last executing test programs: 114.402441ms ago: executing program 3 (id=4): acct(&(0x7f0000000000)='./file0\x00') r0 = socket(0x2, 0x4001, 0x0) r1 = socket(0x2, 0x4001, 0x0) r2 = dup(r1) r3 = fcntl$dupfd(r2, 0xa, 0xffffffffffffffff) dup2(r2, r3) syz_emit_ethernet(0x138, &(0x7f0000000040)=ANY=[@ANYRES16=r0]) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) connect$unix(r0, &(0x7f0000000000), 0x10) setsockopt$sock_int(r0, 0xffff, 0x1023, &(0x7f0000001080)=0x7fff, 0x4) 8.202919ms ago: executing program 3 (id=9): sysctl$net_inet_ip(&(0x7f0000000080)={0x4, 0x2, 0x0, 0x1c}, 0x4, 0x0, 0x0, 0xffffffffffffffff, 0x0) setrlimit(0x8, &(0x7f00000003c0)={0x42, 0x61}) r0 = syz_open_pts() close(r0) r1 = syz_open_pts() ioctl$FIOASYNC(r1, 0x80047460, &(0x7f00000000c0)=0x4) ioctl$TIOCSETA(r0, 0x802c7414, &(0x7f0000000040)={0x27ffb, 0x1, 0x405, 0x21d8b78b, "2618007bf533e2942b0000000d00000000003689", 0x7, 0x3}) setrlimit(0x8, &(0x7f0000000180)={0xa, 0x8000}) writev(r0, &(0x7f0000000380)=[{&(0x7f00000013c0)="48494f3d23b2e41c65d6dd0a1a", 0xd}], 0x1) 7.802929ms ago: executing program 4 (id=5): mknod(&(0x7f0000000040)='./bus\x00', 0x2000, 0xd02) r0 = open(&(0x7f0000000080)='./bus\x00', 0x8, 0x0) ioctl$VNDIOCSET(r0, 0x81946466, &(0x7f0000000140)={0x0, 0x1, 0x0}) 6.378029ms ago: executing program 4 (id=10): setrlimit(0x8, &(0x7f0000000980)={0xb, 0x54}) (async) r0 = syz_open_pts() close(r0) (async) syz_open_pts() (async) ioctl$TIOCSETD(r0, 0x8004741b, &(0x7f0000000000)=0x8) (async) writev(r0, &(0x7f0000000100)=[{&(0x7f00000009c0)="2228e6beca3c4ba17a2dc2ce44497fb2dc0169b8a20d817abfb58e62b289a2160297a26aac6079318a5cc8e33c2ef4f1f19b018ae2b0eae53acb731d1346460f68f2a91ec389851d26a11eb87af94cfd4af7283a69fab08a7572555285353e7b3fefeeb8fee2588c6cdaa3ad9977ac6a48f757cee2ca2c3e14272ec6ff6d9fa904841e1947baa5a08cf12e6b78943d97119688e547d61f8e4ad73ff435df0b9b9a663d78cc36ca9aebfc26fe84249f27a8fa149d7343bf9b3965ea2551ca03ee77a083df467cb7b24c42df1539e928cde414b9eb0c20396648666872e9a7bf5ac3933f84b76801706e703224a395d37009dd3c2dac0a5aadc834313644f184b06a74bcc98264497650526fca71203c85722884211bf0187c941569c04c3c976db2ed1fb3bf897a60d726e1300056174c1ba29c068d0bd8ca093f6aa6e34466dfd8d8bd5b8e8545f815b08ab0997f86c4df8f3960dd4ebf41d89ea47fcf68b5fe808b6badc579fce6030e1c69403aff6c0f8308b69f804260fd6aca84cf353fc2e18415e23f021943d3dfebd7cea8649ce04356fd821e632577b2818299aa9bc997a9a8d094d5a462c0dedd8fe1c1f6b8db79a670011e1395019a0c10975c9d7a34048546804f62e54a5bdbb928e13362a1b8b2acd664a4a5becc0fc48b8e98edc41b9ca2b535431e6fb814f0943411e7a7482a6fbaa5eb04c56bfa1e4a0487455e5c3f7eb1b17b014348f33da60795f0323adf39344b52ac30be079ae59f06b93a9c9de3ae4120ef33d1717b2903b0b9c03189dd36d42a20f5c641d53e06c46d2a2afef5605aad53f2538b1e498d76f01272341065e185f37e917099ff67b4a8edc54e039c29ef3a6e9b6ce9c84e1a9100e9440ebb46f4bc9b9171cef2e2500203b1edb51719b1ccbdc54d07b3c427315de20ef89329e8530f46fdff1e15b8cd8e89621986083c89c7956bfc7be5a7e6c0bfe412ca455f19d5163163c4203c36a7c