uvm_fault(0xfffffd805c8aa3f8, 0x0, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff8302ab08 cs 8 rflags 10207 cr2 0 cpl 0 rsp ffff80002a366f70 gsbase 0xffff8000299edff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff8302ab08 Starting stack trace... panic(ffffffff833a1f82) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80002a366ec0) at kerntrap+0x30b alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff80000148f000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:586 dtclose(11e5f,81,2000,ffff80003c439788) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(11e5f,81,2000,ffff80003c439788) at dtclose+0x109 sys/dev/dt/dt_dev.c:232 spec_close(ffff80002a367070) at spec_close+0x466 sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd80673b5050,81,fffffd80097fb0d0,ffff80003c439788) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156 vn_closefile(fffffd80666711a0,ffff80003c439788) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd80666711a0,ffff80003c439788) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd80666711a0,ffff80003c439788) at fdrop+0x121 sys/kern/kern_descrip.c:1280 closef(fffffd80666711a0,ffff80003c439788) at closef+0x192 sys/kern/kern_descrip.c:1264 fdfree(ffff80003c439788) at fdfree+0x116 sys/kern/kern_descrip.c:1195 exit1(ffff80003c439788,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215 sys_exit(ffff80003c439788,ffff80002a3673e0,ffff80002a367330) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80002a3673e0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a3673e0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x756db4bccd10, count: 242 End of stack trace. WARNING: SPL NOT LOWERED ON SYSCALL 83 -1942730224 EXIT 0 4 Stopped at savectx+0xae: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND *268195 28810 0 0 0x4000000 1 syz-executor 264160 43295 0 0x14000 0x40000200 0 softclock savectx() at savectx+0xae end of kernel end trace frame: 0x6016a1f5570, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd805c8aa3f8, 0x0, 0, 1) -> e ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x6016a1f5570, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80003c4b7cb0 rbx 0 rdx 0xffff8000014bd780 rcx 0xffff80002a2b9a08 rax 0x3c r8 0xffff80003c4b7be0 r9 0x1 r10 0x657ed7aea1f2058b r11 0x2693bbe67b4946cc r12 0 r13 0 r14 0xffff80002a2b9a08 r15 0 rip 0xffffffff811953ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80003c4b7c30 ss 0x10 savectx+0xae: movl $0,%gs:0x688 ddb{1}> show proc PROC (syz-executor) tid=268195 pid=28810 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c4382c8,0xffffffff83903b50 process=0xffff80002a2c30d8 user=0xffff80003c4b2000, vmspace=0xfffffd805c8aa210 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 28810 26475 67296 0 2 0 syz-executor *28810 268195 67296 0 7 0x4000000 syz-executor 29065 24277 61874 0 2 0 syz-executor 29065 289777 61874 0 3 0x4000080 fsleep syz-executor 31622 416799 17773 0 2 0 syz-executor 31622 482499 17773 0 3 0x4000080 fifow syz-executor 52989 40484 85871 0 2 0xc80 syz-executor 52989 292414 85871 0 3 0x4000080 bell syz-executor 52989 453116 85871 0 3 0x4000080 fsleep syz-executor 19350 267500 36006 60929 2 0xc90 syz-executor 19350 246258 36006 60929 3 