uvm_fault(0xfffffd807efff730, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at uvm_fault_lower+0xbb1: movq 0(%rbx),%rdi TID PID UID PRFLAGS PFLAGS CPU COMMAND 422891 97943 32767 0x10 0 0 syz-executor.0 *179606 97943 32767 0x10 0x4000000 1K syz-executor.0 uvm_fault_lower(ffff8000246c9540,ffff8000246c9578,ffff8000246c94c0,0) at uvm_fault_lower+0xbb1 sys/uvm/uvm_fault.c:1325 uvm_fault(fffffd807efff730,20000000,0,2) at uvm_fault+0x24f sys/uvm/uvm_fault.c:640 kpageflttrap(ffff8000246c96d0,20000080) at kpageflttrap+0x1fd sys/arch/amd64/amd64/trap.c:264 kerntrap(ffff8000246c96d0) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b copyout() at copyout+0x53 syscall(ffff8000246c9910) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000246c9910) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4feeb32df80, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd807efff730, 0x0, 0, 1) -> e ddb{1}> trace uvm_fault_lower(ffff8000246c9540,ffff8000246c9578,ffff8000246c94c0,0) at uvm_fault_lower+0xbb1 sys/uvm/uvm_fault.c:1325 uvm_fault(fffffd807efff730,20000000,0,2) at uvm_fault+0x24f sys/uvm/uvm_fault.c:640 kpageflttrap(ffff8000246c96d0,20000080) at kpageflttrap+0x1fd sys/arch/amd64/amd64/trap.c:264 kerntrap(ffff8000246c96d0) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b copyout() at copyout+0x53 syscall(ffff8000246c9910) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000246c9910) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4feeb32df80, count: -8 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff8000246c9430 rbx 0 rdx 0 rcx 0xfffffd80033c0fa0 rax 0xffff80002124fa40 r8 0xffffffff81b80722 setrunnable+0xa2 r9 0x5 r10 0xc0fe6c07a647e30f r11 0x7515d55fd5f7857b r12 0xffff8000246c9540 r13 0xfffffd806f87b780 r14 0 r15 0x6b0 rip 0xffffffff817b9101 uvm_fault_lower+0xbb1 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000246c93a0 ss 0x10 uvm_fault_lower+0xbb1: movq 0(%rbx),%rdi ddb{1}> show proc PROC (syz-executor.0) pid=179606 stat=onproc flags process=10 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff80002124ed20,0xffff80002124f270 process=0xffff800021210860 user=0xffff8000246c4000, vmspace=0xfffffd807efff730 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 97943 422891 6246 32767 7 0x10 syz-executor.0 97943 405433 6246 32767 2 0x4000010 syz-executor.0 *97943 179606 6246 32767 7 0x4000010 syz-executor.0 97943 522639 6246 32767 3 0x4000090 fsleep syz-executor.0 80778 45414 26402 32767 3 0x90 nanoslp syz-executor.1 80778 155814 26402 32767 3 0x4000090 poll syz-executor.1 80778 79836 26402 32767 3 0x4000090 fsleep syz-executor.1 26402 250476 18948 32767 3 0x90 nanoslp syz-executor.1 18948 177006 5116 0 3 0x82 wait syz-executor.1 6246 289098 85103 32767 3 0x90 nanoslp syz-executor.0 85103 187039 5116 0 3 0x82 wait syz-executor.0 21561 241592 0 0 3 0x14200 bored sosplice 5116 70397 24506 0 3 0x82 thrsleep syz-fuzzer 5116 515919 24506 0 3 0x4000082 thrsleep syz-fuzzer 5116 109578 24506 0 3 0x4000082 thrsleep syz-fuzzer 5116 132122 24506 0 3 0x4000082 thrsleep syz-fuzzer 5116 283687 24506 0 3 0x4000082 thrsleep syz-fuzzer 5116 195449 24506 0 3 0x4000082 thrsleep syz-fuzzer 5116 130013 24506 