931a45259aa8070a448a68744c6e5728cd26710ac8e770c7822da26c78a38e6bfd2f9677c053196ec378759c826a9834c00e478d4c38df6afac4ad0a0cfab4de4c0f7a6843fd601eb697f42ea2c303f72fab2c1714cb4672d6e4508a9f60c90b61926b5ebfd9eee10d440840d6debcef487a903e7a769559b445b23e95e734d00b641453745999027ebe56b1277cd4b6758aaffbb087688238ad010ce3de164cf3bb674ae57d546ed5ce1b93ced27d071e769f3b4a58450d85bb92560bbcd7f1f9d039835a6cbe27dc17124092f6ba5a0b87bc1efe4bb0b276c304b19a3ff0a1a3e9d7dd822fd0499f7967fa4d9975cc8e93f68464914286c143a6430e328712c6ca98cc72b6228f27f719dc48c4cb9af80d12495baa7ea3b2917dbc706a76a876f126a2af06257f850f1828b646b7c3dbd5517cba17de4186ed132f591bd532c1c94b91c37846cd33e8e0bc658ab25f355c115ba1a41710dfc00dbe0656134c5b97a022456971043e696263c0b97c54363ef8a5a90bc6bfed55fcf1cfa32076b963cdf460617216a8cd88f34d105bc787070e7313c0a048b4536eaf357d5298ae50a5c7abc4bbe7b6130d8a5be701b43097002c65a88934d884181c0f528c36e5595ab14a3d856c15484bcd6197cff09fdd3d8c3559b9124520077e8775996a49519d56f43d60f9746b5bec209b6723e2ba37f02cca08f7432f7fe334dc65daacb86695880b8af9555dc897fc1e312b53a27f08183c7f499c07254edc690fea76597ebd661776d3742dcdb03f9648a797f023b527effa954f76e063b58f3f4de56435d535468124f14eab6dadb517c383fe7d919350d9b9d3603", 0x51c}], 0x1) (async) pipe2(&(0x7f0000000040), 0x0) 5.411286ms ago: executing program 2 (id=3): ioctl$TIOCSETAF(0xffffffffffffffff, 0x802c7416, &(0x7f0000000000)={0x0, 0xffffffff, 0x3, 0x0, "fc686b340da1e4795af94547bd1305d65c21963c"}) sysctl$kern(&(0x7f0000000080)={0x1, 0x45}, 0x1a, 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) sysctl$hw(&(0x7f0000000000)={0x4, 0x8}, 0x2, 0x0, 0x0, 0x0, 0x0) 4.807176ms ago: executing program 4 (id=11): r0 = socket(0x1, 0x5, 0x0) close(r0) r1 = socket(0x18, 0x3, 0x0) close(r1) mknod(&(0x7f0000000180)='./file0\x00', 0x2000, 0x202) r2 = openat$vnd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$VNDIOCSET(r2, 0xc0384600, &(0x7f0000000000)={&(0x7f00000000c0)='./file0\x00', 0xcd, 0x0}) r3 = openat$wskbd(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$WSKBDIO_SETENCODING(r3, 0x80045710, &(0x7f0000000040)=0x100) r4 = socket(0x18, 0x2, 0x0) r5 = socket(0x18, 0x2, 0x0) r6 = dup2(r4, r5) setsockopt(r6, 0x1000000029, 0x23, &(0x7f00000000c0)="b211d7170d816684c8e360f2fa41c1a0946988b272d2dd3dc90142a84231a746e337b372e93320cff6669cbe7868de45ed3fc33719ca6df71ecec8a918458b2c10a1f8c66653b276e7aae9cb9b21f9982230f575295d48889c9a920796b2dd92fc8575680b37ba955d2c15e6d7c9198ed900ab006ddfb67869b51a2216114d1ece85f593e74035f5bc054eb1dbddf42a", 0x90) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000000c0)={{0x80, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x200}, 0x0, 0x7}) r7 = socket(0x18, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r8, &(0x7f0000000000)="ed", 0x1) recvmmsg(r9, &(0x7f0000000880)={&(0x7f0000000080)={0x0, 0x3e, &(0x7f0000000ac0)=[{&(0x7f0000000200)=""/169, 0xad}], 0x1, 0x0}, 0xfffffff9}, 0x10, 0x2840, 0x0) readv(r9, &(0x7f0000000040)=[{0x0}], 