uvm_fault(0xfffffd800b027960, 0x0, 0, 1) -> e
fatal page fault in supervisor mode
trap type 6 code 0 rip ffffffff82de7230 cs 8 rflags 10207 cr2 0 cpl 0 rsp ffff80003c46f8a0
gsbase 0xffff8000299ddff0 kgsbase 0x0
panic: trap type 6, code=0, pc=ffffffff82de7230
Starting stack trace...
panic(ffffffff8333eefa) at panic+0x1d0 sys/kern/subr_prf.c:229
kerntrap(ffff80003c46f7f0) at kerntrap+0x30b sys/arch/amd64/amd64/trap.c:486
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
dt_ioctl_record_stop(ffff800001698000) at dt_ioctl_record_stop+0xf0 sys/dev/dt/dt_dev.c:580
dtclose(11e5f,81,2000,ffff80002a2967d0) at dtclose+0x105 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(11e5f,81,2000,ffff80002a2967d0) at dtclose+0x105 sys/dev/dt/dt_dev.c:232
spec_close(ffff80003c46f9a0) at spec_close+0x45f sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd805bb60018,81,fffffd80097fb618,ffff80002a2967d0) at VOP_CLOSE+0x133 sys/kern/vfs_vops.c:156
vn_closefile(fffffd806d046478,ffff80002a2967d0) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd806d046478,ffff80002a2967d0) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd806d046478,ffff80002a2967d0) at fdrop+0x126 sys/kern/kern_descrip.c:1267
closef(fffffd806d046478,ffff80002a2967d0) at closef+0x192 sys/kern/kern_descrip.c:1251
fdfree(ffff80002a2967d0) at fdfree+0x116 sys/kern/kern_descrip.c:1182
exit1(ffff80002a2967d0,0,0,3) at exit1+0x59c sys/kern/kern_exit.c:215
proc_suspend_check_locked(ffff80002a2967d0,0) at proc_suspend_check_locked+0x2fd sys/kern/kern_sig.c:2235
userret(ffff80002a2967d0) at userret+0x8c proc_suspend_check sys/kern/kern_sig.c:-1 [inline]
userret(ffff80002a2967d0) at userret+0x8c sys/kern/kern_sig.c:2194
Xsyscall() at Xsyscall+0x156
end of kernel
end trace frame: 0x7a0027df3e60, count: 242
End of stack trace.
WARNING: SPL NOT LOWERED ON SYSCALL 83 577442208 EXIT 0 4
Stopped at savectx+0xae: movl $0,%gs:0x688
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*278115 64142 -1 0x10 0 1 syz-executor
68893 9649 0 0x14000 0x200 0 reaper
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7cd76146bc30, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: uvm_fault(0xfffffd800b027960, 0x0, 0, 1) -> e
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7cd76146bc30, count: -1
ddb{1}> show registers
rdi 0
rsi 0
rbp 0xffff80002a35ea70
rbx 0
rdx 0
rcx 0xffff80002a2979c0
rax 0x3a
r8 0xffff80002a35e9a0
r9 0x1
r10 0x1836fd6ff07df67
r11 0x30a913bdf08fa8f2
r12 0
r13 0
r14 0xffff80002a2979c0
r15 0
rip 0xffffffff823983ee savectx+0xae
cs 0x8
rflags 0x46
rsp 0xffff80002a35e9f0
ss 0x10
savectx+0xae: movl $0,%gs:0x688
ddb{1}> show proc
PROC (syz-executor) tid=278115 pid=64142 tcnt=3 stat=onproc
flags process=10<SUGID> proc=0
