kernel: protection fault trap, code=0
Stopped at witness_checkorder+0xa9: movl 0x18(%r14),%r15d
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
the kernel did not panic
ddb{1}> trace
witness_checkorder(dead4110dead4230,9,0) at witness_checkorder+0xa9 sys/kern/subr_witness.c:775
mtx_enter(dead4110dead4220) at mtx_enter+0x47 sys/kern/kern_lock.c:238
prsignal(dead4110dead4110,14) at prsignal+0x36 sys/kern/kern_sig.c:909
reaper(ffff8000ffffd718) at reaper+0x32c sys/kern/kern_exit.c:489
end trace frame: 0x0, count: -4
ddb{1}> show registers
rdi 0
rsi 0
rbp 0xffff80002a302b50
rbx 0
rdx 0
rcx 0xffff8000ffffd718
rax 0xffff800029a9bff0
r8 0x800000 acpi_pdirpa+0x7ebe71
r9 0x1
r10 0xc76a0216e2babc7c
r11 0x4d3c4b986452ca52
r12 0
r13 0x1
r14 0xdead4110dead4230
r15 0x3
rip 0xffffffff8228d009 witness_checkorder+0xa9
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002a302aa0
ss 0x10
witness_checkorder+0xa9: movl 0x18(%r14),%r15d
ddb{1}> show proc
PROC (reaper) tid=488109 pid=48480 tcnt=1 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
runpri=32, usrpri=51, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000ffffd9a8,0xffff8000ffffd498
process=0xffff80002a3066c8 user=0xffff80002a2fd000, vmspace=0xffffffff83913800
estcpu=1, cpticks=1, pctcpu=0.46, user=0, sys=77, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
52082 77106 20674 0 2 0 syz-executor
67087 410109 0 0 3 0x14280 nfsidl nfsio
94461 158567 0 0 3 0x14280 nfsidl nfsio
80993 508200 0 0 3 0x14280 nfsidl nfsio
26034 414483 0 0 3 0x14280 nfsidl nfsio
22235 499469 0 0 3 0x14280 nfsidl nfsio
1590 210432 0 0 3 0x14280 nfsidl nfsio
24800 353886 0 0 3 0x14280 nfsidl nfsio
62165 327492 0 0 3 0x14280 nfsidl nfsio
12960 44448 0 0 3 0x14280 nfsidl nfsio
41754 157525 0 0 3 0x14280 nfsidl nfsio
82879 237077 0 0 3 0x14280 nfsidl nfsio
72033 110035 0 0 3 0x14280 nfsidl nfsio
78259 151659 0 0 3 0x14280 nfsidl nfsio
75664 291832 0 0 3 0x14280 nfsidl nfsio
19409 440754 0 0 3 0x14280 nfsidl nfsio
23058 379063 0 0 3 0x14280 nfsidl nfsio
54970 187381 27270 0 2 0 syz-executor
54970 396887 27270 0 3 0x4000080 lockf syz-executor
54970 354106 27270 0 3 0x4000080 fsleep syz-executor
54970 281685 27270 0 3 0x4000080 fsleep syz-executor
38602 110341 26306 0 2 0 syz-executor
38602 284777 26306 0 3 0x4000080 fsleep syz-executor
38602 215289 26306 0 3 0x4000080 fsleep syz-executor
52280 504544 55448 0 2 0 syz-executor
52280 217617 55448 0 2 0x4000000 syz-executor
20461 38587 0 0 3 0x14200 acct acct
96009 61676 0 0 3 0x14200 bored sosplice
55448 499903 76213 0 3 0x82 nanoslp syz-executor
17764 517668 76213 0 3 0x2 biowait syz-executor
20674 358200 76213 0 7 0x3 syz-executor
27270 310724 76213 0 3 0x82 nanoslp syz-executor
15060 123906 76213 0 2 0x3 syz-executor
34214 100574 76213 0 3 0x82 nanoslp syz-executor
26306 265908 76213 0 3 0x82 nanoslp syz-executor
30345 424855 76213 0 3 0x82 nanoslp syz-executor
76213 495861 77544 0 2 0x3 syz-executor
77544 176647 52219 0 3 0x10008a sigsusp ksh
52219 255804 95723 0 3 0x98 kqread sshd-session
95723 125315 28162 0 3 0x92 kqread sshd-session
