uvm_fault(0xfffffd8069b8f760, 0x18ff000008, 0, 1) -> e kernel: page fault trap, code=0 Stopped at witness_checkorder+0x1ec: movl 0x8(%r14),%ebx TID PID UID PRFLAGS PFLAGS CPU COMMAND 312780 67367 32767 0x10 0 1 syz-executor.1 witness_checkorder(fffffd806f33f0e8,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794 mtx_enter(fffffd806f33f0d8) at mtx_enter+0x3e sys/kern/kern_lock.c:265 knote_remove(ffff80002120cd60,fffffd806f33f0d8,fffffd806f33f160,4,0) at knote_remove+0x20d sys/kern/kern_event.c:1881 knote_fdclose(ffff80002120cd60,4) at knote_fdclose+0xae sys/kern/kern_event.c:1934 fdfree(ffff80002120cd60) at fdfree+0xdf sys/kern/kern_descrip.c:1196 exit1(ffff80002120cd60,0,0,1) at exit1+0x3e4 sys/kern/kern_exit.c:206 sys_exit(ffff80002120cd60,ffff80002e441020,ffff80002e441070) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002e4410f0) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002e4410f0) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x73aa5b3d59c0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault(0xfffffd8069b8f760, 0x18ff000008, 0, 1) -> e ddb{0}> trace witness_checkorder(fffffd806f33f0e8,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794 mtx_enter(fffffd806f33f0d8) at mtx_enter+0x3e sys/kern/kern_lock.c:265 knote_remove(ffff80002120cd60,fffffd806f33f0d8,fffffd806f33f160,4,0) at knote_remove+0x20d sys/kern/kern_event.c:1881 knote_fdclose(ffff80002120cd60,4) at knote_fdclose+0xae sys/kern/kern_event.c:1934 fdfree(ffff80002120cd60) at fdfree+0xdf sys/kern/kern_descrip.c:1196 exit1(ffff80002120cd60,0,0,1) at exit1+0x3e4 sys/kern/kern_exit.c:206 sys_exit(ffff80002120cd60,ffff80002e441020,ffff80002e441070) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002e4410f0) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002e4410f0) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x73aa5b3d59c0, count: -9 ddb{0}> show registers rdi 0 rsi 0x20000 acpi_pdirpa+0xbe63 rbp 0xffff80002e440dc0 rbx 0xe rdx 0 rcx 0xffff80002120cd60 rax 0xffffffff82c05ff0 cpu_info_full_primary+0x1ff0 r8 0x1 r9 0 r10 0xce9b0fc4bfb42b9b r11 0x301c3b4969c7bd98 r12 0 r13 0xfffffd806f33f0e8 r14 0x18ff000000 r15 0xffff80002120cd60 rip 0xffffffff81ef9c8c witness_checkorder+0x1ec cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002e440d10 ss 0x10 witness_checkorder+0x1ec: movl 0x8(%r14),%ebx ddb{0}> show proc PROC (syz-executor.2) pid=326249 stat=onproc flags process=1018 proc=2000 pri=0, usrpri=79, nice=20 forw=0xffffffffffffffff, list=0xffff80002120d008,0xffff8000212d0568 process=0xffff80002121ee20 user=0xffff80002e43c000, vmspace=0xfffffd8069b8f760 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 41083 123607 43655 32767 2 0x10 syz-executor.6 41083 159654 43655 32767 3 0x4000090 kqread syz-executor.6 74385 356273 12877 32767 2 0x10 syz-executor.4 40976 168080 69300 32767 2 0x10 syz-executor.7 67367 312780 37033 32767 7 0x10 syz-executor.1 67367 29311 37033 32767 3 0x4000090 fsleep syz-executor.1 10366 96929 20740 32767 2 0x10 syz-executor.0 10366 62322 20740 32767 2 0x4000010 syz-executor.0 79153 169671 77955 32767 2 0x10 syz-executor.5 79153 188204 77955 32767 3 0x4000090 fsleep syz-executor.5 79153 342732 77955 32767 