kernel: page fault trap, code=10 Stopped at 0 TID PID UID PRFLAGS PFLAGS CPU COMMAND 349536 57906 0 0x8000000 0 0K syz-executor.5 *337160 73442 0 0x8000002 0x480 1 syz-executor.3 end trace frame: 0x0, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: attempt to execute user address 0x0 in supervisor mode ddb{1}> trace end trace frame: 0x0, count: -1 ddb{1}> show registers rdi 0x2659000 __kernel_phys_base+0x1659000 rsi 0xffff800035956d00 rbp 0 rbx 0 rdx 0x753e6002 rcx 0 rax 0x8000000065a83001 r8 0 r9 0x1 r10 0 r11 0xa007de1aabf02d8 r12 0 r13 0 r14 0 r15 0x5d50501e rip 0 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000374790b0 ss 0 0 ddb{1}> show proc PROC (syz-executor.3) tid=337160 pid=73442 tcnt=1 stat=onproc flags process=8000002 proc=480 runpri=32, usrpri=62, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002ac9aa90,0xffff80002ac9b770 process=0xffff80002c0aba40 user=0xffff800037474000, vmspace=0xfffffd806b0d1dd0 estcpu=34, cpticks=1, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 57906 349536 143 0 7 0x8000000 syz-executor.5 57906 396397 143 0 2 0xc000000 syz-executor.5 98221 32396 78846 0 2 0x8000000 syz-executor.6 98221 143825 78846 0 2 0xc000000 syz-executor.6 65514 208314 38353 0 3 0x8000002 clonelk ifconfig 38353 514188 70597 0 3 0x810008a sigsusp sh 70597 462426 91350 0 3 0x8000082 wait syz-executor.1 2583 500026 73442 0 3 0x8000080 nanoslp syz-executor.3 2583 184654 73442 0 3 0xc000080 kqsel syz-executor.3 2583 354110 73442 0 3 0xc000080 fsleep syz-executor.3 16065 322745 14028 0 3 0x8000080 nanoslp syz-executor.7 16065 493858 14028 0 3 0xc000080 fsleep syz-executor.7 16065 323017 14028 0 3 0xc000080 sbwait syz-executor.7 *73442 337160 91350 0 7 0x8000482 syz-executor.3 14838 85106 0 0 3 0x14200 acct acct 14028 334233 91350 0 3 0x8000082 nanoslp syz-executor.7 78846 61151 91350 0 3 0x8000082 nanoslp syz-executor.6 28931 139350 91350 0 3 0x8000082 nanoslp syz-executor.2 26516 383163 91350 0 3 0x8000082 nanoslp syz-executor.4 66214 24946 1 0 3 0x18100083 ttyin getty 143 361264 91350 0 3 0x8000082 nanoslp syz-executor.5 97074 142773 0 0 3 0x14280 nfsidl nfsio 68550 120253 0 0 3 0x14280 nfsidl nfsio 11274 85552 0 0 3 0x14280 nfsidl nfsio 25238 510150 0 0 3 0x14280 nfsidl nfsio 95583 122933 0 0 3 0x14280 nfsidl nfsio 57725 437162 0 0 3 0x14280 nfsidl nfsio 81072 219218 0 0 3 0x14280 nfsidl nfsio 83889 101982 0 0 3 0x14280 nfsidl nfsio 13569 309517 0 0 3 0x14280 nfsidl nfsio 79447 70932 0 0 3 0x14280 nfsidl nfsio 36040 79367 0 0 3 0x14280 nfsidl nfsio 54726 438165 0 0 3 0x14280 nfsidl nfsio 10671 141212 0 0 3 0x14280 nfsidl nfsio 16769 455552 0 0 3 0x14280 nfsidl nfsio 29849 268315 0 0 3 0x14280 nfsidl nfsio 97982 180814 0 0 3 0x14280 nfsidl