uvm_fault(0xfffffd806bb0b020, 0x48, 0, 1) -> e kernel: page fault trap, code=0 Stopped at witness_checkorder+0xa9: movl 0x20(%r14),%r15d TID PID UID PRFLAGS PFLAGS CPU COMMAND 359158 66529 0 0x2 0x1 0 syz-executor witness_checkorder(28,9,0) at witness_checkorder+0xa9 sys/kern/subr_witness.c:779 mtx_enter(18) at mtx_enter+0x4a sys/kern/kern_lock.c:257 clockintr_unbind(ffff8000014a7630,1) at clockintr_unbind+0x56 sys/kern/kern_clockintr.c:375 dt_ioctl_record_stop(ffff800001483000) at dt_ioctl_record_stop+0xbc sys/dev/dt/dt_dev.c:576 dtclose(21e5f,81,2000,ffff80003c4454b8) at dtclose+0x105 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(21e5f,81,2000,ffff80003c4454b8) at dtclose+0x105 sys/dev/dt/dt_dev.c:232 spec_close(ffff80003c412010) at spec_close+0x45f sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd806c1a5a78,81,fffffd80097fb618,ffff80003c4454b8) at VOP_CLOSE+0x133 sys/kern/vfs_vops.c:156 vn_closefile(fffffd806b446a80,ffff80003c4454b8) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd806b446a80,ffff80003c4454b8) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd806b446a80,ffff80003c4454b8) at fdrop+0x126 sys/kern/kern_descrip.c:1267 closef(fffffd806b446a80,ffff80003c4454b8) at closef+0x192 sys/kern/kern_descrip.c:1251 fdfree(ffff80003c4454b8) at fdfree+0x116 sys/kern/kern_descrip.c:1182 exit1(ffff80003c4454b8,0,0,1) at exit1+0x59c sys/kern/kern_exit.c:215 sys_exit(ffff80003c4454b8,ffff80003c412380,ffff80003c4122d0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80003c412380) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c412380) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579 end trace frame: 0xffff80003c412400, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault(0xfffffd806bb0b020, 0x48, 0, 1) -> e ddb{1}> trace witness_checkorder(28,9,0) at witness_checkorder+0xa9 sys/kern/subr_witness.c:779 mtx_enter(18) at mtx_enter+0x4a sys/kern/kern_lock.c:257 clockintr_unbind(ffff8000014a7630,1) at clockintr_unbind+0x56 sys/kern/kern_clockintr.c:375 dt_ioctl_record_stop(ffff800001483000) at dt_ioctl_record_stop+0xbc sys/dev/dt/dt_dev.c:576 dtclose(21e5f,81,2000,ffff80003c4454b8) at dtclose+0x105 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline] dtclose(21e5f,81,2000,ffff80003c4454b8) at dtclose+0x105 sys/dev/dt/dt_dev.c:232 spec_close(ffff80003c412010) at spec_close+0x45f sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffffd806c1a5a78,81,fffffd80097fb618,ffff80003c4454b8) at VOP_CLOSE+0x133 sys/kern/vfs_vops.c:156 vn_closefile(fffffd806b446a80,ffff80003c4454b8) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline] vn_closefile(fffffd806b446a80,ffff80003c4454b8) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615 fdrop(fffffd806b446a80,ffff80003c4454b8) at fdrop+0x126 sys/kern/kern_descrip.c:1267 closef(fffffd806b446a80,ffff80003c4454b8) at closef+0x192 sys/kern/kern_descrip.c:1251 fdfree(ffff80003c4454b8) at fdfree+0x116 sys/kern/kern_descrip.c:1182 exit1(ffff80003c4454b8,0,0,1) at exit1+0x59c sys/kern/kern_exit.c:215 sys_exit(ffff80003c4454b8,ffff80003c412380,ffff80003c4122d0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80003c412380) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c412380) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7063e775d3f0, count: -15 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80003c411e70 rbx 0 rdx 0 rcx 