0x4000090 netcon syz-executor 19350 111045 36006 60929 3 0x4000090 fsleep syz-executor 26683 390467 32198 0 2 0xc80 syz-executor 26683 99343 32198 0 3 0x4000080 pipewr syz-executor 26683 440895 32198 0 3 0x4000080 fsleep syz-executor 89638 82339 0 0 3 0x14200 acct acct 61874 235373 93763 0 2 0xc82 syz-executor 17773 47886 93763 0 2 0xc82 syz-executor 96743 314885 1 0 2 0x100083 getty 32198 136659 93763 0 2 0xc82 syz-executor 36006 168242 93763 0 2 0xc82 syz-executor 46641 81143 93763 0 2 0xc82 syz-executor 85871 246266 93763 0 2 0xc82 syz-executor 27680 322698 93763 0 2 0xc82 syz-executor 67296 123168 93763 0 2 0xc82 syz-executor 58999 192834 0 0 3 0x14200 bored sosplice 93763 411146 26180 0 3 0x82 kqread syz-executor 26180 244619 12210 0 3 0x10008a sigsusp ksh 12210 432445 47653 0 3 0x98 kqread sshd-session 47653 479383 52783 0 3 0x92 kqread sshd-session 52783 226699 1 0 3 0x88 kqread sshd 61341 281875 53155 74 3 0x1100092 bpf pflogd 53155 340713 1 0 3 0x80 sbwait pflogd 73471 355469 76212 73 3 0x1100090 kqread syslogd 76212 45511 1 0 3 0x100082 sbwait syslogd 3421 158738 1 0 3 0x100080 kqread resolvd 82759 386595 48143 77 3 0x100092 kqread dhcpleased 30302 262667 48143 77 3 0x100092 kqread dhcpleased 48143 199662 1 0 3 0x80 kqread dhcpleased 99174 23136 0 0 2 0x14200 smr 21411 68328 0 0 3 0x14200 pgzero zerothread 92789 410610 0 0 3 0x14200 aiodoned aiodoned 38072 47219 0 0 3 0x14200 syncer update 68894 416182 0 0 3 0x14200 cleaner cleaner 77793 399348 0 0 3 0x14200 reaper reaper 26699 21066 0 0 3 0x14200 pgdaemon pagedaemon 24494 211012 0 0 3 0x14200 bored viomb 25344 217364 0 0 3 0x40014200 acpi0 acpi0 71755 277646 0 0 3 0x40014200 idle1 42536 86558 0 0 3 0x14200 bored softnet7 17561 211779 0 0 3 0x14200 bored softnet6 25212 444763 0 0 3 0x14200 bored softnet5 32656 61641 0 0 3 0x14200 bored softnet4 58992 214623 0 0 3 0x14200 bored softnet3 907 53415 0 0 3 0x14200 bored softnet2 43024 106192 0 0 3 0x14200 bored softnet1 75408 363063 0 0 2 0x14200 softnet0 90812 229841 0 0 2 0x14200 systqmp 71963 24822 0 0 3 0x14200 bored systq 96472 489043 0 0 2 0x14200 softclockmp 43295 264160 0 0 7 0x40014200 softclock 94123 412630 0 0 3 0x40014200 idle0 1 189802 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10251 11115K 11397K 166960K 14973 0 pcb 17 20K 22K 166960K 1435 0 rtable 243 16K 16K 166960K 1180 0 pf 48 20K 67487K 166960K 632 0 ifaddr 47 9K 10K 166960K 404 0 ifgroup 67 2K 3K 166960K 734 0 sysctl 4 1K 9K 166960K 52 0 counters 78 38K 38K 166960K 810 0 ioctlops 0 0K 4K 166960K 2997 0 iov 0 0K 28K 166960K 565 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1500 94K 94K 166960K 5315 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 21 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 329 0 dirhash 12 2K 3K 166960K 99 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 240K 166960K 6351 0 sigio 0 0K 0K 166960K 277 0 proc 77 131K 180K 166960K 1579 0 subproc 72 4K 4K 166960K 190 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 932 0 in_multi 83 6K 8K 166960K 520 0 ether_multi 1 0K 0K 166960K 81 0 mrt 1 0K 0K 166960K 30 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 79 360K 360K 166960K 79 0 exec 0 0K 1K 166960K 1400 