runpri=86, usrpri=86, slppri=17, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003b816cf8,0xffff80002a296d00
process=0xffff80003b8189d0 user=0xffff80002a359000, vmspace=0xfffffd800b0273c0
estcpu=36, cpticks=8, pctcpu=0.0, user=6, sys=2, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
14793 269043 29940 0 2 0 syz-executor
14793 448556 29940 0 2 0x4000000 syz-executor
5809 166076 57561 0 2 0 syz-executor
5809 322 57561 0 3 0x4000080 fsleep syz-executor
93703 258997 8385 0 3 0x80 nanoslp syz-executor
93703 351624 8385 0 3 0x4000080 fsleep syz-executor
*64142 278115 64313 -1 7 0x10 syz-executor
64142 234134 64313 -1 3 0x4000090 fsleep syz-executor
64142 481314 64313 -1 3 0x4000090 fsleep syz-executor
42027 138742 67590 -1 3 0x90 nanoslp syz-executor
42027 447616 67590 -1 3 0x4000090 kqread syz-executor
29554 19455 6629 0 3 0x80 nanoslp syz-executor
29554 110864 6629 0 3 0x4000080 ttyout syz-executor
29554 166661 6629 0 3 0x4000080 fsleep syz-executor
29940 388532 87280 0 3 0x82 nanoslp syz-executor
49681 444947 87280 0 3 0x82 nanoslp syz-executor
67590 333567 87280 0 3 0x82 nanoslp syz-executor
46351 153401 1 0 3 0x100083 ttyin getty
8385 217729 87280 0 3 0x82 nanoslp syz-executor
57561 470479 87280 0 3 0x82 nanoslp syz-executor
37247 209934 0 0 3 0x14200 bored sosplice
20767 7013 87280 0 3 0x82 nanoslp syz-executor
64313 99146 87280 0 3 0x82 nanoslp syz-executor
6629 510708 87280 0 3 0x82 nanoslp syz-executor
87280 55989 96986 0 3 0x82 kqread syz-executor
96986 433138 7119 0 3 0x10008a sigsusp ksh
7119 132031 66742 0 3 0x98 kqread sshd-session
66742 307908 27625 0 3 0x92 kqread sshd-session
27625 365863 1 0 3 0x88 kqread sshd
82258 203755 92642 74 3 0x1100092 bpf pflogd
92642 68023 1 0 3 0x80 sbwait pflogd
70961 38367 21034 73 3 0x1100090 kqread syslogd
21034 66330 1 0 3 0x100082 sbwait syslogd
87976 156437 1 0 3 0x100080 kqread resolvd
8266 200932 91461 77 3 0x100092 kqread dhcpleased
5395 230809 91461 77 3 0x100092 kqread dhcpleased
91461 62650 1 0 3 0x80 kqread dhcpleased
28465 284398 0 0 3 0x14200 bored smr
11888 222103 0 0 2 0x14200 zerothread
7213 71215 0 0 3 0x14200 aiodoned aiodoned
39004 308985 0 0 3 0x14200 syncer update
72916 53926 0 0 3 0x14200 cleaner cleaner
9649 68893 0 0 7 0x14200 reaper
60061 32642 0 0 3 0x14200 pgdaemon pagedaemon
66900 194152 0 0 3 0x14200 bored viomb
84549 147399 0 0 3 0x40014200 acpi0 acpi0
56318 195266 0 0 3 0x40014200 idle1
24337 214309 0 0 3 0x14200 bored softnet3
90069 128235 0 0 3 0x14200 bored softnet2
54409 215233 0 0 3 0x14200 bored softnet1
69575 138258 0 0 3 0x14200 netlock softnet0
30039 317104 0 0 2 0x40014200 systqmp
62755 495902 0 0 3 0x14200 bored systq
49880 326799 0 0 3 0x14200 tmoslp softclockmp
49987 77726 0 0 3 0x40014200 tmoslp softclock
24584 215544 0 0 3 0x40014200 idle0
