kernel: page fault trap, code=10 Stopped at 0 TID PID UID PRFLAGS PFLAGS CPU COMMAND *153409 83643 0 0x8000000 0 0 syz-executor.4 271698 77329 0 0x14000 0x200 1 reaper end trace frame: 0x0, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: attempt to execute user address 0x0 in supervisor mode ddb{0}> trace end trace frame: 0x0, count: -1 ddb{0}> show registers rdi 0x1fda000 __kernel_phys_base+0xfda000 rsi 0xffff80003251b9e0 rbp 0 rbx 0 rdx 0x6faba002 rcx 0 rax 0x800000006fabb001 r8 0x8 r9 0 r10 0x8ee7b9acf8308743 r11 0x5ec6830ef3f89ed5 r12 0 r13 0 r14 0 r15 0 rip 0 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800030af0240 ss 0 0 ddb{0}> show proc PROC (syz-executor.4) tid=153409 pid=83643 tcnt=2 stat=onproc flags process=8000000 proc=0 runpri=83, usrpri=83, slppri=16, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff8000ffff4028,0xffff80003251aa90 process=0xffff8000329e2818 user=0xffff800030aeb000, vmspace=0xfffffd806b369010 estcpu=33, cpticks=1, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 7935 133382 69653 0 2 0x8000000 syz-executor.7 7935 340227 69653 0 3 0xc000080 fsleep syz-executor.7 44505 47776 42873 0 2 0x8000000 syz-executor.0 44505 142786 42873 0 3 0xc000080 fsleep syz-executor.0 19316 424793 16774 0 2 0x8000000 syz-executor.6 19316 450538 16774 0 3 0xc000080 ttyopn syz-executor.6 61525 178469 13427 0 2 0x8000000 syz-executor.2 20873 344814 79521 0 2 0x8000000 syz-executor.5 20873 490236 79521 0 3 0xc000080 sbwait syz-executor.5 71946 363837 95642 0 2 0x8000000 syz-executor.3 71946 287193 95642 0 3 0xc000080 fsleep syz-executor.3 *83643 153409 63402 0 7 0x8000000 syz-executor.4 83643 259 63402 0 3 0xc000080 fsleep syz-executor.4 42873 46015 40032 0 3 0x8000082 nanoslp syz-executor.0 69653 465989 40032 0 3 0x8000082 nanoslp syz-executor.7 16774 54978 40032 0 3 0x8000082 nanoslp syz-executor.6 94680 173778 1 0 3 0x18100083 ttyin getty 79521 422208 40032 0 3 0x8000082 nanoslp syz-executor.5 41019 366788 40032 0 2 0x8000002 syz-executor.1 13427 315819 40032 0 3 0x8000082 nanoslp syz-executor.2 7117 501696 0 0 3 0x14200 acct acct 15784 374879 0 0 3 0x14280 nfsidl nfsio 19047 147135 0 0 3 0x14280 nfsidl nfsio 9509 506494 0 0 3 0x14280 nfsidl nfsio 88060 173748 0 0 3 0x14280 nfsidl nfsio 71724 310168 0 0 3 0x14280 nfsidl nfsio 98706 364136 0 0 3 0x14280 nfsidl nfsio 66911 73547 0 0 3 0x14280 nfsidl nfsio 28022 267978 0 0 3 0x14280 nfsidl nfsio 82501 304288 0 0 3 0x14280 nfsidl nfsio 35718 357943 0 0 3 0x14280 nfsidl nfsio 59992 403031 0 0 3 0x14280 nfsidl nfsio 74211 239138 0 0 3 0x14280 nfsidl nfsio 69500 95179 0 0 3 0x14280 nfsidl nfsio 85884 15878 0 0 3 0x14280 nfsidl nfsio 21358 409271 0 0 3 0x14280 nfsidl nfsio 97815 347521 0 0 3 0x14280 nfsidl nfsio 46077 275129 0 0 3 0x14280 nfsidl nfsio 31024 196129 0 0 3 0x14280 nfsidl nfsio 8367 235509 0 0 3 0x14280 nfsidl nfsio 45818 272991 0 0 3 0x14280 nfsidl nfsio 60330 287403 0 0 3 0x14200 bored sosplice 32788 502295 7879 0 3 0x18100082 netio ndp 7879 446314 1 0 3 0x810008a sigsusp sh 63402 65768 40032 0 3 0x8000082 nanoslp syz-executor.4 95642 140316 40032 0 3 0x8000082 nanoslp syz-executor.3 40032 262506 79084 0 3 0x1a000082 wait syz-fuzzer 40032 