*cpu1: uvm_fault(0xffffffff83541338, 0xffff8000013c7008, 0, 2) -> e
ddb{0}> trace
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x7658f19742c0, count: -1
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80002a17e090
rbx 0
rdx 0
rcx 0xffff8000ffffc7a8
rax 0x2a
r8 0xffff80002a17dfc0
r9 0x4
r10 0xd91123f1c9df1b49
r11 0x88ce8960b82f6847
r12 0
r13 0
r14 0
r15 0
rip 0xffffffff81fdd4c7 proc_trampoline+0xc7
cs 0x8
rflags 0x246
rsp 0xffff80002a17e010
ss 0
proc_trampoline+0xc7: movl $0,%gs:0x680
ddb{0}> show proc
PROC (syz-executor) tid=167837 pid=39579 tcnt=1 stat=onproc
flags process=2<EXEC> proc=0
runpri=17, usrpri=50, slppri=17, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000ffffdbe8,0xffff8000ffffca40
process=0xffff8000ffff1240 user=0xffff80002a179000, vmspace=0xfffffd806c2d06e0
estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
9905 60101 71374 32767 3 0x102010 suspend syz-executor
9905 319521 71374 32767 4 0x4182010 syz-executor
9905 180924 71374 32767 7 0x4182010 syz-executor
9905 377159 71374 32767 4 0x4182010 syz-executor
*39579 167837 46639 0 7 0x2 syz-executor
61694 273420 0 0 3 0x14200 bored sosplice
98500 333449 94645 32767 3 0x90 nanoslp syz-executor
98500 124504 94645 32767 3 0x4000090 lockf syz-executor
98500 229520 94645 32767 3 0x4000090 fsleep syz-executor
63260 292617 18573 32767 3 0x90 nanoslp syz-executor
63260 253995 18573 32767 3 0x4000090 lockf syz-executor
63260 76082 18573 32767 3 0x4000090 fsleep syz-executor
17599 519879 90865 0 3 0x82 netio sshd-session
53652 302547 86948 32767 3 0x90 piperd syz-executor
86847 144965 83602 32767 3 0x90 piperd syz-executor
18573 438280 10020 32767 3 0x90 nanoslp syz-executor
90304 365909 71420 32767 3 0x90 piperd syz-executor
94645 341200 88296 32767 3 0x90 nanoslp syz-executor
71374 305243 38484 32767 3 0x90 nanoslp syz-executor
10020 455558 46639 0 3 0x82 wait syz-executor
86948 41854 46639 0 3 0x82 wait syz-executor
83602 230657 46639 0 3 0x82 wait syz-executor
71420 264542 46639 0 3 0x82 wait syz-executor
38484 313028 46639 0 3 0x82 wait syz-executor
88296 484240 46639 0 3 0x82 wait syz-executor
46639 474728 30412 0 3 0x82 nanoslp syz-executor
30412 456672 48410 0 3 0x10008a sigsusp ksh
48410 72334 30600 0 3 0x98 kqread sshd-session
30600 268925 90865 0 3 0x92 kqread sshd-session
5617 443265 1 0 3 0x100083 ttyin getty
90865 141525 1 0 3 0x88 kqread sshd
5814 420897 51022 73 3 0x1100090 kqread syslogd
51022 278554 1 0 3 0x100082 sbwait syslogd
99291 224973 1 0 3 0x100080 kqread resolvd
20418 354035 45042 77 3 0x100092 kqread dhcpleased
9838 265280 45042 77 3 0x100092 kqread dhcpleased
45042 505674 1 0 3 0x80 kqread dhcpleased
81988 171861 0 0 3 0x14200 bored smr
60129 270311 0 0 3 0x14200 pgzero zerothread
29030 511722 0 0 3 0x14200 aiodoned aiodoned
24313 466379 0 0 3 0x14200 syncer update
24559 332628 0 0 3 0x14200 cleaner cleaner
46500 78669 0 0 3 0x14200 reaper reaper
84312 25457 0 0 3 0x14200 pgdaemon pagedaemon
23914 116056 0 0 3 0x14200 bored viomb
84374 408077 0 0 3 0x40014200 acpi0 acpi0
93445 81915 0 0 3 0x40014200 idle1
89935 362007 0 0 3 0x14200 bored softnet3
64417 300624 0 0 3 0x14200 bored softnet2
20434 143427 0 0 3 0x14200 bored softnet1
5788 215435 0 0 3 0x14200 bored softnet0
6590 349353 0 0 3 0x14200 bored systqmp
