last executing test programs: 114.201228ms ago: executing program 1 (id=2): mquery(&(0x7f00000d2000/0x4000)=nil, 0x4000, 0xb370454908b9eb86, 0x10, 0xffffffffffffffff, 0x1) shmat(0xffffffffffffffff, &(0x7f00003fd000/0xc00000)=nil, 0x3000) shmat(0xffffffffffffffff, &(0x7f0000ffa000/0x4000)=nil, 0x2000) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) sysctl$kern(&(0x7f0000000100)={0x1, 0xa}, 0x2, &(0x7f0000002480)='q', &(0x7f0000000040)=0x1, 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) fcntl$lock(r1, 0x9, &(0x7f0000000100)={0x3, 0x1, 0xfffffffffffffffe, 0x300000003}) setrlimit(0x8, &(0x7f0000000980)={0xb, 0x54}) r2 = syz_open_pts() close(r2) r3 = syz_open_pts() ioctl$TIOCSETA(r3, 0x802c7414, &(0x7f0000000340)={0x7, 0x0, 0x86, 0x5, "ff14e7130b1e586ca6294000", 0x40, 0x3effc}) writev(r3, &(0x7f0000000040)=[{&(0x7f0000000380)="079facfaaed69aea4dc561c3b736feac0a2a76087be8b904ddc6f90b66e0f69b6dfba683b348224cf0ccc2a39b0f79389a2bd9b211424a22ca014b9231e253e257706c75b3f320166475c72455021edf575fab8b5d65b8d261c87c3ccc4e784ea7462f3723edabb8e26d27acb1797e2ef4db27270a", 0xffffff01}], 0x1) readv(r2, &(0x7f0000000180)=[{&(0x7f00000009c0)=""/4096, 0x1000}], 0x1) ioctl$TIOCSTAT(r3, 0x20007465, 0x0) r4 = openat$wsmuxkbd(0xffffffffffffff9c, &(0x7f0000000240), 0x4c0, 0x0) readv(r4, &(0x7f0000000500)=[{&(0x7f0000000280)=""/6, 0x6}, {&(0x7f00000002c0)=""/15, 0xf}, {&(0x7f0000000400)=""/216, 0xd8}], 0x3) fcntl$lock(r0, 0x9, &(0x7f0000000040)={0x2, 0x1, 0x7, 0x100000003}) socketpair(0x20, 0x0, 0x80, &(0x7f0000000040)) getsockopt$sock_int(r0, 0xffff, 0x8, &(0x7f0000000140), &(0x7f00000001c0)=0x4) 91.472839ms ago: executing program 2 (id=3): ioctl$WSMUXIO_LIST_DEVICES(0xffffffffffffffff, 0xc1045763, 0x0) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x10091, 0x0) select(0x40, &(0x7f0000000100)={0x4, 0x7, 0xfffffffffffffffe, 0xfffffffffffffffe, 0x10000000000, 0x4b06, 0x80000000, 0x3}, &(0x7f00000024c0)={0x9, 0x10000, 0x1, 0x3000000, 0x2000, 0x0, 0x0, 0x4}, 0x0, 0x0) fcntl$lock(r0, 0x9, &(0x7f00000001c0)={0x3, 0x0, 0x0, 0x300000003}) close(r0) socket(0x24, 0x2, 0x6) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) fcntl$lock(r1, 0x9, &(0x7f0000000000)={0x0, 0x0, 0x6, 0x300000003}) fcntl$lock(r1, 0x9, &(0x7f0000000140)={0x0, 0x0, 0x4000000004de1, 0x1000300000007}) close(r1) unveil(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000280)='x\x00') sysctl$net_inet6_icmp6(&(0x7f0000000040)={0x4, 0x18, 0x3a, 0x9}, 0x5f, 0x0, 0x0, 0x0, 0x0) 30.375827ms ago: executing program 0 (id=1): syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffff06000000aa"]) syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="00001c00ac14"]) syz_emit_ethernet(0x138, &(0x7f0000000000)=ANY=[@ANYBLOB="ff02"]) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x2, 0x1, 0x0) readv(0xffffffffffffffff, &(0x7f00000001c0), 