uvm_fault(0xffffffff8387ec10, 0xffff80003c425970, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at witness_checkorder+0xb5: movl 0x20(%r14),%r15d
TID PID UID PRFLAGS PFLAGS CPU COMMAND
witness_checkorder(ffff80003c425950,9,0) at witness_checkorder+0xb5 sys/kern/subr_witness.c:779
mtx_enter(ffff80003c425940) at mtx_enter+0x4a sys/kern/kern_lock.c:260
filt_procdetach(fffffd805e7525a8) at filt_procdetach+0x4d sys/kern/kern_event.c:432
knote_remove(ffff80003c4222c0,fffffd806f036540,fffffd806f0365e0,33,1) at knote_remove+0x2db sys/kern/kern_event.c:-1
kqueue_purge(ffff80003c4222c0,fffffd806f036540) at kqueue_purge+0x137 sys/kern/kern_event.c:1890
kqueue_close(fffffd80612d0b90,ffff80003c4222c0) at kqueue_close+0x48 sys/kern/kern_event.c:1934
fdrop(fffffd80612d0b90,ffff80003c4222c0) at fdrop+0x121 sys/kern/kern_descrip.c:1280
closef(fffffd80612d0b90,ffff80003c4222c0) at closef+0x192 sys/kern/kern_descrip.c:1264
fdfree(ffff80003c4222c0) at fdfree+0x116 sys/kern/kern_descrip.c:1195
exit1(ffff80003c4222c0,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff80003c4222c0,ffff80003c44fe20,ffff80003c44fd70) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80003c44fe20) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c44fe20) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:746
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f0d8abeea80, count: 2
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: uvm_fault(0xffffffff8387ec10, 0xffff80003c425970, 0, 1) -> e
ddb{0}> trace
witness_checkorder(ffff80003c425950,9,0) at witness_checkorder+0xb5 sys/kern/subr_witness.c:779
mtx_enter(ffff80003c425940) at mtx_enter+0x4a sys/kern/kern_lock.c:260
filt_procdetach(fffffd805e7525a8) at filt_procdetach+0x4d sys/kern/kern_event.c:432
knote_remove(ffff80003c4222c0,fffffd806f036540,fffffd806f0365e0,33,1) at knote_remove+0x2db sys/kern/kern_event.c:-1
kqueue_purge(ffff80003c4222c0,fffffd806f036540) at kqueue_purge+0x137 sys/kern/kern_event.c:1890
kqueue_close(fffffd80612d0b90,ffff80003c4222c0) at kqueue_close+0x48 sys/kern/kern_event.c:1934
fdrop(fffffd80612d0b90,ffff80003c4222c0) at fdrop+0x121 sys/kern/kern_descrip.c:1280
closef(fffffd80612d0b90,ffff80003c4222c0) at closef+0x192 sys/kern/kern_descrip.c:1264
fdfree(ffff80003c4222c0) at fdfree+0x116 sys/kern/kern_descrip.c:1195
exit1(ffff80003c4222c0,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff80003c4222c0,ffff80003c44fe20,ffff80003c44fd70) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80003c44fe20) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c44fe20) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:746
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f0d8abeea80, count: -13
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80003c44f9d0
rbx 0
rdx 0
rcx 0xffff80003c4222c0
rax 0xffffffff837c9ffe cpu_info_full_primary+0x1ffe
r8 0x1
r9 0
r10 0xb8c5dec1966fa561
r11 0x7fa9c9b952534d77
r12 0xffffffff83690cfe proc_filtops+0x26
r13 0x9
r14 0xffff80003c425950
r15 0
rip 0xffffffff82b5aa75 witness_checkorder+0xb5
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80003c44f930
ss 0x10
witness_checkorder+0xb5: movl 0x20(%r14),%r15d
ddb{0}> show proc
PROC (syz-executor) tid=337864 pid=8886 tcnt=0 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0xffff80003c4222c0 scnt=-1 ecnt=1
