uvm_fault(0xffffffff828abf90, 0xfffffd0000000010, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_cache_get+0x1b1: movq 0x10(%r14),%r13 ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic kernel page fault uvm_fault(0xffffffff828abf90, 0xfffffd0000000010, 0, 1) -> e pool_cache_get(ffffffff828d7d80) at pool_cache_get+0x1b1 pool_cache_item_magic_check sys/kern/subr_pool.c:1770 [inline] pool_cache_get(ffffffff828d7d80) at pool_cache_get+0x1b1 sys/kern/subr_pool.c:1884 end trace frame: 0xffff800020e63350, count: 0 ddb{1}> trace pool_cache_get(ffffffff828d7d80) at pool_cache_get+0x1b1 pool_cache_item_magic_check sys/kern/subr_pool.c:1770 [inline] pool_cache_get(ffffffff828d7d80) at pool_cache_get+0x1b1 sys/kern/subr_pool.c:1884 pool_get(ffffffff828d7d80,1) at pool_get+0x91 sys/kern/subr_pool.c:572 m_gethdr(1,1) at m_gethdr+0x4c sys/kern/uipc_mbuf.c:283 m_getuio(ffff800020e63458,0,4780,ffff800020e635d8) at m_getuio+0xe4 sys/kern/uipc_socket.c:587 sosend(fffffd806ead9c88,0,ffff800020e635d8,0,0,80) at sosend+0x54e sys/kern/uipc_socket.c:542 dofilewritev(ffff800020e41d50,4,ffff800020e635d8,0,ffff800020e636c0) at dofilewritev+0x1b6 sys/kern/sys_generic.c:365 sys_write(ffff800020e41d50,ffff800020e63670,ffff800020e636c0) at sys_write+0x83 sys/kern/sys_generic.c:285 syscall(ffff800020e63740) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800020e63740) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffdd850, count: -9 ddb{1}> show registers rdi 0 rsi 0x7 rbp 0xffff800020e63290 rbx 0xe1bee47336f16ecc rdx 0x4780 __ALIGN_SIZE+0x3780 rcx 0 rax 0 r8 0xffffffff814d7ae7 witness_assert+0x207 r9 0x5 r10 0xa r11 0xe67c4d9043611aba r12 0xffffffff828d7d80 mbpool r13 0 r14 0xfffffd0000000000 r15 0xfffffd807f008c80 rip 0xffffffff819f38c1 pool_cache_get+0x1b1 cs 0x8 rflags 0x10286 __ALIGN_SIZE+0xf286 rsp 0xffff800020e63230 ss 0x10 pool_cache_get+0x1b1: movq 0x10(%r14),%r13 ddb{1}> show proc PROC (sshd) pid=293713 stat=onproc flags process=12 proc=0 pri=24, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800020e404f0,0xffff800020e40290 process=0xffff800020e38ba0 user=0xffff800020e5e000, vmspace=0xfffffd806e8ff2e8 estcpu=0, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 91724 475846 47468 0 7 0x2 syz-executor.1 51231 302026 0 0 3 0x14280 nfsidl nfsio 60951 176404 0 0 3 0x14280 nfsidl nfsio 73920 240268 0 0 3 0x14280 nfsidl nfsio 68988 197604 0 0 3 0x14280 nfsidl nfsio 56395 24003 0 0 3 0x14280 nfsidl nfsio 88149 367057 0 0 3 0x14280 nfsidl nfsio 79158 478954 0 0 3 0x14280 nfsidl nfsio 46416 155766 0 0 3 0x14280 nfsidl nfsio 39241 400333 0 0 3 0x14280 nfsidl nfsio 33978 298197 0 0 3 0x14280 nfsidl nfsio 70705 38404 0 0 3 0x14280 nfsidl nfsio 41971 491511 0 0 3 0x14280 nfsidl nfsio 4595 400084 0 0 3 0x14280 nfsidl nfsio 49934 500038 0 0 3 0x14280 nfsidl nfsio 29498 368656 0 0 3 0x14280 nfsidl nfsio 88218 423659 0 0 3 0x14280 nfsidl nfsio 44674 517600 0 0 3 0x14280 nfsidl nfsio 90345 492996 0 0 3 0x14280 nfsidl nfsio 38511 34552 0 0 3 0x14280 nfsidl nfsio 25590 481128 0 0 3 0x14280 nfsidl nfsio 87217 177388 0 0 3 0x14200 bored sosplice 72978 493834 47468 0 3 0x82 nanosleep syz-executor.0 47468 299901 40225 0 3 0x82 thrsleep syz-fuzzer 47468 114576 40225 