kernel: protection fault trap, code=0 Stopped at sys_msgrcv+0x3f2: movq 0x10(%r13),%rdi ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace sys_msgrcv(ffff800033d174b0,ffff8000381238a0,ffff8000381237f0) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff800033d174b0,ffff8000381238a0,ffff8000381237f0) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff8000381238a0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff8000381238a0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xeb7943fef30, count: -3 ddb> show registers rdi 0 rsi 0x200000001208 rbp 0xffff8000381237c0 rbx 0 rdx 0xffff80000143c8c0 rcx 0 rax 0xa r8 0x7f7fffffc000 r9 0 r10 0x8bbb1a427f3cec3f r11 0xda6e51ab5d5fb9ef r12 0xfffffd80680f7eb0 r13 0xdeaf4152deaf4152 r14 0xffff80000148e600 r15 0xa rip 0xffffffff82779432 sys_msgrcv+0x3f2 cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff800038123720 ss 0x10 sys_msgrcv+0x3f2: movq 0x10(%r13),%rdi ddb> show proc PROC (syz-executor) tid=177963 pid=65826 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=66, usrpri=66, slppri=22, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800033d16550,0xffff80002ccf99d8 process=0xffff80002ccf7b08 user=0xffff80003811e000, vmspace=0xfffffd807d60cb50 estcpu=16, cpticks=0, pctcpu=0.1, user=1, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 81189 6677 74169 0 2 0 syz-executor 81189 185146 74169 0 3 0x4000080 fsleep syz-executor 96075 171086 1699 0 2 0 syz-executor 96075 109335 1699 0 3 0x4000080 fsleep syz-executor 96075 152944 1699 0 3 0x4000080 fsleep syz-executor 96075 477809 1699 0 3 0x4000080 fsleep syz-executor 94674 370798 87089 0 2 0 syz-executor 94674 162318 87089 0 3 0x4000080 fsleep syz-executor 94674 484584 87089 0 3 0x4000080 fsleep syz-executor 36967 313131 22382 0 2 0 syz-executor 36967 371249 22382 0 3 0x4000080 fsleep syz-executor 68640 155699 76735 0 3 0x80 nanoslp syz-executor 68640 120548 76735 0 3 0x4000080 fifow syz-executor 68640 521890 76735 0 3 0x4000080 fsleep syz-executor 68640 1904 76735 0 3 0x4000080 fsleep syz-executor 68640 124758 76735 0 3 0x4000080 fsleep syz-executor 65826 501949 67412 0 2 0 syz-executor *65826 177963 67412 0 7 0x4000000 syz-executor 65826 361866 67412 0 3 0x4000080 fsleep syz-executor 65826 381675 67412 0 3 0x4000080 fsleep syz-executor 25778 272380 9899 0 2 0 syz-executor 25778 59914 9899 0 3 0x4000080 fsleep syz-executor 25778 179099 9899 0 3 0x4000080 fsleep syz-executor 25778 360961 9899 0 3 0x4000080 fsleep syz-executor 50502 296047 0 0 3 0x14280 nfsidl nfsio 3554 365437 0 0 3 0x14280 nfsidl nfsio 59926 462541 0 0 3 0x14280 nfsidl nfsio 37845 180226 0 0 3 0x14280 nfsidl nfsio 4862 388133 0 0 3 0x14280 nfsidl nfsio 42426 72108 0 0 3 0x14280 nfsidl nfsio 71590 37825 0 0 3 0x14280 nfsidl nfsio 15052 276556 0 0 3 0x14280 nfsidl nfsio 17300 448302 0 0 3 0x14280 nfsidl nfsio 19343 446834 0 0 3 0x14280 nfsidl nfsio 17976 88861 0 0 3 0x14280 nfsidl nfsio 14077 472112 0 0 3 0x14280 nfsidl nfsio 8023 485432 0 0 3 0x14280 nfsidl nfsio 33854 357762 0 0 3 0x14280 nfsidl nfsio 37959 451603 0 0 3 0x14280 nfsidl nfsio 32012 324882 0 0 3 0x14280 nfsidl nfsio 70209 214749 0 0 3 0x14280 nfsidl nfsio 64235 126317 0 0 3 0x14280 nfsidl nfsio 5535 209222 0 0 3 0x14280 nfsidl nfsio 52660 51606 0 0 3 0x14280 nfsidl nfsio 13247 486780 0 0 3 0x14200 bored sosplice 22382 202309 59193 0 3 0x82 nanoslp syz-executor 76735 54934 59193 0 3 0x82 nanoslp syz-executor 87089 407182 59193 0 3 0x82 nanoslp syz-executor 74169 156336 59193 0 3 0x82 nanoslp syz-executor 67412 370942 