwlock.c:462
#3 ufs_ihashins+0x45 sys/ufs/ufs/ufs_ihash.c:140
#4 ffs_vget+0x135 sys/ufs/ffs/ffs_vfsops.c:1350
#5 ffs_inode_alloc+0x1e1 sys/ufs/ffs/ffs_alloc.c:394
#6 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162
#7 VOP_MKDIR+0xc6 sys/kern/vfs_vops.c:450
#8 domkdirat+0x121 sys/kern/vfs_syscalls.c:3046
#9 syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#9 syscall+0x4a1 sys/arch/amd64/amd64/trap.c:568
#10 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806ae59a28)
#0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4b0 sys/kern/subr_witness.c:1164
#1 rw_enter+0x446 sys/kern/kern_rwlock.c:311
#2 rrw_enter+0x88 sys/kern/kern_rwlock.c:462
#3 VOP_LOCK+0x4b sys/kern/vfs_vops.c:603
#4 vn_lock+0x6c sys/kern/vfs_vnops.c:575
#5 vfs_lookup+0xe6 sys/kern/vfs_lookup.c:419
#6 namei+0x5f7 sys/kern/vfs_lookup.c:249
#7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3031
#8 syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8 syscall+0x4a1 sys/arch/amd64/amd64/trap.c:568
#9 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9525 6419K 7578K 78643K 15098 0
pcb 13 8K 8K 78643K 259 0
rtable 123 7K 9K 78643K 1084 0
ifaddr 77 15K 15K 78643K 359 0
counters 43 33K 34K 78643K 121 0
ioctlops 0 0K 4K 78643K 1775 0
iov 0 0K 16K 78643K 157 0
mount 1 1K 1K 78643K 1 0
vnodes 1224 77K 77K 78643K 2644 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 30 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 490 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1824 197K 290K 78643K 13058 0
file desc 5 13K 25K 78643K 4126 0
sigio 0 0K 0K 78643K 5 0
proc 63 63K 95K 78643K 882 0
subproc 32 2K 2K 78643K 68 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 281 0
in_multi 33 2K 2K 78643K 244 0
ether_multi 1 0K 0K 78643K 43 0
mrt 0 0K 0K 78643K 77 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 67 307K 307K 78643K 67 0
exec 0 0K 2K 78643K 528 0
pfkey data 0 0K 0K 78643K 5 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 158 29K 43K 78643K 10328 0
UVM aobj 36 2K 2K 78643K 46 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 159 0
NDP 13 0K 0K 78643K 71 0
temp 135 3964K 4029K 78643K 65938 0
kqueue 3 4K 16K 78643K 193 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 10 0 4 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 96 121 0 119 1 0 1 1 0 8 0
rtentry 112 107 0 63 2 0 2 2 0 8 0
unpcb 120 1016 0 1002 1 0 1 1 0 8 0
syncache 272 63 0 63 5 5 0 1 0 8 0
tcpqe 32 47 0 47 4 4 0 1 0 8 0
tcpcb 592 840 0 824 14 12 2 5 0 8 0
inpcb 296 2035 0 2028 6 4 2 3 0 8 1
rttmr 72 29 0 29 3 3 0 1 0 8 0
nd6 48 23 0 17 1 0 1 1 0 8 0
pkpcb 40 49 0 49 5 5 0 1 0 8 0
kcovpl 48 4 0 2 1 0 1 1 0 8 0
ppxss 1128 4 0 4 1 1 0 1 0 8 0
pffrag 232 10 0 10 2 2 0 1 0 482 0
pffrnode 88 10 0 10 2 2 0 1 0 8 0
pffrent 40 20 0 20 2 2 0 1 0 8 0
pfosfp 40 850 0 423 5 0 5 5 0 8 0
pfosfpen 112 1461 0 714 22 0 22 22 0 8 0
pfrktable 1344 162 0 155 1 0 1 1 0 8 0
pftag 88 4 0 4 1 1 0 1 0 8 0
pfstitem 24 12 0 10 1 0 1 1 0 8 0
pfstkey 112 12 0 10 1 0 1 1 0 8 0
pfstate 328 12 0 10 1 0 1 1 0 8 0
pfrule 1360 74 0 59 3 1 2 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 279 0 88 12 0 12 12 0 8 0
art_table 32 280 0 88 2 0 2 2 0 8 0
art_node 16 106 0 66 1 0 1 1 0 8 0
sysvmsgpl 40 34 0 11 1 0 1 1 0 8 0
semapl 112 488 0 478 1 0 1 1 0 8 0
shmpl 112 43 0 10 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 6492 0 5086 89 0 89 89 0 8 0
ffsino 272 6492 0 5086 94 0 94 94 0 8 0
nchpl 144 11654 0 10064 60 0 60 60 0 8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0
vnodes 208 5926 0 0 312 0 312 312 0 8 0
namei 1024 29068 0 29067 1 0 1 1 0 8 0
