uvm_fault(0xfffffd807eb95810, 0xf, 0, 1) -> e kernel: page fault trap, code=0 Stopped at ktrops+0x58: movq 0x10(%r14),%r14 TID PID UID PRFLAGS PFLAGS CPU COMMAND *299383 30700 0 0 0x4000000 0 syz-executor ktrops(ffff800037617978,ffffffffffffffff,0,80000008,fffffd80684f0360,fffffd807f7d7548) at ktrops+0x58 ktrcanset sys/kern/kern_ktrace.c:718 [inline] ktrops(ffff800037617978,ffffffffffffffff,0,80000008,fffffd80684f0360,fffffd807f7d7548) at ktrops+0x58 sys/kern/kern_ktrace.c:561 doktrace(fffffd80684f0360,4,8,ffffffff,ffff800037617978) at doktrace+0x57d ktrsetchildren sys/kern/kern_ktrace.c:586 [inline] doktrace(fffffd80684f0360,4,8,ffffffff,ffff800037617978) at doktrace+0x57d sys/kern/kern_ktrace.c:493 sys_ktrace(ffff800037617978,ffff80002a59f470,ffff80002a59f3c0) at sys_ktrace+0x11c sys/kern/kern_ktrace.c:549 syscall(ffff80002a59f470) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x44658747b70, count: 10 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xfffffd807eb95810, 0xf, 0, 1) -> e ddb> trace ktrops(ffff800037617978,ffffffffffffffff,0,80000008,fffffd80684f0360,fffffd807f7d7548) at ktrops+0x58 ktrcanset sys/kern/kern_ktrace.c:718 [inline] ktrops(ffff800037617978,ffffffffffffffff,0,80000008,fffffd80684f0360,fffffd807f7d7548) at ktrops+0x58 sys/kern/kern_ktrace.c:561 doktrace(fffffd80684f0360,4,8,ffffffff,ffff800037617978) at doktrace+0x57d ktrsetchildren sys/kern/kern_ktrace.c:586 [inline] doktrace(fffffd80684f0360,4,8,ffffffff,ffff800037617978) at doktrace+0x57d sys/kern/kern_ktrace.c:493 sys_ktrace(ffff800037617978,ffff80002a59f470,ffff80002a59f3c0) at sys_ktrace+0x11c sys/kern/kern_ktrace.c:549 syscall(ffff80002a59f470) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x44658747b70, count: -5 ddb> show registers rdi 0xffff80002d1b8000 rsi 0x4b2 rbp 0xffff80002a59f190 rbx 0xfffffd807f7d7548 rdx 0xffff80002d1b8000 rcx 0x4b1 rax 0xffffffff8269a2c3 ktrops+0x43 r8 0xfffffd80684f0360 r9 0xfffffd807f7d7548 r10 0xa9b06639f1886a0e r11 0xc0021f6b41bfce2d r12 0xffff800037617978 r13 0x1 r14 0xffffffffffffffff r15 0x80000008 __kernel_virt_to_phys+0x8 rip 0xffffffff8269a2d8 ktrops+0x58 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002a59f110 ss 0 ktrops+0x58: movq 0x10(%r14),%r14 ddb> show proc PROC (syz-executor) tid=299383 pid=30700 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=17, usrpri=84, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800037616a48,0xffff800037617c10 process=0xffff8000327f6f30 user=0xffff80002a59a000, vmspace=0xfffffd807eb95810 estcpu=34, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 82107 404443 86513 0 2 0 syz-executor 82107 389366 86513 0 2 0x4000000 syz-executor 30700 268066 47812 0 3 0x80 fsleep syz-executor *30700 299383 47812 0 7 0x4000000 syz-executor 55810 482690 29429 0 3 0x80 fsleep syz-executor 55810 462649 29429 0 3 0x4000080 fsleep syz-executor 