login: uvm_fault(0xffffffff839397f0, 0xffff800001508000, 0, 2) -> e
kernel: page fault trap, code=2
Stopped at sys_shmat+0xe0: movl $0xffffffffffffffff,0(%r14)
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 69536 91779 0 0 0x4000000 0 syz-executor
sys_shmat(ffff800039d199c0,ffff80002a8936b0,ffff80002a893600) at sys_shmat+0xe0 sys/kern/sysv_shm.c:235
syscall(ffff80002a8936b0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a8936b0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc97dca3aca0, count: 12
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xffffffff839397f0, 0xffff800001508000, 0, 2) -> e
ddb> trace
sys_shmat(ffff800039d199c0,ffff80002a8936b0,ffff80002a893600) at sys_shmat+0xe0 sys/kern/sysv_shm.c:235
syscall(ffff80002a8936b0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a8936b0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc97dca3aca0, count: -3
ddb> show registers
rdi 0
rsi 0x3e92675a
rbp 0xffff80002a8935d0
rbx 0xffff80002a8936b0
rdx 0
rcx 0xffffffff8382aff0 cpu_info_full_primary+0x1ff0
rax 0xffff800039d199c0
r8 0x2
r9 0
r10 0x94c7b39ccc5ab96a
r11 0x5ea1e78b1a31756d
r12 0xffff800039d199c0
r13 0xffff800001462000
r14 0xffff800001508000
r15 0xa600 __ALIGN_SIZE+0x9600
rip 0xffffffff82d9e820 sys_shmat+0xe0
cs 0x8
rflags 0x10216 __ALIGN_SIZE+0xf216
rsp 0xffff80002a893540
ss 0x10
sys_shmat+0xe0: movl $0xffffffffffffffff,0(%r14)
ddb> show proc
PROC (syz-executor) tid=69536 pid=91779 tcnt=3 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=84, usrpri=84, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff800039d19c50,0xffff80002a89b9f0
process=0xffff8000ffff68e0 user=0xffff80002a88e000, vmspace=0xfffffd807e0e7170
estcpu=34, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
91779 451113 22695 0 2 0 syz-executor
*91779 69536 22695 0 7 0x4000000 syz-executor
91779 520253 22695 0 2 0x4000000 syz-executor
84718 23898 67304 0 2 0 syz-executor
84718 68819 67304 0 3 0x4000080 fsleep syz-executor
33408 431440 91182 0 2 0 syz-executor
33408 106722 91182 0 3 0x4000080 wsevent_read syz-executor
33408 331193 91182 0 2 0x4000000 syz-executor
12847 2977 81978 0 2 0x1000000 syz-executor
12847 134489 81978 0 3 0x5000080 fsleep syz-executor
12847 295311 81978 0 3 0x5000080 fsleep syz-executor
12847 313948 81978 0 3 0x5000080 fsleep syz-executor
12847 308323 81978 0 2 0x5000000 syz-executor
93912 34536 24622 0 3 0x3000 suspend syz-executor
93912 258412 24622 0 2 0x4081000 syz-executor
90638 483699 59485 0 2 0 syz-executor
90638 155269 59485 0 3 0x4000080 fsleep syz-executor
90638 178238 59485 0 3 0x4000080 fsleep syz-executor
90638 29149 59485 0 3 0x4000080 fsleep syz-executor
39257 230468 1 0 3 0x100083 ttyin getty
60315 287448 87681 0 2 0x2 syz-executor
67304 194489 87681 0 3 0x82 nanoslp syz-executor
91182 25017 87681 0 3 0x82 nanoslp syz-executor
22695 211260 87681 0 3 0x82 nanoslp syz-executor
93738 91261 87681 0 3 0x82 wait syz-executor
51673 371243 0 0 3 0x14280 nfsidl nfsio
97611 125706 0 0 3 0x14280 nfsidl nfsio
16063 22670 0 0 3 0x14280 nfsidl nfsio
46334 233195 0 0 3 0x14280 nfsidl nfsio
42485 405774 0 0 3 0x14280 nfsidl nfsio
20349 37565 0 0 3 0x14280 nfsidl nfsio
43901 229252 0 0 3 0x14280 nfsidl nfsio
51101 478488 0 0 3 0x14280 nfsidl nfsio
63809 482161 0 0 3 0x14280 nfsidl nfsio
86300 48857 0 0 3 0x14280 nfsidl nfsio
89684 410443 0 0 3 0x14280 nfsidl nfsio
84050 226804 0 0 3 0x14280 nfsidl nfsio
62997 313367 0 0 3 0x14280 nfsidl nfsio
61986 393300 0 0 3 0x14280 nfsidl nfsio
71856 246318 0 0 3 0x14280 nfsidl nfsio
11261 432286 0 0 3 0x14280 nfsidl nfsio
360 146386 0 0 3 0x14280 nfsidl nfsio
5692 178520 0 0 3 0x14280 nfsidl nfsio
56079 115587 0 0 3 0x14280 nfsidl nfsio
76441 195811 0 0 3 0x14280 nfsidl nfsio
59485 500873 87681 0 3 0x82 nanoslp syz-executor
39709 133451 0 0 3 0x14200 bored sosplice
81978 161715 87681 0 3 0x82 nanoslp syz-executor
24622 324609 87681 0 3 0x82 nanoslp syz-executor
87681 239810 27994 0 3 0x82 kqread syz-executor
27994 256726 44754 0 3 0x10008a sigsusp ksh
44754 520621 80347 0 3 0x98 kqread sshd-session
80347 473069 76043 0 3 0x92 kqread sshd-session
76043 394285 1 0 3 0x88 kqread sshd
82001 46338 89659 73 3 0x1100090 kqread syslogd
89659 125105 1 0 3 0x100082 sbwait syslogd
15729 443449 1 0 3 0x100080 kqread resolvd
84822 126966 98652 77 3 0x100092 kqread dhcpleased
16801 158448 98652 77 3 0x100092 kqread dhcpleased
98652 21632 1 0 3 0x80 kqread dhcpleased
