*cpu1: uvm_fault(0xffffffff838d2588, 0xffff8000014b80aa, 0, 1) -> e
ddb{0}> trace
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x7e7a7895ef90, count: -1
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80003c51a130
rbx 0
rdx 0
rcx 0xffff8000ffff1c58
rax 0x2a
r8 0xffff80003c51a060
r9 0
r10 0x4070f7ee2e4229ce
r11 0x2cfcd4e4835e7f53
r12 0
r13 0xffffffff810bfea8 Xdoreti+0x18
r14 0
r15 0
rip 0xffffffff8145a4c7 proc_trampoline+0xc7
cs 0x8
rflags 0x246
rsp 0xffff80003c51a0b0
ss 0
proc_trampoline+0xc7: movl $0,%gs:0x680
ddb{0}> show proc
PROC (syz-executor) tid=441263 pid=98038 tcnt=3 stat=onproc
flags process=0 proc=0
runpri=79, usrpri=79, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000ffff14a8,0xffff8000ffff1748
process=0xffff8000fffed280 user=0xffff80003c515000, vmspace=0xfffffd806be7a570
estcpu=29, cpticks=6, pctcpu=0.4, user=8, sys=2, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
21934 108445 14184 0 2 0 syz-executor
21934 285079 14184 0 7 0x4000000 syz-executor
59857 376990 28935 0 2 0 syz-executor
59857 35257 28935 0 3 0x4000080 fsleep syz-executor
26884 261190 93190 0 3 0 vmmaplk syz-executor
26884 345810 93190 0 3 0x4000080 fsleep syz-executor
26884 492310 93190 0 2 0x4000000 syz-executor
*98038 441263 42770 0 7 0 syz-executor
98038 23915 42770 0 2 0x4000000 syz-executor
98038 478375 42770 0 3 0x4000080 fsleep syz-executor
1405 198406 23643 -1 3 0x90 nanoslp syz-executor
1405 233890 23643 -1 3 0x4000090 kqread syz-executor
1405 259221 23643 -1 3 0x4000090 fsleep syz-executor
1405 436524 23643 -1 3 0x4000090 fsleep syz-executor
16724 92110 0 0 3 0x14200 bored sosplice
50663 451181 1650 0 3 0x82 nanoslp syz-executor
93190 111153 1650 0 3 0x82 nanoslp syz-executor
14184 206134 1650 0 3 0x82 nanoslp syz-executor
75956 67921 1650 0 3 0x82 nanoslp syz-executor
28935 492508 1650 0 3 0x82 nanoslp syz-executor
42770 102593 1650 0 3 0x82 nanoslp syz-executor
85594 491675 1650 0 3 0x82 wait syz-executor
23643 283447 1650 0 3 0x82 nanoslp syz-executor
1650 500942 91241 0 3 0x82 kqread syz-executor
91241 143793 29183 0 3 0x10008a sigsusp ksh
29183 488792 19225 0 3 0x98 kqread sshd-session
19225 445870 42974 0 3 0x92 kqread sshd-session
60059 101847 1 0 3 0x100083 ttyin getty
42974 391442 1 0 3 0x88 kqread sshd
25250 518344 23630 74 3 0x1100092 bpf pflogd
23630 92074 1 0 3 0x80 sbwait pflogd
50754 40994 44282 73 3 0x1100090 kqread syslogd
44282 162138 1 0 3 0x100082 sbwait syslogd
81203 168516 1 0 3 0x100080 kqread resolvd
52850 156193 21115 77 3 0x100092 kqread dhcpleased
57415 379518 21115 77 3 0x100092 kqread dhcpleased
21115 445416 1 0 3 0x80 kqread dhcpleased
11335 114243 0 0 3 0x14200 bored smr
78864 305257 0 0 3 0x14200 pgzero zerothread
48157 271590 0 0 3 0x14200 aiodoned aiodoned
90250 520772 0 0 3 0x14200 syncer update
54490 298302 0 0 3 0x14200 cleaner cleaner
59724 2842 0 0 3 0x14200 reaper reaper
29195 518215 0 0 3 0x14200 pgdaemon pagedaemon
33588 77182 0 0 3 0x14200 bored viomb
48229 17106 0 0 3 0x40014200 acpi0 acpi0
73423 255283 0 0 3 0x40014200 idle1
35746 503901 0 0 3 0x14200 bored softnet3
57387 314740 0 0 3 0x14200 bored softnet2
96738 193749 0 0 3 0x14200 bored softnet1
16841 486606 0 0 3 0x14200 bored softnet0
14726 516467 0 0 3 0x14200 bored systqmp
59588 85299 0 0 3 0x14200 bored systq
42649 414881 0 0 3 0x14200 tmoslp softclockmp
