last executing test programs: 99.269211ms ago: executing program 7 (id=8): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) minherit(&(0x7f0000408000/0x4000)=nil, 0x4000, 0x3) r0 = open(&(0x7f0000000040)='./file0\x00', 0x10, 0x190) mknodat(r0, &(0x7f0000000100)='./file0\x00', 0x8000, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) close(r1) syz_emit_ethernet(0x56, &(0x7f0000000000)=ANY=[@ANYBLOB="89ffa23f3c252adb0070162e86dd6009000000200600030000000000000037f87ccdc0c4a92cff0000000001ea443d080000000001004e204e22", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='[B']) r3 = open(&(0x7f0000000340)='./file1\x00', 0x200, 0x33) munmap(&(0x7f0000609000/0x4000)=nil, 0x4000) mmap(&(0x7f0000001000/0x7000)=nil, 0x7000, 0x4, 0x8011, r3, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000000)=@file={0xd1653077bafa0114, './file0\x00'}, 0xa) r4 = socket(0x2, 0x4001, 0x0) r5 = socket(0x2, 0x4001, 0x0) shutdown(r5, 0x0) r6 = dup(r5) r7 = fcntl$dupfd(r6, 0x2, 0xffffffffffffffff) close(r7) socket(0x2, 0x2, 0x0) r8 = dup2(r6, r7) recvfrom(r3, &(0x7f0000000380)=""/179, 0xb3, 0x2, &(0x7f00000002c0)=@in={0x2, 0x3}, 0xc) syz_emit_ethernet(0x138, &(0x7f00000001c0)=ANY=[@ANYRES32=r0, @ANYRES64=r0, @ANYRESDEC=r8, @ANYRES8=r2]) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) connect$unix(r4, &(0x7f00000000c0), 0x2) setsockopt$sock_int(r4, 0xffff, 0x1023, &(0x7f0000001080)=0x7fff, 0x4) select(0x40, &(0x7f0000000000)={0xfffffffffffffffd}, 0x0, 0x0, 0x0) sysctl$hw(&(0x7f0000000000)={0x7, 0xa}, 0x2, 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) sysctl$kern(&(0x7f0000000000)={0x1, 0x4d}, 0x2, 0x0, 0x0, &(0x7f0000000300), 0x0) openat$diskmap(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$DIOCMAP(r1, 0xc0106477, &(0x7f0000000140)={&(0x7f0000000080)='./file0\x00', r1, 0xf5965de1884824eb}) 83.133572ms ago: executing program 2 (id=3): ioctl$TIOCSETAF(0xffffffffffffffff, 0x802c7416, &(0x7f0000000100)={0x0, 0x7, 0x21ff, 0x2006, "32c14a6159de09260dad386000", 0x2, 0xd}) (async) ioctl$TIOCSETAF(0xffffffffffffffff, 0x802c7416, &(0x7f0000000100)={0x0, 0x7, 0x21ff, 0x2006, "32c14a6159de09260dad386000", 0x2, 0xd}) read(0xffffffffffffff9c, &(0x7f0000000140)=""/203, 0xcb) (async) read(0xffffffffffffff9c, &(0x7f0000000140)=""/203, 0xcb) setrlimit(0x0, &(0x7f0000000100)={0x7, 0x400054}) r0 = syz_open_pts() close(r0) (async) close(r0) syz_open_pts() (async) r1 = syz_open_pts() ioctl$TIOCSETA(r0, 0x802c7414, &(0x7f00000000c0)={0x0, 0x4, 0x8a38, 0x0, "07160a009cef01098b748200"}) (async) ioctl$TIOCSETA(r0, 0x802c7414, &(0x7f00000000c0)={0x0, 0x4, 0x8a38, 0x0, "07160a009cef01098b748200"}) writev(r1, &(0x7f0000000040), 0x0) syz_emit_ethernet(0xcf, &(0x7f0000000340)={@empty, @local, [{[{0x88a8, 0x1, 0x1}], {0x8100, 0x4, 0x0, 0x1}}], {@ipv4={0x800, {{0x9, 0x4, 0x1, 0x7, 0xb9, 0x65, 0x2, 0x1, 0x0, 0x0, @remote={0xac, 0x14, 0x0}, @rand_addr=0xfff, {[@ra={0x94, 0x6, 0x2}, @end, @ra={0x94, 0x6, 0x5}]}}, @generic="4611b0c2e3afcd9ea192fe83794394417cafe2ce08271270406765811c9f9b4cadc2f0f50e6e823cf903d29bffa456d3bf8f7ae83706aa362fb8c0171923fd1ea7092f95cb8d912a0b9f29d576729aa1efa01107d87a68b3367e61978f0e0d26eca7a4619572deb72fb955f668eda621f39d593571cba40cc4bac86cb6b3b74ae460533b3530ef3da6d1ae4165b269e7d54955a6d3"}}}}) r2 = openat$bpf(0xffffffffffffff9c, &(0x7f0000000440), 0x200, 0x0) ioctl$BIOCGRSIG(r2, 0x40044273, &(0x7f0000000000)) (async) ioctl$BIOCGRSIG(r2, 0x40044273, &(0x7f0000000000)) r3 = dup2(r1, r0) ioctl$TIOCSETA(r3, 0x802c7414, &(0x7f0000000300)={0x538, 0x9, 0x1, 0x7fd, "2c21a7000000004ea80873ca9e5fd700", 0x6, 0xffffffff}) poll(&(0x7f0000000000)=[{r3, 0x40}], 0x1, 0x0) (async) poll(&(0x7f0000000000)=[{r3, 0x40}], 0x1, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff}) r4 = socket(0x18, 0x2, 0x0) socket$inet(0x2, 0x3, 0x4) mknod(&(0x7f0000000040)='./bus\x00', 0x100000000205f, 0x2802) open(&(0x7f0000000540)='./bus\x00', 0x0, 0x105) (async) open(&(0x7f0000000540)='./bus\x00', 0x0, 0x105) mknod(&(0x7f0000000240)='./file0\x00', 0xc000, 0xffffff6e) r5 = open(&(0x7f0000000080)='./file0\x00', 0x80, 0x29) ioctl$WSMOUSEIO_SCALIBCOORDS(r5, 0x81205724, &(0x7f0000000100)={0x7ff, 0x8018, 0x3, 0x400101, 0x80000001, 0x81ac, 0x10001, 0x10, [{0x0, 0x3, 0x4, 0x71002}, {0x6, 0x9, 0x8, 0xfffffff9}, {0x100, 0xf88, 0x0, 0x9}, {0x1, 0x800, 0x8007}, {0x401, 0x200727, 0x2800, 0x7}, {0x1, 0x650, 0x3, 0x99}, {0xce1, 0xffffffff, 0x4f8, 0x6d}, {0x6, 0x803, 0x14, 0x8}, {0x2, 0x82, 0x5, 0x5}, {0x6a75, 0x8001, 0xd1b, 0x4}, {0x1cc, 0x10001, 0xc, 0x3}, {0x8, 0x9, 0x8, 0x2}, {0xb8c, 0x7, 0x8, 0x4}, {0x29a71717, 0xeffffffa, 0x1, 0x6}, {0xc, 0x5, 0x5, 0x10000000}, {0x0, 0x1, 0xfff, 0x30004}]}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$VNDIOCSET(r5, 0x80184404, &(0x7f00000001c0)={0x0, 0x0, 0x0}) (async) ioctl$VNDIOCSET(r5, 0x80184404, &(0x7f00000001c0)={0x0, 0x0, 0x0}) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3, 0x5012, 0xffffffffffffffff, 0x0) ioctl$BIOCSETWF(0xffffffffffffffff, 0x80104277, &(0x7f00000004c0)={0x3, &(0x7f00000000c0)=[{0xf}, {0x1, 0x0, 0xfd, 0x1}, {0x83, 0x0, 0x0, 0x1}]}) r6 = openat$diskmap(0xffffffffffffff9c, &(0x7f0000000180), 0x80, 0x0) ioctl$DIOCMAP(r6, 0xc0106477, &(0x7f00000000c0)={0x0, r6, 0x3}) sysctl$kern(&(0x7f00000000c0)={0x1, 0x42}, 0x6, &(0x7f0000000100)="71f91e3471ac0058bc5a91501d94a34b8e5f84cf71b59c7afec37082", &(0x7f0000000080)=0x1918, 0x0, 0x37) (async) sysctl$kern(&(0x7f00000000c0)={0x1, 0x42}, 0x6, &(0x7f0000000100)="71f91e3471ac0058bc5a91501d94a34b8e5f84cf71b59c7afec37082", &(0x7f0000000080)=0x1918, 0x0, 0x37) connect$unix(r4, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) 48.91177ms ago: executing program 1 (id=2): r0 = socket$unix(0x1, 0x5, 0x0) (async) r1 = socket(0x18, 0x3, 0x0) ioctl$FIONREAD(r1, 0x802069b5, &(0x7f0000000100)) clock_getres(0x4, &(0x7f0000000000)) (async, rerun: 64) r2 = socket(0x18, 0x3, 0x0) (rerun: 64) connect$unix(r1, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x8) (async) getsockname$inet(r2, &(0x7f00000000c0), &(0x7f0000000000)=0xffffffffffffff35) setsockopt$inet6_MRT6_DEL_MFC(r2, 0x29, 0x69, &(0x7f0000000000)={{0x18, 0x3, 0xa2, 0x7fffffff}, {0x18, 0x3, 0x6, 0x4}, 0x7ff, [0x8, 0x0, 0x6, 0x80, 0x80000000, 0x5, 0x7a, 0x80000001]}, 0x3c) (async) semctl$SETALL(0xffffffffffffffff, 0x0, 0x9, 0x0) bind$unix(r0, &(0x7f0000000240)=@file={0xd570d0466b6018f, '.