*cpu1: uvm_fault(0xfffffd806cb3e7c8, 0x0, 0, 1) -> e ddb{0}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7fca1295b80, count: -1 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80003c538fd0 rbx 0 rdx 0xffff8000015fa880 rcx 0xffff80003c440d20 rax 0x3c r8 0xffff80003c538f00 r9 0 r10 0xa0c1bb166ff68e1b r11 0x9ae1472def78ef8b r12 0 r13 0 r14 0xffff80003c440d20 r15 0 rip 0xffffffff8286e3ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80003c538f50 ss 0x10 savectx+0xae: movl $0,%gs:0x688 ddb{0}> show proc PROC (syz-executor) tid=6187 pid=78605 tcnt=5 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c44f4f8,0xffff80003c440038 process=0xffff80002a368030 user=0xffff80003c534000, vmspace=0xfffffd806cb3e9b0 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 91437 58361 34677 0 2 0 syz-executor 91437 397856 34677 0 7 0x4000000 syz-executor 91437 44818 34677 0 3 0x4000080 fsleep syz-executor 91437 38443 34677 0 2 0x4000000 syz-executor 78605 374077 44951 0 2 0 syz-executor 78605 275811 44951 0 3 0x4000080 kqpoll syz-executor *78605 6187 44951 0 7 0x4000000 syz-executor 78605 255083 44951 0 3 0x4000080 fsleep syz-executor 78605 261829 44951 0 3 0x4000080 fsleep syz-executor 4280 249624 80198 0 3 0x80 nanoslp syz-executor 4280 42461 80198 0 3 0x4000080 kqpoll syz-executor 4280 59160 80198 0 3 0x4000080 fsleep syz-executor 4280 491775 80198 0 3 0x4000080 fsleep syz-executor 4280 69720 80198 0 3 0x4000080 fsleep syz-executor 57581 304536 88187 0 3 0x80 nanoslp syz-executor 57581 22882 88187 0 3 0x4000080 kqsel syz-executor 44951 384629 97737 0 3 0x82 nanoslp syz-executor 91739 355014 97737 0 3 0x82 wait syz-executor 35424 293785 0 0 3 0x14200 acct acct 34677 205128 97737 0 3 0x82 nanoslp syz-executor 88187 206979 97737 0 3 0x82 nanoslp syz-executor 85595 512890 97737 0 3 0x82 nanoslp syz-executor 3627 452524 1 0 3 0x100083 ttyopn getty 76147 346940 97737 0 3 0x2 biowait syz-executor 66995 91097 97737 0 3 0x82 wait syz-executor 80198 364739 97737 0 3 0x82 nanoslp syz-executor 94597 288138 0 0 3 0x14200 bored sosplice 19105 255783 0 0 3 0x14280 nfsidl nfsio 52646 34109 0 0 3 0x14280 nfsidl nfsio 21752 181438 0 0 3 0x14280 nfsidl nfsio 66127 227555 0 0 3 0x14280 nfsidl nfsio 88 40143 0 0 3 0x14280 nfsidl nfsio 43023 21947 0 0 3 0x14280 nfsidl nfsio 56751 179791 0 0 3 0x14280 nfsidl nfsio 84710 236568 0 0 3 0x14280 nfsidl nfsio 98427 366214 0 0 3 0x14280 nfsidl nfsio 48965 408887 0 0 3 0x14280 nfsidl nfsio 98614 505583 0 0 3 0x14280 nfsidl nfsio 52369 16612 0 0 3 0x14280 nfsidl nfsio 26566 363097 0 0 3 0x14280 nfsidl nfsio 84283 356888 0 0 3 0x14280 nfsidl nfsio 50782 390362 0 0 3 0x14280 nfsidl nfsio 5133 336599 0 0 3 0x14280 nfsidl nfsio 80200 330125 0 0 3 0x14280 nfsidl nfsio 64868 98509 0 0 3 0x14280 nfsidl nfsio 47718 433035 0 0 3 0x14280 nfsidl nfsio 99573 115940 0 0 3 0x14280 nfsidl nfsio 97737 30852 19287 0 3 0x82 kqread syz-executor 19287 271847 96050 0 3 0x10008a sigsusp ksh 96050 510815 10618 0 3 0x98 kqread sshd-session 10618 271177 14856 0 3 0x92 kqread sshd-session 14856 55164 1 0 3 0x88 kqread sshd 32061 