*cpu1: uvm_fault(0xffffffff835545b8, 0x7f855f17e2c8, 0, 2) -> e
ddb{0}> trace
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x78696b0ccc20, count: -1
ddb{0}> show registers
rdi                                0
rsi                                0
rbp               0xffff80002f865bc0
rbx                                0
rdx                                0
rcx               0xffff800029fd8f38
rax                             0x2a
r8                0xffff80002f865af0
r9                               0x2
r10                0x84ceb10c8036da5
r11               0x1815611e60019b6f
r12                                0
r13                                0
r14                                0
r15                                0
rip               0xffffffff81c274c7    proc_trampoline+0xc7
cs                               0x8
rflags                         0x246
rsp               0xffff80002f865b40
ss                                 0
proc_trampoline+0xc7:   movl    $0,%gs:0x680
ddb{0}> show proc
PROC (sh) tid=272806 pid=4360 tcnt=1 stat=onproc
    flags process=100002<EXEC,PLEDGE> proc=0
    runpri=50, usrpri=50, slppri=40, nice=20
    wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
    forw=0xffffffffffffffff, list=0xffff8000ffff0538,0xffffffff83632dc8
    process=0xffff8000fffecdb8 user=0xffff80002f860000, vmspace=0xfffffd806c3b7388
    estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{0}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
* 4360  272806  53538      0  7    0x100002                sh
 56571  448906  27266      0  2    0x10008a                sh
 68723  242323  61519      0  3    0x10008a  sigsusp       sh
 27266   36809  88335      0  3        0x82  wait          syz-executor
 53538  311485  88335      0  3        0x82  wait          syz-executor
 61519  332759  88335      0  3        0x82  wait          syz-executor
 93350  410068  88335      0  3        0x82  piperd        syz-executor
 78548  257258  88335      0  3        0x82  piperd        syz-executor
 24041   10571  88335      0  3        0x82  piperd        syz-executor
  9362  443333  88335      0  3        0x82  piperd        syz-executor
   357   95267      1      0  3    0x100083  ttyin         getty
 68742  512744      0      0  3     0x14280  nfsidl        nfsio
 99851  413685      0      0  3     0x14280  nfsidl        nfsio
 53605  370354      0      0  3     0x14280  nfsidl        nfsio
 14923  470028      0      0  3     0x14280  nfsidl        nfsio
 63832  285295      0      0  3     0x14280  nfsidl        nfsio
 21020   70520      0      0  3     0x14280  nfsidl        nfsio
 94213   93625      0      0  3     0x14280  nfsidl        nfsio
 45940  310608      0      0  3     0x14280  nfsidl        nfsio
 53427   39556      0      0  3     0x14280  nfsidl        nfsio
 82857   76739      0      0  3     0x14280  nfsidl        nfsio
 44356  396433      0      0  3     0x14280  nfsidl        nfsio
 85503  238551      0      0  3     0x14280  nfsidl        nfsio
 78286  136921      0      0  3     0x14280  nfsidl        nfsio
 76006  394118      0      0  3     0x14280  nfsidl        nfsio
 72424  466886      0      0  3     0x14280  nfsidl        nfsio
 95967   49430      0      0  3     0x14280  nfsidl        nfsio
 78468  427203      0      0  3     0x14280  nfsidl        nfsio
 37948  311154      0      0  3     0x14280  nfsidl        nfsio
 37248  263765      0      0  3     0x14280  nfsidl        nfsio
 59798  448680      0      0  3     0x14280  nfsidl        nfsio
 58090  434713      0      0  3     0x14200  acct          acct
 84714  391891      0      0  3     0x14200  bored         sosplice
 88335  246636  60635      0  3        0x82  wait          syz-executor
 60635  468908   6841      0  3    0x10008a  sigsusp       ksh
  6841  102583  71748      0  3        0x98  kqread        sshd-session
 71748  344943  87719      0  3        0x92  kqread        sshd-session
 87719   45529      1      0  3        0x88  kqread        sshd
 99557  190399  73954     74  3   0x1100092  bpf           pflogd
 73954  422088      1      0  3        0x80  sbwait        pflogd
 16712  381157   1451     73  3   0x1100010  ffs_fsync     syslogd
