*cpu0: uvm_fault(0xfffffd807e6003e8, 0x98, 0, 1) -> e
ddb{1}> trace
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x7792cfc764b0, count: -1
ddb{1}> show registers
rdi 0
rsi 0
rbp 0xffff800032fbab90
rbx 0
rdx 0
rcx 0xffff80003c3ea7f0
rax 0x2a
r8 0xffff800032fbaac0
r9 0
r10 0x355bfdc366ee21e9
r11 0x4de6df389424d416
r12 0
r13 0
r14 0
r15 0
rip 0xffffffff814324c7 proc_trampoline+0xc7
cs 0x8
rflags 0x246
rsp 0xffff800032fbab10
ss 0
proc_trampoline+0xc7: movl $0,%gs:0x688
ddb{1}> show proc
PROC (syz-executor) tid=286454 pid=79667 tcnt=2 stat=onproc
flags process=0 proc=0
runpri=50, usrpri=86, slppri=17, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000fffef240,0xffff80003c3eafc8
process=0xffff80003c3ed360 user=0xffff800032fb5000, vmspace=0xfffffd807e6003e8
estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
70918 417001 31749 0 2 0 syz-executor
*79667 286454 57124 0 7 0 syz-executor
79667 514102 57124 0 7 0x4000000 syz-executor
79078 45370 53421 0 2 0 syz-executor
79078 172454 53421 0 3 0x4000080 fsleep syz-executor
73423 492901 46705 0 2 0 syz-executor
73423 476166 46705 0 3 0x4000080 bell syz-executor
24561 140580 77891 0 3 0x80 nanoslp syz-executor
24561 220425 77891 0 3 0x4000080 sbwait syz-executor
24561 412717 77891 0 3 0x4000080 fsleep syz-executor
77891 153963 70804 0 3 0x82 nanoslp syz-executor
46705 153387 70804 0 3 0x82 nanoslp syz-executor
76932 31464 70804 0 3 0x82 nanoslp syz-executor
31749 29830 70804 0 3 0x82 nanoslp syz-executor
27260 386538 70804 0 3 0x10000082 nanoslp syz-executor
57124 261185 70804 0 3 0x82 nanoslp syz-executor
53421 9083 70804 0 3 0x82 nanoslp syz-executor
68433 288440 70804 0 3 0x82 nanoslp syz-executor
70804 380765 81428 0 3 0x82 kqread syz-executor
81428 318013 42055 0 3 0x10008a sigsusp ksh
42055 3297 57862 0 3 0x98 kqread sshd-session
57862 381852 46418 0 3 0x92 kqread sshd-session
62190 121918 1 0 3 0x100083 ttyin getty
46418 416915 1 0 3 0x88 kqread sshd
93993 521655 932 74 3 0x1100092 bpf pflogd
932 510354 1 0 3 0x80 sbwait pflogd
23773 375695 66951 73 3 0x1100090 kqread syslogd
66951 372446 1 0 3 0x100082 sbwait syslogd
41628 388151 1 0 3 0x100080 kqread resolvd
23410 113256 34547 77 3 0x100092 kqread dhcpleased
42138 313125 34547 77 3 0x100092 kqread dhcpleased
34547 369218 1 0 3 0x80 kqread dhcpleased
75770 469527 0 0 3 0x14200 bored smr
20858 59882 0 0 3 0x14200 pgzero zerothread
12702 114714 0 0 3 0x14200 aiodoned aiodoned
74837 341745 0 0 3 0x14200 syncer update
82582 274116 0 0 3 0x14200 cleaner cleaner
90534 358992 0 0 3 0x14200 reaper reaper
26136 455511 0 0 3 0x14200 pgdaemon pagedaemon
91132 402443 0 0 3 0x14200 bored viomb
80711 523162 0 0 3 0x40014200 acpi0 acpi0
36781 398676 0 0 3 0x40014200 idle1
30813 268327 0 0 3 0x14200 bored softnet1
73397 46312 0 0 3 0x14200 bored softnet0
93628 234015 0 0 3 0x14200 smrbar systqmp
29131 74842 0 0 3 0x14200 bored systq
49389 478525 0 0 3 0x14200 tmoslp softclockmp
33278 280984 0 0 3 0x40014200 tmoslp softclock
56915 235495 0 0 3 0x40014200 idle0
