uvm_fault(0xfffffd805ce90210, 0x0, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff8190e738 cs 8 rflags 10207 cr2 0 cpl 0 rsp ffff80002a346300 gsbase 0xffff8000299edff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff8190e738 Starting stack trace... panic(ffffffff833a4fb8) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80002a346250) at kerntrap+0x30b alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff8000018bd000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:586 dtclose(11e5f,81,2000,ffff80003b012028) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(11e5f,81,2000,ffff80003b012028) at dtclose+0x109 sys/dev/dt/dt_dev.c:232 spec_close(ffff80002a346400) at spec_close+0x466 sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd806dcaab38,81,fffffd80097fb340,ffff80003b012028) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156 vn_closefile(fffffd805e3380d0,ffff80003b012028) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd805e3380d0,ffff80003b012028) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd805e3380d0,ffff80003b012028) at fdrop+0x121 sys/kern/kern_descrip.c:1280 closef(fffffd805e3380d0,ffff80003b012028) at closef+0x192 sys/kern/kern_descrip.c:1264 fdfree(ffff80003b012028) at fdfree+0x116 sys/kern/kern_descrip.c:1195 exit1(ffff80003b012028,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215 sys_exit(ffff80003b012028,ffff80002a346770,ffff80002a3466c0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80002a346770) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a346770) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7d9c8721ad10, count: 242 End of stack trace. WARNING: SPL NOT LOWERED ON SYSCALL 83 882901824 EXIT 0 4 Stopped at savectx+0xae: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND 324520 58175 0 0 0 0 syz-executor *496562 80260 0 0 0 1 syz-executor savectx() at savectx+0xae end of kernel end trace frame: 0x7de657231b00, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd805ce90210, 0x0, 0, 1) -> e ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7de657231b00, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80003b001980 rbx 0 rdx 0 rcx 0xffff80003b013250 rax 0x3a r8 0xffff80003b0018b0 r9 0x1 r10 0xce2a8416e835a34 r11 0xde00e84fd239058b r12 0 r13 0 r14 0xffff80003b013250 r15 0 rip 0xffffffff81a233ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80003b001900 ss 0x10 savectx+0xae: movl $0,%gs:0x688 ddb{1}> show proc PROC (syz-executor) tid=496562 pid=80260 tcnt=2 stat=onproc flags process=0 proc=0 runpri=86, usrpri=86, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003b0127f0,0xffff80003b0122d0 process=0xffff80003c44e1e8 user=0xffff80003affc000, vmspace=0xfffffd806b9bb200 estcpu=36, cpticks=3, pctcpu=0.0, user=1, sys=1, intr=1 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 58175 324520 87019 0 7 0 syz-executor 58175 211553 87019 0 2 0x4000000 syz-executor *80260 496562 77466 0 7 0 syz-executor 80260 242692 77466 0 3 0x4000080 fsleep syz-executor 41490 126555 0 0 3 0x14280 nfsidl nfsio 9849 240669 0 0 3 0x14280 nfsidl nfsio 58643 23476 0 0 3 0x14280 nfsidl nfsio 78838 219722 0 0 3 0x14280 nfsidl nfsio 61972 303064 0 0 3 0x14280 nfsidl nfsio 66695 133052 0 0 3 0x14280 nfsidl nfsio 46391 95516 0 0 3 0x14280 nfsidl nfsio 64256 242129 0 0 3 0x14280 nfsidl nfsio 17675 405955 0 0 3 0x14280 nfsidl nfsio 63848 402764 0 0 3 0x14280 nfsidl nfsio 88598 361833 0 0 3 0x14280 nfsidl nfsio 64239 205295 0 0 3 0x14280 nfsidl nfsio 