last executing test programs: 55.839239ms ago: executing program 0 (id=1): r0 = open$dir(&(0x7f0000000040)='.\x00', 0x0, 0x4) pipe(&(0x7f00000001c0)) mknod(&(0x7f0000000280)='./file0\x00', 0x2000, 0x1e5f) r1 = open(&(0x7f0000000080)='./file0\x00', 0x80, 0x138) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$VNDIOCSET(r1, 0x80184404, &(0x7f00000001c0)={0x0, 0x0, 0x0}) r2 = openat$wskbd(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) ioctl$WSKBDIO_SETENCODING(r2, 0x80045710, 0x0) ioctl$WSKBDIO_GETBACKLIGHT(r2, 0x400c5711, 0x0) fcntl$getown(r2, 0x5) ioctl$VNDIOCSET(r1, 0x80044403, &(0x7f00000001c0)={0x0, 0xfffffffffffffffd, 0x0}) r3 = socket(0x2, 0x1, 0x0) ioctl$VMM_IOC_RESETCPU(0xffffffffffffffff, 0x82405605, &(0x7f00000000c0)={0xa, 0x8000148, {[0x3, 0x0, 0x6, 0x6, 0x3, 0x8000, 0x1, 0x0, 0x7, 0x2, 0x9, 0x91c, 0x8, 0x180, 0x0, 0xd3, 0x76, 0xfffffffffffffff7], [0x5438b950, 0x5, 0x4001004, 0x7, 0x1, 0x1, 0x9, 0x7, 0xffffffffffffffff, 0x3], [0x6, 0x0, 0x8, 0x8000000008, 0x10000, 0x200, 0x2], [0x100000000, 0x10801, 0x0, 0x5, 0x3, 0x6], [{0x5ad, 0x7, 0xfffffffb, 0x6}, {0x2, 0x925, 0x3, 0x338}, {0x1000, 0x7fffffff, 0x0, 0x5}, {0x8, 0x2, 0x3, 0x895}, {0x4, 0x3, 0x2, 0x9}, {0x1f, 0x4, 0x0, 0x7}, {0xe4, 0xffffff81, 0x1ff, 0x1}, {0x3, 0x10000, 0x8001, 0x5}], {0x52b, 0x4, 0xfffffffd, 0x8}, {0xfffb, 0xffffbfc0, 0x8}}}) ioctl$FIONREAD(r3, 0x8040691a, &(0x7f00000001c0)) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3, 0x5012, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000000)='./file0\x00', 0x2000, 0x5900) r4 = open(&(0x7f0000000300)='./file0\x00', 0x80, 0x30) ioctl$WSDISPLAYIO_GETEMULTYPE(r4, 0x80084905, &(0x7f0000000040)={0x3, '.\x00'}) getdents(r0, &(0x7f0000000e80)=""/4091, 0xffaa) bind(r1, &(0x7f0000000340)=@in6={0x18, 0x3, 0x6, 0x1}, 0xc) open$dir(&(0x7f0000000040)='.\x00', 0x0, 0x4) (async) pipe(&(0x7f00000001c0)) (async) mknod(&(0x7f0000000280)='./file0\x00', 0x2000, 0x1e5f) (async) open(&(0x7f0000000080)='./file0\x00', 0x80, 0x138) (async) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async) ioctl$VNDIOCSET(r1, 0x80184404, &(0x7f00000001c0)={0x0, 0x0, 0x0}) (async) openat$wskbd(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) (async) ioctl$WSKBDIO_SETENCODING(r2, 0x80045710, 0x0) (async) ioctl$WSKBDIO_GETBACKLIGHT(r2, 0x400c5711, 0x0) (async) fcntl$getown(r2, 0x5) (async) ioctl$VNDIOCSET(r1, 0x80044403, &(0x7f00000001c0)={0x0, 0xfffffffffffffffd, 0x0}) (async) socket(0x2, 0x1, 0x0) (async) ioctl$VMM_IOC_RESETCPU(0xffffffffffffffff, 0x82405605, &(0x7f00000000c0)={0xa, 0x8000148, {[0x3, 0x0, 0x6, 0x6, 0x3, 0x8000, 0x1, 0x0, 0x7, 0x2, 0x9, 0x91c, 0x8, 0x180, 0x0, 0xd3, 0x76, 0xfffffffffffffff7], [0x5438b950, 0x5, 0x4001004, 0x7, 0x1, 0x1, 0x9, 0x7, 0xffffffffffffffff, 0x3], [0x6, 0x0, 0x8, 0x8000000008, 0x10000, 0x200, 0x2], [0x100000000, 0x10801, 0x0, 0x5, 0x3, 0x6], [{0x5ad, 0x7, 0xfffffffb, 0x6}, {0x2, 0x925, 0x3, 0x338}, {0x1000, 0x7fffffff, 0x0, 0x5}, {0x8, 0x2, 0x3, 0x895}, {0x4, 0x3, 0x2, 0x9}, {0x1f, 0x4, 0x0, 0x7}, {0xe4, 0xffffff81, 0x1ff, 0x1}, {0x3, 0x10000, 0x8001, 0x5}], {0x52b, 0x4, 0xfffffffd, 0x8}, {0xfffb, 0xffffbfc0, 0x8}}}) (async) ioctl$FIONREAD(r3, 0x8040691a, &(0x7f00000001c0)) (async) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3, 0x5012, 0xffffffffffffffff, 0x0) (async) mknod(&(0x7f0000000000)='./file0\x00', 0x2000, 0x5900) (async) open(&(0x7f0000000300)='./file0\x00', 0x80, 0x30) (async) ioctl$WSDISPLAYIO_GETEMULTYPE(r4, 0x80084905, &(0x7f0000000040)={0x3, '.