panic: uvm_fault: fault on non-pageable map (0xffffffff82502a00, 0xffff800000aae000) Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *280590 88900 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 uvm_fault(ffffffff82524170,ffff800000aae000,1,4) at uvm_fault+0x2148 uvmfault_amapcopy sys/uvm/uvm_fault.c:463 [inline] uvm_fault(ffffffff82524170,ffff800000aae000,1,4) at uvm_fault+0x2148 sys/uvm/uvm_fault.c:559 pageflttrap() at pageflttrap+0x239 sys/arch/amd64/amd64/trap.c:199 kerntrap(ffff80001596ba00) at kerntrap+0xdb sys/arch/amd64/amd64/trap.c:287 alltraps_kern_meltdown(6,ffff8000159a6000,fffffd802ea87e08,11,ffff80000005b960,ffff80001596bc68) at alltraps_kern_meltdown+0x7b ffff800000aae800(b,ffff80001596bbc8,83,ffff80001596bc68,0,b) at 0xffff800000aae800 rt_match(fffffd8037014710,0,1,0) at rt_match+0xbe rt_clone sys/net/route.c:266 [inline] rt_match(fffffd8037014710,0,1,0) at rt_match+0xbe sys/net/route.c:242 in_pcbselsrc(ffff80001596bd40,fffffd802ea98820,fffffd8037014690) at in_pcbselsrc+0x219 sys/netinet/in_pcb.c:934 in_pcbconnect(fffffd8037014690,fffffd802ea98800) at in_pcbconnect+0x107 sys/netinet/in_pcb.c:492 tcp_usrreq(fffffd803df12900,4,0,fffffd802ea98800,0,ffff8000ffff3160) at tcp_usrreq+0xada sys/netinet/tcp_usrreq.c:228 sys_connect(ffff8000ffff3160,ffff80001596bee8,ffff80001596bf30) at sys_connect+0x3df sys/kern/uipc_syscalls.c:388 syscall(ffff80001596bfb0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,fffffffffffffecf,0,3,a1550fcc010) at Xsyscall+0x128 end of kernel end trace frame: 0xa184edc82d0, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic uvm_fault: fault on non-pageable map (0xffffffff82502a00, 0xffff800000aae000) ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 uvm_fault(ffffffff82524170,ffff800000aae000,1,4) at uvm_fault+0x2148 uvmfault_amapcopy sys/uvm/uvm_fault.c:463 [inline] uvm_fault(ffffffff82524170,ffff800000aae000,1,4) at uvm_fault+0x2148 sys/uvm/uvm_fault.c:559 pageflttrap() at pageflttrap+0x239 sys/arch/amd64/amd64/trap.c:199 kerntrap(ffff80001596ba00) at kerntrap+0xdb sys/arch/amd64/amd64/trap.c:287 alltraps_kern_meltdown(6,ffff8000159a6000,fffffd802ea87e08,11,ffff80000005b960,ffff80001596bc68) at alltraps_kern_meltdown+0x7b ffff800000aae800(b,ffff80001596bbc8,83,ffff80001596bc68,0,b) at 0xffff800000aae800 rt_match(fffffd8037014710,0,1,0) at rt_match+0xbe rt_clone sys/net/route.c:266 [inline] rt_match(fffffd8037014710,0,1,0) at rt_match+0xbe sys/net/route.c:242 in_pcbselsrc(ffff80001596bd40,fffffd802ea98820,fffffd8037014690) at in_pcbselsrc+0x219 sys/netinet/in_pcb.c:934 in_pcbconnect(fffffd8037014690,fffffd802ea98800) at in_pcbconnect+0x107 sys/netinet/in_pcb.c:492 tcp_usrreq(fffffd803df12900,4,0,fffffd802ea98800,0,ffff8000ffff3160) at tcp_usrreq+0xada sys/netinet/tcp_usrreq.c:228 sys_connect(ffff8000ffff3160,ffff80001596bee8,ffff80001596bf30) at sys_connect+0x3df sys/kern/uipc_syscalls.c:388 syscall(ffff80001596bfb0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,fffffffffffffecf,0,3,a1550fcc010) at Xsyscall+0x128 end of kernel end trace frame: 0xa184edc82d0, count: -14 ddb> show registers rdi 0xffffffff81a40cf7 db_enter+0x17 rsi 0x2d1c __ALIGN_SIZE+0x1d1c rbp 0xffff80001596b630 rbx 0xffff80001596b6e0 rdx 0x2d1d __ALIGN_SIZE+0x1d1d rcx 0xffff8000159a6000 rax 0xffff8000159a6000 r8 0xffff80001596b5f0 r9 0x1 r10 0xffff800000a6d580 r11 