Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x0 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80b0c758 stack pointer = 0x0:0xfffffe0057209070 frame pointer = 0x0:0xfffffe00572090b0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 1727 (syz-executor) rdi: 0000000000000000 rsi: 0000000000000b03 rdx: 0000000000000b02 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) rcx: fffffe0002bf1850 r8: 0000000000000000 r9: 0000000000000056 FreeBSD/amd64 (ci-freebsd-i386-4.us-central1-b.c.syzkaller.internal) (ttyu0) login: rax: fffffe0002bf1850 rbx: 0000000000000000 rbp: fffffe00572090b0 r10: e9a5a2114cd6ba47 r11: 0000000000000000 r12: fffffe0078789058 r13: fffffe0078789040 r14: 0000000000000000 r15: 0000000000000010 trap number = 12 panic: page fault cpuid = 0 time = 10 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0057208890 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe00572089f0 vpanic() at vpanic+0x257/frame 0xfffffe0057208bb0 panic() at panic+0xb5/frame 0xfffffe0057208c70 trap_pfault() at trap_pfault+0xaec/frame 0xfffffe0057208db0 trap() at trap+0x78e/frame 0xfffffe0057208fa0 calltrap() at calltrap+0x8/frame 0xfffffe0057208fa0 --- trap 0xc, rip = 0xffffffff80b0c758, rsp = 0xfffffe0057209070, rbp = 0xfffffe00572090b0 --- destroy_indir() at destroy_indir+0x48/frame 0xfffffe00572090b0 mddestroy() at mddestroy+0x358/frame 0xfffffe0057209190 mdctlioctl() at mdctlioctl+0x1680/frame 0xfffffe00572092f0 devfs_ioctl() at devfs_ioctl+0x266/frame 0xfffffe00572093e0 VOP_IOCTL_APV() at VOP_IOCTL_APV+0x87/frame 0xfffffe0057209410 vn_ioctl() at vn_ioctl+0x3c7/frame 0xfffffe0057209620 devfs_ioctl_f() at devfs_ioctl_f+0x69/frame 0xfffffe0057209670 kern_ioctl() at kern_ioctl+0x4ca/frame 0xfffffe0057209750 sys_ioctl() at sys_ioctl+0x36e/frame 0xfffffe00572098d0 freebsd32_ioctl() at freebsd32_ioctl+0x607/frame 0xfffffe0057209d10 ia32_syscall() at ia32_syscall+0x4d2/frame 0xfffffe0057209f30 int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0xdfffcf98 KDB: enter: panic [ thread pid 1727 tid 101506 ] Stopped at kdb_enter+0x6e: movq $0,0x25b9147(%rip) db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0 rax 0x12 rcx 0xfffffe0072e00000 rdx 0x7ffff rbx 0xffffffff827bcf60 .str.27 rsp 0xfffffe00572089d0 rbp 0xfffffe00572089f0 rsi 0x80001 rdi 0xffffffff8161a6c9 printf+0x149 r8 0 r9 0xffffffff r10 0 r11 0x17 r12 0xfffffe00541d6780 r13 0xfffffffffffffffe r14 0xffffffff827bcf60 .str.27 r15 0 rip 0xffffffff8160424e kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x25b9147(%rip) db> show proc Process 1727 (syz-executor) at 0xfffffe00541cf5a0: state: NORMAL uid: 0 gids: 0, 0, 5 parent: pid 768 at 0xfffffe0054007020 ABI: FreeBSD ELF32 flag: 0x10000080 flag2: 0 arguments: ./syz-executor exec reaper: 0xfffffe0007809040 reapsubtree: 1 sigparent: 20 vmspace: 0xfffffe00541e9db0 (map 0xfffffe00541e9db0) (map.pmap 0xfffffe00541e9e50) (pmap 0xfffffe00541e9ec0) threads: 3 101487 RunQ syz-executor 101506 Run CPU 0 syz-executor 101510 RunQ syz-executor db> ps pid ppid pgrp uid state wmesg wchan cmd 1727 768 768 0 R (threaded) syz-executor 101487 RunQ syz-executor 101506 Run CPU 0 syz-executor 101510 RunQ syz-executor 1726 1526 1526 0 R (threaded) syz-executor 101337 RunQ syz-executor 101505 RunQ syz-executor 101509 D ufs 0xfffffe007fccfc78 syz-executor 1699 0 0 0 DL mdwait 0xfffffe00787c4000 [md6] 1696 1 1526 0 S uwait 0xfffffe006df05900 syz-executor 1677 1 1526 0 S uwait 0xfffffe0078939d80 syz-executor 1673 1 1526 60929 S uwait 0xfffffe007d7a6300 syz-executor 