uvm_fault(0xffffffff83aba540, 0xffff800026013a18, 0, 2) -> d kernel: page fault trap, code=2 Stopped at memset+0x52: repe stosq %es:(%rdi) TID PID UID PRFLAGS PFLAGS CPU COMMAND 394140 7949 0 0 0 1 syz-executor *336775 14773 0 0x2 0x1 0K syz-executor memset() at memset+0x52 ffs_write(ffff80002a2a7e30) at ffs_write+0xb9a sys/ufs/ffs/ffs_vnops.c:401 VOP_WRITE(fffffd805e33c1b8,ffff80002a2a7ee0,3,fffffd80097fd2d8) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245 ktrwriteraw(ffff80002a2234d0,fffffd805e33c1b8,fffffd80097fd2d8,ffff80002a2a7fb0,ffff80002a2a7f90) at ktrwriteraw+0x1be sys/kern/kern_ktrace.c:692 ktrsysret(ffff80002a2234d0,5b,0,ffff80002a2a8080) at ktrsysret+0x192 ktrwrite2 sys/kern/kern_ktrace.c:-1 [inline] ktrsysret(ffff80002a2234d0,5b,0,ffff80002a2a8080) at ktrsysret+0x192 sys/kern/kern_ktrace.c:209 syscall(ffff80002a2a8130) at syscall+0xa51 mi_syscall_return sys/sys/syscall_mi.h:204 [inline] syscall(ffff80002a2a8130) at syscall+0xa51 sys/arch/amd64/amd64/trap.c:804 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x760b49ca9110, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xffffffff83aba540, 0xffff800026013a18, 0, 2) -> d ddb{0}> trace memset() at memset+0x52 ffs_write(ffff80002a2a7e30) at ffs_write+0xb9a sys/ufs/ffs/ffs_vnops.c:401 VOP_WRITE(fffffd805e33c1b8,ffff80002a2a7ee0,3,fffffd80097fd2d8) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245 ktrwriteraw(ffff80002a2234d0,fffffd805e33c1b8,fffffd80097fd2d8,ffff80002a2a7fb0,ffff80002a2a7f90) at ktrwriteraw+0x1be sys/kern/kern_ktrace.c:692 ktrsysret(ffff80002a2234d0,5b,0,ffff80002a2a8080) at ktrsysret+0x192 ktrwrite2 sys/kern/kern_ktrace.c:-1 [inline] ktrsysret(ffff80002a2234d0,5b,0,ffff80002a2a8080) at ktrsysret+0x192 sys/kern/kern_ktrace.c:209 syscall(ffff80002a2a8130) at syscall+0xa51 mi_syscall_return sys/sys/syscall_mi.h:204 [inline] syscall(ffff80002a2a8130) at syscall+0xa51 sys/arch/amd64/amd64/trap.c:804 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x760b49ca9110, count: -7 ddb{0}> show registers rdi 0xffff800026013a18 rsi 0 rbp 0xffff80002a2a7d50 rbx 0xda18 __ALIGN_SIZE+0xca18 rdx 0 rcx 0xbd rax 0 r8 0x5e8 r9 0xffff80002a2a7cb0 r10 0x37aae5bf7fdc9230 r11 0xffff800026013a18 r12 0x1a18 __ALIGN_SIZE+0xa18 r13 0x2000 __ALIGN_SIZE+0x1000 r14 0xfffffd805e33c1b8 r15 0x1 rip 0xffffffff82e718f2 memset+0x52 cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff80002a2a7b48 ss 0x10 memset+0x52: repe stosq %es:(%rdi) ddb{0}> show proc PROC (syz-executor) tid=336775 pid=14773 tcnt=1 stat=onproc flags process=2 proc=1 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a222010,0xffff8000ffffd240 process=0xffff8000ffff09b0 user=0xffff80002a2a3000, vmspace=0xfffffd806e7f1010 estcpu=36, cpticks=16, pctcpu=0.5, user=0, sys=15, intr=1 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 67870 284442 45385 0 2 0 syz-executor 7949 394140 14773 0 7 0 syz-executor 11763 484599 32573 0 2 0 syz-executor 11763 13458 32573 0 2 0x4000000 syz-executor 62858 416588 