uvm_fault(0xffffffff83899a28, 0xffff8000277c4b00, 0, 2) -> d fatal page fault in supervisor mode trap type 6 code 2 rip ffffffff821101f2 cs 8 rflags 10206 cr2 ffff8000277c4b00 cpl 0 rsp ffff80002a3e6668 gsbase 0xffff800029a9bff0 kgsbase 0x0 panic: trap type 6, code=2, pc=ffffffff821101f2 Starting stack trace... panic(ffffffff83317482) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80002a3e65b0) at kerntrap+0x29b sys/arch/amd64/amd64/trap.c:327 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b memset() at memset+0x52 ffs_write(ffff80002a3e6950) at ffs_write+0xbab sys/ufs/ffs/ffs_vnops.c:401 VOP_WRITE(fffffd805c087560,ffff80002a3e69e8,23,fffffd807f7d20d0) at VOP_WRITE+0x102 sys/kern/vfs_vops.c:245 vn_rdwr(1,fffffd805c087560,ffff80002a3e6b00,40,0,1,75e00282fc012175,0,1008,0) at vn_rdwr+0x12d sys/kern/vfs_vnops.c:324 acct_process(ffff8000ffffaa60) at acct_process+0x7bb sys/kern/kern_acct.c:245 exit1(ffff8000ffffaa60,0,0,1) at exit1+0x5dd sys/kern/kern_exit.c:229 sys_exit(ffff8000ffffaa60,ffff80002a3e6d40,ffff80002a3e6c90) at sys_exit+0x1a syscall(ffff80002a3e6d40) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a3e6d40) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7eca868071c0, count: 245 End of stack trace. WARNING: SPL NOT LOWERED ON SYSCALL 11 -1 EXIT 0 4 Stopped at savectx+0xae: movl $0,%gs:0x680 TID PID UID PRFLAGS PFLAGS CPU COMMAND *462137 59993 0 0x2 0 1 syz-executor 34481 28300 0 0x14000 0x40000200 0 softclock savectx() at savectx+0xae end of kernel end trace frame: 0x7f4f0f9182c0, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xffffffff83899a28, 0xffff8000277c4b00, 0, 2) -> d ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7f4f0f9182c0, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80002acfc2f0 rbx 0 rdx 0 rcx 0xffff80003c523230 rax 0x33 r8 0xffff80002acfc220 r9 0x1 r10 0x185222ed0bd806bf r11 0xdb42d5d4f528e0d8 r12 0 r13 0 r14 0xffff80003c523230 r15 0 rip 0xffffffff817de3ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80002acfc270 ss 0x10 savectx+0xae: movl $0,%gs:0x680 ddb{1}> show proc PROC (syz-executor) tid=462137 pid=59993 tcnt=1 stat=onproc flags process=2 proc=0 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c522a80,0xffff80003c522050 process=0xffff8000ffff6040 user=0xffff80002acf7000, vmspace=0xfffffd806beb33a8 estcpu=36, cpticks=3, pctcpu=0.30, user=0, sys=76, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 77237 391114 78821 0 2 0 syz-executor 77237 53654 78821 0 3 0x4000080 fsleep syz-executor 93190 114257 69255 0 2 0 syz-executor 93190 221895 69255 0 3 0x4000080 fsleep syz-executor 21724 140607 10857 0 2 0 syz-executor 21724 220757 10857 0 2 0x4000000 syz-executor 94449 22332 1610 0 2 0 syz-executor 94449 370003 1610 0 3 0x4000080 fsleep syz-executor 94449 173447 1610 0 3 0x4000080 sbwait syz-executor 66214 163520 8502 0 2 0x480 syz-executor 66214 456031 8502 0 3 0x4000080 pppxread syz-executor 66214 477338 8502 0 3 0x4000080 fsleep syz-executor 78350 68746 59993 0 2 0x480 syz-executor 78350 130774 59993 0 3 0x4000080 bell syz-executor 78350 400440 59993 0 3 0x4000080 bell syz-executor 