\x00'}) (async) getdents(r0, &(0x7f0000000e80)=""/4091, 0xffaa) (async) bind(r1, &(0x7f0000000340)=@in6={0x18, 0x3, 0x6, 0x1}, 0xc) (async) 49.133446ms ago: executing program 5 (id=6): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) (async, rerun: 64) r1 = socket(0x1, 0x2, 0x1) (async, rerun: 64) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000001c0)={{0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xc0}, 0xf0ffffffffffffff, 0x1}) (async) r2 = openat$pf(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0) ioctl$TIOCSETA(r2, 0xc0284457, &(0x7f0000000000)={0xfffffffe, 0x25, 0x105, 0x4fff, "08ffff66fe010000000100000002e1662900", 0x8, 0x101}) (async) r3 = socket(0x2, 0x2, 0x0) (async) r4 = openat$pf(0xffffffffffffff9c, &(0x7f0000000700), 0x82, 0x0) (async) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$TIOCSETA(r4, 0xc4504442, &(0x7f0000000300)={0x200032, 0xa, 0x0, 0x0, "97a2224ff1c14a06ebb178926cc9795a6b47c1d1", 0x1, 0xfffffffe}) (async) ioctl$BIOCSETIF(0xffffffffffffffff, 0x8020426c, &(0x7f00000001c0)={'tap', 0x0}) (async) ioctl$FIONREAD(r3, 0x8040691a, &(0x7f00000001c0)) sysctl$vm_swapencrypt(&(0x7f0000000040)={0x7, 0x2}, 0x3, 0x0, 0x0, 0x0, 0x0) (async) setsockopt$sock_int(r1, 0xffff, 0x10, &(0x7f0000000000)=0x63, 0x4) recvmmsg(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000080)={0x0, 0x0, &(0x7f0000000ac0)=[{0x0}], 0x1, 0x0}, 0x80}, 0x10, 0x2040, 0x0) sendto(0xffffffffffffffff, 0x0, 0x58, 0x0, &(0x7f0000000080)=@in6={0x18, 0x3, 0x0, 0x1ff}, 0xc) (async) bind$unix(0xffffffffffffffff, &(0x7f0000000080)=@abs={0x1f95d27d48731892}, 0x1c) sysctl$net_inet_tcp(&(0x7f00000000c0)={0x4, 0x2, 0x6, 0x9}, 0x4, &(0x7f0000000180)="9b1809ffffffffffffff7f473f11e1a4e5f2f9f220ef7f0abdbc34fe42021588dc8ff44f4b76c76d41859d85ea800dabe467badf35b6fd74c94d1b44162df3867d25aff254e68dbf44ff53559bdaccfdf6b9e3957261167908bdf9ab63a1900bb07c4a19fe9c74c43e44665d8aa04db2150d2379c95abab88ba171048ff14200a5133cab96cb52dc062c67abb716c06191ca3a1528fd52a92bd16fe9e644b5465e76e17a9df0821b2bf250fa4298ed528be8a422cbea36aceaa0bce82558eadcb5904a61b694ccd0d6fc6ddafdd6224fb0c7a8ffd13019f8edee2119978b8832e94a404d59383d8b4380a6efbe86282b2a44", &(0x7f0000000040)=0x10011, 0x0, 0x5a) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async, rerun: 32) sysctl$net_inet_ip(&(0x7f00000000c0)={0x4, 0x2, 0x0, 0x5}, 0x4, &(0x7f0000000080), &(0x7f0000000040), 0x0, 0x0) (async, rerun: 32) bind$unix(r0, &(0x7f0000000140)=@file={0x1, './file0\x00'}, 0xa) 31.999848ms ago: executing program 4 (id=5): r0 = socket(0x2, 0x3, 0x0) execve(0x0, &(0x7f00000001c0)=[0x0, &(0x7f00000000c0)='/dev/speaker\x00'], 0x0) (async) r1 = socket(0x1, 0x2, 0x0) r2 = open(&(0x7f0000000480)='./file0\x00', 0x1, 0x0) write(r2, 0x0, 0x0) sendmmsg(r2, &(0x7f00000005c0)={&(0x7f0000000580)={&(0x7f0000000000)=@in={0x2, 