panic: pool_do_get: shmpl free list modified: page 0xfffffd806ca2f000; item addr 0xfffffd806ca2f7e0; offset 0x40=0x69162e14
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 28888 26134 32767 0x10 0x4000000 0K syz-executor
354806 87123 32767 0x1010 0x4080000 1 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83390eaf) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_do_get(ffffffff839c0248,1,ffff8000377f1b48) at pool_do_get+0x5df
pool_get(ffffffff839c0248,1) at pool_get+0x162 sys/kern/subr_pool.c:-1
shmget_allocate_segment(ffff80003b80cfb0,ffff8000377f1da0,40,ffff8000377f1cf0) at shmget_allocate_segment+0x1af sys/kern/sysv_shm.c:-1
sys_shmget(ffff80003b80cfb0,ffff8000377f1da0,ffff8000377f1cf0) at sys_shmget+0x195 sys/kern/sysv_shm.c:482
syscall(ffff8000377f1da0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff8000377f1da0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:765
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x2d93fdb7f90, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: pool_do_get: shmpl free list modified: page 0xfffffd806ca2f000; item addr 0xfffffd806ca2f7e0; offset 0x40=0x69162e14
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83390eaf) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_do_get(ffffffff839c0248,1,ffff8000377f1b48) at pool_do_get+0x5df
pool_get(ffffffff839c0248,1) at pool_get+0x162 sys/kern/subr_pool.c:-1
shmget_allocate_segment(ffff80003b80cfb0,ffff8000377f1da0,40,ffff8000377f1cf0) at shmget_allocate_segment+0x1af sys/kern/sysv_shm.c:-1
sys_shmget(ffff80003b80cfb0,ffff8000377f1da0,ffff8000377f1cf0) at sys_shmget+0x195 sys/kern/sysv_shm.c:482
syscall(ffff8000377f1da0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff8000377f1da0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:765
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x2d93fdb7f90, count: -8
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff8000377f1970
rbx 0xffffffff8382ce07 cpu_info_full_primary+0x2e07
rdx 0
rcx 0xffff80003b80cfb0
rax 0xffffffff8382bff0 cpu_info_full_primary+0x1ff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0x7d699440cf3d43b5
r11 0x621611b1061692ea
r12 0xffffffff8382cc08 cpu_info_full_primary+0x2c08
r13 0
r14 0
r15 0x1
rip 0xffffffff82ef20c5 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff8000377f1960
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor) tid=28888 pid=26134 tcnt=3 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
runpri=32, usrpri=72, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003b80d4e0,0xffff80003b80c7f8
process=0xffff80003c429d00 user=0xffff8000377ec000, vmspace=0xfffffd806ccc2210
estcpu=22, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
26134 183173 74343 32767 2 0x10 syz-executor
*26134 28888 74343 32767 7 0x4000010 syz-executor
26134 131075 74343 32767 3 0x4000090 fsleep syz-executor
29559 384433 66689 32767 2 0xc90 syz-executor
29559 126856 66689 32767 3 0x4000090 fifow syz-executor
29559 196004 66689 32767 3 0x4000090 fifow syz-executor
29559 384460 66689 32767 3 0x4000090 fsleep syz-executor
29559 327060 66689 32767 3 0x4000090 fsleep syz-executor
87123 522963 13018 32767 3 0x3010 suspend syz-executor
87123 354806 13018 32767 7 0x4081010 syz-executor
84048 203890 96089 32767 2 0x10000c90 syz-executor
94302 307870 46874 32767 2 0x10000c90 syz-executor
74343 489073 36583 32767 2 0xc90 syz-executor
27826 394905 55677 32767 3 0x90 nanoslp syz-executor
66689 197849 78141 32767 2 0xc90 syz-executor
13018 331186 27980 32767 3 0x90 nanoslp syz-executor
47481 388136 28457 32767 2 0x10 syz-executor
64223 378452 63992 32767 3 0x90 wait syz-executor
46874 121962 7780 0 3 0x82 wait syz-executor
96089 425755 7780 0 3 0x82 wait syz-executor
