kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Thu May 7 10:56:46 PDT 2020 OpenBSD/amd64 (ci-openbsd-multicore-2.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. 2020/05/07 10:57:01 fuzzer started 2020/05/07 10:57:03 dialing manager at 10.128.15.235:48861 2020/05/07 10:57:03 syscalls: 338 2020/05/07 10:57:03 code coverage: enabled 2020/05/07 10:57:03 comparison tracing: enabled 2020/05/07 10:57:03 extra coverage: support is not implemented in syzkaller 2020/05/07 10:57:03 setuid sandbox: enabled 2020/05/07 10:57:03 namespace sandbox: support is not implemented in syzkaller 2020/05/07 10:57:03 Android sandbox: support is not implemented in syzkaller 2020/05/07 10:57:03 fault injection: support is not implemented in syzkaller 2020/05/07 10:57:03 leak checking: support is not implemented in syzkaller 2020/05/07 10:57:03 net packet injection: enabled 2020/05/07 10:57:03 net device setup: support is not implemented in syzkaller 2020/05/07 10:57:03 concurrency sanitizer: support is not implemented in syzkaller 2020/05/07 10:57:03 devlink PCI setup: support is not implemented in syzkaller 2020/05/07 10:57:03 USB emulation: support is not implemented in syzkaller 10:57:10 executing program 0: unlink(&(0x7f0000000000)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0xc000, 0x1) r0 = accept$unix(0xffffffffffffff9c, &(0x7f0000000080)=@abs, &(0x7f00000000c0)=0x8) bind$unix(r0, &(0x7f0000000100)=@abs={0x1, 0x0, 0x1}, 0x8) bind$unix(r0, &(0x7f0000000140)=@abs={0x0, 0x0, 0x1}, 0x8) r1 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bpf\x00', 0x80, 0x0) ioctl$BIOCSETIF(r1, 0x8020426c, &(0x7f00000001c0)={'tap', 0x0}) r2 = open(&(0x7f0000000200)='./file0\x00', 0x200, 0x1c1) ioctl$VT_ACTIVATE(r2, 0x20007605, &(0x7f0000000240)=0x5) r3 = dup(0xffffffffffffff9c) unlinkat(r3, &(0x7f0000000280)='./file0\x00', 0x0) r4 = accept$unix(r2, &(0x7f00000002c0)=@file={0x0, ""/108}, &(0x7f0000000340)=0x6e) r5 = socket(0x2, 0x4, 0x4) connect(r5, &(0x7f0000000380)=@un=@abs={0x0, 0x0, 0x0}, 0x8) open(&(0x7f00000003c0)='./file0\x00', 0x20, 0x8) r6 = getuid() seteuid(r6) ioctl$TIOCSCTTY(r4, 0x20007461) ioctl$SPKRTUNE(r3, 0x20005302, &(0x7f0000000400)={0x39d3, 0x100}) geteuid() 10:57:10 executing program 1: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x80, 0x161) r1 = openat(r0, &(0x7f0000000040)='./file0\x00', 0x400, 0x24) r2 = socket(0x18, 0x2, 0x1) r3 = dup2(r0, r1) r4 = openat$pci(0xffffffffffffff9c, &(0x7f0000000540)='/dev/pci\x00', 0x10, 0x0) r5 = openat$pci(0xffffffffffffff9c, &(0x7f0000000580)='/dev/pci\x00', 0x80, 0x0) r6 = openat$wskbd(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/wskbd0\x00', 0x400, 0x0) r7 = dup(0xffffffffffffff9c) r8 = open$dir(&(0x7f0000000600)='./file0\x00', 0x0, 0x104) r9 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r10 = syz_open_pts() r11 = fcntl$getown(r0, 0x5) getgroups(0x9, &(0x7f0000000640)=[0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]) r13 = openat$wsmouse(0xffffffffffffff9c, &(0x7f0000000680)='/dev/wsmouse0\x00', 0x8000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000006c0)={0xffffffffffffffff}) r15 = openat$pci(0xffffffffffffff9c, &(0x7f0000000700)='/dev/pci\x00', 0x400, 0x0) r16 = socket$unix(0x1, 0x5, 0x0) r17 = socket$inet6(0x18, 0x8000, 0x3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) sendmsg$unix(r2, &(0x7f0000000880)={&(0x7f0000000080)=@abs={0x0, 0x0, 0x2}, 0x8, &(0x7f00000004c0)=[{&(0x7f00000000c0)="51fd9721896dfa", 0x7}, {&(0x7f0000000100)="7d2858f071a6731868d089adfd263749ed0ad877ae1f6d10018838d05976768ad97687b0699bd23dfc2222a9fa386c9668ea49edbe40d4b1e9c6803a370d7cf9338072d56abf", 0x46}, {&(0x7f0000000180)="59ed315734ab5b81670fcea125568a9cee9e463d0adef8c7c9cd595a45e78beb9da29139f2ff0dcabbec4f43cd858b3da8e4469aa74516b04b4c04302786e1c0aed346da76658d79af965bc055bf0259dcc830eb888ee9b37f7f68cbe56bb33a8b2831d137eb0dd7b04927ce50cfe10b6ef25b8c9278bccb86911baf055e47617a5f96b6519bcada93eaa65873a55cfd68926bf83fe4c190df36ec73e60dbbd052c06d78", 0xa4}, {&(0x7f0000000240)="e42401b94f98274da491be33745396d04f6f11235647a5178c66d0576e9c8631667f409391600d7b296bef94", 0x2c}, {&(0x7f0000000280)="c627950d7d9cfb65be2b4b1dcc5fcd6a0b84596dd7a52b27e5a75ab5f9ca50744ff6aaa55e22e8d393820a7a3c67cf2a7d1b8a6592d40dab2dddb52b28dd777bc667f22dc2eb256c4f0ed4285c6a213d235d49858970ffbc877e52720fd1deab3dc5b454cb0be4714172d4f84709b9bd9a1d054c7cc9962383f8993593426a470c20bb99d017cdcb82e8a4afcc671bec063d6297a9fc320a962a9a59f7099060df7e49e26d3bb802d9e6a50444a082f9bb2b67e905b15b24716c2f12a266ec19ae8bf393f8aaef0f99b3ccb6dc575efd8e1dc021b03c32e04155f762fbbf306c99bc2936bfb7ba7a7c33cdbef23c4ba89eea0d2f1757ecc5eb66c5ef7311", 