uvm_fault(0xffffffff82e3acf8, 0x8, 0, 2) -> e kernel: page fault trap, code=2 Stopped at softclock+0xd7: movq %rcx,0x8(%rax) TID PID UID PRFLAGS PFLAGS CPU COMMAND 252974 74051 0 0x2 0 1 syz-executor.3 softclock(0) at softclock+0xd7 sys/kern/kern_timeout.c:751 softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x27 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffffffff82c9aff0) at sched_idle+0x41e sys/kern/kern_sched.c:183 end trace frame: 0x0, count: 10 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xffffffff82e3acf8, 0x8, 0, 2) -> e ddb{0}> trace softclock(0) at softclock+0xd7 sys/kern/kern_timeout.c:751 softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x27 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffffffff82c9aff0) at sched_idle+0x41e sys/kern/kern_sched.c:183 end trace frame: 0x0, count: -5 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002a102230 rbx 0xffffffff82e3c6c0 timeout_todo rdx 0 rcx 0xffffffff82e3c6c0 timeout_todo rax 0 r8 0xba r9 0xba r10 0x7b03d2068a4a75cf r11 0x3998f307d57a7dda r12 0xffffffff r13 0xffffffff82d8a340 rdrand_tmo r14 0 r15 0xfffffd80687fbf00 rip 0xffffffff81875a37 softclock+0xd7 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002a1021f0 ss 0x10 softclock+0xd7: movq %rcx,0x8(%rax) ddb{0}> show proc PROC (idle0) tid=191540 pid=60419 tcnt=1 stat=onproc flags process=14000 proc=40000200 runpri=0, usrpri=50, slppri=0, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0x3bb6bfd199dcdfb7, list=0xffff80002a0fc7e8,0xffff80002a0fc000 process=0xffff8000ffffec60 user=0xffff80002a0fd000, vmspace=0xffffffff82e3acf8 estcpu=0, cpticks=26211, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 4108 309077 26251 0 3 0x82 piperd syz-executor.6 12793 137160 26251 0 3 0x82 piperd syz-executor.4 51096 350499 26251 0 3 0x82 piperd syz-executor.5 60988 87816 26251 0 3 0x82 piperd syz-executor.7 9528 464961 26251 0 3 0x82 piperd syz-executor.0 74051 252974 26251 0 7 0x2 syz-executor.3 81170 418589 26251 0 3 0x82 piperd syz-executor.2 59598 220267 26251 0 3 0x82 piperd syz-executor.1 90112 980 1 0 3 0x100083 ttyopn getty 41713 463751 0 0 3 0x14200 acct acct 92429 84514 0 0 3 0x14280 nfsidl nfsio 45560 154375 0 0 3 0x14280 nfsidl nfsio 33976 516345 0 0 3 0x14280 nfsidl nfsio 17826 193958 0 0 3 0x14280 nfsidl nfsio 84622 408393 0 0 3 0x14280 nfsidl nfsio 20352 164262 0 0 3 0x14280 nfsidl nfsio 13422 326962 0 0 3 0x14280 nfsidl nfsio 3361 417818 0 0 3 0x14280 nfsidl nfsio 94209 127575 0 0 3 0x14280 nfsidl nfsio 25890 414089 0 0 3 0x14280 nfsidl nfsio 86775 317700 0 0 3 0x14280 nfsidl nfsio 80013 4226 0 0 3 0x14280 nfsidl nfsio 96433 88660 0 0 3 0x14280 nfsidl nfsio 35984 479652 0 0 3 0x14280 nfsidl nfsio 65629 388961 0 0 3 0x14280 nfsidl nfsio 24932 151805 0 0 3 0x14280 nfsidl nfsio 56161 68757 0 0 3 0x14280 nfsidl nfsio 14696 115226 0 0 3 0x14280 nfsidl nfsio 21964 472723 0 0 3 0x14280 nfsidl nfsio 3769 270980 0 0 3 0x14280 nfsidl nfsio 45920 51529 0 0 3 0x14200 bored sosplice 26251 189223 31747 0 3 0x2000082 thrsleep syz-fuzzer 26251 169114 31747 0 3 0x6000082 thrsleep syz-fuzzer 26251 45896 31747 0 3 