*cpu0: uvm_fault(0xfffff8806c4a2208, 0x98, 0, 1) -> e
ddb{1}> trace
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x77e0d5b9adb0, count: -1
ddb{1}> show registers
rdi 0
rsi 0
rbp 0xffff80003abac590
rbx 0
rdx 0
rcx 0xffff8000fffe6550
rax 0x2a
r8 0xffff80003abac4c0
r9 0x1
r10 0xc346536d0efacf7c
r11 0x824dbeea2cafb15b
r12 0
r13 0
r14 0
r15 0
rip 0xffffffff81f904c7 proc_trampoline+0xc7
cs 0x8
rflags 0x246
rsp 0xffff80003abac510
ss 0
proc_trampoline+0xc7: movl $0,%gs:0x688
ddb{1}> show proc
PROC (syz-executor) tid=327895 pid=93226 tcnt=2 stat=onproc
flags process=0 proc=0
runpri=50, usrpri=86, slppri=16, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000fffe6020,0xffff8000fffef780
process=0xffff80003c3ce6a0 user=0xffff80003aba7000, vmspace=0xfffff8806c4a27c0
estcpu=36, cpticks=2, pctcpu=0.0, user=1, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*93226 327895 84915 0 7 0 syz-executor
93226 352231 84915 0 3 0x4000080 fsleep syz-executor
76822 30336 59380 0 2 0 syz-executor
76822 347558 59380 0 2 0x4000000 syz-executor
57975 487926 10051 0 2 0 syz-executor
57975 256055 10051 0 3 0x4000080 kqsel syz-executor
57975 374321 10051 0 2 0x4000000 syz-executor
26643 47879 8409 0 2 0xc80 syz-executor
26643 102085 8409 0 3 0x4000000 clonelk syz-executor
26643 524000 8409 0 3 0x4000080 fsleep syz-executor
48878 495569 10026 0 2 0 syz-executor
48878 303122 10026 0 3 0x4000080 fsleep syz-executor
20126 488172 58618 0 3 0x3000 suspend syz-executor
20126 264618 58618 0 3 0x4081000 smrbar syz-executor
73797 416370 16950 0 2 0 syz-executor
73797 271175 16950 0 7 0x4000000 syz-executor
84119 5271 62347 0 2 0 syz-executor
84119 69971 62347 0 3 0x4000080 fsleep syz-executor
84119 56715 62347 0 3 0x4000080 fsleep syz-executor
10051 141437 58220 0 3 0x82 nanoslp syz-executor
8409 282461 58220 0 3 0x82 nanoslp syz-executor
10026 306256 58220 0 2 0x2 syz-executor
62347 492801 58220 0 3 0x82 nanoslp syz-executor
84915 271842 58220 0 3 0x82 nanoslp syz-executor
16950 325474 58220 0 2 0xc82 syz-executor
59380 288408 58220 0 2 0xc82 syz-executor
58618 99528 58220 0 2 0xc82 syz-executor
58220 131292 19169 0 3 0x82 kqread syz-executor
19169 99564 65078 0 3 0x10008a sigsusp ksh
65078 19541 95782 0 3 0x98 kqread sshd-session
95782 296741 28632 0 3 0x92 kqread sshd-session
92700 221230 1 0 3 0x100083 ttyin getty
28632 78704 1 0 3 0x88 kqread sshd
22333 150992 85858 74 3 0x1100092 bpf pflogd
85858 367903 1 0 3 0x80 sbwait pflogd
72750 404983 28469 73 3 0x1100090 kqread syslogd
28469 109550 1 0 3 0x100082 sbwait syslogd
9817 415915 1 0 3 0x100080 kqread resolvd
26809 449947 11082 77 3 0x100092 kqread dhcpleased
78040 189102 11082 77 3 0x100092 kqread dhcpleased
11082 130625 1 0 3 0x80 kqread dhcpleased
89639 176339 0 0 3 0x14200 bored smr
5878 118905 0 0 2 0x14200 zerothread
8149 82319 0 0 3 0x14200 aiodoned aiodoned
26333 502609 0 0 3 0x14200 syncer update
67950 522010 0 0 3 0x14200 cleaner cleaner
27397 402593 0 0 3 0x14200 reaper reaper
22471 183848 0 0 3 0x14200 pgdaemon pagedaemon
94171 383968 0 0 3 0x14200 bored viomb
95613 322625 0 0 3 0x40014200 acpi0 acpi0
4489 226534 0 0 3 0x40014200 idle1
10050 463976 0 0 3 0x14200 bored softnet1
