kernel: protection fault trap, code=0 Stopped at lf_advlock+0x224: addl $0x1,0x28(%rbx) ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace lf_advlock(ffff800000d1c7e0,0,fffffd806cd1f7c0,2,ffff8000212a7010,40) at lf_advlock+0x224 ls_ref sys/kern/vfs_lockf.c:138 [inline] lf_advlock(ffff800000d1c7e0,0,fffffd806cd1f7c0,2,ffff8000212a7010,40) at lf_advlock+0x224 sys/kern/vfs_lockf.c:278 VOP_ADVLOCK(fffffd8069a175f0,fffffd806cd1f7c0,2,ffff8000212a7010,40) at VOP_ADVLOCK+0x75 sys/kern/vfs_vops.c:612 sys_fcntl(ffff8000211f5d50,ffff8000212a7090,ffff8000212a70e0) at sys_fcntl+0xa8b syscall(ffff8000212a7160) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff8000212a7160) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x10d4dbc6f00, count: -5 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff8000212a6f20 rbx 0xdeadbeefdeadbeef rdx 0 rcx 0xffff8000211f5d50 rax 0xffffffff82bc8ff0 cpu_info_full_primary+0x1ff0 r8 0xffff8000212a7010 r9 0x40 r10 0x3399ed2ac60bf991 r11 0x26b5fec8b9566eab r12 0xffff800000d1c7e0 r13 0x2 r14 0xffff8000212a7010 r15 0 rip 0xffffffff811f6014 lf_advlock+0x224 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000212a6e80 ss 0x10 lf_advlock+0x224: addl $0x1,0x28(%rbx) ddb{0}> show proc PROC (syz-executor.2) tid=124752 pid=73757 tcnt=3 stat=onproc flags process=10 proc=4000000 runpri=32, usrpri=81, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff8000211f4018,0xffff8000211f4820 process=0xffff80002617c018 user=0xffff8000212a2000, vmspace=0xfffffd806c3b4598 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 69179 5244 57231 32767 7 0x10 syz-executor.0 73757 210831 81913 32767 2 0x10 syz-executor.2 *73757 124752 81913 32767 7 0x4000010 syz-executor.2 73757 66161 81913 32767 3 0x4000090 fsleep syz-executor.2 26757 449504 28487 32767 2 0x10 syz-executor.7 26757 397053 28487 32767 2 0x4000010 syz-executor.7 70645 995 1041 32767 3 0x90 nanoslp syz-executor.1 1041 59676 87049 0 3 0x82 wait syz-executor.1 28487 337774 61895 32767 3 0x90 nanoslp syz-executor.7 61895 8017 87049 0 3 0x82 wait syz-executor.7 68147 507814 23688 32767 3 0x90 nanoslp syz-executor.5 23688 106112 87049 0 3 0x82 wait syz-executor.5 81913 507721 75965 32767 3 0x90 nanoslp syz-executor.2 75965 355369 87049 0 3 0x82 wait syz-executor.2 3976 122810 98004 32767 2 0x10 syz-executor.3 98004 81242 87049 0 3 0x82 wait syz-executor.3 10013 152394 25317 32767 3 0x90 nanoslp syz-executor.6 25317 429904 87049 0 3 0x82 wait syz-executor.6 57231 64810 25420 32767 3 0x90 nanoslp syz-executor.0 25420 28610 87049 0 3 0x82 wait syz-executor.0 38218 199717 77747 32767 2 0x10 syz-executor.4 77747 493713 87049 0 3 0x82 wait syz-executor.4 96660 263943 0 0 3 0x14200 bored sosplice 87049 239275 30117 0 3 0x2000082 thrsleep syz-fuzzer 87049 303554 30117 0 3 0x6000082 thrsleep syz-fuzzer 87049 42642 30117 0 3 0x6000082 thrsleep syz-fuzzer 87049 201167 30117 0 3 0x6000082 wait syz-fuzzer 87049 340920 30117 0 3 0x6000082 wait syz-fuzzer 87049 33692 30117 0 3 0x6000082 wait syz-fuzzer 87049 42145 30117 0 3 0x6000082 wait syz-fuzzer 87049 25037 30117 0 3 0x6000082 wait syz-fuzzer 87049 87616 30117 0 3 0x6000082 wait syz-fuzzer 87049 410913 30117 0 3 0x6000082 thrsleep syz-fuzzer 87049 33434 30117 0 3 0x6000082 thrsleep syz-fuzzer 87049 172947 