kernel: protection fault trap, code=0
Stopped at lf_advlock+0x224: addl $0x1,0x28(%rbx)
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
lf_advlock(ffff800000d1c7e0,0,fffffd806cd1f7c0,2,ffff8000212a7010,40) at lf_advlock+0x224 ls_ref sys/kern/vfs_lockf.c:138 [inline]
lf_advlock(ffff800000d1c7e0,0,fffffd806cd1f7c0,2,ffff8000212a7010,40) at lf_advlock+0x224 sys/kern/vfs_lockf.c:278
VOP_ADVLOCK(fffffd8069a175f0,fffffd806cd1f7c0,2,ffff8000212a7010,40) at VOP_ADVLOCK+0x75 sys/kern/vfs_vops.c:612
sys_fcntl(ffff8000211f5d50,ffff8000212a7090,ffff8000212a70e0) at sys_fcntl+0xa8b
syscall(ffff8000212a7160) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff8000212a7160) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x10d4dbc6f00, count: -5
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff8000212a6f20
rbx 0xdeadbeefdeadbeef
rdx 0
rcx 0xffff8000211f5d50
rax 0xffffffff82bc8ff0 cpu_info_full_primary+0x1ff0
r8 0xffff8000212a7010
r9 0x40
r10 0x3399ed2ac60bf991
r11 0x26b5fec8b9566eab
r12 0xffff800000d1c7e0
r13 0x2
r14 0xffff8000212a7010
r15 0
rip 0xffffffff811f6014 lf_advlock+0x224
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff8000212a6e80
ss 0x10
lf_advlock+0x224: addl $0x1,0x28(%rbx)
ddb{0}> show proc
PROC (syz-executor.2) tid=124752 pid=73757 tcnt=3 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
runpri=32, usrpri=81, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff8000211f4018,0xffff8000211f4820
process=0xffff80002617c018 user=0xffff8000212a2000, vmspace=0xfffffd806c3b4598
estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
69179 5244 57231 32767 7 0x10 syz-executor.0
73757 210831 81913 32767 2 0x10 syz-executor.2
*73757 124752 81913 32767 7 0x4000010 syz-executor.2
73757 66161 81913 32767 3 0x4000090 fsleep syz-executor.2
26757 449504 28487 32767 2 0x10 syz-executor.7
26757 397053 28487 32767 2 0x4000010 syz-executor.7
70645 995 1041 32767 3 0x90 nanoslp syz-executor.1
1041 59676 87049 0 3 0x82 wait syz-executor.1
28487 337774 61895 32767 3 0x90 nanoslp syz-executor.7
61895 8017 87049 0 3 0x82 wait syz-executor.7
68147 507814 23688 32767 3 0x90 nanoslp syz-executor.5
23688 106112 87049 0 3 0x82 wait syz-executor.5
81913 507721 75965 32767 3 0x90 nanoslp syz-executor.2
75965 355369 87049 0 3 0x82 wait syz-executor.2
3976 122810 98004 32767 2 0x10 syz-executor.3
98004 81242 87049 0 3 0x82 wait syz-executor.3
10013 152394 25317 32767 3 0x90 nanoslp syz-executor.6
25317 429904 87049 0 3 0x82 wait syz-executor.6
57231 64810 25420 32767 3 0x90 nanoslp syz-executor.0
25420 28610 87049 0 3 0x82 wait syz-executor.0
38218 199717 77747 32767 2 0x10 syz-executor.4
77747 493713 87049 0 3 0x82 wait syz-executor.4
96660 263943 0 0 3 0x14200 bored sosplice
87049 239275 30117 0 3 0x2000082 thrsleep syz-fuzzer
87049 303554 30117 0 3 0x6000082 thrsleep syz-fuzzer
87049 42642 30117 0 3 0x6000082 thrsleep syz-fuzzer
87049 201167 30117 0 3 0x6000082 wait syz-fuzzer
87049 340920 30117 0 3 0x6000082 wait syz-fuzzer
87049 33692 30117 0 3 0x6000082 wait syz-fuzzer
87049 42145 30117 0 3 0x6000082 wait syz-fuzzer
87049 25037 30117 0 3 0x6000082 wait syz-fuzzer
87049 87616 30117 0 3 0x6000082 wait syz-fuzzer
87049 410913 30117 0 3 0x6000082 thrsleep syz-fuzzer
