uvm_fault(0xfffffd80683fb3e0, 0x0, 0, 1) -> e
fatal page fault in supervisor mode
trap type 6 code 0 rip ffffffff8212c730 cs 8 rflags 10207 cr2 0 cpl 0 rsp ffff80003c4439c0
gsbase 0xffff8000299ddff0 kgsbase 0x0
panic: trap type 6, code=0, pc=ffffffff8212c730
Starting stack trace...
panic(ffffffff8333b44f) at panic+0x1d0 sys/kern/subr_prf.c:229
kerntrap(ffff80003c443910) at kerntrap+0x29b sys/arch/amd64/amd64/trap.c:327
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
dt_ioctl_record_stop(ffff80000148f000) at dt_ioctl_record_stop+0xf0 sys/dev/dt/dt_dev.c:580
dtclose(11e5f,81,2000,ffff80002a33b750) at dtclose+0x105 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(11e5f,81,2000,ffff80002a33b750) at dtclose+0x105 sys/dev/dt/dt_dev.c:232
spec_close(ffff80003c443ac0) at spec_close+0x45f sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd805ad57458,81,fffffd80097fb340,ffff80002a33b750) at VOP_CLOSE+0x133 sys/kern/vfs_vops.c:156
vn_closefile(fffffd806cac6d38,ffff80002a33b750) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd806cac6d38,ffff80002a33b750) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd806cac6d38,ffff80002a33b750) at fdrop+0x126 sys/kern/kern_descrip.c:1267
closef(fffffd806cac6d38,ffff80002a33b750) at closef+0x192 sys/kern/kern_descrip.c:1251
fdfree(ffff80002a33b750) at fdfree+0x116 sys/kern/kern_descrip.c:1182
exit1(ffff80002a33b750,b,0,1) at exit1+0x59c sys/kern/kern_exit.c:215
sys_exit(ffff80002a33b750,ffff80003c443e30,ffff80003c443d80) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80003c443e30) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c443e30) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7caa2bef87f0, count: 242
End of stack trace.
WARNING: SPL NOT LOWERED ON SYSCALL 83 769047920 EXIT 0 4
Stopped at savectx+0xae: movl $0,%gs:0x688
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*131662 47052 0 0 0 1 syz-executor
29123 11997 0 0x14000 0x200 0 reaper
savectx() at savectx+0xae
end of kernel
end trace frame: 0x702a6ed1e3b0, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: uvm_fault(0xfffffd80683fb3e0, 0x0, 0, 1) -> e
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x702a6ed1e3b0, count: -1
ddb{1}> show registers
rdi 0
rsi 0
rbp 0xffff80002f7dfd50
rbx 0
rdx 0
rcx 0xffff80003c43c028
rax 0x3a
r8 0xffff80002f7dfc80
r9 0x1
r10 0xb9472eb3ae0615af
r11 0xbcb9cb4100c91332
r12 0
r13 0
r14 0xffff80003c43c028
r15 0
rip 0xffffffff8152a3ee savectx+0xae
cs 0x8
rflags 0x46
rsp 0xffff80002f7dfcd0
ss 0x10
savectx+0xae: movl $0,%gs:0x688
ddb{1}> show proc
PROC (syz-executor) tid=131662 pid=47052 tcnt=3 stat=onproc
flags process=0 proc=0
runpri=86, usrpri=84, slppri=17, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003c43d9c8,0xffff80003c43d748
process=0xffff80002a3966d8 user=0xffff80002f7da000, vmspace=0xfffffd80683fb980
estcpu=34, cpticks=1, pctcpu=0.3, user=3, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
19875 78137 17268 0 2 0 syz-executor
19875 260039 17268 0 3 0x4000080 fsleep syz-executor
*47052 131662 4764 0 7 0 syz-executor
47052 496030 4764 0 3 0x4000080 fsleep syz-executor
47052 274967 4764 0 2 0x4000000 syz-executor
27878 431271 94945 0 2 0x1 syz-executor