0 3 0x4000082 thrsleep syz-fuzzer 5116 488767 24506 0 3 0x4000082 kqread syz-fuzzer 24506 294149 3226 0 3 0x10008a sigsusp ksh 3226 460205 19438 0 3 0x9a kqread sshd 53523 301512 1 0 3 0x100083 ttyin getty 19438 149900 1 0 3 0x88 kqread sshd 53430 433685 83355 73 3 0x100090 kqread syslogd 83355 510665 1 0 3 0x100082 netio syslogd 13785 53097 1 0 3 0x100080 kqread resolvd 27889 331365 72831 77 3 0x100092 kqread dhcpleased 99847 431585 72831 77 3 0x100092 kqread dhcpleased 72831 208948 1 0 3 0x80 kqread dhcpleased 69277 350608 0 0 3 0x14200 bored smr 25757 241148 0 0 3 0x14200 pgzero zerothread 22713 198811 0 0 3 0x14200 aiodoned aiodoned 52780 363358 0 0 3 0x14200 syncer update 33939 59506 0 0 3 0x14200 cleaner cleaner 34970 462485 0 0 3 0x14200 reaper reaper 13573 271313 0 0 3 0x14200 pgdaemon pagedaemon 39841 316429 0 0 3 0x14200 bored viomb 95332 440733 0 0 3 0x40014200 acpi0 acpi0 13326 435247 0 0 3 0x40014200 idle1 67596 136623 0 0 3 0x14200 bored softnet 89001 468405 0 0 3 0x14200 bored systqmp 48892 109999 0 0 3 0x14200 bored systq 38756 478853 0 0 3 0x40014200 bored softclock 97219 439801 0 0 3 0x40014200 idle0 1 403452 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 97943 (syz-executor.0) thread 0xffff80002124f7a0 (422891) shared rwlock vmmaplk r = 0 (0xfffffd807efff748) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182 #1 uvmfault_lookup+0xe9 sys/uvm/uvm_fault.c:1745 #2 uvm_fault_check+0x3a sys/uvm/uvm_fault.c:676 #3 uvm_fault+0x102 sys/uvm/uvm_fault.c:602 #4 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 #5 usertrap+0x214 sys/arch/amd64/amd64/trap.c:403 #6 recall_trap+0x8 Process 97943 (syz-executor.0) thread 0xffff80002124fa40 (179606) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff828b70b8) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182 #1 __mp_acquire_count+0x4c sys/kern/kern_lock.c:227 #2 mi_switch+0x3d3 sys/kern/sched_bsd.c:416 #3 sleep_finish+0x1b2 sys/kern/kern_synch.c:433 #4 rw_enter+0x35b sys/kern/kern_rwlock.c:286 #5 uvm_fault_lower+0x95d sys/uvm/uvm_fault.c:1290 #6 uvm_fault+0x24f sys/uvm/uvm_fault.c:640 #7 kpageflttrap+0x1fd sys/arch/amd64/amd64/trap.c:264 #8 kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 #9 alltraps_kern_meltdown+0x7b #10 copyout+0x53 #11 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #11 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #12 Xsyscall+0x128 exclusive rwlock fdlock r = 0 (0xfffffd807f7d5248) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182 #1 dopipe+0xd6 #2 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #2 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #3 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10152 6394K 6416K 78643K 11283 0 pcb 13 12K 14K 78643K 17 0 rtable 110 3K 4K 78643K 1231 0 ifaddr 39 10K 10K 78643K 132 0 sysctl 2 0K 2K 78643K 5 0 counters 44 34K 34K 78643K 70 0 ioctlops 0 0K 2K 78643K 202 0 iov 0 0K 16K 78643K 1386 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1209 76K 76K 78643K 7740 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 89 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 2776 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 8 25K 