*cpu1: uvm_fault(0xfffffd806f6013d8, 0x0, 0, 1) -> e
ddb{0}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x746e008b0d10, count: -1
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80002a32e530
rbx 0
rdx 0
rcx 0xffff80003c3f6038
rax 0x33
r8 0xffff80002a32e460
r9 0x2
r10 0x8f06354154e0dc7c
r11 0x515e0caf189764da
r12 0
r13 0
r14 0xffff80003c3f6038
r15 0
rip 0xffffffff8312a3ee savectx+0xae
cs 0x8
rflags 0x46
rsp 0xffff80002a32e4b0
ss 0x10
savectx+0xae: movl $0,%gs:0x688
ddb{0}> show proc
PROC (syz-executor) tid=317209 pid=32407 tcnt=1 stat=onproc
flags process=2<EXEC> proc=0
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003c3f74f8,0xffff8000303cba30
process=0xffff8000388b3050 user=0xffff80002a329000, vmspace=0xfffffd80681e0b90
estcpu=36, cpticks=47, pctcpu=0.23, user=2, sys=45, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
17384 343416 79613 0 2 0 syz-executor
11297 501129 32671 -1 3 0x90 nanoslp syz-executor
11297 200358 32671 -1 3 0x4000090 rest syz-executor
11297 361830 32671 -1 3 0x4000090 fsleep syz-executor
11297 481154 32671 -1 3 0x4000090 fsleep syz-executor
73316 398863 14885 -1 3 0x90 nanoslp syz-executor
73316 433113 14885 -1 3 0x4000090 ttyin syz-executor
73316 335127 14885 -1 3 0x4000090 fsleep syz-executor
92467 237594 84744 0 3 0x80 nanoslp syz-executor
92467 147739 84744 0 3 0x4000080 kqsel syz-executor
92467 146379 84744 0 3 0x4000080 fsleep syz-executor
18464 22796 1 0 3 0x82 nanoslp getty
84744 4794 3999 0 3 0x82 nanoslp syz-executor
14885 511284 3999 0 3 0x82 nanoslp syz-executor
71788 495870 3999 0 3 0x82 nanoslp syz-executor
*32407 317209 3999 0 7 0x2 syz-executor
79613 405404 3999 0 3 0x82 nanoslp syz-executor
6551 268244 3999 0 3 0x82 nanoslp syz-executor
32671 203901 3999 0 3 0x82 nanoslp syz-executor
44739 155751 3999 0 3 0x82 wait syz-executor
25692 285647 48553 0 3 0x82 sbwait sshd-session
3999 441156 1733 0 2 0x82 syz-executor
1733 225341 56859 0 3 0x10008a sigsusp ksh
56859 78909 82164 0 3 0x98 kqread sshd-session
82164 45422 48553 0 3 0x92 kqread sshd-session
48553 103390 1 0 3 0x88 kqread sshd
38075 132826 27173 74 3 0x1100092 bpf pflogd
27173 31177 1 0 3 0x80 sbwait pflogd
51925 31621 25020 73 3 0x1100090 kqread syslogd
25020 227683 1 0 3 0x100082 sbwait syslogd
34148 335560 1 0 3 0x100080 kqread resolvd
38882 303514 0 0 3 0x14200 bored smr
36832 220812 0 0 3 0x14200 pgzero zerothread
66034 395887 0 0 3 0x14200 aiodoned aiodoned
48847 327843 0 0 3 0x14200 syncer update
90572 369632 0 0 3 0x14200 cleaner cleaner
22349 481244 0 0 3 0x14200 reaper reaper
24825 63084 0 0 3 0x14200 pgdaemon pagedaemon
17628 382532 0 0 3 0x14200 bored viomb
91216 258094 0 0 3 0x40014200 acpi0 acpi0
62069 372248 0 0 3 0x40014200 idle1
25430 465280 0 0 3 0x14200 bored softnet1
49574 398030 0 0 3 0x14200 bored softnet0
21543 399648 0 0 3 0x14200 bored systqmp
22582 378205 0 0 3 0x14200 bored systq
89833 300317 0 0 3 0x14200 tmoslp softclockmp
47060 502660 0 0 3 0x40014200 tmoslp softclock
93898 14018 0 0 3 0x40014200 idle0
1 220645 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &sched_lock r = 0 (0xffffffff839ee858)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 wakeup_n+0x54 sys/kern/kern_synch.c:581
#3 knote_enqueue+0x229 klist_empty sys/sys/event.h:-1 [inline]
