kernel: protection fault trap, code=0 Stopped at lf_advlock+0x2f7: incl 0x28(%r12) ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace lf_advlock(ffff80000118d5e0,0,fffffd806b173ba0,2,ffff80002a20ac40,40) at lf_advlock+0x2f7 ls_ref sys/kern/vfs_lockf.c:138 [inline] lf_advlock(ffff80000118d5e0,0,fffffd806b173ba0,2,ffff80002a20ac40,40) at lf_advlock+0x2f7 sys/kern/vfs_lockf.c:278 VOP_ADVLOCK(fffffd80686311c0,fffffd806b173ba0,2,ffff80002a20ac40,40) at VOP_ADVLOCK+0x87 sys/kern/vfs_vops.c:618 closef(fffffd806f9567c0,ffff80002a09b990) at closef+0x140 fdfree(ffff80002a09b990) at fdfree+0x116 sys/kern/kern_descrip.c:1190 exit1(ffff80002a09b990,0,0,1) at exit1+0x743 sys/kern/kern_exit.c:224 sys_exit(ffff80002a09b990,ffff80002a20ae90,ffff80002a20ade0) at sys_exit+0x1a syscall(ffff80002a20ae90) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80002a20ae90) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e2c0e8988c0, count: -8 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80002a20ab90 rbx 0 rdx 0xa rcx 0x9 rax 0 r8 0 r9 0x1 r10 0x30f4f2fc6abb6402 r11 0x6d868048672287c r12 0xdeafbeaddeafbead r13 0x2 r14 0xffff80000118d5e0 r15 0xffffffffffffffff rip 0xffffffff829ae767 lf_advlock+0x2f7 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002a20ab00 ss 0 lf_advlock+0x2f7: incl 0x28(%r12) ddb{1}> show proc PROC (syz-executor.0) tid=371314 pid=9471 tcnt=0 stat=onproc flags process=8001008 proc=2000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80002a09b990 scnt=-1 ecnt=1 forw=0xffffffffffffffff, list=0xffff8000ffff5988,0xffff80002a09a560 process=0xffff8000ffff1b50 user=0xffff80002a205000, vmspace=0xfffffd806b12b018 estcpu=36, cpticks=2, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 33190 431154 55981 0 2 0x8000000 syz-executor.3 24294 519843 90701 0 7 0x8000000 syz-executor.6 24294 387178 90701 0 3 0xc000000 lockflk syz-executor.6 58765 219527 29128 0 2 0x8000000 syz-executor.4 58765 32622 29128 0 3 0xc000080 fsleep syz-executor.4 70706 205882 29911 0 2 0x8000000 syz-executor.2 70706 101737 29911 0 3 0xc000080 fsleep syz-executor.2 10876 471071 91061 0 3 0x8000082 nanoslp syz-executor.0 29128 425286 91061 0 3 0x8000082 nanoslp syz-executor.4 44044 119428 91061 0 3 0x8000002 biowait syz-executor.7 90701 119470 91061 0 3 0x8000082 nanoslp syz-executor.6 34221 503177 71342 0 3 0x18100082 sbwait ndp 71342 51074 1 0 3 0x810008a sigsusp sh 65458 257117 91061 0 3 0x8000002 biowait syz-executor.5 29911 65533 91061 0 3 0x8000082 nanoslp syz-executor.2 55981 341027 91061 0 3 0x8000082 nanoslp syz-executor.3 79226 455553 91061 0 3 0x8000082 nanoslp syz-executor.1 91061 453405 98217 0 3 0x18000082 wait syz-execprog 91061 158302 98217 0 3 0x1c000082 nanoslp syz-execprog 91061 442557 98217 0 3 0x1c000082 kqread syz-execprog 91061 510595 98217 0 3 0x1c000082 thrsleep syz-execprog 91061 397176 98217 0 3 0x1c000082 wait syz-execprog 91061 384623 98217 0 3 0x1c000082 wait syz-execprog 91061 172350 98217 0 3 0x1c000082 wait syz-execprog 91061 300998 98217 0 3 