uvm_fault(0xfffffd805b5685e8, 0x0, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff822ec438 cs 8 rflags 10207 cr2 0 cpl 0 rsp ffff80002b0233e0 gsbase 0xffff8000299edff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff822ec438 Starting stack trace... panic(ffffffff8339fd66) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80002b023330) at kerntrap+0x30b alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff800001478000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:586 dtclose(11e5f,1,2000,ffff8000ffff2fa0) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(11e5f,1,2000,ffff8000ffff2fa0) at dtclose+0x109 sys/dev/dt/dt_dev.c:232 spec_close(ffff80002b0234e0) at spec_close+0x466 sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd8055e94058,1,fffffd80097fb2d8,ffff8000ffff2fa0) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156 vn_closefile(fffffd807c076398,ffff8000ffff2fa0) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd807c076398,ffff8000ffff2fa0) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd807c076398,ffff8000ffff2fa0) at fdrop+0x121 sys/kern/kern_descrip.c:1280 closef(fffffd807c076398,ffff8000ffff2fa0) at closef+0x192 sys/kern/kern_descrip.c:1264 fdfree(ffff8000ffff2fa0) at fdfree+0x116 sys/kern/kern_descrip.c:1195 exit1(ffff8000ffff2fa0,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215 sys_exit(ffff8000ffff2fa0,ffff80002b023850,ffff80002b0237a0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80002b023850) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002b023850) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x76dc25175d10, count: 242 End of stack trace. WARNING: SPL NOT LOWERED ON SYSCALL 49 0 EXIT 0 4 Stopped at savectx+0xae: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND *122244 49261 0 0 0x4000000 1 syz-executor savectx() at savectx+0xae end of kernel end trace frame: 0x8992bdbc8f0, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd805b5685e8, 0x0, 0, 1) -> e ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x8992bdbc8f0, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80003b03fd40 rbx 0 rdx 0 rcx 0xffff80002f3f7cc8 rax 0x32 r8 0xffff80003b03fc70 r9 0x80713 acpi_pdirpa+0x6c584 r10 0x14aa89012692e415 r11 0x497b5d30e0b2ab79 r12 0 r13 0 r14 0xffff80002f3f7cc8 r15 0 rip 0xffffffff81acf3ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80003b03fcc0 ss 0 savectx+0xae: movl $0,%gs:0x688 ddb{1}> show proc PROC (syz-executor) tid=122244 pid=49261 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=86, usrpri=86, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002f3f7798,0xffffffff839b9858 process=0xffff80002a2a79d0 user=0xffff80003b03a000, vmspace=0xfffffd805b5689b8 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 49261 192887 10309 0 2 0 syz-executor 49261 390515 10309 0 3 0x4000080 fsleep syz-executor *49261 122244 10309 0 7 0x4000000 syz-executor 56437 326777 19847 0 2 0 syz-executor 56437 422413 19847 0 3 0x4000080 fsleep syz-executor 56437 482245 19847 0 3 0x4000080 fsleep syz-executor 10309 58115 39606 0 3 0x82 nanoslp syz-executor 12571 190414 60167 0 3 0x80 nanoslp syz-executor 12571 251816 60167 0 3 0x4000080 nanoslp syz-executor 83462 451014 0 0 3 0x14200 