*cpu1: uvm_fault(0xfffffd800c1d99a8, 0x340, 0, 1) -> e ddb{0}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7c6153ff3d10, count: -1 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff8000357f0cf0 rbx 0 rdx 0 rcx 0xffff80003c443798 rax 0x2a r8 0xffff8000357f0c20 r9 0 r10 0x2197dc5eab602044 r11 0x79da7db5f8015555 r12 0 r13 0xffffffff81772838 Xdoreti+0x18 r14 0 r15 0 rip 0xffffffff812b34c7 proc_trampoline+0xc7 cs 0x8 rflags 0x246 rsp 0xffff8000357f0c70 ss 0x10 proc_trampoline+0xc7: movl $0,%gs:0x688 ddb{0}> show proc PROC (syz-executor) tid=98198 pid=22826 tcnt=2 stat=onproc flags process=0 proc=0 runpri=86, usrpri=86, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c4a0030,0xffff80003c443cd8 process=0xffff8000ffff09b0 user=0xffff8000357eb000, vmspace=0xfffffd800c1d9020 estcpu=36, cpticks=3, pctcpu=0.0, user=3, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND *22826 98198 82170 0 7 0 syz-executor 22826 113283 82170 0 3 0x4000080 fsleep syz-executor 83440 283784 16215 0 2 0 syz-executor 83440 454422 16215 0 3 0x4000000 vm_terminate syz-executor 83440 39838 16215 0 7 0x4000000 syz-executor 83440 258270 16215 0 3 0x4000080 fsleep syz-executor 57224 322167 92425 0 3 0x80 nanoslp syz-executor 57224 219471 92425 0 3 0x4000080 bell syz-executor 57224 457500 92425 0 3 0x4000080 fsleep syz-executor 59564 105062 21137 0 4 0x82000 syz-executor 59564 282492 21137 0 3 0x4082000 biowait syz-executor 59564 74515 21137 0 3 0x4082000 fltagain2 syz-executor 59564 119681 21137 0 4 0x4082000 syz-executor 59564 340184 21137 0 3 0x4002000 suspend syz-executor 1857 404963 59324 0 3 0x80 nanoslp syz-executor 1857 72154 59324 0 3 0x4000080 kqsel syz-executor 56811 457645 67739 0 3 0x80 nanoslp syz-executor 56811 410353 67739 0 3 0x4000080 fifow syz-executor 56811 284330 67739 0 3 0x4000080 fsleep syz-executor 56811 229382 67739 0 3 0x4000080 fsleep syz-executor 36261 84332 41284 0 3 0x80 nanoslp syz-executor 36261 450183 41284 0 3 0x4000080 fsleep syz-executor 36261 395090 41284 0 3 0x4000080 semwait syz-executor 92425 45904 98695 0 3 0x82 nanoslp syz-executor 3842 27534 1 0 3 0x80 nanoslp init 82170 312623 98695 0 3 0x82 nanoslp syz-executor 59105 225 98695 0 3 0x82 nanoslp syz-executor 96665 168747 0 0 3 0x14280 nfsidl nfsio 3550 348692 0 0 3 0x14280 nfsidl nfsio 44996 57107 0 0 3 0x14280 nfsidl nfsio 49375 190869 0 0 3 0x14280 nfsidl nfsio 21137 207952 98695 0 3 0x82 nanoslp syz-executor 67739 240932 98695 0 3 0x82 nanoslp syz-executor 16215 152401 98695 0 3 0x82 nanoslp syz-executor 41284 217550 98695 0 3 0x82 nanoslp syz-executor 59324 398237 98695 0 3 0x82 nanoslp syz-executor 98695 263442 29731 0 3 0x82 kqread syz-executor 29731 141169 19632 0 3 0x10008a sigsusp ksh 19632 11651 12137 0 3 0x98 kqread sshd-session 12137 355026 45812 0 3 0x92 kqread sshd-session 45812 376436 1 0 3 0x88 kqread sshd 17558 398347 62318 74 3 0x1100092 bpf pflogd 62318 415247 1 0 3 0x80 sbwait pflogd 85596 419864 5768 73 3 0x1100090 kqread syslogd 5768 231459 1 0 3 0x100082 sbwait syslogd 3422 28989 1 0 3 0x100080 kqread resolvd 5103 446097 23502 77 3 0x100092 kqread dhcpleased 50804 253945 23502 77 3 0x100092 kqread dhcpleased 23502 121133 1 0 3 0x80 kqread dhcpleased 48861 