kernel: protection fault trap, code=0 Stopped at lf_advlock+0x2fa: incl 0x28(%r12) ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace lf_advlock(ffff800001448060,0,ffff800038823090,8,ffff80003c487010,50) at lf_advlock+0x2fa ls_ref sys/kern/vfs_lockf.c:138 [inline] lf_advlock(ffff800001448060,0,ffff800038823090,8,ffff80003c487010,50) at lf_advlock+0x2fa sys/kern/vfs_lockf.c:278 VOP_ADVLOCK(fffffd806b8fc1d8,ffff800038823090,8,ffff80003c487010,50) at VOP_ADVLOCK+0x87 sys/kern/vfs_vops.c:623 sys_fcntl(ffff80003b834568,ffff80003c487170,ffff80003c4870c0) at sys_fcntl+0x13e6 sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:-1 syscall(ffff80003c487170) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c487170) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1ae451b0610, count: -5 ddb{1}> show registers rdi 0xffff800038828000 rsi 0x9c2 rbp 0xffff80003c486f30 rbx 0x10000 __ALIGN_SIZE+0xf000 rdx 0xffff800038828000 rcx 0x9c1 rax 0xffffffff81b9022e witness_assert+0x4ee r8 0 r9 0x1 r10 0 r11 0x5d60676d95de96ac r12 0xdeadbeefdeadbeef r13 0x8 r14 0xffff80003c487010 r15 0x1 rip 0xffffffff81c5362a lf_advlock+0x2fa cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80003c486ea0 ss 0x10 lf_advlock+0x2fa: incl 0x28(%r12) ddb{1}> show proc PROC (syz-executor) tid=340213 pid=78309 tcnt=5 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=80, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003b834a98,0xffff80003b834fd8 process=0xffff800038825830 user=0xffff80003c482000, vmspace=0xfffffd800e3b1208 estcpu=30, cpticks=104, pctcpu=1.4, user=0, sys=104, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 30032 138317 17306 0 7 0 syz-executor 30032 199321 17306 0 2 0x4000000 syz-executor 65731 262268 33745 0 2 0 syz-executor 65731 521095 33745 0 2 0x4000000 syz-executor 60146 440048 99789 0 2 0 syz-executor 60146 422007 99789 0 3 0x4000080 fsleep syz-executor 62222 243055 78171 0 2 0 syz-executor 62222 209033 78171 0 3 0x4000080 fsleep syz-executor 63418 202786 58112 0 2 0 syz-executor 63418 353703 58112 0 3 0x4000080 fsleep syz-executor 63418 244957 58112 0 3 0x4000080 fsleep syz-executor 76630 172640 32324 0 3 0x80 nanoslp syz-executor 76630 207751 32324 0 3 0x4000080 fsleep syz-executor 76630 237345 32324 0 3 0x4000080 fsleep syz-executor 78309 54575 22198 0 2 0 syz-executor *78309 340213 22198 0 7 0x4000000 syz-executor 78309 31451 22198 0 2 0x4000000 syz-executor 78309 42499 22198 0 2 0x4000000 syz-executor 78309 219759 22198 0 2 0x4000000 syz-executor 30550 333983 0 0 3 0x14280 nfsidl nfsio 2469 417288 0 0 3 0x14280 nfsidl nfsio 62299 489373 0 0 3 0x14280 nfsidl nfsio 53704 62803 0 0 3 0x14280 nfsidl nfsio 65615 347828 0 0 3 0x14280 nfsidl nfsio 97818 259641 0 0 3 0x14280 nfsidl nfsio 52128 406364 0 0 3 0x14280 nfsidl nfsio 60495 274687 0 0 3 0x14280 nfsidl nfsio 55179 195108 0 0 3 0x14280 nfsidl nfsio 19146 441902 0 0 3 0x14280 nfsidl nfsio 52161 209628 0 0 3 0x14280 nfsidl nfsio 76078 40637 0 0 3 0x14280 nfsidl nfsio 26348 188789 0 0 3 0x14280 nfsidl nfsio 65425 314889 0 0 3 0x14280 nfsidl nfsio 67612 501733 0 0 3 0x14280 nfsidl nfsio 15516 267135 0 0 3 0x14280 nfsidl nfsio 93537 101447 0 0 3 0x14280 nfsidl nfsio 51167 372654 0 0 3 0x14280 nfsidl nfsio 86232 462922 0 0 3 0x14280 nfsidl nfsio 95892 255078 0 0 3 0x14280 nfsidl nfsio 78171 38620 43955 0 3 0x82 nanoslp syz-executor 51281 84651 0 0 3 