78350 1059 59993 0 3 0x4000080 fsleep syz-executor 27259 114389 1 0 3 0x82 nanoslp getty 7489 287643 2649 60929 2 0x10 syz-executor 7489 423423 2649 60929 3 0x4000090 sbwait syz-executor 7489 501046 2649 60929 3 0x4000090 fsleep syz-executor 84987 439674 83776 0 2 0x482 syz-executor 2649 23367 83776 0 2 0x482 syz-executor 8502 414942 83776 0 2 0x482 syz-executor 65895 479411 0 0 3 0x14200 acct acct *59993 462137 83776 0 7 0x2 syz-executor 10857 869 83776 0 2 0x482 syz-executor 32612 209505 98329 0 3 0x82 sbwait sshd-session 1610 114051 83776 0 2 0x482 syz-executor 95689 64859 0 0 3 0x14200 bored sosplice 16568 266155 39127 0 3 0x100082 sbwait arp 39127 494414 1 0 3 0x10008a sigsusp sh 78821 51164 83776 0 2 0x482 syz-executor 69255 364914 83776 0 2 0x482 syz-executor 83776 157899 47054 0 3 0x82 kqread syz-executor 47054 208738 17950 0 3 0x10008a sigsusp ksh 17950 410803 80856 0 3 0x98 kqread sshd-session 80856 247596 98329 0 3 0x92 kqread sshd-session 98329 493297 1 0 3 0x88 kqread sshd 81946 373623 98481 74 3 0x1100092 bpf pflogd 98481 169235 1 0 3 0x80 sbwait pflogd 47984 380084 60533 73 3 0x1100090 kqread syslogd 60533 213087 1 0 3 0x100082 sbwait syslogd 71003 513395 1 0 3 0x100080 kqread resolvd 57310 413090 1222 77 3 0x100092 kqread dhcpleased 6173 275373 1222 77 3 0x100092 kqread dhcpleased 1222 176092 1 0 3 0x80 kqread dhcpleased 12983 218706 0 0 2 0x14200 smr 4825 142069 0 0 3 0x14200 pgzero zerothread 28777 519406 0 0 3 0x14200 aiodoned aiodoned 11567 167784 0 0 3 0x14200 syncer update 20927 153839 0 0 3 0x14200 cleaner cleaner 7445 382554 0 0 3 0x14200 reaper reaper 83205 217040 0 0 3 0x14200 pgdaemon pagedaemon 87766 387430 0 0 3 0x14200 bored viomb 99390 115276 0 0 3 0x40014200 acpi0 acpi0 19658 59549 0 0 3 0x40014200 idle1 36421 141085 0 0 3 0x14200 bored softnet3 26286 322095 0 0 3 0x14200 bored softnet2 883 493790 0 0 3 0x14200 bored softnet1 14698 321744 0 0 2 0x14200 softnet0 46099 10228 0 0 2 0x14200 systqmp 15254 168164 0 0 3 0x14200 bored systq 26529 355897 0 0 2 0x14200 softclockmp 28300 34481 0 0 7 0x40014200 softclock 11411 204617 0 0 3 0x40014200 idle0 1 421157 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 93190 (syz-executor) thread 0xffff8000ffffa540 (114257) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10240 11133K 11498K 166960K 17881 0 pcb 17 20K 22K 166960K 1210 0 rtable 232 11K 11K 166960K 1023 0 pf 35 17K 26K 166960K 345 0 ifaddr 37 8K 8K 166960K 218 0 ifgroup 51 2K 2K 166960K 431 0 sysctl 4 1K 1K 166960K 16 0 counters 62 36K 37K 166960K 544 0 ioctlops 0 0K 8K 166960K 2055 0 iov 0 0K 28K 166960K 739 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1439 90K 91K 166960K 4730 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 5K 13K 166960K 97 0 VM map 2 1K 1K 166960K 2 0 sem 43 12K 20K 166960K 263 0 dirhash 12 2K 3K 166960K 87 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 19 69K 244K 166960K 4661 0 sigio 0 0K 0K 166960K 102 0 proc 74 91K 128K 166960K 1180 0 subproc 81 5K 5K 166960K 148 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 2 0K 0K 166960K 1036 0 in_multi 77 5K 7K 166960K 277 0 