32585 425483 0 0 3 0x14200 bored softnet0
74192 244938 0 0 3 0x14200 bored systqmp
22975 490332 0 0 3 0x14200 bored systq
20437 182683 0 0 2 0x14200 softclockmp
61754 455292 0 0 3 0x40014200 tmoslp softclock
72947 514904 0 0 3 0x40014200 idle0
1 125902 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex &uvm.pageqlock r = 0 (0xffffffff83a2d1a0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 uvm_pageactivate+0x15a sys/uvm/uvm_page.c:1270
#3 uvm_fault_lower+0x25c sys/uvm/uvm_fault.c:1379
#4 uvm_fault+0x274 sys/uvm/uvm_fault.c:-1
#5 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192
#6 usertrap+0x430 sys/arch/amd64/amd64/trap.c:640
#7 recall_trap+0x8
Process 93226 (syz-executor) thread 0xffff8000fffe6550 (327895)
shared rwlock uobjlk r = 0 (0xfffff88078e968a8)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_read+0x3e8 sys/kern/kern_rwlock.c:413
#2 uvm_fault_lower_lookup+0x53 sys/uvm/uvm_fault.c:1204
#3 uvm_fault_lower+0x89 sys/uvm/uvm_fault.c:1334
#4 uvm_fault+0x274 sys/uvm/uvm_fault.c:-1
#5 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192
#6 usertrap+0x430 sys/arch/amd64/amd64/trap.c:640
#7 recall_trap+0x8
shared rwlock vmmaplk r = 0 (0xfffff8806c4a28c0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_read+0x3e8 sys/kern/kern_rwlock.c:413
#2 uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1880
#3 uvm_fault_check+0x4f sys/uvm/uvm_fault.c:693
#4 uvm_fault+0x106 sys/uvm/uvm_fault.c:627
#5 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192
#6 usertrap+0x430 sys/arch/amd64/amd64/trap.c:640
#7 recall_trap+0x8
exclusive mutex &uvm.pageqlock r = 0 (0xffffffff83a2d1a0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 uvm_pageactivate+0x15a sys/uvm/uvm_page.c:1270
#3 uvm_fault_lower+0x25c sys/uvm/uvm_fault.c:1379
#4 uvm_fault+0x274 sys/uvm/uvm_fault.c:-1
#5 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192
#6 usertrap+0x430 sys/arch/amd64/amd64/trap.c:640
#7 recall_trap+0x8
Process 20126 (syz-executor) thread 0xffff8000fffeed10 (264618)
exclusive rwlock clonelk r = 0 (0xffffffff83965af8)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 if_clone_destroy+0x93 sys/net/if.c:-1
#3 tun_dev_close+0x1d9 sys/net/if_tun.c:526
#4 spec_close+0x417 sys/kern/spec_vnops.c:-1
#5 VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156
#6 vn_close+0xa3 sys/kern/vfs_vnops.c:298
#7 vndioctl+0xd76 sys/dev/vnd.c:475
#8 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264
#9 vn_ioctl+0xf8 sys/kern/vfs_vnops.c:537
#10 sys_ioctl+0x674 sys/kern/sys_generic.c:-1
#11 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#11 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
#12 Xsyscall+0x128
Process 73797 (syz-executor) thread 0xffff8000fffe62b8 (271175)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83a2ff00)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline]
#1 syscall+0xaf4 sys/arch/amd64/amd64/trap.c:783
#2 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11053 12086K 12149K 166960K 12152 0
pcb 18 12K 12K 166960K 18 0
rtable 239 6K 7K 166960K 359 0
pf 37 18K 24K 166960K 61 0
ifaddr 44 7K 7K 166960K 46 0
ifgroup 60 2K 2K 166960K 60 0
sysctl 1 1K 9K 166960K 5 0
counters 72 37K 37K 166960K 72 0
