uvm_fault(0xfffffd806e8f38a8, 0xa, 0, 1) -> e kernel: page fault trap, code=0 Stopped at vio_rxeof+0x191: movzwl 0xa(%r15),%eax ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic kernel page fault uvm_fault(0xfffffd806e8f38a8, 0xa, 0, 1) -> e vio_rxeof(ffff80000017b000) at vio_rxeof+0x191 sys/dev/pv/if_vio.c:1018 end trace frame: 0xffff800020e623d0, count: 0 ddb{0}> trace vio_rxeof(ffff80000017b000) at vio_rxeof+0x191 sys/dev/pv/if_vio.c:1018 vio_rx_intr(ffff80000017b050) at vio_rx_intr+0x4d sys/dev/pv/if_vio.c:1056 intr_handler(ffff800020e62430,ffff800000255b80) at intr_handler+0x8f sys/arch/amd64/amd64/intr.c:536 Xintr_ioapic_edge19_untramp() at Xintr_ioapic_edge19_untramp+0x19f __mp_lock(ffffffff828c6fe8) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828c6fe8) at __mp_lock+0x127 sys/kern/kern_lock.c:147 uvm_map_inentry(ffff800020e3f010,ffff800020e3f070,7f7ffffd4c90,ffffffff8242b59f,ffffffff814b8ec0,84) at uvm_map_inentry+0xbe sys/uvm/uvm_map.c:1890 syscall(ffff800020e62690) at syscall+0x397 mi_syscall sys/sys/syscall_mi.h:81 [inline] syscall(ffff800020e62690) at syscall+0x397 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd4cf0, count: -8 ddb{0}> show registers rdi 0xc rsi 0xc rbp 0xffff800020e62370 rbx 0xffff80000017b000 rdx 0 rcx 0xffffffff82789ff0 cpu_info_full_primary+0x1ff0 rax 0xffffffff82789ff0 cpu_info_full_primary+0x1ff0 r8 0x2 r9 0 r10 0x4f3892c9b02c94b2 r11 0x728901e17ec71462 r12 0xffff800000024c00 r13 0xc r14 0xfffffd807ad41600 r15 0 rip 0xffffffff81eae8d1 vio_rxeof+0x191 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800020e622e0 ss 0x10 vio_rxeof+0x191: movzwl 0xa(%r15),%eax ddb{0}> show proc PROC (syz-fuzzer) pid=372550 stat=onproc flags process=2 proc=0 pri=51, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff800020e3f280,0xffff800020e3f500 process=0xffff8000ffffe7d8 user=0xffff800020e5d000, vmspace=0xfffffd806e8f38a8 estcpu=1, cpticks=6, pctcpu=0.14 user=0, sys=0, intr=1 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 46436 471278 33395 0 2 0 syz-executor.1 19958 23046 0 0 3 0x14200 acct acct 35995 521057 1 0 3 0x100083 ttyin getty 33395 134478 60161 0 7 0x2 syz-executor.1 56891 405543 0 0 3 0x14280 nfsidl nfsio 62388 136476 0 0 3 0x14280 nfsidl nfsio 53820 43940 0 0 3 0x14280 nfsidl nfsio 49694 87817 0 0 3 0x14280 nfsidl nfsio 18334 140374 0 0 3 0x14280 nfsidl nfsio 34808 438066 0 0 3 0x14280 nfsidl nfsio 13592 224610 0 0 3 0x14280 nfsidl nfsio 73519 131722 0 0 3 0x14280 nfsidl nfsio 53193 162414 0 0 3 0x14280 nfsidl nfsio 47570 97041 0 0 3 0x14280 nfsidl nfsio 49868 121621 0 0 3 0x14280 nfsidl nfsio 73548 65614 0 0 3 0x14280 nfsidl nfsio 4819 68064 0 0 3 0x14280 nfsidl nfsio 20676 422754 0 0 3 0x14280 nfsidl nfsio 39625 40093 0 0 3 0x14280 nfsidl nfsio 24740 167009 0 0 3 0x14280 nfsidl nfsio 10177 369629 0 0 3 0x14280 nfsidl nfsio 97686 258159 0 