uvm_fault(0xffffffff82b29970, 0xffff800020c4f000, 0, 2) -> d kernel: page fault trap, code=0 Stopped at memset+0x4e: repe stosq %es:(%rdi) TID PID UID PRFLAGS PFLAGS CPU COMMAND *285006 5291 0 0x10 0x4000000 0K syz-executor.0 memset() at memset+0x4e VOP_WRITE(fffffd806744b6b0,ffff80002e37ece8,0,fffffd807f7d80c0) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 uvn_io(fffffd80675a5298,ffff80002e37ee80,f,31,1) at uvn_io+0x394 sys/uvm/uvm_vnode.c:1232 uvm_pager_put(fffffd80675a5298,fffffd8007c7c2c0,ffff80002e37ef18,ffff80002e37ef58,31,0,8fa84ed966ee33a6) at uvm_pager_put+0x137 sys/uvm/uvm_pager.c:520 uvn_flush(fffffd80675a5298,0,0,31) at uvn_flush+0x532 sys/uvm/uvm_vnode.c:719 uvm_vnp_sync(ffff8000006d5c00) at uvm_vnp_sync+0x15f sys/uvm/uvm_vnode.c:1503 sys_sync(ffff80002af077b0,ffff80002e37f068,ffff80002e37f0c0) at sys_sync+0x9b sys/kern/vfs_syscalls.c:538 syscall(ffff80002e37f130) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002e37f130) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf9984da4250, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xffffffff82b29970, 0xffff800020c4f000, 0, 2) -> d ddb{0}> trace memset() at memset+0x4e VOP_WRITE(fffffd806744b6b0,ffff80002e37ece8,0,fffffd807f7d80c0) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 uvn_io(fffffd80675a5298,ffff80002e37ee80,f,31,1) at uvn_io+0x394 sys/uvm/uvm_vnode.c:1232 uvm_pager_put(fffffd80675a5298,fffffd8007c7c2c0,ffff80002e37ef18,ffff80002e37ef58,31,0,8fa84ed966ee33a6) at uvm_pager_put+0x137 sys/uvm/uvm_pager.c:520 uvn_flush(fffffd80675a5298,0,0,31) at uvn_flush+0x532 sys/uvm/uvm_vnode.c:719 uvm_vnp_sync(ffff8000006d5c00) at uvm_vnp_sync+0x15f sys/uvm/uvm_vnode.c:1503 sys_sync(ffff80002af077b0,ffff80002e37f068,ffff80002e37f0c0) at sys_sync+0x9b sys/kern/vfs_syscalls.c:538 syscall(ffff80002e37f130) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002e37f130) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf9984da4250, count: -9 ddb{0}> show registers rdi 0xffff800020c4f000 rsi 0 rbp 0xffff80002e37ec40 rbx 0xe rdx 0 rcx 0x800 rax 0 r8 0x4000 __ALIGN_SIZE+0x3000 r9 0xffff80002e37eac8 r10 0xab55ffb553a61a72 r11 0xffff800020c4f000 r12 0x4000 __ALIGN_SIZE+0x3000 r13 0x4000 __ALIGN_SIZE+0x3000 r14 0xffff800020c4f000 r15 0x4000 __ALIGN_SIZE+0x3000 rip 0xffffffff81633bae memset+0x4e cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff80002e37eb78 ss 0x10 memset+0x4e: repe stosq %es:(%rdi) ddb{0}> show proc PROC (syz-executor.0) pid=285006 stat=onproc flags process=10 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff80002af06d30,0xffffffff829e0210 process=0xffff80002e3d3200 user=0xffff80002e37a000, vmspace=0xfffffd806457ebb0 estcpu=36, cpticks=3, pctcpu=0.0 user=0, sys=3, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 5291 492767 61506 0 2 0x10 syz-executor.0 * 5291 285006 61506 0 7 0x4000010 syz-executor.0 34878 140399 32298 0 2 0 syz-executor.6 34878 90476 32298 0 3 0x4000080 fsleep syz-executor.6 80824 364294 23753 0 2 0 syz-executor.5 80824 388704 23753 0 3 0x4000080 fsleep syz-executor.5 87141 56475 61938 0 2 0 syz-executor.2 87141 338914 61938 0 3 0x4000080 fsleep syz-executor.2 77113 135208 38066 0 2 0 syz-executor.1 77113 30314 38066 0 3 0x4000080 fsleep syz-executor.1 76217 267819 