469728 79084 0 3 0x1e000082 thrsleep syz-fuzzer 40032 376080 79084 0 3 0x1e000082 wait syz-fuzzer 40032 82408 79084 0 3 0x1e000082 thrsleep syz-fuzzer 40032 154257 79084 0 3 0x1e000082 wait syz-fuzzer 40032 254500 79084 0 3 0x1e000082 wait syz-fuzzer 40032 464554 79084 0 3 0x1e000082 wait syz-fuzzer 40032 402335 79084 0 3 0x1e000082 thrsleep syz-fuzzer 40032 419327 79084 0 3 0x1e000082 thrsleep syz-fuzzer 40032 319687 79084 0 3 0x1e000082 wait syz-fuzzer 40032 7781 79084 0 3 0x1e000082 thrsleep syz-fuzzer 40032 56846 79084 0 3 0x1e000082 wait syz-fuzzer 40032 189348 79084 0 3 0x1e000082 thrsleep syz-fuzzer 40032 404828 79084 0 3 0x1e000082 kqread syz-fuzzer 40032 338270 79084 0 3 0x1e000082 wait syz-fuzzer 40032 356735 79084 0 3 0x1e000082 thrsleep syz-fuzzer 40032 126582 79084 0 3 0x1e000082 thrsleep syz-fuzzer 79084 92701 96277 0 3 0x810008a sigsusp ksh 96277 51305 16007 0 3 0x1800009a kqread sshd 16007 119201 1 0 3 0x18000088 kqread sshd 85929 132824 64415 73 3 0x19100010 biowait syslogd 64415 43332 1 0 3 0x18100082 sbwait syslogd 45710 408534 1 0 3 0x18100080 kqread resolvd 17874 110603 4392 77 3 0x18100092 kqread dhcpleased 49567 386674 4392 77 3 0x18100092 kqread dhcpleased 4392 121650 1 0 3 0x18000080 kqread dhcpleased 34323 165345 0 0 3 0x14200 bored smr 53480 265521 0 0 2 0x14200 zerothread 74901 246688 0 0 3 0x14200 aiodoned aiodoned 82356 129026 0 0 3 0x14200 syncer update 28879 294237 0 0 3 0x14200 cleaner cleaner 77329 271698 0 0 7 0x14200 reaper 75629 486471 0 0 3 0x14200 pgdaemon pagedaemon 13300 339652 0 0 3 0x14200 bored viomb 21057 248082 0 0 3 0x40014200 acpi0 acpi0 34977 252914 0 0 3 0x40014200 idle1 96251 107047 0 0 3 0x14200 bored softnet3 78637 224826 0 0 3 0x14200 bored softnet2 62831 469212 0 0 3 0x14200 bored softnet1 64844 470408 0 0 3 0x14200 bored softnet0 91327 455711 0 0 3 0x14200 bored systqmp 80251 230356 0 0 3 0x14200 bored systq 37520 109402 0 0 3 0x14200 tmoslp softclockmp 71499 257179 0 0 3 0x40014200 tmoslp softclock 34498 282081 0 0 3 0x40014200 idle0 1 329233 0 0 3 0x8080082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive sched_lock &sched_lock r = 0 (0xffffffff82e07ba8) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1187 #1 sleep_finish+0x145 sys/kern/kern_synch.c:401 #2 biowait+0x91 sys/kern/vfs_bio.c:1254 #3 bwrite+0x1fe sys/kern/vfs_bio.c:766 #4 ffs_update+0x27f sys/ufs/ffs/ffs_inode.c:111 #5 VOP_FSYNC+0xd2 sys/kern/vfs_vops.c:311 #6 sys_fsync+0x105 sys/kern/vfs_syscalls.c:2904 #7 syscall+0x854 mi_syscall sys/sys/syscall_mi.h:180 [inline] #7 syscall+0x854 sys/arch/amd64/amd64/trap.c:577 #8 Xsyscall+0x128 Process 85929 (syslogd) thread 0xffff8000ffffd720 (132824) Process 77329 (reaper) thread 0xffff80002a1491f8 (271698) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10210 6449K 6804K 166960K 12071 0 pcb 17 17K 22K 166960K 384 0 rtable 244 7K 8K 166960K 722 0 pf 29 8K 10K 166960K 82 0 ifaddr 44 15K 15K 166960K 97 0 ifgroup 50 2K 2K 166960K 124 0 sysctl 0 0K 2K 166960K 1 0 counters 64 36K 36K 166960K 102 0 ioctlops 0 0K 4K 166960K 1562 0 iov 0 0K 16K 166960K 66 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1397 88K 88K 166960K 1922 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 