uvm_fault(0xfffffd806b990b88, 0xf, 0, 1) -> e kernel: page fault trap, code=0 Stopped at ktrops+0x58: movq 0x10(%r14),%r14 TID PID UID PRFLAGS PFLAGS CPU COMMAND 297445 44946 0 0 0 0 syz-executor *216120 44946 0 0 0x4000000 1K syz-executor ktrops(ffff800039806030,ffffffffffffffff,0,a0c7df9f,fffffd806b9922d8,fffffd80097fb5b0) at ktrops+0x58 ktrcanset sys/kern/kern_ktrace.c:727 [inline] ktrops(ffff800039806030,ffffffffffffffff,0,a0c7df9f,fffffd806b9922d8,fffffd80097fb5b0) at ktrops+0x58 sys/kern/kern_ktrace.c:570 doktrace(fffffd806b9922d8,4,20c7df9f,0,ffff800039806030) at doktrace+0x6bd ktrsetchildren sys/kern/kern_ktrace.c:595 [inline] doktrace(fffffd806b9922d8,4,20c7df9f,0,ffff800039806030) at doktrace+0x6bd sys/kern/kern_ktrace.c:517 sys_ktrace(ffff800039806030,ffff80002a3286d0,ffff80002a328620) at sys_ktrace+0x11c sys/kern/kern_ktrace.c:558 syscall(ffff80002a3286d0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a3286d0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x563822f0f30, count: 10 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd806b990b88, 0xf, 0, 1) -> e ddb{1}> trace ktrops(ffff800039806030,ffffffffffffffff,0,a0c7df9f,fffffd806b9922d8,fffffd80097fb5b0) at ktrops+0x58 ktrcanset sys/kern/kern_ktrace.c:727 [inline] ktrops(ffff800039806030,ffffffffffffffff,0,a0c7df9f,fffffd806b9922d8,fffffd80097fb5b0) at ktrops+0x58 sys/kern/kern_ktrace.c:570 doktrace(fffffd806b9922d8,4,20c7df9f,0,ffff800039806030) at doktrace+0x6bd ktrsetchildren sys/kern/kern_ktrace.c:595 [inline] doktrace(fffffd806b9922d8,4,20c7df9f,0,ffff800039806030) at doktrace+0x6bd sys/kern/kern_ktrace.c:517 sys_ktrace(ffff800039806030,ffff80002a3286d0,ffff80002a328620) at sys_ktrace+0x11c sys/kern/kern_ktrace.c:558 syscall(ffff80002a3286d0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a3286d0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x563822f0f30, count: -5 ddb{1}> show registers rdi 0xffff800032fdc000 rsi 0x839d __ALIGN_SIZE+0x739d rbp 0xffff80002a3283e0 rbx 0xfffffd80097fb5b0 rdx 0xffff800032fdc000 rcx 0x839c __ALIGN_SIZE+0x739c rax 0xffffffff831914e3 ktrops+0x43 r8 0xfffffd806b9922d8 r9 0xfffffd80097fb5b0 r10 0xbeba4604d67c71f3 r11 0xc46bbe252cf2c33f r12 0xffff800039806030 r13 0xffffffffffffffff r14 0xffffffffffffffff r15 0xa0c7df9f rip 0xffffffff831914f8 ktrops+0x58 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002a328360 ss 0x10 ktrops+0x58: movq 0x10(%r14),%r14 ddb{1}> show proc PROC (syz-executor) tid=216120 pid=44946 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=17, usrpri=86, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800039001a18,0xffff800039807798 process=0xffff80003c41f518 user=0xffff80002a323000, vmspace=0xfffffd806b990b88 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 33819 325841 62471 0 2 0 syz-executor 44946 297445 62530 0 7 0 syz-executor *44946 216120 62530 0 7 0x4000000 syz-executor 95132 267427 26560 0 2 0 syz-executor 95132 20379 26560 0 3 0x4000080 fsleep syz-executor 2607 298400 9206 0 2 0 syz-executor 2607 333568 9206 0 2 0x4000000 syz-executor 92663 2552 66012 0 2 0 syz-executor 92663 457341 66012 0 3 0x4000080 fsleep syz-executor 92663 394585 66012 0 3 0x4000080 fsleep syz-executor 4815 289673 0 0 3 0x14200 acct acct 68246 178882 15774 0 3 0x2 biowait syz-executor 9206 17143 