Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x0 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff815b45a1 stack pointer = 0x28:0xfffffe00575a55e0 frame pointer = 0x28:0xfffffe00575a5720 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = resume, IOPL = 0 current process = 1591 (syz-executor) rdi: 0000000000000000 rsi: 0000000000000000 rdx: 0000000000000000 rcx: fffffe0002bf1850 r8: 0000000000000000 r9: 0000000000000001 rax: fffffe0000000000 rbx: fffffe00587f6498 rbp: fffffe00575a5720 r10: 6c3420810e67f27a r11: 0000000000000017 r12: 0000000000000000 r13: 000000706cb706f5 r14: fffffe00587f6490 r15: 0000000000000000 trap number = 12 panic: page fault cpuid = 0 time = 1317 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe00575a4e10 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe00575a4f70 vpanic() at vpanic+0x257/frame 0xfffffe00575a5130 panic() at panic+0xb5/frame 0xfffffe00575a51f0 trap_pfault() at trap_pfault+0xaf2/frame 0xfffffe00575a5330 trap() at trap+0x784/frame 0xfffffe00575a5510 calltrap() at calltrap+0x8/frame 0xfffffe00575a5510 --- trap 0xc, rip = 0xffffffff815b45a1, rsp = 0xfffffe00575a55e0, rbp = 0xfffffe00575a5720 --- callout_process() at callout_process+0x441/frame 0xfffffe00575a5720 handleevents() at handleevents+0x3ee/frame 0xfffffe00575a5790 timercb() at timercb+0x3cb/frame 0xfffffe00575a5850 lapic_handle_timer() at lapic_handle_timer+0x17f/frame 0xfffffe00575a5890 Xtimerint() at Xtimerint+0xb1/frame 0xfffffe00575a5890 --- interrupt, rip = 0xffffffff814ea482, rsp = 0xfffffe00575a5968, rbp = 0xfffffe00575a59b0 --- trace_pc() at trace_pc+0x22/frame 0xfffffe00575a59b0 pctrie_iter_jump_ge() at pctrie_iter_jump_ge+0xc4/frame 0xfffffe00575a59f0 vm_object_madvise() at vm_object_madvise+0x4e4/frame 0xfffffe00575a5b10 vm_map_madvise() at vm_map_madvise+0x970/frame 0xfffffe00575a5c50 sys_madvise() at sys_madvise+0x1d8/frame 0xfffffe00575a5d10 amd64_syscall() at amd64_syscall+0x4e2/frame 0xfffffe00575a5f30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00575a5f30 --- syscall (198, FreeBSD ELF64, __syscall), rip = 0x3a6e9a, rsp = 0x825198f08, rbp = 0x825198f80 --- KDB: enter: panic [ thread pid 1591 tid 101556 ] Stopped at kdb_enter+0x6e: movq $0,0x25898a7(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xfffffe0002bf1850 rdx 0 rbx 0xffffffff82826ba0 .str.27 rsp 0xfffffe00575a4f50 rbp 0xfffffe00575a4f70 rsi 0 rdi 0xffffffff8165b309 printf+0x149 r8 0 r9 0xffffffff r10 0 r11 0x17 r12 0xfffffe0079412000 r13 0xfffffffffffffffe r14 0xffffffff82826ba0 .str.27 r15 0 rip 0xffffffff816446ee kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x25898a7(%rip) db> show proc Process 1591 (syz-executor) at 0xfffffe0079418010: state: NORMAL uid: 0 gid: 0 supp gids: 0, 5 parent: pid 763 at 0xfffffe00586c6ac0 ABI: FreeBSD ELF64 flag: 0x10000080 flag2: 0 arguments: ./syz-executor exec reaper: 0xfffffe0007809010 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe00587f1b68 (map 0xfffffe00587f1b68) (map.pmap 0xfffffe00587f1c08) (pmap 0xfffffe00587f1c78) threads: 3 101431 RunQ syz-executor 101547 Run CPU 1 syz-executor 101556 Run CPU 0 syz-executor db> ps pid ppid pgrp uid state wmesg wchan cmd 1601 765 765 0 R syz-executor 1600 766 766 0 R (threaded) syz-executor 101516 RunQ syz-executor 101555 S uwait 0xfffffe0078599680 syz-executor 1599 1596 1596 0 S uwait 0xfffffe0078d98080 syz-executor 1598 1596 764 0 S uwait 0xfffffe0078d97480 syz-executor 1596 764 1596 0 Rs (threaded) syz-executor 101492 RunQ syz-executor 101553 S uwait 0xfffffe00792b1c80 syz-executor 1591 763 763 0 R (threaded) syz-executor 101431 RunQ syz-executor 101547 Run CPU 1 syz-executor 101556 Run CPU 0 syz-executor 1589 1 763 0 S uwait 0xfffffe0078d97980 syz-executor 1587 1 763 