60378 46567 0 0 3 0x40014200 tmoslp softclock
35163 269738 0 0 3 0x40014200 idle0
1 184219 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &sched_lock r = 0 (0xffffffff83960f10)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 mtx_enter_try+0x178
#2 mtx_enter+0x60 sys/kern/kern_lock.c:239
#3 yield+0x35 sys/kern/sched_bsd.c:317
#4 pool_get+0x265 sys/kern/subr_pool.c:593
#5 namei+0xdf sys/kern/vfs_lookup.c:145
#6 vn_open+0x13f sys/kern/vfs_vnops.c:140
#7 doopenat+0x32e sys/kern/vfs_syscalls.c:1139
#8 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
#9 Xsyscall+0x128
Process 21934 (syz-executor) thread 0xffff8000ffff2540 (285079)
exclusive rwlock netlock r = 0 (0xffffffff837defb8)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316
#2 rtm_output+0x76e sys/net/rtsock.c:969
#3 route_output+0x9a1 sys/net/rtsock.c:878
#4 route_send+0xd7 sys/net/rtsock.c:342
#5 sosend+0x804
#6 sendit+0x721 sys/kern/uipc_syscalls.c:779
#7 sys_sendto+0x8d sys/kern/uipc_syscalls.c:557
#8 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
#9 Xsyscall+0x128
exclusive rwlock sbufsnd r = 0 (0xffff800010fdda08)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316
#2 sblock+0xb7 sys/kern/uipc_socket2.c:536
#3 sosend+0x2e2 sys/kern/uipc_socket.c:631
#4 sendit+0x721 sys/kern/uipc_syscalls.c:779
#5 sys_sendto+0x8d sys/kern/uipc_syscalls.c:557
#6 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
#7 Xsyscall+0x128
Process 26884 (syz-executor) thread 0xffff8000ffff27d0 (492310)
exclusive rwlock vmmaplk r = 0 (0xfffffd806be7aa00)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316
#2 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5250
#3 uvmfault_lookup+0xe8 sys/uvm/uvm_fault.c:1858
#4 uvm_fault_check+0x987 uvmfault_amapcopy sys/uvm/uvm_fault.c:235 [inline]
#4 uvm_fault_check+0x987 sys/uvm/uvm_fault.c:774
#5 uvm_fault+0x106 sys/uvm/uvm_fault.c:668
#6 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188
#7 usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436
#8 recall_trap+0x8
Process 98038 (syz-executor) thread 0xffff8000ffff1738 (23915)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff838a6078)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 doopenat+0x314 sys/kern/vfs_syscalls.c:1139
#2 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#2 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
#3 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10199 11024K 11276K 166960K 11454 0
pcb 17 14K 16K 166960K 138 0
rtable 247 9K 9K 166960K 386 0
pf 38 18K 25K 166960K 107 0
ifaddr 44 7K 8K 166960K 60 0
ifgroup 60 2K 2K 166960K 89 0
sysctl 2 1K 1K 166960K 2 0
counters 66 36K 36K 166960K 92 0
ioctlops 0 0K 4K 166960K 1537 0
iov 0 0K 28K 166960K 25 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1337 84K 85K 166960K 1535 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 3 5K 5K 166960K 7 0
VM map 2 1K 1K 166960K 2 0
sem 10 0K 0K 166960K 13 0
dirhash 12 2K 2K 166960K 18 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 93K 166960K 378 0
sigio 0 0K 0K 166960K 6 0
proc 72 91K 140K 166960K 561 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 83 0
in_multi 99 7K 7K 166960K 108 0
ether_multi 1 0K 0K 166960K 2 0
mrt 0 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 73 334K 334K 166960K 73 0
