kernel: protection fault trap, code=0 Stopped at done_flush+0x38: movl %eax,%dr6 ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace end trace frame: 0x0, count: -1 ddb{1}> show registers rdi 0x6c14 __ALIGN_SIZE+0x5c14 rsi 0xffff80003c428d98 rbp 0 rbx 0x756e6547 rdx 0x49656e69 rcx 0x6c65746e rax 0x100000001 r8 0 r9 0x10000 __ALIGN_SIZE+0xf000 r10 0 r11 0 r12 0 r13 0 r14 0 r15 0 rip 0xffffffff81f1820b done_flush+0x38 cs 0x8 rflags 0x10046 __ALIGN_SIZE+0xf046 rsp 0xffff80003c434d48 ss 0x10 done_flush+0x38: movl %eax,%dr6 ddb{1}> show proc PROC (syz-executor) tid=496038 pid=1684 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003a3b8fb0,0xffffffff83a379f8 process=0xffff80003a3c3040 user=0xffff80003c430000, vmspace=0xfffffd806ea393e0 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 1684 52060 92581 0 7 0 syz-executor * 1684 496038 92581 0 7 0x4000000 syz-executor 81524 473793 44216 0 2 0 syz-executor 81524 400356 44216 0 2 0x4000000 syz-executor 55458 394312 1298 0 2 0x1000000 syz-executor 55458 510706 1298 0 3 0x5000000 vmmaplk syz-executor 55458 208475 1298 0 2 0x5000000 syz-executor 77753 154365 11171 0 2 0 syz-executor 77753 385107 11171 0 2 0x4000000 syz-executor 72661 284049 59901 0 2 0 syz-executor 72661 221945 59901 0 3 0x4000080 fsleep syz-executor 72661 40770 59901 0 3 0x4000080 fsleep syz-executor 72661 264884 59901 0 3 0x4000080 ttyout syz-executor 44539 371980 32020 0 2 0 syz-executor 44539 320568 32020 0 3 0x4000080 kqread syz-executor 44539 366257 32020 0 3 0x4000080 fsleep syz-executor 70051 34897 74658 0 3 0x3000 suspend syz-executor 70051 119569 74658 0 2 0x4081000 syz-executor 70051 109159 74658 0 3 0x4081000 inode syz-executor 70051 425287 74658 0 3 0x4081000 inode syz-executor 55274 125531 0 0 3 0x14200 acct acct 9656 18843 1 0 3 0x100083 ttyopn getty 92581 110646 70451 0 3 0x82 nanoslp syz-executor 32020 366785 70451 0 3 0x82 nanoslp syz-executor 11171 507764 70451 0 2 0xc82 syz-executor 44216 214850 70451 0 3 0x82 nanoslp syz-executor 59901 384160 70451 0 3 0x82 nanoslp syz-executor 74658 362871 70451 0 3 0x82 nanoslp syz-executor 1298 507057 70451 0 2 0xc82 syz-executor 34265 308844 70451 0 3 0x82 wait syz-executor 70451 335125 47046 0 3 0x82 kqread syz-executor 47046 182222 11599 0 3 0x10008a sigsusp ksh 11599 224518 44289 0 3 0x98 kqread sshd-session 44289 56246 71170 0 3 0x92 kqread sshd-session 71170 84658 1 0 3 0x88 kqread sshd 49783 111078 64302 74 3 0x1100092 bpf pflogd 64302 415801 1 0 3 0x80 sbwait pflogd 40848 385489 93268 73 3 0x1100090 kqread syslogd 93268 338671 1 0 3 0x100082 sbwait syslogd 8008 66233 1 0 3 0x100080 kqread resolvd 21475 128637 72450 77 3 0x100092 kqread dhcpleased 212 49644 72450 77 3 0x100092 kqread dhcpleased 72450 293089 1 0 3 0x80 kqread dhcpleased 17867 468972 0 0 3 0x14200 bored smr 88945 7720 0 0 2 0x14200 zerothread 31922 316924 0 0 3 0x14200 aiodoned aiodoned 94520 71940 0 0 3 0x14200 syncer update 60139 483699 0 0 3 0x14200 cleaner cleaner 47013 250100 0 0 3 0x14200 reaper reaper 99238 495661 0 0 3 0x14200 pgdaemon