0x1c000082 thrsleep syz-execprog 91061 140593 98217 0 3 0x1c000082 wait syz-execprog 91061 37147 98217 0 3 0x1c000082 thrsleep syz-execprog 91061 193838 98217 0 3 0x1c000082 thrsleep syz-execprog 91061 255450 98217 0 3 0x1c000082 wait syz-execprog 91061 231760 98217 0 3 0x1c000082 wait syz-execprog 91061 254662 98217 0 3 0x1c000082 wait syz-execprog 91061 182856 98217 0 3 0x1c000082 thrsleep syz-execprog 91061 307490 98217 0 3 0x1c000082 thrsleep syz-execprog 98217 480206 55473 0 3 0x810008a sigsusp ksh 55473 32968 16061 0 3 0x18000098 kqread sshd-session 16061 3564 84940 0 3 0x18000092 kqread sshd-session 90535 71268 1 0 3 0x18100083 ttyin getty 84940 422535 1 0 3 0x18000088 kqread sshd 99297 293841 50215 73 3 0x19100090 kqread syslogd 50215 75092 1 0 3 0x18100082 sbwait syslogd 72834 133997 1 0 3 0x18100080 kqread resolvd 23131 298913 57487 77 3 0x18100092 kqread dhcpleased 7056 61741 57487 77 3 0x18100092 kqread dhcpleased 57487 495611 1 0 3 0x18000080 kqread dhcpleased 68670 334837 0 0 3 0x14200 bored smr 25052 470400 0 0 2 0x14200 zerothread 6871 321979 0 0 3 0x14200 aiodoned aiodoned 83370 464516 0 0 3 0x14200 syncer update 62167 48888 0 0 3 0x14200 cleaner cleaner 10460 465682 0 0 3 0x14200 reaper reaper 79301 165355 0 0 3 0x14200 pgdaemon pagedaemon 38963 191145 0 0 3 0x14200 bored viomb 65243 162294 0 0 3 0x40014200 acpi0 acpi0 59608 137763 0 0 3 0x40014200 idle1 10262 310353 0 0 3 0x14200 bored softnet3 32529 172012 0 0 3 0x14200 bored softnet2 92458 48020 0 0 3 0x14200 bored softnet1 80882 316406 0 0 3 0x14200 bored softnet0 83159 494319 0 0 3 0x14200 bored systqmp 59234 445551 0 0 3 0x14200 bored systq 62341 282633 0 0 3 0x14200 tmoslp softclockmp 78928 422812 0 0 3 0x40014200 tmoslp softclock 88121 132326 0 0 3 0x40014200 idle0 1 293711 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 44044 (syz-executor.7) thread 0xffff80002a094f60 (119428) exclusive rrwlock inode r = 0 (0xfffffd806d028928) #0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:120 #5 ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1230 #6 ffs_inode_alloc+0x283 sys/ufs/ffs/ffs_alloc.c:393 #7 ufs_mkdir+0x113 sys/ufs/ufs/ufs_vnops.c:1112 #8 VOP_MKDIR+0x102 sys/kern/vfs_vops.c:394 #9 domkdirat+0x179 sys/kern/vfs_syscalls.c:3100 #10 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #10 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806ca893d0) #0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564 #5 vfs_lookup+0x109 sys/kern/vfs_lookup.c:418 #6 namei+0x7aa sys/kern/vfs_lookup.c:250 #7 domkdirat+0x8b sys/kern/vfs_syscalls.c:3085 #8 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #8 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #9 Xsyscall+0x128 Process 65458 (syz-executor.5) thread 0xffff80002a0942b8 (257117) exclusive rrwlock inode r = 0 (0xfffffd8072091818) #0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564 #5 vget+0x2bd sys/kern/vfs_subr.c:676 #6 ufs_ihashget+0x171 sys/ufs/ufs/ufs_ihash.c:95 #7 ffs_vget+0x8c sys/ufs/ffs/ffs_vfsops.c:1201 #8 