uvm_fault(0xfffffd805a85a998, 0x0, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at pool_do_get+0x2c7: movq 0(%rax),%rax
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*263376 56937 0 0 0x4000000 0 syz-executor.7
pool_do_get(ffffffff829d50d0,9,ffff80002b385cc8) at pool_do_get+0x2c7 pool_update_curpage sys/kern/subr_pool.c:1061 [inline]
pool_do_get(ffffffff829d50d0,9,ffff80002b385cc8) at pool_do_get+0x2c7 sys/kern/subr_pool.c:767
pool_get(ffffffff829d50d0,9) at pool_get+0xb3 sys/kern/subr_pool.c:584
falloc(ffff8000ffff8008,ffff80002b385de0,ffff80002b385de8) at falloc+0x124 fnew sys/kern/kern_descrip.c:1051 [inline]
falloc(ffff8000ffff8008,ffff80002b385de0,ffff80002b385de8) at falloc+0x124 sys/kern/kern_descrip.c:1025
dopipe(ffff8000ffff8008,20000100,4) at dopipe+0xed sys/kern/sys_pipe.c:194
syscall(ffff80002b385f20) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb2c3916f270, count: 9
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xfffffd805a85a998, 0x0, 0, 1) -> e
ddb> trace
pool_do_get(ffffffff829d50d0,9,ffff80002b385cc8) at pool_do_get+0x2c7 pool_update_curpage sys/kern/subr_pool.c:1061 [inline]
pool_do_get(ffffffff829d50d0,9,ffff80002b385cc8) at pool_do_get+0x2c7 sys/kern/subr_pool.c:767
pool_get(ffffffff829d50d0,9) at pool_get+0xb3 sys/kern/subr_pool.c:584
falloc(ffff8000ffff8008,ffff80002b385de0,ffff80002b385de8) at falloc+0x124 fnew sys/kern/kern_descrip.c:1051 [inline]
falloc(ffff8000ffff8008,ffff80002b385de0,ffff80002b385de8) at falloc+0x124 sys/kern/kern_descrip.c:1025
dopipe(ffff8000ffff8008,20000100,4) at dopipe+0xed sys/kern/sys_pipe.c:194
syscall(ffff80002b385f20) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb2c3916f270, count: -6
ddb> show registers
rdi 0x21
rsi 0xffffffff829d5118 file_pool+0x48
rbp 0xffff80002b385c70
rbx 0x21
rdx 0
rcx 0xffffffff829d5110 file_pool+0x40
rax 0
r8 0x1323 __ALIGN_SIZE+0x323
r9 0x1323 __ALIGN_SIZE+0x323
r10 0x49d90a507aa8af28
r11 0xc880a6ebad7c038f
r12 0x21
r13 0xfffffd806c57c880
r14 0xffffffff829d50d0 file_pool
r15 0xfffffd806c57cf90
rip 0xffffffff81e7d3c7 pool_do_get+0x2c7
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002b385bf0
ss 0x10
pool_do_get+0x2c7: movq 0(%rax),%rax
ddb> show proc
PROC (syz-executor.7) pid=263376 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=83, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff9ce8,0xffff8000ffff8a98
process=0xffff800027d8ebe8 user=0xffff80002b380000, vmspace=0xfffffd805a85a998
estcpu=33, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
33581 264247 87042 0 2 0 syz-executor.1
33581 420202 87042 0 2 0x4000000 syz-executor.1
