uvm_fault(0xfffff5806c6b8d70, 0x98, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff82a203e8 cs 8 rflags 10246 cr2 98 cpl 0 rsp ffff80003c3bacf0 gsbase 0xffff80002999dff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff82a203e8 Starting stack trace... panic(ffffffff834ef6bf) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80003c3bac40) at kerntrap+0x30b alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dovutimens(ffff800032f96a90,fffff5806aa957b8,ffff80003c3bae20) at dovutimens+0x368 sys/kern/vfs_syscalls.c:2690 sys_futimes(ffff800032f96a90,ffff80003c3baf70,ffff80003c3baec0) at sys_futimes+0x208 sys/kern/vfs_syscalls.c:2732 syscall(ffff80003c3baf70) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c3baf70) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x18e6efe5830, count: 250 End of stack trace. WARNING: SPL NOT LOWERED ON SYSCALL 91 666072664 EXIT 0 4 Stopped at savectx+0xae: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND 365330 30300 0 0 0 0 syz-executor *330174 58485 0 0x4000000 0 1 syz-executor savectx() at savectx+0xae end of kernel end trace frame: 0x78c727b37640, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffff5806c6b8d70, 0x98, 0, 1) -> e ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x78c727b37640, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80003aba3500 rbx 0 rdx 0 rcx 0xffff80003c453a28 rax 0x3a r8 0xffff80003aba3430 r9 0x1 r10 0x5c14109f3a7d3be7 r11 0x95be6ba8ec490e0a r12 0 r13 0 r14 0xffff80003c453a28 r15 0 rip 0xffffffff8167a3ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80003aba3480 ss 0x10 savectx+0xae: movl $0,%gs:0x688 ddb{1}> show proc PROC (syz-executor) tid=330174 pid=58485 tcnt=4 stat=onproc flags process=4000000 proc=0 runpri=86, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c453cc0,0xffff80003c452aa8 process=0xffff80003178f9e0 user=0xffff80003ab9e000, vmspace=0xfffff5806c3347c0 estcpu=36, cpticks=9, pctcpu=0.0, user=8, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 58658 30398 95510 0 2 0 syz-executor 30300 365330 1120 0 7 0 syz-executor 30300 178712 1120 0 3 0x4000000 sbar syz-executor 11148 386382 32620 0 2 0 syz-executor 11148 448534 32620 0 2 0x4000000 syz-executor *58485 330174 61213 0 7 0x4000000 syz-executor 58485 444976 61213 0 3 0x4000080 semwait syz-executor 58485 143678 61213 0 3 0x4000080 fsleep syz-executor 58485 169862 61213 0 3 0x4000080 fsleep syz-executor 5002 161669 18609 0 3 0x80 nanoslp syz-executor 5002 286828 18609 0 3 0x4000080 kqread syz-executor 5002 183199 18609 0 3 0x4000080 fsleep syz-executor 34837 166577 924 0 3 0x80 nanoslp syz-executor 34837 365761 924 0 3 0x4000080 ttyin syz-executor 95510 271817 65691 0 3 0x82 nanoslp syz-executor 44984 382745 0 0 3 0x14200 acct acct 67506 422553 0 0 3 0x14280 nfsidl nfsio 85752 489500 0 0 3 0x14280 nfsidl nfsio 1384 262847 0 0 3 0x14280 nfsidl nfsio 4052 340670 0 0 3 0x14280 nfsidl nfsio 36301 209213 0 0 3 0x14280 nfsidl nfsio 6409 516415 0 0 3 0x14280 nfsidl nfsio 18309 189273 0 0 3 0x14280 nfsidl nfsio 84110 67376 0 0 3 0x14280 