*cpu0: uvm_fault(0xfffffd8066941740, 0x668, 0, 2) -> e
ddb{1}> trace
proc_trampoline() at proc_trampoline+0xdc
end of kernel
end trace frame: 0x7f7ffffbfdc0, count: -1
ddb{1}> show registers
rdi 0
rsi 0
rbp 0xffff800027b1d800
rbx 0
rdx 0
rcx 0
rax 0x2a
r8 0xffff800027b1d730
r9 0
r10 0x643df02a757e18e5
r11 0x550cb6f89242758a
r12 0
r13 0
r14 0
r15 0
rip 0xffffffff8194e50c proc_trampoline+0xdc
cs 0x8
rflags 0x246
rsp 0xffff800027b1d780
ss 0
proc_trampoline+0xdc: movl $0,%gs:0x538
ddb{1}> show proc
PROC (syz-executor.0) pid=102587 stat=onproc
flags process=0 proc=0
pri=71, usrpri=71, nice=20
forw=0xffffffffffffffff, list=0xffff80002126f508,0xffffffff8293ceb0
process=0xffff8000ffff94d0 user=0xffff800027b18000, vmspace=0xfffffd80669418b0
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*34611 102587 35159 0 7 0 syz-executor.0
98283 509153 54699 0 2 0 syz-executor.3
98283 125583 54699 0 3 0x4000080 netcon2 syz-executor.3
20306 37376 94716 0 2 0 syz-executor.2
20306 13004 94716 0 7 0x4000000 syz-executor.2
54699 516917 43389 0 2 0x482 syz-executor.3
98038 250209 0 0 3 0x14200 bored sosplice
94716 189041 43389 0 2 0x2 syz-executor.2
41611 320436 43389 0 2 0x482 syz-executor.1
35159 377388 43389 0 3 0x82 nanoslp syz-executor.0
43389 162027 45887 0 3 0x82 thrsleep syz-fuzzer
43389 248896 45887 0 3 0x4000082 nanoslp syz-fuzzer
43389 366066 45887 0 3 0x4000082 thrsleep syz-fuzzer
43389 22046 45887 0 3 0x4000082 thrsleep syz-fuzzer
43389 117205 45887 0 3 0x4000082 thrsleep syz-fuzzer
43389 506186 45887 0 3 0x4000082 thrsleep syz-fuzzer
43389 420821 45887 0 3 0x4000082 thrsleep syz-fuzzer
43389 304366 45887 0 3 0x4000082 thrsleep syz-fuzzer
43389 260201 45887 0 3 0x4000082 kqread syz-fuzzer
43389 91563 45887 0 3 0x4000082 thrsleep syz-fuzzer
45887 393181 87483 0 3 0x10008a sigsusp ksh
87483 292225 44421 0 3 0x9a poll sshd
37180 251769 1 0 3 0x100083 ttyin getty
44421 369530 1 0 3 0x88 poll sshd
68731 217659 83534 74 3 0x100092 bpf pflogd
83534 182436 1 0 3 0x80 netio pflogd
205 349933 83467 73 3 0x100090 kqread syslogd
83467 492440 1 0 3 0x100082 netio syslogd
8552 4054 1 0 3 0x100080 kqread resolvd
14426 406486 12833 77 3 0x100092 kqread dhcpleased
93185 284209 12833 77 3 0x100092 kqread dhcpleased
12833 44550 1 0 3 0x80 kqread dhcpleased
50330 119362 0 0 3 0x14200 bored smr
38897 437269 0 0 2 0x14200 zerothread
70854 444463 0 0 3 0x14200 aiodoned aiodoned
50488 226477 0 0 3 0x14200 syncer update
61315 174508 0 0 3 0x14200 cleaner cleaner
95987 190766 0 0 3 0x14200 reaper reaper
1812 170925 0 0 3 0x14200 pgdaemon pagedaemon
52060 10665 0 0 3 0x14200 bored viomb
11541 245199 0 0 3 0x40014200 acpi0 acpi0
24397 244182 0 0 3 0x40014200 idle1
75777 237891 0 0 3 0x14200 bored softnet
79173 505050 0 0 3 0x14200 bored systqmp
95890 14277 0 0 3 0x14200 bored systq
89874 413975 0 0 2 0x40014200 softclock
8654 406510 0 0 3 0x40014200 idle0
1 283632 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex amappl16 r = 0 (0xffffffff829f52e8)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pool_get+0xbd sys/kern/subr_pool.c:581
