login: kernel: protection fault trap, code=0 Stopped at done_flush+0x38: movl %eax,%dr6 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace done_flush() at done_flush+0x38 vm_run(ffff800030ddd4a0) at vm_run+0x163 vmmioctl(a00,c0205602,ffff800030ddd4a0,1,ffff80002f5b1d48) at vmmioctl+0x299 sys/dev/vmm/vmm.c:242 VOP_IOCTL(fffffd806eee51b0,c0205602,ffff800030ddd4a0,1,fffffd807f7d77b8,ffff80002f5b1d48) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd805b000e20,c0205602,ffff800030ddd4a0,ffff80002f5b1d48) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002f5b1d48,ffff800030ddd5b0,ffff800030ddd600) at sys_ioctl+0x49e syscall(ffff800030ddd670) at syscall+0x543 sys/arch/amd64/amd64/trap.c:606 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xafbe0a7370, count: -8 ddb> show registers rdi 0x6c14 __ALIGN_SIZE+0x5c14 rsi 0xffff800036644630 rbp 0xffff800030ddd1f0 rbx 0x756e6547 rdx 0x49656e69 rcx 0x6c65746e rax 0xfffffffffffffffc r8 0 r9 0x10000 __ALIGN_SIZE+0xf000 r10 0xc09882fccae8e86e r11 0x8db3c5c0919b92d9 r12 0xffff8000366443a8 r13 0xffff800030ddd126 r14 0xffff800036644000 r15 0x246 rip 0xffffffff824a994b done_flush+0x38 cs 0x8 rflags 0x10046 __ALIGN_SIZE+0xf046 rsp 0xffff800030ddd056 ss 0x10 done_flush+0x38: movl %eax,%dr6 ddb> show proc PROC (syz-executor.6) tid=236721 pid=21557 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=81, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a6bc818,0xffff80002f5b1808 process=0xffff80002a703b90 user=0xffff800030dd8000, vmspace=0xfffffd8069332d20 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 32931 370928 56804 0 2 0 syz-executor.7 32931 101048 56804 0 3 0x4000080 fsleep syz-executor.7 60058 369764 39464 0 2 0 syz-executor.3 60058 35957 39464 0 3 0x4000080 fsleep syz-executor.3 21557 342936 52107 0 2 0 syz-executor.6 *21557 236721 52107 0 7 0x4000000 syz-executor.6 25516 520359 92830 0 2 0 syz-executor.5 25516 70966 92830 0 3 0x4000080 fsleep syz-executor.5 92830 90321 79018 0 3 0x82 nanoslp syz-executor.5 78263 357757 1 0 3 0x100083 ttyin getty 65757 174865 79018 0 3 0x82 nanoslp syz-executor.0 56804 127179 79018 0 3 0x82 nanoslp syz-executor.7 52107 430945 79018 0 3 0x82 nanoslp syz-executor.6 94431 371886 0 0 3 0x14280 nfsidl nfsio 24199 453003 0 0 3 0x14280 nfsidl nfsio 8903 91262 0 0 3 0x14280 nfsidl nfsio 99043 126349 0 0 3 0x14280 nfsidl nfsio 7409 20692 0 0 3 0x14280 nfsidl nfsio 18217 414004 0 0 3 0x14280 nfsidl nfsio 62057 341737 0 0 3 0x14280 nfsidl nfsio 29382 81315 0 0 3 0x14280 nfsidl nfsio 43364 166727 0 0 3 0x14280 nfsidl nfsio 2586 147346 0 0 3 0x14280 nfsidl nfsio 73510 284810 0 0 3 0x14280 nfsidl nfsio 9210 144255 0 0 3 0x14280 nfsidl nfsio 71554 198847 0 0 3 0x14280 nfsidl nfsio 73399 477320 0 0 3 0x14280 nfsidl nfsio 89675 300563 0 0 3 0x14280 nfsidl nfsio 23457 360078 0 0 3 0x14280 nfsidl nfsio 57024 196142 0 0 3 0x14280 nfsidl nfsio 50586 283664 