uvm_fault(0xfffffd806bc09660, 0xa, 0, 1) -> e kernel: page fault trap, code=0 Stopped at vio_rxeof+0x191: movzwl 0xa(%r15),%eax ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd806bc09660, 0xa, 0, 1) -> e vio_rxeof(ffff80000017a000) at vio_rxeof+0x191 sys/dev/pv/if_vio.c:1018 end trace frame: 0xffff80001d760f00, count: 0 ddb> trace vio_rxeof(ffff80000017a000) at vio_rxeof+0x191 sys/dev/pv/if_vio.c:1018 vio_rx_intr(ffff80000017a050) at vio_rx_intr+0x4d sys/dev/pv/if_vio.c:1056 virtio_check_vqs(ffff80000002ea00) at virtio_check_vqs+0x150 sys/dev/pv/virtio.c:228 intr_handler(ffff80001d760fb0,ffff800000655380) at intr_handler+0x4d sys/arch/amd64/amd64/intr.c:537 Xintr_ioapic_edge19_untramp() at Xintr_ioapic_edge19_untramp+0x19f end of kernel end trace frame: 0xc0005a90c8, count: -5 ddb> show registers rdi 0xc rsi 0xc rbp 0xffff80001d760ea0 rbx 0xffff80000017a000 rdx 0 rcx 0xffff8000001ab000 rax 0 r8 0x2 r9 0 r10 0 r11 0xeb4d4bd50d036b74 r12 0xffff80000002ea00 r13 0xc r14 0xfffffd805a073200 r15 0 rip 0xffffffff8144b091 vio_rxeof+0x191 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80001d760e10 ss 0 vio_rxeof+0x191: movzwl 0xa(%r15),%eax ddb> show proc PROC (syz-fuzzer) pid=278434 stat=onproc flags process=2 proc=4000000 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff80001d71c9d0,0xffff80001d71daf0 process=0xffff80001d706e98 user=0xffff80001d75c000, vmspace=0xfffffd806bc09660 estcpu=0, cpticks=0, pctcpu=0.65 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 66986 38951 20975 0 2 0 syz-executor.0 66986 127575 20975 0 3 0x4000080 fsleep syz-executor.0 34268 344120 0 0 3 0x14200 bored sosplice 20975 140055 80677 0 3 0x82 nanosleep syz-executor.0 46716 217961 80677 0 2 0x2 syz-executor.1 80677 4094 45670 0 3 0x82 thrsleep syz-fuzzer 80677 302507 45670 0 2 0x4000002 syz-fuzzer 80677 399027 45670 0 3 0x4000082 thrsleep syz-fuzzer 80677 203007 45670 0 3 0x4000082 thrsleep syz-fuzzer *80677 278434 45670 0 7 0x4000002 syz-fuzzer 80677 231073 45670 0 3 0x4000082 thrsleep syz-fuzzer 80677 465296 45670 0 3 0x4000082 thrsleep syz-fuzzer 45670 461343 55086 0 3 0x10008a pause ksh 55086 445492 42926 0 2 0x12 sshd 93381 92108 1 0 3 0x100083 ttyin getty 42926 299824 1 0 3 0x80 select sshd 87239 353468 39061 73 3 0x100090 kqread syslogd 39061 146431 1 0 3 0x100082 netio syslogd 54122 324569 1 77 3 0x100090 poll dhclient 29103 303795 1 0 3 0x80 poll dhclient 62046 126545 0 0 3 0x14200 bored smr 90123 166565 0 0 2 0x14200 zerothread 75938 276335 0 0 3 0x14200 aiodoned aiodoned 12432 430738 0 0 3 0x14200 syncer update 30299 396062 0 0 3 0x14200 cleaner cleaner 50090 243666 0 0 3 0x14200 reaper reaper 99252 198547 0 0 3 0x14200 pgdaemon pagedaemon 29520 240780 