*cpu1: uvm_fault(0xfffffd806bfe2208, 0x98, 0, 1) -> e ddb{0}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x775c7ee0c360, count: -1 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80003c446870 rbx 0 rdx 0 rcx 0xffff8000fffee2b0 rax 0x3c r8 0xffff80003c4467a0 r9 0xffff80003c4464f0 r10 0xccaf26529b740756 r11 0xd436cd07b5ae5560 r12 0 r13 0 r14 0xffff8000fffee2b0 r15 0 rip 0xffffffff8204a3ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80003c4467f0 ss 0x10 savectx+0xae: movl $0,%gs:0x688 ddb{0}> show proc PROC (sshd-auth) tid=833 pid=78370 tcnt=1 stat=onproc flags process=2 proc=0 runpri=24, usrpri=52, slppri=24, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000fffeea78,0xffff8000fffee028 process=0xffff8000fffe2b70 user=0xffff80003c441000, vmspace=0xfffffd806c6c55d0 estcpu=2, cpticks=4, pctcpu=0.0, user=1, sys=3, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND *78370 833 14643 0 7 0x2 sshd-auth 21011 117887 17992 0 2 0 syz-executor 21011 279205 17992 0 3 0x4000080 fsleep syz-executor 21011 242861 17992 0 3 0x4000080 fsleep syz-executor 21011 169567 17992 0 3 0x4000080 fsleep syz-executor 14643 61207 17053 0 3 0x82 kqread sshd-session 74198 422787 55484 0 2 0 syz-executor 74198 509785 55484 0 7 0x4000000 syz-executor 52552 420051 96064 0 2 0 syz-executor 52552 190400 96064 0 3 0x4000080 rest syz-executor 52552 486722 96064 0 3 0x4000080 bell syz-executor 84406 285935 40411 0 2 0 syz-executor 84406 501639 40411 0 3 0x4000080 sbwait syz-executor 84406 235374 40411 0 3 0x4000080 fsleep syz-executor 6748 470088 0 0 3 0x14200 acct acct 15702 113049 60922 0 2 0 syz-executor 15702 476157 60922 0 3 0x4000080 fsleep syz-executor 15702 10619 60922 0 3 0x4000080 fsleep syz-executor 714 331973 47674 0 2 0 syz-executor 714 40463 47674 0 3 0x4000080 nanoslp syz-executor 714 3480 47674 0 3 0x4000080 fsleep syz-executor 33681 130247 24877 0 2 0xc80 syz-executor 33681 331192 24877 0 3 0x4000080 kqpoll syz-executor 33681 370785 24877 0 3 0x4000080 fsleep syz-executor 66808 163867 87070 -1 2 0xc91 syz-executor 66808 398270 87070 -1 3 0x4000091 kqpoll syz-executor 66808 100442 87070 -1 3 0x4000091 fsleep syz-executor 66808 169434 87070 -1 3 0x4000091 fsleep syz-executor 24877 328133 90129 0 3 0x82 nanoslp syz-executor 55484 101797 90129 0 2 0xc82 syz-executor 96064 245191 90129 0 3 0x82 nanoslp syz-executor 47674 159201 90129 0 3 0x82 nanoslp syz-executor 60922 446532 90129 0 2 0xc82 syz-executor 87070 23984 90129 0 3 0x82 nanoslp syz-executor 17992 3680 90129 0 2 0xc82 syz-executor 40411 119417 90129 0 3 0x82 nanoslp syz-executor 90129 325087 81156 0 3 0x82 kqread syz-executor 81156 467334 34011 0 3 0x10008a sigsusp ksh 34011 6515 33589 0 3 0x98 kqread sshd-session 33589 127660 17053 0 3 0x92 kqread sshd-session 59304 12627 1 0 3 0x100083 ttyin getty 17053 162033 1 0 3 0x88 kqread sshd 4569 163318 33120 74 3 0x1100092 bpf pflogd 33120 386183 1 0 3 0x80 sbwait