Z~‰RÃÜ}’¬kernel: protection fault trap, code=0 Stopped at sys_msgrcv+0x3f2: movq 0x10(%r13),%rdi ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace sys_msgrcv(ffff80002a7f3210,ffff800039939bb0,ffff800039939b00) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80002a7f3210,ffff800039939bb0,ffff800039939b00) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff800039939bb0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800039939bb0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8ba142b7c00, count: -3 ddb> show registers rdi 0 rsi 0x200000001208 rbp 0xffff800039939ad0 rbx 0 rdx 0xffff800001471180 rcx 0 rax 0xa r8 0x7f7fffffc000 r9 0 r10 0xcdbd40ca9420d2d4 r11 0x3fe31f9d0b11748f r12 0xfffffd806c619f28 r13 0xdeafbeaddeafbead r14 0xffff8000015c1c00 r15 0xa rip 0xffffffff81714a62 sys_msgrcv+0x3f2 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff800039939a30 ss 0x10 sys_msgrcv+0x3f2: movq 0x10(%r13),%rdi ddb> show proc PROC (syz-executor) tid=507744 pid=6435 tcnt=5 stat=onproc flags process=0 proc=4000000 runpri=36, usrpri=50, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a7f3c50,0xffff80002a7f27e0 process=0xffff800035d184a0 user=0xffff800039934000, vmspace=0xfffffd806cd75880 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 1702 346079 87667 0 2 0 syz-executor 1702 422031 87667 0 3 0x4000080 fsleep syz-executor 57225 517890 24367 0 2 0x82000 syz-executor 57225 433652 24367 0 3 0x4002000 suspend syz-executor 92000 130834 32087 0 2 0 syz-executor 92000 128679 32087 0 3 0x4000080 sbwait syz-executor 44700 333475 27170 0 2 0 syz-executor 44700 41894 27170 0 3 0x4000080 kqread syz-executor 6435 43187 55130 0 2 0 syz-executor * 6435 507744 55130 0 7 0x4000000 syz-executor 6435 170867 55130 0 3 0x4000080 fsleep syz-executor 6435 396919 55130 0 2 0x4000000 syz-executor 6435 514393 55130 0 2 0x4000000 syz-executor 23016 332909 64140 60928 3 0x10 vmmaplk syz-executor 23016 392788 64140 60928 3 0x4000090 msgwait syz-executor 23016 73189 64140 60928 3 0x4000090 fsleep syz-executor 23016 313115 64140 60928 2 0x4000010 syz-executor 86673 70427 0 0 3 0x14200 acct acct 43618 70154 0 0 3 0x14200 bored sosplice 87667 45107 5165 0 3 0x82 nanoslp syz-executor 55130 48186 5165 0 3 0x82 nanoslp syz-executor 32087 217459 5165 0 3 0x82 nanoslp syz-executor 52809 493411 5165 0 2 0x2 syz-executor 27170 127787 5165 0 3 0x82 nanoslp syz-executor 64140 341330 5165 0 3 0x82 nanoslp syz-executor 70146 262508 5165 0 3 0x82 nanoslp syz-executor 24367 319657 5165 0 3 0x82 nanoslp syz-executor 5165 99276 16590 0 3 0x82 kqread syz-executor 16590 53192 82924 0 3 0x10008a sigsusp ksh 82924 504584 38705 0 3 0x98 kqread sshd-session 38705 4320 19164 0 3 0x92 kqread sshd-session 64856 12553 1 0 3 0x100083 ttyin getty 19164 29037 1 0 3 0x88 kqread sshd 88768 275667 43486 73 3 0x1100090 kqread syslogd 43486 354179 1 0 3 0x100082 sbwait syslogd 88946 266277 1 0 3 0x100080 kqread resolvd 97739 235519 87604 77 3 0x100092 kqread dhcpleased 44111 360852 87604 77 3 0x100092 kqread dhcpleased 87604 238658 1 0 3 0x80 kqread dhcpleased 