*cpu1: uvm_fault(0xffffffff8355a950, 0xffff800019a454dd, 0, 2) -> d ddb{0}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7f1f5e870230, count: -1 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80002a0f8830 rbx 0 rdx 0 rcx 0xffff800030b78f80 rax 0x2a r8 0xffff80002a0f8760 r9 0 r10 0xefd76e83437cd746 r11 0xd309f465e09f899f r12 0 r13 0 r14 0 r15 0 rip 0xffffffff82e9d4c7 proc_trampoline+0xc7 cs 0x8 rflags 0x246 rsp 0xffff80002a0f87b0 ss 0 proc_trampoline+0xc7: movl $0,%gs:0x680 ddb{0}> show proc PROC (syz-executor) tid=27036 pid=24150 tcnt=1 stat=onproc flags process=0 proc=0 runpri=50, usrpri=50, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800030b78050,0xffffffff83515fb0 process=0xffff80002d973b00 user=0xffff80002a0f3000, vmspace=0xfffffd806c2d88b0 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND *24150 27036 99502 0 7 0 syz-executor 29340 454980 23856 0 2 0 syz-executor 29340 193735 23856 0 3 0x4000080 fsleep syz-executor 8122 76342 90142 0 2 0 syz-executor 8122 471360 90142 0 3 0x4000080 kqsel syz-executor 8122 490421 90142 0 3 0x4000080 fsleep syz-executor 58154 185935 98416 0 2 0x2 sshd-session 60916 137119 50537 0 2 0x480 syz-executor 60916 177332 50537 0 3 0x4000080 kqsel syz-executor 60916 103424 50537 0 3 0x4000080 fsleep syz-executor 11050 284950 1997 0 2 0x480 syz-executor 11050 461034 1997 0 3 0x4000080 kqsel syz-executor 11050 485389 1997 0 3 0x4000080 fsleep syz-executor 48984 18811 68255 0 3 0x82 wait syz-executor 90142 444766 68255 0 3 0x82 nanoslp syz-executor 23856 245781 68255 0 2 0x482 syz-executor 42119 295527 68255 0 2 0x2 syz-executor 99502 473846 68255 0 2 0x482 syz-executor 26516 15389 68255 0 3 0x82 wait syz-executor 1997 130423 68255 0 7 0x3 syz-executor 50537 282725 68255 0 3 0x82 nanoslp syz-executor 20884 341755 1 0 3 0x100083 ttyopn getty 55898 388087 0 0 3 0x14200 bored sosplice 68255 19462 40033 0 3 0x82 kqread syz-executor 40033 462517 66913 0 3 0x10008a sigsusp ksh 66913 391467 43399 0 3 0x98 kqread sshd-session 43399 469337 98416 0 3 0x92 kqread sshd-session 98416 409835 1 0 3 0x88 kqread sshd 40081 126988 51138 74 3 0x1100092 bpf pflogd 51138 432462 1 0 3 0x80 sbwait pflogd 85469 20254 24947 73 3 0x1100090 kqread syslogd 24947 511301 1 0 3 0x100082 sbwait syslogd 7850 186322 1 0 3 0x100080 kqread resolvd 1028 456849 68111 77 3 0x100092 kqread dhcpleased 32810 514257 68111 77 3 0x100092 kqread dhcpleased 68111 323217 1 0 3 0x80 kqread dhcpleased 78407 487489 0 0 3 0x14200 bored smr 26838 33820 0 0 2 0x14200 zerothread 11884 227635 0 0 3 0x14200 aiodoned aiodoned 54215 81066 0 0 3 0x14200 syncer update 2817 249518 0 0 3 0x14200 cleaner cleaner 67065 93352 0 0 3 0x14200 reaper reaper 84190 18076 0 0 3 0x14200 pgdaemon pagedaemon 2775 286359 0 0 3 0x14200 bored viomb 21881 321867 0 0 3 0x40014200 acpi0 acpi0 7254 23227 0 0 3 0x40014200 idle1 54570 132597 0 0 3 0x14200 bored softnet3 51150 382047 0 0 3 0x14200 bored softnet2 40902 468993 0 0 3 0x14200 bored