\x00'}, 0x4) 40.363282ms ago: executing program 5 (id=6): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r1, &(0x7f0000000040)=@file={0xd19450564dee018c, './file0\x00'}, 0xa) (async, rerun: 64) mknod(&(0x7f00000000c0)='./bus\x00', 0x2000, 0xd01) (rerun: 64) r2 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) readv(r2, &(0x7f0000000040)=[{&(0x7f0000002140)=""/4112, 0x1000}, {&(0x7f0000001140)=""/4092, 0x1000}], 0x1000000000000037) (async, rerun: 32) chmod(&(0x7f0000000180)='./file0\x00', 0x23f) (async, rerun: 32) setuid(0xee01) (async) r3 = dup2(r0, r1) (async, rerun: 32) connect$unix(r1, &(0x7f0000000000)=@file={0xd1653077bafa0114, './file0\x00'}, 0xa) (async, rerun: 32) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) (async) madvise(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0) (async, rerun: 64) kevent(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000300)=[{{}, 0xfffffffffffffff9, 0x41, 0x3}], 0x0, 0x0) (rerun: 64) sysctl$hw(&(0x7f0000000040)={0x6, 0x9}, 0x2, 0x0, 0x0, &(0x7f0000000100), 0x0) r4 = kqueue() kevent(0xffffffffffffffff, &(0x7f0000000340)=[{{r1}, 0xfffffffffffffffc, 0x89, 0x4, 0x5, 0x8}, {{r2}, 0xfffffffffffffff9, 0xc1, 0x80000000, 0x7, 0xfd}, {{r2}, 0xfffffffffffffffd, 0xa0, 0xfffff, 0xc7, 0x5}, {{r2}, 0xffffffffffffffff, 0x88, 0xf0000000, 0xe, 0xb034}, {{r1}, 0xfffffffffffffffc, 0x2e, 0x20, 0x8, 0x3}, {{r2}, 0xfffffffffffffffc, 0x41, 0x1, 0x9, 0x4}, {{r1}, 0xfffffffffffffffe, 0x46, 0x4, 0x1, 0x4}], 0x1, 0x0, 0x0, 0x0) (async) kevent(r4, &(0x7f0000000000), 0x3ff, 0x0, 0x200000, 0x0) (async, rerun: 32) r5 = getuid() (rerun: 32) setreuid(r5, r5) (async) getsockopt$sock_cred(r0, 0xffff, 0x1022, &(0x7f00000001c0)={0x0, 0x0, 0x0}, &(0x7f0000000200)=0xc) lchown(&(0x7f0000000100)='./file0\x00', r5, r6) (async) fchown(r3, r5, r6) 27.065888ms ago: executing program 0 (id=1): openat$vnd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) setrlimit(0x8, &(0x7f0000000580)={0xa, 0x56}) r0 = syz_open_pts() close(r0) r1 = syz_open_pts() ioctl$TIOCSETA(r0, 0x802c7414, &(0x7f0000000340)={0x8, 0x5, 0xffffdf82, 0xffffff8d, "08ed95990000000000000000ffffffffffffffe6", 0x4000000, 0x20000}) writev(r0, &(0x7f0000000440)=[{&(0x7f0000000080)='\x00', 0xffaa}], 0x1) readv(r1, &(0x7f0000000040)=[{&(0x7f0000000000)=""/18, 0x12}], 0x1) r2 = socket$inet(0x2, 0x2, 0x0) ioctl$FIONREAD(r2, 0x80206979, &(0x7f0000000000)) setitimer(0x2, &(0x7f0000000940)={{0x5, 0x6}, {0x0, 0x6}}, &(0x7f0000000980)) 17.34608ms ago: executing program 3 (id=4): r0 = open(&(0x7f0000000080)='./file0\x00', 0x200, 0xc3) ioctl$VNDIOCSET(r0, 0xc0104401, &(0x7f00000001c0)={0x0, 0x0, 0x0}) mquery(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2, 0x0, r0, 0x5) syz_emit_ethernet(0x46, &(0x7f0000000100)={@local, @empty, [], {@ipv4={0x800, {{0x7, 0x4, 0x0, 0x0, 0x38, 0x3, 0x0, 0x0, 0x2, 0x0, @remote={0xac, 0x14, 0x0}, @broadcast, {[@ra={0x94, 0x6, 0x4}, @noop, @noop]}}, @icmp=@parameter_prob={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, @broadcast, @multicast1}}}}}}) syz_emit_ethernet(0x2e, &(0x7f0000000000)={@random="e00694f43db1", @broadcast, [{[], {0x8100, 0x0, 0x1, 