kernel: protection fault trap, code=0
Stopped at memcmp+0x16: repe cmpsq (%rsi),%es:(%rdi)
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
the kernel did not panic
ddb{1}> trace
memcmp() at memcmp+0x16
pipex_unlink_session_locked(ffff8000373b92b0) at pipex_unlink_session_locked+0x137 sys/net/pipex.c:-1
pipex_destroy_all_sessions(ffff8000015ea000) at pipex_destroy_all_sessions+0xd9 pipex_rele_session sys/net/pipex.c:-1 [inline]
pipex_destroy_all_sessions(ffff8000015ea000) at pipex_destroy_all_sessions+0xd9 sys/net/pipex.c:151
pppacclose(637d,1,2000,ffff80003c3e4a88) at pppacclose+0x16f sys/net/if_pppx.c:1335
spec_close(ffff80002a31ca00) at spec_close+0x417 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd80693398c0,1,fffffd80097fd548,ffff80003c3e4a88) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156
vn_closefile(fffffd8062f67d10,ffff80003c3e4a88) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd8062f67d10,ffff80003c3e4a88) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd8062f67d10,ffff80003c3e4a88) at fdrop+0x121 sys/kern/kern_descrip.c:1281
closef(fffffd8062f67d10,ffff80003c3e4a88) at closef+0x192 sys/kern/kern_descrip.c:1265
fdfree(ffff80003c3e4a88) at fdfree+0x116 sys/kern/kern_descrip.c:1196
exit1(ffff80003c3e4a88,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff80003c3e4a88,ffff80002a31cd70,ffff80002a31ccc0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a31cd70) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a31cd70) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x70bc49d91050, count: -14
ddb{1}> show registers
rdi 0xffff8000373b93b4
rsi 0xdeafbeaddeafbeb1
rbp 0xffff80002a31c8a0
rbx 0xc
rdx 0xc
rcx 0x1
rax 0xffff8000299bdff0
r8 0xffffffffffffffff
r9 0x1
r10 0xc923bc609a9e6dba
r11 0xf3da6bdb30b645e4
r12 0xffff8000373b93b4
r13 0
r14 0xffff8000373b9c30
r15 0x4
rip 0xffffffff81ef8236 memcmp+0x16
cs 0x8
rflags 0x10203 __ALIGN_SIZE+0xf203
rsp 0xffff80002a31c838
ss 0x10
memcmp+0x16: repe cmpsq (%rsi),%es:(%rdi)
ddb{1}> show proc
PROC (syz-executor) tid=109021 pid=59199 tcnt=0 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
runpri=32, usrpri=52, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0xffff80003c3e4a88 scnt=-1 ecnt=1
forw=0xffffffffffffffff, list=0xffff80003c3e4028,0xffffffff839efa38
process=0xffff80003c3f61d0 user=0xffff80002a317000, vmspace=0xfffffd806c877b88
estcpu=2, cpticks=18, pctcpu=0.17, user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
52584 443464 24226 0 3 0x82 nanoslp syz-executor
26800 259178 0 0 3 0x14200 acct acct
95463 266963 24226 0 3 0x82 piperd syz-executor
12677 37594 24226 0 3 0x82 piperd syz-executor
98941 279325 24226 0 3 0x82 piperd syz-executor
23508 199033 24226 0 3 0x82 piperd syz-executor
47014 271076 24226 0 3 0x82 nanoslp syz-executor
10883 313397 24226 0 3 0x82 piperd syz-executor
24226 66473 1465 0 3 0x82 nanoslp syz-executor
1465 280134 63037 0 3 0x10008a sigsusp ksh
63037 32676 93 0 3 0x98 kqread sshd-session
93 427301 89405 0 3 0x92 kqread sshd-session
31823 56185 1 0 3 0x100083 ttyin getty
89405 3091 1 0 3 0x88 kqread sshd
