uvm_fault(0xfffffd806ef0d788, 0x0, 0, 1) -> e
fatal page fault in supervisor mode
trap type 6 code 0 rip ffffffff8212c730 cs 8 rflags 10207 cr2 0 cpl 0 rsp ffff80002a39a460
gsbase 0xffff8000299ddff0 kgsbase 0x0
panic: trap type 6, code=0, pc=ffffffff8212c730
Starting stack trace...
panic(ffffffff8333b44f) at panic+0x1d0 sys/kern/subr_prf.c:229
kerntrap(ffff80002a39a3b0) at kerntrap+0x29b sys/arch/amd64/amd64/trap.c:327
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
dt_ioctl_record_stop(ffff800001675000) at dt_ioctl_record_stop+0xf0 sys/dev/dt/dt_dev.c:580
dtclose(31e5f,81,2000,ffff80003c017238) at dtclose+0x105 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(31e5f,81,2000,ffff80003c017238) at dtclose+0x105 sys/dev/dt/dt_dev.c:232
spec_close(ffff80002a39a560) at spec_close+0x45f sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd806e146a38,81,fffffd80097fb5b0,ffff80003c017238) at VOP_CLOSE+0x133 sys/kern/vfs_vops.c:156
vn_closefile(fffffd805efdb5c0,ffff80003c017238) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd805efdb5c0,ffff80003c017238) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd805efdb5c0,ffff80003c017238) at fdrop+0x126 sys/kern/kern_descrip.c:1267
closef(fffffd805efdb5c0,ffff80003c017238) at closef+0x192 sys/kern/kern_descrip.c:1251
fdfree(ffff80003c017238) at fdfree+0x116 sys/kern/kern_descrip.c:1182
exit1(ffff80003c017238,0,0,1) at exit1+0x59c sys/kern/kern_exit.c:215
sys_exit(ffff80003c017238,ffff80002a39a8d0,ffff80002a39a820) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a39a8d0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a39a8d0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x70d73597c7c0, count: 242
End of stack trace.
WARNING: SPL NOT LOWERED ON TRAP EXIT 4 0
Stopped at proc_trampoline+0xc7: movl $0,%gs:0x688
TID PID UID PRFLAGS PFLAGS CPU COMMAND
406184 56685 0 0 0 0 syz-executor
*137240 56867 0 0 0 1 syz-executor
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x712786f70140, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: uvm_fault(0xfffffd806ef0d788, 0x0, 0, 1) -> e
ddb{1}> trace
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x712786f70140, count: -1
ddb{1}> show registers
rdi 0
rsi 0
rbp 0xffff80002a26c2d0
rbx 0
rdx 0
rcx 0xffff80002a297730
rax 0x2a
r8 0xffff80002a26c200
r9 0x1
r10 0xdcd2b37064426df9
r11 0xcae4b99177469aa6
r12 0
r13 0xffffffff810f2f18 Xdoreti+0x18
r14 0
r15 0
rip 0xffffffff8152a4c7 proc_trampoline+0xc7
cs 0x8
rflags 0x246
rsp 0xffff80002a26c250
ss 0
proc_trampoline+0xc7: movl $0,%gs:0x688
ddb{1}> show proc
PROC (syz-executor) tid=137240 pid=56867 tcnt=2 stat=onproc
flags process=0 proc=0
runpri=86, usrpri=86, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a296540,0xffff80002a296030
