login: uvm_fault(0xfffff8006c693b88, 0x98, 0, 1) -> e
fatal page fault in supervisor mode
trap type 6 code 0 rip ffffffff81235a18 cs 8 rflags 10246 cr2 98 cpl 0 rsp ffff80003c3f38b0
gsbase 0xffff80002999dff0 kgsbase 0x0
panic: trap type 6, code=0, pc=ffffffff81235a18
Starting stack trace...
panic(ffffffff834eb72c) at panic+0x1d0 sys/kern/subr_prf.c:229
kerntrap(ffff80003c3f3800) at kerntrap+0x30b
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
dovutimens(ffff80002a2207e0,fffff8006b76d480,ffff80003c3f39e0) at dovutimens+0x368 sys/kern/vfs_syscalls.c:2690
sys_futimes(ffff80002a2207e0,ffff80003c3f3b30,ffff80003c3f3a80) at sys_futimes+0x208 sys/kern/vfs_syscalls.c:2732
syscall(ffff80003c3f3b30) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c3f3b30) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9d1d84dc230, count: 250
End of stack trace.
WARNING: SPL NOT LOWERED ON SYSCALL 38 -1555865424 EXIT 0 4
Stopped at savectx+0xae: movl $0,%gs:0x688
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*266535 87571 0 0x100002 0 1 sh
309258 54687 0 0x100003 0x80 0 getty
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7449e9ee4a30, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: uvm_fault(0xfffff8006c693b88, 0x98, 0, 1) -> e
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7449e9ee4a30, count: -1
ddb{1}> show registers
rdi 0
rsi 0
rbp 0xffff80002a364e50
rbx 0
rdx 0
rcx 0xffff80003c3ea7f8
rax 0x3c
r8 0xffff80002a364d80
r9 0xfffff800097fd680
r10 0x59c7c23ca24967d
r11 0xa4cb0288f276017a
r12 0
r13 0
r14 0xffff80003c3ea7f8
r15 0
rip 0xffffffff820d43ee savectx+0xae
cs 0x8
rflags 0x46
rsp 0xffff80002a364dd0
ss 0x10
savectx+0xae: movl $0,%gs:0x688
ddb{1}> show proc
PROC (sh) tid=266535 pid=87571 tcnt=1 stat=onproc
flags process=100002<EXEC,PLEDGE> proc=0
runpri=86, usrpri=86, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000fffe8550,0xffff80003c3eb798
process=0xffff80003c4689c8 user=0xffff80002a35f000, vmspace=0xfffff8006c6937b8
estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
34651 278258 9405 0 2 0 syz-executor
34651 373441 9405 0 3 0x4000080 fsleep syz-executor
99785 35658 66302 0 2 0 syz-executor
99785 204458 66302 0 3 0x4000080 fifor syz-executor
69467 113134 39142 0 2 0 syz-executor
69467 257819 39142 0 3 0x4000000 sbar syz-executor
15137 275842 89514 0 2 0x10 syz-executor
15137 213943 89514 0 3 0x4000090 fsleep syz-executor
15137 29010 89514 0 3 0x4000090 fsleep syz-executor
*87571 266535 4865 0 7 0x100002 sh
74684 379452 56368 60929 2 0xc91 syz-executor
74684 374085 56368 60929 3 0x4000091 sbwait syz-executor
74684 247287 56368 60929 3 0x4000091 fsleep syz-executor
4865 431405 91559 0 3 0x82 wait syz-executor
54687 309258 1 0 7 0x100083 getty
31006 317753 0 0 3 0x14280 nfsidl nfsio
50704 168833 0 0 3 0x14280 nfsidl nfsio
48747 32207 0 0 3 0x14280 nfsidl nfsio
23608 75696 0 0 3 0x14280 nfsidl nfsio
58798 83230 0 0 3 0x14280 nfsidl nfsio
16941 131221 0 0 3 0x14280 nfsidl nfsio
4209 447335 0 0 3 0x14280 nfsidl nfsio
4718 321401 0 0 3 0x14280 nfsidl nfsio
74706 221381 0 0 3 0x14280 nfsidl nfsio
50825 481935 0 0 3 0x14280 nfsidl nfsio
98972 91032 0 0 3 0x14280 nfsidl nfsio
48301 93368 0 0 3 0x14280 nfsidl nfsio
86073 347742 0 0 3 0x14280 nfsidl nfsio
37488 65637 0 0 3 0x14280 nfsidl nfsio
80313 59284 0 0 3 0x14280 nfsidl nfsio
73583 411677 0 0 3 0x14280 nfsidl nfsio
