uvm_fault(0xfffffd806f19b990, 0x0, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff82d58008 cs 8 rflags 10207 cr2 0 cpl 0 rsp ffff80003c46b2e0 gsbase 0xffff8000299edff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff82d58008 Starting stack trace... panic(ffffffff833a5ff4) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80003c46b230) at kerntrap+0x30b alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff8000016ab000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:586 dtclose(11e5f,81,2000,ffff80002a39c570) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(11e5f,81,2000,ffff80002a39c570) at dtclose+0x109 sys/dev/dt/dt_dev.c:232 spec_close(ffff80003c46b3e0) at spec_close+0x466 sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd805f705490,81,fffffd80097fb000,ffff80002a39c570) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156 vn_closefile(fffffd80617788e8,ffff80002a39c570) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd80617788e8,ffff80002a39c570) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd80617788e8,ffff80002a39c570) at fdrop+0x121 sys/kern/kern_descrip.c:1280 closef(fffffd80617788e8,ffff80002a39c570) at closef+0x192 sys/kern/kern_descrip.c:1264 fdfree(ffff80002a39c570) at fdfree+0x116 sys/kern/kern_descrip.c:1195 exit1(ffff80002a39c570,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215 sys_exit(ffff80002a39c570,ffff80003c46b750,ffff80003c46b6a0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80003c46b750) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c46b750) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x77df9db77d10, count: 242 End of stack trace. WARNING: SPL NOT LOWERED ON SYSCALL 11 -1 EXIT 0 4 Stopped at savectx+0xae: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND 447649 45524 0 0 0x4000000 0 syz-executor *246527 98780 0 0x2 0 1 syz-executor savectx() at savectx+0xae end of kernel end trace frame: 0x74874c88fd10, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd806f19b990, 0x0, 0, 1) -> e ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x74874c88fd10, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80002a3a3730 rbx 0 rdx 0 rcx 0xffff80002a2de020 rax 0x33 r8 0xffff80002a3a3660 r9 0x1 r10 0xc2d75ed4dc720d75 r11 0x2cbc822351cdce82 r12 0 r13 0 r14 0xffff80002a2de020 r15 0 rip 0xffffffff824503ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80002a3a36b0 ss 0x10 savectx+0xae: movl $0,%gs:0x688 ddb{1}> show proc PROC (syz-executor) tid=246527 pid=98780 tcnt=1 stat=onproc flags process=2 proc=0 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a39d500,0xffff80003c4efcd0 process=0xffff80002a302b68 user=0xffff80002a39e000, vmspace=0xfffffd806073e9b8 estcpu=36, cpticks=37, pctcpu=0.20, user=1, sys=36, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 45524 170080 58605 0 2 0 syz-executor 45524 447649 58605 0 7 0x4000000 syz-executor 74123 356402 98780 0 2 0 syz-executor 74123 269229 98780 0 3 0x4000080 fsleep syz-executor 14448 47843 51767 0 2 0 syz-executor 14448 181199 51767 0 3 0x4000080 ttyout syz-executor 14448 102280 51767 0 3 0x4000000 clonelk syz-executor 14448 241177 51767 0 3 0x4000080 fsleep syz-executor 14448 180786 51767 0 3 0x4000080 fsleep syz-executor 65514 353118 12849 0 3 0x80 nanoslp syz-executor 65514 117141 12849 0 3 0x4000000 smrbar syz-executor 65514 128649 12849 0 