uvm_fault(0xfffffd807efff730, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at uvm_fault_lower+0xbb1: movq 0(%rbx),%rdi TID PID UID PRFLAGS PFLAGS CPU COMMAND 176908 68146 32767 0x10 0 1 syz-executor.1 *503322 68146 32767 0x10 0x4000000 0K syz-executor.1 uvm_fault_lower(ffff80002123e860,ffff80002123e898,ffff80002123e7e0,0) at uvm_fault_lower+0xbb1 sys/uvm/uvm_fault.c:1325 uvm_fault(fffffd807efff730,20001000,0,1) at uvm_fault+0x24f sys/uvm/uvm_fault.c:640 kpageflttrap(ffff80002123e9f0,20001880) at kpageflttrap+0x1fd sys/arch/amd64/amd64/trap.c:264 kerntrap(ffff80002123e9f0) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b copyin() at copyin+0x53 sys_preadv(ffff8000ffff62b0,ffff80002123ec68,ffff80002123ecc0) at sys_preadv+0x5a sys/kern/vfs_syscalls.c:3281 syscall(ffff80002123ed30) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002123ed30) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe27b9fcd270, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xfffffd807efff730, 0x0, 0, 1) -> e ddb{0}> trace uvm_fault_lower(ffff80002123e860,ffff80002123e898,ffff80002123e7e0,0) at uvm_fault_lower+0xbb1 sys/uvm/uvm_fault.c:1325 uvm_fault(fffffd807efff730,20001000,0,1) at uvm_fault+0x24f sys/uvm/uvm_fault.c:640 kpageflttrap(ffff80002123e9f0,20001880) at kpageflttrap+0x1fd sys/arch/amd64/amd64/trap.c:264 kerntrap(ffff80002123e9f0) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b copyin() at copyin+0x53 sys_preadv(ffff8000ffff62b0,ffff80002123ec68,ffff80002123ecc0) at sys_preadv+0x5a sys/kern/vfs_syscalls.c:3281 syscall(ffff80002123ed30) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002123ed30) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe27b9fcd270, count: -9 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80002123e750 rbx 0 rdx 0 rcx 0 rax 0xffff8000ffff62b0 r8 0xffffffff81a8edde witness_assert+0x1fe r9 0x5 r10 0xb28e94edef1ad4fb r11 0x9e9366eb6ff4914 r12 0xffff80002123e860 r13 0xfffffd80675c2b18 r14 0 r15 0xffffffff81b25d00 uvn_flush+0x950 rip 0xffffffff817b9101 uvm_fault_lower+0xbb1 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002123e6c0 ss 0 uvm_fault_lower+0xbb1: movq 0(%rbx),%rdi ddb{0}> show proc PROC (syz-executor.1) pid=503322 stat=onproc flags process=10 proc=4000000 pri=36, usrpri=70, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff6a90,0xffff8000ffff4fd0 process=0xffff8000ffff10b8 user=0xffff800021239000, vmspace=0xfffffd807efff730 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 46536 234168 26324 32767 2 0x10 syz-executor.0 68146 176908 13780 32767 7 0x10 syz-executor.1 *68146 503322 13780 32767 7 0x4000010 syz-executor.1 68146 165774 13780 32767 2 0x4000010 syz-executor.1 68146 169597 13780 32767 2 0x4000010 syz-executor.1 68146 377242 13780 32767 2 0x4000010 syz-executor.1 13780 188989 24624 32767 2 0x490 syz-executor.1 24624 129054 6800 0 3 0x82 wait syz-executor.1 