uvm_fault(0xfffffd806bedd5b8, 0x0, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff815d0680 cs 8 rflags 10246 cr2 0 cpl 0 rsp ffff80002fce7550 gsbase 0xffff8000299ddff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff815d0680 Starting stack trace... panic(ffffffff8333a26a) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80002fce74a0) at kerntrap+0x29b sys/arch/amd64/amd64/trap.c:327 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff80000173a000) at dt_ioctl_record_stop+0xf0 sys/dev/dt/dt_dev.c:579 dtclose(11e5f,1,2000,ffff80003a82a028) at dtclose+0x105 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(11e5f,1,2000,ffff80003a82a028) at dtclose+0x105 sys/dev/dt/dt_dev.c:232 spec_close(ffff80002fce7650) at spec_close+0x45f sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd805c993298,1,fffffd807f7d32d8,ffff80003a82a028) at VOP_CLOSE+0x133 sys/kern/vfs_vops.c:156 vn_closefile(fffffd805fde74c0,ffff80003a82a028) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd805fde74c0,ffff80003a82a028) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd805fde74c0,ffff80003a82a028) at fdrop+0x126 sys/kern/kern_descrip.c:1267 closef(fffffd805fde74c0,ffff80003a82a028) at closef+0x192 sys/kern/kern_descrip.c:1251 fdfree(ffff80003a82a028) at fdfree+0x116 sys/kern/kern_descrip.c:1182 exit1(ffff80003a82a028,b,0,1) at exit1+0x58f sys/kern/kern_exit.c:214 sys_exit(ffff80003a82a028,ffff80002fce79c0,ffff80002fce7910) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80002fce79c0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002fce79c0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x76f6479ad660, count: 242 End of stack trace. WAR NING: SPL NOT LOWERED ON TRAP EXIT 4 0 Stopped at proc_trampoline+0xc7: movl $0,%gs:0x680 TID PID UID PRFLAGS PFLAGS CPU COMMAND * 34605 4628 0 0x2 0 1 syz-executor 513811 40293 0 0x14000 0x40000200 0 softclock proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x713db7cfc3c0, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd806bedd5b8, 0x0, 0, 1) -> e ddb{1}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x713db7cfc3c0, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80002a392e40 rbx 0 rdx 0 rcx 0xffff80003a82acf8 rax 0x2a r8 0xffff80002a392d70 r9 0x1 r10 0xc9c272e1ee094601 r11 0xec6adf63f2044314 r12 0 r13 0 r14 0 r15 0 rip 0xffffffff818614c7 proc_trampoline+0xc7 cs 0x8 rflags 0x246 rsp 0xffff80002a392dc0 ss 0 proc_trampoline+0xc7: movl $0,%gs:0x680 ddb{1}> show proc PROC (syz-executor) tid=34605 pid=4628 tcnt=1 stat=onproc flags process=2 proc=0 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a291728,0xffff80002a2979f8 process=0xffff80003a816aa8 user=0xffff80002a38d000, vmspace=0xfffffd806c58d3e8 estcpu=36, cpticks=2, pctcpu=0.23, user=0, sys=67, intr=2 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 5132 412435 33858 0 2 0 syz-executor 5132 176328 33858 0 3 0x4000080 fifor syz-executor 11974 58755 97610 0 2 0 syz-executor 11974 209012 97610 0 2 0x4000000 syz-executor 58225 348096 14512 0 2 0xc80 syz-executor 58225 153726 14512 0 3 0x4000080 pipewr syz-executor 58225 416741 14512 0 3 0x4000080 fsleep syz-executor 58225 391201 14512 0 3 0x4000080 fsleep syz-executor 15803 470872 20946 0 2 0xc80 syz-executor 15803 51376 20946 0 3 