panic: kernel diagnostic assertion "next != NULL && next->start <= entry->end" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_fault.c", line 1643 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *486948 4614 32767 0x10 0x4000000 0K syz-executor.1 10500 4614 32767 0x10 0x4000000 1 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8257189e) at panic+0x177 sys/kern/subr_prf.c:202 __assert(ffffffff825ea8fa,ffffffff825488d3,66b,ffffffff825585ce) at __assert+0x25 sys/kern/subr_prf.c:161 uvm_fault_unwire_locked(fffffd807a0cfe70,20000000,20011000) at uvm_fault_unwire_locked+0x2eb sys/uvm/uvm_fault.c:1640 uvm_fault_unwire(fffffd807a0cfe70,20000000,20011000) at uvm_fault_unwire+0x3f sys/uvm/uvm_fault.c:1601 sys_sysctl(ffff80002120d260,ffff800023a62be8,ffff800023a62c40) at sys_sysctl+0x229 sys/kern/kern_sysctl.c:254 syscall(ffff800023a62cb0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800023a62cb0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x517ce8ffc60, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "next != NULL && next->start <= entry->end" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_fault.c", line 1643 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8257189e) at panic+0x177 sys/kern/subr_prf.c:202 __assert(ffffffff825ea8fa,ffffffff825488d3,66b,ffffffff825585ce) at __assert+0x25 sys/kern/subr_prf.c:161 uvm_fault_unwire_locked(fffffd807a0cfe70,20000000,20011000) at uvm_fault_unwire_locked+0x2eb sys/uvm/uvm_fault.c:1640 uvm_fault_unwire(fffffd807a0cfe70,20000000,20011000) at uvm_fault_unwire+0x3f sys/uvm/uvm_fault.c:1601 sys_sysctl(ffff80002120d260,ffff800023a62be8,ffff800023a62c40) at sys_sysctl+0x229 sys/kern/kern_sysctl.c:254 syscall(ffff800023a62cb0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800023a62cb0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x517ce8ffc60, count: -8 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800023a62970 rbx 0xffffffff82901bff cpu_info_full_primary+0x2bff rdx 0 rcx 0 rax 0xffff80002120d260 r8 0x101010101010101 r9 0x8080808080808080 r10 0xba17485618d7218e r11 0xc75482f27e928ede r12 0xffffffff82901a00 cpu_info_full_primary+0x2a00 r13 0 r14 0 r15 0x1 rip 0xffffffff81d872c8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800023a62960 ss 0 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.1) pid=486948 stat=onproc flags process=10 proc=4000000 pri=32, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff80002120c7e0,0xffff8000ffff5278 process=0xffff8000ffff14e0 user=0xffff800023a5d000, vmspace=0xfffffd807a0cfe70 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 4614 473584 85235 32767 2 0x10 syz-executor.1 * 4614 486948 85235 32767 7 0x4000010 syz-executor.1 4614 10500 85235 32767 7 0x4000010 syz-executor.1 60507 187367 30914 32767 2 0x10 syz-executor.5 60507 423257 30914 32767 2 0x4000010 syz-executor.5 47060 300011 83658 32767 2 0x10 syz-executor.6 47060 3588 83658 32767 3 0x4000090 fsleep syz-executor.6 47060 317376 83658 32767 3 0x4000090 fsleep syz-executor.6 31537 353895 47442 32767 2 0x10 syz-executor.2 31537 490653 47442 32767 3 0x4000090 fsleep syz-executor.2 31537 285404 47442 32767 3 0x4000090 fsleep syz-executor.2 