kernel: page fault trap, code=10 Stopped at 0 TID PID UID PRFLAGS PFLAGS CPU COMMAND *225209 76309 0 0x8000000 0 0 syz-executor.6 286033 29792 0 0x8000000 0 1 syz-executor.4 end trace frame: 0x0, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: attempt to execute user address 0x0 in supervisor mode ddb{0}> trace end trace frame: 0x0, count: -1 ddb{0}> show registers rdi 0x9b63000 __kernel_phys_end+0x6b63000 rsi 0xffff80002a2102b0 rbp 0 rbx 0 rdx 0x62b34002 rcx 0 rax 0x800000006b680001 r8 0 r9 0 r10 0xd4d44c889676e6a8 r11 0x66889082ec4c8454 r12 0 r13 0 r14 0 r15 0 rip 0 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800035369950 ss 0x10 0 ddb{0}> show proc PROC (syz-executor.6) tid=225209 pid=76309 tcnt=2 stat=onproc flags process=8000000 proc=0 runpri=86, usrpri=86, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a210540,0xffff80002a211c60 process=0xffff80002a290018 user=0xffff800035364000, vmspace=0xfffffd8069c396e8 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 10194 505984 38765 0 2 0x8000000 syz-executor.5 62906 382696 82576 0 2 0x8000000 syz-executor.0 62906 377470 82576 0 3 0xc000080 fsleep syz-executor.0 *76309 225209 79613 0 7 0x8000000 syz-executor.6 76309 419300 79613 0 3 0xc000080 fsleep syz-executor.6 29792 286033 52922 0 7 0x8000000 syz-executor.4 29792 6739 52922 0 3 0xc000080 fsleep syz-executor.4 29792 361642 52922 0 3 0xc000080 fsleep syz-executor.4 2165 132218 71993 0 3 0x8000080 nanoslp syz-executor.2 2165 261207 71993 0 3 0xc000080 sbwait syz-executor.2 2165 12273 71993 0 3 0xc000080 fsleep syz-executor.2 80345 416606 57660 0 3 0x8000080 nanoslp syz-executor.7 80345 361830 57660 0 3 0xc000080 kqsel syz-executor.7 80345 256960 57660 0 3 0xc000080 kqsel syz-executor.7 36781 118406 97922 0 3 0x8000080 nanoslp syz-executor.1 36781 120209 97922 0 3 0xc000080 netacc syz-executor.1 36781 263133 97922 0 3 0xc000080 fsleep syz-executor.1 71993 436258 10826 0 3 0x8000082 nanoslp syz-executor.2 57660 419718 10826 0 3 0x8000082 nanoslp syz-executor.7 79613 215993 10826 0 3 0x8000082 nanoslp syz-executor.6 1976 251039 10826 0 3 0x8000082 wait syz-executor.3 97922 428004 10826 0 3 0x8000082 nanoslp syz-executor.1 84563 456389 1 0 3 0x18100083 ttyin getty 82576 476487 10826 0 3 0x8000082 nanoslp syz-executor.0 23420 37949 0 0 3 0x14200 bored sosplice 52922 276083 10826 0 3 0x8000082 nanoslp syz-executor.4 38765 75801 10826 0 3 0x8000082 nanoslp syz-executor.5 10826 401956 80842 0 3 0x1a000082 wait syz-fuzzer 10826 499294 80842 0 3 0x1e000082 thrsleep syz-fuzzer 10826 99571 80842 0 3 0x1e000082 wait syz-fuzzer 10826 303988 80842 0 3 0x1e000082 thrsleep syz-fuzzer 10826 256343 80842 0 3 0x1e000082 wait syz-fuzzer 10826 382944 80842 0 3 0x1e000082 thrsleep syz-fuzzer 10826 421616 80842 0 3 0x1e000082 wait syz-fuzzer 10826 236589 80842 0 3 0x1e000082 thrsleep syz-fuzzer 10826 323515 80842 0 3 0x1e000082 wait syz-fuzzer 10826 19507 80842 0 3 0x1e000082 wait syz-fuzzer 10826 393713 80842 0 3 0x1e000082 thrsleep syz-fuzzer 10826 394536 80842 0 3 0x1e000082 wait syz-fuzzer 