59193 0 3 0x82 nanoslp syz-executor 9899 79871 59193 0 3 0x82 nanoslp syz-executor 275 111407 59193 0 3 0x82 nanoslp syz-executor 1699 8901 59193 0 3 0x82 nanoslp syz-executor 59193 168738 24854 0 3 0x82 kqread syz-executor 24854 225548 86596 0 3 0x10008a sigsusp ksh 86596 145111 146 0 3 0x98 kqread sshd-session 146 294475 35421 0 3 0x92 kqread sshd-session 71724 138844 1 0 3 0x100083 ttyin getty 35421 32711 1 0 3 0x88 kqread sshd 17604 338155 63647 73 3 0x1100090 kqread syslogd 63647 268556 1 0 3 0x100082 sbwait syslogd 84763 244325 1 0 3 0x100080 kqread resolvd 48483 236228 83686 77 3 0x100092 kqread dhcpleased 82804 197512 83686 77 3 0x100092 kqread dhcpleased 83686 105208 1 0 3 0x80 kqread dhcpleased 82019 406461 0 0 3 0x14200 bored smr 46799 398390 0 0 2 0x14200 zerothread 10694 129577 0 0 3 0x14200 aiodoned aiodoned 3897 305725 0 0 3 0x14200 syncer update 56945 426260 0 0 3 0x14200 cleaner cleaner 53657 84216 0 0 3 0x14200 reaper reaper 46252 231115 0 0 3 0x14200 pgdaemon pagedaemon 912 450997 0 0 3 0x14200 bored viomb 20565 72212 0 0 3 0x40014200 acpi0 acpi0 55534 181226 0 0 3 0x14200 bored softnet3 29135 7984 0 0 3 0x14200 bored softnet2 13665 271164 0 0 3 0x14200 bored softnet1 63077 390636 0 0 3 0x14200 bored softnet0 57762 329950 0 0 3 0x14200 bored systqmp 83625 155950 0 0 3 0x14200 bored systq 86964 240752 0 0 3 0x40014200 tmoslp softclock 99527 251815 0 0 3 0x40014200 idle0 1 189261 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10186 11184K 11695K 166960K 12106 0 pcb 21 13K 14K 166960K 111 0 rtable 201 7K 8K 166960K 403 0 pf 30 13K 15K 166960K 54 0 ifaddr 37 6K 7K 166960K 56 0 ifgroup 46 2K 2K 166960K 73 0 sysctl 2 1K 9K 166960K 7 0 counters 31 17K 18K 166960K 45 0 ioctlops 0 0K 4K 166960K 75 0 iov 0 0K 24K 166960K 26 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1402 88K 88K 166960K 1780 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 7 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 23 0 dirhash 12 2K 2K 166960K 18 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 93K 166960K 465 0 sigio 0 0K 0K 166960K 7 0 proc 60 59K 91K 166960K 515 0 subproc 72 4K 4K 166960K 72 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 97 0 in_multi 85 6K 7K 166960K 108 0 ether_multi 1 0K 0K 166960K 4 0 mrt 0 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 85 387K 387K 166960K 85 0 exec 0 0K 1K 166960K 445 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 254 151K 165K 166960K 5710 0 UVM aobj 16 2K 2K 166960K 17 0 pinsyscall 39 78K 95K 166960K 1492 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 24 0 NDP 10 0K 2K 166960K 34 0 temp 51 8681K 8757K 166960K 15899 0 kqueue 13 20K 30K 166960K 84 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 56 0 52 1 0 1 1 0 8 0 rtentry 136 126 0 36 4 0 4 4 0 8 0 unpcb 144 201 0 181 1 0 1 1 0 8 0 syncache 336 4 0 4 2 2 0 1 0 8 0 tcpqe 32 2 0 2 1 1 0 1 0 8 0 tcpcb 736 87 0 82 1 0 1 1 0 8 0 arp 88 22 0 5 1 0 1 1 0 8 0 ipq 40 3 0 0 1 0 1 1 0 8 0 ipqe 40 4 0 1 1 0 1 1 0 8 0 inpcb 328 459 0 444 16 14 2 10 0 8 0 ip6q 72 1 0 0 1 0 1 1 0 8 0 ip6af 40 2 0 1 1 0 1 1 0 8 0 nd6 104 26 0 4 1 0 1 1 0 8 0 pkpcb 40 3 0 3 2 2 0 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 ppxss 1072 10 0 10 2 1 1 1 0 8 1 pppxif 1384 2 0 2 1 0 1 1 0 8 1 pfrktable 1344 1 0 1 1 1 0 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 2 0 0 1 0 1 1 0 8 0 pfstate 384 1 0 0 1 0 1 1 0 8 0 pfrule 1344 2 0 1 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 531 0 150 31 4 27 31 0 8 0 art_table 32 532 0 150 4 0 4 4 0 