#4 amap_alloc1+0x151
#5 amap_alloc+0x83 sys/uvm/uvm_amap.c:429
#6 amap_copy+0x62c sys/uvm/uvm_amap.c:589
#7 uvm_fault_check+0x677 uvmfault_amapcopy sys/uvm/uvm_fault.c:250 [inline]
#7 uvm_fault_check+0x677 sys/uvm/uvm_fault.c:712
#8 uvm_fault+0x102 sys/uvm/uvm_fault.c:602
#9 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
#10 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403
#11 recall_trap+0x8
Process 34611 (syz-executor.0) thread 0xffff80002126e008 (102587)
exclusive rwlock vmmaplk r = 0 (0xfffffd80669418c8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 vm_map_lock_ln+0xda sys/uvm/uvm_map.c:5458
#3 uvmfault_lookup+0xc2 sys/uvm/uvm_fault.c:1738
#4 uvm_fault_check+0x603 uvmfault_amapcopy sys/uvm/uvm_fault.c:236 [inline]
#4 uvm_fault_check+0x603 sys/uvm/uvm_fault.c:712
#5 uvm_fault+0x102 sys/uvm/uvm_fault.c:602
#6 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
#7 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403
#8 recall_trap+0x8
exclusive mutex amappl16 r = 0 (0xffffffff829f52e8)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pool_get+0xbd sys/kern/subr_pool.c:581
#4 amap_alloc1+0x151
#5 amap_alloc+0x83 sys/uvm/uvm_amap.c:429
#6 amap_copy+0x62c sys/uvm/uvm_amap.c:589
#7 uvm_fault_check+0x677 uvmfault_amapcopy sys/uvm/uvm_fault.c:250 [inline]
#7 uvm_fault_check+0x677 sys/uvm/uvm_fault.c:712
#8 uvm_fault+0x102 sys/uvm/uvm_fault.c:602
#9 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
#10 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403
#11 recall_trap+0x8
Process 20306 (syz-executor.2) thread 0xffff80002126e7e8 (13004)
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff828f9c10)
#0 witness_lock+0x44d
#1 syscall+0x3ef mi_syscall sys/sys/syscall_mi.h:93 [inline]
#1 syscall+0x3ef sys/arch/amd64/amd64/trap.c:585
#2 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10173 6604K 6795K 78643K 11743 0
pcb 13 8K 8K 78643K 53 0
rtable 157 5K 5K 78643K 289 0
ifaddr 59 13K 13K 78643K 77 0
sysctl 2 0K 0K 78643K 2 0
counters 48 34K 34K 78643K 54 0
ioctlops 0 0K 4K 78643K 1511 0
iov 0 0K 8K 78643K 18 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1239 78K 78K 78643K 1393 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 1K 1K 78643K 2 0
sem 12 1K 1K 78643K 16 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12598 0
file desc 9 29K 45K 78643K 569 0
proc 70 87K 111K 78643K 451 0
subproc 52 3K 3K 78643K 65 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 20 0
in_multi 55 3K 4K 78643K 97 0
ether_multi 1 0K 0K 78643K 17 0
mrt 0 0K 0K 78643K 6 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 49 228K 228K 78643K 49 0
exec 0 0K 2K 78643K 503 0
pfkey data 0 0K 0K 78643K 1 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 258 112K 113K 78643K 8142 0
UVM aobj 4 2K 2K 78643K 4 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 37 0
NDP 8 0K 1K 78643K 22 0
