uvm_fault(0xfffffd807728f720, 0x0, 0, 2) -> e kernel: page fault trap, code=2 Stopped at km_free+0x128: movq $0,0(%rax) TID PID UID PRFLAGS PFLAGS CPU COMMAND *188513 70536 0 0 0x4000000 0 syz-executor.0 km_free(0,1000,ffffffff82b64228,ffffffff82b64240) at km_free+0x128 sys/uvm/uvm_km.c:866 pool_p_free(ffffffff82d70f90,fffffd80692fff90) at pool_p_free+0x14b sys/kern/subr_pool.c:1012 pool_reclaim(ffffffff82d70f90) at pool_reclaim+0x229 sys/kern/subr_pool.c:1151 pool_reclaim_all() at pool_reclaim_all+0x38 kern_sysctl(ffff800034375a44,1,200001c0,ffff800034375a78,20000240,4,98289364d67e4245) at kern_sysctl+0x193d sys/kern/kern_sysctl.c:642 sys_sysctl(ffff80002a5c6558,ffff800034375bb0,ffff800034375b00) at sys_sysctl+0x219 sys/kern/kern_sysctl.c:254 syscall(ffff800034375bb0) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd030e9b8c20, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xfffffd807728f720, 0x0, 0, 2) -> e ddb> trace km_free(0,1000,ffffffff82b64228,ffffffff82b64240) at km_free+0x128 sys/uvm/uvm_km.c:866 pool_p_free(ffffffff82d70f90,fffffd80692fff90) at pool_p_free+0x14b sys/kern/subr_pool.c:1012 pool_reclaim(ffffffff82d70f90) at pool_reclaim+0x229 sys/kern/subr_pool.c:1151 pool_reclaim_all() at pool_reclaim_all+0x38 kern_sysctl(ffff800034375a44,1,200001c0,ffff800034375a78,20000240,4,98289364d67e4245) at kern_sysctl+0x193d sys/kern/kern_sysctl.c:642 sys_sysctl(ffff80002a5c6558,ffff800034375bb0,ffff800034375b00) at sys_sysctl+0x219 sys/kern/kern_sysctl.c:254 syscall(ffff800034375bb0) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd030e9b8c20, count: -8 ddb> show registers rdi 0xffff800035ffc000 rsi 0x1997e acpi_pdirpa+0x57ef rbp 0xffff800034375780 rbx 0x28000000000 rdx 0xffff800035ffc000 rcx 0x1997d acpi_pdirpa+0x57ee rax 0 r8 0 r9 0 r10 0x2e51643bed8f90cf r11 0x7d6e3ba99e8e737f r12 0 r13 0xffffffff82b64228 kv_page r14 0x1000 __ALIGN_SIZE r15 0x1000 __ALIGN_SIZE rip 0xffffffff81f422f8 km_free+0x128 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800034375700 ss 0x10 km_free+0x128: movq $0,0(%rax) ddb> show proc PROC (syz-executor.0) tid=188513 pid=70536 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=83, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80003295d558,0xffff80002a68e560 process=0xffff8000ffff69f0 user=0xffff800034370000, vmspace=0xfffffd807728f720 estcpu=33, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 98883 385272 87174 0 2 0 syz-executor.7 98883 191657 87174 0 3 0x4000080 fsleep syz-executor.7 51564 520119 95508 0 2 0 syz-executor.4 51564 88787 95508 0 3 0x4000080 fsleep syz-executor.4 56899 370082 93708 0 2 0 syz-executor.6 56899 283617 93708 0 3 0x4000080 fsleep syz-executor.6 65394 337489 8380 0 2 0 syz-executor.1 65394 445678 8380 0 3 0x4000080 fsleep syz-executor.1 70536 36811 1202 0 2 0 syz-executor.0 *70536 188513 1202 0 7 0x4000000 syz-executor.0 21123 276102 10850 0 2 0 syz-executor.3 21123 475583 10850 0 3 0x4000080 fsleep syz-executor.3 95508 154024 15878 0 3 0x82 nanoslp syz-executor.4 93708 160230 15878 0 3 0x82 nanoslp syz-executor.6 1202 