kernel: protection fault trap, code=0
Stopped at lf_findoverlap+0xfb: movq 0x18(%r15),%rax
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
the kernel did not panic
ddb{1}> trace
lf_findoverlap(fffffd806f12b6e8,fffffd806f12ba28,2,ffff800021240470) at lf_findoverlap+0xfb sys/kern/vfs_lockf.c:659
lf_deadlock(fffffd806f12ba28) at lf_deadlock+0x1f6 lf_getblock sys/kern/vfs_lockf.c:622 [inline]
lf_deadlock(fffffd806f12ba28) at lf_deadlock+0x1f6 sys/kern/vfs_lockf.c:841
lf_setlock(fffffd806f12ba28) at lf_setlock+0x168 sys/kern/vfs_lockf.c:359
lf_advlock(ffff800000bb7c20,0,fffffd806d8ac3e8,8,ffff8000212406c0,50) at lf_advlock+0x3a7 sys/kern/vfs_lockf.c:301
VOP_ADVLOCK(fffffd806e57a948,fffffd806d8ac3e8,8,ffff8000212406c0,50) at VOP_ADVLOCK+0x71 sys/kern/vfs_vops.c:628
sys_fcntl(ffff8000211a2fc8,ffff800021240748,ffff8000212407a0) at sys_fcntl+0xad9
syscall(ffff800021240810) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800021240810) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xbf3dbb3f6e0, count: -8
ddb{1}> show registers
rdi 0x1
rsi 0xdeaf4152deaf4152
rbp 0xffff800021240460
rbx 0xdeaf4152deaf4152
rdx 0x2
rcx 0xfffffd806f12ba28
rax 0xdeaf4152deaf4152
r8 0xffff8000212406c0
r9 0x50
r10 0x9b41b2fc8c57cff1
r11 0xbd3e2e9c34f4ccc5
r12 0
r13 0x1
r14 0xffff800021240470
r15 0xdeaf4152deaf4152
rip 0xffffffff812d943b lf_findoverlap+0xfb
cs 0x8
rflags 0x10202 __ALIGN_SIZE+0xf202
rsp 0xffff8000212403e0
ss 0x10
lf_findoverlap+0xfb: movq 0x18(%r15),%rax
ddb{1}> show proc
PROC (syz-executor4206730405) pid=331913 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=78, nice=20
forw=0xffffffffffffffff, list=0xffff8000211a2548,0xffff8000211a3518
process=0xffff8000ffff0440 user=0xffff80002123b000, vmspace=0xfffffd806d04f010
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
7505 64982 51824 0 7 0 syz-executor4206730405
* 7505 331913 51824 0 7 0x4000000 syz-executor4206730405
69639 306162 73055 0 2 0 syz-executor4206730405
69639 228693 73055 0 2 0x4000000 syz-executor4206730405
11667 282347 17641 0 2 0 syz-executor4206730405
11667 361185 17641 0 3 0x4000080 fsleep syz-executor4206730405
70626 308236 2651 0 2 0 syz-executor4206730405
70626 165466 2651 0 3 0x4000080 lockf syz-executor4206730405
16334 111007 35273 0 2 0 syz-executor4206730405
16334 92089 35273 0 3 0x4000080 fsleep syz-executor4206730405
57464 84064 1986 0 2 0 syz-executor4206730405
57464 17307 1986 0 3 0x4000080 fsleep syz-executor4206730405
46624 372582 6739 0 3 0x80 nanoslp syz-executor4206730405
46624 188396 6739 0 3 0x4000080 lockf syz-executor4206730405
46624 453918 6739 0 3 0x4000080 fsleep syz-executor4206730405
6739 88584 76010 0 2 0 syz-executor4206730405
1986 164593 76010 0 3 0x80 nanoslp syz-executor4206730405
51824 305959 76010 0 3 0x80 nanoslp syz-executor4206730405
17641 146736 76010 0 3 0x80 nanoslp syz-executor4206730405
35273 183525 76010 0 3 0x80 nanoslp syz-executor4206730405
73055 382545 76010 0 2 0 syz-executor4206730405
2651 267937 76010 0 3 0x80 nanoslp syz-executor4206730405
29060 318136 76010 0 2 0 syz-executor4206730405
