login: kernel: protection fault trap, code=0 Stopped at witness_checkorder+0x1ec: movl 0x8(%r14),%ebx ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace witness_checkorder(fffffd806d8dd030,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794 rw_enter(fffffd806d8dd020,1) at rw_enter+0xd5 sys/kern/kern_rwlock.c:249 rwsleep(fffffd806d8dd160,fffffd806d8dd020,118,ffffffff8280d317,0) at rwsleep+0xd6 sys/kern/kern_synch.c:303 sosend(fffffd806d8dd018,0,ffff800021255338,0,0,0) at sosend+0x76b sys/kern/uipc_socket.c:623 fifo_write(ffff800021255280) at fifo_write+0x80 sys/miscfs/fifofs/fifo_vnops.c:279 VOP_WRITE(fffffd8065581cb8,ffff800021255338,3,fffffd807f7d64e0) at VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245 ktrwriteraw(ffff800021216db0,fffffd8065581cb8,fffffd807f7d64e0,ffff800021255408,ffff8000212553e0) at ktrwriteraw+0x16c sys/kern/kern_ktrace.c:664 ktrgenio(ffff800021216db0,f,0,ffff800000d6c220,10000) at ktrgenio+0x272 ktrwrite2 sys/kern/kern_ktrace.c:626 [inline] ktrgenio(ffff800021216db0,f,0,ffff800000d6c220,10000) at ktrgenio+0x272 sys/kern/kern_ktrace.c:258 dofilereadv(ffff800021216db0,f,ffff800021255578,0,ffff800021255660) at dofilereadv+0x2e7 sys/kern/sys_generic.c:263 sys_read(ffff800021216db0,ffff800021255610,ffff800021255660) at sys_read+0x87 sys/kern/sys_generic.c:167 syscall(ffff8000212556e0) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff8000212556e0) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7078f5c0c920, count: -12 ddb{1}> show registers rdi 0 rsi 0x20000 acpi_pdirpa+0xbe63 rbp 0xffff800021255000 rbx 0xe rdx 0 rcx 0 rax 0xffff800020d58ff0 r8 0xffffffffffffffff r9 0x1 r10 0x6d3abe544e7feeef r11 0xa5c3bc718bd1c8dc r12 0 r13 0xfffffd806d8dd030 r14 0xcccccccccccc0416 r15 0xffff800021216db0 rip 0xffffffff81d6d0cc witness_checkorder+0x1ec cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800021254f50 ss 0x10 witness_checkorder+0x1ec: movl 0x8(%r14),%ebx ddb{1}> show proc PROC (syz-fuzzer) pid=224112 stat=onproc flags process=2 proc=1 pri=24, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff8000212162d0,0xffff800021216028 process=0xffff8000212210d0 user=0xffff800021250000, vmspace=0xfffffd806e3731e0 estcpu=1, cpticks=2, pctcpu=0.19 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 21272 117049 2875 0 3 0x80 nanoslp syz-executor.1 21272 496868 2875 0 3 0x4000080 pipewr syz-executor.1 21272 344807 2875 0 3 0x4000080 fsleep syz-executor.1 55437 169917 1 0 3 0x100083 ttyin getty 1387 505594 82954 0 2 0x83 syz-executor.4 2165 523204 82954 0 3 0x82 piperd syz-executor.2 2875 98038 82954 0 3 0x82 nanoslp syz-executor.1 15660 244781 0 0 3 0x14200 acct acct 69336 341745 0 0 3 0x14280 nfsidl nfsio 70014 432571 0 0 3 0x14280 nfsidl nfsio 63098 409033 0 0 3 0x14280 nfsidl nfsio 57466 306622 0 0 3 0x14280 nfsidl nfsio 18786 95429 0 0 3 0x14280 nfsidl nfsio 36933 296659 0 0 3 0x14280 nfsidl nfsio 89556 322903 0 0 3 0x14280 nfsidl nfsio 7173 263314 0 0 3 0x14280 nfsidl nfsio 11412 430795 0 0 3 0x14280 nfsidl nfsio 20356 80669 0 0 3 0x14280 nfsidl nfsio 39466 320172 0 0 3 0x14280 nfsidl nfsio 88681 313141 0 0 3 0x14280 nfsidl nfsio 22859 226550 0 0 3 0x14280 nfsidl nfsio 42845 64678 0 0 3 0x14280 nfsidl nfsio 43168 379648 0 0 3 0x14280 nfsidl nfsio 70599 391610 0 0 3 0x14280 nfsidl nfsio 50356 467634 0 0 3 0x14280 nfsidl nfsio 99980 483577 0 0 3 0x14280 nfsidl nfsio 