379740 15878 0 3 0x82 nanoslp syz-executor.0 87174 244942 15878 0 3 0x82 nanoslp syz-executor.7 84076 341412 1 0 3 0x100083 ttyin getty 71107 154722 0 0 3 0x14280 nfsidl nfsio 4587 336651 0 0 3 0x14280 nfsidl nfsio 10936 400633 0 0 3 0x14280 nfsidl nfsio 10593 315238 0 0 3 0x14280 nfsidl nfsio 14111 342070 0 0 3 0x14280 nfsidl nfsio 90977 302796 0 0 3 0x14280 nfsidl nfsio 21621 181635 0 0 3 0x14280 nfsidl nfsio 48026 418066 0 0 3 0x14280 nfsidl nfsio 88075 1911 0 0 3 0x14280 nfsidl nfsio 65824 391666 0 0 3 0x14280 nfsidl nfsio 55231 455655 0 0 3 0x14280 nfsidl nfsio 986 229504 0 0 3 0x14280 nfsidl nfsio 45746 43843 0 0 3 0x14280 nfsidl nfsio 84922 86595 0 0 3 0x14280 nfsidl nfsio 66147 307259 0 0 3 0x14280 nfsidl nfsio 67220 345576 0 0 3 0x14280 nfsidl nfsio 55484 130321 0 0 3 0x14280 nfsidl nfsio 86763 376996 0 0 3 0x14280 nfsidl nfsio 58663 490003 0 0 3 0x14280 nfsidl nfsio 80112 228121 0 0 3 0x14280 nfsidl nfsio 8380 63146 15878 0 3 0x82 nanoslp syz-executor.1 10850 363096 15878 0 3 0x82 nanoslp syz-executor.3 66717 378538 0 0 3 0x14200 acct acct 53465 465601 0 0 3 0x14200 bored sosplice 15878 485740 12693 0 3 0x2000082 thrsleep syz-fuzzer 15878 453696 12693 0 3 0x6000082 nanoslp syz-fuzzer 15878 161365 12693 0 3 0x6000082 wait syz-fuzzer 15878 281931 12693 0 3 0x6000082 thrsleep syz-fuzzer 15878 46665 12693 0 3 0x6000082 kqread syz-fuzzer 15878 336928 12693 0 3 0x6000082 wait syz-fuzzer 15878 275222 12693 0 3 0x6000082 thrsleep syz-fuzzer 15878 269635 12693 0 3 0x6000082 thrsleep syz-fuzzer 15878 8289 12693 0 3 0x6000082 wait syz-fuzzer 15878 351010 12693 0 3 0x6000082 wait syz-fuzzer 15878 294371 12693 0 3 0x6000082 thrsleep syz-fuzzer 15878 273919 12693 0 2 0x6000002 syz-fuzzer 15878 287167 12693 0 3 0x6000082 wait syz-fuzzer 15878 165645 12693 0 3 0x6000082 wait syz-fuzzer 12693 373746 21777 0 3 0x10008a sigsusp ksh 21777 32758 48681 0 3 0x9a kqread sshd 48681 422623 1 0 3 0x88 kqread sshd 79044 425663 29281 73 3 0x1100090 kqread syslogd 29281 109141 1 0 3 0x100082 netio syslogd 53922 95152 1 0 3 0x100080 kqread resolvd 53486 175581 50244 77 3 0x100092 kqread dhcpleased 85107 353227 50244 77 3 0x100092 kqread dhcpleased 50244 130606 1 0 3 0x80 kqread dhcpleased 46979 450133 0 0 3 0x14200 bored smr 78761 349470 0 0 2 0x14200 zerothread 78071 283424 0 0 3 0x14200 aiodoned aiodoned 1264 91790 0 0 3 0x14200 syncer update 70137 70044 0 0 3 0x14200 cleaner cleaner 46632 362921 0 0 3 0x14200 reaper reaper 84307 466208 0 0 3 0x14200 pgdaemon pagedaemon 50963 144024 0 0 3 0x14200 bored viomb 16150 24888 0 0 3 0x40014200 acpi0 acpi0 43848 505779 0 0 3 0x14200 bored softnet3 28370 80068 0 0 3 0x14200 bored softnet2 95401 418642 0 0 3 0x14200 bored softnet1 57139 157682 0 0 3 0x14200 bored softnet0 55275 45374 0 0 3 0x14200 bored systqmp 73437 73224 0 0 3 0x14200 bored systq 42355 329229 0 0 3 0x40014200 tmoslp softclock 57507 54914 0 0 3 0x40014200 idle0 1 437434 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10189 6412K 8284K 166960K 23697 0 pcb 15 22K 24K 166960K 634 0 rtable 131 4K 7K 166960K 1066 