0x2}, 0xc, &(0x7f0000000140)=[{&(0x7f0000000040)="81835ef4e9b5f7a97fd7b8cf105fdf7a970f81a5bc5e37f48db36153e0669a6ea3d909aafd0f7d67395238c293b88e30b16278b493e80a214ae2b41f7b803feecedd82c35d74540add3ca7776d21ea47845ef486488b84cc68f41625e4a59a371bcee937a4ddf526c57e41830d747d68", 0x70}, {&(0x7f0000000100)="96b21bd36049a6f315392963bbfe057fdbbc83b4737e3dcfa4ec4945e6", 0x1d}], 0x2, &(0x7f0000000200)=[{0xb8, 0x1, 0x8, "e8abb67ced0bb326af5466848316314037979f5984b1ae6daaf576c07708813b8e90e473483fdd0ba517a434a007cf750caa16b9616b04b346bff3511251972245700eee855b53bea0c9b8e13e26eea23531651863283368e64ace9334224b005f19198f1849e7104e41fcb2af5c2455bf274289427ccf7470f24288fe1f98b653523a8e67036e84678cc4f78236998ccbda0d81d342d9bfb4752f389a2d705b236526"}, {0xa0, 0x1, 0x5, "8602640e2ba9dabeb5bdc11c35ec1c49d5992707f7a3dbfa838a9eb74bd6030557d701b8f4345114bdc043cfa5d3afc85c9dc80143a0a5b1b4d281139ed67245526b703c97ba1f3cc8cbd18952b630d35731dd58430fc4e87467ca8834b8f20c6a5d06ef47111c33046cbb9dd8855ef9964e02d2145054409571400504d05290e7e739ac7e8f9a083f3c73"}, {0x40, 0xffff, 0x7, "e765e61075dfd0ab8b4d3664e324f5d26b74e0b8e9fd22dd7726b3958d6f7779e23e0e009118ad723cdee1fa6860c7"}, {0xe0, 0xffff, 0x7, "23c7c0a1679d73203e6d3c4dedc87e2334170f0527c49c7bfb607a45e2d957ea327eebac36c61ddd8dc3ba565b672ad9b6d7e4a093617b8334701aa775511418bfc0c6d7bdabd49c2a5e1ca9a77713de6bf301a5a986e7723aea7b2946fcef4063b667abb7675262d72a1d68be524c0c0d02011f31818f7451072a6965691dbf2155fa72e6f07c8588fdbe8c2845dd5c936c7bcf9fff438a9422ddfbaf560d0021e6229042ab8a7e2ceb1c3b119992ff4add3a1a5b76507c0e375e2c245bd9651af884fd20620f398e9f881bf8f610cf"}, {0x48, 0x1, 0x8, "ac648e4bc34c01130808cbd0ab4f598094df99528961fb3ce5d6c50617d367efbc6e3c0d2432b3e66235f6f1aba30a5105591108fd"}, {0x98, 0xffff, 0x2, "a972f094acbbcf3686ae314a97d38a0056b339e6ac913828596d8ee2682c3540b6f6233da535bd0dd923e500ac7a0a9c7d572af6b64ec7c71ce41c96e5ee5edea72e911a99b99cdc8a8bb7f9fcc176da3d590090d3c1e6c29a50f3769274d3351a04dd1d338285a63b725d4296a8e3efb1aec9447d52e34aa7575e81119a56443dbb"}], 0x358}, 0xffff50c6}, 0x10, 0x8) (async) syz_emit_ethernet(0x42, &(0x7f0000000180)={@local, @local, [], {@ipv4={0x800, {{0x8, 0x4, 0x2, 0x1, 0x34, 0x64, 0x3, 0x6, 0x9d, 0x0, @broadcast, @broadcast, {[@rr={0x7, 0xb, 0x1e, [@local={0xac, 0x14, 0x0}, @loopback]}]}}, @icmp=@timestamp_reply={0xe, 0x0, 0x0, 0xb, 0x8, 0x3fc, 0x4, 0x9}}}}}) (async) ioctl$FIONREAD(r1, 0xc0106924, &(0x7f00000001c0)) (async) r3 = kqueue() kevent(r3, &(0x7f00000000c0), 0x8, &(0x7f00000001c0), 0x15, 0x0) (async) ioctl$FIONREAD(r0, 0xc0206921, &(0x7f00000001c0)) r4 = socket(0x2, 0x3, 0x0) ioctl$FIONREAD(r4, 0x8040691a, &(0x7f00000001c0)) 0s ago: executing program 5 (id=9): ioctl$WSMUXIO_LIST_DEVICES(0xffffffffffffffff, 0xc1045763, &(0x7f0000000040)={0x0, [{}, {0x1}, {0x0, 0x1}, {0x2, 0x3}, {}, {0x1}, {0x3}, {0x2, 0x20000000}, {0x1, 0xffffffff}, {}, {0x6}, {}, {0x1}, {0x0, 0x3b6}, {0x3, 0x400000}, {}, {0x2, 0x3}, {0x3, 0x800}, {0x1}, {0x0, 0x7ff}, {0x5}, {0x0, 0x7}, {0x3}, {0x3, 0x400}, {}, {0x2, 0x3}, {0x0, 0xfffffffd}, {}, {0x3}, {}, {0x1, 0xa}, {0x1}]}) ioctl$TIOCSETA(0xffffffffffffffff, 