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 10 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 264 162K 184K 166960K 57633 0 UVM aobj 131 4K 4K 166960K 135 0 pinsyscall 43 86K 108K 166960K 7731 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 554 0 NDP 16 0K 2K 166960K 295 0 temp 90 8652K 8910K 166960K 367259 0 kqueue 18 30K 32K 166960K 1110 0 SYN cache 2 8K 16K 166960K 3 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 587 0 584 3 2 1 3 0 8 0 rtentry 176 403 0 322 5 0 5 5 0 8 0 unpcb 144 4726 0 4705 30 28 2 7 0 8 1 syncache 336 6 0 6 3 3 0 1 0 8 0 tcpcb 736 2283 0 2278 46 40 6 7 0 8 5 arp 128 53 0 44 1 0 1 1 0 8 0 inpcb 328 7229 0 7219 64 58 6 13 0 8 4 nd6 144 67 0 49 1 0 1 1 0 8 0 pkpcb 40 49 0 49 9 8 1 1 0 8 1 kcovpl 48 21 0 13 1 0 1 1 0 8 0 mppekey 1024 2 0 2 2 2 0 1 0 8 0 ppxss 1192 299 0 296 6 5 1 1 0 8 0 pppxif 1504 38 0 38 10 9 1 1 0 8 1 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pffrag 232 46 0 32 1 0 1 1 0 482 0 pffrnode 88 36 0 23 1 0 1 1 0 8 0 pffrent 40 82 0 68 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 10 0 10 5 4 1 1 0 8 1 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 439 0 234 2 0 2 2 0 8 0 pfstkey 128 449 0 244 7 0 7 7 0 8 0 pfstate 384 444 0 239 22 1 21 21 0 8 0 pfrule 1344 28 0 20 2 1 1 2 0 8 0 rttmr 136 5 0 5 5 5 0 1 0 8 0 art_heap8 4096 5 0 1 5 0 5 5 0 8 1 art_heap4 256 1796 0 1364 42 13 29 31 0 8 1 art_table 40 1801 0 1365 6 1 5 6 0 8 0 art_node 32 394 0 324 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 4 1 0 1 1 0 8 0 semupl 112 2 0 2 2 2 0 1 0 8 0 semapl 112 317 0 307 1 0 1 1 0 8 0 shmpl 112 132 0 4 4 0 4 4 0 8 0 dirhash 1024 75 0 58 3 0 3 3 0 8 0 dino2pl 256 12995 0 11445 97 0 97 97 0 8 0 ffsino 296 12995 0 11445 120 0 120 120 0 8 0 nchpl 144 21852 0 20114 65 0 65 65 0 8 0 rtmask 32 49 0 48 7 6 1 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 79732 0 79732 7 6 1 2 0 8 1 percpumem 16 420 0 366 1 0 1 1 0 8 0 kstatmem 264 510 0 472 4 1 3 3 0 8 0 acpiwqpl 32 2 0 2 1 0 1 1 1 8 1 scsiplug 72 23 0 23 11 10 1 1 0 8 1 scxspl 216 160667 0 160667 24 21 3 8 1 8 3 plimitpl 152 1638 0 1618 1 0 1 1 0 8 0 sigapl 424 6574 0 6518 7 0 7 7 0 8 0 knotepl 120 895 0 0 26 0 26 26 0 8 0 kqueuepl 224 2900 0 2884 29 27 2 7 0 8 1 pipepl 344 1114 0 1085 14 11 3 9 0 8 0 fdescpl 528 6537 0 6505 3 0 3 3 0 8 0 filepl 160 48564 0 48331 52 39 13 20 0 8 0 lockfpl 104 3389 0 3386 5 4 1 2 0 8 0 lockfspl 48 1086 0 1083 1 0 1 1 0 8 0 sessionpl 144 43 0 34 1 0 1 1 0 8 0 pgrppl 48 154 0 137 1 0 1 1 0 8 0 ucredpl 104 8519 0 8503 1 0 1 1 0 8 0 zombiepl 144 7125 0 7123 2 1 1 1 0 8 0 processpl 1248 6574 0 6518 5 0 5 5 0 8 0 procpl 664 16965 0 16900 9 2 7 7 0 8 0 sosppl 168 33 0 33 7 6 1 1 0 8 1 sockpl 752 12754 0 12719 118 108 10 27 0 8 6 mcl64k 65536 18 0 0 3 0 3 3 0 8 0 mcl16k 16384 3 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 6 0 0 1 0 1 1 0 8 0 mcl4k 4096 115 0 0 15 0 15 15 0 8 0 mcl2k2 2112 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 92 0 0 10 0 10 10 0 8 0 mtagpl 96 18 0 0 1 0 1 1 0 8 0 mbufpl 256 1270 0 0 74 0 74 74 0 8 0 bufpl 280 69021 0 62878 440 0 440 440 0 8 0 anonpl 32 28537 0 0 230 0 230 230 0 246 0 amapchunkpl 152 207808 0 207072 103 69 34 48 0 158 2 amappl16 200 25899 0 25186 80 27 53 65 0 8 0 amappl15 