49828 219288 0 0 3 0x14200 bored smr
1828 184741 0 0 2 0x14200 zerothread
66043 19970 0 0 3 0x14200 aiodoned aiodoned
47889 336080 0 0 3 0x14200 syncer update
9924 484227 0 0 3 0x14200 cleaner cleaner
33715 85656 0 0 3 0x14200 reaper reaper
79529 293649 0 0 3 0x14200 pgdaemon pagedaemon
77120 287542 0 0 3 0x14200 bored viomb
81737 459772 0 0 3 0x40014200 acpi0 acpi0
42462 71439 0 0 3 0x14200 bored softnet3
75764 76952 0 0 3 0x14200 bored softnet2
4531 503846 0 0 3 0x14200 bored softnet1
30594 137908 0 0 3 0x14200 bored softnet0
31353 260626 0 0 3 0x14200 bored systqmp
81542 319502 0 0 3 0x14200 bored systq
79213 173565 0 0 2 0x40014200 softclock
53709 376939 0 0 3 0x40014200 idle0
1 251674 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10193 11069K 11524K 166960K 13933 0
pcb 17 13K 13K 166960K 207 0
rtable 203 10K 10K 166960K 815 0
pf 36 14K 16K 166960K 173 0
ifaddr 38 6K 7K 166960K 141 0
ifgroup 54 2K 2K 166960K 226 0
sysctl 4 1K 9K 166960K 22 0
counters 33 17K 18K 166960K 114 0
ioctlops 0 0K 4K 166960K 318 0
iov 0 0K 24K 166960K 78 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1404 88K 89K 166960K 2871 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 3 5K 9K 166960K 34 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 66 0
dirhash 15 2K 2K 166960K 42 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 232K 166960K 1686 0
sigio 0 0K 0K 166960K 21 0
proc 60 59K 100K 166960K 922 0
subproc 72 4K 4K 166960K 167 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 148 0
in_multi 83 6K 7K 166960K 257 0
ether_multi 1 0K 0K 166960K 15 0
mrt 3 0K 0K 166960K 11 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 85 387K 387K 166960K 85 0
exec 0 0K 1K 166960K 878 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 2 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 234 143K 162K 166960K 16678 0
UVM aobj 131 4K 4K 166960K 138 0
pinsyscall 38 76K 94K 166960K 2993 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 71 0
NDP 12 0K 2K 166960K 98 0
temp 72 8686K 8810K 166960K 47418 0
kqueue 13 20K 30K 166960K 273 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 149 0 146 1 0 1 1 0 8 0
rtentry 136 261 0 177 4 0 4 4 0 8 0
unpcb 144 1126 0 1109 9 3 6 6 0 8 5
syncache 336 8 0 8 4 3 1 1 0 8 1
tcpqe 32 6 0 6 3 2 1 1 0 8 1
tcpcb 736 573 0 568 13 9 4 7 0 8 3
pool(tcpcb): free list modified: page 0xffff8000014b3000; item ordinal 0; addr 0xffff8000014b4d18 (p 0xfffffd806c052000); offset 0x8=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): page inconsistency: page 0xffff8000014b3000; item ordinal 1; addr 0xffff800030e45ba7
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 0; addr 0xffff8000014ba1a0 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff
pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 0; addr 0xffff8000014ba1a0 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 1; addr 0xffff8000014b9ec0 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff
pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 1; addr 0xffff8000014b9ec0 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 2; addr 0xffff8000014b9be0 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff
pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 2; addr 0xffff8000014b9be0 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 3; addr 0xffff8000014b9900 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff
pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 3; addr 0xffff8000014b9900 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 4; addr 0xffff8000014b9620 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff
pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 4; addr 0xffff8000014b9620 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 5; addr 0xffff8000014b9060 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff
pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 5; addr 0xffff8000014b9060 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 6; addr 0xffff8000014b9340 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff
pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 6; addr 0xffff8000014b9340 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 7; addr 0xffff8000014ba760 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff
pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 7; addr 0xffff8000014ba760 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 8; addr 0xffff8000014bad20 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff
pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 8; addr 0xffff8000014bad20 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 9; addr 0xffff8000014baa40 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff
pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 9; addr 0xffff8000014baa40 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 10; addr 0xffff8000014ba480 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff
pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 10; addr 0xffff8000014ba480 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 0; addr 0xffff8000014aa330 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff
pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 0; addr 0xffff8000014aa330 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 1; addr 0xffff8000014aa050 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff
pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 1; addr 0xffff8000014aa050 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 2; addr 0xffff8000014aa610 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff
pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 2; addr 0xffff8000014aa610 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 3; addr 0xffff8000014aa8f0 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff
pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 3; addr 0xffff8000014aa8f0 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 4; addr 0xffff8000014ab470 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff
pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 4; addr 0xffff8000014ab470 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 5; addr 0xffff8000014abd10 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff
pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 5; addr 0xffff8000014abd10 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 6; addr 0xffff8000014aba30 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff
pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 6; addr 0xffff8000014aba30 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 7; addr 0xffff8000014ab190 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff
pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 7; addr 0xffff8000014ab190 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 8; addr 0xffff8000014ab750 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff
pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 8; addr 0xffff8000014ab750 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 9; addr 0xffff8000014aabd0 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff
pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 9; addr 0xffff8000014aabd0 (p 0xfffffd806c052000); offset 0x0=0xffffffff
tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 10; addr 0xffff8000014aaeb0 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff
pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 10; addr 0xffff8000014aaeb0 (p 0xfffffd806c052000); offset 0x0=0xffffffff
arp 88 44 0 27 1 0 1 1 0 8 0
ipq 40 5 0 5 1 0 1 1 0 8 1
ipqe 40 6 0 6 1 0 1 1 0 8 1
inpcb 328 1497 0 1486 16 9 7 7 0 8 5
ip6q 72 6 0 4 1 0 1 1 0 8 0
ip6af 40 13 0 8 1 0 1 1 0 8 0
nd6 104 64 0 42 1 0 1 1 0 8 0
pkpcb 40 5 0 5 1 1 0 1 0 8 0
kcovpl 48 18 0 10 1 0 1 1 0 8 0
mppekey 1024 2 0 2 2 1 1 1 0 8 1
ppxss 1072 52 0 52 4 3 1 1 0 8 1
pppxif 1384 9 0 9 4 3 1 1 0 8 1
pfstscr 40 2 0 2 1 1 0 1 0 8 0
pfrktable 1344 2 0 2 2 1 1 1 0 8 1
pfrktable: pool(0xffffffff838bf780:pfrktable): page inconsistency: page 0xffff8000ffffffff; at page head addr 0xffff800001507f90 (p 0xffff800001504000)
uvm_fault(0xffffffff839397f0, 0xffff8001000000d7, 0, 1) -> e
kernel: page fault trap, code=0
Faulted in DDB; continuing...
ddb> machine ddbcpu 0
No such command
ddb> trace
sys_shmat(ffff800039d199c0,ffff80002a8936b0,ffff80002a893600) at sys_shmat+0xe0 sys/kern/sysv_shm.c:235
syscall(ffff80002a8936b0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a8936b0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc97dca3aca0, count: -3
ddb> machine ddbcpu 1
No such command
ddb> trace
sys_shmat(ffff800039d199c0,ffff80002a8936b0,ffff80002a893600) at sys_shmat+0xe0 sys/kern/sysv_shm.c:235
syscall(ffff80002a8936b0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a8936b0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc97dca3aca0, count: -3