99768 100575 0 0 3 0x14200 bored smr 63329 125801 0 0 2 0x14200 zerothread 25257 484961 0 0 3 0x14200 aiodoned aiodoned 47531 361020 0 0 3 0x14200 syncer update 388 28280 0 0 3 0x14200 cleaner cleaner 35923 144991 0 0 3 0x14200 reaper reaper 33843 167429 0 0 3 0x14200 pgdaemon pagedaemon 21351 207233 0 0 3 0x14200 bored viomb 45802 445509 0 0 3 0x40014200 acpi0 acpi0 4390 451138 0 0 3 0x14200 bored softnet3 69013 357756 0 0 3 0x14200 bored softnet2 74086 487883 0 0 3 0x14200 bored softnet1 89185 101831 0 0 3 0x14200 bored softnet0 36223 374203 0 0 3 0x14200 bored systqmp 50931 323918 0 0 3 0x14200 bored systq 33940 388037 0 0 3 0x40014200 tmoslp softclock 36381 301718 0 0 3 0x40014200 idle0 1 38598 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10174 11058K 12150K 166960K 11811 0 pcb 17 12K 12K 166960K 44 0 rtable 243 8K 8K 166960K 361 0 pf 31 13K 13K 166960K 48 0 ifaddr 42 7K 7K 166960K 52 0 ifgroup 50 2K 2K 166960K 62 0 sysctl 3 1K 9K 166960K 8 0 counters 32 17K 18K 166960K 42 0 ioctlops 0 0K 4K 166960K 82 0 iov 1 4K 20K 166960K 14 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1502 94K 95K 166960K 1637 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 6 0 VM map 2 1K 1K 166960K 2 0 sem 9 0K 0K 166960K 9 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 93K 166960K 295 0 sigio 0 0K 0K 166960K 2 0 proc 61 67K 91K 166960K 518 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 1 0K 0K 166960K 11 0 in_multi 101 7K 7K 166960K 103 0 ether_multi 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 61 281K 281K 166960K 61 0 exec 0 0K 1K 166960K 357 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 227 151K 158K 166960K 4343 0 UVM aobj 14 2K 2K 166960K 15 0 pinsyscall 39 78K 94K 166960K 1327 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 12 0 NDP 11 0K 2K 166960K 33 0 temp 39 8666K 8730K 166960K 12218 0 kqueue 14 22K 31K 166960K 68 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 46 0 43 1 0 1 1 0 8 0 rtentry 136 111 0 1 4 0 4 4 0 8 0 unpcb 144 263 0 240 1 0 1 1 0 8 0 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 736 47 0 42 1 0 1 1 0 8 0 arp 88 18 0 0 1 0 1 1 0 8 0 inpcb 328 188 0 179 2 0 2 2 0 8 1 ip6q 72 1 0 1 1 1 0 1 0 8 0 ip6af 40 2 0 2 1 1 0 1 0 8 0 nd6 104 24 0 0 1 0 1 1 0 8 0 pkpcb 40 1 0 1 1 0 1 1 0 8 1 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1072 10 0 10 1 0 1 1 0 8 1 pfosfp 40 1 0 0 1 0 1 1 0 8 0 pfosfpen 112 1 0 0 1 0 1 1 0 8 0 pfrule 1344 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 453 0 0 29 0 29 29 0 8 0 art_table 40 454 0 0 5 0 5 5 0 8 0 art_node 32 111 0 11 1 0 1 1 0 8 0 sysvmsgpl 40 2 0 2 1 0 1 1 0 8 1 semapl 112 7 0 0 1 0 1 1 0 8 0 shmpl 112 12 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1844 0 340 95 0 95 95 0 8 0 ffsino 248 1844 0 340 95 0 95 95 0 8 0 nchpl 144 2253 0 571 63 0 63 63 0 8 0 rtmask 32 4 0 4 1 0 1 1 0 8 1 uvmvnodes 80 2150 0 0 44 0 44 44 0 8 0 vnodes 216 2150 0 0 120 0 120 120 0 8 0 namei 1024 7156 0 7156 3 2 1 2 0 8 1 kstatmem 264 34 0 12 2 0 2 2 0 8 0 scsiplug 72 1 0 1 1 0 1 1 0 8 1 scxspl 216 7188 0 