uvm_fault(0xfffffd807eff9740, 0x7, 0, 1) -> e kernel: page fault trap, code=0 Stopped at ktrops+0x4e: movq 0x8(%rbx),%r14 TID PID UID PRFLAGS PFLAGS CPU COMMAND * 12399 35666 0 0 0x4000000 0K syz-executor.0 56327 14190 0 0x2 0 1 syz-executor.5 ktrops(ffff80002121ba98,ffffffffffffffff,0,80000110,fffffd806996d8a8,fffffd807f7d65b0) at ktrops+0x4e ktrcanset sys/kern/kern_ktrace.c:700 [inline] ktrops(ffff80002121ba98,ffffffffffffffff,0,80000110,fffffd806996d8a8,fffffd807f7d65b0) at ktrops+0x4e sys/kern/kern_ktrace.c:543 doktrace(fffffd806996d8a8,4,110,0,ffff80002121ba98) at doktrace+0x524 ktrsetchildren sys/kern/kern_ktrace.c:568 [inline] doktrace(fffffd806996d8a8,4,110,0,ffff80002121ba98) at doktrace+0x524 sys/kern/kern_ktrace.c:490 sys_ktrace(ffff80002121ba98,ffff80002618d580,ffff80002618d5d0) at sys_ktrace+0xd6 sys/kern/kern_ktrace.c:531 syscall(ffff80002618d650) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002618d650) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5be2a2a0f20, count: 10 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xfffffd807eff9740, 0x7, 0, 1) -> e ddb{0}> trace ktrops(ffff80002121ba98,ffffffffffffffff,0,80000110,fffffd806996d8a8,fffffd807f7d65b0) at ktrops+0x4e ktrcanset sys/kern/kern_ktrace.c:700 [inline] ktrops(ffff80002121ba98,ffffffffffffffff,0,80000110,fffffd806996d8a8,fffffd807f7d65b0) at ktrops+0x4e sys/kern/kern_ktrace.c:543 doktrace(fffffd806996d8a8,4,110,0,ffff80002121ba98) at doktrace+0x524 ktrsetchildren sys/kern/kern_ktrace.c:568 [inline] doktrace(fffffd806996d8a8,4,110,0,ffff80002121ba98) at doktrace+0x524 sys/kern/kern_ktrace.c:490 sys_ktrace(ffff80002121ba98,ffff80002618d580,ffff80002618d5d0) at sys_ktrace+0xd6 sys/kern/kern_ktrace.c:531 syscall(ffff80002618d650) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002618d650) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5be2a2a0f20, count: -5 ddb{0}> show registers rdi 0xffff8000218de000 rsi 0x2269 __ALIGN_SIZE+0x1269 rbp 0xffff80002618d370 rbx 0xffffffffffffffff rdx 0xffff8000218de000 rcx 0x2268 __ALIGN_SIZE+0x1268 rax 0xffffffff81bd3923 ktrops+0x43 r8 0xfffffd806996d8a8 r9 0xfffffd807f7d65b0 r10 0x1ecf543e38cef538 r11 0x1a3bdaccd3e39a50 r12 0xffffffffffffffff r13 0xfffffd807f7d65b0 r14 0xffff80002121ba98 r15 0x80000110 __kernel_virt_to_phys+0x110 rip 0xffffffff81bd392e ktrops+0x4e cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002618d2f0 ss 0x10 ktrops+0x4e: movq 0x8(%rbx),%r14 ddb{0}> show proc PROC (syz-executor.0) tid=12399 pid=35666 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=17, usrpri=86, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002121bd40,0xffff8000211f5d68 process=0xffff80002e461d70 user=0xffff800026188000, vmspace=0xfffffd807eff9740 