uvm_fault(0xfffffd806bedc020, 0x0, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff828f47b8 cs 8 rflags 10207 cr2 0 cpl 0 rsp ffff80002a30e440 gsbase 0xffff8000299edff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff828f47b8 Starting stack trace... panic(ffffffff833c98d0) at panic+464 kerntrap(ffff80002a30e390) at kerntrap+779 alltraps_kern_meltdown() at alltraps_kern_meltdown+123 dt_ioctl_record_stop(ffff80000165e000) at dt_ioctl_record_stop+264 dtclose(21e5f,81,2000,ffff8000fffeba10) at dtclose+265 spec_close(ffff80002a30e540) at spec_close+1126 VOP_CLOSE(fffffd806c0a6120,81,fffffd80097fb5b0,ffff8000fffeba10) at VOP_CLOSE+306 vn_closefile(fffffd806c093490,ffff8000fffeba10) at vn_closefile+299 fdrop(fffffd806c093490,ffff8000fffeba10) at fdrop+289 closef(fffffd806c093490,ffff8000fffeba10) at closef+402 fdfree(ffff8000fffeba10) at fdfree+278 exit1(ffff8000fffeba10,b,0,1) at exit1+1398 sys_exit(ffff8000fffeba10,ffff80002a30e8b0,ffff80002a30e800) at sys_exit+26 syscall(ffff80002a30e8b0) at syscall+2839 Xsyscall() at Xsyscall+296 end of kernel end trace frame: 0x7f6db1e5ceb0, count: 242 End of stack trace. WARNING: SPL NOT LOWERED ON SYSCALL 83 1264010400 EXIT 0 4 Stopped at savectx+174: movl $0,%gs:1672 TID PID UID PRFLAGS PFLAGS CPU COMMAND * 50662 45580 0 0 0 1 syz-executor 226799 23297 74 0x1100012 0x1 0 pflogd savectx() at savectx+174 end of kernel end trace frame: 0x7c038243eea0, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd806bedc020, 0x0, 0, 1) -> e ddb{1}> trace savectx() at savectx+174 end of kernel end trace frame: 0x7c038243eea0, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 18446603336929511456 rbx 0 rdx 0 rcx 18446603340516076160 rax 59 r8 18446603336929511248 r9 1 r10 2206365770580628668 r11 7216920625582366169 r12 0 r13 0 r14 18446603340516076160 r15 0 rip 18446744071590097902 savectx+174 cs 8 rflags 70 rsp 18446603336929511328 ss 16 savectx+174: movl $0,%gs:1672 ddb{1}> show proc PROC (syz-executor) tid=50662 pid=45580 tcnt=3 stat=onproc flags process=0 proc=0 runpri=86, usrpri=86, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000fffeb778,0xffff8000fffeb258 process=0xffff8000fffde1e0 user=0xffff80002a37b000, vmspace=0xfffffd806bedcd78 estcpu=36, cpticks=10, pctcpu=0.0, user=9, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 23045 347978 6074 0 2 0 syz-executor *45580 50662 77620 0 7 0 syz-executor 45580 112642 77620 0 3 0x4000080 fsleep syz-executor 45580 347248 77620 0 3 0x4000080 fsleep syz-executor 50284 92555 11587 0 3 0x80 nanoslp syz-executor 50284 469252 11587 0 3 0x4000080 piperd syz-executor 50284 168038 11587 0 3 0x4000080 piperd syz-executor 50284 72599 11587 0 3 0x4000080 fsleep syz-executor 56340 518010 5819 0 2 0 syz-executor 56340 523042 5819 0 2 0x4000000 syz-executor 97661 226049 5052 0 3 0x80 nanoslp syz-executor 97661 426207 5052 0 3 0x4000000 biowait syz-executor 97661 306815 5052 0 3 0x4000000 fltagain2 syz-executor 97661 410911 5052 0 3 0x4000080 fsleep syz-executor 14186 518140 76146 0 3 0x2 biowait syz-executor 5052 479950 76146 0 3 0x82 nanoslp syz-executor 5819 343353 76146 0 3 0x82 nanoslp