15774 0 3 0x82 nanoslp syz-executor 66012 188531 15774 0 3 0x82 nanoslp syz-executor 26560 320207 15774 0 3 0x82 nanoslp syz-executor 62471 42072 15774 0 3 0x82 nanoslp syz-executor 59299 85484 15774 0 2 0x2 syz-executor 62530 399997 15774 0 3 0x82 nanoslp syz-executor 72782 504106 15774 0 3 0x82 wait syz-executor 97703 491783 0 0 3 0x14200 bored sosplice 56817 425118 1 0 3 0x100083 ttyin getty 15774 222581 33386 0 2 0x2 syz-executor 33386 294283 91616 0 3 0x10008a sigsusp ksh 91616 280714 27929 0 3 0x98 kqread sshd-session 27929 85445 29954 0 3 0x92 kqread sshd-session 29954 103848 1 0 3 0x88 kqread sshd 34099 423383 79810 74 3 0x1100092 bpf pflogd 79810 121356 1 0 3 0x80 sbwait pflogd 75917 266189 2524 73 3 0x1100090 kqread syslogd 2524 476128 1 0 3 0x100082 sbwait syslogd 56215 2604 1 0 3 0x100080 kqread resolvd 9860 147945 76249 77 3 0x100092 kqread dhcpleased 60420 273189 76249 77 3 0x100092 kqread dhcpleased 76249 374028 1 0 3 0x80 kqread dhcpleased 66957 226210 0 0 3 0x14200 bored smr 28711 220103 0 0 2 0x14200 zerothread 90546 425212 0 0 3 0x14200 aiodoned aiodoned 74032 394414 0 0 3 0x14200 syncer update 74376 397641 0 0 3 0x14200 cleaner cleaner 56851 139541 0 0 3 0x14200 reaper reaper 26426 159753 0 0 3 0x14200 pgdaemon pagedaemon 33201 159393 0 0 3 0x14200 bored viomb 57475 36219 0 0 3 0x40014200 acpi0 acpi0 66954 125583 0 0 3 0x40014200 idle1 33805 100047 0 0 3 0x14200 bored softnet1 35998 257901 0 0 3 0x14200 bored softnet0 89386 465561 0 0 3 0x14200 bored systqmp 25036 226020 0 0 3 0x14200 bored systq 16350 121919 0 0 3 0x14200 tmoslp softclockmp 67009 424061 0 0 3 0x40014200 tmoslp softclock 33051 416869 0 0 3 0x40014200 idle0 1 445102 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 44946 (syz-executor) thread 0xffff800039806030 (216120) Process 68246 (syz-executor) thread 0xffff8000fffef4d8 (178882) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10220 11047K 11443K 166960K 16186 0 pcb 17 15K 17K 166960K 1078 0 rtable 217 12K 13K 166960K 824 0 pf 36 18K 67485K 166960K 632 0 ifaddr 37 7K 8K 166960K 208 0 ifgroup 54 2K 3K 166960K 370 0 sysctl 4 1K 9K 166960K 27 0 counters 66 36K 38K 166960K 406 0 ioctlops 0 0K 4K 166960K 2390 0 iov 0 0K 28K 166960K 271 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1443 91K 91K 166960K 4599 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 39 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 199 0 dirhash 12 2K 3K 166960K 102 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 240K 166960K 3519 0 sigio 0 0K 0K 166960K 126 0 proc 73 115K 180K 166960K 1217 0 subproc 72 4K 4K 166960K 174 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 433 0 in_multi 80 5K 7K 166960K 307 0 ether_multi 1 0K 0K 166960K 25 0 mrt 0 0K 0K 166960K 19 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 163 731K 731K 166960K 163 0 exec 0 0K 1K 166960K 1040 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 225 168K 186K 166960K 31606 0 UVM aobj 63 6K 6K 166960K 68 0 pinsyscall 41 82K 105K 166960K 4923 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 207 0 NDP 11 0K 1K 166960K 163 0 temp 76 8652K 8781K 166960K 211141 0 kqueue 13 20K 31K 166960K 686 0 SYN cache 2 8K 16K 166960K 3 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 494 0 491 6 3 3 3 0 8 2 rtentry 176 262 