uvm_fault(0xfffffd806c8cW43AfRN0,I N0G:x 0S, P0L ,N O1T) L-O>W EeRE D ONk eSrnYSeClALL 83 196318880 EXIT 0 a Stopped at savectx+174: movl $0,%gs:1672 TID PID UID PRFLAGS PFLAGS CPU COMMAND * 21835 55780 0 0 0 1 syz-executor savectx() at savectx+174 end of kernel end trace frame: 0x755952de2820, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu0: uvm_fault(0xfffffd806c8c43f0, 0x0, 0, 1) -> e ddb{1}> trace savectx() at savectx+174 end of kernel end trace frame: 0x755952de2820, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 18446603337177452080 rbx 0 rdx 0 rcx 18446603340516112904 rax 58 r8 18446603337177451872 r9 1 r10 4871324809295917401 r11 601437587166265351 r12 0 r13 0 r14 18446603340516112904 r15 0 rip 18446744071603999726 savectx+174 cs 8 rflags 70 rsp 18446603337177451952 ss 16 savectx+174: movl $0,%gs:1672 ddb{1}> show proc PROC (syz-executor) tid=21835 pid=55780 tcnt=6 stat=onproc flags process=0 proc=0 runpri=86, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000fffe8028,0xffff8000ffff34e8 process=0xffff8000337e44f0 user=0xffff800038fef000, vmspace=0xfffffd806c8c4d78 estcpu=36, cpticks=10, pctcpu=0.0, user=5, sys=3, intr=2 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 55790 94389 86672 0 3 0x80 nanoslp syz-executor 55790 340666 86672 0 2 0x4000000 syz-executor 55790 130314 86672 0 3 0x4000080 fsleep syz-executor *55780 21835 69798 0 7 0 syz-executor 55780 183521 69798 0 2 0x4000000 syz-executor 55780 116475 69798 0 3 0x4000080 fsleep syz-executor 55780 440227 69798 0 3 0x4000080 fsleep syz-executor 55780 5108 69798 0 3 0x4000080 fsleep syz-executor 55780 381073 69798 0 2 0x4000000 syz-executor 67261 151716 20320 0 3 0x80 nanoslp syz-executor 67261 139830 20320 0 3 0x4000080 kqsel syz-executor 67261 58375 20320 0 3 0x4000080 fsleep syz-executor 88234 227592 9646 0 3 0x82 wait syz-executor 97695 369621 0 0 3 0x14200 acct acct 61143 519492 9646 0 3 0x82 nanoslp syz-executor 20320 147195 9646 0 3 0x82 nanoslp syz-executor 33308 508408 9646 0 2 0x2 syz-executor 69798 292448 9646 0 3 0x82 nanoslp syz-executor 89421 231509 9646 0 3 0x82 wait syz-executor 68595 137871 9646 0 3 0x82 nanoslp syz-executor 86672 311411 9646 0 3 0x82 nanoslp syz-executor 9646 342780 16293 0 3 0x82 kqread syz-executor 16293 273591 87415 0 3 0x10008a sigsusp ksh 87415 188911 48228 0 3 0x98 kqread sshd-session 48228 167144 66669 0 3 0x92 kqread sshd-session 73457 18537 1 0 3 0x100083 ttyin getty 66669 510251 1 0 3 0x88 kqread sshd 63432 416783 52958 74 3 0x1100092 bpf pflogd 52958 305628 1 0 3 0x80 sbwait pflogd 38663 344121 97070 73 3 0x1100090 kqread syslogd 97070 303739 1 0 3 0x100082 sbwait syslogd 90467 389664 1 0 3 0x100080 kqread resolvd 7980 420506 14628 77 3 0x100092 kqread dhcpleased 72758 838 14628 77 3 0x100092 kqread dhcpleased 14628 130621 1 0 3 0x80 kqread dhcpleased 95424 408696 0 0 3 0x14200 bored smr 3295 75083 0 0 3 0x14200 pgzero zerothread 29802 521292 0 0 3 0x14200 aiodoned aiodoned 87220 12929 0 0 3 0x14200 syncer update 52173 429186 0 0 3 0x14200 cleaner cleaner 45828 401126 0 0 3 0x14200 reaper reaper 48775 16760 0 0 3 0x14200 pgdaemon pagedaemon 5799 109247 0 0 3 0x14200 bored viomb 4879 411388 0 0 3 0x40014200 