*cpu0: uvm_fault(0xfffffd800b0271e8, 0x0, 0, 1) -> e ddb{1}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7d69853cc6d0, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80002a30f380 rbx 0 rdx 0 rcx 0xffff80002a2a27e0 rax 0x2a r8 0xffff80002a30f2b0 r9 0x1 r10 0xfc9ebd3ec1ac40ae r11 0x92661f61a7195e73 r12 0 r13 0 r14 0 r15 0 rip 0xffffffff811954c7 proc_trampoline+0xc7 cs 0x8 rflags 0x246 rsp 0xffff80002a30f300 ss 0 proc_trampoline+0xc7: movl $0,%gs:0x688 ddb{1}> show proc PROC (syz-executor) tid=341400 pid=5024 tcnt=1 stat=onproc flags process=2 proc=0 runpri=83, usrpri=83, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a2a2548,0xffff8000ffff2d18 process=0xffff80002a301d58 user=0xffff80002a30a000, vmspace=0xfffffd806e3ae1f8 estcpu=33, cpticks=662, pctcpu=0.58, user=17, sys=598, intr=47 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 27642 366908 57831 0 2 0 syz-executor 27642 44746 57831 0 3 0x4000080 fsleep syz-executor 27642 249906 57831 0 3 0x4000080 fsleep syz-executor 50272 26354 86522 0 2 0 syz-executor 50272 134548 86522 0 3 0x4000080 kqsel syz-executor 94233 155671 19649 0 2 0 syz-executor 43217 247919 43629 0 2 0 syz-executor 43217 431630 43629 0 3 0x4000080 kqpoll syz-executor 17990 298961 5016 0 3 0x80 nanoslp syz-executor 17990 516268 5016 0 3 0x4000080 pipewr syz-executor 13060 177979 63494 0 3 0x80 nanoslp syz-executor 13060 314456 63494 0 3 0x4000080 sbwait syz-executor 13060 18078 63494 0 3 0x4000080 fsleep syz-executor 19649 80366 5024 0 2 0x2 syz-executor 43629 265126 5024 0 3 0x82 nanoslp syz-executor 19308 286206 1 0 3 0x100083 ttyin getty 5016 64766 5024 0 3 0x82 nanoslp syz-executor 16095 128328 0 0 3 0x14200 acct acct 30449 291989 5024 0 3 0x82 nanoslp syz-executor 57831 439799 5024 0 3 0x82 nanoslp syz-executor 86522 254596 5024 0 3 0x82 nanoslp syz-executor 66377 12638 5024 0 2 0x2 syz-executor 5058 322423 0 0 3 0x14200 bored sosplice 63494 429327 5024 0 3 0x82 nanoslp syz-executor * 5024 341400 56299 0 7 0x2 syz-executor 56299 301968 47124 0 3 0x10008a sigsusp ksh 47124 102490 25073 0 3 0x98 kqread sshd-session 25073 398086 88020 0 3 0x92 kqread sshd-session 88020 470164 1 0 3 0x88 kqread sshd 85489 321149 60898 74 3 0x1100092 bpf pflogd 60898 56719 1 0 3 0x80 sbwait pflogd 62189 265057 68069 73 3 0x1100090 kqread syslogd 68069 311101 1 0 3 0x100082 sbwait syslogd 97681 328716 1 0 3 0x100080 kqread resolvd 92086 347967 0 0 3 0x14200 bored smr 23305 135060 0 0 2 0x14200 zerothread 22180 291017 0 0 3 0x14200 aiodoned aiodoned 9594 361427 0 0 3 0x14200 syncer update 44854 296204 0 0 3 0x14200 cleaner cleaner 84308 194589 0 0 3 0x14200 reaper reaper 76990 200956 0 0 3 0x14200 pgdaemon pagedaemon 68806 452270 0 0 3 0x14200 bored viomb 85130 21658 0 0 3 0x40014200 acpi0 acpi0 28043 268280 0 0 3 0x40014200 idle1 35229 67020 0 0 3 0x14200 bored softnet7 75032 68853 0 0 3 0x14200 bored softnet6 5245 60819 0 0 3 0x14200 bored softnet5 75808 4809 0 0 3 0x14200 bored softnet4 69369 220548 0 0 3 0x14200 bored softnet3 77236 434859 0 0 3 0x14200 bored softnet2 28502 392554 0 0 3 0x14200 bored softnet1 