uvm_fault(0xfffffd806bd2de70, 0x3f, 0, 2) -> e
kernel: page fault trap, code=2
Stopped at uao_detach+0xb9: movq %r15,0x40(%r12)
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*507542 18816 0 0 0x4000000 0 syz-executor
uao_detach(fffffd806f7128b8) at uao_detach+0xb9 sys/uvm/uvm_aobj.c:824
shm_deallocate_segment(fffffd806bd27c48) at shm_deallocate_segment+0x43 sys/kern/sysv_shm.c:152
sys_shmat(ffff80003c94ad18,ffff80003c9636f0,ffff80003c963640) at sys_shmat+0x559 sys/kern/sysv_shm.c:281
syscall(ffff80003c9636f0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c9636f0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9518dd3c820, count: 10
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xfffffd806bd2de70, 0x3f, 0, 2) -> e
ddb> trace
uao_detach(fffffd806f7128b8) at uao_detach+0xb9 sys/uvm/uvm_aobj.c:824
shm_deallocate_segment(fffffd806bd27c48) at shm_deallocate_segment+0x43 sys/kern/sysv_shm.c:152
sys_shmat(ffff80003c94ad18,ffff80003c9636f0,ffff80003c963640) at sys_shmat+0x559 sys/kern/sysv_shm.c:281
syscall(ffff80003c9636f0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c9636f0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9518dd3c820, count: -5
ddb> show registers
rdi 0xffffffff
rsi 0x9
rbp 0xffff80003c963540
rbx 0xfffffd806bd27c48
rdx 0
rcx 0xfffffd80694c9f90
rax 0xffff80003c94ad18
r8 0x200000001000
r9 0x3000 __ALIGN_SIZE+0x2000
r10 0x4a7060b4a2fe4314
r11 0x151957f00c968e51
r12 0xffffffffffffffff
r13 0xffff800001463010
r14 0xfffffd806f7128b8
r15 0xffffffffffffffff
rip 0xffffffff81d097a9 uao_detach+0xb9
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80003c963500
ss 0x10
uao_detach+0xb9: movq %r15,0x40(%r12)
ddb> show proc
PROC (syz-executor) tid=507542 pid=18816 tcnt=4 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=73, usrpri=74, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003c94a2b8,0xffff80002f900558
process=0xffff8000ffffba98 user=0xffff80003c95e000, vmspace=0xfffffd806bd2de70
estcpu=24, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
68489 304422 54487 0 2 0 syz-executor
68489 344843 54487 0 2 0x4000000 syz-executor
9020 481043 69817 0 2 0 syz-executor
9020 312558 69817 0 3 0x4000080 fsleep syz-executor
18816 514162 57592 0 2 0 syz-executor
18816 252313 57592 0 2 0x4000000 syz-executor
*18816 507542 57592 0 7 0x4000000 syz-executor
18816 354010 57592 0 2 0x4000000 syz-executor
57817 42630 43217 0 2 0 syz-executor
57817 442331 43217 0 3 0x4000080 fsleep syz-executor
57817 290052 43217 0 3 0x4000080 fsleep syz-executor
64698 510949 1 0 3 0x80 nanoslp init
55769 121370 0 0 3 0x14280 nfsidl nfsio
59333 353727 0 0 3 0x14280 nfsidl nfsio
1142 165669 0 0 3 0x14280 nfsidl nfsio