nfsidl nfsio 98715 344682 0 0 3 0x14280 nfsidl nfsio 77357 129571 0 0 3 0x14280 nfsidl nfsio 66074 223390 0 0 3 0x14280 nfsidl nfsio 10690 493280 0 0 3 0x14280 nfsidl nfsio 79772 354471 0 0 3 0x14280 nfsidl nfsio 49754 517523 0 0 3 0x14280 nfsidl nfsio 22179 521888 0 0 3 0x14280 nfsidl nfsio 91755 7711 0 0 3 0x14280 nfsidl nfsio 82044 240525 0 0 3 0x14280 nfsidl nfsio 65481 307543 0 0 3 0x14280 nfsidl nfsio 58496 181152 0 0 3 0x14280 nfsidl nfsio 30215 104946 0 0 3 0x14280 nfsidl nfsio 89123 19152 47453 0 3 0x100082 sbwait arp 47453 460596 83047 0 3 0x10008a sigsusp sh 61213 35315 65691 0 3 0x82 nanoslp syz-executor 83047 153275 65691 0 3 0x82 wait syz-executor 924 210687 65691 0 3 0x82 nanoslp syz-executor 91438 486416 65691 0 3 0x82 nanoslp syz-executor 1120 188614 65691 0 3 0x82 nanoslp syz-executor 32620 309836 65691 0 3 0x82 nanoslp syz-executor 18609 304523 65691 0 3 0x82 nanoslp syz-executor 65691 399999 95926 0 3 0x82 kqread syz-executor 95926 10825 70583 0 3 0x10008a sigsusp ksh 70583 115436 69811 0 3 0x98 kqread sshd-session 69811 312069 66039 0 3 0x92 kqread sshd-session 18007 421703 1 0 3 0x100083 ttyin getty 66039 489716 1 0 3 0x88 kqread sshd 75468 457005 71205 74 3 0x1100092 bpf pflogd 71205 396588 1 0 3 0x80 sbwait pflogd 51148 300891 98940 73 3 0x1100090 kqread syslogd 98940 187008 1 0 3 0x100082 sbwait syslogd 63516 28534 1 0 3 0x100080 kqread resolvd 21654 481662 2265 77 3 0x100092 kqread dhcpleased 25782 310839 2265 77 3 0x100092 kqread dhcpleased 2265 241673 1 0 3 0x80 kqread dhcpleased 31909 469374 0 0 3 0x14200 bored smr 24490 210925 0 0 3 0x14200 pgzero zerothread 12544 323738 0 0 3 0x14200 aiodoned aiodoned 24433 369424 0 0 3 0x14200 syncer update 23937 201891 0 0 3 0x14200 cleaner cleaner 91965 482437 0 0 3 0x14200 reaper reaper 8438 360444 0 0 3 0x14200 pgdaemon pagedaemon 45447 60038 0 0 3 0x14200 bored viomb 13092 348811 0 0 3 0x40014200 acpi0 acpi0 76371 340003 0 0 3 0x40014200 idle1 57404 233204 0 0 3 0x14200 bored softnet1 91059 308618 0 0 3 0x14200 netlock softnet0 11588 143324 0 0 2 0x40014200 systqmp 34721 79623 0 0 3 0x14200 bored systq 40901 364759 0 0 3 0x14200 tmoslp softclockmp 78812 350263 0 0 3 0x40014200 tmoslp softclock 25766 43565 0 0 3 0x40014200 idle0 1 446692 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 30300 (syz-executor) thread 0xffff800032f96a90 (178712) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83b15540) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline] #1 syscall+0xaf4 sys/arch/amd64/amd64/trap.c:783 #2 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11076 12413K 12548K 166960K 12614 0 pcb 19 14K 16K 166960K 138 0 rtable 221 9K 10K 166960K 417 0 pf 33 17K 24K 166960K 100 0 ifaddr 37 6K 7K 166960K 55 0 ifgroup 51 2K 2K 166960K 74 0 sysctl 1 1K 9K 166960K 5 0 counters 68 36K 37K 166960K 96 0 ioctlops 0 0K 4K 166960K 1516 0 iov 0 0K 16K 166960K 13 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1288 81K 82K 166960K 1549 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 9K 166960K 5 0 VM map 2 1K 1K 166960K 2 0 sem 