kernel: protection fault trap, code=0 Stopped at sys_msgrcv+0x2df: movq 0x10(%r13),%rdi ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace sys_msgrcv(ffff80002128d8a8,ffff8000246f7648,ffff8000246f7690) at sys_msgrcv+0x2df msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80002128d8a8,ffff8000246f7648,ffff8000246f7690) at sys_msgrcv+0x2df sys/kern/sysv_msg.c:349 syscall(ffff8000246f7710) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff8000246f7710) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcc83db1a5f0, count: -3 ddb{0}> show registers rdi 0x106e __ALIGN_SIZE+0x6e rsi 0x20001cc8 rbp 0xffff8000246f7630 rbx 0x106e __ALIGN_SIZE+0x6e rdx 0 rcx 0 rax 0xffff80002128d8a8 r8 0x7f7fffffc000 r9 0 r10 0xe0cb49b34c60eed9 r11 0x480909637b1acd9e r12 0xfffffd8067d00b68 r13 0xdeadbeefdeadbeef r14 0xffff800000dfbd00 r15 0x64 rip 0xffffffff81e3167f sys_msgrcv+0x2df cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff8000246f75a0 ss 0x10 sys_msgrcv+0x2df: movq 0x10(%r13),%rdi ddb{0}> show proc PROC (syz-executor.5) pid=515095 stat=onproc flags process=10 proc=4000000 pri=36, usrpri=61, nice=20 forw=0xffffffffffffffff, list=0xffff8000212b62f8,0xffff80002128c5b0 process=0xffff8000247425c8 user=0xffff8000246f2000, vmspace=0xfffffd80685e11b8 estcpu=26, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 87006 60766 37948 32767 2 0x10 syz-executor.0 87006 513772 37948 32767 3 0x4000090 fsleep syz-executor.0 87006 456175 37948 32767 2 0x4000010 syz-executor.0 87006 159000 37948 32767 2 0x4000010 syz-executor.0 73052 198437 42715 32767 2 0x10 syz-executor.7 73052 12939 42715 32767 3 0x4000090 fsleep syz-executor.7 73052 490104 42715 32767 3 0x4000090 fsleep syz-executor.7 56396 33944 65149 32767 7 0x10 syz-executor.1 56396 266890 65149 32767 3 0x4000090 fsleep syz-executor.1 14404 506148 10369 32767 2 0x10 syz-executor.3 14404 207499 10369 32767 3 0x4000090 fsleep syz-executor.3 54910 130758 54241 32767 2 0x10 syz-executor.4 54910 273385 54241 32767 3 0x4000090 fsleep syz-executor.4 63121 293193 23447 32767 2 0x10 syz-executor.5 63121 151091 23447 32767 2 0x4000010 syz-executor.5 63121 415750 23447 32767 3 0x4000090 fsleep syz-executor.5 *63121 515095 23447 32767 7 0x4000010 syz-executor.5 19137 270392 28930 32767 3 0x90 nanoslp syz-executor.2 19137 158610 28930 32767 3 0x4000090 fsleep syz-executor.2 19137 74380 28930 32767 3 0x4000090 pipewr syz-executor.2 19137 313036 28930 32767 3 0x4000090 fsleep syz-executor.2 8666 356215 47367 32767 3 0x90 nanoslp syz-executor.6 8666 357906 47367 32767 3 0x4000090 pipewr syz-executor.6 8666 41338 47367 32767 3 0x4000090 fsleep syz-executor.6 44040 453977 0 0 3 0x14200 bored sosplice 23447 1135 5843 32767 3 0x90 nanoslp syz-executor.5 47367 217786 84888 32767 3 0x90 nanoslp syz-executor.6 54241 18230 97503 32767 3 0x90 nanoslp syz-executor.4 84888 462045 86886 0 3 0x82 wait syz-executor.6 97503 252896 86886 0 3 0x82 wait syz-executor.4 42715 232059 56599 32767 3 0x90 nanoslp syz-executor.7 28930 67760 76643 32767 3 0x90 nanoslp syz-executor.2 