0xfe}, {&(0x7f0000000380)="09b7f00d4b978dbfd633d3443bf2e4e738a1d6c7ce8a8508025f7f365bab497bc7d1e12f8e6ec7523fadbfdaac389bc2afd0ab786574e56bb40b7775fa7816a8a6737ad639472514fe6763294f15c069d04069dce258356dd847a582d3e1ab169ae5f9ee24423cb8a9a1fb6c473d7513270fa1120cdf955a07f30e2f5585b2f11b8fdbb63c5117c8dce6cb8cc8ee", 0x8e}, {&(0x7f0000000440)="30893af66e58677186ebecd64513b3cf0bbbf2efe3bef634cc2c92ea089d2b9a6a98253ac0434081caec9febe699aa07786c1a2d373de51f3f76ec18cc79935e224f534d6af169767bfda264e547b10d9d28ec96a8e61bcd7e283333aa3e434a0550040f869b85eb25284a84b50873247c28de1c", 0x74}], 0x7, &(0x7f0000000780)=[@rights={0x38, 0xffff, 0x1, [r0, r1, r3, r4, r0, r5, r1, r0, r0]}, @rights={0x20, 0xffff, 0x1, [r6, r1, r7]}, @rights={0x28, 0xffff, 0x1, [r1, r8, r9, r0, r10]}, @cred={0x20, 0xffff, 0x0, r11, 0x0, r12}, @rights={0x38, 0xffff, 0x1, [r13, r14, r15, 0xffffffffffffff9c, r16, 0xffffffffffffffff, r17, r0, r18]}], 0xd8, 0xa}, 0x3) 10:57:11 executing program 0: ioctl$VMM_IOC_WRITEREGS(0xffffffffffffffff, 0x82485608, &(0x7f0000000240)={0x0, 0x0, 0x0, {[], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200], [0x0, 0x0, 0x0, 0x9, 0xffffffffffffffff, 0x3fff7edffff], [0x0, 0x0, 0x482]}}) ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f0000000300)={'tap', 0x0}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x18, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bpf\x00', 0x4000000001, 0x0) ioctl$BIOCSETIF(r2, 0x8020426c, &(0x7f0000000080)={'tap', 0x0}) ioctl$BIOCSETWF(r2, 0x80104277, &(0x7f00000002c0)={0x3, &(0x7f0000000100)=[{0x34, 0x0, 0x0, 0x1711}, {0xc}, {0x6, 0x0, 0x0, 0x100}]}) pwrite(r2, &(0x7f0000000040)="fbaf8a8d1a029be96914f6357e3a", 0xe, 0x0, 0x0) write(r2, &(0x7f0000000000)="f23ffde7b01246ec1065d0f80a7697037936c44a783d6fe24b9e2bda71437cb12c57efa6ff0ed2787c945e467b862cfc074f556ea6ce80b67457f04857cbc68667943d20385c87c5eab8399cd827409a7750761123e611edd60ef8d2ae3254677589b92466cf6bb5ef43733e862eb03f1d442f1c3e62bd2dc4c51bd4b8dc5de8ae5d7867c4a32c53714e6dafeff009539194", 0x92) ioctl$TIOCFLUSH(r1, 0x8080691a, &(0x7f0000000300)) 10:57:11 executing program 1: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000380)={0x3, &(0x7f0000000040)=[{0x54}, {0x7c}, {0x4006}]}) r1 = kqueue() r2 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) kevent(r1, &(0x7f0000000140)=[{{r2}, 0xfffffffffffffffc, 0x2b}], 0x441280, 0x0, 0x0, 0x0) readlinkat(r2, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=""/225, 0xe1) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000000)={'tap', 0x0}) syz_emit_ethernet(0x3ca, &(0x7f00000003c0)={@empty, @empty, [], {@ipv6={0x86dd, {0x1, 0x6, "29799f", 0x394, 0xc, 0x4, @mcast2, @local={0xfe, 0x80, [], 0x0}, {[@dstopts={0x3a, 0x1, [], [@pad1, @pad1, @ra={0x5, 0x2, 0x7}]}], @icmpv6=@ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [], 0x0}, @remote={0xfe, 0x80, [], 0x0}, [{0x4, 0x7, "ba85351389d4a58c915d4f1ac0382b6fb099b8b40151374a0ee19f6792d23a47fd577f3c3c6945d238e04b2723dcf829ee1528a942f657"}, {0x5, 0xb, "e1325ebdc5ac866d247dd5ce95d196ade11cb637b92a0456f644b96e2e6315de4312243be6a96d72810243839f060aa922a9677b0b999c458b093187c718961b4ae09ba71d284dcad832e9d579805e60f9131eaad104bb90ce9736"}, {0x1f, 0x1c, "b8603962bf24282552ad4d0053e14d178e55af662878ac4829ae10772745e0cd65818e0b72b90ac4083b7328f802225580a9db7131bc6f5fd4b67362a9ea1b75f0f13667bde99aa8da97c886c81e1462ed75d2884906702040f50021ad5db79367be21d33b30a89160744497502d02211fb5576ffbfc82181e5368d8b3a9dc8d30397588c8587d8c82ff01c94e84667206678a0643b2fd2f6b06ddc3521dac86c20aaa9891509049028ea1b9387b6a57aad3ac98adab642b2b551ce5f78a8bc1e66cf324e99a0c12965e06961376747809cfe1c851673adf45fc23f6b76a8dd898a9"}, {0x18, 0xd, "3acd1905bc979e2af3e5df5d4be3eebd4d924d93dfbbf8444f21321442011024fa88e2741adf19badf2af67fc59e135ec95c594fb6675b5f0ce7fd301cd8cba27edaffcbaca799b387bde167a5c1b1fd2b2954600206286ab93efac7f64561b784f357b3735f11"}, {0x18, 0x4, "49160d3497aa2908f30d7e2bbaf343bc2514f2fa7a3727c204d62055f99d7cbcb1e5969a97"}, {0x1, 0x9, "174936064131e4a2e39be2867500669a1959b2141d202d05ce6c4234b98727568f863d6bfa3b14d57a598cd3b589dea5fb39c3b84bc569849ca554a752bacf9c8e6458e1ac377f"}, {0x19, 0x20, "b7c2b7319706acd8ebec445da440a5fea549aebf072761058dd180b27edd6e1edb47850286bf10281b0c74c231b615821779d188b0aa8ce3b9086c931b281e298c9c14fb86da5d1898f854de69b74689f8222cde1a109fec372015a14dfc605a608a05c788f297cc6263d5d305a21862c8f17a4f2fda0ab47099e3e701a2d4bf63ff3b89640fff828613f8ed8dd0ee275142c9f3df1645e44d6f68bb8297fd0a550a9cd4db201cbb696e3da10bf25e6ca2d23ba1e4050f36c676edd10ec0fcd260fe8cf1f3bb67c2b091b95857fe8c709075568c50c170feb7c9089d97f30a52cee914cc620e87716b5b54cb7b7b3a306d1c46631c0dffe9f457c9f8e13da5"}]}}}}}}) 