kernel: double fault trap, code=0 Stopped at restore_saved+0x32: xorq 0x30(%rsp),%r11 ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace end trace frame: 0x0, count: -1 ddb{0}> show registers rdi 0xffffffff83a4b000 end+0x24b000 rsi 0xffff80002a03e2c0 rbp 0 rbx 0 rdx 0 rcx 0xfffffd806a28b8c8 rax 0x1b r8 0x7f7fffffc000 r9 0 r10 0x7134ad8039bf816a r11 0xda225f47b95228b2 r12 0xffff80002a03e2c0 r13 0xffff80002ad69000 r14 0 r15 0xffff80002a03e7d0 rip 0xffffffff8244a1dc restore_saved+0x32 cs 0x8 rflags 0x10046 __ALIGN_SIZE+0xf046 rsp 0 ss 0x10 restore_saved+0x32: xorq 0x30(%rsp),%r11 ddb{0}> show proc PROC (syz-executor) tid=212833 pid=82350 tcnt=1 stat=onproc flags process=8000002 proc=80 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000ffff2530,0xffff80002a03f488 process=0xffff80002d6156b0 user=0xffff80002ad69000, vmspace=0xfffffd80092ee1b8 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=5, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 63157 187914 49940 0 2 0x8000000 syz-executor 63157 272319 49940 0 3 0xc000080 fsleep syz-executor 23543 311387 37569 0 2 0x8000000 syz-executor 23543 166424 37569 0 3 0xc000080 fsleep syz-executor 83896 416192 32595 60928 2 0x8000010 syz-executor 83896 54537 32595 60928 3 0xc000090 kqsel syz-executor 11937 87805 18750 0 3 0x8000080 nanoslp syz-executor 11937 89408 18750 0 3 0xc000080 netcon syz-executor 11937 440583 18750 0 3 0xc000080 fsleep syz-executor 41670 324960 94059 0 3 0x8000080 nanoslp syz-executor 41670 447682 94059 0 3 0xc000080 fsleep syz-executor 41670 494498 94059 0 3 0xc000080 fifor syz-executor 70808 185661 1 0 3 0x18100083 ttyin getty 49940 342756 4191 0 3 0x8000082 nanoslp syz-executor 32595 448613 4191 0 3 0x8000082 nanoslp syz-executor 37569 177487 4191 0 3 0x8000082 nanoslp syz-executor 15402 369228 4191 0 3 0x8000002 biowait syz-executor 18750 345776 4191 0 3 0x8000082 nanoslp syz-executor 94059 505234 4191 0 3 0x8000082 nanoslp syz-executor 36458 308692 4191 0 3 0x8000082 nanoslp syz-executor *82350 212833 4191 0 7 0x8000082 syz-executor 35755 491512 0 0 3 0x14200 acct acct 92635 264219 0 0 3 0x14200 bored sosplice 4191 107498 78133 0 2 0x8000002 syz-executor 78133 101942 78012 0 3 0x810008a sigsusp ksh 78012 208313 15955 0 3 0x18000098 kqread sshd-session 15955 316271 30322 0 3 0x18000092 kqread sshd-session 30322 259792 1 0 3 0x18000088 kqread sshd 32292 332994 52371 74 3 0x19100092 bpf pflogd 52371 496735 1 0 3 0x18000080 sbwait pflogd 22025 330551 2449 73 3 0x19100090 kqread syslogd 2449 335881 1 0 3 0x18100082 sbwait syslogd 21110 165462 1 0 3 0x18100080 kqread resolvd 96118 126474 810 77 3 0x18100092 kqread dhcpleased 95197 380759 810 77 3 0x18100092 kqread dhcpleased 810 262258 1 0 3 0x18000080 kqread dhcpleased 87302 149182 0 0 7 0x14200 smr 12825 383801 0 0 2 0x14200 zerothread 39027 176966 0 0 3 0x14200 aiodoned aiodoned 96202 520788 0 0 3 0x14200 syncer update 74913 102906 0 0 3 0x14200 cleaner cleaner 63569 446315 0 0 3 0x14200 reaper reaper 12099 362126 0 0 3 