nfsio 85847 333161 0 0 3 0x14280 nfsidl nfsio 61500 256629 0 0 3 0x14280 nfsidl nfsio 31423 449657 0 0 3 0x14280 nfsidl nfsio 46089 318830 0 0 3 0x14280 nfsidl nfsio 43099 242793 0 0 3 0x14200 bored sosplice 17993 386867 91350 0 3 0x8000082 nanoslp syz-executor.0 91350 508172 91860 0 3 0x1a000082 wait syz-fuzzer 91350 450224 91860 0 3 0x1e000082 nanoslp syz-fuzzer 91350 285835 91860 0 3 0x1e000082 wait syz-fuzzer 91350 484423 91860 0 3 0x1e000082 thrsleep syz-fuzzer 91350 466877 91860 0 3 0x1e000082 wait syz-fuzzer 91350 90919 91860 0 3 0x1e000082 thrsleep syz-fuzzer 91350 358841 91860 0 3 0x1e000082 wait syz-fuzzer 91350 437582 91860 0 3 0x1e000082 wait syz-fuzzer 91350 125887 91860 0 3 0x1e000082 thrsleep syz-fuzzer 91350 207907 91860 0 3 0x1e000082 thrsleep syz-fuzzer 91350 232071 91860 0 3 0x1e000082 thrsleep syz-fuzzer 91350 408630 91860 0 3 0x1e000082 wait syz-fuzzer 91350 352278 91860 0 3 0x1e000082 kqread syz-fuzzer 91350 264583 91860 0 3 0x1e000082 wait syz-fuzzer 91350 512244 91860 0 3 0x1e000082 thrsleep syz-fuzzer 91350 144936 91860 0 3 0x1e000082 wait syz-fuzzer 91860 397723 83319 0 3 0x810008a sigsusp ksh 83319 195886 56234 0 3 0x1800009a kqread sshd 56234 279347 1 0 3 0x18000088 kqread sshd 17164 85074 92938 73 3 0x19100010 biowait syslogd 92938 283340 1 0 3 0x18100082 sbwait syslogd 6176 179435 1 0 3 0x18100080 kqread resolvd 69552 131630 26167 77 3 0x18100092 kqread dhcpleased 1831 77302 26167 77 3 0x18100092 kqread dhcpleased 26167 372970 1 0 3 0x18000080 kqread dhcpleased 15475 467897 0 0 3 0x14200 bored smr 91906 103821 0 0 3 0x14200 pgzero zerothread 81318 107906 0 0 3 0x14200 aiodoned aiodoned 6785 21606 0 0 3 0x14200 syncer update 22810 36087 0 0 3 0x14200 cleaner cleaner 63767 161956 0 0 3 0x14200 reaper reaper 90106 305536 0 0 3 0x14200 pgdaemon pagedaemon 93701 43922 0 0 3 0x14200 bored viomb 86618 90624 0 0 3 0x40014200 acpi0 acpi0 27908 46222 0 0 3 0x40014200 idle1 25572 207839 0 0 3 0x14200 bored softnet3 21125 74925 0 0 3 0x14200 bored softnet2 86491 399621 0 0 3 0x14200 bored softnet1 62606 21245 0 0 3 0x14200 bored softnet0 30231 142897 0 0 3 0x14200 bored systqmp 67638 435509 0 0 3 0x14200 bored systq 18145 52603 0 0 3 0x14200 tmoslp softclockmp 1214 484792 0 0 3 0x40014200 tmoslp softclock 37188 459619 0 0 3 0x40014200 idle0 1 131124 0 0 3 0x8080082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks CPU 0: exclusive mutex /syzkaller/managers/multicore/kernel/sys/dev/kcov.c:129 r = 0 (0xffffffff82cd6ee8) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 mtx_enter_try+0x103 #2 mtx_enter+0x4e sys/kern/kern_lock.c:266 #3 kcov_remote_leave+0x23 sys/dev/kcov.c:695 #4 timeout_run+0xda timeout_sync_leave sys/kern/kern_timeout.c:212 [inline] #4 timeout_run+0xda sys/kern/kern_timeout.c:668 #5 softclock_process_tick_timeout+0x19d sys/kern/kern_timeout.c:723 #6 softclock+0x139 sys/kern/kern_timeout.c:755 #7 softintr_dispatch+0xcd sys/arch/amd64/amd64/softintr.c:90 #8 Xsoftclock+0x27 shared mutex timeout r = 0 (0xffffffff82d02b00) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 timeout_run+0xbb sys/kern/kern_timeout.c:662 #2 softclock_process_tick_timeout+0x19d sys/kern/kern_timeout.c:723 #3 softclock+0x139 sys/kern/kern_timeout.c:755 #4 softintr_dispatch+0xcd sys/arch/amd64/amd64/softintr.c:90 #5 Xsoftclock+0x27 CPU 1: exclusive sched_lock &sched_lock r = 0 (0xffffffff82e27408) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 preempt+0x3a sys/kern/sched_bsd.c:340 #2 ast+0x10b mi_ast sys/sys/syscall_mi.h:262 [inline] #2 ast+0x10b sys/arch/amd64/amd64/trap.c:541 #3 intr_user_exit+0x3c Process 57906 (syz-executor.5) thread 0xffff80002ac9afb0 (349536) Process 17164 (syslogd) thread 0xffff8000ffffd9b0 (85074) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10217 6583K 10729K 166960K 17837 0 pcb 19 12K 12K 166960K 530 0 rtable 212 7K 8K 166960K 1583 0 pf 38 10K 10K 166960K 212 0 ifaddr 45 15K 16K 166960K 234 0 ifgroup 65 2K 2K 166960K 340 0 sysctl 4 1K 1K 166960K 10 0 counters 72 37K 37K 166960K 232 0 ioctlops 0 0K 4K 166960K 1698 0 iov 0 0K 16K 166960K 268 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1437 90K 91K 166960K 4911 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 13K 166960K 127 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 284 0 dirhash 12 2K 3K 166960K 90 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 17 61K 85K 166960K 3474 0 sigio 1 0K 0K 166960K 64 0 proc 67 91K 115K 166960K 1525 0 subproc 104 6K 7K 166960K 535 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 474 0 in_multi 80 6K 7K 166960K 482 0 ether_multi 1 0K 0K 166960K 26 0 mrt 1 0K 0K 166960K 8 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 115 519K 519K 166960K 115 0 exec 0 0K 1K 166960K 1128 0 pfkey data 0 0K 0K 166960K 5 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 290 117K 135K 166960K 31567 0 UVM aobj 131 8K 8K 166960K 147 0 pinsyscall 37 74K 100K 166960K 5387 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 0K 166960K 186 0 NDP 15 0K 1K 166960K 167 0 temp 74 6808K 14743K 166960K 140181 0 kqueue 13 20K 30K 166960K 522 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 419 0 415 1 0 1 1 0 8 0 rtentry 112 532 0 438 4 0 4 4 0 8 0 unpcb 144 2805 0 2783 14 12 2 6 0 8 1 syncache 336 5 0 5 2 2 0 1 0 8 0 tcpqe 32 27 0 27 2 2 0 1 0 8 0 tcpcb 808 1006 0 998 15 14 1 8 0 8 0 arp 120 99 0 79 1 0 1 1 0 8 0 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 3 0 3 1 1 0 1 0 