panic: trap type 4, code=0, pc=ffffffff818e173b Starting stack trace... panic(ffffffff833479d2) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80002a7eb770) at kerntrap+0x30b sys/arch/amd64/amd64/trap.c:486 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b sys_semop(ffff80002a341748,ffff80002a7eba20,ffff80002a7eb970) at sys_semop+0x45b sys/kern/sysv_sem.c:615 syscall(ffff80002a7eba20) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a7eba20) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4a0bf7ff220, count: 251 End of stack trace. WARNING: SPL NOT LOWERED ON SYSCALL 91 262412648 EXIT 0 3 Stopped at savectx+0xae: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND 152964 39992 0 0 0x4000000 1 syz-executor *410350 26380 0 0 0 0 syz-executor savectx() at savectx+0xae end of kernel end trace frame: 0x75050fa41950, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu1: trap type 4, code=0, pc=ffffffff818e173b ddb{0}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x75050fa41950, count: -1 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80002a37b290 rbx 0 rdx 0 rcx 0xffff80003b8342c0 rax 0x3a r8 0xffff80002a37b1c0 r9 0 r10 0x18a8e927c6133ea r11 0x1c4a5db7d262ffb6 r12 0 r13 0 r14 0xffff80003b8342c0 r15 0 rip 0xffffffff8180f3ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80002a37b210 ss 0x10 savectx+0xae: movl $0,%gs:0x688 ddb{0}> show proc PROC (syz-executor) tid=410350 pid=26380 tcnt=5 stat=onproc flags process=0 proc=0 runpri=32, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003b8354b0,0xffff80003b834fa0 process=0xffff80003a416c00 user=0xffff80002a376000, vmspace=0xfffffd805dd247c8 estcpu=34, cpticks=1, pctcpu=0.13, user=12, sys=2, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 39992 177572 78124 0 2 0xc80 syz-executor 39992 152964 78124 0 7 0x4000000 syz-executor 39992 206360 78124 0 2 0x4000000 syz-executor 39992 114434 78124 0 3 0x4000080 fsleep syz-executor 95960 311401 58589 0 2 0xc80 syz-executor 95960 60277 58589 0 3 0x4000080 ttyout syz-executor 95960 263676 58589 0 3 0x4000080 ttyout syz-executor 95960 130210 58589 0 3 0x4000080 fsleep syz-executor 37706 309953 88252 0 2 0xc90 syz-executor 37706 478987 88252 0 3 0x4000090 kqread syz-executor 37706 447035 88252 0 3 0x4000090 fsleep syz-executor 60886 164511 74374 0 2 0xc80 syz-executor 60886 464901 74374 0 3 0x4000080 nanoslp syz-executor 60886 71338 74374 0 3 0x4000080 fsleep syz-executor *26380 410350 76937 0 7 0 syz-executor 26380 107035 76937 0 3 0x4000080 kqsel syz-executor 26380 12582 76937 0 3 0x4000080 kqsel syz-executor 26380 248133 76937 0 3 0x4000080 fsleep syz-executor 26380 216341 76937 0 3 0x4000080 fsleep syz-executor 60093 442637 0 0 3 0x14200 acct acct 32957 238683 51503 0 3 0x3000 suspend syz-executor 32957 92242 51503 0 2 0x4081000 syz-executor 54522 57485 1270 0 3 0x3000 suspend syz-executor 54522 204425 1270 0 2 0x4081000 syz-executor 78124 384244 40172 0 2 0xc82 syz-executor 1302 314247 40172 0 2 0xc82 syz-executor 51503 26199 40172 0 2 0xc82 syz-executor 64918 285303 1 0 2 0x100083 getty 76937 227023 40172 0 2 0xc82 syz-executor 48680 498773 0 0 3 0x14200 bored sosplice 1270 94776 40172 0 3 0x82 wait syz-executor 74374 348592 40172 0 2 0xc82 syz-executor 58589 312912 40172 0 2 0xc82 syz-executor 88252 201143 40172 0 2 0xc82 