uvm_fault(0xfffffd807f000170, 0x18, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at unveil_find_cover+0xc8: movl 0x18(%r12),%ebx
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
kernel page fault
uvm_fault(0xfffffd807f000170, 0x18, 0, 1) -> e
unveil_find_cover(0,ffff800023f8cc60) at unveil_find_cover+0xc8 sys/kern/kern_unveil.c:308
end trace frame: 0xffff80002403add0, count: 0
ddb{0}> trace
unveil_find_cover(0,ffff800023f8cc60) at unveil_find_cover+0xc8 sys/kern/kern_unveil.c:308
unveil_add_vnode(ffff800023f8cc60,fffffd8064d9cc48) at unveil_add_vnode+0x2b5 sys/kern/kern_unveil.c:508
unveil_add(ffff800023f8cc60,ffff80002403ae98,ffff80002403af73) at unveil_add+0x27b sys/kern/kern_unveil.c:621
sys_unveil(ffff800023f8cc60,ffff80002403afd8,ffff80002403b020) at sys_unveil+0x416 sys/kern/vfs_syscalls.c:1038
syscall(ffff80002403b0a0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002403b0a0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3c608e0fa00, count: -6
ddb{0}> show registers
rdi 0xffffffff81b9617b unveil_find_cover+0x2b
rsi 0x1154 __ALIGN_SIZE+0x154
rbp 0xffff80002403ad40
rbx 0
rdx 0x1155 __ALIGN_SIZE+0x155
rcx 0xffff80002136e000
rax 0xfffffd807f7bfae0
r8 0xffffffff817aafb7 witness_assert+0x207
r9 0x5
r10 0xa
r11 0x128bff15db84fcc9
r12 0
r13 0xfffffd807efc4410
r14 0xffffffffffffffff
r15 0xffff800023f8cc60
rip 0xffffffff81b96218 unveil_find_cover+0xc8
cs 0x8
rflags 0x10207 __ALIGN_SIZE+0xf207
rsp 0xffff80002403aca0
ss 0x10
unveil_find_cover+0xc8: movl 0x18(%r12),%ebx
ddb{0}> show proc
PROC (syz-executor.0) pid=492041 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800023f8d3b0,0xffffffff8267b150
process=0xffff800024010408 user=0xffff800024036000, vmspace=0xfffffd807f000170
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
34175 155360 94472 0 2 0 syz-executor.0
34175 367103 94472 0 3 0x4000080 fsleep syz-executor.0
34175 131900 94472 0 2 0x4000000 syz-executor.0
*34175 492041 94472 0 7 0x4000000 syz-executor.0
34406 75001 0 0 3 0x14200 acct acct
84942 196493 0 0 3 0x14200 bored sosplice
18157 459177 0 0 3 0x14280 nfsidl nfsio
92318 492156 0 0 3 0x14280 nfsidl nfsio
40173 40082 0 0 3 0x14280 nfsidl nfsio
67245 110328 0 0 3 0x14280 nfsidl nfsio
41682 373980 0 0 3 0x14280 nfsidl nfsio
6187 103114 0 0 3 0x14280 nfsidl nfsio
38526 403637 0 0 3 0x14280 nfsidl nfsio
4140 441066 0 0 3 0x14280 nfsidl nfsio
69420 518779 0 0 3 0x14280 nfsidl nfsio
32206 126513 0 0 3 0x14280 nfsidl nfsio
68599 224720 0 0 3 0x14280 nfsidl nfsio
23503 196328 0 0 3 0x14280 nfsidl nfsio
64406 93548 0 0 3 0x14280 nfsidl nfsio
46537 453613 0 0 3 0x14280 nfsidl nfsio
22452 450290 0 0 3 0x14280 nfsidl nfsio
65363 268157 0 0 3 0x14280 nfsidl nfsio
37731 337872 0 0 3 0x14280 nfsidl nfsio
90389 362122 0 0 3 0x14280 nfsidl nfsio
93966 496769 0 0 3 0x14280 nfsidl nfsio
36918 229402 0 0 3 0x14280 nfsidl nfsio
13638 416986 42127 0 3 0x82 piperd syz-executor.1
94472 225278 42127 0 7 0x482 syz-executor.0
42127 378742 46102 0 3 0x82 thrsleep syz-fuzzer
42127 522198 46102 0 2 0x4000482 syz-fuzzer
