kernel: protection fault trap, code=0
Stopped at witness_checkorder+0xb5: movl 0x20(%r14),%r15d
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
witness_checkorder(deafbeaddeafbfc5,9,0) at witness_checkorder+0xb5 sys/kern/subr_witness.c:779
mtx_enter(deafbeaddeafbfb5) at mtx_enter+0x95 sys/kern/kern_lock.c:406
prsignal(deafbeaddeafbead,14) at prsignal+0x36 sys/kern/kern_sig.c:904
reaper(ffff8000ffffdc90) at reaper+0x2ec sys/kern/kern_exit.c:516
end trace frame: 0x0, count: -4
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80002a204d70
rbx 0
rdx 0
rcx 0xffff8000ffffdc90
rax 0xffffffff83922ffe cpu_info_full_primary+0x1ffe
r8 0x7f7fffffc000
r9 0
r10 0xf292c5782b718876
r11 0x7dbfba7fbde9376f
r12 0xdeafbeaddeafbffe
r13 0x9
r14 0xdeafbeaddeafbfc5
r15 0
rip 0xffffffff813866e5 witness_checkorder+0xb5
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002a204cd0
ss 0x10
witness_checkorder+0xb5: movl 0x20(%r14),%r15d
ddb{0}> show proc
PROC (reaper) tid=283301 pid=60916 tcnt=1 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000fffff9f0,0xffff8000ffffd770
process=0xffff8000ffffb9c0 user=0xffff80002a1ff000, vmspace=0xffffffff839c81e0
estcpu=0, cpticks=17, pctcpu=0.0, user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
68980 421760 57746 32767 4 0x82010 syz-executor
68980 463387 57746 32767 2 0x4002010 syz-executor
68980 220950 57746 32767 4 0x4082010 syz-executor
10945 347883 56649 32767 2 0x10 syz-executor
10945 318521 56649 32767 3 0x4000090 fsleep syz-executor
51097 397587 48078 32767 2 0x10 syz-executor
51097 267195 48078 32767 7 0x4000010 syz-executor
51097 14659 48078 32767 3 0x4000090 fsleep syz-executor
52698 203788 57408 32767 2 0x10 syz-executor
52698 257617 57408 32767 3 0x4000090 fsleep syz-executor
57408 201689 15595 32767 3 0x90 nanoslp syz-executor
57746 408141 7671 32767 3 0x90 nanoslp syz-executor
36083 120309 33397 32767 3 0x90 nanoslp syz-executor
56649 338821 51559 32767 3 0x90 nanoslp syz-executor
8600 60533 58172 32767 3 0x90 nanoslp syz-executor
54681 221898 53908 32767 2 0x10 syz-executor
48078 467093 43313 32767 3 0x90 nanoslp syz-executor
15595 484714 1 0 3 0x82 wait syz-executor
33397 414218 1 0 3 0x82 wait syz-executor
7671 379765 1 0 3 0x82 wait syz-executor
51559 91110 1 0 3 0x82 wait syz-executor
58172 508306 1 0 3 0x82 wait syz-executor
53908 347240 1 0 3 0x82 wait syz-executor
43313 222933 1 0 3 0x82 wait syz-executor
62387 121002 69237 0 3 0x10008a sigsusp ksh
69237 357826 26235 0 3 0x98 kqread sshd-session
26235 68829 16464 0 3 0x92 kqread sshd-session
62682 218414 1 0 3 0x100083 ttyin getty
16464 109931 1 0 3 0x88 kqread sshd
13358 374856 93123 73 3 0x1100090 kqread syslogd
93123 413386 1 0 3 0x100082 sbwait syslogd
13279 267629 1 0 3 0x100080 kqread resolvd
97671 85998 85549 77 3 0x100092 kqread dhcpleased
61524 357119 85549 77 3 0x100092 kqread dhcpleased
85549 362525 1 0 3 0x80 kqread dhcpleased
7719 395011 0 0 3 0x14200 bored smr
87593 481722 0 0 2 0x14200 zerothread
10897 34901 0 0 3 0x14200 aiodoned aiodoned
66588 87184 0 0 3 0x14200 syncer update
43161 81066 0 0 3 0x14200 cleaner cleaner
*60916 283301 0 0 7 0x14200 reaper
21254 499680 0 0 3 0x14200 pgdaemon pagedaemon
9780 307432 0 0 3 0x14200 bored viomb
78368 271718 0 0 3 0x40014200 acpi0 acpi0
63319 348144 0 0 3 0x40014200 idle1
32612 446200 0 0 3 0x14200 bored softnet1
3641 407915 0 0 2 0x14200 softnet0
20057 276096 0 0 3 0x14200 bored systqmp
77381 282355 0 0 3 0x14200 bored systq
