kernel: page fault trap, code=10 Stopped at 0 TID PID UID PRFLAGS PFLAGS CPU COMMAND * 3136 65419 0 0x8000000 0x4000000 0K syz-executor.6 69184 51863 0 0x14000 0x200 1 reaper 0(0,0,ffff800000de5a00,ffffffff82cf6ff0,0,0) at 0 timeout_run(fffffd80580f9e78) at timeout_run+0xd0 sys/kern/kern_timeout.c:666 softclock_process_kclock_timeout(fffffd80580f9e78,0) at softclock_process_kclock_timeout+0x1cf sys/kern/kern_timeout.c:696 softclock(0) at softclock+0x150 sys/kern/kern_timeout.c:749 softintr_dispatch(0) at softintr_dispatch+0xcd sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x27 uvn_flush(fffffd806d45a3e0,0,0,31) at uvn_flush+0x89e sys/uvm/uvm_vnode.c:846 uvm_vnp_sync(ffff8000006cec00) at uvm_vnp_sync+0x16e sys/uvm/uvm_vnode.c:1540 sys_sync(ffff800030d1a040,ffff80002a2ad070,ffff80002a2acfc0) at sys_sync+0x9b sys/kern/vfs_syscalls.c:535 syscall(ffff80002a2ad070) at syscall+0x854 mi_syscall sys/sys/syscall_mi.h:180 [inline] syscall(ffff80002a2ad070) at syscall+0x854 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcac96bdd010, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: attempt to execute user address 0x0 in supervisor mode ddb{0}> trace 0(0,0,ffff800000de5a00,ffffffff82cf6ff0,0,0) at 0 timeout_run(fffffd80580f9e78) at timeout_run+0xd0 sys/kern/kern_timeout.c:666 softclock_process_kclock_timeout(fffffd80580f9e78,0) at softclock_process_kclock_timeout+0x1cf sys/kern/kern_timeout.c:696 softclock(0) at softclock+0x150 sys/kern/kern_timeout.c:749 softintr_dispatch(0) at softintr_dispatch+0xcd sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x27 uvn_flush(fffffd806d45a3e0,0,0,31) at uvn_flush+0x89e sys/uvm/uvm_vnode.c:846 uvm_vnp_sync(ffff8000006cec00) at uvm_vnp_sync+0x16e sys/uvm/uvm_vnode.c:1540 sys_sync(ffff800030d1a040,ffff80002a2ad070,ffff80002a2acfc0) at sys_sync+0x9b sys/kern/vfs_syscalls.c:535 syscall(ffff80002a2ad070) at syscall+0x854 mi_syscall sys/sys/syscall_mi.h:180 [inline] syscall(ffff80002a2ad070) at syscall+0x854 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcac96bdd010, count: -10 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80002a2acc20 rbx 0 rdx 0xffff800000de5a00 rcx 0xffff800030d1a040 rax 0x9 r8 0xd7 r9 0xd7 r10 0xacd5893cb9123734 r11 0 r12 0 r13 0xffffffff82ccac50 timeout_spinlock_obj r14 0 r15 0 rip 0 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002a2acbd8 ss 0x10 0 ddb{0}> show proc PROC (syz-executor.6) tid=3136 pid=65419 tcnt=2 stat=onproc flags process=8000000 proc=4000000 runpri=32, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff800030d1ad10,0xffff800030d1afb0 process=0xffff80002a158d58 user=0xffff80002a2a8000, vmspace=0xfffffd806ad8dc18 estcpu=34, cpticks=2, pctcpu=0.0, user=0, sys=1, intr=1 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 