kernel: protection fault trap, code=0 Stopped at lf_advlock+0x21f: addl $0x1,0x28(%rbx) ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace lf_advlock(ffff800000bda460,0,fffffd806c8a3ba0,2,ffff80002e389710,40) at lf_advlock+0x21f ls_ref sys/kern/vfs_lockf.c:140 [inline] lf_advlock(ffff800000bda460,0,fffffd806c8a3ba0,2,ffff80002e389710,40) at lf_advlock+0x21f sys/kern/vfs_lockf.c:281 VOP_ADVLOCK(fffffd807491d5f0,fffffd806c8a3ba0,2,ffff80002e389710,40) at VOP_ADVLOCK+0x71 sys/kern/vfs_vops.c:628 sys_fcntl(ffff80002528fa48,ffff80002e389798,ffff80002e3897f0) at sys_fcntl+0xa8b syscall(ffff80002e389860) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002e389860) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xbb0c7bdb8a0, count: -5 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80002e389620 rbx 0xdead4110dead4110 rdx 0 rcx 0x5 rax 0xffff80002528fa48 r8 0xffff80002e389710 r9 0x40 r10 0x694384f1f1b9a8e8 r11 0x3ee359e85ae1693b r12 0x2 r13 0xffffffffffffffff r14 0xffff800000bda460 r15 0 rip 0xffffffff817e493f lf_advlock+0x21f cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002e389590 ss 0x10 lf_advlock+0x21f: addl $0x1,0x28(%rbx) ddb{0}> show proc PROC (syz-executor.2) pid=353077 stat=onproc flags process=10 proc=4000000 pri=32, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff80002528e7e8,0xffff80002528f7b8 process=0xffff8000fffea158 user=0xffff80002e384000, vmspace=0xfffffd807904e188 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 64643 522902 85750 32767 2 0x490 syz-executor.0 64643 28695 85750 32767 3 0x4000090 fsleep syz-executor.0 64643 177540 85750 32767 3 0x4000090 fsleep syz-executor.0 50346 366733 3265 32767 2 0x10 syz-executor.2 *50346 353077 3265 32767 7 0x4000010 syz-executor.2 50346 20344 3265 32767 3 0x4000010 lockflk syz-executor.2 99172 353500 53664 32767 2 0x490 syz-executor.3 99172 158118 53664 32767 3 0x4000090 fsleep syz-executor.3 99172 329036 53664 32767 3 0x4000090 fsleep syz-executor.3 98967 6265 19468 32767 3 0x90 nanoslp syz-executor.7 98967 308880 19468 32767 3 0x4000090 fsleep syz-executor.7 98967 98487 19468 32767 3 0x4000090 fsleep syz-executor.7 98967 263599 19468 32767 3 0x4000090 fsleep syz-executor.7 53664 229285 28276 32767 3 0x90 nanoslp syz-executor.3 28276 368812 85676 0 3 0x82 wait syz-executor.3 86599 192463 4927 32767 3 0x90 nanoslp syz-executor.4 4927 521221 85676 0 3 0x82 wait syz-executor.4 17330 104021 0 0 3 0x14200 bored sosplice 57141 150094 7810 32767 7 0x10 syz-executor.6 19468 505755 62708 32767 2 0x490 syz-executor.7 7810 35361 85676 0 3 0x82 wait syz-executor.6 18138 476996 80303 32767 3 0x10 getblk syz-executor.5 62708 184100 85676 0 3 0x82 wait syz-executor.7 80303 10812 85676 0 3 0x82 wait syz-executor.5 3265 111450 76204 32767 3 0x90 nanoslp syz-executor.2 76204 132152 85676 0 3 0x82 wait syz-executor.2 79749 98417 48286 32767 2 0x10 syz-executor.1 85750 150341 87610 32767 3 0x90 nanoslp syz-executor.0 48286 375831 85676 0 3 0x82 wait syz-executor.1 87610 445240 85676 0 3 0x82 wait syz-executor.0 85676 128363 2590 0 3 0x82 thrsleep syz-fuzzer 85676 404241 2590 0 2 0x4000082 syz-fuzzer 85676 148425 2590 0 2 0x4000082 syz-fuzzer 85676 459448 2590 0 3 0x4000082 thrsleep syz-fuzzer 85676 7746 2590 0 3 0x4000082 thrsleep syz-fuzzer 85676 137304 2590 0 3 0x4000082 thrsleep syz-fuzzer 85676 147704 2590 0 3 0x4000082 