uvm_fault: savectx (3)

uvm_fault: savectx (3)

Status: upstream: reported on 2025/02/20 07:12
Reported-by: syzbot+a67c3d29b86efeb5eed6@syzkaller.appspotmail.com
First crash: 468d, last: 12m

▶ ▼ Similar bugs (2)

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
openbsd	uvm_fault: savectx	-1				1	1286d	1286d	0/3	auto-obsoleted due to no activity on 2023/02/23 10:19
openbsd	uvm_fault: savectx (2)	-1				33	590d	677d	0/3	auto-obsoleted due to no activity on 2024/12/10 09:14

Sample crash report:

uvm_fault(0xfffffd806c63d5d0, 0x98, 0, 1) -> e
fatal page fault in supervisor mode
trap type 6 code 0 rip ffffffff827885d8 cs 8 rflags 10246 cr2 98 cpl 0 rsp ffff80003c3fad70
gsbase 0xffff80002999dff0  kgsbase 0x0
panic: trap type 6, code=0, pc=ffffffff827885d8
Starting stack trace...
panic(ffffffff834ed534) at panic+0x1d0 sys/kern/subr_prf.c:229
kerntrap(ffff80003c3facc0) at kerntrap+0x30b
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
dovutimens(ffff80003679e558,fffffd8061e00528,ffff80003c3faea0) at dovutimens+0x368 sys/kern/vfs_syscalls.c:2690
sys_futimes(ffff80003679e558,ffff80003c3faff0,ffff80003c3faf40) at sys_futimes+0x208 sys/kern/vfs_syscalls.c:2732
syscall(ffff80003c3faff0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c3faff0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xff93e3eeb0, count: 250
End of stack trace.
WARNING: SPL NOT LOWERED ON SYSCALL 83 858154752 EXIT 0 4
Stopped at      savectx+0xae:   movl    $0,%gs:0x688
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
*516826  31318      0           0          0    1  syz-executor
  47096  92144      0           0          0    0  syz-executor
savectx() at savectx+0xae
end of kernel
end trace frame: 0x761d346e1970, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: uvm_fault(0xfffffd806c63d5d0, 0x98, 0, 1) -> e
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x761d346e1970, count: -1
ddb{1}> show registers
rdi                                0
rsi                                0
rbp               0xffff80003c4715a0
rbx                                0
rdx                                0
rcx               0xffff8000fffeea78
rax                             0x3a
r8                0xffff80003c4714d0
r9                               0x1
r10               0x4685ab369341e3ba
r11               0x34f90645f048bdad
r12                                0
r13                                0
r14               0xffff8000fffeea78
r15                                0
rip               0xffffffff82a403ee    savectx+0xae
cs                               0x8
rflags                          0x46
rsp               0xffff80003c471520
ss                              0x10
savectx+0xae:   movl    $0,%gs:0x688
ddb{1}> show proc
PROC (syz-executor) tid=516826 pid=31318 tcnt=2 stat=onproc
    flags process=0 proc=0
    runpri=81, usrpri=82, slppri=17, nice=20
    wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
    forw=0xffffffffffffffff, list=0xffff8000fffefca0,0xffff80003679f790
    process=0xffff80003c46a1d8 user=0xffff80003c46c000, vmspace=0xfffffd806a5773f8
    estcpu=32, cpticks=104, pctcpu=0.86, user=1, sys=103, intr=0
ddb{1}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
*31318  516826  25836      0  7           0                syz-executor
 31318  225614  25836      0  3   0x4000080  fsleep        syz-executor
 95516  196180  57040      0  2         0x2                ifconfig
 57040  523701  30184      0  3    0x10008a  sigsusp       sh
 66925  428775  85382      0  2           0                syz-executor
 66925  395170  85382      0  3   0x4000000  sbar          syz-executor
 92144   47096  82518      0  7           0                syz-executor
 92144  380354  82518      0  3   0x4000000  biowait       syz-executor
 57460  110710  33257  60928  2        0x10                syz-executor
 57460  394958  33257  60928  2   0x4000010                syz-executor
 24759  122454  72179      0  2           0                syz-executor
 24759   13846  72179      0  3   0x4000080  fsleep        syz-executor
 24759   24968  72179      0  3   0x4000080  fsleep        syz-executor
 47069  430652  45259      0  2           0                syz-executor
 47069   92299  45259      0  3   0x4000080  fsleep        syz-executor
 47069   28383  45259      0  3   0x4000080  fsleep        syz-executor
 47069  270698  45259      0  3   0x4000080  fsleep        syz-executor
 30184  185629  68802      0  3        0x82  wait          syz-executor
 50632  424141      0      0  3     0x14280  nfsidl        nfsio
  1437   57270      0      0  3     0x14280  nfsidl        nfsio
 54855  359990      0      0  3     0x14280  nfsidl        nfsio
 19388   58869      0      0  3     0x14280  nfsidl        nfsio
 55873  277707      0      0  3     0x14280  nfsidl        nfsio
 28440  177724      0      0  3     0x14280  nfsidl        nfsio
 18320  110660      0      0  3     0x14280  nfsidl        nfsio
 98867   41987      0      0  3     0x14280  nfsidl        nfsio
 54275  117009      0      0  3     0x14280  nfsidl        nfsio