0x0) bind(r0, &(0x7f0000000000), 0x10) listen(r0, 0x0) r1 = socket(0x2, 0xc001, 0x0) connect$unix(r1, &(0x7f0000000000), 0x10) r2 = socket(0x2, 0x1, 0x0) connect$unix(r2, &(0x7f0000000000), 0x10) close(r0) syz_emit_ethernet(0x4a, &(0x7f00000008c0)={@local, @empty, [], {@ipv6={0x86dd, {0x4, 0x6, "4cc609", 0x14, 0x2, 0xdf, @loopback, @ipv4={'\x00', '\xff\xff', @loopback}, {[], @tcp={{0x3, 0x1, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x1, 0x149, 0x0, 0x5d2b}}}}}}}) 28.489036ms ago: executing program 6 (id=7): r0 = open(&(0x7f0000000000)='./file0\x00', 0x9cab835cfdc52675, 0x0) (async) r1 = socket(0x2, 0x1, 0x0) setsockopt(r1, 0x6, 0x4, &(0x7f00000000c0)="aef43c05", 0x4) setsockopt(r1, 0x6, 0x8, &(0x7f0000000040)="3b94c5a3", 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0xa011, r0, 0x0) (async) ftruncate(r0, 0x79c8) (async) sysctl$kern(&(0x7f00000000c0)={0x1, 0x33}, 0x3, &(0x7f0000000100)="71f91e3471ac0058bc5a91501d94a34b8e5f84cf71b59c7afec37082", &(0x7f0000000080)=0x3414, 0x0, 0xffffffffffffffb8) madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4) (async) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3, 0x5012, 0xffffffffffffffff, 0x0) (async) symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00') (async) truncate(&(0x7f0000000280)='./file0/file0/..\x00', 0x8) r2 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) (async) kevent(0xffffffffffffffff, &(0x7f0000000040)=[{{}, 0x0, 0x0, 0x0, 0x3}], 0x0, 0x0, 0x0, 0x0) (async) sysctl$net_inet_ip(&(0x7f0000000040)={0x4, 0x11, 0x0, 0x2}, 0x6, &(0x7f0000000080), 0x0, 0x0, 0x0) open$dir(&(0x7f0000000140)='./file0\x00', 0x200, 0x1a0) symlinkat(&(0x7f00000005c0)='\x00', r2, &(0x7f0000000c80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') (async) symlinkat(&(0x7f0000000dc0)='./file0\x00', r2, &(0x7f0000000ec0)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r3 = open$dir(&(0x7f0000000200)='.\x00', 0x0, 0x10) mkdirat(r3, &(0x7f0000000a80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) (async) link(&(0x7f0000000100)='./file0\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') symlink(&(0x7f0000000ac0)='./file0\x00', &(0x7f0000000e40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r4 = open$dir(&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x80, 0x0) mkdirat(r4, &(0x7f0000000180)='./file0\x00', 0x195) unveil(&(0x7f0000000040)='./file0\x00', &(0x7f00000002c0)='r\x00') (async) rename(&(0x7f0000000600)='./file0\x00', 0x0) (async) rename(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) 0s ago: executing program 3 (id=4): lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)) lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)) r0 = openat$wsmuxmouse(0xffffffffffffff9c, &(0x7f0000000180), 0x8, 0x0) getsockopt$SO_PEERCRED(0xffffffffffffff9c, 0xffff, 0x1022, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0xc) r4 = getegid() fchownat(r0, &(0x7f00000001c0)='./file0\x00', r2, r4, 0x2) socketpair(0x6, 0x3, 0x5, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom(r6, &(0x7f0000000280)=""/197, 0xc5, 0x1800, &(0x7f0000000380)=@in={0x2, 0x1}, 0xc) r7 = getegid() sendto$unix(r0, &(0x7f00000003c0)="495027fc9a558765f42eb908aedff2f52552", 0x12, 0x4, &(0x7f0000000400)=@file={0x1, './file0\x00'}, 0xa) setsockopt$sock_cred(r5, 0xffff, 0x1022, &(0x7f0000000440)={r1, r2, r7}, 0xc) shutdown(r0, 0x2) setregid(r3, r7) r8 = socket$unix(0x1, 0x2, 0x0) close(r8) setsockopt$sock_cred(r8, 0xffff, 0x1022, &(0x7f0000000480)={r1, r2, r4}, 0xc) flock(r5, 0x8) r9 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f00000004c0), 0x20, 0x0) poll(&(0x7f0000000500)=[{r6, 0x4}, {r8, 0x40}, {r6, 0x8}, {r9, 0x8}, {r0, 0x1}], 0x5, 0x3) r10 = shmget$private(0x0, 0x3000, 0x134, &(0x7f0000ffc000/0x3000)=nil) shmctl$IPC_SET(r10, 0x1, &(0x7f0000000540)={{0xd90, r2, r3, r2, r4, 0x8, 0x3}, 0x7, 0x1, r1, r1, 0x1ff, 0x7, 0x8}) getpeername(r0, &(0x7f00000005c0)=@in6, &(0x7f0000000600)=0xc) r11 = semget$private(0x0, 0x4, 0x20) semctl$SETALL(r11, 0x0, 0x9, &(0x7f0000000640)=[0x9, 0x2, 0x3]) semctl$GETZCNT(r11, 0x6, 0x7, &(0x7f0000000680)=""/157) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) sendto(r6, &(0x7f0000000740)="f388516ad65587fa0e09950a9ef51f332cb51b3a7665ed42fb79b120c1c2c2cf84c3c89202f3c8ba6e43df8515b5af278a092708ce00d8a8c83b73e48406b0a7dfb3b4d7f1cde7c605308e97ada332fc2f829b94e9f5300bdb2fc5a8f77545e2481008f2bbc1dc2e4ad6be41b7a75bad5ddebcaee3dfcaf117b0adb3d921ea828daaf617465e3542313b5e8b8a186488c3", 0x91, 0x0, &(0x7f0000000800)=@in={0x2, 0x2}, 0xc) connect$unix(r6, &(0x7f0000000840)=@file={0x0, './file0\x00'}, 0xa) r12 = semget(0x2, 0x1, 0x740) semctl$IPC_SET(r12, 0x0, 0x1, &(0x7f0000000880)={{0x9, r2, r4, 0x0, r7, 0x0, 0xfffe}, 0x1ff, 0x8b64, 0xc6f}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.16' (ED25519) to the list of known hosts. panic: mtx 0xffffffff838dea98: locking against myself Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 62331 22738 0 0x100002 0 1 ndp * 52333 37654 32767 0x10 0 0 syz-executor db_enter() at db_enter+0x25 panic(ffffffff83334dfa) at panic+0x1e5 mtx_enter_try(ffffffff838dea98) at mtx_enter_try+0x1da mtx_enter(ffffffff838dea98) at mtx_enter+0x62 uvm_pageclean(fffffd80087d0600) at uvm_pageclean+0x28e uvm_pagefree(fffffd80087d0600) at uvm_pagefree+0x26 uvn_get(fffffd805fcbfcb0,0,ffff80003c45f9c8,ffff80003c45f9ac,0,2,2109099d72e17965,2) at uvn_get+0x686 uvm_fault_lower_io(ffff80003c45fbe0,ffff80003c45fc18,ffff80003c45fa60,ffff80003c45fa48) at uvm_fault_lower_io+0x2cd uvm_fault_lower(ffff80003c45fbe0,ffff80003c45fc18,ffff80003c45fb60) at uvm_fault_lower+0x2bb uvm_fault(fffffd806b940400,200000000000,0,2) at uvm_fault+0x274 upageflttrap(ffff80003c45fd70,200000000000) at