71697 0 2 0 syz-executor 68535 84063 94402 0 2 0 syz-executor 68535 517397 94402 0 3 0x4000080 fsleep syz-executor 24407 251103 15159 0 2 0 syz-executor 24407 212278 15159 0 3 0x4000080 fsleep syz-executor 8208 456129 21013 -1 2 0x10 syz-executor 8208 368266 21013 -1 3 0x4000090 msgwait syz-executor 8208 232234 21013 -1 3 0x4000090 fsleep syz-executor 88405 519369 1 0 3 0x80 nanoslp init 94402 289909 69906 0 3 0x82 nanoslp syz-executor 45385 17727 69906 0 2 0x2 syz-executor 15159 394267 69906 0 2 0xc82 syz-executor 21013 9982 69906 0 3 0x82 nanoslp syz-executor 80315 442459 69906 0 2 0x2 syz-executor 32573 380755 69906 0 2 0x2 syz-executor 71697 332187 69906 0 2 0xc82 syz-executor *14773 336775 69906 0 7 0x3 syz-executor 69906 48418 1 0 3 0x82 kqread syz-executor 98950 460032 0 0 3 0x14200 bored smr 44131 366399 0 0 2 0x14200 zerothread 89943 351608 0 0 3 0x14200 aiodoned aiodoned 79635 496247 0 0 3 0x14200 syncer update 97246 425735 0 0 3 0x14200 cleaner cleaner 61211 64796 0 0 3 0x14200 reaper reaper 26670 218293 0 0 3 0x14200 pgdaemon pagedaemon 41517 485563 0 0 3 0x14200 bored viomb 83210 84815 0 0 3 0x40014200 acpi0 acpi0 446 22920 0 0 3 0x40014200 idle1 40196 137423 0 0 3 0x14200 bored softnet1 51945 331937 0 0 3 0x14200 bored softnet0 70227 188719 0 0 3 0x14200 smrbar systqmp 85949 295415 0 0 3 0x14200 bored systq 60982 169414 0 0 3 0x14200 tmoslp softclockmp 87625 434981 0 0 3 0x40014200 tmoslp softclock 71756 349764 0 0 3 0x40014200 idle0 1 62977 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 14773 (syz-executor) thread 0xffff80002a2234d0 (336775) exclusive rrwlock inode r = 0 (0xfffffd80792b6490) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:576 #5 vget+0x2a2 sys/kern/vfs_subr.c:686 #6 ktrwriteraw+0x175 sys/kern/kern_ktrace.c:689 #7 ktrsysret+0x192 ktrwrite2 sys/kern/kern_ktrace.c:-1 [inline] #7 ktrsysret+0x192 sys/kern/kern_ktrace.c:209 #8 syscall+0xa51 mi_syscall_return sys/sys/syscall_mi.h:204 [inline] #8 syscall+0xa51 sys/arch/amd64/amd64/trap.c:804 #9 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff839e5f80) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 ktrsysret+0xde ktrwrite2 sys/kern/kern_ktrace.c:-1 [inline] #1 ktrsysret+0xde sys/kern/kern_ktrace.c:209 #2 syscall+0xa51 mi_syscall_return sys/sys/syscall_mi.h:204 [inline] #2 syscall+0xa51 sys/arch/amd64/amd64/trap.c:804 #3 Xsyscall+0x128 Process 70227 (systqmp) thread 0xffff8000ffffe298 (188719) shared rwlock systqmp r = 0 (0xffffffff83991058) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 taskq_thread+0x12a sys/kern/kern_task.c:442 #2 proc_trampoline+0x10 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11055 12081K 12509K 166960K 12624 0 pcb 17 14K 16K 166960K 142 0 rtable 212 8K 9K 166960K 418 0 pf 34 17K 23K 166960K 85 0 ifaddr 36 6K 8K 166960K 60 0 ifgroup 52 2K 2K 166960K 85 0 sysctl 3 1K 9K 166960K 8 0 counters 68 36K 37K 166960K 102 0 ioctlops 0 0K 4K 166960K 1543 0 iov 0 0K 28K 166960K 19 0 mount 1 1K 1K 166960K 1 0 log 3 