  5639  335256      0      0  3     0x14280  nfsidl        nfsio
 86568   40428      0      0  3     0x14280  nfsidl        nfsio
  9110  199359      0      0  3     0x14280  nfsidl        nfsio
 81172   26474      0      0  3     0x14280  nfsidl        nfsio
 20082  314370      0      0  3     0x14280  nfsidl        nfsio
 42413  443639      0      0  3     0x14280  nfsidl        nfsio
 76304  104469      0      0  3     0x14280  nfsidl        nfsio
 32009   27356      0      0  3     0x14280  nfsidl        nfsio
 93176  345829      0      0  3     0x14280  nfsidl        nfsio
 30261  288238      0      0  3     0x14280  nfsidl        nfsio
 61939  311432      0      0  3     0x14280  nfsidl        nfsio
 33257  290741  68802      0  2       0xc82                syz-executor
 11142   20742  68802      0  2         0x2                syz-executor
 72179  176045  68802      0  2       0xc82                syz-executor
 25836   19810  68802      0  2       0xc82                syz-executor
 45259   34720  68802      0  2       0xc82                syz-executor
 82518   66916  68802      0  2       0xc82                syz-executor
 85382  300317  68802      0  2       0xc82                syz-executor
 68802  284474  50727      0  3        0x82  kqread        syz-executor
 50727  241608  64093      0  3    0x10008a  sigsusp       ksh
 64093   58760  84509      0  3        0x98  kqread        sshd-session
 84509   96616  98048      0  3        0x92  kqread        sshd-session
 72460  428598      1      0  3    0x100083  ttyopn        getty
 98048  514744      1      0  3        0x88  kqread        sshd
 21007  503186  95413     74  3   0x1100092  bpf           pflogd
 95413  445771      1      0  3        0x80  sbwait        pflogd
  1005  221420  45999     73  3   0x1100090  kqread        syslogd
 45999  401981      1      0  3    0x100082  sbwait        syslogd
 41751  369808      1      0  3    0x100080  kqread        resolvd
 64851   90327  66891     77  3    0x100092  kqread        dhcpleased
 43364  457364  66891     77  3    0x100092  kqread        dhcpleased
 66891  210557      1      0  3        0x80  kqread        dhcpleased
 60788  170945      0      0  3     0x14200  bored         smr
 65462  461649      0      0  2     0x14200                zerothread
 10260  431953      0      0  3     0x14200  aiodoned      aiodoned
 54675  199542      0      0  3     0x14200  syncer        update
 62393  343131      0      0  3     0x14200  cleaner       cleaner
  6151  427231      0      0  3     0x14200  reaper        reaper
 92883   51176      0      0  3     0x14200  pgdaemon      pagedaemon
 74004  269217      0      0  3     0x14200  bored         viomb
 40031  390801      0      0  3  0x40014200  acpi0         acpi0
 49089  112655      0      0  3  0x40014200                idle1
 83060  245049      0      0  3     0x14200  bored         softnet1
 71052  359666      0      0  3     0x14200  netlock       softnet0
 75667  440499      0      0  2  0x40014200                systqmp
 45069   25035      0      0  3     0x14200  bored         systq
 94426   49987      0      0  3     0x14200  tmoslp        softclockmp
 40519  182364      0      0  3  0x40014200  tmoslp        softclock
 41323  318495      0      0  3  0x40014200                idle0
     1   58229      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{1}> show all locks
Process 66925 (syz-executor) thread 0xffff80003679e558 (395170)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83a3e580)
#0  witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1  syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline]
#1  syscall+0xaf4 sys/arch/amd64/amd64/trap.c:783
#2  Xsyscall+0x128
Process 92144 (syz-executor) thread 0xffff800038bb1cb8 (380354)
exclusive rrwlock inode r = 0 (0xfffffd806e643580)
#0  witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1  rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2  rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3  VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4  ufs_ihashins+0x4f ufs_ihash sys/ufs/ufs/ufs_ihash.c:-1 [inline]
#4  ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:159
#5  ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1232
#6  ffs_inode_alloc+0x279 sys/ufs/ffs/ffs_alloc.c:393
#7  ufs_makeinode+0xcd sys/ufs/ufs/ufs_vnops.c:1759
#8  ufs_create+0x4e sys/ufs/ufs/ufs_vnops.c:147
#9  VOP_CREATE+0xfe sys/kern/vfs_vops.c:103
#10 vn_open+0x50d sys/kern/vfs_vnops.c:118
#11 doopenat+0x35b sys/kern/vfs_syscalls.c:1162
#12 sys_open+0x59 sys/kern/vfs_syscalls.c:1064
#13 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#13 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806e458b80)
#0  witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1  rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2  rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3  VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4  vn_lock+0xa4 sys/kern/vfs_vnops.c:576
#5  vfs_lookup+0x12b sys/kern/vfs_lookup.c:431