upageflttrap+0xa9 usertrap(ffff80003c45fd70) at usertrap+0x3c6 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7747bef27290, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: mtx 0xffffffff838dea98: locking against myself ddb{0}> trace db_enter() at db_enter+0x25 panic(ffffffff83334dfa) at panic+0x1e5 mtx_enter_try(ffffffff838dea98) at mtx_enter_try+0x1da mtx_enter(ffffffff838dea98) at mtx_enter+0x62 uvm_pageclean(fffffd80087d0600) at uvm_pageclean+0x28e uvm_pagefree(fffffd80087d0600) at uvm_pagefree+0x26 uvn_get(fffffd805fcbfcb0,0,ffff80003c45f9c8,ffff80003c45f9ac,0,2,2109099d72e17965,2) at uvn_get+0x686 uvm_fault_lower_io(ffff80003c45fbe0,ffff80003c45fc18,ffff80003c45fa60,ffff80003c45fa48) at uvm_fault_lower_io+0x2cd uvm_fault_lower(ffff80003c45fbe0,ffff80003c45fc18,ffff80003c45fb60) at uvm_fault_lower+0x2bb uvm_fault(fffffd806b940400,200000000000,0,2) at uvm_fault+0x274 upageflttrap(ffff80003c45fd70,200000000000) at upageflttrap+0xa9 usertrap(ffff80003c45fd70) at usertrap+0x3c6 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7747bef27290, count: -13 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80003c45f700 rbx 0xffffffff837a4ddf cpu_info_full_primary+0x2ddf rdx 0 rcx 0xffff80003c459250 rax 0xffffffff837a3ff0 cpu_info_full_primary+0x1ff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0xc029bb288626dbab r11 0x59b31056bf1cce12 r12 0xffffffff837a4be0 cpu_info_full_primary+0x2be0 r13 0 r14 0 r15 0x1 rip 0xffffffff81fa2605 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c45f6f0 ss 0 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=52333 pid=37654 tcnt=4 stat=onproc flags process=10 proc=0 runpri=36, usrpri=50, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a36ea80,0xffff80003c458800 process=0xffff80003c47a730 user=0xffff80003c45a000, vmspace=0xfffffd806b940400 estcpu=30, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 1211 226776 43987 32767 2 0x10 syz-executor 75962 29827 79024 32767 2 0x10 syz-executor 22738 62331 21817 0 7 0x100002 ndp 21817 130593 23570 0 3 0x10008a sigsusp sh *37654 52333 24109 32767 7 0x10 syz-executor 37654 393428 24109 32767 3 0x4000090 fsleep syz-executor 37654 443904 24109 32767 3 0x4000010 biowait syz-executor 37654 302875 24109 32767 3 0x4000010 uobjlk syz-executor 66094 423777 56385 32767 2 0x10 syz-executor 66094 479673 56385 32767 3 0x4000090 lockf syz-executor 53571 197358 75351 0 2 0x100000 sh 75351 44417 94705 0 3 0x10008a sigsusp sh 54762 212671 66336 32767 2 0x10 syz-executor 54762 38380 66336 32767 3 0x4000090 fsleep syz-executor 23570 12732 75834 0 3 0x80 wait syz-executor 24109 123893 14074 32767 3 0x90 nanoslp syz-executor 94705 368742 78790 0 3 0x80 wait syz-executor 43987 396768 84373 32767 3 0x90 nanoslp syz-executor 73628 375413 81387 0 2 0 syz-executor 56385 517350 59049 32767 3 0x90 nanoslp syz-executor 66336 