55810 359802 29429 0 3 0x4000080 ttyout syz-executor 59847 328571 78608 0 3 0x80 fsleep syz-executor 59847 36346 78608 0 3 0x4000080 ttyopn syz-executor 59847 237280 78608 0 3 0x4000080 fsleep syz-executor 2641 338674 0 0 3 0x14200 acct acct 40282 58727 1010 0 2 0x2 syz-executor 78608 500482 1010 0 2 0x482 syz-executor 90784 82901 1010 0 2 0x2 syz-executor 27246 152229 1010 0 2 0x2 syz-executor 86513 317805 1010 0 3 0x82 nanoslp syz-executor 47812 225157 1010 0 2 0x482 syz-executor 20574 104375 1010 0 2 0x2 syz-executor 29429 335844 1010 0 2 0x482 syz-executor 44489 328237 1 0 3 0x100083 ttyin getty 77899 523208 0 0 3 0x14200 bored sosplice 1010 385990 25239 0 3 0x82 kqread syz-executor 25239 194061 53845 0 3 0x10008a sigsusp ksh 53845 368246 2188 0 3 0x98 kqread sshd-session 2188 285656 14790 0 3 0x92 kqread sshd-session 14790 243920 1 0 3 0x88 kqread sshd 92586 261806 7801 73 3 0x1100090 kqread syslogd 7801 178695 1 0 3 0x100082 sbwait syslogd 73585 76205 1 0 3 0x100080 kqread resolvd 38920 248145 33401 77 3 0x100092 kqread dhcpleased 21989 42114 33401 77 3 0x100092 kqread dhcpleased 33401 493642 1 0 3 0x80 kqread dhcpleased 23114 251070 0 0 3 0x14200 bored smr 13775 140145 0 0 2 0x14200 zerothread 9336 381497 0 0 3 0x14200 aiodoned aiodoned 18327 372013 0 0 3 0x14200 syncer update 28596 321836 0 0 3 0x14200 cleaner cleaner 56283 94276 0 0 3 0x14200 reaper reaper 11709 271300 0 0 3 0x14200 pgdaemon pagedaemon 18955 318511 0 0 3 0x14200 bored viomb 46086 187945 0 0 3 0x40014200 acpi0 acpi0 65394 518050 0 0 3 0x14200 bored softnet3 11517 48921 0 0 3 0x14200 bored softnet2 28027 520608 0 0 3 0x14200 bored softnet1 38156 75075 0 0 3 0x14200 bored softnet0 31786 165290 0 0 3 0x14200 bored systqmp 86162 216535 0 0 3 0x14200 bored systq 18878 365089 0 0 2 0x40014200 softclock 96486 518434 0 0 3 0x40014200 idle0 1 32310 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10182 11055K 11561K 166960K 12963 0 pcb 19 16K 18K 166960K 426 0 rtable 183 7K 9K 166960K 1985 0 pf 34 13K 21K 166960K 215 0 ifaddr 71 15K 16K 166960K 302 0 ifgroup 54 2K 2K 166960K 312 0 sysctl 4 1K 1K 166960K 8 0 counters 31 17K 18K 166960K 97 0 ioctlops 0 0K 4K 166960K 400 0 iov 0 0K 24K 166960K 155 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1426 90K 90K 166960K 3218 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 33 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 51 0 dirhash 15 2K 2K 166960K 42 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 14 49K 97K 166960K 2339 0 sigio 0 0K 0K 166960K 64 0 proc 60 59K 124K 166960K 1963 0 subproc 104 6K 6K 166960K 729 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 212 0 in_multi 78 5K 7K 166960K 687 0 ether_multi 1 0K 0K 166960K 19 0 mrt 1 0K 0K 166960K 7 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 85 387K 387K 166960K 85 0 exec 0 0K 1K 166960K 1225 