0 0 3 0x14200 bored crynlk 42722 489087 0 0 3 0x14200 bored crypto 7703 520433 0 0 3 0x40014200 acpi0 acpi0 67162 411853 0 0 3 0x14200 bored softnet 95886 514911 0 0 3 0x14200 bored systqmp 66759 222482 0 0 3 0x14200 bored systq 61517 474852 0 0 3 0x40014200 bored softclock 47398 18391 0 0 3 0x40014200 idle0 1 24321 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9479 6649K 6649K 78643K 10824 0 pcb 13 8K 8K 78643K 41 0 rtable 120 6K 10K 78643K 328 0 ifaddr 52 12K 12K 78643K 78 0 sysctl 2 0K 0K 78643K 2 0 counters 21 16K 16K 78643K 24 0 ioctlops 0 0K 4K 78643K 36 0 iov 0 0K 16K 78643K 8 0 mount 1 1K 1K 78643K 1 0 vnodes 1219 77K 77K 78643K 1288 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 30 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 156 0 proc 48 38K 54K 78643K 370 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 14 0 in_multi 40 2K 2K 78643K 74 0 ether_multi 1 0K 0K 78643K 4 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 1K 78643K 187 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 127 39K 39K 78643K 1214 0 UVM aobj 5 2K 2K 78643K 7 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 22 0 NDP 6 0K 0K 78643K 17 0 temp 79 3863K 3927K 78643K 2166 0 kqueue 3 4K 6K 78643K 5 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 80 82 0 80 1 0 1 1 0 8 0 rtentry 112 52 0 8 2 0 2 2 0 8 0 unpcb 120 51 0 43 1 0 1 1 0 8 0 syncache 264 6 0 6 2 2 0 1 0 8 0 tcpqe 32 221 0 221 1 1 0 1 0 8 0 tcpcb 544 60 0 56 1 0 1 1 0 8 0 inpcb 296 157 0 150 2 0 2 2 0 8 1 ip6q 72 1 0 1 1 0 1 1 0 8 1 ip6af 40 2 0 2 1 0 1 1 0 8 1 nd6 48 13 0 7 1 0 1 1 0 8 0 pfrktable 1344 28 0 21 2 1 1 2 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfrule 1360 8 0 4 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 190 0 2 12 0 12 12 0 8 0 art_table 32 191 0 2 2 0 2 2 0 8 0 art_node 16 51 0 11 1 0 1 1 0 8 0 sysvmsgpl 40 13 0 10 1 0 1 1 0 8 0 semapl 112 26 0 16 1 0 1 1 0 8 0 shmpl 112 4 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1563 0 165 88 0 88 88 0 8 0 ffsino 240 1563 0 165 83 0 83 83 0 8 0 nchpl 144 1990 0 384 60 0 60 60 0 8 0 uvmvnodes 72 1663 0 0 31 0 31 31 0 8 0 vnodes 208 1663 0 0 88 0 88 88 0 8 0 namei 1024 5082 0 5082 1 0 1 1 0 8 1 vcpupl 1984 3 0 0 1 0 1 1 0 8 0 vmpool 528 3 0 0 1 0 1 1 0 8 0 pfiaddrpl 120 12 0 6 1 0 1 1 0 8 0 scxspl 192 5589 0 5589 1 0 1 1 0 8 1 plimitpl 152 22 0 15 1 0 1 1 0 8 0 sigapl 424 343 0 314 4 0 4 4 0 8 0 futexpl 56 2801 0 2800 1 0 1 1 0 8 0 knotepl 112 63 0 44 1 0 1 1 0 8 0 kqueuepl 144 16 0 14 1 0 1 1 0 8 0 pipepl 272 82 0 72 1 0 1 1 0 8 0 fdescpl 432 328 0 314 2 0 2 2 0 8 0 filepl 120 1796 0 1700 4 0 4 4 0 8 1 lockfpl 104 17 0 16 1 0 1 1 0 8 0 lockfspl 48 8 0 7 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 