8520 467517 9525 0 2 0x8000000 syz-executor.5 8520 113305 9525 0 3 0xc000080 fsleep syz-executor.5 65419 393199 54338 0 2 0x8000000 syz-executor.6 *65419 3136 54338 0 7 0xc000000 syz-executor.6 5228 50284 24582 0 3 0x810008a sigsusp sh 94976 49583 66055 0 2 0x8000000 syz-executor.1 94976 420130 66055 0 3 0xc000080 fsleep syz-executor.1 24582 403912 2702 0 3 0x8000082 wait syz-executor.7 87404 253081 2702 0 2 0x8000482 syz-executor.3 9704 390902 1 0 3 0x8000080 nanoslp init 36143 77050 0 0 3 0x14200 acct acct 9525 85008 2702 0 2 0x8000482 syz-executor.5 10861 236308 2702 0 2 0x8000002 syz-executor.0 54338 508521 2702 0 2 0x8000482 syz-executor.6 66055 484811 2702 0 2 0x8000482 syz-executor.1 16323 262404 2702 0 2 0x8000482 syz-executor.4 74418 389002 2702 0 2 0x8000482 syz-executor.2 89440 108671 0 0 3 0x14200 bored sosplice 2702 96729 79781 0 3 0x1a000082 thrsleep syz-fuzzer 2702 354558 79781 0 2 0x1e000482 syz-fuzzer 2702 459700 79781 0 3 0x1e000082 thrsleep syz-fuzzer 2702 127758 79781 0 3 0x1e000082 wait syz-fuzzer 2702 28462 79781 0 3 0x1e000082 wait syz-fuzzer 2702 263241 79781 0 3 0x1e000082 thrsleep syz-fuzzer 2702 130604 79781 0 3 0x1e000082 thrsleep syz-fuzzer 2702 273417 79781 0 3 0x1e000082 wait syz-fuzzer 2702 454983 79781 0 3 0x1e000082 wait syz-fuzzer 2702 264081 79781 0 3 0x1e000082 wait syz-fuzzer 2702 201105 79781 0 3 0x1e000082 thrsleep syz-fuzzer 2702 326542 79781 0 3 0x1e000082 kqread syz-fuzzer 2702 469303 79781 0 3 0x1e000082 thrsleep syz-fuzzer 2702 65103 79781 0 3 0x1e000082 wait syz-fuzzer 2702 162657 79781 0 3 0x1e000082 wait syz-fuzzer 2702 45579 79781 0 3 0x1e000082 wait syz-fuzzer 79781 313518 31611 0 3 0x810008a sigsusp ksh 31611 304240 35148 0 3 0x1800009a kqread sshd 35148 28844 1 0 3 0x18000088 kqread sshd 28362 276094 49257 73 3 0x19100090 kqread syslogd 49257 332434 1 0 3 0x18100082 sbwait syslogd 30771 50883 1 0 3 0x18100080 kqread resolvd 62609 213659 39164 77 3 0x18100092 kqread dhcpleased 77234 103630 39164 77 3 0x18100092 kqread dhcpleased 39164 315556 1 0 3 0x18000080 kqread dhcpleased 82926 236356 0 0 3 0x14200 bored smr 86689 390080 0 0 2 0x14200 zerothread 89978 408523 0 0 3 0x14200 aiodoned aiodoned 19880 520207 0 0 3 0x14200 syncer update 78023 161623 0 0 3 0x14200 cleaner cleaner 51863 69184 0 0 7 0x14200 reaper 46581 347431 0 0 3 0x14200 pgdaemon pagedaemon 2625 47174 0 0 3 0x14200 bored viomb 42567 108085 0 0 3 0x40014200 acpi0 acpi0 40401 512143 0 0 3 0x40014200 idle1 60684 314429 0 0 3 0x14200 bored softnet3 32586 333529 0 0 3 0x14200 bored softnet2 20385 199369 0 0 3 0x14200 bored softnet1 18280 304633 0 0 3 0x14200 bored softnet0 31443 146696 0 0 3 0x14200 bored systqmp 65471 61186 0 0 3 0x14200 bored systq 89908 261240 