*cpu0: uvm_fault(0xfffffd805e52e9b0, 0xf, 0, 1) -> e ddb{1}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7da280d14c20, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80003b415390 rbx 0 rdx 0 rcx 0xffff80002ebd8038 rax 0x2a r8 0xffff80003b4152c0 r9 0 r10 0xe30552f7bebeb690 r11 0xc5a45b870000b77b r12 0 r13 0 r14 0 r15 0 rip 0xffffffff82ac24c7 proc_trampoline+0xc7 cs 0x8 rflags 0x246 rsp 0xffff80003b415310 ss 0 proc_trampoline+0xc7: movl $0,%gs:0x688 ddb{1}> show proc PROC (syz-executor) tid=39886 pid=61870 tcnt=1 stat=onproc flags process=0 proc=0 runpri=50, usrpri=50, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002ebd8d30,0xffffffff8392ced8 process=0xffff80003c4ece98 user=0xffff80003b410000, vmspace=0xfffffd800dafdb90 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND *61870 39886 92629 0 7 0 syz-executor 74118 354183 77491 0 2 0xc80 syz-executor 74118 229176 77491 0 3 0x4000080 kqread syz-executor 74118 496491 77491 0 3 0x4000080 fsleep syz-executor 74118 131986 77491 0 3 0x4000080 fsleep syz-executor 68375 44348 64733 0 2 0 syz-executor 68375 490132 64733 0 7 0x4000000 syz-executor 11444 187538 10095 0 2 0 syz-executor 11444 342522 10095 0 2 0x4000000 syz-executor 64733 76365 39699 0 2 0xc82 syz-executor 63479 489006 39699 0 2 0x2 syz-executor 44985 33984 39699 0 2 0x2 syz-executor 26211 63360 0 0 3 0x14280 nfsidl nfsio 70772 148731 0 0 3 0x14280 nfsidl nfsio 90969 387518 0 0 3 0x14280 nfsidl nfsio 92099 2760 0 0 3 0x14280 nfsidl nfsio 51187 495306 0 0 3 0x14280 nfsidl nfsio 88862 309229 0 0 3 0x14280 nfsidl nfsio 17982 255462 0 0 3 0x14280 nfsidl nfsio 43529 376296 0 0 3 0x14280 nfsidl nfsio 54621 20131 0 0 3 0x14280 nfsidl nfsio 59505 155769 0 0 3 0x14280 nfsidl nfsio 7402 274754 0 0 3 0x14280 nfsidl nfsio 38648 244494 0 0 3 0x14280 nfsidl nfsio 27343 374124 0 0 3 0x14280 nfsidl nfsio 2044 253271 0 0 3 0x14280 nfsidl nfsio 78971 347465 0 0 3 0x14280 nfsidl nfsio 4410 149227 0 0 3 0x14280 nfsidl nfsio 8047 444052 0 0 3 0x14280 nfsidl nfsio 75770 259974 0 0 3 0x14280 nfsidl nfsio 28853 9833 0 0 3 0x14280 nfsidl nfsio 84733 13727 0 0 3 0x14280 nfsidl nfsio 77491 168097 39699 0 2 0xc82 syz-executor 12426 327951 1 0 3 0x100083 ttyin getty 25240 442767 0 0 3 0x14200 bored sosplice 93328 80724 39699 0 2 0x2 syz-executor 52781 509542 39699 0 2 0xc82 syz-executor 10095 501641 39699 0 3 0x82 nanoslp syz-executor 92629 103226 39699 0 3 0x82 nanoslp syz-executor 39699 27207 27954 0 3 0x82 kqread syz-executor 27954 122173 86239 0 3 0x10008a sigsusp ksh 86239 481474 5798 0 3 0x98 kqread sshd-session 5798 182225 62802 0 3 0x92 kqread sshd-session 62802 383910 1 0 3 0x88 kqread sshd 85684 456388 88845 74 3 0x1100092 bpf pflogd 88845 74329 1 0 3 0x80 sbwait pflogd 7398 237053 15916 73 3 0x1100090 kqread syslogd 15916 342003 1 0 3 0x100082 sbwait syslogd 93011 53640 1 0 3 0x100080 kqread resolvd 23781 379733 58146 77 3 0x100092 kqread dhcpleased 7916 40146 58146 77 3 0x100092 kqread dhcpleased 58146 408668 1 0 3 0x80 kqread dhcpleased 80644 500007 0 0 3 0x14200 bored smr 54244 437606 0 0 3 0x14200 pgzero zerothread 97528 416315 0 0 3 0x14200 aiodoned aiodoned 1295 16192 0 0 3 0x14200 syncer update 98424 309455 0 0 