kernel: double fault trap, code=0 Stopped at restore_saved+0x32: xorq 0x30(%rsp),%r11 ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace end trace frame: 0x0, count: -1 ddb{1}> show registers rdi 0xffffffff832cc000 end+0x2cc000 rsi 0xffff800032543738 rbp 0 rbx 0 rdx 0 rcx 0xfffffd806917e9b0 rax 0x1b r8 0 r9 0x1 r10 0x375c53116ec073e8 r11 0x4d4b71e0ac00d65 r12 0xffff800032543738 r13 0xffff80002a253000 r14 0 r15 0xffff80002a29a2c0 rip 0xffffffff8105c1dc restore_saved+0x32 cs 0x8 rflags 0x10046 __ALIGN_SIZE+0xf046 rsp 0 ss 0x10 restore_saved+0x32: xorq 0x30(%rsp),%r11 ddb{1}> show proc PROC (syz-executor.4) tid=183477 pid=91922 tcnt=2 stat=onproc flags process=8000000 proc=0 runpri=81, usrpri=81, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff8000325434a8,0xffff800032542d08 process=0xffff80002a29c8f8 user=0xffff80002a253000, vmspace=0xfffffd806a94e8a8 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 76102 371180 66082 0 2 0x8000010 syz-executor.6 76102 17268 66082 0 3 0xc000090 kqread syz-executor.6 34212 350450 42118 0 2 0x8000000 syz-executor.1 34212 188057 42118 0 2 0xc000000 syz-executor.1 *91922 183477 66102 0 7 0x8000000 syz-executor.4 91922 302666 66102 0 3 0xc000080 fsleep syz-executor.4 92403 332439 99963 0 2 0x8000000 syz-executor.2 92403 333741 99963 0 3 0xc000080 fsleep syz-executor.2 76654 418630 76583 0 2 0x8000000 syz-executor.7 76654 149348 76583 0 3 0xc000080 fsleep syz-executor.7 76654 134318 76583 0 3 0xc000080 fsleep syz-executor.7 31062 371659 94516 0 2 0x8000002 syz-executor.3 82176 49906 94516 0 3 0x8000002 biowait syz-executor.5 51974 242723 0 0 3 0x14200 bored sosplice 75759 217752 94516 0 3 0x8000082 nanoslp syz-executor.0 66082 475747 94516 0 3 0x8000082 nanoslp syz-executor.6 99963 184758 94516 0 3 0x8000082 nanoslp syz-executor.2 42118 411582 94516 0 3 0x8000082 nanoslp syz-executor.1 76583 470861 94516 0 3 0x8000082 nanoslp syz-executor.7 66102 10734 94516 0 3 0x8000082 nanoslp syz-executor.4 94516 372745 61999 0 3 0x1a000082 wait syz-fuzzer 94516 41126 61999 0 3 0x1e000082 nanoslp syz-fuzzer 94516 417764 61999 0 3 0x1e000082 thrsleep syz-fuzzer 94516 412596 61999 0 3 0x1e000082 wait syz-fuzzer 94516 466117 61999 0 3 0x1e000082 thrsleep syz-fuzzer 94516 493459 61999 0 3 0x1e000082 wait syz-fuzzer 94516 303871 61999 0 3 0x1e000082 wait syz-fuzzer 94516 446419 61999 0 3 0x1e000082 thrsleep syz-fuzzer 94516 89457 61999 0 3 0x1e000082 wait syz-fuzzer 94516 33793 61999 0 3 0x1e000082 wait syz-fuzzer 94516 263103 61999 0 3 0x1e000082 thrsleep syz-fuzzer 94516 420060 61999 0 3 0x1e000082 wait syz-fuzzer 94516 222652 61999 0 3 0x1e000082 wait syz-fuzzer 94516 90728 61999 0 3 0x1e000082 thrsleep syz-fuzzer 94516 160676 61999 0 3 0x1e000082 thrsleep syz-fuzzer 94516 421453 61999 0 3 0x1e000082 kqread syz-fuzzer 61999 17445 61851 0 3 0x810008a sigsusp ksh 61851 196588 19625 0 3 0x1800009a kqread sshd 22922 9077 1 0 3 0x18100083 ttyin getty 19625 107039 1 0 3 0x18000088 kqread sshd 68787 363136 31879 73 3 0x19100090 kqread syslogd 31879 108305 1 0 3 0x18100082 sbwait syslogd 85237 342932 1 0 3 0x18100080 kqread resolvd 28362 105305 71929 77 3 0x18100092 kqread dhcpleased 41865 206024 71929 77 3 0x18100092 kqread dhcpleased 71929 12667 1 0 3 0x18000080 kqread dhcpleased 40327 130453 0 0 3 0x14200 bored smr 36422 128039 0 0 2 0x14200 zerothread 139 204735 0 0 3 0x14200 