uvm_fault(0xfffffd80695d2000, 0xf, 0, 1) -> e kernel: page fault trap, code=0 Stopped at ktrops+0x58: movq 0x10(%r14),%r14 TID PID UID PRFLAGS PFLAGS CPU COMMAND 2465 13083 0 0 0 0 syz-executor *364188 71140 0 0 0x4000000 1K syz-executor ktrops(ffff8000371f2028,ffffffffffffffff,0,80000112,fffffd8063139ce0,fffffd807f7d3680) at ktrops+0x58 ktrcanset sys/kern/kern_ktrace.c:718 [inline] ktrops(ffff8000371f2028,ffffffffffffffff,0,80000112,fffffd8063139ce0,fffffd807f7d3680) at ktrops+0x58 sys/kern/kern_ktrace.c:561 doktrace(fffffd8063139ce0,4,112,0,ffff8000371f2028) at doktrace+0x6dd ktrsetchildren sys/kern/kern_ktrace.c:586 [inline] doktrace(fffffd8063139ce0,4,112,0,ffff8000371f2028) at doktrace+0x6dd sys/kern/kern_ktrace.c:508 sys_ktrace(ffff8000371f2028,ffff8000371b61e0,ffff8000371b6130) at sys_ktrace+0x11c sys/kern/kern_ktrace.c:549 syscall(ffff8000371b61e0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371b61e0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3f712ba00, count: 10 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd80695d2000, 0xf, 0, 1) -> e ddb{1}> trace ktrops(ffff8000371f2028,ffffffffffffffff,0,80000112,fffffd8063139ce0,fffffd807f7d3680) at ktrops+0x58 ktrcanset sys/kern/kern_ktrace.c:718 [inline] ktrops(ffff8000371f2028,ffffffffffffffff,0,80000112,fffffd8063139ce0,fffffd807f7d3680) at ktrops+0x58 sys/kern/kern_ktrace.c:561 doktrace(fffffd8063139ce0,4,112,0,ffff8000371f2028) at doktrace+0x6dd ktrsetchildren sys/kern/kern_ktrace.c:586 [inline] doktrace(fffffd8063139ce0,4,112,0,ffff8000371f2028) at doktrace+0x6dd sys/kern/kern_ktrace.c:508 sys_ktrace(ffff8000371f2028,ffff8000371b61e0,ffff8000371b6130) at sys_ktrace+0x11c sys/kern/kern_ktrace.c:549 syscall(ffff8000371b61e0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371b61e0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3f712ba00, count: -5 ddb{1}> show registers rdi 0xffff800032393000 rsi 0x1f00 __ALIGN_SIZE+0xf00 rbp 0xffff8000371b5f00 rbx 0xfffffd807f7d3680 rdx 0xffff800032393000 rcx 0x1eff __ALIGN_SIZE+0xeff rax 0xffffffff8135be33 ktrops+0x43 r8 0xfffffd8063139ce0 r9 0xfffffd807f7d3680 r10 0x849e03fbfdbdb3ac r11 0xa83348a0bccb3a34 r12 0xffff8000371f2028 r13 0xffffffffffffffff r14 0xffffffffffffffff r15 0x80000112 __kernel_virt_to_phys+0x112 rip 0xffffffff8135be48 ktrops+0x58 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000371b5e80 ss 0x10 ktrops+0x58: movq 0x10(%r14),%r14 ddb{1}> show proc PROC (syz-executor) tid=364188 pid=71140 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=17, usrpri=50, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000371f31e0,0xffff8000371f2f68 process=0xffff8000371b9b50 user=0xffff8000371b1000, vmspace=0xfffffd80695d2000 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 13083 2465 26167 0 7 0 syz-executor 71140 64495 42422 0 2 0 syz-executor *71140 364188 42422 0 7 0x4000000 syz-executor 26258 434240 36498 0 2 0 syz-executor 19286 361839 24203 0 2 0 syz-executor 19286 114950 24203 0 3 0x4000080 kqpoll syz-executor 19286 176600 24203 0 2 0x4000000 syz-executor 51362 171990 4678 0 3 0x80 nanoslp syz-executor 51362 429016 4678 0 3 0x4000080 sbwait syz-executor 51362 126124 4678 0 3 0x4000080 fsleep syz-executor 37066 14582 25174 60928 3 0x90 nanoslp syz-executor 37066 105805 25174 60928 3 0x4000090 kqpoll syz-executor 37066 201472 25174 60928 3 0x4000090 fsleep syz-executor 98934 170747 0 0 3 