  1451   31979      1      0  3    0x100082  sbwait        syslogd
 60683  493284      1      0  3    0x100080  kqread        resolvd
  5832  271405  41433     77  3    0x100092  kqread        dhcpleased
 99222  129276  41433     77  3    0x100092  kqread        dhcpleased
 41433  508336      1      0  3        0x80  kqread        dhcpleased
 31893  207460      0      0  3     0x14200  bored         smr
 41519   47623      0      0  2     0x14200                zerothread
 19595  272434      0      0  3     0x14200  aiodoned      aiodoned
 37068  411605      0      0  3     0x14200  syncer        update
 92575   93486      0      0  3     0x14200  cleaner       cleaner
 71311  154814      0      0  7     0x14200                reaper
 49100  148295      0      0  3     0x14200  pgdaemon      pagedaemon
 65841  160734      0      0  3     0x14200  bored         viomb
 71579   44781      0      0  3  0x40014200  acpi0         acpi0
 14375  454118      0      0  3  0x40014200                idle1
 71263  159114      0      0  3     0x14200  bored         softnet3
 93172  253081      0      0  3     0x14200  bored         softnet2
 62545  321456      0      0  3     0x14200  bored         softnet1
 65623   76675      0      0  3     0x14200  bored         softnet0
  6340  461281      0      0  3     0x14200  bored         systqmp
 34882   67303      0      0  3     0x14200  bored         systq
 95409    7799      0      0  3     0x14200  tmoslp        softclockmp
 62953  425455      0      0  3  0x40014200  tmoslp        softclock
 71376  492837      0      0  3  0x40014200                idle0
     1   27335      0      0  3     0x80082  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{0}> show all locks
CPU 1:
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd8066f9adb0)
#0  witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1  mtx_enter_try+0x178
#2  mtx_enter+0x60 sys/kern/kern_lock.c:239
#3  pmap_page_remove+0xcd rcr3 machine/cpufunc.h:139 [inline]
#3  pmap_page_remove+0xcd pmap_map_ptes sys/arch/amd64/amd64/pmap.c:437 [inline]
#3  pmap_page_remove+0xcd sys/arch/amd64/amd64/pmap.c:1974
#4  uvm_anfree_list+0xd6
#5  amap_wipeout+0x248 sys/uvm/uvm_amap.c:502
#6  uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
#7  uvm_map_teardown+0x35e sys/uvm/uvm_map.c:2518
#8  uvmspace_free+0xcd sys/uvm/uvm_map.c:3422
#9  reaper+0x246 sys/kern/kern_exit.c:477
#10 proc_trampoline+0x10
Process 4360 (sh) thread 0xffff800029fd8f38 (272806)
Process 16712 (syslogd) thread 0xffff8000ffffd960 (381157)
Process 71311 (reaper) thread 0xffff800029fd91c0 (154814)
ddb{0}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf 10227  11213K   11522K 166960K     14428        0
            pcb    17     14K      16K 166960K       700        0
         rtable   130      5K       8K 166960K      3358        0
             pf    37     18K      20K 166960K       320        0
         ifaddr    33      6K       9K 166960K       463        0
        ifgroup    56      2K       2K 166960K       494        0
         sysctl     3      0K       0K 166960K         5        0
       counters    64     36K      37K 166960K       300        0
       ioctlops     0      0K       4K 166960K      1834        0
            iov     0      0K      28K 166960K       223        0
          mount     1      1K       1K 166960K         1        0
            log     0      0K       0K 166960K         4        0
         vnodes  1617    102K     102K 166960K      4582        0
      UFS quota     1     32K      32K 166960K         1        0
      UFS mount     5     36K      36K 166960K         5        0
            shm     2      1K       9K 166960K        57        0
         VM map     2      1K       1K 166960K         2        0
            sem    12      1K       1K 166960K        51        0
        dirhash    15      2K       3K 166960K        66        0
           ACPI  1690    195K     286K 166960K     12468        0
      file desc    12     41K      97K 166960K      3754        0
          sigio     0      0K       0K 166960K        46        0
           proc    72     91K     152K 166960K      3344        0
        subproc    91      5K       7K 166960K      1314        0