0 182 6 1 5 5 0 8 0 unpcb 144 2958 0 2941 24 18 6 6 0 8 5 syncache 336 27 0 27 6 5 1 1 0 8 1 tcpqe 32 6 0 6 2 1 1 1 0 8 1 tcpcb 736 1557 0 1547 26 18 8 10 0 8 6 arp 136 37 0 24 1 0 1 1 0 8 0 inpcb 328 4486 0 4470 44 33 11 13 0 8 8 nd6 152 46 0 33 1 0 1 1 0 8 0 pkpcb 40 23 0 23 6 5 1 1 0 8 1 kcovpl 48 19 0 11 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1192 137 0 137 6 5 1 1 0 8 1 pppxif 1504 5 0 5 4 4 0 1 0 8 0 pffrag 232 31 0 22 1 0 1 1 0 482 0 pffrnode 88 27 0 18 1 0 1 1 0 8 0 pffrent 40 68 0 59 1 0 1 1 0 8 0 pfosfp 40 1429 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1429 0 714 21 0 21 21 0 8 0 pfrktable 1344 2 0 2 1 1 0 1 0 8 0 pfstitem 24 132 0 61 1 0 1 1 0 8 0 pfstkey 128 134 0 63 3 0 3 3 0 8 0 pfstate 384 132 0 62 8 0 8 8 0 8 0 pfrule 1344 90 0 85 2 1 1 2 0 8 0 rttmr 136 1 0 1 1 1 0 1 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 1250 0 871 42 13 29 30 0 8 0 art_table 40 1254 0 871 5 0 5 5 0 8 0 art_node 32 260 0 193 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 7 1 0 1 1 0 8 0 semupl 112 3 0 3 3 3 0 1 0 8 0 semapl 112 186 0 176 1 0 1 1 0 8 0 shmpl 112 65 0 5 2 0 2 2 0 8 0 dirhash 1024 78 0 61 3 0 3 3 0 8 0 dino2pl 256 8135 0 6604 97 0 97 97 0 8 0 ffsino 296 8135 0 6604 119 0 119 119 0 8 0 nchpl 144 12734 0 11018 64 0 64 64 0 8 0 rtmask 32 23 0 23 6 5 1 1 0 8 1 uvmvnodes 80 4649 0 0 95 0 95 95 0 8 0 vnodes 216 4649 0 0 259 0 259 259 0 8 0 namei 1024 46450 0 46449 7 6 1 2 0 8 0 percpumem 16 218 0 170 1 0 1 1 0 8 0 kstatmem 264 254 0 228 7 4 3 3 0 8 1 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 17 0 17 7 6 1 1 0 8 1 scxspl 216 78000 0 77999 25 21 4 8 1 8 3 plimitpl 152 998 0 979 1 0 1 1 0 8 0 sigapl 424 3738 0 3690 8 1 7 7 0 8 0 knotepl 120 605 0 0 17 0 17 17 0 8 0 kqueuepl 224 1525 0 1515 20 15 5 5 0 8 4 pipepl 344 805 0 778 21 12 9 9 0 8 6 fdescpl 528 3706 0 3676 3 0 3 3 0 8 0 filepl 160 28569 0 28353 47 25 22 24 0 8 7 lockfpl 104 2104 0 2102 5 1 4 4 0 8 3 lockfspl 48 727 0 725 1 0 1 1 0 8 0 sessionpl 144 54 0 45 1 0 1 1 0 8 0 pgrppl 48 155 0 138 1 0 1 1 0 8 0 ucredpl 104 5096 0 5081 1 0 1 1 0 8 0 zombiepl 144 3691 0 3690 2 1 1 1 0 8 0 processpl 1232 3738 0 3690 6 1 5 5 0 8 0 procpl 664 9137 0 9084 7 0 7 7 0 8 0 sosppl 168 25 0 25 6 5 1 1 0 8 1 sockpl 752 8237 0 8201 99 86 13 24 0 8 8 mcl64k 65536 25 0 0 4 0 4 4 0 8 0 mcl16k 16384 5 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 7 0 0 1 0 1 1 0 8 0 mcl4k 4096 125 0 0 16 0 16 16 0 8 0 mcl2k2 2112 18 0 0 2 0 2 2 0 8 0 mcl2k 2048 72 0 0 6 0 6 6 0 8 0 mtagpl 96 10 0 0 1 0 1 1 0 8 0 mbufpl 256 1872 0 0 114 0 114 114 0 8 0 bufpl 280 32485 0 26342 440 0 440 440 0 8 0 anonpl 32 13147 0 0 106 0 106 106 0 246 0 amapchunkpl 152 112426 0 111932 68 37 31 36 0 158 4 amappl16 200 13278 0 13203 46 29 17 24 0 8 2 amappl15 192 4 0 4 3 3 0 1 0 8 0 amappl14 184 199 0 187 1 0 1 1 0 8 0 amappl13 176 11 0 11 3 2 1 1 0 8 1 amappl12 168 4588 0 4559 4 2 2 3 0 8 0 amappl11 160 55 0 40 1 0 1 1 0 8 0 amappl10 152 8 0 8 1 1 0 1 0 8 0 amappl9 144 251 0 251 1 1 0 1 0 8 0 amappl8 136 26 0 22 1 0 1 1 0 8 0 amappl7 128 158 0 145 1 0 1 1 0 8 0 amappl6 120 312 0 308 1 0 1 1 0 8 0 amappl5 112 167 0 157 1 0 1 1 0 8 0 amappl4 104 411 0 388 1 0 1 1 0 8 0 amappl3 96 19867 0 19785 4 1 3 3 0 8 0 amappl2 88 4144 0 4064 3 0 3 3 0 8 0 amappl1 80 27308 0 26702 20 4 16 17 0 