pagedaemon 81973 403305 0 0 3 0x14200 bored viomb 92900 307049 0 0 3 0x40014200 acpi0 acpi0 46576 227099 0 0 3 0x40014200 idle1 81033 283905 0 0 3 0x14200 bored softnet1 5685 437785 0 0 3 0x14200 bored softnet0 76292 281678 0 0 3 0x14200 bored systqmp 97743 51148 0 0 3 0x14200 bored systq 19763 110364 0 0 3 0x14200 tmoslp softclockmp 49917 41940 0 0 3 0x40014200 tmoslp softclock 2959 317765 0 0 3 0x40014200 idle0 1 101200 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 1684 (syz-executor) thread 0xffff80003a3b9a10 (496038) exclusive rwlock vcpu r = 0 (0xffff80003c428af0) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 vm_run+0xa2 sys/arch/amd64/amd64/vmm_machdep.c:-1 #3 vmmioctl+0x337 sys/dev/vmm/vmm.c:254 #4 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264 #5 vn_ioctl+0xf8 sys/kern/vfs_vnops.c:531 #6 sys_ioctl+0x674 sys/kern/sys_generic.c:-1 #7 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #7 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #8 Xsyscall+0x128 Process 81524 (syz-executor) thread 0xffff80003a3b87e8 (400356) exclusive rwlock vmmaplk r = 0 (0xfffffd806c8ca4e8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_read+0x3e8 sys/kern/kern_rwlock.c:413 #2 uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1880 #3 uvm_fault_check+0x4f sys/uvm/uvm_fault.c:693 #4 uvm_fault+0x106 sys/uvm/uvm_fault.c:627 #5 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192 #6 usertrap+0x430 sys/arch/amd64/amd64/trap.c:640 #7 recall_trap+0x8 Process 55458 (syz-executor) thread 0xffff8000fffee018 (510706) exclusive rrwlock inode r = 0 (0xfffffd806c8498d8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vn_write+0x18f sys/kern/vfs_vnops.c:405 #6 dofilewritev+0x2bd sys/kern/sys_generic.c:384 #7 sys_write+0xa2 sys/kern/sys_generic.c:300 #8 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #9 Xsyscall+0x128 Process 55458 (syz-executor) thread 0xffff80003a3b9778 (208475) exclusive rwlock vmmaplk r = 0 (0xfffffd806c8cac88) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_read+0x3e8 sys/kern/kern_rwlock.c:413 #2 uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1880 #3 uvm_fault_check+0x4f sys/uvm/uvm_fault.c:693 #4 uvm_fault+0x106 sys/uvm/uvm_fault.c:627 #5 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192 #6 usertrap+0x430 sys/arch/amd64/amd64/trap.c:640 #7 recall_trap+0x8 Process 77753 (syz-executor) thread 0xffff8000fffef240 (385107) exclusive rrwlock inode r = 0 (0xfffffd806c3e8ea8) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vn_write+0x18f sys/kern/vfs_vnops.c:405 #6 dofilewritev+0x2bd sys/kern/sys_generic.c:384 #7 sys_write+0xa2 sys/kern/sys_generic.c:300 #8 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #9 Xsyscall+0x128 Process 70051 (syz-executor) thread 0xffff80003a3c4a88 (119569) exclusive rrwlock inode r = 0 (0xfffffd806c3e81f0) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vn_write+0x18f sys/kern/vfs_vnops.c:405 #6 dofilewritev+0x2bd sys/kern/sys_generic.c:384 #7 sys_write+0xa2 sys/kern/sys_generic.c:300 #8 