Qgw$:uh=/b?xؗۿT9VD/ =[nrr9[~Ev% hȁAQ9:׏YYZQ>"ױ!957E1Ϋ)7Â&*'8Ǝ浍u{+=ۇ}ś'05Of)9Je'[pߧddږ–ykernel: protection fault trap, code=0 Stopped at sys_msgrcv+0x3f2: movq 0x10(%r13),%rdi ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace sys_msgrcv(ffff80002a7f1210,ffff80003c9d76a0,ffff80003c9d75f0) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80002a7f1210,ffff80003c9d76a0,ffff80003c9d75f0) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff80003c9d76a0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9d76a0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:637 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4fcbd3779f0, count: -3 ddb> show registers rdi 0 rsi 0x200000001208 rbp 0xffff80003c9d75c0 rbx 0 rdx 0xffff80000143e980 rcx 0 rax 0xa r8 0x7f7fffffc000 r9 0 r10 0x8daddfc6ea58def0 r11 0x5561f82959057fcf r12 0xfffffd8067c10f28 r13 0xdeadbeefdeadbeef r14 0xffff8000014c6c00 r15 0xa rip 0xffffffff812aa702 sys_msgrcv+0x3f2 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff80003c9d7520 ss 0x10 sys_msgrcv+0x3f2: movq 0x10(%r13),%rdi ddb> show proc PROC (syz-executor) tid=163305 pid=460 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=36, usrpri=78, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a7f07d0,0xffff80002a7bd4a8 process=0xffff8000319168e0 user=0xffff80003c9d2000, vmspace=0xfffffd806c198450 estcpu=28, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 67918 370019 57724 0 2 0 syz-executor 67918 266118 57724 0 2 0x4000000 syz-executor 21541 187955 26424 0 2 0 syz-executor 21541 14043 26424 0 2 0x4000000 syz-executor 9766 215487 26385 0 2 0 syz-executor 9766 262938 26385 0 3 0x4000080 fsleep syz-executor 460 402901 56360 0 2 0 syz-executor * 460 163305 56360 0 7 0x4000000 syz-executor 460 193133 56360 0 3 0x4000080 fsleep syz-executor 460 183062 56360 0 2 0x4000000 syz-executor 57724 298151 15296 0 3 0x82 nanoslp syz-executor 19463 347461 15296 0 2 0x2 syz-executor 88681 259378 1 0 3 0x100083 ttyopn getty 81079 141707 15296 0 2 0x2 syz-executor 90038 3929 0 0 3 0x14200 bored sosplice 26385 25347 15296 0 3 0x82 nanoslp syz-executor 92566 194939 15296 0 2 0x2 syz-executor 26424 175085 15296 0 3 0x82 nanoslp syz-executor 86058 49945 15296 0 3 0x82 wait syz-executor 56360 67548 15296 0 3 0x82 nanoslp syz-executor 15296 437000 28933 0 3 0x82 kqread syz-executor 28933 130041 17452 0 3 0x10008a sigsusp ksh 17452 112387 52764 0 3 0x98 kqread sshd-session 52764 304435 75905 0 3 0x92 kqread sshd-session 75905 192040 1 0 3 0x88 kqread sshd 18570 159796 71023 73 3 0x1100090 kqread syslogd 71023 320518 1 0 3 0x100082 sbwait syslogd 75177 168190 1 0 3 0x100080 kqread resolvd 42736 56089 32300 77 3 0x100092 kqread dhcpleased 97038 353899 32300 77 3 0x100092 kqread dhcpleased 32300 383184 1 0 3 0x80 kqread dhcpleased 8638 202016 0 0 3 0x14200 bored smr 31061 414288 0 0 2 0x14200 zerothread 56488 219051 0 0 3 0x14200 aiodoned aiodoned 16388 36961 0 0 3 0x14200 syncer update 63089 276651 0 0 3 0x14200 cleaner cleaner 46686 411178 0 0 3 0x14200 reaper reaper 23484 365925 0 0 3 0x14200 pgdaemon pagedaemon 86007 282522 0 0 3 0x14200 bored viomb 53975 326157 0 0 3 0x40014200 acpi0 acpi0 401 253680 0 0 3 0x14200 bored softnet3 79189 28136 0 0 3 0x14200 bored softnet2 18846 307857 0 0 3 0x14200 bored softnet1 89690 131609 0 0 2 0x14200 