*cpu1: uvm_fault(0xfffffd80643173f8, 0x0, 0, 1) -> e
ddb{0}> trace
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x7a939cce6690, count: -1
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80003a033d30
rbx 0
rdx 0
rcx 0xffff80003c4b2aa0
rax 0x2a
r8 0xffff80003a033c60
r9 0x7a939cce6001
r10 0xb522f2cf6c6917e5
r11 0x8e3ae336894d58ef
r12 0
r13 0
r14 0
r15 0
rip 0xffffffff824204c7 proc_trampoline+0xc7
cs 0x8
rflags 0x246
rsp 0xffff80003a033cb0
ss 0
proc_trampoline+0xc7: movl $0,%gs:0x688
ddb{0}> show proc
PROC (syz-executor) tid=450931 pid=90197 tcnt=1 stat=onproc
flags process=0 proc=0
runpri=50, usrpri=50, slppri=17, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff800035c0ed28,0xffff80003c4b37a8
process=0xffff80003c4da1d8 user=0xffff80003a02e000, vmspace=0xfffffd8064317210
estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*90197 450931 49518 0 7 0 syz-executor
50561 213949 61577 0 2 0 syz-executor
50561 40137 61577 0 2 0x4000000 syz-executor
5269 72621 43760 0 2 0 syz-executor
5269 293691 43760 0 2 0x4000000 syz-executor
12929 371061 0 0 3 0x14200 acct acct
43921 446582 54547 -1 2 0x10 syz-executor
43921 477232 54547 -1 3 0x4000090 fsleep syz-executor
42411 380613 57967 0 3 0x80 nanoslp syz-executor
42411 254689 57967 0 3 0x4000080 fsleep syz-executor
42411 18959 57967 0 3 0x4000080 ttyout syz-executor
42411 454287 57967 0 3 0x4000080 fsleep syz-executor
33056 160674 13515 0 2 0 syz-executor
33056 134622 13515 0 3 0x4000080 kqpoll syz-executor
33056 345887 13515 0 3 0x4000080 fsleep syz-executor
28942 256992 11078 0 2 0 syz-executor
28942 146740 11078 0 3 0x4000080 fsleep syz-executor
28942 440764 11078 0 3 0x4000080 lockf syz-executor
13515 505555 49171 0 3 0x82 nanoslp syz-executor
78765 338364 1 0 3 0x100083 ttyopn getty
64287 139129 0 0 3 0x14200 bored sosplice
49518 39003 49171 0 3 0x82 nanoslp syz-executor
57967 144375 49171 0 3 0x82 nanoslp syz-executor
62758 291751 49171 0 2 0x2 syz-executor
11078 207207 49171 0 3 0x82 nanoslp syz-executor
54547 251262 49171 0 3 0x82 nanoslp syz-executor
43760 53729 49171 0 3 0x82 nanoslp syz-executor
61577 499683 49171 0 3 0x82 nanoslp syz-executor
49171 122287 38075 0 3 0x82 kqread syz-executor
38075 454894 49813 0 3 0x10008a sigsusp ksh
49813 78069 75786 0 3 0x98 kqread sshd-session
75786 24079 77270 0 3 0x92 kqread sshd-session
77270 44248 1 0 3 0x88 kqread sshd
31562 331418 23613 74 3 0x1100092 bpf pflogd
23613 391986 1 0 3 0x80 sbwait pflogd
54049 372652 15347 73 3 0x1100090 kqread syslogd
15347 164679 1 0 3 0x100082 sbwait syslogd
70808 256548 1 0 3 0x100080 kqread resolvd
69591 293972 50716 77 3 0x100092 kqread dhcpleased
68242 506717 50716 77 3 0x100092 kqread dhcpleased
50716 168069 1 0 3 0x80 kqread dhcpleased
74224 176050 0 0 3 0x14200 bored smr
61644 42753 0 0 2 0x14200 zerothread
44806 417222 0 0 3 0x14200 aiodoned aiodoned
78474 422628 0 0 3 0x14200 syncer update
89649 145680 0 0 3 0x14200 cleaner cleaner
30082 414733 0 0 3 0x14200 reaper reaper
29802 312667 0 0 3 0x14200 pgdaemon pagedaemon
26183 124987 0 0 3 0x14200 bored viomb
16023 431634 0 0 3 0x40014200 acpi0 acpi0
67076 493217 0 0 3 0x40014200 idle1
11523 59705 0 0 3 0x14200 bored softnet7
73339 122063 0 0 3 0x14200 bored softnet6
87053 154746 0 0 3 0x14200 bored softnet5
55340 247510 0 0 3 0x14200 bored softnet4
