*cpu1: uvm_fault(0xfffffc006c6ac018, 0x98, 0, 1) -> e
ddb{0}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7aeaefe86f40, count: -1
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80002eb85280
rbx 0
rdx 0
rcx 0xffff8000393a6028
rax 0x3b
r8 0xffff80002eb851b0
r9 0
r10 0x3bc3da66b9e85bb9
r11 0x20767bbd021da0f3
r12 0
r13 0
r14 0xffff8000393a6028
r15 0
rip 0xffffffff821a93ee savectx+0xae
cs 0x8
rflags 0x46
rsp 0xffff80002eb85200
ss 0x10
savectx+0xae: movl $0,%gs:0x688
ddb{0}> show proc
PROC (syz-executor) tid=516525 pid=99844 tcnt=2 stat=onproc
flags process=0 proc=0
runpri=50, usrpri=68, slppri=16, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003939f248,0xffff8000393a74f8
process=0xffff800034b94020 user=0xffff80002eb80000, vmspace=0xfffffc006c6ac5d0
estcpu=18, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
91071 308174 93902 0 2 0 syz-executor
68598 134376 83356 0 2 0 syz-executor
41890 485595 48603 0 2 0 syz-executor
41890 271949 48603 0 7 0x4000000 syz-executor
5039 426240 9329 0 2 0 syz-executor
*99844 516525 45334 0 7 0 syz-executor
99844 122481 45334 0 3 0x4000080 fsleep syz-executor
31647 452087 16362 0 3 0x80 nanoslp syz-executor
31647 345586 16362 0 3 0x4000080 netacc syz-executor
31647 517389 16362 0 3 0x4000080 fsleep syz-executor
79120 17371 67578 0 3 0x80 nanoslp syz-executor
79120 369801 67578 0 3 0x4000080 nanoslp syz-executor
79120 19897 67578 0 3 0x4000080 fsleep syz-executor
67578 196098 79569 0 3 0x82 nanoslp syz-executor
40146 53349 79569 0 3 0x82 nanoslp syz-executor
16362 341539 79569 0 3 0x82 nanoslp syz-executor
93902 522267 79569 0 3 0x82 nanoslp syz-executor
83356 278986 79569 0 3 0x82 nanoslp syz-executor
48603 39956 79569 0 3 0x82 nanoslp syz-executor
9329 194761 79569 0 3 0x82 nanoslp syz-executor
45334 99965 79569 0 3 0x82 nanoslp syz-executor
79569 16651 7234 0 3 0x82 kqread syz-executor
7234 147783 64339 0 3 0x10008a sigsusp ksh
64339 74102 14160 0 3 0x98 kqread sshd-session
14160 513791 88480 0 3 0x92 kqread sshd-session
50929 3690 1 0 3 0x100083 ttyin getty
88480 515210 1 0 3 0x88 kqread sshd
11324 511415 15172 74 3 0x1100092 bpf pflogd
15172 405430 1 0 3 0x80 sbwait pflogd
9991 232313 61524 73 3 0x1100090 kqread syslogd
61524 314027 1 0 3 0x100082 sbwait syslogd
65855 369784 1 0 3 0x100080 kqread resolvd
81889 127579 1048 77 3 0x100092 kqread dhcpleased
16860 376425 1048 77 3 0x100092 kqread dhcpleased
1048 96274 1 0 3 0x80 kqread dhcpleased
41459 388485 0 0 3 0x14200 bored smr
11450 90433 0 0 2 0x14200 zerothread
98407 224040 0 0 3 0x14200 aiodoned aiodoned
81581 232103 0 0 3 0x14200 syncer update
68833 468884 0 0 3 0x14200 cleaner cleaner
83349 186444 0 0 3 0x14200 reaper reaper
18108 152887 0 0 3 0x14200 pgdaemon pagedaemon
91609 26394 0 0 3 0x14200 bored viomb
62726 161938 0 0 3 0x40014200 acpi0 acpi0
75726 379388 0 0 3 0x40014200 idle1
37211 385349 0 0 3 0x14200 bored softnet1
83742 153474 0 0 3 0x14200 bored softnet0
81435 182696 0 0 3 0x14200 bored systqmp
724 58421 0 0 3 0x14200 bored systq
65912 172904 0 0 3 0x14200 tmoslp softclockmp