78141 329974 7780 0 3 0x82 wait syz-executor
27980 457937 7780 0 3 0x82 wait syz-executor
55677 404182 7780 0 3 0x82 wait syz-executor
28457 150810 7780 0 3 0x82 wait syz-executor
63992 325951 7780 0 3 0x82 wait syz-executor
36583 309451 7780 0 3 0x82 wait syz-executor
7780 343098 84519 0 2 0x82 syz-executor
84519 317162 49826 0 3 0x10008a sigsusp ksh
49826 426393 11509 0 3 0x98 kqread sshd-session
11509 351142 41348 0 3 0x92 kqread sshd-session
12260 478758 1 0 3 0x100083 ttyin getty
41348 236312 1 0 3 0x88 kqread sshd
53409 233217 92475 73 3 0x1100090 kqread syslogd
92475 197423 1 0 3 0x100082 sbwait syslogd
56307 7297 1 0 3 0x100080 kqread resolvd
51486 177134 6002 77 3 0x100092 kqread dhcpleased
61384 132216 6002 77 3 0x100092 kqread dhcpleased
6002 342974 1 0 3 0x80 kqread dhcpleased
97488 80825 0 0 3 0x14200 bored smr
81491 403685 0 0 3 0x14200 pgzero zerothread
3627 199537 0 0 3 0x14200 aiodoned aiodoned
71080 1744 0 0 3 0x14200 syncer update
44180 300045 0 0 3 0x14200 cleaner cleaner
74215 3787 0 0 3 0x14200 reaper reaper
58480 411757 0 0 3 0x14200 pgdaemon pagedaemon
59096 29364 0 0 3 0x14200 bored viomb
13320 395362 0 0 3 0x40014200 acpi0 acpi0
19817 279887 0 0 3 0x40014200 idle1
20770 40760 0 0 3 0x14200 bored softnet1
79782 396833 0 0 3 0x14200 bored softnet0
91876 10240 0 0 3 0x14200 bored systqmp
62738 59410 0 0 3 0x14200 bored systq
18307 325040 0 0 3 0x14200 tmoslp softclockmp
39909 188099 0 0 3 0x40014200 tmoslp softclock
11371 67248 0 0 3 0x40014200 idle0
1 396318 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex shmpl r = 0 (0xffffffff839c0260)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 pool_get+0x124 sys/kern/subr_pool.c:581
#3 shmget_allocate_segment+0x1af sys/kern/sysv_shm.c:-1
#4 sys_shmget+0x195 sys/kern/sysv_shm.c:482
#5 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#5 syscall+0xb17 sys/arch/amd64/amd64/trap.c:765
#6 Xsyscall+0x128
Process 26134 (syz-executor) thread 0xffff80003b80cfb0 (28888)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83969fc8)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline]
#1 syscall+0xaf4 sys/arch/amd64/amd64/trap.c:765
#2 Xsyscall+0x128
exclusive mutex shmpl r = 0 (0xffffffff839c0260)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 pool_get+0x124 sys/kern/subr_pool.c:581
#3 shmget_allocate_segment+0x1af sys/kern/sysv_shm.c:-1
#4 sys_shmget+0x195 sys/kern/sysv_shm.c:482
#5 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#5 syscall+0xb17 sys/arch/amd64/amd64/trap.c:765
#6 Xsyscall+0x128
Process 47481 (syz-executor) thread 0xffff8000fffeea78 (388136)
exclusive rrwlock inode r = 0 (0xfffffd806cb0f328)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4 ufs_ihashins+0x4f ufs_ihash sys/ufs/ufs/ufs_ihash.c:-1 [inline]
#4 ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:159
#5 ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1232
#6 ffs_inode_alloc+0x279 sys/ufs/ffs/ffs_alloc.c:393
#7 ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112
#8 VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394
#9 domkdirat+0x179 sys/kern/vfs_syscalls.c:3113
#10 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#10 syscall+0xb17 sys/arch/amd64/amd64/trap.c:765
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8071978b30)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570
#5 vfs_lookup+0x11c sys/kern/vfs_lookup.c:-1
#6 namei+0x7ca sys/kern/vfs_lookup.c:250
#7 domkdirat+0x8b sys/kern/vfs_syscalls.c:3098
#8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:765
#9 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10221 10960K 10969K 166960K 11314 0
pcb 17 12K 12K 166960K 17 0
rtable 241 6K 7K 166960K 360 0
pf 31 16K 16K 166960K 31 0
ifaddr 42 7K 7K 166960K 44 0
