*cpu1: uvm_fault(0xffffffff83899a28, 0xffff800027aa2004, 0, 1) -> d ddb{0}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7a019b919e70, count: -1 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80003c503cb0 rbx 0 rdx 0 rcx 0xffff80003c5194a8 rax 0x2a r8 0xffff80003c503be0 r9 0x1 r10 0x32807a22d3813e2 r11 0xa3ee5cd85502934 r12 0 r13 0 r14 0 r15 0 rip 0xffffffff817de4c7 proc_trampoline+0xc7 cs 0x8 rflags 0x246 rsp 0xffff80003c503c30 ss 0 proc_trampoline+0xc7: movl $0,%gs:0x680 ddb{0}> show proc PROC (syz-executor) tid=385820 pid=36569 tcnt=2 stat=onproc flags process=0 proc=0 runpri=36, usrpri=50, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c518cf8,0xffff80003c518038 process=0xffff80002a33c4a8 user=0xffff80003c4fe000, vmspace=0xfffffd80619c9038 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND *36569 385820 33250 0 7 0 syz-executor 36569 89431 33250 0 3 0x4000080 fsleep syz-executor 98943 518081 7836 0 2 0 syz-executor 98943 70903 7836 0 3 0x4000080 bell syz-executor 61360 93890 51913 0 2 0 syz-executor 61360 173059 51913 0 3 0x4000080 fsleep syz-executor 41022 468443 5640 0 2 0 syz-executor 41022 496095 5640 0 3 0x4000080 lockf syz-executor 41022 155937 5640 0 3 0x4000080 fsleep syz-executor 53813 389881 17657 0 2 0 syz-executor 53813 272194 17657 0 7 0x4000000 syz-executor 53813 416029 17657 0 3 0x4000080 fsleep syz-executor 69006 7903 15932 0 3 0x80 nanoslp syz-executor 69006 131093 15932 0 3 0x4000080 kqsel syz-executor 16441 168767 1 0 3 0x80 nanoslp init 74652 280972 0 0 3 0x14280 nfsidl nfsio 79848 203681 0 0 3 0x14280 nfsidl nfsio 72503 464895 0 0 3 0x14280 nfsidl nfsio 69313 440269 0 0 3 0x14280 nfsidl nfsio 8135 348586 0 0 3 0x14280 nfsidl nfsio 35834 151770 0 0 3 0x14280 nfsidl nfsio 71010 49401 0 0 3 0x14280 nfsidl nfsio 92281 292351 0 0 3 0x14280 nfsidl nfsio 24760 50908 0 0 3 0x14280 nfsidl nfsio 8643 441886 0 0 3 0x14280 nfsidl nfsio 24289 376186 0 0 3 0x14280 nfsidl nfsio 50297 319512 0 0 3 0x14280 nfsidl nfsio 23552 381130 0 0 3 0x14280 nfsidl nfsio 56159 19232 0 0 3 0x14280 nfsidl nfsio 89729 124487 0 0 3 0x14280 nfsidl nfsio 81248 45423 0 0 3 0x14280 nfsidl nfsio 99543 507925 0 0 3 0x14280 nfsidl nfsio 7724 491676 0 0 3 0x14280 nfsidl nfsio 52031 459258 0 0 3 0x14280 nfsidl nfsio 54519 418830 0 0 3 0x14280 nfsidl nfsio 5640 282032 22295 0 3 0x82 nanoslp syz-executor 34082 360940 22295 0 2 0x2 syz-executor 15932 20266 22295 0 3 0x82 nanoslp syz-executor 7836 378938 22295 0 3 0x82 nanoslp syz-executor 46727 40897 0 0 3 0x14200 bored sosplice 51913 96082 22295 0 3 0x82 nanoslp syz-executor 33250 299987 22295 0 3 0x82 nanoslp syz-executor 17657 257352 22295 0 3 0x82 nanoslp syz-executor 22295 337192 61121 0 3 0x82 wait syz-executor 61121 225683 85940 0 3 0x10008a sigsusp ksh 85940 412186 65070 0 3 0x98 kqread sshd-session 65070 142078 67517 0 3 0x92 kqread sshd-session 67517 216870 1 0 3 0x88 kqread sshd 99599 475027 95876 74 3 0x1100092 bpf pflogd 95876 68032 1 0 3 0x80 sbwait pflogd 25676 69494 11825 73 3 0x1100090 kqread syslogd 11825 396378 1 0 3 0x100082 sbwait syslogd 53971 416401 1 0 3 0x100080 kqread