27878 121351 94945 0 2 0x4000000 syz-executor
35357 448525 93527 0 2 0 syz-executor
35357 39689 93527 0 3 0x4000080 fsleep syz-executor
35357 445906 93527 0 3 0x4000080 fsleep syz-executor
66442 257559 19764 0 2 0 syz-executor
66442 216674 19764 0 3 0x4000080 fsleep syz-executor
66442 253006 19764 0 3 0x4000080 fsleep syz-executor
20431 495951 66199 0 2 0 syz-executor
20431 518775 66199 0 3 0x4000080 fsleep syz-executor
20431 340264 66199 0 3 0x4000080 fsleep syz-executor
44911 235425 0 0 3 0x14200 acct acct
4764 512485 56364 0 3 0x82 nanoslp syz-executor
50707 228496 56364 0 3 0x82 nanoslp syz-executor
50478 303253 0 0 3 0x14200 bored sosplice
66199 275625 56364 0 3 0x82 nanoslp syz-executor
93527 233624 56364 0 3 0x82 nanoslp syz-executor
31035 156499 56364 0 2 0x2 syz-executor
19764 449525 56364 0 3 0x82 nanoslp syz-executor
94945 130333 56364 0 3 0x82 nanoslp syz-executor
17268 323120 56364 0 3 0x82 nanoslp syz-executor
56364 256452 79880 0 3 0x82 kqread syz-executor
79880 98625 22938 0 3 0x10008a sigsusp ksh
22938 52787 53324 0 3 0x98 kqread sshd-session
53324 507551 94356 0 3 0x92 kqread sshd-session
38096 330604 1 0 3 0x100083 ttyin getty
94356 498586 1 0 3 0x88 kqread sshd
95766 70730 39157 74 3 0x1100092 bpf pflogd
39157 35501 1 0 3 0x80 sbwait pflogd
32358 98668 30673 73 3 0x1100090 kqread syslogd
30673 172814 1 0 3 0x100082 sbwait syslogd
76436 460400 1 0 3 0x100080 kqread resolvd
75205 274774 81425 77 3 0x100092 kqread dhcpleased
90457 160367 81425 77 3 0x100092 kqread dhcpleased
81425 4659 1 0 3 0x80 kqread dhcpleased
69718 305140 0 0 3 0x14200 bored smr
21032 9665 0 0 2 0x14200 zerothread
62404 456647 0 0 3 0x14200 aiodoned aiodoned
18860 337214 0 0 3 0x14200 syncer update
13333 372034 0 0 3 0x14200 cleaner cleaner
11997 29123 0 0 7 0x14200 reaper
12165 142984 0 0 3 0x14200 pgdaemon pagedaemon
87018 116222 0 0 3 0x14200 bored viomb
61104 409739 0 0 3 0x40014200 acpi0 acpi0
73255 187852 0 0 3 0x40014200 idle1
96558 484163 0 0 3 0x14200 bored softnet3
38422 97313 0 0 3 0x14200 bored softnet2
27268 409623 0 0 3 0x14200 bored softnet1
80432 342286 0 0 3 0x14200 bored softnet0
28678 328002 0 0 2 0x40014200 systqmp
2186 432001 0 0 3 0x14200 bored systq
6819 474121 0 0 3 0x14200 tmoslp softclockmp
75924 226369 0 0 3 0x40014200 tmoslp softclock
33687 17132 0 0 3 0x40014200 idle0
1 248668 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{1}> show all locks
CPU 0:
exclusive mutex &sched_lock r = 0 (0xffffffff83951ac8)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1160
#1 mtx_enter_try+0x1ad sys/kern/kern_lock.c:296
#2 mtx_enter+0x62 sys/kern/kern_lock.c:253
#3 wakeup_n+0x54 sys/kern/kern_synch.c:579
#4 uvm_pmr_freepageq+0x40d sys/uvm/uvm_pmemrange.c:1390
#5 km_free+0x36f sys/uvm/uvm_km.c:827
#6 uvm_uarea_free+0x4f sys/uvm/uvm_glue.c:285
#7 reaper+0x1cb sys/kern/kern_exit.c:493
#8 proc_trampoline+0x10
exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff839b5618)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1160
#1 mtx_enter_try+0x1ad sys/kern/kern_lock.c:296
#2 mtx_enter+0x62 sys/kern/kern_lock.c:253
#3 uvm_pmr_freepageq+0x15c sys/uvm/uvm_pmemrange.c:1371