0 0 2 0x14200 softclockmp 30736 141389 0 0 2 0x40014200 softclock 13688 343628 0 0 3 0x40014200 idle0 1 232480 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: shared mutex timeout r = 0 (0xffffffff82ccac50) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 timeout_run+0xbb sys/kern/kern_timeout.c:662 #2 softclock_process_kclock_timeout+0x1cf sys/kern/kern_timeout.c:696 #3 softclock+0x150 sys/kern/kern_timeout.c:749 #4 softintr_dispatch+0xcd sys/arch/amd64/amd64/softintr.c:90 #5 Xsoftclock+0x27 #6 uvn_flush+0x89e sys/uvm/uvm_vnode.c:846 #7 uvm_vnp_sync+0x16e sys/uvm/uvm_vnode.c:1540 #8 sys_sync+0x9b sys/kern/vfs_syscalls.c:535 #9 syscall+0x854 mi_syscall sys/sys/syscall_mi.h:180 [inline] #9 syscall+0x854 sys/arch/amd64/amd64/trap.c:577 #10 Xsyscall+0x128 Process 65419 (syz-executor.6) thread 0xffff800030d1a040 (3136) Process 10861 (syz-executor.0) thread 0xffff800033f5e7e0 (236308) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10201 6456K 6764K 166960K 13724 0 pcb 17 18K 20K 166960K 1183 0 rtable 157 14K 16K 166960K 1874 0 pf 39 10K 11K 166960K 288 0 ifaddr 42 15K 16K 166960K 281 0 ifgroup 70 2K 3K 166960K 456 0 sysctl 4 1K 2K 166960K 10 0 counters 72 37K 37K 166960K 284 0 ioctlops 0 0K 4K 166960K 1753 0 iov 0 0K 32K 166960K 367 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1435 90K 91K 166960K 4310 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 5K 13K 166960K 90 0 VM map 2 1K 1K 166960K 2 0 sem 12 1K 1K 166960K 156 0 dirhash 12 2K 3K 166960K 168 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 14 49K 87K 166960K 5213 0 sigio 0 0K 0K 166960K 98 0 proc 52 66K 128K 166960K 1863 0 subproc 104 6K 7K 166960K 601 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 1364 0 in_multi 63 4K 7K 166960K 825 0 ether_multi 1 0K 0K 166960K 122 0 mrt 1 0K 0K 166960K 16 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 103 466K 466K 166960K 103 0 exec 0 0K 1K 166960K 1534 0 pfkey data 0 0K 0K 166960K 44 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 264 90K 131K 166960K 47205 0 UVM aobj 18 6K 6K 166960K 20 0 pinsyscall 33 66K 100K 166960K 7320 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 432 0 NDP 17 0K 2K 166960K 208 0 temp 74 6820K 14756K 166960K 156452 0 kqueue 12 18K 31K 166960K 820 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 649 0 646 2 1 1 2 0 8 0 rtentry 112 603 0 540 5 2 3 4 0 8 0 unpcb 144 4565 0 4552 23 21 2 6 0 8 1 syncache 336 6 0 6 3 3 0 1 0 8 0 tcpqe 32 40 0 40 3 3 0 1 0 8 0 tcpcb 808 2018 0 2012 64 55 9 11 0 8 8 arp 120 107 0 95 1 0 1 1 0 8 0 inpcb 384 7358 0 7350 110 101 9 22 0 8 8 nd6 136 164 0 149 2 1 1 2 0 8 0 pkpcb 40 39 0 39 18 17 1 1 0 8 1 kcovpl 48 46 0 38 1 0 1 1 0 8 0 ppxss 1168 36 0 36 22 21 1 1 0 8 1 pffrag 232 41 0 36 4 3 