0 pf 19 7K 9K 166960K 200 0 ifaddr 25 9K 11K 166960K 167 0 ifgroup 30 1K 2K 166960K 295 0 sysctl 3 0K 0K 166960K 3 0 counters 25 16K 17K 166960K 103 0 ioctlops 0 0K 2K 166960K 360 0 iov 0 0K 18K 166960K 890 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1515 95K 95K 166960K 5162 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 80 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 1261 0 dirhash 12 2K 2K 166960K 48 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 14 49K 73K 166960K 5933 0 sigio 0 0K 0K 166960K 350 0 proc 61 59K 83K 166960K 1006 0 subproc 78 4K 7K 166960K 260 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 422 0 in_multi 44 3K 7K 166960K 288 0 ether_multi 1 0K 0K 166960K 1 0 mrt 0 0K 0K 166960K 2 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 259 1155K 1155K 166960K 259 0 exec 0 0K 1K 166960K 1106 0 pfkey data 0 0K 0K 166960K 8 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 399 513K 546K 166960K 56867 0 UVM aobj 131 6K 6K 166960K 137 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 193 0 NDP 6 0K 1K 166960K 128 0 temp 66 6763K 7400K 166960K 70444 0 kqueue 12 18K 26K 166960K 440 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 282 0 279 4 3 1 3 0 8 0 rtentry 112 332 0 275 4 0 4 4 0 8 0 unpcb 144 4605 0 4590 21 20 1 6 0 8 0 syncache 336 88 0 88 4 4 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 200 408 200 2 2 0 1 0 8 0 tcpcb 808 2808 0 2747 40 32 8 21 0 8 0 arp 88 67 0 59 1 0 1 1 0 8 0 ipq 40 13 0 13 2 2 0 1 0 8 0 ipqe 40 37 0 37 2 2 0 1 0 8 0 inpcb 360 6853 0 6789 58 51 7 20 0 8 0 nd6 104 69 0 60 1 0 1 1 0 8 0 pkpcb 40 76 0 76 3 3 0 1 0 8 0 kcovpl 48 20 0 14 1 0 1 1 0 8 0 ppxss 1072 36 0 36 4 4 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1242 0 1003 35 15 20 29 0 8 0 art_table 32 1243 0 1003 4 1 3 4 0 8 0 art_node 16 323 0 273 1 0 1 1 0 8 0 sysvmsgpl 40 5 0 4 1 0 1 1 0 8 0 semapl 112 1257 0 1247 1 0 1 1 0 8 0 shmpl 112 134 0 6 4 0 4 4 0 8 0 dirhash 1024 41 0 24 3 0 3 3 0 8 0 dino2pl 256 9776 0 8334 91 0 91 91 0 8 0 ffsino 240 9776 0 8334 86 0 86 86 0 8 0 nchpl 144 18030 0 16397 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 63075 0 63075 6 6 0 3 0 8 0 vcpupl 2048 65 0 1 8 0 8 8 0 8 0 vmpool 664 81 0 17 6 0 6 6 0 8 0 kstatmem 264 168 0 156 2 0 2 2 0 8 0 scxspl 216 53336 0 53336 13 12 1 8 1 8 1 plimitpl 152 759 0 746 1 0 1 1 0 8 0 sigapl 424 6313 0 6250 8 0 8 8 0 8 0 futexpl 64 60343 0 60338 2 1 1 1 0 8 0 knotepl 120 53926 0 53856 13 10 3 11 0 8 0 kqueuepl 184 1038 0 1030 11 10 1 6 0 8 0 pipepl 288 1629 0 1607 20 17 3 8 0 8 0 fdescpl 432 6195 0 6170 4 0 4 4 0 8 0 filepl 120 42984 0 42786 40 30 10 20 0 8 0 lockfpl 104 2621 0 2619 4 3 1 2 0 8 0 lockfspl 48 615 0 613 1 0 1 1 0 8 0 sessionpl 144 36 0 22 1 0 1 1 0 8 0 pgrppl 48 131 0 117 1 0 1 1 0 8 0 ucredpl 104 7248 0 7237 1 0 1 1 0 8 0 zombiepl 144 6250 0 6250 2 2 0 1 0 8 0 processpl 1072 6313 0 6250 5 0 5 5 0 8 0 procpl 680 15253 0 15171 12 4 8 9 0 8 0 sosppl 168 82 0 64 1 0 1 1 0 8 0 sockpl 488 12002 0 11920 228 216 12 39 0 8 0 mcl64k 65536 241 0 241 4 4 0 1 0 8 0 mcl16k 