ether_multi 1 0K 0K 166960K 23 0 mrt 1 0K 0K 166960K 12 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 259 1155K 1155K 166960K 259 0 exec 0 0K 1K 166960K 1314 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 8 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 262 74K 88K 166960K 44625 0 UVM aobj 124 3K 4K 166960K 129 0 pinsyscall 48 96K 104K 166960K 6042 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 357 0 NDP 13 0K 1K 166960K 160 0 temp 116 8644K 8772K 166960K 237754 0 kqueue 15 24K 32K 166960K 786 0 SYN cache 2 10K 18K 166960K 3 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 481 0 476 4 3 1 3 0 8 0 rtentry 112 311 0 216 4 0 4 4 0 8 0 unpcb 144 4279 0 4258 36 33 3 6 0 8 2 syncache 336 47 0 47 12 11 1 1 0 8 1 tcpqe 32 14 0 14 6 5 1 1 0 8 1 tcpcb 808 1909 0 1887 54 45 9 14 0 8 6 arp 120 44 0 25 1 0 1 1 0 8 0 inpcb 376 6564 0 6537 89 79 10 22 0 8 4 nd6 136 56 0 36 1 0 1 1 0 8 0 pkpcb 40 33 0 33 12 11 1 1 0 8 1 kcovpl 48 16 0 7 1 0 1 1 0 8 0 mppekey 1024 2 0 2 2 2 0 1 0 8 0 ppxss 1168 187 0 187 9 8 1 1 0 8 1 pppxif 1472 22 0 22 6 5 1 1 0 8 1 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pffrag 232 22 0 15 1 0 1 1 0 482 0 pffrnode 88 19 0 13 1 0 1 1 0 8 0 pffrent 40 36 0 29 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 2 0 2 1 1 0 1 0 8 0 pfanchor 1288 2 0 1 2 1 1 1 0 8 0 pftag 88 4 0 4 1 1 0 1 0 8 0 pfstitem 24 337 0 152 2 0 2 2 0 8 0 pfstkey 128 339 0 154 6 0 6 6 0 8 0 pfstate 376 339 0 154 19 0 19 19 0 8 0 pfrule 1344 30 0 21 2 1 1 2 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 1098 0 664 38 9 29 32 0 8 1 art_table 32 1102 0 664 5 0 5 5 0 8 0 art_node 16 261 0 177 1 0 1 1 0 8 0 sysvmsgpl 40 3 0 3 2 2 0 1 0 8 0 semupl 112 9 0 9 8 7 1 1 0 8 1 semapl 112 251 0 210 3 1 2 2 0 8 0 shmpl 112 126 0 5 4 0 4 4 0 8 0 dirhash 1024 67 0 50 3 0 3 3 0 8 0 dino2pl 256 9621 0 8096 96 0 96 96 0 8 0 ffsino 280 9622 0 8097 110 0 110 110 0 8 0 nchpl 144 16224 0 14510 65 1 64 64 0 8 0 rtmask 32 22 0 22 6 6 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 56640 0 56640 7 6 1 2 0 8 1 percpumem 16 286 0 241 1 0 1 1 0 8 0 kstatmem 264 256 0 234 4 2 2 3 0 8 0 acpiwqpl 32 2 0 2 1 0 1 1 1 8 1 scsiplug 72 8 0 8 6 6 0 1 0 8 0 scxspl 216 51644 0 51644 23 22 1 8 1 8 1 plimitpl 152 1006 0 986 1 0 1 1 0 8 0 sigapl 424 4965 0 4910 8 1 7 7 0 8 0 futexpl 64 83526 0 83520 1 0 1 1 0 8 0 knotepl 120 666 0 0 19 1 18 18 0 8 0 kqueuepl 216 1777 0 1763 19 17 2 5 0 8 1 pipepl 328 718 0 687 8 5 3 8 0 8 0 fdescpl 504 4936 0 4902 5 0 5 5 0 8 0 filepl 152 35550 0 35305 55 42 13 22 0 8 1 lockfpl 104 1599 0 1597 2 1 1 2 0 8 0 lockfspl 48 565 0 563 1 0 1 1 0 8 0 sessionpl 144 53 0 44 1 0 1 1 0 8 0 pgrppl 48 135 0 117 1 0 1 1 0 8 0 ucredpl 104 6152 0 6137 1 0 1 1 0 8 0 zombiepl 144 4911 0 4910 5 4 1 1 0 8 0 processpl 1176 4965 0 4910 5 0 5 5 0 8 0 procpl 656 12268 0 12201 9 2 7 7 0 8 0 srpgc 96 17 0 17 6 5 1 1 0 8 1 sosppl 168 33 0 33 9 8 1 1 0 8 1 sockpl 688 11477 0 11425 127 116 11 27 0 8 5 mcl64k 65536 9 0 0 2 0 2 2 0 8 0 mcl16k 16384 4 0 0 1 0 1 1 0 8 0 mcl12k 12288 3 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 6 0 0 1 0 1 1 0 8 0 mcl4k 4096 