kqread syz-fuzzer 85676 305056 2590 0 3 0x4000082 thrsleep syz-fuzzer 2590 2866 5760 0 3 0x10008a sigsusp ksh 5760 78180 68688 0 2 0x9a sshd 57722 442210 1 0 3 0x100083 ttyin getty 68688 143318 1 0 3 0x88 kqread sshd 65243 433420 17332 73 3 0x1100090 kqread syslogd 17332 83232 1 0 3 0x100082 netio syslogd 15502 414766 1 0 3 0x100080 kqread resolvd 40479 365686 46746 77 3 0x100092 kqread dhcpleased 79100 397109 46746 77 3 0x100092 kqread dhcpleased 46746 359779 1 0 3 0x80 kqread dhcpleased 37500 408451 0 0 3 0x14200 bored smr 5484 486329 0 0 2 0x14200 zerothread 97779 483552 0 0 3 0x14200 aiodoned aiodoned 951 325030 0 0 3 0x14200 syncer update 25351 470938 0 0 3 0x14200 cleaner cleaner 38636 521107 0 0 3 0x14200 reaper reaper 95688 512930 0 0 3 0x14200 pgdaemon pagedaemon 32606 326331 0 0 3 0x14200 bored viomb 95810 316252 0 0 3 0x40014200 acpi0 acpi0 97161 207738 0 0 3 0x40014200 idle1 44842 244293 0 0 3 0x14200 bored softnet 37335 175451 0 0 3 0x14200 bored softnet 73936 214849 0 0 3 0x14200 bored softnet 92930 218865 0 0 3 0x14200 bored softnet 80034 199441 0 0 3 0x14200 bored systqmp 98833 517111 0 0 3 0x14200 bored systq 19377 328911 0 0 3 0x40014200 bored softclock 44839 443059 0 0 3 0x40014200 idle0 1 149479 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 1: exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff82a778f0) #0 witness_lock+0x44d #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b sys/kern/kern_lock.c:266 #3 uvm_pmr_freepages+0x10c sys/uvm/uvm_pmemrange.c:1289 #4 uvm_km_pgremove_intrsafe+0x91 sys/uvm/uvm_km.c:307 #5 uvm_unmap_kill_entry_withlock+0x156 sys/uvm/uvm_map.c:2148 #6 uvm_unmap_remove+0x3b9 sys/uvm/uvm_map.c:2263 #7 uvm_unmap+0x92 vm_map_unlock_ln sys/uvm/uvm_map.c:5493 [inline] #7 uvm_unmap+0x92 sys/uvm/uvm_map.c:2069 #8 free+0x218 sys/kern/kern_malloc.c:442 #9 ufs_readdir+0x3ab sys/ufs/ufs/ufs_vnops.c:1509 #10 VOP_READDIR+0xbf sys/kern/vfs_vops.c:460 #11 sys_getdents+0x20d sys/kern/vfs_syscalls.c:3171 #12 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #12 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #13 Xsyscall+0x128 exclusive mutex &map->mtx r = 0 (0xffffffff82ba00e0) #0 witness_lock+0x44d #1 mtx_enter_try+0x100 #2 mtx_enter+0x4b sys/kern/kern_lock.c:266 #3 vm_map_lock_ln+0x118 sys/uvm/uvm_map.c:5466 #4 uvm_unmap+0x78 sys/uvm/uvm_map.c:2068 #5 free+0x218 sys/kern/kern_malloc.c:442 #6 ufs_readdir+0x3ab sys/ufs/ufs/ufs_vnops.c:1509 #7 VOP_READDIR+0xbf sys/kern/vfs_vops.c:460 #8 sys_getdents+0x20d sys/kern/vfs_syscalls.c:3171 #9 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #9 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #10 Xsyscall+0x128 Process 50346 (syz-executor.2) thread 0xffff80002528fa48 (353077) exclusive rwlock lockflk r = 0 (0xffffffff82953d70) #0 witness_lock+0x44d #1 lf_advlock+0x189 sys/kern/vfs_lockf.c:263 #2 VOP_ADVLOCK+0x71 sys/kern/vfs_vops.c:628 #3 sys_fcntl+0xa8b #4 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #4 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #5 Xsyscall+0x128 Process 57141 (syz-executor.6) thread 0xffff80002528f268 (150094) exclusive rrwlock inode r = 0 (0xfffffd8074d5fb48) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:579 #5 sys_getdents+0x19a sys/kern/vfs_syscalls.c:3156 #6 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #6 