kernel: protection fault trap, code=0 Stopped at witness_checkorder+0x1ec: movl 0x8(%r14),%ebx ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace witness_checkorder(fffffd806f5251c0,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794 mtx_enter(fffffd806f5251b0) at mtx_enter+0x3e sys/kern/kern_lock.c:265 knote_remove(ffff800021239298,fffffd806f5251b0,fffffd806f525238,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881 knote_fdclose(ffff800021239298,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934 fdfree(ffff800021239298) at fdfree+0xdf sys/kern/kern_descrip.c:1196 exit1(ffff800021239298,0,0,1) at exit1+0x3e4 sys/kern/kern_exit.c:206 sys_exit(ffff800021239298,ffff80002e423520,ffff80002e423570) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002e4235f0) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002e4235f0) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e97419fe970, count: -9 ddb{1}> show registers rdi 0 rsi 0x20000 acpi_pdirpa+0xbe63 rbp 0xffff80002e4232c0 rbx 0xe rdx 0 rcx 0xffff800021239298 rax 0xffff800020d58ff0 r8 0x1 r9 0x1 r10 0x2998ed3ebec174cd r11 0xe32a3702d0ad50dd r12 0 r13 0xfffffd806f5251c0 r14 0x3ff5555555555555 r15 0xffff800021239298 rip 0xffffffff8146926c witness_checkorder+0x1ec cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002e423210 ss 0x10 witness_checkorder+0x1ec: movl 0x8(%r14),%ebx ddb{1}> show proc PROC (syz-executor.7) pid=199956 stat=onproc flags process=1018 proc=2000 pri=0, usrpri=61, nice=20 forw=0xffffffffffffffff, list=0xffff800021239540,0xffff800021238010 process=0xffff8000ffff8c98 user=0xffff80002e41e000, vmspace=0xfffffd806c4cc1e8 estcpu=11, cpticks=2, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 7647 42195 72239 32767 7 0x10 syz-executor.1 14212 119773 57049 32767 2 0x10 syz-executor.0 72239 43294 80320 32767 2 0x10 syz-executor.1 80320 25859 919 0 3 0x82 wait syz-executor.1 63492 93492 18856 32767 2 0x10 syz-executor.3 18856 500131 919 0 3 0x82 wait syz-executor.3 23282 391365 14690 32767 3 0x90 nanoslp syz-executor.2 14690 129577 919 0 3 0x82 wait syz-executor.2 57049 286311 24562 32767 3 0x90 nanoslp syz-executor.0 24562 485507 919 0 3 0x82 wait syz-executor.0 42441 132133 97479 32767 3 0x90 nanoslp syz-executor.4 97479 178349 919 0 3 0x82 wait syz-executor.4 10229 22717 0 0 3 0x14200 bored sosplice 83325 479472 48762 32767 3 0x90 nanoslp syz-executor.7 67462 417597 98225 32767 3 0x10 biowait syz-executor.5 92312 377526 19144 32767 3 0x10 getblk syz-executor.6 98225 433465 919 0 3 0x82 wait syz-executor.5 48762 192546 919 0 3 0x82 wait syz-executor.7 19144 131890 919 0 3 0x82 wait syz-executor.6 919 244123 20043 0 3 0x2000082 wait syz-fuzzer 919 40798 20043 0 3 0x6000082 nanoslp syz-fuzzer 919 520559 20043 0 3 0x6000082 thrsleep syz-fuzzer 919 110764 20043 0 3 0x6000082 thrsleep syz-fuzzer 919 180343 20043 0 3 0x6000082 thrsleep syz-fuzzer 919 265002 20043 0 3 0x6000082 wait syz-fuzzer 919 456198 20043 0 3 0x6000082 wait syz-fuzzer 919 193661 20043 0 3 0x6000082 wait syz-fuzzer 919 425231 20043 0 3 0x6000082 wait syz-fuzzer 919 146195 20043 0 3 0x6000082 thrsleep syz-fuzzer 919 55751 20043 0 3 0x6000082 thrsleep syz-fuzzer 919 308774 20043 0 3 0x6000082 thrsleep syz-fuzzer 919 32362 