0xffff80003c4454b8 rax 0xffff8000299ddff0 r8 0xffffffffffffffff r9 0x1 r10 0x69f577f41c5465f4 r11 0x68899175a8a7302e r12 0 r13 0x1 r14 0x28 r15 0x3 rip 0xffffffff829580d9 witness_checkorder+0xa9 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c411dc0 ss 0x10 witness_checkorder+0xa9: movl 0x20(%r14),%r15d ddb{1}> show proc PROC (syz-executor) tid=154698 pid=30527 tcnt=0 stat=onproc flags process=1008 proc=2000 runpri=32, usrpri=79, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80003c4454b8 scnt=-1 ecnt=1 forw=0xffffffffffffffff, list=0xffff80003c444d08,0xffffffff838f0a80 process=0xffff8000fffe1860 user=0xffff80003c40d000, vmspace=0xfffffd806bb0b020 estcpu=29, cpticks=1, pctcpu=0.1, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 64487 33529 52635 -1 3 0x90 nanoslp syz-executor 64487 364062 52635 -1 3 0x4000090 pipewr syz-executor 64487 510231 52635 -1 3 0x4000090 fsleep syz-executor 64487 310269 52635 -1 3 0x4000090 fsleep syz-executor 19016 460311 0 0 3 0x14280 nfsidl nfsio 99724 427485 0 0 3 0x14280 nfsidl nfsio 81220 384519 0 0 3 0x14280 nfsidl nfsio 63816 124479 0 0 3 0x14280 nfsidl nfsio 25606 235298 0 0 3 0x14280 nfsidl nfsio 2165 277992 0 0 3 0x14280 nfsidl nfsio 52054 214371 0 0 3 0x14280 nfsidl nfsio 31090 235607 0 0 3 0x14280 nfsidl nfsio 95667 467250 0 0 3 0x14280 nfsidl nfsio 8895 455543 0 0 3 0x14280 nfsidl nfsio 95211 436324 0 0 3 0x14280 nfsidl nfsio 57230 437820 0 0 3 0x14280 nfsidl nfsio 57148 349584 0 0 3 0x14280 nfsidl nfsio 49503 339039 0 0 3 0x14280 nfsidl nfsio 93831 482876 0 0 3 0x14280 nfsidl nfsio 18784 190169 0 0 3 0x14280 nfsidl nfsio 84887 477901 0 0 3 0x14280 nfsidl nfsio 55770 437031 0 0 3 0x14280 nfsidl nfsio 70628 97543 0 0 3 0x14280 nfsidl nfsio 52471 252308 0 0 3 0x14280 nfsidl nfsio 76576 173661 27739 0 3 0x80 nanoslp syz-executor 76576 248197 27739 0 3 0x4000080 kqread syz-executor 76576 286354 27739 0 3 0x4000080 fsleep syz-executor 47257 288296 51430 0 3 0x80 nanoslp syz-executor 47257 428 51430 0 3 0x4000080 pipewr syz-executor 47257 460299 51430 0 3 0x4000080 fsleep syz-executor 922 54846 33045 0 3 0x80 nanoslp syz-executor 922 380853 33045 0 3 0x4000080 fsleep syz-executor 922 469625 33045 0 3 0x4000080 pipewr syz-executor 922 365418 33045 0 3 0x4000080 fsleep syz-executor 87419 93007 0 0 3 0x14200 acct acct 19296 227140 0 0 3 0x14200 bored sosplice 43063 372318 32743 0 3 0x100082 sbwait ndp 32743 184187 42290 0 3 0x10008a sigsusp sh 64387 380493 66529 0 3 0x82 nanoslp syz-executor 51430 338821 66529 0 3 0x82 nanoslp syz-executor 52635 199742 66529 0 3 0x82 nanoslp syz-executor 33045 233055 66529 0 3 0x82 nanoslp syz-executor 32581 299963 66529 0 3 0x2 biowait syz-executor 27739 208109 66529 0 3 0x82 nanoslp syz-executor 70595 56509 66529 0 3 0x82 nanoslp syz-executor 42290 219974 66529 0 3 0x82 wait syz-executor 66529 359158 73413 0 7 0x3 syz-executor 73413 521177 35532 0 3 0x10008a sigsusp ksh 35532 195851 18662 0 3 0x98 kqread sshd-session 18662 326714 8185 0 3 0x92 kqread sshd-session 3702 353468 1 0 3 0x100083 ttyin getty 8185 271899 1 0 3 0x88 kqread sshd 59689 253735 7550 74 3 0x1100092 bpf pflogd 7550 297121 1 0 3 0x80 sbwait pflogd 80450 50806 69246 73 3 0x1100090 kqread syslogd 69246 75100 1 0 3 0x100082 sbwait syslogd 98520 153067 1 0 3 0x100080 kqread resolvd 52397 46975 69480 77 3 0x100092 kqread dhcpleased 18891 472405 69480 77 3 0x100092 kqread dhcpleased 69480 