*cpu1: uvm_fault(0xfffffd806b0c07c8, 0x0, 0, 1) -> e ddb{0}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x197278d20a0, count: -1 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80003c50ba80 rbx 0 rdx 0xffff800001484fc0 rcx 0xffff80003c440a88 rax 0x2a r8 0xffff80003c50b9b0 r9 0 r10 0xa078d6e1efa0db57 r11 0x2a3b523355c1fb7e r12 0 r13 0 r14 0 r15 0 rip 0xffffffff81fd14c7 proc_trampoline+0xc7 cs 0x8 rflags 0x246 rsp 0xffff80003c50ba00 ss 0 proc_trampoline+0xc7: movl $0,%gs:0x688 ddb{0}> show proc PROC (syz-executor) tid=69604 pid=66094 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=50, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c441250,0xffffffff839a66d0 process=0xffff80003c487aa8 user=0xffff80003c506000, vmspace=0xfffffd806b0c0028 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 66094 270639 82313 0 3 0x80 fsleep syz-executor *66094 69604 82313 0 7 0x4000000 syz-executor 10967 408212 53192 0 3 0x80 fsleep syz-executor 10967 355957 53192 0 7 0x4000000 syz-executor 10967 181978 53192 0 2 0x4000000 syz-executor 10967 486564 53192 0 3 0x4000080 fsleep syz-executor 64787 289050 94740 0 3 0x80 fsleep syz-executor 64787 374048 94740 0 3 0x4000080 lockf syz-executor 64787 483027 94740 0 3 0x4000080 fsleep syz-executor 11610 98258 19778 0 3 0x80 fsleep syz-executor 11610 445529 19778 0 3 0x4000080 fifor syz-executor 33703 332005 49447 0 3 0x80 fsleep syz-executor 33703 396975 49447 0 3 0x4000080 kqread syz-executor 44435 411589 49552 0 3 0x80 fsleep syz-executor 44435 300330 49552 0 3 0x4000080 kqsel syz-executor 25282 373462 80435 0 3 0x80 fsleep syz-executor 25282 396633 80435 0 3 0x4000080 pipewr syz-executor 12318 216315 58227 0 3 0x80 fsleep syz-executor 12318 409550 58227 0 3 0x4000080 lockf syz-executor 53192 57229 87611 0 3 0x82 nanoslp syz-executor 81926 410383 0 0 3 0x14280 nfsidl nfsio 70579 212724 0 0 3 0x14280 nfsidl nfsio 45371 215617 0 0 3 0x14280 nfsidl nfsio 44941 492789 0 0 3 0x14280 nfsidl nfsio 72859 445258 0 0 3 0x14280 nfsidl nfsio 62529 416383 0 0 3 0x14280 nfsidl nfsio 94000 115203 0 0 3 0x14280 nfsidl nfsio 64362 308404 0 0 3 0x14280 nfsidl nfsio 31699 229022 0 0 3 0x14280 nfsidl nfsio 233 163998 0 0 3 0x14280 nfsidl nfsio 68651 478740 0 0 3 0x14280 nfsidl nfsio 2075 162362 0 0 3 0x14280 nfsidl nfsio 60772 520650 0 0 3 0x14280 nfsidl nfsio 601 437575 0 0 3 0x14280 nfsidl nfsio 71610 439535 0 0 3 0x14280 nfsidl nfsio 27655 171396 0 0 3 0x14280 nfsidl nfsio 12545 250093 0 0 3 0x14280 nfsidl nfsio 31954 33338 0 0 3 0x14280 nfsidl nfsio 76816 110252 0 0 3 0x14280 nfsidl nfsio 31960 49684 0 0 3 0x14280 nfsidl nfsio 86598 347815 0 0 3 0x14200 acct acct 84284 208428 0 0 3 0x14200 bored sosplice 82313 281621 87611 0 3 0x82 nanoslp syz-executor 49447 4516 87611 0 3 0x82 nanoslp syz-executor 19778 170010 87611 0 3 0x82 nanoslp syz-executor 94740 83166 87611 0 3 0x82 nanoslp syz-executor 80435 435223 87611 0 3 0x82 nanoslp syz-executor 58227 266994 87611 0 3 0x82 nanoslp syz-executor 49552 297986 87611 0 3 0x82 nanoslp syz-executor 87611 55703 63261 0 3 0x82 kqread syz-executor 63261 503352 64404 0 3 0x10008a sigsusp ksh 64404 176983 67319 0 3 0x98 kqread sshd-session 67319 383781 93137 0 3 0x92 kqread sshd-session 13225 250480 1 0 3 0x100083 ttyin getty 93137 76116 1 0 3 0x88 kqread sshd 58181 214352 31390 74 3 0x1100092 bpf pflogd 31390 428152 1 0 3 0x80 sbwait pflogd 66437 57541 99620 73 3 0x1100090 kqread