422501 60142 32767 3 0x90 nanoslp syz-executor 79024 323375 17472 32767 3 0x90 nanoslp syz-executor 81387 248431 84214 0 3 0x82 wait syz-executor 14074 470176 84214 0 3 0x82 wait syz-executor 78790 176445 84214 0 3 0x82 wait syz-executor 75834 41562 84214 0 3 0x82 wait syz-executor 84373 391862 84214 0 3 0x82 wait syz-executor 59049 475495 84214 0 3 0x82 wait syz-executor 60142 475371 84214 0 3 0x82 wait syz-executor 17472 13694 84214 0 3 0x82 wait syz-executor 84214 402460 15895 0 3 0x82 kqread syz-executor 15895 8417 10426 0 3 0x10008a sigsusp ksh 10426 501671 87533 0 3 0x98 kqread sshd-session 87533 380007 78470 0 3 0x92 kqread sshd-session 76282 129624 1 0 3 0x100083 ttyin getty 78470 294155 1 0 3 0x88 kqread sshd 14777 125876 58450 73 3 0x1100090 kqread syslogd 58450 439368 1 0 3 0x100082 sbwait syslogd 26993 254775 1 0 3 0x100080 kqread resolvd 44631 522101 63502 77 3 0x100092 kqread dhcpleased 28862 177489 63502 77 3 0x100092 kqread dhcpleased 63502 395298 1 0 3 0x80 kqread dhcpleased 49350 492205 0 0 2 0x40014200 smr 69901 364569 0 0 2 0x14200 zerothread 43758 372417 0 0 3 0x14200 aiodoned aiodoned 588 269253 0 0 3 0x14200 syncer update 10750 302502 0 0 3 0x14200 cleaner cleaner 45903 50901 0 0 3 0x14200 reaper reaper 70116 178416 0 0 3 0x14200 pgdaemon pagedaemon 22395 386269 0 0 3 0x14200 bored viomb 58046 270260 0 0 3 0x40014200 acpi0 acpi0 85199 502927 0 0 3 0x40014200 idle1 55049 107582 0 0 3 0x14200 bored softnet7 20656 171544 0 0 3 0x14200 bored softnet6 94439 413075 0 0 3 0x14200 bored softnet5 67624 328591 0 0 3 0x14200 bored softnet4 81452 305376 0 0 3 0x14200 bored softnet3 80023 410669 0 0 3 0x14200 bored softnet2 5568 119208 0 0 3 0x14200 bored softnet1 49636 93935 0 0 3 0x14200 bored softnet0 48001 396103 0 0 3 0x14200 smrbar systqmp 1918 313149 0 0 3 0x14200 bored systq 62095 289550 0 0 3 0x14200 tmoslp softclockmp 27034 51306 0 0 3 0x40014200 tmoslp softclock 47557 150943 0 0 3 0x40014200 idle0 1 223142 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex &uvm.pageqlock r = 0 (0xffffffff838deaa8) #0 witness_lock+0x5f1 #1 mtx_enter_try+0x1ad #2 mtx_enter+0x62 #3 uvn_get+0x674 #4 uvm_fault_lower_io+0x2cd #5 uvm_fault_lower+0x2bb #6 uvm_fault+0x274 #7 upageflttrap+0xa9 #8 usertrap+0x3c6 #9 recall_trap+0x8 Process 37654 (syz-executor) thread 0xffff80003c459250 (52333) exclusive rwlock uobjlk r = 0 (0xfffffd80667817d0) #0 witness_lock+0x5f1 #1 rw_do_enter_write+0x419 #2 uvn_io+0x667 #3 uvn_get+0x31d #4 uvm_fault_lower_io+0x2cd #5 uvm_fault_lower+0x2bb #6 uvm_fault+0x274 #7 upageflttrap+0xa9 #8 usertrap+0x3c6 #9 recall_trap+0x8 exclusive mutex &uvm.pageqlock r = 0 (0xffffffff838deaa8) #0 witness_lock+0x5f1 #1 mtx_enter_try+0x1ad #2 mtx_enter+0x62 #3 uvn_get+0x674 #4 uvm_fault_lower_io+0x2cd #5 uvm_fault_lower+0x2bb #6 uvm_fault+0x274 #7 upageflttrap+0xa9 #8 usertrap+0x3c6 #9 