8 0 amappl 88 30084 0 29933 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma512 512 2 0 2 2 1 1 1 0 8 1 dma256 256 10 0 10 5 4 1 1 0 8 1 dma128 128 256 0 256 3 3 0 1 0 8 0 dma64 64 11 0 11 3 3 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 67 0 5 2 0 2 2 0 8 0 uaddrrnd 24 3706 0 3676 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3706 0 3676 1 0 1 1 0 8 0 vmmpekpl 168 30690 0 30632 4 0 4 4 0 8 0 vmmpepl 168 241057 0 239056 129 21 108 112 0 357 4 vmsppl 488 3705 0 3676 6 1 5 5 0 8 0 rwobjpl 80 67692 0 62001 127 4 123 123 0 8 0 pdppl 4096 7420 0 7352 136 64 72 86 0 8 4 pvpl 32 22266 0 0 183 3 180 180 0 265 0 pmappl 256 3705 0 3676 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 476 0 113 11 0 11 11 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff837dcff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83946b68) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83946b68) at __mp_lock+0x192 sys/kern/kern_lock.c:165 intr_handler(ffff80003c42b780,ffff800000079a80) at intr_handler+0xe9 sys/arch/amd64/amd64/intr.c:559 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f Xsyscall() at Xsyscall+0x111 end of kernel end trace frame: 0x738aed871b90, count: 8 ddb{0}> trace x86_ipi_db(ffffffff837dcff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83946b68) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83946b68) at __mp_lock+0x192 sys/kern/kern_lock.c:165 intr_handler(ffff80003c42b780,ffff800000079a80) at intr_handler+0xe9 sys/arch/amd64/amd64/intr.c:559 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f Xsyscall() at Xsyscall+0x111 end of kernel end trace frame: 0x738aed871b90, count: -7 ddb{0}> machine ddbcpu 1 Stopped at ktrops+0x58: movq 0x10(%r14),%r14 ktrops(ffff800039806030,ffffffffffffffff,0,a0c7df9f,fffffd806b9922d8,fffffd80097fb5b0) at ktrops+0x58 ktrcanset sys/kern/kern_ktrace.c:727 [inline] ktrops(ffff800039806030,ffffffffffffffff,0,a0c7df9f,fffffd806b9922d8,fffffd80097fb5b0) at ktrops+0x58 sys/kern/kern_ktrace.c:570 doktrace(fffffd806b9922d8,4,20c7df9f,0,ffff800039806030) at doktrace+0x6bd ktrsetchildren sys/kern/kern_ktrace.c:595 [inline] doktrace(fffffd806b9922d8,4,20c7df9f,0,ffff800039806030) at doktrace+0x6bd sys/kern/kern_ktrace.c:517 sys_ktrace(ffff800039806030,ffff80002a3286d0,ffff80002a328620) at sys_ktrace+0x11c sys/kern/kern_ktrace.c:558 syscall(ffff80002a3286d0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a3286d0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x563822f0f30, count: 10 ddb{1}> trace ktrops(ffff800039806030,ffffffffffffffff,0,a0c7df9f,fffffd806b9922d8,fffffd80097fb5b0) at ktrops+0x58 ktrcanset sys/kern/kern_ktrace.c:727 [inline] ktrops(ffff800039806030,ffffffffffffffff,0,a0c7df9f,fffffd806b9922d8,fffffd80097fb5b0) at ktrops+0x58 sys/kern/kern_ktrace.c:570 doktrace(fffffd806b9922d8,4,20c7df9f,0,ffff800039806030) at doktrace+0x6bd ktrsetchildren sys/kern/kern_ktrace.c:595 [inline] doktrace(fffffd806b9922d8,4,20c7df9f,0,ffff800039806030) at doktrace+0x6bd sys/kern/kern_ktrace.c:517 sys_ktrace(ffff800039806030,ffff80002a3286d0,ffff80002a328620) at sys_ktrace+0x11c sys/kern/kern_ktrace.c:558 syscall(ffff80002a3286d0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a3286d0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x563822f0f30, count: -5