*cpu1: uvm_fault(0xffffffff8392a6b0, 0xffff800001534000, 0, 1) -> e ddb{0}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7a8a62c3fd10, count: -1 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80002a3f9c60 rbx 0 rdx 0 rcx 0xffff80003c459260 rax 0x33 r8 0xffff80002a3f9b90 r9 0xffff80002a3f9858 r10 0x5e3b3068cd22517d r11 0x2bcc38cf800739ca r12 0 r13 0 r14 0xffff80003c459260 r15 0 rip 0xffffffff81b443ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80002a3f9be0 ss 0x10 savectx+0xae: movl $0,%gs:0x688 ddb{0}> show proc PROC (syz-executor) tid=383753 pid=95466 tcnt=1 stat=onproc flags process=2 proc=0 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c458fc8,0xffff80003c436800 process=0xffff80002a2cf5b8 user=0xffff80002a3f4000, vmspace=0xfffffd800b0277a0 estcpu=36, cpticks=11, pctcpu=0.5, user=0, sys=10, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 39291 212801 1549 0 2 0xc90 syz-executor 39291 173177 1549 0 3 0x4000090 fsleep syz-executor 43487 400268 70292 0 3 0x80 nanoslp syz-executor 43487 248816 70292 0 3 0x4000080 piperd syz-executor 43487 159306 70292 0 3 0x4000080 fsleep syz-executor 65471 451514 95466 0 2 0xc80 syz-executor 65471 262004 95466 0 3 0x4000080 lockf syz-executor 65471 177683 95466 0 3 0x4000080 fsleep syz-executor 63050 201558 37552 0 2 0xc80 syz-executor 63050 319340 37552 0 3 0x4000080 lockf syz-executor 63050 258396 37552 0 3 0x4000080 fsleep syz-executor 87597 306027 47373 0 3 0x80 nanoslp syz-executor 87597 362099 47373 0 3 0x4000080 fsleep syz-executor 87597 191570 47373 0 3 0x4000080 fsleep syz-executor 87597 417758 47373 0 3 0x4000080 fsleep syz-executor 87597 272109 47373 0 3 0x4000080 vgalk syz-executor 87597 26118 47373 0 3 0x4000080 fsleep syz-executor 11061 476157 85293 0 3 0x80 nanoslp syz-executor 11061 233163 85293 0 3 0x4000080 kqsel syz-executor 11061 306584 85293 0 3 0x4000080 fsleep syz-executor 8119 421958 90874 60929 3 0x90 nanoslp syz-executor 8119 38783 90874 60929 3 0x4000090 kqread syz-executor 8119 179781 90874 60929 3 0x4000090 fsleep syz-executor 90874 32567 90470 0 3 0x82 nanoslp syz-executor 51727 407473 0 0 3 0x14200 acct acct *95466 383753 90470 0 7 0x2 syz-executor 39586 145013 1 0 3 0x100083 ttyin getty 37552 216161 90470 0 3 0x82 nanoslp syz-executor 5987 413670 90470 0 3 0x82 nanoslp syz-executor 85293 291852 90470 0 3 0x82 nanoslp syz-executor 19670 206310 0 0 3 0x14200 bored sosplice 70292 175310 90470 0 3 0x82 nanoslp syz-executor 47373 283036 90470 0 3 0x82 nanoslp syz-executor 1549 286915 90470 0 3 0x82 nanoslp syz-executor 90470 19892 46641 0 3 0x82 kqread syz-executor 46641 126701 64898 0 3 0x10008a sigsusp ksh 64898 170285 81973 0 3 0x98 kqread sshd-session 81973 384491 48441 0 3 0x92 kqread sshd-session 48441 81753 1 0 3 0x88 kqread sshd 16116 430969 35673 74 3 0x1100092 bpf pflogd 35673 94732 1 0 3 0x80 sbwait pflogd 38638 389530 87333 73 3 0x1100090 kqread syslogd 87333 136652 1 0 3 0x100082 sbwait syslogd 33334 115735 1 0 3 0x100080 kqread resolvd 92191 210884 66128 77 3 0x100092 kqread dhcpleased 73731 477134 66128 77 3 0x100092 kqread dhcpleased 66128 515058 1 0 3 0x80 kqread dhcpleased 68921 199555 0 0 3 0x14200 bored smr 48277 15610 0 0 3 0x14200 