kernel: protection fault trap, code=0 Stopped at lf_advlock+0x2f7: incl 0x28(%r12) ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace lf_advlock(ffff800001259e60,0,fffffd803d4af5d8,2,ffff800035bb9230,40) at lf_advlock+0x2f7 ls_ref sys/kern/vfs_lockf.c:138 [inline] lf_advlock(ffff800001259e60,0,fffffd803d4af5d8,2,ffff800035bb9230,40) at lf_advlock+0x2f7 sys/kern/vfs_lockf.c:278 VOP_ADVLOCK(fffffd8052aee488,fffffd803d4af5d8,2,ffff800035bb9230,40) at VOP_ADVLOCK+0x87 sys/kern/vfs_vops.c:620 closef(fffffd804671e7c8,ffff80002f5a67e8) at closef+0x140 syscall(ffff800035bb9360) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff800035bb9360) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9b6f3b86760, count: -5 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff800035bb9180 rbx 0 rdx 0 rcx 0xffff80002f5a67e8 rax 0xffffffff83492ff0 cpu_info_full_primary+0x1ff0 r8 0xffff800035bb9230 r9 0x40 r10 0 r11 0xea12ed8fbc8889f2 r12 0xdeafbeaddeafbead r13 0x2 r14 0xffff800001259e60 r15 0xffffffffffffffff rip 0xffffffff825c4b87 lf_advlock+0x2f7 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800035bb90f0 ss 0x10 lf_advlock+0x2f7: incl 0x28(%r12) ddb{0}> show proc PROC (syz-executor) tid=398698 pid=6316 tcnt=4 stat=onproc flags process=10 proc=4000000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002f5a7718,0xffff80002f585c48 process=0xffff800035bb0930 user=0xffff800035bb4000, vmspace=0xfffffd806955ea60 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 6316 92517 80303 32767 2 0x10 syz-executor 6316 429964 80303 32767 3 0x4000010 lockflk syz-executor * 6316 398698 80303 32767 7 0x4000010 syz-executor 6316 463889 80303 32767 3 0x4000090 fsleep syz-executor 27465 398689 92831 32767 3 0x90 nanoslp syz-executor 27465 38470 92831 32767 3 0x4000090 fsleep syz-executor 27465 351778 92831 32767 3 0x4000090 kqsel syz-executor 27465 437486 92831 32767 3 0x4000090 fsleep syz-executor 54800 3661 73627 32767 3 0x90 nanoslp syz-executor 54800 181386 73627 32767 3 0x4000090 kqsel syz-executor 54800 382704 73627 32767 3 0x4000090 fsleep syz-executor 92831 304011 12199 32767 3 0x90 nanoslp syz-executor 12199 274049 61249 0 3 0x82 wait syz-executor 73627 323179 68290 32767 3 0x90 nanoslp syz-executor 68290 282810 61249 0 3 0x82 wait syz-executor 44139 211842 2858 32767 3 0x90 nanoslp syz-executor 2858 141471 61249 0 3 0x82 wait syz-executor 39283 34062 35172 32767 3 0x90 nanoslp syz-executor 35172 101358 61249 0 3 0x82 wait syz-executor 63240 165025 76921 32767 2 0x10 syz-executor 76921 88175 61249 0 3 0x82 wait syz-executor 80303 481600 73019 32767 3 0x90 nanoslp syz-executor 73019 237685 61249 0 3 0x82 wait syz-executor 37982 136783 11472 32767 3 0x90 wait syz-executor 11472 97747 61249 0 3 0x82 wait syz-executor 8560 286129 96459 32767 3 0x90 nanoslp syz-executor 96459 466970 61249 0 3 0x82 wait syz-executor 8863 402181 0 0 3 0x14200 bored sosplice 61249 176615 20190 0 3 0x82 kqread syz-executor 20190 476201 55166 0 3 0x10008a sigsusp ksh 55166 206421 51880 0 3 0x98 kqread sshd-session 51880 242642 20156 0 3 0x92 kqread sshd-session 30585 302785 1 0 3 0x100083 ttyin getty 20156 485839 1 0 3 0x88 kqread sshd 11389 52843 99202 73 3 0x1100090 kqread syslogd 99202 498984 1 0 3 0x100082 sbwait syslogd 57544 93165 1 0 3 0x100080 kqread resolvd 53607 224252 12165 77 3 0x100092 kqread dhcpleased 41406 413878 12165 77 3 0x100092 kqread dhcpleased 