uvm_fault(0xfffffd8077ab27c8, 0x0, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff82e50388 cs 8 rflags 10207 cr2 0 cpl 0 rsp ffff80002a387320 gsbase 0xffff8000299edff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff82e50388 Starting stack trace... panic(ffffffff833a774a) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80002a387270) at kerntrap+0x30b alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff800001615000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:586 dtclose(11e5f,81,2000,ffff80002a2b6a80) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(11e5f,81,2000,ffff80002a2b6a80) at dtclose+0x109 sys/dev/dt/dt_dev.c:232 spec_close(ffff80002a387420) at spec_close+0x466 sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd8068e148a0,81,fffffd80097fb6e8,ffff80002a2b6a80) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156 vn_closefile(fffffd8069663df8,ffff80002a2b6a80) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd8069663df8,ffff80002a2b6a80) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd8069663df8,ffff80002a2b6a80) at fdrop+0x121 sys/kern/kern_descrip.c:1280 closef(fffffd8069663df8,ffff80002a2b6a80) at closef+0x192 sys/kern/kern_descrip.c:1264 fdfree(ffff80002a2b6a80) at fdfree+0x116 sys/kern/kern_descrip.c:1195 exit1(ffff80002a2b6a80,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215 sys_exit(ffff80002a2b6a80,ffff80002a387790,ffff80002a3876e0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80002a387790) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a387790) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7c6642bfd040, count: 242 End of stack trace. WARNING: SPL NOT LOWERED ON TRAP EXIT 4 0 Stopped at proc_trampoline+0xc7: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND *328170 74487 0 0 0 1 syz-executor 375826 86508 0 0x10000002 0x1 0 syz-executor proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7561cec5cb90, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd8077ab27c8, 0x0, 0, 1) -> e ddb{1}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7561cec5cb90, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80003180de60 rbx 0 rdx 0 rcx 0xffff80002a2b62b8 rax 0x2a r8 0xffff80003180dd90 r9 0x1 r10 0x40e0aab65057361d r11 0x74b6afd111298917 r12 0 r13 0xffffffff81b9cff8 Xdoreti+0x18 r14 0 r15 0 rip 0xffffffff813284c7 proc_trampoline+0xc7 cs 0x8 rflags 0x246 rsp 0xffff80003180dde0 ss 0x10 proc_trampoline+0xc7: movl $0,%gs:0x688 ddb{1}> show proc PROC (syz-executor) tid=328170 pid=74487 tcnt=3 stat=onproc flags process=0 proc=0 runpri=85, usrpri=85, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a2b6a80,0xffff80002a2b7788 process=0xffff80003a429d00 user=0xffff800031808000, vmspace=0xfffffd8077ab2210 estcpu=35, cpticks=9, pctcpu=0.3, user=8, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 54658 210261 22129 0 2 0 syz-executor *74487 328170 25673 0 7 0 syz-executor 74487 449948 25673 0 3 0x4000080 ttyout syz-executor 74487 132719 25673 0 3 0x4000080 ttyout syz-executor 87514 413137 77017 0 3 0x80 nanoslp syz-executor 87514 123851 77017 0 3 0x4000080 kqsel syz-executor 87514 523879 77017 0 3 0x4000080 fsleep syz-executor 40341 73416 0 0 3 0x14200 acct acct 92059 193133 66607 0 3 0x82 wait syz-executor 25673 413544 66607 0 3 0x82 