uvm_fault(0xfffffd806b62f208, 0x0, 0, 1) -> e
fatal page fault in supervisor mode
trap type 6 code 0 rip ffffffff81ff70f8 cs 8 rflags 10207 cr2 0 cpl 0 rsp ffff80003c439a70
gsbase 0xffff8000299ddff0 kgsbase 0x0
panic: trap type 6, code=0, pc=ffffffff81ff70f8
Starting stack trace...
panic(ffffffff833de912) at panic+0x1d0 sys/kern/subr_prf.c:229
kerntrap(ffff80003c4399c0) at kerntrap+0x30b
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
dt_ioctl_record_stop(ffff8000015a9000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:593
dtclose(11e5f,1,2000,ffff80002ebc9258) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(11e5f,1,2000,ffff80002ebc9258) at dtclose+0x109 sys/dev/dt/dt_dev.c:239
spec_close(ffff80003c439b70) at spec_close+0x466 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd8076fde548,1,fffffd80097fd410,ffff80002ebc9258) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156
vn_closefile(fffffd80702cda00,ffff80002ebc9258) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd80702cda00,ffff80002ebc9258) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd80702cda00,ffff80002ebc9258) at fdrop+0x121 sys/kern/kern_descrip.c:1280
closef(fffffd80702cda00,ffff80002ebc9258) at closef+0x192 sys/kern/kern_descrip.c:1264
fdfree(ffff80002ebc9258) at fdfree+0x116 sys/kern/kern_descrip.c:1195
exit1(ffff80002ebc9258,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff80002ebc9258,ffff80003c439ee0,ffff80003c439e30) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80003c439ee0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c439ee0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7efeff5b54d0, count: 242
End of stack trace.
WARNING: SPL NOT LOWERED ON SYSCALL 11 -1 EXIT 0 4
Stopped at savectx+0xae: movl $0,%gs:0x688
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*257967 41875 0 0x2 0 1 syz-executor
163089 42147 0 0x14000 0x200 0 reaper
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7efeff5b54d0, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: uvm_fault(0xfffffd806b62f208, 0x0, 0, 1) -> e
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7efeff5b54d0, count: -1
ddb{1}> show registers
rdi 0
rsi 0
rbp 0xffff80003c41be20
rbx 0
rdx 0
rcx 0xffff800036bdfa18
rax 0x33
r8 0xffff80003c41bd50
r9 0x1
r10 0x77b1630a055e3e59
r11 0x4ad5a3ee2d9b6fd4
r12 0
r13 0
r14 0xffff800036bdfa18
r15 0
rip 0xffffffff821753ee savectx+0xae
cs 0x8
rflags 0x46
rsp 0xffff80003c41bda0
ss 0x10
savectx+0xae: movl $0,%gs:0x688
ddb{1}> show proc
PROC (syz-executor) tid=257967 pid=41875 tcnt=1 stat=onproc
flags process=2<EXEC> proc=0
runpri=50, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000fffef770,0xffff800036bdf4f8
process=0xffff80002a3bc9b8 user=0xffff80003c416000, vmspace=0xfffffd806c9575d0
estcpu=36, cpticks=471, pctcpu=1.45, user=1, sys=468, intr=1
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
85693 206052 92190 0 2 0 syz-executor
9777 48588 68163 0 2 0 syz-executor
66631 305532 1799 0 2 0 syz-executor
74783 426590 26257 0 2 0 syz-executor
74783 69404 26257 0 3 0x4000080 sbwait syz-executor
