uvm_fault(0xfffffd8069921980, 0x18, 0, 1) -> e kernel: page fault trap, code=0 Stopped at checkalias+0x97: movl 0x18(%r13),%ebx TID PID UID PRFLAGS PFLAGS CPU COMMAND *228190 96246 0 0x8000002 0 0 syz-executor.6 checkalias(fffffd806453cdb0,691300,0) at checkalias+0x97 sys/kern/vfs_subr.c:564 cdevvp(691300,ffff800032bdf550) at cdevvp+0x9c getdevvp sys/kern/vfs_subr.c:533 [inline] cdevvp(691300,ffff800032bdf550) at cdevvp+0x9c sys/kern/vfs_subr.c:507 spec_open_clone(ffff800032bdf628) at spec_open_clone+0x18f sys/kern/spec_vnops.c:711 spec_open(ffff800032bdf628) at spec_open+0x242 sys/kern/spec_vnops.c:148 VOP_OPEN(fffffd806ebe3438,3,fffffd807f7d77b8,ffff80002a6e5c50) at VOP_OPEN+0x70 sys/kern/vfs_vops.c:138 vn_open(ffff800032bdf878,3,0) at vn_open+0x4e4 sys/kern/vfs_vnops.c:177 doopenat(ffff80002a6e5c50,ffffff9c,b500058e15b,2,0,ffff800032bdfa20) at doopenat+0x269 sys/kern/vfs_syscalls.c:1126 syscall(ffff800032bdfad0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7543bbf72010, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xfffffd8069921980, 0x18, 0, 1) -> e ddb> trace checkalias(fffffd806453cdb0,691300,0) at checkalias+0x97 sys/kern/vfs_subr.c:564 cdevvp(691300,ffff800032bdf550) at cdevvp+0x9c getdevvp sys/kern/vfs_subr.c:533 [inline] cdevvp(691300,ffff800032bdf550) at cdevvp+0x9c sys/kern/vfs_subr.c:507 spec_open_clone(ffff800032bdf628) at spec_open_clone+0x18f sys/kern/spec_vnops.c:711 spec_open(ffff800032bdf628) at spec_open+0x242 sys/kern/spec_vnops.c:148 VOP_OPEN(fffffd806ebe3438,3,fffffd807f7d77b8,ffff80002a6e5c50) at VOP_OPEN+0x70 sys/kern/vfs_vops.c:138 vn_open(ffff800032bdf878,3,0) at vn_open+0x4e4 sys/kern/vfs_vnops.c:177 doopenat(ffff80002a6e5c50,ffffff9c,b500058e15b,2,0,ffff800032bdfa20) at doopenat+0x269 sys/kern/vfs_syscalls.c:1126 syscall(ffff800032bdfad0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7543bbf72010, count: -9 ddb> show registers rdi 0x5a1300 acpi_pdirpa+0x58d171 rsi 0x691300 acpi_pdirpa+0x67d171 rbp 0xffff800032bdf4d0 rbx 0x5a1300 acpi_pdirpa+0x58d171 rdx 0 rcx 0xffffffff82d7ee50 speclisth+0xc0 rax 0xffff80002a6e5c50 r8 0x50 r9 0xfffffd807f7d77b8 r10 0xc0aa94dfa279c72f r11 0x41584831b2472bc2 r12 0x691300 acpi_pdirpa+0x67d171 r13 0 r14 0x691300 acpi_pdirpa+0x67d171 r15 0xfffffd8061d230e8 rip 0xffffffff81484437 checkalias+0x97 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800032bdf460 ss 0x10 checkalias+0x97: movl 0x18(%r13),%ebx ddb> show proc PROC (syz-executor.6) tid=228190 pid=96246 tcnt=1 stat=onproc flags process=8000002 proc=0 runpri=17, usrpri=51, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a608a58,0xffff80002a6e54b0 