resolvd 26514 25747 20436 77 3 0x100092 kqread dhcpleased 50281 322288 20436 77 3 0x100092 kqread dhcpleased 20436 483534 1 0 3 0x80 kqread dhcpleased 71170 443975 0 0 3 0x14200 bored smr 36028 451417 0 0 2 0x14200 zerothread 29310 266782 0 0 3 0x14200 aiodoned aiodoned 95617 125349 0 0 3 0x14200 syncer update 79819 68986 0 0 3 0x14200 cleaner cleaner 42231 104376 0 0 3 0x14200 reaper reaper 72126 47599 0 0 3 0x14200 pgdaemon pagedaemon 83232 152096 0 0 3 0x14200 bored viomb 506 27549 0 0 3 0x40014200 acpi0 acpi0 41666 455625 0 0 3 0x40014200 idle1 46381 144600 0 0 3 0x14200 bored softnet3 17516 253799 0 0 3 0x14200 bored softnet2 50449 82385 0 0 3 0x14200 bored softnet1 43741 155631 0 0 3 0x14200 bored softnet0 71826 229830 0 0 3 0x14200 bored systqmp 66357 67833 0 0 3 0x14200 bored systq 26071 194784 0 0 3 0x14200 tmoslp softclockmp 16920 297594 0 0 3 0x40014200 tmoslp softclock 44638 162133 0 0 3 0x40014200 idle0 1 263423 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd806b49cac8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 mtx_enter_try+0x178 #2 mtx_enter+0x60 sys/kern/kern_lock.c:239 #3 pmap_enter+0x246 rcr3 machine/cpufunc.h:139 [inline] #3 pmap_enter+0x246 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:437 [inline] #3 pmap_enter+0x246 sys/arch/amd64/amd64/pmap.c:2770 #4 uvm_fault_lower_lookup+0x3d6 #5 uvm_fault_lower+0x86 sys/uvm/uvm_fault.c:1310 #6 uvm_fault+0x272 #7 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188 #8 usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436 #9 recall_trap+0x8 Process 36569 (syz-executor) thread 0xffff80003c5194a8 (385820) Process 53813 (syz-executor) thread 0xffff8000ffff67d0 (272194) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10221 11245K 11552K 166960K 16098 0 pcb 17 18K 22K 166960K 644 0 rtable 216 12K 13K 166960K 782 0 pf 39 18K 26K 166960K 394 0 ifaddr 37 6K 8K 166960K 184 0 ifgroup 56 2K 3K 166960K 371 0 sysctl 4 1K 1K 166960K 8 0 counters 64 36K 37K 166960K 404 0 ioctlops 0 0K 4K 166960K 1870 0 iov 0 0K 34K 166960K 307 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1505 95K 95K 166960K 3978 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 51 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 107 0 dirhash 12 2K 2K 166960K 66 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 236K 166960K 2861 0 sigio 0 0K 0K 166960K 249 0 proc 63 79K 152K 166960K 932 0 subproc 72 4K 4K 166960K 119 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 469 0 in_multi 85 6K 7K 166960K 223 0 ether_multi 1 0K 0K 166960K 24 0 mrt 1 0K 0K 166960K 12 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 91 413K 413K 166960K 91 0 exec 0 0K 1K 166960K 1074 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 216 72K 90K 166960K 28021 0 UVM aobj 68 5K 5K 166960K 70 0 pinsyscall 40 80K 106K 166960K 4121 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 204 0 NDP 12 0K 2K 166960K 129 0 temp 80 8644K 8896K 166960K 131813 0 kqueue 13 20K 32K 166960K 512 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 336 0 333 5 2 3 3 0 8 2 rtentry 112 236 0 151 4 0 4 4 0 