0 S uwait 0xfffffe0058307980 syz-executor 1571 1 765 0 S uwait 0xfffffe0078d97b80 syz-executor 1570 1 765 0 S uwait 0xfffffe005858ca00 syz-executor 1567 1 763 0 S uwait 0xfffffe0078599880 syz-executor 1549 1 763 0 SV uwait 0xfffffe0078d98580 syz-executor 1547 1 764 0 S uwait 0xfffffe0078598880 syz-executor 1540 1 765 0 S uwait 0xfffffe0078d97280 syz-executor 1527 1 766 0 SV uwait 0xfffffe0058307480 syz-executor 1521 1 764 0 S uwait 0xfffffe0078d97a80 syz-executor 1519 1 764 0 S uwait 0xfffffe0078d97080 syz-executor 1511 1 764 0 S uwait 0xfffffe0078d99280 syz-executor 1509 1 765 0 S uwait 0xfffffe0078598380 syz-executor 1503 1 766 -1 S uwait 0xfffffe0078d9a280 syz-executor 1496 1 764 0 S uwait 0xfffffe0078597a00 syz-executor 1492 1 766 0 S uwait 0xfffffe0078598080 syz-executor 1480 1 766 0 S uwait 0xfffffe0078d98b00 syz-executor 1479 1 766 0 S uwait 0xfffffe0078d97880 syz-executor 1475 1 766 0 S uwait 0xfffffe0078597e00 syz-executor 1473 1 766 0 S uwait 0xfffffe0078599d00 syz-executor 1461 1 765 0 S uwait 0xfffffe0078597c00 syz-executor 1460 1 765 0 S uwait 0xfffffe0078d97c80 syz-executor 1455 1 766 0 S uwait 0xfffffe0078d99c00 syz-executor 1442 1 763 0 S uwait 0xfffffe0078046780 syz-executor 1435 1 763 60928 S uwait 0xfffffe0078d9a180 syz-executor 1432 1 765 0 S uwait 0xfffffe0078d98480 syz-executor 1426 1 763 0 S uwait 0xfffffe0078d97e00 syz-executor 1421 1 764 0 T uwait 0xfffffe0078d98280 syz-executor 1404 1 765 0 SV uwait 0xfffffe0078046e00 syz-executor 1399 1 765 0 S uwait 0xfffffe0078d99380 syz-executor 1398 1 765 0 S uwait 0xfffffe0078597b00 syz-executor 1396 1 765 0 S uwait 0xfffffe0078598300 syz-executor 1390 1 766 0 SV uwait 0xfffffe0078d9a480 syz-executor 1386 1 764 0 S uwait 0xfffffe0078d99500 syz-executor 1385 1 766 -1 S uwait 0xfffffe0078d99a00 syz-executor 1376 1 766 0 S uwait 0xfffffe0078d98800 syz-executor 1372 1 766 0 S uwait 0xfffffe0078d98180 syz-executor 1363 1 763 0 S uwait 0xfffffe0058307a80 syz-executor 1362 1 763 0 S uwait 0xfffffe0078d99480 syz-executor 1359 1 766 0 S uwait 0xfffffe0058306600 syz-executor 1358 1 763 0 S uwait 0xfffffe0058307380 syz-executor 1345 1 765 0 T syz-executor 1337 1 766 60928 S uwait 0xfffffe0058306800 syz-executor 1320 1 765 0 S uwait 0xfffffe0078598480 syz-executor 1313 1 765 0 S uwait 0xfffffe0058307c80 syz-executor 1312 1 765 0 S uwait 0xfffffe0078d99900 syz-executor 1305 1 763 0 S uwait 0xfffffe0078d99600 syz-executor 1300 1 766 0 S uwait 0xfffffe0078d98a00 syz-executor 1296 1 765 0 S uwait 0xfffffe0078d97f00 syz-executor 1288 1 764 0 SV uwait 0xfffffe0078d99180 syz-executor 1286 1 763 0 S uwait 0xfffffe0078d98700 syz-executor 1285 1 763 0 S uwait 0xfffffe0078046380 syz-executor 1280 1 764 0 S uwait 0xfffffe0078d98c00 syz-executor 1268 1 764 0 S uwait 0xfffffe0058307280 syz-executor 1257 1 763 0 S uwait 0xfffffe005858b880 syz-executor 1254 1253 766 0 S uwait 0xfffffe005858a280 syz-executor 1253 1 766 0 SV uwait 0xfffffe0078d99080 syz-executor 1249 1 765 0 SV uwait 0xfffffe0078598680 syz-executor 1248 1 765 0 S uwait 0xfffffe0078d98e00 syz-executor 1242 1 763 0 S uwait 0xfffffe0078d98d00 syz-executor 1240 1 763 0 S uwait 0xfffffe0058307180 syz-executor 1238 1 764 0 S uwait 0xfffffe0078d98f00 syz-executor 1232 1 766 0 S uwait 0xfffffe0078598780 syz-executor 1227 1 765 0 S uwait 0xfffffe005858ab00 syz-executor 1223 1 765 0 S uwait 0xfffffe0078599400 syz-executor 1219 1 763 0 S uwait 0xfffffe0078d9a380 syz-executor 1213 1 765 0 S uwait 0xfffffe0078598980 syz-executor 1212 1 764 0 S uwait 0xfffffe005858c500 syz-executor 1211 1 766 0 SV uwait 0xfffffe0078d99d00 syz-executor 1209 1 765 0 T uwait 0xfffffe005858c700 syz-executor 1206 1 764 0 S uwait 0xfffffe0078d99800 syz-executor 1199 1 765 0 S uwait 0xfffffe0078046c00 