8 0 inpcb 384 3595 0 3580 26 21 5 9 0 8 3 nd6 136 142 0 118 2 0 2 2 0 8 0 pkpcb 40 37 0 37 13 12 1 1 0 8 1 kcovpl 48 41 0 33 1 0 1 1 0 8 0 ppxss 1168 26 0 25 7 6 1 1 0 8 0 pffrag 232 27 0 21 2 1 1 1 0 482 0 pffrnode 88 27 0 21 2 1 1 1 0 8 0 pffrent 40 295 0 289 2 1 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 242 0 190 1 0 1 1 0 8 0 pfstkey 128 242 0 190 3 0 3 3 0 8 0 pfstate 376 242 0 190 10 2 8 8 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1875 0 1514 37 11 26 29 0 8 0 art_table 32 1876 0 1514 4 0 4 4 0 8 0 art_node 16 527 0 447 1 0 1 1 0 8 0 sysvmsgpl 40 11 0 7 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 280 0 270 1 0 1 1 0 8 0 shmpl 112 144 0 16 4 0 4 4 0 8 0 dirhash 1024 69 0 52 3 0 3 3 0 8 0 dino2pl 256 7278 0 5748 97 0 97 97 0 8 0 ffsino 272 7278 0 5748 103 0 103 103 0 8 0 nchpl 144 12526 0 11905 67 40 27 67 0 8 0 uvmvnodes 80 9218 0 0 189 0 189 189 0 8 0 vnodes 216 9218 0 0 513 0 513 513 0 8 0 namei 1024 45257 0 45257 5 4 1 2 0 8 1 percpumem 16 130 0 80 1 0 1 1 0 8 0 vcpupl 3904 12 0 2 2 0 2 2 0 8 0 vmpool 696 28 0 18 1 0 1 1 0 8 0 kstatmem 264 190 0 160 4 1 3 3 0 8 0 scsiplug 72 12 0 12 5 5 0 1 0 8 0 scxspl 216 67846 0 67845 26 25 1 8 1 8 0 plimitpl 152 729 0 714 1 0 1 1 0 8 0 sigapl 424 3742 0 3672 8 0 8 8 0 8 0 futexpl 64 58581 0 58579 11 10 1 1 0 8 0 knotepl 120 782 0 0 18 1 17 17 0 8 0 kqueuepl 216 1082 0 1070 3 2 1 2 0 8 0 pipepl 320 691 0 662 3 0 3 3 0 8 0 fdescpl 496 3698 0 3670 7 3 4 5 0 8 0 filepl 152 26629 0 26368 22 10 12 16 0 8 0 lockfpl 104 1290 0 1287 1 0 1 1 0 8 0 lockfspl 48 556 0 553 1 0 1 1 0 8 0 sessionpl 144 56 0 40 1 0 1 1 0 8 0 pgrppl 48 101 0 85 1 0 1 1 0 8 0 ucredpl 104 4561 0 4546 1 0 1 1 0 8 0 zombiepl 144 3675 0 3672 1 0 1 1 0 8 0 processpl 1144 3742 0 3672 6 0 6 6 0 8 0 procpl 656 7388 0 7297 11 2 9 9 0 8 0 srpgc 96 44 0 44 6 6 0 1 0 8 0 sosppl 168 15 0 15 6 6 0 1 0 8 0 sockpl 664 6900 0 6859 40 34 6 14 0 8 2 mcl64k 65536 9 0 0 2 0 2 2 0 8 0 mcl16k 16384 8 0 0 1 0 1 1 0 8 0 mcl12k 12288 5 0 0 1 0 1 1 0 8 0 mcl9k 9216 5 0 0 1 0 1 1 0 8 0 mcl8k 8192 9 0 0 2 0 2 2 0 8 0 mcl4k 4096 7 0 0 1 0 1 1 0 8 0 mcl2k 2048 393 0 0 45 3 42 45 0 8 0 mtagpl 96 23 0 0 1 0 1 1 0 8 0 mbufpl 256 1178 0 0 60 1 59 59 0 8 0 bufpl 280 15541 0 6282 662 0 662 662 0 8 0 anonpl 24 639003 0 632523 108 32 76 97 0 186 7 amapchunkpl 152 103922 0 103251 68 29 39 49 0 158 8 amappl16 200 14848 0 14710 68 51 17 22 0 8 1 amappl15 192 83 0 82 1 0 1 1 0 8 0 amappl14 184 258 0 243 2 1 1 2 0 8 0 amappl13 176 70 0 70 2 2 0 1 0 8 0 amappl12 168 4748 0 4716 2 0 2 2 0 8 0 amappl11 160 99 0 81 1 0 1 1 0 8 0 amappl10 152 81 0 77 1 0 1 1 0 8 0 amappl9 144 336 0 336 2 2 0 1 0 8 0 amappl8 136 367 0 328 2 0 2 2 0 8 0 amappl7 128 75 0 59 1 0 1 1 0 8 0 amappl6 