1 171650 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{1}> show all locks
Process 9649 (reaper) thread 0xffff8000ffffcf68 (68893)
exclusive rwlock kmmaplk r = 0 (0xffffffff838f64a8)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x377 sys/kern/kern_rwlock.c:310
#2 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5168
#3 uvm_unmap+0x81 sys/uvm/uvm_map.c:1792
#4 km_free+0x87 sys/uvm/uvm_km.c:831
#5 uvm_uarea_free+0x4f sys/uvm/uvm_glue.c:304
#6 reaper+0x1cb sys/kern/kern_exit.c:493
#7 proc_trampoline+0x10
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10250 11092K 13086K 166960K 16221 0
pcb 18 15K 17K 166960K 887 0
rtable 241 13K 13K 166960K 1178 0
pf 37 18K 22K 166960K 254 0
ifaddr 42 8K 8K 166960K 178 0
ifgroup 55 2K 2K 166960K 311 0
sysctl 4 1K 9K 166960K 25 0
counters 68 36K 38K 166960K 324 0
ioctlops 0 0K 4K 166960K 2177 0
iov 0 0K 28K 166960K 314 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1612 101K 102K 166960K 4280 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 16K 20K 166960K 62 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 158 0
dirhash 12 2K 3K 166960K 69 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 110K 166960K 3411 0
sigio 0 0K 0K 166960K 60 0
proc 72 91K 128K 166960K 1092 0
subproc 72 4K 4K 166960K 137 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 634 0
in_multi 87 6K 7K 166960K 291 0
ether_multi 1 0K 0K 166960K 43 0
mrt 3 0K 0K 166960K 29 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 259 1155K 1155K 166960K 259 0
exec 0 0K 1K 166960K 1071 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 3 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 252 160K 179K 166960K 31960 0
UVM aobj 140 8K 8K 166960K 152 0
pinsyscall 43 86K 100K 166960K 4712 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 182 0
NDP 12 0K 1K 166960K 125 0
temp 79 8684K 8812K 166960K 165913 0
kqueue 14 22K 30K 166960K 619 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 326 0 322 3 2 1 3 0 8 0
rtentry 176 383 0 290 6 0 6 6 0 8 0
unpcb 144 2603 0 2584 20 18 2 6 0 8 1
syncache 336 10 0 10 6 6 0 1 0 8 0
tcpqe 32 5 0 5 4 4 0 1 0 8 0
tcpcb 736 1140 0 1130 22 20 2 7 0 8 1
arp 128 83 0 65 1 0 1 1 0 8 0
inpcb 328 4182 0 4168 31 24 7 8 0 8 5
nd6 144 63 0 43 2 0 2 2 0 8 0
pkpcb 40 33 0 33 6 5 1 1 0 8 1
kcovpl 48 15 0 7 1 0 1 1 0 8 0
mppekey 1024 1 0 1 1 1 0 1 0 8 0
ppxss 1192 93 0 93 3 2 1 1 0 8 1
pppxif 1504 12 0 12 5 4 1 1 0 8 1
pffrag 232 24 0 15 1 0 1 1 0 482 0
pffrnode 88 22 0 14 1 0 1 1 0 8 0
pffrent 40 38 0 29 1 0 1 1 0 8 0
pfosfp 40 1429 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1429 0 714 21 0 21 21 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfstitem 24 209 0 87 1 0 1 1 0 8 0
pfstkey 128 209 0 87 4 0 4 4 0 8 0
pfstate 384 208 0 87 13 0 13 13 0 8 0
pfrule 1344 25 0 17 2 1 1 2 0 8 0
