uvm_fault(0xfffffd807a287970, 0x3f, 0, 2) -> e
kernel: page fault trap, code=2
Stopped at uao_detach+0xb9: movq %rax,0x40(%r15)
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*160794 35252 0 0 0x4000000 0 syz-executor
uao_detach(fffffd807e14bc60) at uao_detach+0xb9 sys/uvm/uvm_aobj.c:824
shm_deallocate_segment(fffffd8075cefa80) at shm_deallocate_segment+0x43 sys/kern/sysv_shm.c:152
sys_shmat(ffff80002a48d458,ffff800037679c40,ffff800037679b90) at sys_shmat+0x573 sys/kern/sysv_shm.c:278
syscall(ffff800037679c40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x4b6d7dc4380, count: 10
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xfffffd807a287970, 0x3f, 0, 2) -> e
ddb> trace
uao_detach(fffffd807e14bc60) at uao_detach+0xb9 sys/uvm/uvm_aobj.c:824
shm_deallocate_segment(fffffd8075cefa80) at shm_deallocate_segment+0x43 sys/kern/sysv_shm.c:152
sys_shmat(ffff80002a48d458,ffff800037679c40,ffff800037679b90) at sys_shmat+0x573 sys/kern/sysv_shm.c:278
syscall(ffff800037679c40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x4b6d7dc4380, count: -5
ddb> show registers
rdi 0xffff800030e04000
rsi 0x12c
rbp 0xffff800037679a80
rbx 0xfffffd8075cefae8
rdx 0xffff800030e04000
rcx 0x12b
rax 0xffffffffffffffff
r8 0x20003000
r9 0x3000 __ALIGN_SIZE+0x2000
r10 0x2197eebded698252
r11 0xb59bf6591c883df4
r12 0x200
r13 0xfffffd8075cefa80
r14 0xfffffd807e14bc60
r15 0xffffffffffffffff
rip 0xffffffff8226b179 uao_detach+0xb9
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff800037679a40
ss 0x10
uao_detach+0xb9: movq %rax,0x40(%r15)
ddb> show proc
PROC (syz-executor) tid=160794 pid=35252 tcnt=3 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=82, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000376676f0,0xffff80002a48c538
process=0xffff8000ffffaf28 user=0xffff800037674000, vmspace=0xfffffd807a287970
estcpu=32, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
52067 65255 83528 0 2 0 syz-executor
52067 130911 83528 0 3 0x4000080 fsleep syz-executor
4947 31144 59380 0 2 0 syz-executor
4947 280665 59380 0 2 0x4000000 syz-executor
4947 170876 59380 0 2 0x4000000 syz-executor
87971 294646 89340 0 2 0 syz-executor
87971 248209 89340 0 3 0x4000080 fsleep syz-executor
87971 278106 89340 0 2 0x4000000 syz-executor
41993 134601 31274 -1 2 0x10 syz-executor
41993 71220 31274 -1 3 0x4000090 sbwait syz-executor
41993 146875 31274 -1 2 0x4000010 syz-executor
35252 310838 85490 0 2 0 syz-executor
*35252 160794 85490 0 7 0x4000000 syz-executor
35252 214243 85490 0 2 0x4000000 syz-executor
10607 380526 25389 0 2 0 syz-executor
10607 331314 25389 0 2 0x4000000 syz-executor
10607 478385 25389 0 3 0x4000000 inode syz-executor
97674 404146 2618 0 3 0x3000 suspend syz-executor
97674 199735 2618 0 2 0x4081000 syz-executor
59380 288687 51891 0 3 0x82 nanoslp syz-executor
72876 28385 51891 0 3 0x2 biowait syz-executor
25389 291969 51891 0 3 0x82 nanoslp syz-executor
85490 522823 51891 0 3 0x82 nanoslp syz-executor
2618 359984 51891 0 3 0x82 nanoslp syz-executor
83528 20252 51891 0 3 0x82 nanoslp syz-executor
31274 158789 51891 0 3 0x82 nanoslp syz-executor
89340 87337 51891 0 3 0x82 nanoslp syz-executor
97725 178750 0 0 3 0x14200 bored sosplice
51891 257700 12373 0 3 0x82 kqread syz-executor
12373 470267 20144 0 3 0x10008a sigsusp ksh
