*cpu1: uvm_fault(0xfffffd805f0755e8, 0x0, 0, 1) -> e ddb{0}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7671241d4bd0, count: -1 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80002a2e4ed0 rbx 0 rdx 0 rcx 0xffff80002a2722a8 rax 0x34 r8 0xffff80002a2e4e00 r9 0xffff80002a2e4c6c r10 0xda0284c1bbe835aa r11 0x2c3368a5ba88d0b4 r12 0 r13 0 r14 0xffff80002a2722a8 r15 0 rip 0xffffffff811f13ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80002a2e4e50 ss 0x10 savectx+0xae: movl $0,%gs:0x688 ddb{0}> show proc PROC (syz-executor) tid=260106 pid=606 tcnt=1 stat=onproc flags process=2 proc=0 runpri=61, usrpri=61, slppri=24, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a272010,0xffff8000ffffd240 process=0xffff8000ffff1cf0 user=0xffff80002a2df000, vmspace=0xfffffd806ec42b80 estcpu=11, cpticks=659, pctcpu=0.75, user=15, sys=516, intr=128 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 16664 35029 28511 0 2 0 syz-executor 16664 145166 28511 0 3 0x4000080 kqread syz-executor 16664 26056 28511 0 2 0x4000000 syz-executor 69444 516411 62817 0 3 0x80 nanoslp syz-executor 69444 255967 62817 0 3 0x4000080 ttyopn syz-executor 69444 149919 62817 0 3 0x4000080 fsleep syz-executor 69444 209502 62817 0 3 0x4000080 fsleep syz-executor 69444 39438 62817 0 3 0x4000080 fsleep syz-executor 97246 149151 0 0 3 0x14280 nfsidl nfsio 34379 519598 0 0 3 0x14200 acct acct 99599 203715 606 0 3 0x82 nanoslp syz-executor 42333 68798 606 0 3 0x2 biowait syz-executor 53031 302281 606 0 3 0x2 getblk syz-executor 12060 140066 606 0 3 0x82 nanoslp syz-executor 2093 286902 606 0 3 0x2 getblk syz-executor 62817 196724 606 0 3 0x82 nanoslp syz-executor 37786 68906 606 0 3 0x82 nanoslp syz-executor 28511 24340 606 0 3 0x82 nanoslp syz-executor * 606 260106 72411 0 7 0x2 syz-executor 72411 370922 15985 0 3 0x10008a sigsusp ksh 15985 321461 97026 0 3 0x98 kqread sshd-session 97026 34095 70066 0 3 0x92 kqread sshd-session 55768 50678 1 0 3 0x100083 ttyin getty 70066 303335 1 0 3 0x88 kqread sshd 40956 219837 227 74 3 0x1100092 bpf pflogd 227 41809 1 0 3 0x80 sbwait pflogd 50316 331941 64503 73 3 0x1100090 kqread syslogd 64503 71009 1 0 3 0x100082 sbwait syslogd 57245 465808 1 0 3 0x100080 kqread resolvd 86913 228551 89179 77 3 0x100092 kqread dhcpleased 6386 84954 89179 77 3 0x100092 kqread dhcpleased 89179 209052 1 0 3 0x80 kqread dhcpleased 50148 256814 0 0 3 0x14200 bored smr 52298 181972 0 0 3 0x14200 pgzero zerothread 37018 222620 0 0 3 0x14200 aiodoned aiodoned 57749 249463 0 0 3 0x14200 syncer update 76344 239031 0 0 3 0x14200 cleaner cleaner 64912 390090 0 0 3 0x14200 reaper reaper 78186 52645 0 0 3 0x14200 pgdaemon pagedaemon 24800 512799 0 0 3 0x14200 bored viomb 78987 176531 0 0 3 0x40014200 acpi0 acpi0 7097 302132 0 0 3 0x40014200 idle1 91780 93061 0 0 3 0x14200 bored softnet1 11906 177135 0 0 3 0x14200 bored softnet0 79536 225952 0 0 3 0x14200 bored systqmp 95552 514535 0 0 3 0x14200 bored systq 16208 165070 0 0 3 0x14200 tmoslp softclockmp 33447 278664 0 0 3 0x40014200 tmoslp softclock 36797 338045 0 0 3 0x40014200 idle0 1 166119 