17 0 7 1 0 1 1 0 8 0 ucredpl 96 145 0 138 1 0 1 1 0 8 0 zombiepl 144 314 0 314 2 1 1 1 0 8 1 processpl 928 343 0 314 4 0 4 4 0 8 0 procpl 624 494 0 458 4 0 4 4 0 8 1 sockpl 400 291 0 274 3 0 3 3 0 8 1 mcl64k 65536 3 0 3 1 0 1 1 0 8 1 mcl12k 12288 3 0 3 1 0 1 1 0 8 1 mcl8k 8192 5 0 5 1 1 0 1 0 8 0 mcl4k 4096 31 0 30 2 1 1 1 0 8 0 mcl2k2 2112 3 0 3 1 1 0 1 0 8 0 mcl2k 2048 93514 0 93465 30 23 7 23 0 8 0 mtagpl 96 25 0 2 2 1 1 1 0 8 0 mbufpl 256 148186 0 148004 18 3 15 15 0 8 0 bufpl 280 3403 0 125 235 0 235 235 0 8 0 anonpl 16 53629 0 37497 95 4 91 94 0 107 11 amapchunkpl 152 1494 0 1344 8 1 7 8 0 158 0 amappl16 192 1869 0 812 64 4 60 64 0 8 5 amappl15 184 3 0 1 1 0 1 1 0 8 0 amappl14 176 97 0 88 1 0 1 1 0 8 0 amappl13 168 27 0 24 1 0 1 1 0 8 0 amappl12 160 11 0 8 1 0 1 1 0 8 0 amappl11 152 49 0 40 1 0 1 1 0 8 0 amappl10 144 16 0 10 1 0 1 1 0 8 0 amappl9 136 435 0 431 1 0 1 1 0 8 0 amappl8 128 381 0 339 2 0 2 2 0 8 0 amappl7 120 106 0 94 1 0 1 1 0 8 0 amappl6 112 21 0 19 1 0 1 1 0 8 0 amappl5 104 275 0 265 1 0 1 1 0 8 0 amappl4 96 419 0 393 1 0 1 1 0 8 0 amappl3 88 170 0 162 1 0 1 1 0 8 0 amappl2 80 1799 0 1733 2 0 2 2 0 8 0 amappl1 72 15997 0 15576 23 13 10 17 0 8 0 amappl 80 743 0 697 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 6 0 2 1 0 1 1 0 8 0 uaddrrnd 24 331 0 314 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 331 0 314 1 0 1 1 0 8 0 vmmpekpl 168 6164 0 6139 2 0 2 2 0 8 0 vmmpepl 168 47642 0 45470 118 11 107 112 0 357 11 vmsppl 272 330 0 314 2 0 2 2 0 8 0 pdppl 4096 668 0 631 6 1 5 6 0 8 0 pvpl 32 160481 0 141897 216 3 213 216 0 265 34 pmappl 200 330 0 314 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 260 0 31 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace vio_rxeof(ffff80000017a000) at vio_rxeof+0x191 sys/dev/pv/if_vio.c:1018 vio_rx_intr(ffff80000017a050) at vio_rx_intr+0x4d sys/dev/pv/if_vio.c:1056 virtio_check_vqs(ffff80000002ea00) at virtio_check_vqs+0x150 sys/dev/pv/virtio.c:228 intr_handler(ffff80001d760fb0,ffff800000655380) at intr_handler+0x4d sys/arch/amd64/amd64/intr.c:537 Xintr_ioapic_edge19_untramp() at Xintr_ioapic_edge19_untramp+0x19f end of kernel end trace frame: 0xc0005a90c8, count: -5 ddb> machine ddbcpu 1 No such command ddb> trace vio_rxeof(ffff80000017a000) at vio_rxeof+0x191 sys/dev/pv/if_vio.c:1018 vio_rx_intr(ffff80000017a050) at vio_rx_intr+0x4d sys/dev/pv/if_vio.c:1056 virtio_check_vqs(ffff80000002ea00) at virtio_check_vqs+0x150 sys/dev/pv/virtio.c:228 intr_handler(ffff80001d760fb0,ffff800000655380) at intr_handler+0x4d sys/arch/amd64/amd64/intr.c:537 Xintr_ioapic_edge19_untramp() at Xintr_ioapic_edge19_untramp+0x19f end of kernel end trace frame: 0xc0005a90c8, count: -5