*cpu1: uvm_fault(0xfffffd807ae70998, 0x0, 0, 1) -> e
ddb{0}> trace
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0xad49069a080, count: -1
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80002a33ab20
rbx 0
rdx 0xffff800001589f40
rcx 0xffff8000ffff19c8
rax 0x2a
r8 0xffff80002a33aa50
r9 0
r10 0xbe443a2826c5f0be
r11 0xce2d0fe62991c937
r12 0
r13 0
r14 0
r15 0
rip 0xffffffff812ca4c7 proc_trampoline+0xc7
cs 0x8
rflags 0x246
rsp 0xffff80002a33aaa0
ss 0
proc_trampoline+0xc7: movl $0,%gs:0x680
ddb{0}> show proc
PROC (syz-executor) tid=15903 pid=45357 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=50, usrpri=86, slppri=17, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000ffff0cf8,0xffffffff838c7cf8
process=0xffff80003740e560 user=0xffff80002a335000, vmspace=0xfffffd807ae70038
estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
45357 464424 25561 0 2 0 syz-executor
*45357 15903 25561 0 7 0x4000000 syz-executor
15578 256606 50744 0 3 0x80 nanoslp syz-executor
15578 74095 50744 0 2 0x4000000 syz-executor
15578 122312 50744 0 3 0x4000080 fsleep syz-executor
15578 253931 50744 0 3 0x4000080 fsleep syz-executor
29808 226483 48776 0 3 0x80 nanoslp syz-executor
29808 344690 48776 0 3 0x4000080 ttyout syz-executor
29808 170465 48776 0 3 0x4000080 fsleep syz-executor
29808 109260 48776 0 3 0x4000080 ttyout syz-executor
29808 149216 48776 0 3 0x4000080 fsleep syz-executor
63281 3764 90095 0 3 0x80 nanoslp syz-executor
63281 23698 90095 0 3 0x4000080 fifor syz-executor
63281 108794 90095 0 3 0x4000080 fsleep syz-executor
45487 34616 99157 60928 2 0x10 syz-executor
45487 198688 99157 60928 3 0x4000090 fifor syz-executor
45487 89905 99157 60928 3 0x4000090 fsleep syz-executor
5130 309663 49556 0 3 0x80 nanoslp syz-executor
5130 302002 49556 0 3 0x4000080 sbwait syz-executor
5130 111449 49556 0 3 0x4000080 fsleep syz-executor
26332 72322 20459 0 3 0x80 nanoslp syz-executor
26332 62956 20459 0 3 0x4000080 kqsel syz-executor
26332 200398 20459 0 3 0x4000080 fsleep syz-executor
26332 316148 20459 0 3 0x4000080 fsleep syz-executor
87394 426055 1 0 3 0x100083 ttyin getty
49556 456116 83784 0 3 0x82 nanoslp syz-executor
20459 397683 83784 0 3 0x82 nanoslp syz-executor
81901 150383 0 0 3 0x14200 acct acct
90095 302040 83784 0 3 0x82 nanoslp syz-executor
69367 523244 0 0 3 0x14280 nfsidl nfsio
89075 498098 0 0 3 0x14280 nfsidl nfsio
86140 309235 0 0 3 0x14280 nfsidl nfsio
24764 40727 0 0 3 0x14280 nfsidl nfsio
51792 291242 0 0 3 0x14280 nfsidl nfsio
19700 150370 0 0 3 0x14280 nfsidl nfsio
94448 261830 0 0 3 0x14280 nfsidl nfsio
87918 158335 0 0 3 0x14280 nfsidl nfsio
85261 446046 0 0 3 0x14280 nfsidl nfsio
5476 422441 0 0 3 0x14280 nfsidl nfsio
4033 308317 0 0 3 0x14280 nfsidl nfsio
48264 262055 0 0 3 0x14280 nfsidl nfsio