ufs_lookup+0x19f8 sys/ufs/ufs/ufs_lookup.c:478 #9 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85 #10 vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566 #11 namei+0x7aa sys/kern/vfs_lookup.c:250 #12 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1852 #13 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #13 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #14 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806ca89920) #0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564 #5 vfs_lookup+0x109 sys/kern/vfs_lookup.c:418 #6 namei+0x7aa sys/kern/vfs_lookup.c:250 #7 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1852 #8 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] #8 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 #9 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10185 10088K 10100K 166960K 11269 0 pcb 17 12K 12K 166960K 17 0 rtable 234 6K 6K 166960K 400 0 pf 31 16K 16K 166960K 36 0 ifaddr 42 7K 7K 166960K 52 0 ifgroup 50 2K 2K 166960K 59 0 counters 64 36K 36K 166960K 68 0 ioctlops 0 0K 2K 166960K 31 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1259 79K 79K 166960K 3160 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 2 0K 0K 166960K 2 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 17 61K 85K 166960K 1886 0 proc 55 78K 103K 166960K 526 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 99 7K 7K 166960K 121 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 91 413K 413K 166960K 91 0 exec 0 0K 1K 166960K 410 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 259 75K 76K 166960K 18340 0 UVM aobj 3 2K 2K 166960K 3 0 pinsyscall 40 80K 104K 166960K 3201 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 11 0K 2K 166960K 33 0 temp 1 6808K 6872K 166960K 8224 0 kqueue 13 20K 20K 166960K 46 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 37 0 33 1 0 1 1 0 8 0 rtentry 112 132 0 22 4 0 4 4 0 8 0 unpcb 144 67 0 52 1 0 1 1 0 8 0 syncache 336 9 0 9 2 2 0 1 0 8 0 tcpcb 808 12 0 9 1 0 1 1 0 8 0 arp 120 22 0 4 1 0 1 1 0 8 0 inpcb 336 70 0 64 1 0 1 1 0 8 0 nd6 136 29 0 5 2 1 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 543 0 91 32 3 29 29 0 8 0 art_table 32 544 0 91 5 1 4 4 0 8 0 art_node 16 131 0 31 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 5209 0 3690 96 1 95 95 0 8 0 ffsino 272 5209 0 3690 102 0 102 102 0 8 0 nchpl 144 7216 0 5486 66 0 66 66 0 8 0 uvmvnodes 80 5218 0 0 107 0 107 107 0 8 0 vnodes 216 5218 0 0 290 0 290 290 0 8 0 namei 1024 41928 0 41927 6 5 1 2 0 8 0 percpumem 16 48 0 2 1 0 1 1 0 8 0 kstatmem 264 26 0 4 2 0 2 2 0 8 0 scxspl 216 19002 0 19000 10 9 1 8 1 8 0 plimitpl 152 59 0 42 1 0 1 1 0 8 0 sigapl 424 2215 0 2167 9 3 6 7 0 8 0 futexpl 64 9960 0 9958 3 2 1 1 0 8 0 knotepl 120 111 0 0 4 0 4 4 0 8 0 kqueuepl 216 42 0 33 1 0 1 1 0 8 0 pipepl 320 184 0 153 5 2 3 3 0 8 0 fdescpl 496 2197 0 2168 9 4 5 5 0 8 1 filepl 152 24417 0 24267 8 1 7 7 0 8 1 lockfpl 104 6834 0 6832 1 0 1 1 0 8 0 lockfspl 48 1717 0 1715 1 0 1 1 0 8 0 sessionpl 144 35 0 18 1 0 1 1 0 