process=0xffff80003c43abc0 user=0xffff80002a267000, vmspace=0xfffffd806c212d38
estcpu=36, cpticks=5, pctcpu=0.0, user=3, sys=2, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
36118 409932 21660 0 2 0 syz-executor
56685 406184 8417 0 7 0 syz-executor
56685 462822 8417 0 2 0x4000000 syz-executor
49801 402145 36452 0 2 0 syz-executor
49801 446875 36452 0 2 0x4000000 syz-executor
49421 138131 56035 0 2 0x101004 sh
*56867 137240 90711 0 7 0 syz-executor
56867 376069 90711 0 3 0x4000080 ttyout syz-executor
56035 239362 48094 0 3 0x10008a sigsusp sh
48094 81419 92201 0 3 0x82 wait syz-executor
74837 393203 0 0 3 0x14280 nfsidl nfsio
8267 396870 0 0 3 0x14280 nfsidl nfsio
57488 425827 0 0 3 0x14280 nfsidl nfsio
90737 158271 0 0 3 0x14280 nfsidl nfsio
51008 62357 0 0 3 0x14280 nfsidl nfsio
21257 243600 0 0 3 0x14280 nfsidl nfsio
33090 302269 0 0 3 0x14280 nfsidl nfsio
84178 73656 0 0 3 0x14280 nfsidl nfsio
81727 419013 0 0 3 0x14280 nfsidl nfsio
4034 127416 0 0 3 0x14280 nfsidl nfsio
64158 369104 0 0 3 0x14280 nfsidl nfsio
38700 172741 0 0 3 0x14280 nfsidl nfsio
35487 148744 0 0 3 0x14280 nfsidl nfsio
58610 167611 0 0 3 0x14280 nfsidl nfsio
28824 405223 0 0 3 0x14280 nfsidl nfsio
93622 179924 0 0 3 0x14280 nfsidl nfsio
95870 512840 0 0 3 0x14280 nfsidl nfsio
7950 193948 0 0 3 0x14280 nfsidl nfsio
90649 431186 0 0 3 0x14280 nfsidl nfsio
56284 444657 0 0 3 0x14280 nfsidl nfsio
51913 228387 92201 0 2 0x2 syz-executor
21660 114677 92201 0 3 0x82 nanoslp syz-executor
14581 120393 92201 0 3 0x82 wait syz-executor
90711 287578 92201 0 3 0x82 nanoslp syz-executor
28965 483027 1 0 3 0x100083 ttyin getty
9161 228112 0 0 3 0x14200 bored sosplice
36452 701 92201 0 3 0x82 nanoslp syz-executor
28761 142787 92201 0 2 0x3 syz-executor
8417 80683 92201 0 3 0x82 nanoslp syz-executor
92201 46154 83640 0 3 0x82 kqread syz-executor
83640 330167 7591 0 3 0x10008a sigsusp ksh
7591 402697 28692 0 3 0x98 kqread sshd-session
28692 77511 65902 0 3 0x92 kqread sshd-session
65902 129130 1 0 3 0x88 kqread sshd
10998 225939 25549 74 3 0x1100092 bpf pflogd
25549 467706 1 0 3 0x80 sbwait pflogd
51697 17739 84227 73 3 0x1100090 kqread syslogd
84227 362687 1 0 3 0x100082 sbwait syslogd
93114 282502 1 0 3 0x100080 kqread resolvd
67401 219125 49387 77 3 0x100092 kqread dhcpleased
55252 489935 49387 77 3 0x100092 kqread dhcpleased
49387 402718 1 0 3 0x80 kqread dhcpleased
86057 350034 0 0 3 0x14200 bored smr
57317 94640 0 0 2 0x14200 zerothread
9792 339044 0 0 3 0x14200 aiodoned aiodoned
63001 224709 0 0 3 0x14200 syncer update
63913 5310 0 0 3 0x14200 cleaner cleaner
1983 122807 0 0 3 0x14200 reaper reaper
36867 397501 0 0 3 0x14200 pgdaemon pagedaemon
40300 139346 0 0 3 0x14200 bored viomb