0x4000080 kqread syz-executor 15803 458730 20946 0 3 0x4000080 fsleep syz-executor 15803 463451 20946 0 3 0x4000080 fsleep syz-executor 80318 115370 86597 0 2 0xc82 syz-executor 33858 400649 86597 0 2 0xc82 syz-executor 97610 382502 86597 0 2 0xc82 syz-executor 32279 400686 0 0 3 0x14200 acct acct 31411 104448 86597 0 3 0x82 wait syz-executor 14512 1178 86597 0 2 0xc82 syz-executor 20946 164328 86597 0 2 0xc82 syz-executor 24047 110926 86597 0 3 0x82 wait syz-executor * 4628 34605 86597 0 7 0x2 syz-executor 90936 485422 1 0 2 0x100083 getty 22901 413125 0 0 3 0x14200 bored sosplice 86597 103412 63815 0 3 0x82 kqread syz-executor 63815 188171 29674 0 3 0x10008a sigsusp ksh 29674 83566 44556 0 3 0x98 kqread sshd-session 44556 184755 68821 0 3 0x92 kqread sshd-session 68821 213717 1 0 3 0x88 kqread sshd 86478 161444 95051 74 3 0x1100092 bpf pflogd 95051 329092 1 0 3 0x80 sbwait pflogd 10902 509176 6285 73 3 0x1100090 kqread syslogd 6285 277731 1 0 3 0x100082 sbwait syslogd 45675 367714 1 0 3 0x100080 kqread resolvd 91385 267983 4356 77 3 0x100092 kqread dhcpleased 33275 430641 4356 77 3 0x100092 kqread dhcpleased 4356 61732 1 0 3 0x80 kqread dhcpleased 7897 516175 0 0 3 0x14200 bored smr 98504 456842 0 0 2 0x14200 zerothread 77100 303306 0 0 3 0x14200 aiodoned aiodoned 5309 177705 0 0 3 0x14200 syncer update 83430 284326 0 0 3 0x14200 cleaner cleaner 52852 507017 0 0 3 0x14200 reaper reaper 96814 345025 0 0 3 0x14200 pgdaemon pagedaemon 15971 421301 0 0 3 0x14200 bored viomb 31343 24736 0 0 3 0x40014200 acpi0 acpi0 1306 396697 0 0 3 0x40014200 idle1 55849 358248 0 0 3 0x14200 bored softnet3 59952 297398 0 0 3 0x14200 bored softnet2 27181 84436 0 0 3 0x14200 bored softnet1 66540 83834 0 0 2 0x14200 softnet0 38758 286734 0 0 2 0x14200 systqmp 62904 509926 0 0 3 0x14200 bored systq 81959 250611 0 0 2 0x14200 softclockmp 40293 513811 0 0 7 0x40014200 softclock 3504 150208 0 0 3 0x40014200 idle0 1 195949 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 11974 (syz-executor) thread 0xffff80003a82a2b8 (209012) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10273 11132K 12480K 166960K 21543 0 pcb 17 20K 26K 166960K 2846 0 rtable 272 18K 19K 166960K 4213 0 pf 47 20K 83K 166960K 951 0 ifaddr 49 12K 13K 166960K 735 0 ifgroup 70 2K 3K 166960K 1297 0 sysctl 4 1K 9K 166960K 224 0 counters 74 37K 38K 166960K 1576 0 ioctlops 0 0K 4K 166960K 4060 0 iov 0 0K 32K 166960K 1194 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1551 97K 98K 166960K 10504 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 128K 160K 166960K 281 0 VM map 2 1K 1K 166960K 2 0 sem 21 116K 126K 166960K 46 0 dirhash 18 3K 3K 166960K 327 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 240K 166960K 16319 0 sigio 0 0K 0K 166960K 386 0 proc 76 103K 152K 166960K 3871 0 subproc 72 4K 4K 166960K 629 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 2203 0 in_multi 79 5K 7K 166960K 1221 0 ether_multi 1 0K 0K 166960K 185 0 mrt 1 0K 0K 166960K 75 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 265 1182K 1182K 166960K 265 0 exec 0 0K 1K 166960K 3376 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 21 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 280 176K 189K 166960K 142566 0 UVM aobj 72 3K 3K 166960K 73 0 pinsyscall 