8 0 pgrppl 48 35 0 18 1 0 1 1 0 8 0 ucredpl 104 20778 0 20767 1 0 1 1 0 8 0 zombiepl 144 2169 0 2167 3 2 1 1 0 8 0 processpl 1160 2215 0 2167 5 1 4 4 0 8 0 procpl 648 3991 0 3925 9 2 7 7 0 8 0 srpgc 96 2 0 2 1 1 0 1 0 8 0 sockpl 664 174 0 149 4 1 3 3 0 8 0 mcl8k 8192 8 0 0 1 0 1 1 0 8 0 mcl4k 4096 8 0 0 1 0 1 1 0 8 0 mcl2k 2048 308 0 0 39 0 39 39 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 320 0 0 20 0 20 20 0 8 0 bufpl 280 6112 0 151 426 0 426 426 0 8 0 anonpl 24 378246 0 372946 68 34 34 56 0 185 1 amapchunkpl 152 59530 0 58896 45 17 28 29 0 158 1 amappl16 200 9455 0 9372 8 3 5 5 0 8 0 amappl15 192 23 0 23 2 2 0 1 0 8 0 amappl14 184 220 0 207 3 2 1 2 0 8 0 amappl13 176 12 0 11 2 1 1 1 0 8 0 amappl12 168 2962 0 2931 3 1 2 2 0 8 0 amappl11 160 52 0 42 1 0 1 1 0 8 0 amappl10 152 71 0 61 2 1 1 1 0 8 0 amappl9 144 409 0 409 2 2 0 1 0 8 0 amappl8 136 259 0 223 3 1 2 2 0 8 0 amappl7 128 242 0 222 3 1 2 2 0 8 0 amappl6 120 300 0 295 2 1 1 1 0 8 0 amappl5 112 203 0 195 1 0 1 1 0 8 0 amappl4 104 536 0 512 3 2 1 3 0 8 0 amappl3 96 13065 0 12979 5 2 3 3 0 8 0 amappl2 88 2845 0 2769 6 4 2 4 0 8 0 amappl1 80 20563 0 19986 33 20 13 23 0 8 0 amappl 88 17609 0 17430 8 3 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 2197 0 2168 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2197 0 2168 1 0 1 1 0 8 0 vmmpekpl 168 20737 0 20703 2 0 2 2 0 8 0 vmmpepl 168 139609 0 137775 132 46 86 120 0 357 2 vmsppl 440 2196 0 2168 5 1 4 4 0 8 0 rwobjpl 56 49889 0 43646 101 12 89 89 0 8 0 pdppl 4096 4401 0 4336 149 78 71 79 0 8 6 pvpl 32 49537 0 0 401 1 400 400 0 265 0 pmappl 248 2196 0 2168 5 3 2 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 457 0 91 11 0 11 11 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff83404ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff835095d0) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff835095d0) at __mp_lock+0x192 sys/kern/kern_lock.c:144 intr_handler(ffff80002a210360,ffff80000006bc00) at intr_handler+0xe1 sys/arch/amd64/amd64/intr.c:553 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f end of kernel end trace frame: 0x740487b68be0, count: -6 ddb{0}> machine ddbcpu 1 Stopped at lf_advlock+0x2f7: incl 0x28(%r12) ddb{1}> trace lf_advlock(ffff80000118d5e0,0,fffffd806b173ba0,2,ffff80002a20ac40,40) at lf_advlock+0x2f7 ls_ref sys/kern/vfs_lockf.c:138 [inline] lf_advlock(ffff80000118d5e0,0,fffffd806b173ba0,2,ffff80002a20ac40,40) at lf_advlock+0x2f7 sys/kern/vfs_lockf.c:278 VOP_ADVLOCK(fffffd80686311c0,fffffd806b173ba0,2,ffff80002a20ac40,40) at VOP_ADVLOCK+0x87 sys/kern/vfs_vops.c:618 closef(fffffd806f9567c0,ffff80002a09b990) at closef+0x140 fdfree(ffff80002a09b990) at fdfree+0x116 sys/kern/kern_descrip.c:1190 exit1(ffff80002a09b990,0,0,1) at exit1+0x743 sys/kern/kern_exit.c:224 sys_exit(ffff80002a09b990,ffff80002a20ae90,ffff80002a20ade0) at sys_exit+0x1a syscall(ffff80002a20ae90) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80002a20ae90) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e2c0e8988c0, count: -8