0x6000082 thrsleep syz-fuzzer 26251 489436 31747 0 3 0x6000082 wait syz-fuzzer 26251 40238 31747 0 3 0x6000082 kqread syz-fuzzer 26251 492166 31747 0 3 0x6000082 wait syz-fuzzer 26251 82913 31747 0 3 0x6000082 wait syz-fuzzer 26251 137071 31747 0 3 0x6000082 thrsleep syz-fuzzer 26251 97779 31747 0 3 0x6000082 wait syz-fuzzer 26251 60280 31747 0 3 0x6000082 thrsleep syz-fuzzer 26251 150277 31747 0 3 0x6000082 thrsleep syz-fuzzer 26251 193522 31747 0 3 0x6000082 wait syz-fuzzer 26251 459074 31747 0 3 0x6000082 wait syz-fuzzer 26251 463193 31747 0 3 0x6000082 thrsleep syz-fuzzer 26251 396077 31747 0 3 0x6000082 wait syz-fuzzer 26251 245383 31747 0 3 0x6000082 wait syz-fuzzer 31747 250510 49514 0 3 0x10008a sigsusp ksh 49514 468554 61279 0 3 0x9a kqread sshd 61279 55994 1 0 3 0x88 kqread sshd 78742 472789 54170 74 3 0x1100092 bpf pflogd 54170 457956 1 0 3 0x80 netio pflogd 76435 459343 97027 73 3 0x1100090 kqread syslogd 97027 369807 1 0 3 0x100082 netio syslogd 51477 236301 1 0 3 0x100080 kqread resolvd 54708 196098 72424 77 3 0x100092 kqread dhcpleased 34464 448093 72424 77 3 0x100092 kqread dhcpleased 72424 273076 1 0 3 0x80 kqread dhcpleased 4176 292478 0 0 3 0x14200 bored smr 62408 433331 0 0 3 0x14200 pgzero zerothread 33227 266530 0 0 3 0x14200 aiodoned aiodoned 8478 71001 0 0 3 0x14200 syncer update 72408 233149 0 0 3 0x14200 cleaner cleaner 80254 441561 0 0 3 0x14200 reaper reaper 42306 221338 0 0 3 0x14200 pgdaemon pagedaemon 98500 459205 0 0 3 0x14200 bored viomb 851 371034 0 0 3 0x40014200 acpi0 acpi0 43596 519529 0 0 3 0x40014200 idle1 64739 418785 0 0 3 0x14200 bored softnet3 50956 132867 0 0 3 0x14200 bored softnet2 78985 184000 0 0 3 0x14200 bored softnet1 9465 381508 0 0 3 0x14200 bored softnet0 24183 214656 0 0 3 0x14200 bored systqmp 18986 220129 0 0 3 0x14200 bored systq 71256 211645 0 0 3 0x14200 tmoslp softclockmp 38170 191948 0 0 3 0x40014200 tmoslp softclock *60419 191540 0 0 7 0x40014200 idle0 1 494975 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex /syzkaller/managers/multicore/kernel/sys/kern/kern_timeout.c:57 r = 0 (0xffffffff82cdd850) #0 witness_lock+0x447 #1 mtx_enter_try+0x104 #2 mtx_enter+0x4f sys/kern/kern_lock.c:266 #3 softclock_process_tick_timeout+0x1b2 sys/kern/kern_timeout.c:723 #4 softclock+0x13a sys/kern/kern_timeout.c:755 #5 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 #6 Xsoftclock+0x27 #7 acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 #8 sched_idle+0x41e sys/kern/kern_sched.c:183 #9 proc_trampoline+0x10 Process 60419 (idle0) thread 0xffff80002a0fc298 (191540) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10226 6507K 6867K 166960K 18683 0 pcb 15 18K 20K 166960K 909 0 rtable 232 9K 9K 166960K 2345 0 pf 40 10K 11K 166960K 303 0 ifaddr 47 17K 17K 166960K 281 0 ifgroup 73 3K 3K 166960K 477 0 sysctl 4 1K 2K 166960K 7 0 counters 70 37K 37K 166960K 316 0 ioctlops 0 0K 4K 166960K 2207 0 iov 0 0K 32K 166960K 1248 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1412 88K 88K 166960K 5136 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 112 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 