kernel: protection fault trap, code=0 Stopped at done_flush+0x38: movl %eax,%dr6 ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace done_flush() at done_flush+0x38 vm_run(ffff80002e3c4080) at vm_run+0x304 sys/arch/amd64/amd64/vmm.c:4492 vmmioctl(a00,c0205602,ffff80002e3c4080,1,ffff8000fffecfc0) at vmmioctl+0x192 sys/arch/amd64/amd64/vmm.c:661 VOP_IOCTL(fffffd806e445c90,c0205602,ffff80002e3c4080,1,fffffd807f7d7900,ffff8000fffecfc0) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806688da18,c0205602,ffff80002e3c4080,ffff8000fffecfc0) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 sys_ioctl(ffff8000fffecfc0,ffff80002e3c4198,ffff80002e3c41f0) at sys_ioctl+0x4a2 syscall(ffff80002e3c4260) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002e3c4260) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xccbe78f9e20, count: -8 ddb{0}> show registers rdi 0x6c14 __ALIGN_SIZE+0x5c14 rsi 0xffff800027ade638 rbp 0xffff80002e3c3de0 rbx 0x756e6547 rdx 0x49656e69 rcx 0x6c65746e rax 0xfffffffffffffffe r8 0 r9 0x10000 __ALIGN_SIZE+0xf000 r10 0xc34bd95f3cecbce0 r11 0x72bf7cc618eae1e9 r12 0xffffffff82953f70 dt_prov_static r13 0x246 r14 0xffff800027ade000 r15 0xffff80002e3c4080 rip 0xffffffff81bd9200 done_flush+0x38 cs 0x8 rflags 0x10046 __ALIGN_SIZE+0xf046 rsp 0xffff80002e3c3c36 ss 0x10 done_flush+0x38: movl %eax,%dr6 ddb{0}> show proc PROC (syz-executor.4) pid=314561 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff8000fffec540,0xffff8000fffec2b0 process=0xffff8000fffe4020 user=0xffff80002e3bf000, vmspace=0xfffffd8075a278c8 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 55392 92212 44625 0 2 0 syz-executor.3 75561 91138 4176 0 2 0 syz-executor.1 75561 412251 4176 0 3 0x4000080 fsleep syz-executor.1 44724 165560 43492 0 2 0 syz-executor.4 *44724 314561 43492 0 7 0x4000000 syz-executor.4 17252 498519 67030 0 2 0 syz-executor.7 17252 381634 67030 0 3 0x4000080 fsleep syz-executor.7 28940 478534 60521 0 2 0 syz-executor.2 28940 180625 60521 0 3 0x4000080 fsleep syz-executor.2 3479 117274 25308 0 2 0 syz-executor.6 3479 72293 25308 0 3 0x4000080 fsleep syz-executor.6 3479 48692 25308 0 2 0x4000000 syz-executor.6 89760 248037 32582 0 2 0 syz-executor.0 89760 336998 32582 0 2 0x4000000 syz-executor.0 67030 346450 61752 0 3 0x82 nanoslp syz-executor.7 25308 75714 61752 0 3 0x82 nanoslp syz-executor.6 71701 408247 0 0 3 0x14200 acct acct 32582 277897 61752 0 3 0x82 nanoslp syz-executor.0 43492 149008 61752 0 3 0x82 nanoslp syz-executor.4 60521 273245 61752 0 3 0x82 nanoslp syz-executor.2 44625 275009 61752 0 3 0x82 nanoslp syz-executor.3 4176 111538 61752 0 3 0x82 nanoslp syz-executor.1 51713 480937 61752 0 2 0x2 syz-executor.5 42461 175096 1 0 3 0x100083 ttyopn getty 33519 253589 0 0 3 0x14200 bored sosplice 61752 287896 86072 0 3 0x82 nanoslp syz-fuzzer 61752 479719 86072 0 3 0x4000082 nanoslp