acpi0 acpi0 34442 364135 0 0 3 0x40014200 idle1 91004 32723 0 0 3 0x14200 bored softnet1 4691 392174 0 0 3 0x14200 bored softnet0 50585 232628 0 0 3 0x14200 bored systqmp 16705 143266 0 0 3 0x14200 bored systq 74851 266805 0 0 3 0x14200 tmoslp softclockmp 49703 297213 0 0 3 0x40014200 tmoslp softclock 19143 120617 0 0 3 0x40014200 idle0 1 341166 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks CPU 1: exclusive mutex &uvm.pageqlock r = 0 (0xffffffff839c7658) #0 witness_lock+1521 #1 mtx_enter+1204 #2 uvm_pageclean+654 #3 uvm_pagefree+38 #4 uvm_anfree_list+485 #5 amap_wipeout+584 #6 uvm_unmap_detach+138 #7 uvm_mapanon+2141 #8 uvm_mmapanon+464 #9 sys_mmap+2688 #10 syscall+3028 #11 Xsyscall+296 Process 55790 (syz-executor) thread 0xffff8000ffff2018 (340666) exclusive rrwlock inode r = 0 (0xfffffd805da18da0) #0 witness_lock+1521 #1 rw_do_enter_write+1049 #2 rrw_enter+198 #3 VOP_LOCK+189 #4 vn_lock+164 #5 vn_write+399 #6 dofilewritev+578 #7 sys_write+162 #8 syscall+3028 #9 Xsyscall+296 Process 55780 (syz-executor) thread 0xffff8000ffff34d8 (183521) exclusive rrwlock inode r = 0 (0xfffffd805da18b50) #0 witness_lock+1521 #1 rw_do_enter_write+1049 #2 rrw_enter+198 #3 VOP_LOCK+189 #4 vn_lock+164 #5 vn_write+399 #6 dofilewritev+578 #7 sys_write+162 #8 syscall+3028 #9 Xsyscall+296 Process 55780 (syz-executor) thread 0xffff8000fffe87f0 (381073) exclusive rwlock amaplk r = 0 (0xfffffd805db7bda0) #0 witness_lock+1521 #1 rw_do_enter_write+1049 #2 amap_unref+61 #3 uvm_unmap_detach+138 #4 uvm_mapanon+2141 #5 uvm_mmapanon+464 #6 sys_mmap+2688 #7 syscall+3028 #8 Xsyscall+296 Process 33308 (syz-executor) thread 0xffff8000ffff2fa8 (508408) exclusive rrwlock inode r = 0 (0xfffffd806f278240) #0 witness_lock+1521 #1 rw_do_enter_write+1049 #2 rrw_enter+198 #3 VOP_LOCK+189 #4 ufs_ihashins+79 #5 ffs_vget+391 #6 ffs_inode_alloc+633 #7 ufs_mkdir+252 #8 VOP_MKDIR+257 #9 domkdirat+377 #10 syscall+2839 #11 Xsyscall+296 exclusive rrwlock inode r = 0 (0xfffffd806d1146a0) #0 witness_lock+1521 #1 rw_do_enter_write+1049 #2 rrw_enter+198 #3 VOP_LOCK+189 #4 vn_lock+164 #5 vfs_lookup+284 #6 namei+1994 #7 domkdirat+139 #8 syscall+2839 #9 Xsyscall+296 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10264 11212K 11534K 166960K 13122 0 pcb 17 12K 12K 166960K 186 0 rtable 245 11K 11K 166960K 602 0 pf 42 19K 67486K 166960K 271 0 ifaddr 41 7K 8K 166960K 113 0 ifgroup 63 2K 3K 166960K 183 0 sysctl 4 1K 9K 166960K 11 0 counters 72 37K 38K 166960K 192 0 ioctlops 0 0K 4K 166960K 1805 0 iov 0 0K 16K 166960K 98 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1358 85K 86K 166960K 2300 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 12 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 79 0 dirhash 12 2K 2K 166960K 36 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 228K 166960K 1186 0 sigio 0 0K 0K 166960K 95 0 proc 73 115K 180K 166960K 727 0 subproc 72 4K 4K 166960K 99 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 128 0 in_multi 85 6K 7K 166960K 170 0 ether_multi 1 0K 0K 166960K 7 0 mrt 0 0K 0K 166960K 11 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 241 1076K 1076K 166960K 241 0 exec 0 0K 1K 166960K 561 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 