8 0 art_node 16 125 0 44 1 0 1 1 0 8 0 sysvmsgpl 40 19 0 17 1 0 1 1 0 8 0 semapl 112 18 0 8 1 0 1 1 0 8 0 shmpl 112 14 0 1 1 0 1 1 0 8 0 dirhash 1024 21 0 4 3 0 3 3 0 8 0 dino2pl 256 2240 0 743 95 0 95 95 0 8 0 ffsino 248 2240 0 743 95 0 95 95 0 8 0 nchpl 144 2908 0 1224 63 0 63 63 0 8 0 rtmask 32 1 0 1 1 1 0 1 0 8 0 uvmvnodes 80 2569 0 0 53 0 53 53 0 8 0 vnodes 216 2569 0 0 143 0 143 143 0 8 0 namei 1024 9426 0 9426 5 2 3 3 0 8 3 kstatmem 264 36 0 16 2 0 2 2 0 8 0 scsiplug 72 4 0 4 1 1 0 1 0 8 0 scxspl 216 8901 0 8901 10 9 1 8 1 8 1 plimitpl 152 82 0 65 1 0 1 1 0 8 0 sigapl 424 764 0 697 8 0 8 8 0 8 0 knotepl 120 29281 0 29234 25 23 2 17 0 8 0 kqueuepl 184 255 0 243 4 3 1 4 0 8 0 pipepl 296 227 0 199 5 2 3 5 0 8 0 fdescpl 440 727 0 697 5 1 4 5 0 8 0 filepl 120 4534 0 4294 15 7 8 12 0 8 0 lockfpl 104 147 0 140 1 0 1 1 0 8 0 lockfspl 48 70 0 63 1 0 1 1 0 8 0 sessionpl 144 22 0 14 1 0 1 1 0 8 0 pgrppl 48 35 0 19 1 0 1 1 0 8 0 ucredpl 104 603 0 592 1 0 1 1 0 8 0 zombiepl 144 706 0 705 1 0 1 1 0 8 0 processpl 1160 764 0 697 5 0 5 5 0 8 0 procpl 656 1253 0 1169 8 0 8 8 0 8 0 sosppl 168 2 0 2 2 2 0 1 0 8 0 sockpl 528 729 0 689 13 10 3 9 0 8 0 mcl64k 65536 14 0 13 1 0 1 1 0 8 0 mcl16k 16384 6 0 6 2 2 0 1 0 8 0 mcl8k 8192 5 0 5 2 2 0 1 0 8 0 mcl4k 4096 2866 0 2816 14 7 7 13 0 8 0 mcl2k 2048 648 0 644 6 4 2 5 0 8 0 mtagpl 96 59 0 7 2 0 2 2 0 8 0 mbufpl 256 7851 0 7662 18 0 18 18 0 8 0 bufpl 280 3923 0 119 272 0 272 272 0 8 0 anonpl 24 136371 0 132824 57 32 25 46 0 187 0 amapchunkpl 152 18267 0 17687 37 14 23 28 0 158 0 amappl16 200 2537 0 2501 18 16 2 15 0 8 0 amappl15 192 41 0 41 1 1 0 1 0 8 0 amappl14 184 103 0 93 1 0 1 1 0 8 0 amappl13 176 7 0 7 1 1 0 1 0 8 0 amappl12 168 1339 0 1309 3 1 2 3 0 8 0 amappl11 160 49 0 39 1 0 1 1 0 8 0 amappl10 152 40 0 40 1 1 0 1 0 8 0 amappl9 144 286 0 286 1 1 0 1 0 8 0 amappl8 136 24 0 22 1 0 1 1 0 8 0 amappl7 128 100 0 89 1 0 1 1 0 8 0 amappl6 120 173 0 169 1 0 1 1 0 8 0 amappl5 112 116 0 110 1 0 1 1 0 8 0 amappl4 104 309 0 293 1 0 1 1 0 8 0 amappl3 96 3403 0 3276 4 0 4 4 0 8 0 amappl2 88 627 0 572 2 0 2 2 0 8 0 amappl1 80 9366 0 8809 15 2 13 14 0 8 0 amappl 88 5008 0 4817 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 16 0 1 1 0 1 1 0 8 0 uaddrrnd 24 727 0 697 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 727 0 697 1 0 1 1 0 8 0 vmmpekpl 168 7519 0 7479 3 0 3 3 0 8 0 vmmpepl 168 51817 0 49875 95 10 85 94 0 357 0 vmsppl 360 726 0 697 4 1 3 4 0 8 0 rwobjpl 32 18604 0 15118 30 1 29 29 0 8 0 pdppl 4096 1461 0 1394 105 38 67 81 0 8 0 pvpl 32 340425 0 330141 133 48 85 113 0 265 0 pmappl 216 726 0 697 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 289 0 63 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace sys_msgrcv(ffff800033d174b0,ffff8000381238a0,ffff8000381237f0) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff800033d174b0,ffff8000381238a0,ffff8000381237f0) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff8000381238a0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff8000381238a0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xeb7943fef30, count: -3 ddb> machine ddbcpu 1 No such command ddb> trace sys_msgrcv(ffff800033d174b0,ffff8000381238a0,ffff8000381237f0) at sys_msgrcv+0x3f2 msg_copyout sys/kern/sysv_msg.c:639 [inline] sys_msgrcv(ffff800033d174b0,ffff8000381238a0,ffff8000381237f0) at sys_msgrcv+0x3f2 sys/kern/sysv_msg.c:349 syscall(ffff8000381238a0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff8000381238a0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xeb7943fef30, count: -3