temp 63 4194K 4258K 78643K 7419 0
kqueue 10 14K 22K 78643K 29 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 33 0 30 1 0 1 1 0 8 0
rtentry 112 81 0 14 2 0 2 2 0 8 0
unpcb 136 83 0 68 1 0 1 1 0 8 0
syncache 296 12 0 12 2 1 1 1 0 8 1
tcpqe 32 309 0 309 2 1 1 2 0 8 1
tcpcb 736 92 0 79 3 0 3 3 0 8 0
arp 120 12 0 2 1 0 1 1 0 8 0
inpcb 304 263 0 248 2 0 2 2 0 8 0
nd6 48 18 0 5 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 1 0 1 0 8 0
kcovpl 48 5 0 1 1 0 1 1 0 8 0
pffrag 232 2 0 0 1 0 1 1 0 482 0
pffrnode 88 2 0 0 1 0 1 1 0 8 0
pffrent 40 3 0 1 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 2 0 0 1 0 1 1 0 8 0
pfstitem 24 37 0 1 1 0 1 1 0 8 0
pfstkey 112 37 0 1 2 0 2 2 0 8 0
pfstate 320 37 0 1 4 0 4 4 0 8 0
pfrule 1360 32 0 22 2 0 2 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 325 0 46 18 0 18 18 0 8 0
art_table 32 326 0 46 3 0 3 3 0 8 0
art_node 16 80 0 19 1 0 1 1 0 8 0
sysvmsgpl 40 12 0 4 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 13 0 3 1 0 1 1 0 8 0
shmpl 112 1 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 2032 0 620 89 0 89 89 0 8 0
ffsino 272 2032 0 620 95 0 95 95 0 8 0
nchpl 144 2821 0 1218 61 0 61 61 0 8 0
uvmvnodes 80 2216 0 0 46 0 46 46 0 8 0
vnodes 224 2216 0 0 131 0 131 131 0 8 0
namei 1024 7678 0 7678 1 0 1 1 0 8 1
percpumem 16 39 0 3 1 0 1 1 0 8 0
vcpupl 2048 4 0 0 1 0 1 1 0 8 0
vmpool 560 4 0 0 1 0 1 1 0 8 0
pfiaddrpl 120 4 0 0 1 0 1 1 0 8 0
scxspl 216 9528 0 9528 9 2 7 8 0 8 7
plimitpl 152 27 0 16 1 0 1 1 0 8 0
sigapl 424 814 0 777 5 0 5 5 0 8 0
futexpl 64 2457 0 2457 1 0 1 1 0 8 1
knotepl 112 72 0 0 3 0 3 3 0 8 0
kqueuepl 216 58 0 51 1 0 1 1 0 8 0
pipepl 336 110 0 94 2 0 2 2 0 8 0
fdescpl 496 799 0 777 4 1 3 4 0 8 0
filepl 152 2545 0 2391 7 0 7 7 0 8 1
lockfpl 104 32 0 30 1 0 1 1 0 8 0
lockfspl 48 16 0 14 1 0 1 1 0 8 0
sessionpl 144 21 0 8 1 0 1 1 0 8 0
pgrppl 48 21 0 8 1 0 1 1 0 8 0
ucredpl 96 168 0 156 1 0 1 1 0 8 0
zombiepl 144 777 0 776 1 0 1 1 0 8 0
processpl 1064 814 0 776 3 0 3 3 0 8 0
procpl 672 1354 0 1305 5 0 5 5 0 8 0
sosppl 168 2 0 2 1 1 0 1 0 8 0
sockpl 480 382 0 349 5 0 5 5 0 8 0
mcl64k 65536 3 0 0 1 0 1 1 0 8 0
mcl16k 16384 1 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 9 0 0 2 0 2 2 0 8 0
mcl4k 4096 9 0 0 2 0 2 2 0 8 0
mcl2k 2048 344 0 0 42 0 42 42 0 8 0
mtagpl 96 64 0 0 2 0 2 2 0 8 0
mbufpl 256 413 0 0 25 0 25 25 0 8 0
bufpl 288 5024 0 141 349 0 349 349 0 8 0
anonpl 24 183585 0 169384 101 10 91 97 0 186 0
amapchunkpl 152 19361 0 18705 32 1 31 31 0 158 0
amappl16 200 1839 0 1401 27 3 24 27 0 8 0
amappl14 184 6 0 5 1 0 1 1 0 8 0
amappl13 176 177 0 172 1 0 1 1 0 8 0
amappl12 168 24 0 17 1 0 1 1 0 8 0
amappl11 160 176 0 160 1 0 1 1 0 8 0
amappl10 152 247 0 236 1 0 1 1 0 8 0
amappl9 144 487 0 485 1 0 1 1 0 8 0
amappl8 136 479 0 434 2 0 2 2 0 8 0
amappl7 128 159 0 144 1 0 1 1 0 8 0
amappl6 120 160 0 145 1 0 1 1 0 8 0
amappl5 112 706 0 686 1 0 1 1 0 8 0
amappl4 104 767 0 740 1 0 1 1 0 8 0
amappl3 96 292 0 274 1 0 1 1 0 8 0
amappl2 88 519 0 475 3 1 2 2 0 8 1