1133 0 dirhash 12 2K 2K 166960K 78 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 11 37K 85K 166960K 12467 0 sigio 0 0K 0K 166960K 505 0 proc 73 91K 116K 166960K 1822 0 subproc 104 6K 6K 166960K 507 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 742 0 in_multi 98 7K 7K 166960K 529 0 ether_multi 1 0K 0K 166960K 8 0 mrt 1 0K 0K 166960K 6 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 223 996K 996K 166960K 223 0 exec 0 0K 1K 166960K 2130 0 pfkey data 0 0K 4K 166960K 6 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 412 269K 271K 166960K 123597 0 UVM aobj 131 6K 7K 166960K 146 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 503 0 NDP 17 0K 1K 166960K 216 0 temp 75 6772K 6900K 166960K 83576 0 kqueue 12 18K 26K 166960K 763 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 873 0 870 10 9 1 4 0 8 0 rtentry 112 598 0 492 6 2 4 4 0 8 0 unpcb 144 9830 0 9815 125 121 4 8 0 8 3 syncache 336 204 0 204 24 24 0 1 0 8 0 tcpqe 32 643 70 643 6 6 0 1 0 8 0 tcpcb 808 7004 0 6986 158 149 9 15 0 8 6 arp 120 112 0 96 1 0 1 1 0 8 0 inpcb 392 11381 0 11360 191 182 9 18 0 8 5 nd6 136 122 0 98 1 0 1 1 0 8 0 pkpcb 40 86 0 86 9 9 0 1 0 8 0 kcovpl 48 39 0 31 1 0 1 1 0 8 0 ppxss 1168 48 0 48 12 12 0 1 0 8 0 pffrag 232 85 0 85 9 9 0 1 0 482 0 pffrnode 88 85 0 85 9 9 0 1 0 8 0 pffrent 40 409 0 409 9 9 0 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 394 0 378 1 0 1 1 0 8 0 pfstkey 128 394 0 378 2 1 1 2 0 8 0 pfstate 376 394 0 378 15 13 2 9 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 rttmr 136 1 0 1 1 1 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2092 0 1638 43 14 29 32 0 8 0 art_table 32 2093 0 1638 5 1 4 5 0 8 0 art_node 16 552 0 456 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 8 1 1 0 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 1131 0 1121 1 0 1 1 0 8 0 shmpl 112 143 0 15 4 0 4 4 0 8 0 dirhash 1024 61 0 44 3 0 3 3 0 8 0 dino2pl 256 16923 0 15435 94 0 94 94 0 8 0 ffsino 272 16923 0 15435 100 0 100 100 0 8 0 nchpl 144 33506 0 31868 64 0 64 64 0 8 0 uvmvnodes 80 6250 0 0 128 0 128 128 0 8 0 vnodes 216 6250 0 0 348 0 348 348 0 8 0 namei 1024 105395 0 105395 19 18 1 2 0 8 1 percpumem 16 172 0 123 1 0 1 1 0 8 0 vcpupl 2048 118 0 1 15 0 15 15 0 8 0 vmpool 696 132 0 15 11 0 11 11 0 8 0 kstatmem 264 276 0 246 7 4 3 3 0 8 0 scxspl 216 103537 0 103537 28 25 3 8 1 8 3 plimitpl 152 754 0 738 1 0 1 1 0 8 0 sigapl 424 12741 0 12677 20 11 9 9 0 8 0 futexpl 64 90503 0 90503 6 5 1 1 0 8 1 knotepl 120 777 0 0 20 2 18 19 0 8 0 kqueuepl 216 1813 0 1805 39 38 1 5 0 8 0 pipepl 320 1736 0 1708 49 43 6 8 0 8 3 fdescpl 496 12700 0 12676 12 7 5 5 0 8 0 filepl 152 68535 0 68294 150 136 14 24 0 8 3 lockfpl 104 2529 0 2527 4 3 1 2 0 8 0 lockfspl 48 737 0 735 1 0 1 1 0 8 0 sessionpl 144 57 0 40 1 0 1 1 0 8 0 pgrppl 48 201 0 184 1 0 1 1 0 8 0 ucredpl 104 8047 0 8035 1 0 1 1 0 8 0 zombiepl 144 12678 0 12677 2 1 1 1 0 8 0 processpl 1136 12741 0 12677 6 0 6 6 0 8 0 procpl 680 34417 0 34338 31 22 9 10 0 8 0 srpgc 96 27 0 27 12 12 0 1 0 8 0 sosppl 168 156 0 155 11 10 1 1 0 8 0 sockpl 584 22376 0 22337 277 267 10 22 0 8 5 mcl64k 65536 