process=0xffff8000329a9940 user=0xffff800032bda000, vmspace=0xfffffd8069921980 estcpu=1, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 84135 272189 79275 0 2 0x18100002 ndp 83835 352768 75188 0 2 0x8000000 syz-executor.1 83835 152191 75188 0 3 0xc000080 fsleep syz-executor.1 *96246 228190 13461 0 7 0x8000002 syz-executor.6 58714 89845 38625 0 2 0x8000000 syz-executor.3 79275 377709 15900 0 3 0x810008a sigsusp sh 65054 14077 81058 0 2 0x8000000 syz-executor.0 65054 383315 81058 0 3 0xc000080 fsleep syz-executor.0 3259 322376 12998 0 2 0x8000480 syz-executor.4 3259 326661 12998 0 2 0xc000000 syz-executor.4 3259 428715 12998 0 3 0xc000080 fsleep syz-executor.4 15900 227330 13461 0 3 0x8000082 wait syz-executor.5 12998 373060 13461 0 3 0x8000082 nanoslp syz-executor.4 38625 2613 13461 0 3 0x8000082 nanoslp syz-executor.3 81058 299365 13461 0 2 0x8000002 syz-executor.0 72671 216118 13461 0 2 0x8000002 syz-executor.7 11995 190296 13461 0 3 0x8000082 piperd syz-executor.2 52613 357066 16779 0 3 0x18100082 netio arp 16779 120097 1 0 3 0x810008a sigsusp sh 75188 49130 13461 0 3 0x8000082 nanoslp syz-executor.1 55794 262696 1 0 3 0x18100083 ttyopn getty 27552 115031 0 0 3 0x14280 nfsidl nfsio 89600 215489 0 0 3 0x14280 nfsidl nfsio 30949 284575 0 0 3 0x14280 nfsidl nfsio 71196 371452 0 0 3 0x14280 nfsidl nfsio 29687 108039 0 0 3 0x14280 nfsidl nfsio 82061 454729 0 0 3 0x14280 nfsidl nfsio 73063 136216 0 0 3 0x14280 nfsidl nfsio 60630 342265 0 0 3 0x14280 nfsidl nfsio 224 136941 0 0 3 0x14280 nfsidl nfsio 9151 45362 0 0 3 0x14280 nfsidl nfsio 23203 106263 0 0 3 0x14280 nfsidl nfsio 56353 450926 0 0 3 0x14280 nfsidl nfsio 5328 57610 0 0 3 0x14280 nfsidl nfsio 75973 367819 0 0 3 0x14280 nfsidl nfsio 7858 69034 0 0 3 0x14280 nfsidl nfsio 28930 317315 0 0 3 0x14280 nfsidl nfsio 29401 244776 0 0 3 0x14280 nfsidl nfsio 79462 126761 0 0 3 0x14280 nfsidl nfsio 29371 368779 0 0 3 0x14280 nfsidl nfsio 27420 113175 0 0 3 0x14280 nfsidl nfsio 54209 177135 0 0 3 0x14200 bored sosplice 13461 438039 94935 0 3 0x1a000082 wait syz-fuzzer 13461 10091 94935 0 3 0x1e000082 nanoslp syz-fuzzer 13461 518523 94935 0 3 0x1e000082 wait syz-fuzzer 13461 205992 94935 0 3 0x1e000082 wait syz-fuzzer 13461 324408 94935 0 3 0x1e000082 wait syz-fuzzer 13461 395353 94935 0 3 0x1e000082 thrsleep syz-fuzzer 13461 483522 94935 0 3 0x1e000082 thrsleep syz-fuzzer 13461 97072 94935 0 3 0x1e000082 thrsleep syz-fuzzer 13461 128516 94935 0 3 0x1e000082 wait syz-fuzzer 13461 315553 94935 0 3 0x1e000082 thrsleep syz-fuzzer 13461 411353 94935 0 3 0x1e000082 wait syz-fuzzer 13461 157484 94935 0 3 0x1e000082 wait syz-fuzzer 