uvm_fault(0xfffffd806ef121f0, 0x0, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff8300f0c8 cs 8 rflags 10207 cr2 0 cpl 0 rsp ffff80003c459460 gsbase 0xffff8000299edff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff8300f0c8 Starting stack trace... panic(ffffffff833c7625) at panic+464 kerntrap(ffff80003c4593b0) at kerntrap+779 alltraps_kern_meltdown() at alltraps_kern_meltdown+123 dt_ioctl_record_stop(ffff800001573000) at dt_ioctl_record_stop+264 dtclose(21e5f,81,2000,ffff80003c433250) at dtclose+265 spec_close(ffff80003c459560) at spec_close+1126 VOP_CLOSE(fffffd806375b018,81,fffffd80097fb618,ffff80003c433250) at VOP_CLOSE+306 vn_closefile(fffffd806fe0c848,ffff80003c433250) at vn_closefile+299 fdrop(fffffd806fe0c848,ffff80003c433250) at fdrop+289 closef(fffffd806fe0c848,ffff80003c433250) at closef+402 syscall(ffff80003c4597c0) at syscall+3028 Xsyscall() at Xsyscall+296 end of kernel end trace frame: 0x49571c91ac0, count: 245 End of stack trace. WARNING: SPL NOT LOWERED ON SYSCALL 54 5 EXIT 0 4 Stopped at savectx+174: movl $0,%gs:1672 TID PID UID PRFLAGS PFLAGS CPU COMMAND 100888 62423 0 0 0 0 syz-executor *153559 62423 0 0 0x4000000 1 syz-executor savectx() at savectx+174 end of kernel end trace frame: 0x49615d79800, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd806ef121f0, 0x0, 0, 1) -> e ddb{1}> trace savectx() at savectx+174 end of kernel end trace frame: 0x49615d79800, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 18446603336929756000 rbx 0 rdx 0 rcx 18446603337232228392 rax 50 r8 18446603336929755792 r9 1 r10 6139862344257433975 r11 13432094437539130368 r12 0 r13 0 r14 18446603337232228392 r15 0 rip 18446744071582114798 savectx+174 cs 8 rflags 70 rsp 18446603336929755872 ss 16 savectx+174: movl $0,%gs:1672 ddb{1}> show proc PROC (syz-executor) tid=153559 pid=62423 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c433780,0xffff80003c433260 process=0xffff8000397fb510 user=0xffff80002a3b7000, vmspace=0xfffffd806ef121f0 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 62423 100888 41847 0 7 0 syz-executor *62423 153559 41847 0 7 0x4000000 syz-executor 62423 54040 41847 0 3 0x4000000 sbar syz-executor 62423 408293 41847 0 2 0x4000000 syz-executor 11144 253860 92907 0 3 0x80 nanoslp syz-executor 11144 195762 92907 0 3 0x4000080 kqread syz-executor 11144 320106 92907 0 3 0x4000080 fsleep syz-executor 5338 278707 64439 0 3 0x80 nanoslp syz-executor 5338 320641 64439 0 3 0x4000080 sbwait syz-executor 5338 212140 64439 0 3 0x4000080 fsleep syz-executor 95161 86050 5939 0 3 0x80 nanoslp syz-executor 95161 344059 5939 0 3 0x4000080 kqsel syz-executor 95161 110653 5939 0 3 0x4000080 kqsel syz-executor 95161 226470 5939 0 3 0x4000080 fsleep syz-executor 47474 511783 37040 0 3 0x82 wait syz-executor 55196 308438 37040 0 3 0x2 biowait syz-executor 92907 60817 37040 0 3 0x82 nanoslp syz-executor 41847 256141 37040 0 3 0x82 nanoslp syz-executor 34030 326262 1 0 3 0x100083 ttyopn getty 51038 229045 37040 0 3 0x82 wait syz-executor 64439 18797 37040 0 3 0x82 nanoslp syz-executor 5939 302489 37040 0 3 0x82 nanoslp syz-executor 1123 490154 37040 0 3 0x82 wait syz-executor 37040 489483 12951 0 2 0x2 syz-executor 