#4 km_free+0x36f sys/uvm/uvm_km.c:827
#5 uvm_uarea_free+0x4f sys/uvm/uvm_glue.c:285
#6 reaper+0x1cb sys/kern/kern_exit.c:493
#7 proc_trampoline+0x10
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10226 11137K 11504K 166960K 13331 0
pcb 19 16K 18K 166960K 369 0
rtable 184 8K 9K 166960K 727 0
pf 39 18K 20K 166960K 140 0
ifaddr 37 6K 7K 166960K 103 0
ifgroup 66 2K 3K 166960K 177 0
sysctl 3 1K 9K 166960K 25 0
counters 72 37K 38K 166960K 176 0
ioctlops 0 0K 4K 166960K 1731 0
iov 0 0K 16K 166960K 64 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1396 88K 88K 166960K 2801 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 33 0
VM map 2 1K 1K 166960K 2 0
sem 24 28K 28K 166960K 55 0
dirhash 12 2K 2K 166960K 51 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 89K 166960K 1533 0
sigio 2 0K 0K 166960K 23 0
proc 72 91K 140K 166960K 737 0
subproc 72 4K 4K 166960K 90 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 169 0
in_multi 74 5K 7K 166960K 165 0
ether_multi 1 0K 0K 166960K 18 0
mrt 2 0K 0K 166960K 8 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 79 360K 360K 166960K 79 0
exec 0 0K 1K 166960K 555 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 250 168K 184K 166960K 15907 0
UVM aobj 131 7K 7K 166960K 136 0
pinsyscall 43 86K 100K 166960K 2693 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 78 0
NDP 14 0K 2K 166960K 68 0
temp 136 8695K 8821K 166960K 56243 0
kqueue 13 20K 30K 166960K 294 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 161 0 158 2 1 1 2 0 8 0
rtentry 176 226 0 149 6 0 6 6 0 8 0
unpcb 144 1044 0 1025 7 4 3 4 0 8 2
syncache 336 5 0 5 2 2 0 1 0 8 0
tcpcb 808 466 0 461 15 8 7 8 0 8 6
arp 128 27 0 15 1 0 1 1 0 8 0
inpcb 384 1861 0 1851 29 21 8 15 0 8 7
nd6 144 36 0 13 1 0 1 1 0 8 0
pkpcb 40 24 0 24 4 3 1 1 0 8 1
kcovpl 48 10 0 2 1 0 1 1 0 8 0
ppxss 1192 36 0 36 3 2 1 1 0 8 1
pppxif 1504 10 0 10 4 4 0 1 0 8 0
pffrag 232 5 0 1 1 0 1 1 0 482 0
pffrnode 88 4 0 0 1 0 1 1 0 8 0
pffrent 40 8 0 4 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 108 0 42 1 0 1 1 0 8 0
pfstkey 128 108 0 42 3 0 3 3 0 8 0
pfstate 384 108 0 42 7 0 7 7 0 8 0
pfrule 1344 21 0 15 2 0 2 2 0 8 0
rttmr 136 1 0 1 1 1 0 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 662 0 280 32 5 27 29 0 8 2
art_table 32 664 0 280 4 0 4 4 0 8 0
art_node 16 160 0 92 1 0 1 1 0 8 0
sysvmsgpl 40 22 0 15 1 0 1 1 0 8 0
semapl 112 48 0 26 1 0 1 1 0 8 0
shmpl 112 133 0 5 4 0 4 4 0 8 0
dirhash 1024 43 0 26 3 0 3 3 0 8 0
dino2pl 256 4290 0 2784 95 0 95 95 0 8 0
ffsino 288 4290 0 2784 109 0 109 109 0 8 0
nchpl 144 6493 0 5957 63 39 24 63 0 8 0
rtmask 32 4 0 4 2 2 0 1 0 8 0
uvmvnodes 80 5227 0 0 107 0 107 107 0 8 0
vnodes 216 5227 0 0 291 0 291 291 0 8 0
namei 1024 24514 0 24514 4 3 1 3 0 8 1
percpumem 16 103 0 52 1 0 1 1 0 8 0
kstatmem 264 102 0 68 3 0 3 3 0 8 0
acpiwqpl 32 1 0 1 1 0 1 1 1 8 1
scsiplug 72 4 0 4 3 3 0 1 0 8 0
scxspl 216 18692 0 18692 9 8 1 8 1 8 1
plimitpl 152 200 0 182 1 0 1 1 0 8 0
sigapl 424 1861 0 1809 9 2 7 9 0 8 0
knotepl 120 853 0 0 25 0 25 25 0 8 0
kqueuepl 224 613 0 604 10 9 1 5 0 8 0
pipepl 336 295 0 268 8 0 8 8 0 8 5
fdescpl 520 1817 0 1785 3 0 3 3 0 8 0
filepl 160 11451 0 11235 26 8 18 18 0 8 7
