last executing test programs: 243.886319ms ago: executing program 3 (id=4): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sysctl$net_inet_ip(&(0x7f0000000080)={0x4, 0x2, 0x0, 0x25}, 0x4, &(0x7f0000000140)="e33745e84d5ebfb9cc2f7fa3a7f7891721720e69dac610a4fb5e8c3e3c6e1d648a8ca6ebc70f949c442aee9dc79e2cd74f4e106f382caf01ada3bc4efb0f6bc50690e5492f4a0491b1ea3359aa5c5164ad97ac7c3aadca05fd9e9a8c0f962f5167b69cfdc8287fc34b8138340e60c404a855858ea5fc", &(0x7f0000000000)=0x10045, 0x0, 0x0) write(r0, &(0x7f0000000040)="ed", 0x1) recvmmsg(r1, &(0x7f0000000880)={&(0x7f0000000580)={0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000180)=""/202, 0xca}], 0x1, 0x0}}, 0x10, 0x42, 0x0) r2 = socket(0x11, 0x3, 0x0) sendto$unix(r2, &(0x7f0000000500)="9401050300000080b1b0782797888fd1f838a311000000000000b13886ca3849451ae3c3051020741038f5538551f30ce390500e08fecea11ea8fef96e4fc748e93f0b780486aebdbe781e4d8f5eef9187a869a4d3a4cbba982fd825582fe2aa7923ed00f4c8b2ca3ebbc259699a1f132e27acb5d63734e4fd89070000000000000070c1f5a872c88dff7cc53c894303b2a0a85ff3faa800000000009ec7ab3a34c29000000000000000000000000000002d7e4a5d76cc3f9cff2ed2243e56fa277603c5cc1e047326bcf6b67b75d00bf6ee330b6a80874b70559d9975ebd13da2447a78aa4b00cd0ba1870215607bb912e3d7325183ce69456b4b6ca927871c81672a54ec695c5bdeb842836656f917945cc076f87dc714dfe0aa2947252df350707b22884a7730cb6dba8742110fbe9ec7481885274387e0b1dbe5695122604819b0b2294b7b20726a5d4fcb44f62d00fabb2f247a166d8d79d05b8cc370f5c11db58aedca632a83acd58ff0ea0a3dca58ccb03cce466cda735017196ff346c30600000000000000c90de81ed297b2319e130f", 0x194, 0x0, 0x0, 0x0) sysctl$net_inet_ip(&(0x7f00000000c0)={0x4, 0x2, 0x0, 0x16}, 0x4, &(0x7f0000000100)="cb74f6ff242ccc355c9e7afc496e9b762f240fce0ce88099149877145b684bb5bd1e2eb4cb8567fb3105730d50", &(0x7f0000000280)=0x2d, &(0x7f00000002c0)="0878dcc501cb2ed7552e2d2705820d9704a1a05554cd811240bf9c0db7195f236144f0511c206e8e25fe1323ddbf88ad146acdf580286cff368c5ff8134c35544143c255d266e66f59adf14e7c3a93e9c33f00cb39bd8fddf7c47253082548f16a8b4d8835e076c91b4468ae11a40bea427255ea4191b27916f73911c0acfb85b7ea928c2e761d2c94cf4ff56dac0eced73df8dd5087e3e0a96c56dfabe4a037910793e86d26a10987", 0xa9) 185.919793ms ago: executing program 2 (id=3): r0 = socket(0x18, 0x2, 0x0) r1 = openat$pf(0xffffffffffffff9c, &(0x7f0000000140), 0x100, 0x0) (async, rerun: 64) recvfrom$inet6(r0, &(0x7f0000000000)=""/105, 0x69, 0x841, &(0x7f0000000100)={0x18, 0x1, 0x8001, 0x40}, 0xc) (rerun: 64) utimensat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={{0x8000, 0x3}, {0x4, 0x4}}, 0x0) (async) r2 = socket(0x2, 0x400000000002, 0x0) setsockopt(r2, 0x0, 0x4, 0x0, 0x0) (async, rerun: 64) accept$inet6(r2, &(0x7f0000000240), &(0x7f00000002c0)=0xc) (async, rerun: 64) r3 = socket$unix(0x1, 0x5, 0x0) bind$unix(r3, &(0x7f0000000200)=@file={0xd570d0466b6018f, './file0\x00'}, 0xa) bind(r3, &(0x7f0000000000)=@in={0x2, 0x1}, 0xc) (async) select(0x40, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1000, 