0xcd50441a, &(0x7f0000000040)={0x6, 0x2, 0x8, 0xd5, "00000000000000000000001500", 0x3, 0xff}) r0 = openat$vmm(0xffffffffffffff9c, &(0x7f00000000c0), 0x8, 0x0) r1 = shmget(0x0, 0xc00000, 0x380, &(0x7f00003fe000/0xc00000)=nil) r2 = openat$pf(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000b40)="825a4f47c21e6ed7eda4f5903abf65b18d7c51f78b06cc3a5821ffdb1e649b00000000ffffffffffffffffd4cd12c63d34", 0x31}], 0x1, 0x0, 0x0, 0x40f}, 0x40a) writev(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000680)="7a8b258aa06293ddc32f447cd62969892d78faf028ac6fe876634c00b7ec3f6e53c8f746c978a611ca3eef67886e1595d77f4f0f4e4887120a2ee6f1c69ade852402f16690f564345012ccc1cb9f41dd74b97224c25230da12982e42094ba3d635c6a69fdda68b063ff373bf677dd713f894dbfdd252f2d9df4fa48eedd91b9e407bc86b038e2bf30021e715c2154d349c6502612f1099412fc7d27e26fcaefb3b85b1b5cb275b59fd84fae2af3c107eb78b983fac0085597293dd1161d7d9e408cd2f39b1199728fc104c9253a35b053b30ff5ee83006b7698202d517f0f4284e5dd730f1ff976fb969d0cbc5b6e051d53d20e8e9c5941f31bffa718287a81ee05bcc5c5c75f8463bfd49bb8891d80fd6abeb00e314d9bbe80cd5e11d73a1d203bd4f8ce267db4bd3f91b2a2eb76402ed4c13b081a3f6ae3cc9e660020d94433705d1982ae53a9babd904e4f40221d5b2d1f3d377dd266acbde77ddaf06a73d7261981eb0d7df8efbd4c35589077196d8dbe549761693788159a86abfb2956b0d6d8478b394047b2fc940cd922cd7ae2098f89ee3d3482910841097bda2b1ad4240df7382c7b17e562e5c5547b7587de2c577c1b2243ab446e29baf14f2ed03f892ef8a634aecbbbfd0f1866a8eea9b46a34cf82844e8c089b6086a888cbb2e03d61c319ba6284d215c8aeb1d58be589b6cf388de625aaca78c4cc7c7f00157e17dd5d63e7bd1a133bb15e7346a1158aea41642f730d3f0782b20bd638feb8f44c6ea6e1a6d57e38f1c5536d0f2f4a718d24ec3a0a00c8f81c2a243f757965e4107efd858c7a4a2e56f7e30c1f787bc48b759bf774f2a8bd08f127aa443339c61d85c94350abae99a0f5b4e061990d5b66c51c1cb20c056f148d57a42c975c45ed022afc21c285db770c031d8d5476cea5d7dd3c13ba60fa915bb076770b1fbb111fe89934808993bdd45dc36fe802567b464a2c6b3a2c317857165a0ea8d8e44886455683e2a79a8b9a1032deb06e697d48fc1dc5624cb0b635ede60862d2a170e0e50865337e8e171cbcb7fd5c0579305384c4235e85714f3dab0e7cc54fade4d21beb039bb5731a16efc04d76eb8e37abd82d6c3d4443411cd77be0e4f1925deddc75c8f58cf01c5bd7361be9427c04325d29f2025c16692f26d27c51a4204ef033fc23710c5f8518e67fad8a86c9b61f0d89eede7d661dfe000b76a1568171414b5346f966689194b9b0c7d520a484cd83fa80ec6a2f66ff079c1a8ec939205f83429a66b934f0c730331a6cb63117181a452b9cb64279ed1c33e6d187f71bcf5a7b9fbd652e9aef9af0a894564cca5e47566b9b2d377b3baf5e2dd3cf286ffd31479a5419e98dbdbfb6c1280666a29d2db6bfbb7abd2512461b6c25614541c4c4356e1d153954b31f00a37354dc30fadf224cf7d486cf208896d308303987379bb13f3b43e8671482167404936bf560ed4e3eaee013acd5082eff2db674ad20420ccc37e941426973705a8aa96bd72d6060c444fe2860a2f45001cec98fddd75c179c76d461df07d0fc6e61eb6aef878e1a21de4b75145185558fb2f89e971372e53708e1a9176c7156bc8c3c30d2e570ce608600e92a9d7af2af70d97d033baf2ad00f256bf4ca6c06bb5500565e0c899d53636ed55f2506a5bc7040c6a004ada6cf65bb0d4a5ce92bac6296137ca7c6df7e487a6e2fb289ef33d26a6", 0x4c0}], 0x1) ioctl$TIOCSETA(r2, 0xc4504444, &(0x7f0000000740)={0xfffffffc, 0xffff, 0x101, 0x20000003, "0400091000000000000048000000000000002f00", 0xb, 0xfffffffe}) setuid(0xffffffffffffffff) sysctl$net_inet_tcp(0x0, 