29013 511242 0 0 3 0x40014200 acpi0 acpi0
10435 43854 0 0 3 0x40014200 idle1
83000 11841 0 0 3 0x14200 bored softnet3
18888 375391 0 0 3 0x14200 bored softnet2
1504 36335 0 0 3 0x14200 bored softnet1
81055 368319 0 0 3 0x14200 netlock softnet0
89258 516997 0 0 2 0x40014200 systqmp
78682 419228 0 0 3 0x14200 bored systq
4456 490745 0 0 3 0x14200 tmoslp softclockmp
69787 92823 0 0 3 0x40014200 tmoslp softclock
38125 463393 0 0 3 0x40014200 idle0
1 332071 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{1}> show all locks
Process 36118 (syz-executor) thread 0xffff80003c016fa8 (409932)
Process 49801 (syz-executor) thread 0xffff80003c016048 (446875)
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10252 11076K 12460K 166960K 15365 0
pcb 17 18K 20K 166960K 1119 0
rtable 201 13K 13K 166960K 1050 0
pf 43 19K 67487K 166960K 457 0
ifaddr 35 7K 9K 166960K 235 0
ifgroup 60 2K 3K 166960K 450 0
sysctl 4 1K 9K 166960K 76 0
counters 70 37K 38K 166960K 432 0
ioctlops 0 0K 4K 166960K 2304 0
iov 0 0K 16K 166960K 476 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1521 96K 96K 166960K 5062 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 3 40K 48K 166960K 68 0
VM map 2 1K 1K 166960K 2 0
sem 24 21K 31K 166960K 41 0
dirhash 15 2K 3K 166960K 78 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 240K 166960K 4185 0
sigio 0 0K 0K 166960K 101 0
proc 72 91K 128K 166960K 1219 0
subproc 72 4K 4K 166960K 138 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 771 0
in_multi 56 4K 7K 166960K 274 0
ether_multi 1 0K 0K 166960K 31 0
mrt 1 0K 0K 166960K 24 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 259 1155K 1155K 166960K 259 0
exec 1 0K 1K 166960K 1216 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 8 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 238 171K 185K 166960K 39139 0
UVM aobj 153 4K 6K 166960K 171 0
pinsyscall 44 88K 108K 166960K 5441 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 358 0
NDP 13 0K 2K 166960K 164 0
temp 86 8696K 8819K 166960K 218804 0
kqueue 13 20K 31K 166960K 754 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 482 0 479 6 5 1 3 0 8 0
rtentry 176 279 0 204 6 0 6 6 0 8 0
unpcb 144 2832 0 2813 22 21 1 6 0 8 0
syncache 336 5 0 5 2 2 0 1 0 8 0
tcpqe 32 8 0 8 1 1 0 1 0 8 0
tcpcb 808 1564 0 1557 38 31 7 8 0 8 6
arp 128 48 0 29 1 0 1 1 0 8 0
inpcb 384 4864 0 4853 52 44 8 15 0 8 6
nd6 144 47 0 31 1 0 1 1 0 8 0
pkpcb 40 41 0 41 9 8 1 1 0 8 1
kcovpl 48 15 0 7 1 0 1 1 0 8 0
mppekey 1024 1 0 1 1 1 0 1 0 8 0
ppxss 1192 125 0 125 5 5 0 1 0 8 0
pppxif 1504 30 0 30 10 10 0 1 0 8 0
pffrag 232 17 0 14 1 0 1 1 0 482 0
pffrnode 88 17 0 14 1 0 1 1 0 8 0
pffrent 40 42 0 38 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 2 0 0 1 0 1 1 0 8 0