0x8000}, &(0x7f0000000200)={0x7f, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0) close(r0) (async) sysctl$net_inet_tcp(&(0x7f0000000200)={0x4, 0x2, 0x6, 0xe}, 0x4, &(0x7f0000000080)="56cc0b2e", &(0x7f00000000c0)=0xffffffffffffff81, 0x0, 0x0) 182.343739ms ago: executing program 0 (id=1): r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@in6, &(0x7f0000000040)=0xc) recvmsg(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000080)=""/60, 0x3c}, {&(0x7f00000000c0)=""/7, 0x7}, {&(0x7f0000000100)=""/140, 0x8c}, {&(0x7f00000001c0)=""/53, 0x35}, {&(0x7f0000000200)=""/42, 0x2a}, {&(0x7f0000000240)=""/97, 0x61}, {&(0x7f00000002c0)=""/97, 0x61}, {&(0x7f0000000340)=""/60, 0x3c}, {&(0x7f0000000380)=""/82, 0x52}], 0x9, &(0x7f00000004c0)=""/179, 0xb3}, 0x0) connect$unix(r0, &(0x7f00000005c0)=@abs={0x1, 0x0, 0x0}, 0x8) connect$unix(r0, &(0x7f0000000600)=@file={0x0, './file0\x00'}, 0xa) r1 = getuid() chown(&(0x7f0000000640)='./file1\x00', r1, 0xffffffffffffffff) bind(r0, &(0x7f0000000680)=@un=@file={0x0, './file2\x00'}, 0xa) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket(0x1, 0x2, 0x0) listen(r4, 0x3) r5 = getgid() lchown(&(0x7f0000000700)='./file2\x00', r1, r5) ioctl$VMM_IOC_CREATE(r3, 0xc2585601, &(0x7f0000000740)={0x10, 0xfff, [{&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil}, {&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x1ea}, {&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000fec000/0x14000)=nil, 0x2}, {&(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff5000/0x2000)=nil, 0x8}, {&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff0000/0x2000)=nil, 0x80}, {&(0x7f0000fef000/0x1000)=nil, &(0x7f0000feb000/0x4000)=nil, 0x8}, {&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff6000/0x3000)=nil, 0x1}, {&(0x7f0000ff3000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x8000000000000000}, {&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000fef000/0x2000)=nil, 0xa}, {&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x1}, {&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fee000/0x3000)=nil, 0x1}, {&(0x7f0000fec000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, 0x3}, {&(0x7f0000ff3000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, 0xe}, {&(0x7f0000ff0000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x2}, {&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, 0x580}, {&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x3}], './file0\x00', 0xfff}) recvmsg(r2, &(0x7f0000001c40)={&(0x7f0000000940)=@in6, 0xc, &(0x7f0000001b80)=[{&(0x7f0000000980)=""/12, 0xc}, {&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f00000019c0)=""/51, 0x33}, {&(0x7f0000001a00)=""/93, 0x5d}, {&(0x7f0000001a80)=""/88, 0x58}, {&(0x7f0000001b00)=""/126, 0x7e}], 0x6, &(0x7f0000001c00)=""/26, 0x1a}, 0x1) r6 = open$dir(&(0x7f0000001c80)='./file1/file0\x00', 0x80, 0x20) fchmodat(r6, &(0x7f0000001cc0)='./file1\x00', 0x2, 0x4) r7 = openat$diskmap(0xffffffffffffff9c, &(0x7f0000001d00), 0x10, 0x0) r8 = openat$pf(0xffffffffffffff9c, &(0x7f0000001d80), 0x80, 0x0) ioctl$DIOCMAP(r7, 0xc0106477, &(0x7f0000001dc0)={&(0x7f0000001d40)='./file3\x00', r8, 0x2}) ioctl$WSKBDIO_SETDEFAULTKEYREPEAT(r8, 0x800c5709, &(0x7f0000001e00)={0xc34, 0xfffffffb, 0x4}) fchflags(r3, 0x10000) getsockopt$sock_cred(0xffffffffffffff9c, 0xffff, 0x1022, &(0x7f0000001e40), &(0x7f0000001e80)=0xc) ioctl$WSKBDIO_SETBELL(r8, 0x80105703, &(0x7f0000001ec0)={0x3, 0x6, 0x1ff, 0x6e9}) rename(&(0x7f0000001f00)='.\x00', &(0x7f0000001f40)='./file2\x00') r9 = syz_open_pts() readv(r9, &(0x7f00000020c0)=[{&(0x7f0000001f80)=""/66, 0x42}, {&(0x7f0000002000)=""/191, 0xbf}], 0x2) r10 = openat$wsdisplay(0xffffffffffffff9c, &(0x7f0000002100), 0x400, 0x0) ioctl$KDMKTONE(r10, 0x20004b08, &(0x7f0000002140)=0x9) ioctl$TIOCSETD(r9, 0x8004741b, &(0x7f0000002180)=0x29) mprotect(&(0x7f0000fee000/0x2000)=nil, 0x2000, 0x4) 122.678443ms ago: executing program 6 (id=7): r0 = socket(0x1, 0x3, 0x0) r1 = socket(0x18, 0x1, 0x0) setsockopt(r1, 0x1000000029, 0x3b, &(0x7f0000000000), 0x4) setsockopt(r0, 0x11, 0x1, &(0x7f00000000c0), 0x0) sysctl$kern(&(0x7f00000000c0)={0x1, 0x4e}, 0x2, 0x0, 0x0, 0x0, 0x0) r2 = socket(0x2, 0x4001, 0x0) r3 = dup(r2) fcntl$dupfd(r3, 0x2, 0xffffffffffffffff) open$dir(&(0x7f00000000c0)='./file0\x00', 0x200, 0x186) r4 = open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0) r5 = open(&(0x7f0000000000)='./file0\x00', 0x9cab835cfdc52675, 0x0) ftruncate(r5, 0x79c8) pwritev(r4, &(0x7f0000000380)=[{&(0x7f0000000440)="e9", 0x1}], 0x1, 0xe2) truncate(&(0x7f0000000140)='./file0\x00', 0x30001) open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0) ioctl$VMM_IOC_READREGS(r3, 0xc2485607, &(0x7f0000000100)) 12.030091ms ago: executing program 2 (id=9): symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00') r0 = socket(0x18, 0x2, 0x0) setsockopt(r0, 0x1000000000029, 0x3c, &(0x7f0000000040)='\x00\x00\x00\x00', 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) utimensat(0xffffffffffffffff, 0x0, &(0x7f00000001c0)={{0x8, 0x9}, {0x7ff, 0x9}}, 0x2) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x200000000000c, &(0x7f0000000080)="eaef", 0x2) r1 = socket(0x2, 0x1, 0x0) setsockopt(r1, 0x0, 0x6, &(0x7f0000000200), 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) mkdir(&(0x7f0000000080)='./file0/file0\x00', 0x183) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file0\x00', 0x1c0) 11.715748ms ago: executing program 5 (id=6): sendmsg$unix(0xffffffffffffffff, &(0x7f0000001700)={&(0x7f00000000c0), 0x1c, 0x0}, 0x0) select(0xa4, &(0x7f00000000c0)={0x7fffffffffffffff, 0x0, 0x4000000003, 0x4, 0xdf, 0x4, 0x4, 0x40000000002}, 0x0, 0x0, 0x0) ioctl$WSMUXIO_INJECTEVENT(0xffffffffffffffff, 0x80185760, &(0x7f0000000000)={0x0, 0x0, {0x100000000000000, 0x3}}) connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x2, 0x2, 0x0) ioctl$FIOASYNC(0xffffffffffffffff, 0x80047460, &(0x7f00000000c0)=0xc06) sysctl$net_inet_tcp(0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)="934d49e266", 