uvm_fault(0xfffffd807efff2e0, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at uvm_fault_lower+0xbb1: movq 0(%rbx),%rdi TID PID UID PRFLAGS PFLAGS CPU COMMAND 372337 90843 32767 0x10 0 0 syz-executor.1 * 61359 90843 32767 0x10 0x4000000 1 syz-executor.1 uvm_fault_lower(ffff8000246d5c70,ffff8000246d5ca8,ffff8000246d5bf0,0) at uvm_fault_lower+0xbb1 sys/uvm/uvm_fault.c:1325 uvm_fault(fffffd807efff2e0,20000000,0,2) at uvm_fault+0x24f sys/uvm/uvm_fault.c:640 kpageflttrap(ffff8000246d5e00,200000c0) at kpageflttrap+0x1fd sys/arch/amd64/amd64/trap.c:264 kerntrap(ffff8000246d5e00) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b copyout() at copyout+0x5e syscall(ffff8000246d60a0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000246d60a0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9220ceb1070, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd807efff2e0, 0x0, 0, 1) -> e ddb{1}> trace uvm_fault_lower(ffff8000246d5c70,ffff8000246d5ca8,ffff8000246d5bf0,0) at uvm_fault_lower+0xbb1 sys/uvm/uvm_fault.c:1325 uvm_fault(fffffd807efff2e0,20000000,0,2) at uvm_fault+0x24f sys/uvm/uvm_fault.c:640 kpageflttrap(ffff8000246d5e00,200000c0) at kpageflttrap+0x1fd sys/arch/amd64/amd64/trap.c:264 kerntrap(ffff8000246d5e00) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b copyout() at copyout+0x5e syscall(ffff8000246d60a0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000246d60a0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9220ceb1070, count: -8 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff8000246d5b60 rbx 0 rdx 0 rcx 0 rax 0xffff8000fffeea80 r8 0xffffffff81a8edde witness_assert+0x1fe r9 0x5 r10 0x1bf7e32a2116de3b r11 0xa86e3ba8acbd2fc0 r12 0xffff8000246d5c70 r13 0xfffffd80663d95f0 r14 0 r15 0x7ec rip 0xffffffff817b9101 uvm_fault_lower+0xbb1 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000246d5ad0 ss 0x10 uvm_fault_lower+0xbb1: movq 0(%rbx),%rdi ddb{1}> show proc PROC (syz-executor.1) pid=61359 stat=onproc flags process=10 proc=4000000 pri=32, usrpri=78, nice=20 forw=0xffffffffffffffff, list=0xffff8000fffefa40,0xffff8000fffef510 process=0xffff8000ffff98f8 user=0xffff8000246d1000, vmspace=0xfffffd807efff2e0 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 6167 392107 97972 32767 3 0x90 nanoslp syz-executor.0 6167 355997 97972 32767 3 0x4000090 fsleep syz-executor.0 90843 372337 15124 32767 7 0x10 syz-executor.1 *90843 61359 15124 32767 7 0x4000010 syz-executor.1 90843 370446 15124 32767 3 0x4000090 fsleep syz-executor.1 90843 148635 15124 32767 3 0x4000090 fsleep syz-executor.1 97972 20627 86981 32767 3 0x90 nanoslp syz-executor.0 86981 508416 7357 0 3 0x82 wait syz-executor.0 15124 348091 9704 32767 3 0x90 nanoslp syz-executor.1 9704 426442 7357 0 3 0x82 wait syz-executor.1 21109 444191 0 0 3 0x14200 bored sosplice 7357 76862 18928 0 3 0x82 thrsleep syz-fuzzer 7357 371850 18928 0 3 0x4000082 nanoslp syz-fuzzer 7357 259632 18928 0 3 0x4000082 thrsleep syz-fuzzer 7357 95617 18928 0 3 0x4000082 thrsleep syz-fuzzer 7357 37270 18928 0 3 0x4000082 thrsleep syz-fuzzer 7357 59808 18928 0 3 0x4000082 thrsleep syz-fuzzer 7357 210700 18928 0 3 0x4000082 kqread syz-fuzzer 7357 373750 18928 0 3 0x4000082 thrsleep syz-fuzzer 18928 342754 18083 0 3 0x10008a sigsusp ksh 