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #7 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82a30b18) #0 witness_lock+0x44d #1 syscall+0x3ef mi_syscall sys/sys/syscall_mi.h:93 [inline] #1 syscall+0x3ef sys/arch/amd64/amd64/trap.c:585 #2 Xsyscall+0x128 Process 18138 (syz-executor.5) thread 0xffff80002528e008 (476996) exclusive rrwlock inode r = 0 (0xfffffd8074d5f5f8) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:579 #5 vn_closefile+0xc6 vn_close sys/kern/vfs_vnops.c:298 [inline] #5 vn_closefile+0xc6 sys/kern/vfs_vnops.c:624 #6 fdrop+0xc7 sys/kern/kern_descrip.c:1279 #7 closef+0x11c sys/kern/kern_descrip.c:1263 #8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #9 Xsyscall+0x128 Process 79749 (syz-executor.1) thread 0xffff8000fffee2a0 (98417) exclusive rrwlock inode r = 0 (0xfffffd806e4bda30) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534 #4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140 #5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1347 #6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394 #7 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162 #8 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404 #9 domkdirat+0x121 sys/kern/vfs_syscalls.c:3101 #10 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #10 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd8068e782b8) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:579 #5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413 #6 namei+0x36a sys/kern/vfs_lookup.c:245 #7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3086 #8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #9 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10180 6408K 6420K 78643K 11279 0 pcb 13 10K 12K 78643K 15 0 rtable 234 6K 6K 78643K 508 0 ifaddr 81 16K 16K 78643K 103 0 sysctl 2 0K 0K 78643K 2 0 counters 56 35K 35K 78643K 62 0 ioctlops 0 0K 2K 78643K 79 0 iov 0 0K 12K 78643K 228 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1271 79K 79K 78643K 1900 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 32 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 509 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 22 81K 125K 78643K 1956 0 sigio 0 0K 0K 78643K 1 0 proc 56 78K 115K 78643K 627 0 subproc 104 6K 6K 78643K 143 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 152 0 in_multi 99 6K 7K 78643K 156 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 79 360K 360K 78643K 79 0 exec 0 0K 2K 78643K 993 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 269 87K 97K 78643K 13357 0 UVM aobj 130 4K 4K 78643K 139 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 36 0 NDP 11 0K 2K 78643K 36 0 temp 124 4794K 4794K 78643K 8013 0 kqueue 12 18K 26K 78643K 259 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 98 0 95 1 0 1 1 0 8 0 rtentry 112 144 0 34 4 0 4 4 0 8 0 unpcb 136 1904 0 1891 13 10 3 8 0 8 2 syncache 296 23 0 23 4 3 1 1 0 8 1 tcpqe 32 3 0 3 3 3 0 1 0 8 0 tcpcb 736 1866 0 1849 23 17 6 11 0 8 2 arp 120 24 0 6 1 0 1 1 0 8 0 inpcb 312 2627 0 2616 18 12 6 9 0 8 4 nd6 48 33 0 9 1 0 1 1 0 8 0 kcovpl 48 11 0 3 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 584 0 132 29 0 29 29 0 8 0 art_table 32 585 0 132 4 0 4 4 0 8 0 art_node 16 143 0 43 1 0 1 1 0 8 0 semapl 112 507 0 497 1 0 1 1 0 8 0 shmpl 112 136 0 9 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 4146 0 2716 90 0 90 90 