uvm_fault(0xffffffff838d1f50, 0xffff800001488000, 0, 2) -> e fatal page fault in supervisor mode trap type 6 code 2 rip ffffffff8214eb70 cs 8 rflags 10216 cr2 ffff800001488000 cpl 0 rsp ffff80003c963560 gsbase 0xffffffff8379eff0 kgsbase 0x0 panic: trap type 6, code=2, pc=ffffffff8214eb70 Starting stack trace... panic(ffffffff833a0d67) at panic+0x1ba sys/kern/subr_prf.c:229 kerntrap(ffff80003c9634b0) at kerntrap+0x2fb alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b sys_shmat(ffff80003c93aa80,ffff80003c9636c0,ffff80003c963610) at sys_shmat+0xe0 sys/kern/sysv_shm.c:235 syscall(ffff80003c9636c0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9636c0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xbc01f87af30, count: 251 End of stack trace. panic: Data modified on freelist: word 4 of object 0xffff80000147e200 size 0x30 previous type UVM amap (0xffffffff != 0xdead4110) Starting stack trace... panic(ffffffff8333e022) at panic+0x1ba sys/kern/subr_prf.c:229 malloc(30,7f,9) at malloc+0xdb6 sys/kern/kern_malloc.c:355 dopselect(ffff80002a7b87d8,35,700e1f0c23e0,0,0,ffff80002a7fd420,295dccd01326df69,ffff80002a7fd4b0) at dopselect+0xe4 sys/kern/sys_generic.c:615 sys_pselect(ffff80002a7b87d8,ffff80002a7fd560,ffff80002a7fd4b0) at sys_pselect+0x25a sys/kern/sys_generic.c:589 syscall(ffff80002a7fd560) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002a7fd560) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x700e1f0c2390, count: 251 End of stack trace. WARNING: SPL NOT LOWERED ON SYSCALL 91 218329736 EXIT 0 3 Stopped at savectx+0xae: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND *120367 50017 0 0x2 0 0 syz-executor savectx() at savectx+0xae end of kernel end trace frame: 0x7e5e0d037270, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xffffffff838d1f50, 0xffff800001488000, 0, 2) -> e ddb> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7e5e0d037270, count: -1 ddb> show registers rdi 0 rsi 0 rbp 0xffff80003c927a70 rbx 0 rdx 0 rcx 0 rax 0x3a r8 0xffff80003c9279a0 r9 0 r10 0xaf01c182fc846f4d r11 0x996d8c2e8083500d r12 0 r13 0 r14 0xffff800033908a88 r15 0 rip 0xffffffff81f353ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80003c9279f0 ss 0x10 savectx+0xae: movl $0,%gs:0x688 ddb> show proc PROC (syz-executor) tid=120367 pid=50017 tcnt=1 stat=onproc flags process=2 proc=0 runpri=78, usrpri=77, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a7774c8,0xffff80003c93b4f0 process=0xffff8000ffff9b18 user=0xffff80003c922000, vmspace=0xfffffd806d1ef188 estcpu=27, cpticks=39, pctcpu=0.4, user=1, sys=37, intr=1 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 81614 300169 50017 0 2 0 syz-executor 81614 169144 50017 0 3 0x4000080 fsleep syz-executor 