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 193 71K 90K 166960K 20888 0 UVM aobj 81 3K 5K 166960K 94 0 pinsyscall 35 70K 96K 166960K 4622 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 85 0 NDP 12 0K 2K 166960K 193 0 temp 75 6816K 6889K 166960K 74175 0 kqueue 13 20K 30K 166960K 307 0 SYN cache 2 2352K 2360K 166960K 3 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 300 0 297 2 1 1 2 0 8 0 rtentry 112 679 0 599 4 0 4 4 0 8 0 unpcb 144 1659 0 1643 9 5 4 6 0 8 3 syncache 336 4 0 4 1 1 0 1 0 8 0 tcpqe 32 6 0 6 2 1 1 1 0 8 1 tcpcb 808 724 0 719 18 10 8 11 0 8 7 arp 88 119 0 104 1 0 1 1 0 8 0 ipq 40 15 0 14 1 0 1 1 0 8 0 ipqe 40 110 0 109 1 0 1 1 0 8 0 inpcb 336 2273 0 2264 16 9 7 10 0 8 6 nd6 104 183 0 164 1 0 1 1 0 8 0 pkpcb 40 18 0 18 2 1 1 1 0 8 1 kcovpl 48 56 0 48 1 0 1 1 0 8 0 ppxss 1072 10 0 10 2 1 1 1 0 8 1 pfstscr 40 2 0 2 2 1 1 1 0 8 1 pfanchor 1288 3 0 0 1 0 1 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 4 0 0 1 0 1 1 0 8 0 pfstkey 128 15 0 11 1 0 1 1 0 8 0 pfstate 344 8 0 6 1 0 1 1 0 8 0 pfrule 1344 23 0 22 1 0 1 1 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 2789 0 2429 30 1 29 30 0 8 3 art_table 32 2793 0 2429 4 0 4 4 0 8 0 art_node 16 676 0 604 1 0 1 1 0 8 0 sysvmsgpl 40 17 0 7 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 47 0 37 1 0 1 1 0 8 0 shmpl 112 91 0 13 3 0 3 3 0 8 0 dirhash 1024 38 0 19 3 0 3 3 0 8 0 dino2pl 256 4359 0 2770 100 0 100 100 0 8 0 ffsino 240 4360 0 2770 94 0 94 94 0 8 0 nchpl 144 6679 0 4944 65 0 65 65 0 8 0 uvmvnodes 80 5866 0 0 120 0 120 120 0 8 0 vnodes 216 5866 0 0 326 0 326 326 0 8 0 namei 1024 28463 0 28460 5 0 5 5 0 8 4 kstatmem 264 156 0 132 3 1 2 3 0 8 0 scsiplug 72 5 0 5 2 1 1 1 0 8 1 scxspl 216 45543 0 45543 8 7 1 8 1 8 1 plimitpl 152 665 0 648 1 0 1 1 0 8 0 sigapl 424 2530 0 2486 7 1 6 7 0 8 0 futexpl 64 23694 0 23688 1 0 1 1 0 8 0 knotepl 120 56502 0 56455 29 19 10 16 0 8 8 kqueuepl 184 688 0 679 10 3 7 7 0 8 6 pipepl 288 379 0 352 3 0 3 3 0 8 0 fdescpl 432 2510 0 2484 5 1 4 5 0 8 0 filepl 120 14881 0 14631 16 4 12 13 0 8 3 lockfpl 104 434 0 429 1 0 1 1 0 8 0 lockfspl 48 196 0 193 1 0 1 1 0 8 0 sessionpl 144 71 0 63 1 0 1 1 0 8 0 pgrppl 48 154 0 138 1 0 1 1 0 8 0 ucredpl 104 2491 0 2480 1 0 1 1 0 8 0 zombiepl 144 3204 0 3204 2 1 1 1 0 8 1 processpl 1096 2530 0 2486 4 0 4 4 0 8 0 procpl 648 5187 0 5137 6 0 6 6 0 8 0 sosppl 168 10 0 10 2 1 1 1 0 8 1 sockpl 504 4291 0 4262 67 55 12 24 0 8 7 mcl64k 65536 48 0 48 2 1 1 1 0 8 1 mcl16k 16384 7 0 7 2 1 1 1 0 8 1 mcl12k 12288 4 0 4 2 1 1 1 0 8 1 mcl9k 9216 4 0 4 1 0 1 1 0 8 1 mcl8k 8192 65 0 65 2 1 1 1 0 8 1 mcl4k 4096 4973 0 4920 17 9 8 16 0 8 0 mcl2k 2048 2598 0 2593 5 3 2 4 0 8 1 mtagpl 96 48 0 47 2 1 1 1 0 8 0 mbufpl 256 27814 0 27623 46 27 19 35 0 8 5 bufpl 280 10814 0 3363 533 0 533 533 0 8 0 anonpl 24 349552 0 346488 123 49 74 74 0 187 46 amapchunkpl 152 67993 0 67605 46 15 31 34 0 