pflogd 34095 466120 15054 73 3 0x1100090 kqread syslogd 15054 265478 1 0 3 0x100082 sbwait syslogd 20950 45762 1 0 3 0x100080 kqread resolvd 45497 124837 2404 77 3 0x100092 kqread dhcpleased 96965 250121 2404 77 3 0x100092 kqread dhcpleased 2404 522091 1 0 3 0x80 kqread dhcpleased 77985 241004 0 0 3 0x14200 bored smr 47359 273093 0 0 2 0x14200 zerothread 61604 113328 0 0 3 0x14200 aiodoned aiodoned 74083 416294 0 0 3 0x14200 syncer update 99233 119736 0 0 3 0x14200 cleaner cleaner 70688 514142 0 0 3 0x14200 reaper reaper 17848 104164 0 0 3 0x14200 pgdaemon pagedaemon 88109 497796 0 0 3 0x14200 bored viomb 76916 6426 0 0 3 0x40014200 acpi0 acpi0 90961 509294 0 0 3 0x40014200 idle1 4284 131895 0 0 3 0x14200 bored softnet1 1951 26944 0 0 3 0x14200 bored softnet0 53597 86727 0 0 3 0x14200 smrbar systqmp 62653 9176 0 0 3 0x14200 bored systq 40435 278815 0 0 3 0x14200 tmoslp softclockmp 64812 353204 0 0 3 0x40014200 tmoslp softclock 52791 127646 0 0 3 0x40014200 idle0 1 103607 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff8396d938) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487 #2 uvm_pmr_freepages+0x1a8 sys/uvm/uvm_pmemrange.c:-1 #3 pmap_do_remove+0x8af sys/arch/amd64/amd64/pmap.c:1942 #4 uvm_unmap_kill_entry_withlock+0x269 sys/uvm/uvm_map.c:1869 #5 uvm_unmap_remove+0x6c2 sys/uvm/uvm_map.c:2008 #6 sys_munmap+0x238 sys/uvm/uvm_mmap.c:537 #7 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #7 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #8 Xsyscall+0x128 Process 78370 (sshd-auth) thread 0xffff8000fffee2b0 (833) exclusive kernel: protection fault trap, code=0 Faulted in DDB; continuing... ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11064 12088K 12279K 166960K 12218 0 pcb 17 12K 12K 166960K 37 0 rtable 223 7K 8K 166960K 377 0 pf 37 18K 21K 166960K 56 0 ifaddr 41 6K 7K 166960K 49 0 ifgroup 55 2K 2K 166960K 64 0 sysctl 1 1K 9K 166960K 5 0 counters 72 37K 37K 166960K 78 0 ioctlops 0 0K 4K 166960K 1526 0 iov 0 0K 12K 166960K 4 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1295 81K 82K 166960K 1422 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 5 0 VM map 2 1K 1K 166960K 2 0 sem 7 0K 0K 166960K 7 0 dirhash 12 2K 2K 166960K 18 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 89K 166960K 191 0 proc 71 115K 164K 166960K 560 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 7 0 in_multi 88 6K 7K 166960K 100 0 ether_multi 1 0K 0K 166960K 1 0 mrt 0 0K 0K 166960K 4 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 61 281K 281K 166960K 61 0 exec 0 0K 1K 166960K 392 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 282 198K 198K 166960K 3667 0 UVM aobj 10 2K 2K 166960K 10 0 pinsyscall 47 94K 103K 166960K 1361 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 2 0 NDP 13 0K 2K 166960K 31 0 temp 37 9078K 9143K 166960K 5724 0 kqueue 14 22K 24K 166960K 32 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 38 0 35 1 0 1 1 