pfanchor 1288 3 0 0 1 0 1 1 0 8 0
pftag 88 3 0 0 1 0 1 1 0 8 0
pfstitem 24 281 0 207 1 0 1 1 0 8 0
pfstkey 128 281 0 207 4 1 3 4 0 8 0
pfstate 384 281 0 207 12 1 11 12 0 8 1
pfrule 1344 36 0 25 3 2 1 2 0 8 0
rttmr 136 5 0 5 4 4 0 1 0 8 0
art_heap8 4096 5 0 0 5 0 5 5 0 8 0
art_heap4 256 1277 0 953 35 12 23 29 0 8 1
art_table 32 1282 0 953 4 0 4 4 0 8 0
art_node 16 258 0 198 1 0 1 1 0 8 0
sysvmsgpl 40 33 0 25 1 0 1 1 0 8 0
semupl 112 3 0 3 2 2 0 1 0 8 0
semapl 112 31 0 9 1 0 1 1 0 8 0
shmpl 112 168 0 18 5 0 5 5 0 8 0
dirhash 1024 61 0 42 3 0 3 3 0 8 0
dino2pl 256 9699 0 8181 96 0 96 96 0 8 0
ffsino 288 9699 0 8181 110 0 110 110 0 8 0
nchpl 144 15418 0 13707 65 1 64 64 0 8 0
rtmask 32 18 0 18 7 7 0 1 0 8 0
uvmvnodes 80 4041 0 0 83 0 83 83 0 8 0
vnodes 216 4041 0 0 225 0 225 225 0 8 0
namei 1024 59702 0 59701 3 2 1 2 0 8 0
percpumem 16 231 0 181 1 0 1 1 0 8 0
kstatmem 264 274 0 244 3 0 3 3 0 8 0
scsiplug 72 11 0 11 7 6 1 1 0 8 1
scxspl 216 46985 0 46985 17 16 1 8 1 8 1
plimitpl 152 1108 0 1091 1 0 1 1 0 8 0
sigapl 424 4501 0 4430 12 3 9 9 0 8 0
knotepl 120 646 0 0 18 0 18 18 0 8 0
kqueuepl 224 1578 0 1568 15 14 1 5 0 8 0
pipepl 336 792 0 764 18 12 6 8 0 8 3
fdescpl 520 4431 0 4399 3 0 3 3 0 8 0
filepl 160 35579 0 35356 45 31 14 19 0 8 0
lockfpl 104 1625 0 1623 5 4 1 2 0 8 0
lockfspl 48 530 0 528 1 0 1 1 0 8 0
sessionpl 144 33 0 24 1 0 1 1 0 8 0
pgrppl 48 232 0 215 1 0 1 1 0 8 0
ucredpl 104 6638 0 6624 1 0 1 1 0 8 0
zombiepl 144 5475 0 5473 3 2 1 1 0 8 0
processpl 1240 4501 0 4430 7 1 6 6 0 8 0
procpl 656 11164 0 11090 10 2 8 8 0 8 0
srpgc 96 21 0 21 7 6 1 1 0 8 1
sosppl 168 63 0 63 8 8 0 1 0 8 0
sockpl 728 8355 0 8322 65 56 9 16 0 8 6
mcl64k 65536 6 0 0 1 0 1 1 0 8 0
mcl16k 16384 5 0 0 1 0 1 1 0 8 0
mcl12k 12288 2 0 0 1 0 1 1 0 8 0
mcl9k 9216 3 0 0 1 0 1 1 0 8 0
mcl8k 8192 5 0 0 1 0 1 1 0 8 0
mcl4k 4096 119 0 0 15 0 15 15 0 8 0
mcl2k 2048 46 0 0 5 0 5 5 0 8 0
mtagpl 96 21 0 0 1 0 1 1 0 8 0
mbufpl 256 1249 0 0 73 0 73 73 0 8 0
bufpl 280 14659 0 8517 439 0 439 439 0 8 0
anonpl 32 18057 0 0 145 0 145 145 0 246 0
amapchunkpl 152 134638 0 134054 80 46 34 40 0 158 6
amappl16 200 9329 0 9005 51 22 29 30 0 8 0
amappl15 192 3 0 3 2 2 0 1 0 8 0
amappl14 184 132 0 120 1 0 1 1 0 8 0
amappl13 176 7 0 7 2 2 0 1 0 8 0
amappl12 168 5186 0 5154 4 2 2 3 0 8 0
amappl11 160 52 0 38 1 0 1 1 0 8 0
amappl10 152 6 0 6 1 1 0 1 0 8 0
amappl9 144 246 0 246 1 1 0 1 0 8 0
amappl8 136 27 0 24 1 0 1 1 0 8 0
amappl7 128 127 0 114 1 0 1 1 0 8 0
amappl6 120 258 0 253 1 0 1 1 0 8 0
amappl5 112 157 0 145 1 0 1 1 0 8 0
amappl4 104 349 0 327 1 0 1 1 0 8 0
amappl3 96 28147 0 28048 4 0 4 4 0 8 0
amappl2 88 775 0 709 2 0 2 2 0 8 0
amappl1 80 25864 0 25268 17 3 14 15 0 8 0
amappl 88 37554 0 37392 5 0 5 5 0 92 0