33581 225860 87042 0 2 0x4000000 syz-executor.1
11228 257708 29346 0 2 0 syz-executor.5
11228 479843 29346 0 2 0x4000000 syz-executor.5
82475 175028 76201 0 2 0x4081000 syz-executor.4
82475 199442 76201 0 2 0x4081000 syz-executor.4
82475 130278 76201 0 3 0x4003000 suspend syz-executor.4
47205 73039 52241 0 2 0 syz-executor.6
47205 159284 52241 0 3 0x4000080 fsleep syz-executor.6
56937 221527 84519 0 2 0 syz-executor.7
*56937 263376 84519 0 7 0x4000000 syz-executor.7
2693 427030 89031 0 2 0 syz-executor.2
2693 229711 89031 0 3 0x4000080 fsleep syz-executor.2
52384 31502 22014 0 2 0 syz-executor.3
52384 271999 22014 0 3 0x4000080 fsleep syz-executor.3
89031 295178 62730 0 3 0x82 nanoslp syz-executor.2
28090 139111 62730 0 2 0x2 syz-executor.0
87042 522698 62730 0 3 0x82 nanoslp syz-executor.1
52241 293047 62730 0 3 0x82 nanoslp syz-executor.6
84519 381205 62730 0 3 0x82 nanoslp syz-executor.7
86559 382301 1 0 3 0x100083 ttyin getty
29346 228232 62730 0 3 0x82 nanoslp syz-executor.5
76201 400586 62730 0 3 0x82 nanoslp syz-executor.4
22014 498729 62730 0 3 0x82 nanoslp syz-executor.3
73676 307736 0 0 3 0x14280 nfsidl nfsio
41591 217306 0 0 3 0x14280 nfsidl nfsio
41887 976 0 0 3 0x14280 nfsidl nfsio
59007 102928 0 0 3 0x14280 nfsidl nfsio
53494 219568 0 0 3 0x14280 nfsidl nfsio
77127 202903 0 0 3 0x14280 nfsidl nfsio
71968 396071 0 0 3 0x14280 nfsidl nfsio
24036 499967 0 0 3 0x14280 nfsidl nfsio
12441 174767 0 0 3 0x14280 nfsidl nfsio
76701 309350 0 0 3 0x14280 nfsidl nfsio
85615 342768 0 0 3 0x14280 nfsidl nfsio
19139 33437 0 0 3 0x14280 nfsidl nfsio
84175 202520 0 0 3 0x14280 nfsidl nfsio
19008 408666 0 0 3 0x14280 nfsidl nfsio
28282 159114 0 0 3 0x14280 nfsidl nfsio
12417 336993 0 0 3 0x14280 nfsidl nfsio
55328 218885 0 0 3 0x14280 nfsidl nfsio
91044 125455 0 0 3 0x14280 nfsidl nfsio
70872 508684 0 0 3 0x14280 nfsidl nfsio
56949 202670 0 0 3 0x14280 nfsidl nfsio
39800 190601 0 0 3 0x14200 bored sosplice
62730 470188 67302 0 3 0x82 kqread syz-fuzzer
62730 37619 67302 0 3 0x4000082 thrsleep syz-fuzzer
62730 6986 67302 0 3 0x4000082 thrsleep syz-fuzzer
62730 401797 67302 0 3 0x4000082 thrsleep syz-fuzzer
62730 419271 67302 0 3 0x4000082 thrsleep syz-fuzzer
62730 29176 67302 0 3 0x4000082 thrsleep syz-fuzzer
62730 131775 67302 0 3 0x4000082 thrsleep syz-fuzzer
62730 435346 67302 0 3 0x4000082 thrsleep syz-fuzzer
67302 15569 6750 0 3 0x10008a sigsusp ksh
6750 320117 55560 0 3 0x9a kqread sshd
55560 372018 1 0 3 0x88 kqread sshd
64268 404084 59991 73 3 0x1100090 kqread syslogd
59991 303732 1 0 3 0x100082 netio syslogd
71943 154110 1 0 3 0x100080 kqread resolvd
