login: uvm_fault(0xffffffff839397f0, 0xffff800001508000, 0, 2) -> e kernel: page fault trap, code=2 Stopped at sys_shmat+0xe0: movl $0xffffffffffffffff,0(%r14) TID PID UID PRFLAGS PFLAGS CPU COMMAND * 69536 91779 0 0 0x4000000 0 syz-executor sys_shmat(ffff800039d199c0,ffff80002a8936b0,ffff80002a893600) at sys_shmat+0xe0 sys/kern/sysv_shm.c:235 syscall(ffff80002a8936b0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002a8936b0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc97dca3aca0, count: 12 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xffffffff839397f0, 0xffff800001508000, 0, 2) -> e ddb> trace sys_shmat(ffff800039d199c0,ffff80002a8936b0,ffff80002a893600) at sys_shmat+0xe0 sys/kern/sysv_shm.c:235 syscall(ffff80002a8936b0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002a8936b0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc97dca3aca0, count: -3 ddb> show registers rdi 0 rsi 0x3e92675a rbp 0xffff80002a8935d0 rbx 0xffff80002a8936b0 rdx 0 rcx 0xffffffff8382aff0 cpu_info_full_primary+0x1ff0 rax 0xffff800039d199c0 r8 0x2 r9 0 r10 0x94c7b39ccc5ab96a r11 0x5ea1e78b1a31756d r12 0xffff800039d199c0 r13 0xffff800001462000 r14 0xffff800001508000 r15 0xa600 __ALIGN_SIZE+0x9600 rip 0xffffffff82d9e820 sys_shmat+0xe0 cs 0x8 rflags 0x10216 __ALIGN_SIZE+0xf216 rsp 0xffff80002a893540 ss 0x10 sys_shmat+0xe0: movl $0xffffffffffffffff,0(%r14) ddb> show proc PROC (syz-executor) tid=69536 pid=91779 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=84, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800039d19c50,0xffff80002a89b9f0 process=0xffff8000ffff68e0 user=0xffff80002a88e000, vmspace=0xfffffd807e0e7170 estcpu=34, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 91779 451113 22695 0 2 0 syz-executor *91779 69536 22695 0 7 0x4000000 syz-executor 91779 520253 22695 0 2 0x4000000 syz-executor 84718 23898 67304 0 2 0 syz-executor 84718 68819 67304 0 3 0x4000080 fsleep syz-executor 33408 431440 91182 0 2 0 syz-executor 33408 106722 91182 0 3 0x4000080 wsevent_read syz-executor 33408 331193 91182 0 2 0x4000000 syz-executor 12847 2977 81978 0 2 0x1000000 syz-executor 12847 134489 81978 0 3 0x5000080 fsleep syz-executor 12847 295311 81978 0 3 0x5000080 fsleep syz-executor 12847 313948 81978 0 3 0x5000080 fsleep syz-executor 12847 308323 81978 0 2 0x5000000 syz-executor 93912 34536 24622 0 3 0x3000 suspend syz-executor 93912 258412 24622 0 2 0x4081000 syz-executor 90638 483699 59485 0 2 0 syz-executor 90638 155269 59485 0 3 0x4000080 fsleep syz-executor 90638 178238 59485 0 3 0x4000080 fsleep syz-executor 90638 29149 59485 0 3 0x4000080 fsleep syz-executor 39257 230468 1 0 3 0x100083 ttyin getty 60315 287448 87681 0 2 0x2 syz-executor 67304 194489 87681 0 3 0x82 nanoslp syz-executor 91182 25017 87681 0 3 0x82 nanoslp syz-executor 22695 211260 87681 0 3 0x82 nanoslp syz-executor 93738 91261 87681 0 3 0x82 wait syz-executor 51673 371243 0 0 3 0x14280 nfsidl nfsio 97611 125706 0 0 3 0x14280 nfsidl nfsio 16063 22670 0 0 3 0x14280 nfsidl nfsio 46334 233195 0 0 3 0x14280 nfsidl nfsio 42485 405774 0 0 3 0x14280 nfsidl nfsio 20349 37565 0 0 3 0x14280 nfsidl nfsio 43901 229252 0 0 3 0x14280 nfsidl nfsio 51101 478488 0 0 3 0x14280 nfsidl nfsio 63809 482161 0 0 3 0x14280 nfsidl nfsio 86300 48857 0 0 3 0x14280 nfsidl nfsio 89684 410443 0 0 3 0x14280 nfsidl nfsio 84050 226804 0 0 3 0x14280 nfsidl nfsio 62997 313367 0 0 3 0x14280 nfsidl nfsio 61986 393300 0 0 3 0x14280 nfsidl nfsio 71856 246318 0 0 3 0x14280 nfsidl nfsio 11261 432286 0 0 3 0x14280 nfsidl nfsio 360 146386 0 0 3 0x14280 nfsidl nfsio 5692 178520 0 0 3 0x14280 nfsidl nfsio 56079 115587 0 0 3 0x14280 nfsidl nfsio 76441 195811 0 0 3 0x14280 nfsidl nfsio 59485 500873 87681 0 3 0x82 nanoslp syz-executor 39709 133451 0 0 3 0x14200 bored sosplice 81978 161715 87681 0 3 0x82 nanoslp syz-executor 24622 324609 87681 0 3 0x82 nanoslp syz-executor 87681 239810 27994 0 3 0x82 kqread syz-executor 27994 256726 44754 0 3 0x10008a sigsusp ksh 44754 520621 80347 0 3 0x98 kqread sshd-session 80347 473069 76043 