uvm_fault(0xfffffd807f0048c0, 0x8, 0, 2) -> e kernel: page fault trap, code=2 Stopped at softclock+0xd7: movq %rcx,0x8(%rax) TID PID UID PRFLAGS PFLAGS CPU COMMAND * 13085 40601 0 0x2000002 0x4000000 0K syz-fuzzer softclock(0) at softclock+0xd7 sys/kern/kern_timeout.c:751 softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x27 end of kernel end trace frame: 0x24d360670, count: 12 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xfffffd807f0048c0, 0x8, 0, 2) -> e ddb{0}> trace softclock(0) at softclock+0xd7 sys/kern/kern_timeout.c:751 softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x27 end of kernel end trace frame: 0x24d360670, count: -3 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002a1f2650 rbx 0xffffffff82eace90 timeout_todo rdx 0 rcx 0xffffffff82eace90 timeout_todo rax 0 r8 0xbb r9 0xbb r10 0x2f0fbadcecf4d0b8 r11 0x70d77ad4d6e05b4d r12 0xffffffff r13 0xffffffff82df2bf0 rdrand_tmo r14 0 r15 0xfffffd8066741f00 rip 0xffffffff824ff997 softclock+0xd7 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002a1f2610 ss 0 softclock+0xd7: movq %rcx,0x8(%rax) ddb{0}> show proc PROC (syz-fuzzer) tid=13085 pid=40601 tcnt=16 stat=onproc flags process=2000002 proc=4000000 runpri=66, usrpri=67, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a146548,0xffff80002a189818 process=0xffff8000ffff9aa8 user=0xffff80002a1ed000, vmspace=0xfffffd807f0048c0 estcpu=17, cpticks=9, pctcpu=0.95, user=1, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 58953 459547 94352 0 2 0 syz-executor.3 4506 308058 34363 0 2 0 syz-executor.1 4506 101118 34363 0 2 0x4000000 syz-executor.1 4506 477015 34363 0 3 0x4000080 fsleep syz-executor.1 23641 426218 38668 60928 2 0x10 syz-executor.4 23641 367476 38668 60928 3 0x4000090 fsleep syz-executor.4 41102 31773 91982 0 3 0x80 nanoslp syz-executor.2 41102 306472 91982 0 3 0x4000080 ttyout syz-executor.2 41102 183382 91982 0 3 0x4000080 fsleep syz-executor.2 54961 213680 12395 0 2 0 syz-executor.6 54961 27707 12395 0 2 0x4000000 syz-executor.6 45393 192838 40601 0 2 0x2 syz-executor.0 34363 150368 40601 0 2 0x482 syz-executor.1 94352 137134 40601 0 2 0x2 syz-executor.3 12395 106641 40601 0 2 0x482 syz-executor.6 91982 343581 40601 0 2 0x482 syz-executor.2 2106 265455 40601 0 2 0x2 syz-executor.7 86393 470025 0 0 3 0x14280 nfsidl nfsio 23674 263918 0 0 3 0x14280 nfsidl nfsio 12883 232991 0 0 3 0x14280 nfsidl nfsio 29272 319188 0 0 3 0x14280 nfsidl nfsio 28361 353037 0 0 3 0x14280 nfsidl nfsio 33869 238881 0 0 3 0x14280 nfsidl nfsio 5532 241142 0 0 3 0x14280 nfsidl nfsio 98231 438580 0 0 3 0x14280 nfsidl nfsio 62409 419841 0 0 3 0x14280 nfsidl nfsio 1953 509888 0 0 3 0x14280 nfsidl nfsio 30857 168274 0 0 3 0x14280 nfsidl nfsio 79524 115458 0 0 3 0x14280 nfsidl nfsio 64596 467282 0 0 3 0x14280 nfsidl nfsio 66936 47480 0 0 3 0x14280 nfsidl nfsio 48254 48464 0 0 3 0x14280 nfsidl nfsio 38668 308144 