0x46762d1e25bee449 r12 0x3000000008 r13 0xffff80001596b640 r14 0x100 r15 0x1 rip 0xffffffff81a40cf8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80001596b620 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=280590 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff2508,0xffffffff82560a98 process=0xffff8000148a26d8 user=0xffff800015967000, vmspace=0xfffffd803f014cc0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 88900 471088 46950 0 2 0 syz-executor.0 *88900 280590 46950 0 7 0x4000000 syz-executor.0 429 367520 64015 0 3 0x82 nanosleep syz-executor.1 46950 396362 64015 0 3 0x82 nanosleep syz-executor.0 63449 456884 1 0 3 0x100083 ttyin getty 43232 217198 0 0 3 0x14200 acct acct 49225 284167 0 0 3 0x14200 bored sosplice 64015 203729 89987 0 3 0x82 thrsleep syz-fuzzer 64015 226542 89987 0 3 0x4000082 thrsleep syz-fuzzer 64015 505959 89987 0 3 0x4000082 kqread syz-fuzzer 64015 296730 89987 0 3 0x4000082 thrsleep syz-fuzzer 64015 235422 89987 0 3 0x4000082 thrsleep syz-fuzzer 64015 426261 89987 0 3 0x4000082 thrsleep syz-fuzzer 64015 91352 89987 0 3 0x4000082 thrsleep syz-fuzzer 64015 435192 89987 0 3 0x4000082 thrsleep syz-fuzzer 89987 430595 26676 0 3 0x10008a pause ksh 26676 472376 22342 0 3 0x92 select sshd 22342 297572 1 0 3 0x80 select sshd 65363 247216 34724 73 3 0x100090 kqread syslogd 34724 36373 1 0 3 0x100082 netio syslogd 32573 26093 1 77 3 0x100090 poll dhclient 36956 19373 1 0 3 0x80 poll dhclient 3249 89582 0 0 2 0x14200 zerothread 70223 71694 0 0 3 0x14200 aiodoned aiodoned 47595 209795 0 0 3 0x14200 syncer update 11370 375430 0 0 3 0x14200 cleaner cleaner 61468 249374 0 0 3 0x14200 reaper reaper 62351 214795 0 0 3 0x14200 pgdaemon pagedaemon 55877 342515 0 0 3 0x14200 bored crynlk 50548 390545 0 0 3 0x14200 bored crypto 83023 377039 0 0 3 0x40014200 acpi0 acpi0 80511 191302 0 0 3 0x14200 bored softnet 16220 476372 0 0 3 0x14200 bored systqmp 81617 232965 0 0 3 0x14200 bored systq 3377 361960 0 0 3 0x40014200 bored softclock 39457 309419 0 0 3 0x40014200 idle0 16137 456061 0 0 3 0x14200 bored smr 1 16903 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9569 6490K 8665K 78643K 19828 0 0 pcb 13 8K 9K 78643K 357 0 0 rtable 108 8K 8K 78643K 1119 0 0 ifaddr 79 16K 18K 78643K 322 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 109 0 0 iov 0 0K 28K 78643K 412 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1246 78K 79K 78643K 3828 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 19 0 0 VM map 2 0K 0K 78643K 12 0 0 sem 12 0K 0K 78643K 257 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 1605 0 0 sigio 0 0K 0K 78643K 14 0 0 proc 49 38K 63K 78643K 798 0 0 subproc 32 2K 2K 78643K 157 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 111 0 0 in_multi 24 1K 2K 78643K 170 0 0 ether_multi 1 0K 0K 78643K 12 0 0 mrt 0 0K 0K 78643K 9 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 78 344K 344K 78643K 78 0 0 exec 0 0K 1K 78643K 486 0 0 pfkey data 0 0K 0K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 99 21K 31K 78643K 4848 0 0 UVM aobj 43 2K 2K 78643K 48 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 343 0 0 NDP 19 0K 0K 78643K 98 0 0 temp 219 3540K 3615K 78643K 77258 0 0 kqueue 0 0K 0K 78643K 16 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 40 0 34 1 0 1 1 0 8 0 rtpcb 80 177 0 175 1 0 1 1 0 8 0 rtentry 112 190 0 152 2 0 2 2 0 8 0 unpcb 120 