nanoslp syz-executor 77017 128096 66607 0 3 0x82 nanoslp syz-executor 90246 307307 66607 0 3 0x82 nanoslp syz-executor 86508 375826 66607 0 7 0x10000003 syz-executor 22694 248066 0 0 3 0x14200 bored sosplice 79138 439137 66607 0 2 0x2 syz-executor 44139 27309 66607 0 3 0x82 wait syz-executor 22129 432519 66607 0 3 0x82 nanoslp syz-executor 66607 243404 74219 0 3 0x82 kqread syz-executor 74219 228386 63690 0 3 0x10008a sigsusp ksh 63690 10094 6523 0 3 0x98 kqread sshd-session 6523 502745 27373 0 3 0x92 kqread sshd-session 21149 514740 1 0 3 0x100083 ttyopn getty 27373 317571 1 0 3 0x88 kqread sshd 71910 233431 70456 74 3 0x1100092 bpf pflogd 70456 440330 1 0 3 0x80 sbwait pflogd 7889 400021 63914 73 3 0x1100090 kqread syslogd 63914 290058 1 0 3 0x100082 sbwait syslogd 66921 67624 1 0 3 0x100080 kqread resolvd 80319 348304 0 0 3 0x14200 bored smr 61548 227579 0 0 2 0x14200 zerothread 14558 259401 0 0 3 0x14200 aiodoned aiodoned 53187 133374 0 0 3 0x14200 syncer update 87735 489620 0 0 3 0x14200 cleaner cleaner 10924 476036 0 0 3 0x14200 reaper reaper 25011 342888 0 0 3 0x14200 pgdaemon pagedaemon 34326 342048 0 0 3 0x14200 bored viomb 15089 188068 0 0 3 0x40014200 acpi0 acpi0 71274 375512 0 0 3 0x40014200 idle1 94428 381353 0 0 3 0x14200 bored softnet7 63670 142500 0 0 3 0x14200 bored softnet6 84743 434981 0 0 3 0x14200 bored softnet5 14344 521904 0 0 3 0x14200 bored softnet4 13289 310204 0 0 3 0x14200 bored softnet3 41458 370310 0 0 3 0x14200 bored softnet2 40818 58971 0 0 3 0x14200 bored softnet1 45103 484753 0 0 3 0x14200 netlock softnet0 91342 115016 0 0 2 0x40014200 systqmp 86483 470457 0 0 3 0x14200 bored systq 86516 228585 0 0 3 0x14200 tmoslp softclockmp 71002 451531 0 0 3 0x40014200 tmoslp softclock 48531 404728 0 0 3 0x40014200 idle0 1 179755 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10264 11095K 12358K 166960K 14928 0 pcb 18 16K 18K 166960K 1036 0 rtable 220 16K 16K 166960K 930 0 pf 41 18K 131091K 166960K 505 0 ifaddr 37 7K 10K 166960K 303 0 ifgroup 66 2K 3K 166960K 578 0 sysctl 4 1K 9K 166960K 40 0 counters 72 37K 38K 166960K 842 0 ioctlops 0 0K 4K 166960K 2529 0 iov 0 0K 26K 166960K 359 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1550 97K 98K 166960K 4976 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 36 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 370 0 dirhash 12 2K 2K 166960K 129 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 240K 166960K 4470 0 sigio 0 0K 0K 166960K 147 0 proc 66 83K 164K 166960K 1172 0 subproc 72 4K 4K 166960K 137 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 942 0 in_multi 65 4K 7K 166960K 425 0 ether_multi 1 0K 0K 166960K 85 0 mrt 3 0K 0K 166960K 19 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 277 1235K 1235K 166960K 277 0 exec 0 0K 1K 166960K 1188 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 7 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 215 127K 177K 166960K 42099 0 UVM aobj 50 4K 4K 166960K 52 0 pinsyscall 36 72K 105K 166960K 5790 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 1K 166960K 329 0 NDP 14 0K 2K 166960K 232 0 temp 86 8652K 8908K 166960K 213563 0 kqueue 9 16K 32K 166960K 922 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 379 0 378 2 1 1 2 0 8 0 rtentry 176 276 0 204 5 0 5 5 0 8 