31537 458026 47442 32767 3 0x4000090 fsleep syz-executor.2 34724 478838 35767 32767 2 0x10 syz-executor.4 34724 149139 35767 32767 3 0x4000090 netio syz-executor.4 34724 286755 35767 32767 3 0x4000090 netio syz-executor.4 85235 158596 1055 32767 2 0x490 syz-executor.1 1055 430001 20887 0 3 0x82 wait syz-executor.1 24552 359000 56771 32767 2 0x10 syz-executor.3 56771 382382 20887 0 3 0x82 wait syz-executor.3 35767 115641 25261 32767 2 0x490 syz-executor.4 25261 137689 20887 0 3 0x82 wait syz-executor.4 47442 24011 95821 32767 2 0x490 syz-executor.2 95821 161871 20887 0 3 0x82 wait syz-executor.2 49813 511771 74248 32767 2 0x10 syz-executor.7 74248 237412 20887 0 3 0x82 wait syz-executor.7 98054 314461 0 0 3 0x14200 bored sosplice 83658 233677 75464 32767 2 0x490 syz-executor.6 75464 23854 20887 0 3 0x82 wait syz-executor.6 30914 234918 72794 32767 2 0x490 syz-executor.5 72794 481388 20887 0 3 0x82 wait syz-executor.5 28739 255162 21344 32767 2 0x10 syz-executor.0 21344 365480 20887 0 3 0x82 wait syz-executor.0 20887 306229 5156 0 3 0x82 thrsleep syz-fuzzer 20887 261439 5156 0 2 0x4000482 syz-fuzzer 20887 119069 5156 0 2 0x4000482 syz-fuzzer 20887 404380 5156 0 3 0x4000082 thrsleep syz-fuzzer 20887 440146 5156 0 3 0x4000082 kqread syz-fuzzer 20887 108190 5156 0 3 0x4000082 thrsleep syz-fuzzer 20887 120396 5156 0 3 0x4000082 thrsleep syz-fuzzer 20887 186153 5156 0 3 0x4000082 thrsleep syz-fuzzer 20887 375092 5156 0 3 0x4000082 thrsleep syz-fuzzer 5156 212790 7310 0 3 0x10008a sigsusp ksh 7310 124212 26794 0 3 0x9a kqread sshd 33851 460087 1 0 3 0x100083 ttyin getty 26794 190398 1 0 3 0x88 kqread sshd 66628 121579 15494 73 3 0x1100090 kqread syslogd 15494 189958 1 0 3 0x100082 netio syslogd 55649 348408 1 0 3 0x100080 kqread resolvd 25570 472699 55657 77 3 0x100092 kqread dhcpleased 43037 315141 55657 77 3 0x100092 kqread dhcpleased 55657 415653 1 0 3 0x80 kqread dhcpleased 24946 458308 0 0 3 0x14200 bored smr 60391 446224 0 0 2 0x14200 zerothread 36501 2973 0 0 3 0x14200 aiodoned aiodoned 96687 394906 0 0 3 0x14200 syncer update 85224 365428 0 0 3 0x14200 cleaner cleaner 58065 143192 0 0 3 0x14200 reaper reaper 77087 247088 0 0 3 0x14200 pgdaemon pagedaemon 2238 433460 0 0 3 0x14200 bored viomb 89832 77119 0 0 3 0x40014200 acpi0 acpi0 30629 176138 0 0 3 0x40014200 idle1 60332 215615 0 0 3 0x14200 bored softnet 27109 281426 0 0 3 0x14200 bored systqmp 45356 499786 0 0 3 0x14200 bored systq 82483 8291 0 0 2 0x40014200 softclock 28096 38980 0 0 3 0x40014200 idle0 1 352231 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 4614 (syz-executor.1) thread 0xffff80002120d260 (486948) exclusive rwlock amaplk r = 0 (0xfffffd8068e86c58) #0 witness_lock+0x44d #1 uvm_map_lock_entry+0x36 sys/uvm/uvm_map.c:508 #2 uvm_fault_unwire_locked+0x1e8 sys/uvm/uvm_fault.c:1655 #3 uvm_fault_unwire+0x3f sys/uvm/uvm_fault.c:1601 #4 sys_sysctl+0x229 sys/kern/kern_sysctl.c:254 #5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #6 Xsyscall+0x128 shared rwlock vmmaplk r = 0 (0xfffffd807a0cfe88) #0 witness_lock+0x44d #1 uvm_fault_unwire+0x31 sys/uvm/uvm_fault.c:1600 #2 sys_sysctl+0x229 sys/kern/kern_sysctl.c:254 #3 