6540 381468 0 0 3 0x14280 nfsidl nfsio 36001 378663 0 0 3 0x14280 nfsidl nfsio 43542 366543 0 0 3 0x14200 bored sosplice 743 83536 82954 0 2 0x83 syz-executor.7 22468 37408 82954 0 2 0x83 syz-executor.6 77413 50856 82954 0 3 0x82 nanoslp syz-executor.5 81105 163289 82954 0 2 0x83 syz-executor.3 11665 130444 82954 0 3 0x82 nanoslp syz-executor.0 *82954 224112 48207 0 7 0x3 syz-fuzzer 82954 343649 48207 0 3 0x4000082 nanoslp syz-fuzzer 82954 364963 48207 0 3 0x4000082 wait syz-fuzzer 82954 317602 48207 0 3 0x4000082 thrsleep syz-fuzzer 82954 323511 48207 0 3 0x4000082 kqread syz-fuzzer 82954 128749 48207 0 3 0x4000082 wait syz-fuzzer 82954 205539 48207 0 3 0x4000082 thrsleep syz-fuzzer 82954 36666 48207 0 3 0x4000082 wait syz-fuzzer 82954 381113 48207 0 3 0x4000082 wait syz-fuzzer 82954 361401 48207 0 3 0x4000082 thrsleep syz-fuzzer 82954 89713 48207 0 3 0x4000082 wait syz-fuzzer 82954 495778 48207 0 3 0x4000082 thrsleep syz-fuzzer 82954 64861 48207 0 3 0x4000082 wait syz-fuzzer 82954 230548 48207 0 3 0x4000082 wait syz-fuzzer 82954 434587 48207 0 3 0x4000082 wait syz-fuzzer 82954 366248 48207 0 2 0x4000083 syz-fuzzer 48207 259314 63810 0 3 0x10008a sigsusp ksh 63810 321046 7062 0 2 0x93 sshd 7062 115004 1 0 3 0x88 kqread sshd 98788 449287 71929 74 3 0x1100092 bpf pflogd 71929 199773 1 0 3 0x80 netio pflogd 57885 139889 57539 73 3 0x1100090 kqread syslogd 57539 320277 1 0 3 0x100082 netio syslogd 60824 129772 1 0 3 0x100080 kqread resolvd 73648 199039 16491 77 3 0x100092 kqread dhcpleased 22881 86437 16491 77 3 0x100092 kqread dhcpleased 16491 12916 1 0 3 0x80 kqread dhcpleased 77664 279786 0 0 3 0x14200 bored smr 22149 419281 0 0 3 0x14200 pgzero zerothread 88913 187542 0 0 3 0x14200 aiodoned aiodoned 5047 244578 0 0 3 0x14200 syncer update 8455 363778 0 0 3 0x14200 cleaner cleaner 42797 258223 0 0 7 0x14200 reaper 24623 392695 0 0 3 0x14200 pgdaemon pagedaemon 64259 275600 0 0 3 0x14200 bored viomb 15566 456616 0 0 3 0x40014200 acpi0 acpi0 49829 417721 0 0 3 0x40014200 idle1 47035 320225 0 0 3 0x14200 bored softnet3 89325 146371 0 0 3 0x14200 bored softnet2 46328 204612 0 0 3 0x14200 bored softnet1 23390 451399 0 0 3 0x14200 bored softnet0 38766 390225 0 0 3 0x14200 bored systqmp 16032 200998 0 0 3 0x14200 bored systq 536 143392 0 0 3 0x40014200 bored softclock 67140 122749 0 0 3 0x40014200 idle0 1 413520 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 82954 (syz-fuzzer) thread 0xffff800021216db0 (224112) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82d05008) #0 witness_lock+0x447 #1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227 #2 mi_switch+0x3bb sys/kern/sched_bsd.c:405 #3 sleep_finish+0x184 sys/kern/kern_synch.c:411 #4 rwsleep+0xab sys/kern/kern_synch.c:300 #5 sosend+0x76b sys/kern/uipc_socket.c:623 #6 fifo_write+0x80 sys/miscfs/fifofs/fifo_vnops.c:279 #7 VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245 #8 ktrwriteraw+0x16c sys/kern/kern_ktrace.c:664 #9 ktrgenio+0x272 ktrwrite2 sys/kern/kern_ktrace.c:626 [inline] #9 ktrgenio+0x272 sys/kern/kern_ktrace.c:258 #10 dofilereadv+0x2e7 sys/kern/sys_generic.c:263 #11 sys_read+0x87 sys/kern/sys_generic.c:167 #12 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] #12 syscall+0x606 sys/arch/amd64/amd64/trap.c:623 #13 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10206 6607K 7508K 78643K 24978 0 pcb 13 9K 10K 78643K 