519861 48809 74 3 0x1100092 bpf pflogd 48809 339189 1 0 3 0x80 sbwait pflogd 81189 206466 41654 73 3 0x1100090 kqread syslogd 41654 42821 1 0 3 0x100082 sbwait syslogd 97082 57817 1 0 3 0x100080 kqread resolvd 40964 465557 38412 77 3 0x100092 kqread dhcpleased 81013 54203 38412 77 3 0x100092 kqread dhcpleased 38412 334214 1 0 3 0x80 kqread dhcpleased 75260 71248 0 0 3 0x14200 bored smr 29947 255305 0 0 2 0x14200 zerothread 20911 125402 0 0 3 0x14200 aiodoned aiodoned 31371 27704 0 0 3 0x14200 syncer update 15935 331322 0 0 3 0x14200 cleaner cleaner 23255 333278 0 0 3 0x14200 reaper reaper 294 66341 0 0 3 0x14200 pgdaemon pagedaemon 60902 170863 0 0 3 0x14200 bored viomb 36769 432782 0 0 3 0x40014200 acpi0 acpi0 30742 511325 0 0 3 0x40014200 idle1 36155 411385 0 0 3 0x14200 bored softnet7 59975 431284 0 0 3 0x14200 bored softnet6 41760 24647 0 0 3 0x14200 bored softnet5 37444 112194 0 0 3 0x14200 bored softnet4 11581 119472 0 0 3 0x14200 bored softnet3 4810 152453 0 0 3 0x14200 bored softnet2 19163 446301 0 0 3 0x14200 bored softnet1 62461 347528 0 0 3 0x14200 bored softnet0 56352 271201 0 0 3 0x14200 bored systqmp 80991 430611 0 0 3 0x14200 bored systq 76330 87991 0 0 3 0x14200 tmoslp softclockmp 5833 443019 0 0 3 0x40014200 tmoslp softclock 57890 165523 0 0 3 0x40014200 idle0 1 391031 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks Process 91437 (syz-executor) thread 0xffff800031008a80 (397856) Process 76147 (syz-executor) thread 0xffff80003c44fcc0 (346940) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10296 11201K 12403K 166960K 15403 0 pcb 20 16K 24K 166960K 1090 0 rtable 204 13K 14K 166960K 985 0 pf 39 18K 67486K 166960K 505 0 ifaddr 38 8K 8K 166960K 294 0 ifgroup 59 2K 3K 166960K 521 0 sysctl 4 1K 9K 166960K 42 0 counters 70 37K 38K 166960K 788 0 ioctlops 0 0K 4K 166960K 2838 0 iov 0 0K 20K 166960K 309 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1544 97K 98K 166960K 5118 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 16K 28K 166960K 61 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 350 0 dirhash 12 2K 2K 166960K 96 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 244K 166960K 4565 0 sigio 0 0K 0K 166960K 74 0 proc 75 131K 164K 166960K 1462 0 subproc 72 4K 4K 166960K 211 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 688 0 in_multi 76 5K 7K 166960K 429 0 ether_multi 1 0K 0K 166960K 39 0 mrt 1 0K 0K 166960K 16 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 415 1844K 1844K 166960K 415 0 exec 0 0K 1K 166960K 1235 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 9 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 277 165K 178K 166960K 42105 0 UVM aobj 130 8K 8K 166960K 134 0 pinsyscall 42 84K 104K 166960K 6057 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 304 0 NDP 13 0K 2K 166960K 217 0 temp 90 8652K 8780K 166960K 220829 0 kqueue 13 20K 32K 166960K 882 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 598 0 595 5 4 1 3 0 8 0 rtentry 176 339 0 270 5 1 4 5 0 8 0 unpcb 144 3137 0 3117 22 21 1 6 0 8 0 syncache 336 29 0 29 10 9 1 1 0 8 1 tcpqe 