uvm_fault(0xfffffd806c99a200, 0x0, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff82b63fb8 cs 8 rflags 10207 cr2 0 cpl 0 rsp ffff80002a388bb0 gsbase 0xffff8000299ddff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff82b63fb8 Starting stack trace... panic(ffffffff833e1e07) at panic+464 kerntrap(ffff80002a388b00) at kerntrap+779 alltraps_kern_meltdown() at alltraps_kern_meltdown+123 dt_ioctl_record_stop(ffff8000016df000) at dt_ioctl_record_stop+264 dtclose(21e5f,81,2000,ffff80003c406fc0) at dtclose+265 spec_close(ffff80002a388cb0) at spec_close+1126 VOP_CLOSE(fffffd800ea95b58,81,fffffd80097fd410,ffff80003c406fc0) at VOP_CLOSE+306 vn_closefile(fffffd8066b5d5f8,ffff80003c406fc0) at vn_closefile+299 fdrop(fffffd8066b5d5f8,ffff80003c406fc0) at fdrop+289 closef(fffffd8066b5d5f8,ffff80003c406fc0) at closef+402 syscall(ffff80002a388f10) at syscall+3028 Xsyscall() at Xsyscall+296 end of kernel end trace frame: 0xdb24b6f7850, count: 245 End of stack trace. WARNING: SPL NOT LOWERED ON TRAP EXIT 4 0 Stopped at proc_trampoline+199: movl $0,%gs:1672 TID PID UID PRFLAGS PFLAGS CPU COMMAND 468999 26434 0 0 0 0 syz-executor *293187 52388 0 0 0 1 syz-executor proc_trampoline() at proc_trampoline+199 end of kernel end trace frame: 0x7db6ac8d0b00, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd806c99a200, 0x0, 0, 1) -> e ddb{1}> trace proc_trampoline() at proc_trampoline+199 end of kernel end trace frame: 0x7db6ac8d0b00, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 18446603337232240832 rbx 0 rdx 0 rcx 18446603337232889080 rax 42 r8 18446603337232240624 r9 1 r10 9691250064367703181 r11 12313210519821950120 r12 0 r13 18446744071586400392 Xdoreti+24 r14 0 r15 0 rip 18446744071606334663 proc_trampoline+199 cs 8 rflags 582 rsp 18446603337232240704 ss 16 proc_trampoline+199: movl $0,%gs:1672 ddb{1}> show proc PROC (syz-executor) tid=293187 pid=52388 tcnt=4 stat=onproc flags process=0 proc=0 runpri=83, usrpri=83, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000fffef4d8,0xffff80003c4d37a0 process=0xffff80003c492b88 user=0xffff80003c430000, vmspace=0xfffffd806c99a200 estcpu=36, cpticks=3, pctcpu=0.0, user=2, sys=0, intr=1 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 26434 468999 17349 0 7 0 syz-executor 26434 271901 17349 0 3 0x4000080 fsleep syz-executor 51707 499690 36169 0 3 0x80 nanoslp syz-executor 51707 179708 36169 0 3 0x4000080 sbwait syz-executor 51707 490546 36169 0 3 0x4000080 fsleep syz-executor *52388 293187 80203 0 7 0 syz-executor 52388 505654 80203 0 3 0x4000080 fsleep syz-executor 52388 259117 80203 0 3 0x4000080 fsleep syz-executor 52388 278742 80203 0 3 0x4000000 sbar syz-executor 73918 243424 39431 0 3 0x80 nanoslp syz-executor 73918 457758 39431 0 3 0x4000080 fsleep syz-executor 73918 475644 39431 