kernel: protection fault trap, code=0 Stopped at ktrops+0x4e: movq 0x8(%rbx),%r14 ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace ktrops(ffff80002a1ddaa8,dead4110dead4110,0,80000c08,fffffd806b625570,fffffd807f7d7478) at ktrops+0x4e ktrcanset sys/kern/kern_ktrace.c:718 [inline] ktrops(ffff80002a1ddaa8,dead4110dead4110,0,80000c08,fffffd806b625570,fffffd807f7d7478) at ktrops+0x4e sys/kern/kern_ktrace.c:561 doktrace(fffffd806b625570,4,c08,0,ffff80002a1ddaa8) at doktrace+0x524 ktrsetchildren sys/kern/kern_ktrace.c:586 [inline] doktrace(fffffd806b625570,4,c08,0,ffff80002a1ddaa8) at doktrace+0x524 sys/kern/kern_ktrace.c:508 sys_ktrace(ffff80002a1ddaa8,ffff800032726bd0,ffff800032726b20) at sys_ktrace+0xd6 sys/kern/kern_ktrace.c:549 syscall(ffff800032726bd0) at syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline] syscall(ffff800032726bd0) at syscall+0x533 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9e88eb7d610, count: -5 ddb{0}> show registers rdi 0xffff800033741000 rsi 0x1f69 __ALIGN_SIZE+0xf69 rbp 0xffff8000327268f0 rbx 0xdead4110dead4110 rdx 0xffff800033741000 rcx 0x1f68 __ALIGN_SIZE+0xf68 rax 0xffffffff81257d83 ktrops+0x43 r8 0xfffffd806b625570 r9 0xfffffd807f7d7478 r10 0x60025f33f951ec58 r11 0x337d6057e75984d2 r12 0xdead4110dead4110 r13 0xfffffd807f7d7478 r14 0xffff80002a1ddaa8 r15 0x80000c08 __kernel_virt_to_phys+0xc08 rip 0xffffffff81257d8e ktrops+0x4e cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800032726870 ss 0 ktrops+0x4e: movq 0x8(%rbx),%r14 ddb{0}> show proc PROC (syz-executor.7) tid=339352 pid=20097 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=17, usrpri=82, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a1de548,0xffff80002a1de008 process=0xffff8000ffff11d8 user=0xffff800032721000, vmspace=0xfffffd80735c5a98 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 2191 242034 71041 0 2 0 syz-executor.0 20097 178751 37392 0 2 0 syz-executor.7 *20097 339352 37392 0 7 0x4000000 syz-executor.7 7329 282759 28089 0 2 0x480 syz-executor.5 7329 405776 28089 0 3 0x4000080 fsleep syz-executor.5 36065 56861 80268 0 2 0 syz-executor.3 36065 314891 80268 0 3 0x4000080 fsleep syz-executor.3 56885 117091 24682 0 2 0x2 syz-executor.6 37392 366018 24682 0 3 0x82 nanoslp syz-executor.7 28089 211336 24682 0 2 0x482 syz-executor.5 98838 475371 24682 0 2 0x2 syz-executor.4 26298 117409 24682 0 7 0x2 syz-executor.2 80268 166300 24682 0 2 0x482 syz-executor.3 3637 233508 24682 0 2 0x482 syz-executor.1 71041 457080 24682 0 3 0x82 nanoslp syz-executor.0 24682 148500 81502 0 3 0x2000082 wait syz-fuzzer 24682 14599 81502 0 2 0x6000482 syz-fuzzer 24682 18556 81502 0 3 0x6000082 wait syz-fuzzer 24682 25409 81502 0 3 0x6000082 thrsleep syz-fuzzer 24682 254089 81502 0 3 0x6000082 wait syz-fuzzer 24682 295899 81502 0 3 0x6000082 wait syz-fuzzer 24682 480993 81502 0 3 0x6000082 wait