48982 60829 0 0 3 0x14200 bored softnet3
40226 335377 0 0 3 0x14200 bored softnet2
12475 314097 0 0 3 0x14200 bored softnet1
43112 196645 0 0 3 0x14200 bored softnet0
22836 31972 0 0 3 0x14200 bored systqmp
29377 219614 0 0 3 0x14200 bored systq
90038 301514 0 0 3 0x14200 tmoslp softclockmp
85358 390475 0 0 3 0x40014200 tmoslp softclock
98983 464451 0 0 3 0x40014200 idle0
1 503555 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &map->flags_lock r = 0 (0xfffffd8064317388)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter_try+0x1ad sys/kern/kern_lock.c:311
#2 mtx_enter+0x62 sys/kern/kern_lock.c:261
#3 vm_map_lock_ln+0x13f sys/uvm/uvm_map.c:5169
#4 uvm_grow+0xa4 sys/uvm/uvm_unix.c:128
#5 upageflttrap+0x1dd sys/arch/amd64/amd64/trap.c:197
#6 usertrap+0x3c6 sys/arch/amd64/amd64/trap.c:603
#7 recall_trap+0x8
Process 90197 (syz-executor) thread 0xffff80003c4b2aa0 (450931)
exclusive rwlock vmmaplk r = 0 (0xfffffd8064317310)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5168
#3 uvm_grow+0xa4 sys/uvm/uvm_unix.c:128
#4 upageflttrap+0x1dd sys/arch/amd64/amd64/trap.c:197
#5 usertrap+0x3c6 sys/arch/amd64/amd64/trap.c:603
#6 recall_trap+0x8
exclusive mutex &map->flags_lock r = 0 (0xfffffd8064317388)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter_try+0x1ad sys/kern/kern_lock.c:311
#2 mtx_enter+0x62 sys/kern/kern_lock.c:261
#3 vm_map_lock_ln+0x13f sys/uvm/uvm_map.c:5169
#4 uvm_grow+0xa4 sys/uvm/uvm_unix.c:128
#5 upageflttrap+0x1dd sys/arch/amd64/amd64/trap.c:197
#6 usertrap+0x3c6 sys/arch/amd64/amd64/trap.c:603
#7 recall_trap+0x8
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10264 11153K 11216K 166960K 12643 0
pcb 18 14K 30K 166960K 427 0
rtable 193 14K 14K 166960K 516 0
pf 38 18K 131090K 166960K 190 0
ifaddr 38 7K 8K 166960K 124 0
ifgroup 59 2K 2K 166960K 205 0
sysctl 4 1K 9K 166960K 19 0
counters 70 37K 38K 166960K 256 0
ioctlops 0 0K 4K 166960K 1896 0
iov 0 0K 44K 166960K 97 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1431 90K 90K 166960K 2663 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 24 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 1K 166960K 76 0
dirhash 12 2K 2K 166960K 39 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 240K 166960K 1634 0
sigio 0 0K 0K 166960K 39 0
proc 72 115K 180K 166960K 745 0
subproc 72 4K 4K 166960K 81 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 292 0
in_multi 69 4K 7K 166960K 190 0
ether_multi 1 0K 0K 166960K 31 0
mrt 2 0K 0K 166960K 10 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 253 1129K 1129K 166960K 253 0
exec 0 0K 1K 166960K 597 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 38 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 240 167K 182K 166960K 16799 0
UVM aobj 36 3K 3K 166960K 38 0
pinsyscall 43 86K 103K 166960K 2768 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 107 0
NDP 13 0K 2K 166960K 85 0
temp 81 8652K 8907K 166960K 60039 0
kqueue 13 20K 32K 166960K 330 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 220 0 215 3 2 1 3 0 8 0
rtentry 176 149 0 86 5 0 5 5 0 8 0
unpcb 144 1504 0 1486 8 5 3 6 0 8 2
syncache 336 10 0 10 2 2 0 1 0 8 0
tcpqe 32 1 0 1 1 1 0 1 0 8 0
tcpcb 736 539 0 533 13 9 4 7 0 8 3
arp 128 19 0 9 1 0 1 1 0 8 0
inpcb 328 1844 0 1833 14 10 4 7 0 8 2
nd6 144 22 0 11 1 0 1 1 0 8 0
pkpcb 40 43 0 43 3 2 1 1 0 8 1