syz-executor 1195 1 766 0 S uwait 0xfffffe0078d99b00 syz-executor 1192 1 765 0 S uwait 0xfffffe0058306000 syz-executor 1190 1 763 0 S uwait 0xfffffe0078046080 syz-executor 1178 1 766 0 S uwait 0xfffffe005858c800 syz-executor 1169 1 764 0 S uwait 0xfffffe0078d9a080 syz-executor 1154 1 763 0 S uwait 0xfffffe0058589380 syz-executor 1151 1 765 -1 S uwait 0xfffffe0078048280 syz-executor 1147 1 765 0 S uwait 0xfffffe0078048d80 syz-executor 1141 1 764 60928 S uwait 0xfffffe0078046180 syz-executor 1121 1 764 -1 S uwait 0xfffffe0078046980 syz-executor 1119 1 763 60928 S uwait 0xfffffe0078598b00 syz-executor 1106 1 765 0 S uwait 0xfffffe0078d99700 syz-executor 1090 1 766 0 S uwait 0xfffffe0078599200 syz-executor 1078 1 765 0 S uwait 0xfffffe0078046480 syz-executor 1063 1 766 0 S uwait 0xfffffe0078d9a580 syz-executor 1051 1 764 0 S uwait 0xfffffe005858cf00 syz-executor 1050 1 764 0 S uwait 0xfffffe0078d99f00 syz-executor 1049 1 764 0 S umtxn 0xfffffe0078d99e00 syz-executor 1048 1 764 0 S uwait 0xfffffe0078046b00 syz-executor 1044 1 764 0 S uwait 0xfffffe005858c600 syz-executor 1029 1 763 0 S uwait 0xfffffe0078048500 syz-executor 1028 1 764 0 S uwait 0xfffffe0078598e80 syz-executor 1024 1 765 0 S uwait 0xfffffe005858cd00 syz-executor 1022 1020 766 0 S uwait 0xfffffe005858cc00 syz-executor 1020 1 766 0 SV wait 0xfffffe0058774000 syz-executor 1014 1 766 60928 S uwait 0xfffffe00084f7600 syz-executor 1007 1 765 0 S uwait 0xfffffe0058589900 syz-executor 1006 1 766 0 S uwait 0xfffffe0078048400 syz-executor 991 1 763 0 SV sigwait 0xfffffe0058786610 syz-executor 990 1 763 0 S uwait 0xfffffe00084f7700 syz-executor 985 1 985 0 SV uwait 0xfffffe0078046d00 syz-executor 984 1 983 0 S uwait 0xfffffe00084f7c00 syz-executor 981 1 766 0 S uwait 0xfffffe0078046680 syz-executor 977 1 766 0 S uwait 0xfffffe005858ce00 syz-executor 973 1 763 60929 S uwait 0xfffffe00084f7100 syz-executor 971 1 766 0 S uwait 0xfffffe0078046580 syz-executor 969 1 766 0 S uwait 0xfffffe0058308c80 syz-executor 959 1 764 0 S uwait 0xfffffe0078048080 syz-executor 956 1 765 0 S uwait 0xfffffe0078046f00 syz-executor 952 1 766 0 S uwait 0xfffffe0078046880 syz-executor 944 1 763 0 S uwait 0xfffffe0078599000 syz-executor 941 1 763 0 S uwait 0xfffffe00084f7500 syz-executor 937 1 766 0 SV uwait 0xfffffe0078048180 syz-executor 935 1 763 0 S uwait 0xfffffe0078598d80 syz-executor 919 0 0 0 DL (threaded) [so_splice] 100257 D - 0xfffffe0054232b00 [thr_0] 100345 D - 0xfffffe0054232b40 [thr_1] 914 1 766 0 S uwait 0xfffffe0078048380 syz-executor 913 1 766 0 S uwait 0xfffffe00084f7d00 syz-executor 911 1 766 0 S uwait 0xfffffe00084f7b00 syz-executor 908 1 766 0 S uwait 0xfffffe0058305a80 syz-executor 885 1 763 0 S uwait 0xfffffe0058306900 syz-executor 883 1 764 0 SV uwait 0xfffffe005858ba00 syz-executor 876 1 763 0 S uwait 0xfffffe0058308f00 syz-executor 869 1 765 0 S uwait 0xfffffe00084f7400 syz-executor 868 0 0 0 DL (threaded) [KTLS] 100255 D - 0xfffffe006e981900 [thr_0] 100269 D - 0xfffffe006e981980 [thr_1] 100270 D - 0xffffffff83cd0a28 [reclaim_0] 859 1 763 0 S uwait 0xfffffe0078048c80 syz-executor 858 1 763 0 S uwait 0xfffffe005858a600 syz-executor 855 1 765 0 S uwait 0xfffffe005858a300 syz-executor 854 1 765 0 S uwait 0xfffffe0058306700 syz-executor 845 1 764 0 S uwait 0xfffffe0058589800 syz-executor 843 1 765 0 S uwait 0xfffffe0058305880 syz-executor 840 1 765 0 S uwait 0xfffffe0078048b80 syz-executor 838 1 764 0 S uwait 0xfffffe0058306500 syz-executor 836 1 765 0 S uwait 0xfffffe0058305980 syz-executor 825 0 0 0 DL aiordy 0xfffffe00586f3568 [aiod4] 824 0 0 0 DL aiordy 0xfffffe00586f4018 [aiod3] 823 0 0 0 DL aiordy 0xfffffe00586f3010 [aiod2] 822 0 0 0 DL aiordy 0xfffffe00586a7018 [aiod1] 819 806 819 0 Ss select 0xfffffe0054232ac0 