30117 0 3 0x6000082 wait syz-fuzzer 87049 52980 30117 0 3 0x6000082 thrsleep syz-fuzzer 87049 124012 30117 0 3 0x6000082 kqread syz-fuzzer 87049 441962 30117 0 3 0x6000082 wait syz-fuzzer 87049 318706 30117 0 3 0x6000082 thrsleep syz-fuzzer 30117 226419 1653 0 3 0x10008a sigsusp ksh 1653 385923 43517 0 3 0x9a kqread sshd 31782 86244 1 0 3 0x100083 ttyin getty 43517 28536 1 0 3 0x88 kqread sshd 97493 80102 56075 73 3 0x1100090 kqread syslogd 56075 393858 1 0 3 0x100082 netio syslogd 56907 91430 1 0 3 0x100080 kqread resolvd 56326 186034 92774 77 3 0x100092 kqread dhcpleased 54622 78884 92774 77 3 0x100092 kqread dhcpleased 92774 266340 1 0 3 0x80 kqread dhcpleased 5488 461058 0 0 3 0x14200 bored smr 87344 159026 0 0 2 0x14200 zerothread 50178 226534 0 0 3 0x14200 aiodoned aiodoned 68572 246387 0 0 3 0x14200 syncer update 72621 303783 0 0 3 0x14200 cleaner cleaner 74387 422371 0 0 3 0x14200 reaper reaper 66414 496287 0 0 3 0x14200 pgdaemon pagedaemon 49799 331753 0 0 3 0x14200 bored viomb 94524 112148 0 0 3 0x40014200 acpi0 acpi0 27886 61653 0 0 3 0x40014200 idle1 1506 295668 0 0 3 0x14200 bored softnet3 70865 384552 0 0 3 0x14200 bored softnet2 47098 318547 0 0 3 0x14200 bored softnet1 56524 456737 0 0 3 0x14200 bored softnet0 6951 211655 0 0 3 0x14200 bored systqmp 16177 411056 0 0 3 0x14200 bored systq 56322 362796 0 0 2 0x40014200 softclock 72501 334790 0 0 3 0x40014200 idle0 1 352689 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 69179 (syz-executor.0) thread 0xffff8000211f4ab8 (5244) shared rwlock vmmaplk r = 0 (0xfffffd806c226698) #0 witness_lock+0x447 #1 uvm_map_inentry_fix+0xa5 vm_map_lock_read_ln sys/uvm/uvm_map.c:5368 [inline] #1 uvm_map_inentry_fix+0xa5 sys/uvm/uvm_map.c:1657 #2 uvm_map_inentry+0xce sys/uvm/uvm_map.c:1688 #3 syscall+0x442 mi_syscall sys/sys/syscall_mi.h:96 [inline] #3 syscall+0x442 sys/arch/amd64/amd64/trap.c:623 #4 Xsyscall+0x128 Process 73757 (syz-executor.2) thread 0xffff8000211f5d50 (124752) exclusive rwlock lockflk r = 0 (0xffffffff82b795d0) #0 witness_lock+0x447 #1 lf_advlock+0x196 sys/kern/vfs_lockf.c:260 #2 VOP_ADVLOCK+0x75 sys/kern/vfs_vops.c:612 #3 sys_fcntl+0xa8b #4 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] #4 syscall+0x606 sys/arch/amd64/amd64/trap.c:623 #5 Xsyscall+0x128 Process 3976 (syz-executor.3) thread 0xffff8000261577f0 (122810) exclusive rrwlock inode r = 0 (0xfffffd807d9aa1a8) #0 witness_lock+0x447 #1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309 #2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518 #4 ufs_ihashins+0x46 sys/ufs/ufs/ufs_ihash.c:140 #5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1343 #6 ffs_inode_alloc+0x1c2 sys/ufs/ffs/ffs_alloc.c:394 #7 ufs_mkdir+0xf8 sys/ufs/ufs/ufs_vnops.c:1149 #8 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388 #9 domkdirat+0x125 sys/kern/vfs_syscalls.c:3073 #10 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] #10 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806fdb6c58) #0 witness_lock+0x447 #1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309 #2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:564 #5 vfs_lookup+0xd5 sys/kern/vfs_lookup.c:418 #6 namei+0x55a sys/kern/vfs_lookup.c:250 #7 domkdirat+0x79 sys/kern/vfs_syscalls.c:3058 #8 