lockfpl 104 367 0 365 1 0 1 1 0 8 0
lockfspl 48 161 0 159 1 0 1 1 0 8 0
sessionpl 144 26 0 17 1 0 1 1 0 8 0
pgrppl 48 61 0 43 1 0 1 1 0 8 0
ucredpl 104 1847 0 1833 1 0 1 1 0 8 0
zombiepl 144 2638 0 2637 1 0 1 1 0 8 0
processpl 1240 1861 0 1809 6 1 5 6 0 8 0
procpl 656 4378 0 4316 9 3 6 8 0 8 0
srpgc 96 6 0 6 2 1 1 1 0 8 1
sosppl 168 17 0 17 3 3 0 1 0 8 0
sockpl 728 3120 0 3088 30 20 10 16 0 8 7
mcl64k 65536 5 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 123 0 0 16 0 16 16 0 8 0
mcl2k 2048 158 0 0 20 0 20 20 0 8 0
mtagpl 96 167 0 0 5 0 5 5 0 8 0
mbufpl 256 1247 0 0 78 0 78 78 0 8 0
bufpl 280 5894 0 133 412 0 412 412 0 8 0
anonpl 32 8401 0 0 68 0 68 68 0 246 0
amapchunkpl 152 53765 0 53210 45 16 29 29 0 158 7
amappl16 200 4122 0 4082 33 30 3 15 0 8 0
amappl15 192 6 0 6 1 1 0 1 0 8 0
amappl14 184 123 0 111 1 0 1 1 0 8 0
amappl13 176 10 0 9 1 0 1 1 0 8 0
amappl12 168 2498 0 2467 3 1 2 2 0 8 0
amappl11 160 52 0 38 1 0 1 1 0 8 0
amappl10 152 6 0 6 1 1 0 1 0 8 0
amappl9 144 252 0 252 1 1 0 1 0 8 0
amappl8 136 28 0 25 1 0 1 1 0 8 0
amappl7 128 119 0 106 1 0 1 1 0 8 0
amappl6 120 211 0 207 1 0 1 1 0 8 0
amappl5 112 144 0 134 1 0 1 1 0 8 0
amappl4 104 348 0 326 1 0 1 1 0 8 0
amappl3 96 10959 0 10842 6 2 4 4 0 8 0
amappl2 88 683 0 621 2 0 2 2 0 8 0
amappl1 80 14441 0 13838 15 0 15 15 0 8 0
amappl 88 14914 0 14739 5 0 5 5 0 92 0
dma65536 65536 1 0 1 1 1 0 1 0 8 0
dma32768 32768 2 0 2 2 1 1 1 0 8 1
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma512 512 1 0 1 1 1 0 1 0 8 0
dma256 256 8 0 8 3 3 0 1 0 8 0
dma128 128 254 0 254 2 2 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 19 0 18 1 0 1 1 0 8 0
aobjpl 72 135 0 5 3 0 3 3 0 8 0
uaddrrnd 24 1816 0 1785 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1816 0 1785 1 0 1 1 0 8 0
vmmpekpl 168 16154 0 16103 3 0 3 3 0 8 0
vmmpepl 168 117192 0 115156 115 22 93 101 0 357 0
vmsppl 480 1815 0 1785 5 0 5 5 0 8 0
rwobjpl 72 35968 0 29645 117 2 115 115 0 8 0
pdppl 4096 3640 0 3570 123 51 72 84 0 8 2
pvpl 32 15191 0 0 125 2 123 123 0 265 0
pmappl 256 1815 0 1785 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 521 0 76 13 0 13 13 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff837e5ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_release_all(ffffffff83a08e00) at __mp_release_all+0xe0 sys/kern/kern_lock.c:210
msleep_nsec(ffffffff8389bb08,ffffffff8389bad0,4,ffffffff833e8fa0,ffffffffffffffff) at msleep_nsec+0x1f3 sys/kern/kern_synch.c:-1
reaper(ffff8000ffffc7b8) at reaper+0x14b sys/kern/kern_exit.c:477
end trace frame: 0x0, count: 9
ddb{0}> trace
x86_ipi_db(ffffffff837e5ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_release_all(ffffffff83a08e00) at __mp_release_all+0xe0 sys/kern/kern_lock.c:210
msleep_nsec(ffffffff8389bb08,ffffffff8389bad0,4,ffffffff833e8fa0,ffffffffffffffff) at msleep_nsec+0x1f3 sys/kern/kern_synch.c:-1
reaper(ffff8000ffffc7b8) at reaper+0x14b sys/kern/kern_exit.c:477
end trace frame: 0x0, count: -6
ddb{0}> machine ddbcpu 1
Stopped at savectx+0xae: movl $0,%gs:0x688
savectx() at savectx+0xae
end of kernel
end trace frame: 0x702a6ed1e3b0, count: 14
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x702a6ed1e3b0, count: -1