12298 34233 0 0 3 0x40014200 tmoslp softclock
3113 406667 0 0 3 0x40014200 idle0
1 243389 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffc006c447a10)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 pmap_write_protect+0x80 rcr3 sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:139 [inline]
#2 pmap_write_protect+0x80 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:441 [inline]
#2 pmap_write_protect+0x80 sys/arch/amd64/amd64/pmap.c:2173
#3 uvm_map_protect+0xb95 pmap_protect sys/arch/amd64/compile/SYZKALLER/obj/machine/pmap.h:481 [inline]
#3 uvm_map_protect+0xb95 sys/uvm/uvm_map.c:3202
#4 sys_mprotect+0x351 sys/uvm/uvm_mmap.c:590
#5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
#6 Xsyscall+0x128
Process 41890 (syz-executor) thread 0xffff8000393a62c0 (271949)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83a77e80)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline]
#1 syscall+0xaf4 sys/arch/amd64/amd64/trap.c:783
#2 Xsyscall+0x128
Process 99844 (syz-executor) thread 0xffff8000393a6028 (516525)
exclusive rwlock uobjlk r = 0 (0xfffffc006c893c98)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 uvm_map_protect+0xb36 sys/uvm/uvm_map.c:3202
#3 sys_mprotect+0x351 sys/uvm/uvm_mmap.c:590
#4 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#4 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
#5 Xsyscall+0x128
exclusive rwlock vmmaplk r = 0 (0xfffffc006c6ac6d0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5171
#3 uvm_map_protect+0xe0 sys/uvm/uvm_map.c:3075
#4 sys_mprotect+0x351 sys/uvm/uvm_mmap.c:590
#5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
#6 Xsyscall+0x128
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffc006c447a10)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 pmap_write_protect+0x80 rcr3 sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:139 [inline]
#2 pmap_write_protect+0x80 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:441 [inline]
#2 pmap_write_protect+0x80 sys/arch/amd64/amd64/pmap.c:2173
#3 uvm_map_protect+0xb95 pmap_protect sys/arch/amd64/compile/SYZKALLER/obj/machine/pmap.h:481 [inline]
#3 uvm_map_protect+0xb95 sys/uvm/uvm_map.c:3202
#4 sys_mprotect+0x351 sys/uvm/uvm_mmap.c:590
#5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
#6 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11063 12150K 12156K 166960K 12297 0
pcb 17 12K 12K 166960K 20 0
rtable 247 7K 7K 166960K 381 0
pf 39 18K 24K 166960K 73 0
ifaddr 46 7K 8K 166960K 49 0
ifgroup 64 2K 2K 166960K 64 0
sysctl 1 1K 9K 166960K 5 0
counters 78 37K 37K 166960K 78 0
ioctlops 0 0K 4K 166960K 1486 0
iov 0 0K 2K 166960K 2 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1293 81K 82K 166960K 1377 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 1K 166960K 2 0
VM map 2 1K 1K 166960K 2 0
sem 2 0K 0K 166960K 2 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 89K 166960K 157 0
proc 70 115K 164K 166960K 552 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 4 0
in_multi 100 7K 7K 166960K 101 0
