kernel: protection fault trap, code=0 Stopped at sys_msgrcv+0x3f2: movq 0x10(%r13),%rdi ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace sys_msgrcv(ffff80003c985cb8,ffff80003c9b5e20,ffff80003c9b5d70) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80003c985cb8,ffff80003c9b5e20,ffff80003c9b5d70) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff80003c9b5e20) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9b5e20) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x69de1474520, count: -3 ddb> show registers rdi 0 rsi 0x200000001208 rbp 0xffff80003c9b5d50 rbx 0 rdx 0xffff8000014367c0 rcx 0 rax 0xa r8 0x7f7fffffc000 r9 0 r10 0x32baa48347d71fd3 r11 0x5ba9c25d0eacee2e r12 0xfffffd806a7b9e10 r13 0xdeafbeaddeafbead r14 0xffff800001564200 r15 0xa rip 0xffffffff81b1ab32 sys_msgrcv+0x3f2 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff80003c9b5cb0 ss 0x10 sys_msgrcv+0x3f2: movq 0x10(%r13),%rdi ddb> show proc PROC (syz-executor) tid=350098 pid=76672 tcnt=5 stat=onproc flags process=0 proc=4000000 runpri=36, usrpri=83, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c985258,0xffff80002a7f87f8 process=0xffff80003c987b80 user=0xffff80003c9b0000, vmspace=0xfffffd80707d0a20 estcpu=33, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 65920 492119 63224 0 2 0 syz-executor 37769 271527 2300 0 2 0 syz-executor 37769 302194 2300 0 3 0x4000080 kqsel syz-executor 93850 284820 13549 0 2 0 syz-executor 93850 15700 13549 0 3 0x4000080 fsleep syz-executor 93850 443311 13549 0 2 0x4000000 syz-executor 93245 150470 5111 0 2 0 syz-executor 93245 205325 5111 0 3 0x4000080 fsleep syz-executor 93245 141098 5111 0 2 0x4000000 syz-executor 93245 461926 5111 0 2 0x4000000 syz-executor 5111 314533 71705 0 3 0x82 nanoslp syz-executor 49650 140772 88575 0 2 0 syz-executor 49650 129705 88575 0 3 0x4000080 fsleep syz-executor 49650 443490 88575 0 3 0x4000080 fsleep syz-executor 49650 129435 88575 0 3 0x4000080 fsleep syz-executor 76672 126454 87739 0 2 0 syz-executor *76672 350098 87739 0 7 0x4000000 syz-executor 76672 90472 87739 0 2 0x4000000 syz-executor 76672 54373 87739 0 3 0x4000080 fsleep syz-executor 76672 116077 87739 0 2 0x4000000 syz-executor 41322 210263 13756 0 4 0x82000 syz-executor 41322 124493 13756 0 2 0x4082000 syz-executor 41322 267130 13756 0 4 0x4082000 syz-executor 41322 504717 13756 0 4 0x4082000 syz-executor 41322 456159 13756 0 3 0x4002000 suspend syz-executor 89274 100387 1 0 3 0x100083 ttyin getty 69966 16694 0 0 3 0x14200 acct acct 63224 161744 71705 0 3 0x82 nanoslp syz-executor 58439 514842 0 0 3 0x14200 bored sosplice 3096 323448 71705 0 2 0x2 syz-executor 13549 78158 71705 0 3 0x82 nanoslp syz-executor 2300 176722 71705 0 3 0x82 nanoslp syz-executor 88575 162862 71705 0 3 0x82 nanoslp syz-executor 87739 485164 71705 0 3 0x82 nanoslp syz-executor 13756 202486 71705 0 3 0x82 nanoslp syz-executor 71705 88088 5828 0 2 0x2 syz-executor 5828 446506 40767 0 3 0x10008a sigsusp ksh 40767 21155 28645 0 3 0x98 kqread sshd-session 28645 242343 90841 0 3 0x92 kqread sshd-session 90841 123899 1 0 3 0x88 kqread sshd 80951 417293 83638 73 3 0x1100090 kqread syslogd 83638 305572 1 0 3 0x100082 sbwait syslogd 66678 389362 1 0 3 0x100080 kqread resolvd 28421 495728 0 0 3 0x14200 bored smr 44994 200147 0 0 2 0x14200 zerothread 67792 229626 0 0 3 0x14200 aiodoned aiodoned 27691 264830 0 0 3 0x14200 syncer update 96145 48234 0 0 3 0x14200 cleaner cleaner 80133 