uvm_fault(0xfffffd806c1b9d38, 0x0, 0, 1) -> e kernel: page fault trap, code=0 Stopped at _copyinstr+0x58: lodsb (%rsi) TID PID UID PRFLAGS PFLAGS CPU COMMAND *275469 46459 0 0x2000 0x4000000 0K syz-executor _copyinstr() at _copyinstr+0x58 sys_unveil(ffff80003c44e030,ffff80003c68b5f0,ffff80003c68b540) at sys_unveil+0x152 sys/kern/vfs_syscalls.c:982 syscall(ffff80003c68b5f0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c68b5f0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:742 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x65e0e7e38b0, count: 11 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xfffffd806c1b9d38, 0x0, 0, 1) -> e ddb{0}> trace _copyinstr() at _copyinstr+0x58 sys_unveil(ffff80003c44e030,ffff80003c68b5f0,ffff80003c68b540) at sys_unveil+0x152 sys/kern/vfs_syscalls.c:982 syscall(ffff80003c68b5f0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c68b5f0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:742 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x65e0e7e38b0, count: -4 ddb{0}> show registers rdi 0xffff80002a2d3c00 rsi 0 rbp 0xffff80003c68b3f0 rbx 0xffff80003c68b5f0 rdx 0x400 rcx 0xffff80003c686000 rax 0x7f7fffffc000 r8 0x400 r9 0xffff80003c68b390 r10 0xe849e9dde4c53d30 r11 0xffffffff8263ebb0 copystr_fault r12 0xffff80002a2d3c00 r13 0xffff80003c68b4b8 r14 0x400 r15 0 rip 0xffffffff8263eb88 _copyinstr+0x58 cs 0x8 rflags 0x50206 acpi_pdirpa+0x3c077 rsp 0xffff80003c68b378 ss 0x10 _copyinstr+0x58: lodsb (%rsi) ddb{0}> show proc PROC (syz-executor) tid=275469 pid=46459 tcnt=3 stat=onproc flags process=2000 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80003c44e030 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c44f740,0xffffffff8395fb18 process=0xffff80003c41c4f8 user=0xffff80003c686000, vmspace=0xfffffd806c1b9d38 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 46459 202150 19281 0 4 0x82000 syz-executor 46459 242149 19281 0 4 0x4082000 syz-executor *46459 275469 19281 0 7 0x4002000 syz-executor 96383 394869 99612 0 2 0 syz-executor 96383 379047 99612 0 3 0x4000080 kqread syz-executor 96383 497459 99612 0 3 0x4000080 fsleep syz-executor 96383 450396 99612 0 3 0x4000080 fsleep syz-executor 97390 375699 95942 0 2 0 syz-executor 97390 429099 95942 0 3 0x4000080 fsleep syz-executor 14810 433735 47927 0 2 0xc80 syz-executor 14810 329439 47927 0 3 0x4000080 msgwait syz-executor 14810 239741 47927 0 3 0x4000080 fsleep syz-executor 72937 135520 7468 0 2 0xc80 syz-executor 72937 21340 7468 0 3 0x4000080 fsleep syz-executor 72937 204189 7468 0 3 0x4000080 lockf syz-executor 24270 330493 60004 0 2 0 syz-executor 24270 410616 60004 0 3 0x4000080 kqsel syz-executor 24270 234836 60004 0 3 0x4000080 fsleep syz-executor 98597 392027 28610 0 3 0x3000 suspend syz-executor 98597 429339 28610 0 2 0x4081000 syz-executor 98597 243501 28610 0 3 0x4081000 inode syz-executor 98597 66072 28610 0 3 0x4081000 inode syz-executor 32400 22925 0 0 3 0x14200 bored sosplice 99612 193717 22727 0 3 0x82 nanoslp syz-executor 7468 329070 22727 0 2 0xc82 syz-executor 47927 