520 0 512 1 0 1 1 0 8 0 syncache 264 15 0 15 5 5 0 1 0 8 0 tcpqe 32 6418 0 6418 4 4 0 1 0 8 0 tcpcb 544 506 0 501 4 2 2 2 0 8 1 ipq 40 8 0 8 4 4 0 1 0 8 0 ipqe 40 20 0 20 4 4 0 1 0 8 0 inpcb 280 2934 0 2926 10 8 2 4 0 8 1 rttmr 72 2 0 2 1 1 0 1 0 8 0 ip6q 72 1 0 1 1 1 0 1 0 8 0 ip6af 40 2 0 2 1 1 0 1 0 8 0 nd6 48 21 0 19 2 1 1 1 0 8 0 pkpcb 40 4 0 4 2 2 0 1 0 8 0 ppxss 1128 35 0 35 7 6 1 1 0 8 1 art_heap8 4096 5 0 4 5 4 1 3 0 8 0 art_heap4 256 693 0 509 19 4 15 15 0 8 2 art_table 32 698 0 513 2 0 2 2 0 8 0 art_node 16 182 0 148 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 4 2 2 0 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 253 0 243 1 0 1 1 0 8 0 shmpl 112 46 0 5 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 3898 0 2504 46 0 46 46 0 8 0 ffsino 240 3898 0 2504 83 0 83 83 0 8 0 nchpl 144 6369 0 4764 60 0 60 60 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 208 5926 0 0 312 0 312 312 0 8 0 namei 1024 23153 0 23153 3 2 1 1 0 8 1 vmpool 520 10 0 10 5 4 1 1 0 8 1 scsiplug 64 6 0 6 3 3 0 1 0 8 0 scxspl 192 23820 0 23820 20 18 2 7 0 8 2 plimitpl 152 143 0 135 1 0 1 1 0 8 0 sigapl 432 1758 0 1745 2 0 2 2 0 8 0 futexpl 56 47557 0 47557 1 0 1 1 0 8 1 knotepl 112 414 0 395 1 0 1 1 0 8 0 kqueuepl 104 370 0 368 1 0 1 1 0 8 0 pipepl 112 920 0 901 4 2 2 2 0 8 1 fdescpl 424 1759 0 1745 2 0 2 2 0 8 0 filepl 120 15572 0 15475 10 6 4 5 0 8 1 lockfpl 104 3122 0 3121 2 1 1 2 0 8 0 lockfspl 48 1446 0 1445 1 0 1 1 0 8 0 sessionpl 112 27 0 17 1 0 1 1 0 8 0 pgrppl 48 43 0 33 1 0 1 1 0 8 0 ucredpl 96 1905 0 1897 1 0 1 1 0 8 0 zombiepl 144 1751 0 1750 3 2 1 1 0 8 0 processpl 864 1781 0 1750 4 0 4 4 0 8 0 procpl 632 3766 0 3727 4 0 4 4 0 8 0 sosppl 128 14 0 14 5 5 0 1 0 8 0 sockpl 384 3655 0 3637 20 16 4 7 0 8 1 mcl64k 65536 632 0 632 64 64 0 33 0 8 0 mcl16k 16384 17 0 17 6 6 0 1 0 8 0 mcl12k 12288 42 0 42 6 5 1 1 0 8 1 mcl9k 9216 36 0 36 5 4 1 1 0 8 1 mcl8k 8192 74 0 74 2 1 1 1 0 8 1 mcl4k 4096 210 0 210 2 1 1 1 0 8 1 mcl2k2 2112 16 0 16 8 8 0 1 0 8 0 mcl2k 2048 54291 0 54239 33 26 7 21 0 8 0 mtagpl 80 1055 0 930 11 7 4 5 0 8 0 mbufpl 256 103108 0 102784 90 60 30 38 0 8 1 bufpl 256 12371 0 7252 321 0 321 321 0 8 0 anonpl 16 216875 0 201026 121 40 81 82 0 62 13 amapchunkpl 152 9129 0 9025 39 21 18 18 0 158 13 amappl16 192 10556 0 9636 114 59 55 59 0 8 8 amappl15 184 753 0 753 1 1 0 1 0 8 0 amappl14 176 379 0 375 2 1 1 1 0 8 0 amappl13 168 220 0 218 1 0 1 1 0 8 0 amappl12 160 76 0 74 1 0 1 1 0 8 0 amappl11 152 311 0 299 1 0 1 1 0 8 0 amappl10 144 12 0 11 2 1 1 1 0 8 0 amappl9 136 769 0 763 1 0 1 1 0 8 0 amappl8 128 320 0 294 1 0 1 1 0 8 0 amappl7 120 72 0 67 1 0 1 1 0 8 0 amappl6 112 310 0 295 1 0 1 1 0 8 0 amappl5 104 264 0 254 1 0 1 1 0 8 0 amappl4 96 1946 0 1917 1 0 1 1 0 8 0 amappl3 88 247 0 241 1 0 1 1 0 8 0 amappl2 80 13482 0 13413 4 2 2 3 0 8 0 amappl1 72 41993 0 41596 28 19 9 20 0 8 0 amappl 80 4124 0 4089 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 47 0 5 1 0 1 1 0 8 0 uaddrrnd 24 1769 0 1745 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1769 0 1745 1 0 1 1 0 8 0 vmmpekpl 168 15091 0 15065 2 0 2 2 0 8 0 vmmpepl 168 221471 0 219512 185 86 99 120 0 357 11 vmsppl 272 1758 0 1745 2 1 1 2 0 8 0 pdppl 4096 3544 0 3510 6 1 5 6 0 8 0 pvpl 32 589909 0 571013 279 88 191 194 0 265 33 pmappl 200 1768 0 1755 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 645 0 174 15 0 15 15 0 8 0