0 0 3 0x14280 nfsidl nfsio 61213 243281 0 0 3 0x14280 nfsidl nfsio 77357 522703 0 0 3 0x14280 nfsidl nfsio 39464 402174 79018 0 3 0x82 nanoslp syz-executor.3 87107 366695 79018 0 2 0x2 syz-executor.2 68710 53577 79018 0 2 0x2 syz-executor.1 32971 308367 0 0 3 0x14200 acct acct 10649 231975 0 0 3 0x14200 bored sosplice 79018 263752 58910 0 3 0x2000082 wait syz-fuzzer 79018 296777 58910 0 3 0x6000082 thrsleep syz-fuzzer 79018 39398 58910 0 3 0x6000082 thrsleep syz-fuzzer 79018 85340 58910 0 3 0x6000082 kqread syz-fuzzer 79018 184728 58910 0 3 0x6000082 thrsleep syz-fuzzer 79018 302347 58910 0 3 0x6000082 wait syz-fuzzer 79018 228776 58910 0 3 0x6000082 thrsleep syz-fuzzer 79018 308433 58910 0 3 0x6000082 wait syz-fuzzer 79018 271672 58910 0 3 0x6000082 thrsleep syz-fuzzer 79018 281745 58910 0 3 0x6000082 wait syz-fuzzer 79018 502529 58910 0 3 0x6000082 thrsleep syz-fuzzer 79018 346355 58910 0 3 0x6000082 wait syz-fuzzer 79018 164595 58910 0 3 0x6000082 wait syz-fuzzer 79018 497867 58910 0 3 0x6000082 wait syz-fuzzer 58910 406575 76898 0 3 0x10008a sigsusp ksh 76898 46363 88110 0 3 0x9a kqread sshd 88110 345875 1 0 3 0x88 kqread sshd 44812 129688 18725 73 3 0x1100090 kqread syslogd 18725 474551 1 0 3 0x100082 netio syslogd 45323 196156 1 0 3 0x100080 kqread resolvd 30192 509124 44112 77 3 0x100092 kqread dhcpleased 51244 233394 44112 77 3 0x100092 kqread dhcpleased 44112 134858 1 0 3 0x80 kqread dhcpleased 6801 506705 0 0 3 0x14200 bored smr 1541 81912 0 0 2 0x14200 zerothread 94920 494739 0 0 3 0x14200 aiodoned aiodoned 1729 9768 0 0 3 0x14200 syncer update 14188 506913 0 0 3 0x14200 cleaner cleaner 89981 56950 0 0 3 0x14200 reaper reaper 19901 49633 0 0 3 0x14200 pgdaemon pagedaemon 10028 516322 0 0 3 0x14200 bored viomb 78954 79766 0 0 3 0x40014200 acpi0 acpi0 81017 124828 0 0 3 0x14200 bored softnet3 6383 520841 0 0 3 0x14200 bored softnet2 84829 505420 0 0 3 0x14200 bored softnet1 76304 239586 0 0 3 0x14200 bored softnet0 49413 332529 0 0 3 0x14200 bored systqmp 64631 254886 0 0 3 0x14200 bored systq 76493 452782 0 0 3 0x40014200 tmoslp softclock 58248 362835 0 0 3 0x40014200 idle0 1 88217 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10216 6475K 7849K 166960K 57382 0 pcb 13 20K 22K 166960K 874 0 rtable 141 13K 15K 166960K 1732 0 pf 30 9K 10K 166960K 464 0 ifaddr 29 9K 13K 166960K 349 0 ifgroup 51 2K 2K 166960K 725 0 sysctl 3 0K 0K 166960K 3 0 counters 30 17K 18K 166960K 228 0 ioctlops 0 0K 2K 166960K 697 0 iov 0 0K 28K 166960K 1128 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1539 96K 97K 166960K 14746 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 112 0 VM map 2 1K 1K 166960K 2 0 sem 11 1K 1K 166960K 12 0 dirhash 12 2K 2K 166960K 33 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 13 45K 73K 166960K 9756 0 sigio 0 0K 0K 166960K 1227 0 proc 58 59K 83K 166960K 1759 0 subproc 91 5K 6K 166960K 507 