login: uvm_fault(0xfffffd8069d285d8, 0x0, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff82058078 cs 8 rflags 10207 cr2 0 cpl 0 rsp ffff80002a379740 gsbase 0xffff8000299edff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff82058078 Starting stack trace... panic(ffffffff833a55f3) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80002a379690) at kerntrap+0x30b alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff800001540000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:586 dtclose(11e5f,81,2000,ffff80002a39b260) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(11e5f,81,2000,ffff80002a39b260) at dtclose+0x109 sys/dev/dt/dt_dev.c:232 spec_close(ffff80002a379840) at spec_close+0x466 sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd8070e51bd8,81,fffffd80097fb680,ffff80002a39b260) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156 vn_closefile(fffffd806be67348,ffff80002a39b260) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd806be67348,ffff80002a39b260) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd806be67348,ffff80002a39b260) at fdrop+0x121 sys/kern/kern_descrip.c:1280 closef(fffffd806be67348,ffff80002a39b260) at closef+0x192 sys/kern/kern_descrip.c:1264 fdfree(ffff80002a39b260) at fdfree+0x116 sys/kern/kern_descrip.c:1195 exit1(ffff80002a39b260,b,0,1) at exit1+0x576 sys/kern/kern_exit.c:215 sys_exit(ffff80002a39b260,ffff80002a379bb0,ffff80002a379b00) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80002a379bb0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a379bb0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x732bc8794630, count: 242 End of stack trace. WARNING: SPL NOT LOWERED ON TRAP EXIT 4 0 Stopped at proc_trampoline+0xc7: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND *370098 91538 60929 0x10 0 1 syz-executor 74933 45895 0 0x14000 0x40000200 0 softclock proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7ac2baeecb90, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd8069d285d8, 0x0, 0, 1) -> e ddb{1}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7ac2baeecb90, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80002a3a5b90 rbx 0 rdx 0 rcx 0xffff80002a39afc8 rax 0x2a r8 0xffff80002a3a5ac0 r9 0x1 r10 0x6b9754517bbff62e r11 0x15a78f1e4bef28c6 r12 0 r13 0xffffffff83221c48 Xdoreti+0x18 r14 0 r15 0 rip 0xffffffff829444c7 proc_trampoline+0xc7 cs 0x8 rflags 0x246 rsp 0xffff80002a3a5b10 ss 0x10 proc_trampoline+0xc7: movl $0,%gs:0x688 ddb{1}> show proc PROC (syz-executor) tid=370098 pid=91538 tcnt=3 stat=onproc flags process=10 proc=0 runpri=86, usrpri=86, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a39bcc0,0xffff80002a39a810 process=0xffff800036025d60 user=0xffff80002a3a0000, vmspace=0xfffffd8069d28020 estcpu=36, cpticks=5, pctcpu=0.0, user=4, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 66527 462385 4582 0 2 0 syz-executor 66527 90570 4582 0 3 0x4000080 fsleep syz-executor *91538 370098 82138 60929 7 0x10 syz-executor 91538 158180 82138 60929 3 0x4000090 kqread syz-executor 91538 484104 82138 60929 2 0x4000010 syz-executor 