kernel: protection fault trap, code=0 Stopped at witness_checkorder+0x4f5: movl 0x10(%r14),%ecx ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace witness_checkorder(fffffd807d883298,9,0) at witness_checkorder+0x4f5 witness_lock_order_check sys/kern/subr_witness.c:2442 [inline] witness_checkorder(fffffd807d883298,9,0) at witness_checkorder+0x4f5 sys/kern/subr_witness.c:890 mtx_enter(fffffd807d883288) at mtx_enter+0x3e sys/kern/kern_lock.c:265 knote_remove(ffff80002120e568,fffffd807d883288,fffffd807d883310,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881 knote_fdclose(ffff80002120e568,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934 fdfree(ffff80002120e568) at fdfree+0xdf sys/kern/kern_descrip.c:1196 exit1(ffff80002120e568,0,0,1) at exit1+0x3e4 sys/kern/kern_exit.c:206 sys_exit(ffff80002120e568,ffff80002e4835d0,ffff80002e483620) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002e4836a0) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002e4836a0) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x733355db47e0, count: -9 ddb{1}> show registers rdi 0xffffffff rsi 0xffffffff rbp 0xffff80002e483370 rbx 0xffffffff rdx 0 rcx 0xc rax 0xfffffd80031ef000 r8 0x1 r9 0x1 r10 0xcd80542b2227bd1e r11 0x62f3d23981a53097 r12 0xfffffd80031c7300 r13 0xfffffd807d883298 r14 0xdeaf4152deaf4152 r15 0xfffffd80039b52e0 rip 0xffffffff81f47f95 witness_checkorder+0x4f5 cs 0x8 rflags 0x10212 __ALIGN_SIZE+0xf212 rsp 0xffff80002e4832c0 ss 0x10 witness_checkorder+0x4f5: movl 0x10(%r14),%ecx ddb{1}> show proc PROC (syz-executor.2) pid=88701 stat=onproc flags process=1008 proc=2000 pri=0, usrpri=75, nice=20 forw=0xffffffffffffffff, list=0xffff80002120e2c0,0xffffffff82d75d58 process=0xffff80002e450020 user=0xffff80002e47e000, vmspace=0xfffffd8069b61cc8 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 66600 171725 90967 0 3 0x80 nanoslp syz-executor.1 66600 471536 90967 0 3 0x4000080 fsleep syz-executor.1 8630 112473 26703 0 2 0 syz-executor.7 8630 73899 26703 0 2 0x4000000 syz-executor.7 62367 366646 0 0 3 0x14280 nfsidl nfsio 16573 27113 0 0 3 0x14280 nfsidl nfsio 54070 488391 0 0 3 0x14280 nfsidl nfsio 68390 277762 0 0 3 0x14280 nfsidl nfsio 94147 485292 0 0 3 0x14280 nfsidl nfsio 44551 177096 0 0 3 0x14280 nfsidl nfsio 79133 388871 0 0 3 0x14280 nfsidl nfsio 34957 338463 0 0 3 0x14280 nfsidl nfsio 73988 112053 0 0 3 0x14280 nfsidl nfsio 80953 6719 0 0 3 0x14280 nfsidl nfsio 60383 419895 0 0 3 0x14280 nfsidl nfsio 94810 339874 0 0 3 0x14280 nfsidl nfsio 89865 264328 0 0 3 0x14280 nfsidl nfsio 49673 58150 0 0 3 0x14280 nfsidl nfsio 22124 273637 0 0 3 0x14280 nfsidl nfsio 21233 474450 0 0 3 0x14280 nfsidl nfsio 38060 514601 0 0 3 0x14280 nfsidl nfsio 18085 455896 0 0 3 0x14280 nfsidl nfsio 89132 83118 0 0 3 0x14280 nfsidl nfsio 47406 54543 0 0 3 0x14280 nfsidl nfsio 80298 66113 55827 60928 2 0x10 syz-executor.0 80298 211579 55827 60928 2 0x4000010 syz-executor.0 80298 