10:57:11 executing program 0: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bpf\x00', 0x242, 0x0) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000040)={'tap', 0x0}) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f00000000c0)={'tap', 0x0}) ioctl$BIOCSETWF(r0, 0x80104277, &(0x7f0000000080)={0x3, &(0x7f0000000000)=[{0x45}, {0x45}, {0x6, 0x0, 0x0, 0x3ff}]}) pwrite(r0, &(0x7f0000000240)="d000"/14, 0xe, 0x0, 0x0) 10:57:11 executing program 1: ioctl$VMM_IOC_WRITEREGS(0xffffffffffffffff, 0x82485608, &(0x7f0000000240)={0x0, 0x0, 0x0, {[], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fc], [0x0, 0x0, 0x0, 0x9, 0xffffffffffffffff, 0xbfbfffffffffffff], [0x0, 0x0, 0x401], [{}, {}, {0x1}], {}, {0xfffe}}}) ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f0000000300)={'tap', 0x0}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x18, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TIOCFLUSH(r1, 0x8080691a, &(0x7f0000000300)) 10:57:11 executing program 0: open(&(0x7f0000000000)='./bus\x00', 0x1, 0x0) 10:57:11 executing program 1: r0 = socket(0x11, 0x4003, 0x0) sendto$unix(r0, &(0x7f0000000180)="b10005046000000000000800e9e24da8806f480bcea1fea7fef96ecfc73fd3357ae26caa0416fa4f376336acf00b7804be781e4991f7c8df5f882b297be1aa5b23ed00f4c8b2ca3e37c257699a1f132e27acb5d602000d7d02070000000000000021e4fd89720fd3872babfbb770c1f5a872c881ff7cc53c894303b22f310b404f36a00f90006ee01be608a371a3f800040000000000000201000000000000000000000000000000000000000000000000562b66113af19ef881d10dc61e6e8b6655d1febe337296d2c6fce0ddb73b5c7a2d5d1e84d6134c85b21c1487c68901c99ac9c1dc7044cbe6fe55d60287ef7e0179aa159c90202f325bd0323824d63f5cebb6065a03291143c7a659667322849c3cfdaa43d520f8648f3d09d780b184391fc5e5f932a7c412f58011fbcd48022b2ee9097bfc3d54387fe646c052e102d647b4aae5c356a65d", 0x149, 0x0, 0x0, 0x0) kqueue() r1 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) r2 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bpf\x00', 0x4000000001, 0x0) ioctl$BIOCSETIF(r2, 0x8020426c, &(0x7f0000000080)={'tap', 0x0}) ioctl$BIOCSETWF(r2, 0x80104277, &(0x7f00000002c0)={0x3, &(0x7f0000000100)=[{0x34, 0x0, 0x0, 0x1711}, {0xc}, {0x6, 0x0, 0x0, 0x100}]}) pwrite(r2, &(0x7f0000000040)="fbaf8a8d1a029be96914f6357e3a", 0xe, 0x0, 0x0) r3 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bpf\x00', 0x4000000001, 0x0) ioctl$BIOCSETIF(r3, 0x8020426c, &(0x7f0000000080)={'tap', 0x0}) ioctl$BIOCSETWF(r3, 0x80104277, &(0x7f00000002c0)={0x3, &(0x7f0000000100)=[{0x34, 0x0, 0x0, 0x1711}, {0xc}, {0x6, 0x0, 0x0, 0x100}]}) pwrite(r3, &(0x7f0000000040)="fbaf8a8d1a029be96914f6357e3a", 0xe, 0x0, 0x0) r4 = kqueue() r5 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) kevent(r4, &(0x7f0000000140)=[{{r5}, 0xfffffffffffffffc, 0x2b}], 0x441280, 0x0, 0x0, 0x0) kevent(r4, &(0x7f0000000300)=[{{r1}, 0xfffffffffffffffc, 0x2b, 0x0, 0x0, 0x2}, {{r2}, 0xffffffffffffffff, 0x48, 0x4, 0x100, 0x7f}, {{r0}, 0xfffffffffffffffb, 0x1, 0x8, 0x6, 0x8}], 0x441280, 0x0, 0x0, 0x0) kevent(r1, &(0x7f00000000c0)=[{{r4}, 0xfffffffffffffff8, 0xf78b90187922b714, 0x4, 0xffffffff, 0x6}], 0xffff7fff, &(0x7f0000000380)=[{{r2}, 0xfffffffffffffffe, 0x60, 0x4, 0x6, 0x6}], 0x4, &(0x7f00000003c0)={0x1, 0x7f}) getsockopt$sock_cred(r1, 0xffff, 0x1022, &(0x7f0000000000), &(0x7f0000000040)=0xc) 10:57:11 executing program 0: geteuid() r0 = socket(0x11, 0x4003, 0x0) getsockname$unix(r0, 0x0, &(0x7f0000000080)) r1 = kqueue() r2 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) kevent(r1, &(0x7f0000000140)=[{{r2}, 0xfffffffffffffffa, 0x2b, 0x4}], 0x441280, 0x0, 0x0, 0x0) shutdown(r2, 0x2) 10:57:11 executing program 1: setreuid(0xee00, 0x0) r0 = open$dir(&(0x7f0000001240)='.