14586 38698 21878 0 2 0xc80 syz-executor 14586 36480 21878 0 3 0x4000080 kqsel syz-executor 14586 166408 21878 0 3 0x4000080 fsleep syz-executor 37743 254349 52091 0 2 0xc80 syz-executor 37743 291795 52091 0 3 0x4000080 sbwait syz-executor 37743 6189 52091 0 3 0x4000080 fsleep syz-executor 81477 339396 63183 0 3 0x82 piperd syz-executor 21878 340269 63183 0 2 0xc82 syz-executor 22568 446385 63183 0 2 0x2 syz-executor 20704 485007 63183 0 2 0xc82 syz-executor 70984 84682 0 0 3 0x14280 nfsidl nfsio 41874 332039 0 0 3 0x14280 nfsidl nfsio 37931 308017 63183 0 2 0xc82 syz-executor 52091 97590 63183 0 2 0xc82 syz-executor 82869 238010 1 0 2 0x100083 getty 4582 372749 63183 0 2 0xc82 syz-executor 82138 489851 63183 0 2 0xc82 syz-executor 85014 518731 0 0 3 0x14200 bored sosplice 63183 469586 35632 0 2 0x2 syz-executor 35632 381275 94379 0 3 0x10008a sigsusp ksh 94379 418183 82098 0 3 0x98 kqread sshd-session 82098 408441 73449 0 3 0x92 kqread sshd-session 73449 319601 1 0 3 0x88 kqread sshd 8331 20332 2670 74 3 0x1100092 bpf pflogd 2670 387664 1 0 3 0x80 sbwait pflogd 15677 306469 28831 73 3 0x1100090 kqread syslogd 28831 445864 1 0 3 0x100082 sbwait syslogd 59503 322699 1 0 3 0x100080 kqread resolvd 53133 155648 0 0 3 0x14200 bored smr 71624 255118 0 0 2 0x14200 zerothread 22410 434278 0 0 3 0x14200 aiodoned aiodoned 46422 211319 0 0 3 0x14200 syncer update 50040 202343 0 0 3 0x14200 cleaner cleaner 94177 518051 0 0 3 0x14200 reaper reaper 79909 129645 0 0 3 0x14200 pgdaemon pagedaemon 78760 131114 0 0 3 0x14200 bored viomb 79549 99452 0 0 3 0x40014200 acpi0 acpi0 88686 118220 0 0 3 0x40014200 idle1 40593 23122 0 0 3 0x14200 bored softnet7 18596 60056 0 0 3 0x14200 bored softnet6 7205 477693 0 0 3 0x14200 bored softnet5 17986 260006 0 0 3 0x14200 bored softnet4 3316 10601 0 0 3 0x14200 bored softnet3 58856 224585 0 0 3 0x14200 bored softnet2 39394 518499 0 0 3 0x14200 bored softnet1 56046 292544 0 0 2 0x14200 softnet0 85093 512798 0 0 2 0x14200 systqmp 23503 486832 0 0 3 0x14200 bored systq 10583 518063 0 0 2 0x14200 softclockmp 45895 74933 0 0 7 0x40014200 softclock 57257 198020 0 0 3 0x40014200 idle0 1 462842 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 66527 (syz-executor) thread 0xffff80002a325cd0 (462385) Process 22568 (syz-executor) thread 0xffff80002a2e4808 (446385) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10273 11098K 12487K 166960K 16599 0 pcb 17 17K 33K 166960K 1536 0 rtable 255 16K 16K 166960K 1704 0 pf 39 18K 82K 166960K 647 0 ifaddr 44 11K 13K 166960K 462 0 ifgroup 63 2K 3K 166960K 802 0 sysctl 4 1K 9K 166960K 42 0 counters 72 37K 38K 166960K 978 0 ioctlops 0 0K 4K 166960K 2861 0 iov 0 0K 24K 166960K 617 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1518 95K 96K 166960K 6420 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 72 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 291 0 dirhash 12 2K 2K 166960K 117 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 240K 166960K 6621 0 sigio 1 0K 0K 166960K 96 0 proc 70 99K 163K 166960K 2278 0 subproc 72 4K 4K 166960K 397 