kernel: protection fault trap, code=0 Stopped at done_flush+0x38: movl %eax,%dr6 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace done_flush() at done_flush+0x38 vm_run(ffff80002f4c5a40) at vm_run+0x163 vmmioctl(a00,c0205602,ffff80002f4c5a40,1,ffff80002a63c808) at vmmioctl+0x299 sys/dev/vmm/vmm.c:242 VOP_IOCTL(fffffd80712420d8,c0205602,ffff80002f4c5a40,1,fffffd807f7d7958,ffff80002a63c808) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8067db0620,c0205602,ffff80002f4c5a40,ffff80002a63c808) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002a63c808,ffff80002f4c5b50,ffff80002f4c5ba0) at sys_ioctl+0x49e syscall(ffff80002f4c5c10) at syscall+0x543 sys/arch/amd64/amd64/trap.c:606 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x85eba010a30, count: -8 ddb> show registers rdi 0x6c14 __ALIGN_SIZE+0x5c14 rsi 0xffff8000329bc630 rbp 0xffff80002f4c5790 rbx 0x756e6547 rdx 0x49656e69 rcx 0x6c65746e rax 0xfffffffffffffffc r8 0 r9 0x10000 __ALIGN_SIZE+0xf000 r10 0x8b0b8e5155dd4263 r11 0x928328051407ce74 r12 0xffff8000329bc3a8 r13 0xffff80002f4c56c6 r14 0xffff8000329bc000 r15 0x246 rip 0xffffffff8121cd3b done_flush+0x38 cs 0x8 rflags 0x10046 __ALIGN_SIZE+0xf046 rsp 0xffff80002f4c55f6 ss 0x10 done_flush+0x38: movl %eax,%dr6 ddb> show proc PROC (syz-executor.5) tid=373307 pid=80055 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=81, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a63d7f8,0xffff80002a63cac0 process=0xffff80002db473b8 user=0xffff80002f4c0000, vmspace=0xfffffd8071919458 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 76759 500993 15021 0 2 0 syz-executor.4 76759 210177 15021 0 3 0x4000000 smrbar syz-executor.4 55103 64390 52595 0 2 0 syz-executor.6 55103 334782 52595 0 3 0x4000080 fsleep syz-executor.6 80055 402554 11199 0 2 0 syz-executor.5 *80055 373307 11199 0 7 0x4000000 syz-executor.5 40722 150988 17026 0 2 0 syz-executor.2 40722 261171 17026 0 3 0x4000080 fsleep syz-executor.2 39189 303465 8693 0 2 0 syz-executor.7 39189 351008 8693 0 3 0x4000080 fsleep syz-executor.7 13262 42567 95051 0 2 0 syz-executor.0 13262 462585 95051 0 3 0x4000080 kqread syz-executor.0 13262 449216 95051 0 2 0x4000000 syz-executor.0 29766 57258 53453 0 2 0 syz-executor.3 29766 512591 53453 0 3 0x4000080 fsleep syz-executor.3 8693 466741 52783 0 3 0x82 nanoslp syz-executor.7 15021 228584 52783 0 3 0x82 nanoslp syz-executor.4 43007 327734 1 0 3 0x100083 ttyin getty 26577 71415 0 0 3 0x14280 nfsidl nfsio 30857 464366 0 0 3 0x14280 nfsidl nfsio 38794 191454 0 0 3 0x14280 nfsidl nfsio 38360 295960 0 0 3 0x14280 nfsidl nfsio 17554 841 0 0 3 0x14280 nfsidl nfsio 2328 520865 0 0 3 0x14280 nfsidl nfsio 96118 116134 0 0 3 0x14280 nfsidl nfsio 11553 434502 0 0 3 0x14280 nfsidl nfsio 66013 79475 0 0 3 0x14280 nfsidl nfsio 31954 176620 0 0 3 0x14280 nfsidl nfsio 75448 173353 0 0 3 0x14280 nfsidl nfsio 83660 275100 0 0 3 0x14280 nfsidl nfsio 75825 78389 0 0 3 