uvm_fault(0xfffffd805db4bd88, 0x0, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff831868c8 cs 8 rflags 10207 cr2 0 cpl 0 rsp ffff80003c4ab060 gsbase 0xffff8000299fdff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff831868c8 Starting stack trace... panic(ffffffff833a7aaf) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80003c4aafb0) at kerntrap+0x30b alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff800001478000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:586 dtclose(11e5f,81,2000,ffff80002a3c9260) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(11e5f,81,2000,ffff80002a3c9260) at dtclose+0x109 sys/dev/dt/dt_dev.c:232 spec_close(ffff80003c4ab160) at spec_close+0x466 sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd807cf01e98,81,fffffd80097fb3a8,ffff80002a3c9260) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156 vn_closefile(fffffd807167bac8,ffff80002a3c9260) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd807167bac8,ffff80002a3c9260) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd807167bac8,ffff80002a3c9260) at fdrop+0x121 sys/kern/kern_descrip.c:1280 closef(fffffd807167bac8,ffff80002a3c9260) at closef+0x192 sys/kern/kern_descrip.c:1264 fdfree(ffff80002a3c9260) at fdfree+0x116 sys/kern/kern_descrip.c:1195 exit1(ffff80002a3c9260,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215 sys_exit(ffff80002a3c9260,ffff80003c4ab4d0,ffff80003c4ab420) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80003c4ab4d0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c4ab4d0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7d7fbf493d10, count: 242 End of stack trace. WA RNINWAGR:N SIPNLG :N OTS PLL ONWOETR ELOWD EONRE TDR OANP S YESXCIATL L4 9 0 1 67S2t02o2p9p6e dE XITat 0 3 proc_trampoline+0xc7: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND *400570 28937 0 0 0 1 syz-executor 394706 48653 0 0x2 0 0 syz-executor proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7a1904016ad0, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd805db4bd88, 0x0, 0, 1) -> e ddb{1}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7a1904016ad0, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80003b825f40 rbx 0 rdx 0 rcx 0xffff80002a3c8d30 rax 0x2a r8 0xffff80003b825e70 r9 0x1 r10 0xbd7b45d0616eeb82 r11 0x11ce41912576ed0a r12 0 r13 0xffffffff81ded1e8 Xdoreti+0x18 r14 0 r15 0 rip 0xffffffff82ef54c7 proc_trampoline+0xc7 cs 0x8 rflags 0x246 rsp 0xffff80003b825ec0 ss 0x10 proc_trampoline+0xc7: movl $0,%gs:0x688 ddb{1}> show proc PROC (syz-executor) tid=400570 pid=28937 tcnt=4 stat=onproc flags process=0 proc=0 runpri=86, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a3c94f8,0xffff80002a3c82e0 process=0xffff80003b835360 user=0xffff80003b820000, vmspace=0xfffffd805db4bba0 estcpu=36, cpticks=13, pctcpu=0.0, user=11, sys=2, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 66302 96588 20795 0 4 0x82004 syz-executor 66302 322565 20795 0 2 0x4002004 syz-executor *28937 400570 48653 0 7 0 syz-executor 28937 228927 48653 0 3 0x4000080 fifor