uvm_fault(0xfffffd806d4b0b80, 0x0, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff8190e738 cs 8 rflags 10207 cr2 0 cpl 0 rsp ffff80002a2ee550 gsbase 0xffff8000299edff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff8190e738 Starting stack trace... panic(ffffffff833a4fb8) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80002a2ee4a0) at kerntrap+0x30b alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff800001574000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:586 dtclose(11e5f,81,2000,ffff80003c426558) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(11e5f,81,2000,ffff80003c426558) at dtclose+0x109 sys/dev/dt/dt_dev.c:232 spec_close(ffff80002a2ee650) at spec_close+0x466 sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd805ce4a8d0,81,fffffd80097fb750,ffff80003c426558) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156 vn_closefile(fffffd80656bb908,ffff80003c426558) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd80656bb908,ffff80003c426558) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd80656bb908,ffff80003c426558) at fdrop+0x121 sys/kern/kern_descrip.c:1280 closef(fffffd80656bb908,ffff80003c426558) at closef+0x192 sys/kern/kern_descrip.c:1264 fdfree(ffff80003c426558) at fdfree+0x116 sys/kern/kern_descrip.c:1195 exit1(ffff80003c426558,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215 sys_exit(ffff80003c426558,ffff80002a2ee9c0,ffff80002a2ee910) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80002a2ee9c0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a2ee9c0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x782bcefe0d10, count: 242 End of stack trace. WA RNING: SPL NOT LOWERED ON SYSCALL 252 11456 EXIT 0 4 Stopped at savectx+0xae: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND *483096 22341 0 0 0x4000000 1 syz-executor 313949 15560 0 0x14000 0x40000200 0 softclock savectx() at savectx+0xae end of kernel end trace frame: 0x72b74392220, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd806d4b0b80, 0x0, 0, 1) -> e ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x72b74392220, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80003c455c00 rbx 0 rdx 0xffff800001481bc0 rcx 0xffff8000fffeefa8 rax 0x37 r8 0xffff80003c455b30 r9 0x1 r10 0x40c5e2bfd3e9ae06 r11 0x7a6fb0d78a47d923 r12 0 r13 0 r14 0xffff8000fffeefa8 r15 0 rip 0xffffffff81a233ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80003c455b80 ss 0 savectx+0xae: movl $0,%gs:0x688 ddb{1}> show proc PROC (syz-executor) tid=483096 pid=22341 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=86, usrpri=86, slppri=24, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000fffeea78,0xffff80003c427260 process=0xffff80002a3d2b68 user=0xffff80003c450000, vmspace=0xfffffd806b99c018 estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 89186 137451 89543 0 2 0 syz-executor 89186 357399 89543 0 2 0x4000c80 syz-executor 78019 391371 28647 0 2 0 syz-executor 78019 109097 28647 0 3 0x4000080 fsleep syz-executor 22341 153020 70547 0 2 0 syz-executor *22341 483096 70547 0 7 0x4000000 syz-executor 