kernel: protection fault trap, code=0 Stopped at witness_checkorder+0x1ec: movl 0x8(%r14),%ebx ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace witness_checkorder(fffffd806f0ad1c0,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794 mtx_enter(fffffd806f0ad1b0) at mtx_enter+0x3e sys/kern/kern_lock.c:265 knote_remove(ffff8000212a6aa8,fffffd806f0ad1b0,fffffd806f0ad238,5,0) at knote_remove+0x20d sys/kern/kern_event.c:1881 knote_fdclose(ffff8000212a6aa8,5) at knote_fdclose+0xae sys/kern/kern_event.c:1934 fdfree(ffff8000212a6aa8) at fdfree+0xdf sys/kern/kern_descrip.c:1196 exit1(ffff8000212a6aa8,0,0,1) at exit1+0x3e4 sys/kern/kern_exit.c:206 sys_exit(ffff8000212a6aa8,ffff80002e425a50,ffff80002e425aa0) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002e425b20) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002e425b20) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x79576ec06370, count: -9 ddb{0}> show registers rdi 0 rsi 0x20000 acpi_pdirpa+0xbe63 rbp 0xffff80002e4257f0 rbx 0xe rdx 0 rcx 0xffff8000212a6aa8 rax 0xffffffff82c1fff0 cpu_info_full_primary+0x1ff0 r8 0x1 r9 0 r10 0xe1b5d1a0a7b93ed9 r11 0x7728b057540963e5 r12 0 r13 0xfffffd806f0ad1c0 r14 0x3ff5555555555555 r15 0xffff8000212a6aa8 rip 0xffffffff8146926c witness_checkorder+0x1ec cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002e425740 ss 0x10 witness_checkorder+0x1ec: movl 0x8(%r14),%ebx ddb{0}> show proc PROC (syz-executor.3) pid=163576 stat=onproc flags process=1018 proc=2000 pri=0, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff80002121a818,0xffff8000212257f8 process=0xffff80002121c010 user=0xffff80002e420000, vmspace=0xfffffd8065e18b08 estcpu=36, cpticks=3, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 21493 225655 97350 32767 2 0x10 syz-executor.4 21493 382352 97350 32767 2 0x4000010 syz-executor.4 97590 89046 86277 32767 2 0x10 syz-executor.5 74518 160588 17323 32767 2 0x10 syz-executor.0 74518 440546 17323 32767 3 0x4000090 nanoslp syz-executor.0 18518 377722 90297 32767 2 0x10 syz-executor.7 18518 278763 90297 32767 3 0x4000090 fsleep syz-executor.7 85800 393966 11418 32767 2 0x10 syz-executor.6 11418 507236 47834 0 3 0x82 wait syz-executor.6 81268 411675 87955 32767 3 0x90 nanoslp syz-executor.2 87955 427082 47834 0 3 0x82 wait syz-executor.2 97350 428630 30941 32767 3 0x90 nanoslp syz-executor.4 30941 389810 47834 0 3 0x82 wait syz-executor.4 17323 250952 4697 32767 2 0x490 syz-executor.0 4697 109973 47834 0 3 0x82 wait syz-executor.0 90297 121095 47618 32767 2 0x490 syz-executor.7 47618 508392 47834 0 3 0x82 wait syz-executor.7 50015 480583 0 0 3 0x14200 bored sosplice 86277 391633 77555 32767 2 0x490 syz-executor.5 77555 138879 47834 0 3 0x82 wait syz-executor.5 69380 230355 79697 32767 3 0x90 nanoslp syz-executor.3 79697 29671 47834 0 3 0x82 wait syz-executor.3 24957 358368 43868 32767 2 0x490 syz-executor.1 43868 133068 47834 0 3 0x82 wait syz-executor.1 47834 23135 89689 0 3 0x2000082 wait syz-fuzzer 47834 189071 89689 0 3 0x6000082 nanoslp syz-fuzzer 47834 97057 89689 0 3 0x6000082 thrsleep syz-fuzzer 47834 23359 89689 0 3 0x6000082 wait syz-fuzzer 47834 286421 89689 0 3 0x6000082 wait syz-fuzzer 47834 44367 89689 0 3 0x6000082 wait syz-fuzzer 47834 389687 89689 0 3 0x6000082 wait syz-fuzzer 47834 33010 89689 0 3 0x6000082 thrsleep syz-fuzzer 47834 411341 89689 0 3 0x6000082 thrsleep syz-fuzzer 47834 294380 89689 0 3 0x6000082 wait syz-fuzzer 47834 400891 89689 0 3 0x6000082 thrsleep syz-fuzzer 47834 523526 89689 0 3 0x6000082 thrsleep