syz-fuzzer 24682 520903 81502 0 3 0x6000082 thrsleep syz-fuzzer 24682 140892 81502 0 3 0x6000082 thrsleep syz-fuzzer 24682 462165 81502 0 3 0x6000082 wait syz-fuzzer 24682 395173 81502 0 3 0x6000082 thrsleep syz-fuzzer 24682 338265 81502 0 3 0x6000082 wait syz-fuzzer 24682 299845 81502 0 3 0x6000082 thrsleep syz-fuzzer 24682 297339 81502 0 3 0x6000082 kqread syz-fuzzer 24682 65378 81502 0 3 0x6000082 wait syz-fuzzer 24682 15740 81502 0 3 0x6000082 thrsleep syz-fuzzer 81502 6037 81395 0 3 0x10008a sigsusp ksh 81395 209893 58392 0 3 0x9a kqread sshd 12284 480492 1 0 3 0x100083 ttyin getty 58392 402438 1 0 3 0x88 kqread sshd 33857 357802 51051 74 3 0x1100092 bpf pflogd 51051 485874 1 0 3 0x80 netio pflogd 37200 138889 82883 73 3 0x1100090 kqread syslogd 82883 340842 1 0 3 0x100082 netio syslogd 78369 471482 1 0 3 0x100080 kqread resolvd 28971 349102 90737 77 3 0x100092 kqread dhcpleased 57040 22574 90737 77 3 0x100092 kqread dhcpleased 90737 78097 1 0 3 0x80 kqread dhcpleased 93043 345620 0 0 3 0x14200 bored smr 61773 297458 0 0 2 0x14200 zerothread 53939 354072 0 0 3 0x14200 aiodoned aiodoned 80576 141345 0 0 2 0x14600 update 28011 76678 0 0 3 0x14200 cleaner cleaner 16490 118242 0 0 3 0x14200 reaper reaper 20976 135279 0 0 3 0x14200 pgdaemon pagedaemon 65808 235818 0 0 3 0x14200 bored viomb 85730 505698 0 0 3 0x40014200 acpi0 acpi0 13789 420904 0 0 3 0x40014200 idle1 44066 435926 0 0 3 0x14200 bored softnet3 79151 203681 0 0 3 0x14200 bored softnet2 87546 30843 0 0 3 0x14200 bored softnet1 22346 226976 0 0 3 0x14200 bored softnet0 41414 16852 0 0 3 0x14200 bored systqmp 60463 76290 0 0 3 0x14200 bored systq 8092 425601 0 0 3 0x14200 tmoslp softclockmp 66538 233557 0 0 3 0x40014200 tmoslp softclock 25424 128459 0 0 3 0x40014200 idle0 1 248149 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 20097 (syz-executor.7) thread 0xffff80002a1ddaa8 (339352) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82d8f570) #0 witness_lock+0x447 #1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227 #2 mi_switch+0x46f sys/kern/sched_bsd.c:470 #3 sleep_finish+0x19b sys/kern/kern_synch.c:414 #4 biowait+0x91 sys/kern/vfs_bio.c:1254 #5 bwrite+0x21c sys/kern/vfs_bio.c:766 #6 ffs_update+0x28b sys/ufs/ffs/ffs_inode.c:111 #7 ffs_truncate+0xa40 #8 ufs_inactive+0x157 sys/ufs/ufs/ufs_inode.c:84 #9 VOP_INACTIVE+0xc5 sys/kern/vfs_vops.c:489 #10 vrele+0xd3 sys/kern/vfs_subr.c:827 #11 ktrsettrace+0xb7 sys/kern/kern_ktrace.c:122 #12 ktrops+0x1a8 sys/kern/kern_ktrace.c:564 #13 doktrace+0x524 ktrsetchildren sys/kern/kern_ktrace.c:586 [inline] #13 doktrace+0x524 sys/kern/kern_ktrace.c:508 #14 sys_ktrace+0xd6 sys/kern/kern_ktrace.c:549 #15 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline] #15 syscall+0x533 sys/arch/amd64/amd64/trap.c:577 #16 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10241 6513K 6961K 166960K 