kernel: protection fault trap, code=0 Stopped at sys_msgrcv+0x2df: movq 0x10(%r13),%rdi ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace sys_msgrcv(ffff800021306010,ffff8000247843d8,ffff800024784420) at sys_msgrcv+0x2df msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff800021306010,ffff8000247843d8,ffff800024784420) at sys_msgrcv+0x2df sys/kern/sysv_msg.c:349 syscall(ffff8000247844a0) at syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline] syscall(ffff8000247844a0) at syscall+0x435 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3a46a0ce540, count: -3 ddb{1}> show registers rdi 0xc8 rsi 0x20001388 rbp 0xffff8000247843c0 rbx 0xc8 rdx 0 rcx 0 rax 0xffff800021306010 r8 0x7f7fffffc000 r9 0xfffffd807f7d72d8 r10 0x14b9265f3d5cde4b r11 0x2b5936945e1d48f0 r12 0xfffffd8064668f28 r13 0xdeadbeefdeadbeef r14 0xffff800000c55200 r15 0xc2 rip 0xffffffff81f61e6f sys_msgrcv+0x2df cs 0x8 rflags 0x10206 __ALIGN_SIZE+0xf206 rsp 0xffff800024784330 ss 0x10 sys_msgrcv+0x2df: movq 0x10(%r13),%rdi ddb{1}> show proc PROC (syz-executor.7) pid=254898 stat=onproc flags process=10 proc=4000000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800021306a90,0xffff800021306fe0 process=0xffff8000ffff14e0 user=0xffff80002477f000, vmspace=0xfffffd807effc5c0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 29042 87141 35796 0 2 0 syz-executor.4 39146 285755 48201 0 2 0 syz-executor.6 57161 98255 77088 0 2 0 syz-executor.3 62882 283466 49464 0 2 0 syz-executor.5 62882 244286 49464 0 2 0x4000000 syz-executor.5 82518 400414 70605 60928 2 0x10 syz-executor.7 82518 435474 70605 60928 7 0x4000010 syz-executor.7 *82518 254898 70605 60928 7 0x4000010 syz-executor.7 82518 3562 70605 60928 3 0x4000090 fsleep syz-executor.7 85511 447783 32841 0 3 0x80 nanoslp syz-executor.0 85511 85303 32841 0 3 0x4000080 fsleep syz-executor.0 85511 481228 32841 0 2 0x4000000 syz-executor.0 70605 221415 80487 0 3 0x82 nanoslp syz-executor.7 40681 315165 80487 0 2 0x2 syz-executor.2 32841 411050 80487 0 3 0x82 nanoslp syz-executor.0 77088 15322 80487 0 3 0x82 nanoslp syz-executor.3 12418 392187 0 0 3 0x14200 bored sosplice 35796 72840 80487 0 2 0x2 syz-executor.4 48201 470526 80487 0 3 0x82 nanoslp syz-executor.6 49464 523974 80487 0 3 0x82 nanoslp syz-executor.5 45125 215478 80487 0 3 0x2 biowait syz-executor.1 80487 463745 54672 0 3 0x82 wait syz-fuzzer 80487 142899 54672 0 3 0x4000082 nanoslp syz-fuzzer 80487 239254 54672 0 3 0x4000082 thrsleep syz-fuzzer 80487 118385 54672 0 3 0x4000082 wait syz-fuzzer 80487 389375 54672 0 3 0x4000082 thrsleep syz-fuzzer 80487 435875 54672 0 3 0x4000082 wait syz-fuzzer 80487 239052 54672 0 3 0x4000082 wait syz-fuzzer 80487 74164 54672 0 3 0x4000082 wait syz-fuzzer 80487 83627 54672 0 3 0x4000082 thrsleep syz-fuzzer 80487 24025 54672 0 3 0x4000082 thrsleep syz-fuzzer 80487 438431 54672 0 3 0x4000082 kqread syz-fuzzer 80487 159779 54672 0 3 0x4000082 wait syz-fuzzer 80487 183228 54672 0 3 0x4000082 thrsleep syz-fuzzer 80487 374064 54672 0 3 0x4000082 wait syz-fuzzer 80487 491134 54672 0 3 0x4000082 thrsleep syz-fuzzer 80487 218211 54672 0 3 0x4000082 wait syz-fuzzer 54672 494933 12489 0 3 0x10008a sigsusp ksh 12489 95215 65579 0 3 0x9a kqread sshd 2823 118830 1 0 3 0x100083 ttyin getty 65579 163125 1 0 3 0x88 kqread sshd 20303 322791 53367 74 3 0x1100092 bpf