0x0, &(0x7f00000000c0)="9b180bc3eb987ab7fe", 0x0, 0x0, 0x0) ioctl$WSMUXIO_INJECTEVENT(0xffffffffffffffff, 0x80185760, &(0x7f0000000000)={0x0, 0x0, {0x0, 0x10000100000001}}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r3 = socket(0x18, 0x1, 0x0) close(r3) r4 = socket(0x18, 0x2, 0x0) setsockopt(r4, 0x1000000029, 0x2e, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) connect$unix(r3, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) socket$inet(0x2, 0x2, 0x0) shmctl$IPC_RMID(r1, 0x0) ioctl$VMM_IOC_INTR(r0, 0xca605601, &(0x7f0000000040)={0x5, 0x0, 0x200d}) kernel console output (not intermixed with test programs): OpenBSD/amd64 (ci-openbsd-multicore-3.us-central1-b.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.89' (ED25519) to the list of known hosts. login: uvm_fault(0xfffffd806cb485d0, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at dt_ioctl_record_stop+0x108: movq 0(%r14),%r14 TID PID UID PRFLAGS PFLAGS CPU COMMAND 71892 48116 0 0 0 0 syz-executor dt_ioctl_record_stop(ffff800001479000) at dt_ioctl_record_stop+0x108 dtclose(11e5f,81,2000,ffff8000fffe82b8) at dtclose+0x109 spec_close(ffff800034bd7e80) at spec_close+0x466 VOP_CLOSE(fffffd806c791948,81,fffffd80097fd5b0,ffff8000fffe82b8) at VOP_CLOSE+0x132 vn_closefile(fffffd806ca192c0,ffff8000fffe82b8) at vn_closefile+0x12b fdrop(fffffd806ca192c0,ffff8000fffe82b8) at fdrop+0x121 closef(fffffd806ca192c0,ffff8000fffe82b8) at closef+0x192 fdfree(ffff8000fffe82b8) at fdfree+0x116 exit1(ffff8000fffe82b8,0,0,1) at exit1+0x576 sys_exit(ffff8000fffe82b8,ffff800034bd81f0,ffff800034bd8140) at sys_exit+0x1a syscall(ffff800034bd81f0) at syscall+0xb17 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7092e8de66a0, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd806cb485d0, 0x0, 0, 1) -> e ddb{1}> trace dt_ioctl_record_stop(ffff800001479000) at dt_ioctl_record_stop+0x108 dtclose(11e5f,81,2000,ffff8000fffe82b8) at dtclose+0x109 spec_close(ffff800034bd7e80) at spec_close+0x466 VOP_CLOSE(fffffd806c791948,81,fffffd80097fd5b0,ffff8000fffe82b8) at VOP_CLOSE+0x132 vn_closefile(fffffd806ca192c0,ffff8000fffe82b8) at vn_closefile+0x12b fdrop(fffffd806ca192c0,ffff8000fffe82b8) at fdrop+0x121 closef(fffffd806ca192c0,ffff8000fffe82b8) at closef+0x192 fdfree(ffff8000fffe82b8) at fdfree+0x116 exit1(ffff8000fffe82b8,0,0,1) at exit1+0x576 sys_exit(ffff8000fffe82b8,ffff800034bd81f0,ffff800034bd8140) at sys_exit+0x1a syscall(ffff800034bd81f0) at syscall+0xb17 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7092e8de66a0, count: -12 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff800034bd7db0 rbx 0x1 rdx 0 rcx 0xffff8000fffe82b8 rax 0xffffffff838b59b8 dt_prov_syscall r8 0 r9 0 r10 0xd4d03c1df279fd8d r11 0xd80ccdb20bdc8446 r12 0 r13 0 r14 0 r15 0xffff800001492c00 rip 0xffffffff8203d0e8 dt_ioctl_record_stop+0x108 cs 0x8 rflags 0x10207 __ALIGN_SIZE+0xf207 rsp 0xffff800034bd7d80 ss 0x10 dt_ioctl_record_stop+0x108: movq 0(%r14),%r14 ddb{1}> show proc PROC (syz-executor) tid=180485 pid=97272 tcnt=0 stat=onproc flags process=1008 proc=2000 runpri=32, usrpri=51, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff8000fffe82b8 