51268 120260 0 0 3 0x14280 nfsidl nfsio
19101 365064 0 0 3 0x14280 nfsidl nfsio
31642 27656 0 0 3 0x14280 nfsidl nfsio
56939 25407 0 0 3 0x14280 nfsidl nfsio
9818 523536 32244 0 3 0x100082 sbwait arp
32244 121773 22955 0 3 0x10008a sigsusp sh
22955 380205 91559 0 3 0x82 wait syz-executor
66302 430442 91559 0 2 0xc82 syz-executor
39142 519871 91559 0 2 0xc82 syz-executor
56368 2962 91559 0 2 0xc82 syz-executor
62673 416825 91559 0 3 0x82 wait syz-executor
89514 371590 91559 0 2 0xc82 syz-executor
9405 465053 91559 0 2 0xc82 syz-executor
91559 434200 14662 0 3 0x82 kqread syz-executor
14662 130287 59789 0 3 0x10008a sigsusp ksh
59789 54428 90653 0 3 0x98 kqread sshd-session
90653 497551 53609 0 3 0x92 kqread sshd-session
53609 71971 1 0 3 0x88 kqread sshd
29263 465117 91718 74 3 0x1100092 bpf pflogd
91718 472851 1 0 3 0x80 sbwait pflogd
71743 416246 75086 73 3 0x1100090 kqread syslogd
75086 94300 1 0 3 0x100082 sbwait syslogd
43670 270134 1 0 3 0x100080 kqread resolvd
40714 444885 20980 77 3 0x100092 kqread dhcpleased
18228 105711 20980 77 3 0x100092 kqread dhcpleased
20980 399853 1 0 3 0x80 kqread dhcpleased
84968 168505 0 0 2 0x40014200 smr
69339 464104 0 0 2 0x14200 zerothread
75983 482244 0 0 3 0x14200 aiodoned aiodoned
20544 111405 0 0 3 0x14200 syncer update
24353 10238 0 0 3 0x14200 cleaner cleaner
52955 404981 0 0 3 0x14200 reaper reaper
42920 188810 0 0 3 0x14200 pgdaemon pagedaemon
50713 190620 0 0 3 0x14200 bored viomb
69478 254796 0 0 3 0x40014200 acpi0 acpi0
5439 244737 0 0 3 0x40014200 idle1
82046 9035 0 0 3 0x14200 bored softnet1
65741 247852 0 0 2 0x14200 softnet0
51610 317348 0 0 2 0x14200 systqmp
3765 45827 0 0 3 0x14200 bored systq
80388 83736 0 0 3 0x14200 tmoslp softclockmp
47098 34562 0 0 3 0x40014200 tmoslp softclock
81305 140849 0 0 3 0x40014200 idle0
1 355284 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 69467 (syz-executor) thread 0xffff80002a2207e0 (257819)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83b2df00)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline]
#1 syscall+0xaf4 sys/arch/amd64/amd64/trap.c:783
#2 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11081 12156K 12439K 166960K 12482 0
pcb 17 12K 12K 166960K 51 0
rtable 196 7K 8K 166960K 380 0
pf 38 18K 24K 166960K 103 0
ifaddr 36 5K 7K 166960K 54 0
ifgroup 59 2K 2K 166960K 79 0
sysctl 3 1K 9K 166960K 8 0
counters 72 37K 37K 166960K 100 0
ioctlops 0 0K 4K 166960K 1599 0
iov 0 0K 16K 166960K 9 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1485 93K 93K 166960K 1843 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 9 0
VM map 2 1K 1K 166960K 2 0
sem 8 0K 0K 166960K 119 0
dirhash 12 2K 2K 166960K 15 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 19 69K 93K 166960K 395 0
sigio 0 0K 0K 166960K 2 0
proc 73 115K 196K 166960K 593 0
subproc 72 4K 4K 166960K 81 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 95 0
in_multi 67 5K 6K 166960K 91 0
ether_multi 1 0K 0K 166960K 1 0
mrt 0 0K 0K 166960K 14 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 73 334K 334K 166960K 73 0
exec 0 0K 1K 166960K 409 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 238 162K 186K 166960K 5430 0
UVM aobj 13 2K 2K 166960K 13 0
pinsyscall 45 90K 108K 166960K 1566 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 9 0
NDP 13 0K 1K 166960K 35 0