257 168K 186K 166960K 12482 0 UVM aobj 12 8K 8K 166960K 14 0 pinsyscall 42 84K 102K 166960K 2383 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 0K 166960K 86 0 NDP 14 0K 1K 166960K 74 0 temp 79 8672K 8744K 166960K 53641 0 kqueue 13 20K 30K 166960K 222 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 271 0 268 5 3 2 3 0 8 1 rtentry 176 179 0 86 6 0 6 6 0 8 0 unpcb 144 824 0 807 9 5 4 6 0 8 3 syncache 336 6 0 6 3 3 0 1 0 8 0 tcpcb 736 366 0 362 10 6 4 7 0 8 3 arp 136 27 0 10 1 0 1 1 0 8 0 inpcb 328 1094 0 1084 12 6 6 7 0 8 5 nd6 152 37 0 13 2 0 2 2 0 8 0 pkpcb 40 9 0 9 4 3 1 1 0 8 1 kcovpl 48 11 0 3 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1192 44 0 44 2 1 1 1 0 8 1 pppxif 1504 9 0 9 3 2 1 1 0 8 1 pffrag 232 8 0 1 1 0 1 1 0 482 0 pffrnode 88 8 0 1 1 0 1 1 0 8 0 pffrent 40 11 0 4 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 4 0 4 1 1 0 1 0 8 0 pfanchor 1288 2 0 0 1 0 1 1 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 65 0 26 1 0 1 1 0 8 0 pfstkey 128 67 0 28 2 0 2 2 0 8 0 pfstate 448 66 0 28 5 0 5 5 0 8 0 pfrule 1344 30 0 25 2 1 1 2 0 8 0 rttmr 136 2 0 2 1 1 0 1 0 8 0 art_heap8 4096 5 0 1 5 0 5 5 0 8 1 art_heap4 256 839 0 450 31 4 27 30 0 8 2 art_table 40 844 0 451 5 0 5 5 0 8 0 art_node 32 176 0 93 1 0 1 1 0 8 0 sysvmsgpl 40 3 0 2 1 0 1 1 0 8 0 semupl 112 2 0 2 2 1 1 1 0 8 1 semapl 112 73 0 63 1 0 1 1 0 8 0 shmpl 112 8 0 2 1 0 1 1 0 8 0 dirhash 1024 33 0 16 3 0 3 3 0 8 0 dino2pl 256 3551 0 2028 96 0 96 96 0 8 0 ffsino 296 3551 0 2028 118 0 118 118 0 8 0 nchpl 144 5179 0 3466 64 0 64 64 0 8 0 rtmask 32 11 0 11 3 2 1 1 0 8 1 vnodes 216 4132 0 0 230 0 230 230 0 8 0 namei 1024 17803 0 17802 2 1 1 1 0 8 0 percpumem 16 111 0 60 1 0 1 1 0 8 0 vcpupl 3968 3 0 0 1 0 1 1 0 8 0 vmpool 840 3 0 0 1 0 1 1 0 8 0 kstatmem 264 110 0 76 3 0 3 3 0 8 0 scsiplug 72 6 0 6 3 3 0 1 0 8 0 scxspl 216 32197 0 32197 10 9 1 8 1 8 1 plimitpl 152 447 0 428 1 0 1 1 0 8 0 sigapl 424 1475 0 1427 7 1 6 7 0 8 0 knotepl 120 436 0 0 13 0 13 13 0 8 0 kqueuepl 224 359 0 349 3 1 2 2 0 8 1 pipepl 344 339 0 310 9 6 3 9 0 8 0 fdescpl 528 1455 0 1424 3 0 3 3 0 8 0 filepl 160 9077 0 8846 25 11 14 18 0 8 2 lockfpl 104 515 0 513 2 1 1 2 0 8 0 lockfspl 48 192 0 190 1 0 1 1 0 8 0 sessionpl 144 28 0 19 1 0 1 1 0 8 0 pgrppl 48 57 0 40 1 0 1 1 0 8 0 ucredpl 104 1423 0 1409 1 0 1 1 0 8 0 zombiepl 144 1431 0 1427 1 0 1 1 0 8 0 processpl 1232 1475 0 1427 5 0 5 5 0 8 0 procpl 664 3228 0 3171 6 0 6 6 0 8 0 sosppl 176 4 0 4 2 2 0 1 0 8 0 sockpl 752 2221 0 2191 29 19 10 17 0 8 7 mcl64k 65536 3 0 0 1 0 1 1 0 8 0 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 115 0 0 15 0 15 15 0 8 0 mcl2k 2048 34 0 0 5 0 5 5 0 8 0 mtagpl 96 56 0 0 2 0 2 2 0 8 0 mbufpl 256 1788 0 0 112 0 112 112 0 8 0 bufpl 280 12850 0 6713 439 0 439 439 0 8 0 anonpl 32 11000 0 0 89 0 89 89 0 246 0 amapchunkpl 152 42229 0 41724 44 14 30 35 0 158 8 amappl16 200 5142 0 5060 35 21 14 26 0 8 5 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 16 0 15 1 0 1 1 0 8 0 amappl13 176 462 0 461 1 0 1 1 0 8 0 amappl12 168 1841 0 1799 3 0 3 3 0 8 0 amappl11 160 5 0 5 1 1 0 1 0 8 0 amappl10 152 49 0 35 1 0 1 1 0 8 0 amappl9 144 249 0 249 1 1 0 1 0 8 0 amappl8 136 42 0 40 1 0 