22341 115467 70547 0 3 0x4000080 fsleep syz-executor 47242 494432 95012 0 2 0xc80 syz-executor 47242 434471 95012 0 3 0x4000080 kqsel syz-executor 47242 416901 95012 0 3 0x4000080 fsleep syz-executor 44379 204092 37115 0 3 0x3010 suspend syz-executor 44379 142758 37115 0 2 0x4081010 syz-executor 5004 407279 28153 0 2 0xc82 syz-executor 33853 312126 0 0 3 0x14200 bored sosplice 56984 123623 28153 0 3 0x82 wait syz-executor 70547 166960 28153 0 2 0xc82 syz-executor 82186 509779 28153 0 2 0x2 syz-executor 28647 11343 28153 0 2 0xc82 syz-executor 95012 97493 28153 0 2 0xc82 syz-executor 37115 450040 28153 0 3 0x82 wait syz-executor 89543 245051 28153 0 2 0xc82 syz-executor 28153 210678 6219 0 3 0x82 kqread syz-executor 6219 215301 97703 0 3 0x10008a sigsusp ksh 97703 412115 60862 0 3 0x98 kqread sshd-session 60862 22998 3701 0 3 0x92 kqread sshd-session 52757 342147 1 0 2 0x100083 getty 3701 289864 1 0 3 0x88 kqread sshd 78459 507813 47690 74 3 0x1100092 bpf pflogd 47690 84190 1 0 3 0x80 sbwait pflogd 83570 262515 9021 73 3 0x1100090 kqread syslogd 9021 93708 1 0 3 0x100082 sbwait syslogd 41698 18888 1 0 3 0x100080 kqread resolvd 99957 435094 93279 77 3 0x100092 kqread dhcpleased 19643 211293 93279 77 3 0x100092 kqread dhcpleased 93279 398996 1 0 3 0x80 kqread dhcpleased 2449 259580 0 0 3 0x14200 bored smr 60465 115350 0 0 2 0x14200 zerothread 64238 460406 0 0 3 0x14200 aiodoned aiodoned 61075 21588 0 0 2 0x14e00 update 47229 165072 0 0 3 0x14200 cleaner cleaner 74342 164983 0 0 3 0x14200 reaper reaper 52060 341407 0 0 3 0x14200 pgdaemon pagedaemon 57259 412743 0 0 3 0x14200 bored viomb 59767 44272 0 0 3 0x40014200 acpi0 acpi0 16038 427573 0 0 3 0x40014200 idle1 10209 347309 0 0 3 0x14200 bored softnet1 77686 301102 0 0 2 0x14200 softnet0 96619 21738 0 0 2 0x14200 systqmp 21534 515950 0 0 3 0x14200 bored systq 2092 509596 0 0 2 0x14200 softclockmp 15560 313949 0 0 7 0x40014200 softclock 38928 188958 0 0 3 0x40014200 idle0 1 380146 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 44379 (syz-executor) thread 0xffff80003c4267f0 (142758) Process 82186 (syz-executor) thread 0xffff8000fffefa08 (509779) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10246 11084K 12491K 166960K 13027 0 pcb 17 12K 12K 166960K 116 0 rtable 159 7K 9K 166960K 394 0 pf 33 17K 67485K 166960K 138 0 ifaddr 31 5K 7K 166960K 85 0 ifgroup 47 2K 2K 166960K 140 0 sysctl 3 1K 9K 166960K 12 0 counters 64 36K 37K 166960K 152 0 ioctlops 0 0K 4K 166960K 1620 0 iov 0 0K 24K 166960K 32 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1463 92K 93K 166960K 2055 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 18 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 37 0 dirhash 12 2K 2K 166960K 21 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 240K 166960K 752 0 sigio 0 0K 0K 166960K 16 0 proc 72 115K 180K 166960K 639 0 subproc 72 4K 4K 166960K 81 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 80 0 in_multi 63 4K 7K 166960K 125 0 ether_multi 1 0K 0K 166960K 8 0 mrt 0 0K 0K 166960K 6 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 283 