20043 0 3 0x6000082 kqread syz-fuzzer 919 157489 20043 0 3 0x6000082 wait syz-fuzzer 919 233657 20043 0 3 0x6000082 wait syz-fuzzer 919 522572 20043 0 3 0x6000082 wait syz-fuzzer 20043 375441 48701 0 3 0x10008a sigsusp ksh 48701 47155 87330 0 3 0x9a kqread sshd 60999 159074 1 0 3 0x100083 ttyin getty 87330 173671 1 0 3 0x88 kqread sshd 72401 302289 74817 73 3 0x1100090 kqread syslogd 74817 322496 1 0 3 0x100082 netio syslogd 70043 153566 1 0 3 0x100080 kqread resolvd 82313 517107 53574 77 3 0x100092 kqread dhcpleased 17786 335555 53574 77 3 0x100092 kqread dhcpleased 53574 224844 1 0 3 0x80 kqread dhcpleased 10630 58192 0 0 3 0x14200 bored smr 32745 369446 0 0 2 0x14200 zerothread 58825 153765 0 0 3 0x14200 aiodoned aiodoned 90898 80260 0 0 3 0x14200 syncer update 46505 61913 0 0 3 0x14200 cleaner cleaner 24578 378512 0 0 2 0x14200 reaper 53789 172650 0 0 3 0x14200 pgdaemon pagedaemon 99783 309036 0 0 3 0x14200 bored viomb 87640 199 0 0 3 0x40014200 acpi0 acpi0 14408 254667 0 0 3 0x40014200 idle1 63503 472218 0 0 3 0x14200 bored softnet3 41791 502174 0 0 3 0x14200 bored softnet2 71966 10624 0 0 3 0x14200 bored softnet1 82863 495770 0 0 3 0x14200 bored softnet0 54136 307319 0 0 3 0x14200 bored systqmp 10059 358590 0 0 3 0x14200 bored systq 31875 231826 0 0 3 0x40014200 bored softclock 72511 234104 0 0 3 0x40014200 idle0 1 486347 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 67462 (syz-executor.5) thread 0xffff800021238d48 (417597) exclusive rrwlock inode r = 0 (0xfffffd807add6a30) #0 witness_lock+0x447 #1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309 #2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518 #4 ufs_ihashins+0x46 sys/ufs/ufs/ufs_ihash.c:140 #5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1343 #6 ffs_inode_alloc+0x1c2 sys/ufs/ffs/ffs_alloc.c:394 #7 ufs_mkdir+0xf8 sys/ufs/ufs/ufs_vnops.c:1149 #8 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388 #9 domkdirat+0x125 sys/kern/vfs_syscalls.c:3073 #10 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] #10 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806bc24708) #0 witness_lock+0x447 #1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309 #2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:564 #5 vfs_lookup+0xd5 sys/kern/vfs_lookup.c:418 #6 namei+0x55a sys/kern/vfs_lookup.c:250 #7 domkdirat+0x79 sys/kern/vfs_syscalls.c:3058 #8 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] #8 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 #9 Xsyscall+0x128 Process 92312 (syz-executor.6) thread 0xffff8000212397e8 (377526) exclusive rrwlock inode r = 0 (0xfffffd807add6f80) #0 witness_lock+0x447 #1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309 #2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518 #4 ufs_ihashins+0x46 sys/ufs/ufs/ufs_ihash.c:140 #5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1343 #6 ffs_inode_alloc+0x1c2 sys/ufs/ffs/ffs_alloc.c:394 #7 ufs_mkdir+0xf8 sys/ufs/ufs/ufs_vnops.c:1149 #8 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388 #9 domkdirat+0x125 sys/kern/vfs_syscalls.c:3073 #10 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] #10 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd8079414d60) #0 witness_lock+0x447 #1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309 #2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:564 #5 vfs_lookup+0xd5 sys/kern/vfs_lookup.c:418 #6 namei+0x55a sys/kern/vfs_lookup.c:250 #7 domkdirat+0x79 sys/kern/vfs_syscalls.c:3058 #8 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] #8 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 #9 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10225 6414K 6420K 78643K 11377 0 pcb 13 12K 14K 78643K 17 0 rtable 240 6K 7K 78643K 1217 0 pf 29 8K 8K 78643K 77 0 ifaddr 44 15K 16K 78643K 146 0 ifgroup 50 2K 2K 78643K 146 0 sysctl 2 0K 4K 78643K 6 0 counters 60 35K 35K 78643K 108 0 ioctlops 0 0K 2K 78643K 131 0 iov 0 0K 32K 78643K 1510 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1279 80K 80K 78643K 2837 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 259 0 VM map 2 1K 1K 78643K 2 0 sem 11 1K 1K 78643K 16 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 21 77K 125K 78643K 12858 0 sigio 0 0K 0K 78643K 183 0 proc 56 78K 115K 78643K 1773 0 subproc 104 6K 6K 78643K 416 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1152 0 in_multi 99 7K 7K 78643K 441 0 ether_multi 1 0K 0K 78643K 17 0 mrt 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 289 1288K 1288K 78643K 289 0 exec 0 0K 1K 78643K 1712 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 410 89K 98K 78643K 126190 0 UVM aobj 131 4K 4K 78643K 152 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 202 0 NDP 11 0K 2K 78643K 99 0 temp 74 5920K 6048K 78643K 33671 0 kqueue 12 18K 32K 78643K 1215 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 403 0 400 6 5 1 3 0 8 0 rtentry 112 404 0 291 4 0 4 4 0 8 0 unpcb 144 6531 0 6518 66 65 1 6 0 8 0 syncache 304 142 0 142 23 23 0 1 0 8 0 tcpqe 32 238 0 238 13 13 0 1 0 8 0 tcpcb 808 3149 0 3133 82 79 3 17 0 8 0 arp 120 68 0 49 1 0 1 1 0 8 0 ipq 40 18 0 17 7 6 1 1 0 8 0 ipqe 40 124 0 123 7 6 1 1 0 8 0 inpcb 368 7478 0 7452 112 107 5 20 0 8 0 nd6 136 123 0 97 2 1 1 2 0 8 0 kcovpl 48 32 0 24 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1654 0 1186 34 4 30 30 0 8 0 art_table 32 1655 0 1186 4 0 4 4 0 8 0 art_node 16 403 0 300 1 0 1 1 0 8 0 sysvmsgpl 40 3 0 3 1 1 0 1 0 8 0 semupl 112 6 0 6 1 1 0 1 0 8 0 semapl 112 9 0 0 1 0 1 1 0 8 0 shmpl 112 149 0 21 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 20037 0 18588 91 0 91 91 0 8 0 ffsino 272 20037 0 18588 98 0 98 98 0 8 0 nchpl 144 39351 0 37711 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 128036 0 128034 10 9 1 2 0 8 0 percpumem 16 67 0 24 1 0 1 1 0 8 0 kstatmem 264 70 0 48 2 0 2 2 0 8 0 scxspl 216 121493 0 121492 34 33 1 8 1 8 0 plimitpl 152 1312 0 1289 19 18 1 2 0 8 0 sigapl 424 13105 0 13053 7 0 7 7 0 8 0 futexpl 64 102991 0 102991 6 5 1 1 0 8 1 knotepl 120 1097 0 0 21 5 16 18 0 8 0 kqueuepl 216 4675 0 4667 55 54 1 7 0 8 0 pipepl 320 3277 0 3249 57 53 4 8 0 8 0 fdescpl 496 13087 0 13055 7 2 5 6 0 8 0 filepl 152 84156 0 83920 109 98 11 21 0 8 0 lockfpl 104 7493 0 7490 3 2 1 2 0 8 0 lockfspl 48 3406 0 3403 1 0 1 1 0 8 0 sessionpl 144 47 0 31 1 0 1 1 0 8 0 pgrppl 48 77 0 61 1 0 1 1 0 8 0 ucredpl 104 8076 0 8058 1 0 1 1 0 8 0 zombiepl 144 13056 0 13053 1 0 1 1 0 8 0 processpl 1072 13105 0 13053 5 0 5 5 0 8 0 procpl 680 35046 