uvm_fault(0xffffffff839a8368, 0xffff8000014f4000, 0, 2) -> e kernel: page fault trap, code=2 Stopped at sys_shmat+0xe0: movl $0xffffffffffffffff,0(%r14) TID PID UID PRFLAGS PFLAGS CPU COMMAND *424450 85780 0 0 0x4000000 0K syz-executor sys_shmat() at sys_shmat+0xe0 sys/kern/sysv_shm.c:235 syscall() at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall() at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x29b92fc1220, count: 12 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xffffffff839a8368, 0xffff8000014f4000, 0, 2) -> e ddb{0}> trace sys_shmat() at sys_shmat+0xe0 sys/kern/sysv_shm.c:235 syscall() at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall() at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x29b92fc1220, count: -3 ddb{0}> show registers rdi 0 rsi 0x3e92675a rbp 0xffff80003c501170 rbx 0xffff80003c501250 rdx 0 rcx 0xffff8000357d82b8 rax 0xffffffff837c4ff0 cpu_info_full_primary+0x1ff0 r8 0x2 r9 0 r10 0xa8e2434933cf9636 r11 0x6a8236a18cb50bb5 r12 0xffff8000357d82b8 r13 0xffff800000afb000 r14 0xffff8000014f4000 r15 0x9f900 acpi_pdirpa+0x8b771 rip 0xffffffff83301cb0 sys_shmat+0xe0 cs 0x8 rflags 0x10216 __ALIGN_SIZE+0xf216 rsp 0xffff80003c5010e0 ss 0 sys_shmat+0xe0: movl $0xffffffffffffffff,0(%r14) ddb{0}> show proc PROC (syz-executor) tid=424450 pid=85780 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=84, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000357d8fb0,0xffff8000357d8030 process=0xffff80003c4ece98 user=0xffff80003c4fc000, vmspace=0xfffffd807b6f79a8 estcpu=34, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 52170 118069 14153 0 2 0 syz-executor 52170 311130 14153 0 3 0x4000080 kqsel syz-executor 67188 316853 30244 0 2 0 syz-executor 67188 254656 30244 0 3 0x4000080 fsleep syz-executor 5572 259460 88156 0 2 0 syz-executor 5572 86362 88156 0 3 0x4000080 fsleep syz-executor 73027 25057 48936 0 2 0 syz-executor 73027 73520 48936 0 3 0x4000080 fsleep syz-executor 73027 21607 48936 0 3 0x4000080 fsleep syz-executor 85780 29500 90309 0 2 0 syz-executor *85780 424450 90309 0 7 0x4000000 syz-executor 85780 45435 90309 0 3 0x4000080 fsleep syz-executor 54566 108105 18783 0 3 0x3000 suspend syz-executor 54566 494897 18783 0 2 0x4081000 syz-executor 54566 74574 18783 0 3 0x4081000 inode syz-executor 11071 401080 52958 0 3 0x3000 suspend syz-executor 11071 24256 52958 0 2 0x4081000 syz-executor 11071 169523 52958 0 3 0x4081000 inode syz-executor 11071 320359 52958 0 3 0x4081000 inode syz-executor 11071 298047 52958 0 3 0x4081000 inode syz-executor 11071 354512 52958 0 3 0x4081000 inode syz-executor 11071 261808 52958 0 3 0x4081000 inode syz-executor 11071 461157 52958 0 3 0x4081000 inode syz-executor 20356 255073 0 0 3 0x14200 acct acct 35056 294103 81314 0 3 0x82 sbwait sshd-session 88156 46162 11943 0 3 0x82 nanoslp syz-executor 29709 519556 81314 0 3 0x82 sbwait sshd-session 32538 500236 81314 0 3 0x82 sbwait sshd-session 12424 226997 0 0 3 0x14280 nfsidl nfsio 47429 88918 0 0 3 0x14280 nfsidl nfsio 42627 403965 0 0 3 0x14280 nfsidl nfsio 6067 419844 0 0 3 0x14280 nfsidl nfsio 14844 426592 0 0 3 0x14280 nfsidl nfsio 85218 476103 0 0 3 0x14280 nfsidl nfsio 13482 249864 0 0 3 0x14280 nfsidl nfsio 97165 157116 0 0 3 0x14280 nfsidl nfsio 82125 385551 0 0 3 0x14280 nfsidl nfsio 73790 522811 0 0 3 0x14280 nfsidl nfsio 83753 388849 0 0 3 0x14280 nfsidl nfsio 78950 322643 0 0 3 0x14280 nfsidl nfsio 86190 299303 0 0 3 0x14280 nfsidl nfsio 62093 205363 0 0 3 0x14280 nfsidl nfsio 88146 504221 0 0 3 0x14280 nfsidl nfsio 98160 74088 0 0 3 0x14280 nfsidl nfsio 38605 62640 0 0 3 0x14280 nfsidl nfsio 28658 327648 0 0 3 0x14280 nfsidl nfsio 81023 388708 0 0 3 0x14280 nfsidl nfsio 14698 116817 0 0 3 0x14280 nfsidl nfsio 11197 3991 1 0 3 0x100083 ttyopn getty 14153 306945 11943 0 3 0x82 nanoslp syz-executor 48936 37214 11943 0 3 0x82 nanoslp syz-executor 18783 194919 11943 0 3 0x82 wait syz-executor 90309 325204 11943 0 2 0xc82 syz-executor 30244 387046 11943 0 3 0x82 nanoslp syz-executor 55780 2478 11943 0 2 0x2 syz-executor 52958 447424 11943 0 3 0x82 wait syz-executor 11943 436255 4871 0 3 0x82 kqread syz-executor 4871 342820 48511 0 3 0x10008a sigsusp ksh 48511 429974 99938 0 3 0x98 