uvm_fault(0xffffffff838cddc0, 0xffff800001566000, 0, 2) -> e
kernel: page fault trap, code=2
Stopped at sys_shmat+0xe0: movl $0xffffffffffffffff,0(%r14)
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*147873 19292 0 0 0x4000000 0K syz-executor
sys_shmat(ffff8000ffff2548,ffff80003c44fc00,ffff80003c44fb50) at sys_shmat+0xe0 sys/kern/sysv_shm.c:235
syscall(ffff80003c44fc00) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c44fc00) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xab573a7a820, count: 12
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: uvm_fault(0xffffffff838cddc0, 0xffff800001566000, 0, 2) -> e
ddb{0}> trace
sys_shmat(ffff8000ffff2548,ffff80003c44fc00,ffff80003c44fb50) at sys_shmat+0xe0 sys/kern/sysv_shm.c:235
syscall(ffff80003c44fc00) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c44fc00) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xab573a7a820, count: -3
ddb{0}> show registers
rdi 0xffff8000333e6000
rsi 0xdf78 __ALIGN_SIZE+0xcf78
rbp 0xffff80003c44fb20
rbx 0xffff80003c44fc00
rdx 0xffff8000333e6000
rcx 0xdf77 __ALIGN_SIZE+0xcf77
rax 0xffffffff82c7c082 sys_shmat+0xf2
r8 0xffffffffffffffff
r9 0
r10 0xfb7c6a286084d61a
r11 0x2e835a1769e85140
r12 0xffff8000ffff2548
r13 0xffff800001488000
r14 0xffff800001566000
r15 0xde00 __ALIGN_SIZE+0xce00
rip 0xffffffff82c7c070 sys_shmat+0xe0
cs 0x8
rflags 0x10216 __ALIGN_SIZE+0xf216
rsp 0xffff80003c44fa90
ss 0x10
sys_shmat+0xe0: movl $0xffffffffffffffff,0(%r14)
ddb{0}> show proc
PROC (syz-executor) tid=147873 pid=19292 tcnt=4 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=85, usrpri=85, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000ffff3770,0xffff8000ffff22c0
process=0xffff80003c41c030 user=0xffff80003c44a000, vmspace=0xfffffd806e2e2400
estcpu=35, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
90898 147060 17048 0 2 0 syz-executor
90898 328691 17048 0 3 0x4000080 fsleep syz-executor
20474 143222 86082 0 2 0 syz-executor
20474 46327 86082 0 2 0x4000000 syz-executor
32781 421176 59298 0 2 0 syz-executor
19292 291836 5140 0 2 0 syz-executor
19292 170383 5140 0 2 0x4000000 syz-executor
*19292 147873 5140 0 7 0x4000000 syz-executor
19292 359187 5140 0 3 0x4000080 fsleep syz-executor
43629 23378 98248 0 2 0 syz-executor
43629 442430 98248 0 3 0x4000080 fsleep syz-executor
43629 281242 98248 0 3 0x4000080 fsleep syz-executor
43629 24225 98248 0 3 0x4000080 fsleep syz-executor
5245 303255 71558 0 2 0 syz-executor
5245 99604 71558 0 2 0x4000000 syz-executor
5245 38966 71558 0 2 0x4000000 syz-executor
90759 404834 1 0 3 0x100083 ttyin getty
71558 505671 30179 0 3 0x82 nanoslp syz-executor
5140 2619 30179 0 2 0x3 syz-executor
98248 446744 30179 0 2 0x3 syz-executor
59298 394153 30179 0 3 0x82 nanoslp syz-executor
88142 348515 30179 0 2 0x2 syz-executor
86082 330646 30179 0 3 0x82 nanoslp syz-executor
17048 404824 30179 0 3 0x82 nanoslp syz-executor
32132 317407 30179 0 2 0x3 syz-executor
30179 296533 67687 0 3 0x82 kqread syz-executor
67687 205176 54967 0 3 0x10008a sigsusp ksh
54967 123657 76162 0 3 0x98 kqread sshd-session
76162 397226 96306 0 3 0x92 kqread sshd-session
96306 456110 1 0 3 0x88 kqread sshd
11660 266175 77885 74 3 0x1100092 bpf pflogd
77885 414954 1 0 3 0x80 sbwait pflogd
91627 271169 72914 73 3 0x1100090 kqread syslogd
72914 185190 1 0 3 0x100082 sbwait syslogd
15332 197552 1 0 3 0x100080 kqread resolvd
49583 155836 79123 77 3 0x100092 kqread dhcpleased
61144 69326 79123 77 3 0x100092 kqread dhcpleased
79123 319310 1 0 3 0x80 kqread dhcpleased
38835 312960 0 0 3 0x14200 bored smr
20941 331540 0 0 2 0x14200 zerothread
81624 399952 0 0 3 0x14200 aiodoned aiodoned
84600 169501 0 0 3 0x14200 syncer update
4587 400150 0 0 3 0x14200 cleaner cleaner
79096 405263 0 0 3 0x14200 reaper reaper
1669 152532 0 0 3 0x14200 pgdaemon pagedaemon
93135 469543 0 0 3 0x14200 bored viomb
71608 2800 0 0 3 0x40014200 acpi0 acpi0
