login: uvm_fault(0xfffffd8065887028, 0x0, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff813e5048 cs 8 rflags 10207 cr2 0 cpl 0 rsp ffff80002f0017f0 gsbase 0xffff8000299edff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff813e5048 Starting stack trace... panic(ffffffff8339fb8d) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80002f001740) at kerntrap+0x30b alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff8000015f2000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:586 dtclose(11e5f,81,2000,ffff80003a439a20) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(11e5f,81,2000,ffff80003a439a20) at dtclose+0x109 sys/dev/dt/dt_dev.c:232 spec_close(ffff80002f0018f0) at spec_close+0x466 sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd8066f6dd00,81,fffffd80097fb680,ffff80003a439a20) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156 vn_closefile(fffffd8079042c68,ffff80003a439a20) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd8079042c68,ffff80003a439a20) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd8079042c68,ffff80003a439a20) at fdrop+0x121 sys/kern/kern_descrip.c:1280 closef(fffffd8079042c68,ffff80003a439a20) at closef+0x192 sys/kern/kern_descrip.c:1264 fdfree(ffff80003a439a20) at fdfree+0x116 sys/kern/kern_descrip.c:1195 exit1(ffff80003a439a20,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215 sys_exit(ffff80003a439a20,ffff80002f001c60,ffff80002f001bb0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80002f001c60) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002f001c60) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6fec31bcf4b0, count: 242 End of stack trace. WARNING: SPL NOT LOWERED ON SYSCALL 83 1468774176 EXIT 0 4 Stopped at savectx+0xae: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND * 64164 53615 0 0 0x4000000 1 syz-executor 360285 8628 0 0x14000 0x40000200 0 softclock savectx() at savectx+0xae end of kernel end trace frame: 0x62e7dfc6ff0, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd8065887028, 0x0, 0, 1) -> e ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x62e7dfc6ff0, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80003c445c60 rbx 0 rdx 0xffff8000014705c0 rcx 0xffff80003a439258 rax 0x3b r8 0xffff80003c445b90 r9 0x1 r10 0x4497a281de99ff98 r11 0x6429d1af7b868454 r12 0 r13 0 r14 0xffff80003a439258 r15 0 rip 0xffffffff81d8f3ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80003c445be0 ss 0x10 savectx+0xae: movl $0,%gs:0x688 ddb{1}> show proc PROC (syz-executor) tid=64164 pid=53615 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003a4394f0,0xffffffff8386f880 process=0xffff80003a437518 user=0xffff80003c440000, vmspace=0xfffffd80658873f8 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 53615 485064 57534 0 2 0 syz-executor *53615 64164 57534 0 7 0x4000000 syz-executor 39098 5186 47776 0 2 0xc80 syz-executor 39098 235966 47776 0 3 0x4000080 sbwait syz-executor 39098 339775 47776 0 3 0x4000080 fsleep syz-executor 45551 433031 64912 0 2 0xc80 syz-executor 45551 149433 64912 0 3 0x4000080 lockf syz-executor 45551 142779 64912 0 3 0x4000080 lockf syz-executor 45551 155517 64912 0 3 0x4000080 fsleep syz-executor 45551 430890 64912 0 3 0x4000080 fsleep