0 34978 30 22 8 9 0 8 1 sosppl 168 965 0 965 18 18 0 1 0 8 0 sockpl 488 14829 0 14793 254 246 8 30 0 8 0 mcl64k 65536 31 0 0 3 0 3 3 0 8 0 mcl16k 16384 27 0 0 4 1 3 3 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 18 0 0 2 0 2 2 0 8 0 mcl8k 8192 25 0 0 3 0 3 3 0 8 0 mcl4k 4096 36 0 0 3 0 3 3 0 8 0 mcl2k2 2112 33 0 0 3 0 3 3 0 8 0 mcl2k 2048 674 0 0 41 24 17 41 0 8 0 mtagpl 96 5 0 0 1 0 1 1 0 8 0 mbufpl 256 2146 0 0 113 0 113 113 0 8 0 bufpl 288 23842 0 17519 452 0 452 452 0 8 0 anonpl 24 1563470 0 1553714 235 155 80 104 0 186 0 amapchunkpl 152 398023 0 397301 134 99 35 52 0 158 1 amappl16 200 39495 0 39259 121 106 15 27 0 8 0 amappl15 192 12 0 12 1 1 0 1 0 8 0 amappl14 184 233 0 219 2 1 1 2 0 8 0 amappl13 176 17 0 17 2 2 0 1 0 8 0 amappl12 168 14085 0 14047 3 0 3 3 0 8 0 amappl11 160 52 0 42 1 0 1 1 0 8 0 amappl10 152 62 0 50 1 0 1 1 0 8 0 amappl9 144 514 0 513 2 1 1 1 0 8 0 amappl8 136 823 0 654 6 0 6 6 0 8 0 amappl7 128 147 0 129 2 0 2 2 0 8 0 amappl6 120 569 0 540 2 1 1 2 0 8 0 amappl5 112 499 0 491 1 0 1 1 0 8 0 amappl4 104 1164 0 1123 2 0 2 2 0 8 0 amappl3 96 77709 0 77635 12 9 3 4 0 8 0 amappl2 88 13807 0 13728 3 1 2 3 0 8 0 amappl1 80 54623 0 54110 21 8 13 21 0 8 0 amappl 88 124797 0 124575 8 1 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 151 0 21 3 0 3 3 0 8 0 uaddrrnd 24 13087 0 13055 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 13087 0 13055 1 0 1 1 0 8 0 vmmpekpl 168 103001 0 102937 4 0 4 4 0 8 0 vmmpepl 168 771722 0 769460 245 132 113 128 0 357 0 vmsppl 464 13086 0 13055 7 2 5 6 0 8 0 rwobjpl 56 203821 0 196447 119 12 107 108 0 8 0 pdppl 4096 26182 0 26110 493 411 82 96 0 8 10 pvpl 32 4470614 0 4454990 450 290 160 332 0 265 0 pmappl 248 13086 0 13055 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1576 0 659 28 0 28 28 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff82c1fff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82c97058) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82c97058) at __mp_lock+0x122 sys/kern/kern_lock.c:147 intr_handler(ffff80002e41d190,ffff80000027b500) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:532 Xintr_ioapic_edge25_untramp() at Xintr_ioapic_edge25_untramp+0x18f __mp_lock(ffffffff82c97058) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82c97058) at __mp_lock+0x129 sys/kern/kern_lock.c:147 end trace frame: 0x0, count: -7 ddb{0}> machine ddbcpu 1 Stopped at witness_checkorder+0x1ec: movl 0x8(%r14),%ebx ddb{1}> trace witness_checkorder(fffffd806f5251c0,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794 mtx_enter(fffffd806f5251b0) at mtx_enter+0x3e sys/kern/kern_lock.c:265 knote_remove(ffff800021239298,fffffd806f5251b0,fffffd806f525238,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881 knote_fdclose(ffff800021239298,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934 fdfree(ffff800021239298) at fdfree+0xdf sys/kern/kern_descrip.c:1196 exit1(ffff800021239298,0,0,1) at exit1+0x3e4 sys/kern/kern_exit.c:206 sys_exit(ffff800021239298,ffff80002e423520,ffff80002e423570) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002e4235f0) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002e4235f0) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e97419fe970, count: -9