0 3 0x4000082 nanosleep syz-fuzzer 47468 144003 40225 0 3 0x4000082 thrsleep syz-fuzzer 47468 191032 40225 0 3 0x4000082 thrsleep syz-fuzzer 47468 136165 40225 0 3 0x4000082 nanosleep syz-fuzzer 47468 399583 40225 0 3 0x4000082 thrsleep syz-fuzzer 47468 101919 40225 0 3 0x4000082 thrsleep syz-fuzzer 47468 384270 40225 0 3 0x4000082 thrsleep syz-fuzzer 47468 502150 40225 0 3 0x4000082 kqread syz-fuzzer 47468 57 40225 0 3 0x4000082 thrsleep syz-fuzzer 40225 57346 45211 0 3 0x10008a pause ksh *45211 293713 83009 0 7 0x12 sshd 10745 43479 1 0 3 0x100083 ttyin getty 83009 241484 1 0 3 0x80 select sshd 64663 228044 76191 74 3 0x100092 bpf pflogd 76191 348565 1 0 3 0x80 netio pflogd 75488 389349 32988 73 3 0x100090 kqread syslogd 32988 503633 1 0 3 0x100082 netio syslogd 87090 181836 1 77 3 0x100090 poll dhclient 77583 32257 1 0 3 0x80 poll dhclient 18019 20513 0 0 3 0x14200 bored smr 37761 330179 0 0 2 0x14200 zerothread 14396 424720 0 0 3 0x14200 aiodoned aiodoned 42654 80851 0 0 3 0x14200 syncer update 40835 183634 0 0 3 0x14200 cleaner cleaner 35901 107958 0 0 3 0x14200 reaper reaper 2557 239376 0 0 3 0x14200 pgdaemon pagedaemon 83423 271938 0 0 3 0x14200 bored crynlk 94146 412171 0 0 3 0x14200 bored crypto 15123 259090 0 0 3 0x40014200 acpi0 acpi0 82501 262283 0 0 3 0x40014200 idle1 99701 510892 0 0 3 0x14200 bored softnet 38685 437635 0 0 3 0x14200 bored systqmp 55054 166949 0 0 3 0x14200 bored systq 19323 495874 0 0 3 0x40014200 bored softclock 21825 400982 0 0 3 0x40014200 idle0 1 481109 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 45211 (sshd) thread 0xffff800020e41d50 (293713) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff828c68b0) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 pageflttrap+0x7f sys/arch/amd64/amd64/trap.c:180 #2 kerntrap+0xec sys/arch/amd64/amd64/trap.c:302 #3 alltraps_kern_meltdown+0x7b #4 pool_cache_get+0x1b1 pool_cache_item_magic_check sys/kern/subr_pool.c:1770 [inline] #4 pool_cache_get+0x1b1 sys/kern/subr_pool.c:1884 #5 pool_get+0x91 sys/kern/subr_pool.c:572 #6 m_gethdr+0x4c sys/kern/uipc_mbuf.c:283 #7 m_getuio+0xe4 sys/kern/uipc_socket.c:587 #8 sosend+0x54e sys/kern/uipc_socket.c:542 #9 dofilewritev+0x1b6 sys/kern/sys_generic.c:365 #10 sys_write+0x83 sys/kern/sys_generic.c:285 #11 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] #11 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 #12 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9544 6427K 6807K 78643K 11272 0 pcb 13 8K 8K 78643K 93 0 rtable 124 16K 16K 78643K 397 0 ifaddr 92 17K 17K 78643K 153 0 counters 43 33K 34K 78643K 55 0 ioctlops 0 0K 4K 78643K 1511 0 iov 0 0K 16K 78643K 32 0 mount 1 1K 1K 78643K 1 0 vnodes 1218 77K 77K 78643K 1414 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 10 0 VM map 2 1K 1K 78643K 2 0 sem 12 1K 1K 78643K 106 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1824 197K 290K 78643K 13058 0 file desc 4 9K 25K 78643K 585 0 sigio 0 0K 0K 78643K 16 0 proc 61 63K 83K 78643K 538 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 54 0 in_multi 54 3K 3K 78643K 147 0 ether_multi 1 0K 0K 78643K 15 0 mrt 0 0K 0K 78643K 11 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 311 