pflogd 53367 193056 1 0 3 0x80 netio pflogd 92094 381915 65827 73 3 0x1100090 kqread syslogd 65827 244338 1 0 3 0x100082 netio syslogd 2576 251413 1 0 3 0x100080 kqread resolvd 43324 7610 79024 77 3 0x100092 kqread dhcpleased 15120 290441 79024 77 3 0x100092 kqread dhcpleased 79024 55508 1 0 3 0x80 kqread dhcpleased 80341 285085 0 0 3 0x14200 bored smr 54228 419226 0 0 2 0x14200 zerothread 86591 35481 0 0 3 0x14200 aiodoned aiodoned 25973 294653 0 0 3 0x14200 syncer update 49107 240973 0 0 3 0x14200 cleaner cleaner 57699 386678 0 0 3 0x14200 reaper reaper 9099 338206 0 0 3 0x14200 pgdaemon pagedaemon 11487 384147 0 0 3 0x14200 bored viomb 4196 68408 0 0 3 0x40014200 acpi0 acpi0 68730 338886 0 0 3 0x40014200 idle1 38777 227745 0 0 3 0x14200 bored softnet 87390 33486 0 0 3 0x14200 bored softnet 49112 99591 0 0 3 0x14200 bored softnet 20503 92743 0 0 3 0x14200 bored softnet 4792 95452 0 0 3 0x14200 bored systqmp 12467 433703 0 0 3 0x14200 bored systq 58205 55692 0 0 3 0x40014200 bored softclock 97383 453431 0 0 3 0x40014200 idle0 1 260930 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 82518 (syz-executor.7) thread 0xffff800021306a90 (435474) exclusive rwlock amaplk r = 0 (0xfffffd8067b132f0) #0 witness_lock+0x44d #1 uvm_fault_check+0x422 sys/uvm/uvm_fault.c:783 #2 uvm_fault+0xf2 sys/uvm/uvm_fault.c:601 #3 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 #4 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403 #5 recall_trap+0x8 shared rwlock vmmaplk r = 0 (0xfffffd807effc5d8) #0 witness_lock+0x44d #1 uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1772 #2 uvm_fault_check+0x3a sys/uvm/uvm_fault.c:673 #3 uvm_fault+0xf2 sys/uvm/uvm_fault.c:601 #4 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 #5 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403 #6 recall_trap+0x8 Process 82518 (syz-executor.7) thread 0xffff800021306010 (254898) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82a617d0) #0 witness_lock+0x44d #1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227 #2 mi_switch+0x3bb sys/kern/sched_bsd.c:415 #3 sleep_finish+0x180 sys/kern/kern_synch.c:417 #4 rw_enter+0x35a sys/kern/kern_rwlock.c:286 #5 uvm_fault_check+0x422 sys/uvm/uvm_fault.c:783 #6 uvm_fault+0xf2 sys/uvm/uvm_fault.c:601 #7 kpageflttrap+0x209 #8 kerntrap+0xef sys/arch/amd64/amd64/trap.c:318 #9 alltraps_kern_meltdown+0x7b #10 copyout+0x53 #11 syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline] #11 syscall+0x435 sys/arch/amd64/amd64/trap.c:585 #12 Xsyscall+0x128 Process 45125 (syz-executor.1) thread 0xffff8000212962a8 (215478) exclusive rrwlock inode r = 0 (0xfffffd806a0962b8) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518 #4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140 #5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1353 #6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394 #7 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1150 #8 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:388 #9 domkdirat+0x121 sys/kern/vfs_syscalls.c:3112 #10 syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline] #10 syscall+0x435 sys/arch/amd64/amd64/trap.c:585 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806a096e68) #0 witness_lock+0x44d #1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:564 #5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:412 #6 namei+0x36a sys/kern/vfs_lookup.c:244 #7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3097 #8 syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline] #8 syscall+0x435 sys/arch/amd64/amd64/trap.c:585 #9 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10197 6613K 6739K 78643K 12617 0 pcb 13 12K 14K 78643K 148 0 rtable 160 8K 9K 78643K 554 0 ifaddr 79 17K 18K 78643K 154 0 sysctl 2 0K 0K 78643K 2 0 counters 50 34K 35K 78643K 72 0 ioctlops 0 0K 4K 78643K 1675 0 iov 0 0K 16K 78643K 77 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1275 80K 80K 78643K 1595 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 15 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 100 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 16 57K 85K 78643K 1090 0 sigio 0 0K 0K 78643K 12 0 proc 70 91K 115K 78643K 674 0 subproc 104 6K 6K 78643K 156 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 31 0 in_multi 63 4K 6K 78643K 170 0 ether_multi 1 0K 0K 78643K 4 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 55 254K 254K 78643K 55 0 exec 0 0K 2K 78643K 824 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 294 215K 215K 78643K 8332 0 UVM aobj 31 6K 6K 78643K 31 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 90 0 NDP 10 0K 2K 78643K 46 0 temp 97 4724K 4795K 78643K 14276 0 kqueue 12 18K 26K 78643K 113 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 178 0 175 3 2 1 2 0 8 0 rtentry 112 171 0 103 4 0 4 4 0 8 0 unpcb 144 690 0 675 9 8 1 6 0 8 0 syncache 296 8 0 8 2 2 0 1 0 8 0 tcpqe 32 58 0 58 1 1 0 1 0 8 0 tcpcb 768 271 0 266 13 11 2 8 0 8 1 arp 120 26 0 14 1 0 1 1 0 8 0 inpcb 368 869 0 862 24 22 2 7 0 8 1 nd6 48 39 0 24 1 0 1 1 0 8 0 kcovpl 48 12 0 4 1 0 1 1 0 8 0 ppxss 1256 2 0 2 1 1 0 1 0 8 0 pppxif 1704 2 0 2 1 1 0 1 0 8 0 pfstscr 40 101 0 100 2 1 1 1 0 8 0 pfosfp 40 1436 0 1011 5 0 5 5 0 8 0 pfosfpen 112 1436 0 720 21 0 21 21 0 8 0 pfrktable 1344 3 0 1 1 0 1 1 0 8 0 pfanchor 1280 1 0 0 1 0 1 1 0 8 0 pfstitem 24 115 0 107 1 0 1 1 0 8 0 pfstkey 120 183 0 175 1 0 1 1 0 8 0 pfstate 336 149 0 141 3 0 3 3 0 8 0 pfrule 1360 25 0 17 2 1 1 2 0 8 0 art_heap8 4096 2 0 1 2 1 1 2 0 8 0 art_heap4 256 775 0 493 31 10 21 29 0 8 0 art_table 32 777 0 494 4 0 4 4 0 8 0 art_node 16 170 0 111 1 0 1 1 0 8 0 sysvmsgpl 40 2 0 2 1 0 1 1 0 8 1 semapl 112 98 0 88 1 0 1 1 0 8 0 shmpl 112 28 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2710 0 1268 91 0 91 91 0 8 0 ffsino 272 2710 0 1268 97 0 97 97 0 8 0 nchpl 144 4264 0 2622 63 0 63 63 0 8 0 uvmvnodes 80 3012 0 0 62 0 62 62 0 8 0 vnodes 216 3012 0 0 168 0 168 168 0 8 0 namei 1024 15462 0 15461 3 2 1 2 0 8 0 percpumem 16 48 0 11 1 0 1 1 0 8 0 vcpupl 2048 8 0 0 1 0 1 1 0 8 0 vmpool 568 8 0 0 1 0 1 1 0 8 0 pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0 kstatmem 264 38 0 18 2 0 2 2 0 8 0 scxspl 216 12610 0 12609 9 8 1 8 0 8 0 plimitpl 152 122 0 106 1 0 1 1 0 8 0 sigapl 424 1391 0 1344 7 1 6 6 0 8 0 futexpl 64 8138 0 8136 1 0 1 1 0 8 0 knotepl 120 385 0 0 12 1 11 11 0 8 0 kqueuepl 216 137 0 129 1 0 1 1 0 8 0 pipepl 320 214 0 186 3 0 3 3 0 8 0 fdescpl 496 1373 0 1344 7 3 4 5 0 8 0 filepl 152 7552 0 7312 23 11 12 16 0 8 1 lockfpl 104 325 0 323 2 1 1 2 0 8 0 lockfspl 48 90 0 88 1 0 1 1 0 8 0 sessionpl 144 28 0 11 1 0 1 1 0 8 0 pgrppl 48 28 0 11 1 0 1 1 0 8 0 ucredpl 104 601 0 