1667 1 768 0 S uwait 0xfffffe007d7a6200 syz-executor 1661 1 768 0 S uwait 0xfffffe007d7a6700 syz-executor 1655 1 768 0 S uwait 0xfffffe006df05e00 syz-executor 1653 1 768 0 S uwait 0xfffffe0078207c00 syz-executor 1649 1 1526 0 S uwait 0xfffffe007d7a7180 syz-executor 1646 1 1526 0 S uwait 0xfffffe0058251d00 syz-executor 1643 1 1526 0 S uwait 0xfffffe0078207480 syz-executor 1630 1 768 60928 S uwait 0xfffffe007d7a7680 syz-executor 1615 1 768 60928 S uwait 0xfffffe007d7a6400 syz-executor 1605 1 1526 0 S uwait 0xfffffe007d7a7300 syz-executor 1587 1 768 0 S uwait 0xfffffe0078206800 syz-executor 1569 1 768 0 S uwait 0xfffffe006df03480 syz-executor 1562 1 768 0 S uwait 0xfffffe006df05e80 syz-executor 1557 1 1526 0 SV uwait 0xfffffe0078208100 syz-executor 1553 1 768 0 S uwait 0xfffffe007893a300 syz-executor 1526 1 1526 0 R syz-executor 1522 1 768 0 S uwait 0xfffffe0078207980 syz-executor 1514 1 1135 0 S uwait 0xfffffe006df05b00 syz-executor 1504 1 1135 0 S uwait 0xfffffe007893a400 syz-executor 1503 1 1135 0 S uwait 0xfffffe0078206300 syz-executor 1500 0 0 0 DL mdwait 0xfffffe00787be000 [md0] 1454 1 1135 0 S uwait 0xfffffe006df05c00 syz-executor 1452 1 1135 0 S uwait 0xfffffe0078209100 syz-executor 1446 1 1135 0 S uwait 0xfffffe005824e880 syz-executor 1440 1 768 0 S uwait 0xfffffe007d7a7780 syz-executor 1434 1 768 0 S uwait 0xfffffe006df05d00 syz-executor 1430 1 768 0 S uwait 0xfffffe0058251f00 syz-executor 1416 1 768 0 S uwait 0xfffffe006df05680 syz-executor 1408 1 1135 0 S uwait 0xfffffe007893a500 syz-executor 1395 1 768 0 S uwait 0xfffffe007893a000 syz-executor 1363 1 768 0 S uwait 0xfffffe007893a600 syz-executor 1351 1 1135 0 S uwait 0xfffffe0078206500 syz-executor 1340 1 768 0 S uwait 0xfffffe007893a800 syz-executor 1327 1 768 0 S uwait 0xfffffe0078208c00 syz-executor 1324 1 768 0 S uwait 0xfffffe0078206a80 syz-executor 1296 1 1135 0 S uwait 0xfffffe0078206c00 syz-executor 1283 1 1135 0 S uwait 0xfffffe006df05700 syz-executor 1273 1 768 0 S uwait 0xfffffe006df05800 syz-executor 1272 1 768 0 S uwait 0xfffffe005824e800 syz-executor 1267 1 1135 0 SV uwait 0xfffffe0078207380 syz-executor 1253 1 768 0 S uwait 0xfffffe0057d75d80 syz-executor 1240 1 768 0 S uwait 0xfffffe0078207280 syz-executor 1228 1 768 0 S uwait 0xfffffe0078206d00 syz-executor 1226 1 768 60928 S uwait 0xfffffe0078208d00 syz-executor 1222 1 768 0 S uwait 0xfffffe0058251800 syz-executor 1218 1 768 0 S uwait 0xfffffe0078206600 syz-executor 1216 1 768 0 S uwait 0xfffffe0078206e00 syz-executor 1214 1 768 0 S uwait 0xfffffe0078206f00 syz-executor 1211 1 1135 0 S uwait 0xfffffe0078207180 syz-executor 1209 1 1135 60928 S uwait 0xfffffe0078206400 syz-executor 1207 1 1135 0 S uwait 0xfffffe0078207080 syz-executor 1197 1 768 0 S uwait 0xfffffe0078207a00 syz-executor 1190 1 768 0 S uwait 0xfffffe006df03980 syz-executor 1170 0 0 0 DL mdwait 0xfffffe00787f6000 [md5] 1161 1 768 0 S uwait 0xfffffe0078206200 syz-executor 1160 1 768 0 S uwait 0xfffffe006df03280 syz-executor 1156 1 768 0 S uwait 0xfffffe00584eca00 syz-executor 1154 1 768 0 S uwait 0xfffffe0058251700 syz-executor 1153 1 768 0 S uwait 0xfffffe0078208200 syz-executor 1105 1 768 0 S uwait 0xfffffe0078208000 syz-executor 1098 1 768 0 S uwait 0xfffffe0058251500 syz-executor 1079 0 0 0 DL mdwait 0xfffffe007d6cc000 [md4] 1072 0 0 0 DL mdwait 0xfffffe007d624000 [md3] 1070 1 769 0 SV uwait 0xfffffe005824e980 syz-executor 1065 1 769 0 S uwait 0xfffffe0058251600 syz-executor 1059 0 0 0 DL mdwait 0xfffffe0078805000 [md2] 1058 0 0 0 DL mdwait 0xfffffe00787f5000 [md2147483646] 1053 1050 1050 0 D ifnet_d 0xffffffff83cbc780 ifconfig 1050 1 1050 0 S wait 0xfffffe0054007580 syz-executor 1045 0 0 0 DL - 0xffffffff83cae600 [soaiod4] 1044 0 0 0 DL - 0xffffffff83cae600 [soaiod3] 1043 0 0 0 DL - 0xffffffff83cae600 [soaiod2] 1042 0 0 0 DL - 0xffffffff83cae600 [soaiod1] 1041 1 767 0 S uwait 0xfffffe0058251e00 syz-executor 1037 1 769 0 S uwait 0xfffffe0078208400 syz-executor 1035 1 767 0 S uwait 0xfffffe0078208a00 syz-executor 1031 1 767 60928 S uwait 0xfffffe0078209200 syz-executor 1027 0 0 0 DL (threaded) [so_splice] 100534 D - 0xfffffe0078207a80 [thr_0] 100535 D - 0xfffffe0078207ac0 [thr_1] 1026 0 0 0 DL mdwait 0xfffffe007880d000 [md1] 1012 1010 1010 0 D tun_con 0xfffffe0058124528 ifconfig 1010 1 1010 0 S wait 0xfffffe00540e1560 syz-executor 1003 1 767 0 S uwait 0xfffffe00584ec280 syz-executor 978 1 768 0 S uwait 0xfffffe006df02f00 syz-executor 960 1 768 0 S uwait 0xfffffe00584ed180 syz-executor 952 1 769 0 S uwait 0xfffffe0078207e80 syz-executor 936 1 768 0 S uwait 0xfffffe00584eb280 syz-executor 935 1 767 60928 S uwait 0xfffffe0078208800 syz-executor 932 1 766 0 S uwait 0xfffffe00584eb380 syz-executor 921 1 768 60928 S uwait 0xfffffe006df04800 syz-executor 901 1 767 0 S uwait 0xfffffe00584ed480 syz-executor 881 1 767 0 S uwait 0xfffffe006df04100 syz-executor 879 1 767 0 S uwait 0xfffffe00584ed080 syz-executor 858 1 767 0 S uwait 0xfffffe005824f900 syz-executor 852 1 768 0 S uwait 0xfffffe006df04700 syz-executor 845 1 768 0 S uwait 0xfffffe00584ed380 syz-executor 842 1 768 0 S uwait 0xfffffe005824e680 syz-executor 837 0 0 0 DL mdwait 0xfffffe00083f7000 [md38403] 825 811 825 0 Ss select 0xfffffe00584ec9c0 dhclient 823 0 0 0 DL aiordy 0xfffffe00540c9ae0 [aiod4] 822 0 0 0 DL aiordy 0xfffffe00540e3b00 [aiod3] 821 0 0 0 DL aiordy 0xfffffe0054110b00 [aiod2] 818 0 0 0 DL aiordy 0xfffffe00540e35a0 [aiod1] 816 1 816 0 Ss select 0xfffffe00584ecac0 dhclient 814 1 766 0 S uwait 0xfffffe006df03a80 syz-executor 811 792 424 65 S select 0xfffffe006df042c0 dhclient 792 424 424 0 S wait 0xfffffe00540e4060 sh 768 1 768 0 R syz-executor 761 682 761 0 REs sshd 748 1 748 0 Ss+ ttyin 0xfffffe0058287cb0 getty 747 1 747 0 Ss+ ttyin 0xfffffe00582864b0 getty 746 1 746 0 Ss+ ttyin 0xfffffe00593f5cb0 getty 745 1 745 0 Ss+ ttyin 0xfffffe00593f60b0 getty 744 1 744 0 Ss+ ttyin 0xfffffe00582868b0 getty 743 1 743 0 Ss+ ttyin 0xfffffe0058286cb0 getty 742 1 742 0 Ss+ ttyin 0xfffffe00593f64b0 getty 741 1 741 0 Ss+ ttyin 0xfffffe00593f68b0 getty 740 1 740 0 Ss+ ttyin 0xfffffe00593f6cb0 getty 738 1 18 0 S+ piperd 0xfffffe006b44a2e0 logger 737 736 18 0 S+ nanslp 0xffffffff83b9e580 sleep 736 1 18 0 S+ wait 0xfffffe0007809b00 sh 686 1 686 0 Ss nanslp 0xffffffff83b9e580 cron 682 1 682 0 Ss select 0xfffffe006df05640 sshd 495 1 495 0 Rs syslogd 424 1 424 0 Ss wait 0xfffffe00540c9580 devd 423 1 423 65 Ss select 0xfffffe005824ea40 dhclient 338 1 338 0 Ss select 0xfffffe005824ee40 dhclient 335 1 335 0 Ss select 0xfffffe0057d75d40 dhclient 17 0 0 0 DL syncer 0xffffffff83cbbfa0 [syncer] 16 0 0 0 DL vlruwt 0xfffffe0007828040 [vnlru] 15 0 0 0 DL (threaded) [bufdaemon] 100080 D psleep 0xffffffff83cba560 [bufdaemon] 100083 D - 0xffffffff83001ec0 [bufspacedaemon-0] 100094 D sdflush 0xfffffe00596e48e8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d05400 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100078 D psleep 0xffffffff83ceb4c8 [dom0] 100081 D launds 0xffffffff83ceb4d4 [laundry: dom0] 100082 D umarcl 0xffffffff81dda750 [uma] 7 0 0 0 DL - 0xffffffff8391bcd0 [rand_harvestq] 6 0 0 0 DL pftm 0xffffffff843c4980 [pf purge] 5 0 0 0 DL waiting 0xffffffff848c7700 [sctp_iterator] 4 0 0 0 RL (threaded) [cam] 100046 Run CPU 1 [doneq0] 100047 D - 0xffffffff838e62c0 [async] 100076 D - 0xffffffff838e6140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100043 D crypto_ 0xffffffff83ce6d80 [crypto] 100044 D crypto_ 0xfffffe0007a72d30 [crypto returns 0] 100045 D crypto_ 0xfffffe0007a72d80 [crypto returns 1] 14 0 0 0 DL seqstat 0xfffffe0057cba488 [sequencer 00] 13 0 0 0 DL (threaded) [geom] 100037 D - 0xffffffff83b46f20 [g_event] 100038 D - 0xffffffff83b46f40 [g_up] 100039 D - 0xffffffff83b46f60 [g_down] 2 0 0 0 WL (threaded) [clock] 100031 I [clock (0)] 100032 I [clock (1)] 12 0 0 0 WL (threaded) [intr] 100013 I [swi6: task queue] 100014 I [swi6: Giant taskq] 100016 I [swi5: fast taskq] 100033 I [swi1: netisr 0] 100034 I [swi1: hpts] 100035 I [swi1: hpts] 100048 I [irq24: virtio_pci0] 100049 I [irq25: virtio_pci0] 100050 I [irq26: virtio_pci0] 100051 I [irq27: virtio_pci0] 100052 I [irq28: virtio_pci1] 100053 I [irq29: virtio_pci1] 100054 I [irq30: virtio_pci1] 100055 I [irq31: virtio_pci1] 100056 I [irq32: virtio_pci1] 100061 I [irq10: virtio_pci2] 100063 I [irq1: atkbd0] 100064 I [irq12: psm0] 100065 I [swi0: uart uart++] 100069 I [swi1: pf send] 11 0 0 0 RL (threaded) [idle] 100003 CanRun [idle: cpu0] 100004 CanRun [idle: cpu1] 1 0 1 0 SLs wait 0xfffffe0007809040 [init] 10 0 0 0 DL audit_w 0xffffffff83ce7820 [audit] 0 0 0 0 DLs (threaded) [kernel] 100000 D parked 0xffffffff84c36ff0 [swapper] 100005 D - 0xfffffe0053ea0100 [softirq_0] 100006 D - 0xfffffe0053ea0000 [softirq_1] 100007 D - 0xfffffe0053e9fe00 [if_io_tqg_0] 100008 D - 0xfffffe0053e9fd00 [if_io_tqg_1] 100009 D - 0xfffffe0053e9fc00 [if_config_tqg_0] 100010 D - 0xfffffe0007764900 [kqueue_ctx taskq] 100011 D - 0xfffffe0007764800 [jail_remove taskq] 100012 D - 0xfffffe0007764700 [bus taskq] 100015 D - 0xfffffe0007764200 [thread taskq] 100017 D - 0xfffffe0007763e00 [aiod_kick taskq] 100018 D - 0xfffffe0007763d00 [deferred_unmount ta] 100019 D - 0xfffffe0007763c00 [inm_free taskq] 100020 D - 0xfffffe0007763b00 [in6m_free taskq] 100021 D - 0xfffffe0007763a00 [linuxkpi_irq_wq] 100022 D - 0xfffffe0007763900 [linuxkpi_short_wq_0] 100023 D - 0xfffffe0007763900 [linuxkpi_short_wq_1] 100024 D - 0xfffffe0007763900 [linuxkpi_short_wq_2] 100025 D - 0xfffffe0007763900 [linuxkpi_short_wq_3] 100026 D - 0xfffffe0007763800 [linuxkpi_long_wq_0] 100027 D - 0xfffffe0007763800 [linuxkpi_long_wq_1] 100028 D - 0xfffffe0007763800 [linuxkpi_long_wq_2] 100029 D - 0xfffffe0007763800 [linuxkpi_long_wq_3] 100036 D - 0xfffffe0007763300 [firmware taskq] 100041 D - 0xfffffe0007763200 [crypto_0] 100042 D - 0xfffffe0007763200 [crypto_1] 100057 D - 0xfffffe005812c000 [vtnet0 rxq 0] 100058 D - 0xfffffe005812be00 [vtnet0 txq 0] 100059 D - 0xfffffe005812bd00 [vtnet0 rxq 1] 100060 D - 0xfffffe005812bc00 [vtnet0 txq 1] 100062 D vtbslp 0xfffffe0058250f00 [virtio_balloon] 100066 D - 0xffffffff827c2301 [deadlkres] 100070 D - 0xfffffe00593da400 [acpi_task_0] 100071 D - 0xfffffe00593da400 [acpi_task_1] 100072 D - 0xfffffe00593da400 [acpi_task_2] 100074 D - 0xfffffe0007766800 [mca taskq] 100075 D - 0xfffffe0007763100 [CAM taskq] 100077 D - 0xfffffe00593da300 [ipsec_offload] 100212 D - 0xfffffe005812c400 [system_taskq_0] 100213 D - 0xfffffe005812c400 [system_taskq_1] 100214 D - 0xfffffe006e528a00 [system_delay_taskq_] 100215 D - 0xfffffe006e528a00 [system_delay_taskq_] 100216 D - 0xfffffe006e528b00 [zvol_tq-0_0] 