38723 0 2 0 syz-executor.7 76217 9031 38723 0 3 0x4000080 fsleep syz-executor.7 80409 137221 63005 0 2 0 syz-executor.3 80409 343495 63005 0 3 0x4000080 fsleep syz-executor.3 38066 137950 75203 0 2 0x482 syz-executor.1 90565 83418 0 0 3 0x14200 acct acct 32298 179836 75203 0 2 0x482 syz-executor.6 31115 255699 1 0 3 0x100083 ttyin getty 38723 318651 75203 0 2 0x482 syz-executor.7 63005 157867 75203 0 2 0x482 syz-executor.3 23753 416123 75203 0 2 0x482 syz-executor.5 76687 500271 0 0 3 0x14200 bored sosplice 87262 227814 75203 0 2 0x482 syz-executor.4 61938 429880 75203 0 2 0x482 syz-executor.2 61506 178986 75203 0 2 0x482 syz-executor.0 75203 94048 55395 0 3 0x82 thrsleep syz-fuzzer 75203 502594 55395 0 3 0x4000082 thrsleep syz-fuzzer 75203 456346 55395 0 3 0x4000082 thrsleep syz-fuzzer 75203 523068 55395 0 3 0x4000082 thrsleep syz-fuzzer 75203 35495 55395 0 3 0x4000082 thrsleep syz-fuzzer 75203 513425 55395 0 3 0x4000082 thrsleep syz-fuzzer 75203 38962 55395 0 3 0x4000082 kqread syz-fuzzer 75203 505907 55395 0 3 0x4000082 thrsleep syz-fuzzer 75203 176964 55395 0 3 0x4000082 thrsleep syz-fuzzer 55395 482396 92492 0 3 0x10008a sigsusp ksh 92492 89674 64450 0 3 0x9a poll sshd 64450 475982 1 0 3 0x88 poll sshd 72269 345099 32351 74 3 0x100092 bpf pflogd 32351 517883 1 0 3 0x80 netio pflogd 95176 416987 46920 73 3 0x100090 kqread syslogd 46920 26588 1 0 3 0x100082 netio syslogd 23909 94969 1 0 3 0x100080 kqread resolvd 70023 49633 6432 77 3 0x100092 kqread dhcpleased 35704 41894 6432 77 3 0x100092 kqread dhcpleased 6432 188601 1 0 3 0x80 kqread dhcpleased 28799 416249 0 0 3 0x14200 bored smr 47217 135953 0 0 2 0x14200 zerothread 63382 357826 0 0 3 0x14200 aiodoned aiodoned 96681 160999 0 0 3 0x14200 syncer update 20785 343523 0 0 3 0x14200 cleaner cleaner 69274 116639 0 0 3 0x14200 reaper reaper 15640 395132 0 0 3 0x14200 pgdaemon pagedaemon 47326 301581 0 0 3 0x14200 bored viomb 90308 360955 0 0 3 0x40014200 acpi0 acpi0 52104 4831 0 0 7 0x40014200 idle1 2182 154010 0 0 3 0x14200 bored softnet 72079 76882 0 0 3 0x14200 bored systqmp 57565 447651 0 0 3 0x14200 bored systq 34940 461940 0 0 2 0x40014200 softclock 5029 425444 0 0 3 0x40014200 idle0 1 210829 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 5291 (syz-executor.0) thread 0xffff80002af077b0 (285006) exclusive rrwlock inode r = 0 (0xfffffd806d413a38) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:579 #5 uvn_io+0x338 sys/uvm/uvm_vnode.c:1226 #6 uvm_pager_put+0x137 sys/uvm/uvm_pager.c:520 #7 uvn_flush+0x532 sys/uvm/uvm_vnode.c:719 #8 uvm_vnp_sync+0x15f sys/uvm/uvm_vnode.c:1503 #9 sys_sync+0x9b sys/kern/vfs_syscalls.c:538 #10 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #10 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #11 Xsyscall+0x128 exclusive rwlock uvnsync r = 0 (0xffffffff82a99540) #0 witness_lock+0x44d #1 uvm_vnp_sync+0x24 sys/uvm/uvm_vnode.c:1459 #2 sys_sync+0x9b sys/kern/vfs_syscalls.c:538 #3 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #3 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #4 Xsyscall+0x128 shared rwlock vfslock r = 0 (0xffff8000006d5c58) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 vfs_busy+0x71 sys/kern/vfs_subr.c:232 #3 sys_sync+0x4d sys/kern/vfs_syscalls.c:532 #4 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #4 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #5 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 2 (0xffffffff82aa6758) #0 witness_lock+0x44d #1 syscall+0x3ef mi_syscall sys/sys/syscall_mi.h:93 [inline] #1 syscall+0x3ef sys/arch/amd64/amd64/trap.c:585 #2 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10206 6562K 7449K 78643K 44031 0 pcb 13 16K 18K 78643K 1337 0 rtable 200 22K 24K 78643K 2409 0 ifaddr 95 20K 21K 78643K 886 0 sysctl 3 1K 1K 78643K 3 0 counters 54 35K 35K 78643K 166 0 ioctlops 0 0K 4K 78643K 3158 0 iov 0 0K 28K 78643K 713 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1398 87K 88K 78643K 9211 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 70 0 VM map 2 1K 1K 78643K 2 0 sem 12 1K 1K 78643K 301 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 17 61K 85K 78643K 7683 0 sigio 0 0K 0K 78643K 290 0 proc 70 87K 111K 78643K 1106 0 subproc 104 6K 6K 78643K 251 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1028 0 in_multi 63 4K 6K 78643K 637 0 ether_multi 1 0K 0K 78643K 94 0 mrt 1 0K 0K 78643K 33 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 163 731K 731K 78643K 163 0 exec 0 0K 2K 78643K 1826 0 pfkey data 0 0K 1K 78643K 7 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 477 456K 457K 78643K 98708 0 UVM aobj 131 4K 4K 78643K 131 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 476 0 NDP 14 0K 2K 78643K 152 0 temp 146 4715K 4799K 78643K 104019 0 kqueue 10 14K 20K 78643K 350 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 538 0 535 12 11 1 3 0 8 0 rtentry 112 342 0 273 4 1 3 4 0 8 0 unpcb 136 7728 0 7713 63 54 9 9 0 8 8 syncache 296 33 0 33 11 10 1 1 0 8 1 tcpqe 32 549 0 549 8 8 0 3 0 8 0 tcpcb 736 4946 0 4934 117 109 8 14 0 8 6 arp 120 40 0 28 1 0 1 1 0 8 0 inpcb 304 11090 0 11081 101 92 9 11 0 8 8 rttmr 72 10 0 10 2 2 0 1 0 8 0 nd6 48 109 0 95 1 0 1 1 0 8 0 pkpcb 40 204 0 204 9 9 0 2 0 8 0 kcovpl 48 19 0 11 1 0 1 1 0 8 0 ppxss 1248 18 0 18 3 3 0 1 0 8 0 pfstscr 40 10 0 10 1 1 0 1 0 8 0 pffrag 232 62 0 60 5 4 1 1 0 482 0 pffrnode 88 62 0 60 5 4 1 1 0 8 0 pffrent 40 345 0 343 5 4 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrke_plain 168 8 0 8 1 1 0 1 0 8 0 pfrktable 1344 627 0 611 4 2 2 2 0 8 0 pftag 88 12 0 4 1 0 1 1 0 8 0 pfqueue 264 3 0 3 1 0 1 1 0 8 1 pfstitem 24 87 0 85 1 0 1 1 0 8 0 pfstkey 112 98 0 96 2 1 1 2 0 8 0 pfstate 320 92 0 90 3 2 1 3 0 8 0 pfrule 1360 378 0 305 10 3 7 7 0 8 0 art_heap8 4096 6 0 4 3 1 2 3 0 8 0 art_heap4 256 1664 0 1352 38 14 24 30 0 8 0 art_table 32 1670 0 1356 4 0 4 4 0 8 0 art_node 16 337 0 277 1 0 1 1 0 8 0 sysvmsgpl 40 59 0 22 1 0 1 1 0 8 0 semapl 112 299 0 289 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 11412 0 9950 92 0 92 92 0 8 0 ffsino 272 11412 0 9950 98 0 98 98 0 8 0 nchpl 144 21580 0 19951 63 0 63 63 0 8 0 rtmask 32 16 0 16 1 1 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 78545 0 78545 7 6 1 2 0 8 1 percpumem 16 95 0 56 1 0 1 1 0 8 0 vcpupl 2048 27 0 0 4 0 4 4 0 8 0 vmpool 560 41 0 14 3 1 2 2 0 8 0 pfiaddrpl 120 202 0 184 2 1 1 1 0 8 0 scsiplug 72 6 0 6 2 2 0 1 0 8 0 scxspl 216 64859 0 64859 19 18 1 8 0 8 1 plimitpl 152 748 0 733 1 0 1 1 0 8 0 sigapl 424 7996 0 7950 8 2 6 8 0 8 0 futexpl 