acct acct 75791 523487 1 0 3 0x100083 ttyin getty 98782 92875 39606 0 3 0x10000082 nanoslp syz-executor 45114 363768 39606 0 3 0x82 wait syz-executor 75902 111477 39606 0 3 0x82 nanoslp syz-executor 19847 482881 39606 0 3 0x82 nanoslp syz-executor 60167 166919 39606 0 3 0x82 nanoslp syz-executor 76639 385156 0 0 3 0x14280 nfsidl nfsio 56795 497616 0 0 3 0x14280 nfsidl nfsio 34091 429055 0 0 3 0x14280 nfsidl nfsio 44809 169377 0 0 3 0x14280 nfsidl nfsio 78801 389494 0 0 3 0x14280 nfsidl nfsio 32569 266521 0 0 3 0x14280 nfsidl nfsio 71312 101095 0 0 3 0x14280 nfsidl nfsio 25941 220420 39606 0 3 0x82 nanoslp syz-executor 42205 139227 39606 0 3 0x82 nanoslp syz-executor 2736 217372 0 0 3 0x14200 bored sosplice 39606 140090 5279 0 3 0x82 kqread syz-executor 5279 24766 65211 0 3 0x10008a sigsusp ksh 65211 141277 36692 0 3 0x98 kqread sshd-session 36692 461143 74242 0 3 0x92 kqread sshd-session 74242 288428 1 0 3 0x88 kqread sshd 5354 438697 39885 74 3 0x1100092 bpf pflogd 39885 119344 1 0 3 0x80 sbwait pflogd 10074 241678 69037 73 3 0x1100090 kqread syslogd 69037 57144 1 0 3 0x100082 sbwait syslogd 40597 152695 1 0 3 0x100080 kqread resolvd 10236 107416 0 0 3 0x14200 bored smr 82374 90911 0 0 3 0x14200 pgzero zerothread 87708 288983 0 0 3 0x14200 aiodoned aiodoned 39759 24642 0 0 3 0x14200 syncer update 86809 199117 0 0 3 0x14200 cleaner cleaner 15671 175127 0 0 3 0x14200 kmmaplk reaper 39238 280594 0 0 3 0x14200 pgdaemon pagedaemon 53156 484495 0 0 3 0x14200 bored viomb 55342 19500 0 0 3 0x40014200 acpi0 acpi0 61059 273773 0 0 3 0x40014200 idle1 69761 338184 0 0 3 0x14200 bored softnet7 98593 486738 0 0 3 0x14200 bored softnet6 1570 203922 0 0 3 0x14200 bored softnet5 85497 178940 0 0 3 0x14200 bored softnet4 15628 267253 0 0 3 0x14200 bored softnet3 85876 453340 0 0 3 0x14200 bored softnet2 32522 164544 0 0 3 0x14200 bored softnet1 77740 292873 0 0 2 0x14200 softnet0 80262 287527 0 0 2 0x40014200 systqmp 53073 319340 0 0 3 0x14200 bored systq 25633 264905 0 0 3 0x14200 tmoslp softclockmp 88828 95955 0 0 3 0x40014200 tmoslp softclock 67074 149224 0 0 7 0x40014200 idle0 1 142081 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10281 11133K 12436K 166960K 18520 0 pcb 19 20K 32K 166960K 3305 0 rtable 234 15K 16K 166960K 1670 0 pf 46 19K 131092K 166960K 837 0 ifaddr 43 10K 11K 166960K 519 0 ifgroup 73 3K 3K 166960K 980 0 sysctl 4 1K 9K 166960K 78 0 counters 78 38K 38K 166960K 1300 0 ioctlops 0 0K 4K 166960K 3896 0 iov 0 0K 32K 166960K 679 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1578 99K 100K 166960K 8963 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 4 9K 13K 166960K 131 0 VM map 2 1K 1K 166960K 2 0 sem 25 77K 77K 166960K 423 0 dirhash 12 2K 3K 166960K 231 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 240K 166960K 9679 0 sigio 0 0K 0K 166960K 259 0 proc 67 83K 164K 166960K 2019 0 subproc 72 4K 4K 166960K 229 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 2068 0 in_multi 63 4K 7K 166960K 782 0 ether_multi 1 0K 0K 166960K 122 0 mrt 3 0K 0K 166960K 63 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 277 1235K 1235K 166960K 277 0 exec 0 0K 1K 166960K 2449 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 25 