16384 148 0 148 4 4 0 1 0 8 0 mcl12k 12288 192 0 192 4 4 0 1 0 8 0 mcl9k 9216 93 0 93 4 4 0 1 0 8 0 mcl8k 8192 510 0 510 3 3 0 1 0 8 0 mcl4k 4096 723 0 723 4 4 0 1 0 8 0 mcl2k2 2112 31 0 31 4 4 0 1 0 8 0 mcl2k 2048 83635 0 83582 38 30 8 33 0 8 0 mtagpl 96 1369 0 1358 14 12 2 14 0 8 0 mbufpl 256 189564 0 189394 220 185 35 80 0 8 0 bufpl 280 15215 0 8823 457 0 457 457 0 8 0 anonpl 24 725780 0 713867 163 68 95 115 0 188 0 amapchunkpl 152 187246 0 186417 71 36 35 50 0 158 0 amappl16 200 17275 0 16799 79 52 27 38 0 8 0 amappl15 192 89 0 88 1 0 1 1 0 8 0 amappl14 184 193 0 182 2 1 1 2 0 8 0 amappl13 176 32 0 32 3 3 0 1 0 8 0 amappl12 168 7007 0 6980 2 0 2 2 0 8 0 amappl11 160 61 0 50 1 0 1 1 0 8 0 amappl10 152 38 0 31 1 0 1 1 0 8 0 amappl9 144 251 0 250 1 0 1 1 0 8 0 amappl8 136 381 0 304 3 0 3 3 0 8 0 amappl7 128 219 0 195 2 0 2 2 0 8 0 amappl6 120 479 0 466 1 0 1 1 0 8 0 amappl5 112 210 0 202 1 0 1 1 0 8 0 amappl4 104 571 0 548 2 1 1 2 0 8 0 amappl3 96 35796 0 35713 3 0 3 3 0 8 0 amappl2 88 6955 0 6881 3 0 3 3 0 8 0 amappl1 80 31058 0 30558 22 10 12 22 0 8 0 amappl 88 56113 0 55871 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 136 0 6 3 0 3 3 0 8 0 uaddrrnd 24 6276 0 6187 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 6276 0 6187 1 0 1 1 0 8 0 vmmpekpl 168 49581 0 49518 4 0 4 4 0 8 0 vmmpepl 168 382254 0 379978 192 82 110 133 0 357 0 vmsppl 352 6275 0 6187 9 0 9 9 0 8 0 rwobjpl 24 100926 0 93378 49 1 48 48 0 8 0 pdppl 4096 12558 0 12438 392 272 120 128 0 8 0 pvpl 32 1798853 0 1781548 450 251 199 335 0 265 29 pmappl 216 6275 0 6187 6 0 6 6 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 974 0 582 14 0 14 14 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace km_free(0,1000,ffffffff82b64228,ffffffff82b64240) at km_free+0x128 sys/uvm/uvm_km.c:866 pool_p_free(ffffffff82d70f90,fffffd80692fff90) at pool_p_free+0x14b sys/kern/subr_pool.c:1012 pool_reclaim(ffffffff82d70f90) at pool_reclaim+0x229 sys/kern/subr_pool.c:1151 pool_reclaim_all() at pool_reclaim_all+0x38 kern_sysctl(ffff800034375a44,1,200001c0,ffff800034375a78,20000240,4,98289364d67e4245) at kern_sysctl+0x193d sys/kern/kern_sysctl.c:642 sys_sysctl(ffff80002a5c6558,ffff800034375bb0,ffff800034375b00) at sys_sysctl+0x219 sys/kern/kern_sysctl.c:254 syscall(ffff800034375bb0) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd030e9b8c20, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace km_free(0,1000,ffffffff82b64228,ffffffff82b64240) at km_free+0x128 sys/uvm/uvm_km.c:866 pool_p_free(ffffffff82d70f90,fffffd80692fff90) at pool_p_free+0x14b sys/kern/subr_pool.c:1012 pool_reclaim(ffffffff82d70f90) at pool_reclaim+0x229 sys/kern/subr_pool.c:1151 pool_reclaim_all() at pool_reclaim_all+0x38 kern_sysctl(ffff800034375a44,1,200001c0,ffff800034375a78,20000240,4,98289364d67e4245) at kern_sysctl+0x193d sys/kern/kern_sysctl.c:642 sys_sysctl(ffff80002a5c6558,ffff800034375bb0,ffff800034375b00) at sys_sysctl+0x219 sys/kern/kern_sysctl.c:254 syscall(ffff800034375bb0) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd030e9b8c20, count: -8