502731 0 0 3 0x14200 bored smr 44882 17079 0 0 3 0x14200 pgzero zerothread 17572 51197 0 0 3 0x14200 aiodoned aiodoned 53005 462441 0 0 3 0x14200 syncer update 90232 179040 0 0 3 0x14200 cleaner cleaner 64247 327943 0 0 3 0x14200 reaper reaper 65484 84863 0 0 3 0x14200 pgdaemon pagedaemon 89272 333050 0 0 3 0x14200 bored viomb 66929 287178 0 0 3 0x40014200 acpi0 acpi0 46471 125283 0 0 3 0x40014200 idle1 71312 490483 0 0 3 0x14200 bored softnet1 31753 407316 0 0 3 0x14200 bored softnet0 93036 221185 0 0 3 0x14200 bored systqmp 62891 91108 0 0 3 0x14200 bored systq 50332 9293 0 0 3 0x14200 tmoslp softclockmp 82208 232277 0 0 3 0x40014200 tmoslp softclock 28071 241153 0 0 3 0x40014200 idle0 1 405348 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex &sched_lock r = 0 (0xffffffff839253d8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487 #2 sleep_finish+0x1d6 sys/kern/kern_synch.c:355 #3 refcnt_finalize+0xdb sys/kern/kern_synch.c:955 #4 vm_terminate+0x16d sys/dev/vmm/vmm.c:739 #5 vmmioctl+0x35b sys/dev/vmm/vmm.c:254 #6 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264 #7 vn_ioctl+0xf8 sys/kern/vfs_vnops.c:531 #8 sys_ioctl+0x674 sys/kern/sys_generic.c:-1 #9 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #9 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765 #10 Xsyscall+0x128 Process 83440 (syz-executor) thread 0xffff80003c4a0030 (39838) Process 59564 (syz-executor) thread 0xffff80003c442fd0 (282492) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10261 11246K 11432K 166960K 14722 0 pcb 18 15K 17K 166960K 770 0 rtable 178 11K 12K 166960K 961 0 pf 38 18K 67485K 166960K 379 0 ifaddr 32 5K 8K 166960K 207 0 ifgroup 56 2K 3K 166960K 362 0 sysctl 4 1K 9K 166960K 25 0 counters 68 36K 38K 166960K 404 0 ioctlops 0 0K 4K 166960K 2043 0 iov 0 0K 28K 166960K 150 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1496 94K 95K 166960K 4012 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 33 0 VM map 2 1K 1K 166960K 2 0 sem 13 1K 1K 166960K 91 0 dirhash 12 2K 2K 166960K 57 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 240K 166960K 2461 0 sigio 0 0K 0K 166960K 33 0 proc 63 99K 147K 166960K 929 0 subproc 72 4K 4K 166960K 137 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 305 0 in_multi 52 3K 7K 166960K 273 0 ether_multi 1 0K 0K 166960K 25 0 mrt 1 0K 0K 166960K 25 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 235 1049K 1049K 166960K 235 0 exec 0 0K 1K 166960K 800 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 8 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 266 173K 195K 166960K 23552 0 UVM aobj 100 27K 27K 166960K 105 0 pinsyscall 42 84K 104K 166960K 3742 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 128 0 NDP 12 0K 2K 166960K 145 0 temp 82 8664K 8790K 166960K 131557 0 kqueue 14 22K 31K 166960K 459 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 457 0 454 8 5 3 3 0 8 2 rtentry 176 255 0 194 6 0 6 6 0 8 0 unpcb 144 1404 0 1382 10 7 3 4 0 8 1 syncache 336 7 0 7 4 3 1 1 0 8 1 tcpqe 32 1 0 1 1 1 0 1 0 8 0 tcpcb 736 800 0 795 14 9 5 7 0 8 4 arp 136 42 0 28 1 0 1 1 0 8 0 inpcb 328 2759 0 2750 23 16 7 10 0 8 5 nd6 152 49 0 38 1 0 1 1 0 8 0 pkpcb 40 29 0 29 6 5 1 1 0 8 1 kcovpl 48 15 0 7 