34891 0 pcb 15 15K 17K 166960K 820 0 rtable 234 6K 6K 166960K 356 0 pf 32 9K 10K 166960K 43 0 ifaddr 45 15K 15K 166960K 47 0 ifgroup 55 2K 2K 166960K 55 0 counters 64 36K 36K 166960K 64 0 ioctlops 0 0K 4K 166960K 7304 0 iov 0 0K 8K 166960K 1364 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1476 92K 92K 166960K 18856 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 211 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 2244 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 14 49K 89K 166960K 51486 0 proc 68 91K 140K 166960K 527 0 subproc 104 6K 6K 166960K 104 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 99 7K 7K 166960K 99 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 373 1659K 1659K 166960K 373 0 exec 0 0K 1K 166960K 4128 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 325 84K 85K 166960K 451076 0 UVM aobj 131 4K 4K 166960K 131 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 12 0K 2K 166960K 28 0 temp 73 6768K 6896K 166960K 220346 0 kqueue 12 18K 25K 166960K 4658 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 37 0 34 1 0 1 1 0 8 0 rtentry 112 111 0 1 4 0 4 4 0 8 0 unpcb 144 40113 0 40098 157 151 6 10 0 8 5 syncache 320 4 0 4 1 1 0 1 0 8 0 sackhl 24 2 0 2 2 2 0 1 0 8 0 tcpqe 32 95 0 95 1 1 0 1 0 8 0 tcpcb 808 1994 0 1989 36 35 1 8 0 8 0 arp 120 18 0 0 1 0 1 1 0 8 0 inpcb 376 5070 0 5062 126 124 2 14 0 8 1 nd6 136 24 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 29 0 27 1 0 1 1 0 8 0 pfstkey 128 29 0 27 1 0 1 1 0 8 0 pfstate 376 29 0 27 3 2 1 3 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 453 0 0 29 0 29 29 0 8 0 art_table 32 454 0 0 4 0 4 4 0 8 0 art_node 16 110 0 10 1 0 1 1 0 8 0 semapl 112 2242 0 2232 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 60721 0 59095 102 0 102 102 0 8 0 ffsino 272 60721 0 59095 109 0 109 109 0 8 0 nchpl 144 130806 0 129112 64 0 64 64 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 352356 0 352356 2 1 1 2 0 8 1 percpumem 16 46 0 0 1 0 1 1 0 8 0 kstatmem 264 24 0 0 2 0 2 2 0 8 0 scxspl 216 328712 0 328712 10 9 1 8 1 8 1 plimitpl 152 106 0 90 1 0 1 1 0 8 0 sigapl 424 51814 0 51767 8 2 6 7 0 8 0 futexpl 64 280332 0 280330 1 0 1 1 0 8 0 knotepl 120 133 0 0 4 0 4 4 0 8 0 kqueuepl 216 12876 0 12868 123 122 1 9 0 8 0 pipepl 320 6137 0 6109 112 104 8 8 0 8 5 fdescpl 496 51796 0 51769 5 0 5 5 0 8 0 filepl 152 220355 0 220111 251 234 17 20 0 8 7 lockfpl 104 6152 0 6150 5 4 1 2 0 8 0 lockfspl 48 2367 0 2365 1 0 1 1 0 8 0 sessionpl 144 24 0 7 1 0 1 1 0 8 0 pgrppl 48 1107 0 1090 1 0 1 1 0 8 0 ucredpl 104 28143 0 28131 1 0 1 1 0 8 0 zombiepl 144 51769 0 51767 1 0 1 1 0 8 0 processpl 1136 51814 0 51767 4 0 4 4 0 8 0 procpl 680 116304 0 116239 40 33 7 8 0 8 1 sockpl 584 45220 0 45194 314 304 10 20 0 8 8 mcl64k 65536 23 0 0 3 1 2 3 0 8 0 mcl16k 16384 22 0 0 3 0 3 3 0 8 0 mcl12k 12288 33 