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 227 152K 186K 166960K 89802 0 UVM aobj 7 2K 2K 166960K 9 0 pinsyscall 36 72K 106K 166960K 11204 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 3 0K 1K 166960K 774 0 NDP 18 0K 1K 166960K 381 0 temp 101 8652K 8904K 166960K 488267 3 kqueue 8 13K 35K 166960K 2167 0 SYN cache 2 8K 16K 166960K 3 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 1167 0 1165 8 6 2 2 0 8 1 rtentry 176 547 0 469 6 1 5 5 0 8 0 unpcb 144 7893 0 7883 52 51 1 10 0 8 0 syncache 336 29 0 29 14 14 0 1 0 8 0 tcpqe 32 7 0 7 5 5 0 1 0 8 0 tcpcb 736 4190 0 4184 66 59 7 7 0 8 6 arp 136 69 0 53 1 0 1 1 0 8 0 inpcb 328 13904 0 13894 101 94 7 13 0 8 6 nd6 144 86 0 69 1 0 1 1 0 8 0 pkpcb 40 101 0 101 15 14 1 1 0 8 1 kcovpl 48 25 0 17 1 0 1 1 0 8 0 mppekey 1024 4 0 4 3 3 0 1 0 8 0 ppxss 1192 501 0 499 2 1 1 1 0 8 0 pppxif 1504 32 0 32 11 11 0 1 0 8 0 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pffrag 232 88 0 75 1 0 1 1 0 482 0 pffrnode 88 67 0 55 1 0 1 1 0 8 0 pffrent 40 237 0 224 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 19 0 19 8 8 0 1 0 8 0 pfanchor 1288 2 0 2 1 1 0 1 0 8 0 pftag 88 2 0 1 1 0 1 1 0 8 0 pfstitem 24 690 0 565 1 0 1 1 0 8 0 pfstkey 128 692 0 567 6 1 5 6 0 8 0 pfstate 384 691 0 566 20 4 16 17 0 8 0 pfrule 1344 25 0 20 2 1 1 2 0 8 0 rttmr 136 8 0 8 6 6 0 1 0 8 0 art_heap8 4096 9 0 5 8 4 4 6 0 8 0 art_heap4 256 2933 0 2607 49 27 22 30 0 8 0 art_table 40 2942 0 2612 5 0 5 5 0 8 0 art_node 32 527 0 465 1 0 1 1 0 8 0 sysvmsgpl 40 21 0 17 3 2 1 1 0 8 0 semapl 112 404 0 381 1 0 1 1 0 8 0 shmpl 112 6 0 2 1 0 1 1 0 8 0 dirhash 1024 164 0 147 3 0 3 3 0 8 0 dino2pl 256 20513 0 18952 98 0 98 98 0 8 0 ffsino 296 20513 0 18952 122 1 121 121 0 8 0 nchpl 144 34264 0 33603 65 40 25 64 0 8 0 rtmask 32 46 0 45 1 0 1 1 0 8 0 uvmvnodes 80 6249 0 0 128 0 128 128 0 8 0 vnodes 216 6249 0 0 348 0 348 348 0 8 0 namei 1024 123284 0 123284 9 8 1 3 0 8 1 percpumem 16 665 0 611 1 0 1 1 0 8 0 pfiaddrpl 120 3 0 3 1 1 0 1 0 8 0 kstatmem 264 664 0 626 5 2 3 3 0 8 0 scsiplug 72 44 0 44 19 18 1 1 0 8 1 scxspl 216 191091 0 191091 22 21 1 8 1 8 1 plimitpl 152 2949 0 2931 1 0 1 1 0 8 0 sigapl 424 9942 0 9882 12 5 7 9 0 8 0 knotepl 120 1243 0 0 30 0 30 30 0 8 0 kqueuepl 224 4414 0 4407 41 40 1 5 0 8 0 pipepl 344 1564 0 1536 39 36 3 9 0 8 0 fdescpl 528 9819 0 9791 3 0 3 3 0 8 0 filepl 160 76543 0 76333 74 60 14 20 0 8 1 lockfpl 104 4147 0 4146 6 4 2 2 0 8 1 lockfspl 48 1332 0 1331 1 0 1 1 0 8 0 sessionpl 144 61 0 53 1 0 1 1 0 8 0 pgrppl 48 301 0 285 1 0 1 1 0 8 0 ucredpl 104 12973 0 12959 1 0 1 1 0 8 0 zombiepl 144 16130 0 16125 1 0 1 1 0 8 0 processpl 1232 9942 0 9882 8 2 6 6 0 8 0 procpl 664 27017 0 26950 10 2 8 8 0 8 0 sosppl 168 54 0 54 11 11 0 1 0 8 0 sockpl 752 23666 0 23644 184 174 10 27 0 8 7 mcl64k 65536 36 0 0 5 0 5 5 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 4 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 9 0 0 2 0 2 2 0 8 0 mcl4k 4096 126 0 0 15 0 15 15 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 84 0 0 5 0 5 5 0 8 0 mtagpl 96 73 0 0 2 0 2 2 0 8 0 mbufpl 256 1266 0 0 76 0 76 76 0 8 0 bufpl 280 72691 0 66440 447 0 447 447 0 8 0 anonpl 32 18793 0 0 152 0 152 152 0 246 0 amapchunkpl 152 316169 0 315607 103 73 30 36 0 158 5 