syz-executor 28937 267500 48653 0 3 0x4000080 kqsel syz-executor 28937 27918 48653 0 3 0x4000080 kqsel syz-executor 40526 120730 84382 0 2 0xc80 syz-executor 40526 233033 84382 0 3 0x4000080 piperd syz-executor 40526 382 84382 0 3 0x4000080 fsleep syz-executor 40526 357995 84382 0 3 0x4000080 fsleep syz-executor 86553 376637 77631 0 2 0xc80 syz-executor 86553 390946 77631 0 3 0x4000080 netcon syz-executor 86553 372933 77631 0 3 0x4000080 fsleep syz-executor 48653 394706 74720 0 7 0x2 syz-executor 9385 3924 4555 0 3 0x3000 suspend syz-executor 9385 60064 4555 0 2 0x4081000 syz-executor 9385 124922 4555 0 3 0x4081000 inode syz-executor 58180 280487 21451 0 3 0x3000 suspend syz-executor 58180 379029 21451 0 2 0x4081000 syz-executor 58180 388351 21451 0 3 0x4081000 inode syz-executor 58180 94358 21451 0 3 0x4081000 inode syz-executor 67410 269803 74720 0 2 0xc82 syz-executor 83358 480924 0 0 3 0x14200 acct acct 71985 315433 74720 0 2 0x2 syz-executor 20795 12988 74720 0 2 0xc82 syz-executor 84382 66879 74720 0 2 0xc82 syz-executor 77631 90218 74720 0 2 0xc82 syz-executor 21451 341422 74720 0 2 0xc82 syz-executor 4555 76675 74720 0 2 0xc82 syz-executor 94097 91864 1 0 2 0x100083 getty 7719 501108 0 0 3 0x14200 bored sosplice 74720 259433 64279 0 3 0x82 kqread syz-executor 64279 229495 89274 0 3 0x10008a sigsusp ksh 89274 219129 33618 0 3 0x98 kqread sshd-session 33618 364664 32959 0 3 0x92 kqread sshd-session 32959 238526 1 0 3 0x88 kqread sshd 52039 130926 76208 74 2 0x1100092 pflogd 76208 174674 1 0 3 0x80 sbwait pflogd 68859 513303 195 73 3 0x1100090 kqread syslogd 195 354819 1 0 3 0x100082 sbwait syslogd 35041 179164 1 0 3 0x100080 kqread resolvd 95262 118067 0 0 3 0x14200 bored smr 14295 12797 0 0 3 0x14200 pgzero zerothread 25974 128178 0 0 3 0x14200 aiodoned aiodoned 83032 75517 0 0 3 0x14200 syncer update 93859 249198 0 0 3 0x14200 cleaner cleaner 66363 135354 0 0 3 0x14200 reaper reaper 47678 291123 0 0 3 0x14200 pgdaemon pagedaemon 77879 289227 0 0 3 0x14200 bored viomb 169 240003 0 0 3 0x40014200 acpi0 acpi0 11471 282691 0 0 3 0x40014200 idle1 25695 480153 0 0 3 0x14200 bored softnet7 95175 27026 0 0 3 0x14200 bored softnet6 61511 340034 0 0 3 0x14200 bored softnet5 4377 505102 0 0 3 0x14200 bored softnet4 1799 173888 0 0 3 0x14200 bored softnet3 83249 345133 0 0 3 0x14200 bored softnet2 22472 66010 0 0 3 0x14200 bored softnet1 50775 64951 0 0 3 0x14200 netlock softnet0 70183 398957 0 0 2 0x40014200 systqmp 34912 180737 0 0 3 0x14200 bored systq 93562 31065 0 0 2 0x14200 softclockmp 34152 18461 0 0 3 0x40014200 netlock softclock 25682 330323 0 0 3 0x40014200 idle0 1 133762 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 9385 (syz-executor) thread 0xffff800036018020 (60064) Process 9385 (syz-executor) thread 0xffff800036019778 (124922) Process 58180 (syz-executor) thread 0xffff80003b8542d8 (379029) Process 58180 (syz-executor) thread 0xffff80002a2c94d8 (94358) Process 71985 (syz-executor) thread 0xffff80002a3c9a28 (315433) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10258 