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 60 0 0 5 3 2 3 0 8 0 mcl4k 4096 41 0 0 5 2 3 3 0 8 0 mcl2k2 2112 23 0 0 2 0 2 2 0 8 0 mcl2k 2048 374 0 0 38 15 23 38 0 8 0 mtagpl 96 1 0 0 1 0 1 1 0 8 0 mbufpl 256 1333 0 0 19 3 16 19 0 8 0 bufpl 280 58602 0 52282 452 0 452 452 0 8 0 anonpl 24 3588309 0 3579940 70 16 54 57 0 186 0 amapchunkpl 152 1415869 0 1415152 154 120 34 36 0 158 4 amappl16 200 54163 0 53964 15 4 11 12 0 8 0 amappl15 192 8 0 8 1 1 0 1 0 8 0 amappl14 184 156 0 143 2 1 1 2 0 8 0 amappl13 176 17 0 16 1 0 1 1 0 8 0 amappl12 168 52507 0 52476 4 2 2 3 0 8 0 amappl11 160 58 0 44 1 0 1 1 0 8 0 amappl10 152 21 0 13 2 1 1 1 0 8 0 amappl9 144 190 0 189 2 1 1 1 0 8 0 amappl8 136 755 0 649 4 0 4 4 0 8 0 amappl7 128 192 0 169 2 0 2 2 0 8 0 amappl6 120 280 0 274 1 0 1 1 0 8 0 amappl5 112 247 0 236 1 0 1 1 0 8 0 amappl4 104 733 0 701 2 0 2 2 0 8 0 amappl3 96 285748 0 285667 5 2 3 4 0 8 0 amappl2 88 54588 0 54514 3 1 2 3 0 8 0 amappl1 80 179679 0 179134 24 11 13 23 0 8 0 amappl 88 450487 0 450295 15 9 6 6 0 92 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 51796 0 51769 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 51796 0 51769 1 0 1 1 0 8 0 vmmpekpl 168 280489 0 280446 3 0 3 3 0 8 0 vmmpepl 168 2737028 0 2734981 256 157 99 118 0 357 2 vmsppl 448 51795 0 51769 6 2 4 5 0 8 0 rwobjpl 56 567021 0 559668 107 2 105 105 0 8 0 pdppl 4096 103599 0 103538 1267 1198 69 81 0 8 8 pvpl 32 45588 0 0 369 1 368 368 0 265 0 pmappl 248 51795 0 51769 3 1 2 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1985 0 1599 12 0 12 12 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace ktrops(ffff80002a1ddaa8,dead4110dead4110,0,80000c08,fffffd806b625570,fffffd807f7d7478) at ktrops+0x4e ktrcanset sys/kern/kern_ktrace.c:718 [inline] ktrops(ffff80002a1ddaa8,dead4110dead4110,0,80000c08,fffffd806b625570,fffffd807f7d7478) at ktrops+0x4e sys/kern/kern_ktrace.c:561 doktrace(fffffd806b625570,4,c08,0,ffff80002a1ddaa8) at doktrace+0x524 ktrsetchildren sys/kern/kern_ktrace.c:586 [inline] doktrace(fffffd806b625570,4,c08,0,ffff80002a1ddaa8) at doktrace+0x524 sys/kern/kern_ktrace.c:508 sys_ktrace(ffff80002a1ddaa8,ffff800032726bd0,ffff800032726b20) at sys_ktrace+0xd6 sys/kern/kern_ktrace.c:549 syscall(ffff800032726bd0) at syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline] syscall(ffff800032726bd0) at syscall+0x533 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9e88eb7d610, count: -5 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800029cebff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82d8f368) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82d8f368) at __mp_lock+0x122 sys/kern/kern_lock.c:147 syscall(ffff80002f0c4720) at syscall+0x51a mi_syscall sys/sys/syscall_mi.h:183 [inline] syscall(ffff80002f0c4720) at syscall+0x51a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x78eadd2faa20, count: -6