##uvm_fault(0xfffffd806924b018, 0x648, 0, 2) -> e
kernel: page fault trap, code=0
Stopped at x86_send_ipi+0x24: lock orl %r15d,0x648(%r14)
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
kernel page fault
uvm_fault(0xfffffd806924b018, 0x648, 0, 2) -> e
x86_send_ipi(0,2) at x86_send_ipi+0x24 x86_atomic_setbits_u32 machine/atomic.h:292 [inline]
x86_send_ipi(0,2) at x86_send_ipi+0x24 sys/arch/amd64/amd64/ipi.c:48
end trace frame: 0xffff800023181a70, count: 0
ddb{0}> trace
x86_send_ipi(0,2) at x86_send_ipi+0x24 x86_atomic_setbits_u32 machine/atomic.h:292 [inline]
x86_send_ipi(0,2) at x86_send_ipi+0x24 sys/arch/amd64/amd64/ipi.c:48
vm_intr_pending(ffff800023181c40) at vm_intr_pending+0x225 sys/arch/amd64/amd64/vmm.c:688
VOP_IOCTL(fffffd806e305d00,800c5606,ffff800023181c40,1,fffffd807f7bf8a0,ffff800020ed8768) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290
vn_ioctl(fffffd80737f47b8,800c5606,ffff800023181c40,ffff800020ed8768) at vn_ioctl+0xba sys/kern/vfs_vnops.c:531
sys_ioctl(ffff800020ed8768,ffff800023181d58,ffff800023181da0) at sys_ioctl+0x4a5
syscall(ffff800023181e20) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800023181e20) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf63c5a6a190, count: -7
ddb{0}> show registers
rdi 0xffffffff81235804 x86_send_ipi+0x24
rsi 0x126
rbp 0xffff800023181a10
rbx 0x1
rdx 0x127
rcx 0xffff80002318a000
rax 0xffff80002318a000
r8 0xffffffff8161c697 witness_assert+0x207
r9 0x5
r10 0x866eb5dda57926bd
r11 0x1cfa4a4cb95019e5
r12 0
r13 0xffff800020eceba8
r14 0
r15 0x2
rip 0xffffffff81235804 x86_send_ipi+0x24
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff8000231819e0
ss 0x10
x86_send_ipi+0x24: lock orl %r15d,0x648(%r14)
ddb{0}> show proc
PROC (syz-executor.1) pid=171265 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=78, nice=20
forw=0xffffffffffffffff, list=0xffff800020ed9ae8,0xffff800020ed9d68
process=0xffff800020eceba8 user=0xffff80002317c000, vmspace=0xfffffd806924b018
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
38745 213591 12815 0 7 0 syz-executor.0
38745 207275 12815 0 2 0x4000000 syz-executor.0
35416 434186 22965 0 2 0 syz-executor.1
*35416 171265 22965 0 7 0x4000000 syz-executor.1
22965 358910 92887 0 3 0x82 nanosleep syz-executor.1
63447 39318 0 0 3 0x14200 acct acct
38352 405009 0 0 3 0x14200 bored sosplice
12815 457907 92887 0 3 0x82 nanosleep syz-executor.0
92887 50096 41928 0 3 0x82 thrsleep syz-fuzzer
92887 291240 41928 0 3 0x4000082 thrsleep syz-fuzzer
92887 85019 41928 0 3 0x4000082 thrsleep syz-fuzzer
92887 349372 41928 0 3 0x4000082 thrsleep syz-fuzzer
92887 354762 41928 0 3 0x4000082 thrsleep syz-fuzzer
92887 307542 41928 0 3 0x4000082 thrsleep syz-fuzzer
92887 203406 41928 0 3 0x4000082 kqread syz-fuzzer
92887 415161 41928 0 3 0x4000082 thrsleep syz-fuzzer
92887 58611 41928 0 3 0x4000082 thrsleep syz-fuzzer
92887 138959 41928 0 3 0x4000082 thrsleep syz-fuzzer
41928 441681 22991 0 3 0x10008a pause ksh
22991 89007 81048 0 3 0x92 select sshd
12275 57817 1 0 3 0x100083 ttyin getty
81048 174475 1 0 3 0x80 select sshd
97673 194065 15575 74 3 0x100092 bpf pflogd
15575 47394 1 0 3 0x80 netio pflogd
5359 240394 32030 73 3 0x100090 kqread syslogd
32030 317510 1 0 3 0x100082 netio syslogd
26368 488317 1 77 3 0x100090 poll dhclient
15966 144340 1 0 3 0x80 poll dhclient
83009 75618 0 0 3 0x14200 bored smr
33164 56034 0 0 2 0x14200 zerothread
88542 375850 0 0 3 0x14200 aiodoned aiodoned
18782 340367 0 0 3 0x14200 syncer update
70056 369309 0 0 3 0x14200 cleaner cleaner
99010 387938 0 0 3 0x14200 reaper reaper
9756 235917 0 0 3 0x14200 pgdaemon pagedaemon