ifgroup 50 2K 2K 166960K 50 0
sysctl 1 1K 9K 166960K 5 0
counters 68 36K 36K 166960K 68 0
ioctlops 0 0K 2K 166960K 32 0
iov 0 0K 12K 166960K 10 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1336 84K 84K 166960K 1373 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 7 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 78 0
dirhash 12 2K 2K 166960K 18 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 23 85K 121K 166960K 323 0
sigio 0 0K 0K 166960K 4 0
proc 61 115K 163K 166960K 525 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 2 0K 0K 166960K 110 0
in_multi 102 7K 7K 166960K 105 0
ether_multi 1 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 259 1155K 1155K 166960K 259 0
exec 0 0K 1K 166960K 360 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 259 168K 187K 166960K 4632 0
UVM aobj 11 2K 3K 166960K 12 0
pinsyscall 44 88K 112K 166960K 1384 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 16 0
NDP 11 0K 2K 166960K 27 0
temp 43 8652K 8731K 166960K 4539 0
kqueue 14 22K 28K 166960K 60 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 88 0 83 2 0 2 2 0 8 1
rtentry 176 113 0 1 6 0 6 6 0 8 0
unpcb 144 712 0 695 5 0 5 5 0 8 4
syncache 336 7 0 7 1 0 1 1 0 8 1
tcpcb 736 172 0 166 7 0 7 7 0 8 5
arp 136 18 0 0 1 0 1 1 0 8 0
ipq 40 2 0 0 1 0 1 1 0 8 0
ipqe 40 2 0 0 1 0 1 1 0 8 0
inpcb 328 434 0 425 12 3 9 12 0 8 7
ip6q 72 1 0 1 1 0 1 1 0 8 1
ip6af 40 2 0 2 1 0 1 1 0 8 1
nd6 152 26 0 0 1 0 1 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 469 0 0 30 0 30 30 0 8 0
art_table 40 470 0 0 5 0 5 5 0 8 0
art_node 32 113 0 11 1 0 1 1 0 8 0
sysvmsgpl 40 7 0 4 1 0 1 1 0 8 0
semupl 112 1 0 1 1 0 1 1 0 8 1
semapl 112 76 0 66 1 0 1 1 0 8 0
shmpl 112 9 0 1 1 0 1 1 0 8 0
pool(0xffffffff839c0248:shmpl): page inconsistency: page 0xfffffd806ca2f000; 26 on list, 8 missing, 35 items per page
dirhash 1024 21 0 4 3 0 3 3 0 8 0
dino2pl 256 1838 0 323 96 0 96 96 0 8 0
ffsino 296 1838 0 323 117 0 117 117 0 8 0
nchpl 144 2266 0 575 63 0 63 63 0 8 0
vnodes 216 1919 0 0 107 0 107 107 0 8 0
namei 1024 7136 0 7135 1 0 1 1 0 8 0
percpumem 16 49 0 0 1 0 1 1 0 8 0
kstatmem 264 24 0 0 2 0 2 2 0 8 0
scxspl 216 7603 0 7603 3 1 2 2 1 8 2
plimitpl 152 97 0 73 2 0 2 2 0 8 1
sigapl 424 608 0 555 7 0 7 7 0 8 0
knotepl 120 358 0 0 11 0 11 11 0 8 0
kqueuepl 224 145 0 133 5 0 5 5 0 8 3
pipepl 344 122 0 95 3 0 3 3 0 8 0
fdescpl 528 592 0 557 3 0 3 3 0 8 0
filepl 160 3156 0 2937 20 2 18 20 0 8 7
lockfpl 104 140 0 137 1 0 1 1 0 8 0
lockfspl 48 29 0 26 1 0 1 1 0 8 0
sessionpl 144 25 0 9 1 0 1 1 0 8 0
pgrppl 48 34 0 10 1 0 1 1 0 8 0
ucredpl 104 489 0 470 1 0 1 1 0 8 0
zombiepl 144 560 0 555 1 0 1 1 0 8 0
processpl 1232 608 0 555 5 0 5 5 0 8 0
procpl 664 937 0 877 6 0 6 6 0 8 0
sosppl 176 4 0 4 1 0 1 1 0 8 1
sockpl 752 1238 0 1207 28 17 11 28 0 8 7
mcl64k 65536 16 0 0 2 0 2 2 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 123 0 0 16 0 16 16 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 54 0 0 7 0 7 7 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 618 0 0 39 0 39 39 0 8 0
bufpl 280 2766 0 119 190 0 190 190 0 8 0
anonpl 32 7580 0 0 62 0 62 62 0 246 0
amapchunkpl 152 14740 0 14183 35 0 35 35 0 158 9
amappl16 200 2543 0 2280 16 2 14 14 0 8 0
amappl15 192 6 0 6 1 1 0 1 0 8 0
amappl14 184 18 0 18 1 1 0 1 0 8 0
amappl13 176 400 0 399 1 0 1 1 0 8 0
amappl12 168 938 0 894 3 0 3 3 0 8 0
amappl11 160 2 0 2 1 1 0 1 0 8 0
amappl10 152 42 0 32 1 0 1 1 0 8 0
amappl9 144 245 0 244 1 0 1 1 0 8 0
amappl8 136 51 0 50 1 0 1 1 0 8 0
amappl7 128 74 0 73 1 0 1 1 0 8 0
amappl6 120 326 0 314 1 0 1 1 0 8 0
amappl5 112 95 0 87 1 0 1 1 0 8 0
amappl4 104 395 0 371 1 0 1 1 0 8 0
amappl3 96 2304 0 2205 3 0 3 3 0 8 0
amappl2 88 729 0 652 2 0 2 2 0 8 0
amappl1 80 10383 0 9826 14 0 14 14 0 8 1