syz-executor 40172 192973 88312 0 3 0x82 kqread syz-executor 88312 22014 83238 0 3 0x10008a sigsusp ksh 83238 405692 37773 0 3 0x98 kqread sshd-session 37773 384985 23518 0 3 0x92 kqread sshd-session 23518 33747 1 0 3 0x88 kqread sshd 4360 156763 40325 74 3 0x1100092 bpf pflogd 40325 472350 1 0 3 0x80 sbwait pflogd 46820 512231 67378 73 2 0x1100090 syslogd 67378 348510 1 0 3 0x100082 sbwait syslogd 13804 141211 1 0 3 0x100080 kqread resolvd 40430 16478 32350 77 3 0x100092 kqread dhcpleased 26827 427855 32350 77 3 0x100092 kqread dhcpleased 32350 309391 1 0 3 0x80 kqread dhcpleased 67313 76334 0 0 3 0x14200 bored smr 20472 211886 0 0 3 0x14200 pgzero zerothread 30827 239274 0 0 3 0x14200 aiodoned aiodoned 39989 249228 0 0 3 0x14200 syncer update 19377 182745 0 0 3 0x14200 cleaner cleaner 6258 217951 0 0 3 0x14200 reaper reaper 85956 84414 0 0 3 0x14200 pgdaemon pagedaemon 61634 16502 0 0 3 0x14200 bored viomb 89017 517525 0 0 3 0x40014200 acpi0 acpi0 7195 247827 0 0 3 0x40014200 idle1 38988 140419 0 0 3 0x14200 bored softnet7 86274 388668 0 0 3 0x14200 bored softnet6 17836 82974 0 0 3 0x14200 bored softnet5 53577 145540 0 0 3 0x14200 bored softnet4 73470 463220 0 0 3 0x14200 bored softnet3 85195 281402 0 0 3 0x14200 bored softnet2 21619 161836 0 0 3 0x14200 bored softnet1 44560 308640 0 0 2 0x14200 softnet0 63975 505931 0 0 3 0x14200 bored systqmp 45485 502597 0 0 3 0x14200 bored systq 32649 50044 0 0 3 0x14200 tmoslp softclockmp 32702 236613 0 0 3 0x40014200 tmoslp softclock 15135 53112 0 0 3 0x40014200 idle0 1 158542 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 39992 (syz-executor) thread 0xffff80002a341748 (152964) Process 32957 (syz-executor) thread 0xffff80002a340d08 (92242) Process 54522 (syz-executor) thread 0xffff80003b835c60 (204425) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10226 11050K 11552K 166960K 15209 0 pcb 17 18K 19K 166960K 610 0 rtable 176 11K 12K 166960K 699 0 pf 33 17K 67486K 166960K 217 0 ifaddr 34 6K 9K 166960K 167 0 ifgroup 50 2K 3K 166960K 276 0 sysctl 3 1K 9K 166960K 18 0 counters 64 36K 37K 166960K 290 0 ioctlops 0 0K 4K 166960K 1934 0 iov 0 0K 24K 166960K 280 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1520 95K 96K 166960K 3801 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 26 0 VM map 2 1K 1K 166960K 2 0 sem 23 17K 17K 166960K 112 0 dirhash 12 2K 2K 166960K 42 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 240K 166960K 2138 0 sigio 0 0K 0K 166960K 36 0 proc 72 115K 196K 166960K 986 0 subproc 72 4K 4K 166960K 135 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 275 0 in_multi 65 4K 7K 166960K 252 0 ether_multi 1 0K 0K 166960K 23 0 mrt 1 0K 0K 166960K 18 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 193 864K 864K 166960K 193 0 exec 0 0K 1K 166960K 1153 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 6 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 283 152K 181K 166960K 20596 0 UVM aobj 43 6K 6K 166960K 46 0 pinsyscall 43 86K 105K 166960K 3386 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 138 0 NDP 10 0K 2K 166960K 114 0 temp 80 8684K 8759K 166960K 78876 0 kqueue 14 22K 31K 166960K 417 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 168 0 165 1 0 1 1 0 8 0 rtentry 176 226 0 165 5 0 5 5 0 8 0 unpcb 144 1799 0 1778 16 10 6 6 0 8 5 syncache 336 8 0 8 3 