*cpu1: uvm_fault(0xfffffd806b4a7200, 0x0, 0, 1) -> e ddb{0}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x72539a2c1680, count: -1 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff8000333f5600 rbx 0 rdx 0 rcx 0xffff80003940f730 rax 0x2a r8 0xffff8000333f5530 r9 0x4 r10 0x5f30c5dae65aaf57 r11 0xd7a68872d4e75015 r12 0 r13 0 r14 0 r15 0 rip 0xffffffff811064c7 proc_trampoline+0xc7 cs 0x8 rflags 0x246 rsp 0xffff8000333f5580 ss 0 proc_trampoline+0xc7: movl $0,%gs:0x680 ddb{0}> show proc PROC (sh) tid=414288 pid=69727 tcnt=1 stat=onproc flags process=10100002 proc=0 runpri=40, usrpri=50, slppri=40, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000ffff27c0,0xffff80003940f9d0 process=0xffff80002a3a77f8 user=0xffff8000333f0000, vmspace=0xfffffd806b4a75c0 estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 19871 484902 71914 0 2 0 syz-executor 19871 260525 71914 0 3 0x4000080 fsleep syz-executor 75962 523473 9694 0 2 0 syz-executor 75962 287293 9694 0 2 0x4000000 syz-executor 15664 440949 65020 -1 2 0x10 syz-executor 15664 484028 65020 -1 3 0x4000090 ttyretype syz-executor 15664 116018 65020 -1 2 0x4000010 syz-executor 5784 70314 39887 0 2 0 syz-executor 5784 515513 39887 0 3 0x4000080 fsleep syz-executor 51346 417400 86490 0 3 0x1003000 suspend syz-executor 51346 321391 86490 0 2 0x5081000 syz-executor *69727 414288 17861 0 7 0x10100002 sh 17227 90802 19919 0 2 0 syz-executor 17227 124349 19919 0 2 0x4000000 syz-executor 17227 468921 19919 0 2 0x4000000 syz-executor 86490 21711 31116 0 3 0x82 nanoslp syz-executor 23549 248168 31116 0 3 0x82 nanoslp syz-executor 17861 206924 31116 0 3 0x82 wait syz-executor 39887 95641 31116 0 3 0x82 nanoslp syz-executor 65020 271930 31116 0 3 0x82 nanoslp syz-executor 71914 123286 31116 0 3 0x82 nanoslp syz-executor 9694 349996 31116 0 2 0x2 syz-executor 19919 277138 31116 0 3 0x82 nanoslp syz-executor 31116 189188 12634 0 3 0x82 kqread syz-executor 12634 167394 61968 0 3 0x10008a sigsusp ksh 61968 207433 86062 0 3 0x98 kqread sshd-session 86062 355418 15710 0 3 0x92 kqread sshd-session 92607 76758 1 0 3 0x100083 ttyin getty 15710 491817 1 0 3 0x88 kqread sshd 47426 496014 40200 74 3 0x1100092 bpf pflogd 40200 4776 1 0 3 0x80 sbwait pflogd 32668 376400 90451 73 3 0x1100090 kqread syslogd 90451 238110 1 0 3 0x100082 sbwait syslogd 78586 466275 1 0 3 0x100080 kqread resolvd 18879 192241 46210 77 3 0x100092 kqread dhcpleased 24390 367787 46210 77 3 0x100092 kqread dhcpleased 46210 233945 1 0 3 0x80 kqread dhcpleased 68859 90569 0 0 3 0x14200 bored smr 71159 22333 0 0 2 0x14200 zerothread 82693 312411 0 0 3 0x14200 aiodoned aiodoned 88932 139460 0 0 3 0x14200 syncer update 90337 375230 0 0 3 0x14200 cleaner cleaner 4973 371008 0 0 3 0x14200 reaper reaper 22283 379845 0 0 3 0x14200 pgdaemon pagedaemon 26595 229726 0 0 3 0x14200 bored viomb 75675 115333 0 0 3 0x40014200 acpi0 acpi0 59034 322032 0 0 3 0x40014200 idle1 36711 425522 0 0 3 0x14200 bored softnet3 56643 501378 0 0 3 0x14200 bored softnet2 72834 369848 0 0 3 0x14200 bored softnet1 76129 135344 0 0 3 0x14200 bored softnet0 21528 387164 0 0 3 0x14200 bored systqmp 47061 92328 