kernel: protection fault trap, code=0 Stopped at rw_do_enter_write+0x43: movq 0(%r14),%r12 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace rw_do_enter_write(bc3442a66ac93fca,1) at rw_do_enter_write+0x43 rw_cas sys/kern/kern_rwlock.c:52 [inline] rw_do_enter_write(bc3442a66ac93fca,1) at rw_do_enter_write+0x43 sys/kern/kern_rwlock.c:236 uvm_unmap_kill_entry_withlock(fffffd806c77a2e8,fffffd806c09bcd8,1) at uvm_unmap_kill_entry_withlock+0x140 sys/uvm/uvm_map.c:1867 uvm_unmap_remove(fffffd806c77a2e8,400000002000,400000003000,ffff80003392d5c8,0,1,32cb1da668c0b912) at uvm_unmap_remove+0x6a6 sys/uvm/uvm_map.c:2002 uvm_unmap(fffffd806c77a2e8,400000002000,400000003000) at uvm_unmap+0xab sys/uvm/uvm_map.c:1793 shm_delete_mapping(fffffd806c77a2e8,ffff800000b0f008) at shm_delete_mapping+0x168 sys/kern/sysv_shm.c:176 syscall(ffff80003392d760) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa2c35c42530, count: -7 ddb> show registers rdi 0xbc3442a66ac93fca rsi 0x1 rbp 0xffff80003392d4b0 rbx 0xfffffd806c77a2e8 rdx 0 rcx 0 rax 0xffff80002a7f3498 r8 0 r9 0x1 r10 0 r11 0xdc381fbfeb4b88c8 r12 0xfffffd806c77a2e8 r13 0xffff80002a7f349c r14 0xbc3442a66ac93fca r15 0x1 rip 0xffffffff81450ac3 rw_do_enter_write+0x43 cs 0x8 rflags 0x10286 __ALIGN_SIZE+0xf286 rsp 0xffff80003392d460 ss 0x10 rw_do_enter_write+0x43: movq 0(%r14),%r12 ddb> show proc PROC (syz-executor) tid=293883 pid=34137 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a8007d0,0xffff80002a7f2a68 process=0xffff8000339255d0 user=0xffff800033928000, vmspace=0xfffffd806c77a2e8 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 34137 97387 89015 0 2 0 syz-executor 34137 14777 89015 0 2 0x4000000 syz-executor *34137 293883 89015 0 7 0x4000000 syz-executor 34137 383138 89015 0 3 0x4000080 fsleep syz-executor 82014 439754 36760 0 3 0x80 fsleep syz-executor 82014 371428 36760 0 2 0x4000000 syz-executor 67516 459410 27994 0 3 0x80 fsleep syz-executor 67516 252301 27994 0 2 0x4000000 syz-executor 68025 189073 72612 0 3 0x80 fsleep syz-executor 68025 131581 72612 0 3 0x4000080 sbwait syz-executor 52623 131448 31221 0 3 0x80 fsleep syz-executor 52623 292785 31221 0 3 0x4000080 sbwait syz-executor 84085 352191 16860 0 3 0x80 fsleep syz-executor 84085 155834 16860 0 2 0x4000000 syz-executor 16860 180595 78416 0 3 0x82 wait syz-executor 34695 275510 1 0 3 0x100083 ttyin getty 72612 217707 78416 0 2 0x3 syz-executor 57889 366285 0 0 3 0x14200 bored sosplice 78402 430947 0 0 3 0x14200 acct acct 42734 287362 78416 0 2 0x2 syz-executor 36760 22913 78416 0 3 0x82 nanoslp syz-executor 31221 132281 78416 0 2 0x3 syz-executor 95239 125491 78416 0 2 0x2 syz-executor 89015 