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 46341 507570 3519 0 2 0x480 syz-executor.2 46341 176439 3519 0 3 0x4000080 fsleep syz-executor.2 8494 117773 87419 0 2 0 syz-executor.3 8494 362786 87419 0 2 0x4000000 syz-executor.3 20493 32199 0 0 2 0x14280 nfsio 34800 112880 0 0 2 0x14280 nfsio 83388 152341 0 0 2 0x14280 nfsio 43259 285319 0 0 2 0x14280 nfsio 55599 303744 0 0 2 0x14280 nfsio 12838 62910 0 0 2 0x14280 nfsio 64361 296941 0 0 2 0x14280 nfsio 51121 213650 0 0 2 0x14280 nfsio 2690 279847 0 0 2 0x14280 nfsio 92083 62887 0 0 2 0x14280 nfsio 22801 169322 0 0 2 0x14280 nfsio 9343 293305 0 0 2 0x14280 nfsio 54290 405675 0 0 2 0x14280 nfsio 84403 238873 0 0 2 0x14280 nfsio 71222 12362 0 0 2 0x14280 nfsio 37393 199057 0 0 2 0x14280 nfsio 8418 498749 0 0 2 0x14280 nfsio 95964 163459 0 0 2 0x14280 nfsio 73812 192048 23457 0 2 0x480 syz-executor.7 73812 476412 23457 0 3 0x4000080 kqread syz-executor.7 73812 200440 23457 0 3 0x4000080 fsleep syz-executor.7 35666 346167 56263 0 2 0 syz-executor.0 *35666 12399 56263 0 7 0x4000000 syz-executor.0 83148 54744 65752 0 2 0 syz-executor.4 83148 183504 65752 0 2 0x4000480 syz-executor.4 56263 495389 71441 0 2 0x2 syz-executor.0 81688 122848 71441 0 2 0x2 syz-executor.1 3519 427588 71441 0 2 0x482 syz-executor.2 68986 300601 71441 0 2 0x482 syz-executor.6 65752 287254 71441 0 2 0x482 syz-executor.4 23457 172633 71441 0 2 0x482 syz-executor.7 87419 170559 71441 0 2 0x482 syz-executor.3 55400 112308 1 0 3 0x100083 ttyin getty 14190 56327 71441 0 7 0x2 syz-executor.5 92472 140631 0 0 3 0x14200 bored sosplice 71441 52911 46925 0 3 0x2000082 wait syz-fuzzer 71441 164124 46925 0 2 0x6000482 syz-fuzzer 71441 401513 46925 0 3 0x6000082 wait syz-fuzzer 71441 319226 46925 0 3 0x6000082 wait syz-fuzzer 71441 481930 46925 0 3 0x6000082 wait syz-fuzzer 71441 267635 46925 0 3 0x6000082 wait syz-fuzzer 71441 197570 46925 0 3 0x6000082 thrsleep syz-fuzzer 71441 194155 46925 0 3 0x6000082 wait syz-fuzzer 71441 362532 46925 0 3 0x6000082 thrsleep syz-fuzzer 71441 115212 46925 0 3 0x6000082 wait syz-fuzzer 71441 9202 46925 0 3 0x6000082 thrsleep syz-fuzzer 71441 209485 46925 0 3 0x6000082 thrsleep syz-fuzzer 71441 154353 46925 0 3 0x6000082 wait syz-fuzzer 71441 186567 46925 0 3 0x6000082 kqread syz-fuzzer 71441 381934 46925 0 3 0x6000082 thrsleep syz-fuzzer 71441 444467 46925 0 3 0x6000082 thrsleep syz-fuzzer 46925 213039 37661 0 3 0x10008a sigsusp ksh 37661 481436 17771 0 3 0x9a kqread sshd 17771 464823 1 0 3 0x88 kqread sshd 21332 56195 36437 74 3 0x1100092 bpf pflogd 36437 461377 1 0 3 0x80 netio pflogd 21575 485809 56230 73 2 0x1100090 syslogd 56230 480619 1 0 3 0x100082 netio syslogd 37836 475872 1 0 3 0x100080 kqread resolvd 53598 