0x14200 bored sosplice 24203 475708 93664 0 3 0x82 nanoslp syz-executor 4678 406038 93664 0 3 0x82 nanoslp syz-executor 42422 140190 93664 0 3 0x82 nanoslp syz-executor 26167 274369 93664 0 3 0x82 nanoslp syz-executor 25174 510830 93664 0 3 0x82 nanoslp syz-executor 78368 490346 93664 0 2 0x2 syz-executor 39922 85389 93664 0 3 0x82 nanoslp syz-executor 36498 513971 93664 0 2 0x2 syz-executor 93664 92495 53304 0 3 0x82 kqread syz-executor 53304 313045 23143 0 3 0x10008a sigsusp ksh 23143 289280 90725 0 3 0x98 kqread sshd-session 90725 347873 49003 0 3 0x92 kqread sshd-session 73733 129003 1 0 3 0x100083 ttyin getty 49003 228456 1 0 3 0x88 kqread sshd 11288 134764 44344 74 3 0x1100092 bpf pflogd 44344 254499 1 0 3 0x80 sbwait pflogd 60348 446942 46349 73 3 0x1100090 kqread syslogd 46349 402045 1 0 3 0x100082 sbwait syslogd 56681 488215 1 0 3 0x100080 kqread resolvd 80193 492232 7843 77 3 0x100092 kqread dhcpleased 37410 472650 7843 77 3 0x100092 kqread dhcpleased 7843 316744 1 0 3 0x80 kqread dhcpleased 6851 354923 0 0 3 0x14200 bored smr 82830 9563 0 0 2 0x14200 zerothread 81811 345250 0 0 3 0x14200 aiodoned aiodoned 47921 432119 0 0 3 0x14200 syncer update 90104 53821 0 0 3 0x14200 cleaner cleaner 89470 329310 0 0 3 0x14200 reaper reaper 17028 448267 0 0 3 0x14200 pgdaemon pagedaemon 38320 504724 0 0 3 0x14200 bored viomb 50228 470829 0 0 3 0x40014200 acpi0 acpi0 23345 473632 0 0 3 0x40014200 idle1 40988 359402 0 0 3 0x14200 bored softnet3 41997 419551 0 0 3 0x14200 bored softnet2 38132 455226 0 0 3 0x14200 bored softnet1 21914 271125 0 0 3 0x14200 bored softnet0 20497 183128 0 0 3 0x14200 bored systqmp 64858 324355 0 0 3 0x14200 bored systq 67268 508769 0 0 3 0x14200 tmoslp softclockmp 23938 351613 0 0 3 0x40014200 tmoslp softclock 21950 30233 0 0 3 0x40014200 idle0 1 2066 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 13083 (syz-executor) thread 0xffff8000371f2f58 (2465) shared rwlock vmmaplk r = 0 (0xfffffd80695d2618) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1785 #2 uvm_fault_check+0x47 sys/uvm/uvm_fault.c:672 #3 uvm_fault+0x112 sys/uvm/uvm_fault.c:600 #4 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188 #5 usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436 #6 recall_trap+0x8 Process 71140 (syz-executor) thread 0xffff8000371f2028 (364188) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83550280) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 __mp_acquire_count+0x58 #2 mi_switch+0x4b7 sys/kern/sched_bsd.c:441 #3 sleep_finish+0x219 sys/kern/kern_synch.c:416 #4 biowait+0xc1 sys/kern/vfs_bio.c:1254 #5 bwrite+0x2e2 sys/kern/vfs_bio.c:766 #6 ffs_update+0x34c sys/ufs/ffs/ffs_inode.c:111 #7 ffs_truncate+0xcb6 #8 ufs_inactive+0x203 sys/ufs/ufs/ufs_inode.c:84 #9 VOP_INACTIVE+0x107 sys/kern/vfs_vops.c:495 #10 vrele+0x129 sys/kern/vfs_subr.c:827 #11 ktrsettrace+0xe7 sys/kern/kern_ktrace.c:122 #12 ktrops+0x271 sys/kern/kern_ktrace.c:564 #13 doktrace+0x6dd ktrsetchildren sys/kern/kern_ktrace.c:586 [inline] #13 doktrace+0x6dd sys/kern/kern_ktrace.c:508 #14 sys_ktrace+0x11c sys/kern/kern_ktrace.c:549 #15 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #15 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #16 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10194 11243K 11243K 166960K 11308 0 pcb 17 13K 14K 166960K 71 0 rtable 240 6K 7K 166960K 358 0 pf 34 17K 18K 166960K 45 0 ifaddr 44 7K 7K 