27 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 115 0 dirhash 12 2K 3K 166960K 24 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 19 69K 81K 166960K 1396 0 sigio 0 0K 0K 166960K 21 0 proc 58 79K 103K 166960K 829 0 subproc 117 7K 8K 166960K 236 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 227 0 in_multi 99 7K 7K 166960K 258 0 ether_multi 1 0K 0K 166960K 10 0 mrt 0 0K 0K 166960K 4 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 235 1049K 1049K 166960K 235 0 exec 0 0K 1K 166960K 699 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 310 77K 93K 166960K 14564 0 UVM aobj 44 4K 6K 166960K 50 0 pinsyscall 40 80K 100K 166960K 2804 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 82 0 NDP 11 0K 2K 166960K 66 0 temp 74 6820K 6896K 166960K 23069 0 kqueue 12 18K 34K 166960K 225 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 139 0 135 1 0 1 1 0 8 0 rtentry 112 233 0 121 4 0 4 4 0 8 0 unpcb 144 1259 0 1242 8 7 1 6 0 8 0 syncache 336 4 0 4 1 1 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 15 61 15 1 1 0 1 0 8 0 tcpcb 808 349 0 344 8 7 1 4 0 8 0 arp 120 40 0 22 1 0 1 1 0 8 0 inpcb 384 1519 0 1511 23 20 3 12 0 8 2 nd6 136 59 0 33 1 0 1 1 0 8 0 pkpcb 40 7 0 7 4 4 0 1 0 8 0 kcovpl 48 18 0 9 1 0 1 1 0 8 0 ppxss 1168 3 0 3 2 2 0 1 0 8 0 pffrag 232 16 0 12 1 0 1 1 0 482 0 pffrnode 88 16 0 12 1 0 1 1 0 8 0 pffrent 40 278 0 274 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 113 0 59 1 0 1 1 0 8 0 pfstkey 128 113 0 59 2 0 2 2 0 8 0 pfstate 376 113 0 59 6 0 6 6 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 912 0 453 36 7 29 29 0 8 0 art_table 32 913 0 453 4 0 4 4 0 8 0 art_node 16 231 0 129 1 0 1 1 0 8 0 sysvmsgpl 40 16 0 7 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 111 0 101 1 0 1 1 0 8 0 shmpl 112 47 0 6 2 0 2 2 0 8 0 dirhash 1024 25 0 8 3 0 3 3 0 8 0 dino2pl 256 3526 0 2004 96 0 96 96 0 8 0 ffsino 272 3526 0 2004 103 0 103 103 0 8 0 nchpl 144 5597 0 3856 67 0 67 67 0 8 0 uvmvnodes 80 3881 0 0 80 0 80 80 0 8 0 vnodes 216 3881 0 0 216 0 216 216 0 8 0 namei 1024 20169 0 20169 4 3 1 2 0 8 1 percpumem 16 65 0 19 1 0 1 1 0 8 0 vcpupl 3904 5 0 1 1 0 1 1 0 8 0 vmpool 696 8 0 4 1 0 1 1 0 8 0 kstatmem 264 60 0 38 2 0 2 2 0 8 0 scsiplug 72 4 0 4 4 4 0 1 0 8 0 scxspl 216 45539 0 45538 18 17 1 8 1 8 0 plimitpl 152 197 0 181 1 0 1 1 0 8 0 sigapl 424 1705 0 1634 11 2 9 9 0 8 1 futexpl 64 18474 0 18470 2 1 1 1 0 8 0 knotepl 120 449 0 0 11 0 11 11 0 8 0 kqueuepl 216 495 0 485 6 5 1 5 0 8 0 pipepl 320 299 0 266 3 0 3 3 0 8 0 fdescpl 496 1665 0 1635 9 4 5 5 0 8 1 filepl 152 10910 0 10641 33 20 13 19 0 8 0 lockfpl 104 324 0 322 1 0 1 1 0 8 0 lockfspl 48 110 0 108 1 0 1 1 0 8 0 sessionpl 144 35 0 18 1 0 1 1 0 8 0 pgrppl 48 58 0 41 1 0 1 1 0 8 0 ucredpl 104 1678 0 1668 1 0 1 1 0 8 0 zombiepl 144 1635 0 1634 1 0 1 1 0 8 0 processpl 1136 1705 0 1634 6 0 6 6 0 8 0 procpl 656 3293 0 3200 11 2 9 9 0 8 0 srpgc 96 10 0 10 4 4 0 1 0 8 0 sosppl 168 13 0 13 5 4 1 1 0 8 1 sockpl 664 2949 0 2920 35 31 4 16 0 8 1 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 349 0 0 44 0 44 44 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 451 0 0 23 0 23 23 0 8 0 bufpl 280 11003 0 2035 641 