26324 227798 66409 32767 2 0x490 syz-executor.0 66409 23930 6800 0 3 0x82 wait syz-executor.0 47946 135151 0 0 3 0x14200 bored sosplice 6800 247000 82976 0 2 0x482 syz-fuzzer 6800 468816 82976 0 2 0x4000482 syz-fuzzer 6800 24208 82976 0 3 0x4000082 thrsleep syz-fuzzer 6800 51966 82976 0 3 0x4000082 thrsleep syz-fuzzer 6800 26311 82976 0 3 0x4000082 thrsleep syz-fuzzer 6800 84907 82976 0 3 0x4000082 thrsleep syz-fuzzer 6800 465753 82976 0 3 0x4000082 thrsleep syz-fuzzer 6800 473276 82976 0 3 0x4000082 kqread syz-fuzzer 82976 356582 97068 0 3 0x10008a sigsusp ksh 97068 341287 84010 0 3 0x9a kqread sshd 71389 95645 1 0 3 0x100083 ttyin getty 84010 142918 1 0 3 0x88 kqread sshd 47398 160243 39651 73 3 0x100090 kqread syslogd 39651 493299 1 0 3 0x100082 netio syslogd 25483 53195 1 0 3 0x100080 kqread resolvd 21576 471467 65737 77 3 0x100092 kqread dhcpleased 26433 30696 65737 77 3 0x100092 kqread dhcpleased 65737 45866 1 0 3 0x80 kqread dhcpleased 66516 234983 0 0 3 0x14200 bored smr 97948 413672 0 0 2 0x14200 zerothread 27703 293778 0 0 3 0x14200 aiodoned aiodoned 2854 275193 0 0 3 0x14200 syncer update 8111 459665 0 0 3 0x14200 cleaner cleaner 59927 259107 0 0 3 0x14200 reaper reaper 50429 383285 0 0 3 0x14200 pgdaemon pagedaemon 84393 214833 0 0 3 0x14200 bored viomb 94624 21410 0 0 3 0x40014200 acpi0 acpi0 29331 433491 0 0 3 0x40014200 idle1 30677 257033 0 0 3 0x14200 bored softnet 56605 387619 0 0 3 0x14200 bored systqmp 89765 113577 0 0 3 0x14200 bored systq 64684 182281 0 0 2 0x40014200 softclock 15162 441109 0 0 3 0x40014200 idle0 1 200165 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 68146 (syz-executor.1) thread 0xffff8000ffff62b0 (503322) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff828b70b8) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182 #1 __mp_acquire_count+0x4c sys/kern/kern_lock.c:227 #2 mi_switch+0x3d3 sys/kern/sched_bsd.c:416 #3 sleep_finish+0x1b2 sys/kern/kern_synch.c:433 #4 rw_enter+0x35b sys/kern/kern_rwlock.c:286 #5 uvmfault_relock+0x6f sys/uvm/uvm_fault.c:1801 #6 uvm_fault_lower+0x931 sys/uvm/uvm_fault.c:1288 #7 uvm_fault+0x24f sys/uvm/uvm_fault.c:640 #8 kpageflttrap+0x1fd sys/arch/amd64/amd64/trap.c:264 #9 kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 #10 alltraps_kern_meltdown+0x7b #11 copyin+0x53 #12 sys_preadv+0x5a sys/kern/vfs_syscalls.c:3281 #13 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #13 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #14 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10162 6396K 6416K 78643K 11302 0 pcb 13 12K 14K 78643K 17 0 rtable 108 3K 4K 78643K 1472 0 ifaddr 39 10K 10K 78643K 153 0 sysctl 2 0K 0K 78643K 2 0 counters 44 34K 34K 78643K 76 0 ioctlops 0 0K 2K 78643K 96 0 iov 0 0K 56K 78643K 5663 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1209 76K 76K 78643K 3557 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 