\x00', 0x0, 0x0) r1 = getuid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r2, 0xffff, 0x1022, &(0x7f0000000280), &(0x7f0000000200)=0xc) accept$inet(0xffffffffffffffff, 0x0, &(0x7f00000001c0)) fchown(r0, r1, 0x0) setreuid(0xee00, r1) r3 = open(&(0x7f0000000480)='./file0\x00', 0x80000000000206, 0x0) r4 = socket(0x2, 0x400000001002, 0x0) connect$unix(r4, &(0x7f0000000780)=@abs={0x0, 0x0, 0x3}, 0x1c) r5 = dup2(r2, r4) r6 = open(&(0x7f0000000180)='./file0\x00', 0x2, 0x180) ioctl$VMM_IOC_READREGS(r6, 0xc2485607, &(0x7f00000004c0)) unlink(&(0x7f0000000100)='./file0\x00') dup2(r5, r0) writev(r3, &(0x7f0000000000)=[{&(0x7f00000000c0)='#!', 0x2}], 0x10000000000000dd) r7 = semget$private(0x0, 0x3, 0x100) semop(r7, &(0x7f0000000080)=[{0x3, 0x2, 0x1000}, {0x0, 0x7}, {0x3, 0x6, 0x1800}], 0x3) 10:57:11 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bpf\x00', 0x4000000001, 0x0) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000080)={'tap', 0x0}) ioctl$BIOCSETWF(r0, 0x80104277, &(0x7f00000002c0)={0x3, &(0x7f0000000100)=[{0x34, 0x0, 0x0, 0x1711}, {0xc}, {0x6, 0x0, 0x0, 0x100}]}) pwrite(r0, &(0x7f0000000040)="fbaf8a8d1a029be96914f6357e3a", 0xe, 0x0, 0x0) r1 = dup(r0) ioctl$WSDISPLAYIO_GETSCREENTYPE(r1, 0xc028575d, &(0x7f0000000240)={0xfe3, 0x1, './file0\x00', 0x6, 0x4, 0x400, 0x67a}) mkdir(&(0x7f0000000200)='./file0/file0\x00', 0x0) chmod(&(0x7f0000000080)='./file0/file0\x00', 0x154) rename(&(0x7f0000000100)='./file0/file1\x00', &(0x7f0000000180)='./file0/file1\x00') chmod(&(0x7f00000000c0)='./file0\x00', 0x3f) setuid(0xee01) mkdir(&(0x7f0000000140)='./file0/file1\x00', 0x1ba) rename(&(0x7f0000000040)='./file0/file1\x00', &(0x7f00000001c0)='./file0/file0\x00') 10:57:11 executing program 1: mkdir(&(0x7f00000aa000)='./file0\x00', 0x0) chdir(&(0x7f0000000380)='./file0\x00') open(&(0x7f0000000280)='./bus\x00', 0x80, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x122) symlink(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./bus\x00') pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) faccessat(r0, &(0x7f0000000140)='./bus\x00', 0x144, 0x1) chroot(&(0x7f0000000100)='./file0/file0/../file0\x00') 10:57:11 executing program 0: r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bpf\x00', 0x0, 0x0) ioctl$BIOCSETF(r0, 0x80104267, &(0x7f0000000240)={0x3, &(0x7f00000000c0)=[{0x84}, {0x54}, {0x6}]}) ioctl$BIOCSETIF(r0, 0x8020426c, &(0x7f0000000540)={'tap', 0x0}) syz_emit_ethernet(0xe, &(0x7f00000001c0)) ioctl$BIOCSETWF(r0, 0x80104277, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x101, 0x0, 0x7, 0x9}, {0x3ff, 0x4, 0x5, 0x80000001}, {0x3, 0x20, 0x0, 0xfffffcf4}, {0x3, 0x7, 0xed, 0x6}]}) fatal error: unexpected signal during runtime execution [signal SIGSEGV: segmentation violation code=0x2 addr=0xc0012960f0 pc=0x45e567] goroutine 38 [running]: runtime.throw(0x914a21, 0x2a) /usr/local/go/src/runtime/panic.go:774 +0x72 fp=0xc0002b8f88 sp=0xc0002b8f58 pc=0x42e9d2 runtime.sigpanic() /usr/local/go/src/runtime/signal_unix.go:378 +0x47c fp=0xc0002b8fb8 sp=0xc0002b8f88 pc=0x443f5c runtime.memclrNoHeapPointers(0xc0012960f0, 0x30) /usr/local/go/src/runtime/memclr_amd64.s:146 +0x1e7 fp=0xc0002b8fc0 sp=0xc0002b8fb8 pc=0x45e567 runtime.mallocgc(0x30, 0x8867a0, 0x203001, 0xc00247c840) /usr/local/go/src/runtime/malloc.go:1026 +0x756 fp=0xc0002b9060 sp=0xc0002b8fc0 pc=0x40c266 runtime.makeslice(0x8867a0, 0x3, 0x3, 0x9b0720) /usr/local/go/src/runtime/slice.go:49 +0x6c fp=0xc0002b9090 sp=0xc0002b9060 pc=0x444dcc github.com/google/syzkaller/prog.clone(0x9b07a0, 0xc0002f7660, 0xc0002b9308, 0xc0002b9390, 0xc0002b9250) /syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:55 +0x102 fp=0xc0002b9190 sp=0xc0002b9090 pc=0x772c82 github.com/google/syzkaller/prog.clone(0x9b07e0, 0xc0001c3410, 0xc0002b9308, 0x9b0720, 0xc001430420) /syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:44 +0x567 fp=0xc0002b9290 sp=0xc0002b9190 pc=0x7730e7 github.com/google/syzkaller/prog.(*Prog).Clone(0xc0002f2d80, 0x1fce) /syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:24 +0x279 fp=0xc0002b93d8 sp=0xc0002b9290 pc=0x7729c9 github.com/google/syzkaller/prog.(*randGen).resourceCentric(0xc0024d7d60, 0xc00009d590, 0xca8820, 0x0, 0x0, 0xc0002b9d38, 0x0, 0x203000, 0x203000) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:845 +0xc2 fp=0xc0002b9538 sp=0xc0002b93d8 pc=0x793cd2 github.com/google/syzkaller/prog.(*ResourceType).generate(0xca8820, 0xc0024d7d60, 0xc00009d590, 0x0, 0x8867a0, 0x203000, 0x839940, 0x30, 0x30) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:675 +0x27c fp=0xc0002b95b8 sp=0xc0002b9538 pc=0x79188c github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc0024d7d60, 0xc00009d590, 0x9b69e0, 0xca8820, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x450 fp=0xc0002b9690 sp=0xc0002b95b8 pc=0x791210 github.com/google/syzkaller/prog.(*randGen).generateArg(...) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614 github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc0024d7d60, 0xc00009d590, 0xcbb7a0, 0x3, 0x3, 0xc00136f500, 0xc0002b97c0, 0x4eee93, 0xc00236c000, 0x2ba390a675d9b82f, ...) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116 fp=0xc0002b9770 sp=0xc0002b9690 pc=0x790aa6 github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc0024d7d60, 0xc00009d590, 0xd23180, 0x10, 0x11, 0xc002153e00) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:557 +0xd5 fp=0xc0002b9820 sp=0xc0002b9770 pc=0x7900a5 github.com/google/syzkaller/prog.(*randGen).createResource(0xc0024d7d60, 0xc00009d590, 0xca87e0, 0xcbca00, 0x0, 0x0, 0x0, 0x0, 0x0) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:394 +0x533 fp=0xc0002b9aa0 sp=0xc0002b9820 pc=0x78ed93 github.com/google/syzkaller/prog.(*ResourceType).generate(0xca87e0, 0xc0024d7d60, 0xc00009d590, 0x0, 0x8867a0, 0xc00136f780, 0x8, 0x50, 0x50) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:681 +0x1e7 fp=0xc0002b9b20 sp=0xc0002b9aa0 pc=0x7917f7 github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc0024d7d60, 0xc00009d590, 0x9b69e0, 0xca87e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:664 +0x450 fp=0xc0002b9bf8 sp=0xc0002b9b20 pc=0x791210 github.com/google/syzkaller/prog.(*randGen).generateArg(...) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:614 github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc0024d7d60, 0xc00009d590, 0xd22ea0, 0x5, 0x5, 0x49f700, 0xc0025eec00, 0x155, 0x155, 0xc3e, ...) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:602 +0x116 fp=0xc0002b9cd8 sp=0xc0002b9bf8 pc=0x790aa6 github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc0024d7d60, 0xc00009d590, 0xd2d440, 0x45, 0xc00009d590, 0xc0022c3d40) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:557 +0xd5 fp=0xc0002b9d88 sp=0xc0002b9cd8 pc=0x7900a5 github.com/google/syzkaller/prog.(*randGen).generateCall(0xc0024d7d60, 0xc00009d590, 0xc0011309c0, 0x1, 0xc0011309c0, 0xc0011ce500, 0xc00009d590) /syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:546 +0x95 fp=0xc0002b9dc8 sp=0xc0002b9d88 pc=0x78ff45 github.com/google/syzkaller/prog.(*mutator).insertCall(0xc0002b9ec0, 0x14) /syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:141 +0xf2 fp=0xc0002b9e30 sp=0xc0002b9dc8 pc=0x784392 github.com/google/syzkaller/prog.(*Prog).Mutate(0xc0011309c0, 0x9a9b60, 0xc002139800, 0x14, 0xc00209fb00, 0xc001fa6000, 0x1fce, 0x2400) /syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:45 +0x2ea fp=0xc0002b9f08 sp=0xc0002b9e30 pc=0x78356a main.(*Proc).loop(0xc00209fb40) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:95 +0x434 fp=0xc0002b9fd8 sp=0xc0002b9f08 pc=0x7f1224 runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1357 +0x1 fp=0xc0002b9fe0 sp=0xc0002b9fd8 pc=0x45d461 created by main.main /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:258 +0x1155 goroutine 1 [select]: main.(*Fuzzer).pollLoop(0xc0001b6580) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:319 +0x127 main.main() /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:261 +0x12c6 goroutine 12 [chan receive]: github.com/google/syzkaller/pkg/osutil.HandleInterrupts.func1(0xc00007e4e0) /syzkaller/gopath/src/github.com/google/syzkaller/pkg/osutil/osutil_unix.go:74 +0xb6 created by github.com/google/syzkaller/pkg/osutil.HandleInterrupts /syzkaller/gopath/src/github.com/google/syzkaller/pkg/osutil/osutil_unix.go:71 +0x3f goroutine 7 [syscall]: os/signal.signal_recv(0x0) /usr/local/go/src/runtime/sigqueue.go:147 +0x9c os/signal.loop() /usr/local/go/src/os/signal/signal_unix.go:23 +0x22 created by os/signal.init.0 /usr/local/go/src/os/signal/signal_unix.go:29 +0x41 goroutine 13 [chan receive]: main.main.func1(0xc00007e4e0) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:137 +0x34 created by main.main /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:135 +0x5b0 goroutine 33 [IO wait]: internal/poll.runtime_pollWait(0x24f4f0fc0, 0x72, 0xffffffffffffffff) /usr/local/go/src/runtime/netpoll.go:184 +0x55 internal/poll.(*pollDesc).wait(0xc0000d8298, 0x72, 0x1000, 0x1000, 0xffffffffffffffff) /usr/local/go/src/internal/poll/fd_poll_runtime.go:87 +0x45 internal/poll.(*pollDesc).waitRead(...) /usr/local/go/src/internal/poll/fd_poll_runtime.go:92 internal/poll.(*FD).Read(0xc0000d8280, 0xc0002a4000, 0x1000, 0x1000, 0x0, 0x0, 0x0) /usr/local/go/src/internal/poll/fd_unix.go:169 +0x1cf net.(*netFD).Read(0xc0000d8280, 0xc0002a4000, 0x1000, 0x1000, 0x7c5a7a, 0xc00004fb40, 0x7c7ebd) /usr/local/go/src/net/fd_unix.go:202 +0x4f net.(*conn).Read(0xc00000e0c8, 0xc0002a4000, 0x1000, 0x1000, 0x0, 0x0, 0x0) /usr/local/go/src/net/net.go:184 +0x68 bufio.(*Reader).fill(0xc00005ef00) /usr/local/go/src/bufio/bufio.go:100 +0x103 bufio.