10826 455482 80842 0 3 0x1e000082 kqread syz-fuzzer 10826 120831 80842 0 3 0x1e000082 wait syz-fuzzer 10826 386247 80842 0 3 0x1e000082 thrsleep syz-fuzzer 10826 477653 80842 0 3 0x1e000082 thrsleep syz-fuzzer 80842 414028 58118 0 3 0x810008a sigsusp ksh 58118 114595 45662 0 3 0x1800009a kqread sshd 45662 101000 1 0 3 0x18000088 kqread sshd 89960 267987 75015 73 3 0x19100090 kqread syslogd 75015 254452 1 0 3 0x18100082 sbwait syslogd 16372 501479 1 0 3 0x18100080 kqread resolvd 46754 30278 52497 77 3 0x18100092 kqread dhcpleased 62057 93834 52497 77 3 0x18100092 kqread dhcpleased 52497 442147 1 0 3 0x18000080 kqread dhcpleased 42144 516908 0 0 3 0x14200 bored smr 69149 252145 0 0 3 0x14200 pgzero zerothread 21225 432033 0 0 3 0x14200 aiodoned aiodoned 45109 75255 0 0 3 0x14200 syncer update 88419 227392 0 0 3 0x14200 cleaner cleaner 86731 27163 0 0 3 0x14200 reaper reaper 65038 445527 0 0 3 0x14200 pgdaemon pagedaemon 80897 15440 0 0 3 0x14200 bored viomb 51129 44278 0 0 3 0x40014200 acpi0 acpi0 39141 284826 0 0 3 0x40014200 idle1 16220 347917 0 0 3 0x14200 bored softnet3 50594 370131 0 0 3 0x14200 bored softnet2 61230 352006 0 0 3 0x14200 bored softnet1 46989 21832 0 0 3 0x14200 bored softnet0 69059 121859 0 0 3 0x14200 bored systqmp 67727 100645 0 0 3 0x14200 bored systq 74144 470325 0 0 3 0x14200 tmoslp softclockmp 8366 333559 0 0 3 0x40014200 tmoslp softclock 29282 457787 0 0 3 0x40014200 idle0 1 259928 0 0 3 0x8080082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive sched_lock &sched_lock r = 0 (0xffffffff82e27408) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 sleep_finish+0x145 sys/kern/kern_synch.c:401 #2 rwsleep+0xb3 sys/kern/kern_synch.c:300 #3 futex_wait+0x297 sys/kern/sys_futex.c:250 #4 sys_futex+0xfb sys/kern/sys_futex.c:101 #5 syscall+0x8cf mi_syscall sys/sys/syscall_mi.h:180 [inline] #5 syscall+0x8cf sys/arch/amd64/amd64/trap.c:577 #6 Xsyscall+0x128 Process 29792 (syz-executor.4) thread 0xffff80002a2107d0 (286033) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82e28010) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 uvm_fault+0x189 sys/uvm/uvm_fault.c:622 #2 upageflttrap+0x8e sys/arch/amd64/amd64/trap.c:188 #3 usertrap+0x22a sys/arch/amd64/amd64/trap.c:436 #4 recall_trap+0x8 shared rwlock vmmaplk r = 0 (0xfffffd8069c39d00) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1785 #2 uvm_fault_check+0x3e sys/uvm/uvm_fault.c:672 #3 uvm_fault+0xf2 sys/uvm/uvm_fault.c:600 #4 upageflttrap+0x8e sys/arch/amd64/amd64/trap.c:188 #5 usertrap+0x22a sys/arch/amd64/amd64/trap.c:436 #6 recall_trap+0x8 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10214 6517K 7078K 166960K 14421 0 pcb 18 12K 12K 166960K 262 0 rtable 216 15K 15K 166960K 1119 0 pf 38 10K 11K 166960K 142 0 ifaddr 45 15K 15K 166960K 161 0 ifgroup 67 2K 2K 166960K 230 0 sysctl 3 0K 1K 166960K 5 0 counters 72 37K 37K 166960K 158 0 ioctlops 0 0K 4K 166960K 1592 0 iov 0 0K 16K 166960K 122 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1393 88K 88K 166960K 3040 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 