uvm_fault(0xffffffff83899a28, 0xffff8000277c4b00, 0, 2) -> d
fatal page fault in supervisor mode
trap type 6 code 2 rip ffffffff821101f2 cs 8 rflags 10206 cr2 ffff8000277c4b00 cpl 0 rsp ffff80002a3e6668
gsbase 0xffff800029a9bff0 kgsbase 0x0
panic: trap type 6, code=2, pc=ffffffff821101f2
Starting stack trace...
panic(ffffffff83317482) at panic+0x1d0 sys/kern/subr_prf.c:229
kerntrap(ffff80002a3e65b0) at kerntrap+0x29b sys/arch/amd64/amd64/trap.c:327
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
memset() at memset+0x52
ffs_write(ffff80002a3e6950) at ffs_write+0xbab sys/ufs/ffs/ffs_vnops.c:401
VOP_WRITE(fffffd805c087560,ffff80002a3e69e8,23,fffffd807f7d20d0) at VOP_WRITE+0x102 sys/kern/vfs_vops.c:245
vn_rdwr(1,fffffd805c087560,ffff80002a3e6b00,40,0,1,75e00282fc012175,0,1008,0) at vn_rdwr+0x12d sys/kern/vfs_vnops.c:324
acct_process(ffff8000ffffaa60) at acct_process+0x7bb sys/kern/kern_acct.c:245
exit1(ffff8000ffffaa60,0,0,1) at exit1+0x5dd sys/kern/kern_exit.c:229
sys_exit(ffff8000ffffaa60,ffff80002a3e6d40,ffff80002a3e6c90) at sys_exit+0x1a
syscall(ffff80002a3e6d40) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a3e6d40) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7eca868071c0, count: 245
End of stack trace.
WARNING: SPL NOT LOWERED ON SYSCALL 11 -1 EXIT 0 4
Stopped at savectx+0xae: movl $0,%gs:0x680
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*462137 59993 0 0x2 0 1 syz-executor
34481 28300 0 0x14000 0x40000200 0 softclock
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7f4f0f9182c0, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: uvm_fault(0xffffffff83899a28, 0xffff8000277c4b00, 0, 2) -> d
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7f4f0f9182c0, count: -1
ddb{1}> show registers
rdi 0
rsi 0
rbp 0xffff80002acfc2f0
rbx 0
rdx 0
rcx 0xffff80003c523230
rax 0x33
r8 0xffff80002acfc220
r9 0x1
r10 0x185222ed0bd806bf
r11 0xdb42d5d4f528e0d8
r12 0
r13 0
r14 0xffff80003c523230
r15 0
rip 0xffffffff817de3ee savectx+0xae
cs 0x8
rflags 0x46
rsp 0xffff80002acfc270
ss 0x10
savectx+0xae: movl $0,%gs:0x680
ddb{1}> show proc
PROC (syz-executor) tid=462137 pid=59993 tcnt=1 stat=onproc
flags process=2<EXEC> proc=0
runpri=50, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003c522a80,0xffff80003c522050
process=0xffff8000ffff6040 user=0xffff80002acf7000, vmspace=0xfffffd806beb33a8
estcpu=36, cpticks=3, pctcpu=0.30, user=0, sys=76, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
77237 391114 78821 0 2 0 syz-executor
77237 53654 78821 0 3 0x4000080 fsleep syz-executor
93190 114257 69255 0 2 0 syz-executor
93190 221895 69255 0 3 0x4000080 fsleep syz-executor
21724 140607 10857 0 2 0 syz-executor
21724 220757 10857 0 2 0x4000000 syz-executor
94449 22332 1610 0 2 0 syz-executor
94449 370003 1610 0 3 0x4000080 fsleep syz-executor
94449 173447 1610 0 3 0x4000080 sbwait syz-executor
66214 163520 8502 0 2 0x480 syz-executor
66214 456031 8502 0 3 0x4000080 pppxread syz-executor
66214 477338 8502 0 3 0x4000080 fsleep syz-executor
78350 68746 59993 0 2 0x480 syz-executor
78350 130774 59993 0 3 0x4000080 bell syz-executor
78350 400440 59993 0 3 0x4000080 bell syz-executor