42127 371922 46102 0 3 0x4000082 thrsleep syz-fuzzer
42127 471021 46102 0 3 0x4000082 thrsleep syz-fuzzer
42127 419614 46102 0 3 0x4000082 thrsleep syz-fuzzer
42127 90853 46102 0 3 0x4000082 kqread syz-fuzzer
42127 52169 46102 0 3 0x4000082 thrsleep syz-fuzzer
42127 325781 46102 0 3 0x4000082 thrsleep syz-fuzzer
42127 160513 46102 0 2 0x4000002 syz-fuzzer
42127 437214 46102 0 3 0x4000082 thrsleep syz-fuzzer
46102 408961 68390 0 3 0x10008a pause ksh
68390 51417 4951 0 3 0x92 select sshd
88324 455571 1 0 3 0x100083 ttyin getty
4951 224470 1 0 3 0x80 select sshd
6709 101588 77532 74 3 0x100092 bpf pflogd
77532 419024 1 0 3 0x80 netio pflogd
89269 302392 78849 73 3 0x100090 kqread syslogd
78849 39153 1 0 3 0x100082 netio syslogd
34966 519668 1 77 3 0x100090 poll dhclient
65170 129453 1 0 3 0x80 poll dhclient
49256 331966 0 0 3 0x14200 bored smr
88446 158272 0 0 2 0x14200 zerothread
26968 286311 0 0 3 0x14200 aiodoned aiodoned
30206 126496 0 0 3 0x14200 syncer update
53947 206364 0 0 3 0x14200 cleaner cleaner
12858 124956 0 0 3 0x14200 reaper reaper
10392 106705 0 0 3 0x14200 pgdaemon pagedaemon
55444 34630 0 0 3 0x14200 bored crynlk
8459 392088 0 0 3 0x14200 bored crypto
52368 297309 0 0 3 0x40014200 acpi0 acpi0
19840 216325 0 0 3 0x40014200 idle1
31166 128728 0 0 3 0x14200 bored softnet
70626 257219 0 0 3 0x14200 bored systqmp
74158 205040 0 0 3 0x14200 bored systq
55686 121224 0 0 3 0x40014200 bored softclock
40778 190861 0 0 3 0x40014200 idle0
1 131149 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 34175 (syz-executor.0) thread 0xffff800023f8d3b0 (131900)
exclusive rwlock futex r = 0 (0xffffffff82536990)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 sys_futex+0x102 sys/kern/sys_futex.c:109
#2 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#2 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#3 Xsyscall+0x128
Process 34175 (syz-executor.0) thread 0xffff800023f8cc60 (492041)
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82667d70)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 __mp_acquire_count+0x51 sys/kern/kern_lock.c:227
#2 mi_switch+0x392 sys/kern/sched_bsd.c:435
#3 yield+0xbb sys/kern/sched_bsd.c:310
#4 malloc+0xa4 sys/kern/kern_malloc.c:183
#5 unveil_add+0x162 sys/kern/kern_unveil.c:548
#6 sys_unveil+0x416 sys/kern/vfs_syscalls.c:1038
#7 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#7 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#8 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9545 6423K 6939K 78643K 11422 0
pcb 13 8K 8K 78643K 113 0
rtable 114 12K 13K 78643K 416 0
ifaddr 92 16K 16K 78643K 138 0
counters 43 33K 34K 78643K 57 0
ioctlops 0 0K 4K 78643K 1536 0
iov 0 0K 28K 78643K 674 0
mount 1 1K 1K 78643K 1 0
vnodes 1215 76K 77K 78643K 1732 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 14 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 755 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1824 197K 290K 78643K 13058 0
file desc 5 13K 25K 78643K 1403 0