42 84K 106K 166960K 18964 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 964 0 NDP 16 0K 1K 166960K 464 0 temp 160 8677K 9192K 166960K 704726 0 kqueue 16 26K 32K 166960K 2605 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 1971 0 1967 11 10 1 4 0 8 0 rtentry 176 1241 0 1138 7 1 6 6 0 8 0 unpcb 144 11911 0 11889 52 46 6 6 0 8 5 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 808 5036 0 5032 74 73 1 11 0 8 0 arp 128 245 0 219 2 0 2 2 0 8 1 inpcb 384 17134 0 17126 115 106 9 18 0 8 8 nd6 144 250 0 225 2 0 2 2 0 8 1 pkpcb 40 303 0 302 14 13 1 1 0 8 0 kcovpl 48 69 0 61 1 0 1 1 0 8 0 mppekey 1024 66 0 66 7 7 0 1 0 8 0 ppxss 1192 570 0 569 6 5 1 1 0 8 0 pppxif 1504 177 0 177 17 16 1 1 0 8 1 pffrag 232 114 0 104 1 0 1 1 0 482 0 pffrnode 88 105 0 95 1 0 1 1 0 8 0 pffrent 40 323 0 313 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 37 0 36 1 0 1 1 0 8 0 pfstitem 24 884 0 659 2 0 2 2 0 8 0 pfstkey 128 886 0 661 8 0 8 8 0 8 0 pfstate 384 885 0 660 24 1 23 23 0 8 0 pfrule 1344 24 0 16 2 1 1 2 0 8 0 rttmr 136 2 0 2 1 1 0 1 0 8 0 art_heap8 4096 5 0 1 5 1 4 5 0 8 0 art_heap4 256 4147 0 3783 48 22 26 30 0 8 1 art_table 32 4152 0 3784 4 0 4 4 0 8 0 art_node 16 1086 0 1003 1 0 1 1 0 8 0 sysvmsgpl 40 19 0 13 1 0 1 1 0 8 0 semupl 112 12 0 12 5 5 0 1 0 8 0 semapl 112 33 0 14 1 0 1 1 0 8 0 shmpl 112 70 0 1 2 0 2 2 0 8 0 dirhash 1024 228 0 207 3 0 3 3 0 8 0 dino2pl 256 30320 0 28645 105 0 105 105 0 8 0 ffsino 288 30320 0 28645 120 0 120 120 0 8 0 nchpl 144 52331 0 51632 65 39 26 64 0 8 0 rtmask 32 74 0 74 16 15 1 1 0 8 1 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 193998 0 193997 12 11 1 3 0 8 0 percpumem 16 803 0 751 1 0 1 1 0 8 0 kstatmem 264 810 0 774 4 1 3 3 0 8 0 acpiwqpl 32 6 0 6 1 0 1 1 1 8 1 scsiplug 72 57 0 57 12 11 1 1 0 8 1 scxspl 216 164499 0 164499 33 30 3 8 1 8 3 plimitpl 152 3332 0 3315 1 0 1 1 0 8 0 sigapl 424 16561 0 16510 13 5 8 9 0 8 1 knotepl 120 992 0 0 24 0 24 24 0 8 0 kqueuepl 224 6013 0 5999 40 39 1 5 0 8 0 pipepl 336 2598 0 2570 48 45 3 8 0 8 0 fdescpl 520 16437 0 16406 3 0 3 3 0 8 0 filepl 160 117977 0 117749 63 48 15 21 0 8 3 lockfpl 104 5211 0 5209 7 6 1 4 0 8 0 lockfspl 48 1758 0 1756 1 0 1 1 0 8 0 sessionpl 144 90 0 81 1 0 1 1 0 8 0 pgrppl 48 466 0 449 1 0 1 1 0 8 0 ucredpl 104 22991 0 22978 1 0 1 1 0 8 0 zombiepl 144 17304 0 17301 3 2 1 1 0 8 0 processpl 1208 16561 0 16510 7 1 6 6 0 8 0 procpl 656 41036 0 40977 10 4 6 8 0 8 0 srpgc 96 141 0 141 12 12 0 1 0 8 0 sosppl 168 102 0 102 14 13 1 1 0 8 1 sockpl 728 31777 0 31742 177 166 11 22 0 8 7 mcl64k 65536 18 0 0 3 0 3 3 0 8 0 mcl16k 16384 26 0 0 4 1 3 3 0 8 0 mcl12k 12288 6 0 0 1 0 1 1 0 8 0 mcl9k 9216 5 0 0 1 0 1 1 0 8 0 mcl8k 8192 19 0 0 3 0 3 3 0 8 0 mcl4k 4096 157 0 0 15 0 15 15 0 8 0 mcl2k2 2112 9 0 0 1 0 1 1 0 8 0 mcl2k 2048 163 0 0 13 7 6 11 0 8 0 mtagpl 96 106 0 0 3 0 3 3 0 8 0 mbufpl 256 5449 0 0 335 0 335 335 0 8 0 bufpl 280 40503 0 34361 440 0 440 440 0 8 0 anonpl 32 21406 0 0 172 0 172 172 0 246 0 amapchunkpl 152 490935 0 490077 97 55 42 44 0 158 4 amappl16 200 30005 0 29544 137 100 37 42 0 8 8 amappl15 192 7 0 7 4 4 0 1 0 8 0 amappl14 184 242 0 230 1 0 1 1 0 8 0 amappl13 176 17 0 17 9 9 0 1 0 8 0 amappl12 168 18050 0 18019 4 2 2 3 0 8 0 amappl11 160 51 0 37 1 0 1 1 0 8 0 amappl10 152 7 0 7 3 3 