1 1 0 8 0 amappl7 128 94 0 92 1 0 1 1 0 8 0 amappl6 120 338 0 324 1 0 1 1 0 8 0 amappl5 112 97 0 86 1 0 1 1 0 8 0 amappl4 104 464 0 434 1 0 1 1 0 8 0 amappl3 96 7260 0 7165 4 1 3 3 0 8 0 amappl2 88 1585 0 1507 2 0 2 2 0 8 0 amappl1 80 14181 0 13591 15 1 14 14 0 8 0 amappl 88 11518 0 11342 5 0 5 5 0 92 0 uvmvnodes 80 149 0 0 4 0 4 4 0 8 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 8 0 8 3 3 0 1 0 8 0 dma128 128 257 0 257 3 3 0 1 0 8 0 dma64 64 8 0 8 2 2 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 13 0 2 1 0 1 1 0 8 0 uaddrrnd 24 1455 0 1424 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1455 0 1424 1 0 1 1 0 8 0 vmmpekpl 168 13450 0 13407 3 0 3 3 0 8 0 vmmpepl 168 98810 0 96803 109 5 104 108 0 357 10 vmsppl 488 1454 0 1424 5 0 5 5 0 8 0 rwobjpl 80 28503 0 27356 34 2 32 32 0 8 0 pdppl 4096 2923 0 2851 111 37 74 85 0 8 2 pvpl 32 19133 0 0 155 0 155 155 0 265 0 pmappl 256 1457 0 1424 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 411 0 57 11 0 11 11 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+39: addq $8,%rsp x86_ipi_db(ffffffff8382fff0) at x86_ipi_db+39 x86_ipi_handler() at x86_ipi_handler+217 Xresume_lapic_ipi() at Xresume_lapic_ipi+39 __mp_lock(ffffffff838ea180) at __mp_lock+409 softintr_dispatch(0) at softintr_dispatch+293 dosoftint(0) at dosoftint+84 Xsoftclock() at Xsoftclock+39 cnputc(6c) at cnputc+103 db_putchar(6c) at db_putchar+877 kprintf() at kprintf+547 db_printf(ffffffff8342b205) at db_printf+155 db_ktrap(6,0,ffff80002a381dc0) at db_ktrap+227 kerntrap(ffff80002a381dc0) at kerntrap+578 alltraps_kern_meltdown() at alltraps_kern_meltdown+123 end trace frame: 0xffff80002a381ea0, count: 0 ddb{0}> trace x86_ipi_db(ffffffff8382fff0) at x86_ipi_db+39 x86_ipi_handler() at x86_ipi_handler+217 Xresume_lapic_ipi() at Xresume_lapic_ipi+39 __mp_lock(ffffffff838ea180) at __mp_lock+409 softintr_dispatch(0) at softintr_dispatch+293 dosoftint(0) at dosoftint+84 Xsoftclock() at Xsoftclock+39 cnputc(6c) at cnputc+103 db_putchar(6c) at db_putchar+877 kprintf() at kprintf+547 db_printf(ffffffff8342b205) at db_printf+155 db_ktrap(6,0,ffff80002a381dc0) at db_ktrap+227 kerntrap(ffff80002a381dc0) at kerntrap+578 alltraps_kern_meltdown() at alltraps_kern_meltdown+123 dt_ioctl_record_stop(ffff800001612000) at dt_ioctl_record_stop+264 dtclose(11e5f,81,2000,ffff8000fffe94e8) at dtclose+265 spec_close(ffff80002a381f70) at spec_close+1126 VOP_CLOSE(fffffd805e4c57d8,81,fffffd80097fd618,ffff8000fffe94e8) at VOP_CLOSE+306 vn_closefile(fffffd807e3630b8,ffff8000fffe94e8) at vn_closefile+299 fdrop(fffffd807e3630b8,ffff8000fffe94e8) at fdrop+289 closef(fffffd807e3630b8,ffff8000fffe94e8) at closef+402 fdfree(ffff8000fffe94e8) at fdfree+278 exit1(ffff8000fffe94e8,b,0,1) at exit1+1398 sys_exit(ffff8000fffe94e8,ffff80002a3822e0,ffff80002a382230) at sys_exit+26 syscall(ffff80002a3822e0) at syscall+2839 Xsyscall() at Xsyscall+296 end of kernel end trace frame: 0x708926e3c460, count: -26 ddb{0}> machine ddbcpu 1 Stopped at savectx+174: movl $0,%gs:1672 savectx() at savectx+174 end of kernel end trace frame: 0x755952de2820, count: 14 ddb{1}> trace savectx() at savectx+174 end of kernel end trace frame: 0x755952de2820, count: -1