130 0 VM map 2 1K 1K 78643K 2 0 sem 12 1K 1K 78643K 881 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 8 25K 33K 78643K 13352 0 sigio 0 0K 0K 78643K 161 0 proc 56 74K 99K 78643K 1435 0 subproc 26 1K 1K 78643K 234 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1005 0 in_multi 33 2K 2K 78643K 360 0 ether_multi 1 0K 0K 78643K 55 0 mrt 1 0K 0K 78643K 2 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 289 1288K 1288K 78643K 289 0 exec 0 0K 2K 78643K 2399 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 274 35K 50K 78643K 178584 0 UVM aobj 131 5K 5K 78643K 133 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 437 0 NDP 5 0K 0K 78643K 57 0 temp 76 4195K 4307K 78643K 33349 0 kqueue 12 18K 28K 78643K 895 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 1400 0 1397 20 19 1 3 0 8 0 rtentry 112 237 0 192 2 0 2 2 0 8 0 unpcb 128 10484 0 10471 115 110 5 9 0 8 4 syncache 296 94 0 94 23 23 0 1 0 8 0 tcpqe 32 15 0 15 6 6 0 1 0 8 0 tcpcb 736 4847 0 4843 193 186 7 10 0 8 6 arp 120 44 0 38 1 0 1 1 0 8 0 ipq 40 28 0 27 14 13 1 1 0 8 0 ipqe 40 369 0 368 14 13 1 1 0 8 0 inpcb 304 10372 0 10365 237 231 6 14 0 8 5 rttmr 72 3 0 3 1 1 0 1 0 8 0 ip6q 72 40 0 40 9 9 0 1 0 8 0 ip6af 40 77 0 77 9 9 0 1 0 8 0 nd6 48 63 0 56 1 0 1 1 0 8 0 kcovpl 48 18 0 16 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1014 0 821 20 7 13 16 0 8 0 art_table 32 1015 0 821 3 1 2 3 0 8 0 art_node 16 236 0 195 1 0 1 1 0 8 0 sysvmsgpl 40 2 0 1 1 0 1 1 0 8 0 semupl 112 6 0 6 1 1 0 1 0 8 0 semapl 112 843 0 833 1 0 1 1 0 8 0 shmpl 112 130 0 2 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 18642 0 17221 93 3 90 90 0 8 0 ffsino 272 18642 0 17221 97 1 96 96 0 8 0 nchpl 144 35830 0 34229 60 0 60 60 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 116647 0 116647 9 8 1 1 0 8 1 percpumem 16 50 0 16 1 0 1 1 0 8 0 scxspl 216 109515 0 109515 43 42 1 8 0 8 1 plimitpl 152 2740 0 2730 1 0 1 1 0 8 0 sigapl 424 13535 0 13501 4 0 4 4 0 8 0 futexpl 64 88803 0 88803 9 8 1 1 0 8 1 knotepl 112 239 0 0 3 0 3 3 0 8 0 kqueuepl 216 4952 0 4937 105 104 1 9 0 8 0 pipepl 336 15159 0 15149 256 254 2 12 0 8 1 fdescpl 496 13520 0 13501 4 1 3 3 0 8 0 filepl 152 107278 0 107174 306 296 10 17 0 8 5 lockfpl 104 1402 0 1400 1 0 1 1 0 8 0 lockfspl 48 493 0 491 1 0 1 1 0 8 0 sessionpl 144 33 0 23 1 0 1 1 0 8 0 pgrppl 48 188 0 178 1 0 1 1 0 8 0 ucredpl 96 15247 0 15235 1 0 1 1 0 8 0 zombiepl 144 13501 0 13501 4 3 1 1 0 8 1 processpl 1064 13535 0 13501 4 1 3 3 0 8 0 procpl 672 43312 0 43267 26 21 5 6 0 8 1 sosppl 168 151 0 151 30 30 0 1 0 8 0 sockpl 480 22700 0 22677 648 637 11 34 0 8 8 mcl64k 65536 41 0 0 5 2 3 3 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 52 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 28 0 0 4 1 3 3 0 8 0 mcl4k 4096 41 0 0 6 3 3 3 0 8 0 mcl2k2 2112 54 0 0 4 0 4 4 0 8 0 mcl2k 2048 345 0 0 20 9 11 20 0 8 0 mtagpl 96 1 0 0 1 0 1 1 0 8 0 