18083 377104 36116 0 3 0x9a kqread sshd 6546 300398 1 0 3 0x100083 ttyin getty 36116 463017 1 0 3 0x88 kqread sshd 19565 51271 60673 73 3 0x100090 kqread syslogd 60673 403882 1 0 3 0x100082 netio syslogd 68745 190548 1 0 3 0x100080 kqread resolvd 64234 469964 10073 77 3 0x100092 kqread dhcpleased 98574 123860 10073 77 3 0x100092 kqread dhcpleased 10073 232467 1 0 3 0x80 kqread dhcpleased 79820 7604 0 0 3 0x14200 bored smr 22270 349758 0 0 3 0x14200 pgzero zerothread 78016 341918 0 0 3 0x14200 aiodoned aiodoned 10124 391186 0 0 3 0x14200 syncer update 96659 456809 0 0 3 0x14200 cleaner cleaner 98039 160367 0 0 3 0x14200 reaper reaper 8401 327504 0 0 3 0x14200 pgdaemon pagedaemon 78995 360609 0 0 3 0x14200 bored viomb 23143 328025 0 0 3 0x40014200 acpi0 acpi0 12813 320939 0 0 3 0x40014200 idle1 33420 60421 0 0 3 0x14200 bored softnet 76865 252392 0 0 3 0x14200 bored systqmp 92736 370482 0 0 3 0x14200 bored systq 67724 149950 0 0 3 0x40014200 bored softclock 25106 184087 0 0 3 0x40014200 idle0 1 119764 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks CPU 0: exclusive sched_lock &sched_lock r = 1 (0xffffffff829cf0f0) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182 #1 wakeup_n+0x37 #2 futex_requeue+0x10a sys/kern/sys_futex.c:306 #3 sys_futex+0x115 sys/kern/sys_futex.c:115 #4 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #4 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #5 Xsyscall+0x128 Process 90843 (syz-executor.1) thread 0xffff8000fffeefc0 (372337) exclusive rwlock futex r = 0 (0xffffffff827bb4a0) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182 #1 sys_futex+0x5c sys/kern/sys_futex.c:108 #2 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #2 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #3 Xsyscall+0x128 Process 90843 (syz-executor.1) thread 0xffff8000fffeea80 (61359) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff828b70b8) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182 #1 __mp_acquire_count+0x4c sys/kern/kern_lock.c:227 #2 mi_switch+0x3d3 sys/kern/sched_bsd.c:416 #3 sleep_finish+0x1b2 sys/kern/kern_synch.c:433 #4 rw_enter+0x35b sys/kern/kern_rwlock.c:286 #5 uvm_fault_lower+0x95d sys/uvm/uvm_fault.c:1290 #6 uvm_fault+0x24f sys/uvm/uvm_fault.c:640 #7 kpageflttrap+0x1fd sys/arch/amd64/amd64/trap.c:264 #8 kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 #9 alltraps_kern_meltdown+0x7b #10 copyout+0x5e #11 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #11 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #12 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10152 6394K 6416K 78643K 11337 0 pcb 13 16K 20K 78643K 19 0 rtable 112 3K 4K 78643K 2438 0 ifaddr 39 10K 10K 78643K 259 0 sysctl 3 1K 3K 78643K 6 0 counters 44 34K 34K 78643K 106 0 ioctlops 0 0K 2K 78643K 233 0 iov 0 0K 20K 78643K 2684 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1209 76K 76K 78643K 6235 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 177 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 3888 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 8 25K 33K 78643K 19183 0 sigio 0 0K 0K 78643K 1121 0 proc 56 74K 99K 78643K 2232 0 subproc 26 1K 1K 78643K 429 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1729 0 in_multi 33 2K 2K 