kernel: protection fault trap, code=0 Stopped at ktrops+0x4e: movq 0x8(%rbx),%r14 ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace ktrops(ffff80002a211aa0,deaf4152deaf4152,0,80000203,fffffd80762cda80,fffffd807f7d7410) at ktrops+0x4e ktrcanset sys/kern/kern_ktrace.c:718 [inline] ktrops(ffff80002a211aa0,deaf4152deaf4152,0,80000203,fffffd80762cda80,fffffd807f7d7410) at ktrops+0x4e sys/kern/kern_ktrace.c:561 doktrace(fffffd80762cda80,4,203,0,ffff80002a211aa0) at doktrace+0x524 ktrsetchildren sys/kern/kern_ktrace.c:586 [inline] doktrace(fffffd80762cda80,4,203,0,ffff80002a211aa0) at doktrace+0x524 sys/kern/kern_ktrace.c:508 sys_ktrace(ffff80002a211aa0,ffff80002d6a67a0,ffff80002d6a66f0) at sys_ktrace+0xd6 sys/kern/kern_ktrace.c:549 syscall(ffff80002d6a67a0) at syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline] syscall(ffff80002d6a67a0) at syscall+0x533 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7be9b2ce620, count: -5 ddb{1}> show registers rdi 0xffff80002a211aa0 rsi 0xdeaf4152deaf4152 rbp 0xffff80002d6a64c0 rbx 0xdeaf4152deaf4152 rdx 0 rcx 0xffff80002a211aa0 rax 0xffff800029cebff0 r8 0xfffffd80762cda80 r9 0xfffffd807f7d7410 r10 0x34907a2e04b3ea42 r11 0xc7023431bc1d28f8 r12 0xdeaf4152deaf4152 r13 0xfffffd807f7d7410 r14 0xffff80002a211aa0 r15 0x80000203 __kernel_virt_to_phys+0x203 rip 0xffffffff81f84cfe ktrops+0x4e cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002d6a6440 ss 0x10 ktrops+0x4e: movq 0x8(%rbx),%r14 ddb{1}> show proc PROC (syz-executor.6) tid=185245 pid=86900 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=17, usrpri=82, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a211d48,0xffff80002a212550 process=0xffff8000373b8d78 user=0xffff80002d6a1000, vmspace=0xfffffd8068ff4720 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 87699 121550 49137 0 2 0 syz-executor.2 86900 129380 78539 0 2 0 syz-executor.6 *86900 185245 78539 0 7 0x4000000 syz-executor.6 16256 285345 73820 0 3 0x80 nanoslp syz-executor.7 16256 196991 73820 0 3 0x4000080 kqread syz-executor.7 16256 486540 73820 0 3 0x4000080 fsleep syz-executor.7 98114 398965 19444 0 3 0x82 nanoslp syz-executor.5 46145 278280 19444 0 2 0x2 syz-executor.4 99881 27522 0 0 3 0x14280 nfsidl nfsio 53622 478197 0 0 3 0x14280 nfsidl nfsio 40100 84336 0 0 3 0x14280 nfsidl nfsio 42072 285471 0 0 3 0x14280 nfsidl nfsio 18320 231002 0 0 3 0x14280 nfsidl nfsio 98285 456402 0 0 3 0x14280 nfsidl nfsio 17651 501147 0 0 3 0x14280 nfsidl nfsio 41440 411 0 0 3 0x14280 nfsidl nfsio 98271 471242 0 0 3 0x14280 nfsidl nfsio 19590 404412 0 0 3 0x14280 nfsidl nfsio 63145 252932 0 0 3 0x14280 nfsidl nfsio 83715 292746 0 0 3 0x14280 nfsidl nfsio 73557 440073 0 0 3 0x14280 nfsidl nfsio 9066 48242 0 0 3 0x14280 nfsidl nfsio 13665 308975 0 0 3 0x14280 nfsidl nfsio 50900 130673 0 0 3 0x14280 nfsidl nfsio 20695 169612 0 0 3 0x14280 nfsidl nfsio 98103 357876 0 0 3 0x14280 nfsidl nfsio 9575 413068 0 0 3 0x14280 nfsidl nfsio 82642 256009 0 0 3 0x14280 nfsidl nfsio 69529 63291 0 0 3 0x14200 acct acct 78539 128600 19444 0 3 0x82 nanoslp syz-executor.6 73820 274949 19444 0 3 0x82 nanoslp syz-executor.7 49137 97284 19444 0 3 0x82 nanoslp syz-executor.2 7497 26348 19444 0 3 0x2 biowait syz-executor.3 64347 178552 19444 0 3 0x82 nanoslp syz-executor.1 65710 177760 19444 0 2 0x2 syz-executor.0 19444 357409 73938 0 3 0x2000082 wait syz-fuzzer 19444 41647 73938 0 3 0x6000082 nanoslp syz-fuzzer 19444 471934 73938 0 3 0x6000082 wait syz-fuzzer 19444 131181 73938 0 3 0x6000082 