11547 339803 62309 0 2 0 syz-executor 11547 429782 62309 0 3 0x4000000 vmmaplk syz-executor 11547 383287 62309 0 2 0x4000000 syz-executor 38343 470843 4262 0 2 0 syz-executor 38343 428424 4262 0 3 0x4000080 fsleep syz-executor 41614 513636 82481 0 2 0 syz-executor 41614 78021 82481 0 3 0x4000080 fsleep syz-executor 41614 266896 82481 0 2 0x4000000 syz-executor 54494 56695 6511 0 3 0x3000 suspend syz-executor 54494 419486 6511 0 2 0x4081000 syz-executor 18703 69612 92044 0 3 0 vmmaplk syz-executor 18703 128224 92044 0 3 0x4000080 fsleep syz-executor 18703 67215 92044 0 2 0x4000000 syz-executor 9045 249677 17398 -1 2 0x10 syz-executor 9045 237005 17398 -1 3 0x4000010 netlock syz-executor 9045 130463 17398 -1 2 0x4000010 syz-executor 48579 420335 30667 0 2 0 syz-executor 48579 408751 30667 0 3 0x4000080 fsleep syz-executor 48579 59281 30667 0 3 0x4000080 fsleep syz-executor 48579 354976 30667 0 3 0x4000080 fsleep syz-executor 92044 336613 3721 0 2 0x2 syz-executor *50017 120367 3721 0 7 0x2 syz-executor 82481 174973 3721 0 2 0x2 syz-executor 62309 215281 3721 0 2 0x2 syz-executor 30667 78446 3721 0 2 0x2 syz-executor 17398 110625 3721 0 2 0x2 syz-executor 6511 384787 3721 0 2 0x2 syz-executor 4262 114543 3721 0 2 0x2 syz-executor 3721 269776 69649 0 3 0x2 netlock syz-executor 69649 280802 86339 0 3 0x10008a sigsusp ksh 86339 356894 22699 0 3 0x98 kqread sshd-session 22699 49804 96623 0 3 0x92 kqread sshd-session 75219 341465 1 0 3 0x100083 ttyopn getty 96623 4821 1 0 3 0x88 kqread sshd 3912 79719 25674 73 3 0x1100090 kqread syslogd 25674 122047 1 0 3 0x100082 sbwait syslogd 74563 415111 1 0 3 0x100080 kqread resolvd 94428 351538 93487 77 3 0x100092 kqread dhcpleased 76091 230274 93487 77 3 0x100092 kqread dhcpleased 93487 59897 1 0 3 0x80 kqread dhcpleased 50809 386661 0 0 3 0x14200 bored smr 40514 361213 0 0 2 0x14200 zerothread 4541 239560 0 0 3 0x14200 aiodoned aiodoned 1202 113896 0 0 2 0x14200 update 792 434564 0 0 3 0x14200 cleaner cleaner 45473 355552 0 0 3 0x14200 reaper reaper 35342 509536 0 0 3 0x14200 pgdaemon pagedaemon 15865 264024 0 0 3 0x14200 bored viomb 59031 287941 0 0 3 0x40014200 acpi0 acpi0 84537 289627 0 0 3 0x14200 netlock softnet0 86722 349294 0 0 3 0x14200 bored systqmp 76886 213259 0 0 3 0x14200 bored systq 26695 114423 0 0 3 0x40014200 netlock softclock 49464 58430 0 0 3 0x40014200 idle0 1 435621 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10209 11051K 11640K 166960K 14467 0 pcb 17 17K 19K 166960K 381 0 rtable 196 10K 11K 166960K 653 0 pf 36 14K 18K 166960K 178 0 ifaddr 35 6K 8K 166960K 128 0 ifgroup 56 2K 2K 166960K 208 0 sysctl 4 1K 9K 166960K 14 0 counters 36 18K 18K 166960K 154 0 ioctlops 1 1K 4K 166960K 359 0 iov 0 0K 34K 