pgzero zerothread 22060 46242 0 0 3 0x14200 aiodoned aiodoned 36586 74489 0 0 3 0x14200 syncer update 5304 367172 0 0 3 0x14200 cleaner cleaner 23375 451400 0 0 3 0x14200 reaper reaper 58608 410466 0 0 3 0x14200 pgdaemon pagedaemon 75086 348133 0 0 3 0x14200 bored viomb 51062 361500 0 0 3 0x40014200 acpi0 acpi0 72864 259359 0 0 3 0x40014200 idle1 66158 65386 0 0 3 0x14200 bored softnet7 52258 208041 0 0 3 0x14200 bored softnet6 76721 332575 0 0 3 0x14200 bored softnet5 4545 459904 0 0 3 0x14200 bored softnet4 58091 312006 0 0 3 0x14200 bored softnet3 17996 381495 0 0 3 0x14200 bored softnet2 15848 205133 0 0 3 0x14200 bored softnet1 70161 340043 0 0 7 0x14200 softnet0 71144 367729 0 0 2 0x14200 systqmp 60667 295411 0 0 3 0x14200 bored systq 90124 419288 0 0 3 0x14200 tmoslp softclockmp 39646 230849 0 0 3 0x40014200 netlock softclock 66985 39718 0 0 3 0x40014200 idle0 1 285598 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex /syzkaller/managers/multicore/kernel/sys/kern/vfs_subr.c:123 r = 0 (0xffffffff8384b598) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 mtx_enter_try+0x1ad sys/kern/kern_lock.c:311 #2 mtx_enter+0x62 sys/kern/kern_lock.c:261 #3 vn_lock+0x4c sys/kern/vfs_vnops.c:561 #4 vget+0x2a2 sys/kern/vfs_subr.c:693 #5 ktrwriteraw+0x175 sys/kern/kern_ktrace.c:688 #6 ktrsyscall+0x340 ktrwrite sys/kern/kern_ktrace.c:-1 [inline] #6 ktrsyscall+0x340 sys/kern/kern_ktrace.c:183 #7 syscall+0x304 mi_syscall sys/sys/syscall_mi.h:154 [inline] #7 syscall+0x304 sys/arch/amd64/amd64/trap.c:748 #8 Xsyscall+0x128 Process 95466 (syz-executor) thread 0xffff80003c459260 (383753) Process 70161 (softnet0) thread 0xffff8000ffffe530 (340043) Process 39646 (softclock) thread 0xffff8000fffff228 (230849) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10220 11076K 15214K 166960K 16125 0 pcb 20 15K 17K 166960K 730 0 rtable 222 15K 16K 166960K 804 0 pf 42 19K 67488K 166960K 415 0 ifaddr 40 8K 9K 166960K 227 0 ifgroup 54 2K 3K 166960K 398 0 sysctl 4 1K 9K 166960K 27 0 counters 66 36K 38K 166960K 550 0 ioctlops 0 0K 4K 166960K 2436 0 iov 0 0K 32K 166960K 467 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1613 101K 102K 166960K 4727 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 16K 24K 166960K 49 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 231 0 dirhash 12 2K 2K 166960K 87 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 236K 166960K 3803 0 sigio 0 0K 0K 166960K 115 0 proc 72 115K 164K 166960K 1180 0 subproc 72 4K 4K 166960K 127 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 588 0 in_multi 76 5K 7K 166960K 355 0 ether_multi 1 0K 0K 166960K 66 0 mrt 1 0K 0K 166960K 33 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 79 360K 360K 166960K 79 0 exec 0 0K 1K 166960K 965 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 1K 166960K 8 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 265 155K 169K 166960K 36581 0 UVM aobj 50 2K 2K 166960K 54 0 pinsyscall 43 86K 98K 166960K 5031 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 221 0 NDP 11 0K 2K 166960K 161 0 temp 84 8652K 8905K 166960K 179760 0 kqueue 15 24K 33K 166960K 758 0 SYN cache 2 8K 16K 166960K 3 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 