327248 78416 0 3 0x82 nanoslp syz-executor 27994 40947 78416 0 2 0x3 syz-executor 78416 145570 38270 0 3 0x82 kqread syz-executor 38270 65713 44654 0 3 0x10008a sigsusp ksh 44654 401003 66543 0 3 0x98 kqread sshd-session 66543 57964 27830 0 3 0x92 kqread sshd-session 27830 299406 1 0 3 0x88 kqread sshd 68127 182164 19596 73 3 0x1100090 kqread syslogd 19596 179203 1 0 3 0x100082 sbwait syslogd 61127 418979 1 0 3 0x100080 kqread resolvd 24636 260328 34339 77 3 0x100092 kqread dhcpleased 29889 516449 34339 77 3 0x100092 kqread dhcpleased 34339 64145 1 0 3 0x80 kqread dhcpleased 8656 123984 0 0 3 0x14200 bored smr 38150 280044 0 0 2 0x14200 zerothread 92335 452159 0 0 3 0x14200 aiodoned aiodoned 58658 264381 0 0 3 0x14200 syncer update 20018 448206 0 0 3 0x14200 cleaner cleaner 14247 480486 0 0 3 0x14200 reaper reaper 61717 53012 0 0 3 0x14200 pgdaemon pagedaemon 51759 483048 0 0 3 0x14200 bored viomb 31386 474018 0 0 3 0x40014200 acpi0 acpi0 61434 422652 0 0 3 0x14200 bored softnet3 62999 432760 0 0 3 0x14200 bored softnet2 75371 286520 0 0 3 0x14200 bored softnet1 10561 403031 0 0 3 0x14200 bored softnet0 43041 417583 0 0 3 0x14200 bored systqmp 1548 418160 0 0 3 0x14200 bored systq 19529 86174 0 0 3 0x40014200 tmoslp softclock 61543 114930 0 0 3 0x40014200 idle0 1 508672 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10204 11049K 11569K 166960K 13247 0 pcb 17 12K 12K 166960K 138 0 rtable 204 8K 9K 166960K 528 0 pf 31 13K 15K 166960K 115 0 ifaddr 38 7K 8K 166960K 90 0 ifgroup 46 2K 2K 166960K 141 0 sysctl 4 1K 1K 166960K 4 0 counters 29 17K 17K 166960K 73 0 ioctlops 0 0K 4K 166960K 287 0 iov 2 8K 20K 166960K 115 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1462 92K 92K 166960K 2392 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 6K 9K 166960K 18 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 62 0 dirhash 12 2K 2K 166960K 24 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 97K 166960K 1046 0 sigio 0 0K 0K 166960K 15 0 proc 60 59K 100K 166960K 661 0 subproc 72 4K 4K 166960K 91 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 121 0 in_multi 84 6K 7K 166960K 154 0 ether_multi 1 0K 0K 166960K 6 0 mrt 0 0K 0K 166960K 2 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 253 1129K 1129K 166960K 253 0 exec 0 0K 1K 166960K 546 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 203 72K 88K 166960K 10946 0 UVM aobj 19 2K 4K 166960K 31 0 pinsyscall 37 74K 96K 166960K 2134 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 50 0 NDP 10 0K 2K 166960K 62 0 temp 55 8642K 8770K 166960K 56203 0 kqueue 13 20K 36K 166960K 214 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 183 