dhclient 813 1 764 0 S uwait 0xfffffe0058589c00 syz-executor 806 1 423 65 S select 0xfffffe0054232bc0 dhclient 796 1 763 0 S uwait 0xfffffe0058306b00 syz-executor 766 762 766 0 R syz-executor 765 762 765 0 S nanslp 0xffffffff83baf000 syz-executor 764 762 764 0 R syz-executor 763 762 763 0 S nanslp 0xffffffff83baf000 syz-executor 762 1 760 0 S select 0xfffffe00077880c0 syz-executor 747 1 747 0 Ts+ getty 746 1 746 0 Ts+ getty 745 1 745 0 Ts+ getty 744 1 744 0 Ts+ getty 743 1 743 0 Ts+ getty 742 1 742 0 Ts+ getty 741 1 741 0 Ts+ getty 740 1 740 0 Ts+ getty 739 1 739 0 Ts+ getty 16 0 0 0 DL syncer 0xffffffff83cdcc20 [syncer] 15 0 0 0 DL vlruwt 0xfffffe000780a018 [vnlru] 14 0 0 0 DL (threaded) [bufdaemon] 100079 D psleep 0xffffffff83cdb160 [bufdaemon] 100080 D - 0xffffffff83001ec0 [bufspacedaemon-0] 100094 D sdflush 0xfffffe005808a0e8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d1c040 [vmdaemon] 8 0 0 0 RL (threaded) [pagedaemon] 100077 RunQ [dom0] 100081 D launds 0xffffffff83d02114 [laundry: dom0] 100082 D umarcl 0xffffffff81e2b7d0 [uma] 7 0 0 0 DL - 0xffffffff839275b0 [rand_harvestq] 6 0 0 0 RL [pf purge] 5 0 0 0 DL waiting 0xffffffff8475e700 [sctp_iterator] 4 0 0 0 DL (threaded) [cam] 100045 D - 0xffffffff838f1340 [doneq0] 100046 D - 0xffffffff838f12c0 [async] 100075 D - 0xffffffff838f1140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100042 D crypto_ 0xffffffff83cfd9e0 [crypto] 100043 D crypto_ 0xfffffe0007b17030 [crypto returns 0] 100044 D crypto_ 0xfffffe0007b17080 [crypto returns 1] 13 0 0 0 DL (threaded) [geom] 100037 D - 0xffffffff83b57600 [g_event] 100038 D - 0xffffffff83b57620 [g_up] 100039 D - 0xffffffff83b57640 [g_down] 2 0 0 0 WL (threaded) [clock] 100031 I [clock (0)] 100032 I [clock (1)] 12 0 0 0 RL (threaded) [intr] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 I [swi1: netisr 0] 100034 RunQ [swi1: hpts] 100035 I [swi1: hpts] 100047 I [irq24: virtio_pci0] 100048 I [irq25: virtio_pci0] 100049 I [irq26: virtio_pci0] 100050 I [irq27: virtio_pci0] 100051 I [irq28: virtio_pci1] 100052 I [irq29: virtio_pci1] 100053 I [irq30: virtio_pci1] 100054 I [irq31: virtio_pci1] 100055 I [irq32: virtio_pci1] 100060 I [irq10: virtio_pci2] 100062 I [irq1: atkbd0] 100063 I [irq12: psm0] 100064 I [swi0: uart uart++] 100068 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0007809010 [init] 10 0 0 0 DL audit_w 0xffffffff83cfe480 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D parked 0xffffffff84c52ff0 [swapper] 100005 D - 0xfffffe00077f7a00 [softirq_0] 100006 D - 0xfffffe00077f7800 [softirq_1] 100007 D - 0xfffffe00077f7600 [if_io_tqg_0] 100008 D - 0xfffffe00077f7400 [if_io_tqg_1] 100009 D - 0xfffffe00077f7200 [if_config_tqg_0] 100010 D - 0xfffffe00077f7000 [kqueue_ctx taskq] 100011 D - 0xfffffe00077f6d00 [jail_remove taskq] 100012 D - 0xfffffe00077f6b00 [bus taskq] 100015 D - 0xfffffe00077f6500 [thread taskq] 100017 D - 0xfffffe00077f6100 [aiod_kick taskq] 100018 D - 0xfffffe00077f5e00 [deferred_unmount ta] 100019 D - 0xfffffe00077f5c00 [inm_free taskq] 100020 D - 0xfffffe00077f5a00 [in6m_free taskq] 100021 D - 0xfffffe00077f5800 [linuxkpi_irq_wq] 100022 D - 0xfffffe00077f5600 [linuxkpi_short_wq_0] 100023 D - 0xfffffe00077f5600 [linuxkpi_short_wq_1] 100024 D - 0xfffffe00077f5600 [linuxkpi_short_wq_2] 100025 D - 0xfffffe00077f5600 [linuxkpi_short_wq_3] 100026 D - 0xfffffe00077f5100 [linuxkpi_long_wq_0] 100027 D - 0xfffffe00077f5100 [linuxkpi_long_wq_1] 100028 D - 0xfffffe00077f5100 [linuxkpi_long_wq_2] 100029 D - 0xfffffe00077f5100 [linuxkpi_long_wq_3] 100036 D - 0xfffffe00077f4400 [firmware taskq] 100040 D - 0xfffffe0007bcc100 [crypto_0] 100041 D - 0xfffffe0007bcc100 [crypto_1] 100056 D - 0xfffffe00077f8200 [vtnet0 rxq 0] 100057 D - 0xfffffe00541f1500 [vtnet0 txq 0] 100058 D - 0xfffffe00541f1400 [vtnet0 rxq 1] 100059 D - 0xfffffe00541f1300 [vtnet0 txq 1] 100061 D vtbslp 0xfffffe00580bb200 [virtio_balloon] 100065 D - 0xffffffff8282b280 [deadlkres] 100069 D - 0xfffffe0058590000 [acpi_task_0] 100070 D - 0xfffffe0058590000 [acpi_task_1] 100071 D - 0xfffffe0058590000 [acpi_task_2] 100073 D - 0xfffffe00077f8100 [mca taskq] 100074 D - 0xfffffe0007bcb900 [CAM taskq] 100076 D - 0xfffffe0007bcc500 [ipsec_offload] 100155 D - 0xfffffe005974ba00 [system_taskq_0] 100156 D - 0xfffffe005974ba00 [system_taskq_1] 100157 D - 0xfffffe006e983a00 [system_delay_taskq_] 100158 D - 0xfffffe006e983a00 [system_delay_taskq_] 100159 D - 0xfffffe005974e300 [zvol_tq-0_0] 100160 D - 0xfffffe005974e300 [zvol_tq-0_1] 100161 D - 0xfffffe005974e300 [zvol_tq-0_2] 100162 D - 0xfffffe005974e300 [zvol_tq-0_3] 100163 D - 0xfffffe005974e300 [zvol_tq-0_4] 100164 D - 0xfffffe005974e300 [zvol_tq-0_5] 100165 D - 0xfffffe005974e300 [zvol_tq-0_6] 100166 D - 0xfffffe005974e300 [zvol_tq-0_7] 100167 D - 0xfffffe005974e300 [zvol_tq-0_8] 100168 D - 0xfffffe005974e300 [zvol_tq-0_9] 100169 D - 0xfffffe005974e300 [zvol_tq-0_10] 100170 D - 0xfffffe005974e300 [zvol_tq-0_11] 100171 D - 0xfffffe005974e300 [zvol_tq-0_12] 100172 D - 0xfffffe005974e300 [zvol_tq-0_13] 100173 D - 0xfffffe005974e300 [zvol_tq-0_14] 100174 D - 0xfffffe005974e300 [zvol_tq-0_15] 100175 D - 0xfffffe005974e300 [zvol_tq-0_16] 100176 D - 0xfffffe005974e300 [zvol_tq-0_17] 100177 D - 0xfffffe005974e300 [zvol_tq-0_18] 100178 D - 0xfffffe005974e300 [zvol_tq-0_19] 100179 D - 0xfffffe005974e300 [zvol_tq-0_20] 100180 D - 0xfffffe005974e300 [zvol_tq-0_21] 100181 D - 0xfffffe005974e300 [zvol_tq-0_22] 100182 D - 0xfffffe005974e300 [zvol_tq-0_23] 100183 D - 0xfffffe005974e300 [zvol_tq-0_24] 100184 D - 0xfffffe005974e300 [zvol_tq-0_25] 100185 D - 0xfffffe005974e300 [zvol_tq-0_26] 100186 D - 0xfffffe005974e300 [zvol_tq-0_27] 100187 D - 0xfffffe005974e300 [zvol_tq-0_28] 100188 D - 0xfffffe005974e300 [zvol_tq-0_29] 100189 D - 0xfffffe005974e300 [zvol_tq-0_30] 100190 D - 0xfffffe005974e300 [zvol_tq-0_31] 100192 D - 0xfffffe00541f1600 [arc_prune] 100193 D - 0xfffffe00782d5c00 [arc_flush_0] 100194 D - 0xfffffe00782d5c00 [arc_flush_1] 100206 D - 0xfffffe005974e000 [dbu_evict] 100212 D - 0xfffffe006e983300 [z_vdev_file_0] 100213 D - 0xfffffe006e983300 [z_vdev_file_1] 100214 D - 0xfffffe006e983300 [z_vdev_file_2] 100215 D - 0xfffffe006e983300 [z_vdev_file_3] 100216 D - 0xfffffe006e983300 [z_vdev_file_4] 100217 D - 0xfffffe006e983300 [z_vdev_file_5] 100218 D - 0xfffffe006e983300 [z_vdev_file_6] 100219 D - 0xfffffe006e983300 [z_vdev_file_7] 100220 D - 0xfffffe006e983300 [z_vdev_file_8] 100221 D - 0xfffffe006e983300 [z_vdev_file_9] 100222 D - 0xfffffe006e983300 [z_vdev_file_10] 100223 D - 0xfffffe006e983300 [z_vdev_file_11] 100224 D - 0xfffffe006e983300 [z_vdev_file_12] 100225 D - 0xfffffe006e983300 [z_vdev_file_13] 100226 D - 0xfffffe006e983300 [z_vdev_file_14] 100227 D - 0xfffffe006e983300 [z_vdev_file_15] 100241 D - 0xfffffe00782d4e00 [zfsvfs] 100714 D - 0xfffffe00782d2d00 [netlink_socket (PID] 101205 D - 0xfffffe007914d800 [netlink_socket (PID] 101208 D - 0xfffffe007914d600 [netlink_socket (PID] db> show all locks Process 1591 (syz-executor) thread 0xfffffe0079401780 (101547) shared sx vm map (user) (vm map (user)) r = 0 (0xfffffe00587f1bc8) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_map.c:4998 Process 1591 (syz-executor) thread 0xfffffe0079412000 (101556) exclusive rw vmobject (vmobject) r = 0 (0xfffffe007941c5d0) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_object.c:1323 shared sx vm map (user) (vm map (user)) r = 0 (0xfffffe00587f1bc8) locked @ /syzkaller/managers/main/kernel/sys/vm/vm_map.c:3059 