syslogd 99620 201932 1 0 3 0x100082 sbwait syslogd 3911 168950 1 0 3 0x100080 kqread resolvd 45745 407565 80580 77 3 0x100092 kqread dhcpleased 72082 63182 80580 77 3 0x100092 kqread dhcpleased 80580 371670 1 0 3 0x80 kqread dhcpleased 52560 36324 0 0 3 0x14200 bored smr 70777 381859 0 0 3 0x14200 pgzero zerothread 3870 520433 0 0 3 0x14200 aiodoned aiodoned 12133 482433 0 0 3 0x14200 syncer update 73106 219236 0 0 3 0x14200 cleaner cleaner 15501 381173 0 0 3 0x14200 reaper reaper 68693 484566 0 0 3 0x14200 pgdaemon pagedaemon 15374 411650 0 0 3 0x14200 bored viomb 90637 33788 0 0 3 0x40014200 acpi0 acpi0 31871 129913 0 0 3 0x40014200 idle1 21517 480047 0 0 3 0x14200 bored softnet7 13764 301815 0 0 3 0x14200 bored softnet6 64360 304142 0 0 3 0x14200 bored softnet5 75020 467375 0 0 3 0x14200 bored softnet4 36667 311284 0 0 3 0x14200 bored softnet3 26097 150911 0 0 3 0x14200 bored softnet2 47727 98536 0 0 3 0x14200 bored softnet1 61159 56841 0 0 3 0x14200 bored softnet0 14069 238631 0 0 3 0x14200 bored systqmp 21414 394499 0 0 3 0x14200 bored systq 60816 165377 0 0 3 0x14200 tmoslp softclockmp 13518 444004 0 0 3 0x40014200 tmoslp softclock 65176 220259 0 0 3 0x40014200 idle0 1 142234 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex &(curpg)->mdpage.pv_mtx r = 0 (0xfffffd8007f55a08) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 mtx_enter_try+0x1ad sys/kern/kern_lock.c:311 #2 mtx_enter+0x62 sys/kern/kern_lock.c:261 #3 pmap_enter+0x86c pmap_enter_pv sys/arch/amd64/amd64/pmap.c:1094 [inline] #3 pmap_enter+0x86c sys/arch/amd64/amd64/pmap.c:2881 #4 uvm_fault_lower+0x608 sys/uvm/uvm_fault.c:1542 #5 uvm_fault+0x274 sys/uvm/uvm_fault.c:-1 #6 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192 #7 usertrap+0x3c6 sys/arch/amd64/amd64/trap.c:605 #8 recall_trap+0x8 exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd806b8c0710) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 mtx_enter_try+0x1ad sys/kern/kern_lock.c:311 #2 mtx_enter+0x62 sys/kern/kern_lock.c:261 #3 pmap_enter+0x24b rcr3 sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:139 [inline] #3 pmap_enter+0x24b pmap_map_ptes sys/arch/amd64/amd64/pmap.c:437 [inline] #3 pmap_enter+0x24b sys/arch/amd64/amd64/pmap.c:2770 #4 uvm_fault_lower+0x608 sys/uvm/uvm_fault.c:1542 #5 uvm_fault+0x274 sys/uvm/uvm_fault.c:-1 #6 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192 #7 usertrap+0x3c6 sys/arch/amd64/amd64/trap.c:605 #8 recall_trap+0x8 Process 66094 (syz-executor) thread 0xffff80003c440a88 (69604) Process 10967 (syz-executor) thread 0xffff800032802a90 (355957) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10225 11067K 11662K 166960K 12050 0 pcb 18 13K 14K 166960K 151 0 rtable 188 10K 10K 166960K 374 0 pf 41 19K 21K 166960K 104 0 ifaddr 39 6K 7K 166960K 70 0 ifgroup 59 2K 2K 166960K 113 0 sysctl 3 1K 9K 166960K 8 0 counters 70 37K 38K 166960K 128 0 ioctlops 0 0K 4K 166960K 1570 0 iov 0 0K 24K 166960K 105 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1453 91K 92K 166960K 1982 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 11 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 22 0 dirhash 15 2K 2K 166960K 24 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 240K 166960K 742 0 sigio 0 0K 0K 166960K 10 0 proc 73 115K 164K 166960K 630 0 subproc 72 4K 4K 166960K 82 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 65 0 in_multi 84 6K 7K 166960K 130 0 