login: uvm_fault(0xfffffd807f00a8a0, 0x8, 0, 1) -> e kernel: page fault trap, code=0 Stopped at witness_checkorder+0x121: movl 0x8(%r15),%ebx ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic kernel page fault uvm_fault(0xfffffd807f00a8a0, 0x8, 0, 1) -> e witness_checkorder(ffff800000b15618,9,0) at witness_checkorder+0x121 sys/kern/subr_witness.c:776 end trace frame: 0xffff800021b614a0, count: 0 ddb{0}> trace witness_checkorder(ffff800000b15618,9,0) at witness_checkorder+0x121 sys/kern/subr_witness.c:776 mtx_enter(ffff800000b15608) at mtx_enter+0x3a sys/kern/kern_lock.c:265 filt_bpfread(fffffd806ebc47e0,0) at filt_bpfread+0x4e sys/net/bpf.c:1210 kqueue_register(fffffd80774ef9c0,ffff800021b61590,ffff800020abe508) at kqueue_register+0x425 sys/kern/kern_event.c:664 sys_kevent(ffff800020abe508,ffff800021b61758,ffff800021b617a0) at sys_kevent+0x2b1 sys/kern/kern_event.c:527 syscall(ffff800021b61820) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline] syscall(ffff800021b61820) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff80,0,6,d0aabf3b0e0) at Xsyscall+0x128 end of kernel end trace frame: 0xd0d7d32fe50, count: -7 ddb{0}> show registers rdi 0xffffffff81165884 witness_checkorder+0xf4 rsi 0x9e rbp 0xffff800021b61460 rbx 0x70 rdx 0x9f rcx 0xffff800022198000 rax 0xffffffff8248eff0 cpu_info_full_primary+0x1ff0 r8 0x7f7fffffc000 r9 0x23 r10 0x9d41ae5cece846fc r11 0xe3e2b839bfb6c6ef r12 0xdeafbeaddeafbead r13 0 r14 0xffff800020abe508 r15 0 rip 0xffffffff811658b1 witness_checkorder+0x121 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800021b613c0 ss 0x10 witness_checkorder+0x121: movl 0x8(%r15),%ebx ddb{0}> show proc PROC (syz-executor.0) pid=64818 stat=onproc flags process=0 proc=4000000 pri=73, usrpri=73, nice=20 forw=0xffffffffffffffff, list=0xffff800020abe290,0xffff800020abf660 process=0xffff800020adc700 user=0xffff800021b5c000, vmspace=0xfffffd807f00a8a0 estcpu=23, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 69271 307634 46182 0 7 0 syz-executor.0 69271 52978 46182 0 3 0x4000080 kqread syz-executor.0 *69271 64818 46182 0 7 0x4000000 syz-executor.0 69271 226207 46182 0 3 0x4000080 fsleep syz-executor.0 35537 108562 25026 0 3 0x82 piperd syz-executor.1 46182 313657 25026 0 3 0x82 nanosleep syz-executor.0 50269 464683 1 0 3 0x100083 ttyin getty 19147 329310 0 0 3 0x14200 acct acct 28094 80777 0 0 3 0x14200 bored sosplice 25026 101273 40061 0 3 0x82 thrsleep syz-fuzzer 25026 411793 40061 0 3 0x4000082 thrsleep syz-fuzzer 25026 17543 40061 0 3 0x4000082 thrsleep syz-fuzzer 25026 352848 40061 0 3 0x4000082 thrsleep syz-fuzzer 25026 266285 40061 0 3 0x4000082 thrsleep syz-fuzzer 25026 79635 40061 0 3 0x4000082 thrsleep syz-fuzzer 25026 184148 40061 0 3 0x4000082 thrsleep syz-fuzzer 25026 305381 40061 0 3 0x4000082 thrsleep syz-fuzzer 25026 36445 40061 0 3 0x4000082 thrsleep syz-fuzzer 25026 120802 40061 0 3 0x4000082 kqread syz-fuzzer 40061 307005 8614 0 3 0x10008a pause ksh 8614 364784 13949 0 3 0x92 select sshd 13949 229173 1 0 3 0x80 select sshd 27173 259621 84213 74 3 0x100092 bpf pflogd 84213 221156 1 0 3 0x80 netio pflogd 21883 410786 