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #3 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #4 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82b73a20) #0 witness_lock+0x44d #1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227 #2 mi_switch+0x3d3 sys/kern/sched_bsd.c:416 #3 sleep_finish+0x198 sys/kern/kern_synch.c:437 #4 rw_enter+0x35a sys/kern/kern_rwlock.c:286 #5 vm_map_lock_ln+0xda sys/uvm/uvm_map.c:5458 #6 uvmfault_lookup+0xb9 sys/uvm/uvm_fault.c:1752 #7 uvm_fault_check+0x603 uvmfault_amapcopy sys/uvm/uvm_fault.c:236 [inline] #7 uvm_fault_check+0x603 sys/uvm/uvm_fault.c:712 #8 uvm_fault+0x102 sys/uvm/uvm_fault.c:602 #9 uvm_fault_wire+0x63 sys/uvm/uvm_fault.c:1580 #10 sys_sysctl+0x2d8 sys/kern/kern_sysctl.c:240 #11 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #11 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #12 Xsyscall+0x128 exclusive rwlock sysctllk r = 0 (0xffffffff828f0910) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 sys_sysctl+0x1b3 sys/kern/kern_sysctl.c:233 #3 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #3 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #4 Xsyscall+0x128 Process 4614 (syz-executor.1) thread 0xffff8000ffff5268 (10500) exclusive rwlock futex r = 0 (0xffffffff8299aec0) #0 witness_lock+0x44d #1 sys_futex+0x5c sys/kern/sys_futex.c:108 #2 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #2 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #3 Xsyscall+0x128 Process 28739 (syz-executor.0) thread 0xffff80002120ca80 (255162) exclusive rrwlock inode r = 0 (0xfffffd806e951d68) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:579 #5 vget+0x1d3 sys/kern/vfs_subr.c:677 #6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119 #7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1318 #8 ufs_lookup+0x13ba sys/ufs/ufs/ufs_lookup.c:487 #9 VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85 #10 vfs_lookup+0x6e5 sys/kern/vfs_lookup.c:561 #11 namei+0x36a sys/kern/vfs_lookup.c:245 #12 dounlinkat+0x99 sys/kern/vfs_syscalls.c:1850 #13 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #13 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806ad170a8) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:579 #5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413 #6 namei+0x36a sys/kern/vfs_lookup.c:245 #7 dounlinkat+0x99 sys/kern/vfs_syscalls.c:1850 #8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #9 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10205 6411K 6419K 78643K 11336 0 pcb 13 12K 14K 78643K 17 0 rtable 258 7K 7K 78643K 1058 0 ifaddr 81 17K 17K 78643K 174 0 sysctl 3 1K 3K 78643K 70 0 counters 56 35K 35K 78643K 82 0 ioctlops 0 0K 2K 78643K 73 0 iov 0 0K 32K 78643K 1693 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1271 79K 79K 78643K 5908 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 63 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 1824 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 23 85K 121K 78643K 7825 0 sigio 0 0K 0K 78643K 307 0 proc 56 74K 111K 78643K 1456 0 subproc 104 6K 6K 78643K 273 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 970 0 in_multi 99 6K 7K 78643K 374 0 ether_multi 1 