78350 1059 59993 0 3 0x4000080 fsleep syz-executor
27259 114389 1 0 3 0x82 nanoslp getty
7489 287643 2649 60929 2 0x10 syz-executor
7489 423423 2649 60929 3 0x4000090 sbwait syz-executor
7489 501046 2649 60929 3 0x4000090 fsleep syz-executor
84987 439674 83776 0 2 0x482 syz-executor
2649 23367 83776 0 2 0x482 syz-executor
8502 414942 83776 0 2 0x482 syz-executor
65895 479411 0 0 3 0x14200 acct acct
*59993 462137 83776 0 7 0x2 syz-executor
10857 869 83776 0 2 0x482 syz-executor
32612 209505 98329 0 3 0x82 sbwait sshd-session
1610 114051 83776 0 2 0x482 syz-executor
95689 64859 0 0 3 0x14200 bored sosplice
16568 266155 39127 0 3 0x100082 sbwait arp
39127 494414 1 0 3 0x10008a sigsusp sh
78821 51164 83776 0 2 0x482 syz-executor
69255 364914 83776 0 2 0x482 syz-executor
83776 157899 47054 0 3 0x82 kqread syz-executor
47054 208738 17950 0 3 0x10008a sigsusp ksh
17950 410803 80856 0 3 0x98 kqread sshd-session
80856 247596 98329 0 3 0x92 kqread sshd-session
98329 493297 1 0 3 0x88 kqread sshd
81946 373623 98481 74 3 0x1100092 bpf pflogd
98481 169235 1 0 3 0x80 sbwait pflogd
47984 380084 60533 73 3 0x1100090 kqread syslogd
60533 213087 1 0 3 0x100082 sbwait syslogd
71003 513395 1 0 3 0x100080 kqread resolvd
57310 413090 1222 77 3 0x100092 kqread dhcpleased
6173 275373 1222 77 3 0x100092 kqread dhcpleased
1222 176092 1 0 3 0x80 kqread dhcpleased
12983 218706 0 0 2 0x14200 smr
4825 142069 0 0 3 0x14200 pgzero zerothread
28777 519406 0 0 3 0x14200 aiodoned aiodoned
11567 167784 0 0 3 0x14200 syncer update
20927 153839 0 0 3 0x14200 cleaner cleaner
7445 382554 0 0 3 0x14200 reaper reaper
83205 217040 0 0 3 0x14200 pgdaemon pagedaemon
87766 387430 0 0 3 0x14200 bored viomb
99390 115276 0 0 3 0x40014200 acpi0 acpi0
19658 59549 0 0 3 0x40014200 idle1
36421 141085 0 0 3 0x14200 bored softnet3
26286 322095 0 0 3 0x14200 bored softnet2
883 493790 0 0 3 0x14200 bored softnet1
14698 321744 0 0 2 0x14200 softnet0
46099 10228 0 0 2 0x14200 systqmp
15254 168164 0 0 3 0x14200 bored systq
26529 355897 0 0 2 0x14200 softclockmp
28300 34481 0 0 7 0x40014200 softclock
11411 204617 0 0 3 0x40014200 idle0
1 421157 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{1}> show all locks
Process 93190 (syz-executor) thread 0xffff8000ffffa540 (114257)
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10240 11133K 11498K 166960K 17881 0
pcb 17 20K 22K 166960K 1210 0
rtable 232 11K 11K 166960K 1023 0
pf 35 17K 26K 166960K 345 0
ifaddr 37 8K 8K 166960K 218 0
ifgroup 51 2K 2K 166960K 431 0
sysctl 4 1K 1K 166960K 16 0
counters 62 36K 37K 166960K 544 0
ioctlops 0 0K 8K 166960K 2055 0
iov 0 0K 28K 166960K 739 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1439 90K 91K 166960K 4730 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 5K 13K 166960K 97 0
VM map 2 1K 1K 166960K 2 0
sem 43 12K 20K 166960K 263 0
dirhash 12 2K 3K 166960K 87 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 19 69K 244K 166960K 4661 0
sigio 0 0K 0K 166960K 102 0
proc 74 91K 128K 166960K 1180 0
subproc 81 5K 5K 166960K 148 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 2 0K 0K 166960K 1036 0