34558 165823 0 0 3 0x14280 nfsidl nfsio
78981 508012 0 0 3 0x14280 nfsidl nfsio
41557 271055 0 0 3 0x14280 nfsidl nfsio
60551 419426 0 0 3 0x14280 nfsidl nfsio
46249 250452 0 0 3 0x14280 nfsidl nfsio
16852 146711 0 0 3 0x14280 nfsidl nfsio
12896 348018 0 0 3 0x14280 nfsidl nfsio
46068 516159 0 0 3 0x14280 nfsidl nfsio
81046 16625 0 0 3 0x14280 nfsidl nfsio
91468 475925 0 0 3 0x14280 nfsidl nfsio
7400 198628 0 0 3 0x14280 nfsidl nfsio
50005 375598 0 0 3 0x14280 nfsidl nfsio
49323 415985 0 0 3 0x14280 nfsidl nfsio
95258 469967 0 0 3 0x14280 nfsidl nfsio
98887 468261 0 0 3 0x14280 nfsidl nfsio
42772 64705 0 0 3 0x14280 nfsidl nfsio
39903 368481 0 0 3 0x14280 nfsidl nfsio
18267 195773 0 0 3 0x14200 bored sosplice
69817 136344 55884 0 2 0xc82 syz-executor
78871 43185 55884 0 3 0x2 biowait syz-executor
60926 37869 55884 0 3 0x2 biowait syz-executor
20519 226981 55884 0 2 0x2 syz-executor
43217 147520 55884 0 3 0x82 nanoslp syz-executor
54487 23581 55884 0 2 0xc82 syz-executor
57592 190326 55884 0 3 0x82 nanoslp syz-executor
66732 85996 55884 0 3 0x2 biowait syz-executor
55884 204428 59226 0 3 0x82 kqread syz-executor
59226 49972 19380 0 3 0x10008a sigsusp ksh
19380 245807 40387 0 3 0x98 kqread sshd-session
40387 142840 98658 0 3 0x92 kqread sshd-session
98658 234297 1 0 3 0x88 kqread sshd
91513 116348 10079 73 3 0x1100090 kqread syslogd
10079 380595 1 0 3 0x100082 sbwait syslogd
21928 221958 1 0 3 0x100080 kqread resolvd
20690 53609 88114 77 3 0x100092 kqread dhcpleased
38055 277434 88114 77 3 0x100092 kqread dhcpleased
88114 109115 1 0 3 0x80 kqread dhcpleased
90098 20584 0 0 3 0x14200 bored smr
22487 66196 0 0 2 0x14200 zerothread
72232 119699 0 0 3 0x14200 aiodoned aiodoned
8829 283189 0 0 3 0x14200 syncer update
38615 466364 0 0 3 0x14200 cleaner cleaner
71131 462173 0 0 3 0x14200 reaper reaper
61778 483981 0 0 3 0x14200 pgdaemon pagedaemon
95587 259482 0 0 3 0x14200 bored viomb
71123 82734 0 0 3 0x40014200 acpi0 acpi0
9211 389459 0 0 3 0x14200 bored softnet0
61253 66605 0 0 3 0x14200 smrbar systqmp
6903 83462 0 0 3 0x14200 bored systq
42068 98356 0 0 3 0x40014200 tmoslp softclock
70920 502951 0 0 3 0x40014200 idle0
1 306649 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10191 11113K 11267K 166960K 11633 0
pcb 17 14K 16K 166960K 160 0
rtable 219 16K 17K 166960K 454 0
pf 35 13K 14K 166960K 71 0
ifaddr 37 6K 7K 166960K 69 0
ifgroup 58 2K 2K 166960K 102 0
sysctl 3 1K 9K 166960K 7 0
counters 34 18K 18K 166960K 161 0
ioctlops 0 0K 4K 166960K 196 0
iov 0 0K 16K 166960K 152 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1399 88K 88K 166960K 1704 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 3 5K 5K 166960K 6 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 54 0