scnt=-1 ecnt=1 forw=0xffffffffffffffff, list=0xffff8000fffe8fb0,0xffff8000fffe94f0 process=0xffff8000fffe7510 user=0xffff800034bd3000, vmspace=0xfffffd806cb485d0 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 24043 216190 78937 0 2 0 syz-executor 48116 71892 3055 0 7 0 syz-executor 48116 267940 3055 0 2 0x4000000 syz-executor 10436 118696 87656 0 2 0x100000 sh 60383 521184 48324 0 2 0x2 arp 48324 23865 11209 0 3 0x10008a sigsusp sh 81510 144095 56222 0 2 0x100000 sh 56222 472711 28844 0 3 0x10008a sigsusp sh 87656 376027 91368 0 3 0x10008a sigsusp sh 91368 203164 36777 0 3 0x82 wait syz-executor 1396 512483 36777 0 2 0x2 syz-executor 3055 337179 36777 0 3 0x82 nanoslp syz-executor 67427 419470 36777 0 3 0x2 biowait syz-executor 11209 336505 36777 0 3 0x82 wait syz-executor 28844 447302 36777 0 3 0x82 wait syz-executor 78937 238357 36777 0 3 0x82 nanoslp syz-executor 1917 323860 36777 0 3 0x82 nanoslp syz-executor 36777 322747 89280 0 3 0x82 kqread syz-executor 89280 472733 10582 0 3 0x10008a sigsusp ksh 10582 295883 60921 0 3 0x98 kqread sshd-session 60921 425479 54854 0 3 0x92 kqread sshd-session 71194 121677 1 0 3 0x100083 ttyin getty 54854 317585 1 0 3 0x88 kqread sshd 69869 296638 79387 74 3 0x1100092 bpf pflogd 79387 229956 1 0 3 0x80 sbwait pflogd 24271 395415 36863 73 3 0x1100090 kqread syslogd 36863 250236 1 0 3 0x100082 sbwait syslogd 43047 193074 1 0 3 0x100080 kqread resolvd 34730 492946 84467 77 3 0x100092 kqread dhcpleased 37688 331626 84467 77 3 0x100092 kqread dhcpleased 84467 3713 1 0 3 0x80 kqread dhcpleased 66784 14873 0 0 3 0x14200 bored smr 58355 309362 0 0 2 0x14200 zerothread 86109 261317 0 0 3 0x14200 aiodoned aiodoned 97614 220984 0 0 3 0x14200 syncer update 2187 386813 0 0 3 0x14200 cleaner cleaner 57271 218666 0 0 3 0x14200 reaper reaper 34017 144134 0 0 3 0x14200 pgdaemon pagedaemon 36270 98267 0 0 3 0x14200 bored viomb 78314 166326 0 0 3 0x40014200 acpi0 acpi0 88994 469221 0 0 3 0x40014200 idle1 61924 211254 0 0 3 0x14200 bored softnet1 59808 386499 0 0 3 0x14200 bored softnet0 71009 334132 0 0 3 0x14200 smrbar systqmp 89465 169033 0 0 3 0x14200 bored systq 11501 201829 0 0 3 0x14200 tmoslp softclockmp 77121 300166 0 0 3 0x40014200 tmoslp softclock 22360 215940 0 0 3 0x40014200 idle0 1 290604 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 67427 (syz-executor) thread 0xffff80002a2bf240 (419470) exclusive rrwlock inode r = 0 (0xfffffd806ca12b48) #0 witness_lock+0x5f1 #1 rw_do_enter_write+0x419 #2 rrw_enter+0xc6 #3 VOP_LOCK+0xbd #4 ufs_ihashins+0x4f #5 ffs_vget+0x187 #6 ffs_inode_alloc+0x279 #7 ufs_mkdir+0xfc #8 VOP_MKDIR+0x101 #9 domkdirat+0x179 #10 syscall+0xb17 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806cdd5c60) #0 witness_lock+0x5f1 #1 rw_do_enter_write+0x419 #2 rrw_enter+0xc6 #3 VOP_LOCK+0xbd #4 vn_lock+0xa4 #5 vfs_lookup+0x11c #6 namei+0x7ca #7 domkdirat+0x8b #8 syscall+0xb17 #9 Xsyscall+0x128 Process 71009 (systqmp) thread 0xffff8000ffffe000 (334132) shared rwlock systqmp r = 0 (0xffffffff837f2118) #0 witness_lock+0x5f1 #1 taskq_thread+0x12a #2 proc_trampoline+0x10 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10204 