166960K 46 0 ifgroup 55 2K 2K 166960K 55 0 sysctl 1 1K 1K 166960K 1 0 counters 64 36K 36K 166960K 64 0 ioctlops 0 0K 4K 166960K 1493 0 iov 0 0K 14K 166960K 10 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1369 86K 86K 166960K 1414 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 3 0 VM map 2 1K 1K 166960K 2 0 sem 5 0K 0K 166960K 5 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 17 61K 89K 166960K 196 0 proc 71 91K 128K 166960K 538 0 subproc 104 6K 6K 166960K 104 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 7 0 in_multi 103 7K 7K 166960K 103 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 49 228K 228K 166960K 49 0 exec 0 0K 1K 166960K 371 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 226 72K 73K 166960K 3409 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 42 84K 104K 166960K 1265 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 13 0K 2K 166960K 29 0 temp 39 6814K 6888K 166960K 7504 0 kqueue 14 22K 26K 166960K 33 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 40 0 37 1 0 1 1 0 8 0 rtentry 112 114 0 1 4 0 4 4 0 8 0 unpcb 144 100 0 77 2 0 2 2 0 8 1 syncache 336 3 0 3 2 1 1 1 0 8 1 tcpcb 808 21 0 14 1 0 1 1 0 8 0 arp 120 18 0 0 1 0 1 1 0 8 0 inpcb 336 145 0 134 4 0 4 4 0 8 3 nd6 136 26 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 pffrent 40 1 0 1 1 0 1 1 0 8 1 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 24 0 0 1 0 1 1 0 8 0 pfstkey 128 24 0 0 1 0 1 1 0 8 0 pfstate 376 24 0 0 3 0 3 3 0 8 0 pfrule 1344 21 0 15 2 0 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 454 0 0 29 0 29 29 0 8 0 art_table 32 455 0 0 4 0 4 4 0 8 0 art_node 16 113 0 11 1 0 1 1 0 8 0 sysvmsgpl 40 2 0 2 1 0 1 1 0 8 1 semapl 112 3 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1649 0 139 95 0 95 95 0 8 0 ffsino 272 1649 0 139 101 0 101 101 0 8 0 nchpl 144 1927 0 239 63 0 63 63 0 8 0 uvmvnodes 80 1782 0 0 37 0 37 37 0 8 0 vnodes 216 1782 0 0 99 0 99 99 0 8 0 namei 1024 5839 0 5839 2 1 1 1 0 8 1 percpumem 16 46 0 0 1 0 1 1 0 8 0 kstatmem 264 24 0 0 2 0 2 2 0 8 0 scxspl 216 5564 0 5564 3 1 2 2 1 8 2 plimitpl 152 33 0 16 1 0 1 1 0 8 0 sigapl 424 495 0 445 7 0 7 7 0 8 1 futexpl 64 944 0 942 1 0 1 1 0 8 0 knotepl 120 303 0 0 10 0 10 10 0 8 0 kqueuepl 216 33 0 22 1 0 1 1 0 8 0 pipepl 320 108 0 81 3 0 3 3 0 8 0 fdescpl 496 476 0 445 5 0 5 5 0 8 1 filepl 152 1815 0 1559 11 0 11 11 0 8 0 lockfpl 104 33 0 30 1 0 1 1 0 8 0 lockfspl 48 16 0 13 1 0 1 1 0 8 0 sessionpl 144 22 0 13 1 0 1 1 0 8 0 pgrppl 48 34 0 16 1 0 1 1 0 8 0 ucredpl 104 128 0 114 1 0 1 1 0 8 0 zombiepl 144 446 0 445 1 0 1 1 0 8 0 processpl 1160 495 0 445 5 0 5 5 0 8 1 procpl 648 599 0 542 6 0 6 6 0 8 0 sockpl 664 286 0 249 6 0 6 6 0 8 2 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl8k 8192 6 0 0 1 0 1 1 0 8 0 mcl4k 4096 135 0 0 17 0 17 17 0 8 0 mcl2k 2048 24 0 0 3 0 3 3 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 147 0 0 10 0 10 10 0 8 0 bufpl 280 2330 0 97 160 0 160 160 0 8 0 anonpl 24 193942 0 190644 45 0 45 45 0 185 18 amapchunkpl 152 11806 0 11341 22 0 22 22 0 158 0 amappl16 200 5881 0 5864 14 0 14 14 0 8 11 amappl15 192 31 0 31 1 1 0 1 0 8 0 amappl14 184 159 0 147 1 0 1 1 0 8 0 amappl13 176 12 0 12 1 1 0 1 0 8 0 amappl12 168 1127 0 1097 4 1 3 3 0 8 1 amappl11 160 64 0 49 1 0 1 1 0 8 0 amappl10 152 14 0 14 1 1 0 1 0 8 0 amappl9 144 147 0 147 1 1 0 1 0 8 0 amappl8 136 41 0 39 1 0 1 1 0 8 0 amappl7 128 111 0 