kernel: protection fault trap, code=0 Stopped at sys_msgrcv+0x304: movq 0x10(%r13),%rdi ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace sys_msgrcv(ffff80002e73b220,ffff8000373d5ec0,ffff8000373d5e10) at sys_msgrcv+0x304 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80002e73b220,ffff8000373d5ec0,ffff8000373d5e10) at sys_msgrcv+0x304 sys/kern/sysv_msg.c:349 syscall(ffff8000373d5ec0) at syscall+0x854 mi_syscall sys/sys/syscall_mi.h:180 [inline] syscall(ffff8000373d5ec0) at syscall+0x854 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x512262584e0, count: -3 ddb{1}> show registers rdi 0 rsi 0x20000108 rbp 0xffff8000373d5de0 rbx 0 rdx 0xffff800000e00240 rcx 0xffff80002e73b220 rax 0xd r8 0x7f7fffffc000 r9 0x1 r10 0x88cdb3d94d7251bd r11 0x1ad2adc40df730a r12 0xfffffd805c62be38 r13 0xdeaf4152deaf4152 r14 0xffff800000df2600 r15 0xd rip 0xffffffff815cf2f4 sys_msgrcv+0x304 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff8000373d5d40 ss 0 sys_msgrcv+0x304: movq 0x10(%r13),%rdi ddb{1}> show proc PROC (syz-executor.5) tid=178587 pid=91359 tcnt=4 stat=onproc flags process=8000010 proc=4000000 runpri=4, usrpri=74, slppri=4, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002e73bc60,0xffff80002a2ed228 process=0xffff800036d9dac0 user=0xffff8000373d0000, vmspace=0xfffffd8065bcb528 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 73487 244004 16347 32767 7 0x8000010 syz-executor.7 73487 135571 16347 32767 3 0xc000090 fsleep syz-executor.7 51760 288929 90720 32767 2 0x8000010 syz-executor.1 8760 236259 50793 32767 2 0x8000010 syz-executor.6 8760 320362 50793 32767 2 0xc000010 syz-executor.6 8760 434267 50793 32767 3 0xc000090 fsleep syz-executor.6 91359 101122 98261 32767 2 0x8000010 syz-executor.5 *91359 178587 98261 32767 7 0xc000010 syz-executor.5 91359 374840 98261 32767 3 0xc000090 fsleep syz-executor.5 91359 161866 98261 32767 3 0xc000090 fsleep syz-executor.5 9073 193545 58062 32767 3 0x8000090 nanoslp syz-executor.3 9073 466965 58062 32767 3 0xc000090 kqread syz-executor.3 9073 113835 58062 32767 3 0xc000090 fsleep syz-executor.3 61680 420810 8741 32767 2 0x8000010 syz-executor.4 61680 78616 8741 32767 2 0xc000010 syz-executor.4 42861 106960 12250 32767 3 0x8000090 nanoslp syz-executor.0 42861 241893 12250 32767 3 0xc000090 msgwait syz-executor.0 42861 366507 12250 32767 3 0xc000090 fsleep syz-executor.0 74464 13218 93731 32767 3 0x8000090 nanoslp syz-executor.2 74464 411975 93731 32767 3 0xc000090 netacc syz-executor.2 37122 34588 0 0 3 0x14200 bored sosplice 58062 6834 5637 32767 3 0x8000090 nanoslp syz-executor.3 12250 341914 18834 32767 3 0x8000090 nanoslp syz-executor.0 8741 315064 37726 32767 3 0x8000090 nanoslp syz-executor.4 98261 436293 29856 32767 3 0x8000090 nanoslp syz-executor.5 90720 164875 67291 32767 3 0x8000090 nanoslp syz-executor.1 37726 501989 25805 0 3 0x8000082 wait syz-executor.4 16347 248566 93975 32767 3 0x8000090 nanoslp syz-executor.7 18834 10548 25805 0 3 0x8000082 wait syz-executor.0 29856 486100 25805 0 3 0x8000082 wait syz-executor.5 93731 272898 69318 32767 3 0x8000090 nanoslp syz-executor.2 50793 149739 66594 32767 3 0x8000090 nanoslp syz-executor.6 69318 274935 25805 0 3 0x8000082 wait syz-executor.2 93975 186992 25805 0 3 0x8000082 wait syz-executor.7 66594 126363 25805 0 3 0x8000082 wait syz-executor.6 67291 325595 25805 0 3 0x8000082 wait syz-executor.1 5637 461374 25805 0 3 0x8000082 