ether_multi 1 0K 0K 166960K 1 0
mrt 0 0K 0K 166960K 2 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 37 175K 175K 166960K 37 0
exec 0 0K 1K 166960K 397 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 218 166K 177K 166960K 3453 0
UVM aobj 3 2K 2K 166960K 3 0
pinsyscall 43 86K 102K 166960K 1353 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 3 0
NDP 30 2K 2K 166960K 30 0
temp 36 9118K 9174K 166960K 4124 0
kqueue 16 26K 30K 166960K 32 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 39 0 36 1 0 1 1 0 8 0
rtentry 176 113 0 2 6 0 6 6 0 8 0
unpcb 144 56 0 36 1 0 1 1 0 8 0
syncache 336 4 0 4 1 0 1 1 0 8 1
tcpcb 736 14 0 9 1 0 1 1 0 8 0
arp 136 18 0 0 1 0 1 1 0 8 0
inpcb 328 83 0 73 2 0 2 2 0 8 0
nd6 152 24 0 0 1 0 1 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
ppxss 1192 2 0 0 1 0 1 1 0 8 0
pppxif 1576 2 0 0 1 0 1 1 0 8 0
pffrag 232 1 0 0 1 0 1 1 0 482 0
pffrnode 88 1 0 0 1 0 1 1 0 8 0
pffrent 40 1 0 0 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfanchor 1288 9 0 9 1 0 1 1 0 8 1
pfstitem 24 18 0 0 1 0 1 1 0 8 0
pfstkey 128 18 0 0 1 0 1 1 0 8 0
pfstate 448 18 0 0 2 0 2 2 0 8 0
pfrule 1360 21 0 15 2 0 2 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 459 0 0 29 0 29 29 0 8 0
art_table 40 460 0 0 5 0 5 5 0 8 0
art_node 32 113 0 12 1 0 1 1 0 8 0
sysvmsgpl 40 1 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1603 0 134 93 0 93 93 0 8 0
ffsino 296 1603 0 134 114 0 114 114 0 8 0
nchpl 144 1817 0 117 64 0 64 64 0 8 0
vnodes 216 1700 0 0 95 0 95 95 0 8 0
namei 1024 5638 0 5638 2 0 2 2 0 8 2
percpumem 16 54 0 0 1 0 1 1 0 8 0
kstatmem 264 31 0 0 3 0 3 3 0 8 0
scxspl 216 6354 0 6354 4 3 1 3 1 8 1
plimitpl 152 31 0 14 1 0 1 1 0 8 0
sigapl 424 486 0 438 7 0 7 7 0 8 1
knotepl 120 56 0 0 2 0 2 2 0 8 0
kqueuepl 224 32 0 18 2 0 2 2 0 8 0
pipepl 344 130 0 103 3 0 3 3 0 8 0
fdescpl 528 470 0 438 3 0 3 3 0 8 0
filepl 160 1690 0 1470 11 0 11 11 0 8 1
lockfpl 104 14 0 12 1 0 1 1 0 8 0
lockfspl 48 8 0 6 1 0 1 1 0 8 0
sessionpl 144 25 0 16 1 0 1 1 0 8 0
pgrppl 48 33 0 16 1 0 1 1 0 8 0
ucredpl 104 102 0 89 1 0 1 1 0 8 0
zombiepl 144 439 0 438 1 0 1 1 0 8 0
processpl 1232 486 0 438 5 0 5 5 0 8 0
procpl 664 524 0 470 6 0 6 6 0 8 0
sockpl 752 178 0 145 4 0 4 4 0 8 0
mcl64k 65536 2 0 0 1 0 1 1 0 8 0
mcl16k 16384 3 0 0 1 0 1 1 0 8 0
mcl9k128 9344 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 121 0 0 16 0 16 16 0 8 0
mcl2k 2048 14 0 0 2 0 2 2 0 8 0
mtagpl 96 3 0 0 1 0 1 1 0 8 0
mbufpl 256 124 0 0 8 0 8 8 0 8 0
bufpl 272 2321 0 105 148 0 148 148 0 8 0
anonpl 32 8083 0 0 66 0 66 66 0 246 0
amapchunkpl 152 9136 0 8705 22 0 22 22 0 158 2
amappl16 200 2011 0 1992 16 0 16 16 0 8 10
amappl15 192 1 0 1 1 0 1 1 0 8 1
amappl14 184 445 0 444 1 0 1 1 0 8 0
amappl13 176 129 0 117 1 0 1 1 0 8 0
amappl12 168 728 0 699 2 0 2 2 0 8 0
amappl11 160 6 0 6 1 0 1 1 0 8 1
amappl10 152 68 0 53 1 0 1 1 0 8 0
amappl9 144 273 0 273 1 0 1 1 0 8 1
amappl8 136 101 0 99 1 0 1 1 0 8 0
amappl7 128 182 0 168 1 0 1 1 0 8 0
amappl6 120 152 0 151 1 0 1 1 0 8 0
amappl5 112 102 0 92 1 0 1 1 0 8 0
amappl4 104 302 0 284 1 0 1 1 0 8 0
