uvm_fault(0xffffffff83a03db8, 0xffff800001506000, 0, 2) -> e fatal page fault in supervisor mode trap type 6 code 2 rip ffffffff81b954c0 cs 8 rflags 10216 cr2 ffff800001506000 cpl 0 rsp ffff80003a827700 gsbase 0xffff8000299ddff0 kgsbase 0x0 panic: trap type 6, code=2, pc=ffffffff81b954c0 Starting stack trace... panic(ffffffff833394c1) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80003a827650) at kerntrap+0x29b sys/arch/amd64/amd64/trap.c:327 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b sys_shmat(ffff8000ffff3490,ffff80003a827870,ffff80003a8277c0) at sys_shmat+0xe0 sys/kern/sysv_shm.c:235 syscall(ffff80003a827870) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003a827870) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4e67933400, count: 251 End of stack trace. WARNING: SPL NOT LOWERED ON SYSCALL 83 366181264 EXIT 0 4 Stopped at savectx+0xae: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND *377703 99193 0 0 0 1 syz-executor 93409 53531 0 0x2 0x1 0 syz-executor savectx() at savectx+0xae end of kernel end trace frame: 0x79c8bc92d700, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xffffffff83a03db8, 0xffff800001506000, 0, 2) -> e ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x79c8bc92d700, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80002a32e410 rbx 0 rdx 0 rcx 0xffff8000ffff2f70 rax 0x3a r8 0xffff80002a32e340 r9 0x1 r10 0x7c83bc059590e361 r11 0x740f704782e68240 r12 0 r13 0 r14 0xffff8000ffff2f70 r15 0 rip 0xffffffff822ae3ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80002a32e390 ss 0x10 savectx+0xae: movl $0,%gs:0x688 ddb{1}> show proc PROC (syz-executor) tid=377703 pid=99193 tcnt=2 stat=onproc flags process=0 proc=0 runpri=86, usrpri=86, slppri=16, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000ffff27c0,0xffff8000ffff3210 process=0xffff8000397fc4f8 user=0xffff80002a329000, vmspace=0xfffffd8067aef028 estcpu=36, cpticks=6, pctcpu=0.0, user=2, sys=4, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 18265 357401 22140 0 2 0 syz-executor 18265 3991 22140 0 3 0x4000080 fsleep syz-executor *99193 377703 25664 0 7 0 syz-executor 99193 62923 25664 0 3 0x4000080 fsleep syz-executor 65256 201042 22294 0 2 0 syz-executor 65256 285592 22294 0 3 0x4000000 sbar syz-executor 35470 310001 50792 0 2 0x1 syz-executor 35470 380373 50792 0 3 0x4000080 fsleep syz-executor 26376 319265 75819 0 3 0x80 nanoslp syz-executor 26376 475254 75819 0 3 0x4000080 kqpoll syz-executor 26376 369712 75819 0 3 0x4000080 fsleep syz-executor 26376 87280 75819 0 3 0x4000080 fsleep syz-executor 26851 521942 96950 60929 3 0x90 nanoslp syz-executor 26851 209519 96950 60929 3 0x4000090 msgwait syz-executor 26851 293365 96950 60929 3 0x4000090 fsleep syz-executor 26851 211081 96950 60929 3 0x4000090 fsleep syz-executor 53198 444554 27924 60928 3 0x90 nanoslp syz-executor 53198 353512 27924 60928 3 0x4000090 lockf syz-executor 53198 112662 27924 60928 3 0x4000090 fsleep syz-executor 25664 124364 53531 0 3 0x82 nanoslp syz-executor 57657 115568 0 0 3 0x14200 acct acct 64728 282831 1 0 3 0x100083 ttyin getty 8487 206043 0 0 3 0x14200 bored sosplice 96950 179374 53531 0 3 0x82 nanoslp syz-executor 27924 59528 53531 0 3 0x82 nanoslp syz-executor 22140 282954 53531 0 3 0x82 nanoslp syz-executor 50792 69655 53531 0 3 0x82 nanoslp syz-executor 75819 183764 53531 0 3 0x82 nanoslp syz-executor 28950 415333 53531 0 3 0x82 nanoslp syz-executor 22294 252101 53531 0 2 0x3 syz-executor 53531 93409 84871 0 7 0x3 syz-executor 84871 306687 71191 0 3 0x10008a sigsusp ksh 71191 507504 68406 0 3 0x98 kqread sshd-session 68406 322782 58768 0 3 0x92 kqread sshd-session 58768 489084 1 0 3 0x88 kqread sshd 72301 53148 25564 74 3 0x1100092 bpf pflogd 25564 322719 1 0 3 0x80 sbwait pflogd 78247 237085 66650 73 3 0x1100090 kqread syslogd 66650 299643 1 0 3 0x100082 sbwait syslogd 88401 221002 1 0 3 0x100080 kqread resolvd 53172 56412 41643 77 3 0x100092 kqread dhcpleased 15922 185962 41643 77 3 0x100092 kqread dhcpleased 41643 246796 1 0 3 0x80 kqread dhcpleased 14756 242396 0 0 3 0x14200 bored smr 4954 72104 0 0 2 0x14200 zerothread 16359 407929 0 0 3 0x14200 aiodoned aiodoned 6815 336755 0 0 3 0x14200 syncer update 95288 431269 0 0 3 0x14200 cleaner cleaner 92420 296425 0 0 3 0x14200 reaper reaper 29032 298296 0 0 3 0x14200 pgdaemon pagedaemon 