0x3}}], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x0, @random="ff9091a1fe2c", @multicast1, @remote, @rand_addr=0xfffffffb}}}}) 0s ago: executing program 4 (id=5): r0 = socket(0x6, 0x8000, 0xf) r1 = kqueue() kevent(r1, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0xfffffffffffffffb}) r2 = kqueue() kevent(r2, &(0x7f00000000c0), 0x138, 0x0, 0xffffffff, 0x0) r3 = kqueue() kevent(r3, &(0x7f0000000000), 0x138, 0x0, 0xffffffff, 0x0) openat$pf(0xffffffffffffff9c, 0x0, 0x1, 0x0) sendto$unix(r0, &(0x7f0000000040)="b1000501000000ae05000701070000000008000000000500fef96ecfc72fd3357ae30200004e30ffd2d236acf20bf404be01000000f7c8cf5f882b297de1aa050400ce94e2f0ad3ebbc257e4411f139b672f335c22db830c032bfa896443c32118210000720fd38bfb0000fd54c125191b1257aea8c500001602fbfe0c2300000100be1f25a2e791505c47f8343712cc11fffffffffffffc00"/177, 0xb1, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.145' (ED25519) to the list of known hosts. panic: uvm_fault_unwire_locked: address not in map Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 357475 19717 0 0 0 0 syz-executor *238292 15295 60929 0x10 0x4000000 1 syz-executor db_enter() at db_enter+0x25 panic(ffffffff8342d29c) at panic+0x1e5 uvm_fault_unwire_locked(fffffd800af62200,200000002000,200000003000) at uvm_fault_unwire_locked+0x4de uvm_fault_wire(fffffd800af62200,200000002000,200000004000,3) at uvm_fault_wire+0x12d uvm_vslock_device(ffff80002a2d2010,200000002140,1000,3,ffff800038c01af0) at uvm_vslock_device+0x112 physio(ffffffff8220dd50,d01,8000,ffffffff8220e5b0,ffff800038c01e20) at physio+0x277 spec_read(ffff800038c01c10) at spec_read+0x155 VOP_READ(fffffd806bba3a20,ffff800038c01e20,0,fffffd807f7d2340) at VOP_READ+0x102 vn_read(fffffd806bd03e08,ffff800038c01e20,0) at vn_read+0x17b dofilereadv(ffff80002a2d2010,5,ffff800038c01e20,0,ffff800038c01ee0) at dofilereadv+0x230 sys_readv(ffff80002a2d2010,ffff800038c01f90,ffff800038c01ee0) at sys_readv+0xd8 syscall(ffff800038c01f90) at syscall+0xbc6 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf58a4d13cf0, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault_unwire_locked: address not in map ddb{1}> trace db_enter() at db_enter+0x25 panic(ffffffff8342d29c) at panic+0x1e5 uvm_fault_unwire_locked(fffffd800af62200,200000002000,200000003000) at uvm_fault_unwire_locked+0x4de uvm_fault_wire(fffffd800af62200,200000002000,200000004000,3) at uvm_fault_wire+0x12d uvm_vslock_device(ffff80002a2d2010,200000002140,1000,3,ffff800038c01af0) at uvm_vslock_device+0x112 physio(ffffffff8220dd50,d01,8000,ffffffff8220e5b0,ffff800038c01e20) at physio+0x277 spec_read(ffff800038c01c10) at spec_read+0x155 VOP_READ(fffffd806bba3a20,ffff800038c01e20,0,fffffd807f7d2340) at VOP_READ+0x102 vn_read(fffffd806bd03e08,ffff800038c01e20,0) at vn_read+0x17b dofilereadv(ffff80002a2d2010,5,ffff800038c01e20,0,ffff800038c01ee0) at dofilereadv+0x230 sys_readv(ffff80002a2d2010,ffff800038c01f90,ffff800038c01ee0) at sys_readv+0xd8 syscall(ffff800038c01f90) at syscall+0xbc6 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf58a4d13cf0, count: -13 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800038c01830 rbx 0xffff8000299eedcf rdx 0 rcx 0xffff80002a2d2010 rax 0xffff8000299edff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x8d8dd0f4a8719e67 