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] #8 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 #9 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10222 6413K 6420K 78643K 11461 0 pcb 13 16K 20K 78643K 19 0 rtable 246 7K 7K 78643K 3621 0 pf 29 8K 8K 78643K 135 0 ifaddr 44 16K 16K 78643K 264 0 ifgroup 50 2K 2K 78643K 262 0 sysctl 3 1K 5K 78643K 6 0 counters 60 35K 35K 78643K 166 0 ioctlops 0 0K 2K 78643K 434 0 iov 0 0K 24K 78643K 3941 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1279 80K 80K 78643K 8816 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 436 0 VM map 2 1K 1K 78643K 2 0 sem 10 1K 1K 78643K 14 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 21 77K 125K 78643K 39195 0 sigio 0 0K 0K 78643K 432 0 proc 56 78K 115K 78643K 4612 0 subproc 104 6K 6K 78643K 793 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 2079 0 in_multi 99 7K 7K 78643K 1027 0 ether_multi 1 0K 0K 78643K 38 0 mrt 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 271 1208K 1208K 78643K 271 0 exec 0 0K 1K 78643K 6658 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 521 92K 111K 78643K 389508 0 UVM aobj 131 4K 4K 78643K 140 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 861 0 NDP 11 0K 2K 78643K 186 0 temp 74 5920K 6048K 78643K 97841 0 kqueue 12 18K 46K 78643K 16191 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 1817 0 1814 20 17 3 3 0 8 2 rtentry 112 759 0 643 4 0 4 4 0 8 0 unpcb 144 39495 0 39478 317 311 6 13 0 8 5 syncache 304 462 0 462 76 75 1 1 0 8 1 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 801 0 801 70 69 1 1 0 8 1 tcpcb 808 14580 0 14562 312 306 6 21 0 8 3 arp 120 133 0 114 1 0 1 1 0 8 0 ipq 40 163 0 163 18 18 0 1 0 8 0 ipqe 40 721 0 721 18 18 0 1 0 8 0 inpcb 368 27084 0 27061 326 320 6 20 0 8 2 nd6 136 239 0 210 4 2 2 2 0 8 0 kcovpl 48 61 0 53 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2978 0 2488 33 2 31 31 0 8 0 art_table 32 2979 0 2488 4 0 4 4 0 8 0 art_node 16 758 0 652 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 3 2 1 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 8 0 0 1 0 1 1 0 8 0 shmpl 112 137 0 9 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 58973 0 57490 93 0 93 93 0 8 0 ffsino 272 58973 0 57490 100 0 100 100 0 8 0 nchpl 144 115149 0 113506 63 0 63 63 0 8 0 uvmvnodes 80 6407 0 0 131 0 131 131 0 8 0 vnodes 216 6407 0 0 356 0 356 356 0 8 0 namei 1024 447942 0 447941 12 11 1 2 0 8 0 percpumem 16 96 0 53 1 0 1 1 0 8 0 kstatmem 264 128 0 106 2 0 2 2 0 8 0 scxspl 216 334464 0 334464 105 103 2 8 1 8 2 plimitpl 152 5658 0 5635 52 51 1 2 0 8 0 sigapl 424 39383 0 39330 7 0 7 7 0 8 0 futexpl 64 378976 0 378975 7 6 1 1 0 8 0 knotepl 120 2280 0 0 21 4 17 17 0 8 0 kqueuepl 216 75690 0 75682 455 450 5 13 0 8 4 pipepl 320 9347 0 9319 237 234 3 11 0 8 0 fdescpl 496 39365 0 39333 7 2 5 6 0 8 0 filepl 152 395943 0 395702 584 567 17 31 0 8 7 lockfpl 104 6751 0 6749 5 4 1 2 0 8 0 lockfspl 48 1454 0 1452 1 0 1 1 0 8 0 sessionpl 144 76 0 60 1 0 1 1 0 8 0 pgrppl 48 415 0 399 1 0 1 1 0 8 0 ucredpl 104 38067 0 38049 1 0 1 1 0 8 0 zombiepl 144 39333 0 39330 1 0 1 1 0 8 0 processpl 1072 39383 0 39330 5 1 4 5 0 8 0 procpl 680 111007 0 110936 75 67 8 8 0 8 1 sosppl 168 674 0 674 52 51 1 1 0 8 1 sockpl 488 70167 0 70126 1231 1215 16 47 0 8 8 mcl64k 65536 41 