(*Reader).ReadByte(0xc00005ef00, 0xc00004fc00, 0xc0000d8300, 0xc00000cb80) /usr/local/go/src/bufio/bufio.go:252 +0x39 compress/flate.(*decompressor).moreBits(0xc00029e000, 0x923d98, 0xc00004fb88) /usr/local/go/src/compress/flate/inflate.go:696 +0x37 compress/flate.(*decompressor).nextBlock(0xc00029e000) /usr/local/go/src/compress/flate/inflate.go:303 +0x36 compress/flate.(*decompressor).Read(0xc00029e000, 0xc0002b0000, 0x1000, 0x1000, 0x897260, 0xc00227a210, 0x199) /usr/local/go/src/compress/flate/inflate.go:347 +0x77 github.com/google/syzkaller/pkg/rpctype.(*flateConn).Read(0xc0001c20f0, 0xc0002b0000, 0x1000, 0x1000, 0x10, 0xc00004fb88, 0x200) /syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpctype/rpc.go:131 +0x51 bufio.(*Reader).Read(0xc00005ef60, 0xc000020480, 0x1, 0x9, 0x0, 0x0, 0xc00004fd70) /usr/local/go/src/bufio/bufio.go:226 +0x26a io.ReadAtLeast(0x9a5960, 0xc00005ef60, 0xc000020480, 0x1, 0x9, 0x1, 0x1, 0x0, 0x0) /usr/local/go/src/io/io.go:310 +0x87 io.ReadFull(...) /usr/local/go/src/io/io.go:329 encoding/gob.decodeUintReader(0x9a5960, 0xc00005ef60, 0xc000020480, 0x9, 0x9, 0x4050d5, 0x4307fc, 0xc00004fd48, 0x45a310) /usr/local/go/src/encoding/gob/decode.go:120 +0x6f encoding/gob.(*Decoder).recvMessage(0xc0000d8300, 0x78) /usr/local/go/src/encoding/gob/decoder.go:81 +0x57 encoding/gob.(*Decoder).decodeTypeSequence(0xc0000d8300, 0xc000000100, 0xc00004fe10) /usr/local/go/src/encoding/gob/decoder.go:143 +0x10c encoding/gob.(*Decoder).DecodeValue(0xc0000d8300, 0x831ca0, 0xc0001c25d0, 0x16, 0x0, 0x0) /usr/local/go/src/encoding/gob/decoder.go:211 +0x10b encoding/gob.(*Decoder).Decode(0xc0000d8300, 0x831ca0, 0xc0001c25d0, 0x30, 0x30) /usr/local/go/src/encoding/gob/decoder.go:188 +0x16d net/rpc.(*gobClientCodec).ReadResponseHeader(0xc0001c21e0, 0xc0001c25d0, 0xc00227a1e0, 0x0) /usr/local/go/src/net/rpc/client.go:228 +0x45 net/rpc.(*Client).input(0xc00005f020) /usr/local/go/src/net/rpc/client.go:109 +0xa5 created by net/rpc.NewClientWithCodec /usr/local/go/src/net/rpc/client.go:206 +0x89 goroutine 22 [IO wait]: internal/poll.runtime_pollWait(0x24f4f1090, 0x72, 0xffffffffffffffff) /usr/local/go/src/runtime/netpoll.go:184 +0x55 internal/poll.(*pollDesc).wait(0xc0022c22b8, 0x72, 0x1ff01, 0x1ffd6, 0xffffffffffffffff) /usr/local/go/src/internal/poll/fd_poll_runtime.go:87 +0x45 internal/poll.(*pollDesc).waitRead(...) /usr/local/go/src/internal/poll/fd_poll_runtime.go:92 internal/poll.(*FD).Read(0xc0022c22a0, 0xc00260802a, 0x1ffd6, 0x1ffd6, 0x0, 0x0, 0x0) /usr/local/go/src/internal/poll/fd_unix.go:169 +0x1cf os.(*File).read(...) /usr/local/go/src/os/file_unix.go:259 os.(*File).Read(0xc00000e320, 0xc00260802a, 0x1ffd6, 0x1ffd6, 0x2a, 0x0, 0x0) /usr/local/go/src/os/file.go:116 +0x71 github.com/google/syzkaller/pkg/ipc.makeCommand.func2(0xc00000e320, 0xc0000ea000) /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:603 +0xaf created by github.com/google/syzkaller/pkg/ipc.makeCommand /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:597 +0x89f goroutine 39 [runnable]: github.com/google/syzkaller/prog.(*vmaAlloc).noteAlloc(0xc001286420, 0x0, 0x800) /syzkaller/gopath/src/github.com/google/syzkaller/prog/alloc.go:131 +0x9f github.com/google/syzkaller/prog.(*state).analyzeImpl.func1(0x9b07e0, 0xc000f3def0, 0xc0013f59c0) /syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:64 +0x3e1 github.com/google/syzkaller/prog.foreachArgImpl(0x9b07e0, 0xc000f3def0, 0xc001121848, 0xcbbb60, 0x3, 0x3, 0x0, 0x0, 0x0, 0xc000457d38) /syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:127 +0xb6 github.com/google/syzkaller/prog.ForeachArg(0xc001121840, 0xc000457d38) /syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:122 +0x112 github.com/google/syzkaller/prog.(*state).analyzeImpl(0xc0001299a0, 0xc001121840, 0xc001fa6000) /syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:58 +0x61 github.com/google/syzkaller/prog.analyze(0xc00209fb00, 0xc001fa6000, 0x1fce, 0x2400, 0xc001121700, 0xc001121740, 0xc000457e20) /syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:34 +0xa5 github.com/google/syzkaller/prog.(*mutator).insertCall(0xc000457ec0, 0x14) /syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:140 +0xc6 github.com/google/syzkaller/prog.(*Prog).Mutate(0xc001121700, 0x9a9b60, 0xc002139830, 0x14, 0xc00209fb00, 0xc001fa6000, 0x1fce, 0x2400) /syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:45 +0x2ea main.