90547 252469 0 0 2 0x14200 softnet0 67301 447160 0 0 3 0x14200 bored systqmp 98535 460054 0 0 3 0x14200 bored systq 91088 296238 0 0 3 0x14200 tmoslp softclockmp 7700 274835 0 0 3 0x40014200 tmoslp softclock 21511 332308 0 0 3 0x40014200 idle0 1 434011 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks CPU 1: exclusive mutex &sched_lock r = 0 (0xffffffff83871f10) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 mtx_enter_try+0x1ad sys/kern/kern_lock.c:311 #2 mtx_enter+0x62 sys/kern/kern_lock.c:261 #3 sleep_finish+0x1d6 sys/kern/kern_synch.c:355 #4 msleep_nsec+0x132 sys/kern/kern_synch.c:219 #5 reaper+0x13b sys/kern/kern_exit.c:477 #6 proc_trampoline+0x10 Process 66377 (syz-executor) thread 0xffff80003bc3a2c0 (12638) ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10240 11090K 12465K 166960K 16309 0 pcb 17 20K 21K 166960K 1167 0 rtable 236 13K 14K 166960K 1485 0 pf 39 18K 67486K 166960K 518 0 ifaddr 45 9K 10K 166960K 300 0 ifgroup 59 2K 3K 166960K 463 0 sysctl 4 1K 9K 166960K 39 0 counters 70 37K 38K 166960K 464 0 ioctlops 0 0K 8K 166960K 2343 0 iov 0 0K 44K 166960K 330 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1520 96K 96K 166960K 5473 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 49 0 VM map 2 1K 1K 166960K 2 0 sem 23 11K 11K 166960K 82 0 dirhash 12 2K 2K 166960K 75 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 240K 166960K 4577 0 sigio 1 0K 0K 166960K 136 0 proc 68 83K 180K 166960K 1689 0 subproc 72 4K 4K 166960K 310 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 610 0 in_multi 91 6K 7K 166960K 515 0 ether_multi 1 0K 0K 166960K 40 0 mrt 1 0K 0K 166960K 28 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 193 864K 864K 166960K 193 0 exec 0 0K 1K 166960K 1141 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 8 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 215 143K 183K 166960K 41907 0 UVM aobj 39 3K 3K 166960K 45 0 pinsyscall 36 72K 101K 166960K 6387 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 306 0 NDP 15 0K 2K 166960K 221 0 temp 83 8652K 8780K 166960K 262413 0 kqueue 7 12K 32K 166960K 785 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 525 0 524 5 4 1 3 0 8 0 rtentry 176 507 0 419 6 1 5 5 0 8 0 unpcb 144 3083 0 3069 19 16 3 6 0 8 2 syncache 336 14 0 14 7 7 0 1 0 8 0 tcpqe 32 5 0 5 4 4 0 1 0 8 0 tcpcb 736 1598 0 1593 40 39 1 13 0 8 0 arp 128 52 0 43 1 0 1 1 0 8 0 inpcb 328 5680 0 5674 57 53 4 12 0 8 3 nd6 144 94 0 72 1 0 1 1 0 8 0 pkpcb 40 37 0 37 8 7 1 1 0 8 1 kcovpl 48 34 0 26 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1192 148 0 148 8 7 1 1 0 8 1 pppxif 1504 8 0 8 6 5 1 1 0 8 1 pfstscr 40 5 0 4 1 0 1 1 0 8 0 pffrag 232 21 0 18 1 0 1 1 0 482 0 pffrnode 88 18 0 16 1 0 1 1 0 8 0 pffrent 40 36 0 33 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 5 0 5 4 4 0 1 0 8 0 pftag 88 3 0 0 1 0 1 1 0 8 0 pfstitem 24 87 0 74 1 0 1 1 0 8 0 pfstkey 128 93 0 80 2 0 2 2 0 8 0 pfstate 384 89 0 77 6 3 3 6 0 8 0 pfrule 1344 51 0 45 2 1 1 2 0 8 0 rttmr 136 6 0 6 4 4 0 1 0 8 0 art_heap8 4096 5 0 0 5 0 5 5 0 8 0 art_heap4 256 1998 0 1544 42 13 29 29 0 8 0 