kernel: protection fault trap, code=NUM (6)

kernel: protection fault trap, code=NUM (6)

Status: upstream: reported on 2022/11/10 22:10
Reported-by: syzbot+8eba244a293b9b0a46a3@syzkaller.appspotmail.com
First crash: 529d, last: 5d17h

▶ ▼ Similar bugs (5)

Kernel	Title	Repro	Count	Last	Reported	Patched	Status
openbsd	kernel: protection fault trap, code=NUM (3)		1	763d	763d	0/3	closed as invalid on 2022/03/22 11:48
openbsd	kernel: protection fault trap, code=NUM (5)		2	603d	604d	0/3	closed as dup on 2022/08/29 15:02
openbsd	kernel: protection fault trap, code=NUM (2)	C	16	845d	868d	0/3	closed as invalid on 2021/12/31 06:19
openbsd	kernel: protection fault trap, code=NUM		1	948d	948d	0/3	closed as invalid on 2021/09/18 05:58
openbsd	kernel: protection fault trap, code=NUM (4)		1	726d	726d	0/3	closed as invalid on 2022/04/28 06:52

Sample crash report:

exclusive kernel: protection fault trap, code=0
Faulted in DDB; continuing...
ddb{1}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf 10206   6757K    6778K 166960K     11924        0
            pcb    18     12K      12K 166960K       100        0
         rtable   237      7K       7K 166960K       558        0
             pf    32      9K      10K 166960K        70        0
         ifaddr    45     15K      15K 166960K        77        0
        ifgroup    55      2K       2K 166960K        96        0
         sysctl     2      0K       1K 166960K         3        0
       counters    64     36K      36K 166960K        90        0
       ioctlops     0      0K       4K 166960K      1523        0
            iov     0      0K      16K 166960K        49        0
          mount     1      1K       1K 166960K         1        0
            log     0      0K       0K 166960K         4        0
         vnodes  1497     94K      95K 166960K      1849        0
      UFS quota     1     32K      32K 166960K         1        0
      UFS mount     5     36K      36K 166960K         5        0
            shm     2      1K       5K 166960K         9        0
         VM map     2      1K       1K 166960K         2        0
            sem    12      0K       0K 166960K        43        0
        dirhash    12      2K       2K 166960K        12        0
           ACPI  1697    195K     286K 166960K     12548        0
      file desc    15     53K      89K 166960K       668        0
          sigio     0      0K       0K 166960K         5        0
           proc    70     91K     128K 166960K       705        0
        subproc   104      6K       7K 166960K       169        0
    NFS srvsock     1      0K       0K 166960K         1        0
     NFS daemon     1     16K      16K 166960K         1        0
    ip_moptions     0      0K       0K 166960K        69        0
       in_multi    99      7K       7K 166960K       161        0
    ether_multi     1      0K       0K 166960K         6        0
            mrt     1      0K       0K 166960K         8        0
    ISOFS mount     1     32K      32K 166960K         1        0
  MSDOSFS mount     1     16K      16K 166960K         1        0
           ttys    97    440K     440K 166960K        97        0
           exec     0      0K       1K 166960K       487        0
     pfkey data     0      0K       0K 166960K         1        0
            tdb     3      0K       0K 166960K         3        0
        VM swap     8     62K      64K 166960K        10        0
       UVM amap   299    113K     124K 166960K      8231        0
       UVM aobj    21      2K       2K 166960K        26        0
     pinsyscall    40     80K     108K 166960K      1972        0
        memdesc     1      4K       4K 166960K         1        0
    crypto data     1      1K       1K 166960K         1        0
    ip6_options     0      0K       0K 166960K        35        0
            NDP    14      0K       1K 166960K        51        0
           temp    75   6816K    7306K 166960K     23544        0
         kqueue    12     18K      28K 166960K       111        0
      SYN cache     2     16K      16K 166960K         2        0
ddb{1}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache    128       24    0        0     1     0     1     1     0     8    0
rtpcb      120       98    0       95     1     0     1     1     0     8    0
rtentry    112      179    0       69     4     0     4     4     0     8    0
unpcb      144      404    0      389     4     3     1     2     0     8    0
syncache   336        4    0        4     1     1     0     1     0     8    0
tcpqe       32       30    0       30     1     1     0     1     0     8    0
tcpcb      808      133    0      128     2     1     1     2     0     8    0
arp        120       32    0       14     1     0     1     1     0     8    0
inpcb      392      556    0      546     6     4     2     3     0     8    0
nd6        136       39    0       15     1     0     1     1     0     8    0