20144 177871 44221 0 3 0x98 kqread sshd-session
44221 35186 68601 0 3 0x92 kqread sshd-session
88907 107581 1 0 3 0x100083 ttyin getty
68601 37000 1 0 3 0x88 kqread sshd
5974 187788 17706 73 3 0x1100090 kqread syslogd
17706 216152 1 0 3 0x100082 sbwait syslogd
40953 178354 1 0 3 0x100080 kqread resolvd
16858 304742 37534 77 3 0x100092 kqread dhcpleased
28265 272583 37534 77 3 0x100092 kqread dhcpleased
37534 369449 1 0 3 0x80 kqread dhcpleased
83898 433799 0 0 3 0x14200 bored smr
99498 169821 0 0 2 0x14200 zerothread
50945 196916 0 0 3 0x14200 aiodoned aiodoned
77605 43234 0 0 3 0x14200 syncer update
6040 199878 0 0 3 0x14200 cleaner cleaner
58774 135170 0 0 3 0x14200 reaper reaper
10053 127885 0 0 3 0x14200 pgdaemon pagedaemon
21231 231847 0 0 3 0x14200 bored viomb
30509 329165 0 0 3 0x40014200 acpi0 acpi0
27559 483467 0 0 3 0x14200 bored softnet3
5686 194290 0 0 3 0x14200 bored softnet2
77038 400753 0 0 3 0x14200 bored softnet1
85286 93827 0 0 3 0x14200 bored softnet0
66991 408035 0 0 3 0x14200 bored systqmp
56181 305360 0 0 3 0x14200 bored systq
75820 214079 0 0 3 0x40014200 tmoslp softclock
28608 261543 0 0 3 0x40014200 idle0
1 345869 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10180 14131K 14382K 166960K 11420 0
pcb 17 14K 16K 166960K 119 0
rtable 234 9K 9K 166960K 613 0
pf 32 13K 13K 166960K 50 0
ifaddr 42 7K 7K 166960K 81 0
ifgroup 54 2K 2K 166960K 88 0
sysctl 2 0K 0K 166960K 2 0
counters 31 17K 17K 166960K 40 0
ioctlops 0 0K 4K 166960K 47 0
iov 1 16K 16K 166960K 7 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1367 86K 86K 166960K 1581 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 3 5K 5K 166960K 6 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 13 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1690 195K 286K 166960K 12418 0
file desc 17 61K 81K 166960K 397 0
sigio 0 0K 0K 166960K 3 0
proc 60 59K 83K 166960K 714 0
subproc 104 6K 6K 166960K 208 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 19 0
in_multi 98 7K 7K 166960K 190 0
ether_multi 1 0K 0K 166960K 2 0
mrt 1 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 61 281K 281K 166960K 61 0
exec 0 0K 1K 166960K 461 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 230 72K 74K 166960K 4687 0
UVM aobj 7 2K 2K 166960K 8 0
pinsyscall 38 76K 89K 166960K 1618 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 13 0
NDP 12 0K 2K 166960K 53 0
temp 38 6803K 6899K 166960K 13132 0
kqueue 14 22K 28K 166960K 47 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 63 0 58 1 0 1 1 0 8 0
rtentry 112 201 0 94 4 0 4 4 0 8 0
unpcb 144 143 0 120 2 0 2 2 0 8 1
syncache 336 3 0 3 1 1 0 1 0 8 0
tcpcb 808 51 0 46 1 0 1 1 0 8 0
arp 88 34 0 16 1 0 1 1 0 8 0
ipq 40 1 0 0 1 0 1 1 0 8 0
ipqe 40 1 0 0 1 0 1 1 0 8 0
inpcb 336 306 0 298 7 0 7 7 0 8 6
nd6 104 48 0 24 1 0 1 1 0 8 0
kcovpl 48 16 0 8 1 0 1 1 0 8 0
ppxss 1072 1 0 1 1 0 1 1 0 8 1
art_heap8 4096 2 0 1 2 0 2 2 0 8 1
art_heap4 256 813 0 364 31 2 29 29 0 8 0
art_table 32 815 0 365 4 0 4 4 0 8 0
art_node 16 200 0 103 1 0 1 1 0 8 0
sysvmsgpl 40 34 0 33 1 0 1 1 0 8 0
semapl 112 11 0 1 1 0 1 1 0 8 0
shmpl 112 5 0 1 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1805 0 292 95 0 95 95 0 8 0
ffsino 240 1805 0 292 90 0 90 90 0 8 0