syz-executor 79101 133256 6308 0 2 0xc80 syz-executor 79101 189414 6308 0 3 0x4000080 sbwait syz-executor 79101 150962 6308 0 3 0x4000080 fsleep syz-executor 48568 210268 13857 0 2 0xc80 syz-executor 48568 356548 13857 0 3 0x4000080 kqsel syz-executor 48568 477875 13857 0 3 0x4000080 fsleep syz-executor 87056 185632 0 0 3 0x14200 acct acct 62782 154425 1 0 3 0x100083 ttyin getty 6308 131813 39580 0 2 0xc82 syz-executor 62208 290146 39580 0 2 0xc82 syz-executor 73593 449962 39580 0 2 0xc82 syz-executor 71154 478283 0 0 3 0x14200 bored sosplice 79757 381689 39580 0 2 0xc82 syz-executor 57534 396839 39580 0 2 0xc82 syz-executor 47776 192152 39580 0 2 0xc82 syz-executor 13857 303595 39580 0 2 0xc82 syz-executor 64912 104081 39580 0 2 0xc82 syz-executor 39580 169973 15988 0 3 0x82 kqread syz-executor 15988 487399 61306 0 3 0x10008a sigsusp ksh 61306 198 66530 0 3 0x98 kqread sshd-session 66530 296626 56214 0 3 0x92 kqread sshd-session 56214 355324 1 0 3 0x88 kqread sshd 51020 221201 79547 74 3 0x1100092 bpf pflogd 79547 95215 1 0 3 0x80 sbwait pflogd 88812 357756 76686 73 2 0x1100010 syslogd 76686 182086 1 0 3 0x100082 sbwait syslogd 90707 88620 1 0 3 0x100080 kqread resolvd 60068 56619 45854 77 3 0x100092 kqread dhcpleased 45830 414783 45854 77 3 0x100092 kqread dhcpleased 45854 518241 1 0 3 0x80 kqread dhcpleased 18519 487452 0 0 2 0x14200 smr 66092 252916 0 0 3 0x14200 pgzero zerothread 54037 454550 0 0 3 0x14200 aiodoned aiodoned 24595 459572 0 0 3 0x14200 syncer update 48335 496559 0 0 3 0x14200 cleaner cleaner 51471 100762 0 0 3 0x14200 reaper reaper 14404 380763 0 0 3 0x14200 pgdaemon pagedaemon 12496 165402 0 0 3 0x14200 bored viomb 54128 147002 0 0 3 0x40014200 acpi0 acpi0 11117 188085 0 0 3 0x40014200 idle1 88882 398403 0 0 3 0x14200 bored softnet7 28283 5285 0 0 3 0x14200 bored softnet6 32612 503428 0 0 3 0x14200 bored softnet5 43308 166311 0 0 3 0x14200 bored softnet4 15117 461760 0 0 3 0x14200 bored softnet3 14126 473611 0 0 3 0x14200 bored softnet2 16678 473837 0 0 3 0x14200 bored softnet1 67850 457518 0 0 2 0x14200 softnet0 11221 489968 0 0 2 0x14200 systqmp 93485 282389 0 0 3 0x14200 bored systq 92406 119828 0 0 2 0x14200 softclockmp 8628 360285 0 0 7 0x40014200 softclock 46231 407312 0 0 3 0x40014200 idle0 1 9489 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 88812 (syslogd) thread 0xffff80002a2b9ca0 (357756) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10263 11097K 12343K 166960K 13333 0 pcb 20 18K 20K 166960K 759 0 rtable 179 12K 12K 166960K 617 0 pf 44 19K 131090K 166960K 250 0 ifaddr 38 6K 8K 166960K 155 0 ifgroup 63 2K 3K 166960K 281 0 sysctl 4 1K 9K 166960K 90 0 counters 74 37K 38K 166960K 492 0 ioctlops 0 0K 8K 166960K 2195 0 iov 0 0K 36K 166960K 213 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1525 96K 96K 166960K 3084 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 5K 9K 166960K 32 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 114 0 dirhash 12 2K 2K 166960K 54 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 240K 166960K 2094 0 sigio 0 0K 0K 166960K 49 0 proc 72 115K 180K 166960K 870 0 subproc 72 4K 4K 166960K 100 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 1 0K 0K 166960K 321 0 in_multi 59 4K 