261992 0 0 3 0x14200 reaper reaper 81382 271550 0 0 3 0x14200 pgdaemon pagedaemon 10190 227866 0 0 3 0x14200 bored viomb 924 136749 0 0 3 0x40014200 acpi0 acpi0 14556 119462 0 0 3 0x14200 bored softnet7 45731 367763 0 0 3 0x14200 bored softnet6 99139 185715 0 0 3 0x14200 bored softnet5 97022 252040 0 0 3 0x14200 bored softnet4 97504 85553 0 0 3 0x14200 bored softnet3 35082 384628 0 0 3 0x14200 bored softnet2 64959 521979 0 0 3 0x14200 bored softnet1 71449 315850 0 0 3 0x14200 bored softnet0 29647 178762 0 0 3 0x14200 bored systqmp 64806 351403 0 0 3 0x14200 bored systq 60204 398516 0 0 3 0x40014200 tmoslp softclock 80478 503276 0 0 3 0x40014200 idle0 1 363130 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10216 11067K 11582K 166960K 12324 0 pcb 21 16K 18K 166960K 375 0 rtable 195 8K 9K 166960K 874 0 pf 39 15K 20K 166960K 208 0 ifaddr 37 6K 8K 166960K 156 0 ifgroup 55 2K 2K 166960K 223 0 sysctl 4 1K 9K 166960K 17 0 counters 33 17K 18K 166960K 98 0 ioctlops 0 0K 4K 166960K 452 0 iov 0 0K 24K 166960K 133 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1401 88K 88K 166960K 2458 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 9K 166960K 26 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 108 0 dirhash 12 2K 2K 166960K 30 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 236K 166960K 1498 0 sigio 0 0K 0K 166960K 24 0 proc 56 51K 116K 166960K 1049 0 subproc 72 4K 4K 166960K 217 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 175 0 in_multi 71 5K 7K 166960K 337 0 ether_multi 1 0K 0K 166960K 13 0 mrt 1 0K 0K 166960K 8 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 241 1076K 1076K 166960K 241 0 exec 0 0K 1K 166960K 677 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 5 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 206 125K 160K 166960K 14420 0 UVM aobj 52 6K 6K 166960K 60 0 pinsyscall 32 64K 94K 166960K 2943 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 68 0 NDP 12 0K 2K 166960K 105 0 temp 69 8640K 8734K 166960K 31674 0 kqueue 8 14K 30K 166960K 249 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 354 0 353 3 2 1 3 0 8 0 rtentry 136 286 0 213 4 0 4 4 0 8 0 unpcb 144 978 0 968 7 5 2 6 0 8 1 syncache 336 10 0 10 2 1 1 1 0 8 1 tcpqe 32 4 0 4 2 1 1 1 0 8 1 tcpcb 736 462 0 456 16 7 9 10 0 8 8 arp 88 34 0 23 1 0 1 1 0 8 0 ipq 40 1 0 1 1 0 1 1 0 8 1 ipqe 40 2 0 2 1 0 1 1 0 8 1 inpcb 328 1438 0 1427 14 5 9 9 0 8 7 ip6q 72 11 0 8 1 0 1 1 0 8 0 ip6af 40 22 0 17 1 0 1 1 0 8 0 nd6 104 54 0 41 1 0 1 1 0 8 0 pkpcb 40 14 0 14 2 1 1 1 0 8 1 kcovpl 48 24 0 16 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 0 1 1 0 8 1 ppxss 1072 34 0 34 2 1 1 1 0 8 1 pppxif 1384 8 0 8 2 1 1 1 0 8 1 pfosfp 40 1 0 1 1 0 1 1 0 8 1 pfosfpen 112 1 0 1 1 0 1 1 0 8 1 pfrktable 1344 1 0 1 1 1 0 1 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 8 0 2 1 0 1 1 0 8 0 pfstkey 128 8 0 1 1 0 1 1 0 8 0 pfstate 384 4 0 1 1 0 1 1 0 8 0 pfrule 1344 38 0 37 1 0 1 1 0 8 0 art_heap8 4096 5 0 0 5 0 5 5 0 8 0 art_heap4 256 1320 0 985 29 4 25 29 0 8 0 art_table 40 1325 0 985 5 0 5 5 0 8 0 art_node 32 280 0 219 1 0 1 1 0 8 0 sysvmsgpl 40 31 0 27 1 0 1 1 0 8 0 semapl 112 104 0 94 1 0 1 1 0 8 0 shmpl 112 57 0 8 2 0 2 2 0 8 0 dirhash 1024 30 0 13 3 0 3 3 0 8 0 dino2pl 256 3881 0 2352 96 0 96 96 0 8 0 ffsino 256 3881 0 2352 96 0 96 96 0 8 0 nchpl 144 5648 0 3910 65 0 65 65 0 8 0 rtmask 32 7 0 7 2 1 1 1 0 8 1 uvmvnodes 80 4468 0 0 92 0 92 92 0 8 0 vnodes 216 