syz-fuzzer 47834 288023 89689 0 3 0x6000082 wait syz-fuzzer 47834 92985 89689 0 3 0x6000082 thrsleep syz-fuzzer 47834 176072 89689 0 3 0x6000082 kqread syz-fuzzer 47834 472188 89689 0 3 0x6000082 wait syz-fuzzer 89689 358098 28090 0 3 0x10008a sigsusp ksh 28090 520750 18662 0 3 0x9a kqread sshd 51196 273494 1 0 3 0x100083 ttyin getty 18662 79614 1 0 3 0x88 kqread sshd 62029 370162 46450 73 3 0x1100090 kqread syslogd 46450 329223 1 0 3 0x100082 netio syslogd 17436 118715 1 0 3 0x100080 kqread resolvd 82311 165715 48176 77 3 0x100092 kqread dhcpleased 38071 510246 48176 77 3 0x100092 kqread dhcpleased 48176 306188 1 0 3 0x80 kqread dhcpleased 59690 126887 0 0 3 0x14200 bored smr 23680 138424 0 0 2 0x14200 zerothread 95959 405780 0 0 3 0x14200 aiodoned aiodoned 69053 383391 0 0 3 0x14200 syncer update 77838 402714 0 0 3 0x14200 cleaner cleaner 39092 242039 0 0 7 0x14200 reaper 25500 425373 0 0 3 0x14200 pgdaemon pagedaemon 83288 480396 0 0 3 0x14200 bored viomb 19665 159948 0 0 3 0x40014200 acpi0 acpi0 36421 345093 0 0 3 0x40014200 idle1 1688 44859 0 0 3 0x14200 bored softnet3 30130 333924 0 0 3 0x14200 bored softnet2 52556 388585 0 0 3 0x14200 bored softnet1 53934 187683 0 0 3 0x14200 bored softnet0 97089 202041 0 0 3 0x14200 bored systqmp 3768 498031 0 0 3 0x14200 bored systq 84314 175313 0 0 2 0x40014200 softclock 53559 304688 0 0 3 0x40014200 idle0 1 493525 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10200 6410K 6420K 78643K 11333 0 pcb 13 10K 12K 78643K 15 0 rtable 242 6K 7K 78643K 1220 0 pf 29 8K 8K 78643K 65 0 ifaddr 44 15K 15K 78643K 120 0 ifgroup 50 2K 2K 78643K 122 0 sysctl 2 0K 0K 78643K 2 0 counters 60 35K 35K 78643K 96 0 ioctlops 0 0K 2K 78643K 173 0 iov 0 0K 16K 78643K 726 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1279 80K 80K 78643K 2624 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 121 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 1K 78643K 2561 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 23 85K 125K 78643K 9176 0 sigio 0 0K 0K 78643K 178 0 proc 56 78K 115K 78643K 1516 0 subproc 104 6K 6K 78643K 338 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 444 0 in_multi 99 7K 7K 78643K 356 0 ether_multi 1 0K 0K 78643K 6 0 mrt 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 139 625K 625K 78643K 139 0 exec 0 0K 1K 78643K 2006 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 429 93K 107K 78643K 90962 0 UVM aobj 131 6K 6K 78643K 131 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 141 0 NDP 11 0K 2K 78643K 81 0 temp 74 5920K 6048K 78643K 25708 0 kqueue 12 18K 24K 78643K 823 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 517 0 514 9 8 1 5 0 8 0 rtentry 112 327 0 213 4 0 4 4 0 8 0 unpcb 144 4359 0 4346 44 38 6 9 0 8 5 syncache 304 82 0 82 15 14 1 1 0 8 1 tcpqe 32 523 0 523 12 12 0 2 0 8 0 tcpcb 808 9750 0 9734 122 117 5 18 0 8 2 arp 120 56 0 37 1 0 1 1 0 8 0 ipq 40 9 0 9 5 5 0 1 0 8 0 ipqe 40 89 0 89 5 5 0 1 0 8 0 inpcb 368 12076 0 12057 118 113 5 17 0 8 3 nd6 136 94 0 67 2 0 2 2 0 8 0 kcovpl 48 26 0 18 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1345 0 882 34 4 30 31 0 8 0 art_table 32 1346 0 882 4 0 4 4 0 8 0 art_node 16 326 0 222 1 0 1 1 0 8 0 sysvmsgpl 40 22 0 12 1 0 1 1 0 8 0 semupl 112 5 0 5 1 1 0 1 0 8 0 semapl 112 2556 0 2546 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 12633 0 11177 92 0 92 92 0 8 0 ffsino 272 12633 0 11177 98 0 98 98 0 8 0 nchpl 144 24406 0 22761 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 81701 0 81701 6 5 1 2 0 8 