forw=0xffffffffffffffff, list=0xffff80003c423a18,0xffff80003c422800
process=0xffff80002a3cc4e8 user=0xffff80003c44a000, vmspace=0xfffffd806b9a8200
estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
72538 347493 56391 0 2 0 syz-executor
72538 238035 56391 0 3 0x4000000 smrbar syz-executor
53255 127372 71910 0 2 0 syz-executor
53255 144945 71910 0 3 0x4000080 fsleep syz-executor
77134 273632 36592 0 3 0x80 nanoslp syz-executor
77134 2261 36592 0 3 0x4000080 kqsel syz-executor
77134 506837 36592 0 3 0x4000080 fsleep syz-executor
77134 474993 36592 0 3 0x4000080 fsleep syz-executor
56913 123096 96291 0 2 0 syz-executor
56913 435607 96291 0 3 0x4000080 ttyout syz-executor
56913 423304 96291 0 3 0x4000080 fsleep syz-executor
64016 134956 30447 0 2 0x82000 syz-executor
64016 413612 30447 0 3 0x4002000 suspend syz-executor
84160 220716 18383 0 2 0 syz-executor
84160 223685 18383 0 3 0x4000080 fsleep syz-executor
19074 126910 57409 0 2 0 syz-executor
19074 327631 57409 0 3 0x4000080 sbwait syz-executor
19074 32148 57409 0 3 0x4000080 fsleep syz-executor
56391 234627 77445 0 3 0x82 nanoslp syz-executor
65015 58066 0 0 3 0x14200 acct acct
27336 436752 0 0 3 0x14200 bored sosplice
22865 135748 77445 0 3 0x82 nanoslp syz-executor
57409 445253 77445 0 3 0x82 nanoslp syz-executor
96291 123195 77445 0 3 0x82 nanoslp syz-executor
18383 414309 77445 0 3 0x82 nanoslp syz-executor
71910 424443 77445 0 3 0x82 nanoslp syz-executor
30447 493954 77445 0 3 0x82 nanoslp syz-executor
36592 234488 77445 0 2 0x2 syz-executor
77445 314540 21902 0 3 0x82 kqread syz-executor
21902 101016 22739 0 3 0x10008a sigsusp ksh
22739 218323 22787 0 3 0x98 kqread sshd-session
22787 393565 85381 0 3 0x92 kqread sshd-session
56204 339550 1 0 3 0x100083 ttyin getty
85381 356440 1 0 3 0x88 kqread sshd
22751 426972 47774 74 3 0x1100092 bpf pflogd
47774 470830 1 0 3 0x80 sbwait pflogd
39737 432445 5126 73 3 0x1100090 kqread syslogd
5126 331727 1 0 3 0x100082 sbwait syslogd
77659 58445 1 0 3 0x100080 kqread resolvd
77356 68917 29841 77 3 0x100092 kqread dhcpleased
49596 390037 29841 77 3 0x100092 kqread dhcpleased
29841 150238 1 0 3 0x80 kqread dhcpleased
55709 300818 0 0 3 0x14200 bored smr
48933 70645 0 0 2 0x14200 zerothread
80416 310939 0 0 3 0x14200 aiodoned aiodoned
86906 90846 0 0 3 0x14200 syncer update
97210 270947 0 0 3 0x14200 cleaner cleaner
56311 515475 0 0 3 0x14200 reaper reaper
53683 405725 0 0 3 0x14200 pgdaemon pagedaemon
79673 84113 0 0 3 0x14200 bored viomb
91794 144151 0 0 3 0x40014200 acpi0 acpi0
15440 518879 0 0 7 0x40014200 idle1
89139 371408 0 0 3 0x14200 bored softnet1
16866 150135 0 0 3 0x14200 bored softnet0
82816 168522 0 0 3 0x14200 smrbar systqmp
19469 236084 0 0 3 0x14200 bored systq
12466 83685 0 0 3 0x14200 tmoslp softclockmp
53267 504930 0 0 3 0x40014200 tmoslp softclock
26041 284551 0 0 3 0x40014200 idle0
1 297110 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{0}> show all locks
Process 72538 (syz-executor) thread 0xffff80003c408fb0 (238035)
exclusive rwlock clonelk r = 0 (0xffffffff8377f478)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 if_clone_destroy+0x67 sys/net/if.c:-1
#3 ifioctl+0x59d sys/net/if.c:2092
#4 sys_ioctl+0x674 sys/kern/sys_generic.c:-1
#5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:746
#6 Xsyscall+0x128
Process 82816 (systqmp) thread 0xffff8000ffffe000 (168522)