0 3 0x4000080 ttyout syz-executor 1082 29420 56581 0 3 0x80 nanoslp syz-executor 1082 143698 56581 0 3 0x4000080 kqread syz-executor 1082 475074 56581 0 3 0x4000080 fsleep syz-executor 21324 204650 57124 0 3 0x3000 suspend syz-executor 21324 10986 57124 0 3 0x4081000 biowait syz-executor 21324 452869 57124 0 3 0x4081000 inode syz-executor 21324 160457 57124 0 3 0x4081000 inode syz-executor 95413 156846 67228 0 3 0x4081000 biowait syz-executor 95413 103354 67228 0 3 0x4003000 suspend syz-executor 56581 333116 26679 0 3 0x82 nanoslp syz-executor 36169 297431 26679 0 3 0x82 nanoslp syz-executor 57124 88301 26679 0 3 0x82 nanoslp syz-executor 67228 439071 26679 0 3 0x82 wait syz-executor 39431 512990 26679 0 3 0x82 nanoslp syz-executor 80203 440582 26679 0 3 0x82 nanoslp syz-executor 19107 352136 26679 0 3 0x82 nanoslp syz-executor 20471 136097 1 0 3 0x100083 ttyopn getty 17349 451995 26679 0 3 0x82 nanoslp syz-executor 26679 66070 84441 0 3 0x82 kqread syz-executor 84441 448259 6792 0 3 0x10008a sigsusp ksh 6792 53066 69329 0 3 0x98 kqread sshd-session 69329 417603 96828 0 3 0x92 kqread sshd-session 96828 178332 1 0 3 0x88 kqread sshd 35004 416507 28454 74 3 0x1100092 bpf pflogd 28454 96828 1 0 3 0x80 sbwait pflogd 55118 404187 19029 73 3 0x1100090 kqread syslogd 19029 386433 1 0 3 0x100082 sbwait syslogd 47349 379773 1 0 3 0x100080 kqread resolvd 58494 435256 0 0 3 0x14200 bored smr 76887 110033 0 0 3 0x14200 pgzero zerothread 27080 348057 0 0 3 0x14200 aiodoned aiodoned 16815 265504 0 0 3 0x14200 syncer update 90831 458489 0 0 3 0x14200 cleaner cleaner 15305 462961 0 0 3 0x14200 reaper reaper 60438 124268 0 0 3 0x14200 pgdaemon pagedaemon 26388 507058 0 0 3 0x14200 bored viomb 92524 439020 0 0 3 0x40014200 acpi0 acpi0 51173 214143 0 0 3 0x40014200 idle1 79380 387309 0 0 3 0x14200 bored softnet1 27569 267663 0 0 3 0x14200 netlock softnet0 58694 512307 0 0 3 0x14200 smrbar systqmp 28867 480559 0 0 3 0x14200 bored systq 58123 296215 0 0 3 0x14200 tmoslp softclockmp 65621 201761 0 0 3 0x40014200 tmoslp softclock 5321 229513 0 0 3 0x40014200 idle0 1 45608 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks CPU 0: exclusive mutex &sched_lock r = 0 (0xffffffff83907e80) #0 witness_lock+1521 #1 mtx_enter+1204 #2 wakeup_n+84 #3 task_add+355 #4 ifiq_input+1199 #5 vio_rxeof+1065 #6 vio_rx_intr+152 #7 vio_queue_intr+89 #8 intr_handler+293 #9 Xintr_ioapic_edge26_untramp+399 #10 Xspllower+29 #11 pool_cache_get+836 #12 pool_get+214 #13 pmap_enter+491 #14 uvm_fault_lower_lookup+873 #15 uvm_fault_lower+137 #16 uvm_fault+628 #17 upageflttrap+169 #18 usertrap+1071 exclusive mutex &vioq->viq_rxmtx r = 0 (0xffff8000002a4db0) #0 witness_lock+1521 #1 mtx_enter+1204 #2 vio_rx_intr+130 #3 vio_queue_intr+89 #4 intr_handler+293 #5 Xintr_ioapic_edge26_untramp+399 #6 Xspllower+29 #7 pool_cache_get+836 #8 pool_get+214 #9 pmap_enter+491 #10 uvm_fault_lower_lookup+873 #11 uvm_fault_lower+137 #12 uvm_fault+628 #13 upageflttrap+169 #14 usertrap+1071 #15 recall_trap+8 Process 26434 (syz-executor) thread 0xffff80003c4074f0 (468999) Process 52388 (syz-executor) thread 0xffff80003c406fc0 (278742) Process 21324 (syz-executor) thread 0xffff80003c4d2038 (10986) Process 95413 (syz-executor) thread 0xffff80003c4d2fc8 (156846) Process 58694 (systqmp) thread 0xffff8000ffffe000 (512307) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11127 12175K 14179K 166960K 19613 0 pcb 18 16K 20K 166960K 1918 0 rtable 245 16K 17K 166960K 1882 0 pf 40 18K 82K 166960K 675 0 ifaddr 44 11K 13K 166960K 492 0 ifgroup 60 2K 3K 166960K 862 0 sysctl 4 1K 9K 166960K 54 0 counters 74 37K 39K 166960K 908 0 ioctlops 0 0K 8K 166960K 2849 0 iov 0 0K 32K 166960K 705 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1611 101K 102K 166960K 7514 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 2K 9K 166960K 40 0 VM map 2 1K 1K 166960K 2 0 sem 26 1K 1K 166960K 277 0 dirhash 12 2K 3K 166960K 126 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 240K 166960K 7246 0 sigio 0 0K 0K 166960K 199 0 proc 68 83K 164K 166960K 1889 0 subproc 72 4K 4K 166960K 283 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 1090 0 in_multi 75 5K 7K 166960K 706 0 ether_multi 1 0K 0K 166960K 90 0 mrt 1 0K 0K 166960K 48 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 283 1261K 1261K 166960K 283 0 exec 0 0K 1K 166960K 2001 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 14 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 241 135K 197K 166960K 66471 0 UVM aobj 33 38K 40K 166960K 60 0 pinsyscall 37 74K 103K 166960K 8956 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 681 0 NDP 14 0K 2K 166960K 355 0 temp 92 8680K 8936K 166960K 351561 0 kqueue 10 18K 32K 166960K 1443 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 834 0 833 6 5 1 3 0 8 0 rtentry 176 562 0 478 7 3 4 6 0 8 0 unpcb 144 5524 0 5512 24 21 3 6 0 8 2 syncache 336 21 0 21 10 9 1 1 0 8 1 tcpqe 32 8 0 8 4 3 1 1 0 8 1 tcpcb 736 2309 0 2301 36 29 7 7 0 8 6 arp 136 80 0 65 1 0 1 1 0 8 0 inpcb 328 8522 0 8511 57 47 10 12 0 8 8 nd6 152 108 0 88 1 0 1 1 0 8 0 pkpcb 40 64 0 64 9 8 1 1 0 8 1 kcovpl 48 31 0 23 1 0 1 1 0 8 0 mppekey 1024 4 0 4 3 3 0 1 0 8 0 ppxss 1192 314 0 314 6 5 1 1 0 8 1 pppxif 1504 53 0 53 8 7 1 1 0 8 1 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pffrag 232 101 0 86 3 1 2 2 0 482 0 pffrnode 88 54 0 40 1 0 1 1 0 8 0 pffrent 40 435 0 420 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 4 0 4 3 3 0 1 0 8 0 pfstkey 128 2 0 2 1 1 0 1 0 8 0 pfstate 448 1 0 1 1 1 0 1 0 8 0 rttmr 136 6 0 6 5 5 0 1 0 8 0 art_heap8 4096 6 0 2 5 1 4 4 0 8 