1 percpumem 16 61 0 18 1 0 1 1 0 8 0 kstatmem 264 58 0 36 2 0 2 2 0 8 0 scxspl 216 71107 0 71107 30 28 2 8 1 8 2 plimitpl 152 1899 0 1876 15 14 1 2 0 8 0 sigapl 424 9433 0 9379 7 0 7 7 0 8 0 futexpl 64 74866 0 74865 5 4 1 1 0 8 0 knotepl 120 688 0 0 12 2 10 11 0 8 0 kqueuepl 216 1888 0 1880 30 25 5 5 0 8 4 pipepl 320 1792 0 1764 51 48 3 9 0 8 0 fdescpl 496 9415 0 9381 7 2 5 6 0 8 0 filepl 152 57372 0 57136 108 89 19 22 0 8 9 lockfpl 104 1613 0 1611 3 1 2 2 0 8 1 lockfspl 48 422 0 420 1 0 1 1 0 8 0 sessionpl 144 41 0 25 1 0 1 1 0 8 0 pgrppl 48 195 0 179 1 0 1 1 0 8 0 ucredpl 104 7563 0 7545 1 0 1 1 0 8 0 zombiepl 144 9382 0 9379 1 0 1 1 0 8 0 processpl 1072 9433 0 9379 5 1 4 5 0 8 0 procpl 680 25303 0 25230 22 14 8 8 0 8 1 sosppl 168 91 0 91 8 7 1 1 0 8 1 sockpl 488 17363 0 17328 258 236 22 30 0 8 17 mcl64k 65536 24 0 0 3 1 2 3 0 8 0 mcl16k 16384 16 0 0 2 0 2 2 0 8 0 mcl12k 12288 25 0 0 2 0 2 2 0 8 0 mcl9k 9216 16 0 0 2 0 2 2 0 8 0 mcl8k 8192 25 0 0 3 0 3 3 0 8 0 mcl4k 4096 49 0 0 4 1 3 3 0 8 0 mcl2k2 2112 6 0 0 1 0 1 1 0 8 0 mcl2k 2048 339 0 0 37 4 33 37 0 8 0 mtagpl 96 5 0 0 1 0 1 1 0 8 0 mbufpl 256 1410 0 0 62 1 61 62 0 8 0 bufpl 288 17360 0 11034 454 1 453 453 0 8 0 anonpl 24 984580 0 973541 191 105 86 96 0 186 0 amapchunkpl 152 287389 0 286533 97 57 40 47 0 158 1 amappl16 200 20769 0 20490 134 119 15 28 0 8 0 amappl15 192 12 0 12 1 1 0 1 0 8 0 amappl14 184 219 0 207 2 1 1 2 0 8 0 amappl13 176 15 0 15 1 1 0 1 0 8 0 amappl12 168 10307 0 10271 2 0 2 2 0 8 0 amappl11 160 62 0 52 1 0 1 1 0 8 0 amappl10 152 43 0 33 1 0 1 1 0 8 0 amappl9 144 257 0 256 1 0 1 1 0 8 0 amappl8 136 532 0 391 5 0 5 5 0 8 0 amappl7 128 99 0 86 2 0 2 2 0 8 0 amappl6 120 438 0 416 2 1 1 2 0 8 0 amappl5 112 390 0 382 1 0 1 1 0 8 0 amappl4 104 840 0 798 2 0 2 2 0 8 0 amappl3 96 56716 0 56629 5 2 3 4 0 8 0 amappl2 88 10099 0 10019 3 1 2 3 0 8 0 amappl1 80 42026 0 41495 22 9 13 22 0 8 0 amappl 88 89971 0 89721 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 9415 0 9381 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 9415 0 9381 1 0 1 1 0 8 0 vmmpekpl 168 74510 0 74454 3 0 3 3 0 8 0 vmmpepl 168 555392 0 553005 203 90 113 121 0 357 0 vmsppl 464 9414 0 9381 7 1 6 6 0 8 0 rwobjpl 56 144417 0 137003 123 17 106 109 0 8 0 pdppl 4096 18838 0 18762 396 314 82 96 0 8 6 pvpl 32 2683596 0 2666495 462 303 159 341 0 265 0 pmappl 248 9414 0 9381 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1460 0 577 26 0 26 26 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace witness_checkorder(fffffd806f0ad1c0,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794 mtx_enter(fffffd806f0ad1b0) at mtx_enter+0x3e sys/kern/kern_lock.c:265 knote_remove(ffff8000212a6aa8,fffffd806f0ad1b0,fffffd806f0ad238,5,0) at knote_remove+0x20d sys/kern/kern_event.c:1881 knote_fdclose(ffff8000212a6aa8,5) at knote_fdclose+0xae sys/kern/kern_event.c:1934 fdfree(ffff8000212a6aa8) at fdfree+0xdf sys/kern/kern_descrip.c:1196 exit1(ffff8000212a6aa8,0,0,1) at exit1+0x3e4 sys/kern/kern_exit.c:206 sys_exit(ffff8000212a6aa8,ffff80002e425a50,ffff80002e425aa0) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002e425b20) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002e425b20) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x79576ec06370, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82c97058) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82c97058) at __mp_lock+0x122 sys/kern/kern_lock.c:147 reaper(ffff8000211b37f0) at reaper+0x160 sys/kern/kern_exit.c:454 end trace frame: 0x0, count: -5