softnet1 34328 100111 0 0 3 0x14200 bored softnet0 9968 284762 0 0 3 0x14200 bored systqmp 20079 520222 0 0 3 0x14200 bored systq 7805 101831 0 0 3 0x14200 tmoslp softclockmp 39322 423192 0 0 3 0x40014200 tmoslp softclock 47279 41842 0 0 3 0x40014200 idle0 1 248926 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd806ec4d8d0) #0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151 #1 mtx_enter_try+0x178 #2 mtx_enter+0x60 sys/kern/kern_lock.c:239 #3 pmap_enter+0x246 rcr3 machine/cpufunc.h:139 [inline] #3 pmap_enter+0x246 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:432 [inline] #3 pmap_enter+0x246 sys/arch/amd64/amd64/pmap.c:2791 #4 uvm_fault_lower_lookup+0x33c sys/uvm/uvm_fault.c:1192 #5 uvm_fault_lower+0x74 sys/uvm/uvm_fault.c:1227 #6 uvm_fault+0x301 sys/uvm/uvm_fault.c:637 #7 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188 #8 usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436 #9 recall_trap+0x8 Process 24150 (syz-executor) thread 0xffff800030b78f80 (27036) Process 1997 (syz-executor) thread 0xffff800031184048 (130423) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10237 10178K 10560K 166960K 14380 0 pcb 17 15K 17K 166960K 567 0 rtable 238 8K 8K 166960K 4702 0 pf 41 18K 26K 166960K 445 0 ifaddr 50 10K 10K 166960K 650 0 ifgroup 63 2K 2K 166960K 714 0 sysctl 4 1K 2K 166960K 8 0 counters 68 36K 37K 166960K 418 0 ioctlops 0 0K 4K 166960K 1912 0 iov 0 0K 24K 166960K 210 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1409 89K 89K 166960K 4652 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 13K 166960K 26 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 90 0 dirhash 18 3K 3K 166960K 66 0 ACPI 1690 195K 286K 166960K 12418 0 file desc 17 61K 97K 166960K 4377 0 sigio 0 0K 0K 166960K 53 0 proc 72 91K 152K 166960K 4483 0 subproc 104 6K 7K 166960K 1846 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 444 0 in_multi 103 7K 7K 166960K 1671 0 ether_multi 1 0K 0K 166960K 15 0 mrt 2 0K 0K 166960K 8 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 247 1102K 1102K 166960K 247 0 exec 0 0K 1K 166960K 2637 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 256 75K 100K 166960K 34518 0 UVM aobj 31 2K 2K 166960K 35 0 pinsyscall 44 88K 104K 166960K 9009 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 129 0 NDP 14 0K 2K 166960K 481 0 temp 78 6824K 7084K 166960K 164331 0 kqueue 13 20K 30K 166960K 387 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 544 0 541 4 3 1 2 0 8 0 rtentry 112 1680 0 1571 5 1 4 4 0 8 0 unpcb 144 2480 0 2463 35 33 2 8 0 8 1 syncache 336 29 0 29 11 10 1 1 0 8 1 tcpqe 32 20 0 20 6 5 1 1 0 8 1 tcpcb 808 1247 0 1239 31 23 8 8 0 8 7 arp 120 301 0 281 1 0 1 1 0 8 0 inpcb 336 4069 0 4050 60 47 13 13 0 8 10 nd6 136 449 0 418 2 0 2 2 0 8 0 pkpcb 40 11 0 11 8 7 1 1 0 8 1 kcovpl 48 142 0 134 1 0 1 1 0 8 0 ppxss 1168 29 0 29 11 10 1 1 0 8 1 pfstscr 40 4 0 3 4 3 1 1 0 8 0 pffrag 232 17 0 15 3 2 1 1 0 482 0 pffrnode 88 17 0 15 3 2 1 1 0 8 0 pffrent 40 198 0 