68029 277261 0 0 3 0x14280 nfsidl nfsio 6693 121106 0 0 3 0x14280 nfsidl nfsio 81381 186176 0 0 3 0x14280 nfsidl nfsio 92277 8685 0 0 3 0x14280 nfsidl nfsio 83588 269882 0 0 3 0x14280 nfsidl nfsio 3202 20921 0 0 3 0x14280 nfsidl nfsio 80316 106011 0 0 3 0x14280 nfsidl nfsio 84381 336697 0 0 3 0x14280 nfsidl nfsio 95785 147991 9538 0 3 0x80 nanoslp syz-executor 95785 183467 9538 0 3 0x4000080 kqpoll syz-executor 95785 153324 9538 0 3 0x4000080 fsleep syz-executor 53553 355674 61164 0 3 0x80 nanoslp syz-executor 53553 240573 61164 0 3 0x4000080 kqsel syz-executor 53553 472702 61164 0 3 0x4000080 fsleep syz-executor 87019 36480 81698 0 3 0x82 nanoslp syz-executor 9538 440649 81698 0 3 0x82 nanoslp syz-executor 61164 56442 81698 0 3 0x82 nanoslp syz-executor 47399 415758 81698 0 3 0x82 nanoslp syz-executor 40654 126481 81698 0 3 0x82 nanoslp syz-executor 67207 392774 1 0 3 0x100083 ttyin getty 5710 478201 81698 0 2 0x2 syz-executor 50763 3199 81698 0 3 0x82 nanoslp syz-executor 77466 466690 81698 0 3 0x82 nanoslp syz-executor 4966 453297 0 0 3 0x14200 bored sosplice 81698 360094 96777 0 3 0x82 kqread syz-executor 96777 53853 62799 0 3 0x10008a sigsusp ksh 62799 470170 22414 0 3 0x98 kqread sshd-session 22414 90092 45382 0 3 0x92 kqread sshd-session 45382 234251 1 0 3 0x88 kqread sshd 94164 518905 2980 74 3 0x1100092 bpf pflogd 2980 238817 1 0 3 0x80 sbwait pflogd 32107 469704 91424 73 3 0x1100090 kqread syslogd 91424 32006 1 0 3 0x100082 sbwait syslogd 62073 476952 1 0 3 0x100080 kqread resolvd 9591 160799 0 0 3 0x14200 bored smr 22020 439839 0 0 3 0x14200 pgzero zerothread 63785 463526 0 0 3 0x14200 aiodoned aiodoned 48549 41453 0 0 3 0x14200 syncer update 68687 127428 0 0 3 0x14200 cleaner cleaner 24174 245289 0 0 3 0x14200 reaper reaper 49137 322611 0 0 3 0x14200 pgdaemon pagedaemon 90487 313939 0 0 3 0x14200 bored viomb 15381 383756 0 0 3 0x40014200 acpi0 acpi0 70881 495596 0 0 3 0x40014200 idle1 77044 308350 0 0 3 0x14200 bored softnet1 12441 314460 0 0 3 0x14200 netlock softnet0 61378 409626 0 0 2 0x40014200 systqmp 61732 229412 0 0 3 0x14200 syncxs systq 61364 236107 0 0 3 0x14200 tmoslp softclockmp 5779 297243 0 0 3 0x40014200 tmoslp softclock 18827 30174 0 0 3 0x40014200 idle0 1 343640 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 5710 (syz-executor) thread 0xffff8000353dbcc8 (478201) Process 61732 (systq) thread 0xffff8000ffffe7c8 (229412) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10344 12721K 14295K 166960K 33359 0 pcb 17 24K 40K 166960K 3409 0 rtable 252 19K 20K 166960K 2801 0 pf 45 19K 67485K 166960K 1516 0 ifaddr 42 14K 19K 166960K 999 0 ifgroup 66 2K 3K 166960K 1811 0 sysctl 4 1K 9K 166960K 99 0 counters 74 37K 38K 166960K 2440 0 ioctlops 0 0K 8K 166960K 4981 0 iov 0 0K 44K 166960K 1442 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1520 96K 96K 166960K 14274 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 616K 624K 166960K 81 0 VM map 2 1K 1K 166960K 2 0 sem 27 60K 112K 166960K 173 0 dirhash 15 2K 3K 166960K 279 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 240K 166960K 14629 0 sigio 0 0K 0K 166960K 544 0 proc 68 83K 180K 166960K 3675 0 subproc 72 4K 4K 166960K 604 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 2416 0 in_multi 68 5K 7K 166960K 1184 0 ether_multi 1 0K 0K 166960K 195 0 mrt 1 0K 0K 166960K 87 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 313 1394K 1394K 166960K 313 0 exec 0 0K 1K 166960K 3922 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 