uvm_fault(0xfffffd807ec77528, 0x8, 0, 1) -> e kernel: page fault trap, code=0 Stopped at fifo_write+0x6e: movq 0x8(%rax),%r15 TID PID UID PRFLAGS PFLAGS CPU COMMAND *470782 98381 0 0 0x1 0K syz-executor 464006 34899 0 0 0x4000000 1 syz-executor fifo_write(ffff8000371b4a40) at fifo_write+0x6e sys/miscfs/fifofs/fifo_vnops.c:281 VOP_WRITE(fffffd8060498038,ffff8000371b4af8,3,fffffd807f7d3548) at VOP_WRITE+0x102 sys/kern/vfs_vops.c:245 ktrwriteraw(ffff80002a06d1d0,fffffd8060498038,fffffd807f7d3548,ffff8000371b4bc0,ffff8000371b4ba0) at ktrwriteraw+0x1bc sys/kern/kern_ktrace.c:682 ktrsyscall(ffff80002a06d1d0,53,28,ffff8000371b4d50) at ktrsyscall+0x31d sys/kern/kern_ktrace.c:182 syscall(ffff8000371b4d50) at syscall+0x2eb mi_syscall sys/sys/syscall_mi.h:157 [inline] syscall(ffff8000371b4d50) at syscall+0x2eb sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6f8f3071cbd0, count: 9 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xfffffd807ec77528, 0x8, 0, 1) -> e ddb{0}> trace fifo_write(ffff8000371b4a40) at fifo_write+0x6e sys/miscfs/fifofs/fifo_vnops.c:281 VOP_WRITE(fffffd8060498038,ffff8000371b4af8,3,fffffd807f7d3548) at VOP_WRITE+0x102 sys/kern/vfs_vops.c:245 ktrwriteraw(ffff80002a06d1d0,fffffd8060498038,fffffd807f7d3548,ffff8000371b4bc0,ffff8000371b4ba0) at ktrwriteraw+0x1bc sys/kern/kern_ktrace.c:682 ktrsyscall(ffff80002a06d1d0,53,28,ffff8000371b4d50) at ktrsyscall+0x31d sys/kern/kern_ktrace.c:182 syscall(ffff8000371b4d50) at syscall+0x2eb mi_syscall sys/sys/syscall_mi.h:157 [inline] syscall(ffff8000371b4d50) at syscall+0x2eb sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6f8f3071cbd0, count: -6 ddb{0}> show registers rdi 0xfffffd8060498038 rsi 0x1 rbp 0xffff8000371b4a30 rbx 0xfffffd807f7d3548 rdx 0 rcx 0xffff80002a06d1d0 rax 0 r8 0xffff8000371b4ba0 r9 0 r10 0x5aa768054d2922db r11 0xbeda233008483a17 r12 0x4000 __ALIGN_SIZE+0x3000 r13 0xffff8000371b4af8 r14 0xffff8000371b4a40 r15 0x1 rip 0xffffffff822405ce fifo_write+0x6e cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000371b4a00 ss 0x10 fifo_write+0x6e: movq 0x8(%rax),%r15 ddb{0}> show proc PROC (syz-executor) tid=470782 pid=98381 tcnt=2 stat=onproc flags process=0 proc=1 runpri=50, usrpri=50, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a06e530,0xffff80002a06c538 process=0xffff8000ffff7678 user=0xffff8000371af000, vmspace=0xfffffd807ec77528 estcpu=36, cpticks=1, pctcpu=0.0, user=1, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 5924 53809 68878 0 2 0 syz-executor 35954 216308 2452 0 2 0x100000 sh 59841 335307 85089 0 2 0 syz-executor 59841 168999 85089 0 3 0x4000080 fsleep syz-executor *98381 470782 54029 0 7 0x1 syz-executor 98381 183581 54029 0 3 0x4000080 fsleep syz-executor 31535 508618 28739 0 2 0 syz-executor 2452 332760 58383 0 3 0x10008a sigsusp sh 32668 237995 91875 0 2 0x2 arp 34899 101473 13814 0 2 0 syz-executor 34899 235079 13814 0 3 0x4000080 fsleep syz-executor 