12165 232997 1 0 3 0x80 kqread dhcpleased 80919 182035 0 0 3 0x14200 bored smr 65203 351725 0 0 2 0x14200 zerothread 85879 356038 0 0 3 0x14200 aiodoned aiodoned 36886 128296 0 0 3 0x14200 syncer update 7096 104597 0 0 3 0x14200 cleaner cleaner 90963 79683 0 0 7 0x14200 reaper 5538 254678 0 0 3 0x14200 pgdaemon pagedaemon 84406 443722 0 0 3 0x14200 bored viomb 74130 94662 0 0 3 0x40014200 acpi0 acpi0 70505 244027 0 0 3 0x40014200 idle1 71885 424051 0 0 3 0x14200 bored softnet3 50629 122984 0 0 3 0x14200 bored softnet2 80381 220056 0 0 3 0x14200 bored softnet1 21851 60814 0 0 3 0x14200 bored softnet0 18957 217408 0 0 3 0x14200 bored systqmp 1377 484357 0 0 3 0x14200 bored systq 64532 235627 0 0 3 0x14200 tmoslp softclockmp 96831 302168 0 0 3 0x40014200 tmoslp softclock 86903 136139 0 0 3 0x40014200 idle0 1 2468 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 1: exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff8357cee8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 mtx_enter_try+0x178 #2 mtx_enter+0x60 sys/kern/kern_lock.c:239 #3 uvm_pmr_freepages+0x165 sys/uvm/uvm_pmemrange.c:1312 #4 pmap_do_remove+0x873 sys/arch/amd64/amd64/pmap.c:1939 #5 uvm_unmap_kill_entry_withlock+0x274 sys/uvm/uvm_map.c:1865 #6 uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2498 #7 uvmspace_free+0xcd sys/uvm/uvm_map.c:3422 #8 reaper+0x246 sys/kern/kern_exit.c:477 #9 proc_trampoline+0x10 Process 6316 (syz-executor) thread 0xffff80002f5a67e8 (398698) exclusive rwlock lockflk r = 0 (0xffffffff8349b470) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 lf_advlock+0x22a sys/kern/vfs_lockf.c:261 #2 VOP_ADVLOCK+0x87 sys/kern/vfs_vops.c:620 #3 closef+0x140 #4 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #4 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #5 Xsyscall+0x128 Process 63240 (syz-executor) thread 0xffff80002f584d08 (165025) exclusive rrwlock inode r = 0 (0xfffffd800b30d3d8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:169 #5 ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1230 #6 ffs_inode_alloc+0x283 sys/ufs/ffs/ffs_alloc.c:393 #7 ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 #8 VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 #9 domkdirat+0x179 sys/kern/vfs_syscalls.c:3099 #10 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #10 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806558a2b8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564 #5 vfs_lookup+0x109 sys/kern/vfs_lookup.c:418 #6 namei+0x7aa sys/kern/vfs_lookup.c:250 #7 domkdirat+0x8b sys/kern/vfs_syscalls.c:3084 #8 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #8 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #9 Xsyscall+0x128 Process 90963 (reaper) thread 0xffff800029fd9448 (79683) exclusive rwlock vmmaplk r = 0 (0xfffffd806955e628) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 vm_map_lock_ln+0x143 sys/uvm/uvm_map.c:5252 #3 uvm_map_teardown+0x5e sys/uvm/uvm_map.c:2466 #4 uvmspace_free+0xcd sys/uvm/uvm_map.c:3422 #5 reaper+0x246 sys/kern/kern_exit.c:477 #6 proc_trampoline+0x10 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10239 11054K 11059K 166960K 14115 0 pcb 17 24K 28K 166960K 27 0 rtable 236 6K 7K 166960K 33442 0 pf 31 16K 16K 166960K 1908 0 ifaddr 42 15K 18K 166960K 3781 0 ifgroup 50 2K 2K 166960K 3791 0 sysctl 4 1K 5K 166960K 202 0 counters 64 36K 36K 166960K 1928 0 ioctlops 0 0K 2K 