#6  namei+0x7c5 sys/kern/vfs_lookup.c:250
#7  vn_open+0x22e sys/kern/vfs_vnops.c:109
#8  doopenat+0x35b sys/kern/vfs_syscalls.c:1162
#9  sys_open+0x59 sys/kern/vfs_syscalls.c:1064
#10 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#10 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
#11 Xsyscall+0x128
Process 11142 (syz-executor) thread 0xffff8000fffef240 (20742)
exclusive rrwlock inode r = 0 (0xfffffd8069f99b30)
#0  witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1  rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2  rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3  VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4  vn_lock+0xa4 sys/kern/vfs_vnops.c:576
#5  vget+0x2a2 sys/kern/vfs_subr.c:686
#6  ufs_ihashget+0x185 sys/ufs/ufs/ufs_ihash.c:98
#7  ffs_vget+0x8c sys/ufs/ffs/ffs_vfsops.c:1203
#8  ufs_lookup+0x1a36 sys/ufs/ufs/ufs_lookup.c:478
#9  VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x963 sys/kern/vfs_lookup.c:580
#11 namei+0x7c5 sys/kern/vfs_lookup.c:250
#12 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1806
#13 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#13 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806d1c7e98)
#0  witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1  rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2  rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3  VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4  vn_lock+0xa4 sys/kern/vfs_vnops.c:576
#5  vfs_lookup+0x12b sys/kern/vfs_lookup.c:431
#6  namei+0x7c5 sys/kern/vfs_lookup.c:250
#7  dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1806
#8  syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8  syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
#9  Xsyscall+0x128
ddb{1}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf 11062  12094K   12344K 166960K     12752        0
            pcb    17     13K      13K 166960K       103        0
         rtable   187      8K       9K 166960K       646        0
             pf    39     18K      25K 166960K       136        0
         ifaddr    35      5K       7K 166960K        94        0
        ifgroup    51      2K       2K 166960K       119        0
         sysctl     4      1K       9K 166960K        11        0
       counters    72     37K      37K 166960K       124        0
       ioctlops     0      0K       4K 166960K      1578        0
            iov     0      0K      16K 166960K        57        0
          mount     1      1K       1K 166960K         1        0
            log     0      0K       0K 166960K         4        0
         vnodes  1411     89K      89K 166960K      1935        0
      UFS quota     1     32K      32K 166960K         1        0
      UFS mount     5     36K      36K 166960K         5        0
            shm     2      1K       5K 166960K         8        0
         VM map     2      1K       1K 166960K         2        0
            sem    12      0K       0K 166960K        33        0
        dirhash    12      2K       2K 166960K        15        0
           ACPI  1692    195K     286K 166960K     12470        0
      file desc    18     65K      93K 166960K       677        0
          sigio     0      0K       0K 166960K         2        0
           proc    81    147K     196K 166960K       827        0
        subproc    72      4K       4K 166960K       144        0
    NFS srvsock     1      0K       0K 166960K         1        0
     NFS daemon     1     16K      16K 166960K         1        0
    ip_moptions     0      0K       0K 166960K        29        0
       in_multi    62      4K       7K 166960K       194        0
    ether_multi     1      0K       0K 166960K         2        0
            mrt     0      0K       0K 166960K        18        0
    ISOFS mount     1     32K      32K 166960K         1        0
  MSDOSFS mount     1     16K      16K 166960K         1        0
           ttys    67    307K     307K 166960K        67        0
           exec     0      0K       1K 166960K       533        0
   fusefs mount     1     32K      32K 166960K         1        0
     pfkey data     0      0K       0K 166960K         1        0
            tdb     3      0K       0K 166960K         3        0
        VM swap     8     62K      64K 166960K        10        0
       UVM amap   239    153K     165K 166960K      7689        0
       UVM aobj    12      2K       2K 166960K        13        0
     pinsyscall    43     86K     108K 166960K      2066        0
        memdesc     1      4K       4K 166960K         1        0
    crypto data     1      1K       1K 166960K         1        0
    ip6_options     0      0K       0K 166960K        18        0
            NDP    13      0K       2K 166960K        63        0
           temp    44   9120K    9179K 166960K     19967        0
         kqueue    14     22K      32K 166960K       108        0
      SYN cache     2     16K      16K 166960K         2        0