shared rwlock systqmp r = 0 (0xffffffff837aaa98)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 taskq_thread+0x12a sys/kern/kern_task.c:442
#2 proc_trampoline+0x10
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10235 11163K 11763K 166960K 11818 0
pcb 17 12K 12K 166960K 76 0
rtable 220 7K 8K 166960K 341 0
pf 35 17K 22K 166960K 82 0
ifaddr 43 7K 8K 166960K 66 0
ifgroup 55 2K 2K 166960K 95 0
sysctl 3 1K 9K 166960K 7 0
counters 68 36K 37K 166960K 110 0
ioctlops 0 0K 4K 166960K 1530 0
iov 0 0K 12K 166960K 12 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1372 86K 87K 166960K 1601 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 6 0
VM map 2 1K 1K 166960K 2 0
sem 11 0K 0K 166960K 51 0
dirhash 12 2K 2K 166960K 15 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 89K 166960K 372 0
sigio 0 0K 0K 166960K 7 0
proc 72 115K 164K 166960K 591 0
subproc 72 4K 4K 166960K 81 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 16 0
in_multi 99 7K 7K 166960K 120 0
ether_multi 1 0K 0K 166960K 2 0
mrt 0 0K 0K 166960K 5 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 235 1049K 1049K 166960K 235 0
exec 0 0K 1K 166960K 527 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 251 160K 179K 166960K 5140 0
UVM aobj 8 2K 2K 166960K 10 0
pinsyscall 43 86K 100K 166960K 1511 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 5 0
NDP 14 0K 2K 166960K 43 0
temp 45 8643K 8710K 166960K 21549 0
kqueue 16 24K 30K 166960K 71 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 54 0 51 1 0 1 1 0 8 0
rtentry 176 120 0 24 5 0 5 5 0 8 0
unpcb 144 248 0 226 4 3 1 4 0 8 0
syncache 336 4 0 4 1 1 0 1 0 8 0
tcpcb 736 90 0 85 4 3 1 4 0 8 0
arp 136 14 0 4 1 0 1 1 0 8 0
inpcb 328 340 0 332 7 6 1 7 0 8 0
nd6 144 19 0 2 1 0 1 1 0 8 0
pkpcb 40 1 0 1 1 1 0 1 0 8 0
kcovpl 48 9 0 1 1 0 1 1 0 8 0
ppxss 1192 15 0 15 1 1 0 1 0 8 0
pppxif 1504 3 0 3 1 1 0 1 0 8 0
pffrag 232 3 0 0 1 0 1 1 0 482 0
pffrnode 88 3 0 0 1 0 1 1 0 8 0
pffrent 40 3 0 0 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfanchor 1288 1 0 0 1 0 1 1 0 8 0
pfstitem 24 32 0 0 1 0 1 1 0 8 0
pfstkey 128 34 0 2 2 0 2 2 0 8 0
pfstate 384 32 0 1 4 0 4 4 0 8 0
pfrule 1344 23 0 17 2 1 1 2 0 8 0
rttmr 136 2 0 2 1 1 0 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 535 0 90 30 2 28 30 0 8 0
art_table 40 537 0 90 5 0 5 5 0 8 0
art_node 32 120 0 34 1 0 1 1 0 8 0
sysvmsgpl 40 41 0 1 1 0 1 1 0 8 0
semapl 112 48 0 39 1 0 1 1 0 8 0
shmpl 112 7 0 2 1 0 1 1 0 8 0
dirhash 1024 19 0 2 3 0 3 3 0 8 0
dino2pl 256 2002 0 491 96 0 96 96 0 8 0
ffsino 296 2002 0 491 117 0 117 117 0 8 0
nchpl 144 2500 0 810 64 1 63 64 0 8 0
rtmask 32 4 0 4 1 1 0 1 0 8 0
uvmvnodes 80 2231 0 0 46 0 46 46 0 8 0
vnodes 216 2231 0 0 124 0 124 124 0 8 0
namei 1024 8631 0 8631 3 2 1 2 0 8 1
percpumem 16 70 0 21 1 0 1 1 0 8 0
kstatmem 264 52 0 26 3 1 2 3 0 8 0
scsiplug 72 2 0 2 1 1 0 1 0 8 0
scxspl 216 11239 0 11239 3 2 1 2 1 8 1
plimitpl 152 184 0 164 1 0 1 1 0 8 0
sigapl 424 690 0 640 7 1 6 7 0 8 0
knotepl 120 364 0 0 12 0 12 12 0 8 0
kqueuepl 224 208 0 195 3 2 1 3 0 8 0
pipepl 344 130 0 103 3 0 3 3 0 8 0
fdescpl 528 660 0 628 3 0 3 3 0 8 0
filepl 160 3369 0 3084 16 4 12 16 0 8 0
lockfpl 104 91 0 87 1 0 1 1 0 8 0
lockfspl 48 43 0 39 1 0 1 1 0 8 0
sessionpl 144 24 0 15 1 0 1 1 0 8 0
pgrppl 48 36 0 19 1 0 1 1 0 8 0
ucredpl 104 497 0 482 1 0 1 1 0 8 0
zombiepl 144 641 0 640 2 1 1 1 0 8 0