ether_multi 1 0K 0K 166960K 6 0 mrt 1 0K 0K 166960K 2 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 85 387K 387K 166960K 85 0 exec 0 0K 1K 166960K 517 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 247 168K 183K 166960K 8613 0 UVM aobj 15 2K 2K 166960K 17 0 pinsyscall 43 86K 102K 166960K 1868 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 31 0 NDP 13 0K 2K 166960K 49 0 temp 52 8646K 8712K 166960K 40080 0 kqueue 14 22K 29K 166960K 131 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 76 0 73 1 0 1 1 0 8 0 rtentry 176 127 0 54 5 0 5 5 0 8 0 unpcb 144 736 0 715 7 4 3 6 0 8 2 syncache 336 8 0 8 4 3 1 1 0 8 1 tcpqe 32 3 0 3 2 2 0 1 0 8 0 tcpcb 736 152 0 146 2 0 2 2 0 8 1 arp 128 17 0 8 1 0 1 1 0 8 0 inpcb 328 703 0 692 15 11 4 7 0 8 2 nd6 144 24 0 7 1 0 1 1 0 8 0 pkpcb 40 9 0 9 3 2 1 1 0 8 1 kcovpl 48 9 0 1 1 0 1 1 0 8 0 ppxss 1192 22 0 22 2 1 1 1 0 8 1 pfstscr 40 2 0 0 1 0 1 1 0 8 0 pffrent 40 1 0 1 1 1 0 1 0 8 0 pfosfp 40 1428 0 1428 5 5 0 5 0 8 0 pfosfpen 112 1428 0 1428 21 16 5 21 0 8 5 pfrktable 1344 6 0 2 1 0 1 1 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pftag 88 4 0 0 1 0 1 1 0 8 0 pfstitem 24 52 0 22 1 0 1 1 0 8 0 pfstkey 128 52 0 22 2 0 2 2 0 8 0 pfstate 384 50 0 22 4 0 4 4 0 8 0 pfrule 1344 26 0 20 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 536 0 170 28 3 25 28 0 8 2 art_table 40 537 0 170 5 0 5 5 0 8 0 art_node 32 127 0 64 1 0 1 1 0 8 0 sysvmsgpl 40 41 0 38 2 1 1 1 0 8 0 semapl 112 19 0 9 1 0 1 1 0 8 0 shmpl 112 14 0 2 1 0 1 1 0 8 0 dirhash 1024 25 0 6 3 0 3 3 0 8 0 dino2pl 256 2769 0 1255 95 0 95 95 0 8 0 ffsino 296 2769 0 1255 117 0 117 117 0 8 0 nchpl 144 3779 0 2080 64 0 64 64 0 8 0 rtmask 32 10 0 10 2 1 1 1 0 8 1 uvmvnodes 80 3190 0 0 66 0 66 66 0 8 0 vnodes 216 3190 0 0 178 0 178 178 0 8 0 namei 1024 12860 0 12860 1 0 1 1 0 8 1 percpumem 16 79 0 29 1 0 1 1 0 8 0 pfiaddrpl 120 2 0 0 1 0 1 1 0 8 0 kstatmem 264 66 0 36 3 0 3 3 0 8 0 scsiplug 72 4 0 4 2 1 1 1 0 8 1 scxspl 216 18729 0 18729 12 10 2 8 1 8 2 plimitpl 152 192 0 175 1 0 1 1 0 8 0 sigapl 424 1061 0 985 9 0 9 9 0 8 0 knotepl 120 314 0 0 10 0 10 10 0 8 0 kqueuepl 224 193 0 181 1 0 1 1 0 8 0 pipepl 344 160 0 132 3 0 3 3 0 8 0 fdescpl 528 1015 0 983 3 0 3 3 0 8 0 filepl 160 6034 0 5810 18 6 12 17 0 8 2 lockfpl 104 309 0 303 1 0 1 1 0 8 0 lockfspl 48 118 0 114 1 0 1 1 0 8 0 sessionpl 144 28 0 19 1 0 1 1 0 8 0 pgrppl 48 47 0 30 1 0 1 1 0 8 0 ucredpl 104 798 0 785 1 0 1 1 0 8 0 zombiepl 144 1358 0 1358 1 0 1 1 0 8 1 processpl 1248 1061 0 985 6 0 6 6 0 8 0 procpl 664 2145 0 2058 8 0 8 8 0 8 0 sosppl 168 1 0 1 1 1 0 1 0 8 0 sockpl 752 1540 0 1505 22 13 9 17 0 8 3 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 115 0 0 15 0 15 15 0 8 0 mcl2k 2048 20 0 0 3 0 3 3 0 8 0 mtagpl 96 4 0 0 1 0 1 1 0 8 0 mbufpl 256 210 0 0 13 0 13 13 0 8 0 bufpl 280 7461 0 1318 439 0 439 439 0 8 0 anonpl 32 11493 0 0 93 0 93 93 0 246 0 amapchunkpl 152 28475 0 27957 36 3 33 33 0 158 10 amappl16 200 3213 0 3178 34 20 14 27 0 8 8 amappl15 192 5 0 5 1 1 0 1 0 8 0 amappl14 184 134 0 122 1 0 1 1 0 8 0 amappl13 176 13 0 13 1 1 0 1 0 8 0 amappl12 168 1684 0 1652 3 1 2 2 0 8 0 amappl11 160 55 0 41 1 0 1 1 0 8 0 amappl10 152 12 0 12 2 2 0 1 0 8 0 amappl9 144 244 0 244 1 1 0 1 0 8 0 amappl8 136 27 0 24 1 0 1 1 0 8 0 amappl7 128 111 0 98 1 0 1 1 0 8 0 amappl6 120 194 0 191 1 0 1 1 0 8 0 amappl5 112 131 0 120 1 0 1 1 0 8 0 amappl4 104 322 0 302 1 0 1 1 0 8 0 amappl3 96 