amappl3 96 1596 0 1493 4 0 4 4 0 8 1
amappl2 88 580 0 522 2 0 2 2 0 8 0
amappl1 80 10623 0 10025 15 0 15 15 0 8 1
amappl 88 2698 0 2552 5 0 5 5 0 92 1
uvmvnodes 80 100 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
uaddrrnd 24 470 0 438 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 470 0 438 1 0 1 1 0 8 0
vmmpekpl 168 5927 0 5895 2 0 2 2 0 8 0
vmmpepl 168 40025 0 38130 97 0 97 97 0 357 8
vmsppl 488 469 0 438 5 0 5 5 0 8 0
rwobjpl 80 15117 0 14124 28 0 28 28 0 8 3
pdppl 4096 947 0 876 99 16 83 83 0 8 12
pvpl 32 15294 0 0 125 0 125 125 0 265 1
pmappl 256 469 0 438 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 416 0 18 12 0 12 12 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7aeaefe86f40, count: -1
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff80002999dff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:670
comcnputc(800,72) at comcnputc+0x250 comcn_read_reg sys/dev/ic/com.c:1671 [inline]
comcnputc(800,72) at comcnputc+0x250 sys/dev/ic/com.c:1274
cnputc(72) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(72) at db_putchar+0x36d sys/ddb/db_output.c:155
kprintf() at kprintf+0x223 sys/kern/subr_prf.c:723
db_printf(ffffffff8354788c) at db_printf+0x9b sys/kern/subr_prf.c:-1
db_ktrap(6,0,ffff80003c404e30) at db_ktrap+0xe3 db_printtrap sys/arch/amd64/amd64/db_interface.c:99 [inline]
db_ktrap(6,0,ffff80003c404e30) at db_ktrap+0xe3 sys/arch/amd64/amd64/db_interface.c:128
kerntrap(ffff80003c404e30) at kerntrap+0x243 sys/arch/amd64/amd64/trap.c:519
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
dovutimens(ffff8000393a62c0,fffffc006b79a528,ffff80003c404ff0) at dovutimens+0x368 sys/kern/vfs_syscalls.c:2690
sys_futimens(ffff8000393a62c0,ffff80003c405140,ffff80003c405090) at sys_futimens+0xb3 sys/kern/vfs_syscalls.c:2766
end trace frame: 0xffff80003c405130, count: 0
ddb{1}> trace
x86_ipi_db(ffff80002999dff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:670
comcnputc(800,72) at comcnputc+0x250 comcn_read_reg sys/dev/ic/com.c:1671 [inline]
comcnputc(800,72) at comcnputc+0x250 sys/dev/ic/com.c:1274
cnputc(72) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(72) at db_putchar+0x36d sys/ddb/db_output.c:155
kprintf() at kprintf+0x223 sys/kern/subr_prf.c:723
db_printf(ffffffff8354788c) at db_printf+0x9b sys/kern/subr_prf.c:-1
db_ktrap(6,0,ffff80003c404e30) at db_ktrap+0xe3 db_printtrap sys/arch/amd64/amd64/db_interface.c:99 [inline]
db_ktrap(6,0,ffff80003c404e30) at db_ktrap+0xe3 sys/arch/amd64/amd64/db_interface.c:128
kerntrap(ffff80003c404e30) at kerntrap+0x243 sys/arch/amd64/amd64/trap.c:519
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
dovutimens(ffff8000393a62c0,fffffc006b79a528,ffff80003c404ff0) at dovutimens+0x368 sys/kern/vfs_syscalls.c:2690
sys_futimens(ffff8000393a62c0,ffff80003c405140,ffff80003c405090) at sys_futimens+0xb3 sys/kern/vfs_syscalls.c:2766
syscall(ffff80003c405140) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c405140) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xdbca478c0d0, count: -16