ddb{1}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache    128       26    0        0     1     0     1     1     0     8    0
rtpcb      120       70    0       67     1     0     1     1     0     8    0
rtentry    176      205    0      130     6     1     5     6     0     8    0
unpcb      144      346    0      325     5     4     1     4     0     8    0
syncache   336       10    0       10     1     1     0     1     0     8    0
tcpcb      736      262    0      257     7     6     1     7     0     8    0
arp        136       34    0       22     1     0     1     1     0     8    0
inpcb      328      763    0      753    11     4     7     7     0     8    6
nd6        152       50    0       37     2     1     1     2     0     8    0
pkpcb       40        4    0        4     1     0     1     1     0     8    1
kcovpl      48       16    0        8     1     0     1     1     0     8    0
ppxss      1192      16    0       13     2     1     1     1     0     8    0
pppxif     1576       1    0        1     1     0     1     1     0     8    1
pfstscr     40        2    0        2     2     1     1     1     0     8    1
pffrag     232        7    0        1     1     0     1     1     0   482    0
pffrnode    88        7    0        1     1     0     1     1     0     8    0
pffrent     40       14    0        8     1     0     1     1     0     8    0
pfosfp      40     1428    0     1428     5     4     1     5     0     8    1
pfosfpen   112     1428    0     1428    21     4    17    21     0     8   17
pfrktable  1344       4    0        1     1     0     1     1     0     8    0
pfanchor   1288      12    0        1     1     0     1     1     0     8    0
pftag       88        1    0        0     1     0     1     1     0     8    0
pfstitem    24       51    0       12     1     0     1     1     0     8    0
pfstkey    128       53    0       14     2     0     2     2     0     8    0
pfstate    448       52    0       14     6     0     6     6     0     8    0
pfrule     1360      26    0       19     2     1     1     2     0     8    0
rttmr      136        3    0        3     2     1     1     1     0     8    1
art_heap8  4096       1    0        0     1     0     1     1     0     8    0
art_heap4  256      880    0      541    29     3    26    29     0     8    3
art_table   40      881    0      541     5     0     5     5     0     8    1
art_node    32      205    0      136     1     0     1     1     0     8    0
sysvmsgpl   40        2    0        1     2     1     1     1     0     8    0
semupl     112        4    0        4     1     0     1     1     0     8    1
semapl      72       30    0       20     1     0     1     1     0     8    0
shmpl      112       10    0        1     1     0     1     1     0     8    0
dirhash    1024      19    0        2     3     0     3     3     0     8    0
dino2pl    256     2313    0      839    93     0    93    93     0     8    0
ffsino     296     2313    0      839   114     0   114   114     0     8    0
nchpl      144     3153    0     1427    64     0    64    64     0     8    0
rtmask      32        4    0        3     2     1     1     1     0     8    0
vnodes     216     2879    0        0   160     0   160   160     0     8    0
namei      1024   11577    0    11576     1     0     1     1     0     8    0
percpumem   16       77    0       26     1     0     1     1     0     8    0
pfiaddrpl  120        1    0        0     1     0     1     1     0     8    0
kstatmem   264       67    0       40     3     1     2     3     0     8    0
scxspl     216    12718    0    12717    11     9     2     8     1     8    1
plimitpl   152      108    0       91     1     0     1     1     0     8    0
sigapl     424     1007    0      939     9     1     8     8     0     8    0
knotepl    120      313    0        0    10     0    10    10     0     8    0
kqueuepl   224      151    0      140     2     0     2     2     0     8    1
pipepl     344      180    0      153     3     0     3     3     0     8    0
fdescpl    528      971    0      939     3     0     3     3     0     8    0
filepl     160     5020    0     4794    19     7    12    19     0     8    2
lockfpl    104      445    0      441     2     1     1     2     0     8    0
lockfspl    48      169    0      165     1     0     1     1     0     8    0
sessionpl  144       87    0       78     1     0     1     1     0     8    0
pgrppl      48      108    0       91     1     0     1     1     0     8    0
ucredpl    104      528    0      513     1     0     1     1     0     8    0
zombiepl   144      939    0      939     1     0     1     1     0     8    1
processpl  1232    1007    0      939     6     0     6     6     0     8    0
procpl     664     1749    0     1672     8     0     8     8     0     8    1
sosppl     176        4    0        4     2     1     1     1     0     8    1
sockpl     752     1255    0     1221    20     9    11    17     0     8    7
mcl64k     65536      3    0        0     1     0     1     1     0     8    0