aiodoned aiodoned 60922 2340 0 0 3 0x14200 syncer update 69613 44294 0 0 3 0x14200 cleaner cleaner 49922 431330 0 0 7 0x14200 reaper 56287 479357 0 0 3 0x14200 pgdaemon pagedaemon 78231 487462 0 0 3 0x14200 bored viomb 51386 443609 0 0 3 0x40014200 acpi0 acpi0 24896 335336 0 0 3 0x40014200 idle1 66207 336139 0 0 3 0x14200 bored softnet3 70062 383173 0 0 3 0x14200 bored softnet2 50628 209783 0 0 3 0x14200 bored softnet1 89723 341638 0 0 3 0x14200 bored softnet0 38044 501491 0 0 3 0x14200 bored systqmp 27270 311100 0 0 3 0x14200 bored systq 90447 131626 0 0 3 0x14200 tmoslp softclockmp 53366 368330 0 0 3 0x40014200 tmoslp softclock 43446 210155 0 0 3 0x40014200 idle0 1 507896 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks CPU 0: exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff82dd6ca8) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 mtx_enter_try+0x103 #2 mtx_enter+0x4e sys/kern/kern_lock.c:266 #3 uvm_pmr_freepageq+0xce sys/uvm/uvm_pmemrange.c:1357 #4 uvm_pmr_cache_put+0x189 uvm_pmr_cache_free sys/uvm/uvm_pmemrange.c:2296 [inline] #4 uvm_pmr_cache_put+0x189 sys/uvm/uvm_pmemrange.c:2316 #5 uvm_anfree_list+0x160 sys/uvm/uvm_anon.c:116 #6 amap_wipeout+0x1af sys/uvm/uvm_amap.c:502 #7 uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1354 #8 uvm_map_teardown+0x2f8 sys/uvm/uvm_map.c:2554 #9 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3461 #10 reaper+0x197 sys/kern/kern_exit.c:463 #11 proc_trampoline+0x10 exclusive mutex &uvm.pageqlock r = 0 (0xffffffff82dd6c78) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 mtx_enter_try+0x103 #2 mtx_enter+0x4e sys/kern/kern_lock.c:266 #3 uvm_anfree_list+0xa4 sys/uvm/uvm_anon.c:104 #4 amap_wipeout+0x1af sys/uvm/uvm_amap.c:502 #5 uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1354 #6 uvm_map_teardown+0x2f8 sys/uvm/uvm_map.c:2554 #7 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3461 #8 reaper+0x197 sys/kern/kern_exit.c:463 #9 proc_trampoline+0x10 CPU 1: exclusive sched_lock &sched_lock r = 0 (0xffffffff82dae360) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 sleep_finish+0x145 sys/kern/kern_synch.c:401 #2 rwsleep+0xb3 sys/kern/kern_synch.c:300 #3 futex_wait+0x297 sys/kern/sys_futex.c:250 #4 sys_futex+0xfb sys/kern/sys_futex.c:101 #5 syscall+0x8cf mi_syscall sys/sys/syscall_mi.h:180 [inline] #5 syscall+0x8cf sys/arch/amd64/amd64/trap.c:577 #6 Xsyscall+0x128 Process 82176 (syz-executor.5) thread 0xffff800032542a68 (49906) exclusive rrwlock inode r = 0 (0xfffffd806e3643d8) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 rw_enter+0x32d sys/kern/kern_rwlock.c:309 #2 rrw_enter+0x91 sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:524 #4 ufs_ihashins+0x46 #5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1230 #6 ffs_inode_alloc+0x1e4 sys/ufs/ffs/ffs_alloc.c:393 #7 ufs_mkdir+0xe6 sys/ufs/ufs/ufs_vnops.c:1112 #8 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:394 #9 domkdirat+0x125 sys/kern/vfs_syscalls.c:3104 #10 syscall+0x854 mi_syscall sys/sys/syscall_mi.h:180 [inline] #10 syscall+0x854 sys/arch/amd64/amd64/trap.c:577 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd80674d6b38) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 rw_enter+0x32d sys/kern/kern_rwlock.c:309 #2 rrw_enter+0x91 sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:524 #4 vn_lock+0x85 sys/kern/vfs_vnops.c:564 #5 