446823 89539 77 3 0x100092 kqread dhcpleased 90745 463556 89539 77 3 0x100092 kqread dhcpleased 89539 344149 1 0 3 0x80 kqread dhcpleased 57299 277555 0 0 3 0x14200 bored smr 75898 456262 0 0 2 0x14200 zerothread 49874 350141 0 0 3 0x14200 aiodoned aiodoned 88400 409445 0 0 3 0x14200 syncer update 15538 285566 0 0 3 0x14200 cleaner cleaner 43374 267793 0 0 3 0x14200 reaper reaper 92293 390144 0 0 3 0x14200 pgdaemon pagedaemon 74428 352050 0 0 3 0x14200 bored viomb 4361 102449 0 0 3 0x40014200 acpi0 acpi0 14782 42003 0 0 3 0x40014200 idle1 35266 223503 0 0 3 0x14200 bored softnet3 92624 42447 0 0 3 0x14200 bored softnet2 42651 37928 0 0 3 0x14200 bored softnet1 80290 47808 0 0 3 0x14200 bored softnet0 39124 207666 0 0 3 0x14200 bored systqmp 88671 240497 0 0 3 0x14200 bored systq 9417 267725 0 0 2 0x40014200 softclock 19605 90284 0 0 3 0x40014200 idle0 1 114423 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 35666 (syz-executor.0) thread 0xffff80002121ba98 (12399) Process 14190 (syz-executor.5) thread 0xffff8000211f5808 (56327) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10324 6928K 7807K 78643K 116644 0 pcb 13 20K 24K 78643K 1981 0 rtable 239 7K 7K 78643K 2304 0 pf 34 9K 10K 78643K 863 0 ifaddr 46 19K 21K 78643K 525 0 ifgroup 59 2K 2K 78643K 1349 0 sysctl 3 0K 0K 78643K 7 0 counters 62 36K 36K 78643K 738 0 ioctlops 0 0K 4K 78643K 2626 0 iov 0 0K 28K 78643K 1712 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1634 102K 102K 78643K 30011 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 456 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 1K 78643K 3359 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 15 53K 89K 78643K 28220 0 sigio 0 0K 0K 78643K 384 0 proc 73 91K 115K 78643K 3178 0 subproc 104 6K 8K 78643K 711 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1008 0 in_multi 99 7K 7K 78643K 926 0 ether_multi 1 0K 0K 78643K 31 0 mrt 1 0K 0K 78643K 22 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 241 1076K 1076K 78643K 241 0 exec 0 0K 1K 78643K 4576 0 pfkey data 0 0K 0K 78643K 79 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 519 106K 119K 78643K 280790 0 UVM aobj 131 6K 6K 78643K 138 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 1K 78643K 1210 0 NDP 13 0K 1K 78643K 453 0 temp 74 5920K 6052K 78643K 318886 0 kqueue 13 18K 39K 78643K 1728 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 1244 0 1241 14 13 1 3 0 8 0 rtentry 112 633 0 522 4 0 4 4 0 8 0 unpcb 144 15160 0 15145 182 178 4 8 0 8 3 syncache 304 319 0 319 52 52 0 1 0 8 0 tcpqe 32 402 0 402 44 44 0 1 0 8 0 tcpcb 808 8636 0 8625 279 277 2 19 0 8 0 arp 120 108 0 90 1 0 1 1 0 8 0 ipq 40 67 0 67 1 1 0 1 0 8 0 ipqe 40 201 0 201 1 1 0 1 0 8 0 inpcb 368 18011 