18 0 0 3 0 3 3 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 41 0 0 2 0 2 2 0 8 0 mcl9k 9216 18 0 0 2 0 2 2 0 8 0 mcl8k 8192 29 0 0 3 1 2 3 0 8 0 mcl4k 4096 91 0 0 6 3 3 3 0 8 0 mcl2k2 2112 9 0 0 1 0 1 1 0 8 0 mcl2k 2048 458 0 0 34 14 20 34 0 8 0 mtagpl 96 221 0 0 5 1 4 5 0 8 0 mbufpl 256 4288 0 0 229 0 229 229 0 8 0 bufpl 280 22610 0 16292 452 0 452 452 0 8 0 anonpl 24 1266962 0 1254278 215 95 120 131 0 186 1 amapchunkpl 152 390451 0 389688 94 48 46 51 0 158 0 amappl16 200 24002 0 23425 105 70 35 42 0 8 3 amappl15 192 68 0 67 1 0 1 1 0 8 0 amappl14 184 274 0 258 2 1 1 2 0 8 0 amappl13 176 17 0 17 5 5 0 1 0 8 0 amappl12 168 13824 0 13795 3 1 2 2 0 8 0 amappl11 160 60 0 46 1 0 1 1 0 8 0 amappl10 152 78 0 63 1 0 1 1 0 8 0 amappl9 144 242 0 242 28 28 0 1 0 8 0 amappl8 136 716 0 597 5 0 5 5 0 8 0 amappl7 128 297 0 269 2 0 2 2 0 8 0 amappl6 120 799 0 785 1 0 1 1 0 8 0 amappl5 112 369 0 356 1 0 1 1 0 8 0 amappl4 104 838 0 804 3 1 2 2 0 8 0 amappl3 96 76587 0 76517 4 1 3 3 0 8 0 amappl2 88 13675 0 13596 3 1 2 3 0 8 0 amappl1 80 55181 0 54650 25 12 13 22 0 8 0 amappl 88 122490 0 122252 8 1 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 145 0 15 3 0 3 3 0 8 0 uaddrrnd 24 12832 0 12691 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 12832 0 12691 1 0 1 1 0 8 0 vmmpekpl 168 96598 0 96509 5 0 5 5 0 8 0 vmmpepl 168 764208 0 761738 519 363 156 182 0 357 25 vmsppl 448 12831 0 12691 28 11 17 17 0 8 0 rwobjpl 56 188401 0 180294 125 10 115 115 0 8 0 pdppl 4096 25671 0 25499 1341 1153 188 189 0 8 16 pvpl 32 42160 0 0 341 1 340 340 0 265 0 pmappl 248 12831 0 12691 13 3 10 10 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2427 0 1690 22 0 22 22 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace softclock(0) at softclock+0xd7 sys/kern/kern_timeout.c:751 softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x27 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffffffff82c9aff0) at sched_idle+0x41e sys/kern/kern_sched.c:183 end trace frame: 0x0, count: -5 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffff800029cebff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 kd_curproc sys/dev/kcov.c:589 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 sys/dev/kcov.c:158 __mp_lock(ffffffff82e6f748) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82e6f748) at __mp_lock+0x133 sys/kern/kern_lock.c:147 syscall(ffff800032515ed0) at syscall+0x51a mi_syscall sys/sys/syscall_mi.h:183 [inline] syscall(ffff800032515ed0) at syscall+0x51a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x77ed3f7157c0, count: 8 ddb{1}> trace x86_ipi_db(ffff800029cebff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 kd_curproc sys/dev/kcov.c:589 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 sys/dev/kcov.c:158 __mp_lock(ffffffff82e6f748) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82e6f748) at __mp_lock+0x133 sys/kern/kern_lock.c:147 syscall(ffff800032515ed0) at syscall+0x51a mi_syscall sys/sys/syscall_mi.h:183 [inline] syscall(ffff800032515ed0) at syscall+0x51a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x77ed3f7157c0, count: -7