0 unpcb 144 3550 0 3538 21 19 2 6 0 8 1 syncache 336 30 0 30 7 6 1 1 0 8 1 tcpqe 32 13 0 13 5 5 0 1 0 8 0 tcpcb 736 1642 0 1632 23 17 6 8 0 8 4 arp 128 34 0 23 1 0 1 1 0 8 0 inpcb 328 5523 0 5508 39 29 10 13 0 8 8 nd6 144 39 0 25 1 0 1 1 0 8 0 pkpcb 40 66 0 66 7 6 1 1 0 8 1 kcovpl 48 15 0 7 1 0 1 1 0 8 0 mppekey 1024 3 0 3 3 3 0 1 0 8 0 ppxss 1192 332 0 332 3 2 1 1 0 8 1 pppxif 1504 22 0 22 9 8 1 1 0 8 1 pfstscr 40 1 0 1 1 1 0 1 0 8 0 pffrag 232 24 0 15 1 0 1 1 0 482 0 pffrnode 88 22 0 13 1 0 1 1 0 8 0 pffrent 40 39 0 30 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 6 0 6 5 5 0 1 0 8 0 pfstitem 24 308 0 126 2 0 2 2 0 8 0 pfstkey 128 310 0 128 7 0 7 7 0 8 0 pfstate 384 309 0 127 20 0 20 20 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 rttmr 136 4 0 4 3 3 0 1 0 8 0 art_heap8 4096 7 0 3 7 3 4 6 0 8 0 art_heap4 256 1275 0 966 35 11 24 29 0 8 0 art_table 40 1282 0 969 5 0 5 5 0 8 0 art_node 32 269 0 214 1 0 1 1 0 8 0 sysvmsgpl 40 23 0 19 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 362 0 352 1 0 1 1 0 8 0 shmpl 112 49 0 2 2 0 2 2 0 8 0 dirhash 1024 97 0 80 3 0 3 3 0 8 0 dino2pl 256 10205 0 8683 96 0 96 96 0 8 0 ffsino 296 10205 0 8683 118 0 118 118 0 8 0 nchpl 144 16279 0 14558 65 0 65 65 0 8 0 rtmask 32 54 0 54 7 6 1 1 0 8 1 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 58104 0 58104 4 3 1 2 0 8 1 percpumem 16 436 0 385 1 0 1 1 0 8 0 kstatmem 264 404 0 370 5 2 3 3 0 8 0 scsiplug 72 24 0 24 8 7 1 1 0 8 1 scxspl 216 100552 0 100552 21 19 2 8 1 8 2 plimitpl 152 1148 0 1130 1 0 1 1 0 8 0 sigapl 424 4753 0 4700 9 1 8 9 0 8 0 knotepl 120 869 0 0 24 0 24 24 0 8 0 kqueuepl 224 1934 0 1924 17 14 3 5 0 8 2 pipepl 344 1108 0 1080 29 21 8 9 0 8 5 fdescpl 528 4700 0 4672 3 0 3 3 0 8 0 filepl 160 34966 0 34750 48 33 15 22 0 8 3 lockfpl 104 1599 0 1598 1 0 1 1 0 8 0 lockfspl 48 544 0 543 1 0 1 1 0 8 0 sessionpl 144 53 0 45 1 0 1 1 0 8 0 pgrppl 48 187 0 171 1 0 1 1 0 8 0 ucredpl 104 6389 0 6378 1 0 1 1 0 8 0 zombiepl 144 6461 0 6456 1 0 1 1 0 8 0 processpl 1232 4753 0 4700 6 1 5 6 0 8 0 procpl 664 12206 0 12149 9 2 7 8 0 8 0 sosppl 168 35 0 34 7 6 1 1 0 8 0 sockpl 752 9757 0 9729 75 62 13 17 0 8 8 mcl64k 65536 32 0 0 4 0 4 4 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 4 0 0 1 0 1 1 0 8 0 mcl9k 9216 3 0 0 1 0 1 1 0 8 0 mcl8k 8192 9 0 0 2 0 2 2 0 8 0 mcl4k 4096 121 0 0 16 0 16 16 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 87 0 0 7 0 7 7 0 8 0 mtagpl 96 6 0 0 1 0 1 1 0 8 0 mbufpl 256 1240 0 0 77 0 77 77 0 8 0 bufpl 280 39353 0 33210 440 0 440 440 0 8 0 anonpl 32 19238 0 0 157 2 155 156 0 246 0 amapchunkpl 152 147990 0 147448 71 37 34 36 0 158 7 amappl16 200 15041 0 14922 122 93 29 43 0 8 8 amappl15 192 14 0 14 5 5 0 1 0 8 0 amappl14 184 194 0 185 1 0 1 1 0 8 0 amappl13 176 11 0 11 3 3 0 1 0 8 0 amappl12 168 5481 0 5454 3 1 2 2 0 8 0 amappl11 160 53 0 45 1 0 1 1 0 8 0 amappl9 144 258 0 255 1 0 1 1 0 8 0 amappl8 136 45 0 42 1 0 1 1 0 8 0 amappl7 128 145 0 135 1 0 1 1 0 8 0 amappl6 120 272 0 267 1 0 1 1 0 8 0 amappl5 112 213 0 205 1 0 1 1 0 8 0 amappl4 104 498 0 477 1 0 1 1 0 8 0 amappl3 96 26590 0 26504 3 0 3 3 0 8 0 amappl2 88 5139 0 5077 2 0 2 2 0 8 0 amappl1 80 32443 0 31932 15 1 14 15 0 8 0 amappl 88 40404 0 40243 5 0 5 5 0 92 0 dma16384 16384 1 0 1 1 1 0 1 0 8 0 dma8192 8192 3 0 3 3 