1261K 1261K 166960K 283 0 exec 0 0K 1K 166960K 519 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 246 168K 191K 166960K 8554 0 UVM aobj 24 2K 2K 166960K 24 0 pinsyscall 42 84K 106K 166960K 1878 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 25 0 NDP 10 0K 1K 166960K 59 0 temp 56 8646K 8717K 166960K 26165 0 kqueue 15 24K 30K 166960K 154 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 90 0 87 1 0 1 1 0 8 0 rtentry 176 125 0 64 5 0 5 5 0 8 0 unpcb 144 527 0 508 7 1 6 6 0 8 5 syncache 336 9 0 9 2 1 1 1 0 8 1 tcpqe 32 1 0 1 1 0 1 1 0 8 1 tcpcb 736 269 0 264 9 7 2 8 0 8 1 arp 136 14 0 6 1 0 1 1 0 8 0 inpcb 328 782 0 772 7 5 2 7 0 8 0 nd6 152 23 0 9 1 0 1 1 0 8 0 pkpcb 40 14 0 14 1 0 1 1 0 8 1 kcovpl 48 9 0 1 1 0 1 1 0 8 0 ppxss 1192 32 0 32 1 0 1 1 0 8 1 pppxif 1504 2 0 2 2 1 1 1 0 8 1 pfstscr 40 1 0 1 1 1 0 1 0 8 0 pffrag 232 2 0 0 1 0 1 1 0 482 0 pffrnode 88 2 0 0 1 0 1 1 0 8 0 pffrent 40 6 0 4 1 0 1 1 0 8 0 pfosfp 40 1429 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1429 0 714 21 0 21 21 0 8 0 pfrktable 1344 2 0 2 2 2 0 1 0 8 0 pfstitem 24 31 0 18 1 0 1 1 0 8 0 pfstkey 128 33 0 20 2 1 1 2 0 8 0 pfstate 384 32 0 19 4 0 4 4 0 8 0 pfrule 1344 25 0 18 2 0 2 2 0 8 0 rttmr 136 1 0 1 1 1 0 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 597 0 312 30 4 26 30 0 8 3 art_table 40 599 0 312 5 0 5 5 0 8 0 art_node 32 121 0 67 1 0 1 1 0 8 0 sysvmsgpl 40 6 0 3 1 0 1 1 0 8 0 semapl 112 34 0 24 1 0 1 1 0 8 0 shmpl 112 21 0 0 1 0 1 1 0 8 0 dirhash 1024 23 0 6 3 0 3 3 0 8 0 dino2pl 256 2704 0 1201 96 0 96 96 0 8 0 ffsino 296 2704 0 1201 117 0 117 117 0 8 0 nchpl 144 3709 0 2018 64 0 64 64 0 8 0 rtmask 32 6 0 6 2 2 0 1 0 8 0 uvmvnodes 80 3266 0 0 67 0 67 67 0 8 0 vnodes 216 3266 0 0 182 0 182 182 0 8 0 namei 1024 12829 0 12829 2 1 1 2 0 8 1 percpumem 16 91 0 44 1 0 1 1 0 8 0 kstatmem 264 86 0 62 3 0 3 3 0 8 1 scsiplug 72 2 0 2 2 1 1 1 0 8 1 scxspl 216 24695 0 24695 10 8 2 8 1 8 2 plimitpl 152 118 0 100 1 0 1 1 0 8 0 sigapl 424 1046 0 998 7 1 6 7 0 8 0 knotepl 120 329 0 0 10 0 10 10 0 8 0 kqueuepl 224 298 0 285 6 4 2 5 0 8 1 pipepl 344 167 0 139 3 0 3 3 0 8 0 fdescpl 528 1027 0 996 3 0 3 3 0 8 0 filepl 160 6183 0 5956 20 4 16 16 0 8 6 lockfpl 104 489 0 484 2 1 1 2 0 8 0 lockfspl 48 170 0 165 1 0 1 1 0 8 0 sessionpl 144 24 0 15 1 0 1 1 0 8 0 pgrppl 48 41 0 24 1 0 1 1 0 8 0 ucredpl 104 854 0 840 1 0 1 1 0 8 0 zombiepl 144 1001 0 998 1 0 1 1 0 8 0 processpl 1232 1046 0 998 5 1 4 5 0 8 0 procpl 664 2104 0 2049 6 0 6 6 0 8 0 sosppl 168 3 0 3 1 1 0 1 0 8 0 sockpl 752 1439 0 1407 22 10 12 17 0 8 8 mcl64k 65536 5 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 131 0 0 17 0 17 17 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 25 0 0 4 0 4 4 0 8 0 mtagpl 96 6 0 0 1 0 1 1 0 8 0 mbufpl 256 1170 0 0 73 0 73 73 0 8 0 bufpl 280 10443 0 4300 439 0 439 439 0 8 0 anonpl 32 13898 0 0 112 0 112 112 0 246 0 amapchunkpl 152 28443 0 27935 41 10 31 34 0 158 9 amappl16 200 4194 0 3919 42 11 31 31 0 8 0 amappl15 192 4 0 4 1 1 0 1 0 8 0 amappl14 184 121 0 108 1 0 1 1 0 8 0 amappl13 176 7 0 7 1 1 0 1 0 8 0 amappl12 168 1698 0 1667 