uvm_fault(0xfffffd805d3aa3f8, 0x0, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff813e5048 cs 8 rflags 10207 cr2 0 cpl 0 rsp ffff80002a2c8ce0 gsbase 0xffff8000299edff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff813e5048 Starting stack trace... panic(ffffffff8339fb8d) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80002a2c8c30) at kerntrap+0x30b alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff80000148b000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:586 dtclose(11e5f,81,2000,ffff80003c43ba20) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(11e5f,81,2000,ffff80003c43ba20) at dtclose+0x109 sys/dev/dt/dt_dev.c:232 spec_close(ffff80002a2c8de0) at spec_close+0x466 sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd807d7cd370,81,fffffd80097fb4e0,ffff80003c43ba20) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156 vn_closefile(fffffd806fbe30a0,ffff80003c43ba20) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd806fbe30a0,ffff80003c43ba20) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd806fbe30a0,ffff80003c43ba20) at fdrop+0x121 sys/kern/kern_descrip.c:1280 closef(fffffd806fbe30a0,ffff80003c43ba20) at closef+0x192 sys/kern/kern_descrip.c:1264 fdfree(ffff80003c43ba20) at fdfree+0x116 sys/kern/kern_descrip.c:1195 exit1(ffff80003c43ba20,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215 sys_exit(ffff80003c43ba20,ffff80002a2c9150,ffff80002a2c90a0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80002a2c9150) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a2c9150) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7226c9dacde0, count: 242 End of stack trace. WARNING: SPL NOT LOWERED ON TRAP EXIT 4 0 Stopped at proc_trampoline+0xc7: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND *357096 41179 0 0 0 1 syz-executor 80806 76177 0 0x2 0x1 0 syz-executor proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x73b9b04d2370, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd805d3aa3f8, 0x0, 0, 1) -> e ddb{1}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x73b9b04d2370, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80002a3474f0 rbx 0 rdx 0 rcx 0xffff8000ffff2d08 rax 0x2a r8 0xffff80002a347420 r9 0 r10 0x9d1a0d2d4cba892b r11 0x1559dc88023e3183 r12 0 r13 0 r14 0 r15 0 rip 0xffffffff81d8f4c7 proc_trampoline+0xc7 cs 0x8 rflags 0x246 rsp 0xffff80002a347470 ss 0x10 proc_trampoline+0xc7: movl $0,%gs:0x688 ddb{1}> show proc PROC (syz-executor) tid=357096 pid=41179 tcnt=1 stat=onproc flags process=0 proc=0 runpri=84, usrpri=84, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c43b4f0,0xffff80003c43ad38 process=0xffff80002a2c39d8 user=0xffff80002a342000, vmspace=0xfffffd805d3aa5e0 estcpu=36, cpticks=1, pctcpu=0.0, user=1, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 92765 400977 61081 0 2 0 syz-executor 92765 389623 61081 0 2 0x4000000 syz-executor *41179 357096 8360 0 7 0 syz-executor 20620 230303 69228 0 2 0 syz-executor 20620 49073 69228 0 2 0x4000000 syz-executor 97389 184054 0 0 3 0x14200 acct acct 69228 1497 53055 0 2 0x3 syz-executor 92862 496808 1 0 3 0x100083 ttyin getty 36513 63591 53055 0 2 0x2 syz-executor 61081 74066 53055 0 2 0xc82 syz-executor 80073 396470 53055 0 2 0x2 syz-executor 75521 271477 53055 0 2 0x2 syz-executor 8360 360287 53055 0 2 0x3 syz-executor 82153 321268 0 0 3 0x14200 bored sosplice 