215099 55827 60928 3 0x4000090 fsleep syz-executor.0 85391 339754 0 0 3 0x14200 bored sosplice 9925 472079 43889 0 2 0 syz-executor.3 9925 259538 43889 0 3 0x4000080 fsleep syz-executor.3 36122 425510 3374 0 2 0 syz-executor.5 36122 183495 3374 0 3 0x4000080 fsleep syz-executor.5 36122 415950 3374 0 3 0x4000080 fsleep syz-executor.5 26703 107119 58543 0 3 0x82 nanoslp syz-executor.7 46064 388863 58543 0 3 0x82 nanoslp syz-executor.6 3374 425211 58543 0 3 0x82 nanoslp syz-executor.5 89849 159122 58543 0 3 0x82 nanoslp syz-executor.2 43491 486794 58543 0 3 0x82 nanoslp syz-executor.4 43889 489317 58543 0 3 0x82 nanoslp syz-executor.3 90967 411967 58543 0 3 0x82 nanoslp syz-executor.1 55827 169444 58543 0 3 0x82 nanoslp syz-executor.0 58543 76971 13310 0 3 0x2000082 thrsleep syz-fuzzer 58543 361367 13310 0 3 0x6000082 nanoslp syz-fuzzer 58543 451349 13310 0 3 0x6000082 wait syz-fuzzer 58543 234588 13310 0 3 0x6000082 thrsleep syz-fuzzer 58543 26088 13310 0 3 0x6000082 wait syz-fuzzer 58543 296621 13310 0 3 0x6000082 wait syz-fuzzer 58543 427046 13310 0 3 0x6000082 wait syz-fuzzer 58543 433208 13310 0 3 0x6000082 wait syz-fuzzer 58543 218455 13310 0 3 0x6000082 wait syz-fuzzer 58543 124836 13310 0 3 0x6000082 wait syz-fuzzer 58543 135957 13310 0 3 0x6000082 thrsleep syz-fuzzer 58543 226514 13310 0 3 0x6000082 wait syz-fuzzer 58543 202577 13310 0 3 0x6000082 kqread syz-fuzzer 58543 401647 13310 0 3 0x6000082 thrsleep syz-fuzzer 58543 414900 13310 0 3 0x6000082 thrsleep syz-fuzzer 13310 337596 16528 0 3 0x10008a sigsusp ksh 16528 97410 78163 0 3 0x9a kqread sshd 34353 138992 1 0 3 0x100083 ttyin getty 78163 145021 1 0 3 0x88 kqread sshd 65237 216122 31813 74 3 0x1100092 bpf pflogd 31813 312806 1 0 3 0x80 netio pflogd 94720 435902 77333 73 3 0x1100090 kqread syslogd 77333 227055 1 0 3 0x100082 netio syslogd 94615 57823 1 0 3 0x100080 kqread resolvd 44710 30858 45598 77 3 0x100092 kqread dhcpleased 24963 267442 45598 77 3 0x100092 kqread dhcpleased 45598 452436 1 0 3 0x80 kqread dhcpleased 43953 13481 0 0 3 0x14200 bored smr 58182 33085 0 0 2 0x14200 zerothread 27113 285289 0 0 3 0x14200 aiodoned aiodoned 58147 414133 0 0 3 0x14200 syncer update 36733 275429 0 0 3 0x14200 cleaner cleaner 91146 24532 0 0 7 0x14200 reaper 497 449613 0 0 3 0x14200 pgdaemon pagedaemon 86943 34496 0 0 3 0x14200 bored viomb 34017 432011 0 0 3 0x40014200 acpi0 acpi0 30074 441622 0 0 3 0x40014200 idle1 92955 339654 0 0 3 0x14200 bored softnet3 16476 455558 0 0 3 0x14200 bored softnet2 94584 178730 0 0 3 0x14200 bored softnet1 58638 75806 0 0 3 0x14200 bored softnet0 55414 480470 0 0 3 0x14200 bored systqmp 34030 426841 0 0 3 0x14200 bored systq 16253 417043 0 0 3 0x40014200 bored softclock 43005 34968 0 0 3 0x40014200 idle0 1 9074 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10191 6475K 6672K 78643K 11417 0 pcb 13 8K 8K 78643K 32 0 rtable 234 6K 6K 78643K 354 0 pf 32 9K 10K 78643K 61 0 ifaddr 