kcovpl 48 9 0 1 1 0 1 1 0 8 0
ppxss 1192 78 0 78 1 0 1 1 0 8 1
pppxif 1504 7 0 7 3 3 0 1 0 8 0
pfstscr 40 1 0 0 1 0 1 1 0 8 0
pffrag 232 14 0 3 1 0 1 1 0 482 0
pffrnode 88 10 0 1 1 0 1 1 0 8 0
pffrent 40 22 0 9 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfanchor 1288 3 0 0 1 0 1 1 0 8 0
pfstitem 24 111 0 31 1 0 1 1 0 8 0
pfstkey 128 113 0 33 3 0 3 3 0 8 0
pfstate 384 111 0 32 8 0 8 8 0 8 0
pfrule 1344 24 0 19 2 1 1 2 0 8 0
rttmr 136 1 0 1 1 1 0 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 653 0 345 28 3 25 28 0 8 1
art_table 40 655 0 345 5 0 5 5 0 8 0
art_node 32 145 0 94 1 0 1 1 0 8 0
sysvmsgpl 40 55 0 49 1 0 1 1 0 8 0
semapl 112 71 0 61 1 0 1 1 0 8 0
shmpl 112 35 0 2 1 0 1 1 0 8 0
dirhash 1024 36 0 19 3 0 3 3 0 8 0
dino2pl 256 4577 0 3073 95 0 95 95 0 8 0
ffsino 296 4577 0 3073 117 0 117 117 0 8 0
nchpl 144 6858 0 5164 64 0 64 64 0 8 0
rtmask 32 20 0 20 4 3 1 1 0 8 1
uvmvnodes 80 5256 0 0 108 0 108 108 0 8 0
vnodes 216 5256 0 0 292 0 292 292 0 8 0
namei 1024 23811 0 23811 3 1 2 2 0 8 2
percpumem 16 143 0 93 1 0 1 1 0 8 0
kstatmem 264 138 0 106 5 2 3 3 0 8 0
scsiplug 72 8 0 8 3 3 0 1 0 8 0
scxspl 216 39434 0 39434 12 11 1 8 1 8 1
plimitpl 152 429 0 411 1 0 1 1 0 8 0
sigapl 424 1958 0 1902 9 0 9 9 0 8 2
knotepl 120 823 0 0 25 0 25 25 0 8 0
kqueuepl 224 578 0 567 4 3 1 3 0 8 0
pipepl 344 228 0 199 3 0 3 3 0 8 0
fdescpl 528 1911 0 1879 3 0 3 3 0 8 0
filepl 160 12685 0 12453 18 6 12 16 0 8 1
lockfpl 104 714 0 710 3 1 2 2 0 8 1
lockfspl 48 267 0 264 1 0 1 1 0 8 0
sessionpl 144 26 0 17 1 0 1 1 0 8 0
pgrppl 48 80 0 63 1 0 1 1 0 8 0
ucredpl 104 2351 0 2336 1 0 1 1 0 8 0
zombiepl 144 1903 0 1902 1 0 1 1 0 8 0
processpl 1232 1958 0 1902 6 0 6 6 0 8 0
procpl 664 4542 0 4476 9 0 9 9 0 8 2
sosppl 168 12 0 12 3 2 1 1 0 8 1
sockpl 752 3753 0 3719 18 8 10 16 0 8 6
mcl64k 65536 4 0 0 1 0 1 1 0 8 0
mcl16k 16384 3 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 122 0 0 16 0 16 16 0 8 0
mcl2k 2048 48 0 0 6 1 5 5 0 8 0
mtagpl 96 4 0 0 1 0 1 1 0 8 0
mbufpl 256 3206 0 0 201 0 201 201 0 8 0
bufpl 280 16195 0 10052 439 0 439 439 0 8 0
anonpl 32 12911 0 0 105 0 105 105 0 246 0
amapchunkpl 152 56308 0 55824 44 12 32 32 0 158 9
amappl16 200 6850 0 6810 63 44 19 28 0 8 8
amappl15 192 6 0 6 2 2 0 1 0 8 0
amappl14 184 121 0 109 1 0 1 1 0 8 0
amappl13 176 4 0 4 1 1 0 1 0 8 0
amappl12 168 2586 0 2555 4 2 2 3 0 8 0
amappl11 160 50 0 35 1 0 1 1 0 8 0
amappl10 152 9 0 9 1 1 0 1 0 8 0
amappl9 144 254 0 254 1 1 0 1 0 8 0
amappl8 136 38 0 36 1 0 1 1 0 8 0
amappl7 128 115 0 102 1 0 1 1 0 8 0
amappl6 120 193 0 189 1 0 1 1 0 8 0
amappl5 112 147 0 137 1 0 1 1 0 8 0
amappl4 104 313 0 291 1 0 1 1 0 8 0
amappl3 96 9890 0 9793 4 1 3 3 0 8 0
amappl2 88 2167 0 2088 2 0 2 2 0 8 0
amappl1 80 14576 0 13978 15 1 14 15 0 8 0
amappl 88 15803 0 15636 5 0 5 5 0 92 0
dma16384 16384 2 0 2 2 2 0 1 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 257 0 257 3 3 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 37 0 2 1 0 1 1 0 8 0
uaddrrnd 24 1911 0 1879 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1911 0 1879 1 0 1 1 0 8 0
vmmpekpl 168 16159 0 16112 3 0 3 3 0 8 0
vmmpepl 168 124134 0 122082 127 14 113 113 0 357 13
vmsppl 488 1910 0 1879 6 1 5 5 0 8 0
rwobjpl 80 38583 0 32354 133 0 133 133 0 8 0
pdppl 4096 3830 0 3758 104 32 72 86 0 8 0
pvpl 32 22640 0 0 183 0 183 183 0 265 0