0K 0K 78643K 31 0 mrt 3 0K 0K 78643K 3 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 247 1102K 1102K 78643K 247 0 exec 0 0K 2K 78643K 1908 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 397 96K 110K 78643K 101932 0 UVM aobj 131 4K 4K 78643K 146 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 208 0 NDP 11 0K 2K 78643K 66 0 temp 125 4703K 4783K 78643K 22859 0 kqueue 12 18K 32K 78643K 2380 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 903 0 900 18 15 3 5 0 8 2 rtentry 112 275 0 155 4 0 4 4 0 8 0 unpcb 136 6171 0 6158 74 68 6 8 0 8 5 syncache 296 116 0 116 23 22 1 1 0 8 1 tcpqe 32 37 0 37 12 11 1 1 0 8 1 tcpcb 736 2887 0 2870 89 86 3 13 0 8 1 arp 120 45 0 27 1 0 1 1 0 8 0 ipq 40 12 0 12 6 6 0 1 0 8 0 ipqe 40 255 0 255 6 6 0 1 0 8 0 inpcb 304 6405 0 6391 111 105 6 11 0 8 4 rttmr 72 3 0 2 1 0 1 1 0 8 0 ip6q 72 13 0 12 5 4 1 1 0 8 0 ip6af 40 30 0 29 5 4 1 1 0 8 0 nd6 48 82 0 49 1 0 1 1 0 8 0 kcovpl 48 21 0 13 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1131 0 598 35 1 34 34 0 8 0 art_table 32 1132 0 598 6 1 5 5 0 8 0 art_node 16 274 0 164 1 0 1 1 0 8 0 sysvmsgpl 40 40 0 7 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 1822 0 1812 1 0 1 1 0 8 0 shmpl 112 143 0 15 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 14787 0 13347 91 0 91 91 0 8 0 ffsino 272 14787 0 13347 97 0 97 97 0 8 0 nchpl 144 25909 0 24282 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 100598 0 100598 3 2 1 2 0 8 1 percpumem 16 53 0 13 1 0 1 1 0 8 0 scxspl 216 61645 0 61645 33 32 1 8 0 8 1 plimitpl 152 1555 0 1533 7 5 2 2 0 8 1 sigapl 424 8082 0 8033 7 0 7 7 0 8 0 futexpl 64 70140 0 70134 2 1 1 1 0 8 0 knotepl 120 376 0 0 7 1 6 6 0 8 0 kqueuepl 216 7004 0 6996 90 85 5 8 0 8 4 pipepl 336 2253 0 2225 70 67 3 13 0 8 0 fdescpl 496 8067 0 8033 7 1 6 6 0 8 0 filepl 152 75775 0 75536 149 134 15 22 0 8 5 lockfpl 104 1192 0 1190 3 2 1 2 0 8 0 lockfspl 48 329 0 327 1 0 1 1 0 8 0 sessionpl 144 36 0 20 1 0 1 1 0 8 0 pgrppl 48 59 0 43 1 0 1 1 0 8 0 ucredpl 96 23836 0 23818 1 0 1 1 0 8 0 zombiepl 144 8033 0 8033 1 0 1 1 0 8 1 processpl 1064 8082 0 8033 5 1 4 4 0 8 0 procpl 672 23299 0 23232 26 19 7 8 0 8 1 sosppl 168 93 0 93 18 17 1 1 0 8 1 sockpl 480 13726 0 13695 354 341 13 30 0 8 8 mcl64k 65536 36 0 0 3 1 2 3 0 8 0 mcl16k 16384 31 0 0 4 1 3 3 0 8 0 mcl12k 12288 33 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 30 0 0 3 1 2 3 0 8 0 mcl4k 4096 22 0 0 3 0 3 3 0 8 0 mcl2k2 2112 9 0 0 1 0 1 1 0 8 0 mcl2k 2048 396 0 0 34 11 23 34 0 8 0 mtagpl 96 4 0 0 1 0 1 1 0 8 0 mbufpl 256 1227 0 0 60 1 59 59 0 8 0 bufpl 288 15299 0 8964 453 0 453 453 0 8 0 anonpl 24 2323761 0 2308745 288 178 110 129 0 186 0 amapchunkpl 152 246709 0 245907 99 64 35 45 0 158 1 amappl16 200 25571 0 25144 189 165 24 43 0 8 0 amappl15 192 1400 0 1393 1 0 1 1 0 8 0 amappl14 184 23 0 18 1 0 1 1 0 8 0 amappl13 176 1745 0 1738 1 0 1 1 0 8 0 amappl12 168 49 0 45 1 0 1 1 0 8 0 amappl11 160 996 0 982 1 0 1 1 0 8 0 amappl10 152 632 0 626 1 0 1 1 0 8 0 amappl9 144 2025 0 2022 1 0 1 1 0 8 0 amappl8 136 2703 0 2587 5 0 5 5 0 8 0 amappl7 128 1766 0 1751 1 0 1 1 0 8 0 amappl6 120 1828 0 1797 4 3 1 2 0 8 0 amappl5 112 8466 0 8443 1 0 1 1 0 8 0 amappl4 104 