kernel: protection fault trap, code=0
Stopped at witness_checkorder+0xb5: movl 0x20(%r14),%r15d
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
witness_checkorder(deafbeaddeafbfc5,9,0) at witness_checkorder+0xb5 sys/kern/subr_witness.c:779
mtx_enter(deafbeaddeafbfb5) at mtx_enter+0x95 sys/kern/kern_lock.c:406
prsignal(deafbeaddeafbead,14) at prsignal+0x36 sys/kern/kern_sig.c:904
reaper(ffff8000ffffd9f8) at reaper+0x2ec sys/kern/kern_exit.c:516
end trace frame: 0x0, count: -4
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80002a233fc0
rbx 0
rdx 0
rcx 0xffff8000ffffd9f8
rax 0xffffffff837c0ffe cpu_info_full_primary+0x1ffe
r8 0x3b9acdff
r9 0
r10 0x46174c1fd48f4433
r11 0x38c8e95260e30ff3
r12 0xdeafbeaddeafbffe
r13 0x9
r14 0xdeafbeaddeafbfc5
r15 0
rip 0xffffffff82b0c575 witness_checkorder+0xb5
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002a233f20
ss 0x10
witness_checkorder+0xb5: movl 0x20(%r14),%r15d
ddb{0}> show proc
PROC (reaper) tid=115795 pid=27869 tcnt=1 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000fffffc88,0xffff8000ffffc2b0
process=0xffff8000ffffb9c0 user=0xffff80002a22f000, vmspace=0xffffffff839dcd20
estcpu=0, cpticks=17, pctcpu=0.1, user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
14146 42985 60729 32767 2 0x10 syz-executor
14146 465172 60729 32767 3 0x4000090 kqread syz-executor
14146 341899 60729 32767 3 0x4000090 kqread syz-executor
44619 336649 19553 32767 2 0xc90 syz-executor
44619 509692 19553 32767 3 0x4000090 ttyin syz-executor
44619 466177 19553 32767 3 0x4000090 fsleep syz-executor
16220 49412 56345 32767 3 0x90 nanoslp syz-executor
16220 366395 56345 32767 3 0x4000090 fsleep syz-executor
16220 69484 56345 32767 3 0x4000090 fsleep syz-executor
16220 34159 56345 32767 3 0x4000090 pipewr syz-executor
47061 359827 56473 32767 3 0x90 nanoslp syz-executor
47061 81810 56473 32767 3 0x4000090 ttyout syz-executor
47061 234207 56473 32767 3 0x4000090 fsleep syz-executor
22413 362316 60465 32767 2 0x10 syz-executor
40864 243574 44133 32767 3 0x90 wait syz-executor
19553 154354 30122 32767 2 0xc90 syz-executor
60729 126562 73879 32767 3 0x90 nanoslp syz-executor
56345 384495 13690 32767 2 0xc90 syz-executor
56473 518496 20350 32767 2 0xc90 syz-executor
7996 315469 28044 32767 7 0x10 syz-executor
44133 494769 19360 0 3 0x82 wait syz-executor
60465 229427 19360 0 3 0x82 wait syz-executor
30122 171879 19360 0 3 0x82 wait syz-executor
73879 158091 19360 0 3 0x82 wait syz-executor
20350 61993 19360 0 3 0x82 wait syz-executor
28044 306183 19360 0 3 0x82 wait syz-executor
13690 254002 19360 0 3 0x82 wait syz-executor
19360 426672 96335 0 2 0x2 syz-executor
96335 374377 34132 0 3 0x10008a sigsusp ksh
34132 237062 75188 0 3 0x98 kqread sshd-session
75188 520254 35130 0 3 0x92 kqread sshd-session
60217 412784 1 0 3 0x100083 ttyin getty
35130 316889 1 0 3 0x88 kqread sshd
16977 237351 71985 73 3 0x1100090 kqread syslogd
71985 6867 1 0 3 0x100082 sbwait syslogd
28010 422877 1 0 3 0x100080 kqread resolvd
5246 519208 78186 77 3 0x100092 kqread dhcpleased
32759 115833 78186 77 3 0x100092 kqread dhcpleased
78186 482595 1 0 3 0x80 kqread dhcpleased
9149 32156 0 0 3 0x14200 bored smr
5806 443924 0 0 2 0x14200 zerothread
8765 328985 0 0 3 0x14200 aiodoned aiodoned
19740 472883 0 0 3 0x14200 syncer update
7805 277283 0 0 3 0x14200 cleaner cleaner
*27869 115795 0 0 7 0x14200 reaper
43178 310388 0 0 3 0x14200 pgdaemon pagedaemon
76266 181190 0 0 3 0x14200 bored viomb
9245 466512 0 0 3 0x40014200 acpi0 acpi0