32 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 216 143K 190K 166960K 126163 0 UVM aobj 84 5K 8K 166960K 93 0 pinsyscall 36 72K 109K 166960K 17074 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 919 0 NDP 17 0K 2K 166960K 826 0 temp 105 8656K 8912K 166960K 794867 0 kqueue 7 12K 36K 166960K 2710 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle vscsiccb 40 1 0 0 1 0 1 1 0 8 0 plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 1863 0 1862 16 15 1 3 0 8 0 rtentry 176 993 0 912 7 2 5 5 0 8 0 unpcb 144 10546 0 10535 65 62 3 6 0 8 2 syncache 336 8 0 8 2 2 0 1 0 8 0 tcpcb 736 5420 0 5414 107 100 7 10 0 8 6 arp 136 119 0 105 1 0 1 1 0 8 0 inpcb 328 17598 0 17587 129 120 9 17 0 8 7 nd6 152 175 0 160 1 0 1 1 0 8 0 pkpcb 40 125 0 125 21 21 0 1 0 8 0 kcovpl 48 66 0 58 1 0 1 1 0 8 0 mppekey 1024 73 0 73 7 7 0 1 0 8 0 ppxss 1192 1028 0 1027 13 12 1 1 0 8 0 pppxif 1504 99 0 99 19 19 0 1 0 8 0 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pffrag 232 97 0 89 1 0 1 1 0 482 0 pffrnode 88 83 0 76 1 0 1 1 0 8 0 pffrent 40 298 0 288 1 0 1 1 0 8 0 pfosfp 40 1431 0 1006 5 0 5 5 0 8 0 pfosfpen 112 1431 0 715 21 0 21 21 0 8 0 pfrktable 1344 1 0 1 1 1 0 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfqueue 320 15 0 4 2 1 1 1 0 8 0 pfstitem 24 76 0 72 1 0 1 1 0 8 0 pfstkey 128 80 0 77 2 0 2 2 0 8 0 pfstate 384 78 0 74 6 4 2 6 0 8 0 pfrule 1344 43 0 37 2 1 1 2 0 8 0 rttmr 136 7 0 7 4 4 0 1 0 8 0 art_heap8 4096 6 0 2 6 2 4 5 0 8 0 art_heap4 256 3815 0 3498 52 31 21 28 0 8 0 art_table 40 3821 0 3500 6 1 5 5 0 8 0 art_node 32 909 0 842 1 0 1 1 0 8 0 sysvmsgpl 40 96 0 81 1 0 1 1 0 8 0 semupl 112 4 0 4 3 3 0 1 0 8 0 semapl 112 151 0 126 1 0 1 1 0 8 0 shmpl 112 90 0 9 3 0 3 3 0 8 0 dirhash 1024 196 0 177 3 0 3 3 0 8 0 dino2pl 256 29117 0 27453 105 0 105 105 0 8 0 ffsino 296 29117 0 27453 129 0 129 129 0 8 0 nchpl 144 48558 0 46727 70 1 69 69 0 8 0 rtmask 32 117 0 117 17 17 0 1 0 8 0 uvmvnodes 80 6107 0 0 125 0 125 125 0 8 0 vnodes 216 6107 0 0 340 0 340 340 0 8 0 namei 1024 180482 0 180482 19 18 1 3 0 8 1 percpumem 16 1235 0 1183 1 0 1 1 0 8 0 kstatmem 264 1390 0 1356 6 3 3 3 0 8 0 acpiwqpl 32 2 0 2 1 0 1 1 1 8 1 scsiplug 72 9 0 9 3 3 0 1 0 8 0 scxspl 216 401922 0 401921 35 33 2 8 1 8 1 plimitpl 152 4115 0 4098 1 0 1 1 0 8 0 sigapl 424 14712 0 14647 13 5 8 8 0 8 0 knotepl 120 815 0 0 18 0 18 18 0 8 0 kqueuepl 224 7064 0 7055 55 52 3 9 0 8 2 pipepl 344 2044 0 2016 36 27 9 9 0 8 6 fdescpl 528 14598 0 14570 3 0 3 3 0 8 0 filepl 160 110515 0 110306 109 89 20 24 0 8 8 lockfpl 104 7740 0 7739 11 10 1 2 0 8 0 lockfspl 48 2898 0 2897 1 0 1 1 0 8 0 sessionpl 144 91 0 83 1 0 1 1 0 8 0 pgrppl 48 594 0 578 1 0 1 1 0 8 0 ucredpl 104 20102 0 20090 1 0 1 1 0 8 0 zombiepl 144 16491 0 16488 5 4 1 1 0 8 0 processpl 1232 14712 0 14647 8 2 6 6 0 8 0 procpl 664 38092 0 38021 12 5 7 8 0 8 0 sosppl 168 84 0 84 23 23 0 1 0 8 0 sockpl 752 30680 0 30657 239 228 11 23 0 8 8 mcl64k 65536 17 0 0 3 0 3 3 0 8 0 mcl16k 16384 9 0 0 2 0 2 2 0 8 0 mcl12k 12288 4 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 7 0 0 1 0 1 1 0 8 0 mcl4k 4096 125 0 0 14 0 14 14 0 8 0 mcl2k2 2112 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 188 0 0 11 0 11 11 0 8 0 mtagpl 96 98 0 0 3 0 3 3 0 8 0 mbufpl 256 2640 0 0 150 0 150 150 0 8 0 bufpl 280 178136 0 172015 441 3 438 440 0 8 0 anonpl 32 24504 0 0 196 0 196 196 0 246 0 amapchunkpl 152 459583 0 459066 163 129 34 37 0 158 8 amappl16 200 53345 0 53309 330 316 14 58 0 8 2 amappl15 192 28 