uvm_fault(0xfffffd806c9737b8, 0x0, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff8217b618 cs 8 rflags 10207 cr2 0 cpl 0 rsp ffff80003c4670b0 gsbase 0xffff8000299ddff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff8217b618 Starting stack trace... panic(ffffffff833e4202) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80003c467000) at kerntrap+0x30b alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff800001720000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:593 dtclose(31e5f,81,2000,ffff8000ffffc008) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(31e5f,81,2000,ffff8000ffffc008) at dtclose+0x109 sys/dev/dt/dt_dev.c:239 spec_close(ffff80003c4671b0) at spec_close+0x466 sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd805ed09948,81,fffffd80097fd340,ffff8000ffffc008) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156 vn_closefile(fffffd800f7933f8,ffff8000ffffc008) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd800f7933f8,ffff8000ffffc008) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd800f7933f8,ffff8000ffffc008) at fdrop+0x121 sys/kern/kern_descrip.c:1280 closef(fffffd800f7933f8,ffff8000ffffc008) at closef+0x192 sys/kern/kern_descrip.c:1264 fdfree(ffff8000ffffc008) at fdfree+0x116 sys/kern/kern_descrip.c:1195 exit1(ffff8000ffffc008,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215 sys_exit(ffff8000ffffc008,ffff80003c467520,ffff80003c467470) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80003c467520) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c467520) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7c94af7afd10, count: 242 End of stack trace. WARNING: SPL NOT LOWERED ON SYSCALL 202 2007661224 EXIT 0 4 Stopped at savectx+0xae: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND *341099 66133 0 0 0 1 syz-executor savectx() at savectx+0xae end of kernel end trace frame: 0x7dfb77aa7ad0, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd806c9737b8, 0x0, 0, 1) -> e ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7dfb77aa7ad0, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80002a38c890 rbx 0 rdx 0 rcx 0xffff80003c424fb8 rax 0x3c r8 0xffff80002a38c7c0 r9 0x1 r10 0x4ccc2db8285dc2d8 r11 0x67aba9f0f69e56fd r12 0 r13 0 r14 0xffff80003c424fb8 r15 0 rip 0xffffffff819993ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80002a38c810 ss 0x10 savectx+0xae: movl $0,%gs:0x688 ddb{1}> show proc PROC (syz-executor) tid=341099 pid=66133 tcnt=3 stat=onproc flags process=0 proc=0 runpri=50, usrpri=50, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000fffe7248,0xffff80003c424568 process=0xffff80003c4e8e98 user=0xffff80002a387000, vmspace=0xfffffd806c973018 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 96523 4052 43092 0 2 0 syz-executor *66133 341099 30714 0 7 0 syz-executor 66133 6266 30714 0 3 0x4000080 fsleep syz-executor 66133 195494 30714 0 3 0x4000080 fsleep syz-executor 66424 494919 11811 0 3 0x82 wait syz-executor 10228 342415 16759 0 3 0x80 nanoslp syz-executor 10228 354661 16759 0 3 0x4000080 kqread syz-executor 10228 128694 16759 0 3 0x4000080 fsleep syz-executor 67493 92862 23907 0 2 0 syz-executor 67493 198724 23907 0 3 0x4000080 fsleep syz-executor 67493 226579 23907 0 3 0x4000080 fsleep syz-executor 16759 5066 11811 0 3 0x82 nanoslp syz-executor 23907 41451 11811 0 3 0x82 nanoslp syz-executor 48373 218567 0 0 3 0x14200 