(*Proc).loop(0xc00209fb80) /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:95 +0x434 created by main.main /syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:258 +0x1155 goroutine 40 [IO wait]: internal/poll.runtime_pollWait(0x24f4f0e20, 0x72, 0xffffffffffffffff) /usr/local/go/src/runtime/netpoll.go:184 +0x55 internal/poll.(*pollDesc).wait(0xc00227a018, 0x72, 0x1ff01, 0x1ffd6, 0xffffffffffffffff) /usr/local/go/src/internal/poll/fd_poll_runtime.go:87 +0x45 internal/poll.(*pollDesc).waitRead(...) /usr/local/go/src/internal/poll/fd_poll_runtime.go:92 internal/poll.(*FD).Read(0xc00227a000, 0xc00264e02a, 0x1ffd6, 0x1ffd6, 0x0, 0x0, 0x0) /usr/local/go/src/internal/poll/fd_unix.go:169 +0x1cf os.(*File).read(...) /usr/local/go/src/os/file_unix.go:259 os.(*File).Read(0xc001254008, 0xc00264e02a, 0x1ffd6, 0x1ffd6, 0x2a, 0x0, 0x0) /usr/local/go/src/os/file.go:116 +0x71 github.com/google/syzkaller/pkg/ipc.makeCommand.func2(0xc001254008, 0xc000133960) /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:603 +0xaf created by github.com/google/syzkaller/pkg/ipc.makeCommand /syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:597 +0x89f login: OpenBSD/amd64 (ci-openbsd-multicore-2.c.syzkaller.internal) (tty00) login: panic: amap_wipeout: corrupt amap Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *219936 15941 0 0x14000 0x200 0K reaper db_enter() at db_enter+0x18 panic(ffffffff8222b325) at panic+0x15c amap_wipeout(fffffd807ddf2960) at amap_wipeout+0x208 uvm_unmap_detach(ffff800020e5f040,1) at uvm_unmap_detach+0x163 uvm_map_teardown(fffffd806e950458) at uvm_map_teardown+0x25c uvmspace_free(fffffd806e950458) at uvmspace_free+0x86 uvm_exit(ffff800020ec9728) at uvm_exit+0x29 reaper(ffff800020e19ad0) at reaper+0x189 end trace frame: 0x0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic amap_wipeout: corrupt amap ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff8222b325) at panic+0x15c amap_wipeout(fffffd807ddf2960) at amap_wipeout+0x208 uvm_unmap_detach(ffff800020e5f040,1) at uvm_unmap_detach+0x163 uvm_map_teardown(fffffd806e950458) at uvm_map_teardown+0x25c uvmspace_free(fffffd806e950458) at uvmspace_free+0x86 uvm_exit(ffff800020ec9728) at uvm_exit+0x29 reaper(ffff800020e19ad0) at reaper+0x189 end trace frame: 0x0, count: -8 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800020e5eec0 rbx 0xffff800020e5ef70 rdx 0xffff800020e19ad0 rcx 0 rax 0 r8 0xffffffff819e912f kprintf+0x16f r9 0x1 r10 0x25 r11 0x2974cafec7663868 r12 0x3000000008 r13 0xffff800020e5eed0 r14 0x100 r15 0x1 rip 0xffffffff81fcb0a8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020e5eeb0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (reaper) pid=219936 stat=onproc flags process=14000 proc=200 pri=4, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff800020e195f0,0xffff800020e19d50 process=0xffff800020e4c3e0 user=0xffff800020e5a000, vmspace=0xffffffff82693278 estcpu=1, cpticks=13, pctcpu=0.0 user=0, sys=4, intr=1 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 42611 239295 59037 0 3 0x10008a pause ksh 59037 179155 55901 0 3 0x92 select sshd 84072 488353 1 0 3 0x100083 ttyin getty 55901 415643 1 0 3 0x80 select sshd 53814 287156 98406 74 3 0x100092 bpf pflogd 98406 493690 1 0 3 0x80 netio pflogd 42755 393109 33801 73 3 0x100090 kqread syslogd 33801 262830 1 0 3 0x100082 netio syslogd 1559 462438 1 77 3 0x100090 poll dhclient 30668 316787 1 0 3 0x80 poll dhclient 77227 512403 0 0 3 0x14200 bored smr 24670 115497 0 0 3 0x14200 pgzero zerothread 51942 517327 0 0 3 0x14200 aiodoned aiodoned 3615 347134 0 0 3 0x14200 syncer update 18 374330 0 0 3 0x14200 cleaner cleaner *15941 219936 0 0 7 0x14200 reaper 48375 27070 0 0 3 0x14200 pgdaemon pagedaemon 37664 70996 0 0 3 0x14200 bored crynlk 69766 281651 0 0 3 0x14200 bored crypto 1424 197989 0 0 3 0x40014200 acpi0 acpi0 73023 164164 0 0 7 0x40014200 idle1 88107 390917 0 0 3 0x14200 bored softnet 29131 240745 0 0 3 0x14200 bored systqmp 14671 499465 0 0 3 0x14200 bored systq 65083 462792 0 0 2 0x40014200 softclock 73434 184478 0 0 3 0x40014200 idle0 1 417560 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 15941 (reaper) thread 0xffff800020e19ad0 (219936) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8266c1b0) #0 witness_lock+0x4c7 #1 uvm_pause+0x5b #2 uvm_unmap_detach+0x13a #3 uvm_map_teardown+0x25c #4 uvmspace_free+0x86 #5 uvm_exit+0x29 #6 reaper+0x189 #7 proc_trampoline+0x1c ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9472 6398K 6850K 78643K 10627 0 pcb 13 8K 8K 78643K 13 0 rtable 105 3K 3K 78643K 199 0 ifaddr 46 11K 11K 78643K 49 0 counters 43 33K 33K 78643K 43 0 ioctlops 0 0K 4K 78643K 1469 0 iov 0 0K 4K 78643K 2 0 mount 