3 0x14200 cleaner cleaner 90392 168353 0 0 3 0x14200 reaper reaper 85393 307289 0 0 3 0x14200 pgdaemon pagedaemon 17852 474377 0 0 3 0x14200 bored viomb 99022 8310 0 0 3 0x40014200 acpi0 acpi0 1343 427584 0 0 3 0x40014200 idle1 75704 400505 0 0 3 0x14200 bored softnet1 33188 476958 0 0 3 0x14200 bored softnet0 27922 247974 0 0 3 0x14200 bored systqmp 76942 312668 0 0 3 0x14200 bored systq 1248 476211 0 0 3 0x14200 tmoslp softclockmp 40608 493116 0 0 3 0x40014200 tmoslp softclock 76056 388848 0 0 3 0x40014200 idle0 1 353058 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks CPU 1: exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd806b2b3310) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 mtx_enter_try+0x1ad sys/kern/kern_lock.c:311 #2 mtx_enter+0x62 sys/kern/kern_lock.c:261 #3 pmap_enter+0x24b rcr3 sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:139 [inline] #3 pmap_enter+0x24b pmap_map_ptes sys/arch/amd64/amd64/pmap.c:437 [inline] #3 pmap_enter+0x24b sys/arch/amd64/amd64/pmap.c:2767 #4 uvm_fault_upper+0x338 sys/uvm/uvm_fault.c:1139 #5 uvm_fault+0x198 sys/uvm/uvm_fault.c:641 #6 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192 #7 usertrap+0x3c6 sys/arch/amd64/amd64/trap.c:603 #8 recall_trap+0x8 Process 61870 (syz-executor) thread 0xffff80002ebd8038 (39886) Process 68375 (syz-executor) thread 0xffff80002ebd94f8 (490132) Process 11444 (syz-executor) thread 0xffff80002ebd8d30 (342522) Process 63479 (syz-executor) thread 0xffff800034bf5a10 (489006) Process 93328 (syz-executor) thread 0xffff80002a2d67e0 (80724) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10236 11126K 12467K 166960K 14744 0 pcb 49 17K 18K 166960K 605 0 rtable 239 12K 13K 166960K 669 0 pf 39 18K 67486K 166960K 239 0 ifaddr 44 8K 9K 166960K 168 0 ifgroup 55 2K 2K 166960K 271 0 sysctl 4 1K 9K 166960K 53 0 counters 68 36K 37K 166960K 328 0 ioctlops 0 0K 4K 166960K 1887 0 iov 0 0K 30K 166960K 207 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1524 96K 96K 166960K 3499 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 28 0 VM map 2 1K 1K 166960K 2 0 sem 13 28K 28K 166960K 150 0 dirhash 12 2K 2K 166960K 63 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 15 53K 106K 166960K 2289 0 sigio 0 0K 0K 166960K 40 0 proc 73 115K 164K 166960K 961 0 subproc 72 4K 4K 166960K 127 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 341 0 in_multi 88 6K 7K 166960K 256 0 ether_multi 1 0K 0K 166960K 22 0 mrt 1 0K 0K 166960K 27 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 235 1049K 1049K 166960K 235 0 exec 0 0K 1K 166960K 923 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 220 168K 186K 166960K 22203 0 UVM aobj 55 2K 2K 166960K 58 0 pinsyscall 40 80K 101K 166960K 3575 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 146 0 NDP 12 0K 1K 166960K 115 0 temp 79 8652K 8729K 166960K 100011 0 kqueue 14 22K 30K 166960K 418 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 200 0 197 2 1 1 2 0 8 0 rtentry 176 213 0 119 5 0 5 5 0 8 0 unpcb 144 1798 0 1781 14 8 6 6 0 8 5 syncache 336 9 0 9 5 5 0 1 0 8 0 tcpqe 32 1 0 1 1 1 0 1 0 8 0 tcpcb 736 762 0 758 16 12 4 7 0 8 3 arp 136 25 0 8 1 0 1 1 0 8 0 inpcb 328 2614 0 2576 19 12 