mbufpl 256 1351 0 0 41 8 33 40 0 8 0 bufpl 288 26302 0 19977 453 0 453 453 0 8 0 anonpl 24 4156302 0 4143685 445 360 85 105 0 186 0 amapchunkpl 152 445833 0 445255 157 131 26 38 0 158 3 amappl16 200 46357 0 45980 327 306 21 33 0 8 1 amappl15 192 475 0 469 1 0 1 1 0 8 0 amappl14 184 402 0 397 1 0 1 1 0 8 0 amappl13 176 699 0 695 1 0 1 1 0 8 0 amappl12 168 292 0 288 1 0 1 1 0 8 0 amappl11 160 7991 0 7978 1 0 1 1 0 8 0 amappl10 152 68 0 64 1 0 1 1 0 8 0 amappl9 144 4204 0 4201 1 0 1 1 0 8 0 amappl8 136 789 0 703 3 0 3 3 0 8 0 amappl7 128 125 0 119 1 0 1 1 0 8 0 amappl6 120 4117 0 4101 1 0 1 1 0 8 0 amappl5 112 12747 0 12730 1 0 1 1 0 8 0 amappl4 104 9570 0 9540 1 0 1 1 0 8 0 amappl3 96 1939 0 1920 1 0 1 1 0 8 0 amappl2 88 14769 0 14719 16 14 2 2 0 8 0 amappl1 80 239452 0 239008 13 3 10 12 0 8 0 amappl 88 177562 0 177393 8 3 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 132 0 2 3 0 3 3 0 8 0 uaddrrnd 24 13520 0 13501 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 13520 0 13501 1 0 1 1 0 8 0 vmmpekpl 168 175460 0 175439 2 0 2 2 0 8 0 vmmpepl 168 1276637 0 1274862 392 310 82 98 0 357 0 vmsppl 368 13519 0 13501 2 0 2 2 0 8 0 rwobjpl 56 326819 0 319609 175 72 103 106 0 8 1 pdppl 4096 27048 0 27002 80 34 46 50 0 8 0 pvpl 32 6978759 0 6962416 731 585 146 201 0 265 5 pmappl 248 13519 0 13501 2 0 2 2 0 8 0 extentpl 40 57 0 38 1 0 1 1 0 8 0 phpool 112 1289 0 518 23 0 23 23 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace uvm_fault_lower(ffff80002123e860,ffff80002123e898,ffff80002123e7e0,0) at uvm_fault_lower+0xbb1 sys/uvm/uvm_fault.c:1325 uvm_fault(fffffd807efff730,20001000,0,1) at uvm_fault+0x24f sys/uvm/uvm_fault.c:640 kpageflttrap(ffff80002123e9f0,20001880) at kpageflttrap+0x1fd sys/arch/amd64/amd64/trap.c:264 kerntrap(ffff80002123e9f0) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b copyin() at copyin+0x53 sys_preadv(ffff8000ffff62b0,ffff80002123ec68,ffff80002123ecc0) at sys_preadv+0x5a sys/kern/vfs_syscalls.c:3281 syscall(ffff80002123ed30) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002123ed30) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xe27b9fcd270, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff828b6eb0) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828b6eb0) at __mp_lock+0x122 sys/kern/kern_lock.c:147 syscall(ffff800024695ec0) at syscall+0x3ef mi_syscall sys/sys/syscall_mi.h:93 [inline] syscall(ffff800024695ec0) at syscall+0x3ef sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc3120, count: 9 ddb{1}> trace x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff828b6eb0) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828b6eb0) at __mp_lock+0x122 sys/kern/kern_lock.c:147 syscall(ffff800024695ec0) at syscall+0x3ef mi_syscall sys/sys/syscall_mi.h:93 [inline] syscall(ffff800024695ec0) at syscall+0x3ef sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc3120, count: -6