kernel: protection fault trap, code=0 Stopped at witness_checkorder+0x1ec: movl 0x8(%r14),%ebx ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace witness_checkorder(fffffd806f563e68,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794 mtx_enter(fffffd806f563e58) at mtx_enter+0x3e sys/kern/kern_lock.c:265 knote_remove(ffff800021289298,fffffd806f563e58,fffffd806f563ee0,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881 knote_fdclose(ffff800021289298,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934 fdfree(ffff800021289298) at fdfree+0xdf sys/kern/kern_descrip.c:1196 exit1(ffff800021289298,0,0,1) at exit1+0x3e4 sys/kern/kern_exit.c:206 sys_exit(ffff800021289298,ffff80002128f4f0,ffff80002128f540) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002128f5c0) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002128f5c0) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x738bc597d760, count: -9 ddb{1}> show registers rdi 0 rsi 0x20000 acpi_pdirpa+0xbe63 rbp 0xffff80002128f290 rbx 0xe rdx 0 rcx 0xffff800021289298 rax 0xffff800020d58ff0 r8 0x1 r9 0x1 r10 0x22255a081e7bf61b r11 0xe03899d538125492 r12 0 r13 0xfffffd806f563e68 r14 0x436011ab436111ab r15 0xffff800021289298 rip 0xffffffff8167002c witness_checkorder+0x1ec cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002128f1e0 ss 0x10 witness_checkorder+0x1ec: movl 0x8(%r14),%ebx ddb{1}> show proc PROC (syz-executor.0) pid=427878 stat=onproc flags process=1018 proc=2000 pri=0, usrpri=78, nice=20 forw=0xffffffffffffffff, list=0xffff8000212a2ff8,0xffff800021288808 process=0xffff80002121e190 user=0xffff80002128a000, vmspace=0xfffffd80695a0030 estcpu=28, cpticks=3, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 38413 176181 44096 32767 2 0x10 syz-executor.5 83577 213404 40366 32767 2 0x10 syz-executor.4 83577 330143 40366 32767 2 0x4000010 syz-executor.4 83577 444834 40366 32767 3 0x4000090 fsleep syz-executor.4 97221 333778 33217 32767 7 0x10 syz-executor.1 97221 222010 33217 32767 2 0x4000010 syz-executor.1 54297 8297 27166 32767 2 0x10 syz-executor.2 54297 505140 27166 32767 3 0x4000090 fsleep syz-executor.2 39675 396447 13887 32767 2 0x10 syz-executor.6 39675 211244 13887 32767 3 0x4000090 lockf syz-executor.6 39675 369398 13887 32767 3 0x4000090 lockf syz-executor.6 28823 376835 70265 32767 2 0x10 syz-executor.3 28823 313036 70265 32767 3 0x4000090 kqread syz-executor.3 28823 267886 70265 32767 3 0x4000090 fsleep syz-executor.3 74756 403605 69825 32767 3 0x90 nanoslp syz-executor.0 69825 476165 51897 0 3 0x82 wait syz-executor.0 13887 333604 1134 32767 3 0x90 nanoslp syz-executor.6 1134 90250 51897 0 3 0x82 wait syz-executor.6 44096 224233 78071 32767 3 0x90 nanoslp syz-executor.5 78071 7304 51897 0 3 0x82 wait syz-executor.5 70265 146641 43137 32767 3 0x90 nanoslp syz-executor.3 43137 141845 51897 0 3 0x82 wait syz-executor.3 70218 270714 0 0 3 0x14200 bored sosplice 76379 89646 52073 32767 2 0x10 syz-executor.7 52073 326203 51897 0 3 0x82 wait syz-executor.7 40366 153957 81836 32767 3 0x90 nanoslp syz-executor.4 81836 295594 51897 0 3 0x82 wait syz-executor.4 27166 493878 68275 32767 3 0x90 nanoslp syz-executor.2 33217 2587 87540 32767 3 0x90 nanoslp syz-executor.1 68275 423783 51897 0 3 0x82 wait syz-executor.2 87540 286093 51897 0 3 0x82 wait syz-executor.1 51897 146442 45531 0 3 0x2000082 wait syz-fuzzer 51897 239407 45531 0 3 0x6000082 nanoslp syz-fuzzer 51897 268878 45531 0 3 0x6000082 thrsleep syz-fuzzer 51897 330837 45531 0 3 0x6000082 wait syz-fuzzer 51897 23467 45531 0 3 0x6000082 wait syz-fuzzer 51897 14252 45531 0 3 0x6000082 wait syz-fuzzer 51897 117794 45531 0 3 0x6000082 wait syz-fuzzer 51897 171961 45531 0 3 0x6000082 thrsleep syz-fuzzer 51897 