196 3 2 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfanchor 1288 1 0 1 1 0 1 1 0 8 1 pftag 88 3 0 0 1 0 1 1 0 8 0 pfstitem 24 387 0 321 1 0 1 1 0 8 0 pfstkey 128 403 0 337 3 0 3 3 0 8 0 pfstate 376 393 0 329 12 5 7 7 0 8 0 pfrule 1344 43 0 36 2 1 1 2 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 6707 0 6218 49 18 31 31 0 8 0 art_table 32 6710 0 6218 4 0 4 4 0 8 0 art_node 16 1669 0 1570 1 0 1 1 0 8 0 sysvmsgpl 40 35 0 15 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 84 0 74 1 0 1 1 0 8 0 shmpl 112 32 0 4 1 0 1 1 0 8 0 dirhash 1024 56 0 34 3 0 3 3 0 8 0 dino2pl 256 5844 0 4068 114 2 112 112 0 8 0 ffsino 272 5844 0 4068 121 2 119 119 0 8 0 nchpl 144 9449 0 8723 68 38 30 67 0 8 0 uvmvnodes 80 8197 0 0 168 0 168 168 0 8 0 vnodes 216 8197 0 0 456 0 456 456 0 8 0 namei 1024 46195 0 46195 14 13 1 3 0 8 1 percpumem 16 223 0 175 1 0 1 1 0 8 0 kstatmem 264 378 0 350 9 6 3 3 0 8 1 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 3 0 3 1 1 0 1 0 8 0 scxspl 216 87932 0 87932 13 10 3 8 1 8 3 plimitpl 152 962 0 942 1 0 1 1 0 8 0 sigapl 424 4450 0 4399 13 7 6 9 0 8 0 futexpl 64 39301 0 39297 11 10 1 1 0 8 0 knotepl 120 696 0 0 18 0 18 18 0 8 0 kqueuepl 216 842 0 828 14 13 1 5 0 8 0 pipepl 320 876 0 847 10 7 3 8 0 8 0 fdescpl 496 4406 0 4374 13 8 5 6 0 8 0 filepl 152 24290 0 24023 60 44 16 19 0 8 3 lockfpl 104 1208 0 1206 3 2 1 2 0 8 0 lockfspl 48 454 0 452 1 0 1 1 0 8 0 sessionpl 144 170 0 160 1 0 1 1 0 8 0 pgrppl 48 337 0 319 1 0 1 1 0 8 0 ucredpl 104 3039 0 3026 1 0 1 1 0 8 0 zombiepl 144 4646 0 4644 2 1 1 1 0 8 0 processpl 1160 4450 0 4399 7 2 5 6 0 8 0 procpl 648 8254 0 8196 11 5 6 8 0 8 0 srpgc 96 14 0 14 6 6 0 1 0 8 0 sosppl 168 16 0 16 7 6 1 1 0 8 1 sockpl 664 7305 0 7268 104 89 15 19 0 8 11 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 8 0 0 1 0 1 1 0 8 0 mcl4k 4096 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 324 0 0 30 3 27 30 0 8 0 mtagpl 96 129 0 0 2 0 2 2 0 8 0 mbufpl 256 1035 0 0 49 0 49 49 0 8 0 bufpl 280 14203 0 4980 662 0 662 662 0 8 0 anonpl 24 647619 0 637178 175 84 91 103 0 185 0 amapchunkpl 152 110151 0 109467 91 54 37 53 0 158 8 amappl16 200 12080 0 11797 115 84 31 31 0 8 1 amappl15 192 14 0 14 2 2 0 1 0 8 0 amappl14 184 411 0 398 1 0 1 1 0 8 0 amappl13 176 41 0 41 2 2 0 1 0 8 0 amappl12 168 7231 0 7200 4 2 2 3 0 8 0 amappl11 160 58 0 44 1 0 1 1 0 8 0 amappl10 152 9 0 8 1 0 1 1 0 8 0 amappl9 144 142 0 142 1 1 0 1 0 8 0 amappl8 136 43 0 40 1 0 1 1 0 8 0 amappl7 128 394 0 381 1 0 1 1 0 8 0 amappl6 120 1504 0 1502 1 0 1 1 0 8 0 amappl5 112 683 0 669 1 0 1 1 0 8 0 amappl4 104 772 0 751 1 0 1 1 0 8 0 amappl3 96 21463 0 21353 5 1 4 4 0 8 0 amappl2 88 2721 0 2644 2 0 2 2 0 8 0 amappl1 80 31581 0 30947 16 2 14 14 0 8 0 amappl 88 32859 0 32671 5 0 5 5 0 92 0 dma16384 16384 2 0 2 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 2 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 24 0 23 1 0 1 1 0 8 0 aobjpl 72 34 0 4 1 0 1 1 0 8 0 uaddrrnd 24 4406 0 4374 