temp 43 9112K 9176K 166960K 13031 0
kqueue 14 22K 26K 166960K 71 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 48 0 44 1 0 1 1 0 8 0
rtentry 176 106 0 25 5 0 5 5 0 8 0
unpcb 144 305 0 276 7 5 2 6 0 8 0
syncache 336 7 0 7 2 2 0 1 0 8 0
tcpcb 736 68 0 63 1 0 1 1 0 8 0
arp 136 17 0 4 1 0 1 1 0 8 0
inpcb 328 237 0 229 3 1 2 2 0 8 1
nd6 152 22 0 6 1 0 1 1 0 8 0
kcovpl 48 9 0 1 1 0 1 1 0 8 0
ppxss 1192 12 0 12 3 2 1 1 0 8 1
pfstscr 40 134 0 130 1 0 1 1 0 8 0
pffrag 232 1 0 0 1 0 1 1 0 482 0
pffrnode 88 1 0 0 1 0 1 1 0 8 0
pffrent 40 1 0 0 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 1 0 1 1 1 0 1 0 8 0
pfsrclim 320 1 0 1 1 1 0 1 0 8 0
pfstlim 224 1 0 1 1 0 1 1 0 8 1
pfanchor 1288 3 0 0 1 0 1 1 0 8 0
pftag 88 3 0 0 1 0 1 1 0 8 0
pfstitem 24 46 0 1 1 0 1 1 0 8 0
pfstkey 128 176 0 131 2 0 2 2 0 8 0
pfstate 448 110 0 66 5 0 5 5 0 8 0
pfrule 1360 31 0 26 2 1 1 2 0 8 0
rttmr 136 1 0 1 1 0 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 427 0 88 27 1 26 27 0 8 1
art_table 40 428 0 88 5 0 5 5 0 8 0
art_node 32 105 0 31 1 0 1 1 0 8 0
sysvmsgpl 40 1 0 0 1 0 1 1 0 8 0
semupl 112 1 0 1 1 0 1 1 0 8 1
semapl 72 117 0 111 1 0 1 1 0 8 0
shmpl 112 10 0 0 1 0 1 1 0 8 0
dirhash 1024 19 0 2 3 0 3 3 0 8 0
dino2pl 256 2035 0 566 93 0 93 93 0 8 0
ffsino 296 2035 0 566 114 0 114 114 0 8 0
nchpl 144 2585 0 877 64 0 64 64 0 8 0
rtmask 32 2 0 2 1 0 1 1 0 8 1
vnodes 216 2510 0 0 140 0 140 140 0 8 0
namei 1024 8679 0 8679 2 1 1 1 0 8 1
percpumem 16 65 0 14 1 0 1 1 0 8 0
kstatmem 264 47 0 16 3 0 3 3 0 8 0
scsiplug 72 1 0 1 1 1 0 1 0 8 0
scxspl 216 9023 0 9023 11 10 1 8 1 8 1
plimitpl 152 57 0 37 1 0 1 1 0 8 0
sigapl 424 733 0 664 8 0 8 8 0 8 0
knotepl 120 449 0 0 14 0 14 14 0 8 0
kqueuepl 224 128 0 118 3 0 3 3 0 8 2
pipepl 344 142 0 115 3 0 3 3 0 8 0
fdescpl 528 697 0 664 3 0 3 3 0 8 0
filepl 160 3624 0 3388 19 6 13 16 0 8 3
lockfpl 104 283 0 280 2 0 2 2 0 8 1
lockfspl 48 136 0 133 1 0 1 1 0 8 0
sessionpl 144 103 0 92 1 0 1 1 0 8 0
pgrppl 48 115 0 96 1 0 1 1 0 8 0
ucredpl 104 492 0 476 1 0 1 1 0 8 0
zombiepl 144 741 0 740 1 0 1 1 0 8 0
processpl 1232 733 0 664 6 0 6 6 0 8 0
procpl 664 1191 0 1115 8 0 8 8 0 8 1
sockpl 752 629 0 588 18 13 5 17 0 8 0
mcl64k 65536 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 121 0 0 16 0 16 16 0 8 1
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 26 0 0 4 0 4 4 0 8 0
mtagpl 96 42 0 0 2 0 2 2 0 8 0
mbufpl 256 263 0 0 17 0 17 17 0 8 0
bufpl 280 3031 0 105 209 0 209 209 0 8 0
anonpl 32 7713 0 0 64 1 63 63 0 246 0
amapchunkpl 152 16188 0 15719 30 4 26 26 0 158 5
amappl16 200 2371 0 2346 17 3 14 14 0 8 9
amappl15 192 22 0 22 1 1 0 1 0 8 0
amappl14 184 429 0 426 1 0 1 1 0 8 0
amappl13 176 125 0 112 1 0 1 1 0 8 0
amappl12 168 963 0 931 2 0 2 2 0 8 0
amappl11 160 76 0 75 1 0 1 1 0 8 0
amappl10 152 71 0 57 1 0 1 1 0 8 0
amappl9 144 280 0 280 1 1 0 1 0 8 0
amappl8 136 101 0 99 1 0 1 1 0 8 0
amappl7 128 148 0 134 1 0 1 1 0 8 0
amappl6 120 159 0 155 1 0 1 1 0 8 0
amappl5 112 98 0 87 1 0 1 1 0 8 0
amappl4 104 300 0 278 1 0 1 1 0 8 0
amappl3 96 3173 0 3060 4 0 4 4 0 8 0
amappl2 88 560 0 493 2 0 2 2 0 8 0
amappl1 80 11979 0 11349 17 1 16 17 0 8 0
amappl 88 4652 0 4491 6 1 5 5 0 92 0
uvmvnodes 80 109 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 2 0 1 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 19 0 18 1 0 1 1 0 8 0
aobjpl 72 12 0 0 1 0 1 1 0 8 0