0x5) clock_getres(0x2, &(0x7f0000000600)) r1 = socket$inet(0x2, 0x1, 0x0) setsockopt(r1, 0x0, 0x17, 0x0, 0x0) setsockopt$sock_int(r0, 0xffff, 0x1001, &(0x7f0000000100)=0x20000, 0x4) syz_emit_ethernet(0x138, &(0x7f0000000000)=ANY=[@ANYBLOB="ff02"]) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) connect$unix(r0, &(0x7f0000000000), 0x10) setsockopt$inet_opts(r0, 0x0, 0x1, &(0x7f00000000c0)="9876d692a3ef9c7ab923a2f0", 0xc) write(r0, &(0x7f0000000240)="14bdfa5d1d34e2fecb284a6498307dcda9aec43050036123339a346f737850551408753f95b7688ad4c4e1dd5489e7bafc58d3e5823757ae8b630719ef187ccad995f13dbe19a6dd4e6902bd8297b0799b426aabe9fad9db6996571c6d9f8bb5d542c2148aa42be940970fe88d34d8f99afe7e7820237400000000008000000100"/138, 0xfc7e) r2 = socket(0x18, 0x1, 0x0) close(r2) r3 = socket(0x18, 0x2, 0x0) connect$unix(r2, &(0x7f0000000040)=@file={0x0, './file0\x00'}, 0xa) setsockopt(r3, 0x1000000029, 0x2e, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) connect$unix(r2, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x0) ioctl$TIOCCBRK(r4, 0x541b) sendmsg$unix(r2, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x0) 11.438299ms ago: executing program 5 (id=10): open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xfa) r0 = open$dir(&(0x7f0000001240)='.\x00', 0x0, 0x0) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4) mkdirat(r0, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x18c) renameat(0xffffffffffffff9c, &(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r0, &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 11.143483ms ago: executing program 3 (id=11): r0 = syz_open_pts() mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x1c12, r0, 0x2) (async, rerun: 64) sysctl$net_inet6_ip6(&(0x7f0000000040)={0x4, 0x18, 0x29, 0x35}, 0x4, &(0x7f0000000080)="ab", &(0x7f0000000000)=0x20000, 0x0, 0x0) (async, rerun: 64) mlock(&(0x7f0000120000/0x4000)=nil, 0x4000) munmap(&(0x7f000000e000/0x400000)=nil, 0x400000) (async) msgget(0x1, 0x0) 10.906527ms ago: executing program 2 (id=12): r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0xe8, 0x0) fcntl$lock(r0, 0x7, &(0x7f0000000080)={0x3, 0x0, 0x1, 0x1000300000004, 0xffffffffffffffff}) ioctl$WSDISPLAYIO_SBURNER(r0, 0x800c5751, &(0x7f0000000000)={0x6, 0x0, 0x9}) unveil(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='x\x00') open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0) 0s ago: executing program 1 (id=2): sysctl$hw(&(0x7f0000000180)={0x7, 0x6}, 0x2, &(0x7f0000000280)="fc670ad62d21633bb8c983f4e7", &(0x7f0000000080)=0xd, 0x0, 0x0) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sysctl$kern(&(0x7f00000000c0)={0x1, 0x29}, 0x2, &(0x7f0000000b40)="140e09e271ac0058bcf8934be2fa473b129234417f20361c7bc7593db1492b3b33786c9e6c0f1b1781501d777514d9c609202641637c929936939b1508d7175bcaff7f0000000000008de4511aea398086a73b5bd4fbe731604ff9abf38d908cd3317e", &(0x7f0000000080)=0x63, 0x0, 0x0) write(r0, &(0x7f0000000040)="64050000002e6f991fd585d877592925b37da43f6340ca285b6d600757708d989f0a613ad115984e43b5078a56d831642768ed9c9d873c46fc1fd6b07cb0fba8db123434ba", 