13903 215673 30396 77 3 0x100092 kqread dhcpleased
52846 82075 30396 77 3 0x100092 kqread dhcpleased
30396 496291 1 0 3 0x80 kqread dhcpleased
21940 218073 0 0 3 0x14200 bored smr
68576 68096 0 0 2 0x14200 zerothread
42283 93049 0 0 3 0x14200 aiodoned aiodoned
79047 174238 0 0 3 0x14200 syncer update
39452 285614 0 0 3 0x14200 cleaner cleaner
62383 351435 0 0 3 0x14200 reaper reaper
86556 389578 0 0 3 0x14200 pgdaemon pagedaemon
17141 138658 0 0 3 0x14200 bored viomb
6333 302153 0 0 3 0x40014200 acpi0 acpi0
26944 332206 0 0 3 0x14200 bored softnet
30487 378676 0 0 3 0x14200 bored systqmp
15630 212298 0 0 3 0x14200 bored systq
70078 80057 0 0 3 0x40014200 bored softclock
48535 519075 0 0 3 0x40014200 idle0
1 113789 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10262 6966K 7729K 78643K 125174 0
pcb 13 18K 20K 78643K 3431 0
rtable 161 13K 22K 78643K 13292 0
ifaddr 99 27K 32K 78643K 5331 0
sysctl 3 1K 1K 78643K 3 0
counters 27 17K 17K 78643K 407 0
ioctlops 0 0K 4K 78643K 8195 0
iov 0 0K 36K 78643K 3906 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1648 103K 103K 78643K 35540 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 265 0
VM map 2 0K 0K 78643K 2 0
sem 23 10K 20K 78643K 114 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 17 61K 73K 78643K 29095 0
sigio 0 0K 0K 78643K 569 0
proc 65 55K 79K 78643K 5528 0
subproc 104 6K 6K 78643K 1871 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 1670 0
in_multi 57 3K 7K 78643K 2719 0
ether_multi 1 0K 0K 78643K 386 0
mrt 1 0K 0K 78643K 81 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 247 1102K 1102K 78643K 247 0
exec 0 0K 2K 78643K 8250 0
pfkey data 0 0K 1K 78643K 146 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 828 2339K 2829K 78643K 350891 0
UVM aobj 131 8K 8K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 1294 0
NDP 13 0K 1K 78643K 744 0
temp 206 4845K 5061K 78643K 494268 0
kqueue 12 18K 28K 78643K 1651 0
SYN cache 2 8K 16K 78643K 3 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 2259 0 2256 25 24 1 5 0 8 0
rtentry 112 2084 0 2019 6 3 3 4 0 8 0
unpcb 136 20673 0 20660 216 215 1 9 0 8 0
syncache 296 86 0 86 19 19 0 1 0 8 0
tcpqe 32 47 0 47 9 9 0 1 0 8 0
tcpcb 736 11768 0 11755 387 379 8 20 0 8 6
arp 88 322 0 310 1 0 1 1 0 8 0
ipq 40 102 0 100 11 10 1 1 0 8 0
ipqe 40 3213 0 3211 11 10 1 1 0 8 0
inpcb 304 28923 0 28916 435 426 9 16 0 8 8
rttmr 72 25 0 25 4 4 0 1 0 8 0
ip6q 72 16 0 16 7 7 0 1 0 8 0
ip6af 40 23 0 23 5 5 0 1 0 8 0
nd6 48 533 0 517 1 0 1 1 0 8 0
pkpcb 40 188 0 188 22 22 0 1 0 8 0
kcovpl 48 139 0 131 1 0 1 1 0 8 0
ppxss 1152 98 0 98 26 25 1 1 0 8 1