0 0 3 0x14200 bored systq 94930 264392 0 0 3 0x14200 tmoslp softclockmp 39304 441187 0 0 3 0x40014200 tmoslp softclock 97544 69003 0 0 3 0x40014200 idle0 1 378103 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd806b4a6d10) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 mtx_enter_try+0x178 sys/kern/kern_lock.c:-1 #2 mtx_enter+0x60 sys/kern/kern_lock.c:239 #3 pmap_enter+0x246 rcr3 machine/cpufunc.h:139 [inline] #3 pmap_enter+0x246 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:437 [inline] #3 pmap_enter+0x246 sys/arch/amd64/amd64/pmap.c:2770 #4 uvm_fault_lower+0x703 sys/uvm/uvm_fault.c:1480 #5 uvm_fault+0x272 sys/uvm/uvm_fault.c:-1 #6 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188 #7 usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436 #8 recall_trap+0x8 Process 69727 (sh) thread 0xffff80003940f730 (414288) exclusive rwlock uobjlk r = 0 (0xfffffd8009eeb690) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316 #2 uvm_fault_lower_lookup+0x53 sys/uvm/uvm_fault.c:1173 #3 uvm_fault_lower+0x86 sys/uvm/uvm_fault.c:1310 #4 uvm_fault+0x272 sys/uvm/uvm_fault.c:-1 #5 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188 #6 usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436 #7 recall_trap+0x8 shared rwlock vmmaplk r = 0 (0xfffffd806b4a76c0) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 rw_do_enter_read+0x3af sys/kern/kern_rwlock.c:405 #2 uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1860 #3 uvm_fault_check+0x4b sys/uvm/uvm_fault.c:730 #4 uvm_fault+0x106 sys/uvm/uvm_fault.c:666 #5 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188 #6 usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436 #7 recall_trap+0x8 exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd806b4a6d10) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 mtx_enter_try+0x178 sys/kern/kern_lock.c:-1 #2 mtx_enter+0x60 sys/kern/kern_lock.c:239 #3 pmap_enter+0x246 rcr3 machine/cpufunc.h:139 [inline] #3 pmap_enter+0x246 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:437 [inline] #3 pmap_enter+0x246 sys/arch/amd64/amd64/pmap.c:2770 #4 uvm_fault_lower+0x703 sys/uvm/uvm_fault.c:1480 #5 uvm_fault+0x272 sys/uvm/uvm_fault.c:-1 #6 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188 #7 usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436 #8 recall_trap+0x8 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10204 11190K 11190K 166960K 11288 0 pcb 17 12K 12K 166960K 20 0 rtable 234 6K 6K 166960K 354 0 pf 34 17K 18K 166960K 45 0 ifaddr 43 7K 7K 166960K 45 0 ifgroup 55 2K 2K 166960K 55 0 sysctl 1 1K 1K 166960K 1 0 counters 64 36K 36K 166960K 64 0 ioctlops 0 0K 4K 166960K 1550 0 iov 0 0K 12K 166960K 2 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1340 84K 84K 166960K 1370 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 3 0K 0K 166960K 3 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 89K 166960K 152 0 proc 71 91K 128K 166960K 535 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 1 0 in_multi 99 7K 7K 166960K 99 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 43 201K 201K 166960K 43 0 exec 0 0K 1K 166960K 442 