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1192 129 0 129 2 1 1 1 0 8 1 pppxif 1504 20 0 20 6 5 1 1 0 8 1 pfstscr 40 1 0 0 1 0 1 1 0 8 0 pffrag 232 18 0 7 1 0 1 1 0 482 0 pffrnode 88 17 0 7 1 0 1 1 0 8 0 pffrent 40 37 0 26 1 0 1 1 0 8 0 pfosfp 40 1429 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1429 0 714 21 0 21 21 0 8 0 pfrktable 1344 3 0 3 3 3 0 1 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pfstitem 24 160 0 68 1 0 1 1 0 8 0 pfstkey 128 193 0 102 4 0 4 4 0 8 0 pfstate 448 190 0 101 12 1 11 11 0 8 0 pfrule 1344 43 0 35 2 1 1 2 0 8 0 rttmr 136 4 0 4 2 1 1 1 0 8 1 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 1186 0 944 33 12 21 31 0 8 2 art_table 40 1190 0 944 6 0 6 6 0 8 0 art_node 32 254 0 202 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 1 1 0 1 1 0 8 0 semapl 112 83 0 73 1 0 1 1 0 8 0 shmpl 112 91 0 5 3 0 3 3 0 8 0 dirhash 1024 47 0 30 3 0 3 3 0 8 0 dino2pl 256 6024 0 4506 96 0 96 96 0 8 0 ffsino 296 6024 0 4506 118 0 118 118 0 8 0 nchpl 144 9362 0 7643 65 0 65 65 0 8 0 rtmask 32 31 0 31 3 2 1 1 0 8 1 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 32921 0 32921 4 3 1 2 0 8 1 percpumem 16 217 0 168 1 0 1 1 0 8 0 vcpupl 3968 11 0 0 2 0 2 2 0 8 0 vmpool 840 11 0 0 2 0 2 2 0 8 0 kstatmem 264 232 0 204 6 3 3 3 0 8 1 acpiwqpl 32 2 0 2 1 0 1 1 1 8 1 scsiplug 72 7 0 7 3 2 1 1 0 8 1 scxspl 216 67852 0 67851 17 14 3 8 1 8 2 plimitpl 152 459 0 441 1 0 1 1 0 8 0 sigapl 424 2744 0 2692 10 3 7 8 0 8 0 knotepl 120 621 0 0 18 0 18 18 0 8 0 kqueuepl 224 1036 0 1026 9 6 3 5 0 8 2 pipepl 344 420 0 392 11 8 3 9 0 8 0 fdescpl 528 2699 0 2667 3 0 3 3 0 8 0 filepl 160 18860 0 18624 33 15 18 18 0 8 6 lockfpl 104 1266 0 1261 3 2 1 2 0 8 0 lockfspl 48 446 0 441 1 0 1 1 0 8 0 sessionpl 144 31 0 23 1 0 1 1 0 8 0 pgrppl 48 125 0 109 1 0 1 1 0 8 0 ucredpl 104 3191 0 3176 1 0 1 1 0 8 0 zombiepl 144 2854 0 2853 1 0 1 1 0 8 0 processpl 1232 2744 0 2692 8 3 5 6 0 8 0 procpl 664 6478 0 6410 9 2 7 7 0 8 0 sosppl 176 11 0 11 5 4 1 1 0 8 1 sockpl 752 4780 0 4746 41 27 14 14 0 8 10 mcl64k 65536 10 0 0 2 0 2 2 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 131 0 0 15 0 15 15 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 27 0 0 4 0 4 4 0 8 0 mtagpl 96 11 0 0 1 0 1 1 0 8 0 mbufpl 256 1851 0 0 113 0 113 113 0 8 0 bufpl 280 27644 0 21507 439 0 439 439 0 8 0 anonpl 32 13774 0 0 112 1 111 112 0 246 0 amapchunkpl 152 82171 0 81605 53 25 28 33 0 158 4 amappl16 200 10607 0 10490 80 63 17 28 0 8 0 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 76 0 76 3 3 0 1 0 8 0 amappl13 176 513 0 512 1 0 1 1 0 8 0 amappl12 168 3105 0 3064 3 0 3 3 0 8 0 amappl11 160 4 0 4 1 1 0 1 0 8 0 amappl10 152 47 0 33 1 0 1 1 0 8 0 amappl9 144 249 0 249 1 1 0 1 0 8 0 amappl8 136 64 0 61 1 0 1 1 0 8 0 amappl7 128 108 0 107 1 0 1 1 0 8 0 amappl6 120 369 0 356 1 0 1 1 0 8 0 amappl5 112 79 0 68 1 0 1 1 0 8 0 amappl4 104 493 0 463 1 0 1 1 0 8 0 amappl3 96 14413 0 14307 3 0 3 3 0 8 0 amappl2 88 2790 0 2715 2 0 2 2 0 8 0 amappl1 80 18726 0 18161 14 1 13 14 0 8 0 amappl 88 22307 0 22118 6 1 5 5 0 92 0 uvmvnodes 80 190 0 0 4 0 4 4 0 8 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 255 0 255 3 3 0 1 0 8 0 dma64 64 7 0 7 2 1 1 1 0 8 1 dma32 32 8 0 8 2 2 