syz-executor 77620 448833 76146 0 3 0x82 nanoslp syz-executor 6074 229548 76146 0 3 0x82 nanoslp syz-executor 4942 55298 76146 0 3 0x82 nanoslp syz-executor 46928 389999 76146 0 2 0x2 syz-executor 11587 54493 76146 0 3 0x82 nanoslp syz-executor 76146 44297 70114 0 3 0x82 kqread syz-executor 70114 455474 28353 0 3 0x10008a sigsusp ksh 28353 264348 88607 0 3 0x98 kqread sshd-session 88607 344335 20993 0 3 0x92 kqread sshd-session 77332 207610 1 0 3 0x100083 ttyin getty 20993 240355 1 0 3 0x88 kqread sshd 23297 226799 60007 74 7 0x1100013 pflogd 60007 375423 1 0 3 0x80 sbwait pflogd 82264 114171 67427 73 3 0x1100090 kqread syslogd 67427 56164 1 0 3 0x100082 sbwait syslogd 3190 272657 1 0 3 0x100080 kqread resolvd 70213 160117 863 77 3 0x100092 kqread dhcpleased 7261 187253 863 77 3 0x100092 kqread dhcpleased 863 154992 1 0 3 0x80 kqread dhcpleased 40851 169161 0 0 3 0x14200 bored smr 81495 145300 0 0 2 0x14200 zerothread 49616 376977 0 0 3 0x14200 aiodoned aiodoned 61892 317440 0 0 3 0x14200 syncer update 4149 255178 0 0 3 0x14200 cleaner cleaner 85921 227169 0 0 2 0x14200 reaper 56618 347570 0 0 3 0x14200 pgdaemon pagedaemon 64956 80252 0 0 3 0x14200 bored viomb 77376 108460 0 0 3 0x40014200 acpi0 acpi0 32245 456395 0 0 3 0x40014200 idle1 19084 271157 0 0 3 0x14200 bored softnet1 58493 394754 0 0 3 0x14200 netlock softnet0 74597 425782 0 0 2 0x40014200 systqmp 87260 325973 0 0 3 0x14200 bored systq 95345 224552 0 0 3 0x14200 tmoslp softclockmp 8017 428626 0 0 3 0x40014200 tmoslp softclock 73310 357138 0 0 3 0x40014200 idle0 1 446898 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 97661 (syz-executor) thread 0xffff8000fffe2028 (426207) Process 14186 (syz-executor) thread 0xffff8000fffeb4e0 (518140) Process 46928 (syz-executor) thread 0xffff8000fffeafb0 (389999) Process 85921 (reaper) thread 0xffff8000ffffd9f8 (227169) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10258 11089K 12518K 166960K 14940 0 pcb 18 16K 18K 166960K 857 0 rtable 251 21K 21K 166960K 1308 0 pf 38 18K 82K 166960K 454 0 ifaddr 42 9K 9K 166960K 260 0 ifgroup 62 2K 3K 166960K 438 0 sysctl 4 1K 9K 166960K 19 0 counters 70 37K 38K 166960K 580 0 ioctlops 0 0K 8K 166960K 2632 0 iov 0 0K 18K 166960K 363 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1584 100K 100K 166960K 4532 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 6K 10K 166960K 48 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 182 0 dirhash 12 2K 2K 166960K 75 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 240K 166960K 3225 0 sigio 0 0K 0K 166960K 50 0 proc 72 115K 164K 166960K 1103 0 subproc 72 4K 4K 166960K 164 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 410 0 in_multi 79 5K 7K 166960K 397 0 ether_multi 2 0K 0K 166960K 46 0 mrt 2 0K 0K 166960K 32 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 271 1208K 1208K 166960K 271 0 exec 0 0K 1K 166960K 1168 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 252 165K 184K 166960K 32031 0 UVM aobj 63 26K 26K 166960K 68 0 pinsyscall 42 84K 104K 166960K 4609 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 190 0 NDP 13 0K 2K 166960K 171 0 temp 