1 244318 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 79667 (syz-executor) thread 0xffff80003c3ea7f0 (286454)
exclusive rwlock amaplk r = 0 (0xfffffd806c337c70)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 uvm_fault_check+0x8a9 sys/uvm/uvm_fault.c:834
#3 uvm_fault+0x106 sys/uvm/uvm_fault.c:627
#4 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192
#5 usertrap+0x430 sys/arch/amd64/amd64/trap.c:640
#6 recall_trap+0x8
shared rwlock vmmaplk r = 0 (0xfffffd807e6004e8)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_read+0x3e8 sys/kern/kern_rwlock.c:413
#2 uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1880
#3 uvm_fault_check+0x4f sys/uvm/uvm_fault.c:693
#4 uvm_fault+0x106 sys/uvm/uvm_fault.c:627
#5 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192
#6 usertrap+0x430 sys/arch/amd64/amd64/trap.c:640
#7 recall_trap+0x8
Process 79667 (syz-executor) thread 0xffff80003c3eafb8 (514102)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83a24180)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline]
#1 syscall+0xaf4 sys/arch/amd64/amd64/trap.c:783
#2 Xsyscall+0x128
Process 93628 (systqmp) thread 0xffff8000ffffe000 (234015)
shared rwlock systqmp r = 0 (0xffffffff83899738)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 taskq_thread+0x12a sys/kern/kern_task.c:442
#2 proc_trampoline+0x10
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11079 12113K 12424K 166960K 12495 0
pcb 18 12K 12K 166960K 52 0
rtable 227 8K 9K 166960K 434 0
pf 43 19K 24K 166960K 86 0
ifaddr 41 6K 7K 166960K 58 0
ifgroup 61 2K 2K 166960K 87 0
sysctl 3 1K 9K 166960K 10 0
counters 74 37K 38K 166960K 96 0
ioctlops 0 0K 4K 166960K 1592 0
iov 0 0K 20K 166960K 12 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1326 83K 84K 166960K 1594 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 5 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 16 0
dirhash 12 2K 2K 166960K 15 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 93K 166960K 385 0
sigio 0 0K 0K 166960K 3 0
proc 75 131K 180K 166960K 577 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 39 0
in_multi 87 6K 7K 166960K 108 0
ether_multi 1 0K 0K 166960K 1 0
mrt 1 0K 0K 166960K 9 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 79 360K 360K 166960K 79 0
exec 0 0K 1K 166960K 444 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 2 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 240 169K 183K 166960K 5264 0
UVM aobj 17 2K 2K 166960K 17 0
pinsyscall 42 84K 104K 166960K 1525 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 13 0
NDP 14 0K 1K 166960K 39 0
temp 47 9081K 9147K 166960K 20647 0
kqueue 13 20K 31K 166960K 73 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 48 0 45 1 0 1 1 0 8 0
rtentry 176 116 0 19 6 0 6 6 0 8 0
unpcb 144 213 0 194 4 0 4 4 0 8 3
syncache 336 3 0 3 1 1 0 1 0 8 0
tcpcb 736 106 0 102 4 0 4 4 0 8 3
arp 136 19 0 5 1 0 1 1 0 8 0
inpcb 328 313 0 305 5 0 5 5 0 8 4
ip6q 72 1 0 1 1 0 1 1 0 8 1
ip6af 40 2 0 2 1 0 1 1 0 8 1
nd6 152 25 0 3 1 0 1 1 0 8 0