    NFS srvsock     1      0K       0K 166960K         1        0
     NFS daemon     1     16K      16K 166960K         1        0
    ip_moptions     0      0K       0K 166960K       293        0
       in_multi    57      4K       7K 166960K      1200        0
    ether_multi     1      0K       0K 166960K        11        0
            mrt     1      0K       0K 166960K        11        0
    ISOFS mount     1     32K      32K 166960K         1        0
  MSDOSFS mount     1     16K      16K 166960K         1        0
           ttys   265   1182K    1182K 166960K       265        0
           exec     0      0K       1K 166960K      1885        0
     pfkey data     0      0K       0K 166960K         2        0
            tdb     3      0K       0K 166960K         3        0
        VM swap     8     62K      64K 166960K        10        0
       UVM amap   189     71K     109K 166960K     31397        0
       UVM aobj   131      8K       8K 166960K       140        0
     pinsyscall    37     74K     108K 166960K      7241        0
        memdesc     1      4K       4K 166960K         1        0
    crypto data     1      1K       1K 166960K         1        0
    ip6_options     0      0K       0K 166960K       141        0
            NDP    12      0K       2K 166960K       337        0
           temp    74   6824K    6896K 166960K    132846        0
         kqueue    13     20K      32K 166960K       433        0
      SYN cache     2     16K      16K 166960K         2        0
ddb{0}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache    128       24    0        0     1     0     1     1     0     8    0
rtpcb      120      368    0      365     1     0     1     1     0     8    0
rtentry    112     1209    0     1154     4     1     3     4     0     8    0
unpcb      144     2275    0     2258    25    24     1     6     0     8    0
syncache   336       12    0       12     6     6     0     1     0     8    0
tcpqe       32        2    0        2     1     1     0     1     0     8    0
tcpcb      808      755    0      751    16    15     1     8     0     8    0
arp        120      223    0      211     1     0     1     1     0     8    0
inpcb      336     3752    0     3745    56    55     1    12     0     8    0
nd6        136      314    0      302     1     0     1     1     0     8    0
pkpcb       40       15    0       15     8     8     0     1     0     8    0
kcovpl      48      101    0       94     1     0     1     1     0     8    0
ppxss      1168      17    0       17     6     6     0     1     0     8    0
pfstscr     40        1    0        0     1     0     1     1     0     8    0
pffrag     232       24    0       20     1     0     1     1     0   482    0
pffrnode    88       20    0       16     1     0     1     1     0     8    0
pffrent     40       41    0       37     1     0     1     1     0     8    0
pfosfp      40     1428    0     1005     5     0     5     5     0     8    0
pfosfpen   112     1428    0      714    21     0    21    21     0     8    0
pfstitem    24      294    0      241     1     0     1     1     0     8    0
pfstkey    128      294    0      241     3     0     3     3     0     8    0
pfstate    376      293    0      241    11     2     9     9     0     8    0
pfrule     1344      22    0       17     2     1     1     2     0     8    0
art_heap8  4096       1    0        0     1     0     1     1     0     8    0
art_heap4  256     4790    0     4521    43    18    25    31     0     8    4
art_table   32     4791    0     4521     5     1     4     4     0     8    0
art_node    16     1204    0     1156     1     0     1     1     0     8    0
sysvmsgpl   40       15    0        8     1     0     1     1     0     8    0
semupl     112        1    0        1     1     1     0     1     0     8    0
semapl     112       13    0        3     1     0     1     1     0     8    0
shmpl      112      137    0        9     4     0     4     4     0     8    0
dirhash    1024      54    0       35     3     0     3     3     0     8    0
dino2pl    256     5839    0     4158   106     0   106   106     0     8    0