0 1 0 8 0 amappl9 144 278 0 278 1 1 0 1 0 8 0 amappl8 136 23 0 20 1 0 1 1 0 8 0 amappl7 128 239 0 226 1 0 1 1 0 8 0 amappl6 120 791 0 787 1 0 1 1 0 8 0 amappl5 112 375 0 364 1 0 1 1 0 8 0 amappl4 104 521 0 501 1 0 1 1 0 8 0 amappl3 96 105600 0 105478 4 0 4 4 0 8 0 amappl2 88 1532 0 1467 2 0 2 2 0 8 0 amappl1 80 77891 0 77279 15 1 14 15 0 8 0 amappl 88 137815 0 137611 6 0 6 6 0 92 0 dma65536 65536 3 0 3 2 2 0 1 0 8 0 dma32768 32768 3 0 3 3 3 0 1 0 8 0 dma16384 16384 1 0 1 1 1 0 1 0 8 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 6 0 6 5 5 0 1 0 8 0 dma2048 2048 6 0 6 4 4 0 1 0 8 0 dma1024 1024 5 0 4 1 0 1 1 0 8 0 dma512 512 1 0 1 1 1 0 1 0 8 0 dma256 256 17 0 17 8 8 0 1 0 8 0 dma128 128 275 0 275 17 16 1 1 0 8 1 dma64 64 14 0 14 7 7 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 72 0 1 2 0 2 2 0 8 0 uaddrrnd 24 16437 0 16406 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 16437 0 16406 1 0 1 1 0 8 0 vmmpekpl 168 101336 0 101274 5 0 5 5 0 8 0 vmmpepl 168 991700 0 989179 197 66 131 131 0 357 6 vmsppl 480 16436 0 16406 6 1 5 5 0 8 0 rwobjpl 72 212685 0 205265 161 21 140 141 0 8 1 pdppl 4096 32882 0 32812 212 138 74 86 0 8 4 pvpl 32 29852 0 0 240 2 238 238 0 265 0 pmappl 256 16436 0 16406 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 1037 0 331 21 0 21 21 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff83820ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x44 sys/dev/kcov.c:159 intr_handler(ffff80002a1f88f0,ffff800000069c00) at intr_handler+0xe1 sys/arch/amd64/amd64/intr.c:559 Xintr_ioapic_edge16_untramp() at Xintr_ioapic_edge16_untramp+0x18f __mp_lock(ffffffff83994720) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff83994720) at __mp_lock+0x192 sys/kern/kern_lock.c:144 __mp_acquire_count(ffffffff83994720,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 mi_switch() at mi_switch+0x4b7 sys/kern/sched_bsd.c:441 sleep_finish(0,1) at sleep_finish+0x24f sys/kern/kern_synch.c:412 softclock_thread_run(ffffffff83868fd8) at softclock_thread_run+0x74 sys/kern/kern_timeout.c:828 softclock_thread(ffff8000fffff480) at softclock_thread+0x10a sys/kern/kern_timeout.c:850 end trace frame: 0x0, count: 3 ddb{0}> trace x86_ipi_db(ffffffff83820ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x44 sys/dev/kcov.c:159 intr_handler(ffff80002a1f88f0,ffff800000069c00) at intr_handler+0xe1 sys/arch/amd64/amd64/intr.c:559 Xintr_ioapic_edge16_untramp() at Xintr_ioapic_edge16_untramp+0x18f __mp_lock(ffffffff83994720) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff83994720) at __mp_lock+0x192 sys/kern/kern_lock.c:144 __mp_acquire_count(ffffffff83994720,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 mi_switch() at mi_switch+0x4b7 sys/kern/sched_bsd.c:441 sleep_finish(0,1) at sleep_finish+0x24f sys/kern/kern_synch.c:412 softclock_thread_run(ffffffff83868fd8) at softclock_thread_run+0x74 sys/kern/kern_timeout.c:828 softclock_thread(ffff8000fffff480) at softclock_thread+0x10a sys/kern/kern_timeout.c:850 end trace frame: 0x0, count: -12 ddb{0}> machine ddbcpu 1 Stopped at proc_trampoline+0xc7: movl $0,%gs:0x680 proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x713db7cfc3c0, count: 14 ddb{1}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x713db7cfc3c0, count: -1