150 8661K 8757K 166960K 158837 0 kqueue 13 20K 31K 166960K 603 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 402 0 399 4 3 1 3 0 8 0 rtentry 176 409 0 319 6 0 6 6 0 8 0 unpcb 144 2174 0 2154 15 14 1 6 0 8 0 syncache 336 9 0 9 3 3 0 1 0 8 0 tcpcb 736 1069 0 1065 22 21 1 7 0 8 0 arp 136 53 0 37 1 0 1 1 0 8 0 inpcb 328 3619 0 3611 39 37 2 10 0 8 0 nd6 152 65 0 44 2 0 2 2 0 8 0 pkpcb 40 59 0 59 8 8 0 1 0 8 0 kcovpl 48 18 0 10 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1192 205 0 205 6 5 1 1 0 8 1 pppxif 1504 29 0 29 6 5 1 1 0 8 1 pffrag 232 18 0 14 1 0 1 1 0 482 0 pffrnode 88 15 0 11 1 0 1 1 0 8 0 pffrent 40 28 0 24 1 0 1 1 0 8 0 pfosfp 40 1429 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1429 0 714 21 0 21 21 0 8 0 pfrktable 1344 7 0 7 4 4 0 1 0 8 0 pfanchor 1288 1 0 1 1 1 0 1 0 8 0 pftag 88 1 0 1 1 1 0 1 0 8 0 pfstitem 24 207 0 156 1 0 1 1 0 8 0 pfstkey 128 207 0 156 3 0 3 3 0 8 0 pfstate 384 206 0 155 9 0 9 9 0 8 1 pfrule 1344 26 0 20 2 1 1 2 0 8 0 rttmr 136 4 0 4 4 4 0 1 0 8 0 art_heap8 4096 6 0 0 6 0 6 6 0 8 0 art_heap4 256 1632 0 1285 37 13 24 31 0 8 0 art_table 40 1638 0 1285 5 1 4 5 0 8 0 art_node 32 403 0 325 2 0 2 2 0 8 0 sysvmsgpl 40 20 0 15 1 0 1 1 0 8 0 semupl 112 4 0 4 4 4 0 1 0 8 0 semapl 112 136 0 126 1 0 1 1 0 8 0 shmpl 112 52 0 4 2 0 2 2 0 8 0 dirhash 1024 60 0 43 3 0 3 3 0 8 0 dino2pl 256 7685 0 6160 96 0 96 96 0 8 0 ffsino 296 7685 0 6160 119 1 118 118 0 8 0 nchpl 144 12055 0 10327 65 0 65 65 0 8 0 rtmask 32 23 0 23 7 6 1 1 0 8 1 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 45021 0 45019 5 4 1 2 0 8 0 percpumem 16 305 0 255 1 0 1 1 0 8 0 vcpupl 3968 12 0 0 2 0 2 2 0 8 0 vmpool 840 13 0 1 3 1 2 2 0 8 0 kstatmem 264 272 0 240 4 1 3 3 0 8 0 scsiplug 72 45 0 45 9 8 1 1 0 8 1 scxspl 216 60544 0 60542 12 11 1 4 1 8 0 plimitpl 152 1203 0 1186 1 0 1 1 0 8 0 sigapl 424 3522 0 3475 9 3 6 8 0 8 0 knotepl 120 604 0 0 17 0 17 17 0 8 0 kqueuepl 224 1372 0 1361 20 18 2 5 0 8 1 pipepl 344 621 0 592 21 18 3 9 0 8 0 fdescpl 528 3481 0 3450 3 0 3 3 0 8 0 filepl 160 26332 0 26104 40 27 13 20 0 8 0 lockfpl 104 1771 0 1764 3 2 1 2 0 8 0 lockfspl 48 531 0 524 1 0 1 1 0 8 0 sessionpl 144 36 0 27 1 0 1 1 0 8 0 pgrppl 48 125 0 108 1 0 1 1 0 8 0 ucredpl 104 4803 0 4790 1 0 1 1 0 8 0 zombiepl 144 4965 0 4964 2 1 1 1 0 8 0 processpl 1232 3522 0 3475 7 2 5 6 0 8 1 procpl 664 8968 0 8909 8 2 6 8 0 8 0 sosppl 176 32 0 32 12 11 1 1 0 8 1 sockpl 752 6335 0 6304 74 69 5 24 0 8 1 mcl64k 65536 25 0 0 4 1 3 3 0 8 0 mcl16k 16384 6 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 135 0 0 17 1 16 17 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 96 0 0 10 0 10 10 0 8 0 mtagpl 96 7 0 0 1 0 1 1 0 8 0 mbufpl 256 1236 0 0 73 0 73 73 0 8 0 bufpl 280 22395 0 16258 439 0 439 439 0 8 0 anonpl 32 12780 0 0 103 0 103 103 0 246 0 amapchunkpl 152 115224 0 114669 85 55 30 37 0 158 4 amappl16 200 9019 0 8830 56 37 19 28 0 8 1 amappl15 192 9 0 9 1 1 0 1 0 8 0 amappl14 184 6 0 6 2 2 0 1 0 8 0 amappl13 176 561 0 559 1 0 1 1 0 8 0 amappl12 168 3907 0 3866 3 0 3 3 0 8 0 amappl11 160 9 0 9 1 1 0 1 0 8 0 amappl10 152 48 0 34 1 0 1 1 0 8 0 amappl9 144 256 0 256 2 