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 580 0 in_multi 50 3K 7K 166960K 547 0 ether_multi 1 0K 0K 166960K 4 0 mrt 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 163 731K 731K 166960K 163 0 exec 0 0K 1K 166960K 1981 0 pfkey data 0 0K 0K 166960K 6 0 tdb 3 0K 0K 166960K 3 0 pagedep 1 8K 8K 166960K 1 0 inodedep 1 32K 32K 166960K 1 0 newblk 1 0K 0K 166960K 1 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 419 246K 265K 166960K 91880 0 UVM aobj 131 4K 4K 166960K 143 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 278 0 NDP 11 0K 1K 166960K 290 0 temp 70 5919K 6048K 166960K 126747 0 kqueue 12 18K 28K 166960K 695 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 902 0 899 16 15 1 5 0 8 0 rtentry 112 559 0 500 5 1 4 4 0 8 0 unpcb 144 8022 0 8007 94 92 2 11 0 8 1 syncache 312 99 0 99 16 15 1 1 0 8 1 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 250 0 250 14 13 1 1 0 8 1 tcpcb 808 1893 0 1867 70 67 3 11 0 8 0 arp 88 93 0 85 1 0 1 1 0 8 0 ipq 40 15 0 15 5 5 0 1 0 8 0 ipqe 40 116 0 116 5 5 0 1 0 8 0 inpcb 336 6623 0 6594 129 120 9 13 0 8 5 nd6 104 132 0 122 1 0 1 1 0 8 0 pkpcb 40 58 0 58 7 7 0 1 0 8 0 kcovpl 48 39 0 32 1 0 1 1 0 8 0 ppxss 1160 79 0 79 15 14 1 1 0 8 1 art_heap8 4096 7 0 6 5 4 1 4 0 8 0 art_heap4 256 2092 0 1808 44 20 24 29 0 8 4 art_table 32 2099 0 1814 4 0 4 4 0 8 0 art_node 16 513 0 459 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 1 1 0 1 1 0 8 0 semapl 112 9 0 0 1 0 1 1 0 8 0 shmpl 112 140 0 12 4 0 4 4 0 8 0 dirhash 1024 31 0 14 3 0 3 3 0 8 0 dino2pl 256 15267 0 13750 96 0 96 96 0 8 0 ffsino 240 15267 0 13750 90 0 90 90 0 8 0 nchpl 144 28877 0 28394 63 42 21 63 0 8 0 uvmvnodes 80 6548 0 0 134 0 134 134 0 8 0 vnodes 216 6548 0 0 364 0 364 364 0 8 0 namei 1024 108679 0 108677 10 9 1 2 0 8 0 vcpupl 2048 105 0 0 14 0 14 14 0 8 0 vmpool 664 126 0 21 9 0 9 9 0 8 0 kstatmem 264 418 0 396 5 2 3 3 0 8 0 scxspl 216 93925 0 93925 30 29 1 8 1 8 1 plimitpl 152 1936 0 1922 1 0 1 1 0 8 0 sigapl 424 10033 0 9970 10 2 8 8 0 8 0 futexpl 64 101117 0 101114 6 5 1 1 0 8 0 knotepl 120 86562 0 86487 49 46 3 15 0 8 0 kqueuepl 184 1836 0 1828 29 28 1 4 0 8 0 pipepl 288 6791 0 6766 92 88 4 12 0 8 0 fdescpl 432 9975 0 9951 5 1 4 4 0 8 0 filepl 120 79629 0 79408 124 112 12 20 0 8 2 lockfpl 104 3402 0 3400 5 4 1 2 0 8 0 lockfspl 48 1284 0 1282 1 0 1 1 0 8 0 sessionpl 144 55 0 40 1 0 1 1 0 8 0 pgrppl 48 1494 0 1479 1 0 1 1 0 8 0 ucredpl 104 11391 0 11378 1 0 1 1 0 8 0 zombiepl 144 9971 0 9970 4 3 1 1 0 8 0 processpl 1008 10033 0 9970 13 4 9 9 0 8 0 procpl 680 24743 0 24663 27 19 8 9 0 8 0 sosppl 168 103 0 103 13 12 1 1 0 8 1 sockpl 456 15611 0 15564 444 429 15 40 0 8 8 mcl64k 65536 398 0 398 18 17 1 1 0 8 1 mcl16k 16384 217 0 217 18 17 1 1 0 8 1 mcl12k 12288 399 0 399 19 18 1 1 0 8 1 mcl9k 9216 184 0 184 20 19 1 1 0 8 1 mcl8k 8192 830 0 830 14 13 1 1 0 8 1 mcl4k 4096 1212 0 1212 11 10 1 2 0 8 1 mcl2k2 