thrsleep syz-fuzzer 19444 520876 73938 0 3 0x6000082 thrsleep syz-fuzzer 19444 88669 73938 0 3 0x6000082 thrsleep syz-fuzzer 19444 187251 73938 0 3 0x6000082 wait syz-fuzzer 19444 411032 73938 0 3 0x6000082 wait syz-fuzzer 19444 188111 73938 0 3 0x6000082 wait syz-fuzzer 19444 213805 73938 0 3 0x6000082 wait syz-fuzzer 19444 220407 73938 0 3 0x6000082 thrsleep syz-fuzzer 19444 66431 73938 0 3 0x6000082 wait syz-fuzzer 19444 393150 73938 0 3 0x6000082 thrsleep syz-fuzzer 19444 123807 73938 0 3 0x6000082 wait syz-fuzzer 19444 115469 73938 0 7 0x6000002 syz-fuzzer 19444 221319 73938 0 2 0x6000002 syz-fuzzer 73938 269020 27384 0 3 0x10008a sigsusp ksh 27384 37398 77256 0 3 0x9a kqread sshd 95103 155838 1 0 3 0x100083 ttyin getty 77256 273978 1 0 3 0x88 kqread sshd 75641 447465 61376 74 3 0x1100092 bpf pflogd 61376 486296 1 0 3 0x80 netio pflogd 26118 326510 47543 73 3 0x1100090 kqread syslogd 47543 287775 1 0 3 0x100082 netio syslogd 59266 39782 1 0 3 0x100080 kqread resolvd 12628 263397 53655 77 3 0x100092 kqread dhcpleased 85307 498313 53655 77 3 0x100092 kqread dhcpleased 53655 73213 1 0 3 0x80 kqread dhcpleased 91022 424436 0 0 3 0x14200 bored smr 90595 264478 0 0 2 0x14200 zerothread 60823 489344 0 0 3 0x14200 aiodoned aiodoned 55186 216732 0 0 3 0x14200 syncer update 34115 293220 0 0 3 0x14200 cleaner cleaner 74280 294656 0 0 3 0x14200 reaper reaper 15290 457577 0 0 3 0x14200 pgdaemon pagedaemon 73026 315552 0 0 3 0x14200 bored viomb 51575 331522 0 0 3 0x40014200 acpi0 acpi0 42103 39066 0 0 3 0x40014200 idle1 86053 479559 0 0 3 0x14200 bored softnet3 61146 399875 0 0 3 0x14200 bored softnet2 18292 263163 0 0 3 0x14200 bored softnet1 19695 115662 0 0 3 0x14200 bored softnet0 81207 107912 0 0 3 0x14200 bored systqmp 83616 406361 0 0 3 0x14200 bored systq 3661 423849 0 0 3 0x14200 tmoslp softclockmp 10224 428142 0 0 3 0x40014200 tmoslp softclock 97237 421859 0 0 3 0x40014200 idle0 1 150594 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 86900 (syz-executor.6) thread 0xffff80002a211aa0 (185245) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82eadd50) #0 witness_lock+0x447 #1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227 #2 mi_switch+0x46f sys/kern/sched_bsd.c:470 #3 sleep_finish+0x19b sys/kern/kern_synch.c:414 #4 biowait+0x91 sys/kern/vfs_bio.c:1254 #5 bwrite+0x21c sys/kern/vfs_bio.c:766 #6 ffs_update+0x28b sys/ufs/ffs/ffs_inode.c:111 #7 ffs_truncate+0xa40 #8 ufs_inactive+0x157 sys/ufs/ufs/ufs_inode.c:84 #9 VOP_INACTIVE+0xc5 sys/kern/vfs_vops.c:489 #10 vrele+0xd3 sys/kern/vfs_subr.c:827 #11 ktrsettrace+0xb7 sys/kern/kern_ktrace.c:122 #12 ktrops+0x1a8 sys/kern/kern_ktrace.c:564 #13 doktrace+0x524 ktrsetchildren sys/kern/kern_ktrace.c:586 [inline] #13 doktrace+0x524 sys/kern/kern_ktrace.c:508 #14 sys_ktrace+0xd6 sys/kern/kern_ktrace.c:549 #15 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline] #15 syscall+0x533 sys/arch/amd64/amd64/trap.c:577 #16 Xsyscall+0x128 Process 7497 (syz-executor.3) thread 0xffff80002a21a560 (26348) exclusive rrwlock inode r = 0 (0xfffffd80668913d0) #0 witness_lock+0x447 #1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309 #2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518 #4 ufs_ihashins+0x46 sys/ufs/ufs/ufs_ihash.c:140 #5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1230 #6 ffs_inode_alloc+0x1c5 sys/ufs/ffs/ffs_alloc.c:393 #7 ufs_mkdir+0xfb sys/ufs/ufs/ufs_vnops.c:1127 #8 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388 #9 domkdirat+0x125 