#3 knote_enqueue+0x229 kqueue_wakeup sys/kern/kern_event.c:1958 [inline]
#3 knote_enqueue+0x229 sys/kern/kern_event.c:2315
#4 knote_locked+0x246 sys/kern/kern_event.c:2118
#5 pipe_write+0xb6f pipe_wakeup sys/kern/sys_pipe.c:374 [inline]
#5 pipe_write+0xb6f sys/kern/sys_pipe.c:661
#6 dofilewritev+0x242 sys/kern/sys_generic.c:380
#7 sys_write+0xa2 sys/kern/sys_generic.c:300
#8 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775
#9 Xsyscall+0x128
exclusive mutex &kq->kq_lock r = 0 (0xfffffd806f6610f0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 knote_locked+0x169 knote_activate sys/kern/kern_event.c:-1 [inline]
#2 knote_locked+0x169 sys/kern/kern_event.c:2117
#3 pipe_write+0xb6f pipe_wakeup sys/kern/sys_pipe.c:374 [inline]
#3 pipe_write+0xb6f sys/kern/sys_pipe.c:661
#4 dofilewritev+0x242 sys/kern/sys_generic.c:380
#5 sys_write+0xa2 sys/kern/sys_generic.c:300
#6 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775
#7 Xsyscall+0x128
Process 32407 (syz-executor) thread 0xffff80003c3f6038 (317209)
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11127 12263K 14119K 166960K 18269 0
pcb 19 20K 34K 166960K 2415 0
rtable 268 18K 19K 166960K 2394 0
pf 45 19K 82K 166960K 860 0
ifaddr 44 11K 12K 166960K 558 0
ifgroup 64 2K 3K 166960K 999 0
sysctl 4 1K 9K 166960K 70 0
counters 76 37K 38K 166960K 1286 0
ioctlops 0 0K 8K 166960K 3587 0
iov 0 0K 28K 166960K 513 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1513 95K 96K 166960K 7439 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 8 0
VM map 2 1K 1K 166960K 2 0
sem 15 1K 1K 166960K 297 0
dirhash 12 2K 2K 166960K 129 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 240K 166960K 6775 0
sigio 0 0K 0K 166960K 410 0
proc 69 83K 180K 166960K 2062 0
subproc 72 4K 4K 166960K 325 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 824 0
in_multi 80 6K 7K 166960K 815 0
ether_multi 1 0K 0K 166960K 65 0
mrt 1 0K 0K 166960K 68 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 265 1182K 1182K 166960K 265 0
exec 0 0K 1K 166960K 2024 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 8 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 225 143K 186K 166960K 63417 0
UVM aobj 114 59K 59K 166960K 134 0
pinsyscall 38 76K 106K 166960K 8726 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 506 0
NDP 14 0K 2K 166960K 448 0
temp 84 8688K 8824K 166960K 324395 0
kqueue 11 19K 34K 166960K 1422 0
SYN cache 2 0K 16K 166960K 4 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 627 0 626 4 3 1 3 0 8 0
rtentry 176 733 0 643 6 1 5 6 0 8 0
unpcb 144 5650 0 5637 37 33 4 6 0 8 3
syncache 336 26 0 26 13 12 1 1 0 8 1
tcpqe 32 10 0 10 7 7 0 1 0 8 0
tcpcb 736 2683 0 2674 63 61 2 13 0 8 0
arp 136 102 0 87 1 0 1 1 0 8 0
inpcb 328 8743 0 8730 93 86 7 13 0 8 5
nd6 152 159 0 141 2 1 1 2 0 8 0
pkpcb 40 31 0 31 17 16 1 1 0 8 1
kcovpl 48 36 0 28 1 0 1 1 0 8 0
mppekey 1024 27 0 27 3 3 0 1 0 8 0
ppxss 1192 497 0 496 6 5 1 1 0 8 0
pppxif 1504 36 0 35 10 9 1 1 0 8 0
pfstscr 40 1 0 1 1 1 0 1 0 8 0
pffrag 232 86 0 75 1 0 1 1 0 482 0
pffrnode 88 50 0 39 1 0 1 1 0 8 0
pffrent 40 223 0 211 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 10 0 7 1 0 1 1 0 8 0
pfanchor 1288 1 0 0 1 0 1 1 0 8 0
pftag 88 3 0 0 1 0 1 1 0 8 0
pfqueue 320 1 0 1 1 1 0 1 0 8 0
pfstitem 24 6 0 0 1 0 1 1 0 8 0