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #9 Xsyscall+0x128 Process 70051 (syz-executor) thread 0xffff80003a3b9ca8 (109159) exclusive rrwlock inode r = 0 (0xfffffd806c3e8318) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570 #5 vfs_lookup+0x11c sys/kern/vfs_lookup.c:-1 #6 namei+0x7ca sys/kern/vfs_lookup.c:250 #7 vn_open+0x1f1 sys/kern/vfs_vnops.c:107 #8 doopenat+0x35b sys/kern/vfs_syscalls.c:1155 #9 sys_open+0x59 sys/kern/vfs_syscalls.c:1063 #10 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #10 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #11 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11101 12101K 12685K 166960K 14168 0 pcb 17 15K 17K 166960K 355 0 rtable 253 15K 15K 166960K 727 0 pf 38 18K 21K 166960K 206 0 ifaddr 41 7K 8K 166960K 132 0 ifgroup 59 2K 2K 166960K 231 0 sysctl 4 1K 9K 166960K 29 0 counters 72 37K 38K 166960K 298 0 ioctlops 0 0K 4K 166960K 1859 0 iov 0 0K 16K 166960K 103 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1419 89K 90K 166960K 3007 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 6 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 59 0 dirhash 12 2K 2K 166960K 36 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 110K 166960K 1561 0 sigio 0 0K 0K 166960K 32 0 proc 72 115K 180K 166960K 752 0 subproc 72 4K 4K 166960K 81 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 187 0 in_multi 86 6K 7K 166960K 160 0 ether_multi 1 0K 0K 166960K 12 0 mrt 1 0K 0K 166960K 26 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 223 996K 996K 166960K 223 0 exec 0 0K 1K 166960K 720 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 245 168K 186K 166960K 16354 0 UVM aobj 43 14K 14K 166960K 52 0 pinsyscall 43 86K 106K 166960K 2781 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 174 0 NDP 13 0K 2K 166960K 95 0 temp 77 9090K 9168K 166960K 63692 0 kqueue 15 24K 33K 166960K 341 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 125 0 122 1 0 1 1 0 8 0 rtentry 176 236 0 144 6 0 6 6 0 8 0 unpcb 144 875 0 856 6 5 1 4 0 8 0 syncache 336 10 0 10 5 4 1 1 0 8 1 tcpqe 32 4 0 4 3 3 0 1 0 8 0 tcpcb 736 568 0 561 9 8 1 7 0 8 0 arp 136 62 0 45 1 0 1 1 0 8 0 inpcb 328 1615 0 1604 18 14 4 7 0 8 2 nd6 152 34 0 12 2 0 2 2 0 8 0 pkpcb 40 12 0 12 5 4 1 1 0 8 1 kcovpl 48 9 0 1 1 0 1 1 0 8 0 mppekey 1024 2 0 2 2 2 0 1 0 8 0 ppxss 1192 96 0 96 2 1 1 1 0 8 1 pppxif 1576 9 0 9 3 2 1 1 0 8 1 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pffrag 232 11 0 3 1 0 1 1 0 482 0 pffrnode 88 11 0 3 1 0 1 1 0 8 0 pffrent 40 19 0 11 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 2 0 2 2 2 0 1 0 8 0 pfstitem 24 90 0 41 1 0 1 1 0 8 0 pfstkey 128 91 0 42 2 0 2 2 0 8 0 pfstate 448 90 0 42 7 0 7 7 0 8 0 pfrule 1360 24 0 19 2 1 1 2 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 725 0 319 31 2 29 31 0 8 0 art_table 40 728 0 319 6 0 6 6 0 8 0 art_node 32 236 0 157 2 0 2 2 0 8 0 sysvmsgpl 40 2 0 1 2 1 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 54 0 44 1 0 1 1 0 8 0 shmpl 112 43 0 9 1 0 1 1 0 8 0 dirhash 1024 33 0 16 3 0 3 3 0 