78643K 561 0 ether_multi 1 0K 0K 78643K 69 0 mrt 1 0K 0K 78643K 5 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 229 1023K 1023K 78643K 229 0 exec 0 0K 2K 78643K 3650 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 307 39K 67K 78643K 253092 0 UVM aobj 131 4K 5K 78643K 146 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 519 0 NDP 5 0K 0K 78643K 102 0 temp 76 4195K 4291K 78643K 46979 0 kqueue 12 18K 32K 78643K 1457 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 2386 0 2383 37 36 1 7 0 8 0 rtentry 112 406 0 359 2 0 2 2 0 8 0 unpcb 128 14572 0 14559 126 125 1 9 0 8 0 syncache 296 136 0 136 35 35 0 1 0 8 0 tcpqe 32 47 0 47 17 17 0 1 0 8 0 tcpcb 736 21665 0 21649 446 437 9 31 0 8 6 arp 120 73 0 67 1 0 1 1 0 8 0 ipq 40 98 0 98 13 12 1 1 0 8 1 ipqe 40 250 0 250 13 12 1 1 0 8 1 inpcb 304 36042 0 36027 330 322 8 20 0 8 6 rttmr 72 9 0 8 3 2 1 1 0 8 0 ip6q 72 84 0 84 12 12 0 1 0 8 0 ip6af 40 169 0 169 12 12 0 1 0 8 0 nd6 48 112 0 104 1 0 1 1 0 8 0 kcovpl 48 33 0 31 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1702 0 1463 20 5 15 16 0 8 0 art_table 32 1703 0 1463 3 0 3 3 0 8 0 art_node 16 405 0 362 1 0 1 1 0 8 0 sysvmsgpl 40 21 0 14 2 1 1 1 0 8 0 semapl 112 3886 0 3876 1 0 1 1 0 8 0 shmpl 112 143 0 15 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 27894 0 26450 95 4 91 91 0 8 0 ffsino 272 27894 0 26450 98 1 97 97 0 8 0 nchpl 144 52710 0 51102 60 0 60 60 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 174389 0 174389 5 4 1 1 0 8 1 percpumem 16 65 0 31 1 0 1 1 0 8 0 scxspl 216 154696 0 154696 65 64 1 7 0 8 1 plimitpl 152 3421 0 3411 1 0 1 1 0 8 0 sigapl 424 19312 0 19278 4 0 4 4 0 8 0 futexpl 64 134863 0 134860 6 5 1 1 0 8 0 knotepl 112 309 0 0 3 0 3 3 0 8 0 kqueuepl 216 7489 0 7472 118 116 2 9 0 8 1 pipepl 336 5586 0 5576 149 144 5 9 0 8 4 fdescpl 496 19297 0 19278 3 0 3 3 0 8 0 filepl 152 149645 0 149539 247 239 8 15 0 8 3 lockfpl 104 2749 0 2747 3 2 1 2 0 8 0 lockfspl 48 692 0 690 1 0 1 1 0 8 0 sessionpl 144 48 0 38 1 0 1 1 0 8 0 pgrppl 48 354 0 344 1 0 1 1 0 8 0 ucredpl 96 27094 0 27082 1 0 1 1 0 8 0 zombiepl 144 19278 0 19278 2 1 1 1 0 8 1 processpl 1064 19312 0 19278 3 0 3 3 0 8 0 procpl 672 60448 0 60403 29 24 5 6 0 8 1 sosppl 168 231 0 231 40 39 1 1 0 8 1 sockpl 480 53558 0 53527 1019 1007 12 37 0 8 8 mcl64k 65536 36 0 0 4 1 3 3 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 33 0 0 2 0 2 2 0 8 0 mcl9k 9216 33 0 0 2 0 2 2 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 49 0 0 4 1 3 3 0 8 0 mcl2k2 2112 8 0 0 1 0 1 1 0 8 0 mcl2k 2048 371 0 0 24 10 14 19 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 1438 0 0 31 3 28 28 0 8 0 bufpl 288 35704 0 29379 453 1 452 453 0 8 0 anonpl 24 5878531 0 5865484 472 380 92 109 0 186 0 amapchunkpl 152 620752 0 620144 149 125 24 41 0 158 0 amappl16 200 66163 0 65795 416 396 20 36 0 8 0 amappl15 192 4590 0 4586 1 0 1 1 0 8 0 amappl14 184 24 0 22 1 0 1 1 0 8 0 amappl13 176 1477 0 1473 1 0 1 1 0 8 0 amappl12 168 2131 0 2131 1 1 0 1 0 8 0 amappl11 160 7044 0 7029 1 0 1 1 0 8 0 amappl10 152 3030 0 3025 1 0 1 1 0 8 0 amappl9 144 1096 0 1094 1 0 1 1 0 8 0 amappl8 136 1380 0 1252 5 0 5 5 0 8 0 amappl7 128 376 0 368 1 0 1 1 0 8 0 amappl6 120 1070 0 1055 1 0 1 1 0 8 0 amappl5 112 20853 0 20830 1 0 1 1 0 8 0 amappl4 