10369 356987 82067 32767 3 0x90 nanoslp syz-executor.3 5843 295969 86886 0 3 0x82 wait syz-executor.5 56599 240491 86886 0 3 0x82 wait syz-executor.7 76643 392993 86886 0 3 0x82 wait syz-executor.2 82067 10023 86886 0 3 0x82 wait syz-executor.3 65149 432350 99130 32767 3 0x90 nanoslp syz-executor.1 99130 37164 86886 0 3 0x82 wait syz-executor.1 37948 301071 25314 32767 3 0x90 nanoslp syz-executor.0 25314 318832 86886 0 3 0x82 wait syz-executor.0 86886 183966 1495 0 3 0x82 wait syz-fuzzer 86886 44136 1495 0 3 0x4000082 thrsleep syz-fuzzer 86886 383275 1495 0 3 0x4000082 wait syz-fuzzer 86886 489361 1495 0 3 0x4000082 wait syz-fuzzer 86886 51248 1495 0 3 0x4000082 thrsleep syz-fuzzer 86886 83003 1495 0 3 0x4000082 wait syz-fuzzer 86886 174343 1495 0 3 0x4000082 wait syz-fuzzer 86886 445306 1495 0 3 0x4000082 wait syz-fuzzer 86886 113436 1495 0 3 0x4000082 wait syz-fuzzer 86886 89018 1495 0 3 0x4000082 thrsleep syz-fuzzer 86886 9223 1495 0 3 0x4000082 thrsleep syz-fuzzer 86886 296634 1495 0 3 0x4000082 wait syz-fuzzer 86886 183678 1495 0 3 0x4000082 thrsleep syz-fuzzer 86886 230821 1495 0 3 0x4000082 thrsleep syz-fuzzer 86886 206342 1495 0 3 0x4000082 kqread syz-fuzzer 1495 272574 52916 0 3 0x10008a sigsusp ksh 52916 128391 25998 0 3 0x9a kqread sshd 50563 184934 1 0 3 0x100083 ttyin getty 25998 167083 1 0 3 0x88 kqread sshd 84095 519713 96921 73 3 0x1100090 kqread syslogd 96921 246290 1 0 3 0x100082 netio syslogd 30344 146758 1 0 3 0x100080 kqread resolvd 63676 175987 34142 77 3 0x100092 kqread dhcpleased 98445 194549 34142 77 3 0x100092 kqread dhcpleased 34142 113448 1 0 3 0x80 kqread dhcpleased 83191 70279 0 0 3 0x14200 bored smr 95377 476840 0 0 2 0x14200 zerothread 16027 429620 0 0 3 0x14200 aiodoned aiodoned 86703 311617 0 0 3 0x14200 syncer update 40060 161563 0 0 3 0x14200 cleaner cleaner 46275 211915 0 0 3 0x14200 reaper reaper 83546 247145 0 0 3 0x14200 pgdaemon pagedaemon 77277 341265 0 0 3 0x14200 bored viomb 56628 97283 0 0 3 0x40014200 acpi0 acpi0 18935 456888 0 0 3 0x40014200 idle1 86451 361040 0 0 3 0x14200 bored softnet 85234 472197 0 0 3 0x14200 bored softnet 40598 319948 0 0 3 0x14200 bored softnet 85835 431232 0 0 3 0x14200 bored softnet 61745 431898 0 0 3 0x14200 bored systqmp 27332 166359 0 0 3 0x14200 bored systq 57555 434650 0 0 3 0x40014200 bored softclock 20448 465437 0 0 3 0x40014200 idle0 1 481455 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 56396 (syz-executor.1) thread 0xffff80002128c030 (33944) shared rwlock vmmaplk r = 0 (0xfffffd8064db6b58) #0 witness_lock+0x44d #1 uvmfault_lookup+0xc9 sys/uvm/uvm_fault.c:1773 #2 uvm_fault_check+0x3a sys/uvm/uvm_fault.c:673 #3 uvm_fault+0xf2 sys/uvm/uvm_fault.c:601 #4 upageflttrap+0x85 sys/arch/amd64/amd64/trap.c:186 #5 usertrap+0x204 sys/arch/amd64/amd64/trap.c:438 #6 recall_trap+0x8 Process 63121 (syz-executor.5) thread 0xffff80002128d8a8 (515095) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82c2ca98) #0 witness_lock+0x44d #1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227 #2 mi_switch+0x3bb