8 0 dino2pl 256 4710 0 3248 93 0 93 93 0 8 0 ffsino 296 4710 0 3248 114 0 114 114 0 8 0 nchpl 144 6901 0 5191 64 0 64 64 0 8 0 rtmask 32 22 0 22 3 2 1 1 0 8 1 vnodes 216 5584 0 0 311 0 311 311 0 8 0 namei 1024 24167 0 24165 6 4 2 3 0 8 1 percpumem 16 164 0 113 1 0 1 1 0 8 0 vcpupl 3968 6 0 0 1 0 1 1 0 8 0 vmpool 848 6 0 0 1 0 1 1 0 8 0 kstatmem 264 156 0 126 3 0 3 3 0 8 0 scsiplug 72 9 0 9 4 3 1 1 0 8 1 scxspl 216 45699 0 45699 14 13 1 8 1 8 1 plimitpl 152 467 0 446 1 0 1 1 0 8 0 sigapl 424 1883 0 1834 7 1 6 7 0 8 0 knotepl 120 560 0 0 17 0 17 17 0 8 0 kqueuepl 224 673 0 662 11 9 2 5 0 8 1 pipepl 344 378 0 351 12 9 3 9 0 8 0 fdescpl 528 1861 0 1829 3 0 3 3 0 8 0 filepl 160 12563 0 12336 27 16 11 19 0 8 0 lockfpl 104 644 0 641 1 0 1 1 0 8 0 lockfspl 48 273 0 270 1 0 1 1 0 8 0 sessionpl 144 30 0 21 1 0 1 1 0 8 0 pgrppl 48 70 0 53 1 0 1 1 0 8 0 ucredpl 104 2361 0 2348 1 0 1 1 0 8 0 zombiepl 144 2366 0 2364 1 0 1 1 0 8 0 processpl 1232 1883 0 1834 5 0 5 5 0 8 0 procpl 664 4458 0 4396 8 2 6 7 0 8 0 sosppl 176 13 0 13 4 3 1 1 0 8 1 sockpl 752 2700 0 2667 23 15 8 11 0 8 4 mcl64k 65536 6 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 130 0 0 17 0 17 17 0 8 0 mcl2k 2048 46 0 0 5 0 5 5 0 8 0 mtagpl 96 14 0 0 1 0 1 1 0 8 0 mbufpl 256 1509 0 0 93 0 93 93 0 8 0 bufpl 280 18126 0 11996 439 0 439 439 0 8 0 anonpl 32 13423 0 0 108 0 108 108 0 246 0 amapchunkpl 152 55168 0 54665 43 14 29 35 0 158 6 amappl16 200 6909 0 6799 58 44 14 33 0 8 3 amappl15 192 103 0 102 1 0 1 1 0 8 0 amappl14 184 444 0 443 1 0 1 1 0 8 0 amappl13 176 140 0 128 1 0 1 1 0 8 0 amappl12 168 2122 0 2091 2 0 2 2 0 8 0 amappl11 160 19 0 19 1 1 0 1 0 8 0 amappl10 152 70 0 56 1 0 1 1 0 8 0 amappl9 144 262 0 262 1 1 0 1 0 8 0 amappl8 136 106 0 103 1 0 1 1 0 8 0 amappl7 128 173 0 159 1 0 1 1 0 8 0 amappl6 120 180 0 179 1 0 1 1 0 8 0 amappl5 112 111 0 100 1 0 1 1 0 8 0 amappl4 104 331 0 311 1 0 1 1 0 8 0 amappl3 96 11316 0 11202 4 0 4 4 0 8 0 amappl2 88 617 0 557 2 0 2 2 0 8 0 amappl1 80 17990 0 17380 25 8 17 17 0 8 2 amappl 88 15314 0 15142 5 0 5 5 0 92 0 uvmvnodes 80 152 0 0 4 0 4 4 0 8 0 dma65536 65536 1 0 1 1 0 1 1 0 8 1 dma16384 16384 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 257 0 257 4 4 0 1 0 8 0 dma64 64 8 0 8 3 3 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 51 0 9 1 0 1 1 0 8 0 uaddrrnd 24 1861 0 1829 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1861 0 1829 1 0 1 1 0 8 0 vmmpekpl 168 17056 0 17008 3 0 3 3 0 8 0 vmmpepl 168 127908 0 125838 128 21 107 114 0 357 13 vmsppl 488 1860 0 1829 5 0 5 5 0 8 0 rwobjpl 80 37009 0 35799 36 1 35 35 0 8 0 pdppl 4096 3741 0 3664 130 53 77 87 0 8 0 pvpl 32 21726 0 0 178 3 175 175 0 265 0 pmappl 256 1866 0 1829 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 416 0 77 10 0 10 10 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff838edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 end of kernel end trace frame: 0x75b8228a2330, count: -3 ddb{0}> machine ddbcpu 1 Stopped at done_flush+0x38: movl %eax,%dr6 ddb{1}> trace end trace frame: 0x0, count: -1