166960K 157 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1556 98K 98K 166960K 3369 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 6K 6K 166960K 23 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 113 0 dirhash 12 2K 2K 166960K 42 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 240K 166960K 1823 0 sigio 0 0K 0K 166960K 162 0 proc 60 59K 83K 166960K 711 0 subproc 72 4K 4K 166960K 90 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 186 0 in_multi 65 4K 7K 166960K 182 0 ether_multi 1 0K 0K 166960K 18 0 mrt 1 0K 0K 166960K 12 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 229 1023K 1023K 166960K 229 0 exec 0 0K 1K 166960K 696 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 5 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 240 153K 180K 166960K 18654 0 UVM aobj 53 14K 14K 166960K 58 0 pinsyscall 39 78K 92K 166960K 2929 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 137 0 NDP 13 0K 2K 166960K 92 0 temp 78 8672K 8752K 166960K 68635 0 kqueue 14 22K 33K 166960K 415 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 242 0 239 3 0 3 3 0 8 2 rtentry 136 191 0 122 4 0 4 4 0 8 0 unpcb 144 1514 0 1495 7 1 6 6 0 8 5 syncache 336 8 0 8 2 1 1 1 0 8 1 tcpqe 32 4 0 4 2 1 1 1 0 8 1 tcpcb 736 729 0 725 8 1 7 7 0 8 6 arp 96 35 0 25 1 0 1 1 0 8 0 ipq 40 8 0 7 1 0 1 1 0 8 0 ipqe 40 10 0 9 1 0 1 1 0 8 0 inpcb 328 1915 0 1907 15 6 9 13 0 8 7 ip6q 72 71 0 70 1 0 1 1 0 8 0 ip6af 40 139 0 137 1 0 1 1 0 8 0 nd6 112 37 0 21 1 0 1 1 0 8 0 pkpcb 40 15 0 15 2 1 1 1 0 8 1 kcovpl 48 10 0 2 1 0 1 1 0 8 0 ppxss 1072 108 0 107 2 1 1 1 0 8 0 pppxif 1384 3 0 2 2 1 1 1 0 8 0 pfstscr 40 1 0 1 1 0 1 1 0 8 1 pfrktable 1344 2 0 2 2 1 1 1 0 8 1 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 5 0 3 1 0 1 1 0 8 0 pfstate 384 3 0 2 1 0 1 1 0 8 0 pfrule 1344 3 0 3 2 1 1 1 0 8 1 rttmr 136 2 0 2 1 0 1 1 0 8 1 art_heap8 4096 5 0 0 5 0 5 5 0 8 0 art_heap4 256 740 0 424 31 2 29 31 0 8 7 art_table 40 745 0 424 5 0 5 5 0 8 0 art_node 32 189 0 132 1 0 1 1 0 8 0 sysvmsgpl 40 28 0 22 1 0 1 1 0 8 0 semupl 112 2 0 2 1 0 1 1 0 8 1 semapl 112 108 0 98 1 0 1 1 0 8 0 shmpl 112 47 0 3 2 0 2 2 0 8 0 dirhash 1024 38 0 21 3 0 3 3 0 8 0 dino2pl 256 4902 0 3408 95 0 95 95 0 8 0 ffsino 256 4902 0 3408 95 0 95 95 0 8 0 nchpl 144 7502 0 5804 64 0 64 64 0 8 0 rtmask 32 13 0 13 2 1 1 1 0 8 1 vnodes 216 3823 0 0 213 0 213 213 0 8 0 namei 1024 27379 0 27379 3 2 1 2 0 8 1 vcpupl 3904 7 0 1 1 0 1 1 0 8 0 vmpool 800 8 0 2 1 0 1 1 0 8 0 kstatmem 264 142 0 116 3 0 3 3 0 8 1 scsiplug 72 5 0 5 1 0 1 1 0 8 1 scxspl 216 22745 0 22744 9 1 8 8 1 8 7 plimitpl 152 476 0 458 1 0 1 1 0 8 0 sigapl 424 2097 0 2054 8 0 8 8 0 8 2 knotepl 120 73664 0 73616 30 20 10 17 0 8 7 kqueuepl 184 684 0 673 4 