166960K 2802 0 iov 0 0K 32K 166960K 5622 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1470 92K 92K 166960K 26485 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 13K 166960K 1305 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 3182 0 dirhash 39 7K 8K 166960K 1929 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 24 89K 157K 166960K 70201 0 sigio 0 0K 0K 166960K 2290 0 proc 58 79K 176K 166960K 33147 0 subproc 104 6K 13K 166960K 13793 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 17664 0 in_multi 99 7K 7K 166960K 12934 0 ether_multi 1 0K 0K 166960K 367 0 mrt 1 0K 0K 166960K 29 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 403 1791K 1791K 166960K 403 0 exec 0 0K 1K 166960K 26854 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 293 76K 139K 166960K 612996 0 UVM aobj 131 6K 8K 166960K 144 0 pinsyscall 45 90K 130K 166960K 97863 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 5766 0 NDP 11 0K 2K 166960K 2820 0 temp 76 6824K 6952K 166960K 530367 0 kqueue 14 22K 36K 166960K 11497 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 11115 0 11112 77 76 1 4 0 8 0 rtentry 112 11067 0 10956 19 15 4 4 0 8 0 unpcb 144 69252 0 69231 317 312 5 9 0 8 4 syncache 336 1287 0 1286 65 64 1 1 0 8 0 tcpqe 32 664 0 664 80 79 1 1 0 8 1 tcpcb 808 48014 0 47856 399 376 23 25 0 8 5 arp 120 1908 0 1890 1 0 1 1 0 8 0 ipq 40 384 0 381 17 16 1 1 0 8 0 ipqe 40 8196 0 8193 17 16 1 1 0 8 0 inpcb 336 107085 0 106924 419 397 22 25 0 8 4 ip6q 72 70 0 70 13 13 0 1 0 8 0 ip6af 40 140 0 140 13 13 0 1 0 8 0 nd6 136 3504 0 3479 15 13 2 2 0 8 1 kcovpl 48 1061 0 1053 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 43865 0 43405 225 194 31 32 0 8 2 art_table 32 43866 0 43405 14 9 5 5 0 8 1 art_node 16 11066 0 10965 1 0 1 1 0 8 0 sysvmsgpl 40 16 0 12 1 0 1 1 0 8 0 semapl 112 3111 0 3101 1 0 1 1 0 8 0 shmpl 112 141 0 13 4 0 4 4 0 8 0 dirhash 1024 1323 0 1275 15 8 7 7 0 8 1 dino2pl 256 94141 0 88948 326 1 325 325 0 8 0 ffsino 272 94141 0 88948 348 1 347 347 0 8 0 nchpl 144 174142 0 170934 120 0 120 120 0 8 0 uvmvnodes 80 11776 0 0 241 0 241 241 0 8 0 vnodes 216 11776 0 0 655 0 655 655 0 8 0 namei 1024 736374 0 736373 70 69 1 2 0 8 0 percpumem 16 978 0 932 1 0 1 1 0 8 0 kstatmem 264 1886 0 1864 3 1 2 2 0 8 0 scxspl 216 649386 0 649386 190 186 4 8 1 8 4 plimitpl 152 23245 0 23221 2 0 2 2 0 8 0 sigapl 424 68867 0 68811 25 17 8 9 0 8 0 futexpl 64 852080 0 852076 25 24 1 1 0 8 0 knotepl 120 3072 0 0 24 0 24 24 0 8 0 kqueuepl 216 25354 0 25309 247 244 3 9 0 8 0 pipepl 320 14056 0 14029 174 169 5 11 0 8 2 fdescpl 496 68848 0 68812 29 24 5 7 0 8 0 filepl 152 517095 0 516774 367 346 21 28 0 8 8 lockfpl 104 23345 0 23342 18 17 1 4 0 8 0 lockfspl 48 6364 0 6361 1 0 1 1 0 8 0 sessionpl 144 1437 0 1421 1 0 1 1 0 8 0 pgrppl 48 4589 0 4565 1 0 1 1 0 8 0 ucredpl 104 103227 0 103208 1 0 1 1 0 8 0 zombiepl 144 68815 0 68811 1 0 1 1 0 8 0 processpl 1160 68867 0 68811 8 3 5 6 0 8 0 procpl 648 165587 0 165523 13 6 7 7 0 8 0 srpgc 96 66 0 66 30 30 0 1 0 8 0 sosppl 168 897 0 883 41 40 1 1 0 8 0 sockpl 664 189236 0 189051 676 646 30 35 0 8 10 mcl64k 65536 109 0 0 6 3 3 4 0 8 0 mcl16k 16384 11 0 0 2 0 2 2 0 8 0 mcl12k 12288 3 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 30 0 0 3 0 3 3 0 8 0 mcl4k 4096 328 0 0 18 7 11 18 0 8 0 mcl2k2 2112 14 0 0 1 0 1 1 0 8 0 mcl2k 2048 889 0 0 23 17 6 8 0 8 0 mtagpl 96 69 0 0 2 0 2 2 0 8 0 mbufpl 256 9499 