0 641 641 0 8 0 anonpl 24 364716 0 358591 93 25 68 68 0 186 16 amapchunkpl 152 48932 0 48152 70 26 44 44 0 158 12 amappl16 200 7928 0 7830 39 29 10 18 0 8 3 amappl15 192 17 0 17 2 2 0 1 0 8 0 amappl14 184 204 0 191 2 1 1 2 0 8 0 amappl13 176 14 0 14 1 1 0 1 0 8 0 amappl12 168 2451 0 2419 2 0 2 2 0 8 0 amappl11 160 53 0 43 1 0 1 1 0 8 0 amappl10 152 93 0 80 1 0 1 1 0 8 0 amappl9 144 274 0 274 4 4 0 1 0 8 0 amappl8 136 193 0 154 2 0 2 2 0 8 0 amappl7 128 60 0 46 1 0 1 1 0 8 0 amappl6 120 507 0 490 2 1 1 2 0 8 0 amappl5 112 209 0 197 1 0 1 1 0 8 0 amappl4 104 606 0 572 2 0 2 2 0 8 0 amappl3 96 9115 0 9019 3 0 3 3 0 8 0 amappl2 88 2075 0 2002 4 2 2 4 0 8 0 amappl1 80 14058 0 13533 22 10 12 22 0 8 0 amappl 88 13851 0 13631 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 49 0 6 1 0 1 1 0 8 0 uaddrrnd 24 1674 0 1640 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1674 0 1640 1 0 1 1 0 8 0 vmmpekpl 168 15990 0 15909 4 0 4 4 0 8 0 vmmpepl 168 119818 0 117831 137 44 93 113 0 357 0 vmsppl 440 1673 0 1639 4 0 4 4 0 8 0 rwobjpl 56 38940 0 33899 76 4 72 72 0 8 0 pdppl 4096 3355 0 3282 155 81 74 75 0 8 1 pvpl 32 46025 0 0 372 0 372 372 0 265 0 pmappl 248 1673 0 1639 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 482 0 103 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace end trace frame: 0x0, count: -1 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffff800029cebff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82e079a0) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82e079a0) at __mp_lock+0x122 sys/kern/kern_lock.c:147 wakeup_n(ffffffff82e73138,ffffffff) at wakeup_n+0x58 sys/kern/kern_synch.c:542 uvm_pmr_freepages(fffffd800735e220,1) at uvm_pmr_freepages+0x2e0 sys/uvm/uvm_pmemrange.c:1303 uvm_anfree_list(fffffd80695ba7e0,0) at uvm_anfree_list+0x160 sys/uvm/uvm_anon.c:116 amap_wipeout(fffffd80696be6a0) at amap_wipeout+0x1af sys/uvm/uvm_amap.c:502 uvm_unmap_detach(ffff80002a1556d0,1) at uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1354 uvm_map_teardown(fffffd8008b8e1b8) at uvm_map_teardown+0x2f8 sys/uvm/uvm_map.c:2554 uvmspace_free(fffffd8008b8e1b8) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3461 reaper(ffff80002a1491f8) at reaper+0x197 sys/kern/kern_exit.c:463 end trace frame: 0x0, count: 3 ddb{1}> trace x86_ipi_db(ffff800029cebff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82e079a0) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82e079a0) at __mp_lock+0x122 sys/kern/kern_lock.c:147 wakeup_n(ffffffff82e73138,ffffffff) at wakeup_n+0x58 sys/kern/kern_synch.c:542 uvm_pmr_freepages(fffffd800735e220,1) at uvm_pmr_freepages+0x2e0 sys/uvm/uvm_pmemrange.c:1303 uvm_anfree_list(fffffd80695ba7e0,0) at uvm_anfree_list+0x160 sys/uvm/uvm_anon.c:116 amap_wipeout(fffffd80696be6a0) at amap_wipeout+0x1af sys/uvm/uvm_amap.c:502 uvm_unmap_detach(ffff80002a1556d0,1) at uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1354 uvm_map_teardown(fffffd8008b8e1b8) at uvm_map_teardown+0x2f8 sys/uvm/uvm_map.c:2554 uvmspace_free(fffffd8008b8e1b8) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3461 reaper(ffff80002a1491f8) at reaper+0x197 sys/kern/kern_exit.c:463 end trace frame: 0x0, count: -12