kqread sshd-session 99938 173261 81314 0 3 0x92 kqread sshd-session 81314 412075 1 0 3 0x88 kqread sshd 46337 440601 30178 74 3 0x1100092 bpf pflogd 30178 250398 1 0 3 0x80 sbwait pflogd 1273 514311 231 73 3 0x1100090 kqread syslogd 231 85458 1 0 3 0x100082 sbwait syslogd 6457 290548 1 0 3 0x100080 kqread resolvd 6371 277143 41380 77 3 0x100092 kqread dhcpleased 81707 394876 41380 77 3 0x100092 kqread dhcpleased 41380 358188 1 0 3 0x80 kqread dhcpleased 83263 217568 0 0 3 0x14200 bored smr 48767 64072 0 0 2 0x14200 zerothread 14630 332243 0 0 3 0x14200 aiodoned aiodoned 53716 306638 0 0 3 0x14200 syncer update 71785 109827 0 0 3 0x14200 cleaner cleaner 98417 483403 0 0 3 0x14200 reaper reaper 92550 436240 0 0 3 0x14200 pgdaemon pagedaemon 7024 118205 0 0 3 0x14200 bored viomb 83589 508192 0 0 3 0x40014200 acpi0 acpi0 30981 135950 0 0 7 0x40014200 idle1 48104 481335 0 0 3 0x14200 bored softnet1 19195 482529 0 0 3 0x14200 bored softnet0 69459 183219 0 0 3 0x14200 bored systqmp 75590 5278 0 0 3 0x14200 bored systq 10077 439780 0 0 3 0x14200 tmoslp softclockmp 50340 59462 0 0 3 0x40014200 tmoslp softclock 87370 192793 0 0 3 0x40014200 idle0 1 102177 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 85780 (syz-executor) thread 0xffff8000357d82b8 (424450) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff839a93c0) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 #2 malloc+0xe3 sys/kern/kern_malloc.c:175 #3 sys_shmat+0x8f sys/kern/sysv_shm.c:-1 #4 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #4 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775 #5 Xsyscall+0x128 Process 54566 (syz-executor) thread 0xffff80003c4ea800 (494897) exclusive rrwlock inode r = 0 (0xfffffd8065b42ec8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xa3 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vn_write+0x18f sys/kern/vfs_vnops.c:405 #6 dofilewritev+0x242 sys/kern/sys_generic.c:380 #7 sys_write+0xa2 sys/kern/sys_generic.c:300 #8 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775 #9 Xsyscall+0x128 Process 54566 (syz-executor) thread 0xffff80003c4ea568 (74574) exclusive rrwlock inode r = 0 (0xfffffd8065b42588) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xa3 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vfs_lookup+0x11c sys/kern/vfs_lookup.c:-1 #6 namei+0x7ca sys/kern/vfs_lookup.c:250 #7 uipc_bind+0x328 sys/kern/uipc_usrreq.c:371 #8 sys_bind+0x2f6 sys/kern/uipc_syscalls.c:190 #9 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #9 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775 #10 Xsyscall+0x128 Process 11071 (syz-executor) thread 0xffff8000357d9778 (24256) exclusive rrwlock inode r = 0 (0xfffffd8077c9db40) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xa3 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vn_write+0x18f sys/kern/vfs_vnops.c:405 #6 dofilewritev+0x242 sys/kern/sys_generic.c:380 #7 sys_write+0xa2 sys/kern/sys_generic.c:300 #8 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775 #9 Xsyscall+0x128 Process 11071 (syz-executor) thread 0xffff80003c41fa18 (320359) exclusive rrwlock inode r = 0 (0xfffffd806f27edc8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xa3 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vfs_lookup+0x11c sys/kern/vfs_lookup.c:-1 #6 namei+0x7ca sys/kern/vfs_lookup.c:250 #7 dosymlinkat+0xef sys/kern/vfs_syscalls.c:1808 #8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775 #9 Xsyscall+0x128 Process 55780 (syz-executor) thread 0xffff8000ffffdc90 (2478) exclusive rwlock vmmaplk r = 0 (0xfffffd807b6f74f0) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5171 #3 uvmspace_fork+0x12b sys/uvm/uvm_map.c:3741 #4 process_new+0x577 sys/kern/kern_fork.c:281 #5 fork1+0x3f6 sys/kern/kern_fork.c:-1 #6 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #6 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775 #7 Xsyscall+0x128 exclusive rwlock vmmaplk r = 0 (0xfffffd806f7c7108) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5171 #3 uvmspace_fork+0x44 sys/uvm/uvm_map.c:3732 #4 process_new+0x577 sys/kern/kern_fork.c:281 #5 fork1+0x3f6 sys/kern/kern_fork.c:-1 #6 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #6 