3 0x4000090 fsleep syz-executor.5 20740 376076 21627 32767 2 0x490 syz-executor.0 21627 285214 37063 0 3 0x82 wait syz-executor.0 3327 142445 40353 32767 2 0x490 syz-executor.2 40353 296472 37063 0 3 0x82 wait syz-executor.2 31802 391472 30738 32767 2 0x10 syz-executor.3 30738 477558 37063 0 3 0x82 wait syz-executor.3 43655 108429 9436 32767 2 0x490 syz-executor.6 9436 363301 37063 0 3 0x82 wait syz-executor.6 12877 369210 42266 32767 2 0x10 syz-executor.4 42266 392507 37063 0 3 0x82 wait syz-executor.4 37033 190743 88239 32767 2 0x490 syz-executor.1 88239 55972 37063 0 3 0x82 wait syz-executor.1 20876 388246 0 0 3 0x14200 bored sosplice 69300 264516 87897 32767 2 0x10 syz-executor.7 77955 407049 76213 32767 2 0x490 syz-executor.5 87897 113200 37063 0 3 0x82 wait syz-executor.7 76213 205640 37063 0 3 0x82 wait syz-executor.5 37063 164958 51720 0 3 0x2000082 wait syz-fuzzer 37063 189015 51720 0 2 0x6000482 syz-fuzzer 37063 443171 51720 0 3 0x6000082 thrsleep syz-fuzzer 37063 491038 51720 0 3 0x6000082 wait syz-fuzzer 37063 332348 51720 0 3 0x6000082 wait syz-fuzzer 37063 247630 51720 0 3 0x6000082 thrsleep syz-fuzzer 37063 142638 51720 0 2 0x6000002 syz-fuzzer 37063 402575 51720 0 3 0x6000082 thrsleep syz-fuzzer 37063 120712 51720 0 3 0x6000082 wait syz-fuzzer 37063 8124 51720 0 3 0x6000082 thrsleep syz-fuzzer 37063 189894 51720 0 3 0x6000082 wait syz-fuzzer 37063 115311 51720 0 3 0x6000082 wait syz-fuzzer 37063 439055 51720 0 3 0x6000082 wait syz-fuzzer 37063 208394 51720 0 3 0x6000082 kqread syz-fuzzer 37063 439243 51720 0 3 0x6000082 thrsleep syz-fuzzer 37063 274258 51720 0 3 0x6000082 wait syz-fuzzer 51720 58976 97816 0 3 0x10008a sigsusp ksh 97816 431283 55367 0 3 0x9a kqread sshd 61111 502962 1 0 3 0x100083 ttyin getty 55367 847 1 0 3 0x88 kqread sshd 8862 79549 6583 73 3 0x1100090 kqread syslogd 6583 159851 1 0 3 0x100082 netio syslogd 79349 233350 1 0 3 0x100080 kqread resolvd 89553 72612 42160 77 3 0x100092 kqread dhcpleased 39465 509449 42160 77 3 0x100092 kqread dhcpleased 42160 216825 1 0 3 0x80 kqread dhcpleased 19784 378689 0 0 3 0x14200 bored smr 19204 361162 0 0 2 0x14200 zerothread 88616 378808 0 0 3 0x14200 aiodoned aiodoned 51301 173531 0 0 3 0x14200 syncer update 83284 365312 0 0 3 0x14200 cleaner cleaner 61378 290334 0 0 2 0x14200 reaper 67968 226657 0 0 3 0x14200 pgdaemon pagedaemon 34492 6896 0 0 3 0x14200 bored viomb 78025 266242 0 0 3 0x40014200 acpi0 acpi0 42314 78373 0 0 3 0x40014200 idle1 24323 64487 0 0 3 0x14200 bored softnet3 61760 258533 0 0 3 0x14200 bored softnet2 29996 13514 0 0 3 0x14200 bored softnet1 90507 288599 0 0 3 0x14200 bored softnet0 39056 445564 0 0 3 0x14200 bored systqmp 44899 24175 0 0 3 0x14200 bored systq 45442 19305 0 0 2 0x40014200 softclock 19942 226381 0 0 3 0x40014200 idle0 1 195154 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10191 6409K 6420K 78643K 11317 0 pcb 13 12K 14K 78643K 17 0 rtable 240 6K 7K 78643K 1089 0 pf 29 8K 8K 78643K 61 0 ifaddr 44 15K 15K 78643K 112 0 ifgroup 50 2K 2K 78643K 114 0 sysctl 2 0K 0K 78643K 2 0 counters 60 35K 35K 78643K 92 0 ioctlops 0 0K 2K 78643K 169 0 iov 0 0K 16K 78643K 745 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1279 