db> show malloc Type InUse MemUse Requests linker 433 12877K 824 pf_hash 6 12804K 6 tcp_hpts 8 4865K 8 devbuf 4187 4324K 4213 solaris 112 3065K 203 sysctloid 44955 2641K 45067 filedesc 269 2153K 1592 vtbuf 24 1968K 46 kobj 331 1324K 495 newblk 50 1037K 6227 vfscache 3 1025K 3 subproc 380 795K 1821 pcb 93 727K 1034 inodedep 33 524K 1506 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 472K 4 vmem 5 276K 9 vnet_data 2 224K 2 acpitask 1 224K 1 KTRACE 101 201K 375265 acpica 1674 184K 54444 tidhash 3 141K 3 pagedep 14 132K 800 tfo_ccache 1 128K 1 IP reass 1 128K 1 DEVFS1 107 107K 124 sem 4 106K 4 gtaskqueue 18 98K 18 kdtrace 498 91K 3164 LRO 22 85K 22 umtx 672 84K 672 bus 1000 82K 5086 mtx_pool 3 74K 3 syncache 1 68K 1 NFSD srvcache 3 68K 3 module 528 66K 531 ddb_capture 1 64K 1 shm 4 38K 15 hostcache 1 32K 1 DEVFS3 126 32K 136 msg 4 30K 4 kbdmux 6 28K 6 temp 32 21K 2800 DEVFS_RULE 56 20K 56 cred 52 20K 370 kstat_data 19 19K 19 ifaddr 67 19K 69 routetbl 148 19K 458 BPF 15 19K 26 shmfd 22 18K 115 ufs_mount 4 17K 5 proc 3 17K 3 tty 16 16K 16 lltable 49 16K 55 ithread 90 15K 90 kqueue 196 15K 2884 bus-sc 34 15K 1657 eventhandler 165 14K 165 ether_multi 169 14K 216 mount 217 14K 1764 ifnet 7 13K 7 kenv 95 12K 95 pwddesc 179 12K 1783 taskqueue 102 11K 171 sctp_atcl 27 11K 385 GEOM 49 11K 435 CAM queue 5 11K 1528 crypto 21 10K 139 rman 82 10K 437 plimit 25 10K 432 ksem 4 10K 7 rpc 8 9K 8 in6_multi 66 9K 66 bmsafemap 2 9K 1364 devstat 4 9K 4 UART 12 9K 12 pfs_vncache 1 8K 1 freework 32 8K 1791 audit_evclass 240 8K 306 UMA 341 7K 341 sglist 6 7K 6 CAM DEV 3 6K 510 pfs_nodes 22 6K 22 CC Mem 41 5K 677 ufs_dirhash 24 5K 42 dirrem 18 5K 1235 pf_ifnet 10 5K 19 tcp_fsb_rack 2 5K 14 vt 11 5K 11 memdesc 1 4K 1 MCA 32 4K 32 evdev 4 4K 4 proc-args 191 4K 2653 DEVFSP 60 4K 320 acpisem 28 4K 28 lockf 28 4K 396 inpcbpolicy 94 3K 1485 terminal 11 3K 11 uidinfo 6 3K 18 acpidev 20 3K 20 hhook 8 3K 10 osd 103 3K 755 in_multi 9 3K 19 clone 9 3K 9 kcovinfo 36 3K 36 netlink 2 3K 98 sctp_timw 8 2K 8 sctp_stro 2 2K 12 local_apic 1 2K 1 io_apic 1 2K 1 indirdep 8 2K 911 ipsec-saq 2 2K 2 cryptodev 27 2K 603 freefile 15 2K 1011 ip6ndp 12 2K 13 session 14 2K 45 Unitno 28 2K 83 sctp_ifa 13 2K 14 CAM XPT 22 2K 543 freeblks 6 2K 858 tun 4 2K 4 vnodemarker 3 2K 129 toponodes 6 2K 6 ipsecpolicy 2 2K 2 selfd 22 2K 142676 msi 9 2K 9 ip6opt 7 2K 40 softdep 1 1K 1 newdirblk 8 1K 730 mkdir 8 1K 1460 sahead 1 1K 1 secasvar 1 1K 1 nhops 6 1K 8 NFSD session 1 1K 1 sctp_atky 29 1K 400 frag6 10 1K 78 inotify 8 1K 65 CAM periph 4 1K 271 ipsec 3 1K 3 sctp_ifn 6 1K 14 mld 6 1K 6 igmp 6 1K 6 pfil 6 1K 6 VN POLL 6 1K 26 isadev 6 1K 6 pci_link 10 1K 10 encap_export_host 12 1K 12 diradd 4 1K 1251 ip6_msource 8 1K 25 cdev 2 1K 2 lkpikmalloc 8 1K 9 ip_msource 7 1K 53 ip_moptions 7 1K 47 sctp_athm 27 1K 386 in_mfilter 8 1K 95 counter_rate 13 1K 13 chacha20random 1 1K 1 biobuf 1 1K 1 select 3 1K 105 ktls 5 1K 58 loginclass 5 1K 7 tcp_pcm_rack 1 1K 7 ktls_ocf 2 1K 9 vnodes 1 1K 18 filedesc_to_leader 4 1K 14 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 10 CAM SIM 2 1K 2 prison 8 1K 8 feeder 7 1K 7 taskq 2 1K 2 in6_mfilter 3 1K 55 tcpfunc 3 1K 3 nexusdev 8 1K 8 apmdev 1 1K 1 atkbddev 2 1K 2 aio 4 1K 75 eventfd 1 1K 5 pmchooks 1 1K 1 CAM path 4 1K 1034 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 fadvise 3 1K 11 sctp_vrf 1 1K 1 sctp_map 4 1K 24 ip6_moptions 2 1K 35 vnet 1 1K 1 pmc 1 1K 1 sigio 1 1K 4 entropy 2 1K 33 acpiintr 1 1K 1 cpus 2 1K 2 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 soname 1 1K 4140 p1003.1b 1 1K 1 filecaps 1 1K 78 ext2_mount 0 0K 0 ext2_node 0 0K 0 ext2_extents 0 0K 0 sfs_nodes 0 0K 0 zones_data 0 0K 0 ipcomp 0 0K 0 esp 0 0K 0 ah 0 0K 0 tcp_do_rack 0 0K 0 mqdata 