kernel: protection fault trap, code=0 Stopped at sys_msgrcv+0x3f2: movq 0x10(%r13),%rdi ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace sys_msgrcv(ffff80002a4d62c0,ffff80002a5715a0,ffff80002a5714f0) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80002a4d62c0,ffff80002a5715a0,ffff80002a5714f0) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff80002a5715a0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9f43803dd50, count: -3 ddb> show registers rdi 0 rsi 0x20001208 rbp 0xffff80002a5714c0 rbx 0 rdx 0xffff800001292880 rcx 0 rax 0xa r8 0x7f7fffffc000 r9 0 r10 0x7db579db051e5c77 r11 0x887dc7b21387c73e r12 0xfffffd80617e5eb0 r13 0xdeafbeaddeafbead r14 0xffff8000013f5700 r15 0xa rip 0xffffffff819519b2 sys_msgrcv+0x3f2 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff80002a571420 ss 0x10 sys_msgrcv+0x3f2: movq 0x10(%r13),%rdi ddb> show proc PROC (syz-executor) tid=286049 pid=29669 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=36, usrpri=50, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a4d7c10,0xffff800037626550 process=0xffff800037695e18 user=0xffff80002a56c000, vmspace=0xfffffd806c2179b0 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 38435 370975 99026 0 2 0 syz-executor 38435 346516 99026 0 3 0x4000000 futex syz-executor 75330 399060 17716 0 2 0x10 syz-executor 75330 385284 17716 0 3 0x4000010 futex syz-executor 85212 23166 43307 0 3 0 futex syz-executor 85212 188765 43307 0 3 0x4000080 fsleep syz-executor 20005 361141 85741 0 2 0 syz-executor 20005 504199 85741 0 3 0x4000000 futex syz-executor 11131 365021 78235 -1 3 0x10 futex syz-executor 11131 480843 78235 -1 3 0x4000090 fsleep syz-executor 11131 34022 78235 -1 2 0x4000010 syz-executor 29669 399825 71092 0 2 0 syz-executor *29669 286049 71092 0 7 0x4000000 syz-executor 29669 518240 71092 0 3 0x4000000 futex syz-executor 29669 144901 71092 0 2 0x4000000 syz-executor 99502 383698 64330 0 3 0 futex syz-executor 99502 111930 64330 0 3 0x4000080 lockf syz-executor 99502 26932 64330 0 3 0x4000080 lockf syz-executor 99502 73717 64330 0 2 0x4000000 syz-executor 78485 325740 61066 0 3 0 futex syz-executor 78485 407042 61066 0 3 0x4000080 sbwait syz-executor 78485 404298 61066 0 3 0x4000080 fsleep syz-executor 85741 160880 43045 0 3 0x82 nanoslp syz-executor 43307 160089 43045 0 3 0x82 nanoslp syz-executor 39995 188597 0 0 3 0x14200 bored sosplice 33681 88312 0 0 3 0x14280 nfsidl nfsio 82559 323982 0 0 3 0x14280 nfsidl nfsio 50779 127282 0 0 3 0x14280 nfsidl nfsio 60406 206440 0 0 3 0x14280 nfsidl nfsio 31791 51421 0 0 3 0x14280 nfsidl nfsio 26405 130990 0 0 3 0x14280 nfsidl nfsio 1345 112111 0 0 3 0x14280 nfsidl nfsio 27845 165931 0 0 3 0x14280 nfsidl nfsio 94264 17247 0 0 3 0x14280 nfsidl nfsio 9150 288027 0 0 3 0x14280 nfsidl nfsio 48113 53111 0 0 3 0x14280 nfsidl nfsio 6222 290360 0 0 3 0x14280 nfsidl nfsio 33783 223431 0 0 3 0x14280 nfsidl nfsio 55790 478968 0 0 3 0x14280 nfsidl nfsio 8694 100884 0 0 3 0x14280 nfsidl nfsio 39229 287859 0 0 3 0x14280 nfsidl nfsio 19262 466827 0 0 3 0x14280 nfsidl nfsio 58024 3228 0 0 3 0x14280 nfsidl nfsio 95850 306730 0 0 3 0x14280 nfsidl nfsio 60903 188549 0 0 3 0x14280 nfsidl nfsio 71092 127048 43045 0 3 0x82 nanoslp syz-executor 17716 386108 43045 0 3 0x82 nanoslp syz-executor 61066 280387 43045 0 3 0x82 nanoslp syz-executor 64330 503578 43045 0 3 0x82 nanoslp syz-executor 99026 17395 43045 0 3 0x82 nanoslp syz-executor 78235 268543 43045 0 3 0x82 nanoslp syz-executor 