64 78981 0 78975 4 3 1 1 0 8 0 knotepl 112 133 0 0 4 0 4 4 0 8 0 kqueuepl 216 1515 0 1507 27 22 5 5 0 8 4 pipepl 336 1478 0 1450 42 37 5 18 0 8 2 fdescpl 496 7960 0 7930 5 0 5 5 0 8 0 filepl 152 60117 0 59875 124 106 18 27 0 8 8 lockfpl 104 1942 0 1940 4 3 1 2 0 8 0 lockfspl 48 563 0 561 1 0 1 1 0 8 0 sessionpl 144 37 0 20 1 0 1 1 0 8 0 pgrppl 48 45 0 28 1 0 1 1 0 8 0 ucredpl 96 5712 0 5698 1 0 1 1 0 8 0 zombiepl 144 7950 0 7949 1 0 1 1 0 8 0 processpl 1064 7996 0 7949 5 0 5 5 0 8 0 procpl 672 21451 0 21389 21 14 7 9 0 8 1 srpgc 96 16 0 16 5 5 0 1 0 8 0 sosppl 168 63 0 63 11 11 0 1 0 8 0 sockpl 480 19570 0 19543 410 398 12 36 0 8 8 mcl64k 65536 19 0 0 3 0 3 3 0 8 0 mcl16k 16384 14 0 0 2 0 2 2 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 13 0 0 1 0 1 1 0 8 0 mcl8k 8192 25 0 0 4 1 3 3 0 8 0 mcl4k 4096 29 0 0 4 1 3 3 0 8 0 mcl2k2 2112 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 531 0 0 42 7 35 42 0 8 0 mtagpl 96 1896 0 0 42 0 42 42 0 8 0 mbufpl 256 3901 0 0 227 0 227 227 0 8 0 bufpl 288 15058 0 8722 453 0 453 453 0 8 0 anonpl 24 2222935 0 2203393 258 113 145 159 0 186 9 amapchunkpl 152 247778 0 246850 105 66 39 51 0 158 1 amappl16 200 21878 0 21204 135 97 38 49 0 8 2 amappl15 192 2129 0 2123 1 0 1 1 0 8 0 amappl14 184 1573 0 1567 2 1 1 1 0 8 0 amappl13 176 574 0 571 1 0 1 1 0 8 0 amappl12 168 1458 0 1449 1 0 1 1 0 8 0 amappl11 160 942 0 924 1 0 1 1 0 8 0 amappl10 152 1052 0 1044 1 0 1 1 0 8 0 amappl9 144 1129 0 1127 1 0 1 1 0 8 0 amappl8 136 1772 0 1660 4 0 4 4 0 8 0 amappl7 128 966 0 949 1 0 1 1 0 8 0 amappl6 120 927 0 903 2 1 1 2 0 8 0 amappl5 112 5612 0 5592 1 0 1 1 0 8 0 amappl4 104 4302 0 4260 7 5 2 2 0 8 0 amappl3 96 2511 0 2495 1 0 1 1 0 8 0 amappl2 88 2343 0 2290 3 1 2 3 0 8 0 amappl1 80 146007 0 145396 19 5 14 19 0 8 0 amappl 88 97773 0 97465 9 1 8 8 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 8001 0 7944 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 8001 0 7944 1 0 1 1 0 8 0 vmmpekpl 168 60739 0 60675 4 0 4 4 0 8 0 vmmpepl 168 724352 0 721495 263 124 139 139 0 357 9 vmsppl 368 8000 0 7944 7 1 6 6 0 8 0 rwobjpl 56 180401 0 172564 121 7 114 115 0 8 0 pdppl 4096 16009 0 15915 331 235 96 96 0 8 2 pvpl 32 3765370 0 3741090 485 248 237 284 0 265 22 pmappl 248 8000 0 7944 5 1 4 4 0 8 0 extentpl 40 57 0 38 1 0 1 1 0 8 0 phpool 112 1490 0 417 31 0 31 31 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace memset() at memset+0x4e VOP_WRITE(fffffd806744b6b0,ffff80002e37ece8,0,fffffd807f7d80c0) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245 uvn_io(fffffd80675a5298,ffff80002e37ee80,f,31,1) at uvn_io+0x394 sys/uvm/uvm_vnode.c:1232 uvm_pager_put(fffffd80675a5298,fffffd8007c7c2c0,ffff80002e37ef18,ffff80002e37ef58,31,0,8fa84ed966ee33a6) at uvm_pager_put+0x137 sys/uvm/uvm_pager.c:520 uvn_flush(fffffd80675a5298,0,0,31) at uvn_flush+0x532 sys/uvm/uvm_vnode.c:719 uvm_vnp_sync(ffff8000006d5c00) at uvm_vnp_sync+0x15f sys/uvm/uvm_vnode.c:1503 sys_sync(ffff80002af077b0,ffff80002e37f068,ffff80002e37f0c0) at sys_sync+0x9b sys/kern/vfs_syscalls.c:538 syscall(ffff80002e37f130) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002e37f130) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf9984da4250, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5