0 28 2 2 0 1 0 8 0 amappl14 184 246 0 237 1 0 1 1 0 8 0 amappl13 176 8 0 8 3 3 0 1 0 8 0 amappl12 168 16222 0 16194 4 2 2 3 0 8 0 amappl11 160 55 0 46 1 0 1 1 0 8 0 amappl10 152 11 0 10 1 0 1 1 0 8 0 amappl9 144 250 0 249 2 1 1 1 0 8 0 amappl8 136 28 0 25 1 0 1 1 0 8 0 amappl7 128 238 0 227 1 0 1 1 0 8 0 amappl6 120 760 0 756 1 0 1 1 0 8 0 amappl5 112 369 0 361 1 0 1 1 0 8 0 amappl4 104 420 0 400 1 0 1 1 0 8 0 amappl3 96 82163 0 82074 6 2 4 4 0 8 0 amappl2 88 15001 0 14930 3 0 3 3 0 8 0 amappl1 80 70105 0 69597 15 2 13 15 0 8 0 amappl 88 122069 0 121909 5 0 5 5 0 92 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma32768 32768 2 0 2 2 2 0 1 0 8 0 dma16384 16384 3 0 3 3 3 0 1 0 8 0 dma8192 8192 4 0 4 4 4 0 1 0 8 0 dma4096 4096 4 0 4 3 3 0 1 0 8 0 dma2048 2048 3 0 3 3 3 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma512 512 6 0 6 4 4 0 1 0 8 0 dma256 256 10 0 10 5 5 0 1 0 8 0 dma128 128 259 0 258 3 2 1 1 0 8 0 dma64 64 14 0 14 8 8 0 1 0 8 0 dma32 32 8 0 8 2 2 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 92 0 9 2 0 2 2 0 8 0 uaddrrnd 24 14598 0 14570 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 14598 0 14570 1 0 1 1 0 8 0 vmmpekpl 168 92659 0 92584 4 0 4 4 0 8 0 vmmpepl 168 900038 0 898313 234 128 106 127 0 357 5 vmsppl 488 14597 0 14570 6 1 5 5 0 8 0 rwobjpl 80 223797 0 216794 176 13 163 166 0 8 0 pdppl 4096 29204 0 29140 234 166 68 86 0 8 4 pvpl 32 34472 0 0 275 1 274 274 0 265 0 pmappl 256 14597 0 14570 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 745 0 351 12 0 12 12 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff837efff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83915db8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83915db8) at __mp_lock+0x192 sys/kern/kern_lock.c:165 scsi_xs_put(fffffd8073258990) at scsi_xs_put+0x51 scsi_iopool_put sys/scsi/scsi_base.c:270 [inline] scsi_xs_put(fffffd8073258990) at scsi_xs_put+0x51 scsi_io_put sys/scsi/scsi_base.c:499 [inline] scsi_xs_put(fffffd8073258990) at scsi_xs_put+0x51 sys/scsi/scsi_base.c:787 scsi_done(fffffd8073258990) at scsi_done+0x40 sys/scsi/scsi_base.c:1496 vioscsi_vq_done(ffff8000000a3668) at vioscsi_vq_done+0xe1 sys/dev/pv/vioscsi.c:-1 intr_handler(ffff80002a392110,ffff800000079a80) at intr_handler+0x125 sys/arch/amd64/amd64/intr.c:563 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f end of kernel end trace frame: 0x75896238cb90, count: 6 ddb{0}> trace x86_ipi_db(ffffffff837efff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83915db8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83915db8) at __mp_lock+0x192 sys/kern/kern_lock.c:165 scsi_xs_put(fffffd8073258990) at scsi_xs_put+0x51 scsi_iopool_put sys/scsi/scsi_base.c:270 [inline] scsi_xs_put(fffffd8073258990) at scsi_xs_put+0x51 scsi_io_put sys/scsi/scsi_base.c:499 [inline] scsi_xs_put(fffffd8073258990) at scsi_xs_put+0x51 sys/scsi/scsi_base.c:787 scsi_done(fffffd8073258990) at scsi_done+0x40 sys/scsi/scsi_base.c:1496 vioscsi_vq_done(ffff8000000a3668) at vioscsi_vq_done+0xe1 sys/dev/pv/vioscsi.c:-1 intr_handler(ffff80002a392110,ffff800000079a80) at intr_handler+0x125 sys/arch/amd64/amd64/intr.c:563 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f end of kernel end trace frame: 0x75896238cb90, count: -9 ddb{0}> machine ddbcpu 1 Stopped at savectx+0xae: movl $0,%gs:0x688 savectx() at savectx+0xae end of kernel end trace frame: 0x7de657231b00, count: 14 ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7de657231b00, count: -1