3 0 1 0 8 0 tcpqe 32 1 0 1 1 1 0 1 0 8 0 tcpcb 736 916 0 909 28 21 7 7 0 8 6 arp 128 26 0 20 1 0 1 1 0 8 0 inpcb 328 2896 0 2885 33 26 7 12 0 8 5 nd6 144 40 0 25 1 0 1 1 0 8 0 pkpcb 40 23 0 23 5 5 0 1 0 8 0 kcovpl 48 15 0 7 1 0 1 1 0 8 0 ppxss 1192 82 0 82 3 2 1 1 0 8 1 pppxif 1504 10 0 10 4 4 0 1 0 8 0 pfstscr 40 3 0 1 1 0 1 1 0 8 0 pffrag 232 17 0 4 1 0 1 1 0 482 0 pffrnode 88 14 0 3 1 0 1 1 0 8 0 pffrent 40 29 0 11 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 129 0 62 1 0 1 1 0 8 0 pfstkey 128 130 0 64 3 0 3 3 0 8 0 pfstate 384 128 0 63 8 0 8 8 0 8 0 pfrule 1344 22 0 17 2 1 1 2 0 8 0 rttmr 136 6 0 6 2 2 0 1 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 1065 0 751 38 12 26 30 0 8 0 art_table 40 1068 0 751 5 0 5 5 0 8 0 art_node 32 223 0 171 1 0 1 1 0 8 0 sysvmsgpl 40 17 0 11 2 1 1 1 0 8 0 semupl 112 4 0 4 4 3 1 1 0 8 1 semapl 112 95 0 75 1 0 1 1 0 8 0 shmpl 112 43 0 3 2 0 2 2 0 8 0 dirhash 1024 38 0 21 3 0 3 3 0 8 0 dino2pl 256 5342 0 3823 96 0 96 96 0 8 0 ffsino 296 5342 0 3823 118 0 118 118 0 8 0 nchpl 144 8173 0 7586 64 39 25 64 0 8 0 rtmask 32 16 0 16 3 3 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 29792 0 29792 3 2 1 2 0 8 1 percpumem 16 160 0 113 1 0 1 1 0 8 0 kstatmem 264 172 0 148 4 2 2 3 0 8 0 scsiplug 72 9 0 9 4 4 0 1 0 8 0 scxspl 216 61954 0 61954 12 11 1 8 1 8 1 plimitpl 152 452 0 433 1 0 1 1 0 8 0 sigapl 424 2392 0 2336 7 0 7 7 0 8 0 knotepl 120 587 0 0 18 0 18 18 0 8 0 kqueuepl 224 868 0 853 11 10 1 5 0 8 0 pipepl 344 451 0 423 17 13 4 9 0 8 0 fdescpl 528 2362 0 2330 3 0 3 3 0 8 0 filepl 160 17670 0 17441 47 27 20 21 0 8 6 lockfpl 104 2258 0 2256 9 7 2 4 0 8 1 lockfspl 48 778 0 776 2 1 1 2 0 8 0 sessionpl 144 34 0 25 1 0 1 1 0 8 0 pgrppl 48 107 0 90 1 0 1 1 0 8 0 ucredpl 104 2709 0 2695 1 0 1 1 0 8 0 zombiepl 144 2451 0 2448 2 1 1 1 0 8 0 processpl 1248 2392 0 2336 5 0 5 5 0 8 0 procpl 656 5674 0 5602 8 1 7 7 0 8 0 sosppl 168 13 0 13 5 5 0 1 0 8 0 sockpl 752 4922 0 4887 68 56 12 20 0 8 8 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl16k 16384 3 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 115 0 0 15 0 15 15 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 62 0 0 6 0 6 6 0 8 0 mtagpl 96 89 0 0 3 0 3 3 0 8 0 mbufpl 256 250 0 0 16 0 16 16 0 8 0 bufpl 280 26654 0 20510 440 0 440 440 0 8 0 anonpl 32 13731 0 0 111 0 111 111 0 246 0 amapchunkpl 152 69437 0 68691 51 21 30 30 0 158 1 amappl16 200 8895 0 8656 69 53 16 28 0 8 3 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 140 0 128 1 0 1 1 0 8 0 amappl13 176 5 0 5 1 1 0 1 0 8 0 amappl12 168 3127 0 3095 3 1 2 2 0 8 0 amappl11 160 51 0 37 1 0 1 1 0 8 0 amappl10 152 7 0 5 1 0 1 1 0 8 0 amappl9 144 263 0 263 1 1 0 1 0 8 0 amappl8 136 46 0 43 1 0 1 1 0 8 0 amappl7 128 126 0 113 1 0 1 1 0 8 0 amappl6 120 270 0 266 1 0 1 1 0 8 0 amappl5 112 176 0 166 1 0 1 1 0 8 0 amappl4 104 320 0 301 1 0 1 1 0 8 0 amappl3 96 14160 0 14015 5 1 4 4 0 8 0 amappl2 88 773 0 709 2 0 2 2 0 8 0 amappl1 80 17229 0 16623 17 3 14 16 0 8 0 amappl 88 19426 0 19214 5 0 5 5 0 92 0 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma512 512 1 0 1 1 1 0 1 0 8 0 dma256 256 7 0 7 2 2 0 1 0 8 0 dma128 128 257 0 257 3 3 0 1 0 8 0 dma64 64 7 0 7 2 2 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 45 0 3 1 0 1 1 0 8 0 uaddrrnd 24 2362 0 2330 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2362 