11 0K 0K 166960K 81 0 dirhash 12 2K 2K 166960K 15 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 19 69K 93K 166960K 368 0 sigio 0 0K 0K 166960K 7 0 proc 75 131K 147K 166960K 589 0 subproc 72 4K 4K 166960K 81 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 1 0K 0K 166960K 95 0 in_multi 80 5K 6K 166960K 110 0 ether_multi 1 0K 0K 166960K 3 0 mrt 1 0K 0K 166960K 5 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 73 334K 334K 166960K 73 0 exec 0 0K 1K 166960K 472 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 240 161K 180K 166960K 5136 0 UVM aobj 4 2K 2K 166960K 4 0 pinsyscall 45 90K 104K 166960K 1551 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 8 0 NDP 11 0K 1K 166960K 35 0 temp 42 9111K 9174K 166960K 13302 0 kqueue 14 22K 26K 166960K 57 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 44 0 40 1 0 1 1 0 8 0 rtentry 176 117 0 25 5 0 5 5 0 8 0 unpcb 144 296 0 277 2 0 2 2 0 8 1 syncache 336 6 0 6 1 0 1 1 0 8 1 tcpcb 736 53 0 49 1 0 1 1 0 8 0 arp 136 19 0 4 1 0 1 1 0 8 0 inpcb 328 367 0 356 7 0 7 7 0 8 6 nd6 152 25 0 6 1 0 1 1 0 8 0 kcovpl 48 9 0 1 1 0 1 1 0 8 0 ppxss 1192 11 0 11 1 0 1 1 0 8 1 pfstscr 40 2 0 2 1 0 1 1 0 8 1 pffrag 232 4 0 0 1 0 1 1 0 482 0 pffrnode 88 4 0 0 1 0 1 1 0 8 0 pffrent 40 5 0 1 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 7 0 6 1 0 1 1 0 8 0 pfanchor 1288 4 0 1 1 0 1 1 0 8 0 pftag 88 3 0 1 1 0 1 1 0 8 0 pfstitem 24 36 0 0 1 0 1 1 0 8 0 pfstkey 128 37 0 1 2 0 2 2 0 8 0 pfstate 448 37 0 1 5 0 5 5 0 8 1 pfrule 1360 27 0 21 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 467 0 88 27 0 27 27 0 8 1 art_table 40 468 0 88 5 0 5 5 0 8 0 art_node 32 115 0 31 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 3 1 0 1 1 0 8 0 semupl 112 2 0 2 1 0 1 1 0 8 1 semapl 72 78 0 70 1 0 1 1 0 8 0 shmpl 112 1 0 0 1 0 1 1 0 8 0 dirhash 1024 19 0 2 3 0 3 3 0 8 0 dino2pl 256 1977 0 513 93 0 93 93 0 8 0 ffsino 296 1977 0 513 114 0 114 114 0 8 0 nchpl 144 2467 0 765 64 0 64 64 0 8 0 rtmask 32 5 0 5 1 0 1 1 0 8 1 vnodes 216 2182 0 0 122 0 122 122 0 8 0 namei 1024 7870 0 7870 1 0 1 1 0 8 1 percpumem 16 63 0 14 1 0 1 1 0 8 0 pfiaddrpl 120 2 0 2 1 0 1 1 0 8 1 kstatmem 264 41 0 16 2 0 2 2 0 8 0 scsiplug 72 2 0 2 1 0 1 1 0 8 1 scxspl 216 9802 0 9802 5 2 3 3 1 8 3 plimitpl 152 59 0 41 1 0 1 1 0 8 0 sigapl 424 706 0 636 9 0 9 9 0 8 1 knotepl 120 316 0 0 10 0 10 10 0 8 0 kqueuepl 224 72 0 61 1 0 1 1 0 8 0 pipepl 344 142 0 115 3 0 3 3 0 8 0 fdescpl 528 669 0 636 3 0 3 3 0 8 0 filepl 160 3131 0 2911 13 0 13 13 0 8 3 lockfpl 104 148 0 144 1 0 1 1 0 8 0 lockfspl 48 71 0 67 1 0 1 1 0 8 0 sessionpl 144 32 0 23 1 0 1 1 0 8 0 pgrppl 48 41 0 24 1 0 1 1 0 8 0 ucredpl 104 382 0 368 1 0 1 1 0 8 0 zombiepl 144 637 0 636 1 0 1 1 0 8 0 processpl 1232 706 0 636 6 0 6 6 0 8 0 procpl 664 1074 0 996 8 0 8 8 0 8 0 sockpl 752 709 0 675 10 0 10 10 0 8 6 mcl64k 65536 3 0 0 1 0 1 1 0 8 0 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 127 0 0 16 0 16 16 0 8 0 mcl2k 2048 23 0 0 3 0 3 3 0 8 0 mtagpl 96 5 0 0 1 0 1 1 0 8 0 mbufpl 256 197 0 0 13 0 13 13 0 8 0 bufpl 280 3453 0 111 