3 0x4000080 fsleep syz-executor 64636 74440 0 0 3 0x14200 acct acct 28873 243453 4096 0 3 0x82 piperd syz-executor *98780 246527 4096 0 7 0x2 syz-executor 69347 312336 1 0 3 0x100083 ttyin getty 58605 510985 4096 0 3 0x82 nanoslp syz-executor 36729 315563 4096 0 3 0x82 nanoslp syz-executor 43905 126389 4096 0 2 0x2 syz-executor 51767 157032 4096 0 3 0x82 nanoslp syz-executor 35195 17157 0 0 3 0x14200 bored sosplice 12849 121389 4096 0 3 0x82 nanoslp syz-executor 55383 428053 4096 0 3 0x82 nanoslp syz-executor 4096 401722 2178 0 2 0x2 syz-executor 2178 451455 27534 0 3 0x10008a sigsusp ksh 27534 468670 39665 0 3 0x98 kqread sshd-session 39665 7051 77330 0 3 0x92 kqread sshd-session 77330 324176 1 0 3 0x88 kqread sshd 56771 233600 18124 74 3 0x1100092 bpf pflogd 18124 107598 1 0 3 0x80 sbwait pflogd 84637 427124 81736 73 3 0x1100090 kqread syslogd 81736 104058 1 0 3 0x100082 sbwait syslogd 2675 426844 1 0 3 0x100080 kqread resolvd 38504 17728 0 0 3 0x14200 bored smr 98541 46767 0 0 2 0x14200 zerothread 76981 448788 0 0 3 0x14200 aiodoned aiodoned 43328 283384 0 0 3 0x14200 syncer update 14460 241689 0 0 3 0x14200 cleaner cleaner 41872 114867 0 0 3 0x14200 reaper reaper 80976 238263 0 0 3 0x14200 pgdaemon pagedaemon 61759 33363 0 0 3 0x14200 bored viomb 24730 55060 0 0 3 0x40014200 acpi0 acpi0 90607 388168 0 0 3 0x40014200 idle1 4079 506280 0 0 3 0x14200 bored softnet7 60479 15535 0 0 3 0x14200 bored softnet6 22564 309254 0 0 3 0x14200 bored softnet5 99693 443144 0 0 3 0x14200 bored softnet4 15910 200558 0 0 3 0x14200 bored softnet3 76611 194851 0 0 3 0x14200 bored softnet2 16464 447673 0 0 3 0x14200 bored softnet1 35868 259194 0 0 3 0x14200 netlock softnet0 96978 395292 0 0 3 0x14200 smrbar systqmp 51257 74102 0 0 3 0x14200 bored systq 9302 101013 0 0 3 0x14200 tmoslp softclockmp 64068 376660 0 0 3 0x40014200 tmoslp softclock 36432 339665 0 0 3 0x40014200 idle0 1 99194 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 45524 (syz-executor) thread 0xffff80002a39c2d8 (447649) Process 65514 (syz-executor) thread 0xffff80002a2ded18 (117141) Process 96978 (systqmp) thread 0xffff8000ffffe298 (395292) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10272 11155K 12397K 166960K 14866 0 pcb 19 18K 20K 166960K 1636 0 rtable 205 15K 16K 166960K 1095 0 pf 46 19K 131091K 166960K 665 0 ifaddr 43 8K 8K 166960K 395 0 ifgroup 73 2K 3K 166960K 737 0 sysctl 4 1K 9K 166960K 79 0 counters 80 38K 39K 166960K 890 0 ioctlops 0 0K 5K 166960K 2618 0 iov 0 0K 28K 166960K 609 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1479 93K 94K 166960K 5793 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 2K 10K 166960K 35 0 VM map 2 1K 1K 166960K 2 0 sem 24 21K 21K 166960K 258 0 dirhash 12 2K 3K 166960K 135 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 240K 166960K 5574 0 sigio 1 0K 0K 166960K 119 0 proc 66 83K 180K 166960K 1360 0 subproc 72 4K 4K 166960K 147 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 717 0 in_multi 62 4K 7K 166960K 496 0 ether_multi 1 0K 0K 166960K 73 0 mrt 1 0K 0K 166960K 47 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 271 1208K 1208K 166960K 271 0 exec 0 0K 1K 166960K 1378 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 6 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 225 143K 179K 166960K 52076 0 UVM aobj 136 10K 10K 166960K 152 0 pinsyscall 36 