uvm_fault(0xfffffd80665ce980, 0x0, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at _copyinstr+0x58: lodsb (%rsi)
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*197262 45615 0 0 0x4000000 0K syz-executor
421286 90588 0 0x2 0x1 1 syz-executor
_copyinstr() at _copyinstr+0x58
namei(ffff80002a7f91d8) at namei+0x190 sys/kern/vfs_lookup.c:156
vn_open(ffff80002a7f91d8,2,0) at vn_open+0x13f sys/kern/vfs_vnops.c:140
doopenat(ffff8000ffff2a50,ffffff9c,0,1,0,ffff80002a7f9380) at doopenat+0x32e sys/kern/vfs_syscalls.c:1137
syscall(ffff80002a7f9430) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a7f9430) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x35e8c3935d0, count: 9
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: uvm_fault(0xfffffd80665ce980, 0x0, 0, 1) -> e
ddb{0}> trace
_copyinstr() at _copyinstr+0x58
namei(ffff80002a7f91d8) at namei+0x190 sys/kern/vfs_lookup.c:156
vn_open(ffff80002a7f91d8,2,0) at vn_open+0x13f sys/kern/vfs_vnops.c:140
doopenat(ffff8000ffff2a50,ffffff9c,0,1,0,ffff80002a7f9380) at doopenat+0x32e sys/kern/vfs_syscalls.c:1137
syscall(ffff80002a7f9430) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a7f9430) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x35e8c3935d0, count: -6
ddb{0}> show registers
rdi 0xffff80002a2d4400
rsi 0
rbp 0xffff80002a7f8f50
rbx 0xffff80002a7f9218
rdx 0x400
rcx 0xffff80002a7f4000
rax 0x7f7fffffc000
r8 0x400
r9 0xffff80002a7f8ef0
r10 0x44b288165fe43d28
r11 0xffffffff831f2cb0 copystr_fault
r12 0xffff80002a2d4400
r13 0xffff80002a7f9218
r14 0x400
r15 0
rip 0xffffffff831f2c88 _copyinstr+0x58
cs 0x8
rflags 0x50206 acpi_pdirpa+0x3c077
rsp 0xffff80002a7f8ed8
ss 0x10
_copyinstr+0x58: lodsb (%rsi)
ddb{0}> show proc
PROC (syz-executor) tid=197262 pid=45615 tcnt=4 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=83, usrpri=84, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003c4507d8,0xffff80002a2967f0
process=0xffff80003c459860 user=0xffff80002a7f4000, vmspace=0xfffffd80665ce980
estcpu=34, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
45615 398544 87046 0 2 0 syz-executor
*45615 197262 87046 0 7 0x4000000 syz-executor
45615 12514 87046 0 2 0x4000000 syz-executor
45615 452899 87046 0 2 0x4000000 syz-executor
71620 385150 90588 0 2 0x2 syz-executor
31401 16721 27020 0 2 0 syz-executor
31401 456612 27020 0 3 0x4000080 nanoslp syz-executor
31401 469984 27020 0 3 0x4000080 fsleep syz-executor
87046 26672 90588 0 2 0xc82 syz-executor
34267 147333 0 0 3 0x14200 acct acct
26041 244385 0 0 3 0x14200 bored sosplice
27020 229291 90588 0 2 0xc82 syz-executor
69002 195160 90588 0 2 0xc82 syz-executor
47936 301407 90588 0 2 0x2 syz-executor
12210 365451 90588 0 2 0x2 syz-executor
76046 191788 90588 0 2 0x2 syz-executor
16389 503663 90588 0 2 0x2 syz-executor
90588 421286 94849 0 7 0x3 syz-executor
94849 315200 60167 0 3 0x10008a sigsusp ksh
60167 293633 7726 0 3 0x98 kqread sshd-session
7726 133862 91261 0 3 0x92 kqread sshd-session
33656 482855 1 0 3 0x100083 ttyin getty
91261 101287 1 0 3 0x88 kqread sshd
79684 520827 77034 74 3 0x1100092 bpf pflogd
77034 379232 1 0 3 0x80 sbwait pflogd
39531 137087 54406 73 3 0x1100090 kqread syslogd
54406 387050 1 0 3 0x100082 sbwait syslogd
4641 481350 1 0 3 0x100080 kqread resolvd
15810 257403 54740 77 3 0x100092 kqread dhcpleased