21180 45531 0 3 0x6000082 wait syz-fuzzer 51897 77173 45531 0 2 0x6000002 syz-fuzzer 51897 55312 45531 0 3 0x6000082 thrsleep syz-fuzzer 51897 486873 45531 0 3 0x6000082 thrsleep syz-fuzzer 51897 20933 45531 0 3 0x6000082 wait syz-fuzzer 51897 185691 45531 0 3 0x6000082 kqread syz-fuzzer 51897 52267 45531 0 3 0x6000082 wait syz-fuzzer 45531 214121 87562 0 3 0x10008a sigsusp ksh 87562 279812 5025 0 3 0x9a kqread sshd 5725 224992 1 0 3 0x100083 ttyin getty 5025 490422 1 0 3 0x88 kqread sshd 12443 173640 63053 73 3 0x1100090 kqread syslogd 63053 30794 1 0 3 0x100082 netio syslogd 94689 430179 1 0 3 0x100080 kqread resolvd 39851 223501 27466 77 3 0x100092 kqread dhcpleased 68037 18728 27466 77 3 0x100092 kqread dhcpleased 27466 316713 1 0 3 0x80 kqread dhcpleased 94224 297638 0 0 3 0x14200 bored smr 30193 391699 0 0 2 0x14200 zerothread 1150 8104 0 0 3 0x14200 aiodoned aiodoned 34003 152551 0 0 3 0x14200 syncer update 69840 267265 0 0 3 0x14200 cleaner cleaner 55556 217123 0 0 2 0x14200 reaper 44011 343875 0 0 3 0x14200 pgdaemon pagedaemon 1330 399580 0 0 3 0x14200 bored viomb 51006 469158 0 0 3 0x40014200 acpi0 acpi0 35667 287143 0 0 3 0x40014200 idle1 42993 89415 0 0 3 0x14200 bored softnet3 23340 135788 0 0 3 0x14200 bored softnet2 70406 14860 0 0 3 0x14200 bored softnet1 6107 112282 0 0 3 0x14200 bored softnet0 16894 82701 0 0 3 0x14200 bored systqmp 10247 425855 0 0 3 0x14200 bored systq 60733 471775 0 0 3 0x40014200 bored softclock 25335 125869 0 0 3 0x40014200 idle0 1 116638 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10189 6409K 6420K 78643K 11288 0 pcb 13 12K 14K 78643K 17 0 rtable 246 7K 7K 78643K 785 0 pf 29 8K 8K 78643K 43 0 ifaddr 44 15K 15K 78643K 76 0 ifgroup 50 2K 2K 78643K 78 0 sysctl 3 1K 1K 78643K 7 0 counters 60 35K 35K 78643K 74 0 ioctlops 0 0K 2K 78643K 45 0 iov 0 0K 16K 78643K 606 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1279 80K 80K 78643K 2423 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 100 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 1K 78643K 2063 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 25 93K 121K 78643K 9061 0 sigio 0 0K 0K 78643K 63 0 proc 56 78K 103K 78643K 1055 0 subproc 104 6K 6K 78643K 195 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 2 0K 0K 78643K 827 0 in_multi 99 7K 7K 78643K 238 0 ether_multi 1 0K 0K 78643K 1 0 mrt 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 73 334K 334K 78643K 73 0 exec 0 0K 1K 78643K 1346 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 435 94K 103K 78643K 89646 0 UVM aobj 131 4K 4K 78643K 133 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 4 0K 0K 78643K 1021 0 NDP 11 0K 2K 78643K 48 0 temp 74 5920K 6048K 78643K 24081 0 kqueue 13 20K 32K 78643K 709 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 271 0 268 4 3 1 3 0 8 0 rtentry 112 206 0 90 4 0 4 4 0 8 0 unpcb 144 5024 0 5011 66 63 3 10 0 8 2 syncache 304 94 0 94 20 19 1 1 0 8 1 tcpqe 32 404 0 404 13 13 0 1 0 8 0 tcpcb 808 8598 0 8577 150 141 9 17 0 8 6 arp 120 34 0 16 1 0 1 1 0 8 0 ipq 40 11 0 10 5 4 1 1 0 8 0 ipqe 40 104 0 103 5 4 1 1 0 8 0 inpcb 368 13991 0 13960 188 180 8 19 0 8 5 nd6 136 61 0 31 2 0 2 2 0 8 0 kcovpl 48 15 0 7 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 824 0 344 33 2 31 31 0 8 0 art_table 32 825 0 344 4 0 4 4 0 8 0 art_node 16 205 0 99 1 0 1 1 0 8 0 sysvmsgpl 40 7 0 4 1 0 1 1 0 8 0 semupl 112 4 0 4 2 2 0 1 0 8 0 semapl 112 2057 0 2047 1 0 1 1 0 8 0 shmpl 112 130 0 2 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 12512 0 11060 92 0 92 92 0 8 0 ffsino 272 12512 0 11060 98 0 98 98 0 8 0 nchpl 144 24061 0 22418 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 72839 0 72839 7 6 1 2 0 8 1 percpumem 16 50 0 7 1 0 1 1 