ioctlops 0 0K 4K 166960K 1486 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1295 81K 82K 166960K 1369 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 3 0
VM map 2 1K 1K 166960K 2 0
sem 3 0K 0K 166960K 3 0
dirhash 12 2K 2K 166960K 15 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 93K 166960K 148 0
proc 70 115K 180K 166960K 552 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 2 0
in_multi 99 7K 7K 166960K 99 0
ether_multi 1 0K 0K 166960K 1 0
mrt 0 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 25 122K 122K 166960K 25 0
exec 0 0K 1K 166960K 392 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 237 159K 169K 166960K 3131 0
UVM aobj 4 2K 2K 166960K 4 0
pinsyscall 43 86K 106K 166960K 1337 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
NDP 29 2K 2K 166960K 29 0
temp 34 9114K 9120K 166960K 4002 0
kqueue 13 20K 30K 166960K 33 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 39 0 36 1 0 1 1 0 8 0
rtentry 176 112 0 1 6 0 6 6 0 8 0
unpcb 144 45 0 28 1 0 1 1 0 8 0
syncache 336 4 0 4 1 0 1 1 0 8 1
tcpcb 736 11 0 5 1 0 1 1 0 8 0
arp 136 19 0 0 1 0 1 1 0 8 0
inpcb 328 78 0 65 2 0 2 2 0 8 0
nd6 152 24 0 0 1 0 1 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfanchor 1288 9 0 0 1 0 1 1 0 8 0
pfstitem 24 19 0 0 1 0 1 1 0 8 0
pfstkey 128 19 0 0 1 0 1 1 0 8 0
pfstate 448 19 0 0 3 0 3 3 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 453 0 0 29 0 29 29 0 8 0
art_table 40 454 0 0 5 0 5 5 0 8 0
art_node 32 112 0 11 1 0 1 1 0 8 0
semapl 72 1 0 0 1 0 1 1 0 8 0
shmpl 112 1 0 0 1 0 1 1 0 8 0
dirhash 1024 19 0 2 3 0 3 3 0 8 0
dino2pl 256 1588 0 116 93 0 93 93 0 8 0
ffsino 296 1588 0 116 114 0 114 114 0 8 0
nchpl 144 1794 0 86 64 0 64 64 0 8 0
vnodes 216 1681 0 0 94 0 94 94 0 8 0
namei 1024 5539 0 5539 1 0 1 1 0 8 1
percpumem 16 51 0 0 1 0 1 1 0 8 0
kstatmem 264 29 0 0 2 0 2 2 0 8 0
scxspl 216 6181 0 6181 4 2 2 3 1 8 2
plimitpl 152 30 0 12 1 0 1 1 0 8 0
sigapl 424 475 0 427 7 0 7 7 0 8 1
knotepl 120 58 0 0 2 0 2 2 0 8 0
kqueuepl 224 27 0 17 1 0 1 1 0 8 0
pipepl 344 129 0 102 3 0 3 3 0 8 0
fdescpl 528 459 0 427 3 0 3 3 0 8 0
filepl 160 1630 0 1407 10 0 10 10 0 8 0
lockfpl 104 13 0 10 1 0 1 1 0 8 0
lockfspl 48 8 0 5 1 0 1 1 0 8 0
sessionpl 144 24 0 15 1 0 1 1 0 8 0
pgrppl 48 32 0 15 1 0 1 1 0 8 0
ucredpl 104 86 0 73 1 0 1 1 0 8 0
zombiepl 144 428 0 427 1 0 1 1 0 8 0
processpl 1232 475 0 427 5 0 5 5 0 8 0
procpl 664 500 0 441 5 0 5 5 0 8 0
sockpl 752 164 0 131 4 0 4 4 0 8 0
mcl64k 65536 1 0 0 1 0 1 1 0 8 0
mcl16k 16384 3 0 0 1 0 1 1 0 8 0
mcl12k 12288 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 125 0 0 16 0 16 16 0 8 0
mcl2k 2048 15 0 0 2 0 2 2 0 8 0
mtagpl 96 3 0 0 1 0 1 1 0 8 0
mbufpl 256 167 0 0 11 0 11 11 0 8 0
bufpl 272 3337 0 105 216 0 216 216 0 8 0
anonpl 32 7635 0 0 62 0 62 62 0 246 0
amapchunkpl 152 8508 0 7984 21 0 21 21 0 158 0
amappl16 200 1771 0 1512 14 0 14 14 0 8 0
amappl15 192 5 0 4 1 0 1 1 0 8 0
amappl14 184 442 0 441 1 0 1 1 0 8 0
amappl13 176 125 0 113 1 0 1 1 0 8 0
amappl12 168 758 0 727 2 0 2 2 0 8 0
amappl11 160 5 0 5 1 0 1 1 0 8 1
amappl10 152 63 0 49 1 0 1 1 0 8 0
amappl9 144 277 0 277 1 0 1 1 0 8 1
amappl8 136 118 0 116 1 0 1 1 0 8 0
amappl7 128 149 0 136 1 0 1 1 0 8 0