softnet0 35772 157146 0 0 3 0x14200 bored systqmp 65898 169403 0 0 3 0x14200 bored systq 41638 414059 0 0 3 0x40014200 tmoslp softclock 74055 400497 0 0 3 0x40014200 idle0 1 54010 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10163 11034K 11515K 166960K 13354 0 pcb 17 12K 12K 166960K 181 0 rtable 93 12K 13K 166960K 707 0 pf 28 13K 18K 166960K 289 0 ifaddr 17 3K 8K 166960K 180 0 ifgroup 30 1K 2K 166960K 291 0 sysctl 3 1K 9K 166960K 7 0 counters 27 17K 18K 166960K 182 0 ioctlops 0 0K 6K 166960K 256 0 iov 0 0K 16K 166960K 42 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1333 84K 85K 166960K 2578 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 12 0 VM map 2 1K 1K 166960K 2 0 sem 11 0K 0K 166960K 37 0 dirhash 12 2K 3K 166960K 57 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 240K 166960K 1680 0 sigio 0 0K 0K 166960K 36 0 proc 60 59K 91K 166960K 668 0 subproc 72 4K 4K 166960K 108 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 127 0 in_multi 25 1K 7K 166960K 241 0 ether_multi 1 0K 0K 166960K 20 0 mrt 1 0K 0K 166960K 15 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 55 254K 254K 166960K 55 0 exec 0 0K 1K 166960K 483 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 210 143K 170K 166960K 16589 0 UVM aobj 21 10K 10K 166960K 26 0 pinsyscall 37 74K 94K 166960K 2910 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 154 0 NDP 6 0K 2K 166960K 117 0 temp 56 8683K 8809K 166960K 52389 0 kqueue 13 20K 30K 166960K 191 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 72 0 69 1 0 1 1 0 8 0 rtentry 136 221 0 200 4 0 4 4 0 8 1 unpcb 144 424 0 409 2 0 2 2 0 8 1 syncache 336 28 0 28 2 1 1 1 0 8 1 tcpqe 32 19 0 19 1 0 1 1 0 8 1 tcpcb 736 323 0 313 2 0 2 2 0 8 0 arp 88 33 0 28 1 0 1 1 0 8 0 ipq 40 7 0 7 1 0 1 1 0 8 1 ipqe 40 9 0 9 1 0 1 1 0 8 1 inpcb 328 1154 0 1141 3 0 3 3 0 8 1 ip6q 72 3 0 3 1 0 1 1 0 8 1 ip6af 40 4 0 4 1 0 1 1 0 8 1 nd6 104 39 0 36 1 0 1 1 0 8 0 pkpcb 40 11 0 11 1 0 1 1 0 8 1 kcovpl 48 12 0 4 1 0 1 1 0 8 0 ppxss 1072 118 0 118 2 1 1 1 0 8 1 pppxif 1384 23 0 23 1 0 1 1 0 8 1 pfstscr 40 6 0 6 1 0 1 1 0 8 1 pfosfp 40 1 0 0 1 0 1 1 0 8 0 pfosfpen 112 1 0 0 1 0 1 1 0 8 0 pfrktable 1344 18 0 15 1 0 1 1 0 8 0 pfanchor 1288 9 0 2 1 0 1 1 0 8 0 pftag 88 4 0 1 1 0 1 1 0 8 0 pfqueue 320 3 0 2 1 0 1 1 0 8 0 pfstitem 24 23 0 17 1 0 1 1 0 8 0 pfstkey 128 36 0 14 1 0 1 1 0 8 0 pfstate 384 20 0 17 1 0 1 1 0 8 0 pfrule 1344 25 0 18 1 0 1 1 0 8 0 rttmr 136 5 0 5 1 0 1 1 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 1091 0 985 29 14 15 29 0 8 8 art_table 32 1093 0 985 4 0 4 4 0 8 2 art_node 16 211 0 193 1 0 1 1 0 8 0 sysvmsgpl 40 19 0 18 1 0 1 1 0 8 0 semupl 112 2 0 2 1 0 1 1 0 8 1 semapl 112 29 0 20 1 0 1 1 0 8 0 shmpl 112 23 0 5 1 0 1 1 0 8 0 dirhash 1024 48 0 31 3 0 3 3 0 8 0 dino2pl 256 4106 0 2610 95 0 95 95 0 8 0 ffsino 248 4106 0 2610 95 0 95 95 0 8 0 nchpl 144 5905 0 4218 64 0 64 64 0 8 0 rtmask 32 29 0 29 2 1 1 1 0 8 1 uvmvnodes 80 4906 0 0 101 0 101 101 0 8 0 vnodes 216 4906 0 0 273 0 273 273 0 8 0 namei 1024 16615 0 16615 4 2 2 2 0 8 2 pfiaddrpl 120 5 0 2 1 0 1 1 0 8 0 kstatmem 264 182 0 170 3 0 3 3 0 8 1 acpiwqpl 32 2 0 2 1 0 1 1 1 8 1 scsiplug 72 13 0 13 1 0 1 1 0 8 1 scxspl 216 18241 0 18241 10 2 8 8 1 8 8 plimitpl 152 138 0 122 1 0 1 1 0 8 0 sigapl 424 1962 0 1917 7 1 6 7 0 8 0 knotepl 120 369238 0 369191 