0 8 0 kstatmem 264 36 0 14 2 0 2 2 0 8 0 scxspl 216 84227 0 84227 29 28 1 8 1 8 1 plimitpl 152 1129 0 1106 14 12 2 2 0 8 1 sigapl 424 9343 0 9289 7 0 7 7 0 8 0 futexpl 64 72852 0 72849 5 4 1 1 0 8 0 knotepl 120 663 0 0 12 2 10 11 0 8 0 kqueuepl 216 2141 0 2132 38 37 1 8 0 8 0 pipepl 320 2449 0 2420 84 81 3 16 0 8 0 fdescpl 496 9325 0 9289 7 2 5 6 0 8 0 filepl 152 55077 0 54826 136 123 13 24 0 8 3 lockfpl 104 912 0 907 1 0 1 1 0 8 0 lockfspl 48 243 0 240 1 0 1 1 0 8 0 sessionpl 144 30 0 14 1 0 1 1 0 8 0 pgrppl 48 58 0 42 1 0 1 1 0 8 0 ucredpl 104 6330 0 6312 1 0 1 1 0 8 0 zombiepl 144 9290 0 9289 1 0 1 1 0 8 0 processpl 1072 9343 0 9289 5 1 4 5 0 8 0 procpl 680 24631 0 24554 27 19 8 8 0 8 1 sosppl 168 166 0 166 14 13 1 1 0 8 1 sockpl 488 19840 0 19793 423 409 14 35 0 8 8 mcl64k 65536 24 0 0 3 1 2 3 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 30 0 0 3 0 3 3 0 8 0 mcl4k 4096 66 0 0 7 4 3 7 0 8 0 mcl2k2 2112 8 0 0 1 0 1 1 0 8 0 mcl2k 2048 416 0 0 46 14 32 46 0 8 0 mtagpl 96 18 0 0 1 0 1 1 0 8 0 mbufpl 256 1771 0 0 107 0 107 107 0 8 0 bufpl 288 17691 0 11368 452 0 452 452 0 8 0 anonpl 24 1011764 0 1000530 190 96 94 101 0 186 0 amapchunkpl 152 283783 0 282868 112 73 39 50 0 158 1 amappl16 200 21469 0 21176 139 117 22 33 0 8 5 amappl15 192 42 0 41 2 1 1 1 0 8 0 amappl14 184 192 0 179 2 1 1 2 0 8 0 amappl13 176 25 0 24 1 0 1 1 0 8 0 amappl12 168 10070 0 10029 2 0 2 2 0 8 0 amappl11 160 52 0 42 1 0 1 1 0 8 0 amappl10 152 64 0 54 1 0 1 1 0 8 0 amappl9 144 223 0 223 12 12 0 1 0 8 0 amappl8 136 604 0 462 6 1 5 5 0 8 0 amappl7 128 94 0 82 2 0 2 2 0 8 0 amappl6 120 345 0 322 2 1 1 2 0 8 0 amappl5 112 353 0 344 1 0 1 1 0 8 0 amappl4 104 738 0 700 2 0 2 2 0 8 0 amappl3 96 56164 0 56062 9 6 3 4 0 8 0 amappl2 88 9927 0 9845 3 1 2 3 0 8 0 amappl1 80 40647 0 40114 22 9 13 22 0 8 0 amappl 88 88775 0 88506 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 132 0 2 3 0 3 3 0 8 0 uaddrrnd 24 9325 0 9289 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 9325 0 9289 1 0 1 1 0 8 0 vmmpekpl 168 71234 0 71178 3 0 3 3 0 8 0 vmmpepl 168 545414 0 542910 235 108 127 127 0 357 13 vmsppl 464 9324 0 9289 7 2 5 6 0 8 0 rwobjpl 56 141916 0 134459 118 9 109 110 0 8 0 pdppl 4096 18658 0 18578 348 266 82 94 0 8 2 pvpl 32 2814099 0 2796519 528 362 166 339 0 265 9 pmappl 248 9324 0 9289 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1571 0 635 28 0 28 28 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff82bafff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82c532e8) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82c532e8) at __mp_lock+0x122 sys/kern/kern_lock.c:147 intr_handler(ffff80002b1eb4c0,ffff80000027b500) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:532 Xintr_ioapic_edge25_untramp() at Xintr_ioapic_edge25_untramp+0x18f end of kernel end trace frame: 0x703a06781030, count: -6 ddb{0}> machine ddbcpu 1 Stopped at witness_checkorder+0x1ec: movl 0x8(%r14),%ebx ddb{1}> trace witness_checkorder(fffffd806f563e68,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794 mtx_enter(fffffd806f563e58) at mtx_enter+0x3e sys/kern/kern_lock.c:265 knote_remove(ffff800021289298,fffffd806f563e58,fffffd806f563ee0,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881 knote_fdclose(ffff800021289298,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934 fdfree(ffff800021289298) at fdfree+0xdf sys/kern/kern_descrip.c:1196 exit1(ffff800021289298,0,0,1) at exit1+0x3e4 sys/kern/kern_exit.c:206 sys_exit(ffff800021289298,ffff80002128f4f0,ffff80002128f540) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002128f5c0) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002128f5c0) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x738bc597d760, count: -9