45 15K 15K 78643K 55 0 ifgroup 55 2K 2K 78643K 85 0 counters 60 35K 36K 78643K 72 0 ioctlops 0 0K 4K 78643K 1483 0 iov 0 0K 16K 78643K 36 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1323 83K 83K 78643K 1394 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 3 5K 9K 78643K 12 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 16 57K 93K 78643K 252 0 proc 68 91K 128K 78643K 536 0 subproc 104 6K 6K 78643K 104 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 99 7K 7K 78643K 99 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 390 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 321 80K 80K 78643K 4886 0 UVM aobj 25 2K 2K 78643K 25 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 6 0 NDP 12 0K 1K 78643K 34 0 temp 33 5906K 5970K 78643K 4682 0 kqueue 12 18K 22K 78643K 35 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 43 0 40 1 0 1 1 0 8 0 rtentry 112 111 0 1 4 0 4 4 0 8 0 unpcb 144 77 0 60 1 0 1 1 0 8 0 syncache 304 5 0 5 2 1 1 1 0 8 1 tcpqe 32 166 0 166 2 2 0 1 0 8 0 tcpcb 808 20 0 12 1 0 1 1 0 8 0 arp 120 18 0 0 1 0 1 1 0 8 0 inpcb 368 115 0 102 2 0 2 2 0 8 0 nd6 136 24 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 pffrag 232 67 0 67 1 0 1 1 0 482 1 pffrnode 88 67 0 67 1 0 1 1 0 8 1 pffrent 40 201 0 201 1 0 1 1 0 8 1 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 27 0 2 1 0 1 1 0 8 0 pfstkey 128 27 0 2 1 0 1 1 0 8 0 pfstate 376 27 0 2 3 0 3 3 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 453 0 0 29 0 29 29 0 8 0 art_table 32 454 0 0 4 0 4 4 0 8 0 art_node 16 110 0 10 1 0 1 1 0 8 0 shmpl 112 22 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1643 0 196 91 0 91 91 0 8 0 ffsino 272 1643 0 196 97 0 97 97 0 8 0 nchpl 144 2071 0 377 63 0 63 63 0 8 0 uvmvnodes 80 1843 0 0 38 0 38 38 0 8 0 vnodes 216 1843 0 0 103 0 103 103 0 8 0 namei 1024 7702 0 7702 2 1 1 2 0 8 1 percpumem 16 49 0 6 1 0 1 1 0 8 0 kstatmem 264 36 0 12 2 0 2 2 0 8 0 scxspl 216 7373 0 7373 10 2 8 8 1 8 8 plimitpl 152 105 0 89 1 0 1 1 0 8 0 sigapl 424 592 0 523 9 1 8 8 0 8 0 futexpl 64 1416 0 1411 1 0 1 1 0 8 0 knotepl 120 112 0 0 4 0 4 4 0 8 0 kqueuepl 216 37 0 29 1 0 1 1 0 8 0 pipepl 320 228 0 200 8 0 8 8 0 8 5 fdescpl 496 554 0 525 5 0 5 5 0 8 1 filepl 152 3050 0 2805 19 1 18 19 0 8 8 lockfpl 104 35 0 33 1 0 1 1 0 8 0 lockfspl 48 18 0 16 1 0 1 1 0 8 0 sessionpl 144 24 0 7 1 0 1 1 0 8 0 pgrppl 48 59 0 42 1 0 1 1 0 8 0 ucredpl 104 162 0 148 1 0 1 1 0 8 0 zombiepl 144 526 0 523 1 0 1 1 0 8 0 processpl 1072 592 0 523 5 0 5 5 0 8 0 procpl 680 810 0 719 9 1 8 8 0 8 0 sosppl 168 6 0 4 1 0 1 1 0 8 0 sockpl 488 235 0 201 5 0 5 5 0 8 0 mcl64k 65536 2 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 6 0 0 1 0 1 1 0 8 0 mcl4k 4096 40 0 0 5 0 5 5 0 8 0 mcl2k 2048 251 0 0 32 0 32 32 0 8 0 mtagpl 96 4 0 0 1 0 1 1 0 8 0 mbufpl 256 286 0 0 18 0 18 18 0 8 0 bufpl 288 4335 0 142 300 0 300 300 0 8 0 anonpl 24 213015 0 200940 78 2 76 76 0 186 1 amapchunkpl 152 16068 