52244 47626 0 0 3 0x14280 nfsidl nfsio
1889 423908 0 0 3 0x14280 nfsidl nfsio
58628 467390 0 0 3 0x14280 nfsidl nfsio
41036 160126 0 0 3 0x14280 nfsidl nfsio
81175 411289 0 0 3 0x14280 nfsidl nfsio
38487 404438 0 0 3 0x14280 nfsidl nfsio
78465 398759 0 0 3 0x14280 nfsidl nfsio
31322 176001 0 0 3 0x14280 nfsidl nfsio
50744 210487 83784 0 3 0x82 nanoslp syz-executor
99157 510823 83784 0 2 0x2 syz-executor
25561 187655 83784 0 3 0x82 nanoslp syz-executor
93106 160216 83784 0 3 0x82 nanoslp syz-executor
48776 491079 83784 0 3 0x82 nanoslp syz-executor
72463 79283 0 0 3 0x14200 bored sosplice
83784 417514 65614 0 3 0x82 kqread syz-executor
65614 101472 86508 0 3 0x10008a sigsusp ksh
86508 497159 84108 0 3 0x98 kqread sshd-session
84108 187068 27658 0 3 0x92 kqread sshd-session
27658 255732 1 0 3 0x88 kqread sshd
44828 250421 78814 74 3 0x1100092 bpf pflogd
78814 386797 1 0 3 0x80 sbwait pflogd
43948 243563 72933 73 3 0x1100090 kqread syslogd
72933 74965 1 0 3 0x100082 sbwait syslogd
60318 265509 1 0 3 0x100080 kqread resolvd
42390 470417 58069 77 3 0x100092 kqread dhcpleased
51695 215120 58069 77 3 0x100092 kqread dhcpleased
58069 171308 1 0 3 0x80 kqread dhcpleased
16972 223532 0 0 3 0x14200 bored smr
51404 509876 0 0 3 0x14200 pgzero zerothread
51501 93864 0 0 3 0x14200 aiodoned aiodoned
56573 396179 0 0 3 0x14200 syncer update
52474 87599 0 0 3 0x14200 cleaner cleaner
94954 144349 0 0 3 0x14200 reaper reaper
3847 168756 0 0 3 0x14200 pgdaemon pagedaemon
83382 152665 0 0 3 0x14200 bored viomb
59967 190241 0 0 3 0x40014200 acpi0 acpi0
2805 286840 0 0 3 0x40014200 idle1
43471 234952 0 0 3 0x14200 bored softnet3
61666 299528 0 0 3 0x14200 bored softnet2
44041 521781 0 0 3 0x14200 bored softnet1
10777 202061 0 0 3 0x14200 bored softnet0
21099 238512 0 0 3 0x14200 bored systqmp
92434 78386 0 0 3 0x14200 bored systq
46307 289526 0 0 3 0x14200 tmoslp softclockmp
65642 450776 0 0 3 0x40014200 tmoslp softclock
31927 162414 0 0 3 0x40014200 idle0
1 380364 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd806bd34210)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1160
#1 mtx_enter_try+0x178 sys/kern/kern_lock.c:-1
#2 mtx_enter+0x60 sys/kern/kern_lock.c:239
#3 pmap_extract+0xac sys/arch/amd64/amd64/pmap.c:1572
#4 uvm_fault_upper_lookup+0x1fb sys/uvm/uvm_fault.c:956
#5 uvm_fault+0x159 sys/uvm/uvm_fault.c:671
#6 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188
#7 usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436
#8 recall_trap+0x8
Process 45357 (syz-executor) thread 0xffff8000ffff19c8 (15903)
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10257 11229K 11885K 166960K 19903 0
pcb 18 16K 18K 166960K 1203 0
rtable 252 14K 14K 166960K 1788 0
pf 38 18K 20K 166960K 337 0
ifaddr 43 9K 9K 166960K 267 0