pkpcb       40        4    0        4     3     3     0     1     0     8    0
kcovpl      48       13    0        5     1     0     1     1     0     8    0
ppxss      1168       6    0        6     3     3     0     1     0     8    0
pffrag     232        7    0        6     1     0     1     1     0   482    0
pffrnode    88        7    0        6     1     0     1     1     0     8    0
pffrent     40       53    0       52     1     0     1     1     0     8    0
pfosfp      40     1428    0     1005     5     0     5     5     0     8    0
pfosfpen   112     1428    0      714    21     0    21    21     0     8    0
pfstitem    24       67    0       46     1     0     1     1     0     8    0
pfstkey    128       67    0       46     2     0     2     2     0     8    0
pfstate    376       67    0       46     4     0     4     4     0     8    0
pfrule     1344      21    0       16     2     1     1     2     0     8    0
art_heap8  4096       1    0        0     1     0     1     1     0     8    0
art_heap4  256      688    0      226    33     4    29    29     0     8    0
art_table   32      689    0      226     4     0     4     4     0     8    0
art_node    16      175    0       75     1     0     1     1     0     8    0
sysvmsgpl   40       13    0        8     1     0     1     1     0     8    0
semapl     112       41    0       31     1     0     1     1     0     8    0
shmpl      112       23    0        5     1     0     1     1     0     8    0
dirhash    1024      17    0        0     3     0     3     3     0     8    0
dino2pl    256     2458    0      935    96     0    96    96     0     8    0
ffsino     272     2458    0      935   103     0   103   103     0     8    0
nchpl      144     3502    0     1757    67     1    66    67     0     8    0
uvmvnodes   80     2908    0        0    60     0    60    60     0     8    0
vnodes     216     2908    0        0   162     0   162   162     0     8    0
namei      1024   12241    0    12240     2     1     1     2     0     8    0
percpumem   16       59    0       13     1     0     1     1     0     8    0
vcpupl     3904       7    0        0     1     0     1     1     0     8    0
vmpool     696        7    0        0     1     0     1     1     0     8    0
kstatmem   264       50    0       26     2     0     2     2     0     8    0
scxspl     216    15799    0    15797    12    11     1     8     1     8    0
plimitpl   152      104    0       88     1     0     1     1     0     8    0
sigapl     424      994    0      924    10     1     9     9     0     8    0
futexpl     64     7785    0     7781     2     1     1     1     0     8    0
knotepl    120      367    0        0    11     0    11    11     0     8    0
kqueuepl   216      180    0      172     1     0     1     1     0     8    0
pipepl     320      210    0      182     3     0     3     3     0     8    0
fdescpl    496      954    0      925     5     0     5     5     0     8    0
filepl     152     5210    0     4965    15     4    11    13     0     8    0
lockfpl    104      283    0      281     2     1     1     2     0     8    0
lockfspl    48      133    0      131     1     0     1     1     0     8    0
sessionpl  144       29    0       12     1     0     1     1     0     8    0
pgrppl      48       37    0       20     1     0     1     1     0     8    0
ucredpl    104      716    0      701     1     0     1     1     0     8    0
zombiepl   144      926    0      924     1     0     1     1     0     8    0
processpl  1136     994    0      924     6     0     6     6     0     8    0
procpl     656     1626    0     1536    10     1     9     9     0     8    0
srpgc       96        5    0        5     2     2     0     1     0     8    0
sosppl     168        9    0        9     4     4     0     1     0     8    0
sockpl     664     1073    0     1045    10     6     4     5     0     8    1
mcl64k     65536      2    0        0     1     0     1     1     0     8    0
mcl12k     12288      2    0        0     1     0     1     1     0     8    0
mcl8k      8192       3    0        0     1     0     1     1     0     8    0
mcl4k      4096       4    0        0     1     0     1     1     0     8    0
mcl2k      2048     305    0        0    39     1    38    39     0     8    0
mtagpl      96       14    0        0     1     0     1     1     0     8    0
mbufpl     256      359    0        0    21     0    21    21     0     8    0
bufpl      280     6757    0      502   447     0   447   447     0     8    0
anonpl      24   297551    0   291742    95    29    66    66     0   186   21
amapchunkpl 152   28156    0    27456    43     4    39    41     0   158    7
amappl16   200     7991    0     7880    33    25     8    19     0     8    0
amappl15   192       40    0       40     1     1     0     1     0     8    0