sys/kern/sched_bsd.c:405 #3 sleep_finish+0x180 sys/kern/kern_synch.c:417 #4 rw_enter+0x35a sys/kern/kern_rwlock.c:286 #5 uvmfault_lookup+0xc9 sys/uvm/uvm_fault.c:1773 #6 uvm_fault_check+0x3a sys/uvm/uvm_fault.c:673 #7 uvm_fault+0xf2 sys/uvm/uvm_fault.c:601 #8 kpageflttrap+0x22e sys/arch/amd64/amd64/trap.c:284 #9 kerntrap+0xef sys/arch/amd64/amd64/trap.c:339 #10 alltraps_kern_meltdown+0x7b #11 copyout+0x53 #12 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] #12 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:625 #13 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10225 6413K 6421K 78643K 11317 0 pcb 13 8K 8K 78643K 13 0 rtable 236 6K 6K 78643K 511 0 ifaddr 73 24K 24K 78643K 75 0 counters 60 35K 35K 78643K 60 0 ioctlops 0 0K 2K 78643K 27 0 iov 2 1K 12K 78643K 170 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1271 79K 79K 78643K 1337 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 18 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 229 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 26 97K 121K 78643K 903 0 sigio 0 0K 0K 78643K 1 0 proc 56 78K 115K 78643K 494 0 subproc 104 6K 6K 78643K 104 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 45 0 in_multi 99 6K 6K 78643K 99 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 223 996K 996K 78643K 223 0 exec 0 0K 1K 78643K 458 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 342 85K 529K 78643K 7874 0 UVM aobj 48 2K 6K 78643K 52 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 12 0 NDP 11 0K 2K 78643K 27 0 temp 123 5777K 5841K 78643K 5827 0 kqueue 12 18K 24K 78643K 71 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 97 0 94 1 0 1 1 0 8 0 rtentry 112 114 0 3 4 0 4 4 0 8 0 unpcb 144 1111 0 1087 11 6 5 6 0 8 2 syncache 296 9 0 9 3 3 0 1 0 8 0 tcpqe 32 55 0 55 2 2 0 1 0 8 0 tcpcb 776 290 0 285 11 4 7 7 0 8 6 arp 120 18 0 0 1 0 1 1 0 8 0 ipq 40 2 0 0 1 0 1 1 0 8 0 ipqe 40 68 0 66 1 0 1 1 0 8 0 inpcb 368 683 0 674 19 10 9 13 0 8 7 ip6q 72 4 0 4 1 0 1 1 0 8 1 ip6af 40 12 0 12 1 0 1 1 0 8 1 nd6 48 27 0 2 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 475 0 9 30 0 30 30 0 8 0 art_table 32 476 0 9 4 0 4 4 0 8 0 art_node 16 113 0 12 1 0 1 1 0 8 0 sysvmsgpl 40 25 0 15 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 227 0 217 1 0 1 1 0 8 0 shmpl 112 49 0 4 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2386 0 957 90 0 90 90 0 8 0 ffsino 272 2386 0 957 96 0 96 96 0 8 0 nchpl 144 3619 0 1947 63 0 63 63 0 8 0 uvmvnodes 80 2499 0 0 51 0 51 51 0 8 0 vnodes 216 2499 0 0 139 0 139 139 0 8 0 namei 1024 12501 0 12501 3 2 1 2 0 8 1 percpumem 16 43 0 0 1 0 1 1 0 8 0 kstatmem 264 22 0 0 2 0 2 2 0 8 0 scxspl 216 11528 0 11528 10 9 1 8 0 8 1 plimitpl 152 307 0 283 3 1 2 2 0 8 1 sigapl 424 1188 0 1133 7 0 7 7 0 8 0 futexpl 64 9184 0 9174 1 0 1 1 0 8 0 knotepl 120 454 0 0 14 0 14 14 0 8 0 kqueuepl 216 225 0 217 3 2 1 3 0 8 0 pipepl 320 533 0 502 22 12 10 14 0 8 7 fdescpl 496 1170 0 1133 7 1 6 6 0 8 0 filepl 152 7413 0 7159 33 16 17 20 0 8 4 lockfpl 104 215 0 213 1 0 1 1 0 8 0 lockfspl 48 