87049 33434 30117 0 3 0x6000082 thrsleep syz-fuzzer
87049 172947 30117 0 3 0x6000082 wait syz-fuzzer
87049 52980 30117 0 3 0x6000082 thrsleep syz-fuzzer
87049 124012 30117 0 3 0x6000082 kqread syz-fuzzer
87049 441962 30117 0 3 0x6000082 wait syz-fuzzer
87049 318706 30117 0 3 0x6000082 thrsleep syz-fuzzer
30117 226419 1653 0 3 0x10008a sigsusp ksh
1653 385923 43517 0 3 0x9a kqread sshd
31782 86244 1 0 3 0x100083 ttyin getty
43517 28536 1 0 3 0x88 kqread sshd
97493 80102 56075 73 3 0x1100090 kqread syslogd
56075 393858 1 0 3 0x100082 netio syslogd
56907 91430 1 0 3 0x100080 kqread resolvd
56326 186034 92774 77 3 0x100092 kqread dhcpleased
54622 78884 92774 77 3 0x100092 kqread dhcpleased
92774 266340 1 0 3 0x80 kqread dhcpleased
5488 461058 0 0 3 0x14200 bored smr
87344 159026 0 0 2 0x14200 zerothread
50178 226534 0 0 3 0x14200 aiodoned aiodoned
68572 246387 0 0 3 0x14200 syncer update
72621 303783 0 0 3 0x14200 cleaner cleaner
74387 422371 0 0 3 0x14200 reaper reaper
66414 496287 0 0 3 0x14200 pgdaemon pagedaemon
49799 331753 0 0 3 0x14200 bored viomb
94524 112148 0 0 3 0x40014200 acpi0 acpi0
27886 61653 0 0 3 0x40014200 idle1
1506 295668 0 0 3 0x14200 bored softnet3
70865 384552 0 0 3 0x14200 bored softnet2
47098 318547 0 0 3 0x14200 bored softnet1
56524 456737 0 0 3 0x14200 bored softnet0
6951 211655 0 0 3 0x14200 bored systqmp
16177 411056 0 0 3 0x14200 bored systq
56322 362796 0 0 2 0x40014200 softclock
72501 334790 0 0 3 0x40014200 idle0
1 352689 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 69179 (syz-executor.0) thread 0xffff8000211f4ab8 (5244)
shared rwlock vmmaplk r = 0 (0xfffffd806c226698)
#0 witness_lock+0x447
#1 uvm_map_inentry_fix+0xa5 vm_map_lock_read_ln sys/uvm/uvm_map.c:5368 [inline]
#1 uvm_map_inentry_fix+0xa5 sys/uvm/uvm_map.c:1657
#2 uvm_map_inentry+0xce sys/uvm/uvm_map.c:1688
#3 syscall+0x442 mi_syscall sys/sys/syscall_mi.h:96 [inline]
#3 syscall+0x442 sys/arch/amd64/amd64/trap.c:623
#4 Xsyscall+0x128
Process 73757 (syz-executor.2) thread 0xffff8000211f5d50 (124752)
exclusive rwlock lockflk r = 0 (0xffffffff82b795d0)
#0 witness_lock+0x447
#1 lf_advlock+0x196 sys/kern/vfs_lockf.c:260
#2 VOP_ADVLOCK+0x75 sys/kern/vfs_vops.c:612
#3 sys_fcntl+0xa8b
#4 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#4 syscall+0x606 sys/arch/amd64/amd64/trap.c:623
#5 Xsyscall+0x128
Process 3976 (syz-executor.3) thread 0xffff8000261577f0 (122810)
exclusive rrwlock inode r = 0 (0xfffffd807d9aa1a8)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 ufs_ihashins+0x46 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1343
#6 ffs_inode_alloc+0x1c2 sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_mkdir+0xf8 sys/ufs/ufs/ufs_vnops.c:1149
#8 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
#9 domkdirat+0x125 sys/kern/vfs_syscalls.c:3073
#10 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#10 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806fdb6c58)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd5 sys/kern/vfs_lookup.c:418
#6 namei+0x55a sys/kern/vfs_lookup.c:250
#7 domkdirat+0x79 sys/kern/vfs_syscalls.c:3058
#8 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#8 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