100217 D - 0xfffffe006e528b00 [zvol_tq-0_1] 100218 D - 0xfffffe006e528b00 [zvol_tq-0_2] 100219 D - 0xfffffe006e528b00 [zvol_tq-0_3] 100220 D - 0xfffffe006e528b00 [zvol_tq-0_4] 100221 D - 0xfffffe006e528b00 [zvol_tq-0_5] 100222 D - 0xfffffe006e528b00 [zvol_tq-0_6] 100223 D - 0xfffffe006e528b00 [zvol_tq-0_7] 100224 D - 0xfffffe006e528b00 [zvol_tq-0_8] 100225 D - 0xfffffe006e528b00 [zvol_tq-0_9] 100226 D - 0xfffffe006e528b00 [zvol_tq-0_10] 100227 D - 0xfffffe006e528b00 [zvol_tq-0_11] 100228 D - 0xfffffe006e528b00 [zvol_tq-0_12] 100229 D - 0xfffffe006e528b00 [zvol_tq-0_13] 100230 D - 0xfffffe006e528b00 [zvol_tq-0_14] 100231 D - 0xfffffe006e528b00 [zvol_tq-0_15] 100232 D - 0xfffffe006e528b00 [zvol_tq-0_16] 100233 D - 0xfffffe006e528b00 [zvol_tq-0_17] 100234 D - 0xfffffe006e528b00 [zvol_tq-0_18] 100235 D - 0xfffffe006e528b00 [zvol_tq-0_19] 100236 D - 0xfffffe006e528b00 [zvol_tq-0_20] 100237 D - 0xfffffe006e528b00 [zvol_tq-0_21] 100238 D - 0xfffffe006e528b00 [zvol_tq-0_22] 100239 D - 0xfffffe006e528b00 [zvol_tq-0_23] 100240 D - 0xfffffe006e528b00 [zvol_tq-0_24] 100241 D - 0xfffffe006e528b00 [zvol_tq-0_25] 100242 D - 0xfffffe006e528b00 [zvol_tq-0_26] 100243 D - 0xfffffe006e528b00 [zvol_tq-0_27] 100244 D - 0xfffffe006e528b00 [zvol_tq-0_28] 100245 D - 0xfffffe006e528b00 [zvol_tq-0_29] 100246 D - 0xfffffe006e528b00 [zvol_tq-0_30] 100247 D - 0xfffffe006e528b00 [zvol_tq-0_31] 100249 D - 0xfffffe006e529800 [arc_prune] 100250 D - 0xfffffe0007767e00 [arc_flush_0] 100251 D - 0xfffffe0007767e00 [arc_flush_1] 100276 D - 0xfffffe0078219600 [dbu_evict] 100301 D - 0xfffffe0078218400 [z_vdev_file_0] 100302 D - 0xfffffe0078218400 [z_vdev_file_1] 100303 D - 0xfffffe0078218400 [z_vdev_file_2] 100304 D - 0xfffffe0078218400 [z_vdev_file_3] 100305 D - 0xfffffe0078218400 [z_vdev_file_4] 100306 D - 0xfffffe0078218400 [z_vdev_file_5] 100307 D - 0xfffffe0078218400 [z_vdev_file_6] 100308 D - 0xfffffe0078218400 [z_vdev_file_7] 100309 D - 0xfffffe0078218400 [z_vdev_file_8] 100310 D - 0xfffffe0078218400 [z_vdev_file_9] 100311 D - 0xfffffe0078218400 [z_vdev_file_10] 100312 D - 0xfffffe0078218400 [z_vdev_file_11] 100313 D - 0xfffffe0078218400 [z_vdev_file_12] 100314 D - 0xfffffe0078218400 [z_vdev_file_13] 100315 D - 0xfffffe0078218400 [z_vdev_file_14] 100316 D - 0xfffffe0078218400 [z_vdev_file_15] 100350 D - 0xfffffe00783a5900 [zfsvfs] 101507 D - 0xfffffe00783a7200 [netlink_socket (PID] db> show all locks Process 1727 (syz-executor) thread 0xfffffe00541d6780 (101506) exclusive sx MD config lock (MD config lock) r = 0 (0xffffffff83911400) locked @ /syzkaller/managers/i386/kernel/sys/dev/md/md.c:1796 Process 1726 (syz-executor) thread 0xfffffe0082402780 (101505) exclusive lockmgr bufwait (bufwait) r = 0 (0xfffffe0007d53b48) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_bio.c:1752 exclusive lockmgr ufs (ufs) r = 0 (0xfffffe007fccfc78) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_vnops.c:1235 Process 1726 (syz-executor) thread 0xfffffe0082401780 (101509) shared lockmgr ufs (ufs) r = 0 (0xfffffe00776a7e30) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_cache.c:5178 Process 1012 (ifconfig) thread 0xfffffe0054130780 (100355) exclusive sx ifnet_detach_sx (ifnet_detach_sx) r = 0 (0xffffffff83cbc780) locked @ /syzkaller/managers/i386/kernel/sys/net/if.c:3000 Process 761 (sshd) thread 0xfffffe00540f1780 (100114) exclusive rw tcpinp (tcpinp) r = 0 (0xfffffe006df29020) locked @ /syzkaller/managers/i386/kernel/sys/netinet/tcp_usrreq.c:705 Process 495 (syslogd) thread 0xfffffe00540c0000 (100099) exclusive lockmgr ufs (ufs) r = 0 (0xfffffe006debb228) locked @ /syzkaller/managers/i386/kernel/sys/kern/vfs_syscalls.c:3671 Process 4 (cam) thread 0xfffffe0007823780 (100046) exclusive rw bufobj interlock (bufobj interlock) r = 0 (0xfffffe00596f5608) locked @ /syzkaller/managers/i386/kernel/sys/ufs/ffs/ffs_vfsops.c:2194 db> show malloc Type InUse MemUse Requests pf_hash 6 12804K 6 linker 425 12680K 824 tcp_hpts 7 4801K 7 devbuf 4188 4324K 4225 solaris 2246 3597K 4472 sysctloid 45165 2653K 45511 vtbuf 24 1968K 46 filedesc 179 1431K 1829 kobj 331 1324K 596 newblk 79 1044K 6525 vfscache 3 1025K 3 pcb 60 703K 855 subproc 318 667K 1963 inodedep 38 526K 1683 ufs_quota 1 512K 1 vfs_hash 1 512K 1 callout 2 512K 2 intr 4 472K 4 vmem 5 276K 10 vnet_data 2 224K 2 acpitask 1 224K 1 KTRACE 101 201K 36211 acpica 1674 184K 54432 tidhash 3 141K 3 pagedep 14 132K 1073 tfo_ccache 1 128K 1 IP reass 1 128K 1 DEVFS1 121 121K 144 sem 4 106K 4 gtaskqueue 18 98K 18 bus 1002 82K 5074 kdtrace 439 82K 3243 umtx 608 76K 608 mtx_pool 3 74K 3 syncache 1 68K 1 NFSD srvcache 3 68K 3 module 526 66K 532 ddb_capture 1 64K 1 md_disk 15 41K 21 temp 44 39K 2759 BPF 28 38K 104 shm 3 36K 30 DEVFS3 140 35K 153 hostcache 1 32K 1 msg 4 30K 4 kbdmux 6 28K 6 LRO 26 27K 26 ifaddr 84 23K 88 lltable 67 22K 87 routetbl 206 21K 594 cred 69 20K 536 md_sectors 5 20K 7 DEVFS_RULE 56 20K 56 GEOM 124 20K 871 kstat_data 19 19K 19 CC Mem 152 19K 2129 ether_multi 208 17K 349 ufs_mount 4 17K 5 proc 3 17K 3 ifnet 9 17K 10 tty 16 16K 16 ithread 90 15K 90 bus-sc 34 15K 1650 eventhandler 166 14K 166 shmfd 13 14K 27 devstat 6 13K 6 in6_multi 85 12K 98 kenv 95 12K 95 plimit 28 11K 478 taskqueue 96 11K 357 CAM queue 5 11K 1528 kqueue 155 10K 2680 rman 82 10K 447 pwddesc 150 10K 1778 rpc 8 9K 8 bmsafemap 2 9K 1679 UART 12 9K 12 ksem 1 8K 20 filemon 1 8K 14 pfs_vncache 1 8K 1 audit_evclass 239 8K 301 sctp_atcl 17 7K 240 inpcbpolicy 204 7K 3037 UMA 342 7K 344 sglist 6 7K 6 CAM DEV 3 6K 510 DEVFSP 94 6K 378 pfs_nodes 22 6K 22 pf_ifnet 12 5K 27 ufs_dirhash 24 5K 33 dirrem 18 5K 1554 kcovinfo 72 5K 72 freework 18 5K 2504 vt 11 5K 11 osd 214 5K 2209 memdesc 1 4K 1 MCA 32 4K 32 evdev 4 4K 4 proc-args 167 4K 2824 acpisem 28 4K 28 lockf 27 3K 285 terminal 11 3K 11 session 22 3K 53 sctp_timw 10 3K 10 ip6ndp 16 3K 17 uidinfo 5 3K 32 acpidev 20 3K 20 hhook 8 3K 10 tun 6 3K 6 clone 9 3K 9 sctp_ifa 17 3K 18 freefile 17 3K 1339 sctp_stro 2 2K 14 pf_rule 1 2K 6 local_apic 1 2K 1 io_apic 1 2K 1 ipsec-saq 2 2K 2 in_multi 8 2K 25 Unitno 32 2K 86 crypto 5 2K 170 CAM XPT 22 2K 543 nhops 7 2K 11 vnodemarker 3 2K 41 toponodes 6 2K 6 ip6opt 8 2K 114 ipsecpolicy 2 2K 2 selfd 19 2K 166777 msi 9 2K 9 newdirblk 9 2K 1024 netlink 2 2K 133 select 9 2K 118 mount 22 2K 1724 sctp_ifn 8 1K 18 softdep 1 1K 1 freeblks 4 1K 1234 indirdep 4 1K 1803 sahead 1 1K 1 secasvar 1 1K 1 mld 8 1K 8 frag6 11 1K 29 igmp 8 1K 8 NFSD session 1 1K 1 CAM periph 4 1K 271 ipsec 3 1K 3 mkdir 6 1K 2048 pfil 6 1K 6 isadev 6 1K 8 pci_link 10 1K 10 sctp_atky 19 1K 256 diradd 5 1K 1580 encap_export_host 12 1K 12 cryptodev 9 1K 523 ioctlops 1 1K 158 cdev 2 1K 2 lkpikmalloc 8 1K 9 counter_rate 14 1K 14 chacha20random 1 1K 1 biobuf 1 1K 1 vnodes 2 1K 20 sctp_athm 17 1K 242 ip_msource 4 1K 38 ip_moptions 4 1K 56 VN POLL 2 1K 19 procdesc 2 1K 8 NFSD lckfile 1 1K 1 NFSD V4client 1 1K 1 DEVFS 9 1K 11 CAM SIM 2 1K 2 prison 8 1K 8 feeder 7 1K 7 taskq 2 1K 2 tcpfunc 3 1K 3 in_mfilter 3 1K 83 loginclass 3 1K 5 nexusdev 8 1K 8 apmdev 1 1K 1 atkbddev 2 1K 2 freefrag 1 1K 290 aio 4 1K 11 