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex &kq->kq_lock r = 0 (0xfffffd806f7e6390) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 mtx_enter_try+0x1ad sys/kern/kern_lock.c:311 #2 mtx_enter+0x62 sys/kern/kern_lock.c:261 #3 kqueue_register+0x2c6 sys/kern/kern_event.c:1424 #4 pselregister+0x135 sys/kern/sys_generic.c:760 #5 dopselect+0x456 sys/kern/sys_generic.c:653 #6 sys_pselect+0x25a sys/kern/sys_generic.c:589 #7 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #7 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775 #8 Xsyscall+0x128 Process 42333 (syz-executor) thread 0xffff80002a271a08 (68798) Process 53031 (syz-executor) thread 0xffff80003a80a7f0 (302281) Process 2093 (syz-executor) thread 0xffff80002a271770 (286902) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10260 11239K 12674K 166960K 16268 0 pcb 18 20K 24K 166960K 1031 0 rtable 219 13K 14K 166960K 1226 0 pf 34 17K 83K 166960K 353 0 ifaddr 33 7K 8K 166960K 222 0 ifgroup 51 2K 3K 166960K 409 0 sysctl 4 1K 9K 166960K 29 0 counters 68 36K 38K 166960K 436 0 ioctlops 0 0K 8K 166960K 2254 0 iov 0 0K 26K 166960K 306 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1550 97K 98K 166960K 4732 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 4 0 VM map 2 1K 1K 166960K 2 0 sem 28 136K 137K 166960K 73 0 dirhash 81 14K 15K 166960K 3135 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 15 53K 240K 166960K 3363 0 sigio 0 0K 0K 166960K 127 0 proc 73 115K 164K 166960K 1118 0 subproc 72 4K 4K 166960K 135 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 664 0 in_multi 59 4K 7K 166960K 352 0 ether_multi 1 0K 0K 166960K 58 0 mrt 1 0K 0K 166960K 31 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 271 1208K 1208K 166960K 271 0 exec 0 0K 1K 166960K 1246 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 5 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 245 160K 185K 166960K 32418 0 UVM aobj 33 20K 20K 166960K 47 0 pinsyscall 40 80K 101K 166960K 4675 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 310 0 NDP 11 0K 2K 166960K 165 0 temp 84 8676K 9192K 166960K 170078 0 kqueue 14 22K 32K 166960K 685 0 SYN cache 2 8K 16K 166960K 3 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 437 0 434 5 4 1 3 0 8 0 rtentry 176 285 0 203 6 0 6 6 0 8 0 unpcb 144 2456 0 2439 13 12 1 6 0 8 0 syncache 336 6 0 6 4 4 0 1 0 8 0 tcpqe 32 2 0 2 1 1 0 1 0 8 0 tcpcb 736 1112 0 1106 23 22 1 7 0 8 0 arp 136 41 0 25 1 0 1 1 0 8 0 inpcb 328 4454 0 4443 46 39 7 21 0 8 5 nd6 152 61 0 40 2 0 2 2 0 8 0 pkpcb 40 21 0 21 7 7 0 1 0 8 0 kcovpl 48 15 0 7 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1192 141 0 141 4 3 1 1 0 8 1 pppxif 1504 16 0 16 4 4 0 1 0 8 0 pfstscr 40 2 0 1 1 0 1 1 0 8 0 pffrag 232 29 0 13 2 0 2 2 0 482 0 pffrnode 88 18 0 3 1 0 1 1 0 8 0 pffrent 40 131 0 114 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 5 0 5 3 3 0 1 0 8 0 pfstitem 24 217 0 101 1 0 1 1 0 8 0 pfstkey 128 219 0 103 5 0 5 5 0 8 0 pfstate 448 217 0 102 16 0 16 16 0 8 0 pfrule 1344 24 0 19 2 1 1 2 0 8 0 rttmr 136 5 0 5 4 4 0 1 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 