percpumem 16 71 0 39 1 0 1 1 0 8 0
vmpool 560 21 0 21 3 3 0 1 0 8 0
pfiaddrpl 120 57 0 42 1 0 1 1 0 8 0
scxspl 200 34374 0 34373 13 12 1 7 0 8 0
plimitpl 152 168 0 160 1 0 1 1 0 8 0
sigapl 424 4337 0 4304 4 0 4 4 0 8 0
futexpl 56 32457 0 32457 1 0 1 1 0 8 1
knotepl 112 271 0 251 1 0 1 1 0 8 0
kqueuepl 152 2017 0 2008 1 0 1 1 0 8 0
pipepl 304 244 0 233 12 10 2 2 0 8 1
fdescpl 496 4320 0 4304 3 0 3 3 0 8 0
filepl 152 15411 0 15309 5 0 5 5 0 8 1
lockfpl 104 479 0 478 1 0 1 1 0 8 0
lockfspl 48 204 0 203 1 0 1 1 0 8 0
sessionpl 120 20 0 9 1 0 1 1 0 8 0
pgrppl 48 38 0 27 1 0 1 1 0 8 0
ucredpl 96 2066 0 2057 1 0 1 1 0 8 0
zombiepl 144 4304 0 4304 1 0 1 1 0 8 1
processpl 1008 4337 0 4304 5 0 5 5 0 8 0
procpl 632 9459 0 9418 4 0 4 4 0 8 0
sosppl 144 52 0 52 2 2 0 1 0 8 0
sockpl 400 3233 0 3210 6 2 4 5 0 8 0
mcl64k 65536 20 0 0 3 0 3 3 0 8 0
mcl16k 16384 6 0 0 1 0 1 1 0 8 0
mcl12k 12288 17 0 0 2 0 2 2 0 8 0
mcl9k 9216 15 0 0 2 0 2 2 0 8 0
mcl8k 8192 17 0 0 3 0 3 3 0 8 0
mcl4k 4096 24 0 0 3 0 3 3 0 8 0
mcl2k2 2112 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 291 0 0 19 0 19 19 0 8 0
mtagpl 96 239 0 0 5 0 5 5 0 8 0
mbufpl 256 953 0 0 56 1 55 55 0 8 0
bufpl 280 9810 0 3535 449 0 449 449 0 8 0
anonpl 16 297385 0 289747 35 3 32 32 0 124 0
amapchunkpl 152 15821 0 15617 11 2 9 9 0 158 0
amappl16 192 12533 0 12271 15 1 14 15 0 8 0
amappl15 184 10 0 8 1 0 1 1 0 8 0
amappl14 176 9 0 3 2 1 1 1 0 8 0
amappl13 168 106 0 104 1 0 1 1 0 8 0
amappl12 160 1291 0 1286 1 0 1 1 0 8 0
amappl11 152 71 0 56 1 0 1 1 0 8 0
amappl10 144 1593 0 1587 1 0 1 1 0 8 0
amappl9 136 1557 0 1557 1 1 0 1 0 8 0
amappl8 128 1480 0 1396 3 0 3 3 0 8 0
amappl7 120 1877 0 1866 1 0 1 1 0 8 0
amappl6 112 144 0 125 1 0 1 1 0 8 0
amappl5 104 5710 0 5699 1 0 1 1 0 8 0
amappl4 96 348 0 315 1 0 1 1 0 8 0
amappl3 88 219 0 213 1 0 1 1 0 8 0
amappl2 80 29643 0 29572 3 1 2 3 0 8 0
amappl1 72 119474 0 119010 24 14 10 19 0 8 0
amappl 80 9787 0 9727 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 45 0 10 1 0 1 1 0 8 0
uaddrrnd 24 4341 0 4325 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 4341 0 4325 1 0 1 1 0 8 0
vmmpekpl 168 21366 0 21326 3 0 3 3 0 8 0
vmmpepl 168 526363 0 524855 93 20 73 75 0 357 3
vmsppl 368 4340 0 4325 2 0 2 2 0 8 0
pdppl 4096 8689 0 8650 6 0 6 6 0 8 1
pvpl 32 1429354 0 1418527 160 65 95 115 0 265 5
pmappl 232 4340 0 4325 5 4 1 2 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 309 0 11 9 0 9 9 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{0}> trace
x86_ipi_db(ffffffff826d0ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x37 kd_curproc sys/dev/kcov.c:513 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x37 sys/dev/kcov.c:121
__mp_lock(ffffffff82888b60) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82888b60) at __mp_lock+0x133 sys/kern/kern_lock.c:147
intr_handler(ffff800021cee400,ffff80000004a400) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge17_untramp() at Xintr_ioapic_edge17_untramp+0x19f
end of kernel
end trace frame: 0x7f7fffffadb0, count: -7
ddb{0}> machine ddbcpu 1
Stopped at strlen+0x81: movq 0(%rax),%rdx
ddb{1}> trace
strlen() at strlen+0x81
kern_sysctl(ffff800024112124,7,0,ffff800024112158,0,0) at kern_sysctl+0xc74 sys/kern/kern_sysctl.c:518
sys_sysctl(ffff800020e9e018,ffff8000241121c8,ffff800024112210) at sys_sysctl+0x209 sys/kern/kern_sysctl.c:250
syscall(ffff800024112290) at syscall+0x4a1 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800024112290) at syscall+0x4a1 sys/arch/amd64/amd64/trap.c:568
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7bbe949cc60, count: -5