rttmr 136 5 0 5 4 3 1 1 0 8 1
art_heap8 4096 4 0 0 4 0 4 4 0 8 0
art_heap4 256 1239 0 831 40 12 28 30 0 8 0
art_table 40 1243 0 831 5 0 5 5 0 8 0
art_node 32 383 0 303 2 0 2 2 0 8 0
sysvmsgpl 40 15 0 9 1 0 1 1 0 8 0
semupl 112 3 0 3 2 2 0 1 0 8 0
semapl 112 152 0 142 1 0 1 1 0 8 0
shmpl 112 149 0 12 4 0 4 4 0 8 0
dirhash 1024 56 0 39 3 0 3 3 0 8 0
dino2pl 256 7680 0 6163 96 0 96 96 0 8 0
ffsino 288 7680 0 6163 109 0 109 109 0 8 0
nchpl 144 12371 0 10663 64 0 64 64 0 8 0
rtmask 32 16 0 16 7 7 0 1 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 43585 0 43585 5 4 1 2 0 8 1
percpumem 16 177 0 128 1 0 1 1 0 8 0
kstatmem 264 194 0 166 4 1 3 3 0 8 1
acpiwqpl 32 1 0 1 1 0 1 1 1 8 1
scsiplug 72 12 0 12 4 3 1 1 0 8 1
scxspl 216 99155 0 99155 19 15 4 8 1 8 4
plimitpl 152 714 0 696 1 0 1 1 0 8 0
sigapl 424 3726 0 3675 10 4 6 9 0 8 0
knotepl 120 803 0 0 25 0 25 25 0 8 0
kqueuepl 224 1447 0 1437 19 14 5 5 0 8 4
pipepl 336 544 0 516 9 6 3 8 0 8 0
fdescpl 520 3675 0 3643 3 0 3 3 0 8 0
filepl 160 26409 0 26173 36 22 14 20 0 8 0
lockfpl 104 2345 0 2343 8 7 1 4 0 8 0
lockfspl 48 912 0 910 2 1 1 2 0 8 0
sessionpl 144 41 0 32 1 0 1 1 0 8 0
pgrppl 48 117 0 100 1 0 1 1 0 8 0
ucredpl 104 3932 0 3916 1 0 1 1 0 8 0
zombiepl 144 3677 0 3675 3 2 1 1 0 8 0
processpl 1240 3726 0 3675 6 1 5 6 0 8 0
procpl 656 9042 0 8983 8 2 6 8 0 8 0
sosppl 168 16 0 16 4 3 1 1 0 8 1
sockpl 728 7344 0 7307 61 51 10 19 0 8 5
mcl64k 65536 11 0 0 2 0 2 2 0 8 0
mcl16k 16384 10 0 0 2 0 2 2 0 8 0
mcl12k 12288 4 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 6 0 0 1 0 1 1 0 8 0
mcl4k 4096 126 0 0 16 0 16 16 0 8 0
mcl2k2 2112 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 95 0 0 7 0 7 7 0 8 0
mtagpl 96 193 0 0 5 0 5 5 0 8 0
mbufpl 256 1262 0 0 74 0 74 74 0 8 0
bufpl 280 42105 0 35963 440 0 440 440 0 8 0
anonpl 32 17728 0 0 142 0 142 142 0 246 0
amapchunkpl 152 113176 0 112576 71 37 34 38 0 158 5
amappl16 200 14895 0 14805 106 80 26 36 0 8 8
amappl15 192 8 0 7 1 0 1 1 0 8 0
amappl14 184 147 0 135 1 0 1 1 0 8 0
amappl13 176 35 0 35 2 2 0 1 0 8 0
amappl12 168 4437 0 4405 3 1 2 2 0 8 0
amappl11 160 54 0 40 1 0 1 1 0 8 0
amappl10 152 5 0 5 2 2 0 1 0 8 0
amappl9 144 252 0 251 1 0 1 1 0 8 0
amappl8 136 25 0 21 1 0 1 1 0 8 0
amappl7 128 164 0 151 1 0 1 1 0 8 0
amappl6 120 256 0 252 2 1 1 1 0 8 0
amappl5 112 161 0 151 1 0 1 1 0 8 0
amappl4 104 395 0 374 1 0 1 1 0 8 0
amappl3 96 23098 0 22982 5 1 4 4 0 8 0
amappl2 88 840 0 776 2 0 2 2 0 8 0
amappl1 80 23908 0 23294 19 4 15 15 0 8 0
amappl 88 30558 0 30379 5 0 5 5 0 92 0
dma65536 65536 1 0 1 1 0 1 1 0 8 1
dma4096 4096 2 0 2 2 2 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma512 512 1 0 1 1 1 0 1 0 8 0
dma256 256 9 0 9 4 4 0 1 0 8 0
dma128 128 256 0 256 3 2 1 1 0 8 1
dma64 64 7 0 7 2 2 0 1 0 8 0
dma32 32 8 0 8 2 2 0 1 0 8 0