7188 6 2 4 4 1 8 4 plimitpl 152 48 0 32 1 0 1 1 0 8 0 sigapl 424 577 0 529 6 0 6 6 0 8 0 knotepl 120 9519 0 9469 9 0 9 9 0 8 6 kqueuepl 184 89 0 78 1 0 1 1 0 8 0 pipepl 296 173 0 146 8 0 8 8 0 8 5 fdescpl 440 559 0 529 5 1 4 5 0 8 0 filepl 120 2675 0 2454 16 1 15 16 0 8 7 lockfpl 104 68 0 66 1 0 1 1 0 8 0 lockfspl 48 33 0 31 1 0 1 1 0 8 0 sessionpl 144 21 0 13 1 0 1 1 0 8 0 pgrppl 48 30 0 14 1 0 1 1 0 8 0 ucredpl 104 225 0 212 1 0 1 1 0 8 0 zombiepl 144 649 0 646 1 0 1 1 0 8 0 processpl 1160 577 0 529 4 0 4 4 0 8 0 procpl 656 880 0 818 6 0 6 6 0 8 0 sosppl 168 3 0 3 1 0 1 1 0 8 1 sockpl 528 499 0 464 3 0 3 3 0 8 0 mcl64k 65536 10 0 10 1 0 1 1 0 8 1 mcl12k 12288 2 0 2 1 0 1 1 0 8 1 mcl9k 9216 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 8 0 8 2 1 1 1 0 8 1 mcl4k 4096 2655 0 2603 15 7 8 15 0 8 1 mcl2k 2048 388 0 384 2 1 1 1 0 8 0 mtagpl 96 9 0 5 1 0 1 1 0 8 0 mbufpl 256 5757 0 5552 15 1 14 14 0 8 0 bufpl 280 2695 0 117 185 0 185 185 0 8 0 anonpl 24 75335 0 72171 32 0 32 32 0 187 8 amapchunkpl 152 12293 0 11818 23 0 23 23 0 158 3 amappl16 200 554 0 525 5 1 4 4 0 8 2 amappl15 192 4 0 4 1 1 0 1 0 8 0 amappl14 184 100 0 90 1 0 1 1 0 8 0 amappl13 176 2 0 2 1 1 0 1 0 8 0 amappl12 168 1166 0 1137 2 0 2 2 0 8 0 amappl11 160 42 0 32 1 0 1 1 0 8 0 amappl10 152 4 0 4 1 1 0 1 0 8 0 amappl9 144 253 0 253 1 1 0 1 0 8 0 amappl8 136 29 0 26 1 0 1 1 0 8 0 amappl7 128 92 0 82 1 0 1 1 0 8 0 amappl6 120 166 0 163 1 0 1 1 0 8 0 amappl5 112 109 0 103 1 0 1 1 0 8 0 amappl4 104 284 0 265 1 0 1 1 0 8 0 amappl3 96 2263 0 2157 4 0 4 4 0 8 0 amappl2 88 597 0 544 2 0 2 2 0 8 0 amappl1 80 8584 0 8027 14 1 13 14 0 8 1 amappl 88 3674 0 3512 5 0 5 5 0 92 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 14 0 1 1 0 1 1 0 8 0 uaddrrnd 24 559 0 529 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 559 0 529 1 0 1 1 0 8 0 vmmpekpl 168 6349 0 6319 3 0 3 3 0 8 0 vmmpepl 168 39808 0 37929 86 1 85 85 0 357 1 vmsppl 360 558 0 529 4 1 3 4 0 8 0 rwobjpl 32 14444 0 11431 25 0 25 25 0 8 0 pdppl 4096 1124 0 1058 94 28 66 80 0 8 0 pvpl 32 233920 0 225221 95 1 94 94 0 265 14 pmappl 216 558 0 529 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 265 0 43 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace sys_msgrcv(ffff80002a7f3210,ffff800039939bb0,ffff800039939b00) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80002a7f3210,ffff800039939bb0,ffff800039939b00) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff800039939bb0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800039939bb0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8ba142b7c00, count: -3 ddb> machine ddbcpu 1 No such command ddb> trace sys_msgrcv(ffff80002a7f3210,ffff800039939bb0,ffff800039939b00) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff80002a7f3210,ffff800039939bb0,ffff800039939b00) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff800039939bb0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff800039939bb0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:748 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8ba142b7c00, count: -3