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 1084 0 in_multi 91 6K 7K 166960K 762 0 ether_multi 1 0K 0K 166960K 98 0 mrt 1 0K 0K 166960K 33 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 289 1288K 1288K 166960K 289 0 exec 0 0K 1K 166960K 1763 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 5 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 215 134K 170K 166960K 58719 0 UVM aobj 4 2K 2K 166960K 5 0 pinsyscall 35 70K 97K 166960K 8629 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 502 0 NDP 14 0K 2K 166960K 346 0 temp 120 8652K 8733K 166960K 281712 0 kqueue 10 15K 34K 166960K 1269 0 SYN cache 2 88K 96K 166960K 3 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 895 0 894 9 7 2 3 0 8 1 rtentry 176 634 0 548 5 0 5 5 0 8 0 unpcb 144 4460 0 4445 31 25 6 8 0 8 5 syncache 336 11 0 11 6 6 0 1 0 8 0 tcpqe 32 1 0 1 1 1 0 1 0 8 0 tcpcb 736 2500 0 2495 36 32 4 10 0 8 3 arp 128 65 0 54 1 0 1 1 0 8 0 inpcb 328 7695 0 7689 59 54 5 12 0 8 3 nd6 144 107 0 91 1 0 1 1 0 8 0 pkpcb 40 45 0 45 13 12 1 1 0 8 1 kcovpl 48 44 0 36 1 0 1 1 0 8 0 mppekey 1024 2 0 2 2 2 0 1 0 8 0 ppxss 1192 353 0 353 4 3 1 1 0 8 1 pppxif 1504 131 0 131 7 7 0 1 0 8 0 pffrag 232 48 0 37 1 0 1 1 0 482 0 pffrnode 88 42 0 31 1 0 1 1 0 8 0 pffrent 40 67 0 56 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 10 0 9 1 0 1 1 0 8 0 pftag 88 4 0 0 1 0 1 1 0 8 0 pfstitem 24 77 0 73 1 0 1 1 0 8 0 pfstkey 128 79 0 75 2 0 2 2 0 8 0 pfstate 384 78 0 74 4 2 2 4 0 8 0 pfrule 1344 31 0 25 2 1 1 2 0 8 0 rttmr 136 8 0 8 6 6 0 1 0 8 0 art_heap8 4096 7 0 3 7 3 4 5 0 8 0 art_heap4 256 2770 0 2339 53 26 27 29 0 8 0 art_table 40 2777 0 2342 5 0 5 5 0 8 0 art_node 32 602 0 528 1 0 1 1 0 8 0 sysvmsgpl 40 42 0 5 1 0 1 1 0 8 0 semupl 112 2 0 2 2 2 0 1 0 8 0 semapl 112 282 0 272 1 0 1 1 0 8 0 shmpl 112 2 0 1 1 0 1 1 0 8 0 dirhash 1024 87 0 70 3 0 3 3 0 8 0 dino2pl 256 13526 0 11938 100 0 100 100 0 8 0 ffsino 296 13526 0 11938 124 1 123 123 0 8 0 nchpl 144 22173 0 21562 66 39 27 64 0 8 0 rtmask 32 52 0 52 13 12 1 1 0 8 1 uvmvnodes 80 15951 0 0 326 0 326 326 0 8 0 vnodes 216 15951 0 0 887 0 887 887 0 8 0 namei 1024 79377 0 79376 7 5 2 2 0 8 1 percpumem 16 504 0 453 1 0 1 1 0 8 0 kstatmem 264 522 0 486 3 0 3 3 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 33 0 33 15 14 1 1 0 8 1 scxspl 216 174576 0 174576 25 23 2 8 1 8 2 plimitpl 152 1607 0 1590 1 0 1 1 0 8 0 sigapl 424 6876 0 6824 9 2 7 9 0 8 0 knotepl 120 731 0 0 18 0 18 18 0 8 0 kqueuepl 224 2735 0 2724 27 25 2 5 0 8 1 pipepl 344 840 0 812 9 6 3 9 0 8 0 fdescpl 528 6793 0 6766 3 0 3 3 0 8 0 filepl 160 45969 0 45760 65 48 17 23 0 8 6 lockfpl 104 3355 0 3354 5 3 2 2 0 8 1 lockfspl 48 1155 0 1154 1 0 1 1 0 8 0 sessionpl 144 68 0 60 1 0 1 1 0 8 0 pgrppl 48 233 0 217 1 0 1 1 0 8 0 ucredpl 104 8168 0 8155 1 0 1 1 0 8 0 zombiepl 144 7710 0 7708 2 1 1 1 0 8 0 processpl 1248 6876 0 6824 6 0 6 6 0 8 0 procpl 664 17234 0 17175 11 3 8 9 0 8 0 sosppl 168 53 0 53 13 12 1 1 0 8 1 sockpl 752 13413 0 13391 112 101 11 22 0 8 8 mcl64k 65536 30 0 0 4 1 3 4 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 10 0 0 1 0 1 1 0 8 0 mcl9k 