0x45) setsockopt(r0, 0x5, 0x1, &(0x7f00000000c0)="f6727330ff20e22706dc8411e975c8429aa89fd233206db7720bceb89e10774ec1ca85840343490bf47d5085df7b7aa2fcf57f26e6e2585772d9cfad1afcd53af173d657b7b40bde96263d", 0x4b) fcntl$getflags(r1, 0x1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.82' (ED25519) to the list of known hosts. panic: kernel diagnostic assertion "va >= entry->start" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_fault.c", line 1741 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 437002 33207 32767 0x10 0 1 syz-executor *176041 33207 32767 0x10 0x4000000 0 syz-executor db_enter() at db_enter+0x25 panic(ffffffff8343fe74) at panic+0x1e5 __assert(ffffffff833ebd93,ffffffff83429334,6cd,ffffffff8333b9c0) at __assert+0x29 uvm_fault_unwire_locked(fffffd806beaf588,400000000000,400000021000) at uvm_fault_unwire_locked+0x4b4 uvm_fault_unwire(fffffd806beaf588,400000000000,400000021000) at uvm_fault_unwire+0x55 sysctl_vsunlock(400000000080,20000) at sysctl_vsunlock+0x7b net_sysctl(ffff80003c515144,3,400000000080,ffff80003c515178,0,0,aaecce299abf829b) at net_sysctl+0x69a sys_sysctl(ffff80003bcc3730,ffff80003c5152b0,ffff80003c515200) at sys_sysctl+0x425 syscall(ffff80003c5152b0) at syscall+0xbc6 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe5d6c34d7f0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "va >= entry->start" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_fault.c", line 1741 ddb{0}> trace db_enter() at db_enter+0x25 panic(ffffffff8343fe74) at panic+0x1e5 __assert(ffffffff833ebd93,ffffffff83429334,6cd,ffffffff8333b9c0) at __assert+0x29 uvm_fault_unwire_locked(fffffd806beaf588,400000000000,400000021000) at uvm_fault_unwire_locked+0x4b4 uvm_fault_unwire(fffffd806beaf588,400000000000,400000021000) at uvm_fault_unwire+0x55 sysctl_vsunlock(400000000080,20000) at sysctl_vsunlock+0x7b net_sysctl(ffff80003c515144,3,400000000080,ffff80003c515178,0,0,aaecce299abf829b) at net_sysctl+0x69a sys_sysctl(ffff80003bcc3730,ffff80003c5152b0,ffff80003c515200) at sys_sysctl+0x425 syscall(ffff80003c5152b0) at syscall+0xbc6 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe5d6c34d7f0, count: -10 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80003c514ea0 rbx 0xffffffff83809dc7 cpu_info_full_primary+0x2dc7 rdx 0 rcx 0xffff80003bcc3730 rax 0xffffffff83808ff0 cpu_info_full_primary+0x1ff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x41865c7f0693b251 r11 0x4020ae7774cf023c r12 0xffffffff83809bc8 cpu_info_full_primary+0x2bc8 r13 0 r14 0 r15 0x1 rip 0xffffffff82431aa5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c514e90 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=176041 pid=33207 tcnt=4 stat=onproc flags process=10 proc=4000000 runpri=32, usrpri=50, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003bcc27d0,0xffff80003bcc34b0 process=0xffff80003c0de978 user=0xffff80003c510000, vmspace=0xfffffd806beaf588 