uaddrrnd 24 697 0 664 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 697 0 664 1 0 1 1 0 8 0
vmmpekpl 168 7831 0 7787 3 0 3 3 0 8 0
vmmpepl 168 53668 0 51704 107 8 99 99 0 357 3
vmsppl 488 696 0 664 5 0 5 5 0 8 0
rwobjpl 80 18220 0 17122 32 4 28 28 0 8 1
pdppl 4096 1401 0 1328 107 32 75 85 0 8 2
pvpl 32 16046 0 0 130 0 130 130 0 265 0
pmappl 256 696 0 664 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 288 0 39 8 0 8 8 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff83976ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83b2d700) at __mp_lock+0x199 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff83b2d700) at __mp_lock+0x199 sys/kern/kern_lock.c:173
__mp_acquire_count(ffffffff83b2d700,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1
sleep_finish(ffffffffffffffff,1) at sleep_finish+0x2d8 sys/kern/kern_synch.c:369
ttread(ffff800000c04e00,ffff80003c40dc48,0) at ttread+0x7de ttysleep_nsec sys/kern/tty.c:2325 [inline]
ttread(ffff800000c04e00,ffff80003c40dc48,0) at ttread+0x7de ttysleep sys/kern/tty.c:2315 [inline]
ttread(ffff800000c04e00,ffff80003c40dc48,0) at ttread+0x7de sys/kern/tty.c:1587
spec_read(ffff80003c40daa0) at spec_read+0x14b sys/kern/spec_vnops.c:215
VOP_READ(fffff800602edce0,ffff80003c40dc48,0,fffff800097fdf08) at VOP_READ+0x101 sys/kern/vfs_vops.c:227
vn_read(fffff8006c5ba680,ffff80003c40dc48,0) at vn_read+0x17b sys/kern/vfs_vnops.c:375
dofilereadv(ffff80003c400d20,0,ffff80003c40dc48,0,ffff80003c40dd00) at dofilereadv+0x25a sys/kern/sys_generic.c:252
sys_read(ffff80003c400d20,ffff80003c40ddb0,ffff80003c40dd00) at sys_read+0xa2 sys/kern/sys_generic.c:172
syscall(ffff80003c40ddb0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c40ddb0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x72f644106bf0, count: 1
ddb{0}> trace
x86_ipi_db(ffffffff83976ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83b2d700) at __mp_lock+0x199 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff83b2d700) at __mp_lock+0x199 sys/kern/kern_lock.c:173
__mp_acquire_count(ffffffff83b2d700,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1
sleep_finish(ffffffffffffffff,1) at sleep_finish+0x2d8 sys/kern/kern_synch.c:369
ttread(ffff800000c04e00,ffff80003c40dc48,0) at ttread+0x7de ttysleep_nsec sys/kern/tty.c:2325 [inline]
ttread(ffff800000c04e00,ffff80003c40dc48,0) at ttread+0x7de ttysleep sys/kern/tty.c:2315 [inline]
ttread(ffff800000c04e00,ffff80003c40dc48,0) at ttread+0x7de sys/kern/tty.c:1587
spec_read(ffff80003c40daa0) at spec_read+0x14b sys/kern/spec_vnops.c:215
VOP_READ(fffff800602edce0,ffff80003c40dc48,0,fffff800097fdf08) at VOP_READ+0x101 sys/kern/vfs_vops.c:227
vn_read(fffff8006c5ba680,ffff80003c40dc48,0) at vn_read+0x17b sys/kern/vfs_vnops.c:375
dofilereadv(ffff80003c400d20,0,ffff80003c40dc48,0,ffff80003c40dd00) at dofilereadv+0x25a sys/kern/sys_generic.c:252
sys_read(ffff80003c400d20,ffff80003c40ddb0,ffff80003c40dd00) at sys_read+0xa2 sys/kern/sys_generic.c:172
syscall(ffff80003c40ddb0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c40ddb0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x72f644106bf0, count: -14
ddb{0}> machine ddbcpu 1
Stopped at savectx+0xae: movl $0,%gs:0x688
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7449e9ee4a30, count: 14
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7449e9ee4a30, count: -1