42 0 40 1 0 1 1 0 8 0 sessionpl 144 23 0 7 1 0 1 1 0 8 0 pgrppl 48 25 0 9 1 0 1 1 0 8 0 ucredpl 104 972 0 954 1 0 1 1 0 8 0 zombiepl 144 1133 0 1133 1 0 1 1 0 8 1 processpl 1072 1188 0 1133 5 1 4 5 0 8 0 procpl 696 2610 0 2525 9 1 8 8 0 8 0 sosppl 168 19 0 19 2 2 0 1 0 8 0 sockpl 488 1907 0 1871 56 32 24 24 0 8 19 mcl64k 65536 7 0 0 1 0 1 1 0 8 0 mcl16k 16384 12 0 0 2 0 2 2 0 8 0 mcl12k 12288 7 0 0 1 0 1 1 0 8 0 mcl9k 9216 3 0 0 1 0 1 1 0 8 0 mcl8k 8192 9 0 0 2 0 2 2 0 8 0 mcl4k 4096 21 0 0 3 1 2 3 0 8 0 mcl2k2 2112 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 269 0 0 33 0 33 33 0 8 0 mtagpl 96 1 0 0 1 0 1 1 0 8 0 mbufpl 256 725 0 0 44 0 44 44 0 8 0 bufpl 288 4996 0 159 346 0 346 346 0 8 0 anonpl 24 287337 0 270474 123 21 102 104 0 186 0 amapchunkpl 152 194263 0 193307 2259 2120 139 2225 0 158 102 amappl16 200 4417 0 4069 28 9 19 28 0 8 0 amappl15 192 4 0 4 1 1 0 1 0 8 0 amappl14 184 140 0 129 2 1 1 2 0 8 0 amappl13 176 8 0 8 2 1 1 1 0 8 1 amappl12 168 396 0 393 1 0 1 1 0 8 0 amappl11 160 60 0 49 1 0 1 1 0 8 0 amappl10 152 35 0 24 1 0 1 1 0 8 0 amappl9 144 974 0 971 1 0 1 1 0 8 0 amappl8 136 202 0 148 2 0 2 2 0 8 0 amappl7 128 137 0 114 2 0 2 2 0 8 0 amappl6 120 178 0 166 2 1 1 2 0 8 0 amappl5 112 128 0 122 1 0 1 1 0 8 0 amappl4 104 492 0 463 2 1 1 2 0 8 0 amappl3 96 2953 0 2882 2 0 2 2 0 8 0 amappl2 88 1563 0 1483 3 1 2 3 0 8 0 amappl1 80 28777 0 27925 28 10 18 26 0 8 0 amappl 88 7349 0 7118 7 1 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 51 0 4 1 0 1 1 0 8 0 uaddrrnd 24 1170 0 1133 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1170 0 1133 1 0 1 1 0 8 0 vmmpekpl 168 15703 0 15650 3 0 3 3 0 8 0 vmmpepl 168 115567 0 112527 141 8 133 133 0 357 0 vmsppl 440 1169 0 1133 5 0 5 5 0 8 0 rwobjpl 56 35493 0 31381 61 3 58 58 0 8 0 pdppl 4096 2347 0 2266 143 62 81 93 0 8 0 pvpl 32 609265 0 585920 346 73 273 346 0 265 84 pmappl 248 1169 0 1133 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 819 0 77 22 0 22 22 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace sys_msgrcv(ffff80002128d8a8,ffff8000246f7648,ffff8000246f7690) at sys_msgrcv+0x2df msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80002128d8a8,ffff8000246f7648,ffff8000246f7690) at sys_msgrcv+0x2df sys/kern/sysv_msg.c:349 syscall(ffff8000246f7710) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff8000246f7710) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:625 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcc83db1a5f0, count: -3 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020d68ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82c2c890) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82c2c890) at __mp_lock+0x122 sys/kern/kern_lock.c:147 uvm_fault(fffffd8064db6a68,b2790d08000,0,1) at uvm_fault+0x181 sys/uvm/uvm_fault.c:623 upageflttrap(ffff80002ca09d20,b2790d08000) at upageflttrap+0x85 sys/arch/amd64/amd64/trap.c:186 usertrap(ffff80002ca09d20) at usertrap+0x204 sys/arch/amd64/amd64/trap.c:438 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffe3e20, count: -8