17568 43713 1 0 3 0x100083 ttyin getty
28162 171331 1 0 3 0x88 kqread sshd
66122 379506 49999 74 3 0x1100092 bpf pflogd
49999 244838 1 0 3 0x80 sbwait pflogd
10433 438118 20986 73 3 0x1100090 kqread syslogd
20986 314525 1 0 3 0x100082 sbwait syslogd
16304 490334 1 0 3 0x100080 kqread resolvd
49115 346063 78904 77 3 0x100092 kqread dhcpleased
62666 353485 78904 77 3 0x100092 kqread dhcpleased
78904 341759 1 0 3 0x80 kqread dhcpleased
58587 142846 0 0 3 0x14200 bored smr
8919 165724 0 0 2 0x14200 zerothread
73591 87007 0 0 3 0x14200 aiodoned aiodoned
11155 493760 0 0 3 0x14200 syncer update
85985 251817 0 0 3 0x14200 cleaner cleaner
*48480 488109 0 0 7 0x14200 reaper
23427 498359 0 0 3 0x14200 pgdaemon pagedaemon
5005 69498 0 0 3 0x14200 bored viomb
34535 216465 0 0 3 0x40014200 acpi0 acpi0
76381 280523 0 0 3 0x40014200 idle1
56209 129750 0 0 3 0x14200 bored softnet3
46606 124961 0 0 3 0x14200 bored softnet2
43761 423087 0 0 3 0x14200 bored softnet1
25108 54036 0 0 2 0x14200 softnet0
44708 61107 0 0 3 0x14200 bored systqmp
96715 225496 0 0 3 0x14200 bored systq
90710 133062 0 0 3 0x14200 tmoslp softclockmp
87032 113909 0 0 3 0x40014200 tmoslp softclock
17129 337753 0 0 3 0x40014200 idle0
1 190307 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 52280 (syz-executor) thread 0xffff80003b4cca68 (217617)
exclusive rwlock sysctllk r = 0 (0xffffffff83853108)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316
#2 sysctl_vslock+0x45 sys/kern/kern_sysctl.c:185
#3 sys_sysctl+0x398 sys/kern/kern_sysctl.c:297
#4 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#4 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
#5 Xsyscall+0x128
Process 17764 (syz-executor) thread 0xffff8000ffffd1f8 (517668)
exclusive rrwlock inode r = 0 (0xfffffd8069d12658)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:616
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:159
#5 ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1230
#6 ffs_inode_alloc+0x283 sys/ufs/ffs/ffs_alloc.c:393
#7 ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112
#8 VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394
#9 domkdirat+0x179 sys/kern/vfs_syscalls.c:3102
#10 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#10 syscall+0xb08 sys/arch/amd64/amd64/trap.c:577
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806cc8e650)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:616
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570
#5 vfs_lookup+0x109 sys/kern/vfs_lookup.c:418
#6 namei+0x7aa sys/kern/vfs_lookup.c:250
#7 domkdirat+0x8b sys/kern/vfs_syscalls.c:3087
#8 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8 syscall+0xb08 sys/arch/amd64/amd64/trap.c:577
#9 Xsyscall+0x128
Process 48480 (reaper) thread 0xffff8000ffffd718 (488109)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff838e3ee0)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 __mp_acquire_count+0x58
#2 mi_switch+0x4b7 sys/kern/sched_bsd.c:441
#3 sleep_finish+0x24f sys/kern/kern_synch.c:414
#4 rw_do_enter_write+0x1de sys/kern/kern_rwlock.c:292