wait syz-executor.3 25805 323057 65794 0 3 0x1a000082 wait syz-fuzzer 25805 472040 65794 0 3 0x1e000082 thrsleep syz-fuzzer 25805 142264 65794 0 3 0x1e000082 wait syz-fuzzer 25805 121453 65794 0 3 0x1e000082 thrsleep syz-fuzzer 25805 394638 65794 0 3 0x1e000082 wait syz-fuzzer 25805 246573 65794 0 3 0x1e000082 wait syz-fuzzer 25805 151414 65794 0 3 0x1e000082 thrsleep syz-fuzzer 25805 19787 65794 0 3 0x1e000082 wait syz-fuzzer 25805 227452 65794 0 3 0x1e000082 wait syz-fuzzer 25805 363371 65794 0 3 0x1e000082 wait syz-fuzzer 25805 513045 65794 0 3 0x1e000082 wait syz-fuzzer 25805 80710 65794 0 3 0x1e000082 thrsleep syz-fuzzer 25805 371986 65794 0 3 0x1e000082 kqread syz-fuzzer 25805 287279 65794 0 3 0x1e000082 thrsleep syz-fuzzer 25805 122813 65794 0 3 0x1e000082 thrsleep syz-fuzzer 65794 154651 23422 0 3 0x810008a sigsusp ksh 23422 495721 24229 0 3 0x1800009a kqread sshd 91794 193668 1 0 3 0x18100083 ttyin getty 24229 319325 1 0 3 0x18000088 kqread sshd 53312 371675 77165 73 2 0x19100010 syslogd 77165 231991 1 0 3 0x18100082 sbwait syslogd 89778 86482 1 0 3 0x18100080 kqread resolvd 677 396786 86189 77 3 0x18100092 kqread dhcpleased 49352 503054 86189 77 3 0x18100092 kqread dhcpleased 86189 33149 1 0 3 0x18000080 kqread dhcpleased 98659 72701 0 0 3 0x14200 bored smr 13329 439343 0 0 3 0x14200 pgzero zerothread 89066 86539 0 0 3 0x14200 aiodoned aiodoned 96497 63109 0 0 3 0x14200 syncer update 69711 260381 0 0 3 0x14200 cleaner cleaner 32598 94901 0 0 3 0x14200 reaper reaper 69717 473281 0 0 3 0x14200 pgdaemon pagedaemon 16614 479859 0 0 3 0x14200 bored viomb 86556 353907 0 0 3 0x40014200 acpi0 acpi0 72801 378155 0 0 3 0x40014200 idle1 56780 422026 0 0 3 0x14200 bored softnet3 4404 506634 0 0 3 0x14200 bored softnet2 49038 132633 0 0 3 0x14200 bored softnet1 32133 377928 0 0 3 0x14200 bored softnet0 68191 511734 0 0 3 0x14200 bored systqmp 56964 181992 0 0 3 0x14200 bored systq 95542 11292 0 0 3 0x14200 tmoslp softclockmp 77743 241351 0 0 3 0x40014200 tmoslp softclock 66642 400695 0 0 3 0x40014200 idle0 1 84996 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 73487 (syz-executor.7) thread 0xffff80002a213730 (244004) shared rwlock vmmaplk r = 0 (0xfffffd8065bcbcf8) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1785 #2 uvm_fault_check+0x3e sys/uvm/uvm_fault.c:672 #3 uvm_fault+0xf2 sys/uvm/uvm_fault.c:600 #4 upageflttrap+0x8e sys/arch/amd64/amd64/trap.c:188 #5 usertrap+0x22a sys/arch/amd64/amd64/trap.c:436 #6 recall_trap+0x8 Process 8760 (syz-executor.6) thread 0xffff80002a212540 (320362) exclusive rrwlock inode r = 0 (0xfffffd806a1e72c0) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 rw_enter+0x32d sys/kern/kern_rwlock.c:309 #2 rrw_enter+0x91 sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518 #4 ufs_ihashins+0x46 #5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1230 #6 ffs_inode_alloc+0x1e4 sys/ufs/ffs/ffs_alloc.c:393 #7 ufs_mkdir+0xe6 sys/ufs/ufs/ufs_vnops.c:1117 #8 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388 #9 domkdirat+0x125 sys/kern/vfs_syscalls.c:3077 #10 syscall+0x854 mi_syscall sys/sys/syscall_mi.h:180 [inline] #10 syscall+0x854 sys/arch/amd64/amd64/trap.c:577 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806b464c58) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 rw_enter+0x32d sys/kern/kern_rwlock.c:309 #2 rrw_enter+0x91 sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518 #4 