uvm_fault(0xffffffff838cfcb0, 0xffff800024f12004, 0, 1) -> d
fatal page fault in supervisor mode
trap type 6 code 0 rip ffffffff821f9801 cs 8 rflags 10202 cr2 ffff800024f12004 cpl 0 rsp ffff80002a3de380
gsbase 0xffff800029a9bff0 kgsbase 0x0
panic: trap type 6, code=0, pc=ffffffff821f9801
Starting stack trace...
panic(ffffffff8330fc74) at panic+0x1d0 sys/kern/subr_prf.c:229
kerntrap(ffff80002a3de2d0) at kerntrap+0x29b sys/arch/amd64/amd64/trap.c:327
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
ufs_lookup() at ufs_lookup+0x5e1 sys/ufs/ufs/ufs_lookup.c:279
VOP_LOOKUP(fffffd806d0de2b0,ffff80002a3de678,ffff80002a3de6a8) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
vfs_lookup(ffff80002a3de648) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566
namei(ffff80002a3de648) at namei+0x7aa sys/kern/vfs_lookup.c:250
dounlinkat(ffff80002a38ea60,ffffff9c,7201efa71d20,8) at dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1851
syscall(ffff80002a3de820) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a3de820) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7201efa71d10, count: 247
End of stack trace.
WARNING: SPL NOT LOWERED ON TRAP EXIT 4 0
Stopped at proc_trampoline+0xc7: movl $0,%gs:0x680
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*505396 54232 0 0 0 1 syz-executor
386570 34217 0 0x14000 0x200 0 softclockmp
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x7cc1dd585ae0, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: uvm_fault(0xffffffff838cfcb0, 0xffff800024f12004, 0, 1) -> d
ddb{1}> trace
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x7cc1dd585ae0, count: -1
ddb{1}> show registers
rdi 0
rsi 0
rbp 0xffff80002a47ac50
rbx 0
rdx 0
rcx 0xffff8000ffff6550
rax 0x2a
r8 0xffff80002a47ab80
r9 0x1
r10 0x38c6f21f9c96b766
r11 0xc6707fe5798140bb
r12 0
r13 0
r14 0
r15 0
rip 0xffffffff832034c7 proc_trampoline+0xc7
cs 0x8
rflags 0x246
rsp 0xffff80002a47abd0
ss 0x10
proc_trampoline+0xc7: movl $0,%gs:0x680
ddb{1}> show proc
PROC (syz-executor) tid=505396 pid=54232 tcnt=1 stat=onproc
flags process=0 proc=0
runpri=86, usrpri=86, slppri=17, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000ffff6a70,0xffffffff838a0238
process=0xffff80002f89f910 user=0xffff80002a475000, vmspace=0xfffffd805e79d1f8
estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*54232 505396 27857 0 7 0 syz-executor
60843 454552 93136 0 2 0 syz-executor
60843 474128 93136 0 3 0x4000080 fsleep syz-executor
28507 91121 25797 0 2 0 syz-executor
28507 290416 25797 0 3 0x4000080 fsleep syz-executor
37222 51380 35385 0 2 0x480 syz-executor
37222 233947 35385 0 3 0x4000080 netcon syz-executor
17348 378953 37843 0 2 0x480 syz-executor
17348 204855 37843 0 3 0x4000080 netcon syz-executor
17348 321447 37843 0 3 0x4000080 fsleep syz-executor
34478 454324 1 0 2 0x100083 getty
27857 196637 49665 0 2 0x482 syz-executor
37843 139959 49665 0 2 0x482 syz-executor
70004 309581 49665 0 3 0x2 sbar syz-executor
78984 25446 0 0 3 0x14200 bored sosplice
97542 293526 0 0 3 0x14280 nfsidl nfsio
92950 178769 0 0 3 0x14280 nfsidl nfsio
68281 24570 0 0 3 0x14280 nfsidl nfsio