0x14200 pgdaemon pagedaemon 26010 348825 0 0 3 0x14200 bored viomb 41587 286660 0 0 3 0x40014200 acpi0 acpi0 47405 250821 0 0 3 0x40014200 idle1 5864 398361 0 0 3 0x14200 bored softnet3 95419 468959 0 0 3 0x14200 bored softnet2 91040 151136 0 0 3 0x14200 bored softnet1 54069 340792 0 0 3 0x14200 bored softnet0 5848 354057 0 0 3 0x14200 bored systqmp 52970 76368 0 0 3 0x14200 bored systq 15242 423698 0 0 3 0x14200 tmoslp softclockmp 1144 281163 0 0 3 0x40014200 tmoslp softclock 73964 267492 0 0 3 0x40014200 idle0 1 443905 0 0 3 0x8080082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex &sched_lock r = 0 (0xffffffff83571948) #0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151 #1 mtx_enter_try+0x178 #2 mtx_enter+0x60 sys/kern/kern_lock.c:239 #3 sleep_finish+0x1a9 sys/kern/kern_synch.c:400 #4 sys_nanosleep+0x28a sys/kern/kern_time.c:301 #5 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #5 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #6 Xsyscall+0x128 CPU 1: exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff835c80a8) #0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151 #1 mtx_enter_try+0x178 #2 mtx_enter+0x60 sys/kern/kern_lock.c:239 #3 uvm_pmr_freepageq+0x119 sys/uvm/uvm_pmemrange.c:1357 #4 uvm_pmr_cache_put+0x20b uvm_pmr_cache_free sys/uvm/uvm_pmemrange.c:2296 [inline] #4 uvm_pmr_cache_put+0x20b sys/uvm/uvm_pmemrange.c:2316 #5 uvm_km_pgremove_intrsafe+0xd9 sys/uvm/uvm_km.c:311 #6 uvm_unmap_kill_entry_withlock+0x1f7 sys/uvm/uvm_map.c:1892 #7 uvm_unmap_remove+0x6a2 sys/uvm/uvm_map.c:2022 #8 uvm_unmap+0xab sys/uvm/uvm_map.c:1811 #9 free+0x28b sys/kern/kern_malloc.c:428 #10 bpf_d_smr+0x46 sys/net/bpf.c:1698 #11 smr_thread+0x457 #12 proc_trampoline+0x10 exclusive mutex &map->mtx r = 0 (0xffffffff83601768) #0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151 #1 mtx_enter_try+0x178 #2 mtx_enter+0x60 sys/kern/kern_lock.c:239 #3 vm_map_lock_ln+0x1ed sys/uvm/uvm_map.c:5286 #4 uvm_unmap+0x81 sys/uvm/uvm_map.c:1810 #5 free+0x28b sys/kern/kern_malloc.c:428 #6 bpf_d_smr+0x46 sys/net/bpf.c:1698 #7 smr_thread+0x457 #8 proc_trampoline+0x10 Process 15402 (syz-executor) thread 0xffff80002a03e548 (369228) Process 87302 (smr) thread 0xffff800029fd8008 (149182) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10269 10329K 10702K 166960K 16611 0 pcb 18 15K 17K 166960K 830 0 rtable 231 18K 19K 166960K 3655 0 pf 42 19K 24K 166960K 440 0 ifaddr 43 9K 9K 166960K 494 0 ifgroup 59 2K 2K 166960K 553 0 sysctl 4 1K 5K 166960K 10 0 counters 66 36K 37K 166960K 328 0 ioctlops 0 0K 4K 166960K 1898 0 iov 0 0K 16K 166960K 299 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1526 96K 96K 166960K 6294 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 76 0 VM map 2 1K 1K 166960K 2 0 sem 15 3K 3K 166960K 17 0 dirhash 21 3K 4K 166960K 99 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 16 57K 97K 166960K 3841 0 sigio 1 0K 0K 166960K 45 0 proc 70 91K 152K 166960K 3501 0 subproc 104 6K 6K 166960K 1393 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 