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 129 sctp_iter 0 0K 12 sctp_mvrf 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_a_it 0 0K 12 sctp_aadr 0 0K 0 sctp_stri 0 0K 2 filemon 0 0K 2 pf_table 0 0K 0 pf 0 0K 0 pf_rule 0 0K 0 pf_altq 0 0K 0 pf_osfp 0 0K 0 pf_krule_item 0 0K 0 pf_temp 0 0K 0 madt_table 0 0K 2 smartpqi 0 0K 0 ixl 0 0K 0 ice-resmgr 0 0K 0 ice-osdep 0 0K 0 ice 0 0K 0 iavf 0 0K 0 axgbe 0 0K 0 fpukern_ctx 0 0K 0 xen_intr 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 NMI handlers 0 0K 0 bounce 0 0K 0 busdma 0 0K 0 qpidrv 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 amdiommu_dom 0 0K 0 amdiommu_ctx 0 0K 0 isci 0 0K 0 iommu_dmamap 0 0K 0 hyperv_socket 0 0K 0 bxe_ilt 0 0K 0 aesni_data 0 0K 5 xenbus 0 0K 0 vm_fictitious 0 0K 0 UMAHash 0 0K 0 vm_pgdata 0 0K 0 jblocks 0 0K 0 savedino 0 0K 939 sentinel 0 0K 0 jfsync 0 0K 0 jtrunc 0 0K 0 sbdep 0 0K 64 jsegdep 0 0K 0 jseg 0 0K 0 jfreefrag 0 0K 0 jfreeblk 0 0K 0 jnewblk 0 0K 0 jmvref 0 0K 0 jremref 0 0K 0 jaddref 0 0K 0 freedep 0 0K 0 freefrag 0 0K 389 allocindir 0 0K 0 allocdirect 0 0K 0 ufs_trim 0 0K 0 mactemp 0 0K 0 audit_trigger 0 0K 0 audit_pipe_presel 0 0K 0 audit_pipeent 0 0K 0 audit_pipe 0 0K 0 audit_evname 0 0K 0 audit_bsm 0 0K 0 audit_gidset 0 0K 0 audit_text 0 0K 0 audit_path 0 0K 0 audit_data 0 0K 0 audit_cred 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5E_TLS_RX 0 0K 0 MLX5EEPROM 0 0K 0 MLX5E_TLS 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EN 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5DUMP 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 simple_attr 0 0K 0 seq_file 0 0K 0 lkpiskb 0 0K 0 radix 0 0K 0 idr 0 0K 0 lkpindev 0 0K 0 lkpimhi 0 0K 0 lkpifw 0 0K 0 lkpi80211 0 0K 0 NLM 0 0K 0 ipsec-spdcache 0 0K 0 ipsec-reg 0 0K 0 ipsec-misc 0 0K 0 ipsecrequest 0 0K 0 tcplog 0 0K 0 tcp_hwpace 0 0K 0 ipid 0 0K 0 80211scan 0 0K 0 80211ratectl 0 0K 0 80211power 0 0K 0 80211nodeie 0 0K 0 80211node 0 0K 0 80211mesh_gt 0 0K 0 80211mesh_rt 0 0K 0 80211perr 0 0K 0 80211prep 0 0K 0 80211preq 0 0K 0 80211dfs 0 0K 0 80211crypto 0 0K 0 80211vap 0 0K 0 iflib 0 0K 0 vlan 0 0K 0 gif 0 0K 0 ifdescr 0 0K 0 zlib 0 0K 25 statfs 0 0K 212 namei_tracker 0 0K 7 export_host 0 0K 0 cl_savebuf 0 0K 202 lio 0 0K 28 acl 0 0K 0 mbuf_tag 0 0K 0 accf 0 0K 0 pts 0 0K 0 timerfd 0 0K 0 procdesc 0 0K 8 iov 0 0K 19265 ioctlops 0 0K 442 Witness 0 0K 0 stack 0 0K 0 sbuf 0 0K 264 firmware 0 0K 0 compressor 0 0K 0 SWAP 0 0K 0 sysctltmp 0 0K 654 sysctl 0 0K 3 ekcd 0 0K 0 dumper 0 0K 0 sendfile 0 0K 271 rctl 0 0K 0 cache 0 0K 0 kexec 0 0K 0 jaildesc 0 0K 0 prison_racct 0 0K 0 Fail Points 0 0K 0 pwd 0 0K 0 tty console 0 0K 0 boottrace 0 0K 0 isofs_node 0 0K 0 isofs_mount 0 0K 0 tr_raid5_data 0 0K 0 tr_raid1e_data 0 0K 0 tr_raid1_data 0 0K 0 tr_raid0_data 0 0K 0 tr_concat_data 0 0K 0 md_sii_data 0 0K 0 md_promise_data 0 0K 0 md_nvidia_data 0 0K 0 md_jmicron_data 0 0K 0 md_intel_data 0 0K 0 md_ddf_data 0 0K 0 raid_data 0 0K 72 geom_flashmap 0 0K 0 tmpfs dir 0 0K 0 tmpfs name 0 0K 0 tmpfs mount 0 0K 0 tmpfs extattr 0 0K 0 NFS FHA 0 0K 0 newnfsmnt 0 0K 0 newnfsclient_req 0 0K 0 NFSCL layrecall 0 0K 0 NFSCL session 0 0K 0 NFSCL sockreq 0 0K 0 NFSCL devinfo 0 0K 0 NFSCL flayout 0 0K 0 NFSCL layout 0 0K 0 NFSD rollback 0 0K 0 NFSCL diroff 0 0K 0 NEWNFSnode 0 0K 0 NFSCL lck 0 0K 0 NFSCL lckown 0 0K 0 NFSCL client 0 0K 0 NFSCL deleg 0 0K 0 NFSCL open 0 0K 0 NFSCL owner 0 0K 0 NFS fh 0 0K 0 NFS req 0 0K 0 NFSD usrgroup 0 0K 0 NFSD string 0 0K 0 NFSD V4lock 0 0K 0 NFSD V4state 0 0K 0 msdosfs_fat 0 0K 0 msdosfs_mount 0 0K 0 msdosfs_node 0 0K 0 DEVFS4 0 0K 0 DEVFS2 0 0K 0 gntdev 0 0K 0 privcmd_dev 0 0K 0 evtchn_dev 0 0K 0 xenstore 0 0K 0 xnb 0 0K 0 xen_acpi 0 0K 0 xbbd 0 0K 0 xbd 0 0K 0 Balloon 0 0K 0 sysmouse 0 0K 0 vtfont 