75548 502589 0 0 3 0x14280 nfsidl nfsio
18141 390790 0 0 3 0x14280 nfsidl nfsio
85783 2668 0 0 3 0x14280 nfsidl nfsio
64244 129966 0 0 3 0x14280 nfsidl nfsio
50512 147001 0 0 3 0x14280 nfsidl nfsio
1069 63130 0 0 3 0x14280 nfsidl nfsio
33589 17202 0 0 3 0x14280 nfsidl nfsio
76813 493913 0 0 3 0x14280 nfsidl nfsio
98209 112245 0 0 3 0x14280 nfsidl nfsio
86606 352622 0 0 3 0x14280 nfsidl nfsio
51771 61163 0 0 3 0x14280 nfsidl nfsio
63197 17576 0 0 3 0x14280 nfsidl nfsio
20571 336000 0 0 3 0x14280 nfsidl nfsio
46543 350917 0 0 3 0x14280 nfsidl nfsio
41856 478720 0 0 3 0x14280 nfsidl nfsio
26326 260918 0 0 3 0x14280 nfsidl nfsio
60435 5561 0 0 3 0x14280 nfsidl nfsio
25797 151481 49665 0 2 0x482 syz-executor
35385 198643 49665 0 2 0x482 syz-executor
93136 375064 49665 0 2 0x482 syz-executor
49665 281147 47172 0 3 0x82 wait syz-executor
47172 80332 67321 0 3 0x10008a sigsusp ksh
67321 160996 88570 0 3 0x98 kqread sshd-session
88570 391844 93042 0 3 0x92 kqread sshd-session
93042 29956 1 0 3 0x88 kqread sshd
25919 242163 85837 74 3 0x1100092 bpf pflogd
85837 237105 1 0 3 0x80 sbwait pflogd
3082 423807 42914 73 3 0x1100090 kqread syslogd
42914 233322 1 0 3 0x100082 sbwait syslogd
4607 477272 1 0 3 0x100080 kqread resolvd
98867 20304 33099 77 3 0x100092 kqread dhcpleased
1430 478952 33099 77 3 0x100092 kqread dhcpleased
33099 125089 1 0 3 0x80 kqread dhcpleased
53370 278548 0 0 2 0x14200 smr
79542 233325 0 0 2 0x14200 zerothread
12129 256930 0 0 3 0x14200 aiodoned aiodoned
14344 121680 0 0 3 0x14200 syncer update
63030 132918 0 0 3 0x14200 cleaner cleaner
70069 348981 0 0 3 0x14200 reaper reaper
65211 489914 0 0 3 0x14200 pgdaemon pagedaemon
93411 473964 0 0 3 0x14200 bored viomb
27586 189661 0 0 3 0x40014200 acpi0 acpi0
81764 185602 0 0 3 0x40014200 idle1
21455 12854 0 0 3 0x14200 bored softnet3
60181 164382 0 0 3 0x14200 bored softnet2
60432 97266 0 0 3 0x14200 bored softnet1
4909 25686 0 0 2 0x14200 softnet0
367 20335 0 0 2 0x14200 systqmp
43135 118837 0 0 3 0x14200 bored systq
34217 386570 0 0 7 0x14200 softclockmp
37465 239729 0 0 3 0x40014200 tmoslp softclock
2066 392115 0 0 3 0x40014200 idle0
1 439746 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 28507 (syz-executor) thread 0xffff80002a38f9c0 (91121)
Process 70004 (syz-executor) thread 0xffff80002a38ea60 (309581)
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10206 11103K 11559K 166960K 14513 0
pcb 17 12K 12K 166960K 382 0
rtable 116 9K 12K 166960K 774 0
pf 39 19K 23K 166960K 312 0
ifaddr 23 3K 7K 166960K 174 0
ifgroup 47 2K 2K 166960K 292 0
sysctl 4 1K 1K 166960K 7 0
counters 60 35K 37K 166960K 262 0
ioctlops 0 0K 4K 166960K 1713 0
iov 0 0K 20K 166960K 129 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1323 83K 84K 166960K 3168 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 16K 20K 166960K 44 0
VM map 2 1K 1K 166960K 2 0
sem 23 20K 21K 166960K 51 0
dirhash 12 2K 3K 166960K 90 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 15 53K 236K 166960K 5781 0
sigio 0 0K 0K 166960K 61 0
proc 74 91K 140K 166960K 890 0
subproc 72 4K 4K 166960K 110 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 321 0