2228 0 2195 2 0 2 2 0 8 0 amappl3 96 899 0 885 1 0 1 1 0 8 0 amappl2 88 2663 0 2612 3 1 2 3 0 8 0 amappl1 80 146534 0 145902 23 9 14 18 0 8 0 amappl 88 100941 0 100668 9 2 7 8 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 145 0 15 4 1 3 3 0 8 0 uaddrrnd 24 8067 0 8033 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 8067 0 8033 1 0 1 1 0 8 0 vmmpekpl 168 66264 0 66203 5 1 4 4 0 8 0 vmmpepl 168 743679 0 740975 257 127 130 141 0 357 4 vmsppl 368 8066 0 8033 4 0 4 4 0 8 0 rwobjpl 56 188187 0 180692 125 17 108 111 0 8 0 pdppl 4096 16141 0 16066 402 321 81 95 0 8 6 pvpl 32 3824568 0 3804335 502 320 182 244 0 265 0 pmappl 248 8066 0 8033 4 1 3 3 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 1358 0 494 26 0 26 26 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8257189e) at panic+0x177 sys/kern/subr_prf.c:202 __assert(ffffffff825ea8fa,ffffffff825488d3,66b,ffffffff825585ce) at __assert+0x25 sys/kern/subr_prf.c:161 uvm_fault_unwire_locked(fffffd807a0cfe70,20000000,20011000) at uvm_fault_unwire_locked+0x2eb sys/uvm/uvm_fault.c:1640 uvm_fault_unwire(fffffd807a0cfe70,20000000,20011000) at uvm_fault_unwire+0x3f sys/uvm/uvm_fault.c:1601 sys_sysctl(ffff80002120d260,ffff800023a62be8,ffff800023a62c40) at sys_sysctl+0x229 sys/kern/kern_sysctl.c:254 syscall(ffff800023a62cb0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800023a62cb0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x517ce8ffc60, count: -8 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x28 kd_curproc sys/dev/kcov.c:577 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x28 sys/dev/kcov.c:148 __mp_lock(ffffffff82b73818) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82b73818) at __mp_lock+0x133 sys/kern/kern_lock.c:147 sleep_setup(ffff800023a68450,ffff8000ffff5268,120,ffffffff8257105b,0) at sleep_setup+0xd3 sys/kern/kern_synch.c:374 rwsleep(ffff8000ffff5268,ffffffff8299aeb0,120,ffffffff8257105b,0) at rwsleep+0xc0 sys/kern/kern_synch.c:315 futex_wait(517d147fc60,1,0,2) at futex_wait+0x13c sys/kern/sys_futex.c:260 sys_futex(ffff8000ffff5268,ffff800023a685e0,ffff800023a68640) at sys_futex+0xf8 sys/kern/sys_futex.c:111 syscall(ffff800023a686b0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800023a686b0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x518225a5410, count: 4 ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x28 kd_curproc sys/dev/kcov.c:577 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x28 sys/dev/kcov.c:148 __mp_lock(ffffffff82b73818) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82b73818) at __mp_lock+0x133 sys/kern/kern_lock.c:147 sleep_setup(ffff800023a68450,ffff8000ffff5268,120,ffffffff8257105b,0) at sleep_setup+0xd3 sys/kern/kern_synch.c:374 rwsleep(ffff8000ffff5268,ffffffff8299aeb0,120,ffffffff8257105b,0) at rwsleep+0xc0 sys/kern/kern_synch.c:315 futex_wait(517d147fc60,1,0,2) at futex_wait+0x13c sys/kern/sys_futex.c:260 sys_futex(ffff8000ffff5268,ffff800023a685e0,ffff800023a68640) at sys_futex+0xf8 sys/kern/sys_futex.c:111 syscall(ffff800023a686b0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800023a686b0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x518225a5410, count: -11