2275 22727 0 2 0xc82 syz-executor 60004 129234 22727 0 2 0xc82 syz-executor 19281 220673 22727 0 3 0x82 nanoslp syz-executor 95942 513130 22727 0 2 0xc82 syz-executor 28610 132513 22727 0 2 0xc82 syz-executor 70668 238973 22727 0 2 0x2 syz-executor 22727 102382 57043 0 3 0x82 kqread syz-executor 57043 194288 92587 0 3 0x10008a sigsusp ksh 92587 353656 39775 0 3 0x98 kqread sshd-session 39775 107335 55141 0 3 0x92 kqread sshd-session 47049 510347 1 0 3 0x100083 ttyin getty 55141 175819 1 0 3 0x88 kqread sshd 736 93140 47075 74 3 0x1100092 bpf pflogd 47075 264469 1 0 3 0x80 sbwait pflogd 29242 49638 40692 73 3 0x1100090 kqread syslogd 40692 327466 1 0 3 0x100082 sbwait syslogd 30774 16866 1 0 3 0x100080 kqread resolvd 79557 2069 580 77 3 0x100092 kqread dhcpleased 94520 276274 580 77 3 0x100092 kqread dhcpleased 580 140419 1 0 3 0x80 kqread dhcpleased 4442 268818 0 0 3 0x14200 bored smr 88664 96912 0 0 3 0x14200 pgzero zerothread 97183 429144 0 0 3 0x14200 aiodoned aiodoned 86480 458673 0 0 3 0x14200 syncer update 2062 371870 0 0 3 0x14200 cleaner cleaner 62667 192840 0 0 3 0x14200 reaper reaper 24782 147127 0 0 3 0x14200 pgdaemon pagedaemon 92674 111954 0 0 3 0x14200 bored viomb 8974 152396 0 0 3 0x40014200 acpi0 acpi0 58023 159983 0 0 7 0x40014200 idle1 96112 480744 0 0 3 0x14200 bored softnet3 63606 347520 0 0 3 0x14200 bored softnet2 18663 405553 0 0 3 0x14200 bored softnet1 20655 453536 0 0 3 0x14200 bored softnet0 76548 277415 0 0 3 0x14200 bored systqmp 91705 389028 0 0 3 0x14200 bored systq 34249 411374 0 0 3 0x14200 tmoslp softclockmp 55664 115840 0 0 2 0x40014200 softclock 78092 20120 0 0 3 0x40014200 idle0 1 254246 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 46459 (syz-executor) thread 0xffff80003c44e030 (275469) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83901ff8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 #2 sleep_finish+0x2da sys/kern/kern_synch.c:366 #3 msleep_nsec+0x141 sys/kern/kern_synch.c:219 #4 single_thread_set+0x1de sys/kern/kern_sig.c:2336 #5 sys_unveil+0x117 sys/kern/vfs_syscalls.c:981 #6 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] #6 syscall+0xb08 sys/arch/amd64/amd64/trap.c:742 #7 Xsyscall+0x128 Process 98597 (syz-executor) thread 0xffff80003c44e7e0 (429339) exclusive rrwlock inode r = 0 (0xfffffd806b723f40) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x377 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:605 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vn_write+0x190 sys/kern/vfs_vnops.c:405 #6 dofilewritev+0x23c sys/kern/sys_generic.c:380 #7 sys_write+0xa2 sys/kern/sys_generic.c:300 #8 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:742 #9 Xsyscall+0x128 Process 98597 (syz-executor) thread 0xffff80003c450f88 (66072) exclusive rrwlock inode r = 0 (0xfffffd806db958a8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x377 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:605 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vfs_lookup+0x109 sys/kern/vfs_lookup.c:418 #6 namei+0x7aa sys/kern/vfs_lookup.c:250 #7 vn_open+0x13f sys/kern/vfs_vnops.c:140 #8 sys_acct+0xb9 sys/kern/kern_acct.c:121 #9 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] #9 syscall+0xb08 sys/arch/amd64/amd64/trap.c:742 #10 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10209 11137K 11621K 166960K 13230 0 pcb 17 12K 12K 166960K 95 0 rtable 212 9K 9K 166960K 391 0 pf 35 17K 22K 166960K 93 0 ifaddr 41 7K 7K 166960K 60 0 ifgroup 51 2K 2K 166960K 82 0 sysctl 3 1K 9K 166960K 10 0 counters 66 36K 37K 166960K 108 0 ioctlops 0 0K 4K 166960K 1552 0 iov 0 0K 20K 166960K 96 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1497 94K 94K 166960K 2355 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 8 0 VM map 2 1K 1K 166960K 2 0 sem 16 5K 5K 166960K 20 0 dirhash 12 2K 2K 166960K 21 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 89K 166960K 762 0 sigio 0 0K 0K 166960K 8 0 proc 72 91K 140K 166960K 571 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 46 0 in_multi 91 6K 7K 166960K 115 0 ether_multi 1 0K 0K 166960K 5 0 mrt 1 0K 0K 166960K 5 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 91 413K 413K 166960K 91 0 exec 0 0K 1K 166960K 400 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 260 169K 182K 166960K 8673 0 UVM aobj 11 2K 2K 166960K 11 0 pinsyscall 43 86K 102K 166960K 1845 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 15 0 NDP 11 0K 2K 166960K 39 0 temp 52 8689K 8801K 166960K 39599 0 kqueue 16 26K 32K 166960K 127 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 67 0 63 1 0 1 1 0 8 0 rtentry 176 120 0 28 6 0 6 6 0 8 0 unpcb 144 372 0 353 3 1 2 2 0 8 1 syncache 336 4 0 4 2 2 0 1 0 8 0 tcpcb 736 215 0 211 10 3 7 7 0 8 6 arp 128 20 0 4 1 0 1 1 0 8 0 inpcb 328 624 0 550 10 3 7 7 0 8 0 nd6 144 25 0 3 1 0 1 1 0 8 0 pkpcb 40 4 0 4 2 1 1 1 0 8 1 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1192 18 0 18 1 0 1 1 0 8 1 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pffrag 232 6 0 1 1 0 1 1 0 482 0 pffrnode 88 6 0 1 1 0 1 1 0 8 0 pffrent 40 9 0 2 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 3 0 1 1 0 1 1 0 8 0 pfanchor 1288 4 0 0 1 0 1 1 0 8 0 pfstitem 24 47 0 11 1 0 1 1 0 8 0 pfstkey 128 49 0 13 2 0 2 2 0 8 0 pfstate 384 47 0 12 4 0 4 4 0 8 0 pfrule 1344 26 0 17 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 497 0 95 29 0 29 29 0 8 3 art_table 32 498 0 95 4 0 4 4 0 8 0 art_node 16 119 0 40 1 0 1 1 0 8 0 sysvmsgpl 40 7 0 5 1 0 1 1 0 8 0 semapl 112 16 0 2 1 0 1 1 0 8 0 shmpl 112 8 0 0 1 0 1 1 0 8 0 dirhash 1024 23 0 6 3 0 3 3 0 8 0 dino2pl 256 2706 0 1196 95 0 95 95 0 8 0 ffsino 288 2706 0 1196 109 0 109 109 0 8 0 nchpl 144 3728 0 2032 63 0 63 63 0 8 0 rtmask 32 7 0 7 3 2 1 1 0 8 1 uvmvnodes 80 3489 0 0 72 0 72 72 0 8 0 vnodes 216 3489 0 0 194 0 194 194 0 8 0 namei 1024 12120 0 12118 2 1 1 2 0 8 0 percpumem 16 69 0 21 1 0 1 1 0 8 0 pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0 kstatmem 264 48 0 24 2 0 2 2 0 8 0 scsiplug 72 5 0 5 1 0 1 1 0 8 1 scxspl 216 22121 0 22121 10 5 5 8 1 8 5 plimitpl 152 103 0 84 1 0 1 1 0 8 0 sigapl 424 1064 0 1013 7 1 6 7 0 