#5 knote_processexit+0x2b sys/kern/kern_event.c:2063
#6 reaper+0x2ad sys/kern/kern_exit.c:486
#7 proc_trampoline+0x10
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10203 11049K 11346K 166960K 11490 0
pcb 18 12K 12K 166960K 57 0
rtable 237 7K 8K 166960K 373 0
pf 35 17K 21K 166960K 62 0
ifaddr 43 7K 7K 166960K 54 0
ifgroup 55 2K 2K 166960K 67 0
sysctl 2 1K 1K 166960K 2 0
counters 64 36K 36K 166960K 78 0
ioctlops 0 0K 4K 166960K 1568 0
iov 0 0K 12K 166960K 20 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1364 86K 86K 166960K 1490 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 11 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 14 0
dirhash 12 2K 2K 166960K 21 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 16 57K 93K 166960K 335 0
sigio 0 0K 0K 166960K 4 0
proc 72 91K 140K 166960K 549 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 26 0
in_multi 98 7K 7K 166960K 101 0
ether_multi 1 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 97 440K 440K 166960K 97 0
exec 0 0K 1K 166960K 454 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 220 72K 77K 166960K 4661 0
UVM aobj 13 2K 2K 166960K 18 0
pinsyscall 41 82K 104K 166960K 1423 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 19 0
NDP 12 0K 1K 166960K 34 0
temp 78 8644K 8716K 166960K 16921 0
kqueue 16 24K 26K 166960K 49 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 42 0 39 1 0 1 1 0 8 0
rtentry 112 119 0 10 4 0 4 4 0 8 0
unpcb 144 265 0 241 4 0 4 4 0 8 3
syncache 336 5 0 5 1 1 0 1 0 8 0
tcpcb 808 103 0 99 4 3 1 4 0 8 0
arp 120 20 0 3 1 0 1 1 0 8 0
inpcb 376 337 0 328 11 3 8 8 0 8 7
nd6 136 26 0 0 1 0 1 1 0 8 0
pkpcb 40 1 0 1 1 1 0 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
ppxss 1168 7 0 7 1 1 0 1 0 8 0
pffrag 232 1 0 0 1 0 1 1 0 482 0
pffrnode 88 1 0 0 1 0 1 1 0 8 0
pffrent 40 2 0 1 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 1 0 0 1 0 1 1 0 8 0
pfanchor 1288 1 0 0 1 0 1 1 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfstitem 24 29 0 0 1 0 1 1 0 8 0
pfstkey 128 29 0 0 1 0 1 1 0 8 0
pfstate 376 29 0 0 3 0 3 3 0 8 0
pfrule 1344 88 0 82 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 458 0 5 29 0 29 29 0 8 0
art_table 32 459 0 5 4 0 4 4 0 8 0
art_node 16 117 0 18 1 0 1 1 0 8 0
semapl 112 12 0 2 1 0 1 1 0 8 0
shmpl 112 15 0 5 1 0 1 1 0 8 0
dirhash 1024 23 0 6 3 0 3 3 0 8 0
dino2pl 256 1920 0 408 95 0 95 95 0 8 0
ffsino 280 1920 0 408 109 0 109 109 0 8 0
nchpl 144 2392 0 703 63 0 63 63 0 8 0
uvmvnodes 80 2094 0 0 43 0 43 43 0 8 0
vnodes 216 2094 0 0 117 0 117 117 0 8 0
namei 1024 8246 0 8245 1 0 1 1 0 8 0
percpumem 16 53 0 7 1 0 1 1 0 8 0
kstatmem 264 36 0 12 2 0 2 2 0 8 0
scsiplug 72 2 0 2 1 1 0 1 0 8 0
scxspl 216 7566 0 7564 3 2 1 2 1 8 0
plimitpl 152 54 0 36 1 0 1 1 0 8 0
sigapl 424 654 0 588 9 1 8 8 0 8 0
futexpl 64 3173 0 3169 1 0 1 1 0 8 0
knotepl 120 80 0 0 3 0 3 3 0 8 0
kqueuepl 216 77 0 65 1 0 1 1 0 8 0
pipepl 328 120 0 92 3 0 3 3 0 8 0
fdescpl 504 617 0 587 5 0 5 5 0 8 0
filepl 152 3018 0 2780 16 1 15 15 0 8 4
lockfpl 104 76 0 72 1 0 1 1 0 8 0
lockfspl 48 35 0 32 1 0 1 1 0 8 0