2 0 1 0 8 0 amappl8 136 36 0 33 1 0 1 1 0 8 0 amappl7 128 130 0 128 1 0 1 1 0 8 0 amappl6 120 406 0 391 1 0 1 1 0 8 0 amappl5 112 82 0 70 1 0 1 1 0 8 0 amappl4 104 489 0 459 1 0 1 1 0 8 0 amappl3 96 19482 0 19394 4 1 3 3 0 8 0 amappl2 88 3602 0 3525 2 0 2 2 0 8 0 amappl1 80 23382 0 22792 16 2 14 15 0 8 0 amappl 88 30588 0 30416 5 0 5 5 0 92 0 uvmvnodes 80 210 0 0 5 0 5 5 0 8 0 dma65536 65536 2 0 2 2 2 0 1 0 8 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma2048 2048 1 0 1 1 0 1 1 0 8 1 dma1024 1024 4 0 3 1 0 1 1 0 8 0 dma256 256 8 0 8 2 2 0 1 0 8 0 dma128 128 254 0 254 2 2 0 1 0 8 0 dma64 64 10 0 10 3 3 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 67 0 5 2 0 2 2 0 8 0 uaddrrnd 24 3482 0 3451 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3482 0 3451 1 0 1 1 0 8 0 vmmpekpl 168 26546 0 26474 4 0 4 4 0 8 0 vmmpepl 168 222270 0 220178 130 26 104 110 0 357 1 vmsppl 488 3481 0 3451 6 1 5 5 0 8 0 rwobjpl 80 56354 0 54988 36 2 34 35 0 8 0 pdppl 4096 6998 0 6916 140 55 85 85 0 8 3 pvpl 32 22560 0 0 182 0 182 182 0 265 0 pmappl 256 3494 0 3452 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 431 0 106 11 1 10 10 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+39: addq $8,%rsp x86_ipi_db(ffffffff837c5ff0) at x86_ipi_db+39 x86_ipi_handler() at x86_ipi_handler+217 Xresume_lapic_ipi() at Xresume_lapic_ipi+39 __mp_lock(ffffffff83922fc0) at __mp_lock+419 softintr_dispatch(2) at softintr_dispatch+293 dosoftint(2) at dosoftint+84 Xsofttty() at Xsofttty+39 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc intr_handler(ffff80002a2b0620,ffff80000007aa80) at intr_handler+233 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+399 __mp_lock(ffffffff83922fc0) at __mp_lock+402 ktrgenio(ffff8000ffffcf98,4,0,ffff800001541790,16c) at ktrgenio+552 dofilereadv(ffff8000ffffcf98,4,ffff80002a2b08c8,0,ffff80002a2b0980) at dofilereadv+1140 sys_read(ffff8000ffffcf98,ffff80002a2b0a30,ffff80002a2b0980) at sys_read+162 end trace frame: 0xffff80002a2b0a20, count: 0 ddb{0}> trace x86_ipi_db(ffffffff837c5ff0) at x86_ipi_db+39 x86_ipi_handler() at x86_ipi_handler+217 Xresume_lapic_ipi() at Xresume_lapic_ipi+39 __mp_lock(ffffffff83922fc0) at __mp_lock+419 softintr_dispatch(2) at softintr_dispatch+293 dosoftint(2) at dosoftint+84 Xsofttty() at Xsofttty+39 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc intr_handler(ffff80002a2b0620,ffff80000007aa80) at intr_handler+233 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+399 __mp_lock(ffffffff83922fc0) at __mp_lock+402 ktrgenio(ffff8000ffffcf98,4,0,ffff800001541790,16c) at ktrgenio+552 dofilereadv(ffff8000ffffcf98,4,ffff80002a2b08c8,0,ffff80002a2b0980) at dofilereadv+1140 sys_read(ffff8000ffffcf98,ffff80002a2b0a30,ffff80002a2b0980) at sys_read+162 syscall(ffff80002a2b0a30) at syscall+3028 Xsyscall() at Xsyscall+296 end of kernel end trace frame: 0x7130ba0553f0, count: -16 ddb{0}> machine ddbcpu 1 Stopped at savectx+174: movl $0,%gs:1672 savectx() at savectx+174 end of kernel end trace frame: 0x7c038243eea0, count: 14 ddb{1}> trace savectx() at savectx+174 end of kernel end trace frame: 0x7c038243eea0, count: -1