uvm_fault(0xfffffd806bc595c0, 0x0, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff82eb2a40 cs 8 rflags 10246 cr2 0 cpl 0 rsp ffff80002a294a00 gsbase 0xffff8000299ddff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff82eb2a40 Starting stack trace... panic(ffffffff8333763d) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80002a294950) at kerntrap+0x29b sys/arch/amd64/amd64/trap.c:327 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff800000afb000) at dt_ioctl_record_stop+0xf0 sys/dev/dt/dt_dev.c:579 dtclose(11e5f,1,2000,ffff800035ff0028) at dtclose+0x105 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(11e5f,1,2000,ffff800035ff0028) at dtclose+0x105 sys/dev/dt/dt_dev.c:232 spec_close(ffff80002a294b00) at spec_close+0x45f sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd805df6b060,1,fffffd807f7d3820,ffff800035ff0028) at VOP_CLOSE+0x133 sys/kern/vfs_vops.c:156 vn_closefile(fffffd805eff7940,ffff800035ff0028) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd805eff7940,ffff800035ff0028) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd805eff7940,ffff800035ff0028) at fdrop+0x126 sys/kern/kern_descrip.c:1267 closef(fffffd805eff7940,ffff800035ff0028) at closef+0x192 sys/kern/kern_descrip.c:1251 fdfree(ffff800035ff0028) at fdfree+0x116 sys/kern/kern_descrip.c:1182 exit1(ffff800035ff0028,b,0,1) at exit1+0x58f sys/kern/kern_exit.c:214 sys_exit(ffff800035ff0028,ffff80002a294e70,ffff80002a294dc0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80002a294e70) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a294e70) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x726e51fbb9d0, count: 242 End of stack trace. WARNING: SPL NOT LOWERED ON TRAP EXIT 4 0 Stopped at proc_trampoline+0xc7: movl $0,%gs:0x680 TID PID UID PRFLAGS PFLAGS CPU COMMAND 506381 45725 0 0 0 0 syz-executor *285997 45980 0 0 0 1 syz-executor proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7df610b629d0, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd806bc595c0, 0x0, 0, 1) -> e ddb{1}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7df610b629d0, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80003c471de0 rbx 0 rdx 0 rcx 0xffff800035ff1c58 rax 0x2a r8 0xffff80003c471d10 r9 0x1 r10 0xa9589e9d5b711771 r11 0x3d12a5f897512085 r12 0 r13 0xffffffff81187ed8 Xdoreti+0x18 r14 0 r15 0 rip 0xffffffff813e24c7 proc_trampoline+0xc7 cs 0x8 rflags 0x246 rsp 0xffff80003c471d60 ss 0 proc_trampoline+0xc7: movl $0,%gs:0x680 ddb{1}> show proc PROC (syz-executor) tid=285997 pid=45980 tcnt=2 stat=onproc flags process=0 proc=0 runpri=86, usrpri=86, slppri=16, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000ffff0540,0xffff800035ff0558 process=0xffff8000fffe97b8 user=0xffff80003c46c000, vmspace=0xfffffd806bc59020 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 45725 506381 56763 0 7 0 syz-executor 45725 332179 56763 0 3 0x4000080 fsleep syz-executor 54747 239472 9298 0 2 0 syz-executor 5486 199371 23821 0 2 0 syz-executor 5486 389861 23821 0 3 0x4000080 fsleep syz-executor *45980 285997 30367 0 7 0 syz-executor 45980 77655 30367 0 3 0x4000080 fsleep syz-executor 69714 79472 65107 60929 2 0x10 syz-executor 69714 373343 65107 60929 3 0x4000090 fsleep syz-executor 69714 404789 65107 60929 3 0x4000090 fsleep syz-executor 