uvm_fault(0xfffffd807efff2e0, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at uvm_fault_lower+0xbb1: movq 0(%rbx),%rdi TID PID UID PRFLAGS PFLAGS CPU COMMAND *248479 7756 32767 0x10 0 0K syz-executor.1 367791 7756 32767 0x10 0x4000000 1 syz-executor.1 uvm_fault_lower(ffff8000212461b0,ffff8000212461e8,ffff800021246130,0) at uvm_fault_lower+0xbb1 sys/uvm/uvm_fault.c:1325 uvm_fault(fffffd807efff2e0,20000000,0,2) at uvm_fault+0x24f sys/uvm/uvm_fault.c:640 upageflttrap(ffff800021246320,200003c0) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff800021246320) at usertrap+0x214 sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffeb430, count: 10 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xfffffd807efff2e0, 0x0, 0, 1) -> e ddb{0}> trace uvm_fault_lower(ffff8000212461b0,ffff8000212461e8,ffff800021246130,0) at uvm_fault_lower+0xbb1 sys/uvm/uvm_fault.c:1325 uvm_fault(fffffd807efff2e0,20000000,0,2) at uvm_fault+0x24f sys/uvm/uvm_fault.c:640 upageflttrap(ffff800021246320,200003c0) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff800021246320) at usertrap+0x214 sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffeb430, count: -5 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff8000212460a0 rbx 0 rdx 0 rcx 0 rax 0xffff8000fffee2a0 r8 0xffffffff81a8edde witness_assert+0x1fe r9 0x5 r10 0xfc47296b2bd5ca3 r11 0xbceed26298667d3e r12 0xffff8000212461b0 r13 0xfffffd80665edc78 r14 0 r15 0x69c rip 0xffffffff817b9101 uvm_fault_lower+0xbb1 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800021246010 ss 0 uvm_fault_lower+0xbb1: movq 0(%rbx),%rdi ddb{0}> show proc PROC (syz-executor.1) pid=248479 stat=onproc flags process=10 proc=0 pri=32, usrpri=68, nice=20 forw=0xffffffffffffffff, list=0xffff8000fffef260,0xffff8000fffefcf0 process=0xffff8000ffff9d20 user=0xffff800021241000, vmspace=0xfffffd807efff2e0 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 83220 325692 90111 32767 2 0x10 syz-executor.0 * 7756 248479 77396 32767 7 0x10 syz-executor.1 7756 367791 77396 32767 7 0x4000010 syz-executor.1 90111 479317 83237 32767 3 0x90 nanoslp syz-executor.0 83237 492708 36191 0 3 0x82 wait syz-executor.0 77396 116051 92498 32767 3 0x90 nanoslp syz-executor.1 92498 412656 36191 0 3 0x82 wait syz-executor.1 39352 219598 0 0 3 0x14200 bored sosplice 36191 501453 1853 0 3 0x82 thrsleep syz-fuzzer 36191 186179 1853 0 3 0x4000082 nanoslp syz-fuzzer 36191 487727 1853 0 3 0x4000082 thrsleep syz-fuzzer 36191 490532 1853 0 3 0x4000082 thrsleep syz-fuzzer 36191 210979 1853 0 3 0x4000082 thrsleep syz-fuzzer 36191 263272 1853 0 3 0x4000082 thrsleep syz-fuzzer 36191 454448 1853 0 3 0x4000082 thrsleep syz-fuzzer 36191 295963 1853 0 3 0x4000082 kqread syz-fuzzer 1853 397767 45353 0 3 0x10008a sigsusp ksh 45353 356541 36464 0 3 0x9a kqread sshd 44862 426653 1 0 3 0x100083 ttyin getty 36464 469032 1 0 3 0x88 kqread sshd 86221 244984 35711 73 3 0x100090 kqread syslogd 35711 140277 1 0 3 0x100082 netio syslogd 34708 235649 1 0 3 0x100080 kqread resolvd 12337 297607 52314 77 3 0x100092 kqread dhcpleased 35588 483329 52314 77 3 0x100092 kqread dhcpleased 52314 379669 1 0 3 0x80 kqread dhcpleased 52151 467635 0 0 3 0x14200 bored smr 18158 84324 0 0 2 0x14200 zerothread 95755 114164 0 0 3 0x14200 aiodoned aiodoned 88747 21570 0 0 3 0x14200 syncer update 35141 388891 0 0 3 0x14200 cleaner cleaner 42598 2047 0 0 3 0x14200 reaper reaper 72285 342347 0 0 3 0x14200 pgdaemon pagedaemon 7015 243450 0 0 3 0x14200 bored viomb 98482 250781 0 0 3 0x40014200 acpi0 acpi0 84944 78927 0 0 3 0x40014200 idle1 91184 170801 0 0 3 0x14200 bored softnet 22021 31679 0 0 3 0x14200 bored systqmp 92062 56368 0 0 3 0x14200 