44730 84433 54740 77 3 0x100092 kqread dhcpleased
54740 405440 1 0 3 0x80 kqread dhcpleased
37538 290384 0 0 3 0x14200 bored smr
3037 171055 0 0 2 0x14200 zerothread
91385 217219 0 0 3 0x14200 aiodoned aiodoned
46599 80788 0 0 3 0x14200 syncer update
49601 466060 0 0 3 0x14200 cleaner cleaner
9621 171519 0 0 3 0x14200 reaper reaper
78727 103007 0 0 3 0x14200 pgdaemon pagedaemon
11718 289878 0 0 3 0x14200 bored viomb
26396 42947 0 0 3 0x40014200 acpi0 acpi0
65632 465375 0 0 3 0x40014200 idle1
46550 112608 0 0 3 0x14200 bored softnet3
92089 318273 0 0 3 0x14200 bored softnet2
41088 259609 0 0 3 0x14200 bored softnet1
23499 173149 0 0 3 0x14200 bored softnet0
47942 175932 0 0 3 0x14200 bored systqmp
11244 291916 0 0 3 0x14200 bored systq
86445 14096 0 0 3 0x14200 tmoslp softclockmp
96456 34248 0 0 2 0x40014200 softclock
20319 306796 0 0 3 0x40014200 idle0
1 336285 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 45615 (syz-executor) thread 0xffff8000ffff2a50 (197262)
Process 45615 (syz-executor) thread 0xffff80002a2967e0 (12514)
Process 47936 (syz-executor) thread 0xffff8000ffffdc38 (301407)
Process 12210 (syz-executor) thread 0xffff8000ffffc008 (365451)
Process 76046 (syz-executor) thread 0xffff80002a2bb9b8 (191788)
Process 16389 (syz-executor) thread 0xffff80002a2ba7c8 (503663)
Process 90588 (syz-executor) thread 0xffff80002a2ba538 (421286)
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10225 11262K 11488K 166960K 13086 0
pcb 17 13K 14K 166960K 153 0
rtable 236 8K 9K 166960K 581 0
pf 36 18K 19K 166960K 108 0
ifaddr 44 8K 8K 166960K 117 0
ifgroup 54 2K 2K 166960K 123 0
sysctl 4 1K 9K 166960K 75 0
counters 66 36K 37K 166960K 132 0
ioctlops 0 0K 4K 166960K 1699 0
iov 0 0K 20K 166960K 55 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1459 92K 92K 166960K 2305 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 15 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 30 0
dirhash 12 2K 2K 166960K 36 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 13 42K 97K 166960K 941 0
sigio 0 0K 0K 166960K 20 0
proc 72 91K 115K 166960K 648 0
subproc 63 3K 4K 166960K 90 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 126 0
in_multi 88 6K 7K 166960K 152 0
ether_multi 1 0K 0K 166960K 6 0
mrt 1 0K 0K 166960K 5 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 103 466K 466K 166960K 103 0
exec 0 0K 1K 166960K 577 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 3 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 208 159K 169K 166960K 10166 0
UVM aobj 84 3K 3K 166960K 85 0
pinsyscall 38 76K 104K 166960K 2078 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 44 0
NDP 11 0K 2K 166960K 52 0
temp 72 8695K 8764K 166960K 52764 0
kqueue 13 20K 30K 166960K 146 0
SYN cache 2 10K 18K 166960K 3 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 225 0 222 5 4 1 3 0 8 0
rtentry 176 195 0 89 6 0 6 6 0 8 0
unpcb 144 581 0 564 8 6 2 4 0 8 1
syncache 336 5 0 5 2 2 0 1 0 8 0
tcpcb 736 331 0 327 13 12 1 7 0 8 0
arp 128 29 0 7 1 0 1 1 0 8 0
inpcb 328 1021 0 1013 21 18 3 7 0 8 1
nd6 144 33 0 9 1 0 1 1 0 8 0
pkpcb 40 8 0 8 3 2 1 1 0 8 1
kcovpl 48 10 0 3 1 0 1 1 0 8 0
ppxss 1192 22 0 22 4 4 0 1 0 8 0
pppxif 1504 7 0 7 2 2 0 1 0 8 0
pffrag 232 4 0 0 1 0 1 1 0 482 0
pffrnode 88 4 0 0 1 0 1 1 0 8 0