0 8 0 rtentry 176 112 0 13 6 0 6 6 0 8 1 unpcb 144 58 0 37 1 0 1 1 0 8 0 syncache 336 4 0 4 1 0 1 1 0 8 1 tcpcb 736 24 0 18 1 0 1 1 0 8 0 arp 136 18 0 2 1 0 1 1 0 8 0 inpcb 328 117 0 105 2 0 2 2 0 8 1 nd6 152 24 0 3 1 0 1 1 0 8 0 pkpcb 40 1 0 1 1 0 1 1 0 8 1 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1192 3 0 1 1 0 1 1 0 8 0 pppxif 1576 1 0 1 1 0 1 1 0 8 1 pfstscr 40 2 0 0 1 0 1 1 0 8 0 pffrent 40 1 0 1 1 0 1 1 0 8 1 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 1 0 1 1 0 1 1 0 8 1 pfqueue 320 1 0 1 1 0 1 1 0 8 1 pfstitem 24 21 0 0 1 0 1 1 0 8 0 pfstkey 128 21 0 0 1 0 1 1 0 8 0 pfstate 448 20 0 0 3 0 3 3 0 8 0 pfrule 1360 54 0 49 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 458 0 6 29 0 29 29 0 8 0 art_table 40 459 0 6 5 0 5 5 0 8 0 art_node 32 112 0 22 1 0 1 1 0 8 0 semupl 112 1 0 1 1 0 1 1 0 8 1 semapl 112 5 0 0 1 0 1 1 0 8 0 shmpl 112 7 0 0 1 0 1 1 0 8 0 dirhash 1024 21 0 4 3 0 3 3 0 8 0 dino2pl 256 1704 0 234 93 0 93 93 0 8 0 ffsino 296 1704 0 234 114 0 114 114 0 8 0 nchpl 144 1958 0 254 64 0 64 64 0 8 0 vnodes 216 1818 0 0 101 0 101 101 0 8 0 namei 1024 6279 0 6279 1 0 1 1 0 8 1 percpumem 16 54 0 3 1 0 1 1 0 8 0 kstatmem 264 33 0 4 2 0 2 2 0 8 0 scsiplug 72 1 0 1 1 0 1 1 0 8 1 scxspl 216 6955 0 6955 9 2 7 7 1 8 7 plimitpl 152 103 0 84 1 0 1 1 0 8 0 sigapl 424 513 0 462 7 0 7 7 0 8 1 knotepl 120 66 0 0 2 0 2 2 0 8 0 kqueuepl 224 37 0 25 1 0 1 1 0 8 0 pipepl 344 158 0 130 6 0 6 6 0 8 3 fdescpl 528 496 0 462 3 0 3 3 0 8 0 filepl 160 2086 0 1847 16 0 16 16 0 8 6 lockfpl 104 112 0 110 2 0 2 2 0 8 1 lockfspl 48 21 0 19 1 0 1 1 0 8 0 sessionpl 144 26 0 15 1 0 1 1 0 8 0 pgrppl 48 34 0 15 1 0 1 1 0 8 0 ucredpl 104 259 0 245 1 0 1 1 0 8 0 zombiepl 144 462 0 462 1 0 1 1 0 8 1 processpl 1232 513 0 462 5 0 5 5 0 8 0 procpl 664 616 0 548 6 0 6 6 0 8 0 sosppl 176 2 0 2 1 0 1 1 0 8 1 sockpl 752 216 0 180 4 0 4 4 0 8 0 mcl64k 65536 2 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 136 0 0 17 0 17 17 0 8 0 mcl2k 2048 36 0 0 5 0 5 5 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 221 0 0 14 0 14 14 0 8 0 bufpl 280 2503 0 108 172 0 172 172 0 8 0 anonpl 32 6044 0 0 49 0 49 49 0 246 0 amapchunkpl 152 10543 0 9821 28 0 28 28 0 158 0 amappl16 200 1803 0 1780 5 2 3 5 0 8 0 amappl15 192 6 0 6 1 1 0 1 0 8 0 amappl14 184 436 0 435 1 0 1 1 0 8 0 amappl13 176 139 0 124 1 0 1 1 0 8 0 amappl12 168 778 0 745 2 0 2 2 0 8 0 amappl11 160 13 0 13 2 2 0 1 0 8 0 amappl10 152 67 0 53 1 0 1 1 0 8 0 amappl9 144 293 0 293 1 1 0 1 0 8 0 amappl8 136 103 0 101 1 0 1 1 0 8 0 amappl7 128 145 0 130 1 0 1 1 0 8 0 amappl6 120 155 0 154 1 0 1 1 0 8 0 amappl5 112 98 0 86 1 0 1 1 0 8 0 amappl4 104 295 0 274 1 0 1 1 0 8 0 amappl3 96 1822 0 1688 4 0 4 4 0 8 0 amappl2 88 545 0 471 2 0 2 2 0 8 0 amappl1 80 10031 0 9266 16 0 16 16 0 8 0 amappl 88 2913 0 2717 5 0 5 5 0 92 0 uvmvnodes 80 107 0 0 3 0 3 3 0 8 0 dma4096 4096 2 0 2 2 1 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 