kernel: protection fault trap, code=0 Stopped at witness_checkorder+0x4f5: movl 0x10(%r14),%ecx ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace witness_checkorder(fffffd8078a5f5f8,9,0) at witness_checkorder+0x4f5 witness_lock_order_check sys/kern/subr_witness.c:2442 [inline] witness_checkorder(fffffd8078a5f5f8,9,0) at witness_checkorder+0x4f5 sys/kern/subr_witness.c:890 mtx_enter(fffffd8078a5f5e8) at mtx_enter+0x3e sys/kern/kern_lock.c:265 knote_remove(ffff80002121a000,fffffd8078a5f5e8,fffffd8078a5f670,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881 knote_fdclose(ffff80002121a000,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934 fdfree(ffff80002121a000) at fdfree+0xdf sys/kern/kern_descrip.c:1196 exit1(ffff80002121a000,0,0,1) at exit1+0x3e4 sys/kern/kern_exit.c:206 sys_exit(ffff80002121a000,ffff80002e418ec0,ffff80002e418f10) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002e418f90) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002e418f90) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7ad2aec3d890, count: -9 ddb{1}> show registers rdi 0xffffffff rsi 0xffffffff rbp 0xffff80002e418c60 rbx 0xffffffff rdx 0 rcx 0xc rax 0xfffffd80031ee000 r8 0x1 r9 0x1 r10 0x16bdf5fdaa26348e r11 0x49645a04b2734c2a r12 0xfffffd80031c6300 r13 0xfffffd8078a5f5f8 r14 0xdeaf4152deaf4152 r15 0xfffffd80039b4cf8 rip 0xffffffff8159fd35 witness_checkorder+0x4f5 cs 0x8 rflags 0x10212 __ALIGN_SIZE+0xf212 rsp 0xffff80002e418bb0 ss 0x10 witness_checkorder+0x4f5: movl 0x10(%r14),%ecx ddb{1}> show proc PROC (syz-executor.3) pid=346414 stat=onproc flags process=1008 proc=2000 pri=0, usrpri=76, nice=20 forw=0xffffffffffffffff, list=0xffff80002121aaa0,0xffff80002121baa0 process=0xffff800021291938 user=0xffff80002e414000, vmspace=0xfffffd806394fb68 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 68463 335107 63544 0 2 0 syz-executor.5 91703 21559 11003 0 7 0 syz-executor.7 91703 21822 11003 0 3 0x4000080 fsleep syz-executor.7 51094 246456 64829 0 2 0 syz-executor.2 59568 23291 86976 0 2 0 syz-executor.6 59568 54019 86976 0 3 0x4000080 fsleep syz-executor.6 12639 454816 34394 0 3 0x82 nanoslp syz-executor.3 86976 120294 34394 0 3 0x82 nanoslp syz-executor.6 11003 353868 34394 0 3 0x82 nanoslp syz-executor.7 63544 255736 34394 0 3 0x82 nanoslp syz-executor.5 98473 2558 4939 0 3 0x100082 netio arp 4939 154756 1 0 3 0x10008a sigsusp sh 92545 38095 34394 0 2 0x2 syz-executor.4 64829 310736 34394 0 3 0x82 nanoslp syz-executor.2 99761 55658 34394 0 2 0x2 syz-executor.1 68273 442463 34394 0 3 0x82 nanoslp syz-executor.0 34394 25055 14825 0 3 0x2000082 wait syz-fuzzer 34394 348093 14825 0 3 0x6000082 nanoslp syz-fuzzer 34394 281405 14825 0 3 0x6000082 wait syz-fuzzer 34394 186817 14825 0 3 0x6000082 thrsleep syz-fuzzer 34394 146827 14825 0 3 0x6000082 wait syz-fuzzer 34394 177534 14825 0 3 0x6000082 thrsleep syz-fuzzer 34394 153599 14825 