40601 0 2 0x482 syz-executor.4 24502 290631 1 0 3 0x100083 ttyin getty 57473 23330 0 0 3 0x14280 nfsidl nfsio 41556 340468 0 0 3 0x14280 nfsidl nfsio 20495 413383 0 0 3 0x14280 nfsidl nfsio 42039 399674 0 0 3 0x14280 nfsidl nfsio 46119 99037 0 0 3 0x14280 nfsidl nfsio 88730 205145 0 0 3 0x14200 bored sosplice 40601 196136 6677 0 3 0x2000082 wait syz-fuzzer 40601 251716 6677 0 3 0x6000082 nanoslp syz-fuzzer *40601 13085 6677 0 7 0x6000002 syz-fuzzer 40601 363309 6677 0 3 0x6000082 wait syz-fuzzer 40601 451988 6677 0 3 0x6000082 wait syz-fuzzer 40601 205266 6677 0 2 0x6000002 syz-fuzzer 40601 337159 6677 0 3 0x6000082 thrsleep syz-fuzzer 40601 148497 6677 0 3 0x6000082 thrsleep syz-fuzzer 40601 160674 6677 0 3 0x6000082 thrsleep syz-fuzzer 40601 428540 6677 0 3 0x6000082 thrsleep syz-fuzzer 40601 24277 6677 0 3 0x6000082 thrsleep syz-fuzzer 40601 322901 6677 0 3 0x6000082 wait syz-fuzzer 40601 373086 6677 0 3 0x6000082 wait syz-fuzzer 40601 475012 6677 0 3 0x6000082 wait syz-fuzzer 40601 102592 6677 0 3 0x6000082 wait syz-fuzzer 40601 195724 6677 0 3 0x6000082 thrsleep syz-fuzzer 6677 32159 79108 0 3 0x10008a sigsusp ksh 79108 122689 13644 0 3 0x9a kqread sshd 13644 193768 1 0 3 0x88 kqread sshd 37542 115607 46255 74 3 0x1100092 bpf pflogd 46255 79065 1 0 3 0x80 netio pflogd 25556 100370 989 73 3 0x1100090 kqread syslogd 989 252438 1 0 3 0x100082 netio syslogd 1649 223928 1 0 3 0x100080 kqread resolvd 13863 281070 2869 77 3 0x100092 kqread dhcpleased 53894 463516 2869 77 3 0x100092 kqread dhcpleased 2869 57502 1 0 3 0x80 kqread dhcpleased 30004 96970 0 0 3 0x14200 bored smr 71902 81438 0 0 2 0x14200 zerothread 89345 387118 0 0 3 0x14200 aiodoned aiodoned 18406 155031 0 0 3 0x14200 syncer update 33513 413366 0 0 3 0x14200 cleaner cleaner 4118 372269 0 0 3 0x14200 reaper reaper 18590 133191 0 0 3 0x14200 pgdaemon pagedaemon 40258 408331 0 0 3 0x14200 bored viomb 40283 231645 0 0 3 0x40014200 acpi0 acpi0 60969 509640 0 0 7 0x40014200 idle1 81054 388440 0 0 3 0x14200 bored softnet3 44394 437826 0 0 3 0x14200 bored softnet2 18109 362444 0 0 3 0x14200 bored softnet1 74913 377355 0 0 3 0x14200 bored softnet0 49675 163564 0 0 3 0x14200 bored systqmp 33249 136075 0 0 3 0x14200 bored systq 80674 84873 0 0 3 0x14200 tmoslp softclockmp 24315 50717 0 0 3 0x40014200 tmoslp softclock 17771 223953 0 0 3 0x40014200 idle0 1 504662 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex /syzkaller/managers/multicore/kernel/sys/kern/kern_timeout.c:57 r = 0 (0xffffffff82d6b610) #0 witness_lock+0x447 #1 mtx_enter_try+0x104 #2 mtx_enter+0x4f sys/kern/kern_lock.c:266 #3 softclock_process_tick_timeout+0x1b2 sys/kern/kern_timeout.c:723 #4 softclock+0x13a sys/kern/kern_timeout.c:755 #5 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 #6 Xsoftclock+0x27 Process 40601 (syz-fuzzer) thread 0xffff80002a18aaa0 (13085) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10214 