recall_trap+0x8 Process 37654 (syz-executor) thread 0xffff80003c458558 (443904) exclusive rrwlock inode r = 0 (0xfffffd807233e450) #0 witness_lock+0x5f1 #1 rw_do_enter_write+0x419 #2 rrw_enter+0xc6 #3 VOP_LOCK+0xa3 #4 vn_lock+0xa4 #5 sys_ftruncate+0x1c1 #6 syscall+0xb17 #7 Xsyscall+0x128 Process 48001 (systqmp) thread 0xffff8000ffffe530 (396103) shared rwlock systqmp r = 0 (0xffffffff837791e8) #0 witness_lock+0x5f1 #1 taskq_thread+0x12a #2 proc_trampoline+0x10 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10186 10955K 10968K 166960K 11264 0 pcb 17 12K 12K 166960K 17 0 rtable 193 5K 5K 166960K 245 0 pf 31 16K 16K 166960K 31 0 ifaddr 40 7K 7K 166960K 42 0 ifgroup 50 2K 2K 166960K 50 0 sysctl 1 1K 9K 166960K 5 0 counters 68 36K 36K 166960K 68 0 ioctlops 0 0K 2K 166960K 28 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1334 84K 84K 166960K 1350 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 5K 166960K 3 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 27 101K 125K 166960K 139 0 proc 58 99K 147K 166960K 466 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 89 6K 6K 166960K 89 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 25 122K 122K 166960K 25 0 exec 0 0K 1K 166960K 339 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 233 171K 178K 166960K 2700 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 49 98K 116K 166960K 1149 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 25 1K 1K 166960K 25 0 temp 34 8638K 8700K 166960K 3647 0 kqueue 14 22K 22K 166960K 22 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 34 0 30 1 0 1 1 0 8 0 rtentry 176 89 0 1 4 0 4 4 0 8 0 unpcb 144 31 0 16 1 0 1 1 0 8 0 syncache 336 3 0 3 1 0 1 1 0 8 1 tcpcb 736 7 0 2 1 0 1 1 0 8 0 arp 128 10 0 0 1 0 1 1 0 8 0 inpcb 328 54 0 46 1 0 1 1 0 8 0 nd6 144 14 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 398 0 0 25 0 25 25 0 8 0 art_table 40 399 0 0 5 0 5 5 0 8 0 art_node 32 89 0 4 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1541 0 40 94 0 94 94 0 8 0 ffsino 296 1541 0 40 116 0 116 116 0 8 0 nchpl 144 1720 0 45 63 0 63 63 0 8 0 uvmvnodes 80 1622 0 0 34 0 34 34 0 8 0 vnodes 216 1622 0 0 91 0 91 91 0 8 0 namei 1024 4997 0 4997 2 0 2 2 0 8 2 percpumem 16 49 0 0 1 0 1 1 0 8 0 kstatmem 264 24 0 0 2 0 2 2 0 8 0 scxspl 216 6229 0 6227 3 1 2 2 1 8 1 plimitpl 152 34 0 10 1 0 1 1 0 8 0 sigapl 424 422 0 361 8 0 8 8 0 8 0 knotepl 120 55 0 0 2 0 2 2 0 8 0 kqueuepl 224 18 0 8 1 0 1 1 0 8 0 pipepl 344 98 0 71 3 0 3 3 0 8 0 fdescpl 528 400 0 361 4 0 4 4 0 8 0 filepl 160 1263 0 1055 9 0 9 9 0 8 0 lockfpl 104 9 0 4 1 0 1 1 0 8 0 lockfspl 48 6 0 2 1 0 1 1 0 8 0 sessionpl 144 21 0 5 1 0 1 1 0 8 0 pgrppl 48 29 0 5 1 0 1 1 0 8 0 ucredpl 104 79 0 63 1 0 1 1 0 8 0 zombiepl 144 361 0 361 1 0 1 1 0 8 1 processpl 1248 422 0 361 7 1 6 6 0 8 0 procpl 664 427 0 361 6 0 6 6 0 8 0 sockpl 752 119 0 92 