#9 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10222 6413K 6420K 78643K 11461 0
pcb 13 16K 20K 78643K 19 0
rtable 246 7K 7K 78643K 3621 0
pf 29 8K 8K 78643K 135 0
ifaddr 44 16K 16K 78643K 264 0
ifgroup 50 2K 2K 78643K 262 0
sysctl 3 1K 5K 78643K 6 0
counters 60 35K 35K 78643K 166 0
ioctlops 0 0K 2K 78643K 434 0
iov 0 0K 24K 78643K 3941 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1279 80K 80K 78643K 8816 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 436 0
VM map 2 1K 1K 78643K 2 0
sem 10 1K 1K 78643K 14 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 21 77K 125K 78643K 39195 0
sigio 0 0K 0K 78643K 432 0
proc 56 78K 115K 78643K 4612 0
subproc 104 6K 6K 78643K 793 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 2079 0
in_multi 99 7K 7K 78643K 1027 0
ether_multi 1 0K 0K 78643K 38 0
mrt 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 271 1208K 1208K 78643K 271 0
exec 0 0K 1K 78643K 6658 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 521 92K 111K 78643K 389508 0
UVM aobj 131 4K 4K 78643K 140 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 861 0
NDP 11 0K 2K 78643K 186 0
temp 74 5920K 6048K 78643K 97841 0
kqueue 12 18K 46K 78643K 16191 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 1817 0 1814 20 17 3 3 0 8 2
rtentry 112 759 0 643 4 0 4 4 0 8 0
unpcb 144 39495 0 39478 317 311 6 13 0 8 5
syncache 304 462 0 462 76 75 1 1 0 8 1
sackhl 24 1 0 1 1 1 0 1 0 8 0
tcpqe 32 801 0 801 70 69 1 1 0 8 1
tcpcb 808 14580 0 14562 312 306 6 21 0 8 3
arp 120 133 0 114 1 0 1 1 0 8 0
ipq 40 163 0 163 18 18 0 1 0 8 0
ipqe 40 721 0 721 18 18 0 1 0 8 0
inpcb 368 27084 0 27061 326 320 6 20 0 8 2
nd6 136 239 0 210 4 2 2 2 0 8 0
kcovpl 48 61 0 53 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 2978 0 2488 33 2 31 31 0 8 0
art_table 32 2979 0 2488 4 0 4 4 0 8 0
art_node 16 758 0 652 1 0 1 1 0 8 0
sysvmsgpl 40 4 0 3 2 1 1 1 0 8 0
semupl 112 3 0 3 1 1 0 1 0 8 0
semapl 112 8 0 0 1 0 1 1 0 8 0
shmpl 112 137 0 9 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 58973 0 57490 93 0 93 93 0 8 0
ffsino 272 58973 0 57490 100 0 100 100 0 8 0
nchpl 144 115149 0 113506 63 0 63 63 0 8 0
uvmvnodes 80 6407 0 0 131 0 131 131 0 8 0
vnodes 216 6407 0 0 356 0 356 356 0 8 0
namei 1024 447942 0 447941 12 11 1 2 0 8 0
percpumem 16 96 0 53 1 0 1 1 0 8 0
kstatmem 264 128 0 106 2 0 2 2 0 8 0
scxspl 216 334464 0 334464 105 103 2 8 1 8 2
plimitpl 152 5658 0 5635 52 51 1 2 0 8 0
sigapl 424 39383 0 39330 7 0 7 7 0 8 0
futexpl 64 378976 0 378975 7 6 1 1 0 8 0
knotepl 120 2280 0 0 21 4 17 17 0 8 0
kqueuepl 216 75690 0 75682 455 450 5 13 0 8 4
pipepl 320 9347 0 9319 237 234 3 11 0 8 0
fdescpl 496 39365 0 39333 7 2 5 6 0 8 0
filepl 152 395943 0 395702 584 567 17 31 0 8 7
lockfpl 104 6751 0 6749 5 4 1 2 0 8 0
lockfspl 48 1454 0 1452 1 0 1 1 0 8 0
sessionpl 144 76 0 60 1 0 1 1 0 8 0
pgrppl 48 415 0 399 1 0 1 1 0 8 0
ucredpl 104 38067 0 38049 1 0 1 1 0 8 0
zombiepl 144 39333 0 39330 1 0 1 1 0 8 0
processpl 1072 39383 0 39330 5 1 4 5 0 8 0
procpl 680 111007 0 110936 75 67 8 8 0 8 1
sosppl 168 674 0 674 52 51 1 1 0 8 1
sockpl 488 70167 0 70126 1231 1215 16 47 0 8 8
mcl64k 65536 41 0 0 3 0 3 3 0 8 0
mcl16k 16384 39 0 0 3 0 3 3 0 8 0
