uvm_fault(0xfffffd805fd6c210, 0x0, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff81405060 cs 8 rflags 10207 cr2 0 cpl 0 rsp ffff80003c51b630 gsbase 0xffff8000299ddff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff81405060 Starting stack trace... panic(ffffffff83335566) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80003c51b580) at kerntrap+0x29b sys/arch/amd64/amd64/trap.c:327 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff800001483000) at dt_ioctl_record_stop+0xf0 sys/dev/dt/dt_dev.c:579 dtclose(21e5f,81,2000,ffff80002a2f39d8) at dtclose+0x105 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(21e5f,81,2000,ffff80002a2f39d8) at dtclose+0x105 sys/dev/dt/dt_dev.c:232 spec_close(ffff80003c51b730) at spec_close+0x45f sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd806f6f90d8,81,fffffd807f7d36e8,ffff80002a2f39d8) at VOP_CLOSE+0x133 sys/kern/vfs_vops.c:156 vn_closefile(fffffd806c47aa20,ffff80002a2f39d8) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd806c47aa20,ffff80002a2f39d8) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd806c47aa20,ffff80002a2f39d8) at fdrop+0x126 sys/kern/kern_descrip.c:1265 closef(fffffd806c47aa20,ffff80002a2f39d8) at closef+0x192 sys/kern/kern_descrip.c:1249 fdfree(ffff80002a2f39d8) at fdfree+0x116 sys/kern/kern_descrip.c:1181 exit1(ffff80002a2f39d8,b,0,1) at exit1+0x58f sys/kern/kern_exit.c:214 sys_exit(ffff80002a2f39d8,ffff80003c51baa0,ffff80003c51b9f0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80003c51baa0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c51baa0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x79b51d7e8450, count: 242 End of stack trace. WARNING: SPL NOT LOWERED ON SYSCALL 83 -1891959984 EXIT 0 4 Stopped at savectx+0xae: movl $0,%gs:0x680 TID PID UID PRFLAGS PFLAGS CPU COMMAND *257391 35616 60928 0x10 0x4000000 1 syz-executor 269587 95781 0 0x14000 0x40000200 0 softclock savectx() at savectx+0xae end of kernel end trace frame: 0x6d53dde78b0, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd805fd6c210, 0x0, 0, 1) -> e ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x6d53dde78b0, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80002a29a4e0 rbx 0 rdx 0xffff8000014507c0 rcx 0xffff80003c478d00 rax 0x3c r8 0xffff80002a29a410 r9 0x1 r10 0xd3fbae54f1a18a4b r11 0x90b4c45a39eb73f9 r12 0 r13 0 r14 0xffff80003c478d00 r15 0 rip 0xffffffff82f233ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80002a29a460 ss 0x10 savectx+0xae: movl $0,%gs:0x680 ddb{1}> show proc PROC (syz-executor) tid=257391 pid=35616 tcnt=2 stat=onproc flags process=10 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c479220,0xffff80003c478040 process=0xffff80003c412f50 user=0xffff80002a295000, vmspace=0xfffffd805fd6c5d0 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 463 332184 30533 0 2 0 syz-executor 35616 489790 90591 60928 2 0x10 syz-executor *35616 257391 90591 60928 7 0x4000010 syz-executor 96258 310276 65778 0 2 0xc80 syz-executor 96258 385263 65778 0 3 0x4000080 kqsel syz-executor 96258 519984 65778 0 3 0x4000080 fsleep syz-executor 92107 338292 50787 60929 2 0xc90 syz-executor 92107 180073 50787 60929 3 0x4000090 pppxread syz-executor 92107 235874 50787 60929 3 0x4000090 fsleep syz-executor 92107 191601 50787 