72K 102K 166960K 6842 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 369 0 NDP 17 0K 1K 166960K 288 0 temp 79 8656K 8912K 166960K 245844 0 kqueue 8 14K 32K 166960K 1223 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 748 0 747 8 6 2 3 0 8 1 rtentry 176 336 0 272 6 2 4 5 0 8 0 unpcb 144 4786 0 4772 22 17 5 7 0 8 4 syncache 336 8 0 8 2 2 0 1 0 8 0 tcpqe 32 3 0 3 2 2 0 1 0 8 0 tcpcb 736 1941 0 1936 20 16 4 7 0 8 3 arp 136 38 0 26 1 0 1 1 0 8 0 inpcb 328 7108 0 7095 41 32 9 13 0 8 7 nd6 144 53 0 41 1 0 1 1 0 8 0 pkpcb 40 107 0 107 6 5 1 1 0 8 1 kcovpl 48 16 0 8 1 0 1 1 0 8 0 mppekey 1024 2 0 2 1 1 0 1 0 8 0 ppxss 1192 332 0 330 4 3 1 1 0 8 0 pppxif 1504 32 0 32 5 4 1 1 0 8 1 pffrag 232 38 0 25 1 0 1 1 0 482 0 pffrnode 88 31 0 20 1 0 1 1 0 8 0 pffrent 40 64 0 48 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 7 0 7 5 4 1 1 0 8 1 pfstitem 24 398 0 224 2 0 2 2 0 8 0 pfstkey 128 400 0 226 6 0 6 6 0 8 0 pfstate 384 399 0 225 18 0 18 18 0 8 0 pfrule 1344 24 0 19 2 1 1 2 0 8 0 rttmr 136 12 0 12 7 7 0 1 0 8 0 art_heap8 4096 8 0 5 5 2 3 4 0 8 0 art_heap4 256 1904 0 1569 43 21 22 28 0 8 0 art_table 40 1912 0 1574 6 2 4 5 0 8 0 art_node 32 334 0 280 1 0 1 1 0 8 0 sysvmsgpl 40 18 0 11 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 244 0 222 1 0 1 1 0 8 0 shmpl 112 149 0 16 4 0 4 4 0 8 0 dirhash 1024 100 0 83 3 0 3 3 0 8 0 dino2pl 256 12505 0 10975 98 1 97 97 0 8 0 ffsino 296 12505 0 10975 119 0 119 119 0 8 0 nchpl 144 20534 0 19940 64 39 25 64 0 8 0 rtmask 32 79 0 79 6 5 1 1 0 8 1 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 72416 0 72416 7 6 1 3 0 8 1 percpumem 16 460 0 405 1 0 1 1 0 8 0 kstatmem 264 508 0 466 6 3 3 4 0 8 0 acpiwqpl 32 2 0 2 1 0 1 1 1 8 1 scsiplug 72 24 0 24 9 8 1 1 0 8 1 scxspl 216 123499 0 123499 19 16 3 8 1 8 3 plimitpl 152 1563 0 1547 1 0 1 1 0 8 0 sigapl 424 5867 0 5815 9 2 7 9 0 8 0 knotepl 120 649 0 0 19 0 19 19 0 8 0 kqueuepl 224 2754 0 2747 29 26 3 5 0 8 2 pipepl 344 861 0 834 26 23 3 9 0 8 0 fdescpl 528 5809 0 5781 3 0 3 3 0 8 0 filepl 160 44712 0 44497 44 28 16 18 0 8 4 lockfpl 104 2478 0 2475 5 4 1 2 0 8 0 lockfspl 48 747 0 744 1 0 1 1 0 8 0 sessionpl 144 33 0 25 1 0 1 1 0 8 0 pgrppl 48 246 0 230 1 0 1 1 0 8 0 ucredpl 104 7370 0 7360 1 0 1 1 0 8 0 zombiepl 144 6597 0 6594 1 0 1 1 0 8 0 processpl 1232 5867 0 5815 6 1 5 6 0 8 0 procpl 664 15159 0 15099 9 2 7 8 0 8 0 sosppl 168 44 0 44 4 3 1 1 0 8 1 sockpl 752 12947 0 12919 81 71 10 21 0 8 7 mcl64k 65536 21 0 0 3 0 3 3 0 8 0 mcl16k 16384 4 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 8 0 0 1 0 1 1 0 8 0 mcl4k 4096 109 0 0 14 0 14 14 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 51 0 0 6 0 6 6 0 8 0 mtagpl 96 7 0 0 1 0 1 1 0 8 0 mbufpl 256 1226 0 0 72 0 72 72 0 8 0 bufpl 280 50238 0 44095 440 0 440 440 0 8 0 anonpl 32 16233 0 0 131 0 131 131 0 246 0 amapchunkpl 152 188678 0 188096 84 54 30 45 0 158 2 amappl16 200 19831 0 19773 146 129 17 37 0 8 7 amappl15 192 43 0 42 1 0 1 1 0 8 0 amappl14 184 129 0 120 1 0 1 1 0 8 0 amappl13 176 9 0 9 6 6 0 1 0 8 0 amappl12 168 6581 0 6553 3 1 2 2 0 8 0 amappl11 160 55 0 47 1 0 1 1 0 8 0 amappl10 152 31 0 30 2 1 1 1 0 8 0 amappl9 144 249 0 249 1 1 0 1 0 8 0 amappl8 136 19 0 16 1 0 1 1 0 8 0 amappl7 128 151 0 141 1 0 1 1 0 8 0 amappl6 120 264 0 259 1 0 1 1 0 8 0 amappl5 112 174 0 167 1 0 1 1 0 8 0 amappl4 104 333 0 312 1 0 1 1 0 8 0 amappl3 