137 0 rtable 242 6K 7K 78643K 462 0 pf 32 9K 10K 78643K 81 0 ifaddr 45 15K 15K 78643K 77 0 ifgroup 55 2K 2K 78643K 105 0 sysctl 2 0K 0K 78643K 2 0 counters 60 35K 36K 78643K 98 0 ioctlops 0 0K 4K 78643K 1570 0 iov 0 0K 16K 78643K 253 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1491 93K 93K 78643K 4938 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 50 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 190 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 11 37K 85K 78643K 3238 0 sigio 0 0K 0K 78643K 68 0 proc 72 91K 128K 78643K 783 0 subproc 104 6K 7K 78643K 146 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 21 0 in_multi 99 7K 7K 78643K 143 0 ether_multi 1 0K 0K 78643K 3 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 133 599K 599K 78643K 133 0 exec 0 0K 1K 78643K 765 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 344 87K 91K 78643K 34007 0 UVM aobj 115 3K 3K 78643K 118 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 60 0 NDP 12 0K 2K 78643K 53 0 temp 88 5873K 5996K 78643K 48777 0 kqueue 12 18K 26K 78643K 277 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 56 0 53 1 0 1 1 0 8 0 rtentry 112 149 0 35 4 0 4 4 0 8 0 unpcb 144 1842 0 1827 28 22 6 6 0 8 5 syncache 296 7 0 7 2 2 0 1 0 8 0 tcpqe 32 254 0 254 2 2 0 1 0 8 0 tcpcb 808 376 0 372 16 15 1 7 0 8 0 arp 120 24 0 6 1 0 1 1 0 8 0 inpcb 368 1012 0 1003 35 34 1 7 0 8 0 nd6 136 38 0 10 1 0 1 1 0 8 0 pkpcb 40 73 0 73 3 2 1 1 0 8 1 kcovpl 48 11 0 3 1 0 1 1 0 8 0 ppxss 1256 13 0 13 2 2 0 1 0 8 0 pffrag 232 21 0 20 1 0 1 1 0 482 0 pffrnode 88 21 0 20 1 0 1 1 0 8 0 pffrent 40 54 0 53 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 110 0 89 1 0 1 1 0 8 0 pfstkey 128 110 0 89 2 1 1 2 0 8 0 pfstate 376 110 0 89 6 3 3 4 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 614 0 134 30 0 30 30 0 8 0 art_table 32 615 0 134 4 0 4 4 0 8 0 art_node 16 148 0 44 1 0 1 1 0 8 0 sysvmsgpl 40 2 0 0 1 0 1 1 0 8 0 semapl 112 188 0 178 1 0 1 1 0 8 0 shmpl 112 115 0 3 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 5745 0 4275 93 0 93 93 0 8 0 ffsino 272 5745 0 4275 99 0 99 99 0 8 0 nchpl 144 10772 0 10267 64 0 64 64 0 8 40 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 35976 0 35976 3 2 1 2 0 8 1 percpumem 16 62 0 19 1 0 1 1 0 8 0 kstatmem 264 62 0 38 2 0 2 2 0 8 0 scxspl 216 28164 0 28164 11 10 1 8 0 8 1 plimitpl 152 301 0 285 1 0 1 1 0 8 0 sigapl 424 3575 0 3510 9 1 8 8 0 8 0 futexpl 64 25021 0 25020 1 0 1 1 0 8 0 knotepl 120 274 0 0 8 0 8 8 0 8 0 kqueuepl 216 614 0 606 11 10 1 5 0 8 0 pipepl 320 671 0 643 23 20 3 8 0 8 0 fdescpl 496 3536 0 3512 5 0 5 5 0 8 0 filepl 152 20872 0 20631 61 46 15 18 0 8 5 lockfpl 104 5146 0 5143 16 15 1 4 0 8 0 lockfspl 48 2478 0 2475 5 4 1 2 0 8 0 sessionpl 144 28 0 11 1 0 1 1 0 8 0 pgrppl 48 372 0 355 1 0 1 1 0 8 0 ucredpl 104 2699 0 2684 1 0 1 1 0 8 0 zombiepl 144 3512 0 3510 1 0 1 1 0 8 0 processpl 1072 3575 0 3510 5 0 5 5 0 8 0 procpl 696 9109 0 9026 19 10 9 10 0 8 0 sosppl 168 25 0 25 5 5 0 1 0 8 0 sockpl 488 2987 0 2960 113 101 12 29 0 8 8 mcl64k 65536 19 0 0 3 1 2 3 0 8 0 mcl16k 16384 8 0 0 1 0 1 1 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 11 0 0 1 0 1 1 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 16 0 0 2 0 2 2 0 8 0 mcl2k2 2112 4 0 0 1 0 1 1 0 8 0 mcl2k 2048 348 0 0 42 2 40 42 0 8 0 mtagpl 96 1606 0 0 39 0 39 39 0 8 0 mbufpl 256 1859 0 0 112 0 112 