1 1K 1K 78643K 1 0 vnodes 1220 77K 77K 78643K 1235 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 4 0K 0K 78643K 4 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 196K 290K 78643K 12766 0 file desc 3 8K 25K 78643K 47 0 proc 61 63K 83K 78643K 440 0 subproc 14 0K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 40 2K 2K 78643K 40 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 31 148K 148K 78643K 31 0 exec 0 0K 1K 78643K 207 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 97 21K 23K 78643K 1069 0 UVM aobj 2 2K 2K 78643K 2 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 10 0K 0K 78643K 10 0 temp 66 3035K 3099K 78643K 2060 0 kqueue 2 2K 8K 78643K 9 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 23 0 21 1 0 1 1 0 8 0 rtentry 112 45 0 1 2 0 2 2 0 8 0 unpcb 120 39 0 29 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 224 0 224 1 0 1 1 0 8 1 tcpcb 544 10 0 6 1 0 1 1 0 8 0 inpcb 280 44 0 38 1 0 1 1 0 8 0 nd6 48 6 0 0 1 0 1 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 11 0 0 1 0 1 1 0 8 0 pfstkey 112 11 0 0 1 0 1 1 0 8 0 pfstate 328 11 0 0 1 0 1 1 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 188 0 0 12 0 12 12 0 8 0 art_table 32 189 0 0 2 0 2 2 0 8 0 art_node 16 44 0 4 1 0 1 1 0 8 0 semapl 112 2 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1454 0 48 89 0 89 89 0 8 0 ffsino 272 1454 0 48 95 0 95 95 0 8 0 nchpl 144 1708 0 103 60 0 60 60 0 8 0 uvmvnodes 72 1511 0 0 28 0 28 28 0 8 0 vnodes 208 1511 0 0 80 0 80 80 0 8 0 namei 1024 4441 0 4441 1 0 1 1 0 8 1 percpumem 16 32 0 0 1 0 1 1 0 8 0 scxspl 192 4323 0 4323 2 1 1 2 0 8 1 plimitpl 152 15 0 7 1 0 1 1 0 8 0 sigapl 424 262 0 233 4 0 4 4 0 8 0 futexpl 56 232 0 232 1 0 1 1 0 8 1 knotepl 112 69 0 64 1 0 1 1 0 8 0 kqueuepl 144 10 0 9 1 0 1 1 0 8 0 pipelkpl 48 77 0 69 1 0 1 1 0 8 0 pipepl 120 154 0 143 1 0 1 1 0 8 0 fdescpl 496 247 0 233 3 0 3 3 0 8 0 filepl 152 1243 0 1175 5 0 5 5 0 8 1 lockfpl 104 13 0 12 1 0 1 1 0 8 0 lockfspl 48 6 0 5 1 0 1 1 0 8 0 sessionpl 112 18 0 7 1 0 1 1 0 8 0 pgrppl 48 18 0 7 1 0 1 1 0 8 0 ucredpl 96 62 0 53 1 0 1 1 0 8 0 zombiepl 144 235 0 232 1 0 1 1 0 8 0 processpl 984 262 0 232 5 0 5 5 0 8 1 procpl 624 301 0 271 4 0 4 4 0 8 0 sockpl 400 106 0 88 3 0 3 3 0 8 1 mcl4k 4096 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 162 0 0 20 0 20 20 0 8 0 mtagpl 80 8 0 0 1 0 1 1 0 8 0 mbufpl 256 198 0 0 12 0 12 12 0 8 0 bufpl 280 3321 0 132 228 0 228 228 0 8 0 anonpl 16 35200 0 26773 49 1 48 48 0 124 1 amapchunkpl 152 1190 0 1085 8 0 8 8 0 158 0 amappl16 192 789 0 358 31 0 31 31 0 8 0 amappl15 184 2 0 1 1 0 1 1 0 8 0 amappl14 176 33 0 29 1 0 1 1 0 8 0 amappl13 168 26 0 25 1 0 1 1 0 8 0 amappl12 160 15 0 12 1 0 1 1 0 8 0 amappl11 152 61 0 45 1 0 1 1 0 8 0 amappl10 144 15 0 12 1 0 1 1 0 8 0 amappl9 136 385 0 382 1 0 1 1 0 8 0 amappl8 128 340 0 315 2 0 2 2 0 8 0 amappl7 120 119 0 107 1 0 1 1 0 8 0 amappl6 112 29 0 24 1 0 1 1 0 8 0 amappl5 104 163 0 148 1 0 1 1 0 8 0 amappl4 96 495 0 465 1 0 1 1 0 8 0 amappl3 88 99 0 93 1 0 1 1 0 8 0 amappl2 80 1022 0 961 2 0 2 2 0 8 0 amappl1 72 15398 0 14964 24 6 18 18 0 8 8 amappl 80 554 0 518 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 1 0 0 1 0 1 1 0 8 0 uaddrrnd 24 247 0 233 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 247 0 233 1 0 1 1 0 8 0 vmmpekpl 168 6010 0 5982 2 0 2 2 0 8 0 vmmpepl 168 36943 0 35505 112 10 102 102 0 357 24 vmsppl 368 246 0 232 2 0 2 2 0 8 0 pdppl 4096 502 0 464 6 0 6 6 0 8 0 pvpl 32 130943 0 127814 124 0 124 124 0 265 86 pmappl 232 246 0 232 2 0 2 2 0 8 1 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 254 0 3 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 panic(ffffffff8222b325) at panic+0x15c amap_wipeout(fffffd807ddf2960) at amap_wipeout+0x208 uvm_unmap_detach(ffff800020e5f040,1) at uvm_unmap_detach+0x163 uvm_map_teardown(fffffd806e950458) at uvm_map_teardown+0x25c uvmspace_free(fffffd806e950458) at uvmspace_free+0x86 uvm_exit(ffff800020ec9728) at uvm_exit+0x29 reaper(ffff800020e19ad0) at reaper+0x189 end trace frame: 0x0, count: -8 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020e00ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xc6 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x331 sched_idle(ffff800020e00ff0) at sched_idle+0x3f7 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800020e00ff0) at x86_ipi_db+0x1a x86_ipi_handler() at x86_ipi_handler+0xc6 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x331 sched_idle(ffff800020e00ff0) at sched_idle+0x3f7 end trace frame: 0x0, count: -5