6461 295887 0 0 3 0x14200 tmoslp softclockmp
73458 333096 0 0 3 0x40014200 tmoslp softclock
32781 53136 0 0 3 0x40014200 idle0
1 391608 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 51097 (syz-executor) thread 0xffff8000fffe74e0 (267195)
shared rwlock vmmaplk r = 0 (0xfffffd806c82be80)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_read+0x3e8 sys/kern/kern_rwlock.c:413
#2 uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1880
Process 60916 (reaper) thread 0xffff8000ffffdc90 (283301)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff839cac80)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1
#2 sleep_finish+0x2d8 sys/kern/kern_synch.c:369
#3 rw_do_enter_write+0x1dc sys/kern/kern_rwlock.c:298
#4 knote_processexit+0x2b sys/kern/kern_event.c:2217
#5 reaper+0x26d sys/kern/kern_exit.c:513
#6 proc_trampoline+0x10
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11050 12016K 12034K 166960K 12144 0
pcb 17 12K 12K 166960K 17 0
rtable 215 6K 7K 166960K 486 0
pf 29 16K 16K 166960K 31 0
ifaddr 38 6K 7K 166960K 44 0
ifgroup 46 2K 2K 166960K 50 0
sysctl 3 1K 9K 166960K 8 0
counters 68 36K 37K 166960K 70 0
ioctlops 0 0K 2K 166960K 103 0
iov 0 0K 16K 166960K 160 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1288 81K 81K 166960K 1562 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 12 0
VM map 2 1K 1K 166960K 2 0
sem 12 1K 1K 166960K 30 0
dirhash 12 2K 2K 166960K 18 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 19 72K 129K 166960K 500 0
sigio 0 0K 0K 166960K 8 0
proc 58 99K 163K 166960K 535 0
subproc 63 3K 4K 166960K 261 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 207 0
in_multi 88 6K 7K 166960K 114 0
ether_multi 1 0K 0K 166960K 2 0
mrt 1 0K 0K 166960K 17 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 61 281K 281K 166960K 61 0
exec 0 0K 1K 166960K 411 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 209 143K 177K 166960K 5940 0
UVM aobj 24 2K 2K 166960K 24 0
pinsyscall 40 80K 113K 166960K 1584 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 36 0
NDP 10 0K 2K 166960K 27 0
temp 40 9072K 9136K 166960K 5439 0
kqueue 14 20K 24K 166960K 67 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 49 0 46 1 0 1 1 0 8 0
rtentry 176 113 0 14 6 1 5 6 0 8 0
unpcb 144 481 0 466 4 3 1 4 0 8 0
syncache 336 14 0 14 1 0 1 1 0 8 1
tcpcb 736 235 0 230 7 6 1 7 0 8 0
arp 136 18 0 2 1 0 1 1 0 8 0
ipq 40 2 0 0 1 0 1 1 0 8 0
ipqe 40 68 0 64 1 0 1 1 0 8 0
inpcb 328 491 0 483 10 3 7 7 0 8 6
ip6q 72 3 0 0 1 0 1 1 0 8 0
ip6af 40 4 0 1 1 0 1 1 0 8 0
nd6 152 26 0 5 1 0 1 1 0 8 0
kcovpl 48 29 0 22 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 456 0 48 29 1 28 29 0 8 0
art_table 40 457 0 48 5 0 5 5 0 8 0
art_node 32 113 0 23 1 0 1 1 0 8 0
sysvmsgpl 40 3 0 1 1 0 1 1 0 8 0
semapl 112 26 0 16 1 0 1 1 0 8 0
shmpl 112 21 0 0 1 0 1 1 0 8 0
dirhash 1024 21 0 4 3 0 3 3 0 8 0
dino2pl 256 1975 0 491 94 0 94 94 0 8 0
ffsino 296 1975 0 491 115 0 115 115 0 8 0
nchpl 144 2551 0 836 64 0 64 64 0 8 0
vnodes 216 2245 0 0 125 0 125 125 0 8 0
namei 1024 8291 0 8291 1 0 1 1 0 8 1
percpumem 16 50 0 1 1 0 1 1 0 8 0
kstatmem 264 25 0 2 2 0 2 2 0 8 0
scxspl 216 8768 0 8768 11 3 8 8 1 8 8
plimitpl 152 185 0 161 3 2 1 2 0 8 0
sigapl 424 749 0 699 7 0 7 7 0 8 0
knotepl 120 335 0 0 10 0 10 10 0 8 0
kqueuepl 224 83 0 74 1 0 1 1 0 8 0
pipepl 344 206 0 182 3 0 3 3 0 8 0
fdescpl 528 733 0 702 4 1 3 4 0 8 0
filepl 160 3864 0 3702 14 2 12 12 0 8 3
lockfpl 104 102 0 100 1 0 1 1 0 8 0
lockfspl 48 34 0 32 1 0 1 1 0 8 0