iov 2 1K 22976 pmchooks 1 1K 1 filecaps 5 1K 88 filedesc_to_leader 2 1K 5 CAM path 4 1K 1034 CAM dev queue 2 1K 2 CAM I/O Scheduler 1 1K 1 soname 4 1K 4595 sctp_vrf 1 1K 1 sctp_aadr 1 1K 2 sctp_map 4 1K 28 vnet 1 1K 1 pmc 1 1K 1 entropy 2 1K 37 acpiintr 1 1K 1 cpus 2 1K 2 vnet_data_free 1 1K 1 Per-cpu 1 1K 1 p1003.1b 1 1K 1 ext2_mount 0 0K 0 ext2_node 0 0K 0 ext2_extents 0 0K 0 sfs_nodes 0 0K 0 zones_data 0 0K 0 mqdata 0 0K 0 sctp_mcore 0 0K 0 sctp_socko 0 0K 19 sctp_iter 0 0K 14 sctp_mvrf 0 0K 0 sctp_cpal 0 0K 0 sctp_cmsg 0 0K 0 sctp_stre 0 0K 0 sctp_athi 0 0K 0 sctp_a_it 0 0K 14 sctp_stri 0 0K 4 ipcomp 0 0K 0 esp 0 0K 0 ah 0 0K 0 tcp_pcm_rack 0 0K 14 tcp_do_rack 0 0K 0 tcp_fsb_rack 0 0K 28 pf_table 0 0K 0 pf_altq 0 0K 0 pf_osfp 0 0K 0 pf_krule_item 0 0K 0 pf_temp 0 0K 0 madt_table 0 0K 2 smartpqi 0 0K 0 ixl 0 0K 0 ice-resmgr 0 0K 0 ice-osdep 0 0K 0 ice 0 0K 0 iavf 0 0K 0 axgbe 0 0K 0 fpukern_ctx 0 0K 0 xen_intr 0 0K 0 xen_hvm 0 0K 0 legacydrv 0 0K 0 NMI handlers 0 0K 0 bounce 0 0K 0 busdma 0 0K 0 qpidrv 0 0K 0 dmar_idpgtbl 0 0K 0 dmar_dom 0 0K 0 dmar_ctx 0 0K 0 amdiommu_dom 0 0K 0 amdiommu_ctx 0 0K 0 isci 0 0K 0 iommu_dmamap 0 0K 0 hyperv_socket 0 0K 0 bxe_ilt 0 0K 0 aesni_data 0 0K 0 xenbus 0 0K 0 vm_fictitious 0 0K 0 UMAHash 0 0K 0 vm_pgdata 0 0K 0 jblocks 0 0K 0 savedino 0 0K 1365 sentinel 0 0K 0 jfsync 0 0K 0 jtrunc 0 0K 0 sbdep 0 0K 18 jsegdep 0 0K 0 jseg 0 0K 0 jfreefrag 0 0K 0 jfreeblk 0 0K 0 jnewblk 0 0K 0 jmvref 0 0K 0 jremref 0 0K 0 jaddref 0 0K 0 freedep 0 0K 0 allocindir 0 0K 0 allocdirect 0 0K 0 ufs_trim 0 0K 0 mactemp 0 0K 0 audit_trigger 0 0K 0 audit_pipe_presel 0 0K 0 audit_pipeent 0 0K 0 audit_pipe 0 0K 0 audit_evname 0 0K 0 audit_bsm 0 0K 0 audit_gidset 0 0K 0 audit_text 0 0K 0 audit_path 0 0K 0 audit_data 0 0K 0 audit_cred 0 0K 0 ktls_ocf 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5E_TLS_RX 0 0K 0 MLX5EEPROM 0 0K 0 MLX5E_TLS 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EN 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5DUMP 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 MLX5EEPROM 0 0K 0 simple_attr 0 0K 0 seq_file 0 0K 0 lkpiskb 0 0K 0 radix 0 0K 0 idr 0 0K 0 lkpindev 0 0K 0 lkpimhi 0 0K 0 lkpifw 0 0K 0 lkpi80211 0 0K 0 NLM 0 0K 0 ipsec-spdcache 0 0K 0 ipsec-reg 0 0K 0 ipsec-misc 0 0K 0 ipsecrequest 0 0K 0 ip6_msource 0 0K 0 ip6_moptions 0 0K 22 in6_mfilter 0 0K 13 tcplog 0 0K 0 tcp_hwpace 0 0K 0 ipid 0 0K 0 80211scan 0 0K 0 80211ratectl 0 0K 0 80211power 0 0K 0 80211nodeie 0 0K 0 80211node 0 0K 0 80211mesh_gt 0 0K 0 80211mesh_rt 0 0K 0 80211perr 0 0K 0 80211prep 0 0K 0 80211preq 0 0K 0 80211dfs 0 0K 0 80211crypto 0 0K 0 80211vap 0 0K 0 iflib 0 0K 0 vlan 0 0K 0 gif 0 0K 0 ifdescr 0 0K 0 zlib 0 0K 27 fadvise 0 0K 0 statfs 0 0K 216 namei_tracker 0 0K 7 export_host 0 0K 0 cl_savebuf 0 0K 100 lio 0 0K 80 acl 0 0K 0 mbuf_tag 0 0K 0 ktls 0 0K 0 accf 0 0K 0 pts 0 0K 0 timerfd 0 0K 0 eventfd 0 0K 20 Witness 0 0K 0 stack 0 0K 0 sbuf 0 0K 550 firmware 0 0K 0 compressor 0 0K 0 SWAP 0 0K 0 sysctltmp 0 0K 654 sysctl 0 0K 3 ekcd 0 0K 0 dumper 0 0K 0 sendfile 0 0K 6 rctl 0 0K 0 cache 0 0K 0 prison_racct 0 0K 0 Fail Points 0 0K 0 sigio 0 0K 2 pwd 0 0K 0 tty console 0 0K 0 boottrace 0 0K 0 isofs_node 0 0K 0 isofs_mount 0 0K 0 tr_raid5_data 0 0K 0 tr_raid1e_data 0 0K 0 tr_raid1_data 0 0K 0 tr_raid0_data 0 0K 0 tr_concat_data 0 0K 0 md_sii_data 0 0K 0 md_promise_data 0 0K 0 md_nvidia_data 0 0K 0 md_jmicron_data 0 0K 0 md_intel_data 0 0K 0 md_ddf_data 0 0K 0 raid_data 0 0K 138 geom_flashmap 0 0K 0 tmpfs dir 0 0K 0 tmpfs