vn_lock+0x85 sys/kern/vfs_vnops.c:564 #5 vfs_lookup+0xd3 sys/kern/vfs_lookup.c:418 #6 namei+0x56a sys/kern/vfs_lookup.c:250 #7 domkdirat+0x79 sys/kern/vfs_syscalls.c:3062 #8 syscall+0x854 mi_syscall sys/sys/syscall_mi.h:180 [inline] #8 syscall+0x854 sys/arch/amd64/amd64/trap.c:577 #9 Xsyscall+0x128 Process 91359 (syz-executor.5) thread 0xffff80002e73b220 (178587) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82e8da90) #0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x446 sys/kern/subr_witness.c:1157 #1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227 #2 mi_switch+0x491 sys/kern/sched_bsd.c:470 #3 sleep_finish+0x19a sys/kern/kern_synch.c:417 #4 rwsleep+0xb3 sys/kern/kern_synch.c:300 #5 uvn_get+0x17d sys/uvm/uvm_vnode.c:1083 #6 uvm_fault_lower+0x368 sys/uvm/uvm_fault.c:1284 #7 uvm_fault+0x255 sys/uvm/uvm_fault.c:637 #8 kpageflttrap+0x238 sys/arch/amd64/amd64/trap.c:279 #9 kerntrap+0xf2 sys/arch/amd64/amd64/trap.c:332 #10 alltraps_kern_meltdown+0x7b #11 copyout+0x57 #12 syscall+0x854 mi_syscall sys/sys/syscall_mi.h:180 [inline] #12 syscall+0x854 sys/arch/amd64/amd64/trap.c:577 #13 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10174 6407K 6419K 166960K 11252 0 pcb 17 12K 12K 166960K 17 0 rtable 236 6K 6K 166960K 352 0 pf 29 8K 8K 166960K 29 0 ifaddr 44 15K 15K 166960K 46 0 ifgroup 50 2K 2K 166960K 50 0 sysctl 1 0K 0K 166960K 1 0 counters 64 36K 36K 166960K 64 0 ioctlops 0 0K 2K 166960K 30 0 iov 0 0K 8K 166960K 7 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1363 86K 86K 166960K 1389 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 5 0 VM map 2 1K 1K 166960K 2 0 sem 12 1K 1K 166960K 18 0 dirhash 12 2K 2K 166960K 15 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 26 97K 117K 166960K 235 0 sigio 0 0K 0K 166960K 2 0 proc 57 90K 115K 166960K 483 0 subproc 104 6K 6K 166960K 104 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 36 0 in_multi 99 7K 7K 166960K 100 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 61 281K 281K 166960K 61 0 exec 0 0K 1K 166960K 374 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 332 80K 97K 166960K 4375 0 UVM aobj 8 2K 2K 166960K 8 0 pinsyscall 46 92K 108K 166960K 1342 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 0K 166960K 17 0 NDP 11 0K 1K 166960K 27 0 temp 52 6814K 6878K 166960K 4288 0 kqueue 13 20K 24K 166960K 50 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 45 0 41 1 0 1 1 0 8 0 rtentry 112 112 0 1 4 0 4 4 0 8 0 unpcb 144 121 0 101 1 0 1 1 0 8 0 syncache 336 5 0 5 2 2 0 1 0 8 0 tcpqe 32 45 0 45 1 1 0 1 0 8 0 tcpcb 808 78 0 72 2 1 1 2 0 8 0 arp 120 18 0 0 1 0 1 1 0 8 0 inpcb 384 207 0 193 5 3 2 3 0 8 0 ip6q 72 1 0 1 1 1 0 1 0 8 0 ip6af 40 2 0 2 1 1 0 1 0 8 0 nd6 136 25 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 455 0 0 29 0 29 29 0 8 0 art_table 32 456 0 0 4 0 4 4 0 8 0 art_node 16 111 0 10 1 0 1 1 0 8 0 sysvmsgpl 40 6 0 3 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 15 0 5 1 0 1 1 0 8 0 shmpl 112 5 0 0 1 0 1 1 0 8 0 dirhash 1024 19 0 2 3 0 3 3 0 8 0 dino2pl 256 1727 0 204 96 0 96 96 0 8 0 ffsino 272 1727 0 204 102 0 102 102 0 8 0 nchpl 144 2138 0 367 66 0 66 66 0 8 0 uvmvnodes 80 1840 0 0 38 0 38 38 0 8 0 vnodes 216 1840 0 0 103 0 103 103 0 8 0 namei 1024 7253 0 7252 3 2 1 3 0 8 0 percpumem 16 46 0 0 1 0 1 1 0 8 0 kstatmem 264 22 0 0 2 0 2 2 0 8 0 scxspl 216 10294 0 10282 10 4 6 8 1 8 5 plimitpl 152 126 0 102 2 0 2 2 0 8 1 sigapl 424 