0x1) mknod(&(0x7f0000000040)='./bus\x00', 0x2000, 0x412dff) ioctl$VNDIOCSET(0xffffffffffffffff, 0xc0384600, &(0x7f0000000440)={&(0x7f0000000280)='./bus\x00', 0x8001, 0x0}) r10 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x8) preadv(r10, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/104, 0x20}, {&(0x7f0000000140)=""/192}, {&(0x7f0000000340)=""/175}, {&(0x7f0000000000)=""/18}], 0x10000000000002b8, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000b40)="825a4f47c21e6ed7eda0f5908bb565b1", 0x10}], 0x1}, 0x0) unveil(0x0, &(0x7f0000000180)='x\x00') connect$unix(r7, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) getsockname$inet(r7, &(0x7f00000000c0), &(0x7f0000000000)=0xffffffffffffff35) connect$unix(r1, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) setsockopt$sock_int(r0, 0xffff, 0x1001, &(0x7f0000000100)=0x20000, 0x4) 1.415554ms ago: executing program 3 (id=12): r0 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x100, 0x0) ioctl$BIOCVERSION(r1, 0x40044271, &(0x7f00000000c0)) r2 = getpid() r3 = socket(0x11, 0x3, 0x0) sendto$unix(r3, &(0x7f0000000140)="b1000502000000000000001100010000331c13fecea10500fef96ec0c72fd3357ae30200004e3003000000acf20b7804be38164991f7c8cf5f882b297be1aa0500000051e2f0ad3ebbc256699a1f139b672f4d335c223e7d0c032bfa896443a42102000000720fd18bfbb670c1f5a872c881ea6e2ec5890400000000008000361b4cc702fac500002021fbfa0c0f00008abfba221554f4e0f668246c0900000008e371a3f8343712051eea040000000000", 0xb1, 0x404, 0x0, 0x0) fcntl$setown(r0, 0x6, r2) sysctl$net_inet_carp(&(0x7f0000000040)={0x4, 0x2, 0x6, 0x4}, 0x4, 0x0, 0x0, &(0x7f00000010c0)="f260865a", 0x4) 0s ago: executing program 2 (id=13): r0 = socket(0x18, 0x2, 0x0) socket(0x18, 0x2, 0x0) (async) getsockopt(r0, 0x29, 0x37, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb5219f1000b913f1, 0x0) (async, rerun: 64) ktrace(&(0x7f0000000200)='./file0\x00', 0x4, 0xd27d43220c7df9f, 0x0) (async, rerun: 64) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) (async) mprotect(&(0x7f00007a3000/0x1000)=nil, 0x1000, 0x5) (async) minherit(&(0x7f00001ea000/0x3000)=nil, 0x3000, 0x3) r1 = kqueue() (async, rerun: 64) r2 = socket$inet(0x2, 0x2, 0x0) (rerun: 64) close(r2) (async) r3 = socket(0x2, 0x1, 0x0) r4 = dup(r3) (async, rerun: 64) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) (async, rerun: 64) shutdown(r3, 0x1) r6 = dup(r5) recvmmsg(r6, &(0x7f0000000440)={&(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000240)=""/90, 0x5a}], 0x3, 0x0}, 0x1}, 0x10, 0x0, 0x0) dup2(r4, r6) execve(0x0, 0x0, 0x0) (async) getsockname$inet(r2, 0x0, &(0x7f00000000c0)) (async, rerun: 64) dup2(r5, r3) (rerun: 64) kevent(r1, &(0x7f0000000080), 0xe4a, 0x0, 0x0, 0x0) (async, rerun: 64) r7 = syz_open_pts() (rerun: 64) ioctl$TIOCSETA(r7, 0x802c7414, &(0x7f0000000040)={0x0, 0x1, 0xffef9ff6, 0x2, "4b06a6bcff0300dba800000000000800", 0x0, 0xd}) (async) writev(r7, &(0x7f0000000500)=[{&(0x7f0000000180)="944713145761ef4626e1cc7f391f5516011000005b0fe563162b7bfc9e685d14e140adf44dbe1abd2648f242fc851b30e2", 