76010 80982 42029 0 3 0x82 nanoslp syz-executor4206730405
42029 157703 99721 0 3 0x10008a sigsusp ksh
99721 302909 42242 0 3 0x9a kqread sshd
28651 181035 1 0 3 0x100083 ttyin getty
42242 333045 1 0 3 0x88 kqread sshd
68765 45830 19793 73 3 0x1100090 kqread syslogd
19793 232760 1 0 3 0x100082 netio syslogd
57501 443796 1 0 3 0x100080 kqread resolvd
98510 11291 50463 77 3 0x100092 kqread dhcpleased
5913 448816 50463 77 3 0x100092 kqread dhcpleased
50463 157137 1 0 3 0x80 kqread dhcpleased
90325 456473 0 0 3 0x14200 bored smr
57703 495689 0 0 2 0x14200 zerothread
29754 291937 0 0 3 0x14200 aiodoned aiodoned
35726 204254 0 0 3 0x14200 syncer update
23855 509986 0 0 3 0x14200 cleaner cleaner
13840 36644 0 0 3 0x14200 reaper reaper
14497 370506 0 0 3 0x14200 pgdaemon pagedaemon
66801 337104 0 0 3 0x14200 bored viomb
32529 440157 0 0 3 0x40014200 acpi0 acpi0
36550 363439 0 0 3 0x40014200 idle1
73106 389552 0 0 3 0x14200 bored softnet
91313 264749 0 0 3 0x14200 bored systqmp
61720 421402 0 0 3 0x14200 bored systq
68293 130312 0 0 3 0x40014200 bored softclock
9407 196709 0 0 3 0x40014200 idle0
1 494704 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 7505 (syz-executor4206730405) thread 0xffff8000211a2fc8 (331913)
exclusive rwlock lockflk r = 0 (0xffffffff82910aa0)
#0 witness_lock+0x44d
#1 lf_advlock+0x189 sys/kern/vfs_lockf.c:263
#2 VOP_ADVLOCK+0x71 sys/kern/vfs_vops.c:628
#3 sys_fcntl+0xad9
#4 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#4 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#5 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10151 6389K 6419K 78643K 11241 0
pcb 13 8K 8K 78643K 13 0
rtable 62 2K 2K 78643K 108 0
ifaddr 24 7K 7K 78643K 24 0
counters 40 33K 33K 78643K 40 0
ioctlops 0 0K 2K 78643K 25 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1166 73K 73K 78643K 1179 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 1K 1K 78643K 2 0
sem 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 7 12K 17K 78643K 14209 0
proc 55 78K 79K 78643K 226 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 11 0K 0K 78643K 11 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 73 334K 334K 78643K 73 0
exec 0 0K 2K 78643K 391 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 92 5K 5K 78643K 24560 0
UVM aobj 3 2K 2K 78643K 3 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 3 0K 0K 78643K 3 0
temp 18 4705K 4769K 78643K 2270 0
kqueue 11 16K 18K 78643K 24 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 17 0 14 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 136 33 0 20 1 0 1 1 0 8 0
syncache 296 5 0 5 2 2 0 1 0 8 0
tcpcb 736 8 0 5 1 0 1 1 0 8 0
arp 120 2 0 0 1 0 1 1 0 8 0
inpcb 312 25 0 19 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 96 0 0 6 0 6 6 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1416 0 38 87 0 87 87 0 8 0
ffsino 272 1416 0 38 92 0 92 92 0 8 0
nchpl 144 1603 0 47 58 0 58 58 0 8 0
uvmvnodes 80 1425 0 0 30 0 30 30 0 8 0
vnodes 224 1425 0 0 84 0 84 84 0 8 0
namei 1024 23119 0 23119 2 1 1 1 0 8 1
percpumem 16 32 0 0 1 0 1 1 0 8 0
scxspl 216 3989 0 3989 17 16 1 8 0 8 1
plimitpl 152 15 0 9 1 0 1 1 0 8 0