7 7 0 8 2 nd6 152 33 0 15 1 0 1 1 0 8 0 pkpcb 40 27 0 27 6 5 1 1 0 8 1 kcovpl 48 14 0 6 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1192 106 0 106 5 4 1 1 0 8 1 pppxif 1504 9 0 9 5 4 1 1 0 8 1 pfstscr 40 4 0 3 2 1 1 1 0 8 0 pffrag 232 46 0 40 1 0 1 1 0 482 0 pffrnode 88 44 0 38 1 0 1 1 0 8 0 pffrent 40 161 0 155 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfanchor 1288 3 0 0 1 0 1 1 0 8 0 pftag 88 4 0 2 1 0 1 1 0 8 0 pfstitem 24 129 0 58 1 0 1 1 0 8 0 pfstkey 128 132 0 62 3 0 3 3 0 8 0 pfstate 384 129 0 60 7 0 7 7 0 8 0 pfrule 1344 25 0 19 2 1 1 2 0 8 0 rttmr 136 8 0 8 5 5 0 1 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 1245 0 887 39 11 28 31 0 8 3 art_table 40 1249 0 887 5 0 5 5 0 8 0 art_node 32 210 0 134 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 4 1 1 0 1 0 8 0 semapl 112 145 0 134 1 0 1 1 0 8 0 shmpl 112 55 0 3 2 0 2 2 0 8 0 dirhash 1024 51 0 34 3 0 3 3 0 8 0 dino2pl 256 5693 0 4169 96 0 96 96 0 8 0 ffsino 296 5693 0 4169 118 0 118 118 0 8 0 nchpl 144 8928 0 7227 64 0 64 64 0 8 0 rtmask 32 24 0 24 6 5 1 1 0 8 1 uvmvnodes 80 4441 0 0 91 0 91 91 0 8 0 vnodes 216 4441 0 0 247 0 247 247 0 8 0 namei 1024 32657 0 32654 4 3 1 2 0 8 0 percpumem 16 179 0 130 1 0 1 1 0 8 0 kstatmem 264 176 0 150 5 2 3 3 0 8 1 acpiwqpl 32 2 0 2 1 0 1 1 1 8 1 scsiplug 72 7 0 7 5 5 0 1 0 8 0 scxspl 216 46126 0 46126 17 15 2 8 1 8 2 plimitpl 152 608 0 591 1 0 1 1 0 8 0 sigapl 424 2607 0 2541 9 1 8 8 0 8 0 knotepl 120 578 0 0 17 0 17 17 0 8 0 kqueuepl 224 1083 0 1073 16 14 2 5 0 8 1 pipepl 344 434 0 407 12 9 3 9 0 8 0 fdescpl 528 2565 0 2536 3 0 3 3 0 8 0 filepl 160 18236 0 17990 37 21 16 21 0 8 4 lockfpl 104 1271 0 1269 4 2 2 2 0 8 1 lockfspl 48 401 0 399 1 0 1 1 0 8 0 sessionpl 144 34 0 25 1 0 1 1 0 8 0 pgrppl 48 78 0 61 1 0 1 1 0 8 0 ucredpl 104 3107 0 3093 1 0 1 1 0 8 0 zombiepl 144 2829 0 2828 2 1 1 1 0 8 0 processpl 1232 2607 0 2541 6 0 6 6 0 8 0 procpl 664 6238 0 6167 8 0 8 8 0 8 0 sosppl 168 12 0 12 4 4 0 1 0 8 0 sockpl 752 4710 0 4651 50 39 11 18 0 8 4 mcl64k 65536 5 0 0 1 0 1 1 0 8 0 mcl16k 16384 4 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 114 0 0 15 0 15 15 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 47 0 0 6 0 6 6 0 8 0 mtagpl 96 9 0 0 1 0 1 1 0 8 0 mbufpl 256 416 0 0 25 0 25 25 0 8 0 bufpl 280 18218 0 12075 440 0 440 440 0 8 0 anonpl 32 13430 0 0 109 0 109 109 0 246 0 amapchunkpl 152 76833 0 76414 51 24 27 30 0 158 5 amappl16 200 8108 0 8072 63 48 15 28 0 8 5 amappl15 192 9 0 9 1 1 0 1 0 8 0 amappl14 184 141 0 129 1 0 1 1 0 8 0 amappl13 176 12 0 10 1 0 1 1 0 8 0 amappl12 168 3329 0 3300 4 1 3 3 0 8 0 amappl11 160 54 0 40 1 0 1 1 0 8 0 amappl10 152 4 0 4 2 1 1 1 0 8 1 amappl9 144 270 0 269 2 1 1 1 0 8 0 amappl8 136 22 0 19 1 0 1 1 0 8 0 amappl7 128 149 0 135 1 0 1 1 0 8 0 amappl6 120 249 0 246 1 0 1 1 0 8 0 amappl5 112 150 0 140 1 0 1 1 0 8 0 amappl4 104 334 0 314 1 0 1 1 0 8 0 amappl3 96 13614 0 13531 4 1 3 3 0 8 0 amappl2 88 2863 0 2784 2 0 2 2 0 8 0 amappl1 80 18731 0 18140 15 0 15 15 0 8 0 amappl 88 20998 0 20854 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 256 0 256 4 4 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 57 0 3 1 0 1 1 0 8 0 uaddrrnd 24 2565 0 2536 