3 0 3 3 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 134 0 0 17 0 17 17 0 8 0 mcl2k 2048 14 0 0 2 0 2 2 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 134 0 0 9 0 9 9 0 8 0 bufpl 280 2799 0 116 192 0 192 192 0 8 0 anonpl 32 5156 0 0 42 0 42 42 0 246 0 amapchunkpl 152 7463 0 6873 27 4 23 23 0 158 0 amappl16 200 760 0 752 4 0 4 4 0 8 3 amappl15 192 7 0 7 1 0 1 1 0 8 1 amappl14 184 101 0 90 1 0 1 1 0 8 0 amappl13 176 6 0 6 1 0 1 1 0 8 1 amappl12 168 994 0 958 2 0 2 2 0 8 0 amappl11 160 41 0 31 1 0 1 1 0 8 0 amappl10 152 10 0 10 1 0 1 1 0 8 1 amappl9 144 259 0 259 1 0 1 1 0 8 1 amappl8 136 16 0 15 1 0 1 1 0 8 0 amappl7 128 92 0 81 1 0 1 1 0 8 0 amappl6 120 163 0 158 1 0 1 1 0 8 0 amappl5 112 118 0 112 1 0 1 1 0 8 0 amappl4 104 259 0 244 1 0 1 1 0 8 0 amappl3 96 1147 0 1040 3 0 3 3 0 8 0 amappl2 88 591 0 535 2 0 2 2 0 8 0 amappl1 80 7861 0 7267 15 0 15 15 0 8 2 amappl 88 2082 0 1920 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 401 0 362 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 401 0 362 1 0 1 1 0 8 0 vmmpekpl 168 4704 0 4671 2 0 2 2 0 8 0 vmmpepl 168 30919 0 28855 95 0 95 95 0 357 4 vmsppl 488 400 0 362 7 1 6 6 0 8 0 rwobjpl 80 12249 0 9778 53 0 53 53 0 8 1 pdppl 4096 810 0 724 112 14 98 98 0 8 12 pvpl 32 10805 0 0 90 1 89 89 0 265 1 pmappl 256 400 0 362 4 1 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 275 0 17 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 panic(ffffffff83334dfa) at panic+0x1e5 mtx_enter_try(ffffffff838dea98) at mtx_enter_try+0x1da mtx_enter(ffffffff838dea98) at mtx_enter+0x62 uvm_pageclean(fffffd80087d0600) at uvm_pageclean+0x28e uvm_pagefree(fffffd80087d0600) at uvm_pagefree+0x26 uvn_get(fffffd805fcbfcb0,0,ffff80003c45f9c8,ffff80003c45f9ac,0,2,2109099d72e17965,2) at uvn_get+0x686 uvm_fault_lower_io(ffff80003c45fbe0,ffff80003c45fc18,ffff80003c45fa60,ffff80003c45fa48) at uvm_fault_lower_io+0x2cd uvm_fault_lower(ffff80003c45fbe0,ffff80003c45fc18,ffff80003c45fb60) at uvm_fault_lower+0x2bb uvm_fault(fffffd806b940400,200000000000,0,2) at uvm_fault+0x274 upageflttrap(ffff80003c45fd70,200000000000) at upageflttrap+0xa9 usertrap(ffff80003c45fd70) at usertrap+0x3c6 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7747bef27290, count: -13 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 x86_ipi_handler() at x86_ipi_handler+0xd9 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83952408) at __mp_lock+0x192 syscall(ffff80003c465190) at syscall+0xaf4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7acb08dd9d60, count: 9 ddb{1}> trace x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 x86_ipi_handler() at x86_ipi_handler+0xd9 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83952408) at __mp_lock+0x192 syscall(ffff80003c465190) at syscall+0xaf4 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7acb08dd9d60, count: -6