pkpcb 40 4 0 4 1 0 1 1 0 8 1
kcovpl 48 8 0 0 1 0 1 1 0 8 0
mppekey 1024 1 0 1 1 1 0 1 0 8 0
ppxss 1192 9 0 8 1 0 1 1 0 8 0
pfstscr 40 4 0 0 1 0 1 1 0 8 0
pffrag 232 5 0 2 1 0 1 1 0 482 0
pffrnode 88 4 0 2 1 0 1 1 0 8 0
pffrent 40 8 0 5 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 1 0 0 1 0 1 1 0 8 0
pfsrclim 320 2 0 2 1 0 1 1 0 8 1
pfanchor 1288 2 0 0 1 0 1 1 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfqueue 320 1 0 0 1 0 1 1 0 8 0
pfstitem 24 34 0 0 1 0 1 1 0 8 0
pfstkey 128 34 0 0 2 0 2 2 0 8 0
pfstate 448 32 0 0 4 0 4 4 0 8 0
pfrule 1360 25 0 19 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 464 0 56 29 0 29 29 0 8 1
art_table 40 465 0 56 5 0 5 5 0 8 0
art_node 32 116 0 28 1 0 1 1 0 8 0
sysvmsgpl 40 7 0 4 1 0 1 1 0 8 0
semapl 112 12 0 2 1 0 1 1 0 8 0
shmpl 112 14 0 0 1 0 1 1 0 8 0
dirhash 1024 19 0 2 3 0 3 3 0 8 0
dino2pl 256 2057 0 590 93 0 93 93 0 8 0
ffsino 296 2057 0 590 114 0 114 114 0 8 0
nchpl 144 2552 0 851 64 0 64 64 0 8 0
vnodes 216 2275 0 0 127 0 127 127 0 8 0
namei 1024 8101 0 8101 2 0 2 2 0 8 2
percpumem 16 63 0 11 1 0 1 1 0 8 0
kstatmem 264 50 0 18 3 0 3 3 0 8 0
scsiplug 72 3 0 3 1 0 1 1 0 8 1
scxspl 216 8407 0 8407 6 3 3 3 1 8 3
plimitpl 152 48 0 31 1 0 1 1 0 8 0
sigapl 424 698 0 650 7 0 7 7 0 8 1
knotepl 120 352 0 0 11 0 11 11 0 8 0
kqueuepl 224 91 0 81 1 0 1 1 0 8 0
pipepl 344 137 0 110 3 0 3 3 0 8 0
fdescpl 528 682 0 651 3 0 3 3 0 8 0
filepl 160 3085 0 2862 13 0 13 13 0 8 3
lockfpl 104 263 0 261 2 0 2 2 0 8 1
lockfspl 48 91 0 89 1 0 1 1 0 8 0
sessionpl 144 37 0 28 1 0 1 1 0 8 0
pgrppl 48 46 0 29 1 0 1 1 0 8 0
ucredpl 104 324 0 309 1 0 1 1 0 8 0
zombiepl 144 653 0 650 1 0 1 1 0 8 0
processpl 1232 698 0 650 5 0 5 5 0 8 0
procpl 664 1099 0 1046 6 0 6 6 0 8 0
sosppl 176 2 0 2 1 0 1 1 0 8 1
sockpl 752 593 0 563 10 0 10 10 0 8 6
mcl64k 65536 3 0 0 1 0 1 1 0 8 0
mcl16k 16384 3 0 0 1 0 1 1 0 8 0
mcl12k 12288 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 3 0 0 1 0 1 1 0 8 0
mcl4k 4096 132 0 0 17 0 17 17 0 8 0
mcl2k 2048 25 0 0 4 0 4 4 0 8 0
mtagpl 96 5 0 0 1 0 1 1 0 8 0
mbufpl 256 266 0 0 17 0 17 17 0 8 0
bufpl 280 2877 0 109 198 0 198 198 0 8 0
anonpl 32 7497 0 0 61 0 61 61 0 246 0
amapchunkpl 152 17008 0 16447 37 0 37 37 0 158 9
amappl16 200 1904 0 1840 8 3 5 5 0 8 0
amappl15 192 8 0 8 1 1 0 1 0 8 0
amappl14 184 430 0 429 1 0 1 1 0 8 0
amappl13 176 209 0 197 1 0 1 1 0 8 0
amappl12 168 934 0 905 2 0 2 2 0 8 0
amappl11 160 5 0 4 2 1 1 1 0 8 0
amappl10 152 79 0 65 1 0 1 1 0 8 0
amappl9 144 273 0 272 1 0 1 1 0 8 0
amappl8 136 100 0 97 1 0 1 1 0 8 0
amappl7 128 145 0 131 1 0 1 1 0 8 0
amappl6 120 168 0 166 1 0 1 1 0 8 0
amappl5 112 90 0 80 1 0 1 1 0 8 0
amappl4 104 289 0 268 1 0 1 1 0 8 0
amappl3 96 3140 0 3032 4 0 4 4 0 8 0
amappl2 88 518 0 456 2 0 2 2 0 8 0
amappl1 80 10262 0 9666 15 0 15 15 0 8 2
amappl 88 4508 0 4342 5 0 5 5 0 92 0
uvmvnodes 80 108 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 16 0 0 1 0 1 1 0 8 0
uaddrrnd 24 682 0 651 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 682 0 651 1 0 1 1 0 8 0