514115 1 0 3 0x80 kqread dhcpleased 87544 69206 0 0 3 0x14200 bored smr 53070 138057 0 0 2 0x14200 zerothread 23719 169966 0 0 3 0x14200 aiodoned aiodoned 58921 146828 0 0 3 0x14200 syncer update 6629 480546 0 0 3 0x14200 cleaner cleaner 38422 468629 0 0 3 0x14200 reaper reaper 9771 296223 0 0 3 0x14200 pgdaemon pagedaemon 23495 387725 0 0 3 0x14200 bored viomb 3977 289971 0 0 3 0x40014200 acpi0 acpi0 76704 427095 0 0 3 0x40014200 idle1 30727 476299 0 0 3 0x14200 bored softnet3 73084 287256 0 0 3 0x14200 bored softnet2 68700 318376 0 0 3 0x14200 bored softnet1 75578 141713 0 0 3 0x14200 bored softnet0 219 486891 0 0 3 0x14200 bored systqmp 60652 68332 0 0 3 0x14200 bored systq 43837 383003 0 0 3 0x14200 tmoslp softclockmp 48729 136650 0 0 3 0x40014200 tmoslp softclock 44252 257254 0 0 3 0x40014200 idle0 1 198664 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 32581 (syz-executor) thread 0xffff80002a2a59b8 (299963) exclusive rrwlock inode r = 0 (0xfffffd806e9d48a8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x377 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:605 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vget+0x2bd sys/kern/vfs_subr.c:693 #6 ufs_ihashget+0x185 sys/ufs/ufs/ufs_ihash.c:98 #7 ffs_vget+0x8c sys/ufs/ffs/ffs_vfsops.c:1203 #8 ufs_lookup+0x19f8 sys/ufs/ufs/ufs_lookup.c:478 #9 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 #10 vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 #11 namei+0x7aa sys/kern/vfs_lookup.c:250 #12 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1864 #13 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] #13 syscall+0xb08 sys/arch/amd64/amd64/trap.c:579 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806c4e49d8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x377 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:605 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vfs_lookup+0x109 sys/kern/vfs_lookup.c:418 #6 namei+0x7aa sys/kern/vfs_lookup.c:250 #7 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1864 #8 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xb08 sys/arch/amd64/amd64/trap.c:579 #9 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10217 11132K 11544K 166960K 11628 0 pcb 19 14K 16K 166960K 116 0 rtable 218 7K 8K 166960K 378 0 pf 35 17K 22K 166960K 68 0 ifaddr 39 6K 7K 166960K 52 0 ifgroup 51 2K 2K 166960K 67 0 sysctl 1 1K 9K 166960K 5 0 counters 66 36K 37K 166960K 86 0 ioctlops 0 0K 4K 166960K 1509 0 iov 0 0K 12K 166960K 5 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1382 87K 87K 166960K 1605 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 5 0 VM map 2 1K 1K 166960K 2 0 sem 6 0K 0K 166960K 6 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 97K 166960K 259 0 sigio 0 0K 0K 166960K 4 0 proc 72 91K 140K 166960K 540 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 21 0 in_multi 88 6K 7K 166960K 102 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 79 360K 360K 166960K 79 0 exec 0 0K 1K 166960K 373 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 252 174K 179K 166960K 4063 0 UVM aobj 6 2K 2K 166960K 6 0 pinsyscall 44 88K 105K 166960K 1337 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 15 0 NDP 11 0K 2K 166960K 33 0 temp 45 8683K 8755K 166960K 12099 0 kqueue 15 24K 28K 166960K 56 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 44 0 40 1 0 1 1 0 8 0 rtentry 176 114 