613 0 in_multi 87 6K 7K 166960K 1244 0 ether_multi 1 0K 0K 166960K 12 0 mrt 1 0K 0K 166960K 12 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 271 1208K 1208K 166960K 271 0 exec 0 0K 1K 166960K 2138 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 245 121K 136K 166960K 32096 0 UVM aobj 131 8K 8K 166960K 135 0 pinsyscall 41 82K 104K 166960K 7506 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 1K 166960K 191 0 NDP 13 0K 2K 166960K 359 0 temp 75 6816K 14749K 166960K 139217 0 kqueue 13 20K 31K 166960K 515 0 SYN cache 2 8K 16K 166960K 3 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 785 0 782 10 8 2 3 0 8 1 rtentry 112 1281 0 1185 5 2 3 4 0 8 0 unpcb 144 3855 0 3834 34 31 3 10 0 8 2 syncache 336 8 0 8 5 5 0 1 0 8 0 tcpqe 32 4 0 4 2 2 0 1 0 8 0 tcpcb 808 1526 0 1518 47 39 8 8 0 8 6 arp 120 234 0 214 1 0 1 1 0 8 0 inpcb 336 5319 0 5304 82 75 7 13 0 8 5 nd6 136 349 0 327 3 2 1 2 0 8 0 pkpcb 40 9 0 9 5 4 1 1 0 8 1 kcovpl 48 107 0 99 1 0 1 1 0 8 0 ppxss 1168 20 0 20 9 8 1 1 0 8 1 pfstscr 40 2 0 1 1 0 1 1 0 8 0 pffrag 232 31 0 23 2 1 1 1 0 482 0 pffrnode 88 29 0 22 2 1 1 1 0 8 0 pffrent 40 286 0 278 2 1 1 1 0 8 0 pfosfp 40 1430 0 1006 5 0 5 5 0 8 0 pfosfpen 112 1430 0 715 21 0 21 21 0 8 0 pfrktable 1344 23 0 15 2 1 1 1 0 8 0 pfanchor 1288 12 0 9 3 2 1 1 0 8 0 pftag 88 10 0 5 2 1 1 1 0 8 0 pfstitem 24 287 0 240 1 0 1 1 0 8 0 pfstkey 128 289 0 242 2 0 2 2 0 8 0 pfstate 376 286 0 240 8 2 6 6 0 8 0 pfrule 1344 58 0 42 6 4 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 5011 0 4600 40 11 29 29 0 8 0 art_table 32 5012 0 4600 4 0 4 4 0 8 0 art_node 16 1275 0 1191 1 0 1 1 0 8 0 sysvmsgpl 40 79 0 73 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 13 0 0 1 0 1 1 0 8 0 shmpl 112 132 0 4 4 0 4 4 0 8 0 dirhash 1024 76 0 53 9 5 4 4 0 8 1 dino2pl 256 6837 0 5116 108 0 108 108 0 8 0 ffsino 272 6837 0 5116 115 0 115 115 0 8 0 nchpl 144 10763 0 10040 68 40 28 68 0 8 0 uvmvnodes 80 9145 0 0 187 0 187 187 0 8 0 vnodes 216 9145 0 0 509 0 509 509 0 8 0 namei 1024 55735 0 55735 6 4 2 2 0 8 2 percpumem 16 178 0 131 1 0 1 1 0 8 0 vcpupl 3904 9 0 2 1 0 1 1 0 8 0 vmpool 696 25 0 18 2 1 1 1 0 8 0 pfiaddrpl 120 7 0 3 2 1 1 1 0 8 0 kstatmem 264 288 0 262 2 0 2 2 0 8 0 scsiplug 72 5 0 5 5 5 0 1 0 8 0 scxspl 216 78951 0 78950 13 12 1 8 1 8 0 plimitpl 152 1164 0 1145 1 0 1 1 0 8 0 sigapl 424 3972 0 3921 11 4 7 9 0 8 0 futexpl 64 52506 0 52502 8 7 1 1 0 8 0 knotepl 120 607 0 0 17 0 17 17 0 8 0 kqueuepl 216 1320 0 1309 18 17 1 6 0 8 0 pipepl 320 1253 0 1225 14 11 3 8 0 8 0 fdescpl 496 3929 0 3899 6 1 5 6 0 8 0 filepl 152 36333 0 36011 95 78 17 25 0 8 3 lockfpl 104 1559 0 1557 4 3 1 2 0 8 0 lockfspl 48 526 0 524 1 0 1 1 0 8 0 sessionpl 144 124 0 115 1 0 1 1 0 8 0 pgrppl 48 281 0 264 1 0 1 1 0 8 0 ucredpl 104 6422 0 6407 1 0 1 1 0 8 0 zombiepl 144 3923 0 3921 2 1 1 1 0 8 0 processpl 1152 3972 0 3921 7 2 5 6 0 8 0 procpl 648 7764 0 7706 9 3 6 8 0 8 0 srpgc 96 18 0 18 4 4 0 1 0 8 0 sosppl 168 14 0 13 8 7 1 1 0 8 0 sockpl 664 10000 0 9961 131 121 