uvm_fault(fffffd8071570460,20000000,0,2) at uvm_fault+0x240 sys/uvm/uvm_fault.c:638
kpageflttrap(ffff800022ef9cb0,200000c0) at kpageflttrap+0x1fd sys/arch/amd64/amd64/trap.c:264
kerntrap(ffff800022ef9cb0) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:318
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyout() at copyout+0x53
syscall(ffff800022ef9ef0) at syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800022ef9ef0) at syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x45d0099b00, count: -15
ddb{0}> show registers
rdi 0xffff800021a9e000
rsi 0x3811 __ALIGN_SIZE+0x2811
rbp 0xffff800022ef9630
rbx 0x3
rdx 0xffff800021a9e000
rcx 0x3810 __ALIGN_SIZE+0x2810
rax 0xffffffff82229267 db_enter+0x17
r8 0xffffffff81581c0c witness_checkorder+0x10cc
r9 0x5
r10 0x7a29f851b07f55a9
r11 0x6b4c23cdbe38c2fd
r12 0xfffffd8002dac7c0
r13 0
r14 0
r15 0
rip 0xffffffff82229268 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800022ef9620
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.0) pid=486685 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=76, nice=20
forw=0xffffffffffffffff, list=0xffff800021244548,0xffff8000212442b8
process=0xffff8000ffff8438 user=0xffff800022ef4000, vmspace=0xfffffd8071570460
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
29948 261303 6551 0 2 0 syz-executor.0
*29948 486685 6551 0 7 0x4000000 syz-executor.0
29948 383038 6551 0 3 0x4000080 fsleep syz-executor.0
6551 517079 63011 0 3 0x82 nanoslp syz-executor.0
9908 122817 0 0 3 0x14280 nfsidl nfsio
37369 62933 0 0 3 0x14280 nfsidl nfsio
10033 258033 0 0 3 0x14280 nfsidl nfsio
56129 481062 0 0 3 0x14280 nfsidl nfsio
89140 290417 0 0 3 0x14280 nfsidl nfsio
24504 386064 0 0 3 0x14280 nfsidl nfsio
73301 45022 0 0 3 0x14280 nfsidl nfsio
63424 14865 0 0 3 0x14280 nfsidl nfsio
10322 333750 0 0 3 0x14280 nfsidl nfsio
78379 384896 0 0 3 0x14280 nfsidl nfsio
59701 251807 0 0 3 0x14280 nfsidl nfsio
72278 221336 0 0 3 0x14280 nfsidl nfsio
87020 191663 0 0 3 0x14280 nfsidl nfsio
64463 464164 0 0 3 0x14280 nfsidl nfsio
44827 479640 0 0 3 0x14280 nfsidl nfsio
58015 275821 0 0 3 0x14280 nfsidl nfsio
91858 479277 0 0 3 0x14280 nfsidl nfsio
9338 482311 0 0 3 0x14280 nfsidl nfsio
54465 436930 0 0 3 0x14280 nfsidl nfsio
16562 12909 0 0 3 0x14280 nfsidl nfsio
64357 496415 63011 0 3 0x82 nanoslp syz-executor.1
28669 328122 1 0 3 0x100083 ttyin getty
45408 368972 0 0 3 0x14200 bored sosplice
63011 302617 54799 0 3 0x82 thrsleep syz-fuzzer
63011 174332 54799 0 3 0x4000082 thrsleep syz-fuzzer
63011 178413 54799 0 3 0x4000082 thrsleep syz-fuzzer
63011 418553 54799 0 3 0x4000082 thrsleep syz-fuzzer
63011 88862 54799 0 3 0x4000082 thrsleep syz-fuzzer
63011 81257 54799 0 3 0x4000082 thrsleep syz-fuzzer
63011 270672 54799 0 3 0x4000082 thrsleep syz-fuzzer
63011 32718 54799 0 3 0x4000082 kqread syz-fuzzer
54799 275725 25001 0 3 0x10008a sigsusp ksh
25001 422168 38941 0 3 0x9a select sshd