sys/kern/vfs_syscalls.c:3069 #10 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline] #10 syscall+0x533 sys/arch/amd64/amd64/trap.c:577 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd8075ca95e8) #0 witness_lock+0x447 #1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309 #2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464 #3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:564 #5 vfs_lookup+0xd5 sys/kern/vfs_lookup.c:418 #6 namei+0x55a sys/kern/vfs_lookup.c:250 #7 domkdirat+0x79 sys/kern/vfs_syscalls.c:3054 #8 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline] #8 syscall+0x533 sys/arch/amd64/amd64/trap.c:577 #9 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10215 6495K 6745K 166960K 27940 0 pcb 15 16K 18K 166960K 9612 0 rtable 234 6K 6K 166960K 416 0 pf 32 9K 10K 166960K 47 0 ifaddr 45 15K 15K 166960K 55 0 ifgroup 55 2K 2K 166960K 63 0 sysctl 2 0K 0K 166960K 2 0 counters 64 36K 36K 166960K 68 0 ioctlops 0 0K 4K 166960K 4533 0 iov 0 0K 12K 166960K 3058 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1538 96K 96K 166960K 16358 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 509 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 303 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 13 45K 93K 166960K 54821 0 sigio 0 0K 0K 166960K 747 0 proc 68 91K 115K 166960K 583 0 subproc 104 6K 6K 166960K 130 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 in_multi 99 7K 7K 166960K 121 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 217 970K 970K 166960K 217 0 exec 0 0K 1K 166960K 905 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 308 81K 83K 166960K 482054 0 UVM aobj 131 4K 4K 166960K 131 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 NDP 12 0K 2K 166960K 34 0 temp 74 6772K 6896K 166960K 251805 0 kqueue 12 18K 32K 166960K 9575 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 41 0 38 1 0 1 1 0 8 0 rtentry 112 133 0 23 4 0 4 4 0 8 0 unpcb 144 20468 0 20453 85 81 4 6 0 8 3 syncache 320 4 0 4 1 1 0 1 0 8 0 tcpqe 32 191 0 191 1 1 0 1 0 8 0 tcpcb 808 2363 0 2358 52 49 3 14 0 8 2 arp 120 22 0 4 1 0 1 1 0 8 0 inpcb 376 13999 0 13991 209 202 7 14 0 8 6 nd6 136 30 0 6 1 0 1 1 0 8 0 kcovpl 48 10 0 2 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 31 0 25 1 0 1 1 0 8 0 pfstkey 128 31 0 25 1 0 1 1 0 8 0 pfstate 376 31 0 25 3 2 1 3 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 541 0 88 29 0 29 29 0 8 0 art_table 32 542 0 88 4 0 4 4 0 8 0 art_node 16 132 0 32 1 0 1 1 0 8 0 sysvmsgpl 40 72 0 69 1 0 1 1 0 8 0 semapl 112 301 0 291 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 64182 0 62658 96 0 96 96 0 8 0 ffsino 272 64182 0 62658 102 0 102 102 0 8 0 nchpl 144 137348 0 135684 65 1 64 64 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 348301 0 348300 2 1 1 2 0 8 0 percpumem 16 48 0 2 1 0 1 1 0 8 0 kstatmem 264 28 0 4 2 0 2 2 0 8 0 scxspl 216 359884 0 359883 10 9 1 8 1 8 0 plimitpl 152 36 0 20 1 0 1 1 0 8 0 sigapl 424 55209 0 55142 9 1 8 8 0 8 0 futexpl 64 293654 0 293653 1 0 1 1 0 8 0 knotepl 120 344 0 0 7 1 6 6 0 8 0 kqueuepl 216 27644 0 27635 114 113 1 9 0 8 0 pipepl 320 1815 0 1787 54 51 3 8 0 8 0 fdescpl 496 55125 0 55099 6 2 4 5 0 8 0 filepl 152 198814 0 198572 199 186 13 20 0 8 3 lockfpl 104 7970 0 7968 10 9 1 2 0 8 0 lockfspl 48 2507 0 2505 1 0 1 1 0 8 0 sessionpl 144 26 0 9 1 0 1 1 0 8 0 pgrppl 48 5438 0 5421 1 0 1 1 0 8 0 ucredpl 104 4067 0 4055 1 0 1 1 0 8 0 zombiepl 144 55144 0 55142 1 0 1 1 0 8 0 processpl 1136 55209 0 55142 6 0 6 6 0 8 