kernel: protection fault trap, code=0 Stopped at malloc+0x7cf: movq 0x8(%rbx),%r15 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic the kernel did not panic ddb> trace malloc(10,62,2) at malloc+0x7cf sys/kern/kern_malloc.c:290 amap_alloc1(20,2,0) at amap_alloc1+0x291 sys/uvm/uvm_amap.c:353 amap_alloc(20000,2,0) at amap_alloc+0xad sys/uvm/uvm_amap.c:-1 amap_copy(fffffd80635d1e78,fffffd805dc27c30,2,0,5222a7d0000,5222a7d0001) at amap_copy+0x6ac sys/uvm/uvm_amap.c:569 uvm_fault_check(ffff80003118f5f0,ffff80003118f628,ffff80003118f660,0) at uvm_fault_check+0x457 sys/uvm/uvm_fault.c:753 uvm_fault(fffffd80635d1e78,5222a7d0000,0,2) at uvm_fault+0xe6 sys/uvm/uvm_fault.c:633 upageflttrap(ffff80003118f780,5222a7d0088) at upageflttrap+0xa0 sys/arch/amd64/amd64/trap.c:192 usertrap(ffff80003118f780) at usertrap+0x3aa sys/arch/amd64/amd64/trap.c:603 recall_trap() at recall_trap+0x8 end trace frame: 0x0, count: -9 ddb> show registers rdi 0x2f07708c43f35167 rsi 0 rbp 0xffff80003118f290 rbx 0x2f07708c43f35167 rdx 0 rcx 0x4 rax 0xffff80002a832038 r8 0x5222a7d0000 r9 0x5222a7d0001 r10 0xcb9f4d47c8e7e9f3 r11 0x52f8c7568776cc6f r12 0x10 r13 0xffffffff83890f10 kmemstats+0x1880 r14 0x2f07708c43f35167 r15 0 rip 0xffffffff8178f7af malloc+0x7cf cs 0x8 rflags 0x10202 __ALIGN_SIZE+0xf202 rsp 0xffff80003118f1e0 ss 0 malloc+0x7cf: movq 0x8(%rbx),%r15 ddb> show proc PROC (syz-executor) tid=58572 pid=97531 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=36, usrpri=86, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a832568,0xffffffff838a8258 process=0xffff8000ffff8498 user=0xffff80003118a000, vmspace=0xfffffd80635d1e78 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 97531 518791 56599 0 2 0 syz-executor 97531 69003 56599 0 2 0x4000000 syz-executor *97531 58572 56599 0 7 0x4000000 syz-executor 65897 73582 23254 0 2 0 syz-executor 65897 188957 23254 0 3 0x4000080 fsleep syz-executor 58635 383485 83112 0 3 0x3000 suspend syz-executor 58635 207498 83112 0 2 0x4081000 syz-executor 13202 173511 41099 0 2 0x1000000 syz-executor 13202 61994 41099 0 3 0x5000080 fsleep syz-executor 20588 407513 58653 0 2 0 syz-executor 20588 101543 58653 0 3 0x4000080 ttyin syz-executor 20588 362507 58653 0 3 0x4000080 fsleep syz-executor 20588 499658 58653 0 2 0x4000000 syz-executor 75798 38369 62162 0 2 0 syz-executor 75798 405666 62162 0 3 0x4000080 fsleep syz-executor 51948 388382 42337 0 2 0 syz-executor 51948 269831 42337 0 2 0x4000000 syz-executor 51948 479296 42337 0 2 0x4000000 syz-executor 33892 205805 59828 0 2 0x10 syz-executor 33892 409371 59828 0 3 0x4000090 fifor syz-executor 33892 185996 59828 0 3 0x4000090 fifor syz-executor 33892 146239 59828 0 3 0x4000090 fsleep syz-executor 50186 91287 0 0 3 0x14280 nfsidl nfsio 57588 379466 0 0 3 0x14280 nfsidl nfsio 86651 343284 0 0 3 0x14280 nfsidl nfsio 84903 459756 0 0 3 0x14280 nfsidl nfsio 51254 461122 0 0 3 0x14280 nfsidl nfsio 