0 3 0x14280 nfsidl nfsio 79238 484002 0 0 3 0x14280 nfsidl nfsio 92845 245197 0 0 3 0x14280 nfsidl nfsio 32944 106790 0 0 3 0x14200 bored sosplice 22770 6434 60161 0 2 0x2 syz-executor.0 *60161 372550 63641 0 7 0x2 syz-fuzzer 60161 387334 63641 0 3 0x4000082 nanosleep syz-fuzzer 60161 16082 63641 0 3 0x4000082 thrsleep syz-fuzzer 60161 21210 63641 0 3 0x4000082 nanosleep syz-fuzzer 60161 266477 63641 0 3 0x4000082 thrsleep syz-fuzzer 60161 506700 63641 0 3 0x4000082 thrsleep syz-fuzzer 60161 15102 63641 0 3 0x4000082 thrsleep syz-fuzzer 60161 310208 63641 0 3 0x4000082 thrsleep syz-fuzzer 60161 450458 63641 0 3 0x4000082 thrsleep syz-fuzzer 60161 122555 63641 0 3 0x4000082 kqread syz-fuzzer 63641 54853 43255 0 3 0x10008a pause ksh 43255 129986 9932 0 3 0x92 select sshd 9932 402897 1 0 3 0x80 select sshd 17523 131942 28671 74 3 0x100092 bpf pflogd 28671 373684 1 0 3 0x80 netio pflogd 71022 291839 56266 73 3 0x100090 kqread syslogd 56266 389854 1 0 3 0x100082 netio syslogd 64344 40827 1 77 3 0x100090 poll dhclient 33300 293856 1 0 3 0x80 poll dhclient 14293 340253 0 0 3 0x14200 bored smr 93503 348917 0 0 2 0x14200 zerothread 47182 84774 0 0 3 0x14200 aiodoned aiodoned 14944 333396 0 0 3 0x14200 syncer update 41753 263095 0 0 3 0x14200 cleaner cleaner 88604 220863 0 0 3 0x14200 reaper reaper 3143 475289 0 0 3 0x14200 pgdaemon pagedaemon 19035 141136 0 0 3 0x14200 bored crynlk 77540 271033 0 0 3 0x14200 bored crypto 84486 487196 0 0 3 0x40014200 acpi0 acpi0 72407 82119 0 0 3 0x40014200 idle1 37735 103607 0 0 3 0x14200 bored softnet 32992 383422 0 0 3 0x14200 bored systqmp 60248 277343 0 0 3 0x14200 bored systq 83855 488704 0 0 3 0x40014200 bored softclock 34441 439581 0 0 3 0x40014200 idle0 1 285229 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 60161 (syz-fuzzer) thread 0xffff800020e3f010 (372550) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff828c71f0) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532 #2 Xintr_ioapic_edge19_untramp+0x19f #3 __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] #3 __mp_lock+0x127 sys/kern/kern_lock.c:147 #4 uvm_map_inentry+0xbe sys/uvm/uvm_map.c:1890 #5 syscall+0x397 mi_syscall sys/sys/syscall_mi.h:81 [inline] #5 syscall+0x397 sys/arch/amd64/amd64/trap.c:570 #6 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9535 6425K 7710K 78643K 15884 0 pcb 13 8K 8K 78643K 570 0 rtable 142 9K 12K 78643K 719 0 ifaddr 94 18K 18K 78643K 250 0 sysctl 2 0K 0K 78643K 2 0 counters 43 33K 34K 78643K 71 0 ioctlops 0 0K 4K 78643K 1679 0 iov 0 0K 16K 78643K 109 0 mount 1 1K 1K 78643K 1 0 vnodes 1223 77K 77K 78643K 2705 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 19 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 196 0 dirhash 6 1K 2K 78643K 12 0 ACPI 1824 197K 290K 78643K 13058 0 file desc 5 13K 25K 78643K 1660 0 sigio 0 0K 0K 78643K 14 0 proc 63 63K 