5416 0 5297 5 1 4 4 0 8 1 amappl2 88 686 0 625 2 0 2 2 0 8 0 amappl1 80 11833 0 11228 17 2 15 15 0 8 1 amappl 88 7781 0 7607 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 9 0 9 4 2 2 2 0 8 2 dma128 128 254 0 254 2 2 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 16 0 2 1 0 1 1 0 8 0 uaddrrnd 24 1015 0 983 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1015 0 983 1 0 1 1 0 8 0 vmmpekpl 168 10290 0 10245 3 0 3 3 0 8 0 vmmpepl 168 70531 0 68495 117 7 110 110 0 357 9 vmsppl 488 1014 0 983 6 1 5 5 0 8 0 rwobjpl 80 24578 0 20433 89 0 89 89 0 8 1 pdppl 4096 2038 0 1966 111 37 74 84 0 8 2 pvpl 32 17706 0 0 144 1 143 143 0 265 0 pmappl 256 1014 0 983 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 287 0 46 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace proc_trampoline() at proc_trampoline+0xc7 end of kernel end trace frame: 0x197278d20a0, count: -1 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:654 comcnputc(800,a) at comcnputc+0xd0 comcn_read_reg sys/dev/ic/com.c:1655 [inline] comcnputc(800,a) at comcnputc+0xd0 sys/dev/ic/com.c:1259 cnputc(a) at cnputc+0x67 sys/dev/cons.c:218 db_putchar(a) at db_putchar+0x498 sys/ddb/db_output.c:168 kprintf() at kprintf+0x203 sys/kern/subr_prf.c:723 db_printf(ffffffff83311389) at db_printf+0x9b sys/kern/subr_prf.c:-1 fault(ffffffff833d10ba) at fault+0xa7 sys/arch/amd64/amd64/trap.c:161 kpageflttrap(ffff80003c4390a0,0) at kpageflttrap+0x37d sys/arch/amd64/amd64/trap.c:296 kerntrap(ffff80003c4390a0) at kerntrap+0x198 sys/arch/amd64/amd64/trap.c:491 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff800001532000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:586 end trace frame: 0xffff80003c4391d0, count: 0 ddb{1}> trace x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:654 comcnputc(800,a) at comcnputc+0xd0 comcn_read_reg sys/dev/ic/com.c:1655 [inline] comcnputc(800,a) at comcnputc+0xd0 sys/dev/ic/com.c:1259 cnputc(a) at cnputc+0x67 sys/dev/cons.c:218 db_putchar(a) at db_putchar+0x498 sys/ddb/db_output.c:168 kprintf() at kprintf+0x203 sys/kern/subr_prf.c:723 db_printf(ffffffff83311389) at db_printf+0x9b sys/kern/subr_prf.c:-1 fault(ffffffff833d10ba) at fault+0xa7 sys/arch/amd64/amd64/trap.c:161 kpageflttrap(ffff80003c4390a0,0) at kpageflttrap+0x37d sys/arch/amd64/amd64/trap.c:296 kerntrap(ffff80003c4390a0) at kerntrap+0x198 sys/arch/amd64/amd64/trap.c:491 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b dt_ioctl_record_stop(ffff800001532000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:586 dtclose(21e5f,81,2000,ffff800032802a90) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(21e5f,81,2000,ffff800032802a90) at dtclose+0x109 sys/dev/dt/dt_dev.c:232 spec_close(ffff80003c439250) at spec_close+0x466 sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd805e672ce0,81,fffffd80097fb6e8,ffff800032802a90) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156 vn_closefile(fffffd806b7daae0,ffff800032802a90) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd806b7daae0,ffff800032802a90) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd806b7daae0,ffff800032802a90) at fdrop+0x121 sys/kern/kern_descrip.c:1267 closef(fffffd806b7daae0,ffff800032802a90) at closef+0x192 sys/kern/kern_descrip.c:1251 syscall(ffff80003c4394b0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c4394b0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x762025d75f0, count: -22