38941 259446 1 0 3 0x88 select sshd
60058 163345 88475 74 3 0x100092 bpf pflogd
88475 160270 1 0 3 0x80 netio pflogd
56210 294738 28612 73 3 0x100090 kqread syslogd
28612 452029 1 0 3 0x100082 netio syslogd
40934 121522 1 0 3 0x100080 kqread resolvd
19905 115562 24801 77 3 0x100092 kqread dhcpleased
61712 483835 24801 77 3 0x100092 kqread dhcpleased
24801 446237 1 0 3 0x80 kqread dhcpleased
49061 452548 0 0 3 0x14200 bored smr
20104 320196 0 0 2 0x14200 zerothread
39889 62050 0 0 3 0x14200 aiodoned aiodoned
99487 196692 0 0 3 0x14200 syncer update
10740 72556 0 0 3 0x14200 cleaner cleaner
38184 153752 0 0 3 0x14200 reaper reaper
55274 129034 0 0 3 0x14200 pgdaemon pagedaemon
92265 94660 0 0 3 0x14200 bored crynlk
33869 373473 0 0 3 0x14200 bored crypto
60384 275276 0 0 3 0x14200 bored viomb
99259 308317 0 0 3 0x40014200 acpi0 acpi0
30789 128838 0 0 7 0x40014200 idle1
61010 341912 0 0 3 0x14200 bored softnet
4460 160728 0 0 3 0x14200 bored systqmp
94991 11178 0 0 3 0x14200 bored systq
92425 95817 0 0 3 0x40014200 bored softclock
67536 78747 0 0 3 0x40014200 idle0
1 336944 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 29948 (syz-executor.0) thread 0xffff800021244008 (486685)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8299c178)
#0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182
#1 uvm_fault+0x224 sys/uvm/uvm_fault.c:637
#2 kpageflttrap+0x1fd sys/arch/amd64/amd64/trap.c:264
#3 kerntrap+0xef sys/arch/amd64/amd64/trap.c:318
#4 alltraps_kern_meltdown+0x7b
#5 copyout+0x53
#6 syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#6 syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
#7 Xsyscall+0x128
exclusive rwlock fdlock r = 0 (0xfffffd806f5dfdf0)
#0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182
#1 dopipe+0xd6
#2 syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#2 syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
#3 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10189 6450K 7585K 78643K 17564 0
pcb 13 8K 8K 78643K 439 0
rtable 113 4K 4K 78643K 747 0
ifaddr 81 15K 15K 78643K 244 0
counters 44 34K 34K 78643K 92 0
ioctlops 0 0K 4K 78643K 1690 0
iov 0 0K 24K 78643K 248 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 6 0
vnodes 1225 77K 77K 78643K 3415 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 44 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 928 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12598 0
file desc 5 13K 25K 78643K 8068 0
sigio 0 0K 0K 78643K 55 0
proc 70 87K 111K 78643K 756 0
subproc 32 2K 2K 78643K 136 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 587 0
in_multi 33 2K 2K 78643K 429 0
ether_multi 1 0K 0K 78643K 83 0
mrt 0 0K 0K 78643K 59 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 55 254K 254K 78643K 55 0
exec 0 0K 2K 78643K 770 0
pfkey data 0 0K 1K 78643K 17 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 297 116K 117K 78643K 97143 0