0 3 0x6000082 kqread syz-fuzzer 34394 64305 14825 0 3 0x6000082 wait syz-fuzzer 34394 449759 14825 0 3 0x6000082 thrsleep syz-fuzzer 34394 71600 14825 0 3 0x6000082 wait syz-fuzzer 34394 112480 14825 0 3 0x6000082 thrsleep syz-fuzzer 34394 405146 14825 0 3 0x6000082 wait syz-fuzzer 34394 317758 14825 0 3 0x6000082 wait syz-fuzzer 34394 169153 14825 0 3 0x6000082 wait syz-fuzzer 34394 343011 14825 0 3 0x6000082 thrsleep syz-fuzzer 34394 390199 14825 0 3 0x6000082 thrsleep syz-fuzzer 14825 170363 25628 0 3 0x10008a sigsusp ksh 25628 184027 7 0 3 0x9a kqread sshd 44539 229634 1 0 3 0x100083 ttyin getty 7 436361 1 0 3 0x88 kqread sshd 72925 366624 87331 74 3 0x1100092 bpf pflogd 87331 332560 1 0 3 0x80 netio pflogd 90813 310818 18189 73 3 0x1100090 kqread syslogd 18189 359368 1 0 3 0x100082 netio syslogd 985 127274 1 0 3 0x100080 kqread resolvd 40786 293843 89371 77 3 0x100092 kqread dhcpleased 75154 468539 89371 77 3 0x100092 kqread dhcpleased 89371 79703 1 0 3 0x80 kqread dhcpleased 34220 47594 0 0 3 0x14200 bored smr 61171 166646 0 0 2 0x14200 zerothread 28310 455440 0 0 3 0x14200 aiodoned aiodoned 80646 106666 0 0 3 0x14200 syncer update 18603 57663 0 0 3 0x14200 cleaner cleaner 50754 400929 0 0 2 0x14200 reaper 69678 195375 0 0 3 0x14200 pgdaemon pagedaemon 67784 441961 0 0 3 0x14200 bored viomb 34944 122449 0 0 3 0x40014200 acpi0 acpi0 80511 457222 0 0 3 0x40014200 idle1 20301 209958 0 0 3 0x14200 bored softnet3 93892 223892 0 0 3 0x14200 bored softnet2 85838 465710 0 0 3 0x14200 bored softnet1 23723 455501 0 0 3 0x14200 bored softnet0 94097 308787 0 0 3 0x14200 bored systqmp 75430 487137 0 0 3 0x14200 bored systq 31488 84083 0 0 3 0x40014200 bored softclock 67130 434568 0 0 3 0x40014200 idle0 1 206454 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 91703 (syz-executor.7) thread 0xffff80002121ad48 (21559) shared rwlock vmmaplk r = 0 (0xfffffd806394f520) #0 witness_lock+0x447 #1 uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1785 #2 uvm_fault_check+0x3e sys/uvm/uvm_fault.c:672 #3 uvm_fault+0xf2 sys/uvm/uvm_fault.c:600 #4 upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188 #5 usertrap+0x226 sys/arch/amd64/amd64/trap.c:436 #6 recall_trap+0x8 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10220 6487K 6526K 78643K 14746 0 pcb 13 10K 11K 78643K 157 0 rtable 234 6K 6K 78643K 364 0 pf 32 9K 10K 78643K 45 0 ifaddr 45 15K 15K 78643K 49 0 ifgroup 55 2K 2K 78643K 59 0 counters 60 35K 35K 78643K 62 0 ioctlops 0 0K 4K 78643K 3406 0 iov 0 0K 8K 78643K 2108 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1557 97K 97K 78643K 64569 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 659 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 597 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 17 61K 89K 78643K 59033 0 sigio 0 0K 0K 78643K 569 0 proc 67 91K 115K 78643K 1958 0 subproc 117 7K 7K 78643K 117 