exec 0 0K 1K 166960K 383 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 250 73K 76K 166960K 5165 0
UVM aobj 11 2K 4K 166960K 12 0
pinsyscall 43 86K 106K 166960K 1464 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 6 0
NDP 13 0K 2K 166960K 39 0
temp 41 8635K 8699K 166960K 10544 0
kqueue 15 24K 28K 166960K 82 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 52 0 48 1 0 1 1 0 8 0
rtentry 112 116 0 3 4 0 4 4 0 8 0
unpcb 144 185 0 168 2 0 2 2 0 8 1
syncache 336 4 0 4 1 1 0 1 0 8 0
tcpqe 32 1 0 1 1 1 0 1 0 8 0
tcpcb 808 128 0 123 8 0 8 8 0 8 7
arp 120 19 0 0 1 0 1 1 0 8 0
inpcb 376 390 0 377 15 5 10 15 0 8 8
nd6 136 24 0 0 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 0 1 1 0 8 1
kcovpl 48 8 0 0 1 0 1 1 0 8 0
ppxss 1168 10 0 10 2 1 1 1 0 8 1
pppxif 1472 2 0 2 1 0 1 1 0 8 1
pffrag 232 4 0 0 1 0 1 1 0 482 0
pffrnode 88 3 0 0 1 0 1 1 0 8 0
pffrent 40 6 0 2 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 34 0 0 1 0 1 1 0 8 0
pfstkey 128 34 0 0 2 0 2 2 0 8 0
pfstate 376 34 0 0 4 0 4 4 0 8 0
pfrule 1344 23 0 16 2 1 1 2 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 471 0 12 29 0 29 29 0 8 0
art_table 32 473 0 12 4 0 4 4 0 8 0
art_node 16 115 0 13 1 0 1 1 0 8 0
sysvmsgpl 40 1 0 1 1 0 1 1 0 8 1
semapl 112 11 0 3 1 0 1 1 0 8 0
shmpl 112 9 0 1 1 0 1 1 0 8 0
dirhash 1024 21 0 4 3 0 3 3 0 8 0
dino2pl 256 2041 0 536 95 0 95 95 0 8 0
ffsino 280 2041 0 536 109 0 109 109 0 8 0
nchpl 144 2605 0 913 63 0 63 63 0 8 0
rtmask 32 1 0 1 1 0 1 1 0 8 1
uvmvnodes 80 2216 0 0 46 0 46 46 0 8 0
vnodes 216 2216 0 0 124 0 124 124 0 8 0
namei 1024 8196 0 8195 3 2 1 2 0 8 0
percpumem 16 60 0 13 1 0 1 1 0 8 0
kstatmem 264 46 0 20 2 0 2 2 0 8 0
scsiplug 72 1 0 1 1 0 1 1 0 8 1
scxspl 216 7944 0 7944 3 2 1 2 1 8 1
plimitpl 152 148 0 131 1 0 1 1 0 8 0
sigapl 424 679 0 628 7 1 6 7 0 8 0
futexpl 64 3622 0 3617 1 0 1 1 0 8 0
knotepl 120 318 0 0 10 0 10 10 0 8 0
kqueuepl 216 104 0 92 1 0 1 1 0 8 0
pipepl 328 131 0 103 3 0 3 3 0 8 0
fdescpl 504 660 0 628 5 0 5 5 0 8 0
filepl 152 3035 0 2811 16 2 14 14 0 8 4
lockfpl 104 77 0 75 1 0 1 1 0 8 0
lockfspl 48 30 0 28 1 0 1 1 0 8 0
sessionpl 144 23 0 14 1 0 1 1 0 8 0
pgrppl 48 33 0 16 1 0 1 1 0 8 0
ucredpl 104 376 0 362 1 0 1 1 0 8 0
zombiepl 144 755 0 752 1 0 1 1 0 8 0
processpl 1176 679 0 628 5 0 5 5 0 8 0
procpl 656 1132 0 1072 6 0 6 6 0 8 0
sockpl 688 634 0 600 17 6 11 16 0 8 7
mcl64k 65536 3 0 0 1 0 1 1 0 8 0
mcl8k 8192 3 0 0 1 0 1 1 0 8 0
mcl4k 4096 117 0 0 15 0 15 15 0 8 0
mcl2k 2048 22 0 0 3 0 3 3 0 8 0
mtagpl 96 5 0 0 1 0 1 1 0 8 0
mbufpl 256 164 0 0 11 0 11 11 0 8 0
bufpl 280 2743 0 132 187 0 187 187 0 8 0
anonpl 24 122347 0 114204 53 3 50 50 0 184 0
amapchunkpl 152 15842 0 15237 26 1 25 25 0 158 1
amappl16 200 2422 0 2144 18 3 15 15 0 8 0
amappl15 192 5 0 5 1 1 0 1 0 8 0
amappl14 184 111 0 99 1 0 1 1 0 8 0
amappl13 176 2 0 2 1 1 0 1 0 8 0
amappl12 168 1333 0 1301 3 1 2 3 0 8 0
amappl11 160 54 0 40 1 0 1 1 0 8 0
amappl10 152 24 0 24 1 1 0 1 0 8 0
amappl9 144 267 0 266 2 1 1 1 0 8 0
amappl8 136 23 0 20 1 0 1 1 0 8 0
amappl7 128 118 0 106 1 0 1 1 0 8 0
amappl6 120 174 0 171 1 0 1 1 0 8 0
amappl5 112 121 0 110 1 0 1 1 0 8 0
amappl4 104 323 0 304 1 0 1 1 0 8 0
amappl3 96 2904 0 2774 4 0 4 4 0 8 0
amappl2 88 643 0 579 2 0 2 2 0 8 0
amappl1 80 8681 0 8103 14 0 14 14 0 8 0