pfstkey 128 8 0 3 1 0 1 1 0 8 0
pfstate 448 4 0 1 1 0 1 1 0 8 0
pfrule 1360 13 0 7 1 0 1 1 0 8 0
rttmr 136 16 0 16 8 7 1 1 0 8 1
art_heap8 4096 10 0 4 9 3 6 7 0 8 0
art_heap4 256 3493 0 3100 97 71 26 79 0 8 0
art_table 40 3503 0 3104 14 9 5 13 0 8 0
art_node 32 729 0 653 2 0 2 2 0 8 0
sysvmsgpl 40 21 0 17 2 1 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 290 0 277 1 0 1 1 0 8 0
shmpl 112 91 0 8 3 0 3 3 0 8 0
dirhash 1024 96 0 79 3 0 3 3 0 8 0
dino2pl 256 14823 0 13271 98 0 98 98 0 8 0
ffsino 296 14823 0 13271 120 0 120 120 0 8 0
nchpl 144 24058 0 22281 67 0 67 67 0 8 0
rtmask 32 86 0 86 15 14 1 1 0 8 1
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 91761 0 91761 12 11 1 4 0 8 1
percpumem 16 658 0 605 1 0 1 1 0 8 0
vcpupl 3968 32 0 4 4 0 4 4 0 8 0
vmpool 848 38 0 10 4 0 4 4 0 8 0
pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0
kstatmem 264 682 0 650 3 0 3 3 0 8 0
acpiwqpl 32 1 0 1 1 0 1 1 1 8 1
scsiplug 72 33 0 33 15 14 1 1 0 8 1
scxspl 216 184972 0 184972 34 32 2 8 1 8 2
plimitpl 152 2347 0 2329 1 0 1 1 0 8 0
sigapl 424 7062 0 7017 10 2 8 8 0 8 0
knotepl 120 830 0 0 22 0 22 22 0 8 0
kqueuepl 224 3110 0 3099 32 27 5 5 0 8 4
pipepl 344 1057 0 1028 33 26 7 9 0 8 4
fdescpl 528 6982 0 6953 3 0 3 3 0 8 0
filepl 160 55413 0 55192 56 38 18 20 0 8 4
lockfpl 104 3490 0 3488 8 6 2 2 0 8 1
lockfspl 48 1171 0 1169 1 0 1 1 0 8 0
sessionpl 144 78 0 70 1 0 1 1 0 8 0
pgrppl 48 285 0 269 1 0 1 1 0 8 0
ucredpl 104 9375 0 9363 1 0 1 1 0 8 0
zombiepl 144 8802 0 8799 1 0 1 1 0 8 0
processpl 1232 7062 0 7017 7 1 6 6 0 8 0
procpl 664 18290 0 18238 9 1 8 8 0 8 0
sosppl 176 66 0 66 14 13 1 1 0 8 1
sockpl 752 15515 0 15488 137 127 10 23 0 8 6
mcl64k 65536 8 0 0 1 0 1 1 0 8 0
mcl16k 16384 10 0 0 2 0 2 2 0 8 0
mcl12k 12288 3 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 7 0 0 1 0 1 1 0 8 0
mcl4k 4096 117 0 0 15 0 15 15 0 8 0
mcl2k2 2112 2 0 0 1 0 1 1 0 8 0
mcl2k 2048 66 0 0 7 2 5 7 0 8 0
mtagpl 96 4 0 0 1 0 1 1 0 8 0
mbufpl 256 1827 0 0 114 0 114 114 0 8 0
bufpl 280 74669 0 68533 439 0 439 439 0 8 0
anonpl 32 14836 0 0 119 0 119 119 0 246 0
amapchunkpl 152 222235 0 221697 89 56 33 40 0 158 4
amappl16 200 26018 0 25954 169 151 18 34 0 8 7
amappl15 192 8 0 8 1 1 0 1 0 8 0
amappl14 184 2 0 2 2 2 0 1 0 8 0
amappl13 176 773 0 772 1 0 1 1 0 8 0
amappl12 168 7601 0 7564 3 0 3 3 0 8 0
amappl11 160 64 0 64 2 2 0 1 0 8 0
amappl10 152 51 0 43 1 0 1 1 0 8 0
amappl9 144 260 0 259 1 0 1 1 0 8 0
amappl8 136 24 0 21 1 0 1 1 0 8 0
amappl7 128 194 0 192 1 0 1 1 0 8 0
amappl6 120 662 0 650 1 0 1 1 0 8 0
amappl5 112 122 0 113 1 0 1 1 0 8 0
amappl4 104 732 0 703 1 0 1 1 0 8 0
amappl3 96 39209 0 39127 4 1 3 3 0 8 0
amappl2 88 7176 0 7107 2 0 2 2 0 8 0
amappl1 80 42561 0 41983 15 1 14 15 0 8 0
amappl 88 60904 0 60742 5 0 5 5 0 92 0
uvmvnodes 80 261 0 0 6 0 6 6 0 8 0
dma65536 65536 2 0 2 2 1 1 1 0 8 1
dma32768 32768 1 0 1 1 1 0 1 0 8 0
dma8192 8192 2 0 2 2 2 0 1 0 8 0
dma4096 4096 3 0 3 2 2 0 1 0 8 0
dma1024 1024 3 0 2 1 0 1 1 0 8 0
dma512 512 4 0 4 4 3 1 1 0 8 1
dma256 256 11 0 11 6 6 0 1 0 8 0
dma128 128 259 0 259 6 6 0 1 0 8 0
dma64 64 9 0 9 4 4 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 22 0 21 1 0 1 1 0 8 0
aobjpl 72 133 0 20 3 0 3 3 0 8 0
uaddrrnd 24 6983 0 6954 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 6983 0 6954 1 0 1 1 0 8 0