80K 80K 78643K 2407 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 126 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 1473 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 25 93K 113K 78643K 8895 0 sigio 0 0K 0K 78643K 166 0 proc 56 78K 115K 78643K 1370 0 subproc 104 6K 6K 78643K 312 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 357 0 in_multi 99 7K 7K 78643K 349 0 ether_multi 1 0K 0K 78643K 9 0 mrt 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 85 387K 387K 78643K 85 0 exec 0 0K 1K 78643K 1467 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 410 88K 102K 78643K 88598 0 UVM aobj 131 4K 4K 78643K 164 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 243 0 NDP 11 0K 2K 78643K 75 0 temp 74 5920K 6000K 78643K 28826 0 kqueue 13 20K 34K 78643K 1246 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 1756 0 1753 16 15 1 3 0 8 0 rtentry 112 305 0 192 4 0 4 4 0 8 0 unpcb 144 10276 0 10263 91 87 4 11 0 8 3 syncache 304 127 0 127 21 20 1 1 0 8 1 tcpqe 32 237 0 237 18 17 1 1 0 8 1 tcpcb 808 10976 0 10959 160 151 9 15 0 8 6 arp 120 51 0 33 1 0 1 1 0 8 0 ipq 40 12 0 11 6 5 1 1 0 8 0 ipqe 40 138 0 137 6 5 1 1 0 8 0 inpcb 368 19037 0 19016 181 172 9 17 0 8 6 nd6 136 89 0 62 3 1 2 2 0 8 0 kcovpl 48 24 0 16 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1235 0 760 34 4 30 30 0 8 0 art_table 32 1236 0 760 4 0 4 4 0 8 0 art_node 16 304 0 201 1 0 1 1 0 8 0 sysvmsgpl 40 1 0 0 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 1469 0 1459 1 0 1 1 0 8 0 shmpl 112 161 0 33 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 12460 0 11009 91 0 91 91 0 8 0 ffsino 272 12460 0 11009 98 0 98 98 0 8 0 nchpl 144 24553 0 22911 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 82701 0 82701 3 2 1 2 0 8 1 percpumem 16 59 0 16 1 0 1 1 0 8 0 kstatmem 264 54 0 32 2 0 2 2 0 8 0 scxspl 216 80615 0 80615 27 24 3 8 1 8 3 plimitpl 152 962 0 939 15 13 2 2 0 8 1 sigapl 424 9159 0 9105 7 0 7 7 0 8 0 futexpl 64 87350 0 87347 3 2 1 1 0 8 0 knotepl 120 715 0 0 13 2 11 11 0 8 0 kqueuepl 216 3658 0 3649 28 27 1 5 0 8 0 pipepl 320 1724 0 1696 47 44 3 8 0 8 0 fdescpl 496 9141 0 9105 7 1 6 6 0 8 0 filepl 152 72057 0 71819 135 121 14 20 0 8 4 lockfpl 104 1450 0 1448 3 2 1 2 0 8 0 lockfspl 48 282 0 280 1 0 1 1 0 8 0 sessionpl 144 39 0 23 1 0 1 1 0 8 0 pgrppl 48 143 0 127 1 0 1 1 0 8 0 ucredpl 104 5931 0 5913 1 0 1 1 0 8 0 zombiepl 144 9106 0 9105 1 0 1 1 0 8 0 processpl 1072 9159 0 9105 4 0 4 4 0 8 0 procpl 680 24678 0 24603 8 0 8 8 0 8 0 srpgc 96 1 0 1 1 1 0 1 0 8 0 sosppl 168 115 0 115 14 14 0 1 0 8 0 sockpl 488 31338 0 31301 630 615 15 37 0 8 8 mcl64k 65536 17 0 0 3 0 3 3 0 8 0 mcl16k 16384 25 0 0 4 1 3 3 0 8 0 mcl12k 12288 24 0 0 2 0 2 2 0 8 0 mcl9k 9216 13 0 0 1 0 1 1 0 8 0 mcl8k 8192 33 0 0 4 1 3 3 0 8 0 mcl4k 4096 73 0 0 5 1 4 5 0 8 0 mcl2k2 2112 14 0 0 1 0 1 1 0 8 0 mcl2k 2048 407 0 0 36 15 21 36 0 8 2 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 1269 0 0 57 0 57 57 0 8 0 bufpl 288 16749 0 10421 453 0 453 453 0 8 0 anonpl 24 1011573 0 999877 188 96 92 109 0 186 0 amapchunkpl 152 279272 0 278417 86 50 36 46 0 158 0 amappl16 200 22994 0 22641 111 92 19 38 0 8 0 amappl15 192 19 0 18 1 0 1 1 0 8 0 amappl14 184 206 0 