112 0 8 0 bufpl 288 8023 0 1709 452 0 452 452 0 8 0 anonpl 24 488486 0 472744 142 43 99 99 0 186 3 amapchunkpl 152 107487 0 106710 57 21 36 38 0 158 0 amappl16 200 12311 0 11748 65 35 30 31 0 8 0 amappl15 192 86 0 86 1 1 0 1 0 8 0 amappl14 184 168 0 154 2 1 1 2 0 8 0 amappl13 176 30 0 28 1 0 1 1 0 8 0 amappl12 168 4263 0 4233 3 1 2 2 0 8 0 amappl11 160 57 0 43 1 0 1 1 0 8 0 amappl10 152 61 0 51 1 0 1 1 0 8 0 amappl9 144 217 0 216 2 1 1 2 0 8 0 amappl8 136 329 0 243 3 0 3 3 0 8 0 amappl7 128 82 0 66 1 0 1 1 0 8 0 amappl6 120 308 0 287 2 1 1 2 0 8 0 amappl5 112 216 0 206 1 0 1 1 0 8 0 amappl4 104 744 0 697 3 1 2 3 0 8 0 amappl3 96 21246 0 21173 4 1 3 3 0 8 0 amappl2 88 3886 0 3824 3 1 2 3 0 8 0 amappl1 80 21099 0 20555 23 10 13 23 0 8 0 amappl 88 33372 0 33163 8 2 6 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 117 0 3 3 0 3 3 0 8 0 uaddrrnd 24 3536 0 3511 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3536 0 3511 1 0 1 1 0 8 0 vmmpekpl 168 30865 0 30798 4 0 4 4 0 8 0 vmmpepl 168 227047 0 224715 179 64 115 124 0 357 6 vmsppl 464 3535 0 3511 5 0 5 5 0 8 0 rwobjpl 56 68289 0 60591 118 8 110 110 0 8 1 pdppl 4096 7080 0 7022 310 240 70 80 0 8 12 pvpl 32 1167077 0 1145845 396 212 184 364 0 265 9 pmappl 248 3535 0 3511 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1210 0 298 27 0 27 27 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff82b62ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x25 kd_curproc sys/dev/kcov.c:577 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x25 sys/dev/kcov.c:148 __mp_lock(ffffffff82d04e00) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82d04e00) at __mp_lock+0x133 sys/kern/kern_lock.c:147 softintr_dispatch(0) at softintr_dispatch+0x52 sys/arch/amd64/amd64/softintr.c:88 Xsoftclock() at Xsoftclock+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc reaper(ffff8000211ad5c8) at reaper+0x160 sys/kern/kern_exit.c:437 end trace frame: 0x0, count: -9 ddb{0}> machine ddbcpu 1 Stopped at witness_checkorder+0x1ec: movl 0x8(%r14),%ebx ddb{1}> trace witness_checkorder(fffffd806d8dd030,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794 rw_enter(fffffd806d8dd020,1) at rw_enter+0xd5 sys/kern/kern_rwlock.c:249 rwsleep(fffffd806d8dd160,fffffd806d8dd020,118,ffffffff8280d317,0) at rwsleep+0xd6 sys/kern/kern_synch.c:303 sosend(fffffd806d8dd018,0,ffff800021255338,0,0,0) at sosend+0x76b sys/kern/uipc_socket.c:623 fifo_write(ffff800021255280) at fifo_write+0x80 sys/miscfs/fifofs/fifo_vnops.c:279 VOP_WRITE(fffffd8065581cb8,ffff800021255338,3,fffffd807f7d64e0) at VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245 ktrwriteraw(ffff800021216db0,fffffd8065581cb8,fffffd807f7d64e0,ffff800021255408,ffff8000212553e0) at ktrwriteraw+0x16c sys/kern/kern_ktrace.c:664 ktrgenio(ffff800021216db0,f,0,ffff800000d6c220,10000) at ktrgenio+0x272 ktrwrite2 sys/kern/kern_ktrace.c:626 [inline] ktrgenio(ffff800021216db0,f,0,ffff800000d6c220,10000) at ktrgenio+0x272 sys/kern/kern_ktrace.c:258 dofilereadv(ffff800021216db0,f,ffff800021255578,0,ffff800021255660) at dofilereadv+0x2e7 sys/kern/sys_generic.c:263 sys_read(ffff800021216db0,ffff800021255610,ffff800021255660) at sys_read+0x87 sys/kern/sys_generic.c:167 syscall(ffff8000212556e0) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff8000212556e0) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7078f5c0c920, count: -12