dirhash 15 2K 2K 166960K 18 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 14 49K 89K 166960K 500 0
sigio 0 0K 0K 166960K 4 0
proc 51 50K 100K 166960K 533 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 121 0
in_multi 67 5K 7K 166960K 130 0
ether_multi 1 0K 0K 166960K 9 0
mrt 1 0K 0K 166960K 3 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 91 413K 413K 166960K 91 0
exec 0 0K 1K 166960K 407 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 196 154K 175K 166960K 6335 0
UVM aobj 43 2K 2K 166960K 44 0
pinsyscall 34 68K 91K 166960K 1588 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 20 0
NDP 13 0K 2K 166960K 45 0
temp 44 8636K 8700K 166960K 23900 0
kqueue 13 20K 37K 166960K 117 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 68 0 65 1 0 1 1 0 8 0
rtentry 136 125 0 40 4 0 4 4 0 8 0
unpcb 144 252 0 237 1 0 1 1 0 8 0
syncache 336 4 0 4 1 1 0 1 0 8 0
tcpcb 736 189 0 185 7 6 1 7 0 8 0
arp 96 22 0 5 1 0 1 1 0 8 0
ipq 40 1 0 0 1 0 1 1 0 8 0
ipqe 40 1 0 0 1 0 1 1 0 8 0
inpcb 328 615 0 605 13 11 2 12 0 8 0
ip6q 72 2 0 0 1 0 1 1 0 8 0
ip6af 40 3 0 0 1 0 1 1 0 8 0
nd6 112 25 0 10 1 0 1 1 0 8 0
pkpcb 40 5 0 5 2 1 1 1 0 8 1
kcovpl 48 8 0 0 1 0 1 1 0 8 0
ppxss 1072 123 0 123 1 0 1 1 0 8 1
pppxif 1384 3 0 3 1 1 0 1 0 8 0
pfstitem 24 1 0 0 1 0 1 1 0 8 0
pfstkey 128 4 0 3 1 0 1 1 0 8 0
pfstate 384 4 0 3 1 0 1 1 0 8 0
rttmr 136 1 0 1 1 1 0 1 0 8 0
art_heap8 4096 3 0 0 3 0 3 3 0 8 0
art_heap4 256 515 0 139 30 2 28 30 0 8 0
art_table 40 518 0 139 5 0 5 5 0 8 0
art_node 32 125 0 49 1 0 1 1 0 8 0
sysvmsgpl 40 2 0 2 1 1 0 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 51 0 41 1 0 1 1 0 8 0
shmpl 112 42 0 1 2 0 2 2 0 8 0
dirhash 1024 21 0 2 3 0 3 3 0 8 0
dino2pl 256 2282 0 788 95 0 95 95 0 8 0
ffsino 256 2282 0 788 95 0 95 95 0 8 0
nchpl 144 2992 0 1307 63 0 63 63 0 8 0
rtmask 32 5 0 5 1 1 0 1 0 8 0
vnodes 216 2550 0 0 142 0 142 142 0 8 0
namei 1024 9414 0 9412 2 1 1 2 0 8 0
kstatmem 264 58 0 32 2 0 2 2 0 8 0
scsiplug 72 3 0 3 1 1 0 1 0 8 0
scxspl 216 9785 0 9782 8 7 1 8 1 8 0
plimitpl 152 153 0 137 1 0 1 1 0 8 0
sigapl 424 814 0 754 8 0 8 8 0 8 0
knotepl 120 19269 0 19222 21 19 2 16 0 8 0
kqueuepl 184 168 0 159 2 1 1 2 0 8 0
pipepl 304 142 0 115 3 0 3 3 0 8 0
fdescpl 448 779 0 753 5 1 4 5 0 8 0
filepl 120 3862 0 3653 13 5 8 12 0 8 1
lockfpl 104 154 0 152 1 0 1 1 0 8 0
lockfspl 48 64 0 62 1 0 1 1 0 8 0
sessionpl 144 23 0 16 1 0 1 1 0 8 0
pgrppl 48 64 0 49 1 0 1 1 0 8 0
ucredpl 104 578 0 567 1 0 1 1 0 8 0
zombiepl 144 786 0 786 1 0 1 1 0 8 1
processpl 1152 814 0 754 5 0 5 5 0 8 0
procpl 664 1407 0 1339 7 0 7 7 0 8 0
sosppl 168 9 0 9 2 1 1 1 0 8 1
sockpl 552 960 0 931 12 9 3 12 0 8 0
