kernel: protection fault trap, code=0 Stopped at witness_checkorder+0x1ec: movl 0x8(%r14),%ebx ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace witness_checkorder(fffffd806f53f958,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794 mtx_enter(fffffd806f53f948) at mtx_enter+0x3e sys/kern/kern_lock.c:265 knote_remove(ffff800021274800,fffffd806f53f948,fffffd806f53f9d0,7,0) at knote_remove+0x20d sys/kern/kern_event.c:1881 knote_fdclose(ffff800021274800,7) at knote_fdclose+0xae sys/kern/kern_event.c:1934 fdfree(ffff800021274800) at fdfree+0xdf sys/kern/kern_descrip.c:1196 exit1(ffff800021274800,0,0,1) at exit1+0x3e4 sys/kern/kern_exit.c:206 sys_exit(ffff800021274800,ffff80002c9cd260,ffff80002c9cd2b0) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002c9cd330) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002c9cd330) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7434cbc06bd0, count: -9 ddb{1}> show registers rdi 0 rsi 0x20000 acpi_pdirpa+0xbe63 rbp 0xffff80002c9cd000 rbx 0xe rdx 0 rcx 0xffff800021274800 rax 0xffff800020d58ff0 r8 0 r9 0x1 r10 0 r11 0xa37aa3ea9a1c42ed r12 0 r13 0xfffffd806f53f958 r14 0xfffeffff00010000 r15 0xffff800021274800 rip 0xffffffff81eeff1c witness_checkorder+0x1ec cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002c9ccf50 ss 0 witness_checkorder+0x1ec: movl 0x8(%r14),%ebx ddb{1}> show proc PROC (syz-executor.5) pid=460047 stat=onproc flags process=1018 proc=2000 pri=0, usrpri=76, nice=20 forw=0xffffffffffffffff, list=0xffff80002121bd58,0xffff800021275aa8 process=0xffff800027b66e28 user=0xffff80002c9c8000, vmspace=0xfffffd80677cc1f8 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 42921 460656 12974 32767 2 0x10 syz-executor.0 42921 241134 12974 32767 3 0x4000090 fsleep syz-executor.0 53105 102871 81821 32767 2 0x10 syz-executor.2 53105 8813 81821 32767 3 0x4000090 fsleep syz-executor.2 1351 33160 0 0 3 0x14200 bored sosplice 98988 91856 95223 32767 3 0x90 nanoslp syz-executor.7 95223 502308 62652 0 3 0x82 wait syz-executor.7 77800 295726 94371 32767 3 0x90 nanoslp syz-executor.6 94371 86587 62652 0 3 0x82 wait syz-executor.6 74189 505808 90063 32767 3 0x90 nanoslp syz-executor.5 90063 41888 62652 0 3 0x82 wait syz-executor.5 40260 511023 83522 32767 3 0x90 nanoslp syz-executor.4 28490 216130 67414 32767 3 0x90 nanoslp syz-executor.3 83522 293030 62652 0 3 0x82 wait syz-executor.4 10578 333623 64592 32767 3 0x90 nanoslp syz-executor.1 81821 194549 1709 32767 3 0x90 nanoslp syz-executor.2 67414 102284 62652 0 3 0x82 wait syz-executor.3 1709 57633 62652 0 3 0x82 wait syz-executor.2 12974 6349 74659 32767 3 0x90 nanoslp syz-executor.0 64592 445486 62652 0 3 0x82 wait syz-executor.1 74659 455031 62652 0 3 0x82 wait syz-executor.0 62652 6744 70435 0 3 0x2000082 wait syz-fuzzer 62652 47673 70435 0 3 0x6000082 thrsleep syz-fuzzer 62652 341833 70435 0 3 0x6000082 thrsleep syz-fuzzer 62652 427604 70435 0 3 0x6000082 thrsleep syz-fuzzer 62652 286395 70435 0 3 0x6000082 thrsleep syz-fuzzer 62652 177679 70435 0 3 0x6000082 wait syz-fuzzer 62652 76925 70435 0 3 0x6000082 wait syz-fuzzer 62652 132881 70435 0 3 0x6000082 wait syz-fuzzer 62652 156393 70435 0 3 0x6000082 wait syz-fuzzer 62652 258353 70435 0 3 0x6000082 wait syz-fuzzer 62652 241082 70435 0 3 0x6000082 thrsleep syz-fuzzer 62652 521680 70435 0 3 0x6000082 kqread syz-fuzzer 62652 212292 70435 0 3 0x6000082 wait syz-fuzzer 62652 459698 70435 0 3 0x6000082 wait syz-fuzzer 62652 325178 70435 0 3 0x6000082 thrsleep