syz-fuzzer 61752 85278 86072 0 3 0x4000082 thrsleep syz-fuzzer 61752 256176 86072 0 3 0x4000082 thrsleep syz-fuzzer 61752 292539 86072 0 3 0x4000082 thrsleep syz-fuzzer 61752 178229 86072 0 3 0x4000082 thrsleep syz-fuzzer 61752 470039 86072 0 3 0x4000082 thrsleep syz-fuzzer 61752 363457 86072 0 3 0x4000082 kqread syz-fuzzer 61752 430243 86072 0 3 0x4000082 thrsleep syz-fuzzer 61752 415311 86072 0 3 0x4000082 thrsleep syz-fuzzer 86072 162977 62384 0 3 0x10008a sigsusp ksh 62384 383624 42725 0 3 0x9a kqread sshd 42725 443908 1 0 3 0x88 kqread sshd 93119 221798 85996 74 3 0x1100092 bpf pflogd 85996 508613 1 0 3 0x80 netio pflogd 27276 222576 8290 73 3 0x1100090 kqread syslogd 8290 424859 1 0 3 0x100082 netio syslogd 96857 141353 1 0 3 0x100080 kqread resolvd 63130 56104 91153 77 3 0x100092 kqread dhcpleased 41151 380708 91153 77 3 0x100092 kqread dhcpleased 91153 497723 1 0 3 0x80 kqread dhcpleased 37961 187788 0 0 3 0x14200 bored smr 79995 307124 0 0 2 0x14200 zerothread 53918 309295 0 0 3 0x14200 aiodoned aiodoned 9106 364946 0 0 3 0x14200 syncer update 18074 424861 0 0 3 0x14200 cleaner cleaner 26366 144635 0 0 3 0x14200 reaper reaper 79470 473618 0 0 3 0x14200 pgdaemon pagedaemon 75999 57861 0 0 3 0x14200 bored viomb 59768 236881 0 0 3 0x40014200 acpi0 acpi0 84978 392942 0 0 7 0x40014200 idle1 21514 291816 0 0 3 0x14200 bored softnet 56750 252595 0 0 3 0x14200 bored softnet 39452 420796 0 0 3 0x14200 bored softnet 10671 259129 0 0 3 0x14200 bored softnet 6385 161457 0 0 3 0x14200 bored systqmp 34828 325135 0 0 3 0x14200 bored systq 33827 504842 0 0 3 0x40014200 bored softclock 20357 331360 0 0 3 0x40014200 idle0 1 387091 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 44724 (syz-executor.4) thread 0xffff8000fffecfc0 (314561) exclusive rwlock vcpu r = 0 (0xffff800027ade3b0) #0 witness_lock+0x44d #1 vm_run+0x2e0 sys/arch/amd64/amd64/vmm.c:4459 #2 vmmioctl+0x192 sys/arch/amd64/amd64/vmm.c:661 #3 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 #4 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 #5 sys_ioctl+0x4a2 #6 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] #6 syscall+0x489 sys/arch/amd64/amd64/trap.c:585 #7 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10235 6520K 7931K 78643K 199036 0 pcb 13 20K 25K 78643K 7131 0 rtable 222 7K 8K 78643K 7490 0 ifaddr 103 27K 31K 78643K 1663 0 sysctl 3 1K 5K 78643K 7 0 counters 58 35K 36K 78643K 582 0 ioctlops 0 0K 4K 78643K 8725 0 iov 0 0K 24K 78643K 14232 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1687 105K 106K 78643K 55847 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 173 0 VM map 2 1K 1K 78643K 2 0 sem 12 20K 21K 78643K 23 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 17 61K 93K 78643K 46871 0 sigio 0 0K 0K 78643K 594 0 proc 71 91K 140K 78643K 4474 0 subproc 104 6K 10K 78643K 779 