120 680 0 665 2 1 1 2 0 8 0 amappl5 112 316 0 303 1 0 1 1 0 8 0 amappl4 104 777 0 743 2 0 2 2 0 8 0 amappl3 96 19074 0 18989 3 0 3 3 0 8 0 amappl2 88 4193 0 4120 4 2 2 4 0 8 0 amappl1 80 21675 0 21180 23 11 12 22 0 8 0 amappl 88 30539 0 30342 7 1 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 146 0 16 3 0 3 3 0 8 0 uaddrrnd 24 3726 0 3688 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3726 0 3688 1 0 1 1 0 8 0 vmmpekpl 168 28836 0 28774 5 1 4 4 0 8 0 vmmpepl 168 244442 0 242571 165 67 98 116 0 357 2 vmsppl 440 3725 0 3688 5 0 5 5 0 8 0 rwobjpl 56 70675 0 60203 153 4 149 149 0 8 0 pdppl 4096 7459 0 7386 216 140 76 80 0 8 3 pvpl 32 47443 0 0 384 1 383 383 0 265 0 pmappl 248 3725 0 3688 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 600 0 183 12 0 12 12 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffffffff82c95ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82e27200) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82e27200) at __mp_lock+0x122 sys/kern/kern_lock.c:147 wakeup_n(fffffd806a2def30,ffffffff) at wakeup_n+0x58 sys/kern/kern_synch.c:543 kcov_remote_leave(0,ffff80002c0aba40) at kcov_remote_leave+0x136 sys/dev/kcov.c:725 timeout_run(ffff800035956da8) at timeout_run+0xda timeout_sync_leave sys/kern/kern_timeout.c:212 [inline] timeout_run(ffff800035956da8) at timeout_run+0xda sys/kern/kern_timeout.c:668 softclock_process_tick_timeout(ffff800035956da8,0) at softclock_process_tick_timeout+0x19d sys/kern/kern_timeout.c:723 softclock(0) at softclock+0x139 sys/kern/kern_timeout.c:755 softintr_dispatch(0) at softintr_dispatch+0xcd sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x27 end of kernel end trace frame: 0x75cd6fc3c820, count: 4 ddb{0}> trace x86_ipi_db(ffffffff82c95ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82e27200) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82e27200) at __mp_lock+0x122 sys/kern/kern_lock.c:147 wakeup_n(fffffd806a2def30,ffffffff) at wakeup_n+0x58 sys/kern/kern_synch.c:543 kcov_remote_leave(0,ffff80002c0aba40) at kcov_remote_leave+0x136 sys/dev/kcov.c:725 timeout_run(ffff800035956da8) at timeout_run+0xda timeout_sync_leave sys/kern/kern_timeout.c:212 [inline] timeout_run(ffff800035956da8) at timeout_run+0xda sys/kern/kern_timeout.c:668 softclock_process_tick_timeout(ffff800035956da8,0) at softclock_process_tick_timeout+0x19d sys/kern/kern_timeout.c:723 softclock(0) at softclock+0x139 sys/kern/kern_timeout.c:755 softintr_dispatch(0) at softintr_dispatch+0xcd sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x27 end of kernel end trace frame: 0x75cd6fc3c820, count: -11 ddb{0}> machine ddbcpu 1 Stopped at 0end trace frame: 0x0, count: 14 ddb{1}> trace end trace frame: 0x0, count: -1