13461 275729 94935 0 3 0x1e000082 wait syz-fuzzer 13461 294887 94935 0 3 0x1e000082 thrsleep syz-fuzzer 94935 351615 16200 0 3 0x810008a sigsusp ksh 16200 293264 310 0 3 0x1800009a kqread sshd 310 196182 1 0 3 0x18000088 kqread sshd 92037 16031 68508 73 2 0x19100010 syslogd 68508 191539 1 0 3 0x18100082 sbwait syslogd 47111 406786 1 0 3 0x18100080 kqread resolvd 12911 401964 40732 77 3 0x18100092 kqread dhcpleased 35214 231754 40732 77 3 0x18100092 kqread dhcpleased 40732 269184 1 0 3 0x18000080 kqread dhcpleased 98054 214169 0 0 3 0x14200 bored smr 17078 353484 0 0 2 0x14200 zerothread 91468 65318 0 0 3 0x14200 aiodoned aiodoned 33197 205729 0 0 3 0x14200 syncer update 3299 136873 0 0 3 0x14200 cleaner cleaner 23055 268262 0 0 3 0x14200 reaper reaper 45345 500156 0 0 3 0x14200 pgdaemon pagedaemon 22182 132866 0 0 3 0x14200 bored viomb 59498 157813 0 0 3 0x40014200 acpi0 acpi0 50450 64603 0 0 3 0x14200 bored softnet3 1633 47943 0 0 3 0x14200 bored softnet2 46609 281919 0 0 3 0x14200 bored softnet1 36437 103102 0 0 3 0x14200 bored softnet0 3234 47960 0 0 3 0x14200 bored systqmp 29865 301804 0 0 3 0x14200 bored systq 47470 435260 0 0 3 0x40014200 tmoslp softclock 17411 53977 0 0 3 0x40014200 idle0 1 210905 0 0 3 0x8080082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10176 6427K 10962K 166960K 17438 0 pcb 17 14K 15K 166960K 375 0 rtable 196 8K 9K 166960K 3503 0 pf 34 10K 10K 166960K 310 0 ifaddr 41 12K 12K 166960K 478 0 ifgroup 61 2K 3K 166960K 609 0 sysctl 3 0K 0K 166960K 3 0 counters 31 17K 17K 166960K 155 0 ioctlops 0 0K 2K 166960K 311 0 iov 0 0K 18K 166960K 118 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1468 92K 93K 166960K 5496 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 328K 336K 166960K 53 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 463 0 dirhash 12 2K 3K 166960K 66 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 18 65K 109K 166960K 3863 0 sigio 0 0K 0K 166960K 32 0 proc 59 59K 125K 166960K 3417 0 subproc 104 6K 8K 166960K 1690 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 358 0 in_multi 88 6K 7K 166960K 1229 0 ether_multi 1 0K 0K 166960K 15 0 mrt 1 0K 0K 166960K 4 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 91 413K 413K 166960K 91 0 exec 0 0K 1K 166960K 2146 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 272 68K 102K 166960K 31276 0 UVM aobj 5 2K 2K 166960K 5 0 pinsyscall 40 80K 100K 166960K 7722 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 134 0 NDP 14 0K 2K 166960K 348 0 temp 73 6811K 6940K 166960K 202233 0 kqueue 12 18K 28K 166960K 315 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 