1 1 0 482 0 pffrnode 88 41 0 36 4 3 1 1 0 8 0 pffrent 40 343 0 338 4 3 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 455 0 400 1 0 1 1 0 8 0 pfstkey 128 455 0 400 4 1 3 3 0 8 0 pfstate 376 455 0 400 13 7 6 7 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 rttmr 136 1 0 1 1 1 0 1 0 8 0 art_heap8 4096 2 0 1 2 1 1 2 0 8 0 art_heap4 256 2211 0 1931 50 32 18 29 0 8 0 art_table 32 2213 0 1932 4 0 4 4 0 8 0 art_node 16 590 0 534 1 0 1 1 0 8 0 sysvmsgpl 40 13 0 8 3 2 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 151 0 141 1 0 1 1 0 8 0 shmpl 112 17 0 2 1 0 1 1 0 8 0 dirhash 1024 121 0 104 3 0 3 3 0 8 0 dino2pl 256 10410 0 8866 98 0 98 98 0 8 0 ffsino 272 10410 0 8866 104 0 104 104 0 8 0 nchpl 144 18089 0 17480 67 40 27 67 0 8 0 uvmvnodes 80 9566 0 0 196 0 196 196 0 8 0 vnodes 216 9566 0 0 532 0 532 532 0 8 0 namei 1024 66492 0 66492 20 19 1 2 0 8 1 percpumem 16 156 0 106 1 0 1 1 0 8 0 vcpupl 3904 12 0 3 2 0 2 2 0 8 0 vmpool 696 37 0 28 4 3 1 1 0 8 0 kstatmem 264 242 0 212 5 2 3 3 0 8 0 scsiplug 72 19 0 19 13 13 0 1 0 8 0 scxspl 216 141933 0 141933 22 20 2 8 1 8 2 plimitpl 152 986 0 971 1 0 1 1 0 8 0 sigapl 424 5479 0 5430 8 1 7 8 0 8 0 futexpl 64 91430 0 91428 13 12 1 1 0 8 0 knotepl 120 895 0 0 20 0 20 20 0 8 0 kqueuepl 216 1831 0 1823 12 11 1 5 0 8 0 pipepl 320 829 0 800 3 0 3 3 0 8 0 fdescpl 496 5434 0 5409 8 4 4 5 0 8 0 filepl 152 40213 0 39978 43 29 14 18 0 8 0 lockfpl 104 1459 0 1457 2 1 1 2 0 8 0 lockfspl 48 503 0 501 1 0 1 1 0 8 0 sessionpl 144 65 0 50 1 0 1 1 0 8 0 pgrppl 48 136 0 121 1 0 1 1 0 8 0 ucredpl 104 7873 0 7857 1 0 1 1 0 8 0 zombiepl 144 5434 0 5430 4 3 1 1 0 8 0 processpl 1136 5479 0 5430 6 1 5 6 0 8 0 procpl 656 11423 0 11356 9 1 8 9 0 8 0 srpgc 96 42 0 42 14 14 0 1 0 8 0 sosppl 168 127 0 127 24 23 1 1 0 8 1 sockpl 664 12665 0 12641 119 109 10 19 0 8 8 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 9 0 0 2 0 2 2 0 8 0 mcl4k 4096 5 0 0 1 0 1 1 0 8 0 mcl2k2 2112 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 677 0 0 40 12 28 40 0 8 0 mtagpl 96 13 0 0 1 0 1 1 0 8 0 mbufpl 256 1427 0 0 59 0 59 59 0 8 0 bufpl 280 18901 0 9292 687 0 687 687 0 8 0 anonpl 24 887972 0 881572 232 161 71 117 0 186 0 amapchunkpl 152 160460 0 159850 129 95 34 52 0 158 4 amappl16 200 19782 0 19642 167 147 20 33 0 8 8 amappl15 192 68 0 66 1 0 1 1 0 8 0 amappl14 184 282 0 269 2 1 1 2 0 8 0 amappl13 176 12 0 12 1 1 0 1 0 8 0 amappl12 168 6673 0 6642 3 1 2 3 0 8 0 amappl11 160 58 0 48 1 0 1 1 0 8 0 amappl10 152 103 0 93 1 0 1 1 0 8 0 amappl9 144 169 0 169 2 2 0 1 0 8 0 amappl8 136 239 0 204 2 0 2 2 0 8 0 amappl7 128 62 0 47 1 0 1 1 0 8 0 amappl6 120 795 0 779 2 1 1 2 0 8 0 amappl5 112 321 0 308 1 0 1 1 0 8 0 amappl4 104 832 0 799 3 1 2 2 0 8 0 amappl3 96 29344 0 29281 3 0 3 3 0 8 0 