80266 165692 0 0 3 0x40014200 idle1
76700 458501 0 0 3 0x14200 bored softnet1
7086 277989 0 0 3 0x14200 bored softnet0
52438 439738 0 0 3 0x14200 bored systqmp
16924 406758 0 0 3 0x14200 bored systq
73610 164823 0 0 3 0x14200 tmoslp softclockmp
47361 231918 0 0 3 0x40014200 tmoslp softclock
87177 342296 0 0 3 0x40014200 idle0
1 512277 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 22413 (syz-executor) thread 0xffff80002a280d10 (362316)
exclusive rrwlock inode r = 0 (0xfffffd806f12b800)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4 ufs_ihashins+0x4f ufs_ihash sys/ufs/ufs/ufs_ihash.c:-1 [inline]
#4 ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:159
#5 ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1232
#6 ffs_inode_alloc+0x279 sys/ufs/ffs/ffs_alloc.c:393
#7 ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112
#8 VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394
#9 domkdirat+0x179 sys/kern/vfs_syscalls.c:3113
#10 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#10 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806d035698)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570
#5 vfs_lookup+0x11c sys/kern/vfs_lookup.c:-1
#6 namei+0x7ca sys/kern/vfs_lookup.c:250
#7 domkdirat+0x8b sys/kern/vfs_syscalls.c:3098
#8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
#9 Xsyscall+0x128
Process 27869 (reaper) thread 0xffff8000ffffd9f8 (115795)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff839acac0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1
#2 sleep_finish+0x2d8 sys/kern/kern_synch.c:369
#3 rw_do_enter_write+0x1dc sys/kern/kern_rwlock.c:298
#4 knote_processexit+0x2b sys/kern/kern_event.c:2217
#5 reaper+0x26d sys/kern/kern_exit.c:513
#6 proc_trampoline+0x10
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11073 12019K 12034K 166960K 12168 0
pcb 17 12K 12K 166960K 17 0
rtable 223 6K 7K 166960K 379 0
pf 29 16K 16K 166960K 31 0
ifaddr 38 6K 7K 166960K 44 0
ifgroup 46 2K 2K 166960K 50 0
sysctl 4 1K 9K 166960K 9 0
counters 68 36K 37K 166960K 70 0
ioctlops 0 0K 2K 166960K 35 0
iov 0 0K 16K 166960K 24 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1336 84K 84K 166960K 1407 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 3 5K 9K 166960K 11 0
VM map 2 1K 1K 166960K 2 0
sem 12 1K 1K 166960K 22 0
dirhash 12 2K 2K 166960K 15 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 21 77K 125K 166960K 538 0
sigio 0 0K 0K 166960K 69 0
proc 58 99K 180K 166960K 534 0
subproc 63 3K 4K 166960K 99 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 150 0
in_multi 88 6K 7K 166960K 111 0
ether_multi 1 0K 0K 166960K 3 0
mrt 2 0K 0K 166960K 2 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 217 970K 970K 166960K 217 0
exec 0 0K 1K 166960K 438 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 237 151K 182K 166960K 6614 0
UVM aobj 16 5K 5K 166960K 17 0
pinsyscall 42 84K 114K 166960K 1644 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 51 0
NDP 10 0K 2K 166960K 27 0
temp 45 8681K 8754K 166960K 6416 0
kqueue 16 24K 34K 166960K 98 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 139 0 136 1 0 1 1 0 8 0
rtentry 176 117 0 14 6 0 6 6 0 8 0
unpcb 144 410 0 394 4 0 4 4 0 8 3
syncache 336 11 0 11 1 0 1 1 0 8 1
tcpqe 32 1 0 1 1 0 1 1 0 8 1
tcpcb 736 347 0 342 7 0 7 7 0 8 6
arp 136 19 0 2 1 0 1 1 0 8 0
ipq 40 5 0 1 1 0 1 1 0 8 0
ipqe 40 13 0 5 1 0 1 1 0 8 0
inpcb 328 682 0 672 7 0 7 7 0 8 5
nd6 152 29 0 5 2 0 2 2 0 8 0
kcovpl 48 11 0 4 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 498 0 72 31 0 31 31 0 8 2