bored systq 73721 18243 0 0 3 0x40014200 bored softclock 64842 65672 0 0 3 0x40014200 idle0 1 69256 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 7756 (syz-executor.1) thread 0xffff8000fffee2a0 (248479) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff828b70b8) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182 #1 __mp_acquire_count+0x4c sys/kern/kern_lock.c:227 #2 mi_switch+0x3d3 sys/kern/sched_bsd.c:416 #3 sleep_finish+0x1b2 sys/kern/kern_synch.c:433 #4 rw_enter+0x35b sys/kern/kern_rwlock.c:286 #5 uvm_fault_lower+0x95d sys/uvm/uvm_fault.c:1290 #6 uvm_fault+0x24f sys/uvm/uvm_fault.c:640 #7 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 #8 usertrap+0x214 sys/arch/amd64/amd64/trap.c:403 #9 recall_trap+0x8 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10152 6394K 6416K 78643K 11499 0 pcb 13 16K 20K 78643K 19 0 rtable 110 3K 4K 78643K 5382 0 ifaddr 39 11K 12K 78643K 638 0 sysctl 3 1K 2K 78643K 71 0 counters 44 34K 34K 78643K 214 0 ioctlops 0 0K 2K 78643K 515 0 iov 0 0K 32K 78643K 5299 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1209 76K 76K 78643K 10435 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 292 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 1K 78643K 13252 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 8 25K 33K 78643K 41663 0 sigio 0 0K 0K 78643K 280 0 proc 56 74K 99K 78643K 4653 0 subproc 26 1K 1K 78643K 1131 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 4903 0 in_multi 33 2K 2K 78643K 1625 0 ether_multi 1 0K 0K 78643K 211 0 mrt 1 0K 0K 78643K 7 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 229 1023K 1023K 78643K 229 0 exec 0 0K 2K 78643K 7237 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 357 44K 60K 78643K 546461 0 UVM aobj 131 4K 4K 78643K 133 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 1067 0 NDP 5 0K 0K 78643K 264 0 temp 76 4195K 4323K 78643K 102478 0 kqueue 12 18K 26K 78643K 2348 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 3893 0 3890 64 63 1 5 0 8 0 rtentry 112 1061 0 1015 2 0 2 2 0 8 0 unpcb 128 31329 0 31316 297 292 5 9 0 8 4 syncache 296 354 0 354 82 81 1 1 0 8 1 tcpqe 32 94 0 94 35 35 0 1 0 8 0 tcpcb 736 17429 0 17425 588 586 2 21 0 8 1 arp 120 191 0 185 1 0 1 1 0 8 0 ipq 40 59 0 59 27 27 0 1 0 8 0 ipqe 40 911 0 911 27 27 0 1 0 8 0 inpcb 304 35224 0 35217 581 580 1 17 0 8 0 rttmr 72 80 0 79 5 4 1 1 0 8 0 ip6q 72 91 0 91 14 14 0 1 0 8 0 ip6af 40 177 0 177 14 14 0 1 0 8 0 nd6 48 322 0 315 1 0 1 1 0 8 0 kcovpl 48 87 0 85 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 4530 0 4335 43 30 13 20 0 8 0 art_table 32 4531 0 4335 5 3 2 3 0 8 0 art_node 16 1060 0 1018 1 0 1 1 0 8 0 sysvmsgpl 40 42 0 2 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 13247 0 13237 1 0 1 1 0 8 0 shmpl 112 130 0 2 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 61429 0 59985 94 3 91 91 0 8 0 ffsino 272 61429 0 59985 97 0 97 97 0 8 0 nchpl 144 119726 0 118123 62 2 60 61 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 569134 0 569134 12 11 1 2 0 8 1 percpumem 16 119 0 85 1 0 1 1 0 8 0 scxspl 216 352966 0 352966 129 128 1 8 0 8 1 plimitpl 152 8383 0 8373 1 0 1 1 0 8 0 sigapl 424 41630 0 41596 4 0 4 4 0 8 0 futexpl 64 295984 0 295983 9 8 1 1 0 8 0 knotepl 112 489 0 0 4 0 4 4 0 8 0 kqueuepl 216 15289 0 15254 309 305 4 12 0 8 2 pipepl 336 8289 0 8279 298 291 7 11 0 8 6 fdescpl 496 41615 0 41596 3 0 3 3 0 8 0 filepl 152 301336 0 301232 572 560 12 15 0 8 7 lockfpl 104 10523 0 10521 9 8 1 2 0 8 0 lockfspl 48 2384 0 2382 1 0 1 1 0 8 0 sessionpl 144 102 0 92 1 0 1 1 0 8 0 pgrppl 48 405 0 395 1 0 1 1 0 8 0 ucredpl 96 51682 0 51670 1 0 1 1 0 8 0 zombiepl 144 41596 0 41596 2 1 1 1 0 8 1 processpl 