69714 136021 65107 60929 3 0x4000090 fsleep syz-executor 2907 368490 84949 0 3 0x82 piperd syz-executor 83546 116885 1 0 3 0x100083 ttyin getty 40793 369295 84949 0 3 0x82 piperd syz-executor 68128 392025 0 0 3 0x14200 bored sosplice 23821 351764 84949 0 3 0x82 nanoslp syz-executor 30367 132489 84949 0 3 0x82 nanoslp syz-executor 42813 308166 84949 0 3 0x82 nanoslp syz-executor 9298 383989 84949 0 3 0x82 nanoslp syz-executor 56763 409387 84949 0 3 0x82 nanoslp syz-executor 65107 43430 84949 0 3 0x82 nanoslp syz-executor 84949 145879 5837 0 2 0x2 syz-executor 5837 215638 84214 0 3 0x10008a sigsusp ksh 84214 236379 41558 0 3 0x98 kqread sshd-session 41558 284730 28388 0 3 0x92 kqread sshd-session 28388 340581 1 0 3 0x88 kqread sshd 73433 131964 47060 74 3 0x1100092 bpf pflogd 47060 55309 1 0 3 0x80 sbwait pflogd 63431 15019 10257 73 3 0x1100090 kqread syslogd 10257 430791 1 0 3 0x100082 sbwait syslogd 42361 240621 1 0 3 0x100080 kqread resolvd 48405 251223 50452 77 3 0x100092 kqread dhcpleased 74630 501477 50452 77 3 0x100092 kqread dhcpleased 50452 185797 1 0 3 0x80 kqread dhcpleased 39729 93575 0 0 3 0x14200 bored smr 38162 443966 0 0 2 0x14200 zerothread 79424 493726 0 0 3 0x14200 aiodoned aiodoned 32017 334362 0 0 3 0x14200 syncer update 88824 518660 0 0 3 0x14200 cleaner cleaner 50525 484030 0 0 3 0x14200 reaper reaper 33084 20248 0 0 3 0x14200 pgdaemon pagedaemon 1812 360023 0 0 3 0x14200 bored viomb 14437 53496 0 0 3 0x40014200 acpi0 acpi0 9837 92576 0 0 3 0x40014200 idle1 71740 381181 0 0 3 0x14200 bored softnet3 48145 175669 0 0 3 0x14200 bored softnet2 95522 501637 0 0 3 0x14200 bored softnet1 53612 88099 0 0 3 0x14200 netlock softnet0 39834 88887 0 0 2 0x14200 systqmp 74000 499082 0 0 3 0x14200 bored systq 24089 506495 0 0 3 0x14200 tmoslp softclockmp 6936 222266 0 0 3 0x40014200 tmoslp softclock 62372 107194 0 0 3 0x40014200 idle0 1 10186 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10214 11159K 11640K 166960K 13162 0 pcb 17 13K 14K 166960K 199 0 rtable 186 6K 8K 166960K 633 0 pf 30 16K 81K 166960K 129 0 ifaddr 35 6K 8K 166960K 110 0 ifgroup 47 2K 2K 166960K 171 0 sysctl 4 1K 9K 166960K 16 0 counters 62 36K 37K 166960K 420 0 ioctlops 0 0K 4K 166960K 1767 0 iov 0 0K 28K 166960K 128 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1462 92K 92K 166960K 2643 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 25 0 VM map 2 1K 1K 166960K 2 0 sem 28 10K 15K 166960K 100 0 dirhash 12 2K 2K 166960K 24 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 85K 166960K 1191 0 sigio 0 0K 0K 166960K 18 0 proc 72 91K 128K 166960K 843 0 subproc 72 4K 4K 166960K 126 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 168 0 in_multi 76 5K 7K 166960K 203 0 ether_multi 1 0K 0K 166960K 2 0 mrt 2 0K 0K 166960K 7 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 91 413K 413K 166960K 91 0 exec 0 0K 1K 166960K 570 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 244 176K 189K 166960K 12338 0 UVM aobj 14 2K 2K 166960K 14 0 pinsyscall 41 82K 102K 166960K 2472 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 129 0 NDP 12 0K 1K 166960K 74 0 temp 62 8672K 8739K 166960K 48419 0 kqueue 13 20K 26K 166960K 177 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 101 0 98 1 0 1 1 0 8 0 rtentry 176 210 0 128 6 0 6 6 0 