9216 3 0 0 1 0 1 1 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 141 0 0 16 0 16 16 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 95 0 0 7 2 5 6 0 8 0 mtagpl 96 14 0 0 1 0 1 1 0 8 0 mbufpl 256 1366 0 0 74 0 74 74 0 8 0 bufpl 280 74043 0 67909 441 1 440 440 0 8 0 anonpl 32 15756 0 0 127 1 126 126 0 246 0 amapchunkpl 152 206120 0 205606 68 35 33 34 0 158 4 amappl16 200 24540 0 24505 168 147 21 36 0 8 8 amappl15 192 5 0 5 2 2 0 1 0 8 0 amappl14 184 225 0 216 1 0 1 1 0 8 0 amappl13 176 32 0 32 1 1 0 1 0 8 0 amappl12 168 8014 0 7987 3 1 2 2 0 8 0 amappl11 160 52 0 44 1 0 1 1 0 8 0 amappl10 152 3 0 3 3 3 0 1 0 8 0 amappl9 144 259 0 258 2 1 1 1 0 8 0 amappl8 136 22 0 19 1 0 1 1 0 8 0 amappl7 128 188 0 178 1 0 1 1 0 8 0 amappl6 120 532 0 527 1 0 1 1 0 8 0 amappl5 112 272 0 265 1 0 1 1 0 8 0 amappl4 104 345 0 326 1 0 1 1 0 8 0 amappl3 96 43292 0 43193 6 2 4 4 0 8 0 amappl2 88 1221 0 1174 2 0 2 2 0 8 0 amappl1 80 36819 0 36310 15 1 14 14 0 8 1 amappl 88 56410 0 56250 5 0 5 5 0 92 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma8192 8192 3 0 3 2 2 0 1 0 8 0 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma1024 1024 3 0 2 1 0 1 1 0 8 0 dma256 256 9 0 9 4 4 0 1 0 8 0 dma128 128 262 0 262 8 7 1 1 0 8 1 dma64 64 9 0 9 3 3 0 1 0 8 0 dma32 32 9 0 9 3 3 0 1 0 8 0 dma16 16 22 0 21 1 0 1 1 0 8 0 aobjpl 72 4 0 1 1 0 1 1 0 8 0 uaddrrnd 24 6793 0 6766 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 6793 0 6766 1 0 1 1 0 8 0 vmmpekpl 168 44975 0 44913 4 0 4 4 0 8 0 vmmpepl 168 422757 0 421092 175 75 100 116 0 357 9 vmsppl 488 6792 0 6766 6 2 4 5 0 8 0 rwobjpl 80 121415 0 104648 347 2 345 345 0 8 0 pdppl 4096 13594 0 13532 165 99 66 80 0 8 4 pvpl 32 25147 0 0 200 0 200 200 0 265 0 pmappl 256 6792 0 6766 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 499 0 185 10 0 10 10 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff837c4ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x44 sys/dev/kcov.c:159 __mp_acquire_count(ffffffff839714e0,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 sleep_finish(ffffffffffffffff,1) at sleep_finish+0x2d8 sys/kern/kern_synch.c:367 softclock_thread_run(ffffffff837fbf78) at softclock_thread_run+0x79 sys/kern/kern_timeout.c:836 softclock_thread(ffff8000fffff758) at softclock_thread+0x10a sys/kern/kern_timeout.c:858 end trace frame: 0x0, count: 7 ddb{0}> trace x86_ipi_db(ffffffff837c4ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x44 sys/dev/kcov.c:159 __mp_acquire_count(ffffffff839714e0,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 sleep_finish(ffffffffffffffff,1) at sleep_finish+0x2d8 sys/kern/kern_synch.c:367 softclock_thread_run(ffffffff837fbf78) at softclock_thread_run+0x79 sys/kern/kern_timeout.c:836 softclock_thread(ffff8000fffff758) at softclock_thread+0x10a sys/kern/kern_timeout.c:858 end trace frame: 0x0, count: -8 ddb{0}> machine ddbcpu 1 Stopped at proc_trampoline+0xc7: movl $0,%gs:0x688 proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7ac2baeecb90, count: 14 ddb{1}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7ac2baeecb90, count: -1