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 125 39K 40K 78643K 2732 0 UVM aobj 28 2K 3K 78643K 36 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 75 0 NDP 17 0K 0K 78643K 36 0 temp 118 3864K 3928K 78643K 5717 0 kqueue 3 4K 13K 78643K 48 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 2 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 43 0 41 1 0 1 1 0 8 0 rtentry 112 83 0 41 2 0 2 2 0 8 0 unpcb 120 231 0 221 1 0 1 1 0 8 0 syncache 264 12 0 12 3 2 1 1 0 8 1 tcpqe 32 1035 0 1035 2 2 0 2 0 8 0 tcpcb 544 224 0 220 2 1 1 2 0 8 0 inpcb 296 623 0 616 3 1 2 2 0 8 1 rttmr 72 4 0 4 2 1 1 1 0 8 1 nd6 48 22 0 17 1 0 1 1 0 8 0 pkpcb 40 4 0 4 2 2 0 1 0 8 0 ppxss 1128 2 0 2 2 2 0 1 0 8 0 pffrag 232 6 0 6 4 4 0 1 0 482 0 pffrnode 88 6 0 6 4 4 0 1 0 8 0 pffrent 40 104 0 104 4 4 0 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 11 0 3 1 0 1 1 0 8 0 pfstitem 24 44 0 16 1 0 1 1 0 8 0 pfstkey 112 44 0 16 2 0 2 2 0 8 0 pfstate 328 44 0 16 4 0 4 4 0 8 0 pfrule 1360 30 0 20 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 330 0 141 13 1 12 13 0 8 0 art_table 32 331 0 141 2 0 2 2 0 8 0 art_node 16 82 0 43 1 0 1 1 0 8 0 sysvmsgpl 40 23 0 11 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 104 0 94 1 0 1 1 0 8 0 shmpl 112 34 0 8 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2103 0 697 90 1 89 89 0 8 0 ffsino 272 2103 0 697 97 2 95 95 0 8 0 nchpl 144 3314 0 1718 60 0 60 60 0 8 0 uvmvnodes 72 2307 0 0 42 0 42 42 0 8 0 vnodes 208 2307 0 0 122 0 122 122 0 8 0 namei 1024 8899 0 8899 3 2 1 1 0 8 1 percpumem 16 38 0 6 1 0 1 1 0 8 0 vcpupl 1984 3 0 0 1 0 1 1 0 8 0 vmpool 560 8 0 5 1 0 1 1 0 8 0 pfiaddrpl 120 4 0 0 1 0 1 1 0 8 0 scxspl 192 8938 0 8938 8 7 1 7 0 8 1 plimitpl 152 45 0 37 1 0 1 1 0 8 0 sigapl 424 820 0 769 6 0 6 6 0 8 0 futexpl 56 7128 0 7128 2 1 1 1 0 8 1 knotepl 112 127 0 108 1 0 1 1 0 8 0 kqueuepl 144 688 0 685 1 0 1 1 0 8 0 pipepl 304 163 0 153 2 1 1 2 0 8 0 fdescpl 496 782 0 767 3 0 3 3 0 8 0 filepl 152 4869 0 4769 7 2 5 6 0 8 1 lockfpl 104 125 0 124 1 0 1 1 0 8 0 lockfspl 48 34 0 33 1 0 1 1 0 8 0 sessionpl 112 19 0 8 1 0 1 1 0 8 0 pgrppl 48 21 0 10 1 0 1 1 0 8 0 ucredpl 96 235 0 226 1 0 1 1 0 8 0 zombiepl 144 769 0 768 2 1 1 1 0 8 0 processpl 984 820 0 768 8 1 7 7 0 8 0 procpl 624 1931 0 1870 6 0 6 6 0 8 1 sosppl 128 10 0 10 3 2 1 1 0 8 1 sockpl 400 901 0 882 7 4 3 5 0 8 1 mcl64k 65536 8 0 0 1 0 1 1 0 8 0 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 3 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 8 0 0 1 0 1 1 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 308 0 0 38 0 38 38 0 8 0 mtagpl 96 42 0 0 2 0 2 2 0 8 0 mbufpl 256 340 0 0 21 0 21 21 0 8 0 bufpl 280 4120 0 132 285 0 285 285 0 8 0 anonpl 16 80848 0 67995 94 19 75 84 0 124 3 amapchunkpl 152 4045 0 3903 9 0 9 9 0 158 0 amappl16 192 3265 0 2330 65 15 50 57 0 8 2 amappl15 184 10 0 8 1 0 1 1 0 8 0 amappl14 176 117 0 112 1 0 1 1 0 8 0 amappl13 168 294 0 290 1 0 1 1 0 8 0 amappl12 160 248 0 244 2 1 1 1 0 8 0 amappl11 152 62 0 47 1 0 1 1 0 8 0 amappl10 144 20 0 14 1 0 1 1 0 8 0 amappl9 136 508 0 506 1 0 1 1 0 8 0 amappl8 128 657 0 624 2 0 2 2 0 8 0 amappl7 120 122 0 110 1 0 1 1 0 8 0 amappl6 112 25 0 21 1 0 1 1 0 8 0 amappl5 104 716 0 699 1 0 1 1 0 8 0 amappl4 96 769 