191 2 1 1 2 0 8 0 amappl13 176 22 0 22 4 4 0 1 0 8 0 amappl12 168 10011 0 9977 2 0 2 2 0 8 0 amappl11 160 54 0 43 1 0 1 1 0 8 0 amappl10 152 63 0 46 1 0 1 1 0 8 0 amappl9 144 265 0 263 1 0 1 1 0 8 0 amappl8 136 627 0 489 5 0 5 5 0 8 0 amappl7 128 111 0 95 2 0 2 2 0 8 0 amappl6 120 416 0 392 2 1 1 2 0 8 0 amappl5 112 407 0 398 1 0 1 1 0 8 0 amappl4 104 855 0 811 3 1 2 3 0 8 0 amappl3 96 55158 0 55064 4 1 3 4 0 8 0 amappl2 88 9822 0 9744 3 1 2 3 0 8 0 amappl1 80 41141 0 40612 22 9 13 22 0 8 0 amappl 88 87665 0 87419 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 163 0 33 3 0 3 3 0 8 0 uaddrrnd 24 9141 0 9105 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 9141 0 9105 1 0 1 1 0 8 0 vmmpekpl 168 69206 0 69144 4 0 4 4 0 8 0 vmmpepl 168 545334 0 542787 263 149 114 138 0 357 1 vmsppl 464 9140 0 9105 7 2 5 6 0 8 0 rwobjpl 56 144114 0 136605 119 11 108 110 0 8 0 pdppl 4096 18290 0 18210 394 312 82 90 0 8 2 pvpl 32 2743149 0 2725002 536 365 171 362 0 265 0 pmappl 248 9140 0 9105 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1538 0 661 26 0 26 26 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace witness_checkorder(fffffd806f33f0e8,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794 mtx_enter(fffffd806f33f0d8) at mtx_enter+0x3e sys/kern/kern_lock.c:265 knote_remove(ffff80002120cd60,fffffd806f33f0d8,fffffd806f33f160,4,0) at knote_remove+0x20d sys/kern/kern_event.c:1881 knote_fdclose(ffff80002120cd60,4) at knote_fdclose+0xae sys/kern/kern_event.c:1934 fdfree(ffff80002120cd60) at fdfree+0xdf sys/kern/kern_descrip.c:1196 exit1(ffff80002120cd60,0,0,1) at exit1+0x3e4 sys/kern/kern_exit.c:206 sys_exit(ffff80002120cd60,ffff80002e441020,ffff80002e441070) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002e4410f0) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002e4410f0) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x73aa5b3d59c0, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x30 kd_curproc sys/dev/kcov.c:590 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x30 sys/dev/kcov.c:158 __mp_lock(ffffffff82ca0020) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82ca0020) at __mp_lock+0x133 sys/kern/kern_lock.c:147 uvm_fault(fffffd806ba4d1e8,b8f59c2f000,0,1) at uvm_fault+0x181 sys/uvm/uvm_fault.c:622 upageflttrap(ffff800022d11ad0,b8f59c2f000) at upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188 usertrap(ffff800022d11ad0) at usertrap+0x226 sys/arch/amd64/amd64/trap.c:436 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x71edae39f290, count: 6 ddb{1}> trace x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x30 kd_curproc sys/dev/kcov.c:590 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x30 sys/dev/kcov.c:158 __mp_lock(ffffffff82ca0020) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82ca0020) at __mp_lock+0x133 sys/kern/kern_lock.c:147 uvm_fault(fffffd806ba4d1e8,b8f59c2f000,0,1) at uvm_fault+0x181 sys/uvm/uvm_fault.c:622 upageflttrap(ffff800022d11ad0,b8f59c2f000) at upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188 usertrap(ffff800022d11ad0) at usertrap+0x226 sys/arch/amd64/amd64/trap.c:436 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x71edae39f290, count: -9