104 9620 0 9595 1 0 1 1 0 8 0 amappl3 96 3685 0 3668 1 0 1 1 0 8 0 amappl2 88 22090 0 22040 3 1 2 2 0 8 0 amappl1 80 338456 0 338006 13 3 10 12 0 8 0 amappl 88 251652 0 251470 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 145 0 15 3 0 3 3 0 8 0 uaddrrnd 24 19297 0 19278 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 19297 0 19278 1 0 1 1 0 8 0 vmmpekpl 168 156821 0 156797 2 0 2 2 0 8 0 vmmpepl 168 1792690 0 1790858 441 358 83 101 0 357 0 vmsppl 368 19296 0 19278 2 0 2 2 0 8 0 rwobjpl 56 458817 0 451562 192 89 103 106 0 8 0 pdppl 4096 38602 0 38556 78 32 46 50 0 8 0 pvpl 32 9378153 0 9361319 711 555 156 198 0 265 10 pmappl 248 19296 0 19278 2 0 2 2 0 8 0 extentpl 40 57 0 38 1 0 1 1 0 8 0 phpool 112 1422 0 645 25 2 23 23 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffffffff827adff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc softintr_dispatch(0) at softintr_dispatch+0x4e sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x1f spllower(0) at spllower+0x87 sys/arch/amd64/amd64/intr.c:729 tsleep(ffffffff829d3620,120,ffffffff82433452,2) at tsleep+0x13f sys/kern/kern_synch.c:148 sys_nanosleep(ffff8000fffeefc0,ffff8000246ca3a0,ffff8000246ca400) at sys_nanosleep+0x1f5 sys/kern/kern_time.c:299 syscall(ffff8000246ca470) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000246ca470) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffdc960, count: 4 ddb{0}> trace x86_ipi_db(ffffffff827adff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc softintr_dispatch(0) at softintr_dispatch+0x4e sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x1f spllower(0) at spllower+0x87 sys/arch/amd64/amd64/intr.c:729 tsleep(ffffffff829d3620,120,ffffffff82433452,2) at tsleep+0x13f sys/kern/kern_synch.c:148 sys_nanosleep(ffff8000fffeefc0,ffff8000246ca3a0,ffff8000246ca400) at sys_nanosleep+0x1f5 sys/kern/kern_time.c:299 syscall(ffff8000246ca470) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000246ca470) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffdc960, count: -11 ddb{0}> machine ddbcpu 1 Stopped at uvm_fault_lower+0xbb1: movq 0(%rbx),%rdi uvm_fault_lower(ffff8000246d5c70,ffff8000246d5ca8,ffff8000246d5bf0,0) at uvm_fault_lower+0xbb1 sys/uvm/uvm_fault.c:1325 uvm_fault(fffffd807efff2e0,20000000,0,2) at uvm_fault+0x24f sys/uvm/uvm_fault.c:640 kpageflttrap(ffff8000246d5e00,200000c0) at kpageflttrap+0x1fd sys/arch/amd64/amd64/trap.c:264 kerntrap(ffff8000246d5e00) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b copyout() at copyout+0x5e syscall(ffff8000246d60a0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000246d60a0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9220ceb1070, count: 7 ddb{1}> trace uvm_fault_lower(ffff8000246d5c70,ffff8000246d5ca8,ffff8000246d5bf0,0) at uvm_fault_lower+0xbb1 sys/uvm/uvm_fault.c:1325 uvm_fault(fffffd807efff2e0,20000000,0,2) at uvm_fault+0x24f sys/uvm/uvm_fault.c:640 kpageflttrap(ffff8000246d5e00,200000c0) at kpageflttrap+0x1fd sys/arch/amd64/amd64/trap.c:264 kerntrap(ffff8000246d5e00) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b copyout() at copyout+0x5e syscall(ffff8000246d60a0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000246d60a0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9220ceb1070, count: -8