amappl16 200 30062 0 29977 179 164 15 41 0 8 0 amappl15 192 3 0 3 3 3 0 1 0 8 0 amappl14 184 196 0 187 1 0 1 1 0 8 0 amappl13 176 5 0 5 3 3 0 1 0 8 0 amappl12 168 10774 0 10746 3 1 2 2 0 8 0 amappl11 160 52 0 43 1 0 1 1 0 8 0 amappl10 152 10 0 9 2 1 1 1 0 8 0 amappl9 144 249 0 248 2 1 1 1 0 8 0 amappl8 136 23 0 20 1 0 1 1 0 8 0 amappl7 128 184 0 174 1 0 1 1 0 8 0 amappl6 120 369 0 365 1 0 1 1 0 8 0 amappl5 112 199 0 191 1 0 1 1 0 8 0 amappl4 104 413 0 394 1 0 1 1 0 8 0 amappl3 96 57375 0 57286 5 1 4 4 0 8 0 amappl2 88 10255 0 10191 2 0 2 2 0 8 0 amappl1 80 51496 0 50987 15 0 15 15 0 8 0 amappl 88 87003 0 86834 5 0 5 5 0 92 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 4 0 4 4 4 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma512 512 1 0 1 1 1 0 1 0 8 0 dma256 256 10 0 10 5 5 0 1 0 8 0 dma128 128 268 0 268 12 11 1 1 0 8 1 dma64 64 11 0 11 3 3 0 1 0 8 0 dma32 32 11 0 11 4 3 1 1 0 8 1 dma16 16 25 0 24 1 0 1 1 0 8 0 aobjpl 72 8 0 2 1 0 1 1 0 8 0 uaddrrnd 24 9819 0 9791 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 9819 0 9791 1 0 1 1 0 8 0 vmmpekpl 168 70794 0 70717 4 0 4 4 0 8 0 vmmpepl 168 613819 0 612048 181 89 92 126 0 357 0 vmsppl 488 9818 0 9791 7 2 5 5 0 8 0 rwobjpl 80 155801 0 148676 171 17 154 159 0 8 0 pdppl 4096 19646 0 19582 158 90 68 88 0 8 4 pvpl 32 29709 0 0 239 0 239 239 0 265 0 pmappl 256 9818 0 9791 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 528 0 217 10 0 10 10 0 8 1 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff83787ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff838e5538) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838e5538) at __mp_lock+0x192 sys/kern/kern_lock.c:165 softintr_dispatch(2) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(2) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsofttty() at Xsofttty+0x27 __mp_lock(ffffffff838e5538) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838e5538) at __mp_lock+0x192 sys/kern/kern_lock.c:165 softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsoftclock() at Xsoftclock+0x27 acpicpu_idle() at acpicpu_idle+0x457 sys/dev/acpi/acpicpu_x86.c:1224 sched_idle(ffffffff83787ff0) at sched_idle+0x391 sys/kern/kern_sched.c:191 end trace frame: 0x0, count: 2 ddb{0}> trace x86_ipi_db(ffffffff83787ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff838e5538) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838e5538) at __mp_lock+0x192 sys/kern/kern_lock.c:165 softintr_dispatch(2) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(2) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsofttty() at Xsofttty+0x27 __mp_lock(ffffffff838e5538) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff838e5538) at __mp_lock+0x192 sys/kern/kern_lock.c:165 softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:847 Xsoftclock() at Xsoftclock+0x27 acpicpu_idle() at acpicpu_idle+0x457 sys/dev/acpi/acpicpu_x86.c:1224 sched_idle(ffffffff83787ff0) at sched_idle+0x391 sys/kern/kern_sched.c:191 end trace frame: 0x0, count: -13 ddb{0}> machine ddbcpu 1 Stopped at savectx+0xae: movl $0,%gs:0x688 savectx() at savectx+0xae end of kernel end trace frame: 0x8992bdbc8f0, count: 14 ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x8992bdbc8f0, count: -1