0 16 5 0 5 5 0 8 0 unpcb 144 93 0 69 1 0 1 1 0 8 0 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 736 35 0 28 1 0 1 1 0 8 0 arp 128 19 0 3 1 0 1 1 0 8 0 inpcb 328 257 0 210 7 0 7 7 0 8 3 nd6 144 23 0 3 1 0 1 1 0 8 0 pkpcb 40 1 0 1 1 0 1 1 0 8 1 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1192 8 0 8 1 0 1 1 0 8 1 pfstscr 40 1 0 1 1 0 1 1 0 8 1 pffrent 40 1 0 1 1 0 1 1 0 8 1 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 3 0 3 1 0 1 1 0 8 1 pfanchor 1288 1 0 1 1 0 1 1 0 8 1 pfstitem 24 29 0 0 1 0 1 1 0 8 0 pfstkey 128 30 0 1 1 0 1 1 0 8 0 pfstate 384 29 0 1 3 0 3 3 0 8 0 pfrule 1344 22 0 17 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 453 0 46 29 0 29 29 0 8 0 art_table 32 454 0 46 4 0 4 4 0 8 0 art_node 16 112 0 23 1 0 1 1 0 8 0 sysvmsgpl 40 3 0 2 1 0 1 1 0 8 0 semapl 112 4 0 0 1 0 1 1 0 8 0 shmpl 112 3 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1841 0 328 95 0 95 95 0 8 0 ffsino 288 1841 0 328 109 0 109 109 0 8 0 nchpl 144 2191 0 501 63 0 63 63 0 8 0 rtmask 32 1 0 1 1 0 1 1 0 8 1 uvmvnodes 80 2090 0 0 43 0 43 43 0 8 0 vnodes 216 2090 0 0 117 0 117 117 0 8 0 namei 1024 6935 0 6935 2 0 2 2 0 8 2 percpumem 16 58 0 10 1 0 1 1 0 8 0 pfiaddrpl 120 1 0 1 1 0 1 1 0 8 1 kstatmem 264 36 0 12 3 0 3 3 0 8 1 scxspl 216 7378 0 7376 10 2 8 8 1 8 7 plimitpl 152 40 0 22 1 0 1 1 0 8 0 sigapl 424 579 0 507 9 0 9 9 0 8 0 knotepl 120 553 0 0 17 0 17 17 0 8 0 kqueuepl 224 65 0 54 2 0 2 2 0 8 1 pipepl 336 117 0 87 3 0 3 3 0 8 0 fdescpl 520 539 0 507 3 0 3 3 0 8 0 filepl 160 2549 0 2146 17 0 17 17 0 8 0 lockfpl 104 122 0 119 1 0 1 1 0 8 0 lockfspl 48 60 0 57 1 0 1 1 0 8 0 sessionpl 144 22 0 13 1 0 1 1 0 8 0 pgrppl 48 30 0 13 1 0 1 1 0 8 0 ucredpl 104 289 0 274 1 0 1 1 0 8 0 zombiepl 144 509 0 507 1 0 1 1 0 8 0 processpl 1240 579 0 507 6 0 6 6 0 8 0 procpl 656 795 0 713 8 0 8 8 0 8 0 srpgc 96 2 0 2 1 0 1 1 0 8 1 sockpl 728 395 0 320 9 0 9 9 0 8 2 mcl64k 65536 4 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 1 0 0 1 0 1 1 0 8 0 mcl4k 4096 125 0 0 16 0 16 16 0 8 0 mcl2k 2048 29 0 0 4 0 4 4 0 8 0 mtagpl 96 5 0 0 1 0 1 1 0 8 0 mbufpl 256 216 0 0 14 0 14 14 0 8 0 bufpl 280 2607 0 124 178 0 178 178 0 8 0 anonpl 32 5489 0 0 45 0 45 45 0 246 0 amapchunkpl 152 11826 0 11333 24 0 24 24 0 158 2 amappl16 200 1695 0 1657 5 0 5 5 0 8 2 amappl15 192 6 0 6 1 1 0 1 0 8 0 amappl14 184 112 0 99 1 0 1 1 0 8 0 amappl13 176 4 0 4 1 1 0 1 0 8 0 amappl12 168 1210 0 1177 4 1 3 3 0 8 0 amappl11 160 49 0 35 1 0 1 1 0 8 0 amappl10 152 31 0 31 1 1 0 1 0 8 0 amappl9 144 256 0 256 1 1 0 1 0 8 0 amappl8 136 21 0 18 1 0 1 1 0 8 0 amappl7 128 103 0 90 1 0 1 1 0 8 0 amappl6 120 176 0 172 1 0 1 1 0 8 0 amappl5 112 121 0 111 1 0 1 1 0 8 0 amappl4 104 315 0 294 1 0 1 1 0 8 0 amappl3 96 2075 0 1967 5 1 4 4 0 8 0 amappl2 88 627 0 562 2 0 2 2 0 8 0 amappl1 80 8639 0 8017 15 0 15 15 0 8 0 amappl 88 3374 0 3203 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 5 0 0 1 0 1 1 0 8 0 uaddrrnd 24 539 0 507 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 539 0 507 1 0 1 1 0 8 0 vmmpekpl 168 6068 0 6022 3 0 3 3 0 8 0 vmmpepl 168 40113 0 38104 93 0 93 93 0 357 3 vmsppl 480 538 0 507 5 0 5 5 0 8 0 rwobjpl 72 15497 0 12426 56 0 56 56 0 8 0 pdppl 4096 1085 0 1014 99 26 73 87 0 8 2 pvpl 32 12342 0 0 100 0 100 100 0 265 0 pmappl 256 538 0 507 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 386 0 29 11 0 11 11 0 8 0 ddb{1}> machine ddbcpu 0