60929 3 0x4000090 fsleep syz-executor 57864 139194 2356 0 2 0xc80 syz-executor 57864 432023 2356 0 3 0x4000080 ttyin syz-executor 57864 314461 2356 0 3 0x4000080 fsleep syz-executor 86583 124762 7877 0 2 0xc80 syz-executor 86583 328888 7877 0 3 0x4000080 kqsel syz-executor 86583 83473 7877 0 3 0x4000080 fsleep syz-executor 98745 496375 1 0 3 0x80 nanoslp init 19849 501703 40094 0 2 0x2 syz-executor 50787 403668 40094 0 2 0xc82 syz-executor 84194 479406 0 0 3 0x14200 bored sosplice 30533 110581 40094 0 2 0xc82 syz-executor 7877 258845 40094 0 2 0xc82 syz-executor 94174 87283 40094 0 2 0xc82 syz-executor 65778 286533 40094 0 2 0xc82 syz-executor 2356 142984 40094 0 2 0xc82 syz-executor 90591 341419 40094 0 2 0xc82 syz-executor 40094 194778 82169 0 3 0x82 kqread syz-executor 82169 281786 68594 0 3 0x10008a sigsusp ksh 68594 168441 1385 0 3 0x98 kqread sshd-session 1385 396961 53668 0 3 0x92 kqread sshd-session 53668 61211 1 0 3 0x88 kqread sshd 13435 177534 69790 74 3 0x1100092 bpf pflogd 69790 42176 1 0 3 0x80 sbwait pflogd 74291 483911 41690 73 3 0x1100090 kqread syslogd 41690 58994 1 0 3 0x100082 sbwait syslogd 49886 15980 1 0 3 0x100080 kqread resolvd 62761 297948 10915 77 3 0x100092 kqread dhcpleased 9637 469186 10915 77 3 0x100092 kqread dhcpleased 10915 438550 1 0 3 0x80 kqread dhcpleased 19911 80827 0 0 3 0x14200 bored smr 67309 42920 0 0 3 0x14200 pgzero zerothread 57598 170790 0 0 3 0x14200 aiodoned aiodoned 9722 62820 0 0 3 0x14200 syncer update 16310 327920 0 0 3 0x14200 cleaner cleaner 87259 232153 0 0 3 0x14200 reaper reaper 92018 193146 0 0 3 0x14200 pgdaemon pagedaemon 69326 334742 0 0 3 0x14200 bored viomb 75036 431652 0 0 3 0x40014200 acpi0 acpi0 95172 116611 0 0 3 0x40014200 idle1 31412 425232 0 0 3 0x14200 bored softnet3 17726 294714 0 0 3 0x14200 bored softnet2 3404 373812 0 0 3 0x14200 bored softnet1 82753 29607 0 0 2 0x14200 softnet0 57447 34050 0 0 2 0x14200 systqmp 957 121626 0 0 3 0x14200 bored systq 94188 501434 0 0 2 0x14200 softclockmp 95781 269587 0 0 7 0x40014200 softclock 7025 506179 0 0 3 0x40014200 idle0 1 196281 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 19849 (syz-executor) thread 0xffff80003c4799d0 (501703) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10205 11110K 11509K 166960K 13971 0 pcb 17 15K 17K 166960K 394 0 rtable 201 9K 10K 166960K 581 0 pf 36 18K 81K 166960K 200 0 ifaddr 33 5K 8K 166960K 119 0 ifgroup 47 2K 2K 166960K 226 0 sysctl 4 1K 1K 166960K 8 0 counters 60 35K 37K 166960K 202 0 ioctlops 0 0K 4K 166960K 1840 0 iov 1 12K 16K 166960K 147 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1466 92K 93K 166960K 3517 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 36 0 VM map 2 1K 1K 166960K 2 0 sem 31 3K 4K 166960K 41 0 dirhash 12 2K 2K 166960K 75 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 93K 166960K 1818 0 sigio 1 0K 0K 166960K 33 0 proc 63 79K 140K 166960K 807 0 subproc 72 4K 4K 166960K 108 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 1 0K 0K 166960K 218 0 in_multi 72 5K 7K 166960K 182 0 ether_multi 1 0K 0K 166960K 5 0 mrt 0 0K 0K 166960K 12 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 91 413K 413K 166960K 91 0 exec 0 0K 1K 166960K 706 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 263 158K 173K 