55 0 VM map 2 1K 1K 166960K 2 0 sem 19 10K 10K 166960K 100 0 dirhash 12 2K 3K 166960K 54 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 18 65K 97K 166960K 1869 0 sigio 0 0K 0K 166960K 30 0 proc 59 79K 115K 166960K 1190 0 subproc 104 6K 8K 166960K 364 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 214 0 in_multi 74 5K 6K 166960K 358 0 ether_multi 1 0K 0K 166960K 18 0 mrt 1 0K 0K 166960K 7 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 103 466K 466K 166960K 103 0 exec 0 0K 1K 166960K 831 0 pfkey data 0 0K 1K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 317 102K 121K 166960K 17959 0 UVM aobj 66 5K 5K 166960K 76 0 pinsyscall 38 76K 100K 166960K 3534 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 85 0 NDP 15 0K 1K 166960K 111 0 temp 77 6808K 14744K 166960K 67262 0 kqueue 12 18K 26K 166960K 261 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 262 0 258 1 0 1 1 0 8 0 rtentry 112 369 0 276 4 1 3 4 0 8 0 unpcb 144 1425 0 1408 5 4 1 2 0 8 0 syncache 336 6 0 6 3 3 0 1 0 8 0 tcpqe 32 28 0 28 2 2 0 1 0 8 0 tcpcb 808 545 0 537 11 9 2 8 0 8 1 arp 120 66 0 52 1 0 1 1 0 8 0 inpcb 384 1828 0 1813 17 15 2 15 0 8 0 nd6 136 95 0 75 1 0 1 1 0 8 0 pkpcb 40 14 0 14 7 6 1 1 0 8 1 kcovpl 48 28 0 20 1 0 1 1 0 8 0 ppxss 1168 8 0 8 4 3 1 1 0 8 1 pffrag 232 17 0 13 1 0 1 1 0 482 0 pffrnode 88 17 0 13 1 0 1 1 0 8 0 pffrent 40 281 0 277 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 149 0 76 1 0 1 1 0 8 0 pfstkey 128 149 0 76 3 0 3 3 0 8 0 pfstate 376 149 0 76 8 0 8 8 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 1368 0 981 34 9 25 27 0 8 0 art_table 32 1372 0 981 4 0 4 4 0 8 0 art_node 16 362 0 280 1 0 1 1 0 8 0 sysvmsgpl 40 18 0 2 1 0 1 1 0 8 0 semapl 112 96 0 79 1 0 1 1 0 8 0 shmpl 112 73 0 10 2 0 2 2 0 8 0 dirhash 1024 45 0 28 3 0 3 3 0 8 0 dino2pl 256 4349 0 2827 96 0 96 96 0 8 0 ffsino 272 4349 0 2827 102 0 102 102 0 8 0 nchpl 144 7202 0 6624 67 32 35 67 0 8 8 uvmvnodes 80 5690 0 0 117 0 117 117 0 8 0 vnodes 216 5690 0 0 317 0 317 317 0 8 0 namei 1024 26203 0 26203 3 2 1 2 0 8 1 percpumem 16 93 0 43 1 0 1 1 0 8 0 vcpupl 3904 7 0 1 1 0 1 1 0 8 0 vmpool 696 16 0 10 1 0 1 1 0 8 0 kstatmem 264 116 0 86 3 0 3 3 0 8 0 scsiplug 72 8 0 8 6 5 1 1 0 8 1 scxspl 216 41569 0 41569 12 9 3 8 1 8 3 plimitpl 152 337 0 319 1 0 1 1 0 8 0 sigapl 424 2141 0 2093 7 1 6 7 0 8 0 futexpl 64 29357 0 29351 2 1 1 1 0 8 0 knotepl 120 449 0 0 12 0 12 12 0 8 0 kqueuepl 216 536 0 525 2 1 1 2 0 8 0 pipepl 320 424 0 396 3 0 3 3 0 8 0 fdescpl 496 2118 0 2089 6 2 4 5 0 8 0 filepl 152 14150 0 13885 16 4 12 16 0 8 0 lockfpl 104 711 0 707 1 0 1 1 0 8 0 lockfspl 48 316 0 312 1 0 1 1 0 8 0 sessionpl 144 45 0 29 1 0 1 1 0 8 0 pgrppl 48 67 0 51 1 0 1 1 0 8 0 ucredpl 104 2390 0 2380 1 0 1 1 0 8 0 zombiepl 144 2094 0 2093 1 0 1 1 0 8 0 processpl 1144 2141 0 2093 4 0 4 4 0 8 0 procpl 656 3955 0 3882 8 1 7 8 0 8 0 srpgc 96 18 0 18 3 3 0 1 0 8 0 sosppl 168 6 0 6 4 4 0 1 0 8 0 sockpl 664 3552 0 3516 20 16 4 14 0 8 0 mcl64k 65536 19 0 0 3 0 3 3 0 8 0 mcl16k 16384 7 0 0 1 0 1 1 0 8 0 