1064 41630 0 41596 3 0 3 3 0 8 0 procpl 672 130457 0 130415 59 54 5 6 0 8 1 sosppl 168 572 0 572 77 77 0 1 0 8 0 sockpl 480 71525 0 71502 1762 1742 20 35 0 8 17 mcl64k 65536 75 0 0 5 2 3 3 0 8 0 mcl16k 16384 89 0 0 8 5 3 3 0 8 0 mcl12k 12288 89 0 0 4 2 2 2 0 8 0 mcl9k 9216 57 0 0 4 2 2 2 0 8 0 mcl8k 8192 49 0 0 5 3 2 3 0 8 0 mcl4k 4096 81 0 0 4 1 3 3 0 8 0 mcl2k2 2112 15 0 0 1 0 1 1 0 8 0 mcl2k 2048 820 0 0 26 10 16 17 0 8 0 mtagpl 96 1 0 0 1 0 1 1 0 8 0 mbufpl 256 5382 0 0 227 8 219 219 0 8 0 bufpl 288 87435 0 81110 455 2 453 453 0 8 0 anonpl 24 12469970 0 12457955 737 647 90 124 0 186 0 amapchunkpl 152 1380217 0 1379655 469 445 24 37 0 158 0 amappl16 200 122747 0 122408 621 602 19 42 0 8 0 amappl15 192 9964 0 9959 1 0 1 1 0 8 0 amappl14 184 1392 0 1388 10 9 1 1 0 8 0 amappl13 176 2116 0 2115 1 0 1 1 0 8 0 amappl12 168 2862 0 2857 8 7 1 1 0 8 0 amappl11 160 6637 0 6623 1 0 1 1 0 8 0 amappl10 152 6320 0 6318 1 0 1 1 0 8 0 amappl9 144 9694 0 9691 1 0 1 1 0 8 0 amappl8 136 6737 0 6540 10 3 7 7 0 8 0 amappl7 128 4656 0 4647 1 0 1 1 0 8 0 amappl6 120 9841 0 9828 1 0 1 1 0 8 0 amappl5 112 40231 0 40214 1 0 1 1 0 8 0 amappl4 104 15049 0 15019 1 0 1 1 0 8 0 amappl3 96 7573 0 7555 1 0 1 1 0 8 0 amappl2 88 47389 0 47339 5 3 2 2 0 8 0 amappl1 80 725991 0 725552 12 2 10 12 0 8 0 amappl 88 543376 0 543195 6 1 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 132 0 2 3 0 3 3 0 8 0 uaddrrnd 24 41615 0 41596 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 41615 0 41596 1 0 1 1 0 8 0 vmmpekpl 168 313542 0 313517 2 0 2 2 0 8 0 vmmpepl 168 3872068 0 3870221 660 556 104 108 0 357 9 vmsppl 368 41614 0 41596 2 0 2 2 0 8 0 rwobjpl 56 957357 0 950076 212 107 105 110 0 8 0 pdppl 4096 83238 0 83192 98 52 46 50 0 8 0 pvpl 32 20289826 0 20274036 1335 1190 145 207 0 265 0 pmappl 248 41614 0 41596 2 0 2 2 0 8 0 extentpl 40 57 0 38 1 0 1 1 0 8 0 phpool 112 1969 0 1006 28 0 28 28 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace uvm_fault_lower(ffff8000212461b0,ffff8000212461e8,ffff800021246130,0) at uvm_fault_lower+0xbb1 sys/uvm/uvm_fault.c:1325 uvm_fault(fffffd807efff2e0,20000000,0,2) at uvm_fault+0x24f sys/uvm/uvm_fault.c:640 upageflttrap(ffff800021246320,200003c0) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff800021246320) at usertrap+0x214 sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffeb430, count: -5 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x44 sys/dev/kcov.c:149 sleep_setup(ffff80002447b780,ffff8000fffefce0,120,ffffffff824481fc,0) at sleep_setup+0xd3 sys/kern/kern_synch.c:370 rwsleep(ffff8000fffefce0,ffffffff827bb490,120,ffffffff824481fc,0) at rwsleep+0xc1 sys/kern/kern_synch.c:311 futex_wait(1f33cc729d0,6,0,2) at futex_wait+0x13c sys/kern/sys_futex.c:260 sys_futex(ffff8000fffefce0,ffff80002447b910,ffff80002447b970) at sys_futex+0xf8 sys/kern/sys_futex.c:111 syscall(ffff80002447b9e0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002447b9e0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1f3562637a0, count: 5 ddb{1}> trace x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x44 sys/dev/kcov.c:149 sleep_setup(ffff80002447b780,ffff8000fffefce0,120,ffffffff824481fc,0) at sleep_setup+0xd3 sys/kern/kern_synch.c:370 rwsleep(ffff8000fffefce0,ffffffff827bb490,120,ffffffff824481fc,0) at rwsleep+0xc1 sys/kern/kern_synch.c:311 futex_wait(1f33cc729d0,6,0,2) at futex_wait+0x13c sys/kern/sys_futex.c:260 sys_futex(ffff8000fffefce0,ffff80002447b910,ffff80002447b970) at sys_futex+0xf8 sys/kern/sys_futex.c:111 syscall(ffff80002447b9e0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002447b9e0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1f3562637a0, count: -10