506 0 501 1 0 1 1 0 8 0 rtentry 112 1251 0 1163 4 0 4 4 0 8 1 unpcb 144 2272 0 2259 7 1 6 6 0 8 5 syncache 336 5 0 5 1 1 0 1 0 8 0 sackhl 24 5 0 5 1 0 1 1 0 8 1 tcpqe 32 12 0 12 1 0 1 1 0 8 1 tcpcb 808 876 0 871 9 1 8 8 0 8 7 arp 88 230 0 213 1 0 1 1 0 8 0 ipq 40 5 0 4 1 0 1 1 0 8 0 ipqe 40 34 0 33 1 0 1 1 0 8 0 inpcb 352 3595 0 3585 16 7 9 14 0 8 8 nd6 104 337 0 317 1 0 1 1 0 8 0 pkpcb 40 52 0 52 2 1 1 1 0 8 1 kcovpl 48 130 0 122 1 0 1 1 0 8 0 ppxss 1072 9 0 9 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 4967 0 4566 72 46 26 29 0 8 0 art_table 32 4968 0 4566 4 0 4 4 0 8 0 art_node 16 1246 0 1167 1 0 1 1 0 8 0 sysvmsgpl 40 19 0 7 1 0 1 1 0 8 0 semupl 112 4 0 4 1 1 0 1 0 8 0 semapl 112 459 0 449 1 0 1 1 0 8 0 shmpl 112 2 0 0 1 0 1 1 0 8 0 dirhash 1024 53 0 36 3 0 3 3 0 8 0 dino2pl 256 6011 0 4487 96 0 96 96 0 8 0 ffsino 240 6011 0 4487 90 0 90 90 0 8 0 nchpl 144 10584 0 8854 66 0 66 66 0 8 0 uvmvnodes 80 8316 0 0 170 0 170 170 0 8 0 vnodes 216 8316 0 0 462 0 462 462 0 8 0 vnodes: pool(0xffffffff82d7e4e8:vnodes): page inconsistency: page 0x0; at page head addr 0xfffffd8061d23f90 (p 0xfffffd8061d23000) namei 1024 48897 0 48897 4 2 2 2 0 8 2 vcpupl 3904 4 0 1 1 0 1 1 0 8 0 vmpool 664 15 0 12 2 1 1 1 0 8 0 kstatmem 264 272 0 248 2 0 2 2 0 8 0 scxspl 216 59133 0 59133 11 7 4 8 1 8 4 plimitpl 152 948 0 932 1 0 1 1 0 8 0 sigapl 424 3944 0 3878 9 0 9 9 0 8 0 futexpl 64 41983 0 41980 1 0 1 1 0 8 0 knotepl 120 15664 0 15578 43 31 12 19 0 8 8 kqueuepl 184 788 0 779 6 2 4 4 0 8 3 pipepl 288 942 0 911 7 0 7 7 0 8 4 fdescpl 432 3904 0 3875 5 0 5 5 0 8 1 filepl 120 25307 0 25060 14 1 13 13 0 8 5 lockfpl 104 947 0 945 2 0 2 2 0 8 1 lockfspl 48 401 0 399 1 0 1 1 0 8 0 sessionpl 144 128 0 112 1 0 1 1 0 8 0 pgrppl 48 215 0 199 1 0 1 1 0 8 0 ucredpl 104 3697 0 3684 1 0 1 1 0 8 0 zombiepl 144 3878 0 3878 1 0 1 1 0 8 1 processpl 1072 3944 0 3878 6 0 6 6 0 8 1 procpl 656 7141 0 7058 9 0 9 9 0 8 1 sosppl 168 34 0 34 1 0 1 1 0 8 1 sockpl 504 6449 0 6421 50 39 11 22 0 8 7 mcl64k 65536 19 0 19 2 1 1 1 0 8 1 mcl12k 12288 2 0 2 2 1 1 1 0 8 1 mcl8k 8192 187 0 187 2 1 1 1 0 8 1 mcl4k 4096 11 0 11 2 1 1 1 0 8 1 mcl2k 2048 36342 0 36236 48 26 22 35 0 8 7 mtagpl 96 255 0 255 3 0 3 3 0 8 3 mbufpl 256 101418 0 101221 215 191 24 115 0 8 8 bufpl 280 12455 0 4008 604 0 604 604 0 8 0 anonpl 24 548359 0 542071 119 49 70 88 0 188 20 amapchunkpl 152 101369 0 100730 52 12 40 40 0 158 13 amappl16 200 10064 0 9930 58 42 16 20 0 8 8 amappl15 192 50 0 49 1 0 1 1 0 8 0 amappl14 184 576 0 562 2 1 1 2 0 8 0 amappl13 176 9 0 9 1 1 0 1 0 8 0 amappl12 168 6018 0 5988 2 0 2 2 0 8 0 amappl11 160 52 0 42 1 0 1 1 0 8 0 