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1803 0 in_multi 80 5K 7K 78643K 1893 0 ether_multi 1 0K 0K 78643K 285 0 mrt 2 0K 0K 78643K 75 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 283 1261K 1261K 78643K 283 0 exec 0 0K 2K 78643K 4259 0 pfkey data 0 0K 0K 78643K 13 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 791 1645K 1646K 78643K 248995 0 UVM aobj 3 2K 4K 78643K 17 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 424 0 NDP 15 0K 2K 78643K 619 0 temp 238 4913K 5937K 78643K 333842 0 kqueue 12 18K 30K 78643K 3413 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 1263 0 1260 11 10 1 3 0 8 0 rtentry 112 3101 0 3002 5 1 4 4 0 8 0 unpcb 136 45315 0 45300 250 247 3 11 0 8 2 syncache 296 16 0 16 3 3 0 1 0 8 0 tcpqe 32 197 0 197 2 2 0 1 0 8 0 tcpcb 736 16472 0 16466 383 382 1 30 0 8 0 arp 120 161 0 142 1 0 1 1 0 8 0 inpcb 312 51570 0 51559 467 463 4 16 0 8 3 nd6 48 178 0 154 1 0 1 1 0 8 0 pkpcb 40 52 0 52 11 10 1 1 0 8 1 kcovpl 48 53 0 45 1 0 1 1 0 8 0 ppxss 1248 156 0 156 34 34 0 1 0 8 0 pfstscr 40 12 0 12 3 3 0 1 0 8 0 pffrag 232 73 0 73 11 11 0 1 0 482 0 pffrnode 88 69 0 69 11 11 0 1 0 8 0 pffrent 40 216 0 216 11 11 0 1 0 8 0 pfosfp 40 1437 0 1437 6 6 0 5 0 8 0 pfosfpen 112 1437 0 1437 22 22 0 21 0 8 0 pfrktable 1344 15 0 14 2 1 1 1 0 8 0 pftag 88 9 0 8 1 0 1 1 0 8 0 pfqueue 264 1 0 1 1 1 0 1 0 8 0 pfstitem 24 29 0 27 1 0 1 1 0 8 0 pfstkey 112 55 0 53 1 0 1 1 0 8 0 pfstate 336 39 0 37 2 1 1 2 0 8 0 pfrule 1360 76 0 63 4 2 2 2 0 8 0 rttmr 64 7 0 7 2 2 0 1 0 8 0 art_heap8 4096 11 0 9 5 3 2 3 0 8 0 art_heap4 256 10537 0 10142 65 40 25 30 0 8 0 art_table 32 10548 0 10151 4 0 4 4 0 8 0 art_node 16 2977 0 2890 1 0 1 1 0 8 0 sysvmsgpl 40 5 0 5 1 1 0 1 0 8 0 semupl 112 6 0 6 1 1 0 1 0 8 0 semapl 112 13 0 3 1 0 1 1 0 8 0 shmpl 112 14 0 14 1 1 0 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 70332 0 68820 95 0 95 95 0 8 0 ffsino 272 70332 0 68820 102 0 102 102 0 8 0 nchpl 144 129704 0 128066 63 0 63 63 0 8 0 uvmvnodes 80 109483 0 0 2235 0 2235 2235 0 8 0 vnodes 224 109483 0 0 6441 0 6441 6441 0 8 0 namei 1024 459350 0 459350 6 5 1 2 0 8 1 percpumem 16 303 0 262 1 0 1 1 0 8 0 vcpupl 2048 177 0 3 22 0 22 22 0 8 0 vmpool 560 208 0 34 15 2 13 13 0 8 0 pfiaddrpl 120 8 0 8 2 2 0 1 0 8 0 kstatmem 264 554 0 524 9 6 3 3 0 8 0 scsiplug 72 9 0 9 3 3 0 1 0 8 0 scxspl 216 362247 0 362247 23 22 1 8 0 8 1 plimitpl 152 2125 0 2110 1 0 1 1 0 8 0 sigapl 424 47111 0 47062 10 3 7 8 0 8 0 futexpl 64 436296 0 436292 5 4 1 1 0 8 0 knotepl 120 1469 0 0 12 2 10 10 0 8 0 kqueuepl 216 6935 0 6927 80 75 5 5 0 8 4 pipepl 336 7217 0 7189 188 185 3 13 0 8 0 fdescpl 496 47071 0 47041 7 3 4 5 0 8 0 filepl 152 345040 0 344794 442 427 15 24 0 8 4 lockfpl 104 6851 0 6849 12 11 1 2 0 8 0 lockfspl 48 2125 0 2123 1 0 1 1 0 8 0 sessionpl 144 71 0 54 1 0 1 1 0 8 0 pgrppl 48 176 0 159 1 0 1 1 0 8 0 ucredpl 96 43564 0 43552 1 0 