65003 470617 99914 0 2 0 syz-executor
65003 50809 99914 0 2 0x4000000 syz-executor
99914 231795 41317 0 3 0x82 nanoslp syz-executor
2711 424109 41317 0 3 0x82 wait syz-executor
92190 344512 41317 0 3 0x82 nanoslp syz-executor
26257 59720 41317 0 3 0x82 nanoslp syz-executor
*41875 257967 41317 0 7 0x2 syz-executor
1799 47365 41317 0 3 0x82 nanoslp syz-executor
38968 290201 45165 0 3 0x100082 sbwait arp
45165 413713 1 0 3 0x10008a sigsusp sh
83176 122882 41317 0 3 0x82 wait syz-executor
68163 175094 41317 0 3 0x82 nanoslp syz-executor
41317 119955 45564 0 3 0x82 kqread syz-executor
45564 338128 30729 0 3 0x10008a sigsusp ksh
30729 248544 58795 0 3 0x98 kqread sshd-session
58795 157383 56083 0 3 0x92 kqread sshd-session
76092 422171 1 0 3 0x100083 ttyopn getty
56083 378883 1 0 3 0x88 kqread sshd
61686 439386 52800 74 3 0x1100092 bpf pflogd
52800 499937 1 0 3 0x80 sbwait pflogd
4235 265796 43997 73 3 0x1100090 kqread syslogd
43997 456956 1 0 3 0x100082 sbwait syslogd
62308 388089 1 0 3 0x100080 kqread resolvd
42752 218352 1586 77 3 0x100092 kqread dhcpleased
7273 208550 1586 77 3 0x100092 kqread dhcpleased
1586 365593 1 0 3 0x80 kqread dhcpleased
63624 542 0 0 3 0x14200 bored smr
5430 320439 0 0 2 0x14200 zerothread
63773 447831 0 0 3 0x14200 aiodoned aiodoned
7454 93090 0 0 3 0x14200 syncer update
58872 515528 0 0 3 0x14200 cleaner cleaner
42147 163089 0 0 7 0x14200 reaper
49148 196564 0 0 3 0x14200 pgdaemon pagedaemon
37506 143206 0 0 3 0x14200 bored viomb
78423 241479 0 0 3 0x40014200 acpi0 acpi0
26332 282956 0 0 3 0x40014200 idle1
93750 68626 0 0 3 0x14200 bored softnet1
95357 464039 0 0 3 0x14200 netlock softnet0
66467 12896 0 0 2 0x14200 systqmp
98127 493881 0 0 3 0x14200 bored systq
3724 348790 0 0 3 0x14200 tmoslp softclockmp
38607 57711 0 0 3 0x40014200 tmoslp softclock
47365 3986 0 0 3 0x40014200 idle0
1 129487 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{1}> show all locks
Process 42147 (reaper) thread 0xffff8000ffffd760 (163089)
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11085 12271K 13615K 166960K 15391 0
pcb 17 18K 20K 166960K 627 0
rtable 237 19K 20K 166960K 781 0
pf 39 18K 19K 166960K 235 0
ifaddr 38 7K 8K 166960K 171 0
ifgroup 65 2K 3K 166960K 308 0
sysctl 4 1K 9K 166960K 56 0
counters 72 37K 38K 166960K 386 0
ioctlops 0 0K 4K 166960K 1975 0
iov 0 0K 16K 166960K 84 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1505 95K 95K 166960K 3178 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 10 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 64 0
dirhash 12 2K 2K 166960K 30 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 20 73K 89K 166960K 1934 0
sigio 0 0K 0K 166960K 28 0
proc 73 115K 164K 166960K 855 0
subproc 81 5K 5K 166960K 126 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 280 0
in_multi 74 5K 7K 166960K 239 0
ether_multi 1 0K 0K 166960K 25 0
mrt 1 0K 0K 166960K 21 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 91 413K 413K 166960K 91 0
exec 0 0K 1K 166960K 738 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 237 157K 171K 166960K 19415 0