ffsino     272     5839    0     4158   114     1   113   113     0     8    0
nchpl      144     9383    0     8654    68    40    28    65     0     8    0
uvmvnodes   80     8373    0        0   171     0   171   171     0     8    0
vnodes     216     8373    0        0   466     0   466   466     0     8    0
namei      1024   41423    0    41423     9     8     1     2     0     8    1
percpumem   16      164    0      118     1     0     1     1     0     8    0
kstatmem   264      260    0      236     6     4     2     3     0     8    0
scsiplug    72        3    0        3     2     2     0     1     0     8    0
scxspl     216    75456    0    75455    22    21     1     8     1     8    0
plimitpl   152      759    0      742     1     0     1     1     0     8    0
sigapl     424     3922    0     3853    10     1     9     9     0     8    0
futexpl     64    35538    0    35538    12    12     0     1     0     8    0
knotepl    120      731    0        0    19     1    18    18     0     8    0
kqueuepl   216      779    0      770     7     6     1     5     0     8    0
pipepl     320      610    0      583     3     0     3     3     0     8    0
fdescpl    496     3861    0     3835    11     7     4     6     0     8    0
filepl     152    22280    0    22059    54    43    11    20     0     8    1
lockfpl    104     1110    0     1108     1     0     1     1     0     8    0
lockfspl    48      384    0      382     1     0     1     1     0     8    0
sessionpl  144      125    0      116     1     0     1     1     0     8    0
pgrppl      48      251    0      234     1     0     1     1     0     8    0
ucredpl    104     3400    0     3386     1     0     1     1     0     8    0
zombiepl   144     3856    0     3853     2     1     1     1     0     8    0
processpl  1160    3922    0     3853     7     1     6     6     0     8    0
procpl     648     7900    0     7831     9     2     7     8     0     8    0
srpgc       96       11    0       11     3     3     0     1     0     8    0
sosppl     168       18    0       18     6     6     0     1     0     8    0
sockpl     664     6509    0     6482    73    70     3    23     0     8    0
mcl64k     65536      6    0        0     1     0     1     1     0     8    0
mcl16k     16384      2    0        0     1     0     1     1     0     8    0
mcl9k      9216       2    0        0     1     0     1     1     0     8    0
mcl8k      8192       8    0        0     1     0     1     1     0     8    0
mcl4k      4096     174    0        0    18     2    16    18     0     8    0
mcl2k2     2112       1    0        0     1     0     1     1     0     8    0
mcl2k      2048      66    0        0     6     1     5     5     0     8    0
mtagpl      96       81    0        0     2     0     2     2     0     8    0
mbufpl     256      601    0        0    29     0    29    29     0     8    0
bufpl      280    15667    0     7292   599     0   599   599     0     8    0
anonpl      24   538742    0   535027   207   126    81    84     0   185   36
amapchunkpl 152  101867    0   101509    93    53    40    43     0   158   17
amappl16   200     8913    0     8906   102    97     5    27     0     8    3
amappl15   192        9    0        9     2     2     0     1     0     8    0
amappl14   184      318    0      306     1     0     1     1     0     8    0
amappl13   176        9    0        9     2     2     0     1     0     8    0
amappl12   168     5963    0     5933     4     2     2     3     0     8    0
amappl11   160       77    0       63     1     0     1     1     0     8    0
amappl10   152        7    0        7     1     1     0     1     0     8    0
amappl9    144      134    0      134     1     1     0     1     0     8    0
amappl8    136       20    0       17     1     0     1     1     0     8    0
amappl7    128      294    0      282     1     0     1     1     0     8    0
amappl6    120     1075    0     1071     1     0     1     1     0     8    0
amappl5    112      512    0      500     1     0     1     1     0     8    0
amappl4    104      622    0      603     1     0     1     1     0     8    0