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 33207 437002 2637 32767 7 0x10 syz-executor *33207 176041 2637 32767 7 0x4000010 syz-executor 33207 283216 2637 32767 2 0x4000010 syz-executor 33207 1166 2637 32767 3 0x4000010 vmmaplk syz-executor 3207 32591 41444 32767 2 0x10 syz-executor 3207 338270 41444 32767 3 0x4000090 fsleep syz-executor 91772 16483 81188 32767 2 0x10 syz-executor 91772 196176 81188 32767 3 0x4000090 fsleep syz-executor 88359 35124 68067 32767 2 0x10 syz-executor 88359 256576 68067 32767 3 0x4000090 ttyin syz-executor 88359 263830 68067 32767 3 0x4000090 fsleep syz-executor 32992 416108 58125 0 3 0x100082 sysctllk arp 80996 98565 719 0 2 0x100002 arp 719 68532 56304 0 3 0x10008a sigsusp sh 58125 322005 38865 0 3 0x10008a sigsusp sh 51000 508837 70242 32767 2 0x10 syz-executor 41444 185643 16112 32767 3 0x90 nanoslp syz-executor 38865 235485 5057 0 3 0x80 wait syz-executor 56304 44623 13445 0 3 0x80 wait syz-executor 81188 181009 18999 32767 2 0x10 syz-executor 68067 264181 8198 32767 3 0x90 nanoslp syz-executor 2637 1852 2547 32767 3 0x90 nanoslp syz-executor 70066 97674 50042 32767 3 0x10 biowait syz-executor 13445 513295 763 0 3 0x82 wait syz-executor 18999 79930 763 0 3 0x82 wait syz-executor 16112 6250 763 0 3 0x82 wait syz-executor 5057 291280 763 0 3 0x82 wait syz-executor 2547 210876 763 0 3 0x82 wait syz-executor 70242 234722 763 0 3 0x82 wait syz-executor 50042 419329 763 0 3 0x82 wait syz-executor 8198 402987 763 0 3 0x82 wait syz-executor 763 177067 54451 0 3 0x82 kqread syz-executor 54451 299576 61618 0 3 0x10008a sigsusp ksh 61618 217751 2788 0 3 0x98 kqread sshd-session 2788 81086 44203 0 3 0x92 kqread sshd-session 22674 224466 1 0 3 0x100083 ttyin getty 44203 146671 1 0 3 0x88 kqread sshd 48950 134898 18105 73 3 0x1100090 kqread syslogd 18105 64058 1 0 3 0x100082 sbwait syslogd 41671 252845 1 0 3 0x100080 kqread resolvd 96880 357784 84091 77 3 0x100092 kqread dhcpleased 6809 379460 84091 77 3 0x100092 kqread dhcpleased 84091 289550 1 0 3 0x80 kqread dhcpleased 48854 127716 0 0 3 0x14200 bored smr 40734 62974 0 0 2 0x14200 zerothread 13232 9005 0 0 3 0x14200 aiodoned aiodoned 91641 189466 0 0 3 0x14200 syncer update 77650 2095 0 0 3 0x14200 cleaner cleaner 42614 464348 0 0 3 0x14200 reaper reaper 57089 243806 0 0 3 0x14200 pgdaemon pagedaemon 1063 90172 0 0 3 0x14200 bored viomb 38591 460561 0 0 3 0x40014200 acpi0 acpi0 1361 201791 0 0 3 0x40014200 idle1 56501 455092 0 0 3 0x14200 bored softnet3 12956 347662 0 0 3 0x14200 bored softnet2 17319 510537 0 0 3 0x14200 bored softnet1 13773 457029 0 0 3 0x14200 bored softnet0 85346 169326 0 0 3 0x14200 bored systqmp 80786 53626 0 0 3 0x14200 bored systq 49773 340316 0 0 3 0x14200 tmoslp softclockmp 88981 402457 0 0 3 0x40014200 tmoslp softclock 23928 273453 0 0 3 0x40014200 idle0 1 53476 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 33207 (syz-executor) thread 0xffff80003bcc3730 (176041) exclusive rwlock amaplk r = 0 (0xfffffd806c0f0e68) #0 