192 5 0 5 2 2 0 1 0 8 0 amappl14 184 154 0 142 1 0 1 1 0 8 0 amappl13 176 6 0 6 3 3 0 1 0 8 0 amappl12 168 7395 0 7363 4 2 2 3 0 8 0 amappl11 160 51 0 37 1 0 1 1 0 8 0 amappl10 152 7 0 7 3 3 0 1 0 8 0 amappl9 144 249 0 248 2 1 1 1 0 8 0 amappl8 136 25 0 22 1 0 1 1 0 8 0 amappl7 128 150 0 135 1 0 1 1 0 8 0 amappl6 120 315 0 311 1 0 1 1 0 8 0 amappl5 112 191 0 181 1 0 1 1 0 8 0 amappl4 104 333 0 313 1 0 1 1 0 8 0 amappl3 96 42512 0 42390 5 1 4 4 0 8 0 amappl2 88 888 0 823 2 0 2 2 0 8 0 amappl1 80 34268 0 33662 15 1 14 15 0 8 0 amappl 88 55643 0 55453 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma512 512 2 0 2 2 2 0 1 0 8 0 dma256 256 77 0 77 5 5 0 1 0 8 0 dma128 128 262 0 262 9 8 1 1 0 8 1 dma64 64 8 0 8 3 3 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 22 0 21 1 0 1 1 0 8 0 aobjpl 72 134 0 4 3 0 3 3 0 8 0 uaddrrnd 24 6537 0 6505 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 6537 0 6505 1 0 1 1 0 8 0 vmmpekpl 168 46841 0 46771 4 0 4 4 0 8 0 vmmpepl 168 415695 0 412884 214 62 152 158 0 357 12 vmsppl 488 6536 0 6505 6 1 5 5 0 8 0 rwobjpl 80 107981 0 100270 179 16 163 169 0 8 0 pdppl 4096 13082 0 13010 130 58 72 86 0 8 0 pvpl 32 37471 0 0 302 1 301 302 0 265 0 pmappl 256 6536 0 6505 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 452 0 131 10 0 10 10 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff837a8ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83914398) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83914398) at __mp_lock+0x192 sys/kern/kern_lock.c:165 softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsoftclock() at Xsoftclock+0x27 __mp_lock(ffffffff83914398) at __mp_lock+0x199 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83914398) at __mp_lock+0x199 sys/kern/kern_lock.c:165 __mp_acquire_count(ffffffff83914398,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 sleep_finish(ffffffffffffffff,1) at sleep_finish+0x2d8 sys/kern/kern_synch.c:367 softclock_thread_run(ffffffff837efa48) at softclock_thread_run+0x79 sys/kern/kern_timeout.c:836 softclock_thread(ffff8000ffffecf8) at softclock_thread+0x10a sys/kern/kern_timeout.c:858 end trace frame: 0x0, count: 3 ddb{0}> trace x86_ipi_db(ffffffff837a8ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83914398) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83914398) at __mp_lock+0x192 sys/kern/kern_lock.c:165 softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsoftclock() at Xsoftclock+0x27 __mp_lock(ffffffff83914398) at __mp_lock+0x199 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83914398) at __mp_lock+0x199 sys/kern/kern_lock.c:165 __mp_acquire_count(ffffffff83914398,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 sleep_finish(ffffffffffffffff,1) at sleep_finish+0x2d8 sys/kern/kern_synch.c:367 softclock_thread_run(ffffffff837efa48) at softclock_thread_run+0x79 sys/kern/kern_timeout.c:836 softclock_thread(ffff8000ffffecf8) at softclock_thread+0x10a sys/kern/kern_timeout.c:858 end trace frame: 0x0, count: -12 ddb{0}> machine ddbcpu 1 Stopped at savectx+0xae: movl $0,%gs:0x688 savectx() at savectx+0xae end of kernel end trace frame: 0x6016a1f5570, count: 14 ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x6016a1f5570, count: -1