sigio 0 0K 0K 78643K 12 0
proc 65 95K 95K 78643K 521 0
subproc 32 2K 2K 78643K 51 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 47 0
in_multi 54 2K 2K 78643K 126 0
ether_multi 1 0K 0K 78643K 16 0
mrt 0 0K 0K 78643K 20 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 49 228K 228K 78643K 49 0
exec 0 0K 1K 78643K 888 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 130 72K 80K 78643K 5674 0
UVM aobj 22 2K 2K 78643K 22 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 55 0
NDP 16 0K 0K 78643K 34 0
temp 121 3040K 3104K 78643K 15701 0
kqueue 3 4K 12K 78643K 159 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 10 0 2 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 59 0 57 1 0 1 1 0 8 0
rtentry 112 87 0 43 2 0 2 2 0 8 0
unpcb 120 938 0 928 1 0 1 1 0 8 0
syncache 264 10 0 10 4 4 0 1 0 8 0
tcpcb 544 800 0 796 1 0 1 1 0 8 0
inpcb 280 3027 0 3019 9 7 2 2 0 8 1
rttmr 72 8 0 8 3 3 0 1 0 8 0
ip6q 72 2 0 2 1 1 0 1 0 8 0
ip6af 40 6 0 6 1 1 0 1 0 8 0
nd6 48 14 0 10 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 1 0 1 0 8 0
pffrag 232 2 0 2 1 1 0 1 0 482 0
pffrnode 88 2 0 2 1 1 0 1 0 8 0
pffrent 40 90 0 90 1 1 0 1 0 8 0
pfosfp 40 846 0 846 5 5 0 5 0 8 0
pfosfpen 112 1428 0 1428 21 21 0 21 0 8 0
pfstitem 24 54 0 43 1 0 1 1 0 8 0
pfstkey 112 54 0 43 1 0 1 1 0 8 0
pfstate 328 54 0 43 3 2 1 3 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 381 0 198 13 1 12 12 0 8 0
art_table 32 383 0 198 2 0 2 2 0 8 0
art_node 16 86 0 45 1 0 1 1 0 8 0
sysvmsgpl 40 7 0 5 3 2 1 1 0 8 0
semupl 112 3 0 3 1 1 0 1 0 8 0
semapl 112 749 0 739 1 0 1 1 0 8 0
shmpl 112 20 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 4002 0 2602 89 0 89 89 0 8 0
ffsino 272 4002 0 2602 95 0 95 95 0 8 0
nchpl 144 7159 0 5563 60 0 60 60 0 8 0
uvmvnodes 72 4255 0 0 78 0 78 78 0 8 0
vnodes 208 4255 0 0 224 0 224 224 0 8 0
namei 1024 23574 0 23572 3 2 1 1 0 8 0
percpumem 16 39 0 7 1 0 1 1 0 8 0
vcpupl 1984 5 0 0 1 0 1 1 0 8 0
vmpool 560 11 0 6 1 0 1 1 0 8 0
scsiplug 64 1 0 1 1 1 0 1 0 8 0
scxspl 192 17098 0 17098 9 8 1 7 0 8 1
plimitpl 152 47 0 39 1 0 1 1 0 8 0
sigapl 424 1638 0 1585 6 0 6 6 0 8 0
futexpl 56 31519 0 31517 3 2 1 1 0 8 0
knotepl 112 270 0 251 1 0 1 1 0 8 0
kqueuepl 144 444 0 441 1 0 1 1 0 8 0
pipelkpl 48 188 0 178 1 0 1 1 0 8 0
pipepl 120 376 0 357 1 0 1 1 0 8 0
fdescpl 496 1600 0 1584 3 0 3 3 0 8 0
filepl 152 15771 0 15671 8 3 5 6 0 8 1
lockfpl 104 188 0 187 1 0 1 1 0 8 0
lockfspl 48 61 0 60 1 0 1 1 0 8 0
sessionpl 112 19 0 8 1 0 1 1 0 8 0
pgrppl 48 21 0 10 1 0 1 1 0 8 0
ucredpl 96 6059 0 6050 1 0 1 1 0 8 0
zombiepl 144 2329 0 2329 2 1 1 1 0 8 1
processpl 984 1638 0 1585 7 0 7 7 0 8 0
procpl 624 4483 0 4418 7 1 6 6 0 8 0
sosppl 128 5 0 5 2 2 0 1 0 8 0
sockpl 400 4036 0 4017 13 9 4 5 0 8 2
mcl64k 65536 12 0 0 2 0 2 2 0 8 0
mcl16k 16384 1 0 0 1 0 1 1 0 8 0
mcl12k 12288 13 0 0 2 0 2 2 0 8 0
mcl9k 9216 3 0 0 1 0 1 1 0 8 0
mcl8k 8192 6 0 0 1 0 1 1 0 8 0
mcl4k 4096 18 0 0 3 0 3 3 0 8 0
mcl2k2 2112 10 0 0 1 0 1 1 0 8 0
mcl2k 2048 270 0 0 33 3 30 33 0 8 0
mtagpl 80 34 0 0 1 0 1 1 0 8 0