syz-fuzzer 62652 96537 70435 0 3 0x6000082 thrsleep syz-fuzzer 70435 469969 3175 0 3 0x10008a sigsusp ksh 3175 196545 27709 0 3 0x9a kqread sshd 58301 288938 1 0 3 0x100083 ttyin getty 27709 179575 1 0 3 0x88 kqread sshd 64619 275187 55819 73 3 0x1100090 kqread syslogd 55819 38361 1 0 3 0x100082 netio syslogd 66147 7692 1 0 3 0x100080 kqread resolvd 7449 50656 64534 77 3 0x100092 kqread dhcpleased 28718 298948 64534 77 3 0x100092 kqread dhcpleased 64534 412289 1 0 3 0x80 kqread dhcpleased 56123 407590 0 0 3 0x14200 bored smr 90681 192543 0 0 2 0x14200 zerothread 14115 403889 0 0 3 0x14200 aiodoned aiodoned 79763 18574 0 0 3 0x14200 syncer update 45002 476924 0 0 3 0x14200 cleaner cleaner 37533 133341 0 0 7 0x14200 reaper 64929 397160 0 0 3 0x14200 pgdaemon pagedaemon 2022 76856 0 0 3 0x14200 bored viomb 53296 171653 0 0 3 0x40014200 acpi0 acpi0 40932 290627 0 0 3 0x40014200 idle1 71760 472722 0 0 3 0x14200 bored softnet3 73837 23521 0 0 3 0x14200 bored softnet2 39509 193665 0 0 3 0x14200 bored softnet1 5911 72507 0 0 3 0x14200 bored softnet0 58175 219369 0 0 3 0x14200 bored systqmp 3363 509219 0 0 3 0x14200 bored systq 64207 190720 0 0 3 0x40014200 bored softclock 32102 14397 0 0 3 0x40014200 idle0 1 12681 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10222 6413K 6420K 78643K 11302 0 pcb 13 8K 8K 78643K 13 0 rtable 238 6K 6K 78643K 359 0 pf 29 8K 8K 78643K 29 0 ifaddr 44 15K 15K 78643K 46 0 ifgroup 50 2K 2K 78643K 50 0 counters 60 35K 35K 78643K 60 0 ioctlops 0 0K 2K 78643K 29 0 iov 0 0K 16K 78643K 28 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1278 80K 80K 78643K 1316 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 11 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 79 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 21 77K 101K 78643K 629 0 sigio 0 0K 0K 78643K 3 0 proc 56 78K 103K 78643K 541 0 subproc 104 6K 6K 78643K 104 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 44 0 in_multi 99 7K 7K 78643K 100 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 271 1208K 1208K 78643K 271 0 exec 0 0K 1K 78643K 424 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 317 84K 98K 78643K 8133 0 UVM aobj 46 2K 2K 78643K 46 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 10 0 NDP 11 0K 2K 78643K 27 0 temp 74 5920K 5984K 78643K 5185 0 kqueue 12 18K 22K 78643K 68 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 63 0 60 1 0 1 1 0 8 0 rtentry 112 113 0 1 4 0 4 4 0 8 0 unpcb 144 235 0 222 3 0 3 3 0 8 2 syncache 304 4 0 4 1 1 0 1 0 8 0 tcpqe 32 80 0 80 1 1 0 1 0 8 0 tcpcb 808 293 0 281 5 0 5 5 0 8 3 arp 120 18 0 0 1 0 1 1 0 8 0 inpcb 368 505 0 496 7 0 7 7 0 8 5 nd6 136 26 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 455 0 0 29 0 29 29 0 8 0 art_table 32 456 0 0 4 0 4 4 0 8 0 art_node 16 112 0 10 1 0 1 1 0 8 0 semapl 112 77 0 67 1 0 1 1 0 8 0 shmpl 112 43 0 0 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2066 0 628 91 0 91 91 0 8 0 ffsino 272 2066 0 628 97 0 97 97 0 8 0 nchpl 144 2970 0 1291 63 0 63 63 0 8 0 uvmvnodes 80 2179 0 0 45 0 45 45 0 8 0 vnodes 216 2179 0 0 122 0 122 122 0 8 0 namei 1024 10167 0 10167 2 1 1 2 0 8 1 percpumem 16 43 0 0 1 0 1 1 0 8 0 kstatmem 264 22 0 0 2 0 2 2 0 8 0 scxspl 216 9946 0 9946 10 2 8 8 1 8 8 plimitpl 152 63 0 40 1 0 1 1 0 8 0 sigapl 424 924 0 869 7 0 7 7 0 8 0 futexpl 64 3644 0 3642 1 0 1 1 0 8 0 knotepl 120 108 0 0 4 0 4 4 0 8 0 kqueuepl 216 288 0 280 5 0 5 5 0 8 4 pipepl 320 271 0 242 8 0 8 8 0 8 5 fdescpl 496 906 0 874 6 1 5 