33K 78643K 10085 0 sigio 0 0K 0K 78643K 39 0 proc 56 74K 87K 78643K 1280 0 subproc 26 1K 1K 78643K 195 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 710 0 in_multi 33 2K 2K 78643K 288 0 ether_multi 1 0K 0K 78643K 43 0 mrt 1 0K 0K 78643K 3 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 229 1023K 1023K 78643K 229 0 exec 0 0K 2K 78643K 2305 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 281 37K 51K 78643K 134205 0 UVM aobj 131 4K 4K 78643K 137 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 277 0 NDP 5 0K 0K 78643K 48 0 temp 77 4195K 4260K 78643K 25955 0 kqueue 12 18K 28K 78643K 755 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 800 0 797 11 10 1 5 0 8 0 rtentry 112 210 0 164 2 0 2 2 0 8 0 unpcb 128 7189 0 7176 69 66 3 9 0 8 2 syncache 296 85 0 85 28 28 0 1 0 8 0 tcpqe 32 35 0 35 17 17 0 1 0 8 0 tcpcb 736 3856 0 3818 165 161 4 23 0 8 0 arp 120 36 0 29 1 0 1 1 0 8 0 ipq 40 16 0 16 7 7 0 1 0 8 0 ipqe 40 48 0 48 7 7 0 1 0 8 0 inpcb 304 8572 0 8532 143 139 4 15 0 8 0 rttmr 72 10 0 10 1 1 0 1 0 8 0 ip6q 72 57 0 57 4 3 1 1 0 8 1 ip6af 40 108 0 108 4 3 1 1 0 8 1 nd6 48 61 0 54 1 0 1 1 0 8 0 kcovpl 48 15 0 13 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 933 0 732 21 8 13 16 0 8 0 art_table 32 934 0 732 3 1 2 3 0 8 0 art_node 16 209 0 167 1 0 1 1 0 8 0 sysvmsgpl 40 7 0 2 1 0 1 1 0 8 0 semapl 112 2774 0 2764 1 0 1 1 0 8 0 shmpl 112 134 0 6 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 19173 0 17757 89 0 89 89 0 8 0 ffsino 272 19173 0 17757 95 0 95 95 0 8 0 nchpl 144 32282 0 30680 60 0 60 60 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 122692 0 122692 4 3 1 1 0 8 1 percpumem 16 47 0 13 1 0 1 1 0 8 0 scxspl 216 76614 0 76614 24 23 1 6 0 8 1 plimitpl 152 1633 0 1622 1 0 1 1 0 8 0 sigapl 424 10268 0 10234 4 0 4 4 0 8 0 futexpl 64 83519 0 83517 4 3 1 1 0 8 0 knotepl 112 231 0 0 4 0 4 4 0 8 0 kqueuepl 216 3884 0 3870 99 98 1 10 0 8 0 pipepl 336 1789 0 1778 61 60 1 7 0 8 0 fdescpl 496 10253 0 10234 3 0 3 3 0 8 0 filepl 152 88205 0 88066 145 138 7 14 0 8 1 lockfpl 104 1911 0 1908 4 3 1 2 0 8 0 lockfspl 48 352 0 349 1 0 1 1 0 8 0 sessionpl 144 30 0 20 1 0 1 1 0 8 0 pgrppl 48 218 0 208 1 0 1 1 0 8 0 ucredpl 96 36160 0 36148 1 0 1 1 0 8 0 zombiepl 144 10234 0 10234 1 0 1 1 0 8 1 processpl 1064 10268 0 10234 3 0 3 3 0 8 0 procpl 672 32004 0 31958 18 14 4 6 0 8 0 sosppl 168 153 0 153 26 25 1 1 0 8 1 sockpl 480 16691 0 16635 406 394 12 34 0 8 5 mcl64k 65536 35 0 0 3 0 3 3 0 8 0 mcl16k 16384 19 0 0 3 0 3 3 0 8 0 mcl12k 12288 25 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 41 0 0 4 1 3 3 0 8 0 mcl2k2 2112 12 0 0 1 0 1 1 0 8 0 mcl2k 2048 239 0 0 20 5 15 20 0 8 1 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 752 0 0 24 1 23 23 0 8 0 bufpl 288 23502 0 17177 453 0 453 453 0 8 0 anonpl 24 3039753 0 3028926 287 202 85 116 0 186 0 amapchunkpl 152 351459 0 350873 100 76 24 39 0 158 0 amappl16 200 30077 0 29710 192 172 20 41 0 8 0 amappl15 192 102 0 98 1 0 1 1 0 8 0 amappl14 184 3372 0 3372 3 3 0 1 0 8 0 amappl13 176 1799 0 1798 1 0 1 1 0 8 0 amappl12 168 1298 0 1295 1 0 1 1 0 8 0 amappl11 160 80 0 65 1 0 1 1 0 8 0 amappl10 152 1623 0 1616 1 0 1 1 0 8 0 amappl9 144 2179 0 