34524 245214 0 0 3 0x14200 bored crynlk
40947 281849 0 0 3 0x14200 bored crypto
26392 38830 0 0 3 0x40014200 acpi0 acpi0
28768 221739 0 0 3 0x40014200 idle1
86429 222706 0 0 3 0x14200 bored softnet
61667 505743 0 0 3 0x14200 bored systqmp
71533 51136 0 0 3 0x14200 bored systq
14349 496881 0 0 3 0x40014200 bored softclock
29774 235762 0 0 3 0x40014200 idle0
1 2646 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 35416 (syz-executor.1) thread 0xffff800020ed8768 (171265)
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82688088)
#0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164
#1 vn_ioctl+0x40 sys/kern/vfs_vnops.c:514
#2 sys_ioctl+0x4a5
#3 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#3 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
#4 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9568 6694K 7143K 78643K 12781 0
pcb 13 8K 8K 78643K 140 0
rtable 114 4K 4K 78643K 532 0
ifaddr 97 18K 18K 78643K 211 0
counters 43 33K 34K 78643K 77 0
ioctlops 0 0K 4K 78643K 1802 0
iov 0 0K 24K 78643K 771 0
mount 1 1K 1K 78643K 1 0
vnodes 1217 77K 77K 78643K 2558 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 21 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 191 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1824 197K 290K 78643K 13058 0
file desc 6 17K 25K 78643K 2852 0
sigio 0 0K 0K 78643K 20 0
proc 62 63K 95K 78643K 581 0
subproc 32 2K 2K 78643K 51 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 52 0
in_multi 78 3K 4K 78643K 167 0
ether_multi 1 0K 0K 78643K 19 0
mrt 0 0K 0K 78643K 5 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 61 281K 281K 78643K 61 0
exec 0 0K 1K 78643K 292 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 153 105K 106K 78643K 9501 0
UVM aobj 47 4K 4K 78643K 59 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 98 0
NDP 16 0K 0K 78643K 45 0
temp 148 3051K 3364K 78643K 19137 0
kqueue 3 4K 18K 78643K 410 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 11 0 3 1 0 1 1 0 8 0
plcache 128 20 0 0 1 0 1 1 0 8 0
rtpcb 80 821 0 819 1 0 1 1 0 8 0
rtentry 112 91 0 44 2 0 2 2 0 8 0
unpcb 120 1463 0 1452 1 0 1 1 0 8 0
syncache 264 13 0 13 5 5 0 1 0 8 0
sackhl 24 1 0 1 1 1 0 1 0 8 0
tcpqe 32 490 0 490 3 3 0 1 0 8 0
tcpcb 544 291 0 287 1 0 1 1 0 8 0
inpcb 280 4899 0 4892 6 4 2 2 0 8 1
rttmr 72 2 0 2 1 1 0 1 0 8 0
ip6q 72 82 0 82 1 1 0 1 0 8 0
ip6af 40 246 0 246 1 1 0 1 0 8 0
nd6 48 16 0 11 1 0 1 1 0 8 0
pkpcb 40 6 0 6 2 2 0 1 0 8 0
ppxss 1128 2 0 2 2 2 0 1 0 8 0
pffrag 232 6 0 6 4 3 1 1 0 482 1
pffrnode 88 6 0 6 4 3 1 1 0 8 1
pffrent 40 98 0 98 4 3 1 1 0 8 1
pfosfp 40 846 0 423 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 85 0 63 1 0 1 1 0 8 0
pfstkey 112 85 0 63 2 0 2 2 0 8 0
pfstate 328 85 0 63 3 0 3 3 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 419 0 206 17 3 14 14 0 8 0
art_table 32 421 0 206 2 0 2 2 0 8 0
art_node 16 90 0 46 1 0 1 1 0 8 0
sysvmsgpl 40 55 0 43 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 189 0 179 1 0 1 1 0 8 0
shmpl 112 57 0 12 2 0 2 2 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 5756 0 4355 89 0 89 89 0 8 0
ffsino 272 5756 0 4355 95 1 94 95 0 8 0
nchpl 144 10477 0 8880 60 0 60 60 0 8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0
vnodes 208 5926 0 0 312 0 312 312 0 8 0
namei 1024 27928 0 27928 3 2 1 1 0 8 1
percpumem 16 49 0 17 1 0 1 1 0 8 0
vcpupl 1984 11 0 1 3 1 2 2 0 8 0
vmpool 560 15 0 5 1 0 1 1 0 8 0
scxspl 192 24114 0 24114 9 8 1 7 0 8 1
plimitpl 152 65 0 57 1 0 1 1 0 8 0
sigapl 424 3066 0 3032 4 0 4 4 0 8 0
futexpl 56 35664 0 35664 3 2 1 1 0 8 1
knotepl 112 758 0 739 2 1 1 2 0 8 0