0x14280 nfsidl nfsio 64538 450609 0 0 3 0x14280 nfsidl nfsio 73605 320977 0 0 3 0x14280 nfsidl nfsio 82626 229726 0 0 3 0x14280 nfsidl nfsio 30353 464522 0 0 3 0x14280 nfsidl nfsio 25194 340754 0 0 3 0x14280 nfsidl nfsio 81329 441849 0 0 3 0x14280 nfsidl nfsio 83554 242232 0 0 3 0x14280 nfsidl nfsio 53453 18936 52783 0 3 0x82 nanoslp syz-executor.3 52595 414341 52783 0 3 0x82 nanoslp syz-executor.6 11199 483185 52783 0 3 0x82 nanoslp syz-executor.5 95051 200375 52783 0 3 0x82 nanoslp syz-executor.0 73330 281230 0 0 3 0x14200 bored sosplice 32204 100875 0 0 3 0x14200 acct acct 17026 71554 52783 0 3 0x82 nanoslp syz-executor.2 37671 167349 52783 0 2 0x2 syz-executor.1 52783 175804 41988 0 3 0x2000082 thrsleep syz-fuzzer 52783 279803 41988 0 3 0x6000082 nanoslp syz-fuzzer 52783 353837 41988 0 3 0x6000082 wait syz-fuzzer 52783 282137 41988 0 3 0x6000082 thrsleep syz-fuzzer 52783 429940 41988 0 3 0x6000082 wait syz-fuzzer 52783 158170 41988 0 3 0x6000082 wait syz-fuzzer 52783 379138 41988 0 3 0x6000082 thrsleep syz-fuzzer 52783 249964 41988 0 3 0x6000082 wait syz-fuzzer 52783 95738 41988 0 3 0x6000082 wait syz-fuzzer 52783 83023 41988 0 3 0x6000082 wait syz-fuzzer 52783 89908 41988 0 3 0x6000082 thrsleep syz-fuzzer 52783 339924 41988 0 3 0x6000082 kqread syz-fuzzer 52783 280767 41988 0 3 0x6000082 wait syz-fuzzer 52783 294992 41988 0 3 0x6000082 wait syz-fuzzer 41988 313621 98525 0 3 0x10008a sigsusp ksh 98525 231882 7355 0 3 0x9a kqread sshd 7355 171584 1 0 3 0x88 kqread sshd 75346 161903 54552 73 2 0x1100010 syslogd 54552 475365 1 0 3 0x100082 netio syslogd 12933 479908 1 0 3 0x100080 kqread resolvd 58107 139 50222 77 3 0x100092 kqread dhcpleased 889 111876 50222 77 3 0x100092 kqread dhcpleased 50222 344566 1 0 3 0x80 kqread dhcpleased 35305 521100 0 0 3 0x14200 bored smr 48906 489477 0 0 2 0x14200 zerothread 93723 124967 0 0 3 0x14200 aiodoned aiodoned 90807 25822 0 0 3 0x14200 syncer update 90224 392551 0 0 3 0x14200 cleaner cleaner 10177 111283 0 0 3 0x14200 reaper reaper 32616 417875 0 0 3 0x14200 pgdaemon pagedaemon 85595 368429 0 0 3 0x14200 bored viomb 53420 335488 0 0 3 0x40014200 acpi0 acpi0 78391 400198 0 0 3 0x14200 bored softnet3 67013 179911 0 0 3 0x14200 bored softnet2 43971 269062 0 0 3 0x14200 bored softnet1 4836 330201 0 0 3 0x14200 bored softnet0 38828 358929 0 0 3 0x14200 bored systqmp 55453 4908 0 0 3 0x14200 bored systq 7078 50673 0 0 3 0x40014200 tmoslp softclock 12327 320559 0 0 3 0x40014200 idle0 1 284983 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10226 6559K 6822K 166960K 14650 0 pcb 13 15K 16K 166960K 245 0 rtable 218 14K 15K 166960K 751 0 pf 34 9K 9K 166960K 100 0 ifaddr 41 11K 11K 166960K 99 0 ifgroup 59 2K 2K 166960K 171 0 counters 30 17K 17K 166960K 58 0 ioctlops 0 0K 2K 166960K 110 0 iov 0 0K 12K 166960K 223 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1453 91K 91K 166960K 2855 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 