nchpl 144 2180 0 495 63 0 63 63 0 8 0
uvmvnodes 80 2078 0 0 43 0 43 43 0 8 0
vnodes 216 2078 0 0 116 0 116 116 0 8 0
namei 1024 7185 0 7181 4 2 2 2 0 8 1
kstatmem 264 42 0 18 2 0 2 2 0 8 0
scxspl 216 10482 0 10481 4 3 1 4 1 8 0
plimitpl 152 86 0 70 1 0 1 1 0 8 0
sigapl 424 659 0 613 6 0 6 6 0 8 0
futexpl 64 2217 0 2215 1 0 1 1 0 8 0
knotepl 120 7628 0 7578 10 0 10 10 0 8 7
kqueuepl 184 58 0 48 1 0 1 1 0 8 0
pipepl 288 137 0 110 3 0 3 3 0 8 0
fdescpl 432 642 0 613 4 0 4 4 0 8 0
filepl 120 2524 0 2270 10 0 10 10 0 8 1
lockfpl 104 70 0 66 1 0 1 1 0 8 0
lockfspl 48 36 0 32 1 0 1 1 0 8 0
sessionpl 144 29 0 21 1 0 1 1 0 8 0
pgrppl 48 47 0 31 1 0 1 1 0 8 0
ucredpl 104 201 0 189 1 0 1 1 0 8 0
zombiepl 144 703 0 700 2 1 1 1 0 8 0
processpl 1096 659 0 613 4 0 4 4 0 8 0
procpl 648 931 0 870 6 0 6 6 0 8 0
sockpl 504 513 0 477 14 1 13 13 0 8 8
mcl64k 65536 6 0 6 1 0 1 1 0 8 1
mcl16k 16384 5 0 5 1 0 1 1 0 8 1
mcl12k 12288 1 0 1 1 0 1 1 0 8 1
mcl9k 9216 1 0 1 1 0 1 1 0 8 1
mcl8k 8192 14 0 14 2 1 1 1 0 8 1
mcl4k 4096 11 0 11 2 1 1 1 0 8 1
mcl2k 2048 5344 0 5251 26 11 15 26 0 8 3
mtagpl 96 10 0 5 1 0 1 1 0 8 0
mbufpl 256 8395 0 8188 16 2 14 14 0 8 0
bufpl 280 4841 0 96 339 0 339 339 0 8 0
anonpl 24 187325 0 184134 54 4 50 50 0 187 29
amapchunkpl 152 15508 0 15003 31 0 31 31 0 158 10
amappl16 200 4924 0 4907 9 4 5 5 0 8 4
amappl15 192 11 0 11 1 1 0 1 0 8 0
amappl14 184 125 0 115 1 0 1 1 0 8 0
amappl13 176 11 0 11 1 1 0 1 0 8 0
amappl12 168 1397 0 1368 2 0 2 2 0 8 0
amappl11 160 49 0 39 1 0 1 1 0 8 0
amappl10 152 7 0 7 1 1 0 1 0 8 0
amappl9 144 137 0 137 1 1 0 1 0 8 0
amappl8 136 24 0 23 1 0 1 1 0 8 0
amappl7 128 113 0 103 1 0 1 1 0 8 0
amappl6 120 261 0 260 1 0 1 1 0 8 0
amappl5 112 171 0 162 1 0 1 1 0 8 0
amappl4 104 305 0 289 1 0 1 1 0 8 0
amappl3 96 2864 0 2750 4 0 4 4 0 8 1
amappl2 88 754 0 693 2 0 2 2 0 8 0
amappl1 80 8367 0 7854 13 1 12 12 0 8 1
amappl 88 4278 0 4102 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 7 0 1 1 0 1 1 0 8 0
uaddrrnd 24 642 0 613 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 642 0 613 1 0 1 1 0 8 0
vmmpekpl 168 6383 0 6332 3 0 3 3 0 8 0
vmmpepl 168 48569 0 46841 78 0 78 78 0 357 0
vmsppl 344 641 0 613 4 1 3 4 0 8 0
rwobjpl 24 20385 0 17455 18 0 18 18 0 8 0
pdppl 4096 1291 0 1226 99 32 67 75 0 8 2
pvpl 32 376569 0 367365 206 0 206 206 0 265 122
pmappl 216 641 0 613 2 0 2 2 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 401 0 55 10 0 10 10 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
uao_detach(fffffd807e14bc60) at uao_detach+0xb9 sys/uvm/uvm_aobj.c:824
shm_deallocate_segment(fffffd8075cefa80) at shm_deallocate_segment+0x43 sys/kern/sysv_shm.c:152
sys_shmat(ffff80002a48d458,ffff800037679c40,ffff800037679b90) at sys_shmat+0x573 sys/kern/sysv_shm.c:278
syscall(ffff800037679c40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x4b6d7dc4380, count: -5
ddb> machine ddbcpu 1
No such command
ddb> trace
uao_detach(fffffd807e14bc60) at uao_detach+0xb9 sys/uvm/uvm_aobj.c:824
shm_deallocate_segment(fffffd8075cefa80) at shm_deallocate_segment+0x43 sys/kern/sysv_shm.c:152
sys_shmat(ffff80002a48d458,ffff800037679c40,ffff800037679b90) at sys_shmat+0x573 sys/kern/sysv_shm.c:278
syscall(ffff800037679c40) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x4b6d7dc4380, count: -5