vfs_lookup+0xd3 sys/kern/vfs_lookup.c:418 #6 namei+0x56a sys/kern/vfs_lookup.c:250 #7 domkdirat+0x79 sys/kern/vfs_syscalls.c:3089 #8 syscall+0x854 mi_syscall sys/sys/syscall_mi.h:180 [inline] #8 syscall+0x854 sys/arch/amd64/amd64/trap.c:577 #9 Xsyscall+0x128 Process 49922 (reaper) thread 0xffff80002a148a48 (431330) exclusive rwlock amaplk r = 0 (0xfffffd8067fbcda8) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 amap_unref+0x2f sys/uvm/uvm_amap.c:1360 #2 uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1354 #3 uvm_map_teardown+0x2f8 sys/uvm/uvm_map.c:2554 #4 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3461 #5 reaper+0x197 sys/kern/kern_exit.c:463 #6 proc_trampoline+0x10 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10189 6481K 6859K 166960K 11859 0 pcb 17 12K 12K 166960K 94 0 rtable 212 8K 9K 166960K 473 0 pf 31 9K 10K 166960K 54 0 ifaddr 43 15K 15K 166960K 64 0 ifgroup 54 2K 2K 166960K 72 0 sysctl 1 0K 0K 166960K 1 0 counters 66 36K 36K 166960K 78 0 ioctlops 0 0K 4K 166960K 1506 0 iov 0 0K 16K 166960K 29 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1377 87K 87K 166960K 1703 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 19 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 35 0 dirhash 12 2K 2K 166960K 30 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 15 53K 85K 166960K 570 0 sigio 0 0K 0K 166960K 5 0 proc 58 79K 103K 166960K 587 0 subproc 104 6K 7K 166960K 130 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 47 0 in_multi 88 6K 7K 166960K 151 0 ether_multi 1 0K 0K 166960K 7 0 mrt 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 85 387K 387K 166960K 85 0 exec 0 0K 1K 166960K 458 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 276 91K 91K 166960K 7303 0 UVM aobj 27 2K 4K 166960K 28 0 pinsyscall 35 70K 100K 166960K 1756 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 40 0 NDP 14 0K 2K 166960K 38 0 temp 58 6815K 7307K 166960K 18539 0 kqueue 14 22K 26K 166960K 80 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 71 0 68 1 0 1 1 0 8 0 rtentry 112 152 0 56 4 0 4 4 0 8 0 unpcb 144 520 0 505 1 0 1 1 0 8 0 syncache 336 8 0 8 3 2 1 1 0 8 1 tcpqe 32 120 0 120 1 1 0 1 0 8 0 tcpcb 808 161 0 154 3 1 2 2 0 8 1 arp 120 28 0 10 1 0 1 1 0 8 0 inpcb 384 573 0 562 10 1 9 9 0 8 7 nd6 136 33 0 10 1 0 1 1 0 8 0 pkpcb 40 3 0 3 2 2 0 1 0 8 0 kcovpl 48 10 0 2 1 0 1 1 0 8 0 ppxss 1168 3 0 3 2 2 0 1 0 8 0 pffrag 232 12 0 7 1 0 1 1 0 482 0 pffrnode 88 10 0 5 1 0 1 1 0 8 0 pffrent 40 66 0 61 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 61 0 23 1 0 1 1 0 8 0 pfstkey 128 61 0 23 2 0 2 2 0 8 0 pfstate 376 61 0 23 5 0 5 5 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 609 0 188 32 5 27 29 0 8 0 art_table 32 610 0 188 4 0 4 4 0 8 0 art_node 16 149 0 66 1 0 1 1 0 8 0 sysvmsgpl 40 18 0 6 1 0 1 1 0 8 0 semapl 112 33 0 23 1 0 1 1 0 8 0 shmpl 112 25 0 1 1 0 1 1 0 8 0 dirhash 1024 29 0 12 3 0 3 3 0 8 0 dino2pl 256 2300 0 785 96 0 96 96 0 8 0 ffsino 272 2300 0 785 102 0 102 102 0 8 0 nchpl 144 3240 0 1503 67 0 67 67 0 8 0 uvmvnodes 80 2631 0 0 54 0 54 54 0 8 0 vnodes 216 2631 0 0 147 0 147 147 0 8 0 namei 1024 11286 0 11285 3 2 1 2 0 8 0 percpumem 16 53 0 6 1 0 1 1 0 8 0 vcpupl 3904 3 0 1 1 0 1 1 0 8 0 vmpool 696 4 0 2 1 0 1 1 0 8 0 kstatmem 264 36 0 12 2 0 2 2 0 8 0 scsiplug 72 1 0 1 1 1 0 1 0 8 0 scxspl 216 15555 0 15554 13 10 3 8 1 8 2 plimitpl 