mcl12k 12288 7 0 0 1 0 1 1 0 8 0 mcl9k 9216 3 0 0 1 0 1 1 0 8 0 mcl8k 8192 9 0 0 2 0 2 2 0 8 0 mcl4k 4096 5 0 0 1 0 1 1 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 323 0 0 41 0 41 41 0 8 0 mtagpl 96 23 0 0 1 0 1 1 0 8 0 mbufpl 256 485 0 0 25 0 25 25 0 8 0 bufpl 280 11593 0 3085 608 0 608 608 0 8 0 anonpl 24 407620 0 396977 96 26 70 84 0 186 5 amapchunkpl 152 58272 0 57528 56 15 41 43 0 158 6 amappl16 200 10320 0 9928 60 39 21 31 0 8 0 amappl15 192 19 0 19 2 1 1 1 0 8 1 amappl14 184 285 0 274 2 1 1 2 0 8 0 amappl13 176 40 0 39 1 0 1 1 0 8 0 amappl12 168 3049 0 3018 2 0 2 2 0 8 0 amappl11 160 81 0 62 1 0 1 1 0 8 0 amappl10 152 78 0 75 1 0 1 1 0 8 0 amappl9 144 171 0 171 2 2 0 1 0 8 0 amappl8 136 247 0 212 2 0 2 2 0 8 0 amappl7 128 57 0 41 1 0 1 1 0 8 0 amappl6 120 576 0 558 2 1 1 2 0 8 0 amappl5 112 245 0 233 1 0 1 1 0 8 0 amappl4 104 676 0 645 2 0 2 2 0 8 0 amappl3 96 11373 0 11280 3 0 3 3 0 8 0 amappl2 88 2594 0 2522 5 3 2 5 0 8 0 amappl1 80 16088 0 15594 23 10 13 22 0 8 0 amappl 88 17135 0 16917 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 75 0 10 2 0 2 2 0 8 0 uaddrrnd 24 2134 0 2099 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2134 0 2099 1 0 1 1 0 8 0 vmmpekpl 168 18790 0 18725 4 0 4 4 0 8 0 vmmpepl 168 152014 0 149791 154 44 110 117 0 357 12 vmsppl 440 2133 0 2099 6 1 5 5 0 8 0 rwobjpl 56 47710 0 40583 109 8 101 101 0 8 0 pdppl 4096 4275 0 4204 153 80 73 81 0 8 2 pvpl 32 49325 0 0 399 1 398 398 0 265 0 pmappl 248 2133 0 2099 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 489 0 108 12 0 12 12 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace end trace frame: 0x0, count: -1 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffff800029cebff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82e27200) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82e27200) at __mp_lock+0x122 sys/kern/kern_lock.c:147 wakeup_n(ffff80002a210540,1) at wakeup_n+0x58 sys/kern/kern_synch.c:543 futex_requeue(79ddc938a50,7fffffff,0,0,2) at futex_requeue+0x108 sys/kern/sys_futex.c:296 sys_futex(ffff80002a2107d0,ffff800035981a90,ffff8000359819e0) at sys_futex+0x11a sys/kern/sys_futex.c:105 syscall(ffff800035981a90) at syscall+0x8cf mi_syscall sys/sys/syscall_mi.h:180 [inline] syscall(ffff800035981a90) at syscall+0x8cf sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x792500044a40, count: 6 ddb{1}> trace x86_ipi_db(ffff800029cebff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82e27200) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82e27200) at __mp_lock+0x122 sys/kern/kern_lock.c:147 wakeup_n(ffff80002a210540,1) at wakeup_n+0x58 sys/kern/kern_synch.c:543 futex_requeue(79ddc938a50,7fffffff,0,0,2) at futex_requeue+0x108 sys/kern/sys_futex.c:296 sys_futex(ffff80002a2107d0,ffff800035981a90,ffff8000359819e0) at sys_futex+0x11a sys/kern/sys_futex.c:105 syscall(ffff800035981a90) at syscall+0x8cf mi_syscall sys/sys/syscall_mi.h:180 [inline] syscall(ffff800035981a90) at syscall+0x8cf sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x792500044a40, count: -9