34 22 12 17 0 8 8 kqueuepl 184 327 0 318 1 0 1 1 0 8 0 pipepl 296 176 0 148 3 0 3 3 0 8 0 fdescpl 440 1944 0 1916 5 1 4 5 0 8 0 filepl 120 6988 0 6776 8 0 8 8 0 8 0 lockfpl 104 322 0 319 1 0 1 1 0 8 0 lockfspl 48 160 0 157 1 0 1 1 0 8 0 sessionpl 144 47 0 39 1 0 1 1 0 8 0 pgrppl 48 88 0 72 1 0 1 1 0 8 0 ucredpl 104 860 0 849 1 0 1 1 0 8 0 zombiepl 144 2691 0 2690 1 0 1 1 0 8 0 processpl 1160 1962 0 1917 4 0 4 4 0 8 0 procpl 656 4252 0 4201 6 0 6 6 0 8 0 sosppl 168 62 0 62 2 1 1 1 0 8 1 sockpl 528 1664 0 1633 4 0 4 4 0 8 1 mcl64k 65536 974 0 974 2 1 1 1 0 8 1 mcl16k 16384 240 0 240 2 1 1 1 0 8 1 mcl12k 12288 168 0 168 2 1 1 1 0 8 1 mcl9k 9216 53 0 53 2 1 1 1 0 8 1 mcl8k 8192 251 0 251 2 1 1 1 0 8 1 mcl4k 4096 5683 0 5631 14 6 8 13 0 8 1 mcl2k2 2112 6 0 6 1 0 1 1 0 8 1 mcl2k 2048 881 0 881 2 0 2 2 0 8 2 mtagpl 96 50 0 49 1 0 1 1 0 8 0 mbufpl 256 27039 0 26958 21 5 16 17 0 8 8 bufpl 280 4625 0 121 322 0 322 322 0 8 0 anonpl 24 244770 0 236567 78 2 76 76 0 187 0 amapchunkpl 152 54169 0 53668 33 1 32 32 0 158 7 amappl16 200 3764 0 3500 30 3 27 27 0 8 1 amappl15 192 10 0 10 1 1 0 1 0 8 0 amappl14 184 153 0 143 1 0 1 1 0 8 0 amappl13 176 5 0 5 1 1 0 1 0 8 0 amappl12 168 2642 0 2614 2 0 2 2 0 8 0 amappl11 160 44 0 34 1 0 1 1 0 8 0 amappl10 152 4 0 4 1 1 0 1 0 8 0 amappl9 144 254 0 254 1 1 0 1 0 8 0 amappl8 136 23 0 21 1 0 1 1 0 8 0 amappl7 128 127 0 117 1 0 1 1 0 8 0 amappl6 120 228 0 225 1 0 1 1 0 8 0 amappl5 112 133 0 127 1 0 1 1 0 8 0 amappl4 104 373 0 358 1 0 1 1 0 8 0 amappl3 96 11438 0 11347 4 0 4 4 0 8 0 amappl2 88 833 0 778 2 0 2 2 0 8 0 amappl1 80 19308 0 18780 18 1 17 17 0 8 2 amappl 88 15652 0 15504 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma512 512 1 0 1 1 0 1 1 0 8 1 dma256 256 7 0 7 1 1 0 1 0 8 0 dma128 128 262 0 262 2 1 1 1 0 8 1 dma64 64 7 0 7 2 1 1 1 0 8 1 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 21 0 20 1 0 1 1 0 8 0 aobjpl 72 25 0 5 1 0 1 1 0 8 0 uaddrrnd 24 1944 0 1916 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1944 0 1916 1 0 1 1 0 8 0 vmmpekpl 168 16931 0 16884 3 0 3 3 0 8 0 vmmpepl 168 130129 0 128144 115 2 113 113 0 357 5 vmsppl 360 1943 0 1916 4 1 3 4 0 8 0 rwobjpl 32 39510 0 33532 49 0 49 49 0 8 0 pdppl 4096 3895 0 3832 147 80 67 83 0 8 4 pvpl 32 859434 0 845910 166 7 159 159 0 265 9 pmappl 216 1943 0 1916 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 331 0 113 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace sys_msgrcv(ffff80002a7f1210,ffff80003c9d76a0,ffff80003c9d75f0) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80002a7f1210,ffff80003c9d76a0,ffff80003c9d75f0) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff80003c9d76a0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9d76a0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:637 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4fcbd3779f0, count: -3 ddb> machine ddbcpu 1 No such command ddb> trace sys_msgrcv(ffff80002a7f1210,ffff80003c9d76a0,ffff80003c9d75f0) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80002a7f1210,ffff80003c9d76a0,ffff80003c9d75f0) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff80003c9d76a0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9d76a0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:637 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4fcbd3779f0, count: -3