8543 473226 0 0 3 0x14280 nfsidl nfsio 4341 93276 0 0 3 0x14280 nfsidl nfsio 52637 466622 0 0 3 0x14280 nfsidl nfsio 63297 17671 0 0 3 0x14280 nfsidl nfsio 45130 7659 0 0 3 0x14280 nfsidl nfsio 50303 84922 0 0 3 0x14280 nfsidl nfsio 31437 374012 0 0 3 0x14280 nfsidl nfsio 41644 438613 0 0 3 0x14280 nfsidl nfsio 31124 481208 0 0 3 0x14280 nfsidl nfsio 73192 281406 0 0 3 0x14280 nfsidl nfsio 19679 517386 0 0 3 0x14280 nfsidl nfsio 67319 119122 0 0 3 0x14280 nfsidl nfsio 81891 60685 0 0 3 0x14280 nfsidl nfsio 20528 220789 0 0 3 0x14280 nfsidl nfsio 73355 385088 0 0 3 0x14280 nfsidl nfsio 62162 382773 65199 0 3 0x82 nanoslp syz-executor 42337 317881 65199 0 3 0x82 nanoslp syz-executor 24498 326589 0 0 3 0x14200 bored sosplice 56599 282166 65199 0 3 0x82 nanoslp syz-executor 58653 328410 65199 0 3 0x82 nanoslp syz-executor 23254 19219 65199 0 3 0x82 nanoslp syz-executor 59828 497734 65199 0 3 0x82 nanoslp syz-executor 83112 332822 65199 0 3 0x82 nanoslp syz-executor 41099 161130 65199 0 3 0x82 nanoslp syz-executor 65199 371879 66447 0 3 0x82 kqread syz-executor 66447 425967 32412 0 3 0x10008a sigsusp ksh 32412 153185 1785 0 3 0x98 kqread sshd-session 1785 287106 47383 0 3 0x92 kqread sshd-session 56172 260728 1 0 3 0x100083 ttyin getty 47383 252982 1 0 3 0x88 kqread sshd 39997 105532 56274 73 3 0x1100090 kqread syslogd 56274 136280 1 0 3 0x100082 sbwait syslogd 88244 179622 1 0 3 0x100080 kqread resolvd 97031 247941 75184 77 3 0x100092 kqread dhcpleased 8559 96310 75184 77 3 0x100092 kqread dhcpleased 75184 129583 1 0 3 0x80 kqread dhcpleased 49063 374511 0 0 3 0x14200 bored smr 7599 453691 0 0 2 0x14200 zerothread 17253 2328 0 0 3 0x14200 aiodoned aiodoned 91778 321929 0 0 3 0x14200 syncer update 61011 108588 0 0 3 0x14200 cleaner cleaner 67082 392768 0 0 3 0x14200 reaper reaper 36326 205812 0 0 3 0x14200 pgdaemon pagedaemon 4828 99941 0 0 3 0x14200 bored viomb 23512 72422 0 0 3 0x40014200 acpi0 acpi0 19973 58358 0 0 3 0x14200 bored softnet0 21036 293501 0 0 3 0x14200 bored systqmp 56291 482380 0 0 3 0x14200 bored systq 51992 11150 0 0 3 0x40014200 tmoslp softclock 51342 123639 0 0 3 0x40014200 idle0 1 480504 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10186 11133K 11409K 166960K 12113 0 pcb 18 15K 16K 166960K 183 0 rtable 177 7K 7K 166960K 385 0 pf 31 13K 14K 166960K 101 0 ifaddr 38 6K 8K 166960K 90 0 ifgroup 50 2K 2K 166960K 131 0 sysctl 3 1K 9K 166960K 13 0 counters 32 17K 18K 166960K 76 0 ioctlops 0 0K 4K 166960K 127 0 iov 0 0K 12K 166960K 141 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1402 88K 89K 166960K 2078 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 15 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 99 0 dirhash 12 2K 2K 166960K 24 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 106K 166960K 824 0 sigio 0 0K 0K 166960K 11 0 proc 63 67K 124K 166960K 576 0 subproc 72 4K 4K 166960K 90 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 