acct acct 5804 43541 11811 0 3 0x82 nanoslp syz-executor 17942 344063 11811 0 3 0x82 nanoslp syz-executor 23164 183389 1 0 3 0x100083 ttyin getty 30714 356919 11811 0 3 0x82 nanoslp syz-executor 1069 85522 11811 0 3 0x82 wait syz-executor 43092 81521 11811 0 3 0x82 nanoslp syz-executor 79329 141015 46083 0 3 0x100082 sbwait arp 46083 152751 1 0 3 0x10008a sigsusp sh 11811 165079 22209 0 3 0x82 kqread syz-executor 22209 188778 28800 0 3 0x10008a sigsusp ksh 28800 295673 6867 0 3 0x98 kqread sshd-session 6867 181285 6872 0 3 0x92 kqread sshd-session 6872 366831 1 0 3 0x88 kqread sshd 73339 468558 44423 74 3 0x1100092 bpf pflogd 44423 322434 1 0 3 0x80 sbwait pflogd 72613 445196 88335 73 3 0x1100090 kqread syslogd 88335 177695 1 0 3 0x100082 sbwait syslogd 42670 8094 1 0 3 0x100080 kqread resolvd 2208 522194 63605 77 3 0x100092 kqread dhcpleased 56066 153380 63605 77 3 0x100092 kqread dhcpleased 63605 45090 1 0 3 0x80 kqread dhcpleased 95684 484394 0 0 3 0x14200 bored smr 75490 196509 0 0 2 0x14200 zerothread 90336 135946 0 0 3 0x14200 aiodoned aiodoned 60170 126420 0 0 3 0x14200 syncer update 8860 20879 0 0 3 0x14200 cleaner cleaner 42280 202397 0 0 3 0x14200 reaper reaper 11859 280514 0 0 3 0x14200 pgdaemon pagedaemon 29240 219458 0 0 3 0x14200 bored viomb 61389 93482 0 0 3 0x40014200 acpi0 acpi0 6111 222743 0 0 3 0x40014200 idle1 91910 155024 0 0 3 0x14200 bored softnet1 5780 67 0 0 3 0x14200 netlock softnet0 60455 456759 0 0 3 0x14200 smrbar systqmp 19764 293783 0 0 3 0x14200 bored systq 3519 152578 0 0 3 0x14200 tmoslp softclockmp 18610 147904 0 0 3 0x40014200 tmoslp softclock 77288 98939 0 0 3 0x40014200 idle0 1 465017 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 60455 (systqmp) thread 0xffff8000ffffea60 (456759) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11106 12220K 14065K 166960K 17715 0 pcb 17 18K 23K 166960K 1722 0 rtable 237 16K 17K 166960K 2115 0 pf 39 19K 84K 166960K 752 0 ifaddr 34 9K 13K 166960K 449 0 ifgroup 44 1K 3K 166960K 795 0 sysctl 4 1K 9K 166960K 105 0 counters 66 36K 38K 166960K 1034 0 ioctlops 0 0K 4K 166960K 3636 0 iov 0 0K 29K 166960K 403 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1583 100K 101K 166960K 6688 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 2K 10K 166960K 45 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 382 0 dirhash 15 2K 3K 166960K 147 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 19 69K 246K 166960K 6318 0 sigio 0 0K 0K 166960K 177 0 proc 74 131K 148K 166960K 1879 0 subproc 81 5K 5K 166960K 308 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 1709 0 in_multi 71 5K 7K 166960K 639 0 ether_multi 1 0K 0K 166960K 74 0 mrt 1 0K 0K 166960K 53 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 283 1261K 1261K 166960K 283 0 exec 0 0K 1K 166960K 1851 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 14 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 272 178K 200K 166960K 58137 0 UVM aobj 107 186K 186K 166960K 115 0 pinsyscall 45 90K 106K 166960K 8090 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 571 0 NDP 10 0K 1K 166960K 334 0 temp 154 8685K 8940K 166960K 281014 0 kqueue 15 22K 34K 166960K 1334 0 SYN cache 2 8K 16K 166960K 3 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 830 0 826 11 10 1 3 0 8 0 rtentry 176 650 0 569 7 1 6 6 0 8 0 unpcb 144 4698 0 4679 40 39 1 8 0 8 0 syncache 336 10 0 10 5 5 0 1 0 8 0 