166960K 17780 0 UVM aobj 50 6K 6K 166960K 62 0 pinsyscall 41 82K 103K 166960K 3044 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 0K 166960K 150 0 NDP 10 0K 2K 166960K 85 0 temp 78 8664K 8911K 166960K 99472 0 kqueue 13 20K 30K 166960K 287 0 SYN cache 2 10K 18K 166960K 3 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 129 0 126 1 0 1 1 0 8 0 rtentry 176 176 0 92 6 0 6 6 0 8 0 unpcb 144 1597 0 1576 16 10 6 6 0 8 5 syncache 336 8 0 8 3 2 1 1 0 8 1 tcpqe 32 2 0 2 2 2 0 1 0 8 0 tcpcb 808 666 0 661 18 17 1 8 0 8 0 arp 128 28 0 15 1 0 1 1 0 8 0 inpcb 384 2443 0 2432 35 27 8 15 0 8 6 nd6 144 41 0 22 2 0 2 2 0 8 0 pkpcb 40 22 0 22 3 2 1 1 0 8 1 kcovpl 48 12 0 4 1 0 1 1 0 8 0 mppekey 1024 3 0 3 1 0 1 1 0 8 1 ppxss 1192 42 0 42 2 1 1 1 0 8 1 pppxif 1504 10 0 10 3 2 1 1 0 8 1 pffrag 232 40 0 33 1 0 1 1 0 482 0 pffrnode 88 39 0 33 1 0 1 1 0 8 0 pffrent 40 78 0 71 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 5 0 2 1 0 1 1 0 8 0 pfanchor 1288 2 0 0 1 0 1 1 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 98 0 39 1 0 1 1 0 8 0 pfstkey 128 98 0 39 2 0 2 2 0 8 0 pfstate 384 97 0 39 6 0 6 6 0 8 0 pfrule 1344 35 0 24 2 1 1 2 0 8 0 rttmr 136 1 0 1 1 1 0 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 720 0 368 31 2 29 30 0 8 1 art_table 32 722 0 368 4 0 4 4 0 8 0 art_node 16 172 0 96 1 0 1 1 0 8 0 sysvmsgpl 40 11 0 5 2 1 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 34 0 5 1 0 1 1 0 8 0 shmpl 112 59 0 12 2 0 2 2 0 8 0 dirhash 1024 60 0 43 3 0 3 3 0 8 0 dino2pl 256 4788 0 3274 96 0 96 96 0 8 0 ffsino 288 4788 0 3274 109 0 109 109 0 8 0 nchpl 144 7339 0 5626 64 0 64 64 0 8 0 rtmask 32 6 0 6 2 1 1 1 0 8 1 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 26855 0 26854 3 2 1 2 0 8 0 percpumem 16 116 0 71 1 0 1 1 0 8 0 pfiaddrpl 120 2 0 0 1 0 1 1 0 8 0 kstatmem 264 122 0 102 4 2 2 3 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 9 0 9 4 4 0 1 0 8 0 scxspl 216 21636 0 21636 10 9 1 8 1 8 1 plimitpl 152 250 0 232 1 0 1 1 0 8 0 sigapl 424 2144 0 2094 9 1 8 9 0 8 0 knotepl 120 667 0 0 21 0 21 21 0 8 0 kqueuepl 224 587 0 574 6 3 3 3 0 8 2 pipepl 336 368 0 341 3 0 3 3 0 8 0 fdescpl 520 2101 0 2070 3 0 3 3 0 8 0 filepl 160 15261 0 15032 35 17 18 20 0 8 7 lockfpl 104 462 0 460 1 0 1 1 0 8 0 lockfspl 48 190 0 188 1 0 1 1 0 8 0 sessionpl 144 33 0 25 1 0 1 1 0 8 0 pgrppl 48 62 0 46 1 0 1 1 0 8 0 ucredpl 104 2151 0 2136 1 0 1 1 0 8 0 zombiepl 144 2095 0 2094 1 0 1 1 0 8 0 processpl 1208 2144 0 2094 6 1 5 6 0 8 0 procpl 656 4857 0 4797 8 2 6 8 0 8 0 srpgc 96 12 0 12 5 4 1 1 0 8 1 sosppl 168 16 0 16 5 4 1 1 0 8 1 sockpl 728 4234 0 4198 62 50 12 26 0 8 8 mcl64k 65536 18 0 0 3 0 3 3 0 8 0 mcl16k 16384 6 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 7 0 0 1 0 1 1 0 8 0 mcl4k 4096 105 0 0 14 1 13 14 0 8 0 mcl2k 2048 39 0 0 5 0 5 5 0 8 0 mtagpl 96 45 0 0 2 0 2 2 0 8 0 mbufpl 256 1227 0 0 76 0 76 76 0 8 0 bufpl 280 6338 0 196 439 0 439 439 0 8 0 anonpl 32 12575 0 0 102 0 102 102 0 246 0 amapchunkpl 152 60214 0 59516 47 14 33 36 0 158 3 amappl16 200 4371 0 4327 28 15 13 16 0 8 8 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 133 0 122 1 0 1 1 0 8 0 amappl13 176 6 0 6 2 2 0 1 0 8 0 amappl12 168 2812 0 2782 4 1 3 3 0 8 0 amappl11 160 52 0 38 1 0 1 1 0 8 0 amappl10 152 3 0 2 1 0 1 1 0 8 