amappl 88 4785 0 4590 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 11 0 1 1 0 1 1 0 8 0
uaddrrnd 24 660 0 628 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 660 0 628 1 0 1 1 0 8 0
vmmpekpl 168 7200 0 7165 2 0 2 2 0 8 0
vmmpepl 168 46787 0 44590 100 4 96 96 0 357 0
vmsppl 456 659 0 628 5 1 4 5 0 8 0
rwobjpl 64 18028 0 14586 56 0 56 56 0 8 0
pdppl 4096 1328 0 1256 100 28 72 86 0 8 0
pvpl 32 15548 0 0 127 1 126 126 0 265 0
pmappl 248 659 0 628 3 0 3 3 0 8 0
extentpl 40 55 0 38 1 0 1 1 0 8 0
phpool 112 282 0 34 8 0 8 8 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x7e7a7895ef90, count: -1
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff800029aabff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:654
comcnputc(800,30) at comcnputc+0x250 comcn_read_reg sys/dev/ic/com.c:1655 [inline]
comcnputc(800,30) at comcnputc+0x250 sys/dev/ic/com.c:1269
cnputc(30) at cnputc+0x61 sys/dev/cons.c:218
db_putchar(30) at db_putchar+0x65c sys/ddb/db_output.c:155
kprintf() at kprintf+0x2aba sys/kern/subr_prf.c:1065
db_printf(ffffffff833de030) at db_printf+0x9b
fault(ffffffff833844c2) at fault+0xa7 sys/arch/amd64/amd64/trap.c:157
kpageflttrap(ffff80003c51f9d0,ffff8000014b80aa) at kpageflttrap+0x385 sys/arch/amd64/amd64/trap.c:290
kerntrap(ffff80003c51f9d0) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
arp_rtrequest(ffff800000039058,1,fffffd80689496a8) at arp_rtrequest+0x660 arprequest sys/netinet/if_ether.c:281 [inline]
arp_rtrequest(ffff800000039058,1,fffffd80689496a8) at arp_rtrequest+0x660 sys/netinet/if_ether.c:184
end trace frame: 0xffff80003c51fc00, count: 0
ddb{1}> trace
x86_ipi_db(ffff800029aabff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:654
comcnputc(800,30) at comcnputc+0x250 comcn_read_reg sys/dev/ic/com.c:1655 [inline]
comcnputc(800,30) at comcnputc+0x250 sys/dev/ic/com.c:1269
cnputc(30) at cnputc+0x61 sys/dev/cons.c:218
db_putchar(30) at db_putchar+0x65c sys/ddb/db_output.c:155
kprintf() at kprintf+0x2aba sys/kern/subr_prf.c:1065
db_printf(ffffffff833de030) at db_printf+0x9b
fault(ffffffff833844c2) at fault+0xa7 sys/arch/amd64/amd64/trap.c:157
kpageflttrap(ffff80003c51f9d0,ffff8000014b80aa) at kpageflttrap+0x385 sys/arch/amd64/amd64/trap.c:290
kerntrap(ffff80003c51f9d0) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
arp_rtrequest(ffff800000039058,1,fffffd80689496a8) at arp_rtrequest+0x660 arprequest sys/netinet/if_ether.c:281 [inline]
arp_rtrequest(ffff800000039058,1,fffffd80689496a8) at arp_rtrequest+0x660 sys/netinet/if_ether.c:184
rtrequest(1,ffff80003c51fcb0,0,ffff80003c51fc30,0) at rtrequest+0xbdc sys/net/route.c:1110
rtm_output(ffff8000014b3b00,ffff80003c51fd58,ffff80003c51fcb0,0,0) at rtm_output+0x855 sys/net/rtsock.c:973
route_output(fffffd806058c200,ffff800010fdd848) at route_output+0x9a1 sys/net/rtsock.c:878
route_send(ffff800010fdd848,fffffd806058c200,0,0) at route_send+0xd7 sys/net/rtsock.c:342
sosend(ffff800010fdd848,0,ffff80003c51fef8,0,0,802) at sosend+0x804
sendit(ffff8000ffff2540,3,ffff80003c51fff0,802,ffff80003c5200a0) at sendit+0x721 sys/kern/uipc_syscalls.c:779
sys_sendto(ffff8000ffff2540,ffff80003c520150,ffff80003c5200a0) at sys_sendto+0x8d sys/kern/uipc_syscalls.c:557
syscall(ffff80003c520150) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c520150) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd78f61fae90, count: -23