11119K 11119K 166960K 11295 0 pcb 17 12K 12K 166960K 19 0 rtable 157 4K 4K 166960K 247 0 pf 30 16K 18K 166960K 41 0 ifaddr 30 4K 4K 166960K 32 0 ifgroup 47 2K 2K 166960K 47 0 sysctl 1 1K 9K 166960K 5 0 counters 66 36K 36K 166960K 66 0 ioctlops 0 0K 4K 166960K 1481 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1344 85K 85K 166960K 1368 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 19 69K 85K 166960K 102 0 proc 70 115K 164K 166960K 444 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 56 4K 4K 166960K 56 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 25 122K 122K 166960K 25 0 exec 0 0K 1K 166960K 351 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 212 153K 158K 166960K 3020 0 UVM aobj 4 4K 4K 166960K 4 0 pinsyscall 44 88K 101K 166960K 1189 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 2 0 NDP 18 1K 1K 166960K 18 0 temp 33 8666K 8730K 166960K 3825 0 kqueue 13 20K 20K 166960K 22 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 29 0 26 1 0 1 1 0 8 0 rtentry 176 71 0 1 4 0 4 4 0 8 0 unpcb 144 34 0 17 1 0 1 1 0 8 0 syncache 336 3 0 3 1 0 1 1 0 8 1 tcpcb 736 10 0 4 1 0 1 1 0 8 0 arp 136 11 0 0 1 0 1 1 0 8 0 inpcb 328 59 0 50 1 0 1 1 0 8 0 nd6 152 12 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 pffrag 232 1 0 0 1 0 1 1 0 482 0 pffrnode 88 1 0 0 1 0 1 1 0 8 0 pffrent 40 1 0 0 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 12 0 0 1 0 1 1 0 8 0 pfstkey 128 12 0 0 1 0 1 1 0 8 0 pfstate 448 12 0 0 2 0 2 2 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 285 0 0 18 0 18 18 0 8 0 art_table 40 286 0 0 3 0 3 3 0 8 0 art_node 32 71 0 4 1 0 1 1 0 8 0 shmpl 112 1 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1562 0 51 95 0 95 95 0 8 0 ffsino 296 1562 0 51 117 0 117 117 0 8 0 nchpl 144 1751 0 59 63 0 63 63 0 8 0 vnodes 216 1654 0 0 92 0 92 92 0 8 0 namei 1024 5094 0 5093 1 0 1 1 0 8 0 percpumem 16 48 0 0 1 0 1 1 0 8 0 kstatmem 264 22 0 0 2 0 2 2 0 8 0 scxspl 216 5817 0 5816 3 1 2 2 1 8 1 plimitpl 152 27 0 10 1 0 1 1 0 8 0 sigapl 424 423 0 374 6 0 6 6 0 8 0 knotepl 120 52 0 0 2 0 2 2 0 8 0 kqueuepl 224 19 0 10 1 0 1 1 0 8 0 pipepl 344 122 0 94 3 0 3 3 0 8 0 fdescpl 528 407 0 374 3 0 3 3 0 8 0 filepl 160 1476 0 1260 10 0 10 10 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 21 0 12 1 0 1 1 0 8 0 pgrppl 48 29 0 12 1 0 1 1 0 8 0 ucredpl 104 69 0 56 1 0 1 1 0 8 0 zombiepl 144 375 0 374 1 0 1 1 0 8 0 processpl 1232 423 0 374 5 0 5 5 0 8 0 procpl 664 432 0 382 5 0 5 5 0 8 0 sockpl 752 122 0 93 4 0 4 4 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 118 0 0 15 0 15 15 0 8 0 mcl2k 2048 17 0 0 3 0 3 3 0 8 0 mtagpl 96 1 0 0 1 0 1 1 0 8 0 mbufpl 256 116 0 0 8 0 8 8 0 8 0 bufpl 280 2294 0 126 155 0 155 155 0 8 0 anonpl 32 3911 0 0 32 0 32 32 0 246 0 amapchunkpl 152 8404 0 8033 17 0 17 17 0 158 0 amappl16 200 1908 0 1899 5 0 5 5 0 8 4 amappl15 192 6 0 6 1 0 1 1 0 8 1 amappl14 184 25 0 24 1 0 1 1 0 8 0 amappl13 176 407 0 401 1 0 1 1 0 8 0 amappl12 168 753 0 712 2 0 2 2 0 8 0 amappl11 160 6 0 6 1 0 1 1 0 8 1 amappl10 152 52 0 37 1 0 1 1 0 8 0 amappl9 144 252 0 252 1 0 1 1 0 8 1 amappl8 136 24 0 22 1 0 1 1 