in_multi 77 5K 7K 166960K 277 0
ether_multi 1 0K 0K 166960K 23 0
mrt 1 0K 0K 166960K 12 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 259 1155K 1155K 166960K 259 0
exec 0 0K 1K 166960K 1314 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 8 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 262 74K 88K 166960K 44625 0
UVM aobj 124 3K 4K 166960K 129 0
pinsyscall 48 96K 104K 166960K 6042 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 357 0
NDP 13 0K 1K 166960K 160 0
temp 116 8644K 8772K 166960K 237754 0
kqueue 15 24K 32K 166960K 786 0
SYN cache 2 10K 18K 166960K 3 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 481 0 476 4 3 1 3 0 8 0
rtentry 112 311 0 216 4 0 4 4 0 8 0
unpcb 144 4279 0 4258 36 33 3 6 0 8 2
syncache 336 47 0 47 12 11 1 1 0 8 1
tcpqe 32 14 0 14 6 5 1 1 0 8 1
tcpcb 808 1909 0 1887 54 45 9 14 0 8 6
arp 120 44 0 25 1 0 1 1 0 8 0
inpcb 376 6564 0 6537 89 79 10 22 0 8 4
nd6 136 56 0 36 1 0 1 1 0 8 0
pkpcb 40 33 0 33 12 11 1 1 0 8 1
kcovpl 48 16 0 7 1 0 1 1 0 8 0
mppekey 1024 2 0 2 2 2 0 1 0 8 0
ppxss 1168 187 0 187 9 8 1 1 0 8 1
pppxif 1472 22 0 22 6 5 1 1 0 8 1
pfstscr 40 2 0 2 1 1 0 1 0 8 0
pffrag 232 22 0 15 1 0 1 1 0 482 0
pffrnode 88 19 0 13 1 0 1 1 0 8 0
pffrent 40 36 0 29 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 2 0 2 1 1 0 1 0 8 0
pfanchor 1288 2 0 1 2 1 1 1 0 8 0
pftag 88 4 0 4 1 1 0 1 0 8 0
pfstitem 24 337 0 152 2 0 2 2 0 8 0
pfstkey 128 339 0 154 6 0 6 6 0 8 0
pfstate 376 339 0 154 19 0 19 19 0 8 0
pfrule 1344 30 0 21 2 1 1 2 0 8 0
art_heap8 4096 4 0 0 4 0 4 4 0 8 0
art_heap4 256 1098 0 664 38 9 29 32 0 8 1
art_table 32 1102 0 664 5 0 5 5 0 8 0
art_node 16 261 0 177 1 0 1 1 0 8 0
sysvmsgpl 40 3 0 3 2 2 0 1 0 8 0
semupl 112 9 0 9 8 7 1 1 0 8 1
semapl 112 251 0 210 3 1 2 2 0 8 0
shmpl 112 126 0 5 4 0 4 4 0 8 0
dirhash 1024 67 0 50 3 0 3 3 0 8 0
dino2pl 256 9621 0 8096 96 0 96 96 0 8 0
ffsino 280 9622 0 8097 110 0 110 110 0 8 0
nchpl 144 16224 0 14510 65 1 64 64 0 8 0
rtmask 32 22 0 22 6 6 0 1 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 56640 0 56640 7 6 1 2 0 8 1
percpumem 16 286 0 241 1 0 1 1 0 8 0
kstatmem 264 256 0 234 4 2 2 3 0 8 0
acpiwqpl 32 2 0 2 1 0 1 1 1 8 1
scsiplug 72 8 0 8 6 6 0 1 0 8 0
scxspl 216 51644 0 51644 23 22 1 8 1 8 1
plimitpl 152 1006 0 986 1 0 1 1 0 8 0
sigapl 424 4965 0 4910 8 1 7 7 0 8 0
futexpl 64 83526 0 83520 1 0 1 1 0 8 0
knotepl 120 666 0 0 19 1 18 18 0 8 0
kqueuepl 216 1777 0 1763 19 17 2 5 0 8 1
pipepl 328 718 0 687 8 5 3 8 0 8 0
fdescpl 504 4936 0 4902 5 0 5 5 0 8 0
filepl 152 35550 0 35305 55 42 13 22 0 8 1
lockfpl 104 1599 0 1597 2 1 1 2 0 8 0
lockfspl 48 565 0 563 1 0 1 1 0 8 0
sessionpl 144 53 0 44 1 0 1 1 0 8 0
pgrppl 48 135 0 117 1 0 1 1 0 8 0
ucredpl 104 6152 0 6137 1 0 1 1 0 8 0
zombiepl 144 4911 0 4910 5 4 1 1 0 8 0
processpl 1176 4965 0 4910 5 0 5 5 0 8 0
procpl 656 12268 0 12201 9 2 7 7 0 8 0
srpgc 96 17 0 17 6 5 1 1 0 8 1
sosppl 168 33 0 33 9 8 1 1 0 8 1
sockpl 688 11477 0 11425 127 116 11 27 0 8 5
mcl64k 65536 9 0 0 2 0 2 2 0 8 0
mcl16k 16384 4 0 0 1 0 1 1 0 8 0
mcl12k 12288 3 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 6 0 0 1 0 1 1 0 8 0
mcl4k 4096 132 0 0 15 0 15 15 0 8 0