103 0 in_multi 77 5K 7K 166960K 155 0 ether_multi 1 0K 0K 166960K 9 0 mrt 0 0K 0K 166960K 5 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 91 413K 413K 166960K 91 0 exec 0 0K 1K 166960K 476 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 234 151K 170K 166960K 8978 0 UVM aobj 23 6K 6K 166960K 25 0 pinsyscall 39 78K 96K 166960K 1906 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 45 0 NDP 11 0K 1K 166960K 59 0 temp 75 8648K 8712K 166960K 33959 0 kqueue 14 22K 33K 166960K 180 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 79 0 76 1 0 1 1 0 8 0 rtentry 136 135 0 65 4 0 4 4 0 8 0 unpcb 144 358 0 339 3 1 2 2 0 8 1 syncache 336 4 0 4 1 1 0 1 0 8 0 tcpqe 32 1 0 1 1 1 0 1 0 8 0 tcpcb 736 235 0 227 4 0 4 4 0 8 3 arp 96 16 0 5 1 0 1 1 0 8 0 ipq 40 3 0 0 1 0 1 1 0 8 0 ipqe 40 36 0 33 1 0 1 1 0 8 0 inpcb 328 681 0 666 13 6 7 7 0 8 5 ip6q 72 1 0 0 1 0 1 1 0 8 0 ip6af 40 1 0 0 1 0 1 1 0 8 0 nd6 112 23 0 10 1 0 1 1 0 8 0 pkpcb 40 7 0 7 2 1 1 1 0 8 1 kcovpl 48 10 0 2 1 0 1 1 0 8 0 mppekey 1024 3 0 3 1 1 0 1 0 8 0 ppxss 1072 34 0 34 2 1 1 1 0 8 1 pppxif 1384 4 0 4 2 1 1 1 0 8 1 pfrule 1344 2 0 2 1 1 0 1 0 8 0 rttmr 136 2 0 2 2 1 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 611 0 284 30 0 30 30 0 8 7 art_table 40 612 0 284 5 0 5 5 0 8 0 art_node 32 134 0 76 1 0 1 1 0 8 0 sysvmsgpl 40 13 0 9 2 1 1 1 0 8 0 semupl 112 2 0 2 1 0 1 1 0 8 1 semapl 112 30 0 20 1 0 1 1 0 8 0 shmpl 112 22 0 2 1 0 1 1 0 8 0 dirhash 1024 25 0 8 3 0 3 3 0 8 0 dino2pl 256 2899 0 1394 95 0 95 95 0 8 0 ffsino 256 2900 0 1394 95 0 95 95 0 8 0 nchpl 144 4055 0 2362 63 0 63 63 0 8 0 rtmask 32 6 0 6 2 1 1 1 0 8 1 uvmvnodes 80 3378 0 0 69 0 69 69 0 8 0 vnodes 216 3378 0 0 188 0 188 188 0 8 0 namei 1024 13712 0 13710 3 2 1 2 0 8 0 kstatmem 264 78 0 56 2 0 2 2 0 8 0 scsiplug 72 5 0 5 2 1 1 1 0 8 1 scxspl 216 17482 0 17482 15 7 8 8 1 8 8 plimitpl 152 294 0 277 1 0 1 1 0 8 0 sigapl 424 1115 0 1051 8 0 8 8 0 8 0 knotepl 120 45814 0 45763 25 15 10 17 0 8 8 kqueuepl 184 266 0 254 2 0 2 2 0 8 1 pipepl 304 227 0 200 3 0 3 3 0 8 0 fdescpl 448 1078 0 1048 5 1 4 5 0 8 0 filepl 120 6248 0 6019 13 2 11 11 0 8 2 lockfpl 104 455 0 449 2 0 2 2 0 8 1 lockfspl 48 198 0 192 1 0 1 1 0 8 0 sessionpl 144 24 0 16 1 0 1 1 0 8 0 pgrppl 48 41 0 25 1 0 1 1 0 8 0 ucredpl 104 1227 0 1214 1 0 1 1 0 8 0 zombiepl 144 1371 0 1368 2 1 1 1 0 8 0 processpl 1152 1115 0 1051 5 0 5 5 0 8 0 procpl 664 2245 0 2164 8 1 7 7 0 8 0 sosppl 168 1 0 1 1 1 0 1 0 8 0 sockpl 552 1146 0 1109 12 4 8 8 0 8 5 mcl64k 65536 58 0 58 3 2 1 1 0 8 1 mcl16k 16384 1 0 1 1 0 1 1 0 8 1 mcl12k 12288 1 0 1 1 0 1 1 0 8 1 mcl9k 9216 2 0 2 1 1 0 1 0 8 0 mcl8k 8192 19 0 19 3 2 1 1 0 8 1 mcl4k 4096 3358 0 3306 15 7 8 13 0 8 1 mcl2k2 2112 1 0 1 1 0 1 1 0 8 1 mcl2k 2048 1083 0 1078 9 1 8 9 0 8 7 mtagpl 96 10 0 7 1 0 1 1 0 8 0 mbufpl 256 11360 0 11192 45 22 23 40 0 8 7 bufpl 280 7669 0 1441 446 0 446 446 0 8 0 anonpl 24 