12951 59162 27115 0 3 0x10008a sigsusp ksh 27115 309639 79911 0 3 0x98 kqread sshd-session 79911 434571 60425 0 3 0x92 kqread sshd-session 60425 198866 1 0 3 0x88 kqread sshd 21241 125389 20308 74 3 0x1100092 bpf pflogd 20308 121898 1 0 3 0x80 sbwait pflogd 82435 157444 39089 73 3 0x1100090 kqread syslogd 39089 119046 1 0 3 0x100082 sbwait syslogd 40990 271232 1 0 3 0x100080 kqread resolvd 86457 28339 0 0 3 0x14200 bored smr 9289 188249 0 0 3 0x14200 pgzero zerothread 98685 382159 0 0 3 0x14200 aiodoned aiodoned 65457 57689 0 0 3 0x14200 syncer update 3950 49249 0 0 3 0x14200 cleaner cleaner 68945 324210 0 0 3 0x14200 reaper reaper 57688 459383 0 0 3 0x14200 pgdaemon pagedaemon 44470 253086 0 0 3 0x14200 bored viomb 97704 295940 0 0 3 0x40014200 acpi0 acpi0 49223 185622 0 0 3 0x40014200 idle1 91900 134861 0 0 3 0x14200 bored softnet1 98029 415155 0 0 2 0x14200 softnet0 4859 5559 0 0 2 0x40014200 systqmp 95564 273354 0 0 3 0x14200 bored systq 39432 425321 0 0 3 0x14200 tmoslp softclockmp 96952 265152 0 0 3 0x40014200 tmoslp softclock 99426 264812 0 0 3 0x40014200 idle0 1 439499 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks CPU 0: exclusive mutex vmmpepl r = 0 (0xffffffff8389e268) #0 witness_lock+1521 #1 mtx_enter+1204 #2 pool_get+292 #3 uvm_mapent_alloc+852 #4 uvm_mapanon+626 #5 uvm_mmapanon+464 #6 sys_mmap+2688 #7 syscall+3028 #8 Xsyscall+296 Process 62423 (syz-executor) thread 0xffff80003c433250 (54040) exclusive rwlock dtlk r = 0 (0xffffffff83884878) #0 witness_lock+1521 #1 rw_do_enter_write+1049 #2 dt_ioctl_record_stop+46 #3 dtclose+265 #4 spec_close+1126 #5 VOP_CLOSE+306 #6 vn_closefile+299 #7 fdrop+289 #8 closef+402 #9 syscall+3028 #10 Xsyscall+296 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff839f2008) #0 witness_lock+1521 #1 vn_closefile+65 #2 fdrop+289 #3 closef+402 #4 syscall+3028 #5 Xsyscall+296 Process 55196 (syz-executor) thread 0xffff80003c46f508 (308438) exclusive rrwlock inode r = 0 (0xfffffd80675bdb48) #0 witness_lock+1521 #1 rw_do_enter_write+1049 #2 rrw_enter+198 #3 VOP_LOCK+189 #4 vn_lock+164 #5 vget+674 #6 ufs_ihashget+389 #7 ffs_vget+140 #8 ufs_lookup+6710 #9 VOP_LOOKUP+110 #10 vfs_lookup+2362 #11 namei+1994 #12 dounlinkat+193 #13 syscall+2839 #14 Xsyscall+296 exclusive rrwlock inode r = 0 (0xfffffd806e0f7798) #0 witness_lock+1521 #1 rw_do_enter_write+1049 #2 rrw_enter+198 #3 VOP_LOCK+189 #4 vn_lock+164 #5 vfs_lookup+284 #6 namei+1994 #7 dounlinkat+193 #8 syscall+2839 #9 Xsyscall+296 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10227 11083K 12352K 166960K 12900 0 pcb 17 14K 22K 166960K 806 0 rtable 256 11K 12K 166960K 703 0 pf 37 18K 67486K 166960K 280 0 ifaddr 38 7K 8K 166960K 150 0 ifgroup 54 2K 2K 166960K 280 0 sysctl 4 1K 9K 166960K 27 0 counters 66 36K 37K 166960K 422 0 ioctlops 0 0K 4K 166960K 1957 0 iov 0 0K 24K 166960K 201 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1491 94K 94K 166960K 3202 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 17 0 VM map 2 1K 1K 166960K 2 0 sem 23 11K 11K 166960K 82 0 dirhash 12 2K 2K 166960K 69 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 93K 166960K 2073 0 sigio 0 0K 0K 166960K 41 0 proc 66 83K 164K 166960K 