login: uvm_fault(0xfffff1006bdf75d0, 0x98, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip ffffffff82a203e8 cs 8 rflags 10246 cr2 98 cpl 0 rsp ffff80002a24e950 gsbase 0xffff80002999dff0 kgsbase 0x0 panic: trap type 6, code=0, pc=ffffffff82a203e8 Starting stack trace... panic(ffffffff834ef6bf) at panic+0x1d0 sys/kern/subr_prf.c:229 kerntrap(ffff80002a24e8a0) at kerntrap+0x30b alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dovutimens(ffff8000fffe9778,fffff1005f47f8a8,ffff80002a24ea60) at dovutimens+0x368 sys/kern/vfs_syscalls.c:2690 sys_futimens(ffff8000fffe9778,ffff80002a24ebb0,ffff80002a24eb00) at sys_futimens+0xb3 sys/kern/vfs_syscalls.c:2766 syscall(ffff80002a24ebb0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a24ebb0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8bbd2b53050, count: 250 End of stack trace. WARNING: SPL NOT LOWERED ON SYSCALL 83 1057356240 EXIT 0 4 Stopped at savectx+0xae: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND *109780 48931 0 0 0 1 syz-executor 221445 87575 0 0x2 0 0 syz-executor savectx() at savectx+0xae end of kernel end trace frame: 0x7b10dd9809a0, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffff1006bdf75d0, 0x98, 0, 1) -> e ddb{1}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7b10dd9809a0, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80002a284280 rbx 0 rdx 0 rcx 0xffff8000fffdd258 rax 0x3b r8 0xffff80002a2841b0 r9 0x1 r10 0xce3c9063468b0219 r11 0x5d944e711d3be37d r12 0 r13 0 r14 0xffff8000fffdd258 r15 0 rip 0xffffffff8167a3ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80002a284200 ss 0x10 savectx+0xae: movl $0,%gs:0x688 ddb{1}> show proc PROC (syz-executor) tid=109780 pid=48931 tcnt=3 stat=onproc flags process=0 proc=0 runpri=86, usrpri=86, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000fffdc7f8,0xffff8000fffdda30 process=0xffff8000fffe5360 user=0xffff80002a27f000, vmspace=0xfffff1006bdf73e8 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 61750 193197 96951 0 2 0 syz-executor 61750 466868 96951 0 3 0x4000080 fsleep syz-executor 6855 206981 62411 0 2 0 syz-executor 6855 450047 62411 0 3 0x4000080 fsleep syz-executor 6855 402527 62411 0 3 0x4000080 fsleep syz-executor *48931 109780 73810 0 7 0 syz-executor 48931 33647 73810 0 3 0x4000080 fsleep syz-executor 48931 457345 73810 0 3 0x4000080 fsleep syz-executor 54073 431145 58032 0 2 0 syz-executor 54073 393300 58032 0 3 0x4000000 smrbar syz-executor 54073 284140 58032 0 3 0x4000000 sbar syz-executor 11095 126111 45862 0 2 0 syz-executor 11095 215175 45862 0 3 0x4000080 ttyout syz-executor 36492 431149 87575 0 2 0xc80 syz-executor 36492 34367 87575 0 3 0x4000080 sbwait syz-executor 36492 143316 87575 0 3 0x4000080 fsleep syz-executor 58032 325482 71663 0 2 0xc82 syz-executor 32601 89206 0 0 3 0x14280 nfsidl nfsio 48306 417080 0 0 3 0x14280 nfsidl nfsio 1808 336395 0 0 3 0x14280 nfsidl nfsio 8923 239662 0 0 3 0x14280 nfsidl nfsio 33371 453000 0 0 3 0x14280 nfsidl nfsio 64733 65365 0 0 3 0x14280 nfsidl nfsio 15073 409472 0 0 3 0x14280 nfsidl nfsio 81315 85121 0 0 3 0x14280 nfsidl nfsio 60342 344487 0 0 3 0x14280 