2010 417974 0 0 3 0x14200 bored systq
38927 139626 0 0 3 0x14200 tmoslp softclockmp
51993 422686 0 0 3 0x40014200 tmoslp softclock
17547 91384 0 0 3 0x40014200 idle0
1 160273 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &uvm.pageqlock r = 0 (0xffffffff835a59c0)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 mtx_enter_try+0x178
#2 mtx_enter+0x60 sys/kern/kern_lock.c:239
#3 uvm_fault_lower_lookup+0x24c sys/uvm/uvm_fault.c:1171
#4 uvm_fault_lower+0x74 sys/uvm/uvm_fault.c:1227
#5 uvm_fault+0x301 sys/uvm/uvm_fault.c:637
#6 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188
#7 usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436
#8 recall_trap+0x8
Process 9905 (syz-executor) thread 0xffff80002a02dbf8 (180924)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8351ca88)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 __mp_acquire_count+0x58
#2 mi_switch+0x4b7 sys/kern/sched_bsd.c:441
#3 sleep_finish+0x21e sys/kern/kern_synch.c:416
#4 rw_enter+0x348 sys/kern/kern_rwlock.c:285
#5 rrw_enter+0xbe sys/kern/kern_rwlock.c:464
#6 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#7 vn_lock+0xa4 sys/kern/vfs_vnops.c:564
#8 vget+0x2bd sys/kern/vfs_subr.c:673
#9 ufs_ihashget+0x192 sys/ufs/ufs/ufs_ihash.c:98
#10 ffs_vget+0x8c sys/ufs/ffs/ffs_vfsops.c:1201
#11 ufs_lookup+0x1631 sys/ufs/ufs/ufs_lookup.c:555
#12 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
#13 unveil_find_cover+0x16d sys/kern/kern_unveil.c:277
#14 unveil_add_vnode+0xd1 sys/kern/kern_unveil.c:391
#15 unveil_add+0x448 sys/kern/kern_unveil.c:494
#16 sys_unveil+0x60c sys/kern/vfs_syscalls.c:1020
#17 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline]
#17 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#18 Xsyscall+0x128
Process 39579 (syz-executor) thread 0xffff8000ffffc7a8 (167837)
exclusive rwlock uobjlk r = 0 (0xfffffd806d66a440)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 uvm_fault_lower_lookup+0x54 sys/uvm/uvm_fault.c:1126
#3 uvm_fault_lower+0x74 sys/uvm/uvm_fault.c:1227
#4 uvm_fault+0x301 sys/uvm/uvm_fault.c:637
#5 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188
#6 usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436
#7 recall_trap+0x8
shared rwlock vmmaplk r = 0 (0xfffffd806c2d07d0)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1785
#2 uvm_fault_check+0x47 sys/uvm/uvm_fault.c:672
#3 uvm_fault+0x112 sys/uvm/uvm_fault.c:600
#4 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188
#5 usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436
#6 recall_trap+0x8
exclusive mutex &uvm.pageqlock r = 0 (0xffffffff835a59c0)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 mtx_enter_try+0x178
#2 mtx_enter+0x60 sys/kern/kern_lock.c:239
#3 uvm_fault_lower_lookup+0x24c sys/uvm/uvm_fault.c:1171
#4 uvm_fault_lower+0x74 sys/uvm/uvm_fault.c:1227
#5 uvm_fault+0x301 sys/uvm/uvm_fault.c:637
#6 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188
#7 usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436
#8 recall_trap+0x8
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10206 11046K 11059K 166960K 11292 0
pcb 17 12K 12K 166960K 17 0
rtable 192 5K 6K 166960K 364 0
pf 27 16K 16K 166960K 31 0
ifaddr 34 6K 7K 166960K 44 0
ifgroup 42 1K 2K 166960K 50 0