50057 208834 53055 0 2 0x2 syz-executor 76177 80806 53055 0 7 0x3 syz-executor 53055 114493 88620 0 3 0x82 kqread syz-executor 88620 501424 63221 0 3 0x10008a sigsusp ksh 63221 357636 41775 0 3 0x98 kqread sshd-session 41775 175802 76790 0 3 0x92 kqread sshd-session 76790 285217 1 0 3 0x88 kqread sshd 53315 452026 16355 74 3 0x1100092 bpf pflogd 16355 234460 1 0 3 0x80 sbwait pflogd 78021 270791 29530 73 3 0x1100090 kqread syslogd 29530 51522 1 0 3 0x100082 sbwait syslogd 8220 83047 1 0 3 0x100080 kqread resolvd 78437 500506 0 0 3 0x14200 bored smr 28005 418675 0 0 2 0x14200 zerothread 35702 359928 0 0 3 0x14200 aiodoned aiodoned 98648 273991 0 0 3 0x14200 syncer update 61076 46001 0 0 3 0x14200 cleaner cleaner 22363 425857 0 0 3 0x14200 kmmaplk reaper 25173 117299 0 0 3 0x14200 pgdaemon pagedaemon 61125 378970 0 0 3 0x14200 bored viomb 61475 456589 0 0 3 0x40014200 acpi0 acpi0 51644 439941 0 0 3 0x40014200 idle1 92787 407594 0 0 3 0x14200 bored softnet7 32035 137821 0 0 3 0x14200 bored softnet6 78813 394127 0 0 3 0x14200 bored softnet5 84762 24154 0 0 3 0x14200 bored softnet4 65578 234765 0 0 3 0x14200 bored softnet3 40585 449270 0 0 3 0x14200 bored softnet2 27073 95262 0 0 3 0x14200 bored softnet1 13084 443226 0 0 3 0x14200 netlock softnet0 32312 195603 0 0 2 0x40014200 systqmp 73765 352008 0 0 3 0x14200 bored systq 98054 224317 0 0 3 0x14200 tmoslp softclockmp 94234 444215 0 0 3 0x40014200 tmoslp softclock 24868 306289 0 0 3 0x40014200 idle0 1 442522 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 41179 (syz-executor) thread 0xffff8000ffff2d08 (357096) Process 36513 (syz-executor) thread 0xffff80002a340d40 (63591) Process 80073 (syz-executor) thread 0xffff800032409248 (396470) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10249 11153K 13053K 166960K 14330 0 pcb 17 16K 18K 166960K 853 0 rtable 215 13K 14K 166960K 986 0 pf 37 18K 82K 166960K 484 0 ifaddr 36 7K 8K 166960K 274 0 ifgroup 55 2K 3K 166960K 501 0 sysctl 3 1K 9K 166960K 71 0 counters 68 36K 39K 166960K 674 0 ioctlops 0 0K 4K 166960K 2482 0 iov 0 0K 32K 166960K 342 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1678 105K 106K 166960K 4498 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 19 0 VM map 2 1K 1K 166960K 2 0 sem 29 11K 11K 166960K 88 0 dirhash 12 2K 2K 166960K 72 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 240K 166960K 3761 0 sigio 0 0K 0K 166960K 283 0 proc 67 83K 180K 166960K 1277 0 subproc 72 4K 4K 166960K 175 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 556 0 in_multi 70 5K 7K 166960K 363 0 ether_multi 1 0K 0K 166960K 24 0 mrt 1 0K 0K 166960K 27 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 265 1182K 1182K 166960K 265 0 exec 0 0K 1K 166960K 995 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 13 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 186 149K 204K 166960K 34208 0 UVM aobj 74 9K 10K 166960K 81 0 pinsyscall 35 70K 106K 166960K 5089 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 227 0 NDP 12 0K 2K 166960K 200 0 temp 83 8652K 8784K 166960K 141969 0 kqueue 7 12K 34K 166960K 699 0 SYN cache 2 0K 16K 166960K 4 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 371 0 370 3 2 1 3 0 8 0 rtentry 176 307 0 231 5 0 5 5 0 8 0 unpcb 144 2723 0 2713 25 24 1 9 0 8 0 syncache 336 19 0 19 8 7 1 1 0 8 1 tcpqe 32 3 0 3 3 2 1 1 0 8 1 tcpcb 736 1314 0 1307 27 25 