2112 82 0 82 21 20 1 1 0 8 1 mcl2k 2048 88126 0 88081 54 46 8 30 0 8 1 mtagpl 96 9450 0 8925 73 40 33 39 0 8 7 mbufpl 256 224468 0 223769 380 281 99 159 0 8 8 bufpl 288 24231 0 17685 468 0 468 468 0 8 0 anonpl 24 1075653 0 1063706 290 190 100 165 0 188 0 amapchunkpl 152 294574 0 293793 129 91 38 64 0 158 1 amappl16 200 22160 0 21679 118 91 27 39 0 8 0 amappl15 192 12 0 12 1 1 0 1 0 8 0 amappl14 184 273 0 261 2 1 1 2 0 8 0 amappl13 176 15 0 15 2 2 0 1 0 8 0 amappl12 168 11064 0 11038 2 0 2 2 0 8 0 amappl11 160 58 0 48 1 0 1 1 0 8 0 amappl10 152 57 0 48 2 1 1 1 0 8 0 amappl9 144 219 0 218 1 0 1 1 0 8 0 amappl8 136 526 0 426 4 0 4 4 0 8 0 amappl7 128 258 0 232 2 0 2 2 0 8 0 amappl6 120 832 0 818 1 0 1 1 0 8 0 amappl5 112 319 0 309 1 0 1 1 0 8 0 amappl4 104 719 0 695 2 1 1 2 0 8 0 amappl3 96 57405 0 57327 3 0 3 3 0 8 0 amappl2 88 10866 0 10792 3 0 3 3 0 8 0 amappl1 80 46025 0 45529 22 10 12 22 0 8 0 amappl 88 90863 0 90636 8 1 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 142 0 12 3 0 3 3 0 8 0 uaddrrnd 24 10101 0 9972 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 10101 0 9972 1 0 1 1 0 8 0 vmmpekpl 168 89591 0 89519 4 0 4 4 0 8 0 vmmpepl 168 605890 0 603600 306 178 128 144 0 357 8 vmsppl 368 10100 0 9972 14 1 13 13 0 8 0 rwobjpl 24 149326 0 141132 54 4 50 50 0 8 0 pdppl 4096 20208 0 20049 566 398 168 169 0 8 9 pvpl 32 2935771 0 2918376 611 437 174 322 0 265 0 pmappl 216 10100 0 9972 10 2 8 8 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2142 0 1127 31 0 31 31 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace done_flush() at done_flush+0x38 vm_run(ffff800030ddd4a0) at vm_run+0x163 vmmioctl(a00,c0205602,ffff800030ddd4a0,1,ffff80002f5b1d48) at vmmioctl+0x299 sys/dev/vmm/vmm.c:242 VOP_IOCTL(fffffd806eee51b0,c0205602,ffff800030ddd4a0,1,fffffd807f7d77b8,ffff80002f5b1d48) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd805b000e20,c0205602,ffff800030ddd4a0,ffff80002f5b1d48) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002f5b1d48,ffff800030ddd5b0,ffff800030ddd600) at sys_ioctl+0x49e syscall(ffff800030ddd670) at syscall+0x543 sys/arch/amd64/amd64/trap.c:606 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xafbe0a7370, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace done_flush() at done_flush+0x38 vm_run(ffff800030ddd4a0) at vm_run+0x163 vmmioctl(a00,c0205602,ffff800030ddd4a0,1,ffff80002f5b1d48) at vmmioctl+0x299 sys/dev/vmm/vmm.c:242 VOP_IOCTL(fffffd806eee51b0,c0205602,ffff800030ddd4a0,1,fffffd807f7d77b8,ffff80002f5b1d48) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd805b000e20,c0205602,ffff800030ddd4a0,ffff80002f5b1d48) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002f5b1d48,ffff800030ddd5b0,ffff800030ddd600) at sys_ioctl+0x49e syscall(ffff800030ddd670) at syscall+0x543 sys/arch/amd64/amd64/trap.c:606 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xafbe0a7370, count: -8