34899 464006 13814 0 7 0x4000000 syz-executor 91875 381373 65119 0 3 0x10008a sigsusp sh 60541 258748 75161 0 2 0 syz-executor 60541 461086 75161 0 2 0x4000000 syz-executor 58383 195980 82822 0 3 0x82 wait syz-executor 68878 222091 82822 0 2 0x2 syz-executor 85089 464527 82822 0 2 0x482 syz-executor 65119 474784 82822 0 3 0x82 wait syz-executor 13814 339526 82822 0 2 0x482 syz-executor 54029 156034 82822 0 2 0x482 syz-executor 28739 444619 82822 0 3 0x82 nanoslp syz-executor 75161 18352 82822 0 2 0x482 syz-executor 60295 505217 0 0 3 0x14200 bored sosplice 82822 401673 21024 0 3 0x82 kqread syz-executor 21024 185076 19349 0 3 0x10008a sigsusp ksh 19349 388650 13 0 3 0x98 kqread sshd-session 13 478860 68158 0 3 0x92 kqread sshd-session 62882 161213 1 0 3 0x100083 ttyin getty 68158 372666 1 0 3 0x88 kqread sshd 97009 54343 18508 74 3 0x1100092 bpf pflogd 18508 502041 1 0 3 0x80 sbwait pflogd 60524 128651 10009 73 2 0x1100010 syslogd 10009 151381 1 0 3 0x100082 sbwait syslogd 90981 247662 1 0 3 0x100080 kqread resolvd 76092 176510 95268 77 3 0x100092 kqread dhcpleased 82661 307994 95268 77 3 0x100092 kqread dhcpleased 95268 309253 1 0 3 0x80 kqread dhcpleased 19653 144873 0 0 3 0x14200 bored smr 43054 209922 0 0 2 0x14200 zerothread 96486 100037 0 0 3 0x14200 aiodoned aiodoned 3533 124702 0 0 3 0x14200 syncer update 55865 57026 0 0 3 0x14200 cleaner cleaner 71237 441351 0 0 3 0x14200 reaper reaper 953 453857 0 0 3 0x14200 pgdaemon pagedaemon 79012 414396 0 0 3 0x14200 bored viomb 58300 516799 0 0 3 0x40014200 acpi0 acpi0 26691 443238 0 0 3 0x40014200 idle1 74101 85526 0 0 3 0x14200 bored softnet3 45182 187191 0 0 3 0x14200 bored softnet2 44413 470732 0 0 3 0x14200 bored softnet1 52664 140993 0 0 3 0x14200 bored softnet0 64674 111138 0 0 3 0x14200 bored systqmp 44015 254801 0 0 3 0x14200 bored systq 39666 165443 0 0 3 0x14200 tmoslp softclockmp 85614 411098 0 0 3 0x40014200 tmoslp softclock 57532 63483 0 0 3 0x40014200 idle0 1 477782 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 98381 (syz-executor) thread 0xffff80002a06d1d0 (470782) Process 60524 (syslogd) thread 0xffff8000ffffdbe8 (128651) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10210 10116K 10518K 166960K 12919 0 pcb 17 17K 18K 166960K 780 0 rtable 160 6K 7K 166960K 1250 0 pf 40 18K 21K 166960K 150 0 ifaddr 36 5K 7K 166960K 161 0 ifgroup 63 2K 2K 166960K 197 0 sysctl 3 0K 0K 166960K 7 0 counters 68 36K 36K 166960K 142 0 ioctlops 0 0K 4K 166960K 1861 0 iov 0 0K 28K 166960K 157 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1459 92K 93K 166960K 2997 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 18 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 155 0 dirhash 12 2K 2K 166960K 48 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 20 73K 93K 166960K 1958 0 sigio 0 0K 0K 166960K 23 0 proc 70 91K 140K 166960K 1366 0 subproc 104 6K 6K 166960K 444 