64830 73 3 0x100090 kqread syslogd 64830 142625 1 0 3 0x100082 netio syslogd 76803 17248 1 77 3 0x100090 poll dhclient 36813 156561 1 0 3 0x80 poll dhclient 94582 147946 0 0 3 0x14200 pgzero zerothread 12781 103077 0 0 3 0x14200 aiodoned aiodoned 82979 459560 0 0 3 0x14200 syncer update 26402 225365 0 0 3 0x14200 cleaner cleaner 85772 365486 0 0 3 0x14200 reaper reaper 70950 247597 0 0 3 0x14200 pgdaemon pagedaemon 26574 335984 0 0 3 0x14200 bored crynlk 55824 184174 0 0 3 0x14200 bored crypto 2285 451802 0 0 3 0x40014200 acpi0 acpi0 99711 151982 0 0 3 0x40014200 idle1 52581 127726 0 0 3 0x14200 bored softnet 65224 488382 0 0 3 0x14200 bored systqmp 71445 243519 0 0 3 0x14200 bored systq 62163 355424 0 0 3 0x40014200 bored softclock 37997 473953 0 0 3 0x40014200 idle0 63267 170163 0 0 3 0x14200 bored smr 1 414532 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 69271 (syz-executor.0) thread 0xffff800020abe508 (64818) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82622388) #0 witness_lock+0x52e sys/kern/subr_witness.c:1163 #1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline] #1 syscall+0x400 sys/arch/amd64/amd64/trap.c:555 #2 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9600 6462K 8472K 78643K 26972 0 0 pcb 13 12K 14K 78643K 831 0 0 rtable 107 13K 14K 78643K 2452 0 0 ifaddr 97 21K 24K 78643K 789 0 0 counters 39 33K 33K 78643K 39 0 0 ioctlops 0 0K 4K 78643K 1694 0 0 iov 0 0K 44K 78643K 763 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1244 78K 78K 78643K 7515 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 9K 78643K 52 0 0 VM map 29 14K 14K 78643K 48 0 0 sem 12 0K 1K 78643K 725 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1808 196K 290K 78643K 12765 0 0 file desc 5 13K 25K 78643K 3728 0 0 sigio 0 0K 0K 78643K 55 0 0 proc 62 63K 95K 78643K 1620 0 0 subproc 32 2K 2K 78643K 381 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 1K 78643K 532 0 0 in_multi 27 1K 2K 78643K 457 0 0 ether_multi 1 0K 0K 78643K 47 0 0 mrt 0 0K 0K 78643K 18 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 78 344K 344K 78643K 78 0 0 exec 0 0K 1K 78643K 838 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 164 299K 300K 78643K 15266 0 0 UVM aobj 130 4K 4K 78643K 130 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 809 0 0 NDP 22 0K 1K 78643K 240 0 0 temp 244 3563K 4204K 78643K 174104 0 0 kqueue 0 0K 0K 78643K 70 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 72 0 67 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 364 0 361 1 0 1 1 0 8 0 rtentry 112 406 0 370 2 0 2 2 0 8 0 unpcb 120 2163 0 2151 5 4 1 2 0 8 0 syncache 264 27 0 27 10 10 0 1 0 8 0 tcpqe 32 19 0 19 8 8 0 1 0 8 0 tcpcb 544 2034 0 2029 36 35 1 12 0 8 0 inpcb 280 5526 0 5517 49 47 2 13 0 8 1 rttmr 72 4 0 3 3 2 1 1 0 8 0 nd6 48 59 0 57 4 3 1 1 0 8 0 pkpcb 40 53 0 53 10 10 0 1 0 8 0 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 98 0 98 19 18 1 1 0 8 1 pffrag 232 96 0 96 17 17 0 1 0 482 0 pffrnode 88 95 0 95 17 17 0 1 0 8 0 pffrent 40 2806 0 2806 17 17 0 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 325 0 265 1 0 1 1 0 8 0 pfstkey 112 325 0 265 2 