UVM aobj 26 14K 14K 166960K 30 0
pinsyscall 46 92K 106K 166960K 3235 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 2 0K 0K 166960K 140 0
NDP 13 0K 1K 166960K 122 0
temp 82 8680K 8934K 166960K 66377 0
kqueue 13 20K 33K 166960K 390 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 423 0 419 6 3 3 3 0 8 2
rtentry 176 218 0 130 5 0 5 5 0 8 0
unpcb 144 927 0 910 4 3 1 2 0 8 0
syncache 336 4 0 4 2 2 0 1 0 8 0
tcpqe 32 2 0 2 1 1 0 1 0 8 0
tcpcb 736 634 0 630 19 17 2 7 0 8 1
arp 136 33 0 15 1 0 1 1 0 8 0
inpcb 328 2516 0 2505 29 22 7 10 0 8 6
nd6 152 46 0 24 2 0 2 2 0 8 0
pkpcb 40 16 0 16 6 5 1 1 0 8 1
kcovpl 48 14 0 5 1 0 1 1 0 8 0
mppekey 1024 1 0 1 1 1 0 1 0 8 0
ppxss 1192 125 0 125 3 2 1 1 0 8 1
pppxif 1504 17 0 17 6 5 1 1 0 8 1
pffrag 232 21 0 13 1 0 1 1 0 482 0
pffrnode 88 14 0 7 1 0 1 1 0 8 0
pffrent 40 31 0 23 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 2 0 2 2 2 0 1 0 8 0
pfstitem 24 117 0 49 1 0 1 1 0 8 0
pfstkey 128 117 0 49 3 0 3 3 0 8 0
pfstate 448 116 0 49 8 0 8 8 0 8 0
pfrule 1344 22 0 17 2 1 1 2 0 8 0
rttmr 136 2 0 2 2 2 0 1 0 8 0
art_heap8 4096 5 0 0 5 0 5 5 0 8 0
art_heap4 256 900 0 558 36 8 28 28 0 8 1
art_table 40 905 0 558 5 0 5 5 0 8 0
art_node 32 216 0 137 1 0 1 1 0 8 0
sysvmsgpl 40 18 0 8 1 0 1 1 0 8 0
semupl 112 2 0 2 2 2 0 1 0 8 0
semapl 112 60 0 50 1 0 1 1 0 8 0
shmpl 112 18 0 1 1 0 1 1 0 8 0
dirhash 1024 29 0 12 3 0 3 3 0 8 0
dino2pl 256 4949 0 3435 96 0 96 96 0 8 0
ffsino 296 4949 0 3435 118 0 118 118 0 8 0
nchpl 144 7582 0 5873 64 0 64 64 0 8 0
rtmask 32 13 0 13 6 5 1 1 0 8 1
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 26637 0 26637 3 2 1 2 0 8 1
percpumem 16 208 0 157 1 0 1 1 0 8 0
vcpupl 3968 7 0 1 1 0 1 1 0 8 0
vmpool 848 9 0 3 2 1 1 1 0 8 0
kstatmem 264 188 0 158 6 3 3 3 0 8 1
acpiwqpl 32 1 0 1 1 0 1 1 1 8 1
scsiplug 72 9 0 9 5 5 0 1 0 8 0
scxspl 216 48740 0 48740 15 12 3 8 1 8 3
plimitpl 152 344 0 326 1 0 1 1 0 8 0
sigapl 424 2260 0 2210 8 0 8 8 0 8 0
knotepl 120 608 0 0 18 0 18 18 0 8 0
kqueuepl 224 851 0 842 12 10 2 5 0 8 1
pipepl 344 286 0 256 4 0 4 4 0 8 0
fdescpl 528 2223 0 2189 3 0 3 3 0 8 0
filepl 160 15216 0 14977 28 10 18 18 0 8 4
lockfpl 104 725 0 722 2 1 1 2 0 8 0
lockfspl 48 264 0 261 1 0 1 1 0 8 0
sessionpl 144 28 0 19 1 0 1 1 0 8 0
pgrppl 48 60 0 42 1 0 1 1 0 8 0
ucredpl 104 2284 0 2270 1 0 1 1 0 8 0
zombiepl 144 2213 0 2210 2 1 1 1 0 8 0
processpl 1232 2260 0 2210 6 0 6 6 0 8 0
procpl 664 5240 0 5188 8 0 8 8 0 8 0
sosppl 176 11 0 11 4 4 0 1 0 8 0
sockpl 752 3966 0 3934 38 26 12 14 0 8 8
mcl64k 65536 7 0 0 1 0 1 1 0 8 0
mcl16k 16384 3 0 0 1 0 1 1 0 8 0
mcl12k 12288 2 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 6 0 0 1 0 1 1 0 8 0
mcl4k 4096 134 0 0 17 0 17 17 0 8 0
mcl2k2 2112 2 0 0 1 0 1 1 0 8 0
mcl2k 2048 71 0 0 7 0 7 7 0 8 0
mtagpl 96 102 0 0 3 0 3 3 0 8 0
mbufpl 256 1086 0 0 67 0 67 67 0 8 0
bufpl 280 20177 0 14041 439 0 439 439 0 8 0
anonpl 32 11778 0 0 95 0 95 95 0 246 0
amapchunkpl 152 64749 0 64300 48 17 31 33 0 158 5
amappl16 200 7244 0 7210 51 32 19 24 0 8 8
amappl15 192 3 0 3 1 1 0 1 0 8 0