UVM aobj 39 7K 7K 78643K 49 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 294 0
NDP 15 0K 0K 78643K 85 0
temp 143 4210K 4334K 78643K 44175 0
kqueue 10 14K 24K 78643K 261 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 183 0 180 1 0 1 1 0 8 0
rtentry 112 229 0 184 2 0 2 2 0 8 0
unpcb 120 1713 0 1696 1 0 1 1 0 8 0
syncache 296 40 0 40 8 8 0 1 0 8 0
tcpqe 32 133 0 133 9 9 0 1 0 8 0
tcpcb 736 953 0 949 23 22 1 4 0 8 0
arp 120 20 0 14 1 0 1 1 0 8 0
inpcb 304 2614 0 2607 18 17 1 2 0 8 0
rttmr 72 18 0 18 3 3 0 1 0 8 0
nd6 48 57 0 50 1 0 1 1 0 8 0
pkpcb 40 32 0 32 6 6 0 1 0 8 0
kcovpl 48 8 0 6 1 0 1 1 0 8 0
ppxss 1248 5 0 5 3 3 0 1 0 8 0
pffrag 232 4 0 4 2 2 0 1 0 482 0
pffrnode 88 4 0 4 2 2 0 1 0 8 0
pffrent 40 11 0 11 4 4 0 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 2 0 2 1 1 0 1 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfqueue 264 8 0 8 1 1 0 1 0 8 0
pfstitem 24 160 0 151 1 0 1 1 0 8 0
pfstkey 112 160 0 151 2 1 1 2 0 8 0
pfstate 320 160 0 151 9 8 1 6 0 8 0
pfrule 1360 47 0 42 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1017 0 795 20 6 14 14 0 8 0
art_table 32 1018 0 795 2 0 2 2 0 8 0
art_node 16 228 0 187 1 0 1 1 0 8 0
sysvmsgpl 40 11 0 9 1 0 1 1 0 8 0
semapl 112 926 0 916 1 0 1 1 0 8 0
shmpl 112 46 0 10 2 0 2 2 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 11273 0 9855 91 1 90 90 0 8 0
ffsino 272 11273 0 9855 96 1 95 96 0 8 0
nchpl 144 20632 0 19023 61 0 61 61 0 8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0
vnodes 224 5926 0 0 349 0 349 349 0 8 0
namei 1024 50771 0 50771 2 1 1 1 0 8 1
percpumem 16 58 0 24 1 0 1 1 0 8 0
vcpupl 1984 10 0 0 2 0 2 2 0 8 0
vmpool 560 18 0 8 2 1 1 1 0 8 0
scsiplug 72 7 0 7 1 1 0 1 0 8 0
scxspl 216 61917 0 61917 10 9 1 8 0 8 1
plimitpl 152 173 0 164 1 0 1 1 0 8 0
sigapl 424 8342 0 8287 10 3 7 7 0 8 0
futexpl 56 59964 0 59963 2 1 1 1 0 8 0
knotepl 112 56 0 0 2 0 2 2 0 8 0
kqueuepl 216 4467 0 4460 3 2 1 2 0 8 0
pipepl 336 750 0 738 23 21 2 3 0 8 0
fdescpl 496 8285 0 8267 3 0 3 3 0 8 0
filepl 152 26741 0 26622 10 4 6 7 0 8 1
lockfpl 104 978 0 975 1 0 1 1 0 8 0
lockfspl 48 381 0 378 1 0 1 1 0 8 0
sessionpl 144 25 0 14 1 0 1 1 0 8 0
pgrppl 48 35 0 24 1 0 1 1 0 8 0
ucredpl 96 3166 0 3154 1 0 1 1 0 8 0
zombiepl 144 8287 0 8286 1 0 1 1 0 8 0
processpl 1072 8342 0 8286 4 0 4 4 0 8 0
procpl 672 17448 0 17383 8 2 6 6 0 8 0
srpgc 96 2 0 2 1 1 0 1 0 8 0
sosppl 168 92 0 92 10 10 0 1 0 8 0
sockpl 480 4567 0 4540 15 10 5 6 0 8 0
mcl64k 65536 8 0 0 1 0 1 1 0 8 0
mcl16k 16384 23 0 0 3 1 2 3 0 8 0
mcl12k 12288 9 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 17 0 0 3 0 3 3 0 8 0
mcl4k 4096 17 0 0 3 0 3 3 0 8 0
mcl2k2 2112 4 0 0 1 0 1 1 0 8 0
mcl2k 2048 507 0 0 18 0 18 18 0 8 0
mtagpl 96 324 0 0 7 0 7 7 0 8 0
mbufpl 256 1348 0 0 62 0 62 62 0 8 0
bufpl 280 14595 0 8259 453 0 453 453 0 8 0
anonpl 24 2112985 0 2099581 153 70 83 99 0 186 0
amapchunkpl 152 231840 0 231368 47 27 20 32 0 158 0