pmappl 256 1910 0 1879 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 484 0 52 13 0 13 13 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0x7a939cce6690, count: -1
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:662
comcnputc(800,6b) at comcnputc+0xd0 comcn_read_reg sys/dev/ic/com.c:1655 [inline]
comcnputc(800,6b) at comcnputc+0xd0 sys/dev/ic/com.c:1259
cnputc(6b) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(6b) at db_putchar+0x36d sys/ddb/db_output.c:155
kprintf() at kprintf+0x203 sys/kern/subr_prf.c:723
db_printf(ffffffff833fcff3) at db_printf+0x9b sys/kern/subr_prf.c:-1
db_ktrap(6,0,ffff80003c477090) at db_ktrap+0xe3 db_printtrap sys/arch/amd64/amd64/db_interface.c:99 [inline]
db_ktrap(6,0,ffff80003c477090) at db_ktrap+0xe3 sys/arch/amd64/amd64/db_interface.c:128
kerntrap(ffff80003c477090) at kerntrap+0x23e sys/arch/amd64/amd64/trap.c:480
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
dt_ioctl_record_stop(ffff80000147f000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:586
dtclose(11e5f,81,2000,ffff80003c4b2808) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(11e5f,81,2000,ffff80003c4b2808) at dtclose+0x109 sys/dev/dt/dt_dev.c:232
end trace frame: 0xffff80003c477230, count: 0
ddb{1}> trace
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:662
comcnputc(800,6b) at comcnputc+0xd0 comcn_read_reg sys/dev/ic/com.c:1655 [inline]
comcnputc(800,6b) at comcnputc+0xd0 sys/dev/ic/com.c:1259
cnputc(6b) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(6b) at db_putchar+0x36d sys/ddb/db_output.c:155
kprintf() at kprintf+0x203 sys/kern/subr_prf.c:723
db_printf(ffffffff833fcff3) at db_printf+0x9b sys/kern/subr_prf.c:-1
db_ktrap(6,0,ffff80003c477090) at db_ktrap+0xe3 db_printtrap sys/arch/amd64/amd64/db_interface.c:99 [inline]
db_ktrap(6,0,ffff80003c477090) at db_ktrap+0xe3 sys/arch/amd64/amd64/db_interface.c:128
kerntrap(ffff80003c477090) at kerntrap+0x23e sys/arch/amd64/amd64/trap.c:480
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
dt_ioctl_record_stop(ffff80000147f000) at dt_ioctl_record_stop+0x108 sys/dev/dt/dt_dev.c:586
dtclose(11e5f,81,2000,ffff80003c4b2808) at dtclose+0x109 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(11e5f,81,2000,ffff80003c4b2808) at dtclose+0x109 sys/dev/dt/dt_dev.c:232
spec_close(ffff80003c477240) at spec_close+0x466 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd805d74a2b0,81,fffffd80097fb5b0,ffff80003c4b2808) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156
vn_closefile(fffffd8069339ae8,ffff80003c4b2808) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd8069339ae8,ffff80003c4b2808) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd8069339ae8,ffff80003c4b2808) at fdrop+0x121 sys/kern/kern_descrip.c:1280
closef(fffffd8069339ae8,ffff80003c4b2808) at closef+0x192 sys/kern/kern_descrip.c:1264
fdfree(ffff80003c4b2808) at fdfree+0x116 sys/kern/kern_descrip.c:1195
exit1(ffff80003c4b2808,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff80003c4b2808,ffff80003c4775b0,ffff80003c477500) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80003c4775b0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c4775b0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:746
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7143a770d240, count: -24