6498K 7454K 166960K 16469 0 pcb 15 20K 22K 166960K 906 0 rtable 178 13K 15K 166960K 3039 0 pf 30 9K 10K 166960K 268 0 ifaddr 37 14K 17K 166960K 290 0 ifgroup 51 2K 2K 166960K 436 0 sysctl 4 1K 1K 166960K 12 0 counters 62 36K 37K 166960K 276 0 ioctlops 0 0K 4K 166960K 2550 0 iov 0 0K 32K 166960K 1814 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1475 92K 92K 166960K 5066 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 146 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 2373 0 dirhash 12 2K 2K 166960K 72 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 14 49K 89K 166960K 13805 0 sigio 0 0K 0K 166960K 425 0 proc 83 92K 128K 166960K 2472 0 subproc 91 5K 6K 166960K 631 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 1150 0 in_multi 68 5K 7K 166960K 650 0 ether_multi 1 0K 0K 166960K 8 0 mrt 1 0K 0K 166960K 4 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 223 996K 996K 166960K 223 0 exec 0 0K 1K 166960K 2385 0 pfkey data 0 0K 0K 166960K 3 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 478 544K 553K 166960K 133992 0 UVM aobj 131 4K 4K 166960K 131 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 519 0 NDP 11 0K 2K 166960K 214 0 temp 71 6771K 6900K 166960K 124188 0 kqueue 13 20K 26K 166960K 901 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 925 0 919 14 13 1 3 0 8 0 rtentry 112 1038 0 959 7 3 4 4 0 8 0 unpcb 144 11773 0 11756 117 113 4 11 0 8 3 syncache 336 88 0 88 15 14 1 1 0 8 1 tcpqe 32 693 0 693 12 11 1 2 0 8 1 tcpcb 808 6150 0 6137 124 122 2 16 0 8 0 arp 120 240 0 226 1 0 1 1 0 8 0 inpcb 392 12652 0 12635 187 179 8 16 0 8 5 nd6 136 148 0 133 1 0 1 1 0 8 0 pkpcb 40 49 0 49 12 11 1 1 0 8 1 kcovpl 48 48 0 41 1 0 1 1 0 8 0 ppxss 1168 29 0 29 10 10 0 1 0 8 0 pffrag 232 44 0 39 4 3 1 1 0 482 0 pffrnode 88 44 0 39 4 3 1 1 0 8 0 pffrent 40 114 0 109 5 4 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 367 0 347 1 0 1 1 0 8 0 pfstkey 128 367 0 347 3 1 2 2 0 8 0 pfstate 376 367 0 347 7 4 3 5 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 rttmr 136 1 0 1 1 1 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 3285 0 2957 64 35 29 31 0 8 3 art_table 32 3286 0 2957 5 1 4 4 0 8 0 art_node 16 1018 0 947 1 0 1 1 0 8 0 sysvmsgpl 40 3 0 3 1 1 0 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 2369 0 2359 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 57 0 40 3 0 3 3 0 8 0 dino2pl 256 18916 0 17415 95 0 95 95 0 8 0 ffsino 272 18916 0 17415 101 0 101 101 0 8 0 nchpl 144 37575 0 35921 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 124765 0 124765 14 13 1 2 0 8 1 percpumem 16 152 0 107 1 0 1 1 0 8 0 vcpupl 2048 192 0 0 24 0 24 24 0 8 0 vmpool 696 243 0 51 18 0 18 18 0 8 0 kstatmem 264 236 0 214 6 4 2 3 0 8 0 scxspl 216 110942 0 110942 40 39 1 8 1 8 1 plimitpl 152 1352 0 1337 1 0 1 1 0 8 0 sigapl 424 14132 0 14065 13 5 8 9 0 8 0 futexpl 64 114981 0 114978 