853 0 subproc 72 4K 4K 166960K 108 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 2 0K 0K 166960K 360 0 in_multi 80 6K 7K 166960K 185 0 ether_multi 1 0K 0K 166960K 13 0 mrt 2 0K 0K 166960K 19 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 229 1023K 1023K 166960K 229 0 exec 0 0K 1K 166960K 692 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 233 143K 194K 166960K 20634 0 UVM aobj 35 12K 12K 166960K 37 0 pinsyscall 36 72K 110K 166960K 3315 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 135 0 NDP 11 0K 2K 166960K 113 0 temp 83 8660K 8788K 166960K 106806 0 kqueue 8 14K 36K 166960K 365 0 SYN cache 2 8K 16K 166960K 3 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 250 0 249 3 2 1 2 0 8 0 rtentry 176 216 0 112 6 0 6 6 0 8 0 unpcb 144 1280 0 1265 7 6 1 6 0 8 0 syncache 336 6 0 6 4 3 1 1 0 8 1 tcpqe 32 2 0 2 2 1 1 1 0 8 1 tcpcb 736 764 0 757 18 15 3 7 0 8 2 arp 136 40 0 18 1 0 1 1 0 8 0 inpcb 328 2678 0 2671 23 16 7 10 0 8 5 nd6 152 43 0 17 2 0 2 2 0 8 0 pkpcb 40 10 0 10 5 4 1 1 0 8 1 kcovpl 48 12 0 4 1 0 1 1 0 8 0 ppxss 1192 152 0 152 2 1 1 1 0 8 1 pppxif 1504 70 0 70 4 3 1 1 0 8 1 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pffrag 232 24 0 12 1 0 1 1 0 482 0 pffrnode 88 23 0 11 1 0 1 1 0 8 0 pffrent 40 37 0 24 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 1 0 1 1 1 0 1 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 104 0 47 1 0 1 1 0 8 0 pfstkey 128 111 0 54 2 0 2 2 0 8 0 pfstate 384 106 0 51 6 0 6 6 0 8 0 pfrule 1344 35 0 29 2 1 1 2 0 8 0 rttmr 136 3 0 3 3 2 1 1 0 8 1 art_heap8 4096 6 0 0 6 0 6 6 0 8 0 art_heap4 256 881 0 496 32 7 25 31 0 8 0 art_table 40 887 0 496 5 0 5 5 0 8 0 art_node 32 211 0 119 1 0 1 1 0 8 0 sysvmsgpl 40 17 0 12 1 0 1 1 0 8 0 semupl 112 3 0 3 2 2 0 1 0 8 0 semapl 112 67 0 46 1 0 1 1 0 8 0 shmpl 112 29 0 2 1 0 1 1 0 8 0 dirhash 1024 55 0 38 3 0 3 3 0 8 0 dino2pl 256 5698 0 4180 96 0 96 96 0 8 0 ffsino 296 5698 0 4180 118 0 118 118 0 8 0 nchpl 144 8547 0 6835 64 0 64 64 0 8 0 rtmask 32 22 0 22 6 5 1 1 0 8 1 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 31693 0 31693 2 1 1 2 0 8 1 percpumem 16 226 0 178 1 0 1 1 0 8 0 vcpupl 3968 5 0 0 1 0 1 1 0 8 0 vmpool 840 5 0 0 1 0 1 1 0 8 0 kstatmem 264 180 0 156 7 4 3 3 0 8 1 scsiplug 72 33 0 33 4 3 1 1 0 8 1 scxspl 216 55775 0 55774 13 11 2 8 1 8 1 plimitpl 152 848 0 830 1 0 1 1 0 8 0 sigapl 424 2401 0 2357 9 2 7 8 0 8 0 knotepl 120 723 0 0 22 1 21 21 0 8 0 kqueuepl 224 896 0 887 13 12 1 7 0 8 0 pipepl 344 363 0 336 8 2 6 6 0 8 3 fdescpl 528 2360 0 2332 3 0 3 3 0 8 0 filepl 160 17010 0 16796 22 10 12 17 0 8 0 lockfpl 104 741 0 740 3 2 1 2 0 8 0 lockfspl 48 259 0 258 1 0 1 1 0 8 0 sessionpl 144 29 0 21 1 0 1 1 0 8 0 pgrppl 48 77 0 61 1 0 1 1 0 8 0 ucredpl 104 3246 0 3235 1 0 1 1 0 8 0 zombiepl 144 2360 0 2357 1 0 1 1 0 8 0 processpl 1232 2401 0 2357 6 0 6 6 0 8 1 procpl 664 5620 0 5566 10 4 6 8 0 8 0 sosppl 176 24 0 24 4 3 1 1 0 8 1 sockpl 752 4291 0 4268 32 23 9 17 0 8 6 mcl64k 65536 36 0 0 5 1 4 4 0 8 0 mcl16k 16384 4 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 113 0 0 15 0 15 15 0 8 0 mcl2k 2048 40 0 0 5 0 5 5 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 1182 0 0 72 0 72 72 0 8 0 bufpl 280 