2174 1 0 1 1 0 8 0 amappl8 136 712 0 628 3 0 3 3 0 8 0 amappl7 128 112 0 101 1 0 1 1 0 8 0 amappl6 120 2057 0 2045 1 0 1 1 0 8 0 amappl5 112 12088 0 12066 1 0 1 1 0 8 0 amappl4 104 954 0 929 1 0 1 1 0 8 0 amappl3 96 2230 0 2213 1 0 1 1 0 8 0 amappl2 88 12760 0 12713 3 1 2 2 0 8 0 amappl1 80 183922 0 183475 12 2 10 12 0 8 0 amappl 88 133305 0 133125 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 136 0 6 3 0 3 3 0 8 0 uaddrrnd 24 10253 0 10234 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 10253 0 10234 1 0 1 1 0 8 0 vmmpekpl 168 79527 0 79503 2 0 2 2 0 8 0 vmmpepl 168 956497 0 954714 274 182 92 98 0 357 10 vmsppl 368 10252 0 10234 2 0 2 2 0 8 0 rwobjpl 56 242776 0 235562 140 38 102 107 0 8 0 pdppl 4096 20514 0 20468 72 26 46 50 0 8 0 pvpl 32 4884104 0 4869598 457 312 145 184 0 265 7 pmappl 248 10252 0 10234 3 1 2 2 0 8 0 extentpl 40 57 0 38 1 0 1 1 0 8 0 phpool 112 1026 0 267 25 3 22 23 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffffffff827adff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff828b6eb0) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828b6eb0) at __mp_lock+0x122 sys/kern/kern_lock.c:147 uvm_fault(fffffd807efff730,4fc9a7cc000,0,1) at uvm_fault+0x233 sys/uvm/uvm_fault.c:639 upageflttrap(ffff80002469d7f0,4fc9a7cc000) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff80002469d7f0) at usertrap+0x214 sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffc3e60, count: 7 ddb{0}> trace x86_ipi_db(ffffffff827adff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff828b6eb0) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828b6eb0) at __mp_lock+0x122 sys/kern/kern_lock.c:147 uvm_fault(fffffd807efff730,4fc9a7cc000,0,1) at uvm_fault+0x233 sys/uvm/uvm_fault.c:639 upageflttrap(ffff80002469d7f0,4fc9a7cc000) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff80002469d7f0) at usertrap+0x214 sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffc3e60, count: -8 ddb{0}> machine ddbcpu 1 Stopped at uvm_fault_lower+0xbb1: movq 0(%rbx),%rdi uvm_fault_lower(ffff8000246c9540,ffff8000246c9578,ffff8000246c94c0,0) at uvm_fault_lower+0xbb1 sys/uvm/uvm_fault.c:1325 uvm_fault(fffffd807efff730,20000000,0,2) at uvm_fault+0x24f sys/uvm/uvm_fault.c:640 kpageflttrap(ffff8000246c96d0,20000080) at kpageflttrap+0x1fd sys/arch/amd64/amd64/trap.c:264 kerntrap(ffff8000246c96d0) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b copyout() at copyout+0x53 syscall(ffff8000246c9910) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000246c9910) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4feeb32df80, count: 7 ddb{1}> trace uvm_fault_lower(ffff8000246c9540,ffff8000246c9578,ffff8000246c94c0,0) at uvm_fault_lower+0xbb1 sys/uvm/uvm_fault.c:1325 uvm_fault(fffffd807efff730,20000000,0,2) at uvm_fault+0x24f sys/uvm/uvm_fault.c:640 kpageflttrap(ffff8000246c96d0,20000080) at kpageflttrap+0x1fd sys/arch/amd64/amd64/trap.c:264 kerntrap(ffff8000246c96d0) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b copyout() at copyout+0x53 syscall(ffff8000246c9910) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000246c9910) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4feeb32df80, count: -8