11095K 11914K 166960K 16297 0 pcb 17 16K 17K 166960K 1445 0 rtable 212 15K 16K 166960K 1186 0 pf 39 18K 67486K 166960K 610 0 ifaddr 35 7K 8K 166960K 353 0 ifgroup 63 2K 3K 166960K 625 0 sysctl 4 1K 9K 166960K 114 0 counters 72 37K 38K 166960K 728 0 ioctlops 0 0K 4K 166960K 2641 0 iov 1 16K 32K 166960K 488 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1484 93K 94K 166960K 6248 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 52K 56K 166960K 80 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 247 0 dirhash 12 2K 2K 166960K 102 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 240K 166960K 5857 0 sigio 0 0K 0K 166960K 107 0 proc 66 83K 164K 166960K 1480 0 subproc 72 4K 4K 166960K 199 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 879 0 in_multi 59 4K 7K 166960K 507 0 ether_multi 1 0K 0K 166960K 69 0 mrt 1 0K 0K 166960K 32 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 241 1076K 1076K 166960K 241 0 exec 0 0K 1K 166960K 1551 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 13 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 232 135K 191K 166960K 53420 0 UVM aobj 185 9K 9K 166960K 206 0 pinsyscall 36 72K 106K 166960K 7226 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 449 0 NDP 16 0K 2K 166960K 260 0 temp 88 8652K 8764K 166960K 272456 0 kqueue 8 14K 32K 166960K 1193 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 716 0 715 5 4 1 2 0 8 0 rtentry 176 422 0 357 7 3 4 5 0 8 0 unpcb 144 3967 0 3955 26 23 3 8 0 8 2 syncache 336 8 0 8 2 2 0 1 0 8 0 tcpqe 32 3 0 3 2 2 0 1 0 8 0 tcpcb 736 1950 0 1943 33 31 2 7 0 8 1 arp 128 61 0 51 1 0 1 1 0 8 0 inpcb 328 6819 0 6809 53 46 7 12 0 8 6 nd6 144 66 0 54 1 0 1 1 0 8 0 pkpcb 40 51 0 51 12 11 1 1 0 8 1 kcovpl 48 22 0 14 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1192 267 0 267 3 2 1 1 0 8 1 pppxif 1504 26 0 26 12 12 0 1 0 8 0 pffrag 232 26 0 18 1 0 1 1 0 482 0 pffrnode 88 26 0 18 1 0 1 1 0 8 0 pffrent 40 77 0 69 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 7 0 7 4 4 0 1 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pfstitem 24 384 0 257 1 0 1 1 0 8 0 pfstkey 128 386 0 259 5 0 5 5 0 8 0 pfstate 384 382 0 257 15 1 14 14 0 8 0 pfrule 1344 23 0 18 2 1 1 2 0 8 0 rttmr 136 6 0 6 6 6 0 1 0 8 0 art_heap8 4096 6 0 2 6 1 5 5 0 8 1 art_heap4 256 1960 0 1675 47 20 27 28 0 8 4 art_table 40 1966 0 1677 7 2 5 5 0 8 0 art_node 32 416 0 361 1 0 1 1 0 8 0 sysvmsgpl 40 31 0 21 1 0 1 1 0 8 0 semupl 112 3 0 3 3 3 0 1 0 8 0 semapl 112 238 0 228 1 0 1 1 0 8 0 shmpl 112 203 0 21 6 0 6 6 0 8 0 dirhash 1024 77 0 60 3 0 3 3 0 8 0 dino2pl 256 12827 0 11274 98 0 98 98 0 8 0 ffsino 296 12827 0 11274 121 1 120 120 0 8 0 nchpl 144 20745 0 19003 65 0 65 65 0 8 0 rtmask 32 60 0 60 12 11 1 1 0 8 1 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 74924 0 74921 9 8 1 2 0 8 0 percpumem 16 379 0 328 1 0 1 1 0 8 0 kstatmem 264 434 0 400 4 1 3 3 0 8 0 acpiwqpl 32 7 0 7 1 0 1 1 1 8 1 scsiplug 72 36 0 36 13 12 1 1 0 8 1 scxspl 216 167796 0 167796 27 25 2 8 1 8 2 plimitpl 152 1361 0 1341 1 0 1 1 0 8 0 sigapl 424 