0 739 1 0 1 1 0 8 0 amappl3 88 349 0 344 1 0 1 1 0 8 0 amappl2 80 4964 0 4901 2 0 2 2 0 8 0 amappl1 72 26161 0 25736 23 13 10 18 0 8 0 amappl 80 2182 0 2137 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 35 0 8 1 0 1 1 0 8 0 uaddrrnd 24 790 0 772 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 790 0 772 1 0 1 1 0 8 0 vmmpekpl 168 9573 0 9535 2 0 2 2 0 8 0 vmmpepl 168 101178 0 99191 160 33 127 127 0 357 30 vmsppl 368 789 0 772 2 0 2 2 0 8 0 pdppl 4096 1587 0 1547 7 1 6 6 0 8 0 pvpl 32 254587 0 239076 210 28 182 198 0 265 17 pmappl 232 789 0 772 4 2 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 298 0 15 9 0 9 9 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff82766ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff828c66a8) at __mp_lock+0x125 __mp_lock_spin sys/kern/kern_lock.c:117 [inline] __mp_lock(ffffffff828c66a8) at __mp_lock+0x125 sys/kern/kern_lock.c:147 softintr_dispatch(0) at softintr_dispatch+0x4e sys/arch/amd64/amd64/softintr.c:89 Xsoftclock() at Xsoftclock+0x1f __sanitizer_cov_trace_cmp4(ac810,ac811) at __sanitizer_cov_trace_cmp4+0x5d kd_curproc sys/dev/kcov.c:416 [inline] __sanitizer_cov_trace_cmp4(ac810,ac811) at __sanitizer_cov_trace_cmp4+0x5d trace_cmp sys/dev/kcov.c:104 [inline] __sanitizer_cov_trace_cmp4(ac810,ac811) at __sanitizer_cov_trace_cmp4+0x5d sys/dev/kcov.c:135 __mp_lock(ffffffff828c66a8) at __mp_lock+0x139 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff828c66a8) at __mp_lock+0x139 sys/kern/kern_lock.c:147 pageflttrap(ffff8000230f3110,0) at pageflttrap+0x7f sys/arch/amd64/amd64/trap.c:180 kerntrap(ffff8000230f3110) at kerntrap+0xec sys/arch/amd64/amd64/trap.c:302 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b copyout() at copyout+0x53 pipe_read(fffffd806662bc00,ffff8000230f3368,0) at pipe_read+0x175 sys/kern/sys_pipe.c:399 dofilereadv(ffff800020e089d8,f9,ffff8000230f3368,0,ffff8000230f3450) at dofilereadv+0x1a1 sys/kern/sys_generic.c:237 sys_read(ffff800020e089d8,ffff8000230f3400,ffff8000230f3450) at sys_read+0x83 sys/kern/sys_generic.c:157 syscall(ffff8000230f34d0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000230f34d0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffde750, count: -17 ddb{0}> machine ddbcpu 1 Stopped at pool_cache_get+0x1b1: movq 0x10(%r14),%r13 ddb{1}> trace pool_cache_get(ffffffff828d7d80) at pool_cache_get+0x1b1 pool_cache_item_magic_check sys/kern/subr_pool.c:1770 [inline] pool_cache_get(ffffffff828d7d80) at pool_cache_get+0x1b1 sys/kern/subr_pool.c:1884 pool_get(ffffffff828d7d80,1) at pool_get+0x91 sys/kern/subr_pool.c:572 m_gethdr(1,1) at m_gethdr+0x4c sys/kern/uipc_mbuf.c:283 m_getuio(ffff800020e63458,0,4780,ffff800020e635d8) at m_getuio+0xe4 sys/kern/uipc_socket.c:587 sosend(fffffd806ead9c88,0,ffff800020e635d8,0,0,80) at sosend+0x54e sys/kern/uipc_socket.c:542 dofilewritev(ffff800020e41d50,4,ffff800020e635d8,0,ffff800020e636c0) at dofilewritev+0x1b6 sys/kern/sys_generic.c:365 sys_write(ffff800020e41d50,ffff800020e63670,ffff800020e636c0) at sys_write+0x83 sys/kern/sys_generic.c:285 syscall(ffff800020e63740) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800020e63740) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffdd850, count: -9