8 0 unpcb 144 2377 0 2356 19 14 5 6 0 8 4 syncache 336 16 0 16 6 6 0 1 0 8 0 tcpqe 32 2 0 2 2 2 0 1 0 8 0 tcpcb 808 1014 0 1008 31 20 11 11 0 8 10 arp 120 34 0 23 1 0 1 1 0 8 0 inpcb 376 3593 0 3582 63 45 18 18 0 8 16 nd6 136 50 0 23 2 0 2 2 0 8 0 pkpcb 40 14 0 14 5 4 1 1 0 8 1 kcovpl 48 13 0 5 1 0 1 1 0 8 0 ppxss 1168 121 0 120 2 1 1 1 0 8 0 pppxif 1472 60 0 60 5 4 1 1 0 8 1 pffrag 232 19 0 10 1 0 1 1 0 482 0 pffrnode 88 18 0 10 1 0 1 1 0 8 0 pffrent 40 44 0 35 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 8 0 5 2 1 1 1 0 8 0 pfanchor 1288 2 0 1 1 0 1 1 0 8 0 pftag 88 12 0 8 2 1 1 1 0 8 0 pfstitem 24 203 0 104 1 0 1 1 0 8 0 pfstkey 128 204 0 105 4 0 4 4 0 8 0 pfstate 376 203 0 105 11 0 11 11 0 8 0 pfrule 1344 54 0 28 4 1 3 3 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 910 0 490 35 6 29 30 0 8 0 art_table 32 912 0 490 4 0 4 4 0 8 0 art_node 16 223 0 149 1 0 1 1 0 8 0 sysvmsgpl 40 17 0 8 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 103 0 93 1 0 1 1 0 8 0 shmpl 112 67 0 2 2 0 2 2 0 8 0 dirhash 1024 53 0 36 3 0 3 3 0 8 0 dino2pl 256 6515 0 5008 95 0 95 95 0 8 0 ffsino 280 6516 0 5009 109 0 109 109 0 8 0 nchpl 144 10528 0 9982 64 39 25 64 0 8 0 rtmask 32 12 0 12 2 2 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 39258 0 39257 4 3 1 2 0 8 0 percpumem 16 216 0 170 1 0 1 1 0 8 0 kstatmem 264 206 0 182 4 2 2 3 0 8 0 scsiplug 72 8 0 8 4 4 0 1 0 8 0 scxspl 216 33147 0 33147 12 11 1 8 1 8 1 plimitpl 152 754 0 737 1 0 1 1 0 8 0 sigapl 424 3172 0 3103 10 1 9 9 0 8 0 futexpl 64 48626 0 48622 1 0 1 1 0 8 0 knotepl 120 602 0 0 18 0 18 18 0 8 0 kqueuepl 216 1136 0 1124 10 3 7 7 0 8 6 pipepl 328 506 0 479 11 4 7 8 0 8 4 fdescpl 504 3132 0 3102 5 0 5 5 0 8 0 filepl 152 22780 0 22561 37 19 18 19 0 8 5 lockfpl 104 876 0 872 1 0 1 1 0 8 0 lockfspl 48 321 0 318 1 0 1 1 0 8 0 sessionpl 144 40 0 32 1 0 1 1 0 8 0 pgrppl 48 154 0 138 1 0 1 1 0 8 0 ucredpl 104 4645 0 4630 1 0 1 1 0 8 0 zombiepl 144 3281 0 3280 1 0 1 1 0 8 0 processpl 1176 3172 0 3103 9 3 6 6 0 8 0 procpl 656 7429 0 7352 8 0 8 8 0 8 0 srpgc 96 16 0 16 5 5 0 1 0 8 0 sosppl 168 14 0 14 4 3 1 1 0 8 1 sockpl 688 6356 0 6321 64 46 18 18 0 8 14 mcl64k 65536 6 0 0 1 0 1 1 0 8 0 mcl16k 16384 8 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 6 0 0 1 0 1 1 0 8 0 mcl4k 4096 111 0 0 14 0 14 14 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 39 0 0 4 0 4 4 0 8 0 mtagpl 96 95 0 0 3 0 3 3 0 8 0 mbufpl 256 1291 0 0 77 0 77 77 0 8 0 bufpl 280 11210 0 5056 440 0 440 440 0 8 0 anonpl 24 362874 0 359124 101 51 50 61 0 184 12 amapchunkpl 152 90994 0 90504 43 16 27 29 0 158 4 amappl16 200 6773 0 6733 67 55 12 15 0 8 8 amappl15 192 51 0 51 1 1 0 1 0 8 0 amappl14 184 150 0 139 1 0 1 1 0 8 0 amappl13 176 7 0 7 2 2 0 1 0 8 0 amappl12 168 3871 0 3842 3 1 2 2 0 8 0 amappl11 160 49 0 35 1 0 1 1 0 8 0 amappl10 152 5 0 5 2 2 0 1 0 8 0 amappl9 144 268 0 267 1 0 1 1 0 8 0 amappl8 136 49 0 46 1 0 1 1 0 8 0 amappl7 128 154 0 143 1 0 1 1 0 8 0 amappl6 120 239 0 235 1 0 1 1 0 8 0 amappl5 112 143 0 131 1 0 1 1 0 8 0 amappl4 104 382 0 361 1 0 1 1 0 8 0 amappl3 96 19398 0 19291 4 0 4 4 0 8 0 amappl2 