385 0 381 4 3 1 3 0 8 0 rtentry 176 261 0 186 5 0 5 5 0 8 0 unpcb 144 2674 0 2656 16 12 4 4 0 8 3 syncache 336 4 0 4 2 2 0 1 0 8 0 tcpqe 32 1 0 1 1 1 0 1 0 8 0 tcpcb 736 1379 0 1375 30 23 7 7 0 8 6 arp 128 34 0 22 1 0 1 1 0 8 0 inpcb 328 4358 0 4346 46 37 9 12 0 8 8 nd6 144 36 0 23 1 0 1 1 0 8 0 pkpcb 40 108 0 108 6 5 1 1 0 8 1 kcovpl 48 14 0 6 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1192 205 0 205 5 4 1 1 0 8 1 pppxif 1504 15 0 15 6 5 1 1 0 8 1 pfstscr 40 5 0 5 2 2 0 1 0 8 0 pffrag 232 15 0 7 1 0 1 1 0 482 0 pffrnode 88 12 0 5 1 0 1 1 0 8 0 pffrent 40 68 0 60 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 4 0 4 4 4 0 1 0 8 0 pfstitem 24 241 0 89 1 0 1 1 0 8 0 pfstkey 128 248 0 97 5 0 5 5 0 8 0 pfstate 384 242 0 93 16 0 16 16 0 8 0 pfrule 1344 28 0 20 2 1 1 2 0 8 0 rttmr 136 8 0 8 5 4 1 1 0 8 1 art_heap8 4096 6 0 2 6 0 6 6 0 8 2 art_heap4 256 1168 0 807 36 10 26 30 0 8 3 art_table 40 1174 0 809 5 0 5 5 0 8 0 art_node 32 260 0 200 1 0 1 1 0 8 0 sysvmsgpl 40 24 0 13 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 223 0 213 1 0 1 1 0 8 0 shmpl 112 51 0 4 2 0 2 2 0 8 0 dirhash 1024 68 0 51 3 0 3 3 0 8 0 dino2pl 256 8423 0 6904 96 0 96 96 0 8 0 ffsino 296 8423 0 6904 118 0 118 118 0 8 0 nchpl 144 13828 0 13280 64 35 29 64 0 8 4 rtmask 32 46 0 46 7 6 1 1 0 8 1 uvmvnodes 80 6174 0 0 126 0 126 126 0 8 0 vnodes 216 6174 0 0 343 0 343 343 0 8 0 namei 1024 50980 0 50980 8 7 1 3 0 8 1 percpumem 16 290 0 242 1 0 1 1 0 8 0 kstatmem 264 270 0 244 8 5 3 3 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 12 0 12 5 5 0 1 0 8 0 scxspl 216 107625 0 107625 19 17 2 8 1 8 2 plimitpl 152 994 0 976 1 0 1 1 0 8 0 sigapl 424 4084 0 4028 7 0 7 7 0 8 0 knotepl 120 670 0 0 19 0 19 19 0 8 0 kqueuepl 224 1731 0 1717 17 14 3 5 0 8 2 pipepl 344 834 0 806 25 21 4 9 0 8 1 fdescpl 528 4050 0 4018 3 0 3 3 0 8 0 filepl 160 30220 0 29989 44 29 15 21 0 8 4 lockfpl 104 2671 0 2663 6 5 1 2 0 8 0 lockfspl 48 780 0 775 1 0 1 1 0 8 0 sessionpl 144 33 0 24 1 0 1 1 0 8 0 pgrppl 48 134 0 117 1 0 1 1 0 8 0 ucredpl 104 5051 0 5034 1 0 1 1 0 8 0 zombiepl 144 4764 0 4763 3 2 1 1 0 8 0 processpl 1248 4084 0 4028 5 0 5 5 0 8 0 procpl 664 10418 0 10346 8 1 7 7 0 8 0 sosppl 168 21 0 21 3 2 1 1 0 8 1 sockpl 752 7716 0 7680 72 60 12 17 0 8 8 mcl64k 65536 18 0 0 3 0 3 3 0 8 0 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl12k 12288 3 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 5 0 0 1 0 1 1 0 8 0 mcl4k 4096 122 0 0 14 0 14 14 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 55 0 0 6 0 6 6 0 8 0 mtagpl 96 15 0 0 1 0 1 1 0 8 0 mbufpl 256 1171 0 0 72 0 72 72 0 8 0 bufpl 280 45377 0 39153 446 1 445 445 0 8 0 anonpl 32 15148 0 0 122 0 122 122 0 246 0 amapchunkpl 152 127482 0 126915 68 38 30 34 0 158 7 amappl16 200 15495 0 15457 167 149 18 37 0 8 8 amappl15 192 25 0 25 1 1 0 1 0 8 0 amappl14 184 132 0 120 1 0 1 1 0 8 0 amappl13 176 5 0 5 1 1 0 1 0 8 0 amappl12 168 4790 0 4758 3 1 2 2 0 8 0 amappl11 160 52 0 38 1 0 1 1 0 8 0 amappl10 152 17 0 16 3 2 1 1 0 8 0 amappl9 144 269 0 268 2 1 1 1 0 8 0 amappl8 136 72 0 69 1 0 1 1 0 8 0 amappl7 128 126 0 113 1 0 1 1 0 8 0 amappl6 120 236 0 233 1 0 1 1 0 8 0 amappl5 112 164 0 153 1 0 1 1 0 8 0 amappl4 