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 99 7K 7K 78643K 100 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 217 970K 970K 78643K 217 0 exec 0 0K 1K 78643K 399 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 327 83K 85K 78643K 520176 0 UVM aobj 131 4K 4K 78643K 150 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 12 0K 1K 78643K 29 0 temp 74 5920K 6048K 78643K 186675 0 kqueue 12 18K 25K 78643K 4773 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 38 0 34 1 0 1 1 0 8 0 rtentry 112 114 0 4 4 0 4 4 0 8 0 unpcb 144 27868 0 27853 125 124 1 6 0 8 0 syncache 304 4 0 4 1 1 0 1 0 8 0 tcpqe 32 228 0 228 1 1 0 1 0 8 0 tcpcb 808 204 0 200 1 0 1 1 0 8 0 arp 120 19 0 1 1 0 1 1 0 8 0 inpcb 368 5223 0 5214 36 34 2 7 0 8 1 nd6 136 24 0 0 1 0 1 1 0 8 0 kcovpl 48 9 0 0 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 28 0 26 1 0 1 1 0 8 0 pfstkey 128 28 0 26 1 0 1 1 0 8 0 pfstate 376 28 0 26 3 2 1 3 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 455 0 3 29 0 29 29 0 8 0 art_table 32 456 0 3 4 0 4 4 0 8 0 art_node 16 113 0 13 1 0 1 1 0 8 0 sysvmsgpl 40 61 0 61 2 2 0 1 0 8 0 semapl 112 595 0 585 1 0 1 1 0 8 0 shmpl 112 147 0 19 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 64090 0 62640 92 0 92 92 0 8 0 ffsino 272 64090 0 62640 98 0 98 98 0 8 0 nchpl 144 144680 0 143026 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 440253 0 440253 3 2 1 2 0 8 1 percpumem 16 44 0 1 1 0 1 1 0 8 0 kstatmem 264 26 0 2 2 0 2 2 0 8 0 scxspl 216 366669 0 366669 10 9 1 8 1 8 1 plimitpl 152 35 0 18 1 0 1 1 0 8 0 sigapl 424 59355 0 59307 8 2 6 7 0 8 0 futexpl 64 383549 0 383547 2 1 1 1 0 8 0 knotepl 120 125 0 0 4 0 4 4 0 8 0 kqueuepl 216 96266 0 96256 250 249 1 12 0 8 0 pipepl 320 6865 0 6834 95 92 3 13 0 8 0 fdescpl 496 59338 0 59308 6 1 5 5 0 8 0 filepl 152 332642 0 332378 341 330 11 23 0 8 0 lockfpl 104 5289 0 5287 5 4 1 2 0 8 0 lockfspl 48 2179 0 2177 1 0 1 1 0 8 0 sessionpl 144 25 0 7 1 0 1 1 0 8 0 pgrppl 48 208 0 190 1 0 1 1 0 8 0 ucredpl 104 21500 0 21488 1 0 1 1 0 8 0 zombiepl 144 59309 0 59307 2 1 1 1 0 8 0 processpl 1072 59355 0 59307 4 0 4 4 0 8 0 procpl 680 135337 0 135271 33 26 7 8 0 8 0 sockpl 488 33129 0 33101 459 454 5 22 0 8 1 mcl64k 65536 33 0 0 3 0 3 3 0 8 0 mcl16k 16384 57 0 0 7 4 3 3 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 32 0 0 2 0 2 2 0 8 0 mcl8k 8192 57 0 0 4 1 3 3 0 8 0 mcl4k 4096 57 0 0 3 0 3 3 0 8 0 mcl2k2 2112 14 0 0 1 0 1 1 0 8 0 mcl2k 2048 337 0 0 28 13 15 28 0 8 0 mtagpl 96 4 0 0 1 0 1 1 0 8 0 mbufpl 256 1462 0 0 20 0 20 20 0 8 0 bufpl 288 63505 0 57175 453 0 453 453 0 8 0 anonpl 24 4145940 0 4137861 103 49 54 78 0 186 0 amapchunkpl 152 1632806 0 1632099 154 121 33 35 0 158 4 amappl16 200 65707 0 65554 26 17 9 23 0 8 0 amappl15 192 6 0 6 1 1 0 1 0 8 0 amappl14 184 207 0 191 2 1 1 2 0 8 0 amappl13 176 36 0 36 1 1 0 1 0 8 0 amappl12 168 60025 0 59992 4 2 2 3 0 8 0 amappl11 160 56 0 41 1 