185585 0 181884 70 22 48 48 0 187 15 amapchunkpl 152 30503 0 29987 51 14 37 37 0 158 14 amappl16 200 3872 0 3837 41 30 11 15 0 8 8 amappl15 192 6 0 6 1 1 0 1 0 8 0 amappl14 184 113 0 103 1 0 1 1 0 8 0 amappl13 176 2 0 2 1 1 0 1 0 8 0 amappl12 168 1722 0 1692 3 1 2 3 0 8 0 amappl11 160 45 0 35 1 0 1 1 0 8 0 amappl10 152 9 0 9 1 1 0 1 0 8 0 amappl9 144 248 0 248 1 1 0 1 0 8 0 amappl8 136 20 0 18 1 0 1 1 0 8 0 amappl7 128 105 0 95 1 0 1 1 0 8 0 amappl6 120 199 0 195 1 0 1 1 0 8 0 amappl5 112 117 0 110 1 0 1 1 0 8 0 amappl4 104 272 0 255 1 0 1 1 0 8 0 amappl3 96 5083 0 4989 3 0 3 3 0 8 0 amappl2 88 1318 0 1246 2 0 2 2 0 8 0 amappl1 80 11078 0 10516 14 0 14 14 0 8 0 amappl 88 8171 0 7999 6 1 5 5 0 92 0 dma4096 4096 2 0 2 2 1 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 256 0 256 2 1 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 24 0 2 1 0 1 1 0 8 0 uaddrrnd 24 1078 0 1048 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1078 0 1048 1 0 1 1 0 8 0 vmmpekpl 168 9851 0 9798 3 0 3 3 0 8 0 vmmpepl 168 73137 0 71205 106 10 96 96 0 357 10 vmsppl 368 1077 0 1048 4 1 3 4 0 8 0 rwobjpl 40 24979 0 20715 45 1 44 44 0 8 0 pdppl 4096 2162 0 2096 114 48 66 82 0 8 0 pvpl 32 490283 0 481204 152 37 115 119 0 265 26 pmappl 216 1077 0 1048 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 436 0 90 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace malloc(10,62,2) at malloc+0x7cf sys/kern/kern_malloc.c:290 amap_alloc1(20,2,0) at amap_alloc1+0x291 sys/uvm/uvm_amap.c:353 amap_alloc(20000,2,0) at amap_alloc+0xad sys/uvm/uvm_amap.c:-1 amap_copy(fffffd80635d1e78,fffffd805dc27c30,2,0,5222a7d0000,5222a7d0001) at amap_copy+0x6ac sys/uvm/uvm_amap.c:569 uvm_fault_check(ffff80003118f5f0,ffff80003118f628,ffff80003118f660,0) at uvm_fault_check+0x457 sys/uvm/uvm_fault.c:753 uvm_fault(fffffd80635d1e78,5222a7d0000,0,2) at uvm_fault+0xe6 sys/uvm/uvm_fault.c:633 upageflttrap(ffff80003118f780,5222a7d0088) at upageflttrap+0xa0 sys/arch/amd64/amd64/trap.c:192 usertrap(ffff80003118f780) at usertrap+0x3aa sys/arch/amd64/amd64/trap.c:603 recall_trap() at recall_trap+0x8 end trace frame: 0x0, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace malloc(10,62,2) at malloc+0x7cf sys/kern/kern_malloc.c:290 amap_alloc1(20,2,0) at amap_alloc1+0x291 sys/uvm/uvm_amap.c:353 amap_alloc(20000,2,0) at amap_alloc+0xad sys/uvm/uvm_amap.c:-1 amap_copy(fffffd80635d1e78,fffffd805dc27c30,2,0,5222a7d0000,5222a7d0001) at amap_copy+0x6ac sys/uvm/uvm_amap.c:569 uvm_fault_check(ffff80003118f5f0,ffff80003118f628,ffff80003118f660,0) at uvm_fault_check+0x457 sys/uvm/uvm_fault.c:753 uvm_fault(fffffd80635d1e78,5222a7d0000,0,2) at uvm_fault+0xe6 sys/uvm/uvm_fault.c:633 upageflttrap(ffff80003118f780,5222a7d0088) at upageflttrap+0xa0 sys/arch/amd64/amd64/trap.c:192 usertrap(ffff80003118f780) at usertrap+0x3aa sys/arch/amd64/amd64/trap.c:603 recall_trap() at recall_trap+0x8 end trace frame: 0x0, count: -9