1299 0 995 33 10 23 30 0 8 0 art_table 40 1303 0 995 5 0 5 5 0 8 0 art_node 32 279 0 206 1 0 1 1 0 8 0 sysvmsgpl 40 21 0 9 1 0 1 1 0 8 0 semupl 112 5 0 5 3 3 0 1 0 8 0 semapl 112 67 0 41 1 0 1 1 0 8 0 shmpl 112 31 0 10 1 0 1 1 0 8 0 dirhash 1024 1063 0 1023 6 0 6 6 0 8 0 dino2pl 256 7746 0 6228 96 0 96 96 0 8 0 ffsino 296 7746 0 6228 119 1 118 118 0 8 0 nchpl 144 12484 0 10770 66 1 65 65 0 8 0 rtmask 32 30 0 30 3 3 0 1 0 8 0 vnodes 216 5431 0 0 302 0 302 302 0 8 0 namei 1024 45294 0 45294 5 4 1 2 0 8 1 percpumem 16 233 0 184 1 0 1 1 0 8 0 vcpupl 3968 9 0 0 2 0 2 2 0 8 0 vmpool 840 13 0 4 1 0 1 1 0 8 0 kstatmem 264 266 0 240 4 1 3 3 0 8 0 acpiwqpl 32 2 0 2 1 0 1 1 1 8 1 scsiplug 72 11 0 11 5 5 0 1 0 8 0 scxspl 216 77908 0 77907 18 16 2 8 1 8 1 plimitpl 152 899 0 882 1 0 1 1 0 8 0 sigapl 424 3651 0 3604 6 0 6 6 0 8 0 knotepl 120 679 0 0 20 0 20 20 0 8 0 kqueuepl 224 1779 0 1769 19 16 3 5 0 8 2 pipepl 344 465 0 437 3 0 3 3 0 8 0 fdescpl 528 3619 0 3590 3 0 3 3 0 8 0 filepl 160 27382 0 27159 38 24 14 20 0 8 3 lockfpl 104 1347 0 1345 3 2 1 2 0 8 0 lockfspl 48 431 0 429 1 0 1 1 0 8 0 sessionpl 144 29 0 20 1 0 1 1 0 8 0 pgrppl 48 97 0 80 1 0 1 1 0 8 0 ucredpl 104 4674 0 4660 1 0 1 1 0 8 0 zombiepl 144 4131 0 4128 1 0 1 1 0 8 0 processpl 1232 3651 0 3604 6 1 5 5 0 8 0 procpl 664 9153 0 9100 6 0 6 6 0 8 0 sosppl 176 16 0 16 4 3 1 1 0 8 1 sockpl 752 7524 0 7493 74 63 11 27 0 8 6 mcl64k 65536 22 0 0 3 0 3 3 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 3 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 116 0 0 14 0 14 14 0 8 0 mcl2k 2048 149 0 0 14 2 12 12 0 8 0 mtagpl 96 149 0 0 4 0 4 4 0 8 0 mbufpl 256 8705 0 0 545 0 545 545 0 8 0 bufpl 280 30484 0 24347 439 0 439 439 0 8 0 anonpl 32 15342 0 0 124 0 124 124 0 246 0 amapchunkpl 152 125186 0 124602 65 32 33 42 0 158 6 amappl16 200 13869 0 13721 85 67 18 35 0 8 3 amappl15 192 6 0 6 1 1 0 1 0 8 0 amappl14 184 20 0 20 1 1 0 1 0 8 0 amappl13 176 522 0 520 1 0 1 1 0 8 0 amappl12 168 4037 0 3997 3 0 3 3 0 8 0 amappl11 160 24 0 23 1 0 1 1 0 8 0 amappl10 152 75 0 61 1 0 1 1 0 8 0 amappl9 144 255 0 254 2 1 1 1 0 8 0 amappl8 136 26 0 23 1 0 1 1 0 8 0 amappl7 128 112 0 109 1 0 1 1 0 8 0 amappl6 120 389 0 375 1 0 1 1 0 8 0 amappl5 112 133 0 121 1 0 1 1 0 8 0 amappl4 104 468 0 437 1 0 1 1 0 8 0 amappl3 96 19702 0 19616 4 1 3 3 0 8 0 amappl2 88 3719 0 3644 2 0 2 2 0 8 0 amappl1 80 23139 0 22549 15 2 13 15 0 8 0 amappl 88 31038 0 30870 5 0 5 5 0 92 0 uvmvnodes 80 200 0 0 5 0 5 5 0 8 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma16384 16384 1 0 1 1 1 0 1 0 8 0 dma8192 8192 3 0 3 3 3 0 1 0 8 0 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma2048 2048 1 0 1 1 0 1 1 0 8 1 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 257 0 257 5 5 0 1 0 8 0 dma64 64 9 0 9 3 3 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 46 0 14 1 0 1 1 0 8 0 uaddrrnd 24 3619 0 3590 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3619 0 3590 1 0 1 1 0 8 0 vmmpekpl 168 27748 0 27683 4 0 4 4 0 8 0 vmmpepl 168 231314 0 229342 140 38 102 116 0 357 0 vmsppl 488 