34499 197822 82260 74 3 0x1100092 bpf pflogd
82260 15756 1 0 3 0x80 sbwait pflogd
80386 510644 85420 73 3 0x1100090 kqread syslogd
85420 368139 1 0 3 0x100082 sbwait syslogd
71771 457375 1 0 3 0x100080 kqread resolvd
36511 474461 83732 77 7 0x100013 dhcpleased
60862 17846 83732 77 3 0x100092 kqread dhcpleased
83732 42135 1 0 3 0x80 kqread dhcpleased
55988 232724 0 0 3 0x14200 bored smr
93825 518793 0 0 3 0x14200 pgzero zerothread
16070 268795 0 0 3 0x14200 aiodoned aiodoned
96971 391833 0 0 3 0x14200 syncer update
3680 309563 0 0 3 0x14200 cleaner cleaner
7886 327419 0 0 3 0x14200 reaper reaper
22619 396308 0 0 3 0x14200 pgdaemon pagedaemon
87395 79970 0 0 3 0x14200 bored viomb
96291 376400 0 0 3 0x40014200 acpi0 acpi0
76743 104879 0 0 3 0x40014200 idle1
35169 217485 0 0 3 0x14200 bored softnet1
54767 363274 0 0 2 0x14200 softnet0
35889 319898 0 0 3 0x14200 bored systqmp
52143 424488 0 0 3 0x14200 bored systq
2919 271968 0 0 3 0x14200 tmoslp softclockmp
3322 492023 0 0 3 0x40014200 tmoslp softclock
77507 497997 0 0 3 0x40014200 idle0
1 376931 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex /syzkaller/managers/multicore/kernel/sys/net/pipex.c:78 r = 0 (0xffffffff838cfd70)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 pipex_destroy_all_sessions+0x2f sys/net/pipex.c:144
#3 pppacclose+0x16f sys/net/if_pppx.c:1335
#4 spec_close+0x417 sys/kern/spec_vnops.c:-1
#5 VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156
#6 vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
#6 vn_closefile+0x12b sys/kern/vfs_vnops.c:615
#7 fdrop+0x121 sys/kern/kern_descrip.c:1281
#8 closef+0x192 sys/kern/kern_descrip.c:1265
#9 fdfree+0x116 sys/kern/kern_descrip.c:1196
#10 exit1+0x576 sys/kern/kern_exit.c:215
#11 sys_exit+0x1a sys/kern/kern_exit.c:-1
#12 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#12 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
#13 Xsyscall+0x128
Process 54767 (softnet0) thread 0xffff8000ffffe7c8 (363274)
shared rwlock softnet0 r = 0 (0xffff80000002c078)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 taskq_thread+0x12a sys/kern/kern_task.c:442
#2 proc_trampoline+0x10
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11066 12090K 12282K 166960K 12449 0
pcb 17 15K 17K 166960K 137 0
rtable 209 7K 8K 166960K 447 0
pf 34 17K 19K 166960K 83 0
ifaddr 39 6K 7K 166960K 69 0
ifgroup 55 2K 2K 166960K 106 0
sysctl 1 1K 9K 166960K 5 0
counters 74 37K 38K 166960K 110 0
ioctlops 0 0K 4K 166960K 1506 0
iov 0 0K 28K 166960K 12 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1364 86K 86K 166960K 1729 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 4 0
VM map 2 1K 1K 166960K 2 0
sem 4 0K 0K 166960K 5 0
dirhash 12 2K 2K 166960K 15 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 11 37K 93K 166960K 369 0
sigio 0 0K 0K 166960K 11 0
proc 72 115K 163K 166960K 593 0
subproc 63 3K 5K 166960K 252 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 16 0
in_multi 77 5K 7K 166960K 117 0
ether_multi 1 0K 0K 166960K 2 0
mrt 0 0K 0K 166960K 16 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 67 307K 307K 166960K 67 0