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4406 0 4374 1 0 1 1 0 8 0 vmmpekpl 168 37113 0 37064 4 0 4 4 0 8 0 vmmpepl 168 285379 0 283139 181 74 107 108 0 357 5 vmsppl 440 4405 0 4374 6 2 4 5 0 8 0 rwobjpl 56 85328 0 75809 142 7 135 135 0 8 0 pdppl 4096 8819 0 8748 293 220 73 87 0 8 2 pvpl 32 36607 0 0 295 0 295 295 0 265 0 pmappl 248 4405 0 4374 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 799 0 353 13 0 13 13 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7f1f5e870230, count: -1 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:666 acpitimer_delay(1) at acpitimer_delay+0xb7 acpitimer_read sys/dev/acpi/acpitimer.c:146 [inline] acpitimer_delay(1) at acpitimer_delay+0xb7 sys/dev/acpi/acpitimer.c:120 comcnputc(800,20) at comcnputc+0x29b sys/dev/ic/com.c:1269 cnputc(20) at cnputc+0x61 sys/dev/cons.c:218 db_putchar(64) at db_putchar+0x524 db_force_whitespace sys/ddb/db_output.c:102 [inline] db_putchar(64) at db_putchar+0x524 sys/ddb/db_output.c:153 kprintf() at kprintf+0x2aba sys/kern/subr_prf.c:1065 db_printf(ffffffff830946a0) at db_printf+0x9b fault(ffffffff83043813) at fault+0xa7 sys/arch/amd64/amd64/trap.c:157 kpageflttrap(ffff80002a554010,ffff800019a454dd) at kpageflttrap+0x385 sys/arch/amd64/amd64/trap.c:290 kerntrap(ffff80002a554010) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b end trace frame: 0xffff80002a5542d0, count: 0 ddb{1}> trace x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:666 acpitimer_delay(1) at acpitimer_delay+0xb7 acpitimer_read sys/dev/acpi/acpitimer.c:146 [inline] acpitimer_delay(1) at acpitimer_delay+0xb7 sys/dev/acpi/acpitimer.c:120 comcnputc(800,20) at comcnputc+0x29b sys/dev/ic/com.c:1269 cnputc(20) at cnputc+0x61 sys/dev/cons.c:218 db_putchar(64) at db_putchar+0x524 db_force_whitespace sys/ddb/db_output.c:102 [inline] db_putchar(64) at db_putchar+0x524 sys/ddb/db_output.c:153 kprintf() at kprintf+0x2aba sys/kern/subr_prf.c:1065 db_printf(ffffffff830946a0) at db_printf+0x9b fault(ffffffff83043813) at fault+0xa7 sys/arch/amd64/amd64/trap.c:157 kpageflttrap(ffff80002a554010,ffff800019a454dd) at kpageflttrap+0x385 sys/arch/amd64/amd64/trap.c:290 kerntrap(ffff80002a554010) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b memset() at memset+0x49 ffs_write(ffff80002a5543b0) at ffs_write+0xbab sys/ufs/ffs/ffs_vnops.c:401 VOP_WRITE(fffffd80536c5a78,ffff80002a554468,3,fffffd807f7d3548) at VOP_WRITE+0x102 sys/kern/vfs_vops.c:245 ktrwriteraw(ffff800031184048,fffffd80536c5a78,fffffd807f7d3548,ffff80002a554538,ffff80002a554510) at ktrwriteraw+0x1bc sys/kern/kern_ktrace.c:682 ktrstruct(ffff800031184048,ffffffff82fff9a0,ffff80002a554630,10) at ktrstruct+0x19a sys/kern/kern_ktrace.c:308 sys_nanosleep(ffff800031184048,ffff80002a554770,ffff80002a5546c0) at sys_nanosleep+0x109 sys/kern/kern_time.c:292 syscall(ffff80002a554770) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80002a554770) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x78b93f6ecd20, count: -22