7K 166960K 212 0 ether_multi 1 0K 0K 166960K 17 0 mrt 1 0K 0K 166960K 10 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 253 1129K 1129K 166960K 253 0 exec 0 0K 1K 166960K 824 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 259 161K 178K 166960K 20653 0 UVM aobj 13 2K 2K 166960K 15 0 pinsyscall 43 86K 102K 166960K 3283 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 216 0 NDP 15 0K 2K 166960K 109 0 temp 81 8652K 8908K 166960K 130371 0 kqueue 14 22K 29K 166960K 387 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 276 0 273 4 3 1 3 0 8 0 rtentry 176 185 0 121 4 0 4 4 0 8 0 unpcb 144 1818 0 1796 19 17 2 6 0 8 1 syncache 336 7 0 7 4 4 0 1 0 8 0 tcpqe 32 1 0 1 1 1 0 1 0 8 0 tcpcb 736 936 0 930 25 23 2 7 0 8 1 arp 128 22 0 12 1 0 1 1 0 8 0 inpcb 328 2888 0 2874 33 26 7 10 0 8 4 nd6 144 30 0 18 1 0 1 1 0 8 0 pkpcb 40 9 0 9 5 4 1 1 0 8 1 kcovpl 48 11 0 3 1 0 1 1 0 8 0 mppekey 1024 2 0 2 2 1 1 1 0 8 1 ppxss 1192 186 0 184 6 5 1 1 0 8 0 pppxif 1504 13 0 13 6 5 1 1 0 8 1 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pffrag 232 34 0 23 1 0 1 1 0 482 0 pffrnode 88 34 0 23 1 0 1 1 0 8 0 pffrent 40 71 0 59 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 123 0 49 1 0 1 1 0 8 0 pfstkey 128 129 0 55 3 0 3 3 0 8 0 pfstate 384 126 0 52 9 0 9 9 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 rttmr 136 2 0 2 2 2 0 1 0 8 0 art_heap8 4096 5 0 1 5 1 4 5 0 8 0 art_heap4 256 840 0 570 32 12 20 29 0 8 0 art_table 40 845 0 571 5 1 4 5 0 8 0 art_node 32 183 0 129 1 0 1 1 0 8 0 sysvmsgpl 40 22 0 14 2 1 1 1 0 8 0 semupl 112 3 0 3 3 3 0 1 0 8 0 semapl 112 107 0 97 1 0 1 1 0 8 0 shmpl 112 12 0 2 1 0 1 1 0 8 0 dirhash 1024 45 0 28 3 0 3 3 0 8 0 dino2pl 256 5480 0 3961 96 0 96 96 0 8 0 ffsino 296 5480 0 3961 118 0 118 118 0 8 0 nchpl 144 8512 0 7894 64 39 25 64 0 8 0 rtmask 32 18 0 18 6 5 1 1 0 8 1 uvmvnodes 80 4482 0 0 92 0 92 92 0 8 0 vnodes 216 4482 0 0 249 0 249 249 0 8 0 namei 1024 30486 0 30486 5 3 2 2 0 8 2 percpumem 16 261 0 209 1 0 1 1 0 8 0 kstatmem 264 178 0 144 3 0 3 3 0 8 0 acpiwqpl 32 3 0 3 1 0 1 1 1 8 1 scsiplug 72 5 0 5 4 3 1 1 0 8 1 scxspl 216 46468 0 46468 14 13 1 8 1 8 1 plimitpl 152 801 0 783 1 0 1 1 0 8 0 sigapl 424 2409 0 2353 9 1 8 9 0 8 0 knotepl 120 665 0 0 20 0 20 20 0 8 0 kqueuepl 224 847 0 836 12 7 5 5 0 8 4 pipepl 344 534 0 506 21 18 3 9 0 8 0 fdescpl 528 2362 0 2330 3 0 3 3 0 8 0 filepl 160 18029 0 17786 40 21 19 19 0 8 4 lockfpl 104 831 0 824 1 0 1 1 0 8 0 lockfspl 48 292 0 288 1 0 1 1 0 8 0 sessionpl 144 30 0 21 1 0 1 1 0 8 0 pgrppl 48 121 0 104 1 0 1 1 0 8 0 ucredpl 104 2940 0 2926 1 0 1 1 0 8 0 zombiepl 144 2819 0 2816 2 1 1 1 0 8 0 processpl 1232 2409 0 2353 6 0 6 6 0 8 0 procpl 664 5812 0 5745 8 1 7 8 0 8 0 sosppl 168 24 0 24 4 3 1 1 0 8 1 sockpl 752 5054 0 5014 63 51 12 20 0 8 6 mcl64k 65536 30 0 0 4 0 4 4 0 8 0 mcl16k 16384 8 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 3 0 0 1 0 1 1 0 8 0 mcl8k 8192 5 0 0 1 0 1 1 0 8 0 mcl4k 4096 118 0 0 15 0 15 15 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 113 0 0 12 0 12 12 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 338 0 0 21 0 21 21 0 8 0 bufpl 280 19263 0 13120 441 1 440 440 0 8 0 anonpl 32 14069 0 0 115 1 114 114 0 246 0 amapchunkpl 152 71861 0 