0 0 427 0 427 427 0 8 0 bufpl 280 118730 0 106953 842 0 842 842 0 8 0 anonpl 24 8203086 0 8186456 908 780 128 168 0 185 0 amapchunkpl 152 2069620 0 2068712 620 569 51 53 0 158 9 amappl16 200 192824 0 192267 825 788 37 65 0 8 2 amappl15 192 33 0 33 15 15 0 1 0 8 0 amappl14 184 2969 0 2959 1 0 1 1 0 8 0 amappl13 176 69 0 68 23 22 1 1 0 8 0 amappl12 168 84870 0 84833 22 20 2 3 0 8 0 amappl11 160 54 0 43 1 0 1 1 0 8 0 amappl10 152 11 0 10 2 1 1 1 0 8 0 amappl9 144 144 0 143 2 1 1 1 0 8 0 amappl8 136 26 0 24 1 0 1 1 0 8 0 amappl7 128 2535 0 2524 1 0 1 1 0 8 0 amappl6 120 9478 0 9474 1 0 1 1 0 8 0 amappl5 112 4348 0 4338 1 0 1 1 0 8 0 amappl4 104 5068 0 5051 1 0 1 1 0 8 0 amappl3 96 414467 0 414324 11 6 5 5 0 8 0 amappl2 88 19496 0 19430 3 0 3 3 0 8 0 amappl1 80 397419 0 396884 62 48 14 22 0 8 0 amappl 88 598173 0 597934 10 3 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 143 0 13 3 0 3 3 0 8 0 uaddrrnd 24 68848 0 68812 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 68848 0 68812 1 0 1 1 0 8 0 vmmpekpl 168 519477 0 519400 12 7 5 5 0 8 0 vmmpepl 168 4466970 0 4464373 862 724 138 167 0 357 5 vmsppl 440 68847 0 68811 12 7 5 6 0 8 0 rwobjpl 56 1102934 0 1089583 268 76 192 197 0 8 0 pdppl 4096 137703 0 137622 2287 2202 85 115 0 8 4 pvpl 32 50689 0 0 398 0 398 398 0 265 0 pmappl 248 68847 0 68811 20 17 3 4 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 4637 0 3341 38 0 38 38 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace lf_advlock(ffff800001259e60,0,fffffd803d4af5d8,2,ffff800035bb9230,40) at lf_advlock+0x2f7 ls_ref sys/kern/vfs_lockf.c:138 [inline] lf_advlock(ffff800001259e60,0,fffffd803d4af5d8,2,ffff800035bb9230,40) at lf_advlock+0x2f7 sys/kern/vfs_lockf.c:278 VOP_ADVLOCK(fffffd8052aee488,fffffd803d4af5d8,2,ffff800035bb9230,40) at VOP_ADVLOCK+0x87 sys/kern/vfs_vops.c:620 closef(fffffd804671e7c8,ffff80002f5a67e8) at closef+0x140 syscall(ffff800035bb9360) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff800035bb9360) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9b6f3b86760, count: -5 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_const_cmp4(0,ffffffff) at __sanitizer_cov_trace_const_cmp4+0x35 kd_curproc sys/dev/kcov.c:590 [inline] __sanitizer_cov_trace_const_cmp4(0,ffffffff) at __sanitizer_cov_trace_const_cmp4+0x35 sys/dev/kcov.c:235 _rb_nfind(ffffffff8320d070,fffffd8004314000,fffffd8005b3cb20) at _rb_nfind+0x7c sys/kern/subr_tree.c:474 uvm_pmr_pnaddr(fffffd8004314000,fffffd8005b3cb20,ffff800029fe5700,ffff800029fe5708) at uvm_pmr_pnaddr+0x64 sys/uvm/uvm_pmemrange.c:302 uvm_pmr_insert_addr(fffffd8004314000,fffffd8005b3cb20,0) at uvm_pmr_insert_addr+0x91 sys/uvm/uvm_pmemrange.c:416 uvm_pmr_freepages(fffffd8005b3cb20,1) at uvm_pmr_freepages+0x2a1 uvm_pmr_insert sys/uvm/uvm_pmemrange.c:479 [inline] uvm_pmr_freepages(fffffd8005b3cb20,1) at uvm_pmr_freepages+0x2a1 sys/uvm/uvm_pmemrange.c:1320 pmap_do_remove(fffffd80658a8d90,721930ba000,721934ba000,0) at pmap_do_remove+0x873 sys/arch/amd64/amd64/pmap.c:1939 uvm_unmap_kill_entry_withlock(fffffd806955e538,fffffd806968fe18,0) at uvm_unmap_kill_entry_withlock+0x274 sys/uvm/uvm_map.c:1865 uvm_map_teardown(fffffd806955e538) at uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2498 uvmspace_free(fffffd806955e538) at uvmspace_free+0xcd sys/uvm/uvm_map.c:3422 reaper(ffff800029fd9448) at reaper+0x246 sys/kern/kern_exit.c:477 end trace frame: 0x0, count: -13