r11 0x662a61d36f338424 r12 0xffff8000299eebd0 r13 0 r14 0 r15 0x1 rip 0xffffffff819d7c55 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff800038c01820 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor) tid=238292 pid=15295 tcnt=5 stat=onproc flags process=10 proc=4000000 runpri=36, usrpri=59, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a2d2ab0,0xffff80002a28b570 process=0xffff8000ffff3460 user=0xffff800038bfd000, vmspace=0xfffffd800af62200 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 16163 463206 78270 0 2 0 syz-executor 16163 63050 78270 0 3 0x4000080 fsleep syz-executor 19717 357475 31703 0 7 0 syz-executor 19717 449762 31703 0 3 0x4000080 fsleep syz-executor 15295 369162 70985 60929 3 0x10 vmmaplk syz-executor *15295 238292 70985 60929 7 0x4000010 syz-executor 15295 417431 70985 60929 2 0x4000010 syz-executor 15295 65051 70985 60929 3 0x4000090 fsleep syz-executor 15295 154712 70985 60929 3 0x4000010 vmmaplk syz-executor 52105 461606 45267 0 2 0 syz-executor 52105 128721 45267 0 3 0x4000080 fsleep syz-executor 52105 275497 45267 0 3 0x4000080 fsleep syz-executor 28703 498740 86386 0 2 0 syz-executor 28703 455515 86386 0 3 0x4000080 fsleep syz-executor 86386 279668 36328 0 3 0x82 nanoslp syz-executor 40142 160267 36328 0 3 0x2 biowait syz-executor 70985 232552 36328 0 3 0x82 nanoslp syz-executor 48977 281976 36328 0 3 0x2 biowait syz-executor 78270 77797 36328 0 3 0x82 nanoslp syz-executor 45267 445990 36328 0 3 0x82 nanoslp syz-executor 94981 207184 36328 0 3 0x2 biowait syz-executor 31703 452226 36328 0 3 0x82 nanoslp syz-executor 36328 18367 93577 0 3 0x82 kqread syz-executor 93577 249308 88840 0 3 0x10008a sigsusp ksh 88840 53841 36526 0 3 0x98 kqread sshd-session 36526 16332 46048 0 3 0x92 kqread sshd-session 47195 490515 1 0 3 0x100083 ttyin getty 46048 352454 1 0 3 0x88 kqread sshd 63478 295937 76597 74 3 0x1100092 bpf pflogd 76597 367558 1 0 3 0x80 sbwait pflogd 21543 432345 90484 73 3 0x1100090 kqread syslogd 90484 386683 1 0 3 0x100082 sbwait syslogd 48384 324568 1 0 3 0x100080 kqread resolvd 42499 240959 20828 77 3 0x100092 kqread dhcpleased 44664 102784 20828 77 3 0x100092 kqread dhcpleased 20828 316308 1 0 3 0x80 kqread dhcpleased 10009 258835 0 0 3 0x14200 bored smr 40269 308957 0 0 2 0x14200 zerothread 54082 272127 0 0 3 0x14200 aiodoned aiodoned 55955 319752 0 0 3 0x14200 syncer update 45607 482745 0 0 3 0x14200 cleaner cleaner 95224 136350 0 0 3 0x14200 reaper reaper 8242 506088 0 0 3 0x14200 pgdaemon pagedaemon 35841 54075 0 0 3 0x14200 bored viomb 35916 471844 0 0 3 0x40014200 acpi0 acpi0 47634 122895 0 0 3 0x40014200 idle1 15187 229265 0 0 3 0x14200 bored softnet3 84747 494744 0 0 3 0x14200 bored softnet2 55820 365834 0 0 3 0x14200 bored softnet1 39650 139948 0 0 3 0x14200 bored softnet0 36466 508539 0 0 3 0x14200 bored systqmp 45390 493933 0 0 3 0x14200 bored systq 83660 64059 0 0 3 0x14200 tmoslp softclockmp 83284 146471 0 0 3 0x40014200 tmoslp softclock 47962 508656 0 0 3 0x40014200 idle0 1 104419 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 15295 (syz-executor) thread 0xffff80002a2d2010 (238292) shared rwlock