0x31}], 0x1) (async) ioctl$TIOCSETAF(r7, 0x802c7416, &(0x7f0000000200)={0x4, 0x9, 0x8, 0x6, "68e7ffbcd87517b95bee2ca61779240a7292aa5a", 0x9, 0x1}) writev(r7, &(0x7f0000000780)=[{&(0x7f00000003c0)="c09a355ffc6ef31137c00bef8d98065fd7048fd6b4ea0adeef670de36a8e74468e0a40b935b47ebe64bc14836271e9c5728ac611", 0x34}], 0x1) syz_open_pts() (async, rerun: 32) ioctl$TIOCFLUSH(r7, 0x80047410, &(0x7f0000000080)=0x2) (rerun: 32) mknod(&(0x7f0000000040)='./bus\x00', 0x2000, 0x205310) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.99' (ED25519) to the list of known hosts. panic: mtx 0xffffffff83878c70: locking against myself Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *303657 89640 0 0 0 1 syz-executor 391625 46842 0 0x100002 0 0 sh db_enter() at db_enter+0x25 panic(ffffffff83333321) at panic+0x1e5 mtx_enter_try(ffffffff83878c70) at mtx_enter_try+0x1da mtx_enter(ffffffff83878c70) at mtx_enter+0x62 uvm_pageclean(fffffd800877c408) at uvm_pageclean+0x28e uvm_pagefree(fffffd800877c408) at uvm_pagefree+0x26 uvn_get(fffffd806b82b3f0,2000,ffff80003580f708,ffff80003580f6ec,0,2,a8645481a2c11341,2) at uvn_get+0x686 uvm_fault_lower_io(ffff80003580f920,ffff80003580f958,ffff80003580f7a0,ffff80003580f788) at uvm_fault_lower_io+0x2cd uvm_fault_lower(ffff80003580f920,ffff80003580f958,ffff80003580f8a0) at uvm_fault_lower+0x2bb uvm_fault(fffffd806b9b09a0,200000002000,0,2) at uvm_fault+0x274 upageflttrap(ffff80003580fab0,200000002d00) at upageflttrap+0xa9 usertrap(ffff80003580fab0) at usertrap+0x3c6 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x704a9da4be80, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: mtx 0xffffffff83878c70: locking against myself ddb{1}> trace db_enter() at db_enter+0x25 panic(ffffffff83333321) at panic+0x1e5 mtx_enter_try(ffffffff83878c70) at mtx_enter_try+0x1da mtx_enter(ffffffff83878c70) at mtx_enter+0x62 uvm_pageclean(fffffd800877c408) at uvm_pageclean+0x28e uvm_pagefree(fffffd800877c408) at uvm_pagefree+0x26 uvn_get(fffffd806b82b3f0,2000,ffff80003580f708,ffff80003580f6ec,0,2,a8645481a2c11341,2) at uvn_get+0x686 uvm_fault_lower_io(ffff80003580f920,ffff80003580f958,ffff80003580f7a0,ffff80003580f788) at uvm_fault_lower_io+0x2cd uvm_fault_lower(ffff80003580f920,ffff80003580f958,ffff80003580f8a0) at uvm_fault_lower+0x2bb uvm_fault(fffffd806b9b09a0,200000002000,0,2) at uvm_fault+0x274 upageflttrap(ffff80003580fab0,200000002d00) at upageflttrap+0xa9 usertrap(ffff80003580fab0) at usertrap+0x3c6 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x704a9da4be80, count: -13 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff80003580f440 rbx 0xffff8000299eeddf rdx 0 rcx 0xffff80003c452fb8 rax 0xffff8000299edff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x67c68922af3a1a78 r11 0x91d00094f82b5cbc r12 0xffff8000299eebe0 r13 0 r14 0 r15 0x1 rip 0xffffffff82d81695 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003580f430 