239 0 239 239 0 8 0 anonpl 32 5675 0 0 46 0 46 46 0 246 0 amapchunkpl 152 15094 0 14624 28 0 28 28 0 158 7 amappl16 200 1556 0 1527 8 0 8 8 0 8 4 amappl15 192 4 0 4 1 1 0 1 0 8 0 amappl14 184 437 0 435 1 0 1 1 0 8 0 amappl13 176 188 0 175 1 0 1 1 0 8 0 amappl12 168 918 0 887 2 0 2 2 0 8 0 amappl11 160 8 0 8 1 1 0 1 0 8 0 amappl10 152 63 0 49 1 0 1 1 0 8 0 amappl9 144 278 0 277 2 1 1 1 0 8 0 amappl8 136 101 0 98 1 0 1 1 0 8 0 amappl7 128 169 0 155 1 0 1 1 0 8 0 amappl6 120 163 0 159 1 0 1 1 0 8 0 amappl5 112 102 0 92 1 0 1 1 0 8 0 amappl4 104 293 0 273 1 0 1 1 0 8 0 amappl3 96 3029 0 2917 4 0 4 4 0 8 0 amappl2 88 565 0 502 2 0 2 2 0 8 0 amappl1 80 11809 0 11184 18 1 17 17 0 8 3 amappl 88 4355 0 4193 5 0 5 5 0 92 0 uvmvnodes 80 112 0 0 3 0 3 3 0 8 0 dma32768 32768 1 0 1 1 0 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 256 0 256 2 1 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 3 0 0 1 0 1 1 0 8 0 uaddrrnd 24 669 0 636 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 669 0 636 1 0 1 1 0 8 0 vmmpekpl 168 7484 0 7442 3 0 3 3 0 8 0 vmmpepl 168 51236 0 49250 98 0 98 98 0 357 7 vmsppl 488 668 0 636 5 0 5 5 0 8 0 rwobjpl 80 17064 0 15988 27 0 27 27 0 8 2 pdppl 4096 1345 0 1272 99 24 75 85 0 8 2 pvpl 32 13477 0 0 110 1 109 109 0 265 0 pmappl 256 668 0 636 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 275 0 27 8 0 8 8 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff838f1ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83b14d40) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline] __mp_lock(ffffffff83b14d40) at __mp_lock+0x192 sys/kern/kern_lock.c:173 softintr_dispatch(2) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(2) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862 Xsofttty() at Xsofttty+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf kd_curproc sys/dev/kcov.c:580 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf sys/dev/kcov.c:153 softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862 Xsoftclock() at Xsoftclock+0x27 end of kernel end trace frame: 0x7a2406643010, count: 4 ddb{0}> trace x86_ipi_db(ffffffff838f1ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83b14d40) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline] __mp_lock(ffffffff83b14d40) at __mp_lock+0x192 sys/kern/kern_lock.c:173 softintr_dispatch(2) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(2) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862 Xsofttty() at Xsofttty+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf kd_curproc sys/dev/kcov.c:580 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf sys/dev/kcov.c:153 softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83 dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862 Xsoftclock() at Xsoftclock+0x27 end of kernel end trace frame: 0x7a2406643010, count: -11 ddb{0}> machine ddbcpu 1 Stopped at savectx+0xae: movl $0,%gs:0x688 savectx() at savectx+0xae end of kernel end trace frame: 0x78c727b37640, count: 14 ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x78c727b37640, count: -1