88 847 0 784 2 0 2 2 0 8 0 amappl1 80 19315 0 18768 15 1 14 15 0 8 0 amappl 88 27378 0 27214 5 0 5 5 0 92 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma16384 16384 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 255 0 255 3 3 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 69 0 2 2 0 2 2 0 8 0 uaddrrnd 24 3132 0 3102 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3132 0 3102 1 0 1 1 0 8 0 vmmpekpl 168 23770 0 23720 3 0 3 3 0 8 0 vmmpepl 168 192145 0 190348 124 27 97 99 0 357 9 vmsppl 456 3131 0 3102 8 3 5 5 0 8 0 rwobjpl 64 54016 0 47115 122 5 117 117 0 8 3 pdppl 4096 6272 0 6204 138 66 72 88 0 8 4 pvpl 32 17494 0 0 140 0 140 140 0 265 0 pmappl 248 3131 0 3102 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 424 0 106 10 0 10 10 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x7a019b919e70, count: -1 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff800029a9bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:666 acpitimer_delay(1) at acpitimer_delay+0x77 acpitimer_read sys/dev/acpi/acpitimer.c:142 [inline] acpitimer_delay(1) at acpitimer_delay+0x77 sys/dev/acpi/acpitimer.c:120 comcnputc(800,61) at comcnputc+0x29b sys/dev/ic/com.c:1269 cnputc(61) at cnputc+0x61 sys/dev/cons.c:218 db_putchar(61) at db_putchar+0x65c sys/ddb/db_output.c:155 kprintf() at kprintf+0x2aba sys/kern/subr_prf.c:1065 db_printf(ffffffff833de305) at db_printf+0x9b fault(ffffffff8338552a) at fault+0xa7 sys/arch/amd64/amd64/trap.c:157 kpageflttrap(ffff80002ec9fe40,ffff800027aa2004) at kpageflttrap+0x385 sys/arch/amd64/amd64/trap.c:290 kerntrap(ffff80002ec9fe40) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b end trace frame: 0xffff80002eca0000, count: 0 ddb{1}> trace x86_ipi_db(ffff800029a9bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:666 acpitimer_delay(1) at acpitimer_delay+0x77 acpitimer_read sys/dev/acpi/acpitimer.c:142 [inline] acpitimer_delay(1) at acpitimer_delay+0x77 sys/dev/acpi/acpitimer.c:120 comcnputc(800,61) at comcnputc+0x29b sys/dev/ic/com.c:1269 cnputc(61) at cnputc+0x61 sys/dev/cons.c:218 db_putchar(61) at db_putchar+0x65c sys/ddb/db_output.c:155 kprintf() at kprintf+0x2aba sys/kern/subr_prf.c:1065 db_printf(ffffffff833de305) at db_printf+0x9b fault(ffffffff8338552a) at fault+0xa7 sys/arch/amd64/amd64/trap.c:157 kpageflttrap(ffff80002ec9fe40,ffff800027aa2004) at kpageflttrap+0x385 sys/arch/amd64/amd64/trap.c:290 kerntrap(ffff80002ec9fe40) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b ufs_lookup() at ufs_lookup+0x5e1 sys/ufs/ufs/ufs_lookup.c:279 VOP_LOOKUP(fffffd8063796a30,ffff80002eca01e8,ffff80002eca0218) at VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 vfs_lookup(ffff80002eca01b8) at vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 namei(ffff80002eca01b8) at namei+0x7aa sys/kern/vfs_lookup.c:250 sys_truncate(ffff8000ffff67d0,ffff80002eca0390,ffff80002eca02e0) at sys_truncate+0x84 sys/kern/vfs_syscalls.c:2888 syscall(ffff80002eca0390) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002eca0390) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xb4dff156da0, count: -21