vmmpekpl 168 48873 0 48795 4 0 4 4 0 8 0
vmmpepl 168 445824 0 443974 181 80 101 110 0 357 3
vmsppl 488 6982 0 6954 5 0 5 5 0 8 0
rwobjpl 80 115096 0 113798 48 13 35 36 0 8 0
pdppl 4096 14049 0 13956 206 109 97 98 0 8 4
pvpl 32 22104 0 0 177 0 177 177 0 265 0
pmappl 256 7020 0 6964 4 0 4 4 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 668 0 287 13 1 12 13 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x746e008b0d10, count: -1
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:670
comcnputc(800,61) at comcnputc+0x250 comcn_read_reg sys/dev/ic/com.c:1655 [inline]
comcnputc(800,61) at comcnputc+0x250 sys/dev/ic/com.c:1269
cnputc(61) at cnputc+0x67 sys/dev/cons.c:218
kputchar(61,5,0) at kputchar+0x2ed sys/kern/subr_prf.c:367
kprintf() at kprintf+0x223 sys/kern/subr_prf.c:723
printf(ffffffff83458dee) at printf+0x8b sys/kern/subr_prf.c:529
trap_print(ffff80002a2d7ef0,6) at trap_print+0x70 sys/arch/amd64/amd64/trap.c:653
kerntrap(ffff80002a2d7ef0) at kerntrap+0x2e6 sys/arch/amd64/amd64/trap.c:516
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
dt_ioctl_record_stop(ffff800001732000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:593
dtclose(11e5f,81,2000,ffff8000303c9798) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(11e5f,81,2000,ffff8000303c9798) at dtclose+0x109 sys/dev/dt/dt_dev.c:239
end trace frame: 0xffff80002a2d8090, count: 0
ddb{1}> trace
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:670
comcnputc(800,61) at comcnputc+0x250 comcn_read_reg sys/dev/ic/com.c:1655 [inline]
comcnputc(800,61) at comcnputc+0x250 sys/dev/ic/com.c:1269
cnputc(61) at cnputc+0x67 sys/dev/cons.c:218
kputchar(61,5,0) at kputchar+0x2ed sys/kern/subr_prf.c:367
kprintf() at kprintf+0x223 sys/kern/subr_prf.c:723
printf(ffffffff83458dee) at printf+0x8b sys/kern/subr_prf.c:529
trap_print(ffff80002a2d7ef0,6) at trap_print+0x70 sys/arch/amd64/amd64/trap.c:653
kerntrap(ffff80002a2d7ef0) at kerntrap+0x2e6 sys/arch/amd64/amd64/trap.c:516
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
dt_ioctl_record_stop(ffff800001732000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:593
dtclose(11e5f,81,2000,ffff8000303c9798) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(11e5f,81,2000,ffff8000303c9798) at dtclose+0x109 sys/dev/dt/dt_dev.c:239
spec_close(ffff80002a2d80a0) at spec_close+0x466 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd807609a7f8,81,fffffd80097fd820,ffff8000303c9798) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156
vn_closefile(fffffd80702c3dc0,ffff8000303c9798) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd80702c3dc0,ffff8000303c9798) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd80702c3dc0,ffff8000303c9798) at fdrop+0x121 sys/kern/kern_descrip.c:1280
closef(fffffd80702c3dc0,ffff8000303c9798) at closef+0x192 sys/kern/kern_descrip.c:1264
fdfree(ffff8000303c9798) at fdfree+0x116 sys/kern/kern_descrip.c:1195
exit1(ffff8000303c9798,b,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff8000303c9798,ffff80002a2d8410,ffff80002a2d8360) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a2d8410) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a2d8410) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x74503938ede0, count: -24