0 17997 308 303 5 20 0 8 3 nd6 136 188 0 163 2 1 1 2 0 8 0 pkpcb 40 117 0 117 15 15 0 1 0 8 0 kcovpl 48 51 0 43 1 0 1 1 0 8 0 ppxss 1256 102 0 102 30 30 0 1 0 8 0 pffrag 232 420 0 419 3 2 1 1 0 482 0 pffrnode 88 418 0 417 3 2 1 1 0 8 0 pffrent 40 1208 0 1207 3 2 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 782 0 765 1 0 1 1 0 8 0 pfstkey 128 783 0 766 3 1 2 2 0 8 0 pfstate 376 783 0 766 14 12 2 6 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2608 0 2122 37 6 31 32 0 8 0 art_table 32 2609 0 2122 6 1 5 5 0 8 0 art_node 16 622 0 521 1 0 1 1 0 8 0 sysvmsgpl 40 13 0 12 2 1 1 1 0 8 0 semapl 112 3355 0 3345 1 0 1 1 0 8 0 shmpl 112 135 0 7 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 37571 0 35925 104 0 104 104 0 8 0 ffsino 272 37571 0 35925 111 0 111 111 0 8 0 nchpl 144 74990 0 74486 63 39 24 63 0 8 0 uvmvnodes 80 8865 0 0 181 0 181 181 0 8 0 vnodes 216 8865 0 0 493 0 493 493 0 8 0 namei 1024 275794 0 275794 16 15 1 2 0 8 1 percpumem 16 382 0 338 1 0 1 1 0 8 0 vmpool 696 201 0 201 33 33 0 1 0 8 0 kstatmem 264 702 0 676 9 7 2 3 0 8 0 scxspl 216 228448 0 228448 69 68 1 8 1 8 1 plimitpl 152 3032 0 3015 1 0 1 1 0 8 0 sigapl 424 28965 0 28900 11 3 8 8 0 8 0 futexpl 64 258792 0 258790 5 4 1 1 0 8 0 knotepl 120 1319 0 0 18 4 14 17 0 8 0 kqueuepl 216 4694 0 4653 84 81 3 8 0 8 0 pipepl 320 5578 0 5550 156 153 3 11 0 8 0 fdescpl 496 28441 0 28413 6 2 4 5 0 8 0 filepl 152 187299 0 186953 343 329 14 20 0 8 0 lockfpl 104 39768 0 39697 66 64 2 5 0 8 0 lockfspl 48 18864 0 18793 14 13 1 3 0 8 0 sessionpl 144 68 0 51 1 0 1 1 0 8 0 pgrppl 48 224 0 207 1 0 1 1 0 8 0 ucredpl 104 19558 0 19543 1 0 1 1 0 8 0 zombiepl 144 28901 0 28900 7 6 1 1 0 8 0 processpl 1072 28965 0 28900 5 0 5 5 0 8 0 procpl 680 80891 0 80805 27 19 8 9 0 8 0 sosppl 168 321 0 321 27 27 0 1 0 8 0 sockpl 488 34584 0 34547 703 685 18 36 0 8 10 mcl64k 65536 25 0 0 3 0 3 3 0 8 0 mcl16k 16384 33 0 0 4 1 3 3 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 25 0 0 2 0 2 2 0 8 0 mcl8k 8192 42 0 0 5 2 3 3 0 8 0 mcl4k 4096 62 0 0 5 2 3 4 0 8 0 mcl2k2 2112 17 0 0 2 0 2 2 0 8 0 mcl2k 2048 754 0 0 36 6 30 36 0 8 0 mtagpl 96 2870 0 0 50 0 50 50 0 8 0 mbufpl 256 4024 0 0 187 0 187 187 0 8 0 bufpl 288 49715 0 40849 634 0 634 634 0 8 0 anonpl 24 2626280 0 2611780 263 151 112 124 0 186 0 amapchunkpl 152 880366 0 879439 131 92 39 51 0 158 0 amappl16 200 49999 0 49539 255 229 26 38 0 8 0 amappl15 192 65 0 64 1 0 1 1 0 8 0 amappl14 184 316 0 294 7 5 2 2 0 8 0 amappl13 176 30 0 30 6 6 0 1 0 8 0 amappl12 168 29756 0 29725 3 1 2 2 0 8 0 amappl11 160 55 0 41 1 0 1 1 0 8 0 amappl10 152 80 0 67 1 0 1 1 0 8 0 amappl9 144 339 0 338 1 0 1 1 0 8 0 amappl8 136 1369 0 1112 11 1 10 10 0 8 0 amappl7 128 170 0 155 2 0 2 2 0 8 0 amappl6 