vmmaplk r = 0 (0xfffffd800af62300) #0 witness_lock+0x5bb #1 rw_do_enter_read+0x3af #2 uvm_fault_wire+0x116 #3 uvm_vslock_device+0x112 #4 physio+0x277 #5 spec_read+0x155 #6 VOP_READ+0x102 #7 vn_read+0x17b #8 dofilereadv+0x230 #9 sys_readv+0xd8 #10 syscall+0xbc6 #11 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83a09ad8) #0 witness_lock+0x5bb #1 __mp_acquire_count+0x58 #2 mi_switch+0x4b7 #3 sleep_finish+0x24f #4 rw_do_enter_read+0x2de #5 uvmfault_lookup+0x122 #6 uvm_fault_check+0x4a #7 uvm_fault+0x106 #8 uvm_fault_wire+0x73 #9 uvm_vslock_device+0x112 #10 physio+0x277 #11 spec_read+0x155 #12 VOP_READ+0x102 #13 vn_read+0x17b #14 dofilereadv+0x230 #15 sys_readv+0xd8 #16 syscall+0xbc6 #17 Xsyscall+0x128 Process 40142 (syz-executor) thread 0xffff80002a248a98 (160267) exclusive rrwlock inode r = 0 (0xfffffd806be93760) #0 witness_lock+0x5bb #1 rw_do_enter_write+0x3ea #2 rrw_enter+0xc6 #3 VOP_LOCK+0xa6 #4 ufs_ihashins+0x4f #5 ffs_vget+0x187 #6 ffs_inode_alloc+0x283 #7 ufs_mkdir+0x113 #8 VOP_MKDIR+0x102 #9 domkdirat+0x179 #10 syscall+0xb08 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd807bd1ed38) #0 witness_lock+0x5bb #1 rw_do_enter_write+0x3ea #2 rrw_enter+0xc6 #3 VOP_LOCK+0xa6 #4 vn_lock+0xa4 #5 vfs_lookup+0x109 #6 namei+0x7aa #7 domkdirat+0x8b #8 syscall+0xb08 #9 Xsyscall+0x128 Process 48977 (syz-executor) thread 0xffff80002a2d4558 (281976) exclusive rrwlock inode r = 0 (0xfffffd806be939a0) #0 witness_lock+0x5bb #1 rw_do_enter_write+0x3ea #2 rrw_enter+0xc6 #3 VOP_LOCK+0xa6 #4 ufs_ihashins+0x4f #5 ffs_vget+0x187 #6 ffs_inode_alloc+0x283 #7 ufs_mkdir+0x113 #8 VOP_MKDIR+0x102 #9 domkdirat+0x179 #10 syscall+0xb08 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd807bd1e1f8) #0 witness_lock+0x5bb #1 rw_do_enter_write+0x3ea #2 rrw_enter+0xc6 #3 VOP_LOCK+0xa6 #4 vn_lock+0xa4 #5 vfs_lookup+0x109 #6 namei+0x7aa #7 domkdirat+0x8b #8 syscall+0xb08 #9 Xsyscall+0x128 Process 94981 (syz-executor) thread 0xffff80002a2d42b0 (207184) exclusive rrwlock inode r = 0 (0xfffffd806be93be0) #0 witness_lock+0x5bb #1 rw_do_enter_write+0x3ea #2 rrw_enter+0xc6 #3 VOP_LOCK+0xa6 #4 ufs_ihashins+0x4f #5 ffs_vget+0x187 #6 ffs_inode_alloc+0x283 #7 ufs_mkdir+0x113 #8 VOP_MKDIR+0x102 #9 domkdirat+0x179 #10 syscall+0xb08 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806cce0c10) #0 witness_lock+0x5bb #1 rw_do_enter_write+0x3ea #2 rrw_enter+0xc6 #3 VOP_LOCK+0xa6 #4 vn_lock+0xa4 #5 vfs_lookup+0x109 #6 namei+0x7aa #7 domkdirat+0x8b #8 syscall+0xb08 #9 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10186 11020K 11020K 166960K 11263 0 pcb 18 14K 16K 166960K 98 0 rtable 234 6K 6K 166960K 356 0 pf 34 17K 18K 166960K 45 0 ifaddr 43 7K 7K 166960K 45 0 ifgroup 55 2K 2K 166960K 55 0 sysctl 1 1K 1K 166960K 1 0 counters 64 36K 36K 166960K 64 0 ioctlops 0 0K 4K 166960K 1483 0 iov 1 1K 1K 166960K 5 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1336 84K 84K 166960K 1356 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 15 53K 97K 166960K 138 0 proc 70 91K 140K 166960K 529 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 99 7K 7K 166960K 99 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 43 201K 201K 166960K 43 0 exec 0 0K 