0 180 2 1 1 2 0 8 0 rtentry 112 162 0 75 4 0 4 4 0 8 0 unpcb 144 1179 0 1159 6 5 1 6 0 8 0 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 808 426 0 422 10 6 4 7 0 8 3 arp 88 28 0 11 1 0 1 1 0 8 0 ipq 40 4 0 0 1 0 1 1 0 8 0 ipqe 40 7 0 2 1 0 1 1 0 8 0 inpcb 344 1094 0 1083 11 6 5 8 0 8 4 nd6 104 36 0 15 1 0 1 1 0 8 0 pkpcb 40 6 0 6 2 2 0 1 0 8 0 kcovpl 48 10 0 2 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1072 32 0 32 1 0 1 1 0 8 1 pppxif 1376 2 0 2 2 1 1 1 0 8 1 pfstscr 40 2 0 2 2 1 1 1 0 8 1 pftag 88 1 0 0 1 0 1 1 0 8 0 pfqueue 320 1 0 1 1 1 0 1 0 8 0 pfstitem 24 4 0 0 1 0 1 1 0 8 0 pfstkey 128 10 0 6 1 0 1 1 0 8 0 pfstate 344 5 0 3 1 0 1 1 0 8 0 pfrule 1344 5 0 5 1 1 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 618 0 246 29 3 26 29 0 8 0 art_table 32 619 0 246 4 0 4 4 0 8 0 art_node 16 160 0 87 1 0 1 1 0 8 0 sysvmsgpl 40 30 0 4 1 0 1 1 0 8 0 semapl 112 60 0 50 1 0 1 1 0 8 0 shmpl 112 28 0 11 1 0 1 1 0 8 0 dirhash 1024 25 0 8 3 0 3 3 0 8 0 dino2pl 256 3237 0 1737 95 0 95 95 0 8 0 ffsino 248 3237 0 1737 95 0 95 95 0 8 0 nchpl 144 4687 0 3003 63 0 63 63 0 8 0 rtmask 32 4 0 4 1 0 1 1 0 8 1 uvmvnodes 80 4060 0 0 83 0 83 83 0 8 0 vnodes 216 4060 0 0 226 0 226 226 0 8 0 namei 1024 18194 0 18193 3 2 1 2 0 8 0 kstatmem 264 84 0 64 2 0 2 2 0 8 0 scsiplug 72 4 0 4 2 1 1 1 0 8 1 scxspl 216 15288 0 15288 11 8 3 8 1 8 3 plimitpl 152 412 0 395 1 0 1 1 0 8 0 sigapl 424 1325 0 1279 7 1 6 7 0 8 0 futexpl 64 14663 0 14657 1 0 1 1 0 8 0 knotepl 120 332047 0 332000 39 35 4 23 0 8 1 kqueuepl 184 520 0 511 4 3 1 4 0 8 0 pipepl 296 168 0 141 3 0 3 3 0 8 0 fdescpl 440 1307 0 1279 5 1 4 5 0 8 0 filepl 120 9853 0 9632 15 6 9 15 0 8 0 lockfpl 104 234 0 231 1 0 1 1 0 8 0 lockfspl 48 100 0 97 1 0 1 1 0 8 0 sessionpl 144 24 0 16 1 0 1 1 0 8 0 pgrppl 48 42 0 26 1 0 1 1 0 8 0 ucredpl 104 1574 0 1563 1 0 1 1 0 8 0 zombiepl 144 1340 0 1340 2 1 1 1 0 8 1 processpl 1112 1325 0 1279 4 0 4 4 0 8 0 procpl 656 2703 0 2649 6 0 6 6 0 8 0 sosppl 168 2 0 2 1 1 0 1 0 8 0 sockpl 528 2477 0 2443 19 14 5 16 0 8 2 mcl64k 65536 15 0 15 2 1 1 1 0 8 1 mcl9k 9216 1 0 1 1 1 0 1 0 8 0 mcl8k 8192 15 0 15 3 2 1 1 0 8 1 mcl4k 4096 3636 0 3583 16 7 9 14 0 8 1 mcl2k 2048 1019 0 1011 5 3 2 4 0 8 0 mtagpl 96 56 0 12 2 0 2 2 0 8 0 mbufpl 256 13264 0 13038 22 5 17 21 0 8 0 bufpl 280 4662 0 141 323 0 323 323 0 8 0 anonpl 24 201569 0 190871 84 0 84 84 0 187 8 amapchunkpl 152 36601 0 36094 39 11 28 35 0 158 4 amappl16 200 3952 0 3538 35 4 31 31 0 8 4 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 109 0 99 1 0 1 1 0 8 0 amappl13 176 3 0 3 1 1 0 1 0 8 0 amappl12 168 1952 0 1924 2 0 2 2 0 8 0 amappl11 160 45 0 34 1 0 1 1 0 8 0 amappl10 152 