0 0 3 0 3 3 0 8 0 mcl16k 16384 39 0 0 3 0 3 3 0 8 0 mcl12k 12288 65 0 0 2 0 2 2 0 8 0 mcl9k 9216 25 0 0 2 0 2 2 0 8 0 mcl8k 8192 56 0 0 4 1 3 3 0 8 0 mcl4k 4096 128 0 0 5 2 3 3 0 8 0 mcl2k2 2112 18 0 0 2 0 2 2 0 8 0 mcl2k 2048 757 0 0 36 24 12 32 0 8 0 mtagpl 96 20 0 0 1 0 1 1 0 8 0 mbufpl 256 6034 0 0 290 2 288 289 0 8 0 bufpl 288 60156 0 53749 458 0 458 458 0 8 0 anonpl 24 3738564 0 3726729 282 183 99 118 0 186 0 amapchunkpl 152 1241387 0 1240563 303 263 40 54 0 158 3 amappl16 200 75029 0 74738 479 461 18 42 0 8 0 amappl15 192 20 0 20 1 1 0 1 0 8 0 amappl14 184 327 0 306 3 1 2 2 0 8 0 amappl13 176 31 0 28 1 0 1 1 0 8 0 amappl12 168 40775 0 40741 2 0 2 2 0 8 0 amappl11 160 65 0 55 1 0 1 1 0 8 0 amappl10 152 113 0 98 1 0 1 1 0 8 0 amappl9 144 465 0 465 68 67 1 1 0 8 1 amappl8 136 1877 0 1561 11 0 11 11 0 8 0 amappl7 128 247 0 229 2 1 1 2 0 8 0 amappl6 120 1027 0 995 16 14 2 2 0 8 0 amappl5 112 1107 0 1099 1 0 1 1 0 8 0 amappl4 104 1843 0 1793 3 1 2 3 0 8 0 amappl3 96 240882 0 240800 27 24 3 4 0 8 0 amappl2 88 41440 0 41352 11 8 3 3 0 8 0 amappl1 80 148624 0 148102 22 9 13 22 0 8 0 amappl 88 387092 0 386860 9 2 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 139 0 9 3 0 3 3 0 8 0 uaddrrnd 24 39365 0 39333 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 39365 0 39333 1 0 1 1 0 8 0 vmmpekpl 168 307171 0 307100 4 0 4 4 0 8 0 vmmpepl 168 2269772 0 2267261 443 309 134 143 0 357 0 vmsppl 464 39364 0 39333 7 2 5 6 0 8 0 rwobjpl 56 554440 0 546344 152 36 116 116 0 8 0 pdppl 4096 78738 0 78666 1221 1139 82 96 0 8 10 pvpl 32 11053097 0 11035202 1072 895 177 360 0 265 0 pmappl 248 39364 0 39333 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2978 0 1876 32 0 32 32 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace lf_advlock(ffff800000d1c7e0,0,fffffd806cd1f7c0,2,ffff8000212a7010,40) at lf_advlock+0x224 ls_ref sys/kern/vfs_lockf.c:138 [inline] lf_advlock(ffff800000d1c7e0,0,fffffd806cd1f7c0,2,ffff8000212a7010,40) at lf_advlock+0x224 sys/kern/vfs_lockf.c:278 VOP_ADVLOCK(fffffd8069a175f0,fffffd806cd1f7c0,2,ffff8000212a7010,40) at VOP_ADVLOCK+0x75 sys/kern/vfs_vops.c:612 sys_fcntl(ffff8000211f5d50,ffff8000212a7090,ffff8000212a70e0) at sys_fcntl+0xa8b syscall(ffff8000212a7160) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff8000212a7160) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x10d4dbc6f00, count: -5 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 witness_assert(fffffd806c226698,1) at witness_assert+0x1f sys/kern/subr_witness.c:1940 uvm_map_lookup_entry(fffffd806c2265a0,1b76fcf0000,ffff80002e425608) at uvm_map_lookup_entry+0x5c vm_map_assert_anylock_ln sys/uvm/uvm_map.c:5436 [inline] uvm_map_lookup_entry(fffffd806c2265a0,1b76fcf0000,ffff80002e425608) at uvm_map_lookup_entry+0x5c sys/uvm/uvm_map.c:1593 uvm_map_inentry_fix(ffff8000211f4ab8,ffff8000211f4b30,1b76fcf006b,ffffffff820cece0,6) at uvm_map_inentry_fix+0xdb sys/uvm/uvm_map.c:1660 uvm_map_inentry(ffff8000211f4ab8,ffff8000211f4b30,1b76fcf006b,ffffffff827c2193,ffffffff820cece0,6) at uvm_map_inentry+0xce sys/uvm/uvm_map.c:1688 syscall(ffff80002e4257f0) at syscall+0x442 mi_syscall sys/sys/syscall_mi.h:96 [inline] syscall(ffff80002e4257f0) at syscall+0x442 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x74afffe21e40, count: -9