1K 166960K 373 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 215 159K 169K 166960K 3111 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 40 80K 104K 166960K 1256 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 28 2K 2K 166960K 28 0 temp 34 8678K 8742K 166960K 4013 0 kqueue 13 20K 21K 166960K 24 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 37 0 34 1 0 1 1 0 8 0 rtentry 176 111 0 1 5 0 5 5 0 8 0 unpcb 144 36 0 18 1 0 1 1 0 8 0 syncache 336 3 0 3 1 0 1 1 0 8 1 tcpcb 808 11 0 3 1 0 1 1 0 8 0 arp 128 18 0 0 1 0 1 1 0 8 0 inpcb 384 136 0 124 8 0 8 8 0 8 6 nd6 144 24 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 18 0 0 1 0 1 1 0 8 0 pfstkey 128 18 0 0 1 0 1 1 0 8 0 pfstate 384 18 0 0 2 0 2 2 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 452 0 0 29 0 29 29 0 8 0 art_table 32 453 0 0 4 0 4 4 0 8 0 art_node 16 110 0 10 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1559 0 47 95 0 95 95 0 8 0 ffsino 288 1559 0 47 109 0 109 109 0 8 0 nchpl 144 1747 0 59 63 0 63 63 0 8 0 uvmvnodes 80 1645 0 0 34 0 34 34 0 8 0 vnodes 216 1645 0 0 92 0 92 92 0 8 0 namei 1024 5498 0 5495 2 0 2 2 0 8 1 percpumem 16 47 0 0 1 0 1 1 0 8 0 kstatmem 264 24 0 0 2 0 2 2 0 8 0 scxspl 216 5739 0 5736 3 1 2 2 1 8 1 plimitpl 152 29 0 10 1 0 1 1 0 8 0 sigapl 424 448 0 401 7 0 7 7 0 8 1 futexpl 64 82 0 76 1 0 1 1 0 8 0 knotepl 120 56 0 0 2 0 2 2 0 8 0 kqueuepl 224 21 0 12 1 0 1 1 0 8 0 pipepl 336 106 0 79 3 0 3 3 0 8 0 fdescpl 520 430 0 401 3 0 3 3 0 8 0 filepl 160 1536 0 1315 12 0 12 12 0 8 1 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 22 0 13 1 0 1 1 0 8 0 pgrppl 48 30 0 13 1 0 1 1 0 8 0 ucredpl 104 78 0 64 1 0 1 1 0 8 0 zombiepl 144 401 0 401 1 0 1 1 0 8 1 processpl 1216 448 0 401 5 0 5 5 0 8 0 procpl 680 461 0 405 5 0 5 5 0 8 0 sockpl 728 209 0 176 9 0 9 9 0 8 6 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 126 0 0 16 0 16 16 0 8 0 mcl2k 2048 19 0 0 3 0 3 3 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 127 0 0 8 0 8 8 0 8 0 bufpl 280 2294 0 127 155 0 155 155 0 8 0 anonpl 32 3768 0 0 31 0 31 31 0 246 0 amapchunkpl 152 8314 0 7899 20 0 20 20 0 158 2 amappl16 200 1446 0 1431 5 0 5 5 0 8 4 amappl15 192 4 0 4 1 0 1 1 0 8 1 amappl14 184 117 0 104 1 0 1 1 0 8 0 amappl13 176 5 0 5 1 0 1 1 0 8 1 amappl12 168 1085 0 1056 4 1 3 3 0 8 0 amappl11 160 50 0 36 1 0 1 1 0 8 0 amappl10 152 2 0 2 1 0 1 1 0 8 1 amappl9 144 259 0 258 1 0 1 1 0 8 0 amappl8 136 26 0 23 1 0 1 1 0 8 0 amappl7 128 111 0 99 1 0 1 1 0 8 0 amappl6 120 176 0 173 1 0 1 1 0 8 0 amappl5 112 124 0 115 1 0 1 1 0 8 0 amappl4 104 328 0 309 1 0 1 1 0 8 0 amappl3 96 1287 0 1192 3 0 3 3 0 8 0 amappl2 88 641 0 581 2 0 2 2 0 8 0 amappl1 80 8302 0 7704 15 0 15 15 0 8 1 amappl 88 2410 0 2268 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 430 0 401 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 430 0 401 1 0 1 1 0 8 0 vmmpekpl 168 5320 0 5291 2 0 2 2 0 8 0 vmmpepl 168 33908 0 32071 87 0 87 87 0 357 0 vmsppl 480 429 0 401 5 0 5 5 0 8 0 rwobjpl 72 13695 0 11165 49 0 49 49 0 8 0 pdppl 4096 868 0 802 104 16 88 88 0 8 22 pvpl 32 9051 0 0 74 1 73 74 0 265 0 pmappl 256 429 0 401 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 