4K 4K 166960K 7 0 vnodes 1355 85K 86K 166960K 1826 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 8 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 22 0 dirhash 12 2K 2K 166960K 15 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 61K 89K 166960K 375 0 sigio 0 0K 0K 166960K 3 0 proc 12 17K 164K 166960K 582 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 2 0K 0K 166960K 44 0 in_multi 76 5K 7K 166960K 119 0 ether_multi 1 0K 0K 166960K 4 0 mrt 1 0K 0K 166960K 14 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 73 334K 334K 166960K 73 0 exec 0 0K 1K 166960K 403 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 106 77K 167K 166960K 5398 0 UVM aobj 5 2K 2K 166960K 5 0 pinsyscall 18 36K 102K 166960K 1536 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 10 0 NDP 11 0K 2K 166960K 40 0 temp 50 9117K 9208K 166960K 18765 0 kqueue 1 2K 28K 166960K 73 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 47 0 47 2 1 1 1 0 8 1 rtentry 176 122 0 33 6 0 6 6 0 8 0 unpcb 144 215 0 215 4 3 1 4 0 8 1 syncache 336 5 0 5 1 1 0 1 0 8 0 tcpcb 736 75 0 72 2 1 1 2 0 8 0 arp 136 20 0 6 1 0 1 1 0 8 0 inpcb 328 381 0 377 9 5 4 7 0 8 3 nd6 152 28 0 9 2 0 2 2 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1192 13 0 13 1 0 1 1 0 8 1 pfstscr 40 1 0 1 1 1 0 1 0 8 0 pffrag 232 4 0 0 1 0 1 1 0 482 0 pffrnode 88 4 0 0 1 0 1 1 0 8 0 pffrent 40 6 0 1 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 1 0 1 1 1 0 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 45 0 0 1 0 1 1 0 8 0 pfstkey 128 47 0 2 2 0 2 2 0 8 0 pfstate 448 46 0 1 5 0 5 5 0 8 0 pfrule 1360 27 0 22 2 1 1 2 0 8 0 rttmr 136 3 0 3 2 1 1 1 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 504 0 139 32 3 29 32 0 8 2 art_table 40 506 0 139 6 1 5 6 0 8 0 art_node 32 122 0 41 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 3 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 72 20 0 10 1 0 1 1 0 8 0 shmpl 112 2 0 0 1 0 1 1 0 8 0 dirhash 1024 19 0 2 3 0 3 3 0 8 0 dino2pl 256 2109 0 639 93 0 93 93 0 8 0 ffsino 296 2109 0 639 114 0 114 114 0 8 0 nchpl 144 2631 0 932 64 0 64 64 0 8 0 rtmask 32 3 0 3 1 0 1 1 0 8 1 vnodes 216 2483 0 0 138 0 138 138 0 8 0 namei 1024 8601 0 8601 3 2 1 2 0 8 1 percpumem 16 66 0 17 1 0 1 1 0 8 0 kstatmem 264 49 0 24 3 0 3 3 0 8 1 scsiplug 72 1 0 1 1 1 0 1 0 8 0 scxspl 216 11899 0 11899 4 3 1 3 1 8 1 plimitpl 152 86 0 77 1 0 1 1 0 8 0 sigapl 424 694 0 659 7 1 6 7 0 8 0 knotepl 120 317 0 0 10 0 10 10 0 8 0 kqueuepl 224 86 0 85 1 0 1 1 0 8 0 pipepl 344 139 0 112 3 0 3 3 0 8 0 fdescpl 528 678 0 659 3 0 3 3 0 8 0 filepl 160 3726 0 3566 15 5 10 15 0 8 0 lockfpl 104 132 0 130 1 0 1 1 0 8 0 lockfspl 48 55 0 53 1 0 1 1 0 8 0 sessionpl 144 30 0 28 1 0 1 1 0 8 0 pgrppl 48 42 0 32 1 0 1 1 0 8 0 ucredpl 104 677 0 673 1 0 1 1 0 8 0 zombiepl 144 659 0 659 1 0 1 1 0 8 1 processpl 1232 694 0 659 5 0 5 5 0 8 0 procpl 664 1138 0 1098 6 1 5 6 0 8 0 sockpl 752 650 0 646 14 9 5 11 0 8 3 mcl64k 65536 3 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl9k128 