0 4 4 0 8 3 pipepl 304 298 0 238 5 0 5 5 0 8 0 fdescpl 448 2059 0 2029 5 1 4 5 0 8 0 filepl 120 15709 0 15424 13 0 13 13 0 8 4 lockfpl 104 697 0 695 1 0 1 1 0 8 0 lockfspl 48 245 0 243 1 0 1 1 0 8 0 sessionpl 144 26 0 18 1 0 1 1 0 8 0 pgrppl 48 56 0 40 1 0 1 1 0 8 0 ucredpl 104 2737 0 2724 1 0 1 1 0 8 0 zombiepl 144 3216 0 3215 1 0 1 1 0 8 0 processpl 1152 2097 0 2054 5 0 5 5 0 8 1 procpl 664 5156 0 5099 7 0 7 7 0 8 1 sosppl 176 25 0 25 2 1 1 1 0 8 1 sockpl 552 3734 0 3704 19 9 10 15 0 8 7 mcl64k 65536 151 0 151 2 1 1 1 0 8 1 mcl16k 16384 3 0 3 1 0 1 1 0 8 1 mcl12k 12288 2 0 2 1 0 1 1 0 8 1 mcl9k 9216 3 0 3 1 0 1 1 0 8 1 mcl8k 8192 20 0 20 2 1 1 1 0 8 1 mcl4k 4096 4958 0 4897 16 7 9 15 0 8 1 mcl2k2 2112 2 0 2 1 1 0 1 0 8 0 mcl2k 2048 2811 0 2807 5 2 3 3 0 8 2 mtagpl 96 126 0 35 3 0 3 3 0 8 0 mbufpl 256 27628 0 27434 151 125 26 81 0 8 8 bufpl 280 6994 0 773 445 0 445 445 0 8 0 anonpl 24 298314 0 295055 64 19 45 56 0 187 13 amapchunkpl 152 64545 0 64040 46 18 28 40 0 158 8 amappl16 200 5078 0 5041 39 27 12 15 0 8 8 amappl15 192 7 0 7 2 1 1 1 0 8 1 amappl14 184 20 0 20 2 1 1 1 0 8 1 amappl13 176 434 0 433 1 0 1 1 0 8 0 amappl12 168 2433 0 2394 2 0 2 2 0 8 0 amappl11 160 30 0 29 2 1 1 1 0 8 0 amappl10 152 56 0 46 1 0 1 1 0 8 0 amappl9 144 244 0 244 1 1 0 1 0 8 0 amappl8 136 24 0 22 1 0 1 1 0 8 0 amappl7 128 90 0 88 1 0 1 1 0 8 0 amappl6 120 289 0 277 1 0 1 1 0 8 0 amappl5 112 87 0 78 1 0 1 1 0 8 0 amappl4 104 420 0 396 1 0 1 1 0 8 0 amappl3 96 11232 0 11136 3 0 3 3 0 8 0 amappl2 88 2204 0 2132 2 0 2 2 0 8 0 amappl1 80 16392 0 15849 13 0 13 13 0 8 0 amappl 88 17589 0 17420 5 0 5 5 0 92 0 uvmvnodes 80 140 0 0 3 0 3 3 0 8 0 dma32768 32768 1 0 1 1 0 1 1 0 8 1 dma16384 16384 1 0 1 1 0 1 1 0 8 1 dma8192 8192 1 0 1 1 0 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 2 0 2 1 0 1 1 0 8 1 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma512 512 1 0 1 1 0 1 1 0 8 1 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 1 1 1 0 8 1 dma64 64 7 0 7 2 1 1 1 0 8 1 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 57 0 5 1 0 1 1 0 8 0 uaddrrnd 24 2059 0 2029 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2059 0 2029 1 0 1 1 0 8 0 vmmpekpl 168 17644 0 17603 3 0 3 3 0 8 0 vmmpepl 168 134676 0 132804 99 6 93 93 0 357 11 vmsppl 368 2058 0 2029 4 1 3 4 0 8 0 rwobjpl 40 35716 0 34657 13 0 13 13 0 8 0 pdppl 4096 4140 0 4068 108 36 72 78 0 8 0 pvpl 32 878258 0 869399 136 23 113 129 0 265 22 pmappl 216 2066 0 2031 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 544 0 182 13 1 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7e5e0d037270, count: -1 ddb> machine ddbcpu 1 No such command ddb> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7e5e0d037270, count: -1