ifgroup 59 2K 2K 166960K 432 0
sysctl 4 1K 3K 166960K 15 0
counters 66 36K 37K 166960K 460 0
ioctlops 0 0K 4K 166960K 2365 0
iov 0 0K 16K 166960K 674 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1490 94K 94K 166960K 6236 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 3 20K 28K 166960K 110 0
VM map 2 1K 1K 166960K 2 0
sem 21 49K 69K 166960K 52 0
dirhash 12 2K 2K 166960K 96 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 106K 166960K 5460 0
sigio 0 0K 0K 166960K 153 0
proc 72 91K 127K 166960K 1695 0
subproc 72 4K 4K 166960K 261 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 949 0
in_multi 79 5K 7K 166960K 469 0
ether_multi 1 0K 0K 166960K 39 0
mrt 1 0K 0K 166960K 40 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 241 1076K 1076K 166960K 241 0
exec 0 0K 1K 166960K 1448 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 7 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 275 163K 180K 166960K 49935 0
UVM aobj 21 2K 2K 166960K 21 0
pinsyscall 43 86K 104K 166960K 7152 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 2 0K 0K 166960K 302 0
NDP 13 0K 2K 166960K 207 0
temp 83 8692K 8820K 166960K 232554 0
kqueue 15 24K 33K 166960K 975 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 618 0 613 7 5 2 3 0 8 1
rtentry 176 619 0 517 6 1 5 6 0 8 0
unpcb 144 3978 0 3948 24 20 4 6 0 8 2
syncache 336 11 0 11 4 4 0 1 0 8 0
tcpqe 32 1 0 1 1 1 0 1 0 8 0
tcpcb 808 1981 0 1974 40 36 4 8 0 8 3
arp 128 140 0 121 1 0 1 1 0 8 0
ipq 40 1 0 1 1 1 0 1 0 8 0
ipqe 40 2 0 2 1 1 0 1 0 8 0
inpcb 384 6268 0 6253 61 53 8 18 0 8 6
nd6 144 97 0 77 2 1 1 2 0 8 0
pkpcb 40 48 0 48 9 8 1 1 0 8 1
kcovpl 48 29 0 21 1 0 1 1 0 8 0
mppekey 1024 1 0 1 1 1 0 1 0 8 0
ppxss 1192 155 0 155 6 5 1 1 0 8 1
pppxif 1504 4 0 4 3 3 0 1 0 8 0
pffrag 232 26 0 16 1 0 1 1 0 482 0
pffrnode 88 24 0 14 1 0 1 1 0 8 0
pffrent 40 68 0 58 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 288 0 198 1 0 1 1 0 8 0
pfstkey 128 289 0 199 4 0 4 4 0 8 0
pfstate 384 287 0 199 11 2 9 11 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
rttmr 136 8 0 8 7 7 0 1 0 8 0
art_heap8 4096 5 0 0 5 0 5 5 0 8 0
art_heap4 256 1719 0 1322 42 17 25 32 0 8 0
art_table 32 1724 0 1322 6 2 4 5 0 8 0
art_node 16 601 0 511 1 0 1 1 0 8 0
sysvmsgpl 40 11 0 4 1 0 1 1 0 8 0
semupl 112 3 0 3 2 2 0 1 0 8 0
semapl 112 43 0 24 1 0 1 1 0 8 0
shmpl 112 18 0 0 1 0 1 1 0 8 0
dirhash 1024 74 0 57 3 0 3 3 0 8 0
dino2pl 256 11226 0 9667 98 0 98 98 0 8 0
ffsino 288 11226 0 9667 113 1 112 112 0 8 0
nchpl 144 18807 0 18211 65 39 26 65 0 8 0
rtmask 32 33 0 33 7 6 1 1 0 8 1
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 67188 0 67188 4 3 1 2 0 8 1
percpumem 16 245 0 197 1 0 1 1 0 8 0
kstatmem 264 298 0 272 4 1 3 3 0 8 0
scsiplug 72 20 0 20 7 6 1 1 0 8 1