387 0 18 11 0 11 11 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff837e9ff0) at x86_ipi_db+0x27 x86_ipi_handler() at x86_ipi_handler+0xd9 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83a098d0) at __mp_lock+0x192 intr_handler(ffff8000367f66e0,ffff800000079f00) at intr_handler+0xe1 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 __mp_lock(ffffffff83a098d0) at __mp_lock+0x1a3 uvm_fault(fffffd806ebe7008,cb0f13c8000,0,1) at uvm_fault+0x1ee upageflttrap(ffff8000367f6a80,cb0f13c8000) at upageflttrap+0xa9 usertrap(ffff8000367f6a80) at usertrap+0x2d8 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7b6301394e50, count: 3 ddb{0}> trace x86_ipi_db(ffffffff837e9ff0) at x86_ipi_db+0x27 x86_ipi_handler() at x86_ipi_handler+0xd9 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83a098d0) at __mp_lock+0x192 intr_handler(ffff8000367f66e0,ffff800000079f00) at intr_handler+0xe1 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 __mp_lock(ffffffff83a098d0) at __mp_lock+0x1a3 uvm_fault(fffffd806ebe7008,cb0f13c8000,0,1) at uvm_fault+0x1ee upageflttrap(ffff8000367f6a80,cb0f13c8000) at upageflttrap+0xa9 usertrap(ffff8000367f6a80) at usertrap+0x2d8 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7b6301394e50, count: -12 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x25: addq $0x8,%rsp db_enter() at db_enter+0x25 panic(ffffffff8342d29c) at panic+0x1e5 uvm_fault_unwire_locked(fffffd800af62200,200000002000,200000003000) at uvm_fault_unwire_locked+0x4de uvm_fault_wire(fffffd800af62200,200000002000,200000004000,3) at uvm_fault_wire+0x12d uvm_vslock_device(ffff80002a2d2010,200000002140,1000,3,ffff800038c01af0) at uvm_vslock_device+0x112 physio(ffffffff8220dd50,d01,8000,ffffffff8220e5b0,ffff800038c01e20) at physio+0x277 spec_read(ffff800038c01c10) at spec_read+0x155 VOP_READ(fffffd806bba3a20,ffff800038c01e20,0,fffffd807f7d2340) at VOP_READ+0x102 vn_read(fffffd806bd03e08,ffff800038c01e20,0) at vn_read+0x17b dofilereadv(ffff80002a2d2010,5,ffff800038c01e20,0,ffff800038c01ee0) at dofilereadv+0x230 sys_readv(ffff80002a2d2010,ffff800038c01f90,ffff800038c01ee0) at sys_readv+0xd8 syscall(ffff800038c01f90) at syscall+0xbc6 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf58a4d13cf0, count: 2 ddb{1}> trace db_enter() at db_enter+0x25 panic(ffffffff8342d29c) at panic+0x1e5 uvm_fault_unwire_locked(fffffd800af62200,200000002000,200000003000) at uvm_fault_unwire_locked+0x4de uvm_fault_wire(fffffd800af62200,200000002000,200000004000,3) at uvm_fault_wire+0x12d uvm_vslock_device(ffff80002a2d2010,200000002140,1000,3,ffff800038c01af0) at uvm_vslock_device+0x112 physio(ffffffff8220dd50,d01,8000,ffffffff8220e5b0,ffff800038c01e20) at physio+0x277 spec_read(ffff800038c01c10) at spec_read+0x155 VOP_READ(fffffd806bba3a20,ffff800038c01e20,0,fffffd807f7d2340) at VOP_READ+0x102 vn_read(fffffd806bd03e08,ffff800038c01e20,0) at vn_read+0x17b dofilereadv(ffff80002a2d2010,5,ffff800038c01e20,0,ffff800038c01ee0) at dofilereadv+0x230 sys_readv(ffff80002a2d2010,ffff800038c01f90,ffff800038c01ee0) at sys_readv+0xd8 syscall(ffff800038c01f90) at syscall+0xbc6 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf58a4d13cf0, count: -13