8 0 knotepl 120 320 0 0 10 0 10 10 0 8 0 kqueuepl 224 201 0 155 3 0 3 3 0 8 0 pipepl 336 217 0 125 8 0 8 8 0 8 0 fdescpl 520 1043 0 1011 3 0 3 3 0 8 0 filepl 160 5740 0 5285 20 1 19 19 0 8 0 lockfpl 104 809 0 803 2 0 2 2 0 8 1 lockfspl 48 395 0 390 1 0 1 1 0 8 0 sessionpl 144 23 0 14 1 0 1 1 0 8 0 pgrppl 48 40 0 23 1 0 1 1 0 8 0 ucredpl 104 855 0 840 1 0 1 1 0 8 0 zombiepl 144 1015 0 1013 1 0 1 1 0 8 0 processpl 1240 1064 0 1013 5 0 5 5 0 8 0 procpl 656 2103 0 2037 7 1 6 7 0 8 0 srpgc 96 3 0 3 2 1 1 1 0 8 1 sosppl 168 2 0 2 1 1 0 1 0 8 0 sockpl 728 1083 0 986 13 3 10 10 0 8 1 mcl64k 65536 5 0 0 1 0 1 1 0 8 0 mcl16k 16384 6 0 0 1 0 1 1 0 8 0 mcl12k 12288 3 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 123 0 0 16 0 16 16 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 33 0 0 5 0 5 5 0 8 0 mtagpl 96 110 0 0 3 0 3 3 0 8 0 mbufpl 256 292 0 0 18 0 18 18 0 8 0 bufpl 280 9073 0 2931 439 0 439 439 0 8 0 anonpl 32 13628 0 0 111 1 110 110 0 246 0 amapchunkpl 152 29456 0 28871 39 2 37 37 0 158 13 amappl16 200 5432 0 5076 61 32 29 29 0 8 10 amappl15 192 4 0 4 1 1 0 1 0 8 0 amappl14 184 118 0 106 1 0 1 1 0 8 0 amappl13 176 5 0 5 1 1 0 1 0 8 0 amappl12 168 1681 0 1649 4 1 3 3 0 8 0 amappl11 160 68 0 53 1 0 1 1 0 8 0 amappl10 152 3 0 3 1 1 0 1 0 8 0 amappl9 144 246 0 245 1 0 1 1 0 8 0 amappl8 136 25 0 21 1 0 1 1 0 8 0 amappl7 128 108 0 95 1 0 1 1 0 8 0 amappl6 120 184 0 181 1 0 1 1 0 8 0 amappl5 112 125 0 115 1 0 1 1 0 8 0 amappl4 104 315 0 295 1 0 1 1 0 8 0 amappl3 96 5537 0 5415 5 1 4 4 0 8 0 amappl2 88 634 0 572 2 0 2 2 0 8 0 amappl1 80 10885 0 10276 15 1 14 15 0 8 0 amappl 88 7917 0 7731 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 3 0 2 1 0 1 1 0 8 0 dma512 512 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 2 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 10 0 0 1 0 1 1 0 8 0 uaddrrnd 24 1044 0 1012 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1044 0 1012 1 0 1 1 0 8 0 vmmpekpl 168 9924 0 9879 3 0 3 3 0 8 0 vmmpepl 168 72717 0 70336 116 4 112 112 0 357 6 vmsppl 480 1043 0 1012 5 1 4 5 0 8 0 rwobjpl 72 26059 0 21276 90 0 90 90 0 8 1 pdppl 4096 2095 0 2024 103 32 71 85 0 8 0 pvpl 32 21356 0 0 173 1 172 172 0 265 0 pmappl 256 1043 0 1012 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 411 0 41 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace _copyinstr() at _copyinstr+0x58 sys_unveil(ffff80003c44e030,ffff80003c68b5f0,ffff80003c68b540) at sys_unveil+0x152 sys/kern/vfs_syscalls.c:982 syscall(ffff80003c68b5f0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c68b5f0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:742 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x65e0e7e38b0, count: -4 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x41e sys/dev/acpi/acpicpu_x86.c:1218 sched_idle(ffff8000299ddff0) at sched_idle+0x4d8 sys/kern/kern_sched.c:191 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x41e sys/dev/acpi/acpicpu_x86.c:1218 sched_idle(ffff8000299ddff0) at sched_idle+0x4d8 sys/kern/kern_sched.c:191 end trace frame: 0x0, count: -5