kernel: protection fault trap, code=0 Stopped at sys_msgrcv+0x3f2: movq 0x10(%r13),%rdi ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace sys_msgrcv(ffff80002a4e31d8,ffff800037633dc0,ffff800037633d10) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80002a4e31d8,ffff800037633dc0,ffff800037633d10) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff800037633dc0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3fbb4fcc000, count: -3 ddb> show registers rdi 0 rsi 0x20001208 rbp 0xffff800037633ce0 rbx 0 rdx 0xffff80000127a780 rcx 0 rax 0xa r8 0x7f7fffffc000 r9 0 r10 0xdc50d2e5d133ee6 r11 0xf2efd3b14c63a929 r12 0xfffffd8074661f30 r13 0xdeafbeaddeafbead r14 0xffff80000124bf00 r15 0xa rip 0xffffffff828b6872 sys_msgrcv+0x3f2 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff800037633c40 ss 0 sys_msgrcv+0x3f2: movq 0x10(%r13),%rdi ddb> show proc PROC (syz-executor) tid=377565 pid=84349 tcnt=5 stat=onproc flags process=0 proc=4000000 runpri=36, usrpri=86, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a4d0f48,0xffff8000327eecf0 process=0xffff8000327f5580 user=0xffff80003762e000, vmspace=0xfffffd806c6aa438 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 20252 133511 97659 0 3 0 futex syz-executor 20252 207458 97659 0 3 0x4000000 futex syz-executor 27514 98586 21700 60928 2 0x10 syz-executor 27514 380461 21700 60928 3 0x4000090 fsleep syz-executor 27514 157331 21700 60928 3 0x4000090 fsleep syz-executor 78527 496200 75226 0 2 0x10 syz-executor 78527 92001 75226 0 3 0x4000010 futex syz-executor 78527 54519 75226 0 3 0x4000090 fsleep syz-executor 69368 161484 62342 0 2 0x10 syz-executor 69368 96154 62342 0 3 0x4000090 fsleep syz-executor 13197 501136 78824 0 3 0 futex syz-executor 13197 220222 78824 0 3 0x4000080 fsleep syz-executor 84349 427882 12832 0 3 0 futex syz-executor *84349 377565 12832 0 7 0x4000000 syz-executor 84349 376779 12832 0 2 0x4000000 syz-executor 84349 166734 12832 0 2 0x4000000 syz-executor 84349 495306 12832 0 2 0x4000000 syz-executor 37464 137889 10095 0 3 0 futex syz-executor 37464 440481 10095 0 3 0x4000000 futex syz-executor 21928 178628 21987 0 3 0x80 nanoslp syz-executor 21928 171074 21987 0 3 0x4000080 lockf syz-executor 21928 76598 21987 0 3 0x4000080 fsleep syz-executor 53088 310696 0 0 3 0x14200 acct acct 58067 362693 0 0 3 0x14280 nfsidl nfsio 15794 108751 0 0 3 0x14280 nfsidl nfsio 14074 227745 0 0 3 0x14280 nfsidl nfsio 34106 428939 0 0 3 0x14280 nfsidl nfsio 37087 426606 0 0 3 0x14280 nfsidl nfsio 43087 178440 0 0 3 0x14280 nfsidl nfsio 86978 51991 0 0 3 0x14280 nfsidl nfsio 17615 464300 0 0 3 0x14280 nfsidl nfsio 75811 180522 0 0 3 0x14280 nfsidl nfsio 37665 421015 0 0 3 0x14280 nfsidl nfsio 1278 157879 0 0 3 0x14280 nfsidl nfsio 3381 271060 0 0 3 0x14280 nfsidl nfsio 81510 150662 0 0 3 0x14280 nfsidl nfsio 83557 298629 0 0 3 0x14280 nfsidl nfsio 96762 505856 0 0 3 0x14280 nfsidl nfsio 46028 59653 0 0 3 0x14280 nfsidl nfsio 82299 257727 0 0 3 0x14280 nfsidl nfsio 33583 294219 0 0 3 0x14280 nfsidl nfsio 72359 239845 0 0 3 0x14280 nfsidl nfsio 74259 467062 0 0 3 0x14280 nfsidl nfsio 62342 60625 52208 0 3 0x82 nanoslp syz-executor 55256 499464 0 0 3 0x14200 bored sosplice 19146 158136 1 0 3 0x100083 ttyin getty 78824 137983 52208 0 3 0x82 nanoslp syz-executor 97659 456170 52208 0 3 0x82 nanoslp syz-executor 75226 43375 52208 0 