14 0 13 1 0 1 1 0 8 0 amappl9 144 253 0 253 1 1 0 1 0 8 0 amappl8 136 26 0 24 1 0 1 1 0 8 0 amappl7 128 101 0 91 1 0 1 1 0 8 0 amappl6 120 194 0 191 1 0 1 1 0 8 0 amappl5 112 122 0 115 1 0 1 1 0 8 0 amappl4 104 298 0 283 1 0 1 1 0 8 0 amappl3 96 7148 0 7052 4 0 4 4 0 8 0 amappl2 88 648 0 592 2 0 2 2 0 8 0 amappl1 80 10311 0 9802 13 1 12 13 0 8 0 amappl 88 10499 0 10344 5 0 5 5 0 92 0 dma16384 16384 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 256 0 256 3 2 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 30 0 12 1 0 1 1 0 8 0 uaddrrnd 24 1307 0 1279 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1307 0 1279 1 0 1 1 0 8 0 vmmpekpl 168 11107 0 11070 3 0 3 3 0 8 0 vmmpepl 168 83200 0 81145 106 4 102 102 0 357 3 vmsppl 360 1306 0 1279 4 1 3 4 0 8 0 rwobjpl 32 27352 0 22067 45 1 44 44 0 8 0 pdppl 4096 2620 0 2558 106 40 66 82 0 8 4 pvpl 32 564071 0 547554 182 14 168 168 0 265 20 pmappl 216 1306 0 1279 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 301 0 74 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace rw_do_enter_write(bc3442a66ac93fca,1) at rw_do_enter_write+0x43 rw_cas sys/kern/kern_rwlock.c:52 [inline] rw_do_enter_write(bc3442a66ac93fca,1) at rw_do_enter_write+0x43 sys/kern/kern_rwlock.c:236 uvm_unmap_kill_entry_withlock(fffffd806c77a2e8,fffffd806c09bcd8,1) at uvm_unmap_kill_entry_withlock+0x140 sys/uvm/uvm_map.c:1867 uvm_unmap_remove(fffffd806c77a2e8,400000002000,400000003000,ffff80003392d5c8,0,1,32cb1da668c0b912) at uvm_unmap_remove+0x6a6 sys/uvm/uvm_map.c:2002 uvm_unmap(fffffd806c77a2e8,400000002000,400000003000) at uvm_unmap+0xab sys/uvm/uvm_map.c:1793 shm_delete_mapping(fffffd806c77a2e8,ffff800000b0f008) at shm_delete_mapping+0x168 sys/kern/sysv_shm.c:176 syscall(ffff80003392d760) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa2c35c42530, count: -7 ddb> machine ddbcpu 1 No such command ddb> trace rw_do_enter_write(bc3442a66ac93fca,1) at rw_do_enter_write+0x43 rw_cas sys/kern/kern_rwlock.c:52 [inline] rw_do_enter_write(bc3442a66ac93fca,1) at rw_do_enter_write+0x43 sys/kern/kern_rwlock.c:236 uvm_unmap_kill_entry_withlock(fffffd806c77a2e8,fffffd806c09bcd8,1) at uvm_unmap_kill_entry_withlock+0x140 sys/uvm/uvm_map.c:1867 uvm_unmap_remove(fffffd806c77a2e8,400000002000,400000003000,ffff80003392d5c8,0,1,32cb1da668c0b912) at uvm_unmap_remove+0x6a6 sys/uvm/uvm_map.c:2002 uvm_unmap(fffffd806c77a2e8,400000002000,400000003000) at uvm_unmap+0xab sys/uvm/uvm_map.c:1793 shm_delete_mapping(fffffd806c77a2e8,ffff800000b0f008) at shm_delete_mapping+0x168 sys/kern/sysv_shm.c:176 syscall(ffff80003392d760) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa2c35c42530, count: -7