587 1 0 1 1 0 8 0 zombiepl 144 1344 0 1344 1 0 1 1 0 8 1 processpl 1064 1391 0 1344 4 0 4 4 0 8 0 procpl 672 3441 0 3373 11 4 7 8 0 8 0 srpgc 96 10 0 10 3 3 0 1 0 8 0 sosppl 168 13 0 13 2 2 0 1 0 8 0 sockpl 488 1737 0 1712 39 35 4 20 0 8 0 mcl64k 65536 7 0 0 1 0 1 1 0 8 0 mcl16k 16384 8 0 0 1 0 1 1 0 8 0 mcl12k 12288 10 0 0 1 0 1 1 0 8 0 mcl9k 9216 11 0 0 1 0 1 1 0 8 0 mcl8k 8192 12 0 0 2 0 2 2 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 482 0 0 60 0 60 60 0 8 0 mtagpl 96 91 0 0 3 0 3 3 0 8 0 mbufpl 256 513 0 0 32 0 32 32 0 8 0 bufpl 288 5324 0 139 371 0 371 371 0 8 0 anonpl 24 249274 0 231573 118 7 111 112 0 186 1 amapchunkpl 152 22333 0 21569 38 5 33 35 0 158 0 amappl16 200 2728 0 2205 30 1 29 30 0 8 0 amappl15 192 403 0 390 2 1 1 2 0 8 0 amappl14 184 194 0 189 1 0 1 1 0 8 0 amappl13 176 301 0 296 1 0 1 1 0 8 0 amappl12 168 168 0 162 1 0 1 1 0 8 0 amappl11 160 44 0 30 1 0 1 1 0 8 0 amappl10 152 44 0 40 1 0 1 1 0 8 0 amappl9 144 1083 0 1072 1 0 1 1 0 8 0 amappl8 136 813 0 753 3 0 3 3 0 8 0 amappl7 128 246 0 226 1 0 1 1 0 8 0 amappl6 120 395 0 371 2 1 1 2 0 8 0 amappl5 112 769 0 757 1 0 1 1 0 8 0 amappl4 104 1056 0 1026 2 1 1 2 0 8 0 amappl3 96 3800 0 3745 2 0 2 2 0 8 0 amappl2 88 1701 0 1630 3 1 2 3 0 8 0 amappl1 80 35168 0 34430 23 5 18 23 0 8 0 amappl 88 7755 0 7568 6 1 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 30 0 0 1 0 1 1 0 8 0 uaddrrnd 24 1381 0 1344 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1381 0 1344 1 0 1 1 0 8 0 vmmpekpl 168 16495 0 16431 4 0 4 4 0 8 0 vmmpepl 168 139200 0 136485 174 43 131 153 0 357 2 vmsppl 368 1380 0 1344 5 1 4 4 0 8 0 rwobjpl 56 38225 0 33483 68 0 68 68 0 8 0 pdppl 4096 2769 0 2696 172 95 77 79 0 8 4 pvpl 32 610369 0 587134 267 65 202 266 0 265 7 pmappl 248 1380 0 1344 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 908 0 135 23 0 23 23 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff82952ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __mp_lock(ffffffff82a615c8) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82a615c8) at __mp_lock+0x122 sys/kern/kern_lock.c:147 intr_handler(ffff80002b03e620,ffff80000004bd00) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532 Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f Xspllower() at Xspllower+0x19 uvm_pmr_getpages(1,0,0,1,0,1,514aebd84ff0fe55,fffffd807c9aa390) at uvm_pmr_getpages+0xde1 uvm_pagealloc(0,0,fffffd807c9aa390,2) at uvm_pagealloc+0x1a4 sys/uvm/uvm_page.c:910 uvm_fault_lower(ffff80002b03eac0,ffff80002b03eaf8,ffff80002b03ea40,0) at uvm_fault_lower+0x1aa uvm_fault(fffffd807effc5c0,3a463cb1000,0,2) at uvm_fault+0x238 upageflttrap(ffff80002b03ec30,3a463cb1000) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff80002b03ec30) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x3a4eed2d570, count: -14 ddb{0}> machine ddbcpu 1 Stopped at sys_msgrcv+0x2df: movq 0x10(%r13),%rdi ddb{1}> trace sys_msgrcv(ffff800021306010,ffff8000247843d8,ffff800024784420) at sys_msgrcv+0x2df msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff800021306010,ffff8000247843d8,ffff800024784420) at sys_msgrcv+0x2df sys/kern/sysv_msg.c:349 syscall(ffff8000247844a0) at syscall+0x435 mi_syscall sys/sys/syscall_mi.h:101 [inline] syscall(ffff8000247844a0) at syscall+0x435 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3a46a0ce540, count: -3