2 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 10 0 10 5 5 0 1 0 8 0 dma128 128 258 0 258 5 5 0 1 0 8 0 dma64 64 7 0 7 2 2 0 1 0 8 0 dma32 32 8 0 8 2 2 0 1 0 8 0 dma16 16 21 0 20 1 0 1 1 0 8 0 aobjpl 72 51 0 2 1 0 1 1 0 8 0 uaddrrnd 24 4700 0 4672 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4700 0 4672 1 0 1 1 0 8 0 vmmpekpl 168 38673 0 38617 4 0 4 4 0 8 0 vmmpepl 168 303191 0 301378 157 46 111 113 0 357 8 vmsppl 488 4699 0 4672 6 1 5 5 0 8 0 rwobjpl 80 83407 0 76530 157 3 154 155 0 8 3 pdppl 4096 9408 0 9344 136 68 68 86 0 8 4 pvpl 32 26123 0 0 209 0 209 209 0 265 0 pmappl 256 4699 0 4672 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 438 0 121 10 0 10 10 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff8377fff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff838fa878) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838fa878) at __mp_lock+0x192 sys/kern/kern_lock.c:165 softintr_dispatch(2) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(2) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsofttty() at Xsofttty+0x27 __mp_lock(ffffffff838fa878) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838fa878) at __mp_lock+0x192 sys/kern/kern_lock.c:165 softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsoftclock() at Xsoftclock+0x27 __mp_lock(ffffffff838fa878) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838fa878) at __mp_lock+0x192 sys/kern/kern_lock.c:165 ktrsysret(ffff80002a2b6d18,5b,4,ffff80003c485cc0) at ktrsysret+0xde ktrwrite2 sys/kern/kern_ktrace.c:-1 [inline] ktrsysret(ffff80002a2b6d18,5b,4,ffff80003c485cc0) at ktrsysret+0xde sys/kern/kern_ktrace.c:209 syscall(ffff80003c485d70) at syscall+0xa50 mi_syscall_return sys/sys/syscall_mi.h:204 [inline] syscall(ffff80003c485d70) at syscall+0xa50 sys/arch/amd64/amd64/trap.c:767 end trace frame: 0xffff80003c485df0, count: 0 ddb{0}> trace x86_ipi_db(ffffffff8377fff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff838fa878) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838fa878) at __mp_lock+0x192 sys/kern/kern_lock.c:165 softintr_dispatch(2) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(2) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsofttty() at Xsofttty+0x27 __mp_lock(ffffffff838fa878) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838fa878) at __mp_lock+0x192 sys/kern/kern_lock.c:165 softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsoftclock() at Xsoftclock+0x27 __mp_lock(ffffffff838fa878) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838fa878) at __mp_lock+0x192 sys/kern/kern_lock.c:165 ktrsysret(ffff80002a2b6d18,5b,4,ffff80003c485cc0) at ktrsysret+0xde ktrwrite2 sys/kern/kern_ktrace.c:-1 [inline] ktrsysret(ffff80002a2b6d18,5b,4,ffff80003c485cc0) at ktrsysret+0xde sys/kern/kern_ktrace.c:209 syscall(ffff80003c485d70) at syscall+0xa50 mi_syscall_return sys/sys/syscall_mi.h:204 [inline] syscall(ffff80003c485d70) at syscall+0xa50 sys/arch/amd64/amd64/trap.c:767 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7d7697c71270, count: -15 ddb{0}> machine ddbcpu 1 Stopped at proc_trampoline+0xc7: movl $0,%gs:0x688 proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7561cec5cb90, count: 14 ddb{1}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7561cec5cb90, count: -1