0 art_heap4 256 2722 0 2328 47 22 25 30 0 8 0 art_table 40 2728 0 2330 7 2 5 5 0 8 0 art_node 32 553 0 476 1 0 1 1 0 8 0 sysvmsgpl 40 96 0 84 1 0 1 1 0 8 0 semupl 112 71 0 71 6 6 0 1 0 8 0 semapl 112 263 0 239 1 0 1 1 0 8 0 shmpl 112 15 0 1 1 0 1 1 0 8 0 dirhash 1024 99 0 82 3 0 3 3 0 8 0 dino2pl 256 15507 0 13933 99 0 99 99 0 8 0 ffsino 296 15507 0 13933 123 1 122 122 0 8 0 nchpl 144 25473 0 23706 66 0 66 66 0 8 0 rtmask 32 66 0 66 9 8 1 1 0 8 1 vnodes 216 4845 0 0 270 0 270 270 0 8 0 namei 1024 91803 0 91803 5 3 2 2 0 8 2 percpumem 16 469 0 417 1 0 1 1 0 8 0 vcpupl 3968 18 0 2 3 0 3 3 0 8 0 vmpool 848 40 0 24 3 1 2 2 0 8 0 kstatmem 264 572 0 536 5 2 3 4 0 8 0 acpiwqpl 32 2 0 2 1 0 1 1 1 8 1 scsiplug 72 42 0 42 10 9 1 1 0 8 1 scxspl 216 266983 0 266980 29 27 2 8 1 8 1 plimitpl 152 2074 0 2053 1 0 1 1 0 8 0 sigapl 424 7520 0 7475 11 3 8 8 0 8 0 knotepl 120 889 0 0 24 0 24 24 0 8 0 kqueuepl 224 2708 0 2698 24 21 3 5 0 8 2 pipepl 344 1127 0 1095 21 18 3 9 0 8 0 fdescpl 528 7449 0 7420 3 0 3 3 0 8 0 filepl 160 54638 0 54412 54 35 19 19 0 8 7 lockfpl 104 4218 0 4215 8 6 2 2 0 8 1 lockfspl 48 1260 0 1257 1 0 1 1 0 8 0 sessionpl 144 54 0 46 1 0 1 1 0 8 0 pgrppl 48 203 0 187 1 0 1 1 0 8 0 ucredpl 104 9693 0 9682 1 0 1 1 0 8 0 zombiepl 144 8220 0 8217 2 1 1 1 0 8 0 processpl 1232 7520 0 7475 8 2 6 6 0 8 0 procpl 664 19403 0 19343 10 3 7 8 0 8 0 sosppl 176 60 0 60 10 9 1 1 0 8 1 sockpl 752 15364 0 15339 97 84 13 22 0 8 8 mcl64k 65536 18 0 0 3 0 3 3 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 3 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 141 0 0 15 0 15 15 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 146 0 0 12 0 12 12 0 8 0 mtagpl 96 7 0 0 1 0 1 1 0 8 0 mbufpl 256 1606 0 0 91 0 91 91 0 8 0 bufpl 280 116461 0 110325 439 0 439 439 0 8 0 anonpl 32 17208 0 0 138 0 138 138 0 246 0 amapchunkpl 152 237175 0 236625 83 50 33 38 0 158 7 amappl16 200 33175 0 32822 199 179 20 47 0 8 0 amappl15 192 5 0 5 1 1 0 1 0 8 0 amappl14 184 40 0 40 1 1 0 1 0 8 0 amappl13 176 701 0 700 1 0 1 1 0 8 0 amappl12 168 8036 0 7999 3 0 3 3 0 8 0 amappl11 160 10 0 9 1 0 1 1 0 8 0 amappl10 152 54 0 45 1 0 1 1 0 8 0 amappl9 144 258 0 257 1 0 1 1 0 8 0 amappl8 136 31 0 28 1 0 1 1 0 8 0 amappl7 128 171 0 169 1 0 1 1 0 8 0 amappl6 120 565 0 554 1 0 1 1 0 8 0 amappl5 112 89 0 81 1 0 1 1 0 8 0 amappl4 104 589 0 561 1 0 1 1 0 8 0 amappl3 96 41965 0 41861 5 2 3 4 0 8 0 amappl2 88 7568 0 7507 2 0 2 2 0 8 0 amappl1 80 40126 0 39616 15 2 13 15 0 8 0 amappl 88 64182 0 63998 5 0 5 5 0 92 0 uvmvnodes 80 294 0 0 6 0 6 6 0 8 0 dma65536 65536 3 0 3 3 3 0 1 0 8 0 dma32768 32768 2 0 2 1 0 1 1 0 8 1 dma16384 16384 2 0 2 2 2 0 1 0 8 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma512 512 4 0 4 3 2 1 1 0 8 1 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 