95K 78643K 560 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 511 0 in_multi 64 3K 3K 78643K 951 0 ether_multi 1 0K 0K 78643K 303 0 mrt 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 273 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 147 137K 147K 78643K 6005 0 UVM aobj 62 6K 7K 78643K 67 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 811 0 NDP 14 0K 0K 78643K 55 0 temp 149 3886K 3954K 78643K 22881 0 kqueue 5 7K 16K 78643K 30 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 12 0 5 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 55 0 53 1 0 1 1 0 8 0 rtentry 112 147 0 98 2 0 2 2 0 8 0 unpcb 120 635 0 625 1 0 1 1 0 8 0 syncache 264 15 0 15 4 3 1 1 0 8 1 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 1068 0 1068 1 1 0 1 0 8 0 tcpcb 544 1183 0 1179 1 0 1 1 0 8 0 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 2 0 2 1 1 0 1 0 8 0 inpcb 296 2797 0 2787 4 2 2 2 0 8 1 nd6 48 54 0 44 1 0 1 1 0 8 0 pkpcb 40 4 0 4 2 1 1 1 0 8 1 ppxss 1136 1 0 1 1 1 0 1 0 8 0 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pffrag 232 8 0 7 3 2 1 1 0 482 0 pffrnode 88 8 0 7 3 2 1 1 0 8 0 pffrent 40 150 0 149 5 4 1 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 87 0 76 5 3 2 2 0 8 1 pfstitem 24 20 0 17 1 0 1 1 0 8 0 pfstkey 112 24 0 21 1 0 1 1 0 8 0 pfstate 328 22 0 19 2 0 2 2 0 8 0 pfrule 1360 65 0 44 4 2 2 2 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 676 0 397 22 4 18 18 0 8 0 art_table 32 678 0 397 3 0 3 3 0 8 0 art_node 16 146 0 100 1 0 1 1 0 8 0 sysvmsgpl 40 39 0 34 2 1 1 1 0 8 0 semapl 112 190 0 180 1 0 1 1 0 8 0 shmpl 112 64 0 6 2 0 2 2 0 8 0 dirhash 1024 17 0 13 3 1 2 3 0 8 0 dino2pl 256 3621 0 2218 89 0 89 89 0 8 0 ffsino 272 3621 0 2218 95 1 94 95 0 8 0 nchpl 144 6620 0 5031 60 0 60 60 0 8 0 uvmvnodes 72 4905 0 0 90 0 90 90 0 8 0 vnodes 208 4905 0 0 259 0 259 259 0 8 0 namei 1024 18083 0 18083 2 1 1 1 0 8 1 percpumem 16 46 0 14 1 0 1 1 0 8 0 vcpupl 1984 13 0 0 2 0 2 2 0 8 0 vmpool 560 16 0 3 2 0 2 2 0 8 1 pfiaddrpl 120 47 0 31 1 0 1 1 0 8 0 scsiplug 64 117 0 117 2 2 0 1 0 8 0 scxspl 192 18062 0 18062 14 11 3 7 0 8 3 plimitpl 152 83 0 75 1 0 1 1 0 8 0 sigapl 424 1895 0 1842 7 0 7 7 0 8 0 futexpl 56 26118 0 26118 1 0 1 1 0 8 1 knotepl 112 103 0 84 1 0 1 1 0 8 0 kqueuepl 144 118 0 113 1 0 1 1 0 8 0 pipepl 304 236 0 226 5 4 1 2 0 8 0 fdescpl 496 1858 0 1842 3 0 3 3 0 8 0 filepl 152 11406 0 11305 6 1 5 5 0 8 1 lockfpl 104 264 0 263 1 0 1 1 0 8 0 lockfspl 48 94 0 93 1 0 1 1 0 8 0 sessionpl 112 20 0 9 1 0 1 1 0 8 0 pgrppl 48 36 0 25 1 0 1 1 0 8 0 ucredpl 96 694 0 684 1 0 1 1 0 8 0 zombiepl 144 1842 0 1842 2 1 1 1 0 8 1 processpl 992 1895 0 1842 7 0 7 7 0 8 0 procpl 624 5126 0 5064 7 1 6 6 0 8 0 sosppl 128 22 0 22 4 4 0 1 0 8 0 sockpl 400 3496 0 3477 8 4 4 4 0 8 2 mcl64k 65536 12 0 0 2 0 2 2 0 8 0 mcl16k 16384 3 0 0 1 0 1 1 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 