tcpqe 32 3 0 3 3 3 0 1 0 8 0 tcpcb 736 2732 0 2727 52 51 1 13 0 8 0 arp 136 111 0 96 1 0 1 1 0 8 0 inpcb 328 8153 0 8141 69 67 2 13 0 8 0 nd6 152 112 0 94 2 0 2 2 0 8 0 pkpcb 40 82 0 82 12 12 0 1 0 8 0 kcovpl 48 34 0 25 1 0 1 1 0 8 0 mppekey 1024 5 0 5 5 5 0 1 0 8 0 ppxss 1192 392 0 392 7 6 1 1 0 8 1 pppxif 1504 40 0 40 9 9 0 1 0 8 0 pfstscr 40 5 0 4 4 3 1 1 0 8 0 pffrag 232 82 0 79 1 0 1 1 0 482 0 pffrnode 88 78 0 75 1 0 1 1 0 8 0 pffrent 40 143 31 140 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 14 0 12 1 0 1 1 0 8 0 pfanchor 1288 2 0 0 1 0 1 1 0 8 0 pftag 88 8 0 1 1 0 1 1 0 8 0 pfstitem 24 6 0 0 1 0 1 1 0 8 0 pfstkey 128 145 0 139 2 1 1 1 0 8 0 pfstate 448 73 0 70 2 1 1 1 0 8 0 pfrule 1360 22 0 12 1 0 1 1 0 8 0 rttmr 136 7 0 7 7 7 0 1 0 8 0 art_heap8 4096 5 0 0 5 0 5 5 0 8 0 art_heap4 256 2345 0 1958 46 16 30 32 0 8 0 art_table 40 2350 0 1958 6 0 6 6 0 8 0 art_node 32 646 0 564 2 1 1 2 0 8 0 sysvmsgpl 40 61 0 46 1 0 1 1 0 8 0 semupl 112 8 0 8 7 7 0 1 0 8 0 semapl 112 368 0 358 1 0 1 1 0 8 0 shmpl 112 12 0 0 1 0 1 1 0 8 0 dirhash 1024 109 0 90 4 1 3 4 0 8 0 dino2pl 256 13757 0 12200 98 0 98 98 0 8 0 ffsino 296 13757 0 12200 121 0 121 121 0 8 0 nchpl 144 22119 0 20345 66 0 66 66 0 8 0 rtmask 32 54 0 54 15 15 0 1 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 83669 0 83669 5 4 1 2 0 8 1 percpumem 16 532 0 484 1 0 1 1 0 8 0 vcpupl 3968 96 0 4 12 0 12 12 0 8 0 vmpool 848 100 0 8 11 0 11 11 0 8 0 kstatmem 264 534 0 512 4 1 3 3 0 8 0 acpiwqpl 32 4 0 4 1 0 1 1 1 8 1 scsiplug 72 32 0 32 10 10 0 1 0 8 0 scxspl 216 155806 0 155806 22 21 1 8 1 8 1 plimitpl 152 1676 0 1658 2 1 1 2 0 8 0 sigapl 424 6557 0 6506 9 1 8 9 0 8 0 knotepl 120 932 0 0 25 0 25 25 0 8 0 kqueuepl 224 2731 0 2718 34 33 1 9 0 8 0 pipepl 344 988 0 957 23 19 4 9 0 8 0 fdescpl 528 6497 0 6464 3 0 3 3 0 8 0 filepl 160 48594 0 48352 70 58 12 22 0 8 0 lockfpl 104 2720 0 2717 3 2 1 2 0 8 0 lockfspl 48 911 0 908 1 0 1 1 0 8 0 sessionpl 144 56 0 47 1 0 1 1 0 8 0 pgrppl 48 196 0 178 1 0 1 1 0 8 0 ucredpl 104 8263 0 8248 1 0 1 1 0 8 0 zombiepl 144 8246 0 8242 2 1 1 1 0 8 0 processpl 1232 6557 0 6506 6 0 6 6 0 8 0 procpl 664 16422 0 16365 9 3 6 8 0 8 0 sosppl 176 54 0 54 16 15 1 1 0 8 1 sockpl 752 14066 0 14031 141 136 5 24 0 8 0 mcl64k 65536 9 0 0 2 0 2 2 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 5 0 0 1 0 1 1 0 8 0 mcl8k 8192 8 0 0 1 0 1 1 0 8 0 mcl4k 4096 130 0 0 15 0 15 15 0 8 0 mcl2k 2048 56 0 0 6 0 6 6 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 1119 0 0 70 0 70 70 0 8 0 bufpl 280 61355 0 55219 439 0 439 439 0 8 0 anonpl 32 17883 0 0 143 0 143 143 0 246 0 amapchunkpl 152 206940 0 206327 88 56 32 43 0 158 1 amappl16 200 23337 0 23303 138 119 19 32 0 8 9 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 6 0 6 1 1 0 1 0 8 0 amappl13 176 735 0 733 1 0 1 1 0 8 0 amappl12 168 7035 0 6991 3 0 3 3 0 8 0 amappl11 160 10 0 9 3 2 1 1 0 8 0 amappl10 152 59 0 45 1 0 1 1 0 8 0 amappl9 144 242 0 241 2 1 1 1 0 8 0 amappl8 136 47 0 44 1 0 1 1 0 8 0 amappl7 128 188 0 186 1 0 1 1 0 8 0 amappl6 120 596 0 580 1 0 1 1 0 8 0 amappl5 112 83 0 71 1 0 1 1 0 8 0 amappl4 104 612 0 579 1 0 1 1 0 8 0 amappl3 96 36222 0 36118 5 1 4 4 0 8 0 amappl2 88 6588 0 6507 2 0 2 2 0 8 0 amappl1 80 36674 0 36059 15 0 15 15 0 8 0 amappl 88 55866 0 55678 6 1 5 6 0 92 0 uvmvnodes 80 269 0 2 6 0 6 6 0 8 0 dma65536 65536 3 0 3 3 3 0 1 0 8 0 dma32768 32768 3 0 3 3 3 0 1 