10 32 0 8 6 mcl64k 65536 8 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 5 0 0 1 0 1 1 0 8 0 mcl4k 4096 6 0 0 1 0 1 1 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 294 0 0 29 1 28 29 0 8 0 mtagpl 96 10 0 0 1 0 1 1 0 8 0 mbufpl 256 2416 0 0 143 0 143 143 0 8 0 bufpl 280 15737 0 6591 654 0 654 654 0 8 0 anonpl 24 535139 0 531203 125 69 56 82 0 185 15 amapchunkpl 152 101302 0 100803 83 50 33 43 0 158 11 amappl16 200 10050 0 10023 97 82 15 19 0 8 12 amappl15 192 6 0 6 1 1 0 1 0 8 0 amappl14 184 322 0 310 1 0 1 1 0 8 0 amappl13 176 8 0 8 3 3 0 1 0 8 0 amappl12 168 6155 0 6125 4 2 2 3 0 8 0 amappl11 160 61 0 47 1 0 1 1 0 8 0 amappl10 152 11 0 11 1 1 0 1 0 8 0 amappl9 144 151 0 150 2 1 1 1 0 8 0 amappl8 136 25 0 22 1 0 1 1 0 8 0 amappl7 128 304 0 291 1 0 1 1 0 8 0 amappl6 120 1228 0 1226 1 0 1 1 0 8 0 amappl5 112 538 0 526 1 0 1 1 0 8 0 amappl4 104 618 0 597 1 0 1 1 0 8 0 amappl3 96 20454 0 20343 4 0 4 4 0 8 0 amappl2 88 2031 0 1963 2 0 2 2 0 8 0 amappl1 80 25016 0 24423 19 5 14 15 0 8 0 amappl 88 30775 0 30600 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 2 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 8 0 8 2 2 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 134 0 4 3 0 3 3 0 8 0 uaddrrnd 24 3954 0 3917 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3954 0 3917 1 0 1 1 0 8 0 vmmpekpl 168 34484 0 34426 4 1 3 4 0 8 0 vmmpepl 168 242901 0 241025 152 55 97 102 0 357 9 vmsppl 440 3953 0 3917 7 2 5 5 0 8 0 rwobjpl 56 74680 0 64441 154 6 148 148 0 8 2 pdppl 4096 7915 0 7841 283 206 77 87 0 8 3 pvpl 32 42588 0 0 342 0 342 342 0 265 0 pmappl 248 3953 0 3917 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 885 0 357 16 0 16 16 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace end trace frame: 0x0, count: -1 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 mtx_enter(ffffffff83571938) at mtx_enter+0xa7 sys/kern/kern_lock.c:250 wakeup_n(ffffffff835c7f00,ffffffff) at wakeup_n+0x54 sys/kern/kern_synch.c:539 uvm_pmr_freepageq(ffff80002a0093f8) at uvm_pmr_freepageq+0x376 sys/uvm/uvm_pmemrange.c:1375 uvm_pmr_cache_put(fffffd8008756680) at uvm_pmr_cache_put+0x20b uvm_pmr_cache_free sys/uvm/uvm_pmemrange.c:2296 [inline] uvm_pmr_cache_put(fffffd8008756680) at uvm_pmr_cache_put+0x20b sys/uvm/uvm_pmemrange.c:2316 uvm_km_pgremove_intrsafe(ffff80000138a000,ffff800001392000) at uvm_km_pgremove_intrsafe+0xd9 sys/uvm/uvm_km.c:311 uvm_unmap_kill_entry_withlock(ffffffff83601648,ffffffff835f2ec0,1) at uvm_unmap_kill_entry_withlock+0x1f7 sys/uvm/uvm_map.c:1892 uvm_unmap_remove(ffffffff83601648,ffff80000138a000,ffff800001392000,ffff80002a0095c8,0,1,5ec1a329b920985) at uvm_unmap_remove+0x6a2 sys/uvm/uvm_map.c:2022 uvm_unmap(ffffffff83601648,ffff80000138a000,ffff800001392000) at uvm_unmap+0xab sys/uvm/uvm_map.c:1811 free(ffff80000138a000,2,8000) at free+0x28b sys/kern/kern_malloc.c:428 bpf_d_smr(ffff800001252600) at bpf_d_smr+0x46 sys/net/bpf.c:1698 smr_thread(ffff800029fd8008) at smr_thread+0x457 end trace frame: 0x0, count: -14