5 0 8 0 filepl 152 4850 0 4613 21 3 18 20 0 8 8 lockfpl 104 39 0 37 1 0 1 1 0 8 0 lockfspl 48 15 0 13 1 0 1 1 0 8 0 sessionpl 144 23 0 7 1 0 1 1 0 8 0 pgrppl 48 23 0 7 1 0 1 1 0 8 0 ucredpl 104 429 0 411 1 0 1 1 0 8 0 zombiepl 144 875 0 869 1 0 1 1 0 8 0 processpl 1072 924 0 869 4 0 4 4 0 8 0 procpl 680 1827 0 1754 8 0 8 8 0 8 1 sosppl 168 4 0 4 1 0 1 1 0 8 1 sockpl 488 810 0 785 14 3 11 13 0 8 7 mcl64k 65536 8 0 0 1 0 1 1 0 8 0 mcl16k 16384 3 0 0 1 0 1 1 0 8 0 mcl12k 12288 3 0 0 1 0 1 1 0 8 0 mcl9k 9216 4 0 0 1 0 1 1 0 8 0 mcl8k 8192 9 0 0 2 0 2 2 0 8 0 mcl4k 4096 9 0 0 2 0 2 2 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 250 0 0 32 0 32 32 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 281 0 0 18 0 18 18 0 8 0 bufpl 288 4797 0 139 333 0 333 333 0 8 0 anonpl 24 245134 0 234551 69 2 67 67 0 186 1 amapchunkpl 152 27037 0 26210 44 0 44 44 0 158 9 amappl16 200 6606 0 6335 17 1 16 16 0 8 1 amappl15 192 13 0 13 1 1 0 1 0 8 0 amappl14 184 163 0 151 2 1 1 2 0 8 0 amappl13 176 15 0 14 2 1 1 1 0 8 0 amappl12 168 1527 0 1495 2 0 2 2 0 8 0 amappl11 160 52 0 42 1 0 1 1 0 8 0 amappl10 152 35 0 25 1 0 1 1 0 8 0 amappl9 144 239 0 238 1 0 1 1 0 8 0 amappl8 136 165 0 116 2 0 2 2 0 8 0 amappl7 128 74 0 60 2 0 2 2 0 8 0 amappl6 120 222 0 205 2 1 1 2 0 8 0 amappl5 112 168 0 159 1 0 1 1 0 8 0 amappl4 104 541 0 505 3 0 3 3 0 8 0 amappl3 96 5435 0 5349 3 0 3 3 0 8 0 amappl2 88 1152 0 1083 3 1 2 3 0 8 0 amappl1 80 11536 0 11011 22 8 14 22 0 8 2 amappl 88 7604 0 7383 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 45 0 0 1 0 1 1 0 8 0 uaddrrnd 24 906 0 874 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 906 0 874 1 0 1 1 0 8 0 vmmpekpl 168 13318 0 13252 4 0 4 4 0 8 0 vmmpepl 168 74866 0 72704 114 1 113 114 0 357 11 vmsppl 464 905 0 874 6 1 5 5 0 8 0 rwobjpl 56 28182 0 24708 51 1 50 50 0 8 0 pdppl 4096 1820 0 1748 104 22 82 84 0 8 10 pvpl 32 529276 0 512997 362 28 334 358 0 265 196 pmappl 248 905 0 874 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 739 0 25 21 0 21 21 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff82bfcff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82d48c68) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82d48c68) at __mp_lock+0x122 sys/kern/kern_lock.c:147 softintr_dispatch(0) at softintr_dispatch+0x52 sys/arch/amd64/amd64/softintr.c:88 Xsoftclock() at Xsoftclock+0x27 __mp_lock(ffffffff82d48c68) at __mp_lock+0x12e __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82d48c68) at __mp_lock+0x12e sys/kern/kern_lock.c:147 reaper(ffff8000211b3a98) at reaper+0x160 sys/kern/kern_exit.c:454 end trace frame: 0x0, count: -8 ddb{0}> machine ddbcpu 1 Stopped at witness_checkorder+0x1ec: movl 0x8(%r14),%ebx ddb{1}> trace witness_checkorder(fffffd806f53f958,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794 mtx_enter(fffffd806f53f948) at mtx_enter+0x3e sys/kern/kern_lock.c:265 knote_remove(ffff800021274800,fffffd806f53f948,fffffd806f53f9d0,7,0) at knote_remove+0x20d sys/kern/kern_event.c:1881 knote_fdclose(ffff800021274800,7) at knote_fdclose+0xae sys/kern/kern_event.c:1934 fdfree(ffff800021274800) at fdfree+0xdf sys/kern/kern_descrip.c:1196 exit1(ffff800021274800,0,0,1) at exit1+0x3e4 sys/kern/kern_exit.c:206 sys_exit(ffff800021274800,ffff80002c9cd260,ffff80002c9cd2b0) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002c9cd330) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002c9cd330) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7434cbc06bd0, count: -9