32 9 0 9 6 6 0 1 0 8 0 tcpcb 736 1867 0 1857 46 44 2 7 0 8 1 arp 128 33 0 24 1 0 1 1 0 8 0 inpcb 328 5983 0 5965 58 50 8 13 0 8 5 nd6 144 66 0 53 1 0 1 1 0 8 0 pkpcb 40 81 0 81 9 8 1 1 0 8 1 kcovpl 48 23 0 15 1 0 1 1 0 8 0 mppekey 1024 4 0 4 4 4 0 2 0 8 0 ppxss 1192 301 0 301 4 3 1 1 0 8 1 pppxif 1504 24 0 24 10 9 1 2 0 8 1 pfstscr 40 1 0 0 1 0 1 1 0 8 0 pffrag 232 83 0 72 1 0 1 1 0 482 0 pffrnode 88 46 0 35 1 0 1 1 0 8 0 pffrent 40 155 0 144 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 2 0 2 2 2 0 1 0 8 0 pfstitem 24 338 0 211 1 0 1 1 0 8 0 pfstkey 128 340 0 213 5 0 5 5 0 8 0 pfstate 384 338 0 212 14 0 14 14 0 8 0 pfrule 1344 24 0 18 2 1 1 2 0 8 0 rttmr 136 1 0 1 1 1 0 1 0 8 0 art_heap8 4096 6 0 3 6 2 4 5 0 8 1 art_heap4 256 1669 0 1302 50 22 28 29 0 8 2 art_table 40 1675 0 1305 6 1 5 5 0 8 0 art_node 32 332 0 270 1 0 1 1 0 8 0 sysvmsgpl 40 6 0 3 1 0 1 1 0 8 0 semupl 112 2 0 2 2 2 0 1 0 8 0 semapl 112 340 0 330 1 0 1 1 0 8 0 shmpl 112 131 0 4 4 0 4 4 0 8 0 dirhash 1024 74 0 57 3 0 3 3 0 8 0 dino2pl 256 10063 0 8523 97 0 97 97 0 8 0 ffsino 296 10063 0 8523 119 0 119 119 0 8 0 nchpl 144 16369 0 15661 66 39 27 64 0 8 0 rtmask 32 34 0 34 9 8 1 1 0 8 1 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 60060 0 60060 5 4 1 3 0 8 1 percpumem 16 409 0 359 1 0 1 1 0 8 0 kstatmem 264 344 0 312 5 2 3 3 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 20 0 20 9 9 0 1 0 8 0 scxspl 216 95963 0 95962 21 20 1 8 1 8 0 plimitpl 152 933 0 915 1 0 1 1 0 8 0 sigapl 424 4808 0 4733 9 0 9 9 0 8 0 knotepl 120 672 0 0 18 0 18 18 0 8 0 kqueuepl 224 1957 0 1945 23 22 1 5 0 8 0 pipepl 344 792 0 765 9 6 3 9 0 8 0 fdescpl 528 4748 0 4717 3 0 3 3 0 8 0 filepl 160 36443 0 36213 40 26 14 24 0 8 0 lockfpl 104 1963 0 1960 4 3 1 2 0 8 0 lockfspl 48 721 0 718 1 0 1 1 0 8 0 sessionpl 144 61 0 52 1 0 1 1 0 8 0 pgrppl 48 158 0 141 1 0 1 1 0 8 0 ucredpl 104 6548 0 6534 1 0 1 1 0 8 0 zombiepl 144 5969 0 5966 2 1 1 1 0 8 0 processpl 1248 4808 0 4733 7 0 7 7 0 8 0 procpl 664 12364 0 12277 9 1 8 9 0 8 0 sosppl 168 30 0 30 10 9 1 1 0 8 1 sockpl 752 9972 0 9931 71 60 11 18 0 8 6 mcl64k 65536 21 0 0 3 0 3 3 0 8 0 mcl16k 16384 5 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 5 0 0 1 0 1 1 0 8 0 mcl4k 4096 129 0 0 16 0 16 16 0 8 0 mcl2k 2048 89 0 0 7 1 6 7 0 8 0 mtagpl 96 16 0 0 1 0 1 1 0 8 0 mbufpl 256 1235 0 0 73 0 73 73 0 8 0 bufpl 280 36621 0 30478 440 0 440 440 0 8 0 anonpl 32 17548 0 0 141 0 141 141 0 246 0 amapchunkpl 152 146945 0 146201 87 53 34 41 0 158 3 amappl16 200 15565 0 15426 117 94 23 39 0 8 8 amappl15 192 9 0 9 1 1 0 1 0 8 0 amappl14 184 202 0 190 1 0 1 1 0 8 0 amappl13 176 9 0 9 4 4 0 1 0 8 0 amappl12 168 5647 0 5616 3 1 2 2 0 8 0 amappl11 160 54 0 40 1 0 1 1 0 8 0 amappl10 152 4 0 4 1 1 0 1 0 8 0 amappl9 144 259 0 258 2 1 1 1 0 8 0 amappl8 136 25 0 22 1 0 1 1 0 8 0 amappl7 128 159 0 146 1 0 1 1 0 8 0 amappl6 120 355 0 351 1 0 1 1 0 8 0 amappl5 112 188 0 178 1 0 1 1 0 8 0 amappl4 104 402 0 382 1 0 1 1 0 8 0 amappl3 96 30498 0 30370 5 1 4 4 0 8 0 amappl2 88 1025 0 957 2 0 2 2 0 8 0 amappl1 80 31908 0 31308 18 3 15 15 0 8 0 