6078 0 6026 9 1 8 9 0 8 1 knotepl 120 699 0 0 17 0 17 17 0 8 0 kqueuepl 224 2159 0 2150 12 11 1 5 0 8 0 pipepl 344 941 0 912 21 18 3 9 0 8 0 fdescpl 528 6021 0 5993 3 0 3 3 0 8 0 filepl 160 44740 0 44459 58 43 15 20 0 8 3 lockfpl 104 3282 0 3281 4 3 1 2 0 8 0 lockfspl 48 1133 0 1132 1 0 1 1 0 8 0 sessionpl 144 40 0 32 1 0 1 1 0 8 0 pgrppl 48 130 0 114 1 0 1 1 0 8 0 ucredpl 104 8563 0 8552 1 0 1 1 0 8 0 zombiepl 144 7201 0 7198 1 0 1 1 0 8 0 processpl 1232 6078 0 6026 6 0 6 6 0 8 0 procpl 664 15802 0 15736 9 1 8 9 0 8 1 sosppl 168 39 0 39 10 9 1 1 0 8 1 sockpl 752 11803 0 11780 74 64 10 28 0 8 7 mcl64k 65536 7 0 0 1 0 1 1 0 8 0 mcl16k 16384 5 0 0 1 0 1 1 0 8 0 mcl12k 12288 3 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 136 0 0 17 1 16 17 0 8 0 mcl2k2 2112 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 63 0 0 7 0 7 7 0 8 0 mtagpl 96 12 0 0 1 0 1 1 0 8 0 mbufpl 256 1309 0 0 79 0 79 79 0 8 0 bufpl 280 74984 0 68839 440 0 440 440 0 8 0 anonpl 32 15333 0 0 123 0 123 123 0 246 0 amapchunkpl 152 188295 0 187673 83 54 29 38 0 158 3 amappl16 200 22861 0 22584 182 163 19 35 0 8 4 amappl15 192 6 0 6 1 1 0 1 0 8 0 amappl14 184 149 0 140 1 0 1 1 0 8 0 amappl13 176 2 0 2 2 2 0 1 0 8 0 amappl12 168 6887 0 6859 2 0 2 2 0 8 0 amappl11 160 53 0 45 1 0 1 1 0 8 0 amappl10 152 4 0 4 1 1 0 1 0 8 0 amappl9 144 252 0 251 2 1 1 1 0 8 0 amappl8 136 25 0 22 1 0 1 1 0 8 0 amappl7 128 139 0 129 1 0 1 1 0 8 0 amappl6 120 325 0 320 1 0 1 1 0 8 0 amappl5 112 190 0 183 1 0 1 1 0 8 0 amappl4 104 326 0 308 1 0 1 1 0 8 0 amappl3 96 39319 0 39212 4 0 4 4 0 8 0 amappl2 88 898 0 850 2 0 2 2 0 8 0 amappl1 80 32393 0 31880 19 4 15 16 0 8 0 amappl 88 51557 0 51380 5 0 5 5 0 92 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma16384 16384 2 0 2 2 2 0 1 0 8 0 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 2 0 1 0 8 0 dma128 128 257 0 257 5 5 0 1 0 8 0 dma64 64 11 0 11 5 5 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 205 0 21 4 0 4 4 0 8 0 uaddrrnd 24 6021 0 5993 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 6021 0 5993 1 0 1 1 0 8 0 vmmpekpl 168 44956 0 44892 4 0 4 4 0 8 0 vmmpepl 168 378131 0 376161 162 65 97 120 0 357 3 vmsppl 488 6020 0 5993 7 2 5 5 0 8 0 rwobjpl 80 100871 0 93693 164 13 151 156 0 8 0 pdppl 4096 12049 0 11986 135 68 67 85 0 8 4 pvpl 32 23753 0 0 192 1 191 192 0 265 0 pmappl 256 6020 0 5993 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 451 0 139 10 0 10 10 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff8385dff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x68 savectx() at savectx+0xae end of kernel end trace frame: 0x7a1904016ce0, count: 10 ddb{0}> trace x86_ipi_db(ffffffff8385dff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x68 savectx() at savectx+0xae end of kernel end trace frame: 0x7a1904016ce0, count: -5 ddb{0}> machine ddbcpu 1 Stopped at proc_trampoline+0xc7: movl $0,%gs:0x688 proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7a1904016ad0, count: 14 ddb{1}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7a1904016ad0, count: -1