amappl14   184      192    0      177     2     1     1     2     0     8    0
amappl13   176       14    0       14     1     1     0     1     0     8    0
amappl12   168     1740    0     1706     3     1     2     2     0     8    0
amappl11   160       61    0       47     1     0     1     1     0     8    0
amappl10   152       51    0       42     1     0     1     1     0     8    0
amappl9    144      181    0      181     2     2     0     1     0     8    0
amappl8    136      189    0      154     2     0     2     2     0     8    0
amappl7    128       63    0       48     1     0     1     1     0     8    0
amappl6    120      420    0      400     2     1     1     2     0     8    0
amappl5    112      200    0      185     1     0     1     1     0     8    0
amappl4    104      595    0      555     2     0     2     2     0     8    0
amappl3     96     5554    0     5466     3     0     3     3     0     8    0
amappl2     88     1376    0     1301     5     3     2     5     0     8    0
amappl1     80    11745    0    11196    23    10    13    23     0     8    0
amappl      88     7605    0     7402     6     0     6     6     0    92    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma1024    1024       1    0        0     1     0     1     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      253    0      253     1     1     0     1     0     8    0
dma64       64        6    0        6     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       18    0       17     1     0     1     1     0     8    0
aobjpl      72       25    0        5     1     0     1     1     0     8    0
uaddrrnd    24      961    0      925     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24      961    0      925     1     0     1     1     0     8    0
vmmpekpl   168    11574    0    11511     4     0     4     4     0     8    0
vmmpepl    168    81255    0    79305   141    41   100   117     0   357    8
vmsppl     440      960    0      925     7     2     5     5     0     8    0
rwobjpl     56    30933    0    26833    62     3    59    59     0     8    0
pdppl      4096    1929    0     1857   136    58    78    81     0     8    6
pvpl        32    45396    0        0   369     2   367   368     0   265    0
pmappl     248      960    0      925     3     0     3     3     0     8    0
extentpl    40       56    0       38     1     0     1     1     0     8    0
phpool     112      446    0       71    11     0    11    11     0     8    0
ddb{1}> machine ddbcpu 0
Stopped at      x86_ipi_db+0x1e:        addq    $0x8,%rsp
x86_ipi_db(ffffffff82cddff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x68
savectx() at savectx+0xae
end of kernel
end trace frame: 0x765a9b9bc2c0, count: 10
ddb{0}> trace
x86_ipi_db(ffffffff82cddff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x68
savectx() at savectx+0xae
end of kernel
end trace frame: 0x765a9b9bc2c0, count: -5
ddb{0}> machine ddbcpu 1
Stopped at      db_enter+0x1c:  addq    $0x8,%rsp
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82890ff3) at panic+0x17b sys/kern/subr_prf.c:198
vop_generic_badop(ffff80002bb12a88) at vop_generic_badop+0x1f sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd8070053018,fffffd807f7cd018) at VOP_STRATEGY+0x9f sys/kern/vfs_vops.c:628
bwrite(fffffd807f7cd018) at bwrite+0x1d3 sys/kern/vfs_bio.c:757
VOP_BWRITE(fffffd807f7cd018) at VOP_BWRITE+0x4e sys/kern/vfs_vops.c:640
ufs_mkdir(ffff80002bb12d00) at ufs_mkdir+0x445 sys/ufs/ufs/ufs_vnops.c:1165
VOP_MKDIR(fffffd806afa5898,ffff80002bb12e60,ffff80002bb12e90,ffff80002bb12d90) at VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
domkdirat(ffff8000ffff7c50,ffffff9c,20000180,0) at domkdirat+0x125 sys/kern/vfs_syscalls.c:3077
syscall(ffff80002bb13010) at syscall+0x854 mi_syscall sys/sys/syscall_mi.h:180 [inline]
syscall(ffff80002bb13010) at syscall+0x854 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x161ee2966f0, count: 4
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82890ff3) at panic+0x17b sys/kern/subr_prf.c:198
vop_generic_badop(ffff80002bb12a88) at vop_generic_badop+0x1f sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd8070053018,fffffd807f7cd018) at VOP_STRATEGY+0x9f sys/kern/vfs_vops.c:628
bwrite(fffffd807f7cd018) at bwrite+0x1d3 sys/kern/vfs_bio.c:757
VOP_BWRITE(fffffd807f7cd018) at VOP_BWRITE+0x4e sys/kern/vfs_vops.c:640
ufs_mkdir(ffff80002bb12d00) at ufs_mkdir+0x445 sys/ufs/ufs/ufs_vnops.c:1165
VOP_MKDIR(fffffd806afa5898,ffff80002bb12e60,ffff80002bb12e90,ffff80002bb12d90) at VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
domkdirat(ffff8000ffff7c50,ffffff9c,20000180,0) at domkdirat+0x125 sys/kern/vfs_syscalls.c:3077
syscall(ffff80002bb13010) at syscall+0x854 mi_syscall sys/sys/syscall_mi.h:180 [inline]
syscall(ffff80002bb13010) at syscall+0x854 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x161ee2966f0, count: -11