amappl 88 40352 0 40148 5 0 5 5 0 92 0 dma65536 65536 3 0 3 2 2 0 1 0 8 0 dma16384 16384 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 2 0 1 0 8 0 dma128 128 257 0 257 5 5 0 1 0 8 0 dma64 64 9 0 9 3 3 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 23 0 22 1 0 1 1 0 8 0 aobjpl 72 133 0 4 3 0 3 3 0 8 0 uaddrrnd 24 4748 0 4717 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4748 0 4717 1 0 1 1 0 8 0 vmmpekpl 168 35482 0 35419 4 0 4 4 0 8 0 vmmpepl 168 307487 0 305303 160 40 120 120 0 357 11 vmsppl 488 4747 0 4717 6 1 5 5 0 8 0 rwobjpl 80 83928 0 76765 165 7 158 158 0 8 3 pdppl 4096 9503 0 9434 149 76 73 85 0 8 4 pvpl 32 26571 0 0 213 0 213 213 0 265 0 pmappl 256 4747 0 4717 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 481 0 168 10 0 10 10 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7fca1295b80, count: -1 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:654 comcnputc(800,20) at comcnputc+0x250 comcn_read_reg sys/dev/ic/com.c:1655 [inline] comcnputc(800,20) at comcnputc+0x250 sys/dev/ic/com.c:1269 cnputc(20) at cnputc+0x67 sys/dev/cons.c:218 kputchar(20,5,0) at kputchar+0x2ed sys/kern/subr_prf.c:367 kprintf() at kprintf+0x29a5 sys/kern/subr_prf.c:-1 printf(ffffffff8341c8a9) at printf+0x8b sys/kern/subr_prf.c:529 trap_print(ffff80003c4f7040,6) at trap_print+0x70 sys/arch/amd64/amd64/trap.c:626 kerntrap(ffff80003c4f7040) at kerntrap+0x2e6 sys/arch/amd64/amd64/trap.c:487 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff800001619000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:586 dtioctl(21e5f,80044403,ffff80003c4f7380,81,ffff800031008a80) at dtioctl+0x536 sys/dev/dt/dt_dev.c:318 end trace frame: 0xffff80003c4f7260, count: 0 ddb{1}> trace x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:654 comcnputc(800,20) at comcnputc+0x250 comcn_read_reg sys/dev/ic/com.c:1655 [inline] comcnputc(800,20) at comcnputc+0x250 sys/dev/ic/com.c:1269 cnputc(20) at cnputc+0x67 sys/dev/cons.c:218 kputchar(20,5,0) at kputchar+0x2ed sys/kern/subr_prf.c:367 kprintf() at kprintf+0x29a5 sys/kern/subr_prf.c:-1 printf(ffffffff8341c8a9) at printf+0x8b sys/kern/subr_prf.c:529 trap_print(ffff80003c4f7040,6) at trap_print+0x70 sys/arch/amd64/amd64/trap.c:626 kerntrap(ffff80003c4f7040) at kerntrap+0x2e6 sys/arch/amd64/amd64/trap.c:487 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff800001619000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:586 dtioctl(21e5f,80044403,ffff80003c4f7380,81,ffff800031008a80) at dtioctl+0x536 sys/dev/dt/dt_dev.c:318 VOP_IOCTL(fffffd805c2516c8,80044403,ffff80003c4f7380,81,fffffd80097fb2d8,ffff800031008a80) at VOP_IOCTL+0xac sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806c302ca0,80044403,ffff80003c4f7380,ffff800031008a80) at vn_ioctl+0xf8 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff800031008a80,ffff80003c4f7560,ffff80003c4f74b0) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1 syscall(ffff80003c4f7560) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c4f7560) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc5f83890290, count: -19