120 772 0 746 2 1 1 2 0 8 0 amappl5 112 810 0 799 1 0 1 1 0 8 0 amappl4 104 1289 0 1240 3 1 2 3 0 8 0 amappl3 96 173618 0 173531 4 1 3 3 0 8 0 amappl2 88 29799 0 29714 3 1 2 3 0 8 0 amappl1 80 110751 0 110190 23 10 13 23 0 8 0 amappl 88 279127 0 278861 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 137 0 7 3 0 3 3 0 8 0 uaddrrnd 24 28642 0 28614 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 28642 0 28614 1 0 1 1 0 8 0 vmmpekpl 168 223442 0 223376 5 1 4 4 0 8 0 vmmpepl 168 1676509 0 1673889 584 448 136 161 0 357 0 vmsppl 464 28641 0 28614 5 1 4 5 0 8 0 rwobjpl 56 403160 0 392381 184 31 153 153 0 8 0 pdppl 4096 57292 0 57228 1131 1061 70 82 0 8 6 pvpl 32 7266767 0 7246328 800 611 189 364 0 265 0 pmappl 248 28641 0 28614 3 1 2 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2924 0 1724 35 0 35 35 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace ktrops(ffff80002121ba98,ffffffffffffffff,0,80000110,fffffd806996d8a8,fffffd807f7d65b0) at ktrops+0x4e ktrcanset sys/kern/kern_ktrace.c:700 [inline] ktrops(ffff80002121ba98,ffffffffffffffff,0,80000110,fffffd806996d8a8,fffffd807f7d65b0) at ktrops+0x4e sys/kern/kern_ktrace.c:543 doktrace(fffffd806996d8a8,4,110,0,ffff80002121ba98) at doktrace+0x524 ktrsetchildren sys/kern/kern_ktrace.c:568 [inline] doktrace(fffffd806996d8a8,4,110,0,ffff80002121ba98) at doktrace+0x524 sys/kern/kern_ktrace.c:490 sys_ktrace(ffff80002121ba98,ffff80002618d580,ffff80002618d5d0) at sys_ktrace+0xd6 sys/kern/kern_ktrace.c:531 syscall(ffff80002618d650) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002618d650) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x5be2a2a0f20, count: -5 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 kd_curproc sys/dev/kcov.c:589 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 sys/dev/kcov.c:158 __mp_lock(ffffffff82cf5fa0) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82cf5fa0) at __mp_lock+0x133 sys/kern/kern_lock.c:147 __mp_acquire_count(ffffffff82cf5fa0,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227 mi_switch() at mi_switch+0x46b sys/kern/sched_bsd.c:470 sleep_finish(0,1) at sleep_finish+0x19b sys/kern/kern_synch.c:414 biowait(fffffd80673ee480) at biowait+0x91 sys/kern/vfs_bio.c:1278 bwrite(fffffd80673ee480) at bwrite+0x21c sys/kern/vfs_bio.c:769 ufs_dirremove(fffffd80692135e8,fffffd805aecb450,800c,1) at ufs_dirremove+0x28f ufs_rmdir(ffff800026db7738) at ufs_rmdir+0x247 sys/ufs/ufs/ufs_vnops.c:1315 VOP_RMDIR(fffffd80692135e8,fffffd8064aa0cf8,ffff800026db7818) at VOP_RMDIR+0x12a sys/kern/vfs_vops.c:407 dounlinkat(ffff8000211f5808,ffffff9c,7224937277d0,8) at dounlinkat+0x20e sys/kern/vfs_syscalls.c:1880 end trace frame: 0xffff800026db7980, count: 0 ddb{1}> a No such command