mcl2k2 2112 5 0 0 1 0 1 1 0 8 0
mcl2k 2048 61 0 0 5 0 5 5 0 8 0
mtagpl 96 188 0 0 5 0 5 5 0 8 0
mbufpl 256 1148 0 0 65 0 65 65 0 8 0
bufpl 280 15592 0 9438 440 0 440 440 0 8 0
anonpl 24 563741 0 550609 191 64 127 129 0 184 0
amapchunkpl 152 146966 0 146293 91 58 33 35 0 158 4
amappl16 200 11433 0 10945 96 45 51 52 0 8 0
amappl15 192 4 0 4 1 1 0 1 0 8 0
amappl14 184 177 0 162 1 0 1 1 0 8 0
amappl13 176 4 0 4 1 1 0 1 0 8 0
amappl12 168 5736 0 5700 3 1 2 2 0 8 0
amappl11 160 49 0 35 1 0 1 1 0 8 0
amappl10 152 2 0 2 1 1 0 1 0 8 0
amappl9 144 261 0 261 1 1 0 1 0 8 0
amappl8 136 24 0 21 1 0 1 1 0 8 0
amappl7 128 146 0 132 1 0 1 1 0 8 0
amappl6 120 279 0 273 1 0 1 1 0 8 0
amappl5 112 174 0 162 1 0 1 1 0 8 0
amappl4 104 451 0 430 1 0 1 1 0 8 0
amappl3 96 31097 0 30967 4 0 4 4 0 8 0
amappl2 88 988 0 913 2 0 2 2 0 8 0
amappl1 80 27055 0 26366 22 4 18 18 0 8 0
amappl 88 43801 0 43603 5 0 5 5 0 92 0
dma16384 16384 1 0 1 1 0 1 1 0 8 1
dma4096 4096 2 0 2 2 1 1 1 0 8 1
dma1024 1024 2 0 1 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 8 0 8 3 3 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 20 0 19 1 0 1 1 0 8 0
aobjpl 72 128 0 5 3 0 3 3 0 8 0
uaddrrnd 24 4936 0 4901 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 4936 0 4901 1 0 1 1 0 8 0
vmmpekpl 168 36512 0 36447 4 0 4 4 0 8 0
vmmpepl 168 304805 0 302195 163 27 136 140 0 357 1
vmsppl 456 4935 0 4901 5 0 5 5 0 8 0
rwobjpl 64 78657 0 71039 132 4 128 131 0 8 0
pdppl 4096 9880 0 9802 142 62 80 84 0 8 2
pvpl 32 30853 0 0 249 1 248 248 0 265 0
pmappl 248 4935 0 4901 3 0 3 3 0 8 0
extentpl 40 55 0 38 1 0 1 1 0 8 0
phpool 112 466 0 145 10 0 10 10 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff837a8ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff8399aeb0) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff8399aeb0) at __mp_lock+0x192 sys/kern/kern_lock.c:144
__mp_acquire_count(ffffffff8399aeb0,1) at __mp_acquire_count+0x58
mi_switch() at mi_switch+0x4b7 sys/kern/sched_bsd.c:441
sleep_finish(0,1) at sleep_finish+0x24f sys/kern/kern_synch.c:414
msleep(ffffffff83906800,ffffffff837f79f0,0,ffffffff8343a68d,0) at msleep+0x13b sys/kern/kern_synch.c:249
softclock_thread(ffff8000fffff710) at softclock_thread+0x11f sys/kern/kern_timeout.c:806
end trace frame: 0x0, count: 6
ddb{0}> trace
x86_ipi_db(ffffffff837a8ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff8399aeb0) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff8399aeb0) at __mp_lock+0x192 sys/kern/kern_lock.c:144
__mp_acquire_count(ffffffff8399aeb0,1) at __mp_acquire_count+0x58
mi_switch() at mi_switch+0x4b7 sys/kern/sched_bsd.c:441
sleep_finish(0,1) at sleep_finish+0x24f sys/kern/kern_synch.c:414
msleep(ffffffff83906800,ffffffff837f79f0,0,ffffffff8343a68d,0) at msleep+0x13b sys/kern/kern_synch.c:249
softclock_thread(ffff8000fffff710) at softclock_thread+0x11f sys/kern/kern_timeout.c:806
end trace frame: 0x0, count: -9
ddb{0}> machine ddbcpu 1
Stopped at savectx+0xae: movl $0,%gs:0x680
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7f4f0f9182c0, count: 14
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7f4f0f9182c0, count: -1