exec 0 0K 1K 166960K 466 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 2 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 190 150K 172K 166960K 4892 0
UVM aobj 7 2K 2K 166960K 7 0
pinsyscall 36 72K 107K 166960K 1572 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 4 0
NDP 12 0K 2K 166960K 46 0
temp 39 9074K 9138K 166960K 15368 0
kqueue 13 20K 28K 166960K 45 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 51 0 48 1 0 1 1 0 8 0
rtentry 176 133 0 45 6 0 6 6 0 8 0
unpcb 144 167 0 150 4 0 4 4 0 8 3
syncache 336 4 0 4 2 1 1 1 0 8 1
tcpqe 32 1 0 1 1 0 1 1 0 8 1
tcpcb 736 38 0 33 1 0 1 1 0 8 0
arp 136 22 0 6 1 0 1 1 0 8 0
inpcb 328 484 0 476 12 10 2 12 0 8 1
nd6 152 30 0 9 1 0 1 1 0 8 0
pkpcb 40 2 0 2 2 1 1 1 0 8 1
kcovpl 48 28 0 21 1 0 1 1 0 8 0
ppxss 1192 13 0 11 3 2 1 1 0 8 0
pffrag 232 1 0 0 1 0 1 1 0 482 0
pffrnode 88 1 0 0 1 0 1 1 0 8 0
pffrent 40 1 0 0 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 34 0 11 1 0 1 1 0 8 0
pfstkey 128 34 0 11 2 0 2 2 0 8 0
pfstate 448 34 0 11 4 0 4 4 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 543 0 173 29 5 24 29 0 8 0
art_table 40 544 0 173 5 0 5 5 0 8 0
art_node 32 133 0 57 1 0 1 1 0 8 0
sysvmsgpl 40 1 0 1 1 0 1 1 0 8 1
semapl 112 2 0 0 1 0 1 1 0 8 0
shmpl 112 4 0 0 1 0 1 1 0 8 0
dirhash 1024 19 0 2 3 0 3 3 0 8 0
dino2pl 256 1910 0 424 94 0 94 94 0 8 0
ffsino 296 1910 0 424 115 0 115 115 0 8 0
nchpl 144 2321 0 603 64 0 64 64 0 8 0
rtmask 32 2 0 1 2 1 1 1 0 8 0
vnodes 216 2296 0 0 128 0 128 128 0 8 0
namei 1024 7939 0 7939 1 0 1 1 0 8 1
percpumem 16 70 0 18 1 0 1 1 0 8 0
kstatmem 264 60 0 32 5 2 3 3 0 8 1
scsiplug 72 2 0 2 2 1 1 1 0 8 1
scxspl 216 8029 0 8029 11 3 8 8 1 8 8
plimitpl 152 68 0 50 1 0 1 1 0 8 0
sigapl 424 653 0 611 7 1 6 7 0 8 0
knotepl 120 289 0 0 9 0 9 9 0 8 0
kqueuepl 224 70 0 60 1 0 1 1 0 8 0
pipepl 344 203 0 176 3 0 3 3 0 8 0
fdescpl 528 636 0 611 3 0 3 3 0 8 1
filepl 160 3318 0 3113 22 6 16 16 0 8 5
lockfpl 104 120 0 118 1 0 1 1 0 8 0
lockfspl 48 26 0 24 1 0 1 1 0 8 0
sessionpl 144 44 0 35 1 0 1 1 0 8 0
pgrppl 48 138 0 122 1 0 1 1 0 8 0
ucredpl 104 217 0 203 1 0 1 1 0 8 0
zombiepl 144 613 0 611 1 0 1 1 0 8 0
processpl 1232 653 0 611 5 0 5 5 0 8 0
procpl 664 946 0 904 6 1 5 6 0 8 0
sockpl 752 705 0 677 24 14 10 17 0 8 6
mcl64k 65536 5 0 0 1 0 1 1 0 8 0
mcl16k 16384 3 0 0 1 0 1 1 0 8 0
mcl8k 8192 3 0 0 1 0 1 1 0 8 0
mcl4k 4096 115 0 0 15 0 15 15 0 8 0
mcl2k 2048 16 0 0 2 0 2 2 0 8 0
mtagpl 96 7 0 0 1 0 1 1 0 8 0
mbufpl 256 239 0 0 15 0 15 15 0 8 0
bufpl 280 2759 0 106 190 0 190 190 0 8 0
anonpl 32 5411 0 0 44 0 44 44 0 246 0
amapchunkpl 152 14602 0 14253 25 5 20 25 0 158 3
amappl16 200 2085 0 2066 5 3 2 5 0 8 0
amappl15 192 4 0 4 1 1 0 1 0 8 0
amappl14 184 449 0 448 1 0 1 1 0 8 0
amappl13 176 130 0 118 1 0 1 1 0 8 0
amappl12 168 917 0 893 2 0 2 2 0 8 0
amappl11 160 2 0 2 1 1 0 1 0 8 0
amappl10 152 68 0 54 1 0 1 1 0 8 0
amappl9 144 262 0 262 1 1 0 1 0 8 0
amappl8 136 112 0 110 1 0 1 1 0 8 0
amappl7 128 159 0 146 1 0 1 1 0 8 0
amappl6 120 173 0 171 1 0 1 1 0 8 0
amappl5 112 111 0 100 1 0 1 1 0 8 0
amappl4 104 304 0 282 1 0 1 1 0 8 0