4 2 2 3 0 8 0 amappl11 160 52 0 38 1 0 1 1 0 8 0 amappl10 152 7 0 7 1 1 0 1 0 8 0 amappl9 144 248 0 248 1 1 0 1 0 8 0 amappl8 136 22 0 20 1 0 1 1 0 8 0 amappl7 128 115 0 103 1 0 1 1 0 8 0 amappl6 120 215 0 211 1 0 1 1 0 8 0 amappl5 112 129 0 119 1 0 1 1 0 8 0 amappl4 104 306 0 287 1 0 1 1 0 8 0 amappl3 96 4741 0 4645 3 0 3 3 0 8 0 amappl2 88 1273 0 1194 2 0 2 2 0 8 0 amappl1 80 11026 0 10430 16 2 14 15 0 8 0 amappl 88 7729 0 7558 5 0 5 5 0 92 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 255 0 255 2 1 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 23 0 0 1 0 1 1 0 8 0 uaddrrnd 24 1027 0 996 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1027 0 996 1 0 1 1 0 8 0 vmmpekpl 168 9443 0 9396 3 0 3 3 0 8 0 vmmpepl 168 70829 0 68592 117 6 111 111 0 357 0 vmsppl 488 1026 0 996 6 1 5 5 0 8 1 rwobjpl 80 24691 0 20225 96 0 96 96 0 8 0 pdppl 4096 2062 0 1992 110 38 72 88 0 8 2 pvpl 32 23196 0 0 187 0 187 187 0 265 0 pmappl 256 1026 0 996 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 358 0 55 10 0 10 10 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff837efff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83915db8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83915db8) at __mp_lock+0x192 sys/kern/kern_lock.c:165 intr_handler(ffff80002a2081d0,ffff800000069c00) at intr_handler+0xe9 sys/arch/amd64/amd64/intr.c:559 Xintr_ioapic_edge16_untramp() at Xintr_ioapic_edge16_untramp+0x18f __mp_lock(ffffffff83915db8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83915db8) at __mp_lock+0x192 sys/kern/kern_lock.c:165 __mp_acquire_count(ffffffff83915db8,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 sleep_finish(ffffffffffffffff,1) at sleep_finish+0x2d8 sys/kern/kern_synch.c:367 softclock_thread_run(ffffffff837d87a8) at softclock_thread_run+0x79 sys/kern/kern_timeout.c:836 softclock_thread(ffff8000fffff4c0) at softclock_thread+0x10a sys/kern/kern_timeout.c:858 end trace frame: 0x0, count: 4 ddb{0}> trace x86_ipi_db(ffffffff837efff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83915db8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83915db8) at __mp_lock+0x192 sys/kern/kern_lock.c:165 intr_handler(ffff80002a2081d0,ffff800000069c00) at intr_handler+0xe9 sys/arch/amd64/amd64/intr.c:559 Xintr_ioapic_edge16_untramp() at Xintr_ioapic_edge16_untramp+0x18f __mp_lock(ffffffff83915db8) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83915db8) at __mp_lock+0x192 sys/kern/kern_lock.c:165 __mp_acquire_count(ffffffff83915db8,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 sleep_finish(ffffffffffffffff,1) at sleep_finish+0x2d8 sys/kern/kern_synch.c:367 softclock_thread_run(ffffffff837d87a8) at softclock_thread_run+0x79 sys/kern/kern_timeout.c:836 softclock_thread(ffff8000fffff4c0) at softclock_thread+0x10a sys/kern/kern_timeout.c:858 end trace frame: 0x0, count: -11 ddb{0}> machine ddbcpu 1 Stopped at savectx+0xae: movl $0,%gs:0x688 savectx() at savectx+0xae end of kernel end trace frame: 0x72b74392220, count: 14 ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x72b74392220, count: -1