amappl1 80 16720 0 16225 13 1 12 13 0 8 0
amappl 88 7759 0 7573 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 3 0 0 1 0 1 1 0 8 0
uaddrrnd 24 803 0 777 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 803 0 777 1 0 1 1 0 8 0
vmmpekpl 168 8771 0 8734 2 0 2 2 0 8 0
vmmpepl 168 74775 0 72840 104 3 101 102 0 357 13
vmsppl 368 802 0 777 3 0 3 3 0 8 0
rwobjpl 56 20651 0 17147 50 0 50 50 0 8 0
pdppl 4096 1614 0 1558 86 28 58 60 0 8 2
pvpl 32 408091 0 390269 167 8 159 166 0 265 7
pmappl 248 802 0 777 2 0 2 2 0 8 0
extentpl 40 57 0 38 1 0 1 1 0 8 0
phpool 112 729 0 30 20 0 20 20 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff82779ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x28 sys/arch/amd64/amd64/bus_space.c:639
comcnputc(800,29) at comcnputc+0x97 sys/dev/ic/com.c:1259
cnputc(29) at cnputc+0x4b sys/dev/cons.c:239
db_putchar(29) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff824fe220) at db_printf+0x85 sys/kern/subr_prf.c:502
fault(ffffffff824b579c) at fault+0x95 sys/arch/amd64/amd64/trap.c:154
kpageflttrap(ffff8000262eeb30,668) at kpageflttrap+0x25a sys/arch/amd64/amd64/trap.c:275
kerntrap(ffff8000262eeb30) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:318
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
pppacopen(4086331,1,2000,ffff80002126e7e8) at pppacopen+0x1b5 sys/net/if_pppx.c:1020
end trace frame: 0xffff8000262eeca0, count: 0
ddb{0}> trace
x86_ipi_db(ffffffff82779ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x28 sys/arch/amd64/amd64/bus_space.c:639
comcnputc(800,29) at comcnputc+0x97 sys/dev/ic/com.c:1259
cnputc(29) at cnputc+0x4b sys/dev/cons.c:239
db_putchar(29) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff824fe220) at db_printf+0x85 sys/kern/subr_prf.c:502
fault(ffffffff824b579c) at fault+0x95 sys/arch/amd64/amd64/trap.c:154
kpageflttrap(ffff8000262eeb30,668) at kpageflttrap+0x25a sys/arch/amd64/amd64/trap.c:275
kerntrap(ffff8000262eeb30) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:318
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
pppacopen(4086331,1,2000,ffff80002126e7e8) at pppacopen+0x1b5 sys/net/if_pppx.c:1020
spec_open(ffff8000262eecb8) at spec_open+0x3d7 sys/kern/spec_vnops.c:157
VOP_OPEN(fffffd80687483f8,1,fffffd807f7d7600,ffff80002126e7e8) at VOP_OPEN+0x75 sys/kern/vfs_vops.c:138
vn_open(ffff8000262eef08,1,0) at vn_open+0x467 sys/kern/vfs_vnops.c:183
doopenat(ffff80002126e7e8,ffffff9c,20000100,0,0,ffff8000262ef0f0) at doopenat+0x26a sys/kern/vfs_syscalls.c:1128
syscall(ffff8000262ef160) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000262ef160) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9b1c46b5340, count: -20
ddb{0}> machine ddbcpu 1
Stopped at proc_trampoline+0xdc: movl $0,%gs:0x538
proc_trampoline() at proc_trampoline+0xdc
end of kernel
end trace frame: 0x7f7ffffbfdc0, count: 14
ddb{1}> trace
proc_trampoline() at proc_trampoline+0xdc
end of kernel
end trace frame: 0x7f7ffffbfdc0, count: -1