22837 454049 0 0 7 0x40014200 idle1
51921 472785 0 0 3 0x14200 bored softnet1
57073 398619 0 0 3 0x14200 bored softnet0
73897 517050 0 0 3 0x14200 bored systqmp
16348 330334 0 0 3 0x14200 bored systq
14640 86807 0 0 3 0x14200 tmoslp softclockmp
33917 310292 0 0 3 0x40014200 tmoslp softclock
28186 436688 0 0 3 0x40014200 idle0
1 230038 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{0}> show all locks
Process 20474 (syz-executor) thread 0xffff80003c00d248 (46327)
Process 19292 (syz-executor) thread 0xffff8000ffff2548 (147873)
Process 5245 (syz-executor) thread 0xffff8000ffffc538 (99604)
Process 88142 (syz-executor) thread 0xffff8000ffffd760 (348515)
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10234 11037K 11369K 166960K 13276 0
pcb 17 15K 17K 166960K 491 0
rtable 266 13K 13K 166960K 559 0
pf 40 19K 81K 166960K 156 0
ifaddr 44 8K 8K 166960K 96 0
ifgroup 55 2K 2K 166960K 159 0
sysctl 3 1K 9K 166960K 16 0
counters 70 37K 38K 166960K 318 0
ioctlops 0 0K 4K 166960K 1838 0
iov 0 0K 20K 166960K 112 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1400 88K 89K 166960K 2518 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 3 6K 6K 166960K 21 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 1K 166960K 46 0
dirhash 51 9K 11K 166960K 246 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 102K 166960K 1283 0
sigio 0 0K 0K 166960K 33 0
proc 74 115K 164K 166960K 717 0
subproc 72 4K 4K 166960K 81 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 210 0
in_multi 99 7K 7K 166960K 159 0
ether_multi 1 0K 0K 166960K 10 0
mrt 2 0K 0K 166960K 12 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 265 1182K 1182K 166960K 265 0
exec 0 0K 1K 166960K 749 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 4 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 245 151K 166K 166960K 14316 0
UVM aobj 33 14K 14K 166960K 39 0
pinsyscall 43 86K 101K 166960K 2477 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 113 0
NDP 12 0K 2K 166960K 68 0
temp 68 8677K 8752K 166960K 65559 0
kqueue 13 20K 31K 166960K 231 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 257 0 254 5 4 1 5 0 8 0
rtentry 176 161 0 52 6 0 6 6 0 8 0
unpcb 144 1029 0 1011 15 14 1 6 0 8 0
syncache 336 6 0 6 4 3 1 1 0 8 1
tcpqe 32 3 0 3 2 1 1 1 0 8 1
tcpcb 736 310 0 304 3 2 1 2 0 8 0
arp 136 28 0 7 1 0 1 1 0 8 0
ipq 40 3 0 3 3 2 1 1 0 8 1
ipqe 40 9 0 9 3 2 1 1 0 8 1
inpcb 328 1732 0 1721 35 31 4 15 0 8 2
nd6 152 30 0 3 2 0 2 2 0 8 0
pkpcb 40 9 0 9 5 5 0 1 0 8 0
kcovpl 48 9 0 1 1 0 1 1 0 8 0
ppxss 1192 115 0 115 3 2 1 1 0 8 1
pppxif 1504 3 0 3 1 1 0 1 0 8 0
pfstscr 40 3 0 2 1 0 1 1 0 8 0
pffrag 232 12 0 5 1 0 1 1 0 482 0
pffrnode 88 11 0 5 1 0 1 1 0 8 0
pffrent 40 33 0 26 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 3 0 2 2 1 1 1 0 8 0
pfanchor 1288 2 0 0 1 0 1 1 0 8 0
pfanchor: pool(0xffffffff838ea818:pfanchor): page inconsistency: page 0xffff8000ffffffff; at page head addr 0xffff80000150bf90 (p 0xffff800001508000)
uvm_fault(0xfffffd806e2e2400, 0x10000004f, 0, 1) -> e
kernel: page fault trap, code=0
Faulted in DDB; continuing...
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
sys_shmat(ffff8000ffff2548,ffff80003c44fc00,ffff80003c44fb50) at sys_shmat+0xe0 sys/kern/sysv_shm.c:235
syscall(ffff80003c44fc00) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c44fc00) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xab573a7a820, count: -3
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
acpicpu_idle() at acpicpu_idle+0x457 sys/dev/acpi/acpicpu_x86.c:1224
sched_idle(ffff8000299edff0) at sched_idle+0x391 sys/kern/kern_sched.c:191
end trace frame: 0x0, count: 10
ddb{1}> trace
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
acpicpu_idle() at acpicpu_idle+0x457 sys/dev/acpi/acpicpu_x86.c:1224
sched_idle(ffff8000299edff0) at sched_idle+0x391 sys/kern/kern_sched.c:191
end trace frame: 0x0, count: -5