kernel: protection fault trap, code=0 Stopped at sys_msgrcv+0x3f2: movq 0x10(%r13),%rdi ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace sys_msgrcv(ffff80002dfde538,ffff80003761b250,ffff80003761b1a0) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80002dfde538,ffff80003761b250,ffff80003761b1a0) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff80003761b250) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3b743d63540, count: -3 ddb> show registers rdi 0 rsi 0x20001208 rbp 0xffff80003761b170 rbx 0 rdx 0xffff80000125e100 rcx 0 rax 0xa r8 0x7f7fffffc000 r9 0 r10 0xc5db6425c120e405 r11 0xd7804c5cdfd73bdf r12 0xfffffd8066becca8 r13 0xdeadbeefdeadbeef r14 0xffff800001322000 r15 0xa rip 0xffffffff8226b6a2 sys_msgrcv+0x3f2 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff80003761b0d0 ss 0x10 sys_msgrcv+0x3f2: movq 0x10(%r13),%rdi ddb> show proc PROC (syz-executor) tid=279518 pid=9952 tcnt=4 stat=onproc flags process=10 proc=4000000 runpri=36, usrpri=83, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002dfdf1e0,0xffff80002dfdef68 process=0xffff8000ffff48a8 user=0xffff800037616000, vmspace=0xfffffd807e1fcdd8 estcpu=33, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 85205 124999 94338 0 2 0 syz-executor 85205 150023 94338 0 3 0x4000080 fsleep syz-executor 85205 517266 94338 0 3 0x4000080 fsleep syz-executor 18755 302498 55929 0 2 0 syz-executor 18755 264393 55929 0 3 0x4000080 fsleep syz-executor 18755 315827 55929 0 3 0x4000080 fsleep syz-executor 62392 443838 5932 0 2 0 syz-executor 62392 180577 5932 0 3 0x4000080 netcon syz-executor 62392 151731 5932 0 3 0x4000080 fsleep syz-executor 69810 269949 12179 0 3 0x80 nanoslp syz-executor 69810 512050 12179 0 3 0x4000080 sbwait syz-executor 69810 298686 12179 0 3 0x4000080 fsleep syz-executor 9952 191658 46589 60928 2 0x10 syz-executor * 9952 279518 46589 60928 7 0x4000010 syz-executor 9952 294330 46589 60928 3 0x4000090 fsleep syz-executor 9952 202769 46589 60928 2 0x4000010 syz-executor 30231 478358 0 0 3 0x14200 acct acct 12179 376862 17048 0 3 0x82 nanoslp syz-executor 94338 487910 17048 0 3 0x82 nanoslp syz-executor 55929 79747 17048 0 3 0x82 nanoslp syz-executor 96403 449409 0 0 3 0x14200 bored sosplice 5932 124507 17048 0 3 0x82 nanoslp syz-executor 82947 283246 17048 0 2 0x2 syz-executor 86469 38973 17048 0 3 0x82 nanoslp syz-executor 80708 482992 17048 0 2 0x2 syz-executor 46589 485605 17048 0 3 0x82 nanoslp syz-executor 17048 278147 56564 0 3 0x82 kqread syz-executor 56564 436334 11035 0 3 0x10008a sigsusp ksh 11035 124032 20101 0 3 0x98 kqread sshd-session 20101 386656 81680 0 3 0x92 kqread sshd-session 66897 71819 1 0 3 0x100083 ttyopn getty 81680 367962 1 0 3 0x88 kqread sshd 56272 61091 35493 73 3 0x1100090 kqread syslogd 35493 411805 1 0 3 0x100082 sbwait syslogd 58342 260525 1 0 3 0x100080 kqread resolvd 95052 496720 25927 77 3 0x100092 kqread dhcpleased 62487 146638 25927 77 3 0x100092 kqread dhcpleased 25927 356884 1 0 3 0x80 kqread dhcpleased 20359 176542 0 0 3 0x14200 bored smr 26727 176876 0 0 2 0x14200 zerothread 97588 334634 0 0 3 0x14200 aiodoned aiodoned 35734 407343 0 0 3 0x14200 syncer