0 amappl9 144 249 0 249 1 1 0 1 0 8 0 amappl8 136 25 0 21 1 0 1 1 0 8 0 amappl7 128 124 0 113 1 0 1 1 0 8 0 amappl6 120 222 0 218 1 0 1 1 0 8 0 amappl5 112 141 0 130 1 0 1 1 0 8 0 amappl4 104 345 0 326 1 0 1 1 0 8 0 amappl3 96 12406 0 12291 4 0 4 4 0 8 0 amappl2 88 750 0 687 2 0 2 2 0 8 0 amappl1 80 16687 0 16102 16 1 15 16 0 8 0 amappl 88 16651 0 16457 5 0 5 5 0 92 0 dma32768 32768 2 0 2 1 0 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 2 0 2 2 1 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 8 0 8 2 2 0 1 0 8 0 dma128 128 254 0 254 2 1 1 1 0 8 1 dma64 64 9 0 9 3 2 1 1 0 8 1 dma32 32 8 0 8 2 1 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 61 0 12 1 0 1 1 0 8 0 uaddrrnd 24 2101 0 2070 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2101 0 2070 1 0 1 1 0 8 0 vmmpekpl 168 17000 0 16949 3 0 3 3 0 8 0 vmmpepl 168 133498 0 131482 106 6 100 100 0 357 6 vmsppl 480 2100 0 2070 7 2 5 5 0 8 1 rwobjpl 72 39357 0 32432 130 0 130 130 0 8 3 pdppl 4096 4209 0 4140 131 60 71 85 0 8 2 pvpl 32 21491 0 0 174 1 173 173 0 265 0 pmappl 256 2100 0 2070 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 510 0 88 13 0 13 13 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff83846ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83a19340) at __mp_lock+0x199 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff83a19340) at __mp_lock+0x199 sys/kern/kern_lock.c:144 softintr_dispatch(0) at softintr_dispatch+0x12a sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:840 Xsoftclock() at Xsoftclock+0x27 __mp_lock(ffffffff83a19340) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff83a19340) at __mp_lock+0x192 sys/kern/kern_lock.c:144 __mp_acquire_count(ffffffff83a19340,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 mi_switch() at mi_switch+0x4b7 sys/kern/sched_bsd.c:441 sleep_finish(0,1) at sleep_finish+0x24f sys/kern/kern_synch.c:412 softclock_thread_run(ffffffff837cc648) at softclock_thread_run+0x74 sys/kern/kern_timeout.c:828 softclock_thread(ffff8000fffff480) at softclock_thread+0x10a sys/kern/kern_timeout.c:850 end trace frame: 0x0, count: 2 ddb{0}> trace x86_ipi_db(ffffffff83846ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83a19340) at __mp_lock+0x199 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff83a19340) at __mp_lock+0x199 sys/kern/kern_lock.c:144 softintr_dispatch(0) at softintr_dispatch+0x12a sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:840 Xsoftclock() at Xsoftclock+0x27 __mp_lock(ffffffff83a19340) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff83a19340) at __mp_lock+0x192 sys/kern/kern_lock.c:144 __mp_acquire_count(ffffffff83a19340,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 mi_switch() at mi_switch+0x4b7 sys/kern/sched_bsd.c:441 sleep_finish(0,1) at sleep_finish+0x24f sys/kern/kern_synch.c:412 softclock_thread_run(ffffffff837cc648) at softclock_thread_run+0x74 sys/kern/kern_timeout.c:828 softclock_thread(ffff8000fffff480) at softclock_thread+0x10a sys/kern/kern_timeout.c:850 end trace frame: 0x0, count: -13 ddb{0}> machine ddbcpu 1 Stopped at savectx+0xae: movl $0,%gs:0x680 savectx() at savectx+0xae end of kernel end trace frame: 0x6d53dde78b0, count: 14 ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x6d53dde78b0, count: -1