sessionpl 144 24 0 15 1 0 1 1 0 8 0
pgrppl 48 33 0 16 1 0 1 1 0 8 0
ucredpl 104 325 0 310 1 0 1 1 0 8 0
zombiepl 144 595 0 593 1 0 1 1 0 8 0
processpl 1168 654 0 588 6 1 5 5 0 8 0
procpl 656 1003 0 931 7 0 7 7 0 8 0
sockpl 688 648 0 612 19 3 16 16 0 8 12
mcl64k 65536 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 3 0 0 1 0 1 1 0 8 0
mcl4k 4096 123 0 0 16 0 16 16 0 8 0
mcl2k 2048 24 0 0 3 0 3 3 0 8 0
mtagpl 96 12 0 0 1 0 1 1 0 8 0
mbufpl 256 222 0 0 14 0 14 14 0 8 0
bufpl 280 2688 0 126 183 0 183 183 0 8 0
anonpl 24 116314 0 112959 49 26 23 46 0 184 0
amapchunkpl 152 14327 0 13855 24 1 23 23 0 158 0
amappl16 200 2246 0 2219 18 16 2 15 0 8 0
amappl15 192 5 0 5 1 1 0 1 0 8 0
amappl14 184 116 0 104 1 0 1 1 0 8 0
amappl13 176 9 0 8 1 0 1 1 0 8 0
amappl12 168 1259 0 1229 4 1 3 3 0 8 0
amappl11 160 80 0 66 1 0 1 1 0 8 0
amappl10 152 5 0 5 1 1 0 1 0 8 0
amappl9 144 249 0 249 1 1 0 1 0 8 0
amappl8 136 24 0 21 1 0 1 1 0 8 0
amappl7 128 107 0 94 1 0 1 1 0 8 0
amappl6 120 179 0 175 1 0 1 1 0 8 0
amappl5 112 127 0 117 1 0 1 1 0 8 0
amappl4 104 318 0 298 1 0 1 1 0 8 0
amappl3 96 2661 0 2553 4 0 4 4 0 8 0
amappl2 88 722 0 660 2 0 2 2 0 8 0
amappl1 80 8789 0 8219 14 0 14 14 0 8 0
amappl 88 4272 0 4108 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 17 0 5 1 0 1 1 0 8 0
uaddrrnd 24 617 0 587 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 617 0 587 1 0 1 1 0 8 0
vmmpekpl 168 6880 0 6839 2 0 2 2 0 8 0
vmmpepl 168 44489 0 42682 95 8 87 95 0 357 1
vmsppl 456 616 0 587 5 0 5 5 0 8 0
rwobjpl 64 17391 0 14361 52 2 50 52 0 8 0
pdppl 4096 1242 0 1174 100 28 72 86 0 8 4
pvpl 32 15305 0 0 125 1 124 124 0 265 0
pmappl 248 616 0 587 3 0 3 3 0 8 0
extentpl 40 55 0 38 1 0 1 1 0 8 0
phpool 112 284 0 36 8 0 8 8 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
ddb{0}> trace
x86_ipi_db(ffffffff83791ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff838e3cd8) at __mp_lock+0x199 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff838e3cd8) at __mp_lock+0x199 sys/kern/kern_lock.c:144
intr_handler(ffff80002a454340,ffff800000079f00) at intr_handler+0xe1 sys/arch/amd64/amd64/intr.c:553
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
__mp_lock(ffffffff838e3cd8) at __mp_lock+0x19e __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff838e3cd8) at __mp_lock+0x19e sys/kern/kern_lock.c:144
ktrsyscall(ffff8000ffffc528,5b,10,ffff80002a4545f0) at ktrsyscall+0x2b3 sys/kern/kern_ktrace.c:183
syscall(ffff80002a4545f0) at syscall+0x2e6 mi_syscall sys/sys/syscall_mi.h:154 [inline]
syscall(ffff80002a4545f0) at syscall+0x2e6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7463557a2ac0, count: -10
ddb{0}> machine ddbcpu 1
Stopped at witness_checkorder+0xa9: movl 0x18(%r14),%r15d
ddb{1}> trace
witness_checkorder(dead4110dead4230,9,0) at witness_checkorder+0xa9 sys/kern/subr_witness.c:775
mtx_enter(dead4110dead4220) at mtx_enter+0x47 sys/kern/kern_lock.c:238
prsignal(dead4110dead4110,14) at prsignal+0x36 sys/kern/kern_sig.c:909
reaper(ffff8000ffffd718) at reaper+0x32c sys/kern/kern_exit.c:489
end trace frame: 0x0, count: -4