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 239 152K 162K 166960K 3112 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 43 86K 104K 166960K 1260 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 0K 166960K 4 0 NDP 28 2K 2K 166960K 28 0 temp 36 8682K 8746K 166960K 4031 0 kqueue 13 20K 20K 166960K 22 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 37 0 34 1 0 1 1 0 8 0 rtentry 176 111 0 1 5 0 5 5 0 8 0 unpcb 144 39 0 17 1 0 1 1 0 8 0 syncache 336 3 0 3 1 0 1 1 0 8 1 tcpcb 808 10 0 6 1 0 1 1 0 8 0 arp 128 18 0 0 1 0 1 1 0 8 0 inpcb 384 75 0 66 2 0 2 2 0 8 1 nd6 144 24 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 19 0 0 1 0 1 1 0 8 0 pfstkey 128 19 0 0 1 0 1 1 0 8 0 pfstate 384 19 0 0 2 0 2 2 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 453 0 0 29 0 29 29 0 8 0 art_table 32 454 0 0 4 0 4 4 0 8 0 art_node 16 110 0 10 1 0 1 1 0 8 0 semupl 112 1 0 1 1 0 1 1 0 8 1 semapl 112 1 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1588 0 77 95 0 95 95 0 8 0 ffsino 288 1588 0 77 109 0 109 109 0 8 1 nchpl 144 1799 0 109 63 0 63 63 0 8 0 uvmvnodes 80 1680 0 0 35 0 35 35 0 8 0 vnodes 216 1680 0 0 94 0 94 94 0 8 0 namei 1024 5670 0 5670 2 0 2 2 0 8 2 percpumem 16 47 0 0 1 0 1 1 0 8 0 kstatmem 264 24 0 0 2 0 2 2 0 8 0 scxspl 216 5821 0 5821 3 1 2 2 1 8 2 plimitpl 152 28 0 10 1 0 1 1 0 8 0 sigapl 424 459 0 408 7 0 7 7 0 8 1 futexpl 64 293 0 291 1 0 1 1 0 8 0 knotepl 120 59 0 0 2 0 2 2 0 8 0 kqueuepl 224 18 0 9 1 0 1 1 0 8 0 pipepl 336 108 0 79 3 0 3 3 0 8 0 fdescpl 520 441 0 409 3 0 3 3 0 8 0 filepl 160 1589 0 1362 10 0 10 10 0 8 0 lockfpl 104 10 0 8 1 0 1 1 0 8 0 lockfspl 48 6 0 4 1 0 1 1 0 8 0 sessionpl 144 22 0 13 1 0 1 1 0 8 0 pgrppl 48 30 0 13 1 0 1 1 0 8 0 ucredpl 104 88 0 74 1 0 1 1 0 8 0 zombiepl 144 411 0 408 1 0 1 1 0 8 0 processpl 1192 459 0 408 5 0 5 5 0 8 1 procpl 656 498 0 439 6 0 6 6 0 8 0 sockpl 728 151 0 117 4 0 4 4 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 109 0 0 14 0 14 14 0 8 0 mcl2k 2048 13 0 0 2 0 2 2 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 111 0 0 7 0 7 7 0 8 0 bufpl 280 2307 0 120 157 0 157 157 0 8 0 anonpl 32 4003 0 0 33 0 33 33 0 246 0 amapchunkpl 152 8639 0 8145 20 0 20 20 0 158 0 amappl16 200 2033 0 2015 5 0 5 5 0 8 4 amappl15 192 4 0 4 1 0 1 1 0 8 1 amappl14 184 114 0 102 1 0 1 1 0 8 0 amappl13 176 4 0 4 1 0 1 1 0 8 1 amappl12 168 1095 0 1061 4 1 3 3 0 8 0 amappl11 160 56 0 41 1 0 1 1 0 8 0 amappl10 152 7 0 7 1 0 1 1 0 8 1 amappl9 144 251 0 251 1 0 1 1 0 8 1 amappl8 136 48 0 46 1 0 1 1 0 8 0 amappl7 128 141 0 129 1 0 1 1 0 8 0 amappl6 120 199 0 195 1 0 1 1 0 8 0 amappl5 112 130 0 120 1 0 1 1 0 8 0 amappl4 104 318 0 299 1 0 1 1 0 8 0 amappl3 96 1352 0 1238 4 1 3 3 0 8 0 amappl2 88 638 0 576 2 0 2 2 0 8 0 amappl1 80 8305 0 7700 15 0 15 15 0 8 0 amappl 88 2423 0 2256 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 441 0 409 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 441 0 409 1 0 1 1 0 8 0 vmmpekpl 168 5309 0 5274 2 0 2 2 0 8 0 vmmpepl 168 35143 0 33160 89 0 89 89 0 357 0 vmsppl 480 440 0 409 5 0 5 5 0 8 0 rwobjpl 72 14420 0 11817 50 0 50 50 0 8 1 pdppl 4096 890 0 818 100 16 84 84 0 8 