amappl6 120 156 0 155 1 0 1 1 0 8 0
amappl5 112 99 0 88 1 0 1 1 0 8 0
amappl4 104 297 0 278 1 0 1 1 0 8 0
amappl3 96 1583 0 1463 3 0 3 3 0 8 0
amappl2 88 558 0 500 2 0 2 2 0 8 0
amappl1 80 10669 0 10061 15 0 15 15 0 8 0
amappl 88 2384 0 2217 4 0 4 4 0 92 0
uvmvnodes 80 100 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 3 0 0 1 0 1 1 0 8 0
uaddrrnd 24 459 0 427 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 459 0 427 1 0 1 1 0 8 0
vmmpekpl 168 5780 0 5749 2 0 2 2 0 8 0
vmmpepl 168 38920 0 36736 98 0 98 98 0 357 1
vmsppl 488 458 0 427 5 0 5 5 0 8 1
rwobjpl 80 14709 0 13442 28 0 28 28 0 8 0
pdppl 4096 925 0 854 105 20 85 85 0 8 14
pvpl 32 14604 0 0 118 0 118 118 0 265 0
pmappl 256 458 0 427 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 493 0 23 14 0 14 14 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff838f1ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:682
acpitimer_delay(1) at acpitimer_delay+0x76 acpitimer_read sys/dev/acpi/acpitimer.c:142 [inline]
acpitimer_delay(1) at acpitimer_delay+0x76 sys/dev/acpi/acpitimer.c:120
comcnputc(800,29) at comcnputc+0x29b sys/dev/ic/com.c:1274
cnputc(29) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(29) at db_putchar+0x36d sys/ddb/db_output.c:155
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
db_printf(ffffffff8345e150) at db_printf+0x9b sys/kern/subr_prf.c:-1
fault(ffffffff83520401) at fault+0xa7 sys/arch/amd64/amd64/trap.c:161
kpageflttrap(ffff80003c3ca720,98) at kpageflttrap+0x37d sys/arch/amd64/amd64/trap.c:296
kerntrap(ffff80003c3ca720) at kerntrap+0x19d sys/arch/amd64/amd64/trap.c:528
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
end trace frame: 0xffff80003c3ca8d0, count: 0
ddb{0}> trace
x86_ipi_db(ffffffff838f1ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:682
acpitimer_delay(1) at acpitimer_delay+0x76 acpitimer_read sys/dev/acpi/acpitimer.c:142 [inline]
acpitimer_delay(1) at acpitimer_delay+0x76 sys/dev/acpi/acpitimer.c:120
comcnputc(800,29) at comcnputc+0x29b sys/dev/ic/com.c:1274
cnputc(29) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(29) at db_putchar+0x36d sys/ddb/db_output.c:155
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
db_printf(ffffffff8345e150) at db_printf+0x9b sys/kern/subr_prf.c:-1
fault(ffffffff83520401) at fault+0xa7 sys/arch/amd64/amd64/trap.c:161
kpageflttrap(ffff80003c3ca720,98) at kpageflttrap+0x37d sys/arch/amd64/amd64/trap.c:296
kerntrap(ffff80003c3ca720) at kerntrap+0x19d sys/arch/amd64/amd64/trap.c:528
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
dovutimens(ffff8000fffe62b8,fffff8806c5c5440,ffff80003c3ca8e0) at dovutimens+0x368 sys/kern/vfs_syscalls.c:2690
sys_futimens(ffff8000fffe62b8,ffff80003c3caa30,ffff80003c3ca980) at sys_futimens+0xb3 sys/kern/vfs_syscalls.c:2766
syscall(ffff80003c3caa30) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c3caa30) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x6854770a1c0, count: -18
ddb{0}> machine ddbcpu 1
Stopped at proc_trampoline+0xc7: movl $0,%gs:0x688
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x77e0d5b9adb0, count: 14
ddb{1}> trace
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x77e0d5b9adb0, count: -1