6 0 0 1 0 1 1 0 8 0 mcl8k 8192 9 0 0 2 0 2 2 0 8 0 mcl4k 4096 13 0 0 2 0 2 2 0 8 0 mcl2k2 2112 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 186 0 0 23 1 22 23 0 8 0 mtagpl 96 55 0 0 2 0 2 2 0 8 0 mbufpl 256 478 0 0 27 1 26 26 0 8 0 bufpl 280 6524 0 289 446 0 446 446 0 8 0 anonpl 16 188670 0 170726 103 21 82 88 0 124 8 amapchunkpl 152 11381 0 11204 43 22 21 21 0 158 11 amappl16 192 7873 0 6906 76 26 50 60 0 8 1 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 35 0 29 1 0 1 1 0 8 0 amappl13 168 864 0 859 1 0 1 1 0 8 0 amappl12 160 843 0 841 1 0 1 1 0 8 0 amappl11 152 143 0 128 1 0 1 1 0 8 0 amappl10 144 21 0 12 1 0 1 1 0 8 0 amappl9 136 1082 0 1080 1 0 1 1 0 8 0 amappl8 128 1096 0 1057 2 0 2 2 0 8 0 amappl7 120 128 0 115 1 0 1 1 0 8 0 amappl6 112 115 0 106 1 0 1 1 0 8 0 amappl5 104 944 0 927 1 0 1 1 0 8 0 amappl4 96 1337 0 1309 1 0 1 1 0 8 0 amappl3 88 982 0 976 1 0 1 1 0 8 0 amappl2 80 13855 0 13792 2 0 2 2 0 8 0 amappl1 72 62002 0 61571 22 11 11 18 0 8 0 amappl 80 5404 0 5354 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 66 0 5 1 0 1 1 0 8 0 uaddrrnd 24 1874 0 1845 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1874 0 1845 1 0 1 1 0 8 0 vmmpekpl 168 17973 0 17928 3 0 3 3 0 8 0 vmmpepl 168 242272 0 240109 164 61 103 126 0 357 1 vmsppl 368 1873 0 1845 3 0 3 3 0 8 0 pdppl 4096 3755 0 3703 8 0 8 8 0 8 1 pvpl 32 556913 0 536513 219 29 190 204 0 265 20 pmappl 232 1873 0 1845 3 1 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 303 0 18 10 1 9 9 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace vio_rxeof(ffff80000017b000) at vio_rxeof+0x191 sys/dev/pv/if_vio.c:1018 vio_rx_intr(ffff80000017b050) at vio_rx_intr+0x4d sys/dev/pv/if_vio.c:1056 intr_handler(ffff800020e62430,ffff800000255b80) at intr_handler+0x8f sys/arch/amd64/amd64/intr.c:536 Xintr_ioapic_edge19_untramp() at Xintr_ioapic_edge19_untramp+0x19f __mp_lock(ffffffff828c6fe8) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828c6fe8) at __mp_lock+0x127 sys/kern/kern_lock.c:147 uvm_map_inentry(ffff800020e3f010,ffff800020e3f070,7f7ffffd4c90,ffffffff8242b59f,ffffffff814b8ec0,84) at uvm_map_inentry+0xbe sys/uvm/uvm_map.c:1890 syscall(ffff800020e62690) at syscall+0x397 mi_syscall sys/sys/syscall_mi.h:81 [inline] syscall(ffff800020e62690) at syscall+0x397 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd4cf0, count: -8 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020d70ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff828c6fe8) at __mp_lock+0x127 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828c6fe8) at __mp_lock+0x127 sys/kern/kern_lock.c:147 pageflttrap(ffff800021eead10,1) at pageflttrap+0x7f sys/arch/amd64/amd64/trap.c:180 usertrap(ffff800021eead10) at usertrap+0x21a sys/arch/amd64/amd64/trap.c:384 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffc77d0, count: -7