amappl16 200 16940 0 16458 70 44 26 36 0 8 0
amappl15 192 2 0 2 2 2 0 1 0 8 0
amappl14 184 414 0 412 1 0 1 1 0 8 0
amappl13 176 1081 0 1078 1 0 1 1 0 8 0
amappl12 168 4215 0 4213 1 0 1 1 0 8 0
amappl11 160 973 0 957 1 0 1 1 0 8 0
amappl10 152 1484 0 1475 1 0 1 1 0 8 0
amappl9 144 52 0 49 1 0 1 1 0 8 0
amappl8 136 593 0 494 4 0 4 4 0 8 0
amappl7 128 96 0 82 1 0 1 1 0 8 0
amappl6 120 173 0 156 1 0 1 1 0 8 0
amappl5 112 9212 0 9192 1 0 1 1 0 8 0
amappl4 104 2191 0 2155 4 3 1 2 0 8 0
amappl3 96 4829 0 4825 1 0 1 1 0 8 0
amappl2 88 1678 0 1609 2 0 2 2 0 8 0
amappl1 80 138230 0 137781 14 4 10 13 0 8 0
amappl 88 96214 0 96046 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 48 0 10 1 0 1 1 0 8 0
uaddrrnd 24 8303 0 8275 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 8303 0 8275 1 0 1 1 0 8 0
vmmpekpl 168 45692 0 45656 3 0 3 3 0 8 0
vmmpepl 168 917687 0 915749 186 96 90 105 0 357 1
vmsppl 368 8302 0 8275 3 0 3 3 0 8 0
rwobjpl 56 156336 0 155017 34 15 19 22 0 8 0
pdppl 4096 16614 0 16560 82 26 56 57 0 8 2
pvpl 32 4569345 0 4553333 344 205 139 161 0 265 7
pmappl 224 8302 0 8275 2 0 2 2 0 8 0
extentpl 40 58 0 40 1 0 1 1 0 8 0
phpool 112 439 0 82 11 0 11 11 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399
witness_checkorder(fffffd806b0476f8,9,0) at witness_checkorder+0x10f3 witness_debugger sys/kern/subr_witness.c:2502 [inline]
witness_checkorder(fffffd806b0476f8,9,0) at witness_checkorder+0x10f3 sys/kern/subr_witness.c:1105
rw_enter(fffffd806b0476e8,81) at rw_enter+0xd1 sys/kern/kern_rwlock.c:250
rrw_enter(fffffd806b0476e8,81) at rrw_enter+0x8b sys/kern/kern_rwlock.c:461
VOP_LOCK(fffffd80704d7540,81) at VOP_LOCK+0x87 sys/kern/vfs_vops.c:614
vn_lock(fffffd80704d7540,81) at vn_lock+0x84 sys/kern/vfs_vnops.c:579
uvn_get(fffffd8071528a30,8000000000000000,ffff800022ef99b8,ffff800022ef9988,0,0) at uvn_get+0x256 uvm_vnode_lock sys/uvm/uvm_vnode.c:1499 [inline]
uvn_get(fffffd8071528a30,8000000000000000,ffff800022ef99b8,ffff800022ef9988,0,0) at uvn_get+0x256 sys/uvm/uvm_vnode.c:993
uvm_fault_lower(ffff800022ef9b20,ffff800022ef9b58,ffff800022ef9aa0,0) at uvm_fault_lower+0x302 sys/uvm/uvm_fault.c:1251
uvm_fault(fffffd8071570460,20000000,0,2) at uvm_fault+0x240 sys/uvm/uvm_fault.c:638
kpageflttrap(ffff800022ef9cb0,200000c0) at kpageflttrap+0x1fd sys/arch/amd64/amd64/trap.c:264
kerntrap(ffff800022ef9cb0) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:318
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyout() at copyout+0x53
syscall(ffff800022ef9ef0) at syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800022ef9ef0) at syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x45d0099b00, count: -15
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:353
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x2eb sys/dev/acpi/acpicpu.c:1206
sched_idle(ffff800020d38ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178
end trace frame: 0x0, count: -5