update 17745 91582 0 0 3 0x14200 cleaner cleaner 25989 400037 0 0 3 0x14200 reaper reaper 42346 63934 0 0 3 0x14200 pgdaemon pagedaemon 99612 262239 0 0 3 0x14200 bored viomb 52211 434149 0 0 3 0x40014200 acpi0 acpi0 37064 455646 0 0 3 0x14200 bored softnet3 73475 176264 0 0 3 0x14200 bored softnet2 27043 480968 0 0 3 0x14200 bored softnet1 49780 515056 0 0 2 0x14200 softnet0 38688 21225 0 0 3 0x14200 bored systqmp 18067 36706 0 0 3 0x14200 bored systq 11447 429820 0 0 3 0x40014200 tmoslp softclock 42887 196968 0 0 3 0x40014200 idle0 1 145278 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10207 11055K 11529K 166960K 13147 0 pcb 19 15K 16K 166960K 299 0 rtable 209 15K 15K 166960K 585 0 pf 37 14K 17K 166960K 95 0 ifaddr 43 7K 8K 166960K 85 0 ifgroup 58 2K 2K 166960K 122 0 sysctl 4 1K 2K 166960K 8 0 counters 32 17K 17K 166960K 51 0 ioctlops 0 0K 4K 166960K 324 0 iov 0 0K 28K 166960K 178 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1482 93K 94K 166960K 2566 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 20 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 125 0 dirhash 12 2K 2K 166960K 42 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 16 57K 97K 166960K 1437 0 sigio 1 0K 0K 166960K 66 0 proc 60 59K 116K 166960K 696 0 subproc 104 6K 6K 166960K 143 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 1 0K 0K 166960K 295 0 in_multi 84 6K 7K 166960K 183 0 ether_multi 1 0K 0K 166960K 11 0 mrt 2 0K 0K 166960K 5 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 223 996K 996K 166960K 223 0 exec 0 0K 1K 166960K 720 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 237 73K 94K 166960K 14715 0 UVM aobj 41 4K 4K 166960K 42 0 pinsyscall 37 74K 96K 166960K 2543 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 0K 166960K 69 0 NDP 13 0K 2K 166960K 56 0 temp 75 6819K 6887K 166960K 97099 0 kqueue 13 20K 28K 166960K 230 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 156 0 153 2 1 1 2 0 8 0 rtentry 112 183 0 92 4 0 4 4 0 8 0 unpcb 144 1217 0 1198 11 5 6 6 0 8 5 syncache 336 4 0 4 1 1 0 1 0 8 0 tcpqe 32 1 0 1 1 1 0 1 0 8 0 tcpcb 808 419 0 413 7 5 2 7 0 8 1 arp 88 35 0 15 1 0 1 1 0 8 0 ipq 40 5 0 2 1 0 1 1 0 8 0 ipqe 40 5 0 2 1 0 1 1 0 8 0 inpcb 336 1885 0 1869 10 8 2 10 0 8 0 nd6 104 39 0 20 1 0 1 1 0 8 0 pkpcb 40 9 0 9 2 1 1 1 0 8 1 kcovpl 48 11 0 3 1 0 1 1 0 8 0 ppxss 1072 9 0 9 1 0 1 1 0 8 1 pfstscr 40 1 0 1 1 1 0 1 0 8 0 pfrktable 1344 1 0 1 1 1 0 1 0 8 0 pfanchor 1288 2 0 0 1 0 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 4 0 2 1 0 1 1 0 8 0 pfstate 344 2 0 1 1 0 1 1 0 8 0 pfrule 1344 7 0 7 1 1 0 1 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 716 0 324 32 6 26 30 0 8 0 art_table 32 719 0 324 4 0 4 4 0 8 0 art_node 16 181 0 102 1 0 1 1 0 8 0 sysvmsgpl 40 13 0 9 1 0 1 1 0 8 0 semupl 112 4 0 4 1 1 0 1 0 8 0 semapl 112 121 0 111 1 0 1 1 0 8 0 shmpl 112 39 0 1 2 0 2 2 0 8 0 dirhash 1024 38 0 21 3 0 3 3 0 8 0 dino2pl 256 3960 0 2462 95 0 95 95 0 8 0 ffsino 240 3960 0 2462 89 0 89 89 0 8 0 nchpl 144 6022 0 4343 63 0 63 63 0 8 0 uvmvnodes 80 4778 0 0 98 0 98 98 0 8 0 vnodes 216 4778 0 0 266 0 266 266 0 8 0 namei 1024 21372 0 21372 2 1 1 1 0 8 1 