132 0 0 15 0 15 15 0 8 0 mcl2k2 2112 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 61 0 0 5 0 5 5 0 8 0 mtagpl 96 188 0 0 5 0 5 5 0 8 0 mbufpl 256 1148 0 0 65 0 65 65 0 8 0 bufpl 280 15592 0 9438 440 0 440 440 0 8 0 anonpl 24 563741 0 550609 191 64 127 129 0 184 0 amapchunkpl 152 146966 0 146293 91 58 33 35 0 158 4 amappl16 200 11433 0 10945 96 45 51 52 0 8 0 amappl15 192 4 0 4 1 1 0 1 0 8 0 amappl14 184 177 0 162 1 0 1 1 0 8 0 amappl13 176 4 0 4 1 1 0 1 0 8 0 amappl12 168 5736 0 5700 3 1 2 2 0 8 0 amappl11 160 49 0 35 1 0 1 1 0 8 0 amappl10 152 2 0 2 1 1 0 1 0 8 0 amappl9 144 261 0 261 1 1 0 1 0 8 0 amappl8 136 24 0 21 1 0 1 1 0 8 0 amappl7 128 146 0 132 1 0 1 1 0 8 0 amappl6 120 279 0 273 1 0 1 1 0 8 0 amappl5 112 174 0 162 1 0 1 1 0 8 0 amappl4 104 451 0 430 1 0 1 1 0 8 0 amappl3 96 31097 0 30967 4 0 4 4 0 8 0 amappl2 88 988 0 913 2 0 2 2 0 8 0 amappl1 80 27055 0 26366 22 4 18 18 0 8 0 amappl 88 43801 0 43603 5 0 5 5 0 92 0 dma16384 16384 1 0 1 1 0 1 1 0 8 1 dma4096 4096 2 0 2 2 1 1 1 0 8 1 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 8 0 8 3 3 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 128 0 5 3 0 3 3 0 8 0 uaddrrnd 24 4936 0 4901 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4936 0 4901 1 0 1 1 0 8 0 vmmpekpl 168 36512 0 36447 4 0 4 4 0 8 0 vmmpepl 168 304805 0 302195 163 27 136 140 0 357 1 vmsppl 456 4935 0 4901 5 0 5 5 0 8 0 rwobjpl 64 78657 0 71039 132 4 128 131 0 8 0 pdppl 4096 9880 0 9802 142 62 80 84 0 8 2 pvpl 32 30853 0 0 249 1 248 248 0 265 0 pmappl 248 4935 0 4901 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 466 0 145 10 0 10 10 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff837a8ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff8399aeb0) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff8399aeb0) at __mp_lock+0x192 sys/kern/kern_lock.c:144 __mp_acquire_count(ffffffff8399aeb0,1) at __mp_acquire_count+0x58 mi_switch() at mi_switch+0x4b7 sys/kern/sched_bsd.c:441 sleep_finish(0,1) at sleep_finish+0x24f sys/kern/kern_synch.c:414 msleep(ffffffff83906800,ffffffff837f79f0,0,ffffffff8343a68d,0) at msleep+0x13b sys/kern/kern_synch.c:249 softclock_thread(ffff8000fffff710) at softclock_thread+0x11f sys/kern/kern_timeout.c:806 end trace frame: 0x0, count: 6 ddb{0}> trace x86_ipi_db(ffffffff837a8ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff8399aeb0) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff8399aeb0) at __mp_lock+0x192 sys/kern/kern_lock.c:144 __mp_acquire_count(ffffffff8399aeb0,1) at __mp_acquire_count+0x58 mi_switch() at mi_switch+0x4b7 sys/kern/sched_bsd.c:441 sleep_finish(0,1) at sleep_finish+0x24f sys/kern/kern_synch.c:414 msleep(ffffffff83906800,ffffffff837f79f0,0,ffffffff8343a68d,0) at msleep+0x13b sys/kern/kern_synch.c:249 softclock_thread(ffff8000fffff710) at softclock_thread+0x11f sys/kern/kern_timeout.c:806 end trace frame: 0x0, count: -9 ddb{0}> machine ddbcpu 1 Stopped at savectx+0xae: movl $0,%gs:0x680 savectx() at savectx+0xae end of kernel end trace frame: 0x7f4f0f9182c0, count: 14 ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7f4f0f9182c0, count: -1