8 0 unpcb 144 875 0 858 9 8 1 6 0 8 0 syncache 336 6 0 6 1 1 0 1 0 8 0 tcpcb 808 328 0 324 11 10 1 8 0 8 0 arp 128 38 0 26 1 0 1 1 0 8 0 inpcb 384 1184 0 1176 23 15 8 11 0 8 7 nd6 144 50 0 26 2 0 2 2 0 8 0 pkpcb 40 11 0 11 3 3 0 1 0 8 0 kcovpl 48 14 0 6 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 0 1 1 0 8 1 ppxss 1192 158 0 158 4 3 1 1 0 8 1 pppxif 1504 136 0 136 3 2 1 1 0 8 1 pffrag 232 8 0 0 1 0 1 1 0 482 0 pffrnode 88 7 0 0 1 0 1 1 0 8 0 pffrent 40 8 0 0 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 1 0 1 1 1 0 1 0 8 0 pfstitem 24 67 0 28 1 0 1 1 0 8 0 pfstkey 128 67 0 28 2 0 2 2 0 8 0 pfstate 384 67 0 28 5 1 4 5 0 8 0 pfrule 1344 22 0 16 2 1 1 2 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 872 0 481 32 4 28 31 0 8 1 art_table 32 874 0 481 4 0 4 4 0 8 0 art_node 16 206 0 133 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 12 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 92 0 66 1 0 1 1 0 8 0 shmpl 112 11 0 0 1 0 1 1 0 8 0 dirhash 1024 25 0 8 3 0 3 3 0 8 0 dino2pl 256 3506 0 1989 96 0 96 96 0 8 0 ffsino 288 3506 0 1989 109 0 109 109 0 8 0 nchpl 144 5081 0 3375 64 0 64 64 0 8 0 rtmask 32 6 0 6 2 2 0 1 0 8 0 uvmvnodes 80 4438 0 0 91 0 91 91 0 8 0 vnodes 216 4438 0 0 247 0 247 247 0 8 0 namei 1024 18362 0 18362 4 3 1 2 0 8 1 percpumem 16 225 0 179 1 0 1 1 0 8 0 kstatmem 264 94 0 72 3 1 2 3 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 3 0 3 2 1 1 1 0 8 1 scxspl 216 15686 0 15686 11 10 1 8 1 8 1 plimitpl 152 282 0 264 1 0 1 1 0 8 0 sigapl 424 1491 0 1442 7 1 6 7 0 8 0 knotepl 120 330 0 0 10 0 10 10 0 8 0 kqueuepl 224 597 0 588 10 5 5 5 0 8 4 pipepl 336 342 0 315 13 5 8 8 0 8 5 fdescpl 520 1471 0 1441 3 0 3 3 0 8 0 filepl 160 9658 0 9442 29 14 15 19 0 8 2 lockfpl 104 445 0 442 1 0 1 1 0 8 0 lockfspl 48 166 0 163 1 0 1 1 0 8 0 sessionpl 144 34 0 25 1 0 1 1 0 8 0 pgrppl 48 60 0 43 1 0 1 1 0 8 0 ucredpl 104 1278 0 1263 1 0 1 1 0 8 0 zombiepl 144 1721 0 1720 2 1 1 1 0 8 0 processpl 1208 1491 0 1442 5 0 5 5 0 8 0 procpl 656 3210 0 3155 6 0 6 6 0 8 0 srpgc 96 12 0 12 3 2 1 1 0 8 1 sosppl 168 1 0 1 1 1 0 1 0 8 0 sockpl 728 2190 0 2162 28 19 9 15 0 8 6 mcl64k 65536 7 0 0 1 0 1 1 0 8 0 mcl16k 16384 4 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 5 0 0 1 0 1 1 0 8 0 mcl4k 4096 127 0 0 16 0 16 16 0 8 0 mcl2k 2048 25 0 0 4 0 4 4 0 8 0 mtagpl 96 22 0 0 1 0 1 1 0 8 0 mbufpl 256 169 0 0 11 0 11 11 0 8 0 bufpl 280 5522 0 129 386 0 386 386 0 8 0 anonpl 32 13439 0 0 109 0 109 109 0 246 0 amapchunkpl 152 41377 0 40808 37 10 27 33 0 158 1 amappl16 200 3842 0 3773 30 21 9 17 0 8 0 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 139 0 127 1 0 1 1 0 8 0 amappl13 176 11 0 11 2 2 0 1 0 8 0 amappl12 168 2233 0 2202 3 1 2 2 0 8 0 amappl11 160 54 0 40 1 0 1 1 0 8 0 amappl10 152 2 0 2 1 1 0 1 0 8 0 amappl9 144 254 0 253 1 0 1 1 0 8 0 amappl8 136 25 0 22 1 0 1 1 0 8 0 amappl7 128 128 0 115 1 0 1 1 0 8 0 amappl6 120 264 0 259 1 0 1 1 0 8 0 amappl5 112 148 0 138 1 0 1 1 0 8 0 amappl4 104 353 0 332 1 0 1 1 0 8 0 amappl3 96 8200 0 8091 5 1 4 4 0 8 0 amappl2 88 768 0 703 2 0 2 2 0 8 0 amappl1 80 14099 0 13495 15 1 14 15 0 8 0 amappl 88 11309 0 11139 5 0 5 5 0 92 0 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 13 0 0 1 0 1 1 0 8 0 uaddrrnd 24 1471 0 1441 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1471 