ss 0 db_enter+0x25: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor) tid=303657 pid=89640 tcnt=4 stat=onproc flags process=0 proc=0 runpri=36, usrpri=50, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c453780,0xffff80003c4522d0 process=0xffff8000388275c0 user=0xffff80003580a000, vmspace=0xfffffd806b9b09a0 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND *89640 303657 30417 0 7 0 syz-executor 89640 11495 30417 0 3 0x4000080 fsleep syz-executor 89640 458927 30417 0 3 0x4000000 biowait syz-executor 89640 462987 30417 0 3 0x4000080 fsleep syz-executor 5397 240630 49708 0 2 0x100002 sh 28473 350332 14487 0 2 0 syz-executor 28473 218563 14487 0 3 0x4000080 fsleep syz-executor 98998 20689 0 0 3 0x14200 bored sosplice 46842 391625 22701 0 7 0x100002 sh 1084 445133 65790 0 2 0x2 ndp 65790 14169 42839 0 3 0x10008a sigsusp sh 73352 213168 29295 0 2 0x2 ifconfig 29295 185365 97728 0 3 0x10008a sigsusp sh 6988 476792 89263 0 2 0x100002 sh 49708 275064 81214 0 3 0x82 wait syz-executor 97728 467982 81214 0 3 0x82 wait syz-executor 42839 234707 81214 0 3 0x82 wait syz-executor 30417 442549 81214 0 3 0x82 nanoslp syz-executor 14487 420760 81214 0 3 0x82 nanoslp syz-executor 33317 467721 81214 0 2 0x2 syz-executor 89263 61752 81214 0 3 0x82 wait syz-executor 22701 184291 81214 0 3 0x82 wait syz-executor 81214 6324 7912 0 3 0x82 kqread syz-executor 7912 501628 1893 0 3 0x10008a sigsusp ksh 1893 382753 81678 0 3 0x98 kqread sshd-session 81678 244720 7398 0 3 0x92 kqread sshd-session 17633 508323 1 0 3 0x100083 ttyin getty 7398 170581 1 0 3 0x88 kqread sshd 17073 384251 16224 74 3 0x1100092 bpf pflogd 16224 375330 1 0 3 0x80 sbwait pflogd 57720 66876 88650 73 3 0x1100090 kqread syslogd 88650 172123 1 0 3 0x100082 sbwait syslogd 53790 175730 1 0 3 0x100080 kqread resolvd 18103 179959 72844 77 3 0x100092 kqread dhcpleased 52162 76082 72844 77 3 0x100092 kqread dhcpleased 72844 465036 1 0 3 0x80 kqread dhcpleased 53354 490258 0 0 3 0x14200 bored smr 61278 429395 0 0 2 0x14200 zerothread 32776 331222 0 0 3 0x14200 aiodoned aiodoned 19577 471818 0 0 3 0x14200 syncer update 31864 181244 0 0 3 0x14200 cleaner cleaner 9785 497724 0 0 3 0x14200 reaper reaper 95427 436087 0 0 3 0x14200 pgdaemon pagedaemon 2595 109901 0 0 3 0x14200 bored viomb 58813 463659 0 0 3 0x40014200 acpi0 acpi0 47738 465630 0 0 3 0x40014200 idle1 20505 431897 0 0 3 0x14200 bored softnet7 82630 16683 0 0 3 0x14200 bored softnet6 89118 472478 0 0 3 0x14200 bored softnet5 14159 334431 0 0 3 0x14200 bored softnet4 13850 23610 0 0 3 0x14200 bored softnet3 86991 98180 0 0 3 0x14200 bored softnet2 68771 505545 0 0 3 0x14200 bored softnet1 18018 314013 0 0 3 0x14200 bored softnet0 6083 312781 0 0 3 0x14200 smrbar systqmp 62350 290283 0 0 3 0x14200 bored systq 81954 418117 0 0 3 0x14200 tmoslp softclockmp 57011 360257 0 0 3 0x40014200 tmoslp softclock 4771 91177 0 0 3 0x40014200 idle0 1 161895 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks CPU 1: exclusive mutex &uvm.pageqlock r = 0 (0xffffffff83878c80) #0 witness_lock+0x5f1 #1 mtx_enter_try+0x1ad #2 mtx_enter+0x62 #3 uvn_get+0x674 #4 uvm_fault_lower_io+0x2cd #5 uvm_fault_lower+0x2bb #6 uvm_fault+0x274 #7 upageflttrap+0xa9 #8 usertrap+0x3c6 #9 recall_trap+0x8 Process 89640 (syz-executor) thread 0xffff80003c452fb8 (303657) exclusive rwlock uobjlk r = 0 (0xfffffd8067b2c5f8) #0 witness_lock+0x5f1 #1 rw_do_enter_write+0x419 #2 uvn_io+0x667 #3 uvn_get+0x31d #4 uvm_fault_lower_io+0x2cd #5 uvm_fault_lower+0x2bb #6 uvm_fault+0x274 #7 upageflttrap+0xa9 #8 usertrap+0x3c6 #9 recall_trap+0x8 exclusive mutex &uvm.pageqlock r = 0 (0xffffffff83878c80) #0 witness_lock+0x5f1 #1 mtx_enter_try+0x1ad #2 mtx_enter+0x62 #3 uvn_get+0x674 #4 uvm_fault_lower_io+0x2cd #5 uvm_fault_lower+0x2bb #6 uvm_fault+0x274 #7 upageflttrap+0xa9 #8 usertrap+0x3c6 #9 recall_trap+0x8 Process 89640 (syz-executor) thread 0xffff80003c452028 (458927) exclusive rrwlock inode r = 0 (0xfffffd806f712308) #0 witness_lock+0x5f1 #1 rw_do_enter_write+0x419 #2 rrw_enter+0xc6 #3 VOP_LOCK+0xa3 #4 vn_lock+0xa4 #5 sys_ftruncate+0x1c1 #6 syscall+0xb17 #7 Xsyscall+0x128 Process 6083 (systqmp) thread 0xffff8000ffffe298 (312781) shared rwlock systqmp r = 0 (0xffffffff837fe428) #0 witness_lock+0x5f1 #1 taskq_thread+0x12a #2 proc_trampoline+0x10 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10197 11019K 11023K 166960K 11277 0 pcb 17 12K 12K 166960K 19 0 rtable 181 5K 5K 166960K 237 0 pf 34 17K 18K 166960K 45 0 ifaddr 39 6K 6K 166960K 41 0 ifgroup 55 2K 2K 166960K 55 0 sysctl 1 1K 9K 166960K 5 0 counters 68 36K 36K 166960K 68 0 ioctlops 0 0K 4K 166960K 1482 0 iov 0 0K 12K 166960K 1 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1336 84K 84K 166960K 1358 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 19 69K 85K 166960K 128 0 proc 76 131K 164K 166960K 514 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 79 5K 5K 166960K 79 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 43 201K 201K 166960K 43 0 exec 0 0K 1K 166960K 359 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 219 165K 166K 166960K 3017 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 44 88K 100K 166960K 1208 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 1 0 NDP 24 1K 1K 166960K 24 0 temp 34 8638K 8702K 166960K 4013 0 kqueue 13 20K 20K 166960K 21 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 30 0 27 1 0 1 1 0 8 0 rtentry 176 83 0 1 4 0 4 4 0 8 0 unpcb 144 36 0 19 1 0 1 1 0 8 0 syncache 336 3 0 3 1 0 1 1 0 8 1 tcpcb 736 8 0 4 1 0 1 1 0 8 0 arp 128 10 0 0 1 0 1 1 0 8 0 inpcb 328 67 0 59 1 0 1 1 0 8 0 nd6 144 12 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 11 0 0 1 0 1 1 0 8 0 pfstkey 128 11 0 0 1 0 1 1 0 8 0 pfstate 384 11 0 0 2 0 2 2 0 8 0 pfrule 1344 21 0 15 2 0 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 359 0 0 23 0 23 23 0 8 0 art_table 40 360 0 0 4 0 4 4 0 8 0 art_node 32 83 0 8 