witness_lock+0x5bb #1 rw_do_enter_write+0x3ea #2 uvm_map_lock_entry+0x51 #3 uvm_fault_unwire_locked+0x253 #4 uvm_fault_unwire+0x55 #5 sysctl_vsunlock+0x7b #6 net_sysctl+0x69a #7 sys_sysctl+0x425 #8 syscall+0xbc6 #9 Xsyscall+0x128 shared rwlock vmmaplk r = 0 (0xfffffd806beaf688) #0 witness_lock+0x5bb #1 rw_do_enter_read+0x3af #2 uvm_fault_unwire+0x3e #3 sysctl_vsunlock+0x7b #4 net_sysctl+0x69a #5 sys_sysctl+0x425 #6 syscall+0xbc6 #7 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff838b3fa0) #0 witness_lock+0x5bb #1 __mp_acquire_count+0x58 #2 mi_switch+0x4b7 #3 sleep_finish+0x24f #4 rw_do_enter_write+0x1de #5 ip6_sysctl+0x57c #6 net_sysctl+0x64a #7 sys_sysctl+0x425 #8 syscall+0xbc6 #9 Xsyscall+0x128 exclusive rwlock sysctllk r = 0 (0xffffffff837d7c18) #0 witness_lock+0x5bb #1 rw_do_enter_write+0x3ea #2 sysctl_vslock+0x45 #3 net_sysctl+0x5a1 #4 sys_sysctl+0x425 #5 syscall+0xbc6 #6 Xsyscall+0x128 Process 70066 (syz-executor) thread 0xffff8000ffffa2a8 (97674) exclusive rrwlock inode r = 0 (0xfffffd806bcc81f8) #0 witness_lock+0x5bb #1 rw_do_enter_write+0x3ea #2 rrw_enter+0xc6 #3 VOP_LOCK+0xa6 #4 ufs_ihashins+0x4f #5 ffs_vget+0x187 #6 ffs_inode_alloc+0x283 #7 ufs_mkdir+0x113 #8 VOP_MKDIR+0x102 #9 domkdirat+0x179 #10 syscall+0xb08 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806d1a5df0) #0 witness_lock+0x5bb #1 rw_do_enter_write+0x3ea #2 rrw_enter+0xc6 #3 VOP_LOCK+0xa6 #4 vn_lock+0xa4 #5 vfs_lookup+0x109 #6 namei+0x7aa #7 domkdirat+0x8b #8 syscall+0xb08 #9 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10181 10953K 10966K 166960K 11260 0 pcb 17 12K 12K 166960K 17 0 rtable 204 5K 6K 166960K 311 0 pf 31 16K 16K 166960K 31 0 ifaddr 38 6K 6K 166960K 40 0 ifgroup 50 2K 2K 166960K 50 0 sysctl 1 1K 1K 166960K 1 0 counters 64 36K 36K 166960K 64 0 ioctlops 0 0K 2K 166960K 28 0 iov 0 0K 4K 166960K 2 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1332 84K 84K 166960K 1348 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 26 97K 121K 166960K 138 0 proc 58 79K 115K 166960K 459 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 79 5K 5K 166960K 79 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 37 175K 175K 166960K 37 0 exec 0 0K 1K 166960K 339 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 232 73K 73K 166960K 2731 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 49 98K 113K 166960K 1152 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 2 0 NDP 23 1K 1K 166960K 23 0 temp 34 8678K 8742K 166960K 3655 0 kqueue 13 20K 22K 166960K 24 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 36 0 31 1 0 1 1 0 8 0 rtentry 160 96 0 1 4 0 4 4 0 8 0 unpcb 144 37 0 19 1 0 1 1 0 8 0 syncache 336 3 0 3 1 0 1 1 0 8 1 tcpcb 808 12 0 6 1 0 1 1 0 8 0 arp 120 17 0 0 1 0 1 1 0 8 0 inpcb 376 65 0 56 2 0 2 2 0 8 1 nd6 136 18 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 372 0 0 24 0 24 24 0 8 0 art_table 32 373 0 0 4 0 4 4 0 8 0 art_node 16 95 0 8 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1545 0 45 94 0 94 