art_table 40 2003 0 1544 6 1 5 5 0 8 0 art_node 32 505 0 428 2 1 1 2 0 8 0 sysvmsgpl 40 13 0 9 1 0 1 1 0 8 0 semupl 112 2 0 2 2 2 0 1 0 8 0 semapl 112 44 0 23 1 0 1 1 0 8 0 shmpl 112 42 0 6 2 0 2 2 0 8 0 dirhash 1024 59 0 42 3 0 3 3 0 8 0 dino2pl 256 9667 0 8082 102 2 100 100 0 8 0 ffsino 296 9667 0 8082 123 0 123 123 0 8 0 nchpl 144 15652 0 15013 64 38 26 64 0 8 0 rtmask 32 28 0 28 9 9 0 1 0 8 0 uvmvnodes 80 11943 0 0 244 0 244 244 0 8 0 vnodes 216 11943 0 0 664 0 664 664 0 8 0 namei 1024 58915 0 58915 6 5 1 2 0 8 1 percpumem 16 247 0 197 1 0 1 1 0 8 0 kstatmem 264 308 0 278 6 3 3 3 0 8 0 acpiwqpl 32 2 0 2 1 0 1 1 1 8 1 scsiplug 72 17 0 17 9 8 1 1 0 8 1 scxspl 216 105925 0 105925 20 19 1 8 1 8 1 plimitpl 152 1101 0 1083 1 0 1 1 0 8 0 sigapl 424 4816 0 4764 7 0 7 7 0 8 0 knotepl 120 635 0 0 19 0 19 19 0 8 0 kqueuepl 224 2208 0 2200 26 25 1 7 0 8 0 pipepl 344 761 0 732 13 10 3 9 0 8 0 fdescpl 528 4783 0 4755 3 0 3 3 0 8 0 filepl 160 35407 0 35201 51 36 15 22 0 8 3 lockfpl 104 2653 0 2652 5 4 1 2 0 8 0 lockfspl 48 883 0 882 1 0 1 1 0 8 0 sessionpl 144 63 0 55 1 0 1 1 0 8 0 pgrppl 48 143 0 127 1 0 1 1 0 8 0 ucredpl 104 5901 0 5890 1 0 1 1 0 8 0 zombiepl 144 5310 0 5309 4 3 1 1 0 8 0 processpl 1248 4816 0 4764 5 0 5 5 0 8 0 procpl 664 11756 0 11697 8 1 7 7 0 8 0 sosppl 168 28 0 28 10 9 1 1 0 8 1 sockpl 752 9474 0 9453 87 78 9 21 0 8 6 mcl64k 65536 26 0 0 3 0 3 3 0 8 0 mcl16k 16384 5 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 114 0 0 15 0 15 15 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 51 0 0 6 0 6 6 0 8 0 mtagpl 96 35 0 0 1 0 1 1 0 8 0 mbufpl 256 1166 0 0 73 0 73 73 0 8 0 bufpl 280 43194 0 37051 440 0 440 440 0 8 0 anonpl 32 17839 0 0 144 0 144 144 0 246 0 amapchunkpl 152 146176 0 145467 94 61 33 39 0 158 4 amappl16 200 16560 0 16369 116 89 27 41 0 8 8 amappl15 192 38 0 38 3 3 0 1 0 8 0 amappl14 184 198 0 189 1 0 1 1 0 8 0 amappl13 176 5 0 5 2 2 0 1 0 8 0 amappl12 168 5871 0 5844 4 2 2 3 0 8 0 amappl11 160 142 0 134 1 0 1 1 0 8 0 amappl10 152 8 0 8 1 1 0 1 0 8 0 amappl9 144 276 0 276 1 1 0 1 0 8 0 amappl8 136 27 0 24 1 0 1 1 0 8 0 amappl7 128 172 0 163 1 0 1 1 0 8 0 amappl6 120 486 0 482 1 0 1 1 0 8 0 amappl5 112 317 0 310 1 0 1 1 0 8 0 amappl4 104 397 0 377 1 0 1 1 0 8 0 amappl3 96 29662 0 29563 5 1 4 4 0 8 0 amappl2 88 1170 0 1123 2 0 2 2 0 8 0 amappl1 80 30424 0 29911 17 2 15 15 0 8 0 amappl 88 40024 0 39863 5 0 5 5 0 92 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 3 0 2 1 0 1 1 0 8 0 dma256 256 7 0 7 2 2 0 1 0 8 0 dma128 128 261 0 261 6 5 1 1 0 8 1 dma64 64 10 0 10 5 5 0 1 0 8 0 dma32 32 9 0 9 2 2 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 44 0 6 1 0 1 1 0 8 0 uaddrrnd 24 4783 0 4755 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4783 0 4755 1 0 1 1 0 8 0 vmmpekpl 168 35554 0 35490 5 1 4 4 0 8 0 vmmpepl 168 311421 0 309562 156 57 99 123 0 357 0 vmsppl 488 4782 0 4755 10 5 5 5 0 8 0 rwobjpl 80 88911 0 75960 267 0 267 267 0 8 1 pdppl 4096 9574 0 9510 152 84 68 82 0 8 4 pvpl 32 25940 0 0 211 2 209 209 0 265 0 pmappl 256 4782 0 4755 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 