2 8 0 8 1 arp 128 38 0 24 1 0 1 1 0 8 0 inpcb 328 4410 0 4403 33 31 2 12 0 8 0 nd6 144 55 0 41 1 0 1 1 0 8 0 pkpcb 40 51 0 51 6 5 1 1 0 8 1 kcovpl 48 19 0 11 1 0 1 1 0 8 0 mppekey 1024 3 0 3 2 2 0 1 0 8 0 ppxss 1192 246 0 246 4 3 1 1 0 8 1 pppxif 1504 92 0 92 7 7 0 1 0 8 0 pfstscr 40 2 0 2 2 2 0 1 0 8 0 pffrag 232 20 0 12 1 0 1 1 0 482 0 pffrnode 88 15 0 8 1 0 1 1 0 8 0 pffrent 40 31 0 22 1 0 1 1 0 8 0 pfosfp 40 1430 0 1006 5 0 5 5 0 8 0 pfosfpen 112 1430 0 715 21 0 21 21 0 8 0 pfrktable 1344 16 0 16 2 2 0 1 0 8 0 pfanchor 1288 3 0 2 2 1 1 1 0 8 0 pftag 88 4 0 1 1 0 1 1 0 8 0 pfstitem 24 250 0 158 1 0 1 1 0 8 0 pfstkey 128 258 0 165 4 0 4 4 0 8 0 pfstate 384 250 0 161 12 1 11 11 0 8 0 pfrule 1344 43 0 38 2 1 1 2 0 8 0 rttmr 136 6 0 6 5 4 1 1 0 8 1 art_heap8 4096 5 0 1 5 1 4 4 0 8 0 art_heap4 256 1344 0 1003 38 13 25 28 0 8 0 art_table 40 1349 0 1004 6 2 4 5 0 8 0 art_node 32 304 0 241 1 0 1 1 0 8 0 sysvmsgpl 40 17 0 12 1 0 1 1 0 8 0 semapl 112 76 0 49 1 0 1 1 0 8 0 shmpl 112 78 0 7 3 0 3 3 0 8 0 dirhash 1024 58 0 41 3 0 3 3 0 8 0 dino2pl 256 8431 0 6898 98 1 97 97 0 8 0 ffsino 296 8431 0 6898 119 0 119 119 0 8 0 nchpl 144 13499 0 12873 64 39 25 64 0 8 0 rtmask 32 37 0 37 10 10 0 1 0 8 0 uvmvnodes 80 5209 0 0 107 0 107 107 0 8 0 vnodes 216 5209 0 0 290 0 290 290 0 8 0 namei 1024 48415 0 48415 6 5 1 2 0 8 1 percpumem 16 352 0 303 1 0 1 1 0 8 0 pfiaddrpl 120 6 0 6 2 2 0 1 0 8 0 kstatmem 264 326 0 298 4 1 3 3 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 10 0 10 6 6 0 1 0 8 0 scxspl 216 92877 0 92877 20 19 1 8 1 8 1 plimitpl 152 1354 0 1338 1 0 1 1 0 8 0 sigapl 424 3977 0 3925 9 2 7 9 0 8 0 knotepl 120 741 0 0 23 0 23 23 0 8 0 kqueuepl 224 1810 0 1803 27 24 3 9 0 8 2 pipepl 344 614 0 586 16 10 6 9 0 8 3 fdescpl 528 3913 0 3886 3 0 3 3 0 8 0 filepl 160 28468 0 28269 44 32 12 23 0 8 1 lockfpl 104 1413 0 1412 2 1 1 2 0 8 0 lockfspl 48 524 0 523 1 0 1 1 0 8 0 sessionpl 144 51 0 43 1 0 1 1 0 8 0 pgrppl 48 153 0 137 1 0 1 1 0 8 0 ucredpl 104 5264 0 5252 1 0 1 1 0 8 0 zombiepl 144 4064 0 4062 1 0 1 1 0 8 0 processpl 1232 3977 0 3925 6 0 6 6 0 8 0 procpl 664 9845 0 9789 10 3 7 8 0 8 0 sosppl 168 31 0 31 10 9 1 1 0 8 1 sockpl 752 7655 0 7636 75 71 4 24 0 8 1 mcl64k 65536 35 0 0 4 0 4 4 0 8 0 mcl16k 16384 9 0 0 2 0 2 2 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 118 0 0 15 0 15 15 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 59 0 0 7 0 7 7 0 8 0 mtagpl 96 4 0 0 1 0 1 1 0 8 0 mbufpl 256 1234 0 0 73 0 73 73 0 8 0 bufpl 280 37751 0 31608 441 1 440 440 0 8 0 anonpl 32 14671 0 0 118 0 118 118 0 246 0 amapchunkpl 152 132841 0 132422 59 31 28 37 0 158 4 amappl16 200 14344 0 14279 107 83 24 33 0 8 6 amappl15 192 5 0 4 1 0 1 1 0 8 0 amappl14 184 238 0 229 1 0 1 1 0 8 0 amappl13 176 3 0 3 2 2 0 1 0 8 0 amappl12 168 4789 0 4763 4 1 3 3 0 8 0 amappl11 160 56 0 47 1 0 1 1 0 8 0 amappl10 152 10 0 10 2 2 0 1 0 8 0 amappl9 144 329 0 328 2 1 1 1 0 8 0 amappl8 136 18 0 15 1 0 1 1 0 8 0 amappl7 128 147 0 137 1 0 1 1 0 8 0 amappl6 120 336 0 332 1 0 1 1 0 8 0 amappl5 112 171 0 164 1 0 1 1 0 8 0 amappl4 104 364 0 345 1 0 1 1 0 8 0 amappl3 96 24566 0 24488 5 1 4 4 0 8 0 amappl2 88 940 0 892 2 0 2 2 0 8 0 amappl1 80 26941 0 26446 19 5 14 15 0 8 0 amappl 88 32652 0 32522 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma512 512 1 0 1 1 1 0 1 0 8 0 dma256 256 9 0 9 4 4 0 1 0 8 0 dma128 128 256 0 256 