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 195 0 in_multi 64 4K 7K 166960K 387 0 ether_multi 1 0K 0K 166960K 8 0 mrt 1 0K 0K 166960K 4 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 103 466K 466K 166960K 103 0 exec 0 0K 1K 166960K 940 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 226 72K 91K 166960K 18269 0 UVM aobj 33 3K 4K 166960K 37 0 pinsyscall 46 92K 106K 166960K 3674 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 74 0 NDP 23 1K 1K 166960K 115 0 temp 77 6824K 6934K 166960K 57131 0 kqueue 13 20K 33K 166960K 279 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 348 0 344 1 0 1 1 0 8 0 rtentry 112 404 0 334 4 1 3 4 0 8 0 unpcb 144 1888 0 1870 15 14 1 6 0 8 0 syncache 336 3 0 3 2 2 0 1 0 8 0 tcpcb 808 511 0 507 7 6 1 7 0 8 0 arp 120 71 0 56 1 0 1 1 0 8 0 inpcb 336 2649 0 2637 33 26 7 16 0 8 5 nd6 136 109 0 93 2 1 1 2 0 8 0 pkpcb 40 13 0 13 3 3 0 1 0 8 0 kcovpl 48 34 0 26 1 0 1 1 0 8 0 ppxss 1168 8 0 8 3 3 0 1 0 8 0 pfstscr 40 3 0 2 1 0 1 1 0 8 0 pffrag 232 13 0 6 1 0 1 1 0 482 0 pffrnode 88 10 0 6 1 0 1 1 0 8 0 pffrent 40 62 0 55 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfanchor 1288 3 0 1 1 0 1 1 0 8 0 pfstitem 24 154 0 100 1 0 1 1 0 8 0 pfstkey 128 156 0 102 3 0 3 3 0 8 0 pfstate 376 155 0 102 8 0 8 8 0 8 0 pfrule 1344 29 0 23 2 0 2 2 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 1552 0 1268 31 8 23 29 0 8 4 art_table 32 1554 0 1268 4 0 4 4 0 8 0 art_node 16 399 0 336 1 0 1 1 0 8 0 sysvmsgpl 40 18 0 8 1 0 1 1 0 8 0 semapl 112 153 0 143 1 0 1 1 0 8 0 shmpl 112 34 0 4 1 0 1 1 0 8 0 dirhash 1024 42 0 25 3 0 3 3 0 8 0 dino2pl 256 4263 0 2714 97 0 97 97 0 8 0 ffsino 272 4263 0 2714 104 0 104 104 0 8 0 nchpl 144 6503 0 4776 65 0 65 65 0 8 0 uvmvnodes 80 5529 0 0 113 0 113 113 0 8 0 vnodes 216 5529 0 0 308 0 308 308 0 8 0 namei 1024 25703 0 25703 5 4 1 2 0 8 1 percpumem 16 85 0 37 1 0 1 1 0 8 0 kstatmem 264 102 0 74 2 0 2 2 0 8 0 scsiplug 72 4 0 4 3 3 0 1 0 8 0 scxspl 216 36492 0 36492 13 12 1 8 1 8 1 plimitpl 152 494 0 477 1 0 1 1 0 8 0 sigapl 424 2226 0 2173 10 3 7 9 0 8 0 futexpl 64 22425 0 22422 4 3 1 1 0 8 0 knotepl 120 1055 0 0 32 0 32 32 0 8 0 kqueuepl 216 457 0 448 3 2 1 2 0 8 0 pipepl 320 307 0 280 3 0 3 3 0 8 0 fdescpl 496 2186 0 2152 7 2 5 5 0 8 0 filepl 152 15029 0 14783 40 25 15 20 0 8 5 lockfpl 104 608 0 606 2 1 1 2 0 8 0 lockfspl 48 186 0 184 1 0 1 1 0 8 0 sessionpl 144 48 0 39 1 0 1 1 0 8 0 pgrppl 48 91 0 74 1 0 1 1 0 8 0 ucredpl 104 2937 0 2923 1 0 1 1 0 8 0 zombiepl 144 2173 0 2173 2 1 1 1 0 8 1 processpl 1160 2226 0 2173 7 3 4 6 0 8 0 procpl 648 4589 0 4531 9 3 6 8 0 8 1 srpgc 96 14 0 14 4 4 0 1 0 8 0 sosppl 168 6 0 6 3 3 0 1 0 8 0 sockpl 664 4926 0 4892 49 40 9 18 0 8 5 mcl64k 65536 5 0 0 1 0 1 1 0 8 0 mcl16k 16384 5 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 6 0 0 1 0 1 1 0 8 0 mcl4k 4096 6 0 0 1 0 1 1 0 8 0 mcl2k2 2112 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 220 0 0 27 0 