in_multi 30 2K 7K 166960K 339 0
ether_multi 1 0K 0K 166960K 36 0
mrt 1 0K 0K 166960K 16 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 103 466K 466K 166960K 103 0
exec 0 0K 1K 166960K 677 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 4K 166960K 6 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 199 72K 86K 166960K 50674 0
UVM aobj 59 10K 10K 166960K 68 0
pinsyscall 40 80K 104K 166960K 7113 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 195 0
NDP 10 0K 2K 166960K 121 0
temp 75 8644K 8892K 166960K 88701 0
kqueue 13 20K 27K 166960K 459 0
SYN cache 2 10K 18K 166960K 3 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 180 0 177 1 0 1 1 0 8 0
rtentry 112 231 0 196 4 2 2 4 0 8 0
unpcb 144 1165 0 1148 2 0 2 2 0 8 1
syncache 336 27 0 27 2 2 0 1 0 8 0
tcpqe 32 2 0 2 1 1 0 1 0 8 0
tcpcb 808 654 0 644 2 0 2 2 0 8 1
arp 120 34 0 27 1 0 1 1 0 8 0
inpcb 376 2237 0 2223 6 3 3 3 0 8 1
nd6 136 45 0 38 1 0 1 1 0 8 0
pkpcb 40 15 0 15 5 4 1 1 0 8 1
kcovpl 48 12 0 4 1 0 1 1 0 8 0
ppxss 1168 67 0 67 2 1 1 1 0 8 1
pppxif 1472 15 0 15 3 2 1 1 0 8 1
pfstscr 40 2 0 2 1 1 0 1 0 8 0
pffrag 232 20 0 17 1 0 1 1 0 482 0
pffrnode 88 16 0 13 1 0 1 1 0 8 0
pffrent 40 40 0 37 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 13 0 8 1 0 1 1 0 8 0
pfanchor 1288 4 0 2 1 0 1 1 0 8 0
pftag 88 6 0 2 1 0 1 1 0 8 0
pfstitem 24 271 0 81 2 0 2 2 0 8 0
pfstkey 128 273 0 80 7 0 7 7 0 8 0
pfstate 376 270 0 81 19 0 19 19 0 8 0
pfrule 1344 57 0 40 3 1 2 2 0 8 0
art_heap8 4096 4 0 1 4 1 3 4 0 8 0
art_heap4 256 1084 0 956 34 21 13 31 0 8 3
art_table 32 1088 0 957 4 1 3 4 0 8 0
art_node 16 222 0 195 1 0 1 1 0 8 0
sysvmsgpl 40 26 0 14 1 0 1 1 0 8 0
semupl 112 7 0 7 4 4 0 1 0 8 0
semapl 112 46 0 25 1 0 1 1 0 8 0
shmpl 112 65 0 9 2 0 2 2 0 8 0
dirhash 1024 71 0 54 3 0 3 3 0 8 0
dino2pl 256 9299 0 7799 95 0 95 95 0 8 0
ffsino 280 9299 0 7799 108 0 108 108 0 8 0
nchpl 144 15772 0 15216 63 39 24 63 0 8 0
rtmask 32 4 0 4 2 2 0 1 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 39721 0 39720 5 4 1 3 0 8 0
percpumem 16 145 0 101 1 0 1 1 0 8 0
pfiaddrpl 120 4 0 2 1 0 1 1 0 8 0
kstatmem 264 172 0 152 4 2 2 3 0 8 0
acpiwqpl 32 1 0 1 1 0 1 1 1 8 1
scsiplug 72 18 0 18 4 3 1 1 0 8 1
scxspl 216 51414 0 51414 15 14 1 8 1 8 1
plimitpl 152 315 0 298 1 0 1 1 0 8 0
sigapl 424 6127 0 6059 9 0 9 9 0 8 0
futexpl 64 30243 0 30240 4 3 1 1 0 8 0
knotepl 120 593 0 0 17 0 17 17 0 8 0
kqueuepl 216 615 0 605 1 0 1 1 0 8 0
pipepl 328 289 0 261 3 0 3 3 0 8 0
fdescpl 504 6077 0 6048 8 3 5 6 0 8 0
filepl 152 16393 0 16177 10 0 10 10 0 8 0
lockfpl 104 782 0 779 1 0 1 1 0 8 0
lockfspl 48 318 0 315 1 0 1 1 0 8 0
sessionpl 144 51 0 42 1 0 1 1 0 8 0
pgrppl 48 83 0 66 1 0 1 1 0 8 0
ucredpl 104 2522 0 2508 1 0 1 1 0 8 0
zombiepl 144 6068 0 6066 4 3 1 1 0 8 0
processpl 1168 6127 0 6059 6 0 6 6 0 8 0
procpl 656 12259 0 12186 8 0 8 8 0 8 0
srpgc 96 21 0 21 4 3 1 1 0 8 1
sosppl 168 64 0 64 1 0 1 1 0 8 1
sockpl 688 3617 0 3584 7 2 5 5 0 8 1
mcl64k 65536 21 0 0 3 0 3 3 0 8 0
mcl16k 16384 18 0 0 3 0 3 3 0 8 0
mcl12k 12288 18 0 0 2 0 2 2 0 8 0
mcl9k 9216 17 0 0 2 0 2 2 0 8 0
mcl8k 8192 25 0 0 3 0 3 3 0 8 0
mcl4k 4096 113 0 0 15 0 15 15 0 8 0