scxspl 216 57628 0 57628 22 20 2 8 1 8 2
plimitpl 152 983 0 966 1 0 1 1 0 8 0
sigapl 424 5787 0 5715 15 5 10 11 0 8 0
futexpl 64 79143 0 79134 1 0 1 1 0 8 0
knotepl 120 870 0 0 24 0 24 24 0 8 0
kqueuepl 224 1997 0 1985 17 15 2 5 0 8 1
pipepl 336 868 0 839 23 17 6 11 0 8 3
fdescpl 520 5698 0 5666 3 0 3 3 0 8 0
filepl 160 40005 0 39760 50 34 16 20 0 8 1
lockfpl 104 1811 0 1808 3 1 2 2 0 8 1
lockfspl 48 618 0 615 1 0 1 1 0 8 0
sessionpl 144 56 0 47 1 0 1 1 0 8 0
pgrppl 48 196 0 179 1 0 1 1 0 8 0
ucredpl 104 6243 0 6227 1 0 1 1 0 8 0
zombiepl 144 5981 0 5980 3 2 1 1 0 8 0
processpl 1192 5787 0 5715 9 2 7 8 0 8 0
procpl 656 14188 0 14099 11 2 9 9 0 8 0
srpgc 96 46 0 46 6 6 0 1 0 8 0
sosppl 168 37 0 37 9 8 1 1 0 8 1
sockpl 728 10982 0 10931 91 81 10 22 0 8 4
mcl64k 65536 6 0 0 1 0 1 1 0 8 0
mcl16k 16384 5 0 0 1 0 1 1 0 8 0
mcl12k 12288 2 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 5 0 0 1 0 1 1 0 8 0
mcl4k 4096 115 0 0 14 1 13 14 0 8 0
mcl2k2 2112 2 0 0 1 0 1 1 0 8 0
mcl2k 2048 59 0 0 5 0 5 5 0 8 0
mtagpl 96 220 0 0 5 0 5 5 0 8 0
mbufpl 256 1469 0 0 84 0 84 84 0 8 0
bufpl 280 16232 0 10089 440 0 440 440 0 8 0
anonpl 32 17369 0 0 140 0 140 140 0 246 0
amapchunkpl 152 168367 0 167460 83 47 36 37 0 158 0
amappl16 200 11410 0 10905 93 55 38 40 0 8 0
amappl15 192 9 0 9 2 2 0 1 0 8 0
amappl14 184 196 0 184 1 0 1 1 0 8 0
amappl13 176 6 0 6 1 1 0 1 0 8 0
amappl12 168 6704 0 6672 3 1 2 2 0 8 0
amappl11 160 102 0 87 1 0 1 1 0 8 0
amappl10 152 5 0 5 1 1 0 1 0 8 0
amappl9 144 241 0 240 2 1 1 1 0 8 0
amappl8 136 23 0 20 1 0 1 1 0 8 0
amappl7 128 168 0 155 1 0 1 1 0 8 0
amappl6 120 403 0 398 1 0 1 1 0 8 0
amappl5 112 215 0 204 1 0 1 1 0 8 0
amappl4 104 441 0 419 1 0 1 1 0 8 0
amappl3 96 35976 0 35844 5 1 4 4 0 8 0
amappl2 88 1036 0 968 2 0 2 2 0 8 0
amappl1 80 34036 0 33427 17 2 15 15 0 8 0
amappl 88 47819 0 47615 5 0 5 5 0 92 0
dma65536 65536 4 0 4 3 3 0 1 0 8 0
dma16384 16384 1 0 1 1 1 0 1 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 3 0 2 1 0 1 1 0 8 0
dma256 256 14 0 14 6 6 0 1 0 8 0
dma128 128 257 0 257 4 4 0 1 0 8 0
dma64 64 8 0 8 2 2 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 19 0 18 1 0 1 1 0 8 0
aobjpl 72 20 0 0 1 0 1 1 0 8 0
uaddrrnd 24 5698 0 5666 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 5698 0 5666 1 0 1 1 0 8 0
vmmpekpl 168 40495 0 40418 4 0 4 4 0 8 0
vmmpepl 168 352069 0 349434 159 32 127 133 0 357 1
vmsppl 480 5697 0 5666 8 3 5 5 0 8 0
rwobjpl 72 85677 0 78262 142 3 139 139 0 8 0
pdppl 4096 11404 0 11332 164 92 72 86 0 8 0
pvpl 32 24980 0 0 200 0 200 200 0 265 0
pmappl 256 5697 0 5666 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 618 0 183 13 0 13 13 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
proc_trampoline() at proc_trampoline+0xc7
end of kernel
end trace frame: 0xad49069a080, count: -1