158 11 amappl16 200 5537 0 5516 39 28 11 15 0 8 8 amappl15 192 8 0 8 2 1 1 1 0 8 1 amappl14 184 205 0 195 1 0 1 1 0 8 0 amappl13 176 57 0 57 1 1 0 1 0 8 0 amappl12 168 3885 0 3859 3 1 2 3 0 8 0 amappl11 160 47 0 37 1 0 1 1 0 8 0 amappl10 152 8 0 8 1 1 0 1 0 8 0 amappl9 144 145 0 145 1 1 0 1 0 8 0 amappl8 136 17 0 16 1 0 1 1 0 8 0 amappl7 128 208 0 198 1 0 1 1 0 8 0 amappl6 120 641 0 638 1 0 1 1 0 8 0 amappl5 112 321 0 312 1 0 1 1 0 8 0 amappl4 104 438 0 420 1 0 1 1 0 8 0 amappl3 96 13592 0 13503 4 0 4 4 0 8 0 amappl2 88 1338 0 1275 2 0 2 2 0 8 0 amappl1 80 16989 0 16483 13 1 12 13 0 8 0 amappl 88 20050 0 19911 6 1 5 5 0 92 0 dma65536 65536 3 0 3 2 1 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 2 0 2 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 257 0 257 2 1 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 93 0 13 2 0 2 2 0 8 0 uaddrrnd 24 2510 0 2484 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2510 0 2484 1 0 1 1 0 8 0 vmmpekpl 168 19967 0 19908 3 0 3 3 0 8 0 vmmpepl 168 155077 0 153516 101 12 89 89 0 357 12 vmsppl 344 2509 0 2484 4 1 3 4 0 8 0 rwobjpl 24 48029 0 41269 42 0 42 42 0 8 0 pdppl 4096 5026 0 4968 192 126 66 82 0 8 8 pvpl 32 1234828 0 1225954 408 167 241 259 0 265 145 pmappl 216 2509 0 2484 3 1 2 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 613 0 247 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace ktrops(ffff800037617978,ffffffffffffffff,0,80000008,fffffd80684f0360,fffffd807f7d7548) at ktrops+0x58 ktrcanset sys/kern/kern_ktrace.c:718 [inline] ktrops(ffff800037617978,ffffffffffffffff,0,80000008,fffffd80684f0360,fffffd807f7d7548) at ktrops+0x58 sys/kern/kern_ktrace.c:561 doktrace(fffffd80684f0360,4,8,ffffffff,ffff800037617978) at doktrace+0x57d ktrsetchildren sys/kern/kern_ktrace.c:586 [inline] doktrace(fffffd80684f0360,4,8,ffffffff,ffff800037617978) at doktrace+0x57d sys/kern/kern_ktrace.c:493 sys_ktrace(ffff800037617978,ffff80002a59f470,ffff80002a59f3c0) at sys_ktrace+0x11c sys/kern/kern_ktrace.c:549 syscall(ffff80002a59f470) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x44658747b70, count: -5 ddb> machine ddbcpu 1 No such command ddb> trace ktrops(ffff800037617978,ffffffffffffffff,0,80000008,fffffd80684f0360,fffffd807f7d7548) at ktrops+0x58 ktrcanset sys/kern/kern_ktrace.c:718 [inline] ktrops(ffff800037617978,ffffffffffffffff,0,80000008,fffffd80684f0360,fffffd807f7d7548) at ktrops+0x58 sys/kern/kern_ktrace.c:561 doktrace(fffffd80684f0360,4,8,ffffffff,ffff800037617978) at doktrace+0x57d ktrsetchildren sys/kern/kern_ktrace.c:586 [inline] doktrace(fffffd80684f0360,4,8,ffffffff,ffff800037617978) at doktrace+0x57d sys/kern/kern_ktrace.c:493 sys_ktrace(ffff800037617978,ffff80002a59f470,ffff80002a59f3c0) at sys_ktrace+0x11c sys/kern/kern_ktrace.c:549 syscall(ffff80002a59f470) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x44658747b70, count: -5