0 3 0x92 kqread sshd-session 76043 394285 1 0 3 0x88 kqread sshd 82001 46338 89659 73 3 0x1100090 kqread syslogd 89659 125105 1 0 3 0x100082 sbwait syslogd 15729 443449 1 0 3 0x100080 kqread resolvd 84822 126966 98652 77 3 0x100092 kqread dhcpleased 16801 158448 98652 77 3 0x100092 kqread dhcpleased 98652 21632 1 0 3 0x80 kqread dhcpleased 49828 219288 0 0 3 0x14200 bored smr 1828 184741 0 0 2 0x14200 zerothread 66043 19970 0 0 3 0x14200 aiodoned aiodoned 47889 336080 0 0 3 0x14200 syncer update 9924 484227 0 0 3 0x14200 cleaner cleaner 33715 85656 0 0 3 0x14200 reaper reaper 79529 293649 0 0 3 0x14200 pgdaemon pagedaemon 77120 287542 0 0 3 0x14200 bored viomb 81737 459772 0 0 3 0x40014200 acpi0 acpi0 42462 71439 0 0 3 0x14200 bored softnet3 75764 76952 0 0 3 0x14200 bored softnet2 4531 503846 0 0 3 0x14200 bored softnet1 30594 137908 0 0 3 0x14200 bored softnet0 31353 260626 0 0 3 0x14200 bored systqmp 81542 319502 0 0 3 0x14200 bored systq 79213 173565 0 0 2 0x40014200 softclock 53709 376939 0 0 3 0x40014200 idle0 1 251674 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10193 11069K 11524K 166960K 13933 0 pcb 17 13K 13K 166960K 207 0 rtable 203 10K 10K 166960K 815 0 pf 36 14K 16K 166960K 173 0 ifaddr 38 6K 7K 166960K 141 0 ifgroup 54 2K 2K 166960K 226 0 sysctl 4 1K 9K 166960K 22 0 counters 33 17K 18K 166960K 114 0 ioctlops 0 0K 4K 166960K 318 0 iov 0 0K 24K 166960K 78 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1404 88K 89K 166960K 2871 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 9K 166960K 34 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 66 0 dirhash 15 2K 2K 166960K 42 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 232K 166960K 1686 0 sigio 0 0K 0K 166960K 21 0 proc 60 59K 100K 166960K 922 0 subproc 72 4K 4K 166960K 167 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 148 0 in_multi 83 6K 7K 166960K 257 0 ether_multi 1 0K 0K 166960K 15 0 mrt 3 0K 0K 166960K 11 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 85 387K 387K 166960K 85 0 exec 0 0K 1K 166960K 878 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 234 143K 162K 166960K 16678 0 UVM aobj 131 4K 4K 166960K 138 0 pinsyscall 38 76K 94K 166960K 2993 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 71 0 NDP 12 0K 2K 166960K 98 0 temp 72 8686K 8810K 166960K 47418 0 kqueue 13 20K 30K 166960K 273 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 149 0 146 1 0 1 1 0 8 0 rtentry 136 261 0 177 4 0 4 4 0 8 0 unpcb 144 1126 0 1109 9 3 6 6 0 8 5 syncache 336 8 0 8 4 3 1 1 0 8 1 tcpqe 32 6 0 6 3 2 1 1 0 8 1 tcpcb 736 573 0 568 13 9 4 7 0 8 3 pool(tcpcb): free list modified: page 0xffff8000014b3000; item ordinal 0; addr 0xffff8000014b4d18 (p 0xfffffd806c052000); offset 0x8=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): page inconsistency: page 0xffff8000014b3000; item ordinal 1; addr 0xffff800030e45ba7 tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 0; addr 0xffff8000014ba1a0 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 0; addr 0xffff8000014ba1a0 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 1; addr 0xffff8000014b9ec0 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 1; addr 0xffff8000014b9ec0 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 2; addr 0xffff8000014b9be0 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 2; addr 0xffff8000014b9be0 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 3; addr 0xffff8000014b9900 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 3; addr 0xffff8000014b9900 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 4; addr 0xffff8000014b9620 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 4; addr 0xffff8000014b9620 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 5; addr 0xffff8000014b9060 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 5; addr 0xffff8000014b9060 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 6; addr 0xffff8000014b9340 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 6; addr 0xffff8000014b9340 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 