counters 60 35K 36K 166960K 64 0
ioctlops 0 0K 2K 166960K 30 0
iov 0 0K 3K 166960K 7 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1364 86K 86K 166960K 1989 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 7 0
VM map 2 1K 1K 166960K 2 0
sem 12 1K 1K 166960K 20 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1690 195K 286K 166960K 12468 0
file desc 18 62K 125K 166960K 443 0
sigio 0 0K 0K 166960K 72 0
proc 58 79K 115K 166960K 485 0
subproc 78 4K 6K 166960K 585 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 27 0
in_multi 77 5K 7K 166960K 104 0
ether_multi 1 0K 0K 166960K 1 0
mrt 0 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 241 1076K 1076K 166960K 241 0
exec 0 0K 1K 166960K 397 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 210 56K 90K 166960K 4654 0
UVM aobj 13 2K 2K 166960K 13 0
pinsyscall 41 82K 110K 166960K 1488 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 16 0
NDP 9 0K 2K 166960K 27 0
temp 65 6819K 6885K 166960K 5397 0
kqueue 13 20K 30K 166960K 50 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 79 0 76 2 0 2 2 0 8 1
rtentry 112 114 0 25 4 0 4 4 0 8 0
unpcb 144 414 0 398 6 0 6 6 0 8 5
syncache 336 9 0 9 1 0 1 1 0 8 1
tcpqe 32 2 0 2 1 0 1 1 0 8 1
tcpcb 808 121 0 113 4 0 4 4 0 8 2
arp 120 19 0 5 1 0 1 1 0 8 0
ipq 40 4 0 1 1 0 1 1 0 8 0
ipqe 40 8 0 4 1 0 1 1 0 8 0
inpcb 336 285 0 274 4 0 4 4 0 8 2
nd6 136 26 0 7 1 0 1 1 0 8 0
kcovpl 48 45 0 39 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 458 0 92 29 0 29 29 0 8 1
art_table 32 459 0 92 4 0 4 4 0 8 0
art_node 16 113 0 32 1 0 1 1 0 8 0
sysvmsgpl 40 1 0 1 1 0 1 1 0 8 1
semupl 112 3 0 3 1 0 1 1 0 8 1
semapl 112 18 0 8 1 0 1 1 0 8 0
shmpl 112 10 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1910 0 368 97 0 97 97 0 8 0
ffsino 272 1910 0 368 103 0 103 103 0 8 0
nchpl 144 2319 0 611 64 0 64 64 0 8 0
uvmvnodes 80 2504 0 0 52 0 52 52 0 8 0
vnodes 216 2504 0 0 140 0 140 140 0 8 0
namei 1024 8079 0 8077 1 0 1 1 0 8 0
percpumem 16 46 0 2 1 0 1 1 0 8 0
kstatmem 264 22 0 4 2 0 2 2 0 8 0
scxspl 216 6416 0 6416 3 1 2 2 1 8 2
plimitpl 152 151 0 129 2 0 2 2 0 8 1
sigapl 424 656 0 606 8 0 8 8 0 8 1
futexpl 64 2401 0 2399 1 0 1 1 0 8 0
knotepl 120 314 0 0 10 0 10 10 0 8 0
kqueuepl 216 69 0 60 1 0 1 1 0 8 0
pipepl 320 309 0 281 4 0 4 4 0 8 0
fdescpl 496 637 0 606 6 0 6 6 0 8 1
filepl 152 4091 0 3875 19 1 18 19 0 8 8
lockfpl 104 58 0 53 1 0 1 1 0 8 0
lockfspl 48 24 0 21 1 0 1 1 0 8 0
sessionpl 144 62 0 47 1 0 1 1 0 8 0
pgrppl 48 111 0 89 1 0 1 1 0 8 0
ucredpl 104 723 0 706 1 0 1 1 0 8 0
zombiepl 144 606 0 606 1 0 1 1 0 8 1
processpl 1160 656 0 606 5 0 5 5 0 8 0
procpl 648 905 0 848 7 0 7 7 0 8 2
sosppl 168 2 0 2 1 0 1 1 0 8 1
sockpl 664 778 0 748 15 4 11 15 0 8 8
mcl64k 65536 3 0 0 1 0 1 1 0 8 0
mcl16k 16384 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 129 0 0 17 0 17 17 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 18 0 0 3 0 3 3 0 8 0
mtagpl 96 4 0 0 1 0 1 1 0 8 0
mbufpl 256 722 0 0 46 0 46 46 0 8 0
bufpl 280 2482 0 94 171 0 171 171 0 8 0
anonpl 24 175406 0 172289 23 1 22 23 0 185 0
amapchunkpl 152 15895 0 15477 37 1 36 36 0 158 16
amappl16 200 4675 0 4664 5 3 2 5 0 8 1
amappl15 192 12 0 12 1 1 0 1 0 8 0
amappl14 184 118 0 107 1 0 1 1 0 8 0
amappl13 176 4 0 4 1 1 0 1 0 8 0