96 32768 0 32678 5 2 3 4 0 8 0 amappl2 88 6082 0 6017 2 0 2 2 0 8 0 amappl1 80 30928 0 30419 15 2 13 15 0 8 0 amappl 88 50285 0 50116 5 0 5 5 0 92 0 dma16384 16384 2 0 2 2 2 0 1 0 8 0 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma2048 2048 2 0 2 1 1 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma512 512 2 0 2 2 2 0 1 0 8 0 dma256 256 8 0 8 3 3 0 1 0 8 0 dma128 128 264 0 264 10 9 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 8 0 8 2 2 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 151 0 16 3 0 3 3 0 8 0 uaddrrnd 24 5809 0 5781 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5809 0 5781 1 0 1 1 0 8 0 vmmpekpl 168 44028 0 43972 3 0 3 3 0 8 0 vmmpepl 168 361299 0 359548 152 53 99 122 0 357 3 vmsppl 488 5808 0 5781 7 3 4 5 0 8 0 rwobjpl 80 94035 0 87127 165 13 152 157 0 8 1 pdppl 4096 11626 0 11562 118 50 68 86 0 8 4 pvpl 32 25041 0 0 201 0 201 201 0 265 0 pmappl 256 5808 0 5781 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 408 0 109 9 0 9 9 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff8376eff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83943ca8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83943ca8) at __mp_lock+0x192 sys/kern/kern_lock.c:165 softintr_dispatch(2) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(2) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsofttty() at Xsofttty+0x27 __mp_lock(ffffffff83943ca8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83943ca8) at __mp_lock+0x192 sys/kern/kern_lock.c:165 softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsoftclock() at Xsoftclock+0x27 __mp_lock(ffffffff83943ca8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83943ca8) at __mp_lock+0x192 sys/kern/kern_lock.c:165 vn_ioctl(fffffd80613675f8,80044b02,ffff80002a3dce00,ffff80002a39c2d8) at vn_ioctl+0x4d sys/kern/vfs_vnops.c:514 sys_ioctl(ffff80002a39c2d8,ffff80002a3dcfe0,ffff80002a3dcf30) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1 end trace frame: 0xffff80002a3dcfd0, count: 0 ddb{0}> trace x86_ipi_db(ffffffff8376eff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83943ca8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83943ca8) at __mp_lock+0x192 sys/kern/kern_lock.c:165 softintr_dispatch(2) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(2) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsofttty() at Xsofttty+0x27 __mp_lock(ffffffff83943ca8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83943ca8) at __mp_lock+0x192 sys/kern/kern_lock.c:165 softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsoftclock() at Xsoftclock+0x27 __mp_lock(ffffffff83943ca8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83943ca8) at __mp_lock+0x192 sys/kern/kern_lock.c:165 vn_ioctl(fffffd80613675f8,80044b02,ffff80002a3dce00,ffff80002a39c2d8) at vn_ioctl+0x4d sys/kern/vfs_vnops.c:514 sys_ioctl(ffff80002a39c2d8,ffff80002a3dcfe0,ffff80002a3dcf30) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1 syscall(ffff80002a3dcfe0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a3dcfe0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xaf70d0c2040, count: -16 ddb{0}> machine ddbcpu 1 Stopped at savectx+0xae: movl $0,%gs:0x688 savectx() at savectx+0xae end of kernel end trace frame: 0x74874c88fd10, count: 14 ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x74874c88fd10, count: -1