kqueuepl 144 1271 0 1268 1 0 1 1 0 8 0
pipelkpl 48 684 0 674 1 0 1 1 0 8 0
pipepl 120 1368 0 1349 1 0 1 1 0 8 0
fdescpl 496 3049 0 3032 3 0 3 3 0 8 0
filepl 152 21240 0 21138 5 0 5 5 0 8 1
lockfpl 104 270 0 269 1 0 1 1 0 8 0
lockfspl 48 107 0 106 1 0 1 1 0 8 0
sessionpl 112 19 0 8 1 0 1 1 0 8 0
pgrppl 48 32 0 21 1 0 1 1 0 8 0
ucredpl 96 1412 0 1403 1 0 1 1 0 8 0
zombiepl 144 3032 0 3032 1 0 1 1 0 8 1
processpl 984 3066 0 3032 5 0 5 5 0 8 0
procpl 624 8607 0 8562 5 1 4 5 0 8 0
srpgc 64 2 0 2 1 1 0 1 0 8 0
sosppl 128 11 0 11 4 4 0 1 0 8 0
sockpl 400 7220 0 7200 13 8 5 5 0 8 2
mcl64k 65536 19 0 0 3 0 3 3 0 8 0
mcl16k 16384 3 0 0 1 0 1 1 0 8 0
mcl12k 12288 17 0 0 2 0 2 2 0 8 0
mcl9k 9216 11 0 0 1 0 1 1 0 8 0
mcl8k 8192 5 0 0 1 0 1 1 0 8 0
mcl4k 4096 12 0 0 2 0 2 2 0 8 0
mcl2k2 2112 4 0 0 1 0 1 1 0 8 0
mcl2k 2048 173 0 0 21 0 21 21 0 8 0
mtagpl 80 176 0 0 4 0 4 4 0 8 0
mbufpl 256 754 0 0 44 0 44 44 0 8 0
bufpl 280 6533 0 289 447 0 447 447 0 8 0
anonpl 16 249718 0 235878 102 29 73 75 0 124 11
amapchunkpl 152 15077 0 14931 10 2 8 10 0 158 0
amappl16 192 13164 0 12369 74 26 48 53 0 8 8
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 1368 0 1362 1 0 1 1 0 8 0
amappl13 168 1374 0 1371 1 0 1 1 0 8 0
amappl12 160 191 0 186 2 1 1 1 0 8 0
amappl11 152 1344 0 1328 1 0 1 1 0 8 0
amappl10 144 18 0 14 1 0 1 1 0 8 0
amappl9 136 392 0 388 1 0 1 1 0 8 0
amappl8 128 422 0 374 2 0 2 2 0 8 0
amappl7 120 124 0 111 1 0 1 1 0 8 0
amappl6 112 29 0 24 1 0 1 1 0 8 0
amappl5 104 1786 0 1769 1 0 1 1 0 8 0
amappl4 96 1857 0 1823 1 0 1 1 0 8 0
amappl3 88 1510 0 1503 1 0 1 1 0 8 0
amappl2 80 23325 0 23247 2 0 2 2 0 8 0
amappl1 72 70997 0 70544 23 13 10 18 0 8 0
amappl 80 8893 0 8839 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 58 0 12 1 0 1 1 0 8 0
uaddrrnd 24 3064 0 3037 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 3064 0 3037 1 0 1 1 0 8 0
vmmpekpl 168 24173 0 24137 2 0 2 2 0 8 0
vmmpepl 168 364025 0 361933 158 45 113 118 0 357 21
vmsppl 368 3063 0 3037 4 1 3 3 0 8 0
pdppl 4096 6136 0 6084 7 0 7 7 0 8 0
pvpl 32 829245 0 812274 245 69 176 179 0 265 31
pmappl 232 3063 0 3037 3 1 2 2 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 315 0 19 9 0 9 9 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
x86_send_ipi(0,2) at x86_send_ipi+0x24 x86_atomic_setbits_u32 machine/atomic.h:292 [inline]
x86_send_ipi(0,2) at x86_send_ipi+0x24 sys/arch/amd64/amd64/ipi.c:48
vm_intr_pending(ffff800023181c40) at vm_intr_pending+0x225 sys/arch/amd64/amd64/vmm.c:688
VOP_IOCTL(fffffd806e305d00,800c5606,ffff800023181c40,1,fffffd807f7bf8a0,ffff800020ed8768) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290
vn_ioctl(fffffd80737f47b8,800c5606,ffff800023181c40,ffff800020ed8768) at vn_ioctl+0xba sys/kern/vfs_vnops.c:531
sys_ioctl(ffff800020ed8768,ffff800023181d58,ffff800023181da0) at sys_ioctl+0x4a5
syscall(ffff800023181e20) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800023181e20) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf63c5a6a190, count: -7
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800020e00ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352
x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
nanotime(ffff800023fb7b38) at nanotime+0x143 sys/kern/kern_tc.c:236
clock_gettime(ffff800020ed9ae8,0,ffff800023fb7b38) at clock_gettime+0xa0 sys/kern/kern_time.c:117
sys_clock_gettime(ffff800020ed9ae8,ffff800023fb7ba0,ffff800023fb7bf0) at sys_clock_gettime+0x4c sys/kern/kern_time.c:168
syscall(ffff800023fb7c70) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800023fb7c70) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcf6c0, count: -8