pfstscr 40 307 0 304 1 0 1 1 0 8 0
pfosfp 40 118 0 109 1 0 1 1 0 8 0
pfosfpen 112 118 0 87 1 0 1 1 0 8 0
pfrktable 1344 3101 0 3101 18 18 0 2 0 8 0
pftag 88 23 0 7 1 0 1 1 0 8 0
pfqueue 264 15 0 15 4 4 0 1 0 8 0
pfstitem 24 481 0 464 1 0 1 1 0 8 0
pfstkey 112 581 0 578 1 0 1 1 0 8 0
pfstate 320 327 0 318 1 0 1 1 0 8 0
pfrule 1360 2071 0 2065 20 19 1 6 0 8 0
art_heap8 4096 2 0 1 2 1 1 2 0 8 0
art_heap4 256 8744 0 8484 69 48 21 32 0 8 0
art_table 32 8746 0 8485 5 1 4 5 0 8 0
art_node 16 2079 0 2024 1 0 1 1 0 8 0
sysvmsgpl 40 6 0 6 2 2 0 1 0 8 0
semupl 112 4 0 4 1 1 0 1 0 8 0
semapl 112 94 0 73 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 39528 0 37945 100 0 100 100 0 8 0
ffsino 240 39528 0 37945 94 0 94 94 0 8 0
nchpl 144 78404 0 76773 62 0 62 62 0 8 0
uvmvnodes 80 8655 0 0 177 0 177 177 0 8 0
vnodes 224 8655 0 0 510 0 510 510 0 8 0
namei 1024 317531 0 317531 12 11 1 2 0 8 1
vcpupl 1984 261 0 1 33 0 33 33 0 8 0
vmpool 528 391 0 131 21 3 18 18 0 8 0
pfiaddrpl 120 979 0 979 6 6 0 1 0 8 0
scsiplug 72 33 0 33 9 9 0 1 0 8 0
scxspl 216 234087 0 234087 63 62 1 8 0 8 1
plimitpl 152 3790 0 3776 1 0 1 1 0 8 0
sigapl 424 29176 0 29114 12 4 8 8 0 8 0
futexpl 64 302251 0 302248 5 4 1 1 0 8 0
knotepl 120 259852 0 259772 50 47 3 10 0 8 0
kqueuepl 184 6901 0 6892 100 99 1 6 0 8 0
pipepl 304 7286 0 7227 168 163 5 12 0 8 0
fdescpl 432 29103 0 29075 4 0 4 4 0 8 0
filepl 120 229166 0 228870 327 313 14 20 0 8 5
filepl: pool(0xffffffff829d50d0:filepl): page inconsistency: page 0x0; at page head addr 0xfffffd8078778f90 (p 0xfffffd8078778000)
lockfpl 104 7257 0 7255 12 11 1 2 0 8 0
lockfspl 48 1940 0 1938 1 0 1 1 0 8 0
sessionpl 144 169 0 153 1 0 1 1 0 8 0
pgrppl 48 518 0 502 1 0 1 1 0 8 0
ucredpl 96 24710 0 24694 1 0 1 1 0 8 0
zombiepl 144 29115 0 29114 6 5 1 1 0 8 0
processpl 1000 29176 0 29114 13 5 8 9 0 8 0
procpl 672 73441 0 73362 63 56 7 9 0 8 0
sosppl 168 188 0 188 34 34 0 1 0 8 0
sockpl 448 52116 0 52093 1067 1056 11 31 0 8 8
mcl64k 65536 1156 0 1156 62 61 1 1 0 8 1
mcl16k 16384 239 0 239 52 52 0 1 0 8 0
mcl12k 12288 917 0 917 58 58 0 1 0 8 0
mcl9k 9216 510 0 510 64 63 1 1 0 8 1
mcl8k 8192 1858 0 1858 52 51 1 1 0 8 1
mcl4k 4096 3471 0 3471 26 25 1 1 0 8 1
mcl2k2 2112 219 0 219 73 72 1 1 0 8 1
mcl2k 2048 139815 0 139753 105 95 10 22 0 8 1
mtagpl 96 6333 0 6094 47 41 6 13 0 8 0
mbufpl 256 435618 0 435181 1148 1117 31 434 0 8 1
bufpl 288 57502 0 48840 619 0 619 619 0 8 0
anonpl 24 8147546 0 8124199 551 392 159 199 0 188 0
amapchunkpl 152 944454 0 943533 2107 2068 39 662 0 158 1
amappl16 200 86629 0 85670 393 334 59 64 0 8 4
amappl15 192 7069 0 7062 1 0 1 1 0 8 0