dma16 16 19 0 18 1 0 1 1 0 8 0
aobjpl 72 151 0 12 3 0 3 3 0 8 0
uaddrrnd 24 3675 0 3643 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 3675 0 3643 1 0 1 1 0 8 0
vmmpekpl 168 28670 0 28614 4 0 4 4 0 8 0
vmmpepl 168 237162 0 235020 158 38 120 120 0 357 13
vmsppl 480 3674 0 3643 7 2 5 5 0 8 0
rwobjpl 72 67316 0 60241 151 11 140 140 0 8 4
pdppl 4096 7358 0 7286 130 58 72 82 0 8 0
pvpl 32 26254 0 0 210 0 210 210 0 265 0
pmappl 256 3674 0 3643 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 539 0 114 13 0 13 13 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff837e4ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc
intr_handler(ffff80002a2402b0,ffff800000069c00) at intr_handler+0xe1 sys/arch/amd64/amd64/intr.c:559
Xintr_ioapic_edge16_untramp() at Xintr_ioapic_edge16_untramp+0x18f
__mp_lock(ffffffff838cc958) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline]
__mp_lock(ffffffff838cc958) at __mp_lock+0x192 sys/kern/kern_lock.c:165
softintr_dispatch(0) at softintr_dispatch+0x12a sys/kern/kern_softintr.c:83
dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847
Xsoftclock() at Xsoftclock+0x27
__sanitizer_cov_trace_const_cmp4(ffffffff8387b750,9) at __sanitizer_cov_trace_const_cmp4+0x3f sys/dev/kcov.c:231
mtx_enter(ffffffff8387b740) at mtx_enter+0x4a sys/kern/kern_lock.c:260
msleep_nsec(ffffffff8387b778,ffffffff8387b740,4,ffffffff833e8b88,ffffffffffffffff) at msleep_nsec+0x2f1 sys/kern/kern_synch.c:209
reaper(ffff8000ffffcf68) at reaper+0x14b sys/kern/kern_exit.c:477
end trace frame: 0x0, count: 1
ddb{0}> trace
x86_ipi_db(ffffffff837e4ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc
intr_handler(ffff80002a2402b0,ffff800000069c00) at intr_handler+0xe1 sys/arch/amd64/amd64/intr.c:559
Xintr_ioapic_edge16_untramp() at Xintr_ioapic_edge16_untramp+0x18f
__mp_lock(ffffffff838cc958) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline]
__mp_lock(ffffffff838cc958) at __mp_lock+0x192 sys/kern/kern_lock.c:165
softintr_dispatch(0) at softintr_dispatch+0x12a sys/kern/kern_softintr.c:83
dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847
Xsoftclock() at Xsoftclock+0x27
__sanitizer_cov_trace_const_cmp4(ffffffff8387b750,9) at __sanitizer_cov_trace_const_cmp4+0x3f sys/dev/kcov.c:231
mtx_enter(ffffffff8387b740) at mtx_enter+0x4a sys/kern/kern_lock.c:260
msleep_nsec(ffffffff8387b778,ffffffff8387b740,4,ffffffff833e8b88,ffffffffffffffff) at msleep_nsec+0x2f1 sys/kern/kern_synch.c:209
reaper(ffff8000ffffcf68) at reaper+0x14b sys/kern/kern_exit.c:477
end trace frame: 0x0, count: -14
ddb{0}> machine ddbcpu 1
Stopped at savectx+0xae: movl $0,%gs:0x688
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7cd76146bc30, count: 14
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7cd76146bc30, count: -1