amappl3     96    20234    0    20159     4     0     4     4     0     8    0
amappl2     88     2078    0     2005     2     0     2     2     0     8    0
amappl1     80    25968    0    25405    15     1    14    14     0     8    0
amappl      88    30088    0    29961     5     0     5     5     0    92    0
dma8192    8192       1    0        1     1     1     0     1     0     8    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma1024    1024       1    0        0     1     0     1     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      253    0      253     1     1     0     1     0     8    0
dma64       64        6    0        6     1     1     0     1     0     8    0
dma32       32        8    0        8     2     2     0     1     0     8    0
dma16       16       24    0       23     1     0     1     1     0     8    0
aobjpl      72      139    0        9     3     0     3     3     0     8    0
uaddrrnd    24     3861    0     3834     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24     3861    0     3834     1     0     1     1     0     8    0
vmmpekpl   168    32578    0    32510     4     0     4     4     0     8    0
vmmpepl    168   238853    0   237297   154    65    89   102     0   357    6
vmsppl     440     3860    0     3833     7     3     4     5     0     8    0
rwobjpl     56    72564    0    63160   140     6   134   136     0     8    0
pdppl      4096    7729    0     7666   235   164    71    87     0     8    8
pvpl        32    45477    0        0   364     0   364   364     0   265    0
pmappl     248     3860    0     3833     3     0     3     3     0     8    0
extentpl    40       55    0       38     1     0     1     1     0     8    0
phpool     112      655    0      279    12     0    12    12     0     8    0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x78696b0ccc20, count: -1
ddb{0}> machine ddbcpu 1
Stopped at      x86_ipi_db+0x27:        addq    $0x8,%rsp
x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:654
comcnputc(800,2d) at comcnputc+0x250 comcn_read_reg sys/dev/ic/com.c:1655 [inline]
comcnputc(800,2d) at comcnputc+0x250 sys/dev/ic/com.c:1269
cnputc(2d) at cnputc+0x61 sys/dev/cons.c:218
db_putchar(2d) at db_putchar+0x65c sys/ddb/db_output.c:155
kprintf() at kprintf+0x2aba sys/kern/subr_prf.c:1065
db_printf(ffffffff8309381b) at db_printf+0x9b
fault(ffffffff8303d332) at fault+0xa7 sys/arch/amd64/amd64/trap.c:157
kpageflttrap(ffff800029fe5c00,7f855f17e2c8) at kpageflttrap+0x385 sys/arch/amd64/amd64/trap.c:290
kerntrap(ffff800029fe5c00) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
pmap_page_remove(fffffd800834d260) at pmap_page_remove+0x45d _atomic_swap_64 machine/atomic.h:117 [inline]
pmap_page_remove(fffffd800834d260) at pmap_page_remove+0x45d sys/arch/amd64/amd64/pmap.c:2014
end trace frame: 0xffff800029fe5d70, count: 0
ddb{1}> trace
x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:654
comcnputc(800,2d) at comcnputc+0x250 comcn_read_reg sys/dev/ic/com.c:1655 [inline]
comcnputc(800,2d) at comcnputc+0x250 sys/dev/ic/com.c:1269
cnputc(2d) at cnputc+0x61 sys/dev/cons.c:218
db_putchar(2d) at db_putchar+0x65c sys/ddb/db_output.c:155
kprintf() at kprintf+0x2aba sys/kern/subr_prf.c:1065
db_printf(ffffffff8309381b) at db_printf+0x9b
fault(ffffffff8303d332) at fault+0xa7 sys/arch/amd64/amd64/trap.c:157
kpageflttrap(ffff800029fe5c00,7f855f17e2c8) at kpageflttrap+0x385 sys/arch/amd64/amd64/trap.c:290
kerntrap(ffff800029fe5c00) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
pmap_page_remove(fffffd800834d260) at pmap_page_remove+0x45d _atomic_swap_64 machine/atomic.h:117 [inline]
pmap_page_remove(fffffd800834d260) at pmap_page_remove+0x45d sys/arch/amd64/amd64/pmap.c:2014
uvm_anfree_list(fffffd806f824270,0) at uvm_anfree_list+0xd6
amap_wipeout(fffffd806cdd5060) at amap_wipeout+0x248 sys/uvm/uvm_amap.c:502
uvm_unmap_detach(ffff800029fe5e30,0) at uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
uvm_map_teardown(fffffd806c3b7dd8) at uvm_map_teardown+0x35e sys/uvm/uvm_map.c:2518
uvmspace_free(fffffd806c3b7dd8) at uvmspace_free+0xcd sys/uvm/uvm_map.c:3422
reaper(ffff800029fd91c0) at reaper+0x246 sys/kern/kern_exit.c:477
end trace frame: 0x0, count: -20