amappl14 184 19 0 19 2 2 0 1 0 8 0
amappl13 176 501 0 499 1 0 1 1 0 8 0
amappl12 168 2688 0 2645 3 0 3 3 0 8 0
amappl11 160 9 0 8 1 0 1 1 0 8 0
amappl10 152 49 0 35 1 0 1 1 0 8 0
amappl9 144 255 0 255 2 2 0 1 0 8 0
amappl8 136 30 0 28 1 0 1 1 0 8 0
amappl7 128 105 0 104 1 0 1 1 0 8 0
amappl6 120 343 0 328 1 0 1 1 0 8 0
amappl5 112 84 0 73 1 0 1 1 0 8 0
amappl4 104 454 0 423 1 0 1 1 0 8 0
amappl3 96 13252 0 13149 6 2 4 4 0 8 0
amappl2 88 588 0 526 2 0 2 2 0 8 0
amappl1 80 17032 0 16409 15 1 14 15 0 8 0
amappl 88 18284 0 18130 5 0 5 5 0 92 0
uvmvnodes 80 169 0 0 4 0 4 4 0 8 0
dma65536 65536 1 0 1 1 0 1 1 0 8 1
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma512 512 1 0 1 1 1 0 1 0 8 0
dma256 256 7 0 7 2 2 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 8 0 8 3 3 0 1 0 8 0
dma32 32 8 0 8 2 2 0 1 0 8 0
dma16 16 21 0 20 1 0 1 1 0 8 0
aobjpl 72 29 0 4 1 0 1 1 0 8 0
uaddrrnd 24 2223 0 2189 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2223 0 2189 1 0 1 1 0 8 0
vmmpekpl 168 17854 0 17798 3 0 3 3 0 8 0
vmmpepl 168 144103 0 142086 119 9 110 110 0 357 10
vmsppl 488 2222 0 2189 5 0 5 5 0 8 0
rwobjpl 80 38119 0 36965 37 4 33 33 0 8 2
pdppl 4096 4472 0 4390 127 45 82 84 0 8 0
pvpl 32 22348 0 0 180 0 180 180 0 265 0
pmappl 256 2231 0 2192 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 403 0 79 10 0 10 10 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff837d1ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff839f1b40) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff839f1b40) at __mp_lock+0x192 sys/kern/kern_lock.c:173
softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83
dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862
Xsoftclock() at Xsoftclock+0x27
__sanitizer_cov_trace_const_cmp4(ffffffff8388e2e8,ffffffff8388e2b0) at __sanitizer_cov_trace_const_cmp4+0xf kd_curproc sys/dev/kcov.c:580 [inline]
__sanitizer_cov_trace_const_cmp4(ffffffff8388e2e8,ffffffff8388e2b0) at __sanitizer_cov_trace_const_cmp4+0xf sys/dev/kcov.c:230
reaper(ffff8000ffffd760) at reaper+0x15b sys/kern/kern_exit.c:477
end trace frame: 0x0, count: 6
ddb{0}> trace
x86_ipi_db(ffffffff837d1ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff839f1b40) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff839f1b40) at __mp_lock+0x192 sys/kern/kern_lock.c:173
softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83
dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862
Xsoftclock() at Xsoftclock+0x27
__sanitizer_cov_trace_const_cmp4(ffffffff8388e2e8,ffffffff8388e2b0) at __sanitizer_cov_trace_const_cmp4+0xf kd_curproc sys/dev/kcov.c:580 [inline]
__sanitizer_cov_trace_const_cmp4(ffffffff8388e2e8,ffffffff8388e2b0) at __sanitizer_cov_trace_const_cmp4+0xf sys/dev/kcov.c:230
reaper(ffff8000ffffd760) at reaper+0x15b sys/kern/kern_exit.c:477
end trace frame: 0x0, count: -9
ddb{0}> machine ddbcpu 1
Stopped at savectx+0xae: movl $0,%gs:0x688
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7efeff5b54d0, count: 14
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7efeff5b54d0, count: -1