46312 93896 0 0 3 0x14200 bored viomb 8007 480238 0 0 3 0x40014200 acpi0 acpi0 29053 430360 0 0 3 0x40014200 idle1 62205 362716 0 0 3 0x14200 bored softnet3 85459 79882 0 0 3 0x14200 bored softnet2 95589 503412 0 0 3 0x14200 bored softnet1 64502 319688 0 0 3 0x14200 netlock softnet0 94911 463558 0 0 2 0x40014200 systqmp 76349 309191 0 0 3 0x14200 bored systq 73505 3936 0 0 3 0x14200 tmoslp softclockmp 84617 47552 0 0 3 0x40014200 tmoslp softclock 19285 510804 0 0 3 0x40014200 idle0 1 187606 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 65256 (syz-executor) thread 0xffff8000ffff3490 (285592) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10205 11037K 11631K 166960K 13628 0 pcb 17 14K 16K 166960K 332 0 rtable 228 11K 11K 166960K 552 0 pf 36 18K 82K 166960K 180 0 ifaddr 41 7K 8K 166960K 115 0 ifgroup 51 2K 2K 166960K 186 0 sysctl 3 1K 9K 166960K 12 0 counters 66 36K 37K 166960K 274 0 ioctlops 0 0K 4K 166960K 1704 0 iov 0 0K 20K 166960K 63 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1530 96K 97K 166960K 2966 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 4 13K 13K 166960K 35 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 39 0 dirhash 12 2K 3K 166960K 36 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 89K 166960K 1240 0 sigio 0 0K 0K 166960K 34 0 proc 73 91K 152K 166960K 660 0 subproc 72 4K 4K 166960K 81 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 147 0 in_multi 90 6K 7K 166960K 172 0 ether_multi 1 0K 0K 166960K 16 0 mrt 2 0K 0K 166960K 10 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 103 466K 466K 166960K 103 0 exec 0 0K 1K 166960K 576 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 253 168K 181K 166960K 12774 0 UVM aobj 51 4K 4K 166960K 60 0 pinsyscall 43 86K 104K 166960K 2351 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 50 0 NDP 13 0K 2K 166960K 75 0 temp 66 8693K 8762K 166960K 44476 0 kqueue 13 20K 38K 166960K 227 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 91 0 88 1 0 1 1 0 8 0 rtentry 176 173 0 77 6 0 6 6 0 8 0 unpcb 144 857 0 838 10 9 1 6 0 8 0 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 736 291 0 287 5 4 1 4 0 8 0 arp 128 30 0 11 1 0 1 1 0 8 0 inpcb 328 1235 0 1224 18 16 2 10 0 8 0 nd6 144 28 0 7 1 0 1 1 0 8 0 pkpcb 40 22 0 22 3 3 0 1 0 8 0 kcovpl 48 9 0 1 1 0 1 1 0 8 0 ppxss 1192 88 0 88 2 1 1 1 0 8 1 pppxif 1504 8 0 8 2 1 1 1 0 8 1 pfstscr 40 2 0 2 2 2 0 1 0 8 0 pffrag 232 10 0 1 1 0 1 1 0 482 0 pffrnode 88 9 0 1 1 0 1 1 0 8 0 pffrent 40 13 0 3 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 4 0 3 1 0 1 1 0 8 0 pfanchor 1288 2 0 1 1 0 1 1 0 8 0 pfanchor: pool(0xffffffff83966358:pfanchor): page inconsistency: page 0xffff8000ffffffff; at page head addr 0xffff8000014c3f90 (p 0xffff8000014c0000) uvm_fault(0xfffffd8067aef028, 0x10000004f, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff817470d7 cs 8 rflags 10206 cr2 10000004f cpl d rsp ffff80002a32df40 gsbase 0xffff8000299ddff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff817470d7 Starting stack trace... panic(ffffffff833394c1) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80002a32de90) at kerntrap+0x29b sys/arch/amd64/amd64/trap.c:327 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b pool_chk_page(ffffffff83966358,ffffffff,ffffffff) at pool_chk_page+0x57 sys/kern/subr_pool.c:1336 db_show_all_pools(ffffffff822ae3ee,0,ffffffffffffffff,ffff80002a32e050) at db_show_all_pools+0x5c0 pool_chk sys/kern/subr_pool.c:-1 [inline] db_show_all_pools(ffffffff822ae3ee,0,ffffffffffffffff,ffff80002a32e050) at db_show_all_pools+0x5c0 sys/kern/subr_pool.c:1321 db_command(ffffffff83949150,ffffffff83591950) at db_command+0x647 sys/ddb/db_command.c:293 db_command_loop() at db_command_loop+0x132 sys/ddb/db_command.c:732 db_trap(1,0) at db_trap+0x2af sys/ddb/db_trap.c:56 db_ktrap(1,0,ffff80002a32e2e0) at db_ktrap+0x303 sys/arch/amd64/amd64/db_interface.c:152 kerntrap(ffff80002a32e2e0) at kerntrap+0x1dc sys/arch/amd64/amd64/trap.c:323 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b savectx() at savectx+0xae end of kernel end trace frame: 0x79c8bc92d700, count: 245 End of stack trace. WARNING: SPL NOT LOWERED ON TRAP EXIT d 0 Stopped at proc_trampoline+0xc7: movl $0,%gs:0x688 proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7df1bb65a4f0, count: 14 ddb{1}> machine ddbcpu 0