sessionpl 144 66 0 51 1 0 1 1 0 8 0
pgrppl 48 99 0 77 1 0 1 1 0 8 0
ucredpl 104 525 0 507 1 0 1 1 0 8 0
zombiepl 144 702 0 699 1 0 1 1 0 8 0
processpl 1232 749 0 699 5 0 5 5 0 8 0
procpl 664 1250 0 1192 7 1 6 7 0 8 0
sosppl 176 1 0 1 1 0 1 1 0 8 1
sockpl 752 1025 0 999 15 5 10 11 0 8 7
mcl64k 65536 3 0 0 1 0 1 1 0 8 0
mcl16k 16384 2 0 0 1 0 1 1 0 8 0
mcl12k 12288 1 0 0 1 0 1 1 0 8 0
mcl9k128 9344 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 112 0 0 14 0 14 14 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 21 0 0 3 0 3 3 0 8 0
mtagpl 96 3 0 0 1 0 1 1 0 8 0
mbufpl 256 297 0 0 19 0 19 19 0 8 0
bufpl 280 2892 0 108 199 0 199 199 0 8 0
anonpl 32 6864 0 0 56 0 56 56 0 246 0
amapchunkpl 152 18235 0 17811 29 3 26 27 0 158 5
amappl16 200 2496 0 2470 13 11 2 11 0 8 0
amappl15 192 8 0 8 1 1 0 1 0 8 0
amappl14 184 402 0 401 1 0 1 1 0 8 0
amappl13 176 121 0 111 1 0 1 1 0 8 0
amappl12 168 966 0 936 2 0 2 2 0 8 0
amappl11 160 1 0 1 1 1 0 1 0 8 0
amappl10 152 60 0 50 1 0 1 1 0 8 0
amappl9 144 257 0 257 1 1 0 1 0 8 0
amappl8 136 99 0 98 1 0 1 1 0 8 0
amappl7 128 140 0 129 1 0 1 1 0 8 0
amappl6 120 165 0 163 1 0 1 1 0 8 0
amappl5 112 100 0 93 1 0 1 1 0 8 0
amappl4 104 268 0 253 1 0 1 1 0 8 0
amappl3 96 3382 0 3280 5 1 4 4 0 8 0
amappl2 88 532 0 483 2 0 2 2 0 8 0
amappl1 80 11580 0 11031 19 3 16 16 0 8 2
amappl 88 5177 0 5030 5 0 5 5 0 92 0
uvmvnodes 80 106 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 23 0 0 1 0 1 1 0 8 0
uaddrrnd 24 733 0 702 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 733 0 702 1 0 1 1 0 8 0
vmmpekpl 168 8132 0 8088 3 0 3 3 0 8 0
vmmpepl 168 55514 0 53744 105 8 97 103 0 357 11
vmsppl 488 732 0 699 7 2 5 6 0 8 0
rwobjpl 80 18402 0 17495 27 3 24 25 0 8 2
pdppl 4096 1473 0 1398 137 56 81 99 0 8 6
pvpl 32 12875 0 0 104 0 104 104 0 265 0
pmappl 256 732 0 699 4 1 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 319 0 66 8 0 8 8 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
witness_checkorder(deafbeaddeafbfc5,9,0) at witness_checkorder+0xb5 sys/kern/subr_witness.c:779
mtx_enter(deafbeaddeafbfb5) at mtx_enter+0x95 sys/kern/kern_lock.c:406
prsignal(deafbeaddeafbead,14) at prsignal+0x36 sys/kern/kern_sig.c:904
reaper(ffff8000ffffdc90) at reaper+0x2ec sys/kern/kern_exit.c:516
end trace frame: 0x0, count: -4
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff8000299adff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x18 kd_curproc sys/dev/kcov.c:580 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x18 sys/dev/kcov.c:153
witness_lock(fffffd806c82be80,1) at witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
witness_lock(fffffd806c82be80,1) at witness_lock+0x5f1 sys/kern/subr_witness.c:1160
rw_do_enter_read(fffffd806c82be68,0) at rw_do_enter_read+0x3e8 sys/kern/kern_rwlock.c:413
uvmfault_lookup(ffff80002ffd22f0,0) at uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1880
uvm_fault_check(ffff80002ffd22f0,ffff80002ffd2328,ffff80002ffd2360,0) at uvm_fault_check+0x4f sys/uvm/uvm_fault.c:693
uvm_fault(fffffd806c82bd80,57000,0,2) at uvm_fault+0x106 sys/uvm/uvm_fault.c:627
kpageflttrap(ffff80002ffd24a0,57960) at kpageflttrap+0x2f4 sys/arch/amd64/amd64/trap.c:283
kerntrap(ffff80002ffd24a0) at kerntrap+0x19d sys/arch/amd64/amd64/trap.c:528
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyout() at copyout+0x64
syscall(ffff80002ffd28e0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002ffd28e0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x2d1402a3c40, count: -15