0 1 1 0 8 0 amappl10 152 60 0 49 1 0 1 1 0 8 0 amappl9 144 185 0 183 1 0 1 1 0 8 0 amappl8 136 519 0 430 5 1 4 4 0 8 0 amappl7 128 153 0 142 2 1 1 2 0 8 0 amappl6 120 420 0 400 2 1 1 2 0 8 0 amappl5 112 573 0 562 1 0 1 1 0 8 0 amappl4 104 881 0 838 3 1 2 3 0 8 0 amappl3 96 328898 0 328823 4 1 3 3 0 8 0 amappl2 88 60654 0 60584 3 1 2 3 0 8 0 amappl1 80 206089 0 205506 23 9 14 23 0 8 0 amappl 88 519598 0 519407 8 2 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 149 0 19 3 0 3 3 0 8 0 uaddrrnd 24 59338 0 59308 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 59338 0 59308 1 0 1 1 0 8 0 vmmpekpl 168 313698 0 313640 3 0 3 3 0 8 0 vmmpepl 168 3173747 0 3171653 237 137 100 119 0 357 2 vmsppl 464 59337 0 59308 18 13 5 5 0 8 0 rwobjpl 56 655976 0 648639 117 12 105 109 0 8 0 pdppl 4096 118684 0 118616 1242 1168 74 82 0 8 6 pvpl 32 13883083 0 13868908 447 321 126 366 0 265 0 pmappl 248 59337 0 59308 16 13 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2059 0 1250 24 0 24 24 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff82bc2ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82cbdb20) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82cbdb20) at __mp_lock+0x122 sys/kern/kern_lock.c:147 intr_handler(ffff80002e40cf80,ffff80000027b500) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:532 Xintr_ioapic_edge25_untramp() at Xintr_ioapic_edge25_untramp+0x18f __mp_lock(ffffffff82cbdb20) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82cbdb20) at __mp_lock+0x122 sys/kern/kern_lock.c:147 uvm_fault(fffffd806394f428,e1017d85000,0,1) at uvm_fault+0x181 sys/uvm/uvm_fault.c:622 upageflttrap(ffff80002e40d300,e1017d85000) at upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188 usertrap(ffff80002e40d300) at usertrap+0x226 sys/arch/amd64/amd64/trap.c:436 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7822cdcf0bf0, count: -11 ddb{0}> machine ddbcpu 1 Stopped at witness_checkorder+0x4f5: movl 0x10(%r14),%ecx ddb{1}> trace witness_checkorder(fffffd8078a5f5f8,9,0) at witness_checkorder+0x4f5 witness_lock_order_check sys/kern/subr_witness.c:2442 [inline] witness_checkorder(fffffd8078a5f5f8,9,0) at witness_checkorder+0x4f5 sys/kern/subr_witness.c:890 mtx_enter(fffffd8078a5f5e8) at mtx_enter+0x3e sys/kern/kern_lock.c:265 knote_remove(ffff80002121a000,fffffd8078a5f5e8,fffffd8078a5f670,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881 knote_fdclose(ffff80002121a000,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934 fdfree(ffff80002121a000) at fdfree+0xdf sys/kern/kern_descrip.c:1196 exit1(ffff80002121a000,0,0,1) at exit1+0x3e4 sys/kern/kern_exit.c:206 sys_exit(ffff80002121a000,ffff80002e418ec0,ffff80002e418f10) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002e418f90) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002e418f90) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7ad2aec3d890, count: -9