kstatmem 264 64 0 38 2 0 2 2 0 8 0 scsiplug 72 6 0 6 2 1 1 1 0 8 1 scxspl 216 17328 0 17328 9 7 2 8 1 8 2 plimitpl 152 336 0 320 1 0 1 1 0 8 0 sigapl 424 1716 0 1670 7 1 6 7 0 8 0 futexpl 64 19570 0 19563 1 0 1 1 0 8 0 knotepl 120 255276 0 255229 30 19 11 17 0 8 8 kqueuepl 184 446 0 436 5 3 2 4 0 8 1 pipepl 288 225 0 198 3 0 3 3 0 8 0 fdescpl 432 1696 0 1668 5 1 4 5 0 8 0 filepl 120 11556 0 11308 16 4 12 13 0 8 3 lockfpl 104 496 0 494 1 0 1 1 0 8 0 lockfspl 48 171 0 169 1 0 1 1 0 8 0 sessionpl 144 25 0 17 1 0 1 1 0 8 0 pgrppl 48 45 0 29 1 0 1 1 0 8 0 ucredpl 104 2173 0 2160 1 0 1 1 0 8 0 zombiepl 144 1890 0 1889 2 1 1 1 0 8 0 processpl 1096 1716 0 1670 4 0 4 4 0 8 0 procpl 648 3751 0 3694 6 0 6 6 0 8 0 sosppl 168 7 0 7 2 1 1 1 0 8 1 sockpl 504 3295 0 3258 57 44 13 21 0 8 8 mcl64k 65536 8 0 8 2 1 1 1 0 8 1 mcl9k 9216 1 0 1 1 1 0 1 0 8 0 mcl8k 8192 24 0 24 2 1 1 1 0 8 1 mcl4k 4096 4408 0 4356 16 9 7 16 0 8 0 mcl2k 2048 1429 0 1423 3 1 2 2 0 8 1 mtagpl 96 99 0 21 2 0 2 2 0 8 0 mbufpl 256 18670 0 18448 16 1 15 16 0 8 0 bufpl 280 4907 0 102 344 0 344 344 0 8 0 anonpl 24 340700 0 333442 87 24 63 87 0 187 0 amapchunkpl 152 57107 0 56516 45 14 31 38 0 158 5 amappl16 200 9225 0 9021 32 11 21 32 0 8 1 amappl15 192 14 0 14 1 1 0 1 0 8 0 amappl14 184 121 0 111 1 0 1 1 0 8 0 amappl13 176 16 0 16 1 1 0 1 0 8 0 amappl12 168 2363 0 2334 2 0 2 2 0 8 0 amappl11 160 52 0 41 1 0 1 1 0 8 0 amappl10 152 13 0 13 1 1 0 1 0 8 0 amappl9 144 154 0 154 1 1 0 1 0 8 0 amappl8 136 26 0 24 1 0 1 1 0 8 0 amappl7 128 132 0 122 1 0 1 1 0 8 0 amappl6 120 198 0 197 1 0 1 1 0 8 0 amappl5 112 141 0 132 1 0 1 1 0 8 0 amappl4 104 311 0 294 1 0 1 1 0 8 0 amappl3 96 8938 0 8838 3 0 3 3 0 8 0 amappl2 88 1985 0 1908 2 0 2 2 0 8 0 amappl1 80 11605 0 11093 13 1 12 13 0 8 0 amappl 88 14235 0 14051 5 0 5 5 0 92 0 dma16384 16384 1 0 1 1 0 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 1 1 0 1 0 8 0 dma64 64 7 0 7 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 41 0 1 1 0 1 1 0 8 0 uaddrrnd 24 1696 0 1668 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1696 0 1668 1 0 1 1 0 8 0 vmmpekpl 168 13629 0 13582 3 0 3 3 0 8 0 vmmpepl 168 111265 0 109367 103 9 94 103 0 357 4 vmsppl 352 1695 0 1668 4 1 3 4 0 8 0 rwobjpl 24 37812 0 31940 36 0 36 36 0 8 0 pdppl 4096 3398 0 3336 112 46 66 82 0 8 4 pvpl 32 786058 0 773610 163 34 129 163 0 265 3 pmappl 216 1695 0 1668 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 457 0 126 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace sys_msgrcv(ffff80002dfde538,ffff80003761b250,ffff80003761b1a0) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80002dfde538,ffff80003761b250,ffff80003761b1a0) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff80003761b250) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3b743d63540, count: -3 ddb> machine ddbcpu 1 No such command ddb> trace sys_msgrcv(ffff80002dfde538,ffff80003761b250,ffff80003761b1a0) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80002dfde538,ffff80003761b250,ffff80003761b1a0) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff80003761b250) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3b743d63540, count: -3