amappl10 152 285 0 274 1 0 1 1 0 8 0 amappl9 144 161 0 161 1 1 0 1 0 8 0 amappl8 136 347 0 314 2 0 2 2 0 8 0 amappl7 128 62 0 49 1 0 1 1 0 8 0 amappl6 120 1605 0 1586 2 1 1 2 0 8 0 amappl5 112 579 0 566 1 0 1 1 0 8 0 amappl4 104 1114 0 1080 3 1 2 2 0 8 0 amappl3 96 18542 0 18466 3 0 3 3 0 8 0 amappl2 88 4648 0 4572 4 2 2 4 0 8 0 amappl1 80 27733 0 27195 23 10 13 22 0 8 0 amappl 88 29868 0 29688 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 4 0 0 1 0 1 1 0 8 0 uaddrrnd 24 3919 0 3887 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3919 0 3887 1 0 1 1 0 8 0 vmmpekpl 168 34181 0 34124 3 0 3 3 0 8 0 vmmpepl 168 282849 0 280979 134 35 99 118 0 357 10 vmsppl 344 3918 0 3887 4 0 4 4 0 8 0 rwobjpl 24 75076 0 65608 58 0 58 58 0 8 0 pdppl 4096 7844 0 7777 399 332 67 90 0 8 0 pvpl 32 1568457 0 1555766 471 292 179 399 0 265 50 pmappl 216 3918 0 3887 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1004 0 643 13 0 13 13 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace checkalias(fffffd806453cdb0,691300,0) at checkalias+0x97 sys/kern/vfs_subr.c:564 cdevvp(691300,ffff800032bdf550) at cdevvp+0x9c getdevvp sys/kern/vfs_subr.c:533 [inline] cdevvp(691300,ffff800032bdf550) at cdevvp+0x9c sys/kern/vfs_subr.c:507 spec_open_clone(ffff800032bdf628) at spec_open_clone+0x18f sys/kern/spec_vnops.c:711 spec_open(ffff800032bdf628) at spec_open+0x242 sys/kern/spec_vnops.c:148 VOP_OPEN(fffffd806ebe3438,3,fffffd807f7d77b8,ffff80002a6e5c50) at VOP_OPEN+0x70 sys/kern/vfs_vops.c:138 vn_open(ffff800032bdf878,3,0) at vn_open+0x4e4 sys/kern/vfs_vnops.c:177 doopenat(ffff80002a6e5c50,ffffff9c,b500058e15b,2,0,ffff800032bdfa20) at doopenat+0x269 sys/kern/vfs_syscalls.c:1126 syscall(ffff800032bdfad0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7543bbf72010, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace checkalias(fffffd806453cdb0,691300,0) at checkalias+0x97 sys/kern/vfs_subr.c:564 cdevvp(691300,ffff800032bdf550) at cdevvp+0x9c getdevvp sys/kern/vfs_subr.c:533 [inline] cdevvp(691300,ffff800032bdf550) at cdevvp+0x9c sys/kern/vfs_subr.c:507 spec_open_clone(ffff800032bdf628) at spec_open_clone+0x18f sys/kern/spec_vnops.c:711 spec_open(ffff800032bdf628) at spec_open+0x242 sys/kern/spec_vnops.c:148 VOP_OPEN(fffffd806ebe3438,3,fffffd807f7d77b8,ffff80002a6e5c50) at VOP_OPEN+0x70 sys/kern/vfs_vops.c:138 vn_open(ffff800032bdf878,3,0) at vn_open+0x4e4 sys/kern/vfs_vnops.c:177 doopenat(ffff80002a6e5c50,ffffff9c,b500058e15b,2,0,ffff800032bdfa20) at doopenat+0x269 sys/kern/vfs_syscalls.c:1126 syscall(ffff800032bdfad0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7543bbf72010, count: -9