39 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 462 0 dirhash 12 2K 2K 166960K 18 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 17 61K 69K 166960K 2961 0 sigio 0 0K 0K 166960K 48 0 proc 57 59K 75K 166960K 722 0 subproc 104 6K 6K 166960K 195 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 217 0 in_multi 89 6K 7K 166960K 189 0 ether_multi 1 0K 0K 166960K 1 0 mrt 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 211 943K 943K 166960K 211 0 exec 0 0K 1K 166960K 791 0 tdb 3 0K 0K 166960K 3 0 pagedep 1 8K 8K 166960K 1 0 inodedep 1 32K 32K 166960K 1 0 newblk 1 0K 0K 166960K 1 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 355 121K 133K 166960K 29404 0 UVM aobj 131 4K 4K 166960K 139 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 96 0 NDP 13 0K 2K 166960K 71 0 temp 73 5916K 5982K 166960K 27352 0 kqueue 12 18K 24K 166960K 204 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 273 0 270 5 4 1 3 0 8 0 rtentry 112 208 0 109 4 0 4 4 0 8 0 unpcb 144 1408 0 1393 12 6 6 6 0 8 5 syncache 312 44 0 44 7 7 0 1 0 8 0 tcpqe 32 135 136 135 5 5 0 1 0 8 0 tcpcb 808 2857 0 2827 47 37 10 16 0 8 5 arp 88 34 0 20 1 0 1 1 0 8 0 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 36 0 36 1 1 0 1 0 8 0 inpcb 336 4203 0 4171 45 36 9 14 0 8 4 nd6 104 48 0 25 1 0 1 1 0 8 0 pkpcb 40 12 0 12 2 2 0 1 0 8 0 kcovpl 48 14 0 6 1 0 1 1 0 8 0 ppxss 1160 5 0 5 2 2 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 829 0 368 36 5 31 31 0 8 0 art_table 32 830 0 368 4 0 4 4 0 8 0 art_node 16 200 0 109 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 3 1 0 1 1 0 8 0 semupl 112 20 0 20 1 1 0 1 0 8 0 semapl 112 450 0 440 1 0 1 1 0 8 0 shmpl 112 136 0 8 4 0 4 4 0 8 0 dirhash 1024 21 0 4 3 0 3 3 0 8 0 dino2pl 256 5585 0 4127 92 0 92 92 0 8 0 ffsino 240 5585 0 4127 87 0 87 87 0 8 0 nchpl 144 10309 0 9758 63 40 23 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 33378 0 33378 3 2 1 3 0 8 1 vcpupl 2048 12 0 0 2 0 2 2 0 8 0 vmpool 664 12 0 0 1 0 1 1 0 8 0 kstatmem 264 82 0 56 2 0 2 2 0 8 0 scxspl 216 31593 0 31593 14 13 1 8 1 8 1 plimitpl 152 344 0 329 1 0 1 1 0 8 0 sigapl 424 3268 0 3202 8 0 8 8 0 8 0 futexpl 64 34394 0 34390 1 0 1 1 0 8 0 knotepl 120 35775 0 35693 29 25 4 16 0 8 0 kqueuepl 184 480 0 471 10 9 1 4 0 8 0 pipepl 288 608 0 580 11 8 3 5 0 8 0 fdescpl 432 3230 0 3202 4 0 4 4 0 8 0 filepl 120 21203 0 20960 30 18 12 15 0 8 3 lockfpl 104 1078 0 1074 4 2 2 2 0 8 1 lockfspl 48 329 0 325 1 0 1 1 0 8 0 sessionpl 144 30 0 14 1 0 1 1 0 8 0 pgrppl 48 106 0 90 1 0 1 1 0 8 0 ucredpl 104 2691 0 2679 1 0 1 1 0 8 0 zombiepl 144 3202 0 3202 1 0 1 1 0 8 1 processpl 1008 3268 0 3202 11 2 9 9 0 8 0 procpl 680 7617 0 7530 10 2 8 9 0 8 0 sosppl 168 12 0 12 4 4 0 1 0 8 0 sockpl 456 5903 0 5851 112 89 23 24 0 8 14 mcl64k 65536 127 0 127 5 4 1 1 0 8 1 mcl16k 16384 58 0 58 5 4 1 1 0 8 1 mcl12k 12288 148 0 148 6 5 1 1 0 8 1 mcl9k 9216 47 0 47 6 5 1 