0 8 0 amappl7 128 91 0 90 1 0 1 1 0 8 0 amappl6 120 243 0 227 1 0 1 1 0 8 0 amappl5 112 94 0 84 1 0 1 1 0 8 0 amappl4 104 413 0 382 1 0 1 1 0 8 0 amappl3 96 1232 0 1151 3 0 3 3 0 8 0 amappl2 88 513 0 455 2 0 2 2 0 8 0 amappl1 80 8865 0 8276 14 0 14 14 0 8 0 amappl 88 2324 0 2192 4 0 4 4 0 92 0 uvmvnodes 80 98 0 0 2 0 2 2 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 3 0 0 1 0 1 1 0 8 0 uaddrrnd 24 407 0 374 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 407 0 374 1 0 1 1 0 8 0 vmmpekpl 168 5275 0 5239 2 0 2 2 0 8 0 vmmpepl 168 34216 0 32445 82 1 81 81 0 357 1 vmsppl 488 406 0 374 5 0 5 5 0 8 0 rwobjpl 80 13047 0 12059 23 0 23 23 0 8 1 pdppl 4096 821 0 748 103 22 81 81 0 8 8 pvpl 32 8623 0 0 71 1 70 70 0 265 0 pmappl 256 406 0 374 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 258 0 24 7 0 7 7 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff83896ff0) at x86_ipi_db+0x27 x86_ipi_handler() at x86_ipi_handler+0xd9 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff838e23c0) at __mp_lock+0x192 intr_handler(ffff80003b3fc170,ffff80000006b400) at intr_handler+0xe9 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f end of kernel end trace frame: 0x72d70b4d64e0, count: 9 ddb{0}> trace x86_ipi_db(ffffffff83896ff0) at x86_ipi_db+0x27 x86_ipi_handler() at x86_ipi_handler+0xd9 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff838e23c0) at __mp_lock+0x192 intr_handler(ffff80003b3fc170,ffff80000006b400) at intr_handler+0xe9 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f end of kernel end trace frame: 0x72d70b4d64e0, count: -6 ddb{0}> machine ddbcpu 1 Stopped at dt_ioctl_record_stop+0x108: movq 0(%r14),%r14 dt_ioctl_record_stop(ffff800001479000) at dt_ioctl_record_stop+0x108 dtclose(11e5f,81,2000,ffff8000fffe82b8) at dtclose+0x109 spec_close(ffff800034bd7e80) at spec_close+0x466 VOP_CLOSE(fffffd806c791948,81,fffffd80097fd5b0,ffff8000fffe82b8) at VOP_CLOSE+0x132 vn_closefile(fffffd806ca192c0,ffff8000fffe82b8) at vn_closefile+0x12b fdrop(fffffd806ca192c0,ffff8000fffe82b8) at fdrop+0x121 closef(fffffd806ca192c0,ffff8000fffe82b8) at closef+0x192 fdfree(ffff8000fffe82b8) at fdfree+0x116 exit1(ffff8000fffe82b8,0,0,1) at exit1+0x576 sys_exit(ffff8000fffe82b8,ffff800034bd81f0,ffff800034bd8140) at sys_exit+0x1a syscall(ffff800034bd81f0) at syscall+0xb17 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7092e8de66a0, count: 3 ddb{1}> trace dt_ioctl_record_stop(ffff800001479000) at dt_ioctl_record_stop+0x108 dtclose(11e5f,81,2000,ffff8000fffe82b8) at dtclose+0x109 spec_close(ffff800034bd7e80) at spec_close+0x466 VOP_CLOSE(fffffd806c791948,81,fffffd80097fd5b0,ffff8000fffe82b8) at VOP_CLOSE+0x132 vn_closefile(fffffd806ca192c0,ffff8000fffe82b8) at vn_closefile+0x12b fdrop(fffffd806ca192c0,ffff8000fffe82b8) at fdrop+0x121 closef(fffffd806ca192c0,ffff8000fffe82b8) at closef+0x192 fdfree(ffff8000fffe82b8) at fdfree+0x116 exit1(ffff8000fffe82b8,0,0,1) at exit1+0x576 sys_exit(ffff8000fffe82b8,ffff800034bd81f0,ffff800034bd8140) at sys_exit+0x1a syscall(ffff800034bd81f0) at syscall+0xb17 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7092e8de66a0, count: -12