21894 0 15757 439 0 439 439 0 8 0 anonpl 32 12201 0 0 99 0 99 99 0 246 0 amapchunkpl 152 71600 0 71082 61 33 28 35 0 158 5 amappl16 200 8956 0 8926 73 62 11 27 0 8 3 amappl15 192 5 0 5 1 1 0 1 0 8 0 amappl14 184 5 0 4 1 0 1 1 0 8 0 amappl13 176 473 0 472 1 0 1 1 0 8 0 amappl12 168 2755 0 2719 3 0 3 3 0 8 0 amappl11 160 8 0 8 1 1 0 1 0 8 0 amappl10 152 48 0 40 1 0 1 1 0 8 0 amappl9 144 255 0 255 1 1 0 1 0 8 0 amappl8 136 44 0 41 1 0 1 1 0 8 0 amappl7 128 96 0 93 1 0 1 1 0 8 0 amappl6 120 331 0 320 1 0 1 1 0 8 0 amappl5 112 76 0 68 1 0 1 1 0 8 0 amappl4 104 437 0 412 1 0 1 1 0 8 0 amappl3 96 12475 0 12383 4 1 3 3 0 8 0 amappl2 88 2477 0 2417 2 0 2 2 0 8 0 amappl1 80 17622 0 17124 15 2 13 15 0 8 0 amappl 88 19488 0 19315 5 0 5 5 0 92 0 uvmvnodes 80 205 0 0 5 0 5 5 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 12 0 12 2 2 0 1 0 8 0 dma128 128 258 0 258 6 6 0 1 0 8 0 dma64 64 8 0 8 3 3 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 36 0 2 1 0 1 1 0 8 0 uaddrrnd 24 2360 0 2332 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2360 0 2332 1 0 1 1 0 8 0 vmmpekpl 168 20126 0 20070 3 0 3 3 0 8 0 vmmpepl 168 153584 0 151882 118 30 88 106 0 357 1 vmsppl 488 2359 0 2332 5 0 5 5 0 8 0 rwobjpl 80 41442 0 40402 38 9 29 32 0 8 0 pdppl 4096 4738 0 4669 114 42 72 86 0 8 3 pvpl 32 19051 0 0 154 0 154 154 0 265 0 pmappl 256 2364 0 2332 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 382 0 73 9 0 9 9 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+39: addq $8,%rsp x86_ipi_db(ffffffff837d2ff0) at x86_ipi_db+39 x86_ipi_handler() at x86_ipi_handler+217 Xresume_lapic_ipi() at Xresume_lapic_ipi+39 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+51 __mp_lock(ffffffff839f1e00) at __mp_lock+419 softintr_dispatch(2) at softintr_dispatch+293 dosoftint(2) at dosoftint+84 Xsofttty() at Xsofttty+39 __mp_lock(ffffffff839f1e00) at __mp_lock+402 intr_handler(ffff80003c423f40,ffff80000007aa80) at intr_handler+233 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+399 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+51 __mp_lock(ffffffff839f1e00) at __mp_lock+419 syscall(ffff80003c424120) at syscall+2804 end trace frame: 0xffff80003c4241a0, count: 0 ddb{0}> trace x86_ipi_db(ffffffff837d2ff0) at x86_ipi_db+39 x86_ipi_handler() at x86_ipi_handler+217 Xresume_lapic_ipi() at Xresume_lapic_ipi+39 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+51 __mp_lock(ffffffff839f1e00) at __mp_lock+419 softintr_dispatch(2) at softintr_dispatch+293 dosoftint(2) at dosoftint+84 Xsofttty() at Xsofttty+39 __mp_lock(ffffffff839f1e00) at __mp_lock+402 intr_handler(ffff80003c423f40,ffff80000007aa80) at intr_handler+233 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+399 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+51 __mp_lock(ffffffff839f1e00) at __mp_lock+419 syscall(ffff80003c424120) at syscall+2804 Xsyscall() at Xsyscall+296 end of kernel end trace frame: 0x7a0af928b5e0, count: -15 ddb{0}> machine ddbcpu 1 Stopped at savectx+174: movl $0,%gs:1672 savectx() at savectx+174 end of kernel end trace frame: 0x49615d79800, count: 14 ddb{1}> trace savectx() at savectx+174 end of kernel end trace frame: 0x49615d79800, count: -1