27 27 0 8 0 mtagpl 96 24 0 0 1 0 1 1 0 8 0 mbufpl 256 373 0 0 21 0 21 21 0 8 0 bufpl 280 8964 0 2792 442 0 442 442 0 8 0 anonpl 24 340466 0 337021 97 29 68 81 0 185 36 amapchunkpl 152 60136 0 59681 53 21 32 43 0 158 14 amappl16 200 7086 0 7075 40 33 7 14 0 8 6 amappl15 192 5 0 5 1 1 0 1 0 8 0 amappl14 184 167 0 154 1 0 1 1 0 8 0 amappl13 176 13 0 13 3 3 0 1 0 8 0 amappl12 168 3222 0 3190 3 1 2 2 0 8 0 amappl11 160 60 0 46 1 0 1 1 0 8 0 amappl10 152 13 0 12 1 0 1 1 0 8 0 amappl9 144 188 0 188 1 1 0 1 0 8 0 amappl8 136 25 0 23 1 0 1 1 0 8 0 amappl7 128 156 0 142 1 0 1 1 0 8 0 amappl6 120 412 0 409 1 0 1 1 0 8 0 amappl5 112 264 0 253 1 0 1 1 0 8 0 amappl4 104 394 0 374 1 0 1 1 0 8 0 amappl3 96 10701 0 10608 4 1 3 4 0 8 0 amappl2 88 2525 0 2444 2 0 2 2 0 8 0 amappl1 80 14643 0 14039 15 2 13 15 0 8 0 amappl 88 17628 0 17466 5 0 5 5 0 92 1 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 8 0 8 2 2 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 36 0 4 1 0 1 1 0 8 0 uaddrrnd 24 2186 0 2152 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2186 0 2152 1 0 1 1 0 8 0 vmmpekpl 168 18185 0 18135 4 0 4 4 0 8 0 vmmpepl 168 136627 0 134732 115 24 91 96 0 357 8 vmsppl 440 2185 0 2152 6 2 4 5 0 8 0 rwobjpl 56 43162 0 36643 94 2 92 92 0 8 0 pdppl 4096 4379 0 4304 133 56 77 85 0 8 2 pvpl 32 44701 0 0 361 1 360 360 0 265 0 pmappl 248 2185 0 2152 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 476 0 108 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace fifo_write(ffff8000371b4a40) at fifo_write+0x6e sys/miscfs/fifofs/fifo_vnops.c:281 VOP_WRITE(fffffd8060498038,ffff8000371b4af8,3,fffffd807f7d3548) at VOP_WRITE+0x102 sys/kern/vfs_vops.c:245 ktrwriteraw(ffff80002a06d1d0,fffffd8060498038,fffffd807f7d3548,ffff8000371b4bc0,ffff8000371b4ba0) at ktrwriteraw+0x1bc sys/kern/kern_ktrace.c:682 ktrsyscall(ffff80002a06d1d0,53,28,ffff8000371b4d50) at ktrsyscall+0x31d sys/kern/kern_ktrace.c:182 syscall(ffff8000371b4d50) at syscall+0x2eb mi_syscall sys/sys/syscall_mi.h:157 [inline] syscall(ffff8000371b4d50) at syscall+0x2eb sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6f8f3071cbd0, count: -6 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff835f25c0) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff835f25c0) at __mp_lock+0x192 sys/kern/kern_lock.c:144 syscall(ffff80002db9ed50) at syscall+0x2cc mi_syscall sys/sys/syscall_mi.h:156 [inline] syscall(ffff80002db9ed50) at syscall+0x2cc sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x893b1bb5b50, count: 9 ddb{1}> trace x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff835f25c0) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff835f25c0) at __mp_lock+0x192 sys/kern/kern_lock.c:144 syscall(ffff80002db9ed50) at syscall+0x2cc mi_syscall sys/sys/syscall_mi.h:156 [inline] syscall(ffff80002db9ed50) at syscall+0x2cc sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x893b1bb5b50, count: -6