152 113 0 98 1 0 1 1 0 8 0 sigapl 424 871 0 825 6 0 6 6 0 8 0 futexpl 64 7662 0 7658 2 1 1 1 0 8 0 knotepl 120 403 0 0 13 1 12 13 0 8 0 kqueuepl 216 170 0 159 1 0 1 1 0 8 0 pipepl 320 197 0 168 3 0 3 3 0 8 0 fdescpl 496 852 0 826 6 2 4 5 0 8 0 filepl 152 5034 0 4785 16 1 15 15 0 8 3 lockfpl 104 161 0 159 1 0 1 1 0 8 0 lockfspl 48 76 0 74 1 0 1 1 0 8 0 sessionpl 144 25 0 9 1 0 1 1 0 8 0 pgrppl 48 31 0 15 1 0 1 1 0 8 0 ucredpl 104 767 0 755 1 0 1 1 0 8 0 zombiepl 144 826 0 825 1 0 1 1 0 8 0 processpl 1136 871 0 825 4 0 4 4 0 8 0 procpl 656 1408 0 1341 7 0 7 7 0 8 0 srpgc 96 6 0 6 2 2 0 1 0 8 0 sosppl 168 3 0 3 2 1 1 1 0 8 1 sockpl 664 1169 0 1142 12 3 9 9 0 8 6 mcl64k 65536 5 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 391 0 0 49 0 49 49 0 8 0 mtagpl 96 7 0 0 1 0 1 1 0 8 0 mbufpl 256 465 0 0 27 0 27 27 0 8 0 bufpl 280 5950 0 194 412 0 412 412 0 8 0 anonpl 24 270698 0 260352 69 5 64 66 0 186 0 amapchunkpl 152 24334 0 23680 39 6 33 39 0 158 3 amappl16 200 7987 0 7601 31 10 21 21 0 8 0 amappl15 192 14 0 14 2 2 0 1 0 8 0 amappl14 184 155 0 143 2 1 1 2 0 8 0 amappl13 176 8 0 7 1 0 1 1 0 8 0 amappl12 168 1552 0 1519 2 0 2 2 0 8 0 amappl11 160 62 0 51 1 0 1 1 0 8 0 amappl10 152 63 0 52 1 0 1 1 0 8 0 amappl9 144 385 0 384 1 0 1 1 0 8 0 amappl8 136 125 0 91 2 0 2 2 0 8 0 amappl7 128 58 0 46 1 0 1 1 0 8 0 amappl6 120 357 0 343 2 1 1 2 0 8 0 amappl5 112 185 0 173 1 0 1 1 0 8 0 amappl4 104 570 0 530 3 1 2 3 0 8 0 amappl3 96 4368 0 4296 3 0 3 3 0 8 0 amappl2 88 1220 0 1153 4 2 2 4 0 8 0 amappl1 80 11035 0 10550 22 10 12 22 0 8 0 amappl 88 6702 0 6517 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 27 0 1 1 0 1 1 0 8 0 uaddrrnd 24 856 0 828 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 856 0 828 1 0 1 1 0 8 0 vmmpekpl 168 10818 0 10768 3 0 3 3 0 8 0 vmmpepl 168 74335 0 72248 117 19 98 117 0 357 4 vmsppl 440 855 0 827 4 0 4 4 0 8 0 rwobjpl 56 28609 0 24633 60 3 57 57 0 8 0 pdppl 4096 1719 0 1656 124 55 69 77 0 8 6 pvpl 32 49251 0 0 399 1 398 398 0 265 0 pmappl 248 855 0 827 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 451 0 69 12 0 12 12 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff82d30ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82dae158) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82dae158) at __mp_lock+0x122 sys/kern/kern_lock.c:147 wakeup_n(ffffffff82dd6b00,ffffffff) at wakeup_n+0x58 sys/kern/kern_synch.c:542 uvm_pmr_freepageq(ffff80002a155788) at uvm_pmr_freepageq+0x284 sys/uvm/uvm_pmemrange.c:1375 uvm_pmr_cache_put(fffffd80078e3720) at uvm_pmr_cache_put+0x189 uvm_pmr_cache_free sys/uvm/uvm_pmemrange.c:2296 [inline] uvm_pmr_cache_put(fffffd80078e3720) at uvm_pmr_cache_put+0x189 sys/uvm/uvm_pmemrange.c:2316 uvm_anfree_list(fffffd8068992ed0,0) at uvm_anfree_list+0x160 sys/uvm/uvm_anon.c:116 amap_wipeout(fffffd806a6a25f0) at amap_wipeout+0x1af sys/uvm/uvm_amap.c:502 uvm_unmap_detach(ffff80002a1558e0,1) at uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1354 uvm_map_teardown(fffffd806821c6f8) at uvm_map_teardown+0x2f8 sys/uvm/uvm_map.c:2554 uvmspace_free(fffffd806821c6f8) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3461 reaper(ffff80002a148a48) at reaper+0x197 sys/kern/kern_exit.c:463 end trace frame: 0x0, count: -13 ddb{0}> machine ddbcpu 1 Stopped at restore_saved+0x32: xorq 0x30(%rsp),%r11 ddb{1}> trace end trace frame: 0x0, count: -1