3618 0 3590 7 2 5 5 0 8 0 rwobjpl 80 59823 0 58533 48 14 34 38 0 8 0 pdppl 4096 7272 0 7197 130 49 81 82 0 8 6 pvpl 32 24454 0 0 198 1 197 197 0 265 0 pmappl 256 3631 0 3594 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 910 0 101 24 0 24 24 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7671241d4bd0, count: -1 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:670 comcnputc(800,74) at comcnputc+0xd0 comcn_read_reg sys/dev/ic/com.c:1655 [inline] comcnputc(800,74) at comcnputc+0xd0 sys/dev/ic/com.c:1259 cnputc(74) at cnputc+0x67 sys/dev/cons.c:218 kputchar(74,5,0) at kputchar+0x2ed sys/kern/subr_prf.c:367 kprintf() at kprintf+0x203 sys/kern/subr_prf.c:723 printf(ffffffff83456570) at printf+0x8b sys/kern/subr_prf.c:529 trap_print(ffff80002a7f94b0,6) at trap_print+0x70 sys/arch/amd64/amd64/trap.c:653 kerntrap(ffff80002a7f94b0) at kerntrap+0x2e6 sys/arch/amd64/amd64/trap.c:516 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff8000016c7000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:593 dtclose(11e5f,81,2000,ffff8000333e87e8) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(11e5f,81,2000,ffff8000333e87e8) at dtclose+0x109 sys/dev/dt/dt_dev.c:239 end trace frame: 0xffff80002a7f9650, count: 0 ddb{1}> trace x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:670 comcnputc(800,74) at comcnputc+0xd0 comcn_read_reg sys/dev/ic/com.c:1655 [inline] comcnputc(800,74) at comcnputc+0xd0 sys/dev/ic/com.c:1259 cnputc(74) at cnputc+0x67 sys/dev/cons.c:218 kputchar(74,5,0) at kputchar+0x2ed sys/kern/subr_prf.c:367 kprintf() at kprintf+0x203 sys/kern/subr_prf.c:723 printf(ffffffff83456570) at printf+0x8b sys/kern/subr_prf.c:529 trap_print(ffff80002a7f94b0,6) at trap_print+0x70 sys/arch/amd64/amd64/trap.c:653 kerntrap(ffff80002a7f94b0) at kerntrap+0x2e6 sys/arch/amd64/amd64/trap.c:516 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff8000016c7000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:593 dtclose(11e5f,81,2000,ffff8000333e87e8) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(11e5f,81,2000,ffff8000333e87e8) at dtclose+0x109 sys/dev/dt/dt_dev.c:239 spec_close(ffff80002a7f9660) at spec_close+0x466 sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd800d544210,81,fffffd80097fd680,ffff8000333e87e8) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156 vn_closefile(fffffd806d3f1160,ffff8000333e87e8) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd806d3f1160,ffff8000333e87e8) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd806d3f1160,ffff8000333e87e8) at fdrop+0x121 sys/kern/kern_descrip.c:1280 closef(fffffd806d3f1160,ffff8000333e87e8) at closef+0x192 sys/kern/kern_descrip.c:1264 fdfree(ffff8000333e87e8) at fdfree+0x116 sys/kern/kern_descrip.c:1195 exit1(ffff8000333e87e8,b,0,1) at exit1+0x576 sys/kern/kern_exit.c:215 sys_exit(ffff8000333e87e8,ffff80002a7f99d0,ffff80002a7f9920) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80002a7f99d0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a7f99d0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x74b61b4ba9d0, count: -24