mcl2k2 2112 4 0 0 1 0 1 1 0 8 0
mcl2k 2048 26 0 0 4 0 4 4 0 8 0
mtagpl 96 29 0 0 1 0 1 1 0 8 0
mbufpl 256 1212 0 0 76 0 76 76 0 8 0
bufpl 280 14851 0 8697 440 0 440 440 0 8 0
anonpl 24 614934 0 611711 112 65 47 47 0 184 12
amapchunkpl 152 164853 0 164458 50 27 23 27 0 158 2
amappl16 200 11207 0 11171 61 47 14 15 0 8 8
amappl15 192 6 0 6 1 1 0 1 0 8 0
amappl14 184 179 0 165 1 0 1 1 0 8 0
amappl13 176 7 0 6 1 0 1 1 0 8 0
amappl12 168 6829 0 6800 3 1 2 2 0 8 0
amappl11 160 55 0 41 1 0 1 1 0 8 0
amappl10 152 2 0 2 1 1 0 1 0 8 0
amappl9 144 244 0 244 1 1 0 1 0 8 0
amappl8 136 26 0 23 1 0 1 1 0 8 0
amappl7 128 171 0 159 1 0 1 1 0 8 0
amappl6 120 245 0 242 1 0 1 1 0 8 0
amappl5 112 144 0 135 1 0 1 1 0 8 0
amappl4 104 437 0 417 1 0 1 1 0 8 0
amappl3 96 36802 0 36710 4 0 4 4 0 8 0
amappl2 88 955 0 895 2 0 2 2 0 8 0
amappl1 80 30975 0 30402 18 2 16 16 0 8 0
amappl 88 50010 0 49867 5 0 5 5 0 92 0
dma65536 65536 1 0 1 1 1 0 1 0 8 0
dma32768 32768 2 0 2 2 2 0 1 0 8 0
dma16384 16384 1 0 1 1 1 0 1 0 8 0
dma8192 8192 1 0 1 1 1 0 1 0 8 0
dma4096 4096 5 0 5 4 4 0 1 0 8 0
dma2048 2048 1 0 1 1 1 0 1 0 8 0
dma1024 1024 2 0 1 1 0 1 1 0 8 0
dma512 512 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 260 0 260 4 4 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 8 0 8 2 2 0 1 0 8 0
dma16 16 21 0 20 1 0 1 1 0 8 0
aobjpl 72 67 0 9 2 0 2 2 0 8 0
uaddrrnd 24 6078 0 6049 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 6078 0 6049 1 0 1 1 0 8 0
vmmpekpl 168 39045 0 38992 3 0 3 3 0 8 0
vmmpepl 168 351165 0 349407 140 43 97 101 0 357 7
vmsppl 456 6077 0 6049 7 2 5 5 0 8 0
rwobjpl 64 83397 0 76506 124 7 117 117 0 8 1
pdppl 4096 12163 0 12098 165 94 71 87 0 8 6
pvpl 32 16360 0 0 132 1 131 131 0 265 0
pmappl 248 6077 0 6049 4 1 3 3 0 8 0
extentpl 40 55 0 38 1 0 1 1 0 8 0
phpool 112 443 0 138 10 0 10 10 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff83851ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff8398e688) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff8398e688) at __mp_lock+0x192 sys/kern/kern_lock.c:144
softintr_dispatch(0) at softintr_dispatch+0x5b sys/arch/amd64/amd64/softintr.c:88
Xsoftclock() at Xsoftclock+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf sys/dev/kcov.c:149
softclock_thread_mp(ffff8000ffffea40) at softclock_thread_mp+0xaf sys/kern/kern_timeout.c:830
end trace frame: 0x0, count: 7
ddb{0}> trace
x86_ipi_db(ffffffff83851ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff8398e688) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff8398e688) at __mp_lock+0x192 sys/kern/kern_lock.c:144
softintr_dispatch(0) at softintr_dispatch+0x5b sys/arch/amd64/amd64/softintr.c:88
Xsoftclock() at Xsoftclock+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf sys/dev/kcov.c:149
softclock_thread_mp(ffff8000ffffea40) at softclock_thread_mp+0xaf sys/kern/kern_timeout.c:830
end trace frame: 0x0, count: -8
ddb{0}> machine ddbcpu 1
Stopped at proc_trampoline+0xc7: movl $0,%gs:0x680
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x7cc1dd585ae0, count: 14
ddb{1}> trace
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x7cc1dd585ae0, count: -1