Crashes (40):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Assets (help?)	Manager	Title
2024/04/17 23:29	openbsd	456e8b6ad58e	acc528cb	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	kernel: protection fault trap, code=NUM
2024/04/11 16:01	openbsd	123b2274d92c	3023abf0	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2024/04/08 08:15	openbsd	c112ccd4e935	ca620dd8	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2024/04/07 10:30	openbsd	424974cc1f1f	ca620dd8	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	kernel: protection fault trap, code=NUM
2024/04/07 03:23	openbsd	85fbf21ae5ae	ca620dd8	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2024/04/07 03:06	openbsd	85fbf21ae5ae	ca620dd8	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2024/04/06 11:26	openbsd	cd55b6bd00f2	ca620dd8	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2024/03/01 15:23	openbsd	609b293af4bd	83acf9e0	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2024/02/18 03:24	openbsd	246baf2dfc61	578f7538	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2024/01/25 20:19	openbsd	e4b6dfd5d051	cc4a4020	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	kernel: protection fault trap, code=NUM
2024/01/20 20:27	openbsd	e7a417afe28e	9bd8dcda	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2024/01/18 19:44	openbsd	d1ecb0c52710	239abf84	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/12/10 07:58	openbsd	2da541025cd9	28b24332	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/11/29 18:26	openbsd	9f01a767b73c	6e78f9ce	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/11/21 23:07	openbsd	075cc07cd6bf	cb976f63	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/11/11 20:36	openbsd	ec6cc5260a38	6d6dbf8a	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/09/15 17:55	openbsd	b065c5c7a8df	0b6a67ac	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/09/11 04:08	openbsd	53e9b61ae4ba	6654cf89	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/08/28 15:12	openbsd	32167f8f3f4d	7ba13a15	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	kernel: protection fault trap, code=NUM
2023/08/24 23:56	openbsd	5db6d8bd4d7e	6f19564f	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/07/26 09:19	openbsd	13a991eac7a5	4d1a770f	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/07/16 22:16	openbsd	bd027751b05c	35d9ecc5	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	kernel: protection fault trap, code=NUM
2023/07/16 01:38	openbsd	4d951e9375c9	35d9ecc5	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/07/14 04:20	openbsd	996ed212dfaa	d624500f	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-multicore	kernel: protection fault trap, code=NUM
2023/07/06 11:50	openbsd	acf644016ec1	ba5dba36	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/07/03 17:06	openbsd	8f881a559448	49fef1e5	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/07/01 15:26	openbsd	79a7ca0d25b8	bfc47836	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/05/30 21:12	openbsd	08ac1330e795	09898419	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/05/29 12:50	openbsd	83af2fa26020	cf184559	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/04/22 08:52	openbsd	1e5b016c5082	2b32bd34	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/04/21 13:44	openbsd	1e5b016c5082	2b32bd34	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/03/12 08:21	openbsd	1e5b016c5082	5205ef30	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/02/22 07:41	openbsd	1e5b016c5082	42a4d508	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/02/20 08:06	openbsd	1e5b016c5082	bcdf85f8	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/02/09 21:41	openbsd	0b18df416c37	07980f9d	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/02/06 18:34	openbsd	6c1aad9dfe4c	0a9c11b6	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/02/02 05:58	openbsd	b6a2b665f44a	16d19e30	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2023/01/17 13:40	openbsd	c6918e3c7e44	aedf5331	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2022/12/22 12:41	openbsd	6a5148d0c915	c692fab1	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM
2022/11/10 22:09	openbsd	f799f30eb9db	3ead01ad	.config	console log	report	[disk image] [bsd.gdb] [kernel image]	ci-openbsd-setuid	kernel: protection fault trap, code=NUM

* ~~Struck through~~ repros no longer work on HEAD.