mbufpl 256 394 0 0 18 0 18 18 0 8 0
bufpl 280 5638 0 137 393 0 393 393 0 8 0
anonpl 16 139903 0 124887 76 14 62 69 0 124 0
amapchunkpl 152 8992 0 8853 26 19 7 20 0 158 0
amappl16 192 6888 0 6073 45 3 42 44 0 8 0
amappl15 184 9 0 7 1 0 1 1 0 8 0
amappl14 176 24 0 20 1 0 1 1 0 8 0
amappl13 168 84 0 79 1 0 1 1 0 8 0
amappl12 160 12 0 9 1 0 1 1 0 8 0
amappl11 152 63 0 47 1 0 1 1 0 8 0
amappl10 144 153 0 150 1 0 1 1 0 8 0
amappl9 136 1584 0 1581 1 0 1 1 0 8 0
amappl8 128 1594 0 1552 2 0 2 2 0 8 0
amappl7 120 123 0 112 1 0 1 1 0 8 0
amappl6 112 30 0 24 1 0 1 1 0 8 0
amappl5 104 1477 0 1461 1 0 1 1 0 8 0
amappl4 96 535 0 503 1 0 1 1 0 8 0
amappl3 88 166 0 160 1 0 1 1 0 8 0
amappl2 80 11874 0 11803 2 0 2 2 0 8 0
amappl1 72 44833 0 44398 23 13 10 18 0 8 0
amappl 80 4717 0 4670 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 21 0 0 1 0 1 1 0 8 0
uaddrrnd 24 1611 0 1590 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1611 0 1590 1 0 1 1 0 8 0
vmmpekpl 168 15180 0 15145 2 0 2 2 0 8 0
vmmpepl 168 201494 0 199514 132 40 92 117 0 357 0
vmsppl 368 1610 0 1590 2 0 2 2 0 8 0
pdppl 4096 3230 0 3185 6 0 6 6 0 8 0
pvpl 32 465709 0 447436 206 54 152 168 0 265 3
pmappl 232 1610 0 1590 3 1 2 2 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 296 0 19 8 0 8 8 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
unveil_find_cover(0,ffff800023f8cc60) at unveil_find_cover+0xc8 sys/kern/kern_unveil.c:308
unveil_add_vnode(ffff800023f8cc60,fffffd8064d9cc48) at unveil_add_vnode+0x2b5 sys/kern/kern_unveil.c:508
unveil_add(ffff800023f8cc60,ffff80002403ae98,ffff80002403af73) at unveil_add+0x27b sys/kern/kern_unveil.c:621
sys_unveil(ffff800023f8cc60,ffff80002403afd8,ffff80002403b020) at sys_unveil+0x416 sys/kern/vfs_syscalls.c:1038
syscall(ffff80002403b0a0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002403b0a0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3c608e0fa00, count: -6
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800020e00ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352
x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82667b68) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82667b68) at __mp_lock+0x127 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82667b68,1) at __mp_acquire_count+0x51 sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x392 sys/kern/sched_bsd.c:435
sleep_finish(ffff800020f6d030,1) at sleep_finish+0x113 sys/kern/kern_synch.c:418
sleep_finish_all(ffff800020f6d030,1) at sleep_finish_all+0x32 sleep_finish_timeout sys/kern/kern_synch.c:447 [inline]
sleep_finish_all(ffff800020f6d030,1) at sleep_finish_all+0x32 sys/kern/kern_synch.c:393
tsleep(ffffffff82611318,120,ffffffff821f05f5,2) at tsleep+0x1cc sys/kern/kern_synch.c:155
sys_nanosleep(ffff800020e6c008,ffff800020f6d160,ffff800020f6d1b0) at sys_nanosleep+0x205 sys/kern/kern_time.c:297
syscall(ffff800020f6d230) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800020f6d230) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffdf350, count: -12