104 325 0 304 1 0 1 1 0 8 0 amappl3 96 26015 0 25886 5 1 4 4 0 8 0 amappl2 88 773 0 708 2 0 2 2 0 8 0 amappl1 80 23782 0 23177 15 2 13 15 0 8 0 amappl 88 35123 0 34934 5 0 5 5 0 92 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma8192 8192 2 0 2 2 2 0 1 0 8 0 dma4096 4096 2 0 2 2 1 1 1 0 8 1 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma512 512 2 0 2 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 260 0 260 8 7 1 1 0 8 1 dma64 64 12 0 12 5 5 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 53 0 4 1 0 1 1 0 8 0 uaddrrnd 24 4050 0 4018 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4050 0 4018 1 0 1 1 0 8 0 vmmpekpl 168 31874 0 31823 3 0 3 3 0 8 0 vmmpepl 168 257107 0 255004 171 56 115 120 0 357 9 vmsppl 488 4049 0 4018 7 2 5 5 0 8 0 rwobjpl 80 71378 0 64169 165 7 158 161 0 8 2 pdppl 4096 8108 0 8036 114 42 72 82 0 8 0 pvpl 32 26164 0 0 210 0 210 210 0 265 0 pmappl 256 4049 0 4018 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 405 0 92 10 0 10 10 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7a8a62c3fd10, count: -1 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:654 comcnputc(800,30) at comcnputc+0x250 comcn_read_reg sys/dev/ic/com.c:1655 [inline] comcnputc(800,30) at comcnputc+0x250 sys/dev/ic/com.c:1269 cnputc(30) at cnputc+0x67 sys/dev/cons.c:218 db_putchar(30) at db_putchar+0x36d sys/ddb/db_output.c:155 kprintf() at kprintf+0x29a5 sys/kern/subr_prf.c:-1 db_printf(ffffffff83313518) at db_printf+0x9b sys/kern/subr_prf.c:-1 fault(ffffffff833d6993) at fault+0xa7 sys/arch/amd64/amd64/trap.c:161 kpageflttrap(ffff80002a220780,ffff800001534000) at kpageflttrap+0x37d sys/arch/amd64/amd64/trap.c:296 kerntrap(ffff80002a220780) at kerntrap+0x198 sys/arch/amd64/amd64/trap.c:491 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b memcpy() at memcpy+0x19 end trace frame: 0xffff80002a220960, count: 0 ddb{1}> trace x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:654 comcnputc(800,30) at comcnputc+0x250 comcn_read_reg sys/dev/ic/com.c:1655 [inline] comcnputc(800,30) at comcnputc+0x250 sys/dev/ic/com.c:1269 cnputc(30) at cnputc+0x67 sys/dev/cons.c:218 db_putchar(30) at db_putchar+0x36d sys/ddb/db_output.c:155 kprintf() at kprintf+0x29a5 sys/kern/subr_prf.c:-1 db_printf(ffffffff83313518) at db_printf+0x9b sys/kern/subr_prf.c:-1 fault(ffffffff833d6993) at fault+0xa7 sys/arch/amd64/amd64/trap.c:161 kpageflttrap(ffff80002a220780,ffff800001534000) at kpageflttrap+0x37d sys/arch/amd64/amd64/trap.c:296 kerntrap(ffff80002a220780) at kerntrap+0x198 sys/arch/amd64/amd64/trap.c:491 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b memcpy() at memcpy+0x19 rtm_msg1(d,ffff80002a220978) at rtm_msg1+0x306 sys/net/rtsock.c:1644 rtm_addr(d,ffff800001533f00) at rtm_addr+0xb9 sys/net/rtsock.c:-1 rt_ifa_del(ffff800001533f00,200004,ffff800001533f40,0) at rt_ifa_del+0x453 sys/net/route.c:1348 rt_ifa_dellocal(ffff800001533f00) at rt_ifa_dellocal+0x1ae sys/net/route.c:1446 in6_purgeaddr(ffff800001533f00) at in6_purgeaddr+0x137 sys/netinet6/in6.c:913 nd6_expire(0) at nd6_expire+0x111 sys/netinet6/nd6.c:-1 taskq_thread(ffff80000002c000) at taskq_thread+0x157 sys/kern/kern_task.c:446 end trace frame: 0x0, count: -21