pffrent 40 7 0 3 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfstitem 24 62 0 23 1 0 1 1 0 8 0
pfstkey 128 62 0 23 2 0 2 2 0 8 0
pfstate 384 62 0 23 4 0 4 4 0 8 0
pfrule 1344 27 0 18 2 1 1 2 0 8 0
rttmr 136 1 0 1 1 1 0 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 659 0 232 32 4 28 30 0 8 0
art_table 32 661 0 232 4 0 4 4 0 8 0
art_node 16 160 0 69 1 0 1 1 0 8 0
sysvmsgpl 40 6 0 1 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 26 0 16 1 0 1 1 0 8 0
shmpl 112 82 0 1 3 0 3 3 0 8 0
dirhash 1024 33 0 16 3 0 3 3 0 8 0
dino2pl 256 2991 0 1486 95 0 95 95 0 8 0
ffsino 288 2991 0 1486 109 0 109 109 0 8 0
nchpl 144 4277 0 2587 64 0 64 64 0 8 0
rtmask 32 2 0 2 1 1 0 1 0 8 0
uvmvnodes 80 3775 0 0 78 0 78 78 0 8 0
vnodes 216 3775 0 0 210 0 210 210 0 8 0
namei 1024 14946 0 14942 6 5 1 2 0 8 0
percpumem 16 81 0 33 1 0 1 1 0 8 0
kstatmem 264 66 0 42 3 1 2 3 0 8 0
scsiplug 72 4 0 4 2 1 1 1 0 8 1
scxspl 216 14135 0 14135 10 9 1 8 1 8 1
plimitpl 152 339 0 322 1 0 1 1 0 8 0
sigapl 424 1238 0 1191 7 1 6 7 0 8 0
knotepl 120 564 0 0 18 0 18 18 0 8 0
kqueuepl 224 362 0 353 5 4 1 5 0 8 0
pipepl 336 188 0 161 3 0 3 3 0 8 0
fdescpl 520 1218 0 1191 3 0 3 3 0 8 0
filepl 160 7573 0 7365 26 14 12 15 0 8 2
lockfpl 104 850 0 848 3 2 1 2 0 8 0
lockfspl 48 192 0 190 1 0 1 1 0 8 0
sessionpl 144 25 0 16 1 0 1 1 0 8 0
pgrppl 48 46 0 29 1 0 1 1 0 8 0
ucredpl 104 815 0 801 1 0 1 1 0 8 0
zombiepl 144 1192 0 1191 4 3 1 1 0 8 0
processpl 1240 1238 0 1191 6 1 5 5 0 8 0
procpl 656 2605 0 2553 7 1 6 6 0 8 0
srpgc 96 6 0 6 3 3 0 1 0 8 0
sosppl 168 7 0 7 4 3 1 1 0 8 1
sockpl 728 1850 0 1822 24 18 6 10 0 8 3
mcl64k 65536 4 0 0 1 0 1 1 0 8 0
mcl16k 16384 1 0 0 1 0 1 1 0 8 0
mcl12k 12288 1 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 3 0 0 1 0 1 1 0 8 0
mcl4k 4096 106 0 0 14 0 14 14 0 8 0
mcl2k 2048 25 0 0 4 0 4 4 0 8 0
mtagpl 96 165 0 0 5 0 5 5 0 8 0
mbufpl 256 510 0 0 32 0 32 32 0 8 0
bufpl 280 5342 0 194 368 0 368 368 0 8 0
anonpl 32 8057 0 0 65 0 65 65 0 246 0
amapchunkpl 152 33405 0 32967 40 11 29 29 0 158 4
amappl16 200 3869 0 3841 35 23 12 15 0 8 7
amappl15 192 7 0 7 2 2 0 1 0 8 0
amappl14 184 128 0 116 1 0 1 1 0 8 0
amappl13 176 67 0 67 1 1 0 1 0 8 0
amappl12 168 1892 0 1865 4 2 2 3 0 8 0
amappl11 160 48 0 34 1 0 1 1 0 8 0
amappl10 152 9 0 9 1 1 0 1 0 8 0
amappl9 144 260 0 260 1 1 0 1 0 8 0
amappl8 136 28 0 25 1 0 1 1 0 8 0
amappl7 128 149 0 136 1 0 1 1 0 8 0
amappl6 120 200 0 197 1 0 1 1 0 8 0
amappl5 112 135 0 125 1 0 1 1 0 8 0
amappl4 104 325 0 305 1 0 1 1 0 8 0
amappl3 96 6581 0 6497 5 1 4 4 0 8 0
amappl2 88 673 0 607 2 0 2 2 0 8 0
amappl1 80 11790 0 11209 16 2 14 15 0 8 0
amappl 88 9316 0 9180 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 256 0 256 3 2 1 1 0 8 1
dma64 64 8 0 8 2 2 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 19 0 18 1 0 1 1 0 8 0
aobjpl 72 84 0 1 2 0 2 2 0 8 0
uaddrrnd 24 1218 0 1191 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1218 0 1191 1 0 1 1 0 8 0
vmmpekpl 168 10831 0 10766 3 0 3 3 0 8 0
vmmpepl 168 81445 0 79694 113 17 96 99 0 357 6
vmsppl 480 1217 0 1191 6 1 5 5 0 8 0
rwobjpl 72 26765 0 22018 90 2 88 88 0 8 0
pdppl 4096 2443 0 2382 113 44 69 87 0 8 8
pvpl 32 17154 0 0 140 1 139 139 0 265 0
pmappl 256 1217 0 1191 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 437 0 69 11 0 11 11 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