71313 63 31 32 36 0 158 10 amappl16 200 7360 0 7322 87 72 15 30 0 8 6 amappl15 192 6 0 6 1 1 0 1 0 8 0 amappl14 184 149 0 137 1 0 1 1 0 8 0 amappl13 176 2 0 2 1 1 0 1 0 8 0 amappl12 168 3069 0 3037 4 2 2 3 0 8 0 amappl11 160 66 0 52 1 0 1 1 0 8 0 amappl10 152 33 0 33 1 1 0 1 0 8 0 amappl9 144 258 0 258 1 1 0 1 0 8 0 amappl8 136 27 0 24 1 0 1 1 0 8 0 amappl7 128 121 0 108 1 0 1 1 0 8 0 amappl6 120 212 0 208 1 0 1 1 0 8 0 amappl5 112 136 0 126 1 0 1 1 0 8 0 amappl4 104 316 0 297 1 0 1 1 0 8 0 amappl3 96 14428 0 14304 5 1 4 4 0 8 0 amappl2 88 787 0 722 2 0 2 2 0 8 0 amappl1 80 17276 0 16666 18 2 16 16 0 8 0 amappl 88 19550 0 19366 5 0 5 5 0 92 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 2 0 2 2 2 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 2 0 1 0 8 0 dma64 64 10 0 10 5 4 1 1 0 8 1 dma32 32 8 0 8 2 2 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 14 0 2 1 0 1 1 0 8 0 uaddrrnd 24 2362 0 2330 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2362 0 2330 1 0 1 1 0 8 0 vmmpekpl 168 20583 0 20531 4 0 4 4 0 8 0 vmmpepl 168 151766 0 149644 135 31 104 113 0 357 0 vmsppl 488 2361 0 2330 7 2 5 5 0 8 0 rwobjpl 80 44011 0 38545 125 7 118 118 0 8 1 pdppl 4096 4732 0 4660 124 52 72 86 0 8 0 pvpl 32 22401 0 0 182 1 181 181 0 265 0 pmappl 256 2361 0 2330 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 359 0 101 8 0 8 8 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff83787ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf kd_curproc sys/dev/kcov.c:580 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf sys/dev/kcov.c:153 softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsoftclock() at Xsoftclock+0x27 __mp_lock(ffffffff838f7d38) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838f7d38) at __mp_lock+0x192 sys/kern/kern_lock.c:165 __mp_acquire_count(ffffffff838f7d38,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 sleep_finish(ffffffffffffffff,1) at sleep_finish+0x2d8 sys/kern/kern_synch.c:367 softclock_thread_run(ffffffff8384a248) at softclock_thread_run+0x79 sys/kern/kern_timeout.c:836 softclock_thread(ffff8000fffff228) at softclock_thread+0x10a sys/kern/kern_timeout.c:858 end trace frame: 0x0, count: 3 ddb{0}> trace x86_ipi_db(ffffffff83787ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf kd_curproc sys/dev/kcov.c:580 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf sys/dev/kcov.c:153 softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsoftclock() at Xsoftclock+0x27 __mp_lock(ffffffff838f7d38) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838f7d38) at __mp_lock+0x192 sys/kern/kern_lock.c:165 __mp_acquire_count(ffffffff838f7d38,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 sleep_finish(ffffffffffffffff,1) at sleep_finish+0x2d8 sys/kern/kern_synch.c:367 softclock_thread_run(ffffffff8384a248) at softclock_thread_run+0x79 sys/kern/kern_timeout.c:836 softclock_thread(ffff8000fffff228) at softclock_thread+0x10a sys/kern/kern_timeout.c:858 end trace frame: 0x0, count: -12 ddb{0}> machine ddbcpu 1 Stopped at savectx+0xae: movl $0,%gs:0x688 savectx() at savectx+0xae end of kernel end trace frame: 0x62e7dfc6ff0, count: 14 ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x62e7dfc6ff0, count: -1