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1560 0 52 95 0 95 95 0 8 0 ffsino 296 1560 0 52 116 0 116 116 0 8 0 nchpl 144 1751 0 69 63 0 63 63 0 8 0 uvmvnodes 80 1647 0 0 34 0 34 34 0 8 0 vnodes 216 1647 0 0 92 0 92 92 0 8 0 namei 1024 5299 0 5299 1 0 1 1 0 8 1 percpumem 16 49 0 0 1 0 1 1 0 8 0 kstatmem 264 26 0 0 2 0 2 2 0 8 0 scxspl 216 6321 0 6319 3 1 2 2 1 8 1 plimitpl 152 30 0 13 1 0 1 1 0 8 0 sigapl 424 440 0 384 7 0 7 7 0 8 0 knotepl 120 50 0 0 2 0 2 2 0 8 0 kqueuepl 224 17 0 8 1 0 1 1 0 8 0 pipepl 344 106 0 79 3 0 3 3 0 8 0 fdescpl 528 417 0 384 3 0 3 3 0 8 0 filepl 160 1429 0 1216 10 0 10 10 0 8 1 lockfpl 104 9 0 6 1 0 1 1 0 8 0 lockfspl 48 6 0 3 1 0 1 1 0 8 0 sessionpl 144 22 0 13 1 0 1 1 0 8 0 pgrppl 48 30 0 13 1 0 1 1 0 8 0 ucredpl 104 82 0 69 1 0 1 1 0 8 0 zombiepl 144 384 0 384 1 0 1 1 0 8 1 processpl 1248 440 0 384 5 0 5 5 0 8 0 procpl 664 455 0 395 6 0 6 6 0 8 0 sockpl 752 133 0 105 4 0 4 4 0 8 1 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 122 0 0 16 0 16 16 0 8 0 mcl2k 2048 10 0 0 2 0 2 2 0 8 0 mtagpl 96 1 0 0 1 0 1 1 0 8 0 mbufpl 256 121 0 0 8 0 8 8 0 8 0 bufpl 280 2861 0 119 196 0 196 196 0 8 0 anonpl 32 3970 0 0 33 0 33 33 0 246 0 amapchunkpl 152 8506 0 8116 17 2 15 15 0 158 0 amappl16 200 1918 0 1907 5 0 5 5 0 8 4 amappl15 192 8 0 8 1 0 1 1 0 8 1 amappl14 184 105 0 93 1 0 1 1 0 8 0 amappl13 176 6 0 6 1 0 1 1 0 8 1 amappl12 168 1057 0 1019 4 1 3 3 0 8 1 amappl11 160 50 0 36 1 0 1 1 0 8 0 amappl10 152 6 0 6 1 0 1 1 0 8 1 amappl9 144 255 0 255 1 0 1 1 0 8 1 amappl8 136 20 0 19 1 0 1 1 0 8 0 amappl7 128 107 0 95 1 0 1 1 0 8 0 amappl6 120 174 0 165 1 0 1 1 0 8 0 amappl5 112 119 0 109 1 0 1 1 0 8 0 amappl4 104 304 0 283 1 0 1 1 0 8 0 amappl3 96 1307 0 1217 3 0 3 3 0 8 0 amappl2 88 623 0 556 2 0 2 2 0 8 0 amappl1 80 8049 0 7430 14 0 14 14 0 8 0 amappl 88 2362 0 2222 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 417 0 384 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 417 0 384 1 0 1 1 0 8 0 vmmpekpl 168 5063 0 5033 2 0 2 2 0 8 0 vmmpepl 168 33201 0 31371 86 0 86 86 0 357 2 vmsppl 488 416 0 384 5 0 5 5 0 8 0 rwobjpl 80 13902 0 11309 54 0 54 54 0 8 0 pdppl 4096 842 0 768 98 16 82 82 0 8 8 pvpl 32 8672 0 0 70 0 70 70 0 265 0 pmappl 256 416 0 384 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 256 0 18 7 0 7 7 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff8378eff0) at x86_ipi_db+0x27 x86_ipi_handler() at x86_ipi_handler+0xd9 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83891ab0) at __mp_lock+0x192 intr_handler(ffff80003a0330e0,ffff800000079a80) at intr_handler+0xe9 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f __sanitizer_cov_trace_cmp8(6fa5f000,6fa5f000) at __sanitizer_cov_trace_cmp8 pmap_enter(fffffd806b74b400,1d2b89000,6fa5f000,4,20) at pmap_enter+0x818 uvm_fault_lower_lookup(ffff80003a033540,ffff80003a033578,ffff80003a0334c0) at uvm_fault_lower_lookup+0x3d6 uvm_fault_lower(ffff80003a033540,ffff80003a033578,ffff80003a0334c0) at