0x14200 acct acct 61999 347863 0 0 3 0x14200 bored sosplice 22198 157313 43955 0 3 0x82 nanoslp syz-executor 99789 435522 43955 0 3 0x82 nanoslp syz-executor 34799 339180 43955 0 2 0x10000002 syz-executor 32324 130579 43955 0 3 0x82 nanoslp syz-executor 33745 442709 43955 0 3 0x82 nanoslp syz-executor 58112 361584 43955 0 3 0x82 nanoslp syz-executor 17306 307763 43955 0 3 0x82 nanoslp syz-executor 43955 325540 82801 0 3 0x82 kqread syz-executor 82801 33788 27390 0 3 0x10008a sigsusp ksh 27390 423640 98592 0 3 0x98 kqread sshd-session 98592 401050 22094 0 3 0x92 kqread sshd-session 6581 285060 1 0 3 0x100083 ttyopn getty 22094 135836 1 0 3 0x88 kqread sshd 39336 427215 17183 74 3 0x1100092 bpf pflogd 17183 181459 1 0 3 0x80 sbwait pflogd 9939 375734 77586 73 3 0x1100090 kqread syslogd 77586 265657 1 0 3 0x100082 sbwait syslogd 20450 465042 1 0 3 0x100080 kqread resolvd 36499 268224 79204 77 3 0x100092 kqread dhcpleased 45321 429619 79204 77 3 0x100092 kqread dhcpleased 79204 515830 1 0 3 0x80 kqread dhcpleased 10097 473433 0 0 3 0x14200 bored smr 8549 421555 0 0 2 0x14200 zerothread 36409 167779 0 0 3 0x14200 aiodoned aiodoned 38717 128445 0 0 3 0x14200 syncer update 30670 260369 0 0 3 0x14200 cleaner cleaner 69208 116300 0 0 3 0x14200 reaper reaper 37289 19011 0 0 3 0x14200 pgdaemon pagedaemon 20638 440114 0 0 3 0x14200 bored viomb 92671 128670 0 0 3 0x40014200 acpi0 acpi0 23288 277405 0 0 3 0x40014200 idle1 99401 328398 0 0 3 0x14200 bored softnet7 4876 240876 0 0 3 0x14200 bored softnet6 37942 429975 0 0 3 0x14200 bored softnet5 44541 95220 0 0 3 0x14200 bored softnet4 59643 398982 0 0 3 0x14200 bored softnet3 80328 27892 0 0 3 0x14200 bored softnet2 64008 233191 0 0 3 0x14200 bored softnet1 60294 31273 0 0 3 0x14200 bored softnet0 37031 306571 0 0 3 0x14200 bored systqmp 74393 391063 0 0 3 0x14200 bored systq 68087 438970 0 0 3 0x14200 tmoslp softclockmp 59215 6647 0 0 3 0x40014200 tmoslp softclock 53294 182777 0 0 3 0x40014200 idle0 1 423265 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 30032 (syz-executor) thread 0xffff80003b836a90 (199321) exclusive rwlock vmmaplk r = 0 (0xfffffd806ef7a108) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 vm_map_lock_ln+0x12e sys/uvm/uvm_map.c:5168 #3 uvmfault_lookup+0xe8 sys/uvm/uvm_fault.c:1918 #4 uvm_fault_check+0x895 uvmfault_amapcopy sys/uvm/uvm_fault.c:235 [inline] #4 uvm_fault_check+0x895 sys/uvm/uvm_fault.c:784 #5 uvm_fault+0x106 sys/uvm/uvm_fault.c:677 #6 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192 #7 usertrap+0x3c6 sys/arch/amd64/amd64/trap.c:603 #8 recall_trap+0x8 Process 65731 (syz-executor) thread 0xffff80003b837a20 (521095) exclusive rrwlock inode r = 0 (0xfffffd806f51bb38) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xa3 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vget+0x2a2 sys/kern/vfs_subr.c:693 #6 cache_lookup+0x351 sys/kern/vfs_cache.c:222 #7 ufs_lookup+0x1e3 sys/ufs/ufs/ufs_lookup.c:160 #8 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 #9 vfs_lookup+0x93a sys/kern/vfs_lookup.c:566 #10 namei+0x7ca sys/kern/vfs_lookup.c:250 #11 vn_open+0x15a sys/kern/vfs_vnops.c:140 #12 doopenat+0x35b sys/kern/vfs_syscalls.c:1138 #13 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #13 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:746 #14 Xsyscall+0x128 Process 78309 (syz-executor) thread 0xffff80003b834568 (340213) exclusive rwlock lockflk r = 0 (0xffffffff837b7aa8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 lf_advlock+0x227 sys/kern/vfs_lockf.c:260 #3 VOP_ADVLOCK+0x87 sys/kern/vfs_vops.c:623 #4 sys_fcntl+0x13e6 sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:-1 #5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:746 #6 Xsyscall+0x128 Process 78309 (syz-executor) thread 0xffff80003b8374f0 (219759) exclusive rrwlock inode r = 0 (0xfffffd806f07b208) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xa3 sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vget+0x2a2 sys/kern/vfs_subr.c:693 #6 cache_lookup+0x351 sys/kern/vfs_cache.c:222 #7 ufs_lookup+0x1e3 sys/ufs/ufs/ufs_lookup.c:160 #8 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 #9 vfs_lookup+0x93a sys/kern/vfs_lookup.c:566 #10 namei+0x7ca sys/kern/vfs_lookup.c:250 #11 vn_open+0x15a sys/kern/vfs_vnops.c:140 #12 doopenat+0x35b sys/kern/vfs_syscalls.c:1138 #13 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #13 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:746 #14 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10216 11040K 11247K 166960K 11657 0 pcb 18 15K 16K 166960K 190 0 rtable 203 8K 9K 166960K 338 0 pf 36 17K 18K 166960K 74 0 ifaddr 40 6K 7K 166960K 67 0 ifgroup 59 2K 2K 166960K 98 0 sysctl 3 1K 9K 166960K 8 0 counters 70 37K 37K 166960K 110 0 ioctlops 0 0K 4K 166960K 1573 0 iov 0 0K 14K 166960K 21 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1428 90K 91K 166960K 1682 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 9 0K 0K 166960K 13 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 89K 166960K 493 0 sigio 0 0K 0K 166960K 8 0 proc 72 115K 180K 166960K 594 0 subproc 72 4K 4K 166960K 81 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 113 0 in_multi 87 6K 6K 166960K 137 0 ether_multi 1 0K 0K 166960K 10 0 mrt 1 0K 0K 166960K 3 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 91 413K 413K 166960K 91 0 exec 0 0K 1K 166960K 399 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 253 160K 170K 166960K 6174 0 UVM aobj 13 6K 6K 166960K 13 0 pinsyscall 42 84K 104K 166960K 1597 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 27 0 NDP 13 0K 1K 166960K 43 0 temp 77 8648K 8714K 166960K 16222 0 kqueue 16 26K 31K 166960K 83 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 59 0 56 1 0 1 1 0 8 0 rtentry 176 115 0 31 4 0 4 4 0 8 0 unpcb 144 300 0 281 4 0 4 4 0 8 3 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 736 168 0 162 7 6 1 7 0 8 0 arp 128 13 0 4 1 0 1 1 0 8 0 inpcb 328 592 0 580 16 7 9 10 0 8 7 nd6 144 20 0 4 1 0 1 1 0 8 0 pkpcb 40 3 0 3 1 1 0 1 0 8 0 kcovpl 48 9 0 1 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1192 14 0 14 2 1 1 1 0 8 1 pppxif 1504 2 0 2 1 1 0 1 0 8 0 pffrag 232 2 0 0 1 0 1 1 0 482 0 pffrnode 88 2 0 0 1 0 1 1 0 8 0 pffrent 40 3 0 1 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 44 0 2 1 0 1 1 0 8 0 pfstkey 128 44 0 2 2 0 2 2 0 8 0 pfstate 384 44 0 2 5 0 5 5 0 8 0 pfrule 1344 22 0 17 2 1 1 2 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 513 0 114 30 4 26 28 0 8 0 art_table 40 515 0 114 5 0 5 5 0 8 0 art_node 32 115 0 41 1 0 1 1 0 8 0 sysvmsgpl 40 1 0 1 1 1 0 1 0 8 0 semapl 112 11 0 4 1 0 1 1 0 8 0 shmpl 112 10 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2213 0 706 95 0 95 95 0 8 0 ffsino 296 2213 0 706 117 0 117 117 