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2565 0 2536 1 0 1 1 0 8 0 vmmpekpl 168 20490 0 20434 3 0 3 3 0 8 0 vmmpepl 168 165163 0 163268 134 32 102 113 0 357 7 vmsppl 488 2564 0 2536 6 1 5 5 0 8 0 rwobjpl 80 47407 0 41995 121 4 117 117 0 8 2 pdppl 4096 5137 0 5072 121 50 71 83 0 8 6 pvpl 32 22589 0 0 183 1 182 182 0 265 0 pmappl 256 2564 0 2536 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 344 0 84 8 0 8 8 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff83845ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:674 acpitimer_delay(1) at acpitimer_delay+0x76 acpitimer_read sys/dev/acpi/acpitimer.c:142 [inline] acpitimer_delay(1) at acpitimer_delay+0x76 sys/dev/acpi/acpitimer.c:120 comcnputc(800,29) at comcnputc+0x29b sys/dev/ic/com.c:1269 cnputc(29) at cnputc+0x67 sys/dev/cons.c:218 db_putchar(29) at db_putchar+0x36d sys/ddb/db_output.c:155 kprintf() at kprintf+0x29a5 sys/kern/subr_prf.c:-1 db_printf(ffffffff83312279) at db_printf+0x9b sys/kern/subr_prf.c:-1 fault(ffffffff833d7918) at fault+0xa7 sys/arch/amd64/amd64/trap.c:161 kpageflttrap(ffff800035803a40,f) at kpageflttrap+0x37d sys/arch/amd64/amd64/trap.c:296 kerntrap(ffff800035803a40) at kerntrap+0x198 sys/arch/amd64/amd64/trap.c:489 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b end trace frame: 0xffff800035803b70, count: 0 ddb{0}> trace x86_ipi_db(ffffffff83845ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:674 acpitimer_delay(1) at acpitimer_delay+0x76 acpitimer_read sys/dev/acpi/acpitimer.c:142 [inline] acpitimer_delay(1) at acpitimer_delay+0x76 sys/dev/acpi/acpitimer.c:120 comcnputc(800,29) at comcnputc+0x29b sys/dev/ic/com.c:1269 cnputc(29) at cnputc+0x67 sys/dev/cons.c:218 db_putchar(29) at db_putchar+0x36d sys/ddb/db_output.c:155 kprintf() at kprintf+0x29a5 sys/kern/subr_prf.c:-1 db_printf(ffffffff83312279) at db_printf+0x9b sys/kern/subr_prf.c:-1 fault(ffffffff833d7918) at fault+0xa7 sys/arch/amd64/amd64/trap.c:161 kpageflttrap(ffff800035803a40,f) at kpageflttrap+0x37d sys/arch/amd64/amd64/trap.c:296 kerntrap(ffff800035803a40) at kerntrap+0x198 sys/arch/amd64/amd64/trap.c:489 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b ktrops(ffff80002ebd94f8,ffffffffffffffff,0,80000900,fffffd805be5c0e0,fffffd80097fb208) at ktrops+0x58 ktrcanset sys/kern/kern_ktrace.c:727 [inline] ktrops(ffff80002ebd94f8,ffffffffffffffff,0,80000900,fffffd805be5c0e0,fffffd80097fb208) at ktrops+0x58 sys/kern/kern_ktrace.c:570 doktrace(fffffd805be5c0e0,4,900,0,ffff80002ebd94f8) at doktrace+0x6bd ktrsetchildren sys/kern/kern_ktrace.c:595 [inline] doktrace(fffffd805be5c0e0,4,900,0,ffff80002ebd94f8) at doktrace+0x6bd sys/kern/kern_ktrace.c:517 sys_ktrace(ffff80002ebd94f8,ffff800035803e60,ffff800035803db0) at sys_ktrace+0x11c sys/kern/kern_ktrace.c:558 syscall(ffff800035803e60) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff800035803e60) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3fd44d1f320, count: -19 ddb{0}> machine ddbcpu 1 Stopped at proc_trampoline+0xc7: movl $0,%gs:0x688 proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7da280d14c20, count: 14 ddb{1}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7da280d14c20, count: -1