268 0 268 10 10 0 1 0 8 0 dma64 64 13 0 13 6 6 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 25 0 24 1 0 1 1 0 8 0 aobjpl 72 59 0 27 1 0 1 1 0 8 0 uaddrrnd 24 7449 0 7420 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 7449 0 7420 1 0 1 1 0 8 0 vmmpekpl 168 54266 0 54182 4 0 4 4 0 8 0 vmmpepl 168 472909 0 470808 181 88 93 112 0 357 0 vmsppl 488 7448 0 7420 5 0 5 5 0 8 0 rwobjpl 80 122219 0 120727 53 19 34 38 0 8 0 pdppl 4096 14985 0 14904 165 83 82 85 0 8 1 pvpl 32 24424 0 0 197 1 196 196 0 265 0 pmappl 256 7488 0 7444 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 515 0 163 11 0 11 11 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+39: addq $8,%rsp x86_ipi_db(ffffffff83849ff0) at x86_ipi_db+39 x86_ipi_handler() at x86_ipi_handler+217 Xresume_lapic_ipi() at Xresume_lapic_ipi+39 __mp_lock(ffffffff83908cc0) at __mp_lock+402 softintr_dispatch(2) at softintr_dispatch+293 dosoftint(2) at dosoftint+84 Xsofttty() at Xsofttty+39 __mp_lock(ffffffff83908cc0) at __mp_lock+402 intr_handler(ffff80003c42e910,ffff8000002a3480) at intr_handler+233 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+399 Xspllower() at Xspllower+29 pool_cache_get(ffffffff83951038) at pool_cache_get+836 pool_get(ffffffff83951038,2) at pool_get+214 pmap_enter(fffffd800b062200,110c292000,6c9f8000,1,20) at pmap_enter+491 end trace frame: 0xffff80003c42ed20, count: 0 ddb{0}> trace x86_ipi_db(ffffffff83849ff0) at x86_ipi_db+39 x86_ipi_handler() at x86_ipi_handler+217 Xresume_lapic_ipi() at Xresume_lapic_ipi+39 __mp_lock(ffffffff83908cc0) at __mp_lock+402 softintr_dispatch(2) at softintr_dispatch+293 dosoftint(2) at dosoftint+84 Xsofttty() at Xsofttty+39 __mp_lock(ffffffff83908cc0) at __mp_lock+402 intr_handler(ffff80003c42e910,ffff8000002a3480) at intr_handler+233 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+399 Xspllower() at Xspllower+29 pool_cache_get(ffffffff83951038) at pool_cache_get+836 pool_get(ffffffff83951038,2) at pool_get+214 pmap_enter(fffffd800b062200,110c292000,6c9f8000,1,20) at pmap_enter+491 uvm_fault_lower_lookup(ffff80003c42eee0,ffff80003c42ef18,ffff80003c42ee60) at uvm_fault_lower_lookup+873 uvm_fault_lower(ffff80003c42eee0,ffff80003c42ef18,ffff80003c42ee60) at uvm_fault_lower+137 uvm_fault(fffffd806c4bab90,110c291000,0,1) at uvm_fault+628 upageflttrap(ffff80003c42f080,110c2913c1) at upageflttrap+169 usertrap(ffff80003c42f080) at usertrap+1071 recall_trap() at recall_trap+8 end of kernel end trace frame: 0x7a34290d4ad0, count: -20 ddb{0}> machine ddbcpu 1 Stopped at proc_trampoline+199: movl $0,%gs:1672 proc_trampoline() at proc_trampoline+199 end of kernel end trace frame: 0x7db6ac8d0b00, count: 14 ddb{1}> trace proc_trampoline() at proc_trampoline+199 end of kernel end trace frame: 0x7db6ac8d0b00, count: -1