12 pvpl 32 9255 0 0 76 1 75 75 0 265 0 pmappl 256 440 0 409 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 374 0 18 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x72539a2c1680, count: -1 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:666 acpitimer_delay(1) at acpitimer_delay+0x58 acpitimer_read sys/dev/acpi/acpitimer.c:141 [inline] acpitimer_delay(1) at acpitimer_delay+0x58 sys/dev/acpi/acpitimer.c:120 comcnputc(800,20) at comcnputc+0x29b sys/dev/ic/com.c:1269 cnputc(20) at cnputc+0x61 sys/dev/cons.c:218 db_putchar(65) at db_putchar+0x524 db_force_whitespace sys/ddb/db_output.c:102 [inline] db_putchar(65) at db_putchar+0x524 sys/ddb/db_output.c:153 kprintf() at kprintf+0x2aba sys/kern/subr_prf.c:1065 db_printf(ffffffff833f877e) at db_printf+0x9b sys/kern/subr_prf.c:-1 fault(ffffffff83396b6c) at fault+0xa7 sys/arch/amd64/amd64/trap.c:157 kpageflttrap(ffff80003940d9c0,0) at kpageflttrap+0x385 sys/arch/amd64/amd64/trap.c:290 kerntrap(ffff80003940d9c0) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b end trace frame: 0xffff80003940daa0, count: 0 ddb{1}> trace x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:666 acpitimer_delay(1) at acpitimer_delay+0x58 acpitimer_read sys/dev/acpi/acpitimer.c:141 [inline] acpitimer_delay(1) at acpitimer_delay+0x58 sys/dev/acpi/acpitimer.c:120 comcnputc(800,20) at comcnputc+0x29b sys/dev/ic/com.c:1269 cnputc(20) at cnputc+0x61 sys/dev/cons.c:218 db_putchar(65) at db_putchar+0x524 db_force_whitespace sys/ddb/db_output.c:102 [inline] db_putchar(65) at db_putchar+0x524 sys/ddb/db_output.c:153 kprintf() at kprintf+0x2aba sys/kern/subr_prf.c:1065 db_printf(ffffffff833f877e) at db_printf+0x9b sys/kern/subr_prf.c:-1 fault(ffffffff83396b6c) at fault+0xa7 sys/arch/amd64/amd64/trap.c:157 kpageflttrap(ffff80003940d9c0,0) at kpageflttrap+0x385 sys/arch/amd64/amd64/trap.c:290 kerntrap(ffff80003940d9c0) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff8000014a2000) at dt_ioctl_record_stop+0xf0 sys/dev/dt/dt_dev.c:579 dtclose(11e5f,81,2000,ffff80003940e020) at dtclose+0x105 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(11e5f,81,2000,ffff80003940e020) at dtclose+0x105 sys/dev/dt/dt_dev.c:232 spec_close(ffff80003940db70) at spec_close+0x45f sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd805f5726d0,81,fffffd807f7d34e0,ffff80003940e020) at VOP_CLOSE+0x133 sys/kern/vfs_vops.c:156 vn_closefile(fffffd806b528728,ffff80003940e020) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd806b528728,ffff80003940e020) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd806b528728,ffff80003940e020) at fdrop+0x126 sys/kern/kern_descrip.c:1265 closef(fffffd806b528728,ffff80003940e020) at closef+0x192 sys/kern/kern_descrip.c:1249 fdfree(ffff80003940e020) at fdfree+0x116 sys/kern/kern_descrip.c:1181 exit1(ffff80003940e020,b,0,1) at exit1+0x58f sys/kern/kern_exit.c:214 sys_exit(ffff80003940e020,ffff80003940dee0,ffff80003940de30) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80003940dee0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003940dee0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x702c306a3540, count: -26