0 8 0 nchpl 144 2891 0 1196 64 0 64 64 0 8 0 rtmask 32 4 0 4 2 1 1 1 0 8 1 uvmvnodes 80 2501 0 0 52 0 52 52 0 8 0 vnodes 216 2501 0 0 139 0 139 139 0 8 0 namei 1024 9408 0 9407 2 1 1 2 0 8 0 percpumem 16 70 0 20 1 0 1 1 0 8 0 kstatmem 264 54 0 24 4 1 3 3 0 8 1 scsiplug 72 4 0 4 1 1 0 1 0 8 0 scxspl 216 14399 0 14399 9 8 1 8 1 8 1 plimitpl 152 113 0 95 1 0 1 1 0 8 0 sigapl 424 815 0 739 9 0 9 9 0 8 0 knotepl 120 331 0 0 11 0 11 11 0 8 0 kqueuepl 224 185 0 172 5 2 3 3 0 8 2 pipepl 344 134 0 107 3 0 3 3 0 8 0 fdescpl 528 771 0 740 3 0 3 3 0 8 0 filepl 160 4252 0 4023 25 6 19 20 0 8 7 lockfpl 104 315 0 312 2 1 1 2 0 8 0 lockfspl 48 126 0 123 1 0 1 1 0 8 0 sessionpl 144 23 0 14 1 0 1 1 0 8 0 pgrppl 48 37 0 20 1 0 1 1 0 8 0 ucredpl 104 484 0 471 1 0 1 1 0 8 0 zombiepl 144 856 0 855 1 0 1 1 0 8 0 processpl 1232 815 0 739 6 0 6 6 0 8 0 procpl 664 1434 0 1346 9 1 8 8 0 8 0 sosppl 168 4 0 4 1 1 0 1 0 8 0 sockpl 752 970 0 936 26 15 11 20 0 8 7 mcl64k 65536 3 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 113 0 0 15 0 15 15 0 8 1 mcl2k 2048 35 0 0 5 0 5 5 0 8 0 mtagpl 96 1 0 0 1 0 1 1 0 8 0 mbufpl 256 148 0 0 10 0 10 10 0 8 0 bufpl 280 5883 0 122 412 0 412 412 0 8 0 anonpl 32 11126 0 0 90 0 90 90 0 246 0 amapchunkpl 152 19500 0 18946 31 4 27 27 0 158 3 amappl16 200 2940 0 2908 24 18 6 23 0 8 1 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 114 0 102 1 0 1 1 0 8 0 amappl13 176 5 0 5 1 1 0 1 0 8 0 amappl12 168 1423 0 1392 3 1 2 2 0 8 0 amappl11 160 52 0 38 1 0 1 1 0 8 0 amappl10 152 22 0 22 1 1 0 1 0 8 0 amappl9 144 250 0 250 1 1 0 1 0 8 0 amappl8 136 29 0 26 1 0 1 1 0 8 0 amappl7 128 127 0 113 1 0 1 1 0 8 0 amappl6 120 194 0 191 1 0 1 1 0 8 0 amappl5 112 135 0 126 1 0 1 1 0 8 0 amappl4 104 292 0 272 1 0 1 1 0 8 0 amappl3 96 3613 0 3490 5 1 4 4 0 8 0 amappl2 88 665 0 604 2 0 2 2 0 8 0 amappl1 80 9617 0 9023 15 2 13 15 0 8 0 amappl 88 5426 0 5246 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 12 0 0 1 0 1 1 0 8 0 uaddrrnd 24 771 0 740 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 771 0 740 1 0 1 1 0 8 0 vmmpekpl 168 7755 0 7714 3 0 3 3 0 8 0 vmmpepl 168 54519 0 52511 108 9 99 108 0 357 8 vmsppl 488 770 0 740 6 1 5 5 0 8 1 rwobjpl 80 19622 0 16162 72 0 72 72 0 8 0 pdppl 4096 1550 0 1480 102 30 72 84 0 8 2 pvpl 32 19974 0 0 162 0 162 162 0 265 0 pmappl 256 770 0 740 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 281 0 45 8 0 8 8 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff83781ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 end of kernel end trace frame: 0x7d92f2751820, count: -3 ddb{0}> machine ddbcpu 1 Stopped at lf_advlock+0x2fa: incl 0x28(%r12) ddb{1}> trace lf_advlock(ffff800001448060,0,ffff800038823090,8,ffff80003c487010,50) at lf_advlock+0x2fa ls_ref sys/kern/vfs_lockf.c:138 [inline] lf_advlock(ffff800001448060,0,ffff800038823090,8,ffff80003c487010,50) at lf_advlock+0x2fa sys/kern/vfs_lockf.c:278 VOP_ADVLOCK(fffffd806b8fc1d8,ffff800038823090,8,ffff80003c487010,50) at VOP_ADVLOCK+0x87 sys/kern/vfs_vops.c:623 sys_fcntl(ffff80003b834568,ffff80003c487170,ffff80003c4870c0) at sys_fcntl+0x13e6 sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:-1 syscall(ffff80003c487170) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c487170) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:746 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1ae451b0610, count: -5