mcl12k 12288 65 0 0 2 0 2 2 0 8 0
mcl9k 9216 25 0 0 2 0 2 2 0 8 0
mcl8k 8192 56 0 0 4 1 3 3 0 8 0
mcl4k 4096 128 0 0 5 2 3 3 0 8 0
mcl2k2 2112 18 0 0 2 0 2 2 0 8 0
mcl2k 2048 757 0 0 36 24 12 32 0 8 0
mtagpl 96 20 0 0 1 0 1 1 0 8 0
mbufpl 256 6034 0 0 290 2 288 289 0 8 0
bufpl 288 60156 0 53749 458 0 458 458 0 8 0
anonpl 24 3738564 0 3726729 282 183 99 118 0 186 0
amapchunkpl 152 1241387 0 1240563 303 263 40 54 0 158 3
amappl16 200 75029 0 74738 479 461 18 42 0 8 0
amappl15 192 20 0 20 1 1 0 1 0 8 0
amappl14 184 327 0 306 3 1 2 2 0 8 0
amappl13 176 31 0 28 1 0 1 1 0 8 0
amappl12 168 40775 0 40741 2 0 2 2 0 8 0
amappl11 160 65 0 55 1 0 1 1 0 8 0
amappl10 152 113 0 98 1 0 1 1 0 8 0
amappl9 144 465 0 465 68 67 1 1 0 8 1
amappl8 136 1877 0 1561 11 0 11 11 0 8 0
amappl7 128 247 0 229 2 1 1 2 0 8 0
amappl6 120 1027 0 995 16 14 2 2 0 8 0
amappl5 112 1107 0 1099 1 0 1 1 0 8 0
amappl4 104 1843 0 1793 3 1 2 3 0 8 0
amappl3 96 240882 0 240800 27 24 3 4 0 8 0
amappl2 88 41440 0 41352 11 8 3 3 0 8 0
amappl1 80 148624 0 148102 22 9 13 22 0 8 0
amappl 88 387092 0 386860 9 2 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 139 0 9 3 0 3 3 0 8 0
uaddrrnd 24 39365 0 39333 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 39365 0 39333 1 0 1 1 0 8 0
vmmpekpl 168 307171 0 307100 4 0 4 4 0 8 0
vmmpepl 168 2269772 0 2267261 443 309 134 143 0 357 0
vmsppl 464 39364 0 39333 7 2 5 6 0 8 0
rwobjpl 56 554440 0 546344 152 36 116 116 0 8 0
pdppl 4096 78738 0 78666 1221 1139 82 96 0 8 10
pvpl 32 11053097 0 11035202 1072 895 177 360 0 265 0
pmappl 248 39364 0 39333 4 1 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 2978 0 1876 32 0 32 32 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
lf_advlock(ffff800000d1c7e0,0,fffffd806cd1f7c0,2,ffff8000212a7010,40) at lf_advlock+0x224 ls_ref sys/kern/vfs_lockf.c:138 [inline]
lf_advlock(ffff800000d1c7e0,0,fffffd806cd1f7c0,2,ffff8000212a7010,40) at lf_advlock+0x224 sys/kern/vfs_lockf.c:278
VOP_ADVLOCK(fffffd8069a175f0,fffffd806cd1f7c0,2,ffff8000212a7010,40) at VOP_ADVLOCK+0x75 sys/kern/vfs_vops.c:612
sys_fcntl(ffff8000211f5d50,ffff8000212a7090,ffff8000212a70e0) at sys_fcntl+0xa8b
syscall(ffff8000212a7160) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff8000212a7160) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x10d4dbc6f00, count: -5
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
witness_assert(fffffd806c226698,1) at witness_assert+0x1f sys/kern/subr_witness.c:1940
uvm_map_lookup_entry(fffffd806c2265a0,1b76fcf0000,ffff80002e425608) at uvm_map_lookup_entry+0x5c vm_map_assert_anylock_ln sys/uvm/uvm_map.c:5436 [inline]
uvm_map_lookup_entry(fffffd806c2265a0,1b76fcf0000,ffff80002e425608) at uvm_map_lookup_entry+0x5c sys/uvm/uvm_map.c:1593
uvm_map_inentry_fix(ffff8000211f4ab8,ffff8000211f4b30,1b76fcf006b,ffffffff820cece0,6) at uvm_map_inentry_fix+0xdb sys/uvm/uvm_map.c:1660
uvm_map_inentry(ffff8000211f4ab8,ffff8000211f4b30,1b76fcf006b,ffffffff827c2193,ffffffff820cece0,6) at uvm_map_inentry+0xce sys/uvm/uvm_map.c:1688
syscall(ffff80002e4257f0) at syscall+0x442 mi_syscall sys/sys/syscall_mi.h:96 [inline]
syscall(ffff80002e4257f0) at syscall+0x442 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x74afffe21e40, count: -9