uvm_fault_lower+0x89 uvm_fault(fffffd800cba93f0,1d2b88000,0,4) at uvm_fault+0x274 upageflttrap(ffff80003a0336d0,1d2b88f00) at upageflttrap+0xa9 usertrap(ffff80003a0336d0) at usertrap+0x3c6 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7af596afb250, count: 1 ddb{0}> trace x86_ipi_db(ffffffff8378eff0) at x86_ipi_db+0x27 x86_ipi_handler() at x86_ipi_handler+0xd9 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83891ab0) at __mp_lock+0x192 intr_handler(ffff80003a0330e0,ffff800000079a80) at intr_handler+0xe9 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f __sanitizer_cov_trace_cmp8(6fa5f000,6fa5f000) at __sanitizer_cov_trace_cmp8 pmap_enter(fffffd806b74b400,1d2b89000,6fa5f000,4,20) at pmap_enter+0x818 uvm_fault_lower_lookup(ffff80003a033540,ffff80003a033578,ffff80003a0334c0) at uvm_fault_lower_lookup+0x3d6 uvm_fault_lower(ffff80003a033540,ffff80003a033578,ffff80003a0334c0) at uvm_fault_lower+0x89 uvm_fault(fffffd800cba93f0,1d2b88000,0,4) at uvm_fault+0x274 upageflttrap(ffff80003a0336d0,1d2b88f00) at upageflttrap+0xa9 usertrap(ffff80003a0336d0) at usertrap+0x3c6 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7af596afb250, count: -14 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x25: addq $0x8,%rsp db_enter() at db_enter+0x25 panic(ffffffff83333321) at panic+0x1e5 mtx_enter_try(ffffffff83878c70) at mtx_enter_try+0x1da mtx_enter(ffffffff83878c70) at mtx_enter+0x62 uvm_pageclean(fffffd800877c408) at uvm_pageclean+0x28e uvm_pagefree(fffffd800877c408) at uvm_pagefree+0x26 uvn_get(fffffd806b82b3f0,2000,ffff80003580f708,ffff80003580f6ec,0,2,a8645481a2c11341,2) at uvn_get+0x686 uvm_fault_lower_io(ffff80003580f920,ffff80003580f958,ffff80003580f7a0,ffff80003580f788) at uvm_fault_lower_io+0x2cd uvm_fault_lower(ffff80003580f920,ffff80003580f958,ffff80003580f8a0) at uvm_fault_lower+0x2bb uvm_fault(fffffd806b9b09a0,200000002000,0,2) at uvm_fault+0x274 upageflttrap(ffff80003580fab0,200000002d00) at upageflttrap+0xa9 usertrap(ffff80003580fab0) at usertrap+0x3c6 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x704a9da4be80, count: 2 ddb{1}> trace db_enter() at db_enter+0x25 panic(ffffffff83333321) at panic+0x1e5 mtx_enter_try(ffffffff83878c70) at mtx_enter_try+0x1da mtx_enter(ffffffff83878c70) at mtx_enter+0x62 uvm_pageclean(fffffd800877c408) at uvm_pageclean+0x28e uvm_pagefree(fffffd800877c408) at uvm_pagefree+0x26 uvn_get(fffffd806b82b3f0,2000,ffff80003580f708,ffff80003580f6ec,0,2,a8645481a2c11341,2) at uvn_get+0x686 uvm_fault_lower_io(ffff80003580f920,ffff80003580f958,ffff80003580f7a0,ffff80003580f788) at uvm_fault_lower_io+0x2cd uvm_fault_lower(ffff80003580f920,ffff80003580f958,ffff80003580f8a0) at uvm_fault_lower+0x2bb uvm_fault(fffffd806b9b09a0,200000002000,0,2) at uvm_fault+0x274 upageflttrap(ffff80003580fab0,200000002d00) at upageflttrap+0xa9 usertrap(ffff80003580fab0) at usertrap+0x3c6 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x704a9da4be80, count: -13