amappl 88 3896 0 3710 5 0 5 5 0 92 0
uvmvnodes 80 106 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 11 0 1 1 0 1 1 0 8 0
uaddrrnd 24 592 0 557 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 592 0 557 1 0 1 1 0 8 0
vmmpekpl 168 6740 0 6704 2 0 2 2 0 8 0
vmmpepl 168 46779 0 44569 104 0 104 104 0 357 1
vmsppl 488 591 0 557 7 1 6 6 0 8 0
rwobjpl 80 16395 0 15195 27 0 27 27 0 8 0
pdppl 4096 1192 0 1114 108 24 84 98 0 8 6
pvpl 32 15930 0 0 130 1 129 130 0 265 0
pmappl 256 591 0 557 4 1 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 319 0 27 9 0 9 9 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83390eaf) at panic+0x1e5 sys/kern/subr_prf.c:198
pool_do_get(ffffffff839c0248,1,ffff8000377f1b48) at pool_do_get+0x5df
pool_get(ffffffff839c0248,1) at pool_get+0x162 sys/kern/subr_pool.c:-1
shmget_allocate_segment(ffff80003b80cfb0,ffff8000377f1da0,40,ffff8000377f1cf0) at shmget_allocate_segment+0x1af sys/kern/sysv_shm.c:-1
sys_shmget(ffff80003b80cfb0,ffff8000377f1da0,ffff8000377f1cf0) at sys_shmget+0x195 sys/kern/sysv_shm.c:482
syscall(ffff8000377f1da0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff8000377f1da0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:765
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x2d93fdb7f90, count: -8
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 kd_curproc sys/dev/kcov.c:585 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 sys/dev/kcov.c:153
_rb_root(ffffffff83780ce8,fffffd806ca9ed98) at _rb_root+0x27 sys/kern/subr_tree.c:-1
uvm_map_lookup_entry(fffffd806ca9ed88,fc2000,ffff80003c479538) at uvm_map_lookup_entry+0x106 uvm_map_entrybyaddr sys/uvm/uvm_map.c:-1 [inline]
uvm_map_lookup_entry(fffffd806ca9ed88,fc2000,ffff80003c479538) at uvm_map_lookup_entry+0x106 sys/uvm/uvm_map.c:1565
uvmfault_lookup(ffff80003c479510,0) at uvmfault_lookup+0x133 sys/uvm/uvm_fault.c:1902
uvm_fault_check(ffff80003c479510,ffff80003c479548,ffff80003c479580,0) at uvm_fault_check+0x4f sys/uvm/uvm_fault.c:699
uvm_fault(fffffd806ca9ed88,fc2000,0,2) at uvm_fault+0x106 sys/uvm/uvm_fault.c:633
kpageflttrap(ffff80003c4796c0,fc21e0) at kpageflttrap+0x2f4 sys/arch/amd64/amd64/trap.c:283
kerntrap(ffff80003c4796c0) at kerntrap+0x19c sys/arch/amd64/amd64/trap.c:510
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyout() at copyout+0x64
syscall(ffff80003c479b00) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c479b00) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
end trace frame: 0xffff80003c479b80, count: 0
ddb{1}> trace
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 kd_curproc sys/dev/kcov.c:585 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 sys/dev/kcov.c:153
_rb_root(ffffffff83780ce8,fffffd806ca9ed98) at _rb_root+0x27 sys/kern/subr_tree.c:-1
uvm_map_lookup_entry(fffffd806ca9ed88,fc2000,ffff80003c479538) at uvm_map_lookup_entry+0x106 uvm_map_entrybyaddr sys/uvm/uvm_map.c:-1 [inline]
uvm_map_lookup_entry(fffffd806ca9ed88,fc2000,ffff80003c479538) at uvm_map_lookup_entry+0x106 sys/uvm/uvm_map.c:1565
uvmfault_lookup(ffff80003c479510,0) at uvmfault_lookup+0x133 sys/uvm/uvm_fault.c:1902
uvm_fault_check(ffff80003c479510,ffff80003c479548,ffff80003c479580,0) at uvm_fault_check+0x4f sys/uvm/uvm_fault.c:699
uvm_fault(fffffd806ca9ed88,fc2000,0,2) at uvm_fault+0x106 sys/uvm/uvm_fault.c:633
kpageflttrap(ffff80003c4796c0,fc21e0) at kpageflttrap+0x2f4 sys/arch/amd64/amd64/trap.c:283
kerntrap(ffff80003c4796c0) at kerntrap+0x19c sys/arch/amd64/amd64/trap.c:510
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyout() at copyout+0x64
syscall(ffff80003c479b00) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c479b00) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xfb93ffe0cf0, count: -15