mcl16k     16384      2    0        0     1     0     1     1     0     8    0
mcl9k128   9344       1    0        0     1     0     1     1     0     8    0
mcl8k      8192       1    0        0     1     0     1     1     0     8    0
mcl4k      4096     115    0        0    15     0    15    15     0     8    0
mcl2k      2048      28    0        0     4     0     4     4     0     8    0
mtagpl      96        4    0        0     1     0     1     1     0     8    0
mbufpl     256      278    0        0    18     0    18    18     0     8    0
bufpl      280     4302    0      105   300     0   300   300     0     8    0
anonpl      32     7671    0        0    62     0    62    62     0   246    0
amapchunkpl 152   23604    0    23119    28     0    28    28     0   158    8
amappl16   200     2970    0     2935    21    10    11    15     0     8    8
amappl15   192        9    0        9     1     1     0     1     0     8    0
amappl14   184      535    0      533     1     0     1     1     0     8    0
amappl13   176      177    0      165     1     0     1     1     0     8    0
amappl12   168     1260    0     1229     2     0     2     2     0     8    0
amappl11   160        3    0        3     1     1     0     1     0     8    0
amappl10   152       64    0       50     1     0     1     1     0     8    0
amappl9    144      327    0      327     1     1     0     1     0     8    0
amappl8    136      134    0      131     1     0     1     1     0     8    0
amappl7    128      164    0      151     1     0     1     1     0     8    0
amappl6    120      235    0      231     1     0     1     1     0     8    0
amappl5    112      103    0       92     1     0     1     1     0     8    0
amappl4    104      326    0      305     1     0     1     1     0     8    0
amappl3     96     4693    0     4578     4     0     4     4     0     8    0
amappl2     88      619    0      555     2     0     2     2     0     8    0
amappl1     80    13319    0    12707    16     2    14    15     0     8    1
amappl      88     6744    0     6578     5     0     5     5     0    92    0
uvmvnodes   80      118    0        0     3     0     3     3     0     8    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma1024    1024       1    0        0     1     0     1     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      253    0      253     1     1     0     1     0     8    0
dma64       64        6    0        6     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       18    0       17     1     0     1     1     0     8    0
aobjpl      72       12    0        1     1     0     1     1     0     8    0
uaddrrnd    24      971    0      939     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24      971    0      939     1     0     1     1     0     8    0
vmmpekpl   168     9425    0     9384     3     0     3     3     0     8    0
vmmpepl    168    69995    0    68063   100     1    99    99     0   357   12
vmsppl     488      970    0      939     6     1     5     5     0     8    0
rwobjpl     80    21945    0    20850    30     2    28    28     0     8    2
pdppl      4096    1949    0     1878   113    40    73    85     0     8    2
pvpl        32    15004    0        0   122     1   121   121     0   265    0
pmappl     256      970    0      939     3     0     3     3     0     8    0
extentpl    40       45    0       27     1     0     1     1     0     8    0
phpool     112      302    0       53     8     0     8     8     0     8    0
ddb{1}> machine ddbcpu 0
Stopped at      x86_ipi_db+0x27:        addq    $0x8,%rsp
x86_ipi_db(ffffffff83994ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83a3dd80) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff83a3dd80) at __mp_lock+0x192 sys/kern/kern_lock.c:173
softintr_dispatch(2) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83
dosoftint(2) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862
Xsofttty() at Xsofttty+0x27
__mp_lock(ffffffff83a3dd80) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff83a3dd80) at __mp_lock+0x192 sys/kern/kern_lock.c:173
intr_handler(ffff80002a2f63a0,ffff8000002a3480) at intr_handler+0xe9 sys/arch/amd64/amd64/intr.c:560
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
__mp_lock(ffffffff83a3dd80) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff83a3dd80) at __mp_lock+0x192 sys/kern/kern_lock.c:173
softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83
dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862
Xsoftclock() at Xsoftclock+0x27
end of kernel
end trace frame: 0x77dc61098220, count: 1
ddb{0}> trace
x86_ipi_db(ffffffff83994ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83a3dd80) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff83a3dd80) at __mp_lock+0x192 sys/kern/kern_lock.c:173
softintr_dispatch(2) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83
dosoftint(2) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862
Xsofttty() at Xsofttty+0x27