3 0x82 nanoslp syz-executor 12832 268594 52208 0 3 0x82 nanoslp syz-executor 21987 276714 52208 0 3 0x82 nanoslp syz-executor 21700 489033 52208 0 3 0x82 nanoslp syz-executor 10095 47601 52208 0 3 0x82 nanoslp syz-executor 52208 16325 99743 0 3 0x82 kqread syz-executor 99743 111934 88340 0 3 0x10008a sigsusp ksh 88340 222983 91913 0 3 0x98 kqread sshd-session 91913 203913 29300 0 3 0x92 kqread sshd-session 29300 458144 1 0 3 0x88 kqread sshd 42930 421325 88054 73 3 0x1100090 kqread syslogd 88054 131308 1 0 3 0x100082 sbwait syslogd 53053 29456 1 0 3 0x100080 kqread resolvd 98550 333250 50575 77 3 0x100092 kqread dhcpleased 12940 464254 50575 77 3 0x100092 kqread dhcpleased 50575 9145 1 0 3 0x80 kqread dhcpleased 69235 473212 0 0 3 0x14200 bored smr 50998 438353 0 0 2 0x14200 zerothread 31092 54438 0 0 3 0x14200 aiodoned aiodoned 17845 350531 0 0 3 0x14200 syncer update 940 147520 0 0 3 0x14200 cleaner cleaner 96059 314518 0 0 3 0x14200 reaper reaper 84019 343520 0 0 3 0x14200 pgdaemon pagedaemon 39803 353830 0 0 3 0x14200 bored viomb 80905 18285 0 0 3 0x40014200 acpi0 acpi0 66022 393603 0 0 3 0x14200 bored softnet3 15112 433614 0 0 3 0x14200 bored softnet2 43534 438967 0 0 3 0x14200 bored softnet1 46633 514584 0 0 3 0x14200 bored softnet0 64732 137932 0 0 3 0x14200 bored systqmp 32772 170505 0 0 3 0x14200 bored systq 49153 169353 0 0 3 0x40014200 tmoslp softclock 39615 514536 0 0 3 0x40014200 idle0 1 384787 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10177 11106K 11565K 166960K 11894 0 pcb 18 17K 18K 166960K 169 0 rtable 209 6K 7K 166960K 425 0 pf 28 12K 268K 166960K 49 0 ifaddr 37 6K 7K 166960K 52 0 ifgroup 46 2K 2K 166960K 71 0 sysctl 2 0K 0K 166960K 4 0 counters 29 17K 17K 166960K 34 0 ioctlops 0 0K 4K 166960K 58 0 iov 0 0K 28K 166960K 61 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1493 94K 94K 166960K 1756 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 8 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 84 0 dirhash 12 2K 2K 166960K 21 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 18 65K 97K 166960K 498 0 sigio 1 0K 0K 166960K 8 0 proc 60 59K 100K 166960K 552 0 subproc 104 6K 6K 166960K 117 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 57 0 in_multi 87 6K 7K 166960K 125 0 ether_multi 1 0K 0K 166960K 3 0 mrt 1 0K 0K 166960K 3 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 79 360K 360K 166960K 79 0 exec 0 0K 1K 166960K 400 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 241 73K 86K 166960K 6019 0 UVM aobj 13 2K 2K 166960K 13 0 pinsyscall 39 78K 96K 166960K 1541 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 0K 166960K 23 0 NDP 10 0K 2K 166960K 34 0 temp 46 6808K 6888K 166960K 12235 0 kqueue 14 22K 26K 166960K 79 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 105 0 101 2 1 1 2 0 8 0 rtentry 112 130 0 34 4 0 4 4 0 8 0 unpcb 144 495 0 472 8 2 6 6 0 8 5 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 808 246 0 239 15 13 2 14 0 8 1 arp 88 22 0 8 1 0 1 1 0 8 0 ipq 40 2 0 0 1 0 1 1 0 8 0 ipqe 40 5 0 3 1 0 1 1 0 8 0 inpcb 336 643 0 629 20 11 9 12 0 8 7 nd6 104 29 0 8 1 0 1 1 0 8 0 pkpcb 40 1 0 1 1 1 0 1 0 8 0 kcovpl 48 9 0 1 1 0 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 557 0 147 29 0 29 29 0 8 1 art_table 32 559 0 147 4 0 4 4 0 8 0 art_node 16 129 0 42 1 0 1 1 0 8 0 sysvmsgpl 40 6 0 6 2 1 1 1 0 