466 0 156 10 0 10 10 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff837a8ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:654 comcnputc(800,3e) at comcnputc+0xd0 comcn_read_reg sys/dev/ic/com.c:1655 [inline] comcnputc(800,3e) at comcnputc+0xd0 sys/dev/ic/com.c:1259 cnputc(3e) at cnputc+0x67 sys/dev/cons.c:218 db_putchar(3e) at db_putchar+0x36d sys/ddb/db_output.c:155 kprintf() at kprintf+0x29a5 sys/kern/subr_prf.c:-1 db_printf(ffffffff83315f80) at db_printf+0x9b sys/kern/subr_prf.c:-1 fault(ffffffff833d3b5f) at fault+0xa7 sys/arch/amd64/amd64/trap.c:161 kpageflttrap(ffff80002a2c94e0,0) at kpageflttrap+0x37d sys/arch/amd64/amd64/trap.c:296 kerntrap(ffff80002a2c94e0) at kerntrap+0x198 sys/arch/amd64/amd64/trap.c:491 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff800001606000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:586 end trace frame: 0xffff80002a2c9610, count: 0 ddb{0}> trace x86_ipi_db(ffffffff837a8ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:654 comcnputc(800,3e) at comcnputc+0xd0 comcn_read_reg sys/dev/ic/com.c:1655 [inline] comcnputc(800,3e) at comcnputc+0xd0 sys/dev/ic/com.c:1259 cnputc(3e) at cnputc+0x67 sys/dev/cons.c:218 db_putchar(3e) at db_putchar+0x36d sys/ddb/db_output.c:155 kprintf() at kprintf+0x29a5 sys/kern/subr_prf.c:-1 db_printf(ffffffff83315f80) at db_printf+0x9b sys/kern/subr_prf.c:-1 fault(ffffffff833d3b5f) at fault+0xa7 sys/arch/amd64/amd64/trap.c:161 kpageflttrap(ffff80002a2c94e0,0) at kpageflttrap+0x37d sys/arch/amd64/amd64/trap.c:296 kerntrap(ffff80002a2c94e0) at kerntrap+0x198 sys/arch/amd64/amd64/trap.c:491 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff800001606000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:586 dtclose(11e5f,81,2000,ffff80002a2a2fa8) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(11e5f,81,2000,ffff80002a2a2fa8) at dtclose+0x109 sys/dev/dt/dt_dev.c:232 spec_close(ffff80002a2c9690) at spec_close+0x466 sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd807e105498,81,fffffd80097fb6e8,ffff80002a2a2fa8) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156 vn_closefile(fffffd806b9b4670,ffff80002a2a2fa8) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd806b9b4670,ffff80002a2a2fa8) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd806b9b4670,ffff80002a2a2fa8) at fdrop+0x121 sys/kern/kern_descrip.c:1280 closef(fffffd806b9b4670,ffff80002a2a2fa8) at closef+0x192 sys/kern/kern_descrip.c:1264 fdfree(ffff80002a2a2fa8) at fdfree+0x116 sys/kern/kern_descrip.c:1195 exit1(ffff80002a2a2fa8,b,0,1) at exit1+0x576 sys/kern/kern_exit.c:215 sys_exit(ffff80002a2a2fa8,ffff80002a2c9a00,ffff80002a2c9950) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80002a2c9a00) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a2c9a00) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7a84af59f630, count: -25 ddb{0}> machine ddbcpu 1 Stopped at proc_trampoline+0xc7: movl $0,%gs:0x688 proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7d69853cc6d0, count: 14 ddb{1}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7d69853cc6d0, count: -1