_copyinstr() at _copyinstr+0x58
namei(ffff80002a7f91d8) at namei+0x190 sys/kern/vfs_lookup.c:156
vn_open(ffff80002a7f91d8,2,0) at vn_open+0x13f sys/kern/vfs_vnops.c:140
doopenat(ffff8000ffff2a50,ffffff9c,0,1,0,ffff80002a7f9380) at doopenat+0x32e sys/kern/vfs_syscalls.c:1137
syscall(ffff80002a7f9430) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a7f9430) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x35e8c3935d0, count: -6
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83981728) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline]
__mp_lock(ffffffff83981728) at __mp_lock+0x192 sys/kern/kern_lock.c:165
__mp_acquire_count(ffffffff83981728,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1
sleep_finish(ffffffffffffffff,1) at sleep_finish+0x2da sys/kern/kern_synch.c:366
biowait(fffffd806c1425b0) at biowait+0xc1 sys/kern/vfs_bio.c:1242
bwrite(fffffd806c1425b0) at bwrite+0x2e5 sys/kern/vfs_bio.c:754
ffs2_balloc(fffffd806e102c70,30000,34,fffffd80097fb7b8,1,ffff80002a2e60c8) at ffs2_balloc+0xdec sys/ufs/ffs/ffs_balloc.c:593
ffs_write(ffff80002a2e6150) at ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345
VOP_WRITE(fffffd807a03a2e8,ffff80002a2e6208,3,fffffd80097fb7b8) at VOP_WRITE+0x102 sys/kern/vfs_vops.c:245
ktrwriteraw(ffff80002a2ba538,fffffd807a03a2e8,fffffd80097fb7b8,ffff80002a2e62d0,ffff80002a2e62b0) at ktrwriteraw+0x1bc sys/kern/kern_ktrace.c:691
ktrsyscall(ffff80002a2ba538,4,18,ffff80002a2e6460) at ktrsyscall+0x32b ktrwrite sys/kern/kern_ktrace.c:-1 [inline]
ktrsyscall(ffff80002a2ba538,4,18,ffff80002a2e6460) at ktrsyscall+0x32b sys/kern/kern_ktrace.c:183
syscall(ffff80002a2e6460) at syscall+0x2e6 mi_syscall sys/sys/syscall_mi.h:154 [inline]
syscall(ffff80002a2e6460) at syscall+0x2e6 sys/arch/amd64/amd64/trap.c:579
end trace frame: 0xffff80002a2e64e0, count: 0
ddb{1}> trace
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83981728) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline]
__mp_lock(ffffffff83981728) at __mp_lock+0x192 sys/kern/kern_lock.c:165
__mp_acquire_count(ffffffff83981728,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1
sleep_finish(ffffffffffffffff,1) at sleep_finish+0x2da sys/kern/kern_synch.c:366
biowait(fffffd806c1425b0) at biowait+0xc1 sys/kern/vfs_bio.c:1242
bwrite(fffffd806c1425b0) at bwrite+0x2e5 sys/kern/vfs_bio.c:754
ffs2_balloc(fffffd806e102c70,30000,34,fffffd80097fb7b8,1,ffff80002a2e60c8) at ffs2_balloc+0xdec sys/ufs/ffs/ffs_balloc.c:593
ffs_write(ffff80002a2e6150) at ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345
VOP_WRITE(fffffd807a03a2e8,ffff80002a2e6208,3,fffffd80097fb7b8) at VOP_WRITE+0x102 sys/kern/vfs_vops.c:245
ktrwriteraw(ffff80002a2ba538,fffffd807a03a2e8,fffffd80097fb7b8,ffff80002a2e62d0,ffff80002a2e62b0) at ktrwriteraw+0x1bc sys/kern/kern_ktrace.c:691
ktrsyscall(ffff80002a2ba538,4,18,ffff80002a2e6460) at ktrsyscall+0x32b ktrwrite sys/kern/kern_ktrace.c:-1 [inline]
ktrsyscall(ffff80002a2ba538,4,18,ffff80002a2e6460) at ktrsyscall+0x32b sys/kern/kern_ktrace.c:183
syscall(ffff80002a2e6460) at syscall+0x2e6 mi_syscall sys/sys/syscall_mi.h:154 [inline]
syscall(ffff80002a2e6460) at syscall+0x2e6 sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x70695150ee90, count: -15