4468 0 0 249 0 249 249 0 8 0 namei 1024 21035 0 21034 4 2 2 2 0 8 1 kstatmem 264 114 0 90 2 0 2 2 0 8 0 scsiplug 72 5 0 5 2 1 1 1 0 8 1 scxspl 216 20450 0 20450 15 7 8 8 1 8 8 plimitpl 152 374 0 359 1 0 1 1 0 8 0 sigapl 424 1733 0 1685 8 1 7 7 0 8 1 knotepl 120 48748 0 48711 50 40 10 23 0 8 8 kqueuepl 184 509 0 501 4 2 2 3 0 8 1 pipepl 304 381 0 354 5 0 5 5 0 8 2 fdescpl 448 1708 0 1682 5 1 4 5 0 8 0 filepl 120 11098 0 10894 15 5 10 13 0 8 2 lockfpl 104 474 0 472 1 0 1 1 0 8 0 lockfspl 48 205 0 203 1 0 1 1 0 8 0 sessionpl 144 44 0 37 1 0 1 1 0 8 0 pgrppl 48 90 0 75 1 0 1 1 0 8 0 ucredpl 104 2022 0 2013 1 0 1 1 0 8 0 zombiepl 144 2186 0 2186 2 1 1 1 0 8 1 processpl 1168 1733 0 1685 5 1 4 5 0 8 0 procpl 664 3623 0 3558 7 0 7 7 0 8 1 sockpl 552 2811 0 2789 26 16 10 17 0 8 8 mcl64k 65536 224 0 224 5 2 3 3 0 8 3 mcl16k 16384 5 0 5 2 1 1 1 0 8 1 mcl12k 12288 3 0 3 1 1 0 1 0 8 0 mcl9k 9216 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 16 0 16 2 1 1 1 0 8 1 mcl4k 4096 3987 0 3935 15 7 8 15 0 8 1 mcl2k2 2112 1 0 1 1 0 1 1 0 8 1 mcl2k 2048 2285 0 2279 5 1 4 4 0 8 2 mtagpl 96 21 0 17 1 0 1 1 0 8 0 mbufpl 256 17347 0 17224 25 5 20 21 0 8 4 bufpl 280 6871 0 643 446 0 446 446 0 8 0 anonpl 24 206701 0 203929 61 18 43 46 0 187 12 amapchunkpl 152 47091 0 46625 41 6 35 35 0 158 16 amappl16 200 2673 0 2645 25 12 13 15 0 8 8 amappl15 192 3 0 3 1 1 0 1 0 8 0 amappl14 184 146 0 139 1 0 1 1 0 8 0 amappl13 176 1 0 1 1 1 0 1 0 8 0 amappl12 168 2574 0 2548 3 1 2 3 0 8 0 amappl11 160 44 0 40 1 0 1 1 0 8 0 amappl9 144 256 0 256 1 1 0 1 0 8 0 amappl8 136 26 0 25 1 0 1 1 0 8 0 amappl7 128 132 0 125 1 0 1 1 0 8 0 amappl6 120 329 0 325 1 0 1 1 0 8 0 amappl5 112 181 0 177 1 0 1 1 0 8 0 amappl4 104 299 0 282 1 0 1 1 0 8 0 amappl3 96 9328 0 9228 4 0 4 4 0 8 1 amappl2 88 897 0 854 2 0 2 2 0 8 0 amappl1 80 15466 0 15019 13 0 13 13 0 8 1 amappl 88 13285 0 13126 5 0 5 5 0 92 0 dma65536 65536 2 0 2 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 1 1 0 1 0 8 0 dma128 128 254 0 254 2 1 1 1 0 8 1 dma64 64 8 0 8 1 1 0 1 0 8 0 dma32 32 9 0 9 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 59 0 8 1 0 1 1 0 8 0 uaddrrnd 24 1708 0 1682 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1708 0 1682 1 0 1 1 0 8 0 vmmpekpl 168 14874 0 14837 3 0 3 3 0 8 0 vmmpepl 168 110720 0 109146 98 7 91 91 0 357 14 vmsppl 368 1707 0 1682 4 1 3 4 0 8 0 rwobjpl 40 33389 0 28163 53 0 53 53 0 8 0 pdppl 4096 3423 0 3364 133 72 61 81 0 8 2 pvpl 32 676696 0 669085 155 43 112 126 0 265 34 pmappl 216 1707 0 1682 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 457 0 109 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace sys_msgrcv(ffff80003c985cb8,ffff80003c9b5e20,ffff80003c9b5d70) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80003c985cb8,ffff80003c9b5e20,ffff80003c9b5d70) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff80003c9b5e20) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9b5e20) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x69de1474520, count: -3 ddb> machine ddbcpu 1 No such command ddb> trace sys_msgrcv(ffff80003c985cb8,ffff80003c9b5e20,ffff80003c9b5d70) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80003c985cb8,ffff80003c9b5e20,ffff80003c9b5d70) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff80003c9b5e20) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9b5e20) at syscall+0x962 sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x69de1474520, count: -3