art_table 40 499 0 72 5 0 5 5 0 8 0
art_node 32 117 0 23 1 0 1 1 0 8 0
sysvmsgpl 40 8 0 3 1 0 1 1 0 8 0
semupl 112 3 0 3 1 0 1 1 0 8 1
semapl 112 20 0 10 1 0 1 1 0 8 0
shmpl 112 14 0 1 1 0 1 1 0 8 0
dirhash 1024 19 0 2 3 0 3 3 0 8 0
dino2pl 256 2117 0 598 96 0 96 96 0 8 0
ffsino 296 2117 0 598 117 0 117 117 0 8 0
nchpl 144 2865 0 1173 64 0 64 64 0 8 1
vnodes 216 2225 0 0 124 0 124 124 0 8 0
namei 1024 9232 0 9231 1 0 1 1 0 8 0
percpumem 16 50 0 1 1 0 1 1 0 8 0
kstatmem 264 24 0 2 2 0 2 2 0 8 0
scxspl 216 9782 0 9782 9 1 8 8 1 8 8
plimitpl 152 147 0 124 2 0 2 2 0 8 0
sigapl 424 829 0 780 7 0 7 7 0 8 0
knotepl 120 389 0 0 12 0 12 12 0 8 0
kqueuepl 224 132 0 121 2 0 2 2 0 8 1
pipepl 344 167 0 139 3 0 3 3 0 8 0
fdescpl 528 813 0 780 4 0 4 4 0 8 0
filepl 160 4445 0 4237 15 0 15 15 0 8 5
lockfpl 104 109 0 107 1 0 1 1 0 8 0
lockfspl 48 45 0 43 1 0 1 1 0 8 0
sessionpl 144 31 0 16 1 0 1 1 0 8 0
pgrppl 48 51 0 29 1 0 1 1 0 8 0
ucredpl 104 786 0 768 1 0 1 1 0 8 0
zombiepl 144 781 0 780 1 0 1 1 0 8 0
processpl 1232 829 0 780 5 0 5 5 0 8 0
procpl 664 1473 0 1415 7 0 7 7 0 8 0
sosppl 176 5 0 5 1 0 1 1 0 8 1
sockpl 752 1240 0 1211 15 3 12 15 0 8 7
mcl64k 65536 7 0 0 1 0 1 1 0 8 0
mcl16k 16384 3 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 3 0 0 1 0 1 1 0 8 0
mcl4k 4096 131 0 0 17 0 17 17 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 21 0 0 3 0 3 3 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 1213 0 0 76 0 76 76 0 8 0
bufpl 280 3193 0 118 220 0 220 220 0 8 0
anonpl 32 5837 0 0 48 0 48 48 0 246 0
amapchunkpl 152 20909 0 20400 36 0 36 36 0 158 10
amappl16 200 1342 0 1319 4 0 4 4 0 8 2
amappl15 192 3 0 3 1 1 0 1 0 8 0
amappl14 184 1 0 1 1 0 1 1 0 8 1
amappl13 176 408 0 407 1 0 1 1 0 8 0
amappl12 168 1200 0 1158 3 0 3 3 0 8 0
amappl11 160 7 0 7 1 1 0 1 0 8 0
amappl10 152 40 0 30 1 0 1 1 0 8 0
amappl9 144 259 0 257 1 0 1 1 0 8 0
amappl8 136 19 0 17 1 0 1 1 0 8 0
amappl7 128 76 0 75 1 0 1 1 0 8 0
amappl6 120 263 0 252 1 0 1 1 0 8 0
amappl5 112 85 0 77 1 0 1 1 0 8 0
amappl4 104 448 0 424 1 0 1 1 0 8 0
amappl3 96 3504 0 3413 3 0 3 3 0 8 0
amappl2 88 978 0 904 2 0 2 2 0 8 0
amappl1 80 12333 0 11785 14 0 14 14 0 8 0
amappl 88 5781 0 5613 5 0 5 5 0 92 0
uvmvnodes 80 118 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 16 0 1 1 0 1 1 0 8 0
uaddrrnd 24 813 0 780 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 813 0 780 1 0 1 1 0 8 0
vmmpekpl 168 8748 0 8696 3 0 3 3 0 8 0
vmmpepl 168 59224 0 57326 100 0 100 100 0 357 4
vmsppl 488 812 0 780 6 0 6 6 0 8 0
rwobjpl 80 18250 0 17299 24 1 23 23 0 8 0
pdppl 4096 1634 0 1560 120 34 86 98 0 8 12
pvpl 32 14568 0 0 118 0 118 118 0 265 0
pmappl 256 812 0 780 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 365 0 36 10 0 10 10 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
witness_checkorder(deafbeaddeafbfc5,9,0) at witness_checkorder+0xb5 sys/kern/subr_witness.c:779
mtx_enter(deafbeaddeafbfb5) at mtx_enter+0x95 sys/kern/kern_lock.c:406
prsignal(deafbeaddeafbead,14) at prsignal+0x36 sys/kern/kern_sig.c:904
reaper(ffff8000ffffd9f8) at reaper+0x2ec sys/kern/kern_exit.c:516
end trace frame: 0x0, count: -4
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff839ac2c0) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff839ac2c0) at __mp_lock+0x192 sys/kern/kern_lock.c:173
syscall(ffff80002efb8320) at syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline]
syscall(ffff80002efb8320) at syscall+0xaf4 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x74e8daeae890, count: -6