0 8 0 ffsino 272 4146 0 2716 96 0 96 96 0 8 0 nchpl 144 6880 0 5244 63 0 63 63 0 8 0 uvmvnodes 80 4298 0 0 88 0 88 88 0 8 0 vnodes 224 4298 0 0 253 0 253 253 0 8 0 namei 1024 25539 0 25538 2 1 1 2 0 8 0 percpumem 16 43 0 3 1 0 1 1 0 8 0 kstatmem 264 28 0 6 2 0 2 2 0 8 0 scxspl 216 18584 0 18584 12 11 1 8 0 8 1 plimitpl 152 201 0 179 2 1 1 2 0 8 0 sigapl 424 2231 0 2179 7 0 7 7 0 8 0 futexpl 64 17381 0 17374 1 0 1 1 0 8 0 knotepl 120 580 0 0 17 0 17 17 0 8 0 kqueuepl 216 1020 0 1010 18 13 5 5 0 8 4 pipepl 336 643 0 614 16 8 8 8 0 8 5 fdescpl 496 2213 0 2180 7 2 5 6 0 8 0 filepl 152 16414 0 16161 29 12 17 18 0 8 7 lockfpl 104 225 0 223 1 0 1 1 0 8 0 lockfspl 48 97 0 95 1 0 1 1 0 8 0 sessionpl 144 26 0 10 1 0 1 1 0 8 0 pgrppl 48 33 0 17 1 0 1 1 0 8 0 ucredpl 96 2775 0 2757 1 0 1 1 0 8 0 zombiepl 144 2180 0 2179 1 0 1 1 0 8 0 processpl 1064 2231 0 2179 5 1 4 5 0 8 0 procpl 672 5900 0 5832 8 1 7 8 0 8 1 sosppl 168 39 0 39 4 4 0 1 0 8 0 sockpl 480 4710 0 4683 81 69 12 29 0 8 8 mcl64k 65536 14 0 0 2 0 2 2 0 8 0 mcl16k 16384 4 0 0 1 0 1 1 0 8 0 mcl12k 12288 8 0 0 1 0 1 1 0 8 0 mcl9k 9216 12 0 0 1 0 1 1 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 15 0 0 2 0 2 2 0 8 0 mcl2k2 2112 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 245 0 0 23 1 22 22 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 1036 0 0 62 0 62 62 0 8 0 bufpl 288 6267 0 140 438 0 438 438 0 8 0 anonpl 24 447599 0 435533 145 50 95 125 0 186 11 amapchunkpl 152 38863 0 38245 48 17 31 39 0 158 2 amappl16 200 7375 0 7035 74 55 19 43 0 8 0 amappl15 192 303 0 300 1 0 1 1 0 8 0 amappl14 184 552 0 545 1 0 1 1 0 8 0 amappl13 176 328 0 323 1 0 1 1 0 8 0 amappl12 168 221 0 216 1 0 1 1 0 8 0 amappl11 160 83 0 68 1 0 1 1 0 8 0 amappl10 152 45 0 41 1 0 1 1 0 8 0 amappl9 144 759 0 752 1 0 1 1 0 8 0 amappl8 136 1031 0 964 3 0 3 3 0 8 0 amappl7 128 501 0 487 1 0 1 1 0 8 0 amappl6 120 494 0 471 2 1 1 2 0 8 0 amappl5 112 1817 0 1797 1 0 1 1 0 8 0 amappl4 104 945 0 916 2 0 2 2 0 8 0 amappl3 96 6403 0 6353 2 0 2 2 0 8 0 amappl2 88 2817 0 2749 3 1 2 3 0 8 0 amappl1 80 54763 0 54081 19 3 16 19 0 8 0 amappl 88 12782 0 12607 6 1 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 138 0 9 3 0 3 3 0 8 0 uaddrrnd 24 2213 0 2180 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2213 0 2180 1 0 1 1 0 8 0 vmmpekpl 168 22469 0 22415 3 0 3 3 0 8 0 vmmpepl 168 219365 0 216848 160 33 127 144 0 357 7 vmsppl 368 2212 0 2180 4 0 4 4 0 8 0 rwobjpl 56 60962 0 55220 84 2 82 82 0 8 0 pdppl 4096 4433 0 4360 141 60 81 95 0 8 8 pvpl 32 930680 0 913613 241 66 175 239 0 265 22 pmappl 248 2212 0 2180 4 1 3 3 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 957 0 101 25 0 25 25 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace lf_advlock(ffff800000bda460,0,fffffd806c8a3ba0,2,ffff80002e389710,40) at lf_advlock+0x21f ls_ref sys/kern/vfs_lockf.c:140 [inline] lf_advlock(ffff800000bda460,0,fffffd806c8a3ba0,2,ffff80002e389710,40) at lf_advlock+0x21f sys/kern/vfs_lockf.c:281 VOP_ADVLOCK(fffffd807491d5f0,fffffd806c8a3ba0,2,ffff80002e389710,40) at VOP_ADVLOCK+0x71 sys/kern/vfs_vops.c:628 sys_fcntl(ffff80002528fa48,ffff80002e389798,ffff80002e3897f0) at sys_fcntl+0xa8b syscall(ffff80002e389860) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002e389860) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xbb0c7bdb8a0, count: -5 ddb{0}> machine ddbcpu 1