0 procpl 680 123794 0 123709 14 5 9 9 0 8 0 sockpl 584 34508 0 34482 189 182 7 12 0 8 5 mcl64k 65536 41 0 0 5 2 3 3 0 8 0 mcl16k 16384 17 0 0 3 0 3 3 0 8 0 mcl12k 12288 49 0 0 3 1 2 2 0 8 0 mcl9k 9216 41 0 0 2 0 2 2 0 8 0 mcl8k 8192 41 0 0 4 1 3 3 0 8 0 mcl4k 4096 34 0 0 3 0 3 3 0 8 0 mcl2k2 2112 19 0 0 2 0 2 2 0 8 0 mcl2k 2048 350 0 0 34 13 21 34 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 1037 0 0 18 0 18 18 0 8 0 bufpl 280 61469 0 55151 452 0 452 452 0 8 0 anonpl 24 3905659 0 3897505 136 80 56 100 0 186 0 amapchunkpl 152 1508143 0 1507458 109 76 33 35 0 158 2 amappl16 200 61216 0 61025 69 57 12 36 0 8 0 amappl15 192 77 0 76 1 0 1 1 0 8 0 amappl14 184 165 0 150 2 1 1 2 0 8 0 amappl13 176 16 0 15 1 0 1 1 0 8 0 amappl12 168 55855 0 55826 4 2 2 3 0 8 0 amappl11 160 66 0 51 1 0 1 1 0 8 0 amappl10 152 31 0 21 1 0 1 1 0 8 0 amappl9 144 323 0 322 2 1 1 1 0 8 0 amappl8 136 628 0 545 4 0 4 4 0 8 0 amappl7 128 245 0 217 2 0 2 2 0 8 0 amappl6 120 386 0 372 1 0 1 1 0 8 0 amappl5 112 330 0 319 1 0 1 1 0 8 0 amappl4 104 819 0 788 2 1 1 2 0 8 0 amappl3 96 304501 0 304423 3 0 3 3 0 8 0 amappl2 88 57615 0 57539 3 1 2 3 0 8 0 amappl1 80 189270 0 188724 24 12 12 23 0 8 0 amappl 88 479459 0 479266 7 1 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 55125 0 55099 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 55125 0 55099 1 0 1 1 0 8 0 vmmpekpl 168 263038 0 262969 5 1 4 4 0 8 0 vmmpepl 168 2922820 0 2920854 240 131 109 119 0 357 11 vmsppl 448 55124 0 55099 6 2 4 5 0 8 0 rwobjpl 56 604802 0 597475 114 9 105 111 0 8 0 pdppl 4096 110257 0 110198 1081 1012 69 83 0 8 10 pvpl 32 45352 0 0 367 1 366 366 0 265 0 pmappl 248 55124 0 55099 3 1 2 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1645 0 1269 12 0 12 12 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff82cb1ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 kd_curproc sys/dev/kcov.c:589 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 sys/dev/kcov.c:158 __mp_lock(ffffffff82eadb48) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82eadb48) at __mp_lock+0x133 sys/kern/kern_lock.c:147 intr_handler(ffff8000373829c0,ffff80000006bc00) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:539 Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f __mp_lock(ffffffff82eadb48) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82eadb48) at __mp_lock+0x122 sys/kern/kern_lock.c:147 syscall(ffff800037382b90) at syscall+0x20e mi_syscall sys/sys/syscall_mi.h:154 [inline] syscall(ffff800037382b90) at syscall+0x20e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x247052c40, count: -10 ddb{0}> machine ddbcpu 1 Stopped at ktrops+0x4e: movq 0x8(%rbx),%r14 ddb{1}> trace ktrops(ffff80002a211aa0,deaf4152deaf4152,0,80000203,fffffd80762cda80,fffffd807f7d7410) at ktrops+0x4e ktrcanset sys/kern/kern_ktrace.c:718 [inline] ktrops(ffff80002a211aa0,deaf4152deaf4152,0,80000203,fffffd80762cda80,fffffd807f7d7410) at ktrops+0x4e sys/kern/kern_ktrace.c:561 doktrace(fffffd80762cda80,4,203,0,ffff80002a211aa0) at doktrace+0x524 ktrsetchildren sys/kern/kern_ktrace.c:586 [inline] doktrace(fffffd80762cda80,4,203,0,ffff80002a211aa0) at doktrace+0x524 sys/kern/kern_ktrace.c:508 sys_ktrace(ffff80002a211aa0,ffff80002d6a67a0,ffff80002d6a66f0) at sys_ktrace+0xd6 sys/kern/kern_ktrace.c:549 syscall(ffff80002d6a67a0) at syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline] syscall(ffff80002d6a67a0) at syscall+0x533 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7be9b2ce620, count: -5