7; addr 0xffff8000014ba760 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 7; addr 0xffff8000014ba760 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 8; addr 0xffff8000014bad20 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 8; addr 0xffff8000014bad20 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 9; addr 0xffff8000014baa40 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 9; addr 0xffff8000014baa40 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 10; addr 0xffff8000014ba480 (p 0xfffffd806c052000); offset 0x0=0xe1811ee3ffffffff pool(tcpcb): free list modified: page 0xffff8000014b9000; item ordinal 10; addr 0xffff8000014ba480 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 0; addr 0xffff8000014aa330 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 0; addr 0xffff8000014aa330 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 1; addr 0xffff8000014aa050 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 1; addr 0xffff8000014aa050 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 2; addr 0xffff8000014aa610 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 2; addr 0xffff8000014aa610 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 3; addr 0xffff8000014aa8f0 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 3; addr 0xffff8000014aa8f0 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 4; addr 0xffff8000014ab470 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 4; addr 0xffff8000014ab470 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 5; addr 0xffff8000014abd10 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 5; addr 0xffff8000014abd10 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 6; addr 0xffff8000014aba30 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 6; addr 0xffff8000014aba30 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 7; addr 0xffff8000014ab190 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 7; addr 0xffff8000014ab190 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 8; addr 0xffff8000014ab750 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 8; addr 0xffff8000014ab750 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 9; addr 0xffff8000014aabd0 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 9; addr 0xffff8000014aabd0 (p 0xfffffd806c052000); offset 0x0=0xffffffff tcpcb: pool(0xffffffff838bd118:tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 10; addr 0xffff8000014aaeb0 (p 0xfffffd806c052000); offset 0x0=0xc6bb1079ffffffff pool(tcpcb): free list modified: page 0xffff8000014aa000; item ordinal 10; addr 0xffff8000014aaeb0 (p 0xfffffd806c052000); offset 0x0=0xffffffff arp 88 44 0 27 1 0 1 1 0 8 0 ipq 40 5 0 5 1 0 1 1 0 8 1 ipqe 40 6 0 6 1 0 1 1 0 8 1 inpcb 328 1497 0 1486 16 9 7 7 0 8 5 ip6q 72 6 0 4 1 0 1 1 0 8 0 ip6af 40 13 0 8 1 0 1 1 0 8 0 nd6 104 64 0 42 1 0 1 1 0 8 0 pkpcb 40 5 0 5 1 1 0 1 0 8 0 kcovpl 48 18 0 10 1 0 1 1 0 8 0 mppekey 1024 2 0 2 2 1 1 1 0 8 1 ppxss 1072 52 0 52 4 3 1 1 0 8 1 pppxif 1384 9 0 9 4 3 1 1 0 8 1 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pfrktable 1344 2 0 2 2 1 1 1 0 8 1 pfrktable: pool(0xffffffff838bf780:pfrktable): page inconsistency: page 0xffff8000ffffffff; at page head addr 0xffff800001507f90 (p 0xffff800001504000) uvm_fault(0xffffffff839397f0, 0xffff8001000000d7, 0, 1) -> e kernel: page fault trap, code=0 Faulted in DDB; continuing... ddb> machine ddbcpu 0 No such command ddb> trace sys_shmat(ffff800039d199c0,ffff80002a8936b0,ffff80002a893600) at sys_shmat+0xe0 sys/kern/sysv_shm.c:235 syscall(ffff80002a8936b0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002a8936b0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc97dca3aca0, count: -3 ddb> machine ddbcpu 1 No such command ddb> trace sys_shmat(ffff800039d199c0,ffff80002a8936b0,ffff80002a893600) at sys_shmat+0xe0 sys/kern/sysv_shm.c:235 syscall(ffff80002a8936b0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002a8936b0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc97dca3aca0, count: -3