nfsidl nfsio 38523 206251 0 0 3 0x14280 nfsidl nfsio 73851 130453 0 0 3 0x14280 nfsidl nfsio 83311 134721 0 0 3 0x14280 nfsidl nfsio 81877 429040 0 0 3 0x14280 nfsidl nfsio 63726 472965 0 0 3 0x14280 nfsidl nfsio 96627 129058 0 0 3 0x14280 nfsidl nfsio 29187 363019 0 0 3 0x14280 nfsidl nfsio 49107 499929 0 0 3 0x14280 nfsidl nfsio 7667 208518 0 0 3 0x14280 nfsidl nfsio 26502 508419 0 0 3 0x14280 nfsidl nfsio 64514 321463 0 0 3 0x14280 nfsidl nfsio 20260 258743 1 0 2 0x100083 getty 45862 490178 71663 0 2 0xc82 syz-executor 65070 503600 71663 0 2 0x2 syz-executor 87575 221445 71663 0 7 0x2 syz-executor 96951 317215 71663 0 2 0xc82 syz-executor 63191 303348 71663 0 2 0xc82 syz-executor 73810 349416 71663 0 2 0xc82 syz-executor 62411 218901 71663 0 2 0xc82 syz-executor 71663 444059 1 0 3 0x82 kqread syz-executor 20251 134229 65213 74 3 0x1100092 bpf pflogd 65213 346723 1 0 3 0x80 sbwait pflogd 45881 484233 0 0 2 0x40014200 smr 5488 404079 0 0 2 0x14200 zerothread 683 59275 0 0 3 0x14200 aiodoned aiodoned 58676 250095 0 0 3 0x14200 syncer update 19317 287278 0 0 3 0x14200 cleaner cleaner 56289 72162 0 0 3 0x14200 reaper reaper 22621 39426 0 0 3 0x14200 pgdaemon pagedaemon 42157 122316 0 0 3 0x14200 bored viomb 51373 176610 0 0 3 0x40014200 acpi0 acpi0 70501 240329 0 0 3 0x40014200 idle1 47122 8744 0 0 3 0x14200 bored softnet1 27993 249682 0 0 3 0x14200 netlock softnet0 62459 249428 0 0 3 0x14200 smrbar systqmp 16773 342770 0 0 3 0x14200 bored systq 8121 478408 0 0 3 0x14200 tmoslp softclockmp 58764 320278 0 0 3 0x40014200 tmoslp softclock 402 87121 0 0 3 0x40014200 idle0 1 480561 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 6855 (syz-executor) thread 0xffff8000fffdda20 (206981) exclusive rwlock uobjlk r = 0 (0xfffff1006c83bdd8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 uvm_fault+0x1e5 sys/uvm/uvm_fault.c:649 #3 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192 #4 usertrap+0x430 sys/arch/amd64/amd64/trap.c:640 #5 recall_trap+0x8 shared rwlock vmmaplk r = 0 (0xfffff1006bdf78b8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_read+0x3e8 sys/kern/kern_rwlock.c:413 #2 uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1880 #3 uvm_fault_check+0x4f sys/uvm/uvm_fault.c:693 #4 uvm_fault+0x106 sys/uvm/uvm_fault.c:627 #5 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192 #6 usertrap+0x430 sys/arch/amd64/amd64/trap.c:640 #7 recall_trap+0x8 Process 54073 (syz-executor) thread 0xffff8000fffe9778 (284140) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83b15540) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline] #1 syscall+0xaf4 sys/arch/amd64/amd64/trap.c:783 #2 Xsyscall+0x128 Process 65070 (syz-executor) thread 0xffff80002a220d10 (503600) exclusive rrwlock inode r = 0 (0xfffff10077ca66a0) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 ufs_ihashins+0x4f ufs_ihash sys/ufs/ufs/ufs_ihash.c:-1 [inline] #4 ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:159 #5 ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1232 #6 ffs_inode_alloc+0x279 sys/ufs/ffs/ffs_alloc.c:393 #7 ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112 #8 VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394 #9 domkdirat+0x179 sys/kern/vfs_syscalls.c:3062 #10 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #10 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffff1006cb917a8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:576 #5 vfs_lookup+0x12b sys/kern/vfs_lookup.c:431 #6 namei+0x7c5 sys/kern/vfs_lookup.c:250 #7 domkdirat+0x8b sys/kern/vfs_syscalls.c:3047 #8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 #9 Xsyscall+0x128 Process 62459 (systqmp) thread 0xffff8000ffffea60 (249428) shared rwlock systqmp r = 0 (0xffffffff83981638) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 taskq_thread+0x12a sys/kern/kern_task.c:442 #2 proc_trampoline+0x10 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11127 12149K 12609K 166960K 12642 0 pcb 18 12K 12K 166960K 79 0 rtable 259 10K 11K 166960K 444 0 pf 38 18K 82K 166960K 93 0 ifaddr 44 7K 8K 166960K 65 0 ifgroup 57 2K 2K 166960K 91 0 sysctl 3 1K 9K 166960K 8 0 counters 72 37K 37K 166960K 108 0 ioctlops 0 0K 4K 166960K 1600 0 iov 0 0K 16K 166960K 23 0 mount 1 1K 1K 166960K 1 0 log 5 0K 0K 166960K 9 0 vnodes 1298 82K 82K 166960K 1564 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 10 0 VM map 2 1K 1K 166960K 2 0 sem 11 0K 0K 166960K 20 0 dirhash 12 2K 2K 166960K 18 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 61K 93K 166960K 396 0 sigio 0 0K 0K 166960K 3 0 proc 32 50K 180K 166960K 614 0 subproc 72 4K 4K 166960K 81 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 36 0 in_multi 99 7K 7K 166960K 119 0 ether_multi 1 0K 0K 166960K 1 0 mrt 0 0K 0K 166960K 9 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 85 387K 387K 166960K 85 0 exec 0 0K 1K 166960K 427 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 162 99K 184K 166960K 5533 0 UVM aobj 16 2K 4K 166960K 18 0 pinsyscall 23 46K 104K 166960K 1622 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 9 0 NDP 13 0K 2K 166960K 41 0 temp 44 9115K 9187K 166960K 16841 0 kqueue 1 2K 32K 166960K 68 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 181 0 181 4 3 1 3 0 8 1 rtentry 176 130 0 18 6 0 6 6 0 8 0 unpcb 144 319 0 315 4 3 1 4 0 8 0 syncache 336 6 0 6 2 2 0 1 0 8 0 tcpcb 736 63 0 62 1 0 1 1 0 8 0 arp 136 20 0 2 1 0 1 1 0 8 0 inpcb 328 268 0 264 3 1 2 2 0 8 1 nd6 152 29 0 4 1 0 1 1 0 8 0 kcovpl 48 9 0 1 1 0 1 1 0 8 0 mppekey 1024 2 0 2 2 1 1 1 0 8 1 ppxss 1192 14 0 13 2 1 1 1 0 8 0 pppxif 1576 4 0 4 2 1 1 1 0 8 1 pfstscr 40 4 0 2 1 0 1 1 0 8 0 pffrag 232 4 0 2 1 0 1 1 0 482 0 pffrnode 88 4 0 2 1 0 1 1 0 8 0 pffrent 40 8 0 6 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 3 0 3 1 1 0 1 0 8 0 pfsrclim 320 1 0 1 1 1 0 1 0 8 0 pfanchor 1288 2 0 2 1 1 0 1 0 8 0 pftag 88 2 0 2 1 1 0 1 0 8 0 pfstitem 24 46 0 1 1 0 1 1 0 8 0 pfstkey 128 47 0 2 2 0 2 2 0 8 0 pfstate 448 46 0 2 5 0 5 5 0 8 0 pfrule 1360 88 0 81 2 0 2 2 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 565 0 82 31 0 31 31 0 8 0 art_table 40 567 0 82 5 0 5 5 0 8 0 art_node 32 130 0 27 1 0 1 1 0 8 0 sysvmsgpl 40 1 0 0 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 72 15 0 6 1 0 1 1 0 8 0 shmpl 112 