amappl14 184 4577 0 4568 1 0 1 1 0 8 0
amappl13 176 3607 0 3605 1 0 1 1 0 8 0
amappl12 168 2271 0 2261 1 0 1 1 0 8 0
amappl11 160 5547 0 5533 1 0 1 1 0 8 0
amappl10 152 2824 0 2817 1 0 1 1 0 8 0
amappl9 144 2714 0 2711 1 0 1 1 0 8 0
amappl8 136 6461 0 6304 8 2 6 6 0 8 0
amappl7 128 3552 0 3538 1 0 1 1 0 8 0
amappl6 120 3009 0 2984 2 1 1 2 0 8 0
amappl5 112 25891 0 25877 1 0 1 1 0 8 0
amappl4 104 13527 0 13484 3 1 2 2 0 8 0
amappl3 96 5810 0 5796 1 0 1 1 0 8 0
amappl2 88 6404 0 6335 3 1 2 3 0 8 0
amappl1 80 519546 0 518965 18 5 13 18 0 8 0
amappl 88 347546 0 347120 12 2 10 10 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 29494 0 29206 2 0 2 2 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 29494 0 29206 2 0 2 2 0 8 0
vmmpekpl 168 205501 0 205409 6 1 5 5 0 8 0
vmmpepl 168 2678113 0 2674654 631 463 168 183 0 357 0
vmsppl 272 29493 0 29206 23 3 20 20 0 8 0
rwobjpl 24 632296 0 621309 88 20 68 68 0 8 0
pdppl 4096 58994 0 58672 1824 1501 323 324 0 8 1
pvpl 32 13643384 0 13618920 869 652 217 329 0 265 0
pmappl 216 29493 0 29206 18 1 17 17 0 8 1
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 5668 0 4421 57 20 37 43 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
pool_do_get(ffffffff829d50d0,9,ffff80002b385cc8) at pool_do_get+0x2c7 pool_update_curpage sys/kern/subr_pool.c:1061 [inline]
pool_do_get(ffffffff829d50d0,9,ffff80002b385cc8) at pool_do_get+0x2c7 sys/kern/subr_pool.c:767
pool_get(ffffffff829d50d0,9) at pool_get+0xb3 sys/kern/subr_pool.c:584
falloc(ffff8000ffff8008,ffff80002b385de0,ffff80002b385de8) at falloc+0x124 fnew sys/kern/kern_descrip.c:1051 [inline]
falloc(ffff8000ffff8008,ffff80002b385de0,ffff80002b385de8) at falloc+0x124 sys/kern/kern_descrip.c:1025
dopipe(ffff8000ffff8008,20000100,4) at dopipe+0xed sys/kern/sys_pipe.c:194
syscall(ffff80002b385f20) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb2c3916f270, count: -6
ddb> machine ddbcpu 1
No such command
ddb> trace
pool_do_get(ffffffff829d50d0,9,ffff80002b385cc8) at pool_do_get+0x2c7 pool_update_curpage sys/kern/subr_pool.c:1061 [inline]
pool_do_get(ffffffff829d50d0,9,ffff80002b385cc8) at pool_do_get+0x2c7 sys/kern/subr_pool.c:767
pool_get(ffffffff829d50d0,9) at pool_get+0xb3 sys/kern/subr_pool.c:584
falloc(ffff8000ffff8008,ffff80002b385de0,ffff80002b385de8) at falloc+0x124 fnew sys/kern/kern_descrip.c:1051 [inline]
falloc(ffff8000ffff8008,ffff80002b385de0,ffff80002b385de8) at falloc+0x124 sys/kern/kern_descrip.c:1025
dopipe(ffff8000ffff8008,20000100,4) at dopipe+0xed sys/kern/sys_pipe.c:194
syscall(ffff80002b385f20) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb2c3916f270, count: -6