0 1441 1 0 1 1 0 8 0 vmmpekpl 168 13677 0 13628 3 0 3 3 0 8 0 vmmpepl 168 98932 0 96928 108 12 96 102 0 357 1 vmsppl 480 1470 0 1441 5 0 5 5 0 8 0 rwobjpl 72 31253 0 25812 106 5 101 101 0 8 2 pdppl 4096 2950 0 2882 116 44 72 84 0 8 4 pvpl 32 21884 0 0 180 3 177 178 0 265 0 pmappl 256 1470 0 1441 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 430 0 71 11 0 11 11 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff83870ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83a18160) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff83a18160) at __mp_lock+0x192 sys/kern/kern_lock.c:144 softintr_dispatch(2) at softintr_dispatch+0x12a sys/kern/kern_softintr.c:83 dosoftint(2) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:840 Xsofttty() at Xsofttty+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 kd_curproc sys/dev/kcov.c:585 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 sys/dev/kcov.c:153 __mp_lock(ffffffff83a18160) at __mp_lock+0x1a3 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff83a18160) at __mp_lock+0x1a3 sys/kern/kern_lock.c:144 softintr_dispatch(0) at softintr_dispatch+0x12a sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:840 Xsoftclock() at Xsoftclock+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c kd_curproc sys/dev/kcov.c:584 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c sys/dev/kcov.c:153 __mp_lock(ffffffff83a18160) at __mp_lock+0x1a3 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff83a18160) at __mp_lock+0x1a3 sys/kern/kern_lock.c:144 end trace frame: 0xffff80002a399fe0, count: 0 ddb{0}> trace x86_ipi_db(ffffffff83870ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83a18160) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff83a18160) at __mp_lock+0x192 sys/kern/kern_lock.c:144 softintr_dispatch(2) at softintr_dispatch+0x12a sys/kern/kern_softintr.c:83 dosoftint(2) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:840 Xsofttty() at Xsofttty+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 kd_curproc sys/dev/kcov.c:585 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 sys/dev/kcov.c:153 __mp_lock(ffffffff83a18160) at __mp_lock+0x1a3 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff83a18160) at __mp_lock+0x1a3 sys/kern/kern_lock.c:144 softintr_dispatch(0) at softintr_dispatch+0x12a sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:840 Xsoftclock() at Xsoftclock+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c kd_curproc sys/dev/kcov.c:584 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c sys/dev/kcov.c:153 __mp_lock(ffffffff83a18160) at __mp_lock+0x1a3 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff83a18160) at __mp_lock+0x1a3 sys/kern/kern_lock.c:144 uvm_fault(fffffd806bc59200,5b057765000,0,1) at uvm_fault+0x1ee sys/uvm/uvm_fault.c:700 upageflttrap(ffff80002a39a0a0,5b057765000) at upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188 usertrap(ffff80002a39a0a0) at usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x784678370c40, count: -18 ddb{0}> machine ddbcpu 1 Stopped at proc_trampoline+0xc7: movl $0,%gs:0x680 proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7df610b629d0, count: 14 ddb{1}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7df610b629d0, count: -1