1 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 9 0 0 1 0 1 1 0 8 0 uaddrrnd 24 496 0 462 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 496 0 462 1 0 1 1 0 8 0 vmmpekpl 168 6048 0 6016 2 0 2 2 0 8 0 vmmpepl 168 40239 0 38004 98 0 98 98 0 357 0 vmsppl 488 495 0 462 5 0 5 5 0 8 0 rwobjpl 80 14727 0 13459 26 0 26 26 0 8 0 pdppl 4096 999 0 924 103 28 75 83 0 8 0 pvpl 32 14976 0 0 122 1 121 121 0 265 0 pmappl 256 495 0 462 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 283 0 31 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x775c7ee0c360, count: -1 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299bdff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 kd_curproc sys/dev/kcov.c:585 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 sys/dev/kcov.c:153 acpitimer_delay(1) at acpitimer_delay+0x2b sys/dev/acpi/acpitimer.c:-1 comcnputc(800,65) at comcnputc+0x29b sys/dev/ic/com.c:1269 cnputc(65) at cnputc+0x67 sys/dev/cons.c:218 db_putchar(65) at db_putchar+0x36d sys/ddb/db_output.c:155 kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1 db_printf(ffffffff83440981) at db_printf+0x9b sys/kern/subr_prf.c:-1 db_ktrap(6,0,ffff80003c4085c0) at db_ktrap+0x1b6 db_printtrap sys/arch/amd64/amd64/db_interface.c:103 [inline] db_ktrap(6,0,ffff80003c4085c0) at db_ktrap+0x1b6 sys/arch/amd64/amd64/db_interface.c:128 kerntrap(ffff80003c4085c0) at kerntrap+0x243 sys/arch/amd64/amd64/trap.c:519 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dovutimens(ffff8000fffe67e8,fffffd80695bd708,ffff80003c408780) at dovutimens+0x368 sys/kern/vfs_syscalls.c:2771 end trace frame: 0xffff80003c4087f0, count: 0 ddb{1}> trace x86_ipi_db(ffff8000299bdff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 kd_curproc sys/dev/kcov.c:585 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x33 sys/dev/kcov.c:153 acpitimer_delay(1) at acpitimer_delay+0x2b sys/dev/acpi/acpitimer.c:-1 comcnputc(800,65) at comcnputc+0x29b sys/dev/ic/com.c:1269 cnputc(65) at cnputc+0x67 sys/dev/cons.c:218 db_putchar(65) at db_putchar+0x36d sys/ddb/db_output.c:155 kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1 db_printf(ffffffff83440981) at db_printf+0x9b sys/kern/subr_prf.c:-1 db_ktrap(6,0,ffff80003c4085c0) at db_ktrap+0x1b6 db_printtrap sys/arch/amd64/amd64/db_interface.c:103 [inline] db_ktrap(6,0,ffff80003c4085c0) at db_ktrap+0x1b6 sys/arch/amd64/amd64/db_interface.c:128 kerntrap(ffff80003c4085c0) at kerntrap+0x243 sys/arch/amd64/amd64/trap.c:519 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dovutimens(ffff8000fffe67e8,fffffd80695bd708,ffff80003c408780) at dovutimens+0x368 sys/kern/vfs_syscalls.c:2771 sys_futimens(ffff8000fffe67e8,ffff80003c4088d0,ffff80003c408820) at sys_futimens+0xb3 sys/kern/vfs_syscalls.c:2847 syscall(ffff80003c4088d0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c4088d0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8a05dd05c50, count: -17