0 2330 1 0 1 1 0 8 0 vmmpekpl 168 18966 0 18908 3 0 3 3 0 8 0 vmmpepl 168 153732 0 151403 124 13 111 112 0 357 9 vmsppl 488 2361 0 2330 6 1 5 5 0 8 0 rwobjpl 80 46818 0 39633 151 0 151 151 0 8 0 pdppl 4096 4732 0 4660 124 52 72 86 0 8 0 pvpl 32 25092 0 0 202 0 202 202 0 265 0 pmappl 256 2361 0 2330 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 347 0 95 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x75050fa41950, count: -1 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83a26468) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83a26468) at __mp_lock+0x192 sys/kern/kern_lock.c:165 __mp_acquire_count(ffffffff83a26468,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 tsleep_nsec(fffffd800cc77470,11,ffffffff833fcaa8,ffffffffffffffff) at tsleep_nsec+0x238 sys/kern/kern_synch.c:-1 biowait(fffffd800cc77470) at biowait+0xc1 sys/kern/vfs_bio.c:1242 bwrite(fffffd800cc77470) at bwrite+0x2e5 sys/kern/vfs_bio.c:754 ffs_update(fffffd806e1cdde8,1) at ffs_update+0x34f sys/ufs/ffs/ffs_inode.c:111 ffs_truncate(fffffd806e1cdde8,0,0,ffffffffffffffff) at ffs_truncate+0xcb6 sys/ufs/ffs/ffs_inode.c:-1 ufs_inactive(ffff80002a7eb4c8) at ufs_inactive+0x206 sys/ufs/ufs/ufs_inode.c:84 VOP_INACTIVE(fffffd805af0bcb0,ffff80002a341748) at VOP_INACTIVE+0x107 sys/kern/vfs_vops.c:498 vput(fffffd805af0bcb0) at vput+0xe5 sys/kern/vfs_subr.c:796 vn_close(fffffd805af0bcb0,2,ffffffffffffffff,ffff80002a341748) at vn_close+0xb7 sys/kern/vfs_vnops.c:294 end trace frame: 0xffff80002a7eb5e0, count: 0 ddb{1}> trace x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83a26468) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline] __mp_lock(ffffffff83a26468) at __mp_lock+0x192 sys/kern/kern_lock.c:165 __mp_acquire_count(ffffffff83a26468,1) at __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1 tsleep_nsec(fffffd800cc77470,11,ffffffff833fcaa8,ffffffffffffffff) at tsleep_nsec+0x238 sys/kern/kern_synch.c:-1 biowait(fffffd800cc77470) at biowait+0xc1 sys/kern/vfs_bio.c:1242 bwrite(fffffd800cc77470) at bwrite+0x2e5 sys/kern/vfs_bio.c:754 ffs_update(fffffd806e1cdde8,1) at ffs_update+0x34f sys/ufs/ffs/ffs_inode.c:111 ffs_truncate(fffffd806e1cdde8,0,0,ffffffffffffffff) at ffs_truncate+0xcb6 sys/ufs/ffs/ffs_inode.c:-1 ufs_inactive(ffff80002a7eb4c8) at ufs_inactive+0x206 sys/ufs/ufs/ufs_inode.c:84 VOP_INACTIVE(fffffd805af0bcb0,ffff80002a341748) at VOP_INACTIVE+0x107 sys/kern/vfs_vops.c:498 vput(fffffd805af0bcb0) at vput+0xe5 sys/kern/vfs_subr.c:796 vn_close(fffffd805af0bcb0,2,ffffffffffffffff,ffff80002a341748) at vn_close+0xb7 sys/kern/vfs_vnops.c:294 acct_shutdown() at acct_shutdown+0x8a sys/kern/kern_acct.c:361 vfs_shutdown(ffff80002a341748) at vfs_shutdown+0x23 sys/kern/vfs_subr.c:1798 boot(100) at boot+0x15c sys/arch/amd64/amd64/machdep.c:914 reboot(100) at reboot+0xb1 sys/kern/kern_xxx.c:75 panic(ffffffff833479d2) at panic+0x1f9 sys/kern/subr_prf.c:231 kerntrap(ffff80002a7eb770) at kerntrap+0x30b sys/arch/amd64/amd64/trap.c:486 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b sys_semop(ffff80002a341748,ffff80002a7eba20,ffff80002a7eb970) at sys_semop+0x45b sys/kern/sysv_sem.c:615 syscall(ffff80002a7eba20) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a7eba20) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4a0bf7ff220, count: -24