94 0 8 0 ffsino 280 1545 0 45 108 0 108 108 0 8 0 nchpl 144 1736 0 59 63 0 63 63 0 8 0 uvmvnodes 80 1626 0 0 34 0 34 34 0 8 0 vnodes 216 1626 0 0 91 0 91 91 0 8 0 namei 1024 5110 0 5109 1 0 1 1 0 8 0 percpumem 16 46 0 0 1 0 1 1 0 8 0 kstatmem 264 22 0 0 2 0 2 2 0 8 0 scxspl 216 5637 0 5636 3 1 2 2 1 8 1 plimitpl 152 34 0 10 1 0 1 1 0 8 0 sigapl 424 420 0 364 7 0 7 7 0 8 0 futexpl 64 105 0 102 1 0 1 1 0 8 0 knotepl 120 58 0 0 2 0 2 2 0 8 0 kqueuepl 216 20 0 11 1 0 1 1 0 8 0 pipepl 328 103 0 76 3 0 3 3 0 8 0 fdescpl 504 402 0 364 7 1 6 6 0 8 0 filepl 152 1454 0 1238 9 0 9 9 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 21 0 5 1 0 1 1 0 8 0 pgrppl 48 29 0 5 1 0 1 1 0 8 0 ucredpl 104 87 0 70 1 0 1 1 0 8 0 zombiepl 144 364 0 364 1 0 1 1 0 8 1 processpl 1176 420 0 364 5 0 5 5 0 8 0 procpl 656 432 0 369 6 0 6 6 0 8 0 sockpl 688 138 0 106 4 0 4 4 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 110 0 0 14 0 14 14 0 8 0 mcl2k 2048 17 0 0 3 0 3 3 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 143 0 0 9 0 9 9 0 8 0 bufpl 280 2222 0 124 150 0 150 150 0 8 0 anonpl 24 101292 0 98073 25 1 24 24 0 184 4 amapchunkpl 152 8301 0 7803 20 0 20 20 0 158 0 amappl16 200 2129 0 2116 5 0 5 5 0 8 4 amappl15 192 7 0 7 1 0 1 1 0 8 1 amappl14 184 100 0 88 1 0 1 1 0 8 0 amappl13 176 6 0 6 1 0 1 1 0 8 1 amappl12 168 997 0 959 2 0 2 2 0 8 0 amappl11 160 47 0 37 1 0 1 1 0 8 0 amappl10 152 5 0 5 1 0 1 1 0 8 1 amappl9 144 246 0 246 1 0 1 1 0 8 1 amappl8 136 25 0 24 1 0 1 1 0 8 0 amappl7 128 96 0 84 1 0 1 1 0 8 0 amappl6 120 171 0 166 1 0 1 1 0 8 0 amappl5 112 114 0 108 1 0 1 1 0 8 0 amappl4 104 274 0 260 1 0 1 1 0 8 0 amappl3 96 1188 0 1070 3 0 3 3 0 8 0 amappl2 88 610 0 552 2 0 2 2 0 8 0 amappl1 80 7446 0 6852 13 0 13 13 0 8 0 amappl 88 2395 0 2218 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 402 0 364 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 402 0 364 1 0 1 1 0 8 0 vmmpekpl 168 4864 0 4830 2 0 2 2 0 8 0 vmmpepl 168 31398 0 29420 91 0 91 91 0 357 1 vmsppl 456 401 0 364 7 1 6 6 0 8 0 rwobjpl 64 13839 0 11311 43 1 42 43 0 8 0 pdppl 4096 812 0 728 110 14 96 96 0 8 12 pvpl 32 9494 0 0 77 0 77 77 0 265 0 pmappl 248 401 0 364 4 1 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 272 0 17 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 panic(ffffffff8343fe74) at panic+0x1e5 __assert(ffffffff833ebd93,ffffffff83429334,6cd,ffffffff8333b9c0) at __assert+0x29 uvm_fault_unwire_locked(fffffd806beaf588,400000000000,400000021000) at uvm_fault_unwire_locked+0x4b4 uvm_fault_unwire(fffffd806beaf588,400000000000,400000021000) at uvm_fault_unwire+0x55 sysctl_vsunlock(400000000080,20000) at sysctl_vsunlock+0x7b net_sysctl(ffff80003c515144,3,400000000080,ffff80003c515178,0,0,aaecce299abf829b) at net_sysctl+0x69a sys_sysctl(ffff80003bcc3730,ffff80003c5152b0,ffff80003c515200) at sys_sysctl+0x425 syscall(ffff80003c5152b0) at syscall+0xbc6 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe5d6c34d7f0, count: -10 ddb{0}> machine ddbcpu 1