0 8 0 dma8192 8192 2 0 2 2 2 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 9 0 9 4 4 0 2 0 8 0 dma128 128 262 0 262 7 7 0 1 0 8 0 dma64 64 7 0 7 2 2 0 1 0 8 0 dma32 32 8 0 8 2 2 0 1 0 8 0 dma16 16 21 0 20 1 0 1 1 0 8 0 aobjpl 72 114 0 8 2 0 2 2 0 8 0 uaddrrnd 24 6497 0 6464 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 6497 0 6464 1 0 1 1 0 8 0 vmmpekpl 168 42858 0 42784 4 0 4 4 0 8 0 vmmpepl 168 407631 0 405595 173 67 106 114 0 357 0 vmsppl 488 6496 0 6463 5 0 5 5 0 8 0 rwobjpl 80 102801 0 101411 42 6 36 37 0 8 0 pdppl 4096 13201 0 13034 257 88 169 171 0 8 2 pvpl 32 25895 0 0 208 0 208 208 0 265 0 pmappl 256 6596 0 6471 8 0 8 8 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 598 0 185 13 0 13 13 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff838a8ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff839ad440) at __mp_lock+0x19e __mp_lock_spin sys/kern/kern_lock.c:142 [inline] __mp_lock(ffffffff839ad440) at __mp_lock+0x19e sys/kern/kern_lock.c:173 softintr_dispatch(2) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(2) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862 Xsofttty() at Xsofttty+0x27 __mp_lock(ffffffff839ad440) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline] __mp_lock(ffffffff839ad440) at __mp_lock+0x192 sys/kern/kern_lock.c:173 softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862 Xsoftclock() at Xsoftclock+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c kd_curproc sys/dev/kcov.c:584 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c sys/dev/kcov.c:153 __mp_lock(ffffffff839ad440) at __mp_lock+0x1a3 __mp_lock_spin sys/kern/kern_lock.c:142 [inline] __mp_lock(ffffffff839ad440) at __mp_lock+0x1a3 sys/kern/kern_lock.c:173 exit1(ffff8000fffe7248,0,0,1) at exit1+0x701 sys/kern/kern_exit.c:260 end trace frame: 0xffff80002a3365d0, count: 0 ddb{0}> trace x86_ipi_db(ffffffff838a8ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff839ad440) at __mp_lock+0x19e __mp_lock_spin sys/kern/kern_lock.c:142 [inline] __mp_lock(ffffffff839ad440) at __mp_lock+0x19e sys/kern/kern_lock.c:173 softintr_dispatch(2) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(2) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862 Xsofttty() at Xsofttty+0x27 __mp_lock(ffffffff839ad440) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline] __mp_lock(ffffffff839ad440) at __mp_lock+0x192 sys/kern/kern_lock.c:173 softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862 Xsoftclock() at Xsoftclock+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c kd_curproc sys/dev/kcov.c:584 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c sys/dev/kcov.c:153 __mp_lock(ffffffff839ad440) at __mp_lock+0x1a3 __mp_lock_spin sys/kern/kern_lock.c:142 [inline] __mp_lock(ffffffff839ad440) at __mp_lock+0x1a3 sys/kern/kern_lock.c:173 exit1(ffff8000fffe7248,0,0,1) at exit1+0x701 sys/kern/kern_exit.c:260 sys_exit(ffff8000fffe7248,ffff80002a3366b0,ffff80002a336600) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80002a3366b0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a3366b0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7163bbe8bb30, count: -17 ddb{0}> machine ddbcpu 1 Stopped at savectx+0xae: movl $0,%gs:0x688 savectx() at savectx+0xae end of kernel end trace frame: 0x7dfb77aa7ad0, count: 14 ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7dfb77aa7ad0, count: -1