vmmpekpl 168 7023 0 6988 3 0 3 3 0 8 0
vmmpepl 168 50062 0 48118 89 0 89 89 0 357 1
vmsppl 488 681 0 651 5 0 5 5 0 8 1
rwobjpl 80 16208 0 15123 24 1 23 23 0 8 0
pdppl 4096 1371 0 1302 97 26 71 85 0 8 2
pvpl 32 14820 0 0 121 1 120 120 0 265 0
pmappl 256 681 0 651 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 284 0 31 8 0 8 8 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff838c0ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_write_1(3f8,0,20) at x86_bus_space_io_write_1+0x40 sys/arch/amd64/amd64/bus_space.c:790
comcnputc(800,20) at comcnputc+0x1ab bus_space_barrier sys/dev/ic/com.c:-1 [inline]
comcnputc(800,20) at comcnputc+0x1ab sys/dev/ic/com.c:1278
cnputc(20) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(31) at db_putchar+0x126 db_force_whitespace sys/ddb/db_output.c:102 [inline]
db_putchar(31) at db_putchar+0x126 sys/ddb/db_output.c:153
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
db_printf(ffffffff833f0f20) at db_printf+0x9b sys/kern/subr_prf.c:-1
fault(ffffffff834af320) at fault+0xa7 sys/arch/amd64/amd64/trap.c:161
kpageflttrap(ffff800035bc09f0,98) at kpageflttrap+0x37d sys/arch/amd64/amd64/trap.c:296
kerntrap(ffff800035bc09f0) at kerntrap+0x19d sys/arch/amd64/amd64/trap.c:528
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
dovutimens(ffff80003c3eafb8,fffffd8064366558,ffff800035bc0bd0) at dovutimens+0x368 sys/kern/vfs_syscalls.c:2771
end trace frame: 0xffff800035bc0c40, count: 0
ddb{0}> trace
x86_ipi_db(ffffffff838c0ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_write_1(3f8,0,20) at x86_bus_space_io_write_1+0x40 sys/arch/amd64/amd64/bus_space.c:790
comcnputc(800,20) at comcnputc+0x1ab bus_space_barrier sys/dev/ic/com.c:-1 [inline]
comcnputc(800,20) at comcnputc+0x1ab sys/dev/ic/com.c:1278
cnputc(20) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(31) at db_putchar+0x126 db_force_whitespace sys/ddb/db_output.c:102 [inline]
db_putchar(31) at db_putchar+0x126 sys/ddb/db_output.c:153
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
db_printf(ffffffff833f0f20) at db_printf+0x9b sys/kern/subr_prf.c:-1
fault(ffffffff834af320) at fault+0xa7 sys/arch/amd64/amd64/trap.c:161
kpageflttrap(ffff800035bc09f0,98) at kpageflttrap+0x37d sys/arch/amd64/amd64/trap.c:296
kerntrap(ffff800035bc09f0) at kerntrap+0x19d sys/arch/amd64/amd64/trap.c:528
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
dovutimens(ffff80003c3eafb8,fffffd8064366558,ffff800035bc0bd0) at dovutimens+0x368 sys/kern/vfs_syscalls.c:2771
sys_futimes(ffff80003c3eafb8,ffff800035bc0d20,ffff800035bc0c70) at sys_futimes+0x208 sys/kern/vfs_syscalls.c:2813
syscall(ffff800035bc0d20) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff800035bc0d20) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xccf342891c0, count: -17
ddb{0}> machine ddbcpu 1
Stopped at proc_trampoline+0xc7: movl $0,%gs:0x688
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x7792cfc764b0, count: 14
ddb{1}> trace
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x7792cfc764b0, count: -1