amappl2 88 5952 0 5885 4 2 2 4 0 8 0 amappl1 80 27481 0 27016 23 12 11 22 0 8 0 amappl 88 45981 0 45808 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 19 0 2 1 0 1 1 0 8 0 uaddrrnd 24 5471 0 5437 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5471 0 5437 1 0 1 1 0 8 0 vmmpekpl 168 39173 0 39111 4 0 4 4 0 8 0 vmmpepl 168 344971 0 343259 250 142 108 114 0 357 16 vmsppl 440 5470 0 5436 6 1 5 5 0 8 0 rwobjpl 56 94069 0 83440 176 22 154 154 0 8 1 pdppl 4096 10949 0 10881 283 207 76 78 0 8 8 pvpl 32 46859 0 0 380 2 378 378 0 265 0 pmappl 248 5470 0 5436 7 4 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 756 0 352 12 0 12 12 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace 0(0,0,ffff800000de5a00,ffffffff82cf6ff0,0,0) at 0 timeout_run(fffffd80580f9e78) at timeout_run+0xd0 sys/kern/kern_timeout.c:666 softclock_process_kclock_timeout(fffffd80580f9e78,0) at softclock_process_kclock_timeout+0x1cf sys/kern/kern_timeout.c:696 softclock(0) at softclock+0x150 sys/kern/kern_timeout.c:749 softintr_dispatch(0) at softintr_dispatch+0xcd sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x27 uvn_flush(fffffd806d45a3e0,0,0,31) at uvn_flush+0x89e sys/uvm/uvm_vnode.c:846 uvm_vnp_sync(ffff8000006cec00) at uvm_vnp_sync+0x16e sys/uvm/uvm_vnode.c:1540 sys_sync(ffff800030d1a040,ffff80002a2ad070,ffff80002a2acfc0) at sys_sync+0x9b sys/kern/vfs_syscalls.c:535 syscall(ffff80002a2ad070) at syscall+0x854 mi_syscall sys/sys/syscall_mi.h:180 [inline] syscall(ffff80002a2ad070) at syscall+0x854 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcac96bdd010, count: -10 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffff800029cebff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82e31438) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82e31438) at __mp_lock+0x129 sys/kern/kern_lock.c:147 uvm_unmap_detach(ffff80002a155af0,1) at uvm_unmap_detach+0x113 sys/uvm/uvm_map.c:1371 uvm_map_teardown(fffffd806ad8d8a8) at uvm_map_teardown+0x2f8 sys/uvm/uvm_map.c:2554 uvmspace_free(fffffd806ad8d8a8) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3461 reaper(ffff80002a148f68) at reaper+0x197 sys/kern/kern_exit.c:463 end trace frame: 0x0, count: 7 ddb{1}> trace x86_ipi_db(ffff800029cebff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82e31438) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82e31438) at __mp_lock+0x129 sys/kern/kern_lock.c:147 uvm_unmap_detach(ffff80002a155af0,1) at uvm_unmap_detach+0x113 sys/uvm/uvm_map.c:1371 uvm_map_teardown(fffffd806ad8d8a8) at uvm_map_teardown+0x2f8 sys/uvm/uvm_map.c:2554 uvmspace_free(fffffd806ad8d8a8) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3461 reaper(ffff80002a148f68) at reaper+0x197 sys/kern/kern_exit.c:463 end trace frame: 0x0, count: -8