__mp_lock(ffffffff83a3dd80) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff83a3dd80) at __mp_lock+0x192 sys/kern/kern_lock.c:173
intr_handler(ffff80002a2f63a0,ffff8000002a3480) at intr_handler+0xe9 sys/arch/amd64/amd64/intr.c:560
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
__mp_lock(ffffffff83a3dd80) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff83a3dd80) at __mp_lock+0x192 sys/kern/kern_lock.c:173
softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83
dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862
Xsoftclock() at Xsoftclock+0x27
end of kernel
end trace frame: 0x77dc61098220, count: -14
ddb{0}> machine ddbcpu 1
Stopped at      savectx+0xae:   movl    $0,%gs:0x688
savectx() at savectx+0xae
end of kernel
end trace frame: 0x761d346e1970, count: 14
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x761d346e1970, count: -1

Crashes (3552):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Assets (help?)	Manager	Title
2026/06/03 18:25	openbsd	bd33c1515641	234057e5	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/03 16:54	openbsd	bd33c1515641	234057e5	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/03 16:16	openbsd	bd33c1515641	234057e5	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/03 15:04	openbsd	bd33c1515641	234057e5	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/03 13:16	openbsd	bd33c1515641	234057e5	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/03 12:08	openbsd	bd33c1515641	234057e5	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/03 11:39	openbsd	bd33c1515641	234057e5	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/03 09:40	openbsd	cf839b82e3ec	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/03 07:45	openbsd	cf839b82e3ec	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/03 06:15	openbsd	cf839b82e3ec	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/03 05:13	openbsd	cf839b82e3ec	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/03 04:02	openbsd	cf839b82e3ec	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/03 03:04	openbsd	cf839b82e3ec	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/03 02:00	openbsd	cf839b82e3ec	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/03 00:52	openbsd	d620432c9d9a	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/02 21:08	openbsd	d620432c9d9a	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/02 19:50	openbsd	d620432c9d9a	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/02 18:24	openbsd	d620432c9d9a	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/02 17:11	openbsd	d620432c9d9a	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/02 16:05	openbsd	d620432c9d9a	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/02 14:55	openbsd	d620432c9d9a	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/02 13:51	openbsd	d620432c9d9a	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/02 12:41	openbsd	d620432c9d9a	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/02 10:33	openbsd	ce6468111c47	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/02 10:08	openbsd	ce6468111c47	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/02 08:48	openbsd	ce6468111c47	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/02 07:27	openbsd	ce6468111c47	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/02 06:24	openbsd	ce6468111c47	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/02 04:50	openbsd	ce6468111c47	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/02 03:20	openbsd	ce6468111c47	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/02 02:19	openbsd	ce6468111c47	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/02 01:18	openbsd	ce6468111c47	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/02 00:16	openbsd	ce6468111c47	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/01 23:10	openbsd	ce6468111c47	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/01 21:11	openbsd	bddfd4c1ae9e	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/01 19:23	openbsd	bddfd4c1ae9e	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/01 19:12	openbsd	bddfd4c1ae9e	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/01 18:10	openbsd	bddfd4c1ae9e	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/01 16:59	openbsd	bddfd4c1ae9e	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/01 15:54	openbsd	bddfd4c1ae9e	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/01 14:54	openbsd	bddfd4c1ae9e	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/01 13:31	openbsd	bddfd4c1ae9e	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/06/01 12:22	openbsd	bddfd4c1ae9e	cb4e87ff	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx
2026/05/17 20:59	openbsd	c52d99c0253a	340bcdf0	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-main	uvm_fault: savectx
2025/12/17 19:14	openbsd	9c2b8e445a0b	a066d2bc	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	uvm_fault: savectx
2025/02/20 07:11	openbsd	483a78e15aaa	50668798	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	uvm_fault: savectx

* ~~Struck through~~ repros no longer work on HEAD.