sigapl 424 5037 0 4994 5 0 5 5 0 8 0
futexpl 64 14770 0 14766 1 0 1 1 0 8 0
knotepl 120 48 0 0 2 0 2 2 0 8 0
kqueuepl 216 20 0 13 1 0 1 1 0 8 0
pipepl 336 79 0 76 2 1 1 1 0 8 0
fdescpl 496 5023 0 4995 5 1 4 4 0 8 0
filepl 152 15251 0 15186 3 0 3 3 0 8 0
lockfpl 104 14114 0 14104 1 0 1 1 0 8 0
lockfspl 48 4693 0 4688 1 0 1 1 0 8 0
sessionpl 144 17 0 9 1 0 1 1 0 8 0
pgrppl 48 17 0 9 1 0 1 1 0 8 0
ucredpl 96 14272 0 14262 1 0 1 1 0 8 0
zombiepl 144 4995 0 4994 2 1 1 1 0 8 0
processpl 1064 5037 0 4994 4 1 3 3 0 8 0
procpl 672 9885 0 9834 5 0 5 5 0 8 0
sockpl 480 75 0 53 3 0 3 3 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 2 0 0 1 0 1 1 0 8 0
mcl2k 2048 70 0 0 7 0 7 7 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 114 0 0 7 0 7 7 0 8 0
bufpl 288 1943 0 87 133 0 133 133 0 8 0
anonpl 24 736637 0 733806 24 5 19 20 0 186 0
amapchunkpl 152 52270 0 52103 10 2 8 8 0 158 1
amappl16 200 4817 0 4810 1 0 1 1 0 8 0
amappl13 176 32 0 31 2 1 1 1 0 8 0
amappl12 168 4 0 3 1 0 1 1 0 8 0
amappl11 160 61 0 47 1 0 1 1 0 8 0
amappl10 152 1 0 1 1 1 0 1 0 8 0
amappl9 144 493 0 491 1 0 1 1 0 8 0
amappl8 136 5080 0 5063 2 1 1 1 0 8 0
amappl7 128 51 0 48 1 0 1 1 0 8 0
amappl6 120 92 0 82 1 0 1 1 0 8 0
amappl5 112 82 0 74 1 0 1 1 0 8 0
amappl4 104 567 0 547 1 0 1 1 0 8 0
amappl3 96 9187 0 9154 1 0 1 1 0 8 0
amappl2 88 5155 0 5109 2 0 2 2 0 8 0
amappl1 80 98254 0 97727 14 2 12 12 0 8 0
amappl 88 19571 0 19501 2 0 2 2 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
uaddrrnd 24 5023 0 4995 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 5023 0 4995 1 0 1 1 0 8 0
vmmpekpl 168 30626 0 30611 2 0 2 2 0 8 0
vmmpepl 168 342152 0 340786 69 5 64 64 0 357 4
vmsppl 368 5022 0 4995 3 0 3 3 0 8 0
rwobjpl 56 106852 0 104761 30 0 30 30 0 8 0
pdppl 4096 10053 0 9990 83 18 65 65 0 8 2
pvpl 32 1054446 0 1049322 52 8 44 45 0 265 0
pmappl 248 5022 0 4995 3 1 2 2 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 433 0 22 12 0 12 12 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{0}> trace
x86_ipi_db(ffffffff82986ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
end of kernel
end trace frame: 0x7f7ffffc9180, count: -3
ddb{0}> machine ddbcpu 1
Stopped at lf_findoverlap+0xfb: movq 0x18(%r15),%rax
ddb{1}> trace
lf_findoverlap(fffffd806f12b6e8,fffffd806f12ba28,2,ffff800021240470) at lf_findoverlap+0xfb sys/kern/vfs_lockf.c:659
lf_deadlock(fffffd806f12ba28) at lf_deadlock+0x1f6 lf_getblock sys/kern/vfs_lockf.c:622 [inline]
lf_deadlock(fffffd806f12ba28) at lf_deadlock+0x1f6 sys/kern/vfs_lockf.c:841
lf_setlock(fffffd806f12ba28) at lf_setlock+0x168 sys/kern/vfs_lockf.c:359
lf_advlock(ffff800000bb7c20,0,fffffd806d8ac3e8,8,ffff8000212406c0,50) at lf_advlock+0x3a7 sys/kern/vfs_lockf.c:301
VOP_ADVLOCK(fffffd806e57a948,fffffd806d8ac3e8,8,ffff8000212406c0,50) at VOP_ADVLOCK+0x71 sys/kern/vfs_vops.c:628
sys_fcntl(ffff8000211a2fc8,ffff800021240748,ffff8000212407a0) at sys_fcntl+0xad9
syscall(ffff800021240810) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800021240810) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xbf3dbb3f6e0, count: -8