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_const_cmp1(800,66) at __sanitizer_cov_trace_const_cmp1+0xb sys/dev/kcov.c:217
cnputc(66) at cnputc+0x61 sys/dev/cons.c:218
kputchar(66,5,0) at kputchar+0x2cc sys/kern/subr_prf.c:367
kprintf() at kprintf+0x843 sys/kern/subr_prf.c:-1
printf(ffffffff834381ba) at printf+0x8b sys/kern/subr_prf.c:529
trap_print(ffff80002a3469b0,6) at trap_print+0x64 sys/arch/amd64/amd64/trap.c:457
kerntrap(ffff80002a3469b0) at kerntrap+0x276 sys/arch/amd64/amd64/trap.c:328
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
dt_ioctl_record_stop(ffff800001405000) at dt_ioctl_record_stop+0xf0 sys/dev/dt/dt_dev.c:579
dtclose(11e5f,81,2000,ffff8000ffff0548) at dtclose+0x105 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(11e5f,81,2000,ffff8000ffff0548) at dtclose+0x105 sys/dev/dt/dt_dev.c:232
spec_close(ffff80002a346b60) at spec_close+0x45f sys/kern/spec_vnops.c:-1
end trace frame: 0xffff80002a346bd0, count: 0
ddb{1}> trace
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_const_cmp1(800,66) at __sanitizer_cov_trace_const_cmp1+0xb sys/dev/kcov.c:217
cnputc(66) at cnputc+0x61 sys/dev/cons.c:218
kputchar(66,5,0) at kputchar+0x2cc sys/kern/subr_prf.c:367
kprintf() at kprintf+0x843 sys/kern/subr_prf.c:-1
printf(ffffffff834381ba) at printf+0x8b sys/kern/subr_prf.c:529
trap_print(ffff80002a3469b0,6) at trap_print+0x64 sys/arch/amd64/amd64/trap.c:457
kerntrap(ffff80002a3469b0) at kerntrap+0x276 sys/arch/amd64/amd64/trap.c:328
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
dt_ioctl_record_stop(ffff800001405000) at dt_ioctl_record_stop+0xf0 sys/dev/dt/dt_dev.c:579
dtclose(11e5f,81,2000,ffff8000ffff0548) at dtclose+0x105 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(11e5f,81,2000,ffff8000ffff0548) at dtclose+0x105 sys/dev/dt/dt_dev.c:232
spec_close(ffff80002a346b60) at spec_close+0x45f sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd805d4f5560,81,fffffd807f7d35b0,ffff8000ffff0548) at VOP_CLOSE+0x133 sys/kern/vfs_vops.c:156
vn_closefile(fffffd806befeb70,ffff8000ffff0548) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd806befeb70,ffff8000ffff0548) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd806befeb70,ffff8000ffff0548) at fdrop+0x126 sys/kern/kern_descrip.c:1265
closef(fffffd806befeb70,ffff8000ffff0548) at closef+0x192 sys/kern/kern_descrip.c:1249
fdfree(ffff8000ffff0548) at fdfree+0x116 sys/kern/kern_descrip.c:1181
exit1(ffff8000ffff0548,0,0,1) at exit1+0x58f sys/kern/kern_exit.c:214
sys_exit(ffff8000ffff0548,ffff80002a346ed0,ffff80002a346e20) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a346ed0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a346ed0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7d1a13520d20, count: -23