43045 65957 22299 0 3 0x82 kqread syz-executor 22299 456261 33274 0 3 0x10008a sigsusp ksh 33274 43135 13872 0 3 0x98 kqread sshd-session 13872 47844 38456 0 3 0x92 kqread sshd-session 50499 181214 1 0 3 0x100083 ttyin getty 38456 127248 1 0 3 0x88 kqread sshd 91018 55179 45619 73 3 0x1100090 kqread syslogd 45619 522230 1 0 3 0x100082 sbwait syslogd 24611 503431 1 0 3 0x100080 kqread resolvd 83636 392194 25085 77 3 0x100092 kqread dhcpleased 49826 60697 25085 77 3 0x100092 kqread dhcpleased 25085 329509 1 0 3 0x80 kqread dhcpleased 28725 336633 0 0 3 0x14200 bored smr 43244 350068 0 0 2 0x14200 zerothread 44701 114282 0 0 3 0x14200 aiodoned aiodoned 72379 89893 0 0 3 0x14200 syncer update 93042 255936 0 0 3 0x14200 cleaner cleaner 25611 472583 0 0 3 0x14200 reaper reaper 42053 227163 0 0 3 0x14200 pgdaemon pagedaemon 92854 196869 0 0 3 0x14200 bored viomb 89537 296960 0 0 3 0x40014200 acpi0 acpi0 66258 53448 0 0 3 0x14200 bored softnet3 22543 392145 0 0 3 0x14200 bored softnet2 47843 231126 0 0 3 0x14200 bored softnet1 43728 143286 0 0 3 0x14200 bored softnet0 46774 152992 0 0 3 0x14200 bored systqmp 50217 386238 0 0 3 0x14200 bored systq 16675 222817 0 0 3 0x40014200 tmoslp softclock 67178 461929 0 0 3 0x40014200 idle0 1 64955 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10222 11323K 12189K 166960K 12902 0 pcb 18 12K 12K 166960K 170 0 rtable 243 8K 9K 166960K 501 0 pf 35 14K 270K 166960K 65 0 ifaddr 43 7K 8K 166960K 67 0 ifgroup 54 2K 2K 166960K 94 0 sysctl 4 1K 2K 166960K 7 0 counters 31 17K 17K 166960K 42 0 ioctlops 0 0K 4K 166960K 185 0 iov 0 0K 28K 166960K 103 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1461 92K 92K 166960K 2218 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 15 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 135 0 dirhash 12 2K 2K 166960K 18 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 18 65K 89K 166960K 1074 0 sigio 0 0K 0K 166960K 24 0 proc 61 67K 83K 166960K 611 0 subproc 104 6K 6K 166960K 130 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 105 0 in_multi 95 7K 7K 166960K 156 0 ether_multi 1 0K 0K 166960K 12 0 mrt 1 0K 0K 166960K 8 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 235 1049K 1049K 166960K 235 0 exec 0 0K 1K 166960K 744 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 230 72K 87K 166960K 11542 0 UVM aobj 31 2K 2K 166960K 32 0 pinsyscall 39 78K 91K 166960K 2144 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 112 0 NDP 12 0K 1K 166960K 44 0 temp 59 6815K 6894K 166960K 28137 0 kqueue 13 20K 28K 166960K 175 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 177 0 174 3 0 3 3 0 8 2 rtentry 112 151 0 41 4 0 4 4 0 8 0 unpcb 144 776 0 755 8 4 4 4 0 8 3 syncache 336 5 0 5 2 1 1 1 0 8 1 tcpqe 32 1 0 1 1 0 1 1 0 8 1 tcpcb 808 463 0 458 20 15 5 14 0 8 4 arp 88 26 0 7 1 0 1 1 0 8 0 ipq 40 8 0 6 1 0 1 1 0 8 0 ipqe 40 56 0 54 1 0 1 1 0 8 0 inpcb 336 1345 0 1336 19 12 7 12 0 8 6 nd6 104 35 0 11 1 0 1 1 0 8 0 pkpcb 40 7 0 7 3 2 1 1 0 8 1 kcovpl 48 10 0 2 1 0 1 1 0 8 0 ppxss 1072 4 0 4 3 2 1 1 0 8 1 pfstscr 40 33 0 33 1 1 0 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 35 0 33 1 0 1 1 0 8 0 pfstate 344 34 0 33 1 0 1 1 0 8 0 pfrule 1344 3 0 3 1 1 0 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 596 0 140 34 3 31 31 0 8 0 art_table 32 598 0 140 4 0 4 4 0 8 0 art_node 16 148 0 49 1 0 1 1 0 8 0 sysvmsgpl 40 9 0 6 1 0 1 1 0 8 0 semapl 112 131 0 121 1 0 1 1 0 8 0 shmpl 112 29 0 1 1 0 1 1 0 8 0 