amappl12 168 1251 0 1221 3 1 2 2 0 8 0
amappl11 160 50 0 40 1 0 1 1 0 8 0
amappl10 152 15 0 15 1 1 0 1 0 8 0
amappl9 144 147 0 147 1 1 0 1 0 8 0
amappl8 136 26 0 25 1 0 1 1 0 8 0
amappl7 128 102 0 91 1 0 1 1 0 8 0
amappl6 120 162 0 161 1 0 1 1 0 8 0
amappl5 112 136 0 126 1 0 1 1 0 8 0
amappl4 104 298 0 284 1 0 1 1 0 8 0
amappl3 96 2626 0 2549 4 0 4 4 0 8 1
amappl2 88 950 0 864 3 0 3 3 0 8 1
amappl1 80 9022 0 8420 14 1 13 14 0 8 0
amappl 88 4244 0 4092 6 0 6 6 0 92 1
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 12 0 0 1 0 1 1 0 8 0
uaddrrnd 24 637 0 606 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 637 0 606 1 0 1 1 0 8 0
vmmpekpl 168 8350 0 8297 3 0 3 3 0 8 0
vmmpepl 168 48453 0 46657 93 0 93 93 0 357 11
vmsppl 440 636 0 606 6 1 5 5 0 8 1
rwobjpl 56 20546 0 17155 50 2 48 48 0 8 0
pdppl 4096 1281 0 1212 117 44 73 97 0 8 4
pvpl 32 10186 0 0 84 1 83 83 0 265 0
pmappl 248 636 0 606 3 0 3 3 0 8 0
extentpl 40 55 0 38 1 0 1 1 0 8 0
phpool 112 432 0 46 12 0 12 12 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x7658f19742c0, count: -1
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_const_cmp1(4,0) at __sanitizer_cov_trace_const_cmp1+0x2e kd_curproc sys/dev/kcov.c:589 [inline]
__sanitizer_cov_trace_const_cmp1(4,0) at __sanitizer_cov_trace_const_cmp1+0x2e sys/dev/kcov.c:223
comcnputc(800,37) at comcnputc+0x1e5 sys/dev/ic/com.c:1269
cnputc(37) at cnputc+0x61 sys/dev/cons.c:218
db_putchar(37) at db_putchar+0x65c sys/ddb/db_output.c:155
kprintf() at kprintf+0x2aba sys/kern/subr_prf.c:1065
db_printf(ffffffff830941d4) at db_printf+0x9b
fault(ffffffff8303fe12) at fault+0xa7 sys/arch/amd64/amd64/trap.c:157
kpageflttrap(ffff80002a198980,ffff8000013c7008) at kpageflttrap+0x385 sys/arch/amd64/amd64/trap.c:290
kerntrap(ffff80002a198980) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
unveil_add_vnode(ffff80002a02dbf8,fffffd8060b6f988) at unveil_add_vnode+0xda sys/kern/kern_unveil.c:391
end trace frame: 0xffff80002a198b60, count: 0
ddb{1}> trace
x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_const_cmp1(4,0) at __sanitizer_cov_trace_const_cmp1+0x2e kd_curproc sys/dev/kcov.c:589 [inline]
__sanitizer_cov_trace_const_cmp1(4,0) at __sanitizer_cov_trace_const_cmp1+0x2e sys/dev/kcov.c:223
comcnputc(800,37) at comcnputc+0x1e5 sys/dev/ic/com.c:1269
cnputc(37) at cnputc+0x61 sys/dev/cons.c:218
db_putchar(37) at db_putchar+0x65c sys/ddb/db_output.c:155
kprintf() at kprintf+0x2aba sys/kern/subr_prf.c:1065
db_printf(ffffffff830941d4) at db_printf+0x9b
fault(ffffffff8303fe12) at fault+0xa7 sys/arch/amd64/amd64/trap.c:157
kpageflttrap(ffff80002a198980,ffff8000013c7008) at kpageflttrap+0x385 sys/arch/amd64/amd64/trap.c:290
kerntrap(ffff80002a198980) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
unveil_add_vnode(ffff80002a02dbf8,fffffd8060b6f988) at unveil_add_vnode+0xda sys/kern/kern_unveil.c:391
unveil_add(ffff80002a02dbf8,ffff80002a198b78,ffff80002a198c33) at unveil_add+0x448 sys/kern/kern_unveil.c:494
sys_unveil(ffff80002a02dbf8,ffff80002a198d60,ffff80002a198cb0) at sys_unveil+0x60c sys/kern/vfs_syscalls.c:1020
syscall(ffff80002a198d60) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:178 [inline]
syscall(ffff80002a198d60) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf95eb52ec0, count: -18