8 1 semapl 112 82 0 72 1 0 1 1 0 8 0 shmpl 112 10 0 0 1 0 1 1 0 8 0 dirhash 1024 23 0 6 3 0 3 3 0 8 0 dino2pl 256 2139 0 637 95 0 95 95 0 8 0 ffsino 240 2139 0 637 89 0 89 89 0 8 0 nchpl 144 2868 0 1189 63 0 63 63 0 8 0 uvmvnodes 80 2553 0 0 53 0 53 53 0 8 0 vnodes 216 2553 0 0 142 0 142 142 0 8 0 namei 1024 9345 0 9345 3 2 1 2 0 8 1 kstatmem 264 30 0 10 2 0 2 2 0 8 0 scxspl 216 8368 0 8368 9 7 2 8 1 8 2 plimitpl 152 100 0 81 1 0 1 1 0 8 0 sigapl 424 797 0 729 8 0 8 8 0 8 0 futexpl 64 6139 0 6132 1 0 1 1 0 8 0 knotepl 120 15830 0 15781 16 6 10 10 0 8 8 kqueuepl 184 109 0 99 1 0 1 1 0 8 0 pipepl 288 168 0 140 5 2 3 5 0 8 0 fdescpl 432 758 0 728 5 1 4 5 0 8 0 filepl 120 4250 0 3992 18 4 14 14 0 8 5 lockfpl 104 168 0 163 1 0 1 1 0 8 0 lockfspl 48 58 0 55 1 0 1 1 0 8 0 sessionpl 144 23 0 15 1 0 1 1 0 8 0 pgrppl 48 40 0 24 1 0 1 1 0 8 0 ucredpl 104 453 0 438 1 0 1 1 0 8 0 zombiepl 144 780 0 780 1 0 1 1 0 8 1 processpl 1096 797 0 729 5 0 5 5 0 8 0 procpl 648 1338 0 1256 9 0 9 9 0 8 2 sosppl 168 3 0 3 2 1 1 1 0 8 1 sockpl 504 1254 0 1213 49 36 13 29 0 8 7 mcl64k 65536 5 0 4 2 1 1 1 0 8 0 mcl8k 8192 9 0 9 1 1 0 1 0 8 0 mcl4k 4096 3116 0 3062 16 8 8 16 0 8 0 mcl2k2 2112 1 0 1 1 0 1 1 0 8 1 mcl2k 2048 558 0 557 2 1 1 2 0 8 0 mtagpl 96 23 0 7 1 0 1 1 0 8 0 mbufpl 256 7996 0 7797 15 1 14 14 0 8 0 bufpl 280 2731 0 96 189 0 189 189 0 8 0 anonpl 24 157683 0 154345 33 12 21 33 0 187 0 amapchunkpl 152 19729 0 19185 33 6 27 27 0 158 6 amappl16 200 3597 0 3572 5 3 2 5 0 8 0 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 120 0 110 1 0 1 1 0 8 0 amappl13 176 51 0 51 1 1 0 1 0 8 0 amappl12 168 1387 0 1357 3 1 2 3 0 8 0 amappl11 160 48 0 38 1 0 1 1 0 8 0 amappl10 152 13 0 13 1 1 0 1 0 8 0 amappl9 144 118 0 118 1 1 0 1 0 8 0 amappl8 136 31 0 30 1 0 1 1 0 8 0 amappl7 128 97 0 87 1 0 1 1 0 8 0 amappl6 120 187 0 185 1 0 1 1 0 8 0 amappl5 112 129 0 121 1 0 1 1 0 8 0 amappl4 104 292 0 275 1 0 1 1 0 8 0 amappl3 96 3744 0 3640 3 0 3 3 0 8 0 amappl2 88 1026 0 947 2 0 2 2 0 8 0 amappl1 80 8297 0 7785 13 2 11 13 0 8 0 amappl 88 5610 0 5423 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 1 1 1 0 8 1 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 12 0 0 1 0 1 1 0 8 0 uaddrrnd 24 758 0 728 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 758 0 728 1 0 1 1 0 8 0 vmmpekpl 168 7293 0 7256 3 0 3 3 0 8 1 vmmpepl 168 52935 0 51140 80 1 79 79 0 357 0 vmsppl 352 757 0 728 4 1 3 4 0 8 0 rwobjpl 24 20068 0 16639 21 0 21 21 0 8 0 pdppl 4096 1522 0 1456 106 40 66 82 0 8 0 pvpl 32 361285 0 352293 101 14 87 94 0 265 7 pmappl 216 757 0 728 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 457 0 119 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace sys_msgrcv(ffff80002a4e31d8,ffff800037633dc0,ffff800037633d10) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80002a4e31d8,ffff800037633dc0,ffff800037633d10) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff800037633dc0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3fbb4fcc000, count: -3 ddb> machine ddbcpu 1 No such command ddb> trace sys_msgrcv(ffff80002a4e31d8,ffff800037633dc0,ffff800037633d10) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80002a4e31d8,ffff800037633dc0,ffff800037633d10) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff800037633dc0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3fbb4fcc000, count: -3