amappl3 96 2686 0 2604 3 0 3 3 0 8 0
amappl2 88 556 0 494 2 0 2 2 0 8 0
amappl1 80 10833 0 10251 18 2 16 16 0 8 3
amappl 88 4082 0 3962 4 0 4 4 0 92 0
uvmvnodes 80 104 0 0 3 0 3 3 0 8 0
dma32768 32768 1 0 1 1 1 0 1 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma512 512 1 0 1 1 0 1 1 0 8 1
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 254 0 254 2 2 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 6 0 0 1 0 1 1 0 8 0
uaddrrnd 24 636 0 611 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 636 0 611 1 0 1 1 0 8 0
vmmpekpl 168 7492 0 7448 3 0 3 3 0 8 0
vmmpepl 168 49404 0 47790 95 5 90 90 0 357 8
vmsppl 488 635 0 611 5 1 4 5 0 8 0
rwobjpl 80 16789 0 15812 24 0 24 24 0 8 0
pdppl 4096 1279 0 1222 113 44 69 87 0 8 12
pvpl 32 11124 0 0 91 1 90 90 0 265 0
pmappl 256 635 0 611 3 1 2 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 293 0 55 8 0 8 8 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
ddb{0}> trace
x86_ipi_db(ffffffff838f7ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff839700c0) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff839700c0) at __mp_lock+0x192 sys/kern/kern_lock.c:173
ktrsysret(ffff80002a242d08,48,0,ffff80002a27a270) at ktrsysret+0xde ktrwrite2 sys/kern/kern_ktrace.c:-1 [inline]
ktrsysret(ffff80002a242d08,48,0,ffff80002a27a270) at ktrsysret+0xde sys/kern/kern_ktrace.c:209
syscall(ffff80002a27a320) at syscall+0xa51 mi_syscall_return sys/sys/syscall_mi.h:204 [inline]
syscall(ffff80002a27a320) at syscall+0xa51 sys/arch/amd64/amd64/trap.c:804
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x71e9fedfdc30, count: -7
ddb{0}> machine ddbcpu 1
Stopped at memcmp+0x16: repe cmpsq (%rsi),%es:(%rdi)
ddb{1}> trace
memcmp() at memcmp+0x16
pipex_unlink_session_locked(ffff8000373b92b0) at pipex_unlink_session_locked+0x137 sys/net/pipex.c:-1
pipex_destroy_all_sessions(ffff8000015ea000) at pipex_destroy_all_sessions+0xd9 pipex_rele_session sys/net/pipex.c:-1 [inline]
pipex_destroy_all_sessions(ffff8000015ea000) at pipex_destroy_all_sessions+0xd9 sys/net/pipex.c:151
pppacclose(637d,1,2000,ffff80003c3e4a88) at pppacclose+0x16f sys/net/if_pppx.c:1335
spec_close(ffff80002a31ca00) at spec_close+0x417 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd80693398c0,1,fffffd80097fd548,ffff80003c3e4a88) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156
vn_closefile(fffffd8062f67d10,ffff80003c3e4a88) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd8062f67d10,ffff80003c3e4a88) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd8062f67d10,ffff80003c3e4a88) at fdrop+0x121 sys/kern/kern_descrip.c:1281
closef(fffffd8062f67d10,ffff80003c3e4a88) at closef+0x192 sys/kern/kern_descrip.c:1265
fdfree(ffff80003c3e4a88) at fdfree+0x116 sys/kern/kern_descrip.c:1196
exit1(ffff80003c3e4a88,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff80003c3e4a88,ffff80002a31cd70,ffff80002a31ccc0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a31cd70) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a31cd70) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x70bc49d91050, count: -14