99 1 0 1 1 0 8 0 amappl6 120 170 0 169 1 0 1 1 0 8 0 amappl5 112 135 0 123 1 0 1 1 0 8 0 amappl4 104 305 0 289 1 0 1 1 0 8 0 amappl3 96 2053 0 1950 3 0 3 3 0 8 0 amappl2 88 664 0 596 2 0 2 2 0 8 0 amappl1 80 7590 0 7030 14 0 14 14 0 8 2 amappl 88 3040 0 2876 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 476 0 445 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 476 0 445 1 0 1 1 0 8 0 vmmpekpl 168 5312 0 5277 2 0 2 2 0 8 0 vmmpepl 168 39784 0 37977 92 0 92 92 0 357 7 vmsppl 440 475 0 445 6 1 5 5 0 8 1 rwobjpl 56 18809 0 16129 42 0 42 42 0 8 1 pdppl 4096 959 0 890 99 26 73 83 0 8 4 pvpl 32 13608 0 0 111 1 110 110 0 265 0 pmappl 248 475 0 445 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 372 0 30 11 0 11 11 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff834afff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83550078) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff83550078) at __mp_lock+0x192 sys/kern/kern_lock.c:144 uvm_fault(fffffd80695d2528,a65f0c29000,0,2) at uvm_fault+0x1ed sys/uvm/uvm_fault.c:622 upageflttrap(ffff80003238c160,a65f0c29000) at upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188 usertrap(ffff80003238c160) at usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7988dbb46990, count: 7 ddb{0}> trace x86_ipi_db(ffffffff834afff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83550078) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff83550078) at __mp_lock+0x192 sys/kern/kern_lock.c:144 uvm_fault(fffffd80695d2528,a65f0c29000,0,2) at uvm_fault+0x1ed sys/uvm/uvm_fault.c:622 upageflttrap(ffff80003238c160,a65f0c29000) at upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188 usertrap(ffff80003238c160) at usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7988dbb46990, count: -8 ddb{0}> machine ddbcpu 1 Stopped at ktrops+0x58: movq 0x10(%r14),%r14 ktrops(ffff8000371f2028,ffffffffffffffff,0,80000112,fffffd8063139ce0,fffffd807f7d3680) at ktrops+0x58 ktrcanset sys/kern/kern_ktrace.c:718 [inline] ktrops(ffff8000371f2028,ffffffffffffffff,0,80000112,fffffd8063139ce0,fffffd807f7d3680) at ktrops+0x58 sys/kern/kern_ktrace.c:561 doktrace(fffffd8063139ce0,4,112,0,ffff8000371f2028) at doktrace+0x6dd ktrsetchildren sys/kern/kern_ktrace.c:586 [inline] doktrace(fffffd8063139ce0,4,112,0,ffff8000371f2028) at doktrace+0x6dd sys/kern/kern_ktrace.c:508 sys_ktrace(ffff8000371f2028,ffff8000371b61e0,ffff8000371b6130) at sys_ktrace+0x11c sys/kern/kern_ktrace.c:549 syscall(ffff8000371b61e0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371b61e0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3f712ba00, count: 10 ddb{1}> trace ktrops(ffff8000371f2028,ffffffffffffffff,0,80000112,fffffd8063139ce0,fffffd807f7d3680) at ktrops+0x58 ktrcanset sys/kern/kern_ktrace.c:718 [inline] ktrops(ffff8000371f2028,ffffffffffffffff,0,80000112,fffffd8063139ce0,fffffd807f7d3680) at ktrops+0x58 sys/kern/kern_ktrace.c:561 doktrace(fffffd8063139ce0,4,112,0,ffff8000371f2028) at doktrace+0x6dd ktrsetchildren sys/kern/kern_ktrace.c:586 [inline] doktrace(fffffd8063139ce0,4,112,0,ffff8000371f2028) at doktrace+0x6dd sys/kern/kern_ktrace.c:508 sys_ktrace(ffff8000371f2028,ffff8000371b61e0,ffff8000371b6130) at sys_ktrace+0x11c sys/kern/kern_ktrace.c:549 syscall(ffff8000371b61e0) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371b61e0) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3f712ba00, count: -5