0 0K 0 pvscsi 0 0K 0 USBdev 0 0K 0 USB 0 0K 0 ufshci 0 0K 0 twsbuf 0 0K 0 tcp_log_dev 0 0K 5 midi buffers 0 0K 0 mixer 0 0K 0 ac97 0 0K 0 hdacc 0 0K 0 hdac 0 0K 0 hdaa 0 0K 0 SIIS driver 0 0K 0 PUC 0 0K 0 ppbusdev 0 0K 0 sr_iov 0 0K 0 OCS 0 0K 0 OCS 0 0K 0 nvme 0 0K 0 nvd 0 0K 0 netmap 0 0K 0 mwldev 0 0K 0 MVS driver 0 0K 0 mpi3mrbuf 0 0K 0 mrsasbuf 0 0K 0 mpt_user 0 0K 0 mps_user 0 0K 0 MPSSAS 0 0K 0 mps 0 0K 0 mpr_user 0 0K 0 MPRSAS 0 0K 0 mpr 0 0K 0 mfibuf 0 0K 0 md_sectors 0 0K 0 md_disk 0 0K 0 malodev 0 0K 0 LED 0 0K 0 ix_sriov 0 0K 0 ix 0 0K 0 ipsbuf 0 0K 0 ciss_data 0 0K 0 BACKLIGHT 0 0K 0 ath_hal 0 0K 0 athdev 0 0K 0 ata_pci 0 0K 0 ata_dma 0 0K 0 ata_generic 0 0K 0 AHCI driver 0 0K 0 agp 0 0K 0 acpipwr 0 0K 0 acpi_perf 0 0K 0 acpicmbat 0 0K 0 aacraidcam 0 0K 0 aacraid_buf 0 0K 0 aaccam 0 0K 0 aacbuf 0 0K 0 zstd 0 0K 0 XZ_DEC 0 0K 0 nvlist 0 0K 0 SCSI ENC 0 0K 0 SCSI sa 0 0K 0 scsi_pass 0 0K 0 scsi_da 0 0K 70 ata_da 0 0K 0 scsi_ch 0 0K 0 scsi_cd 0 0K 0 nvme_da 0 0K 0 CAM CCB 0 0K 523 CAM ccb queue 0 0K 0 db> show uma Zone Size Used Free Requests Sleeps Bucket Total Mem XFree mbuf_jumbo_page 4096 8341 1819 35668 0 254 41615360 0 tcp_log 416 7081 5366 43834 0 254 5177952 0 mbuf 256 8964 1463 61231 0 254 2669312 0 malloc-16384 16384 137 3 795 0 1 2293760 0 malloc-4096 4096 513 3 2651 0 2 2113536 0 mbuf_cluster 2048 508 508 572 0 254 2080768 0 RADIX NODE 152 13359 182 60747 0 62 2058232 0 malloc-128 128 14977 151 15475 0 126 1936384 0 BUF TRIE 152 382 11422 4271 0 62 1794208 0 malloc-384 384 4166 34 4208 0 30 1612800 0 UMA Slabs 0 112 12383 31 12383 0 126 1390368 0 vmem btag 56 20456 103 20456 0 254 1151304 0 sctp_asoc 2256 2 508 12 0 254 1150560 0 malloc-65536 65536 14 2 20 0 1 1048576 0 FFS inode 1168 675 25 1717 0 8 817600 0 THREAD 1860 317 19 1556 0 8 624960 0 VM OBJECT 248 2304 176 22719 0 62 615040 0 sctp_ep 1152 25 486 372 0 254 588672 0 malloc-64 64 164 8782 143329 0 254 572544 0 socket 1024 155 353 3475 0 254 520192 0 lkpicurr 168 2 3094 2 0 62 520128 0 256 Bucket 2048 234 14 1691 0 8 507904 0 pbuf 2664 0 182 0 0 2 484848 0 MAP ENTRY 96 4695 345 81741 0 126 483840 0 malloc-2048 2048 127 89 604 0 8 442368 0 sctp_raddr 736 2 515 12 0 254 380512 0 malloc-64 64 5532 327 7308 0 254 374976 0 VNODE 440 712 98 1757 0 30 356400 0 malloc-16 16 18625 375 21757 0 254 304000 0 FPU_save_area 832 319 41 2189 0 16 299520 0 PROC 1368 179 19 1606 0 8 270864 0 zio_buf_comb_262144 262144 0 1 15 0 1 262144 0 malloc-65536 65536 2 2 13 0 1 262144 0 malloc-32 32 7334 352 8211 0 254 245952 0 UMA Zones 768 313 1 313 0 16 241152 0 malloc-32768 32768 2 5 37 0 1 229376 0 DEVCTL 1024 22 198 149 0 0 225280 0 filedesc0 1072 179 17 1783 0 8 210112 0 malloc-65536 65536 0 3 75 0 1 196608 0 malloc-65536 65536 1 2 121 0 1 196608 0 malloc-32768 32768 4 2 124 0 1 196608 0 malloc-32768 32768 0 6 644 0 1 196608 0 FFS2 dinode 256 675 75 1716 0 62 192000 0 malloc-128 128 1172 223 26009 0 126 178560 0 malloc-256 256 103 587 8189 0 62 176640 0 lkpimm 56 1 3095 1 0 254 173376 0 malloc-4096 4096 32 10 139 0 2 172032 0 tcp_inpcb 1304 44 85 673 0 8 168216 0 unpcb 320 31 485 1496 0 254 165120 0 malloc-1024 1024 129 15 173 0 16 147456 0 S VFS Cache 104 1057 347 2345 0 126 146016 0 malloc-256 256 475 95 4185 0 62 145920 0 malloc-384 384 309 51 968 0 30 138240 0 ertt_txseginfo 40 15 3318 11108 0 254 133320 0 zio_buf_comb_131072 131072 0 1 1 0 1 131072 0 malloc-65536 65536 2 0 2 0 1 131072 0 malloc-16384 16384 6 2 10 0 1 131072 0 mbuf_packet 256 58 450 2388 0 254 130048 0 ksiginfo 112 195 849 680 0 126 116928 0 UMA Kegs 384 299 4 299 0 30 116352 0 malloc-128 128 696 203 1074 0 126 115072 0 malloc-128 128 663 236 1446 0 126 115072 0 malloc-2048 2048 6 50 1097 0 8 114688 0 g_bio 440 0 243 22416 0 30 106920 0