0 2 2 0 8 0 pfstate 328 325 0 264 6 0 6 6 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 11 0 10 7 6 1 3 0 8 0 art_heap4 256 1772 0 1573 36 21 15 16 0 8 0 art_table 32 1783 0 1583 4 2 2 3 0 8 0 art_node 16 402 0 369 1 0 1 1 0 8 0 sysvmsgpl 40 66 0 38 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 723 0 713 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 7038 0 5624 46 0 46 46 0 8 0 ffsino 272 7038 0 5624 95 0 95 95 0 8 0 nchpl 144 13388 0 12930 61 40 21 61 0 8 0 uvmvnodes 72 6194 0 0 113 0 113 113 0 8 0 vnodes 208 6194 0 0 326 0 326 326 0 8 0 namei 1024 48879 0 48879 1 0 1 1 0 8 1 percpumem 16 30 0 0 1 0 1 1 0 8 0 vcpupl 1984 27 0 0 4 0 4 4 0 8 0 vmpool 552 46 0 19 4 2 2 2 0 8 0 scsiplug 64 4 0 4 4 3 1 1 0 8 1 scxspl 192 43004 0 43004 34 33 1 7 0 8 1 plimitpl 152 304 0 296 1 0 1 1 0 8 0 sigapl 432 3870 0 3855 3 1 2 3 0 8 0 futexpl 56 88682 0 88681 1 0 1 1 0 8 0 knotepl 112 6129 0 6109 20 18 2 2 0 8 1 kqueuepl 104 7092 0 7088 10 9 1 4 0 8 0 pipepl 112 2566 0 2547 11 10 1 2 0 8 0 fdescpl 488 3871 0 3855 3 0 3 3 0 8 0 filepl 152 41347 0 41239 57 50 7 14 0 8 2 lockfpl 104 1282 0 1281 1 0 1 1 0 8 0 lockfspl 48 436 0 435 1 0 1 1 0 8 0 sessionpl 112 40 0 29 1 0 1 1 0 8 0 pgrppl 48 80 0 69 1 0 1 1 0 8 0 ucredpl 96 3640 0 3630 1 0 1 1 0 8 0 zombiepl 144 3856 0 3856 1 0 1 1 0 8 1 processpl 896 3889 0 3856 4 0 4 4 0 8 0 procpl 632 13371 0 13326 5 0 5 5 0 8 0 srpgc 64 30 0 30 12 12 0 1 0 8 0 sosppl 128 64 0 64 15 15 0 1 0 8 0 sockpl 384 8156 0 8131 65 59 6 22 0 8 2 mcl64k 65536 644 0 0 66 32 34 35 0 8 0 mcl16k 16384 12 0 0 2 0 2 2 0 8 0 mcl12k 12288 41 0 0 2 0 2 2 0 8 0 mcl9k 9216 11 0 0 1 0 1 1 0 8 0 mcl8k 8192 25 0 0 4 1 3 3 0 8 0 mcl4k 4096 20 0 0 3 1 2 3 0 8 0 mcl2k2 2112 13 0 0 1 0 1 1 0 8 0 mcl2k 2048 183 0 0 21 1 20 21 0 8 0 mtagpl 80 53 0 0 2 0 2 2 0 8 0 mbufpl 256 1074 0 0 46 1 45 45 0 8 0 bufpl 256 21617 0 14569 441 0 441 441 0 8 0 anonpl 16 522654 0 505432 226 141 85 96 0 124 4 amapchunkpl 152 31001 0 30871 84 75 9 13 0 158 0 amappl16 192 23843 0 22721 238 181 57 69 0 8 0 amappl15 184 391 0 391 2 2 0 1 0 8 0 amappl14 176 1626 0 1622 1 0 1 1 0 8 0 amappl13 168 24 0 23 3 2 1 1 0 8 0 amappl12 160 293 0 291 6 5 1 1 0 8 0 amappl11 152 296 0 280 1 0 1 1 0 8 0 amappl10 144 362 0 358 1 0 1 1 0 8 0 amappl9 136 1372 0 1364 1 0 1 1 0 8 0 amappl8 128 967 0 926 2 0 2 2 0 8 0 amappl7 120 467 0 459 1 0 1 1 0 8 0 amappl6 112 288 0 273 1 0 1 1 0 8 0 amappl5 104 593 0 577 1 0 1 1 0 8 0 amappl4 96 4032 0 4004 1 0 1 1 0 8 0 amappl3 88 1019 0 1011 1 0 1 1 0 8 0 amappl2 80 29089 0 29013 3 1 2 3 0 8 0 amappl1 72 99165 0 98708 25 15 10 20 0 8 0 amappl 80 14017 0 13955 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 129 0 0 3 0 3 3 0 8 0 uaddrrnd 24 3917 0 3855 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3917 0 3855 1 0 1 1 0 8 0 vmmpekpl 168 36495 0 36451 3 0 3 3 0 8 0 vmmpepl 168 505046 0 502699 428 279 149 151 0 357 37 vmsppl 368 3870 0 3855 2 0 2 2 0 8 0 pdppl 4096 7841 0 7775 9 0 9 9 0 8 0 pvpl 32 1430117 0 1410108 444 243 201 220 0 265 18 pmappl 232 3916 0 3874 7 4 3 3 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 776 0 101 20 0 20 20 0 8 0