4 3 1 1 0 8 0 knotepl 120 792 0 0 16 0 16 16 0 8 0 kqueuepl 216 2531 0 2521 55 54 1 12 0 8 0 pipepl 320 2198 0 2173 57 54 3 9 0 8 0 fdescpl 496 14031 0 14004 14 9 5 5 0 8 1 filepl 152 82858 0 82627 170 156 14 22 0 8 2 lockfpl 104 3077 0 3075 6 5 1 2 0 8 0 lockfspl 48 929 0 927 1 0 1 1 0 8 0 sessionpl 144 66 0 50 1 0 1 1 0 8 0 pgrppl 48 291 0 275 1 0 1 1 0 8 0 ucredpl 104 10493 0 10475 1 0 1 1 0 8 0 zombiepl 144 14066 0 14065 5 4 1 1 0 8 0 processpl 1136 14132 0 14065 8 2 6 6 0 8 0 procpl 680 36950 0 36862 14 5 9 9 0 8 0 srpgc 96 77 0 77 21 20 1 1 0 8 1 sosppl 168 123 0 120 19 18 1 1 0 8 0 sockpl 584 25418 0 25378 248 240 8 22 0 8 4 mcl64k 65536 24 0 0 3 0 3 3 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 20 0 0 2 0 2 2 0 8 0 mcl8k 8192 38 0 0 3 1 2 3 0 8 0 mcl4k 4096 46 0 0 5 3 2 3 0 8 0 mcl2k2 2112 12 0 0 1 0 1 1 0 8 0 mcl2k 2048 462 0 0 38 19 19 38 0 8 0 mtagpl 96 166 0 0 4 0 4 4 0 8 0 mbufpl 256 1337 0 0 58 0 58 58 0 8 0 bufpl 280 25880 0 19562 452 0 452 452 0 8 0 anonpl 24 1457010 0 1443075 255 142 113 194 0 186 0 amapchunkpl 152 430842 0 429993 126 86 40 69 0 158 0 amappl16 200 29681 0 29179 130 100 30 39 0 8 0 amappl15 192 99 0 97 1 0 1 1 0 8 0 amappl14 184 304 0 290 2 1 1 2 0 8 0 amappl13 176 15 0 15 3 3 0 1 0 8 0 amappl12 168 15337 0 15302 3 1 2 2 0 8 0 amappl11 160 68 0 53 1 0 1 1 0 8 0 amappl10 152 78 0 68 2 1 1 1 0 8 0 amappl9 144 357 0 356 1 0 1 1 0 8 0 amappl8 136 772 0 621 6 0 6 6 0 8 0 amappl7 128 322 0 295 3 1 2 3 0 8 0 amappl6 120 952 0 933 1 0 1 1 0 8 0 amappl5 112 418 0 405 1 0 1 1 0 8 0 amappl4 104 945 0 902 6 4 2 2 0 8 0 amappl3 96 82547 0 82461 5 2 3 3 0 8 0 amappl2 88 15141 0 15061 3 1 2 3 0 8 0 amappl1 80 60724 0 60173 23 10 13 23 0 8 0 amappl 88 132718 0 132460 8 1 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 14275 0 14056 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 14275 0 14056 2 0 2 2 0 8 0 vmmpekpl 168 101621 0 101521 6 1 5 5 0 8 0 vmmpepl 168 844664 0 841959 389 237 152 152 0 357 12 vmsppl 448 14274 0 14056 29 4 25 25 0 8 0 rwobjpl 56 205964 0 198183 127 13 114 114 0 8 0 pdppl 4096 28557 0 28304 843 582 261 263 0 8 8 pvpl 32 45636 0 0 370 1 369 369 0 265 0 pmappl 248 14274 0 14056 15 1 14 14 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1698 0 1050 19 0 19 19 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace softclock(0) at softclock+0xd7 sys/kern/kern_timeout.c:751 softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x27 end of kernel end trace frame: 0x24d360670, count: -3 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffff800029cebff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800029cebff0) at sched_idle+0x41e sys/kern/kern_sched.c:183 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800029cebff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800029cebff0) at sched_idle+0x41e sys/kern/kern_sched.c:183 end trace frame: 0x0, count: -5