9344 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 131 0 0 17 0 17 17 0 8 0 mcl2k 2048 21 0 0 3 0 3 3 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 162 0 0 10 0 10 10 0 8 0 bufpl 280 6398 0 267 439 0 439 439 0 8 0 anonpl 32 11622 0 0 94 0 94 94 0 246 0 amapchunkpl 152 16226 0 15940 25 7 18 25 0 158 2 amappl16 200 3172 0 2917 47 20 27 27 0 8 9 amappl15 192 3 0 3 1 1 0 1 0 8 0 amappl14 184 430 0 430 1 1 0 1 0 8 0 amappl13 176 174 0 174 1 1 0 1 0 8 0 amappl12 168 925 0 911 2 0 2 2 0 8 0 amappl11 160 6 0 6 1 1 0 1 0 8 0 amappl10 152 68 0 68 1 1 0 1 0 8 0 amappl9 144 307 0 307 1 1 0 1 0 8 0 amappl8 136 100 0 100 1 1 0 1 0 8 0 amappl7 128 154 0 152 1 0 1 1 0 8 0 amappl6 120 158 0 157 1 0 1 1 0 8 0 amappl5 112 96 0 96 1 1 0 1 0 8 0 amappl4 104 295 0 292 1 0 1 1 0 8 0 amappl3 96 3090 0 3032 4 0 4 4 0 8 0 amappl2 88 555 0 546 2 0 2 2 0 8 0 amappl1 80 11355 0 11269 16 8 8 15 0 8 0 amappl 88 4574 0 4478 5 0 5 5 0 92 1 uvmvnodes 80 114 0 0 3 0 3 3 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 7 0 7 2 2 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 4 0 0 1 0 1 1 0 8 0 uaddrrnd 24 678 0 659 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 678 0 659 1 0 1 1 0 8 0 vmmpekpl 168 7454 0 7421 2 0 2 2 0 8 0 vmmpepl 168 52649 0 51659 115 57 58 107 0 357 1 vmsppl 488 677 0 659 5 1 4 5 0 8 0 rwobjpl 80 18413 0 17813 32 10 22 32 0 8 0 pdppl 4096 1363 0 1318 97 50 47 83 0 8 2 pvpl 32 20030 0 0 162 0 162 162 0 265 0 pmappl 256 677 0 659 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 279 0 60 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace memset() at memset+0x52 ffs_write(ffff80002a2a7e30) at ffs_write+0xb9a sys/ufs/ffs/ffs_vnops.c:401 VOP_WRITE(fffffd805e33c1b8,ffff80002a2a7ee0,3,fffffd80097fd2d8) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245 ktrwriteraw(ffff80002a2234d0,fffffd805e33c1b8,fffffd80097fd2d8,ffff80002a2a7fb0,ffff80002a2a7f90) at ktrwriteraw+0x1be sys/kern/kern_ktrace.c:692 ktrsysret(ffff80002a2234d0,5b,0,ffff80002a2a8080) at ktrsysret+0x192 ktrwrite2 sys/kern/kern_ktrace.c:-1 [inline] ktrsysret(ffff80002a2234d0,5b,0,ffff80002a2a8080) at ktrsysret+0x192 sys/kern/kern_ktrace.c:209 syscall(ffff80002a2a8130) at syscall+0xa51 mi_syscall_return sys/sys/syscall_mi.h:204 [inline] syscall(ffff80002a2a8130) at syscall+0xa51 sys/arch/amd64/amd64/trap.c:804 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x760b49ca9110, count: -7 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff80002999dff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff839e5780) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline] __mp_lock(ffffffff839e5780) at __mp_lock+0x192 sys/kern/kern_lock.c:173 end trace frame: 0x0, count: 11 ddb{1}> trace x86_ipi_db(ffff80002999dff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff839e5780) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline] __mp_lock(ffffffff839e5780) at __mp_lock+0x192 sys/kern/kern_lock.c:173 end trace frame: 0x0, count: -4 ddb{1}>