processpl 1232 690 0 640 6 2 4 5 0 8 0
procpl 664 1083 0 1022 6 0 6 6 0 8 0
sosppl 168 1 0 1 1 1 0 1 0 8 0
sockpl 752 652 0 619 18 14 4 18 0 8 0
mcl64k 65536 4 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 116 0 0 15 0 15 15 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 51 0 0 7 0 7 7 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 762 0 0 48 0 48 48 0 8 0
bufpl 280 4768 0 123 332 0 332 332 0 8 0
anonpl 32 7716 0 0 63 0 63 63 0 246 0
amapchunkpl 152 15852 0 15323 31 10 21 27 0 158 0
amappl16 200 2373 0 2314 15 10 5 15 0 8 0
amappl15 192 12 0 12 1 1 0 1 0 8 0
amappl14 184 117 0 105 1 0 1 1 0 8 0
amappl13 176 4 0 4 1 1 0 1 0 8 0
amappl12 168 1353 0 1321 4 2 2 3 0 8 0
amappl11 160 54 0 40 1 0 1 1 0 8 0
amappl10 152 94 0 94 1 1 0 1 0 8 0
amappl9 144 262 0 262 1 1 0 1 0 8 0
amappl8 136 38 0 34 1 0 1 1 0 8 0
amappl7 128 110 0 98 1 0 1 1 0 8 0
amappl6 120 190 0 187 1 0 1 1 0 8 0
amappl5 112 128 0 119 1 0 1 1 0 8 0
amappl4 104 301 0 282 1 0 1 1 0 8 0
amappl3 96 2604 0 2500 4 1 3 3 0 8 0
amappl2 88 898 0 820 2 0 2 2 0 8 0
amappl1 80 9627 0 9023 14 0 14 14 0 8 0
amappl 88 4396 0 4217 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 9 0 2 1 0 1 1 0 8 0
uaddrrnd 24 660 0 628 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 660 0 628 1 0 1 1 0 8 0
vmmpekpl 168 6924 0 6882 3 0 3 3 0 8 0
vmmpepl 168 48276 0 46225 104 13 91 101 0 357 1
vmsppl 488 659 0 628 5 0 5 5 0 8 0
rwobjpl 80 17969 0 14760 67 0 67 67 0 8 1
pdppl 4096 1328 0 1256 106 32 74 84 0 8 2
pvpl 32 14793 0 0 120 0 120 120 0 265 0
pmappl 256 659 0 628 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 323 0 42 9 0 9 9 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
witness_checkorder(ffff80003c425950,9,0) at witness_checkorder+0xb5 sys/kern/subr_witness.c:779
mtx_enter(ffff80003c425940) at mtx_enter+0x4a sys/kern/kern_lock.c:260
filt_procdetach(fffffd805e7525a8) at filt_procdetach+0x4d sys/kern/kern_event.c:432
knote_remove(ffff80003c4222c0,fffffd806f036540,fffffd806f0365e0,33,1) at knote_remove+0x2db sys/kern/kern_event.c:-1
kqueue_purge(ffff80003c4222c0,fffffd806f036540) at kqueue_purge+0x137 sys/kern/kern_event.c:1890
kqueue_close(fffffd80612d0b90,ffff80003c4222c0) at kqueue_close+0x48 sys/kern/kern_event.c:1934
fdrop(fffffd80612d0b90,ffff80003c4222c0) at fdrop+0x121 sys/kern/kern_descrip.c:1280
closef(fffffd80612d0b90,ffff80003c4222c0) at closef+0x192 sys/kern/kern_descrip.c:1264
fdfree(ffff80003c4222c0) at fdfree+0x116 sys/kern/kern_descrip.c:1195
exit1(ffff80003c4222c0,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff80003c4222c0,ffff80003c44fe20,ffff80003c44fd70) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80003c44fe20) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c44fe20) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:746
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f0d8abeea80, count: -13
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
acpicpu_idle() at acpicpu_idle+0x457 sys/dev/acpi/acpicpu_x86.c:1224
sched_idle(ffff8000299edff0) at sched_idle+0x391 sys/kern/kern_sched.c:191
end trace frame: 0x0, count: 10
ddb{1}> trace
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
acpicpu_idle() at acpicpu_idle+0x457 sys/dev/acpi/acpicpu_x86.c:1224
sched_idle(ffff8000299edff0) at sched_idle+0x391 sys/kern/kern_sched.c:191
end trace frame: 0x0, count: -5