mcl64k 65536 38 0 37 1 0 1 1 0 8 0
mcl16k 16384 5 0 5 1 1 0 1 0 8 0
mcl12k 12288 2 0 2 1 1 0 1 0 8 0
mcl8k 8192 10 0 10 1 1 0 1 0 8 0
mcl4k 4096 2995 0 2944 14 7 7 14 0 8 0
mcl2k 2048 759 0 757 3 2 1 3 0 8 0
mtagpl 96 7 0 6 2 1 1 1 0 8 0
mbufpl 256 8667 0 8506 16 3 13 16 0 8 0
bufpl 280 3237 0 127 223 0 223 223 0 8 0
anonpl 24 148250 0 145438 41 9 32 35 0 187 6
amapchunkpl 152 20920 0 20543 39 14 25 35 0 158 6
amappl16 200 2494 0 2466 5 1 4 5 0 8 0
amappl15 192 6 0 6 1 1 0 1 0 8 0
amappl14 184 4 0 4 1 1 0 1 0 8 0
amappl13 176 412 0 411 1 0 1 1 0 8 0
amappl12 168 1122 0 1089 2 0 2 2 0 8 0
amappl11 160 6 0 6 1 1 0 1 0 8 0
amappl10 152 45 0 35 1 0 1 1 0 8 0
amappl9 144 249 0 249 1 1 0 1 0 8 0
amappl8 136 26 0 25 1 0 1 1 0 8 0
amappl7 128 90 0 88 1 0 1 1 0 8 0
amappl6 120 268 0 256 1 0 1 1 0 8 0
amappl5 112 81 0 73 1 0 1 1 0 8 0
amappl4 104 390 0 369 1 0 1 1 0 8 0
amappl3 96 3353 0 3282 3 0 3 3 0 8 0
amappl2 88 902 0 836 2 0 2 2 0 8 0
amappl1 80 10598 0 10097 13 1 12 13 0 8 0
amappl 88 5567 0 5435 5 0 5 5 0 92 0
uvmvnodes 80 2550 0 0 53 0 53 53 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 7 0 7 1 1 0 1 0 8 0
dma128 128 255 0 255 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 19 0 18 1 0 1 1 0 8 0
aobjpl 72 44 0 1 1 0 1 1 0 8 0
uaddrrnd 24 779 0 753 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 779 0 753 1 0 1 1 0 8 0
vmmpekpl 168 7965 0 7930 2 0 2 2 0 8 0
vmmpepl 168 55981 0 54410 85 6 79 85 0 357 0
vmsppl 368 778 0 753 4 1 3 4 0 8 0
rwobjpl 40 20194 0 16832 35 0 35 35 0 8 0
pdppl 4096 1565 0 1506 97 30 67 79 0 8 8
pvpl 32 369277 0 361930 114 21 93 106 0 265 8
pmappl 216 778 0 753 2 0 2 2 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 381 0 58 11 0 11 11 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
uao_detach(fffffd806f7128b8) at uao_detach+0xb9 sys/uvm/uvm_aobj.c:824
shm_deallocate_segment(fffffd806bd27c48) at shm_deallocate_segment+0x43 sys/kern/sysv_shm.c:152
sys_shmat(ffff80003c94ad18,ffff80003c9636f0,ffff80003c963640) at sys_shmat+0x559 sys/kern/sysv_shm.c:281
syscall(ffff80003c9636f0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c9636f0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9518dd3c820, count: -5
ddb> machine ddbcpu 1
No such command
ddb> trace
uao_detach(fffffd806f7128b8) at uao_detach+0xb9 sys/uvm/uvm_aobj.c:824
shm_deallocate_segment(fffffd806bd27c48) at shm_deallocate_segment+0x43 sys/kern/sysv_shm.c:152
sys_shmat(ffff80003c94ad18,ffff80003c9636f0,ffff80003c963640) at sys_shmat+0x559 sys/kern/sysv_shm.c:281
syscall(ffff80003c9636f0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c9636f0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9518dd3c820, count: -5