name 0 0K 0 tmpfs mount 0 0K 0 tmpfs extattr 0 0K 0 NFS FHA 0 0K 0 newnfsmnt 0 0K 0 newnfsclient_req 0 0K 0 NFSCL layrecall 0 0K 0 NFSCL session 0 0K 0 NFSCL sockreq 0 0K 0 NFSCL devinfo 0 0K 0 NFSCL flayout 0 0K 0 NFSCL layout 0 0K 0 NFSD rollback 0 0K 0 NFSCL diroff 0 0K 0 NEWNFSnode 0 0K 0 NFSCL lck 0 0K 0 NFSCL lckown 0 0K 0 NFSCL client 0 0K 0 NFSCL deleg 0 0K 0 NFSCL open 0 0K 0 NFSCL owner 0 0K 0 NFS fh 0 0K 0 NFS req 0 0K 0 NFSD usrgroup 0 0K 0 NFSD string 0 0K 0 NFSD V4lock 0 0K 0 NFSD V4state 0 0K 0 msdosfs_fat 0 0K 0 msdosfs_mount 0 0K 0 msdosfs_node 0 0K 0 DEVFS4 0 0K 2 DEVFS2 0 0K 0 gntdev 0 0K 0 privcmd_dev 0 0K 0 evtchn_dev 0 0K 0 xenstore 0 0K 0 xnb 0 0K 0 xen_acpi 0 0K 0 xbbd 0 0K 0 xbd 0 0K 0 Balloon 0 0K 0 sysmouse 0 0K 0 vtfont 0 0K 0 pvscsi 0 0K 0 USBdev 0 0K 0 USB 0 0K 0 twsbuf 0 0K 0 tcp_log_dev 0 0K 12 midi buffers 0 0K 0 mixer 0 0K 0 ac97 0 0K 0 hdacc 0 0K 0 hdac 0 0K 0 hdaa 0 0K 0 SIIS driver 0 0K 0 PUC 0 0K 0 ppbusdev 0 0K 0 sr_iov 0 0K 0 OCS 0 0K 0 OCS 0 0K 0 nvme 0 0K 0 nvd 0 0K 0 netmap 0 0K 0 mwldev 0 0K 0 MVS driver 0 0K 0 mpi3mrbuf 0 0K 0 mrsasbuf 0 0K 0 mpt_user 0 0K 0 mps_user 0 0K 0 MPSSAS 0 0K 0 mps 0 0K 0 mpr_user 0 0K 0 MPRSAS 0 0K 0 mpr 0 0K 0 mfibuf 0 0K 0 malodev 0 0K 0 LED 0 0K 0 ix_sriov 0 0K 0 ix 0 0K 0 ipsbuf 0 0K 0 ciss_data 0 0K 0 BACKLIGHT 0 0K 0 ath_hal 0 0K 0 athdev 0 0K 0 ata_pci 0 0K 0 ata_dma 0 0K 0 ata_generic 0 0K 0 AHCI driver 0 0K 0 agp 0 0K 0 acpipwr 0 0K 0 acpi_perf 0 0K 0 acpicmbat 0 0K 0 aacraidcam 0 0K 0 aacraid_buf 0 0K 0 aaccam 0 0K 0 aacbuf 0 0K 0 zstd 0 0K 0 XZ_DEC 0 0K 0 nvlist 0 0K 364 SCSI ENC 0 0K 0 SCSI sa 0 0K 0 scsi_pass 0 0K 0 scsi_da 0 0K 70 ata_da 0 0K 0 scsi_ch 0 0K 0 scsi_cd 0 0K 0 nvme_da 0 0K 0 CAM CCB 0 0K 523 CAM ccb queue 0 0K 0 db> show uma Zone Size Used Free Requests Sleeps Bucket Total Mem XFree mbuf_jumbo_page 4096 8323 1075 17418 0 254 38494208 0 tcp_log 416 516 9906 33323 0 254 4335552 0 mbuf 256 8965 697 36492 0 254 2473472 0 malloc-4096 4096 484 6 2422 0 2 2007040 0 malloc-128 128 14787 217 16647 0 126 1920512 0 RADIX NODE 152 12154 451 55602 0 62 1915960 0 BUF TRIE 152 290 11514 5460 0 62 1794208 0 malloc-384 384 4175 25 4548 0 30 1612800 0 malloc-16384 16384 92 4 917 0 1 1572864 0 mbuf_cluster 2048 508 254 572 0 254 1560576 0 UMA Slabs 0 112 11500 14 11574 0 126 1289568 0 sctp_asoc 2256 2 508 14 0 254 1150560 0 malloc-64 64 107 16966 176855 0 254 1092672 0 vmem btag 56 19353 54 19394 0 254 1086792 0 zio_buf_comb_1048576 1048576 0 1 15 0 1 1048576 0 malloc-65536 65536 11 1 18 0 1 786432 0 FFS inode 1168 646 26 2022 0 8 784896 0 malloc-256 256 2253 237 6546 0 62 637440 0 VM OBJECT 248 2304 176 25367 0 62 615040 0 sctp_ep 1152 15 496 224 0 254 588672 0 THREAD 1860 287 17 1510 0 8 565440 0 256 Bucket 2048 267 5 1676 0 8 557056 0 malloc-65536 65536 4 4 188 0 1 524288 0 socket 1024 258 250 5068 0 254 520192 0 lkpicurr 168 2 3094 2 0 62 520128 0 pbuf 2624 0 170 0 0 2 446080 0 MAP ENTRY 96 3790 368 92468 0 126 399168 0 sctp_raddr 736 3 514 16 0 254 380512 0 malloc-64 64 5268 339 7534 0 254 358848 0 VNODE 440 688 95 2067 0 30 344520 0 malloc-2048 2048 6 154 664 0 8 327680 0 malloc-16 16 18507 493 18926 0 254 304000 0 FPU_save_area 832 289 35 2309 0 16 269568 0 malloc-2048 2048 110 18 355 0 8 262144 0 tcp_inpcb 1304 157 35 2129 0 8 250368 0 malloc-32 32 7406 280 10081 0 254 245952 0 UMA Zones 768 314 0 316 0 16 241152 0 PROC 1376 150 15 1731 0 8 227040 0 DEVCTL 1024 60 160 187 0 0 225280 0 malloc-128 128 1360 283 27501 0 126 210304 0 malloc-256 256 371 439 9933 0 62 207360 0