15 0 2 1 0 1 1 0 8 0 dirhash 1024 21 0 4 3 0 3 3 0 8 0 dino2pl 256 2013 0 546 93 0 93 93 0 8 0 ffsino 296 2013 0 546 114 0 114 114 0 8 0 nchpl 144 2568 0 861 64 0 64 64 0 8 0 rtmask 32 4 0 4 1 1 0 1 0 8 0 vnodes 216 2238 0 0 125 0 125 125 0 8 0 namei 1024 8155 0 8154 2 1 1 1 0 8 0 percpumem 16 69 0 18 1 0 1 1 0 8 0 pfiaddrpl 120 1 0 1 1 1 0 1 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 kstatmem 264 49 0 20 3 1 2 3 0 8 0 scsiplug 72 3 0 3 2 1 1 1 0 8 1 scxspl 216 8601 0 8601 4 3 1 3 1 8 1 plimitpl 152 64 0 52 1 0 1 1 0 8 0 sigapl 424 744 0 687 7 0 7 7 0 8 0 knotepl 120 720 0 0 22 0 22 22 0 8 0 kqueuepl 224 170 0 168 5 4 1 5 0 8 0 pipepl 344 152 0 124 3 0 3 3 0 8 0 fdescpl 528 708 0 687 3 0 3 3 0 8 0 filepl 160 3359 0 3184 15 6 9 15 0 8 0 lockfpl 104 188 0 187 1 0 1 1 0 8 0 lockfspl 48 86 0 85 1 0 1 1 0 8 0 sessionpl 144 40 0 36 1 0 1 1 0 8 0 pgrppl 48 51 0 39 1 0 1 1 0 8 0 ucredpl 104 387 0 382 1 0 1 1 0 8 0 zombiepl 144 688 0 687 1 0 1 1 0 8 0 processpl 1232 744 0 687 5 0 5 5 0 8 0 procpl 664 1174 0 1107 7 0 7 7 0 8 0 sosppl 176 2 0 2 1 1 0 1 0 8 0 sockpl 752 777 0 769 17 14 3 16 0 8 0 mcl64k 65536 5 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 116 0 0 15 0 15 15 0 8 0 mcl2k 2048 18 0 0 3 0 3 3 0 8 0 mtagpl 96 4 0 0 1 0 1 1 0 8 0 mbufpl 256 147 0 0 10 0 10 10 0 8 0 bufpl 280 4010 0 105 279 0 279 279 0 8 0 anonpl 32 6248 0 0 51 0 51 51 0 246 0 amapchunkpl 152 16829 0 16403 27 9 18 25 0 158 0 amappl16 200 2510 0 2242 30 15 15 15 0 8 0 amappl15 192 7 0 7 2 2 0 1 0 8 0 amappl14 184 455 0 455 1 1 0 1 0 8 0 amappl13 176 128 0 125 1 0 1 1 0 8 0 amappl12 168 971 0 951 2 0 2 2 0 8 0 amappl11 160 17 0 17 2 2 0 1 0 8 0 amappl10 152 78 0 74 1 0 1 1 0 8 0 amappl9 144 273 0 273 1 1 0 1 0 8 0 amappl8 136 105 0 104 1 0 1 1 0 8 0 amappl7 128 164 0 159 1 0 1 1 0 8 0 amappl6 120 171 0 170 1 0 1 1 0 8 0 amappl5 112 110 0 106 1 0 1 1 0 8 0 amappl4 104 312 0 307 1 0 1 1 0 8 0 amappl3 96 3229 0 3133 4 0 4 4 0 8 0 amappl2 88 570 0 554 2 0 2 2 0 8 0 amappl1 80 11739 0 11569 14 7 7 14 0 8 0 amappl 88 4707 0 4570 4 0 4 4 0 92 0 uvmvnodes 80 112 0 0 3 0 3 3 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 2 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 17 0 2 1 0 1 1 0 8 0 uaddrrnd 24 708 0 687 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 708 0 687 1 0 1 1 0 8 0 vmmpekpl 168 7737 0 7695 3 0 3 3 0 8 0 vmmpepl 168 54139 0 52891 94 37 57 86 0 357 0 vmsppl 488 707 0 687 5 1 4 5 0 8 0 rwobjpl 80 18385 0 17589 23 2 21 23 0 8 0 pdppl 4096 1423 0 1374 105 54 51 87 0 8 2 pvpl 32 11272 0 0 91 0 91 91 0 265 0 pmappl 256 707 0 687 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 285 0 60 8 0 8 8 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff838f1ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83b14d40) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline] __mp_lock(ffffffff83b14d40) at __mp_lock+0x192 sys/kern/kern_lock.c:173 syscall(ffff80002a3264c0) at syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline] syscall(ffff80002a3264c0) at syscall+0xaf4 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x783789c48840, count: 9 ddb{0}>