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 104 0 5 2 0 2 2 0 8 0 uaddrrnd 24 2699 0 2667 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2699 0 2667 1 0 1 1 0 8 0 vmmpekpl 168 21664 0 21612 3 0 3 3 0 8 0 vmmpepl 168 174783 0 172743 141 39 102 108 0 357 4 vmsppl 488 2698 0 2667 6 1 5 5 0 8 0 rwobjpl 80 46667 0 45375 46 14 32 35 0 8 0 pdppl 4096 5428 0 5345 127 44 83 88 0 8 0 pvpl 32 26326 0 0 212 1 211 211 0 265 0 pmappl 256 2709 0 2667 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 442 0 77 11 0 11 11 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7c6153ff3d10, count: -1 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:682 acpitimer_delay(1) at acpitimer_delay+0x57 acpitimer_read sys/dev/acpi/acpitimer.c:141 [inline] acpitimer_delay(1) at acpitimer_delay+0x57 sys/dev/acpi/acpitimer.c:120 comcnputc(800,20) at comcnputc+0x29b sys/dev/ic/com.c:1269 cnputc(20) at cnputc+0x67 sys/dev/cons.c:218 db_putchar(2d) at db_putchar+0x126 db_force_whitespace sys/ddb/db_output.c:102 [inline] db_putchar(2d) at db_putchar+0x126 sys/ddb/db_output.c:153 kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1 db_printf(ffffffff8333dddc) at db_printf+0x9b sys/kern/subr_prf.c:-1 fault(ffffffff834028ed) at fault+0xa7 sys/arch/amd64/amd64/trap.c:161 kpageflttrap(ffff8000fffe8fd0,340) at kpageflttrap+0x37d sys/arch/amd64/amd64/trap.c:296 kerntrap(ffff8000fffe8fd0) at kerntrap+0x19c sys/arch/amd64/amd64/trap.c:510 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b end trace frame: 0xffff8000fffe90d0, count: 0 ddb{1}> trace x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:682 acpitimer_delay(1) at acpitimer_delay+0x57 acpitimer_read sys/dev/acpi/acpitimer.c:141 [inline] acpitimer_delay(1) at acpitimer_delay+0x57 sys/dev/acpi/acpitimer.c:120 comcnputc(800,20) at comcnputc+0x29b sys/dev/ic/com.c:1269 cnputc(20) at cnputc+0x67 sys/dev/cons.c:218 db_putchar(2d) at db_putchar+0x126 db_force_whitespace sys/ddb/db_output.c:102 [inline] db_putchar(2d) at db_putchar+0x126 sys/ddb/db_output.c:153 kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1 db_printf(ffffffff8333dddc) at db_printf+0x9b sys/kern/subr_prf.c:-1 fault(ffffffff834028ed) at fault+0xa7 sys/arch/amd64/amd64/trap.c:161 kpageflttrap(ffff8000fffe8fd0,340) at kpageflttrap+0x37d sys/arch/amd64/amd64/trap.c:296 kerntrap(ffff8000fffe8fd0) at kerntrap+0x19c sys/arch/amd64/amd64/trap.c:510 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b vm_terminate(ffff8000fffe9320) at vm_terminate+0xb0 sys/dev/vmm/vmm.c:728 vmmioctl(a00,80045604,ffff8000fffe9320,9,ffff80003c4a0030) at vmmioctl+0x35b sys/dev/vmm/vmm.c:254 VOP_IOCTL(fffffd806e1a5b00,80045604,ffff8000fffe9320,9,fffffd80097fb138,ffff80003c4a0030) at VOP_IOCTL+0xac sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8068e2aed8,80045604,ffff8000fffe9320,ffff80003c4a0030) at vn_ioctl+0xf8 sys/kern/vfs_vnops.c:531 sys_ioctl(ffff80003c4a0030,ffff8000fffe9500,ffff8000fffe9450) at sys_ioctl+0x674 sys/kern/sys_generic.c:-1 syscall(ffff8000fffe9500) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff8000fffe9500) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:765 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xdac78f1a670, count: -21