dirhash 1024 21 0 4 3 0 3 3 0 8 0 dino2pl 256 3155 0 1654 95 0 95 95 0 8 0 ffsino 240 3155 0 1654 89 0 89 89 0 8 0 nchpl 144 4707 0 3020 63 0 63 63 0 8 0 uvmvnodes 80 3866 0 0 79 0 79 79 0 8 0 vnodes 216 3866 0 0 215 0 215 215 0 8 0 namei 1024 16017 0 16017 3 2 1 2 0 8 1 kstatmem 264 46 0 22 2 0 2 2 0 8 0 scsiplug 72 4 0 4 2 1 1 1 0 8 1 scxspl 216 13671 0 13671 11 8 3 8 1 8 3 plimitpl 152 272 0 255 1 0 1 1 0 8 0 sigapl 424 1373 0 1306 8 0 8 8 0 8 0 futexpl 64 13925 0 13921 1 0 1 1 0 8 0 knotepl 120 69218 0 69171 30 20 10 17 0 8 8 kqueuepl 184 357 0 348 4 0 4 4 0 8 3 pipepl 288 169 0 142 3 0 3 3 0 8 0 fdescpl 432 1332 0 1302 5 1 4 5 0 8 0 filepl 120 8161 0 7907 18 4 14 14 0 8 5 lockfpl 104 283 0 278 1 0 1 1 0 8 0 lockfspl 48 122 0 119 1 0 1 1 0 8 0 sessionpl 144 24 0 16 1 0 1 1 0 8 0 pgrppl 48 47 0 31 1 0 1 1 0 8 0 ucredpl 104 1263 0 1250 1 0 1 1 0 8 0 zombiepl 144 1707 0 1707 2 1 1 1 0 8 1 processpl 1096 1373 0 1306 5 0 5 5 0 8 0 procpl 648 2915 0 2834 8 0 8 8 0 8 1 sosppl 168 4 0 4 1 0 1 1 0 8 1 sockpl 504 2403 0 2370 48 36 12 21 0 8 7 mcl64k 65536 15 0 15 2 1 1 1 0 8 1 mcl16k 16384 15 0 15 2 1 1 1 0 8 1 mcl12k 12288 1 0 1 1 1 0 1 0 8 0 mcl9k 9216 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 15 0 15 2 1 1 1 0 8 1 mcl4k 4096 3919 0 3861 20 11 9 18 0 8 0 mcl2k2 2112 10 0 9 1 0 1 1 0 8 0 mcl2k 2048 1115 0 1111 3 1 2 2 0 8 1 mtagpl 96 25 0 15 1 0 1 1 0 8 0 mbufpl 256 16175 0 16001 78 55 23 76 0 8 8 bufpl 280 4103 0 100 286 0 286 286 0 8 0 anonpl 24 209138 0 205317 117 69 48 69 0 187 20 amapchunkpl 152 38189 0 37678 41 11 30 30 0 158 8 amappl16 200 4052 0 4016 51 40 11 27 0 8 8 amappl15 192 5 0 5 1 1 0 1 0 8 0 amappl14 184 108 0 98 1 0 1 1 0 8 0 amappl13 176 6 0 6 1 1 0 1 0 8 0 amappl12 168 1973 0 1943 2 0 2 2 0 8 0 amappl11 160 45 0 35 1 0 1 1 0 8 0 amappl10 152 9 0 9 2 1 1 1 0 8 1 amappl9 144 150 0 150 1 1 0 1 0 8 0 amappl8 136 20 0 18 1 0 1 1 0 8 0 amappl7 128 102 0 91 1 0 1 1 0 8 0 amappl6 120 182 0 181 1 0 1 1 0 8 0 amappl5 112 133 0 123 1 0 1 1 0 8 0 amappl4 104 287 0 272 1 0 1 1 0 8 0 amappl3 96 7071 0 6980 3 0 3 3 0 8 0 amappl2 88 1606 0 1528 2 0 2 2 0 8 0 amappl1 80 10404 0 9890 14 1 13 13 0 8 1 amappl 88 11117 0 10941 5 0 5 5 0 92 0 dma4096 4096 2 0 2 2 1 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 31 0 1 1 0 1 1 0 8 0 uaddrrnd 24 1332 0 1302 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1332 0 1302 1 0 1 1 0 8 0 vmmpekpl 168 11024 0 10982 3 0 3 3 0 8 0 vmmpepl 168 85541 0 83745 117 28 89 96 0 357 9 vmsppl 352 1331 0 1302 4 1 3 4 0 8 0 rwobjpl 24 28321 0 23570 30 1 29 29 0 8 0 pdppl 4096 2670 0 2604 108 42 66 78 0 8 0 pvpl 32 558767 0 548984 203 87 116 138 0 265 32 pmappl 216 1331 0 1302 2 0 2 2 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 537 0 183 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace sys_msgrcv(ffff80002a4d62c0,ffff80002a5715a0,ffff80002a5714f0) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80002a4d62c0,ffff80002a5715a0,ffff80002a5714f0) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff80002a5715a0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9f43803dd50, count: -3 ddb> machine ddbcpu 1 No such command ddb> trace sys_msgrcv(ffff80002a4d62c0,ffff80002a5715a0,ffff80002a5714f0) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80002a4d62c0,ffff80002a5715a0,ffff80002a5714f0) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff80002a5715a0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9f43803dd50, count: -3