534 0 478 7 0 7 7 0 8 0 futexpl 64 1849 0 1843 3 2 1 1 0 8 0 knotepl 120 118 0 0 4 0 4 4 0 8 0 kqueuepl 216 61 0 51 1 0 1 1 0 8 0 pipepl 320 149 0 120 3 0 3 3 0 8 0 fdescpl 496 515 0 478 7 1 6 6 0 8 0 filepl 152 2504 0 2237 11 0 11 11 0 8 0 lockfpl 104 28 0 25 1 0 1 1 0 8 0 lockfspl 48 14 0 11 1 0 1 1 0 8 0 sessionpl 144 23 0 7 1 0 1 1 0 8 0 pgrppl 48 25 0 9 1 0 1 1 0 8 0 ucredpl 104 243 0 225 1 0 1 1 0 8 0 zombiepl 144 478 0 478 1 0 1 1 0 8 1 processpl 1136 534 0 478 5 0 5 5 0 8 0 procpl 656 676 0 594 7 0 7 7 0 8 0 sosppl 168 4 0 4 2 1 1 1 0 8 1 sockpl 664 376 0 338 5 1 4 4 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 10 0 0 2 0 2 2 0 8 0 mcl2k 2048 293 0 0 37 0 37 37 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 421 0 0 25 0 25 25 0 8 0 bufpl 280 5719 0 186 396 0 396 396 0 8 0 anonpl 24 208737 0 202680 65 1 64 64 0 186 22 amapchunkpl 152 14562 0 13736 44 1 43 43 0 158 10 amappl16 200 5566 0 5457 21 3 18 18 0 8 10 amappl15 192 9 0 9 1 1 0 1 0 8 0 amappl14 184 195 0 185 2 1 1 2 0 8 0 amappl13 176 5 0 5 1 1 0 1 0 8 0 amappl12 168 1144 0 1104 3 1 2 3 0 8 0 amappl11 160 51 0 41 1 0 1 1 0 8 0 amappl10 152 74 0 66 1 0 1 1 0 8 0 amappl9 144 227 0 227 2 2 0 1 0 8 0 amappl8 136 154 0 120 2 0 2 2 0 8 0 amappl7 128 46 0 34 1 0 1 1 0 8 0 amappl6 120 317 0 305 2 1 1 2 0 8 0 amappl5 112 165 0 152 1 0 1 1 0 8 0 amappl4 104 530 0 496 2 0 2 2 0 8 0 amappl3 96 3418 0 3311 3 0 3 3 0 8 0 amappl2 88 946 0 865 4 2 2 4 0 8 0 amappl1 80 9692 0 9174 22 10 12 22 0 8 0 amappl 88 3844 0 3599 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 7 0 0 1 0 1 1 0 8 0 uaddrrnd 24 515 0 478 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 515 0 478 1 0 1 1 0 8 0 vmmpekpl 168 8819 0 8765 3 0 3 3 0 8 0 vmmpepl 168 53276 0 51089 114 8 106 114 0 357 10 vmsppl 440 514 0 478 5 0 5 5 0 8 0 rwobjpl 56 22410 0 19490 48 4 44 47 0 8 0 pdppl 4096 1037 0 956 111 30 81 91 0 8 0 pvpl 32 48753 0 0 395 1 394 394 0 265 0 pmappl 248 514 0 478 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 417 0 37 11 0 11 11 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff82c8eff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82e8d888) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82e8d888) at __mp_lock+0x122 sys/kern/kern_lock.c:147 intr_handler(ffff8000373c8dd0,ffff80000006bc00) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:539 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f __mp_lock(ffffffff82e8d888) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82e8d888) at __mp_lock+0x129 sys/kern/kern_lock.c:147 uvm_fault(fffffd8065bcbc08,d8aa4fc7000,0,1) at uvm_fault+0x189 sys/uvm/uvm_fault.c:622 upageflttrap(ffff8000373c9150,d8aa4fc7000) at upageflttrap+0x8e sys/arch/amd64/amd64/trap.c:188 usertrap(ffff8000373c9150) at usertrap+0x22a sys/arch/amd64/amd64/trap.c:436 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7bbe53fad4f0, count: -11 ddb{0}> machine ddbcpu 1 Stopped at sys_msgrcv+0x304: movq 0x10(%r13),%rdi ddb{1}> trace sys_msgrcv(ffff80002e73b220,ffff8000373d5ec0,ffff8000373d5e10) at sys_msgrcv+0x304 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80002e73b220,ffff8000373d5ec0,ffff8000373d5e10) at sys_msgrcv+0x304 sys/kern/sysv_msg.c:349 syscall(ffff8000373d5ec0) at syscall+0x854 mi_syscall sys/sys/syscall_mi.h:180 [inline] syscall(ffff8000373d5ec0) at syscall+0x854 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x512262584e0, count: -3