0 15195 36 0 36 36 0 158 0 amappl16 200 5858 0 5558 17 0 17 17 0 8 0 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 160 0 148 2 1 1 2 0 8 0 amappl13 176 55 0 54 2 1 1 1 0 8 0 amappl12 168 1245 0 1209 4 1 3 3 0 8 1 amappl11 160 60 0 45 1 0 1 1 0 8 0 amappl10 152 19 0 11 2 1 1 1 0 8 0 amappl9 144 194 0 192 1 0 1 1 0 8 0 amappl8 136 186 0 136 2 0 2 2 0 8 0 amappl7 128 68 0 55 2 1 1 2 0 8 0 amappl6 120 244 0 225 2 1 1 2 0 8 0 amappl5 112 171 0 160 1 0 1 1 0 8 0 amappl4 104 577 0 537 3 1 2 3 0 8 0 amappl3 96 3461 0 3373 4 1 3 3 0 8 0 amappl2 88 813 0 745 3 1 2 3 0 8 0 amappl1 80 10611 0 10050 23 7 16 23 0 8 3 amappl 88 4345 0 4121 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 24 0 0 1 0 1 1 0 8 0 uaddrrnd 24 554 0 525 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 554 0 525 1 0 1 1 0 8 0 vmmpekpl 168 10760 0 10709 3 0 3 3 0 8 0 vmmpepl 168 56956 0 54762 134 1 133 134 0 357 35 vmsppl 464 553 0 525 5 0 5 5 0 8 1 rwobjpl 56 23548 0 20295 50 3 47 47 0 8 0 pdppl 4096 1116 0 1050 114 44 70 84 0 8 4 pvpl 32 448406 0 430404 364 29 335 364 0 265 187 pmappl 248 553 0 525 3 0 3 3 0 8 1 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 710 0 48 19 0 19 19 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff82ba6ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82cd0260) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82cd0260) at __mp_lock+0x122 sys/kern/kern_lock.c:147 softintr_dispatch(0) at softintr_dispatch+0x52 sys/arch/amd64/amd64/softintr.c:88 Xsoftclock() at Xsoftclock+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 kd_curproc sys/dev/kcov.c:589 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 sys/dev/kcov.c:158 __mp_lock(ffffffff82cd0260) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82cd0260) at __mp_lock+0x133 sys/kern/kern_lock.c:147 reaper(ffff8000211b3548) at reaper+0x160 sys/kern/kern_exit.c:454 end trace frame: 0x0, count: -9 ddb{0}> machine ddbcpu 1 Stopped at witness_checkorder+0x4f5: movl 0x10(%r14),%ecx ddb{1}> trace witness_checkorder(fffffd807d883298,9,0) at witness_checkorder+0x4f5 witness_lock_order_check sys/kern/subr_witness.c:2442 [inline] witness_checkorder(fffffd807d883298,9,0) at witness_checkorder+0x4f5 sys/kern/subr_witness.c:890 mtx_enter(fffffd807d883288) at mtx_enter+0x3e sys/kern/kern_lock.c:265 knote_remove(ffff80002120e568,fffffd807d883288,fffffd807d883310,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881 knote_fdclose(ffff80002120e568,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934 fdfree(ffff80002120e568) at fdfree+0xdf sys/kern/kern_descrip.c:1196 exit1(ffff80002120e568,0,0,1) at exit1+0x3e4 sys/kern/kern_exit.c:206 sys_exit(ffff80002120e568,ffff80002e4835d0,ffff80002e483620) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002e4836a0) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002e4836a0) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x733355db47e0, count: -9