1 1 0 8 0 zombiepl 144 47062 0 47062 1 0 1 1 0 8 1 processpl 1064 47111 0 47062 5 0 5 5 0 8 0 procpl 672 115561 0 115496 61 54 7 9 0 8 0 srpgc 96 35 0 35 15 15 0 1 0 8 0 sosppl 168 180 0 180 32 32 0 1 0 8 0 sockpl 480 98218 0 98192 2054 2042 12 50 0 8 8 mcl64k 65536 7 0 0 1 0 1 1 0 8 0 mcl16k 16384 4 0 0 1 0 1 1 0 8 0 mcl12k 12288 4 0 0 1 0 1 1 0 8 0 mcl9k 9216 5 0 0 1 0 1 1 0 8 0 mcl8k 8192 9 0 0 2 0 2 2 0 8 0 mcl4k 4096 11 0 0 2 0 2 2 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 1555 0 0 40 9 31 35 0 8 0 mtagpl 96 3136 0 0 50 0 50 50 0 8 0 mbufpl 256 3764 0 0 169 1 168 168 0 8 0 bufpl 288 76905 0 70172 482 0 482 482 0 8 0 anonpl 24 8127671 0 8111096 498 394 104 130 0 186 0 amapchunkpl 152 718725 0 717889 132 95 37 40 0 158 0 amappl16 200 109894 0 109275 246 211 35 47 0 8 0 amappl15 192 16128 0 16122 3 2 1 1 0 8 0 amappl14 184 7156 0 7140 1 0 1 1 0 8 0 amappl13 176 2468 0 2466 1 0 1 1 0 8 0 amappl12 168 7250 0 7238 1 0 1 1 0 8 0 amappl11 160 10299 0 10277 4 2 2 2 0 8 0 amappl10 152 6717 0 6705 1 0 1 1 0 8 0 amappl9 144 3045 0 3042 1 0 1 1 0 8 0 amappl8 136 3731 0 3427 12 1 11 11 0 8 0 amappl7 128 1672 0 1659 1 0 1 1 0 8 0 amappl6 120 3144 0 3100 3 1 2 2 0 8 0 amappl5 112 32568 0 32547 1 0 1 1 0 8 0 amappl4 104 26145 0 26101 5 3 2 2 0 8 0 amappl3 96 141454 0 141402 2 0 2 2 0 8 0 amappl2 88 56336 0 56253 3 1 2 3 0 8 0 amappl1 80 1090946 0 1090280 24 9 15 20 0 8 0 amappl 88 247014 0 246701 9 1 8 8 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 16 0 14 1 0 1 1 0 8 0 uaddrrnd 24 47279 0 47075 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 47279 0 47075 2 0 2 2 0 8 0 vmmpekpl 168 291832 0 291760 4 0 4 4 0 8 0 vmmpepl 168 4425638 0 4422248 440 284 156 169 0 357 0 vmsppl 368 47278 0 47075 20 1 19 19 0 8 0 rwobjpl 56 1129386 0 1017853 1579 7 1572 1572 0 8 0 pdppl 4096 94565 0 94324 1431 1188 243 243 0 8 2 pvpl 32 16581963 0 16561997 952 786 166 242 0 265 1 pmappl 248 47278 0 47075 15 2 13 13 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 3493 0 2282 35 0 35 35 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace done_flush() at done_flush+0x38 vm_run(ffff80002e3c4080) at vm_run+0x304 sys/arch/amd64/amd64/vmm.c:4492 vmmioctl(a00,c0205602,ffff80002e3c4080,1,ffff8000fffecfc0) at vmmioctl+0x192 sys/arch/amd64/amd64/vmm.c:661 VOP_IOCTL(fffffd806e445c90,c0205602,ffff80002e3c4080,1,fffffd807f7d7900,ffff8000fffecfc0) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd806688da18,c0205602,ffff80002e3c4080,ffff8000fffecfc0) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:531 sys_ioctl(ffff8000fffecfc0,ffff80002e3c4198,ffff80002e3c41f0) at sys_ioctl+0x4a2 syscall(ffff80002e3c4260) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff80002e3c4260) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xccbe78f9e20, count: -8 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5