1 0 8 1 mcl8k 8192 155 0 155 5 4 1 1 0 8 1 mcl4k 4096 348 0 348 4 3 1 2 0 8 1 mcl2k2 2112 26 0 26 9 8 1 1 0 8 1 mcl2k 2048 73323 0 73185 46 27 19 31 0 8 0 mtagpl 96 573 0 222 11 2 9 9 0 8 0 mbufpl 256 141184 0 140667 100 65 35 61 0 8 0 bufpl 288 9800 0 3406 457 0 457 457 0 8 0 anonpl 24 451854 0 438061 98 9 89 97 0 188 0 amapchunkpl 152 95785 0 94895 57 21 36 43 0 158 0 amappl16 200 10104 0 9690 29 6 23 26 0 8 0 amappl15 192 53 0 52 1 0 1 1 0 8 0 amappl14 184 173 0 162 2 1 1 2 0 8 0 amappl13 176 10 0 10 1 1 0 1 0 8 0 amappl12 168 4041 0 4012 3 1 2 2 0 8 0 amappl11 160 63 0 53 1 0 1 1 0 8 0 amappl10 152 67 0 57 1 0 1 1 0 8 0 amappl9 144 127 0 125 1 0 1 1 0 8 0 amappl8 136 244 0 183 3 0 3 3 0 8 0 amappl7 128 195 0 172 2 1 1 2 0 8 0 amappl6 120 371 0 363 1 0 1 1 0 8 0 amappl5 112 167 0 158 1 0 1 1 0 8 0 amappl4 104 454 0 434 2 1 1 2 0 8 0 amappl3 96 18869 0 18778 3 0 3 3 0 8 0 amappl2 88 3792 0 3719 3 1 2 3 0 8 0 amappl1 80 20160 0 19652 22 10 12 22 0 8 0 amappl 88 28792 0 28556 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 138 0 8 3 0 3 3 0 8 0 uaddrrnd 24 3242 0 3202 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3242 0 3202 1 0 1 1 0 8 0 vmmpekpl 168 27980 0 27921 3 0 3 3 0 8 0 vmmpepl 168 209707 0 207454 172 70 102 121 0 357 0 vmsppl 368 3241 0 3202 4 0 4 4 0 8 0 rwobjpl 24 61193 0 53708 46 0 46 46 0 8 0 pdppl 4096 6490 0 6416 215 140 75 75 0 8 1 pvpl 32 1091937 0 1072582 352 191 161 333 0 265 0 pmappl 216 3241 0 3202 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1188 0 346 25 0 25 25 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace done_flush() at done_flush+0x38 vm_run(ffff80002f4c5a40) at vm_run+0x163 vmmioctl(a00,c0205602,ffff80002f4c5a40,1,ffff80002a63c808) at vmmioctl+0x299 sys/dev/vmm/vmm.c:242 VOP_IOCTL(fffffd80712420d8,c0205602,ffff80002f4c5a40,1,fffffd807f7d7958,ffff80002a63c808) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8067db0620,c0205602,ffff80002f4c5a40,ffff80002a63c808) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002a63c808,ffff80002f4c5b50,ffff80002f4c5ba0) at sys_ioctl+0x49e syscall(ffff80002f4c5c10) at syscall+0x543 sys/arch/amd64/amd64/trap.c:606 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x85eba010a30, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace done_flush() at done_flush+0x38 vm_run(ffff80002f4c5a40) at vm_run+0x163 vmmioctl(a00,c0205602,ffff80002f4c5a40,1,ffff80002a63c808) at vmmioctl+0x299 sys/dev/vmm/vmm.c:242 VOP_IOCTL(fffffd80712420d8,c0205602,ffff80002f4c5a40,1,fffffd807f7d7958,ffff80002a63c808) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8067db0620,c0205602,ffff80002f4c5a40,ffff80002a63c808) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002a63c808,ffff80002f4c5b50,ffff80002f4c5ba0) at sys_ioctl+0x49e syscall(ffff80002f4c5c10) at syscall+0x543 sys/arch/amd64/amd64/trap.c:606 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x85eba010a30, count: -8