3 3 0 1 0 8 0 dma64 64 8 0 8 3 3 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 22 0 21 1 0 1 1 0 8 0 aobjpl 72 80 0 7 2 0 2 2 0 8 0 uaddrrnd 24 3913 0 3886 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3913 0 3886 1 0 1 1 0 8 0 vmmpekpl 168 32436 0 32382 3 0 3 3 0 8 0 vmmpepl 168 252721 0 251129 146 49 97 115 0 357 2 vmsppl 488 3912 0 3885 6 1 5 5 0 8 0 rwobjpl 80 70939 0 64865 146 12 134 138 0 8 0 pdppl 4096 7834 0 7770 136 68 68 88 0 8 4 pvpl 32 24242 0 0 196 0 196 196 0 265 0 pmappl 256 3912 0 3885 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 435 0 128 9 0 9 9 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff83787ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff838f7d38) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838f7d38) at __mp_lock+0x192 sys/kern/kern_lock.c:165 softintr_dispatch(2) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(2) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsofttty() at Xsofttty+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 kd_curproc sys/dev/kcov.c:585 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 sys/dev/kcov.c:153 __mp_lock(ffffffff838f7d38) at __mp_lock+0x1a3 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838f7d38) at __mp_lock+0x1a3 sys/kern/kern_lock.c:165 softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsoftclock() at Xsoftclock+0x27 __mp_lock(ffffffff838f7d38) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838f7d38) at __mp_lock+0x192 sys/kern/kern_lock.c:165 ktrsysret(ffff8000ffff2540,5b,0,ffff80002a3b9760) at ktrsysret+0xde ktrwrite2 sys/kern/kern_ktrace.c:-1 [inline] ktrsysret(ffff8000ffff2540,5b,0,ffff80002a3b9760) at ktrsysret+0xde sys/kern/kern_ktrace.c:209 end trace frame: 0xffff80002a3b9800, count: 0 ddb{0}> trace x86_ipi_db(ffffffff83787ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff838f7d38) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838f7d38) at __mp_lock+0x192 sys/kern/kern_lock.c:165 softintr_dispatch(2) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(2) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsofttty() at Xsofttty+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 kd_curproc sys/dev/kcov.c:585 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 sys/dev/kcov.c:153 __mp_lock(ffffffff838f7d38) at __mp_lock+0x1a3 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838f7d38) at __mp_lock+0x1a3 sys/kern/kern_lock.c:165 softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsoftclock() at Xsoftclock+0x27 __mp_lock(ffffffff838f7d38) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838f7d38) at __mp_lock+0x192 sys/kern/kern_lock.c:165 ktrsysret(ffff8000ffff2540,5b,0,ffff80002a3b9760) at ktrsysret+0xde ktrwrite2 sys/kern/kern_ktrace.c:-1 [inline] ktrsysret(ffff8000ffff2540,5b,0,ffff80002a3b9760) at ktrsysret+0xde sys/kern/kern_ktrace.c:209 syscall(ffff80002a3b9810) at syscall+0xa50 mi_syscall_return sys/sys/syscall_mi.h:204 [inline] syscall(ffff80002a3b9810) at syscall+0xa50 sys/arch/amd64/amd64/trap.c:769 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7226c9dacdb0, count: -16 ddb{0}> machine ddbcpu 1 Stopped at proc_trampoline+0xc7: movl $0,%gs:0x688 proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x73b9b04d2370, count: 14 ddb{1}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x73b9b04d2370, count: -1