dma16384 16384 1 0 1 1 1 0 1 0 8 0
dma8192 8192 1 0 1 1 1 0 1 0 8 0
dma4096 4096 2 0 2 2 2 0 1 0 8 0
dma2048 2048 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma512 512 1 0 1 1 1 0 1 0 8 0
dma256 256 7 0 7 2 2 0 1 0 8 0
dma128 128 256 0 256 4 4 0 1 0 8 0
dma64 64 9 0 9 4 3 1 1 0 8 1
dma32 32 8 0 8 2 2 0 1 0 8 0
dma16 16 19 0 18 1 0 1 1 0 8 0
aobjpl 72 170 0 18 3 0 3 3 0 8 0
uaddrrnd 24 4431 0 4399 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 4431 0 4399 1 0 1 1 0 8 0
vmmpekpl 168 32908 0 32853 3 0 3 3 0 8 0
vmmpepl 168 273491 0 271207 134 21 113 116 0 357 1
vmsppl 480 4430 0 4399 6 1 5 5 0 8 0
rwobjpl 72 66409 0 60996 108 4 104 104 0 8 0
pdppl 4096 8870 0 8798 160 86 74 88 0 8 2
pvpl 32 26513 0 0 214 0 214 214 0 265 0
pmappl 256 4430 0 4399 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 579 0 154 13 0 13 13 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff837e5ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83a08e00) at __mp_lock+0x199 __mp_lock_spin sys/kern/kern_lock.c:129 [inline]
__mp_lock(ffffffff83a08e00) at __mp_lock+0x199 sys/kern/kern_lock.c:160
softintr_dispatch(2) at softintr_dispatch+0x12a sys/kern/kern_softintr.c:83
dosoftint(2) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:840
Xsofttty() at Xsofttty+0x27
__mp_lock(ffffffff83a08e00) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:129 [inline]
__mp_lock(ffffffff83a08e00) at __mp_lock+0x192 sys/kern/kern_lock.c:160
softintr_dispatch(0) at softintr_dispatch+0x12a sys/kern/kern_softintr.c:83
dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:840
Xsoftclock() at Xsoftclock+0x27
end of kernel
end trace frame: 0x78f4f9d93460, count: 4
ddb{0}> trace
x86_ipi_db(ffffffff837e5ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83a08e00) at __mp_lock+0x199 __mp_lock_spin sys/kern/kern_lock.c:129 [inline]
__mp_lock(ffffffff83a08e00) at __mp_lock+0x199 sys/kern/kern_lock.c:160
softintr_dispatch(2) at softintr_dispatch+0x12a sys/kern/kern_softintr.c:83
dosoftint(2) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:840
Xsofttty() at Xsofttty+0x27
__mp_lock(ffffffff83a08e00) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:129 [inline]
__mp_lock(ffffffff83a08e00) at __mp_lock+0x192 sys/kern/kern_lock.c:160
softintr_dispatch(0) at softintr_dispatch+0x12a sys/kern/kern_softintr.c:83
dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:840
Xsoftclock() at Xsoftclock+0x27
end of kernel
end trace frame: 0x78f4f9d93460, count: -11
ddb{0}> machine ddbcpu 1
Stopped at proc_trampoline+0xc7: movl $0,%gs:0x688
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x712786f70140, count: 14
ddb{1}> trace
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x712786f70140, count: -1