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775 #7 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10244 11067K 11387K 166960K 12733 0 pcb 18 16K 17K 166960K 257 0 rtable 225 10K 11K 166960K 559 0 pf 36 17K 81K 166960K 172 0 ifaddr 40 7K 8K 166960K 125 0 ifgroup 59 2K 2K 166960K 206 0 sysctl 3 1K 9K 166960K 13 0 counters 72 37K 38K 166960K 642 0 ioctlops 0 0K 4K 166960K 1881 0 iov 0 0K 24K 166960K 89 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1463 92K 92K 166960K 2508 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 9K 166960K 11 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 96 0 dirhash 12 2K 2K 166960K 24 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 102K 166960K 1038 0 sigio 0 0K 0K 166960K 22 0 proc 75 131K 147K 166960K 658 0 subproc 72 4K 4K 166960K 85 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 140 0 in_multi 78 5K 7K 166960K 152 0 ether_multi 1 0K 0K 166960K 7 0 mrt 0 0K 0K 166960K 7 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 235 1049K 1049K 166960K 235 0 exec 0 0K 1K 166960K 595 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 287 193K 205K 166960K 11513 0 UVM aobj 124 7K 7K 166960K 124 0 pinsyscall 49 98K 104K 166960K 2233 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 205 0 NDP 13 0K 1K 166960K 86 0 temp 66 8676K 8743K 166960K 61119 0 kqueue 14 22K 35K 166960K 218 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 95 0 92 1 0 1 1 0 8 0 rtentry 176 163 0 73 6 0 6 6 0 8 0 unpcb 144 889 0 860 12 10 2 8 0 8 0 syncache 336 12 0 12 6 5 1 1 0 8 1 tcpcb 736 287 0 275 7 5 2 5 0 8 0 tcpcb: pool(0xffffffff839e94f8:tcpcb): free list modified: page 0xffff80000144a000; item ordinal 0; addr 0xffff80000144a5c0 (p 0xfffffd806e948000); offset 0x0=0xbb5ecd2bffffffff pool(tcpcb): free list modified: page 0xffff80000144a000; item ordinal 0; addr 0xffff80000144a5c0 (p 0xfffffd806e948000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff839e94f8:tcpcb): free list modified: page 0xffff80000144a000; item ordinal 1; addr 0xffff80000144a2e0 (p 0xfffffd806e948000); offset 0x0=0xbb5ecd2bffffffff pool(tcpcb): free list modified: page 0xffff80000144a000; item ordinal 1; addr 0xffff80000144a2e0 (p 0xfffffd806e948000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff839e94f8:tcpcb): free list modified: page 0xffff80000144a000; item ordinal 2; addr 0xffff80000144b9e0 (p 0xfffffd806e948000); offset 0x0=0xbb5ecd2bffffffff pool(tcpcb): free list modified: page 0xffff80000144a000; item ordinal 2; addr 0xffff80000144b9e0 (p 0xfffffd806e948000); offset 0x0=0xffffffff arp 136 26 0 10 1 0 1 1 0 8 0 inpcb 328 1092 0 1073 17 14 3 11 0 8 1 nd6 152 34 0 10 2 0 2 2 0 8 0 pkpcb 40 5 0 5 4 4 0 1 0 8 0 kcovpl 48 9 0 1 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1192 271 0 271 1 0 1 1 0 8 1 pppxif 1504 202 0 202 4 3 1 1 0 8 1 pffrag 232 2 0 2 1 0 1 1 0 482 1 pffrnode 88 2 0 2 1 0 1 1 0 8 1 pffrent 40 14 0 14 1 0 1 1 0 8 1 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 127 0 68 1 0 1 1 0 8 0 pfstkey 128 127 0 68 3 0 3 3 0 8 0 pfstate 448 127 0 68 10 2 8 8 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 pfrule: pool(0xffffffff8395c4e0:pfrule): page inconsistency: page 0xffff8000ffffffff; at page head addr 0xffff800001403f90 (p 0xffff800001400000) uvm_fault(0xfffffd807b6f79a8, 0x10000004f, 0, 1) -> e kernel: page fault trap, code=0 Faulted in DDB; continuing... ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace sys_shmat() at sys_shmat+0xe0 sys/kern/sysv_shm.c:235 syscall() at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall() at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x29b92fc1220, count: -3 ddb{0}> machine ddbcpu 1 uuvm_fault(0xfffffd807b6f79a8, 0x100000097, 0, 2) -> e kernel: page fault trap, code=2 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db() at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x457 sys/dev/acpi/acpicpu_x86.c:1224 sched_idle() at sched_idle+0x391 sys/kern/kern_sched.c:191 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db() at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x457 sys/dev/acpi/acpicpu_x86.c:1224 sched_idle() at sched_idle+0x391 sys/kern/kern_sched.c:191 end trace frame: 0x0, count: -5