uvm_fault(0xfffffd800b0637a0, 0x7f8628f4cb80, 0, 2) -> e
kernel: page fault trap, code=2
Stopped at pmap_page_remove+0x45d: xchgq %rax,0(%r14,%rcx,1)
TID PID UID PRFLAGS PFLAGS CPU COMMAND
pmap_page_remove(fffffd80091a5190) at pmap_page_remove+0x45d _atomic_swap_64 sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:117 [inline]
pmap_page_remove(fffffd80091a5190) at pmap_page_remove+0x45d sys/arch/amd64/amd64/pmap.c:2014
uvm_anfree(fffffd806b408ec0) at uvm_anfree+0xd8 sys/uvm/uvm_anon.c:111
amap_wipeout(fffffd806ecb0e78) at amap_wipeout+0x246 sys/uvm/uvm_amap.c:-1
uvm_unmap_detach(ffff80002a382a20,0) at uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
uvm_map_teardown(fffffd800b0637a0) at uvm_map_teardown+0x360 sys/uvm/uvm_map.c:2530
exit1(ffff8000fffefa08,43,0,1) at exit1+0x6fc sys/kern/kern_exit.c:260
sys_exit(ffff8000fffefa08,ffff80002a382bf0,ffff80002a382b40) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a382bf0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a382bf0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x76fadc37e420, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: uvm_fault(0xfffffd800b0637a0, 0x7f8628f4cb80, 0, 2) -> e
ddb{0}> trace
pmap_page_remove(fffffd80091a5190) at pmap_page_remove+0x45d _atomic_swap_64 sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:117 [inline]
pmap_page_remove(fffffd80091a5190) at pmap_page_remove+0x45d sys/arch/amd64/amd64/pmap.c:2014
uvm_anfree(fffffd806b408ec0) at uvm_anfree+0xd8 sys/uvm/uvm_anon.c:111
amap_wipeout(fffffd806ecb0e78) at amap_wipeout+0x246 sys/uvm/uvm_amap.c:-1
uvm_unmap_detach(ffff80002a382a20,0) at uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
uvm_map_teardown(fffffd800b0637a0) at uvm_map_teardown+0x360 sys/uvm/uvm_map.c:2530
exit1(ffff8000fffefa08,43,0,1) at exit1+0x6fc sys/kern/kern_exit.c:260
sys_exit(ffff8000fffefa08,ffff80002a382bf0,ffff80002a382b40) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a382bf0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a382bf0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x76fadc37e420, count: -9
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80002a382920
rbx 0xfffffd806d92b788
rdx 0
rcx 0x7f8000000000
rax 0
r8 0x76fadc37e000
r9 0
r10 0x7a5162efe62bfcc9
r11 0xc849eb22f1354baa
r12 0
r13 0x80000000717a4001
r14 0x628f4cb80
r15 0xfffffd80091a51f8
rip 0xffffffff825096cd pmap_page_remove+0x45d
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002a3828a0
ss 0x10
pmap_page_remove+0x45d: xchgq %rax,0(%r14,%rcx,1)
ddb{0}> show proc
PROC (syz-executor) tid=456408 pid=93730 tcnt=0 stat=onproc
flags process=a<EXEC,EXITING> proc=2000<WEXIT>
runpri=50, usrpri=86, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=1
forw=0xffffffffffffffff, list=0xffff8000ffffd760,0xffff8000363dfa20
process=0xffff8000ffff5818 user=0xffff80002a37d000, vmspace=0xfffffd800b0637a0
estcpu=36, cpticks=77, pctcpu=0.7, user=0, sys=2, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
60370 424014 9172 0 2 0 syz-executor
60370 505497 9172 0 3 0x4000080 fsleep syz-executor
73431 308428 27673 0 2 0 syz-executor
73431 106005 27673 0 3 0x4000080 fsleep syz-executor
73431 398834 27673 0 3 0x4000080 fsleep syz-executor
28115 384604 53640 0 2 0x10 syz-executor
28115 349738 53640 0 3 0x4000090 kqread syz-executor
28115 477433 53640 0 3 0x4000090 ttyout syz-executor
28115 267140 53640 0 3 0x4000090 fsleep syz-executor
9172 423928 15610 0 3 0x82 nanoslp syz-executor
27882 210092 15610 0 3 0x82 wait syz-executor
3914 276310 1 0 3 0x100083 ttyin getty
3653 117546 15610 0 3 0x82 wait syz-executor
6467 236994 15610 0 3 0x82 wait syz-executor
56806 178734 0 0 3 0x14280 nfsidl nfsio
75834 494385 0 0 3 0x14280 nfsidl nfsio
3138 90878 0 0 3 0x14280 nfsidl nfsio
56375 141411 0 0 3 0x14280 nfsidl nfsio
36704 52640 0 0 3 0x14280 nfsidl nfsio
40498 211088 0 0 3 0x14280 nfsidl nfsio
83371 521057 0 0 3 0x14280 nfsidl nfsio
66775 83843 0 0 3 0x14280 nfsidl nfsio
40170 121155 0 0 3 0x14280 nfsidl nfsio
79697 510441 0 0 3 0x14280 nfsidl nfsio
30689 351818 0 0 3 0x14280 nfsidl nfsio
82701 472385 0 0 3 0x14280 nfsidl nfsio
11116 140355 0 0 3 0x14280 nfsidl nfsio
88732 169038 0 0 3 0x14280 nfsidl nfsio
12860 482168 0 0 3 0x14280 nfsidl nfsio
59922 443925 0 0 3 0x14280 nfsidl nfsio
48152 367941 0 0 3 0x14280 nfsidl nfsio
20507 181044 0 0 3 0x14280 nfsidl nfsio
17181 199116 0 0 3 0x14280 nfsidl nfsio
18805 103635 0 0 3 0x14280 nfsidl nfsio
75779 246849 44619 0 3 0x100082 sbwait ndp
44619 302940 1 0 3 0x10008a sigsusp sh
76411 398750 15610 0 3 0x82 wait syz-executor
27673 285393 15610 0 3 0x82 nanoslp syz-executor
53640 141951 15610 0 3 0x82 nanoslp syz-executor
15610 266917 25588 0 2 0x2 syz-executor
25588 18462 30481 0 3 0x10008a sigsusp ksh
30481 454949 30127 0 3 0x98 kqread sshd-session
30127 24840 44475 0 3 0x92 kqread sshd-session
44475 118818 1 0 3 0x88 kqread sshd
45092 235445 9321 74 3 0x1100092 bpf pflogd
9321 430703 1 0 3 0x80 sbwait pflogd
74880 505441 50866 73 3 0x1100090 kqread syslogd
50866 212439 1 0 3 0x100082 sbwait syslogd
16775 138625 1 0 3 0x100080 kqread resolvd
87149 54089 72566 77 3 0x100092 kqread dhcpleased
83925 60083 72566 77 3 0x100092 kqread dhcpleased
72566 328715 1 0 3 0x80 kqread dhcpleased
19968 441730 0 0 3 0x14200 bored smr
84274 420763 0 0 2 0x14200 zerothread
23143 475450 0 0 3 0x14200 aiodoned aiodoned
11840 123798 0 0 3 0x14200 syncer update
67361 152377 0 0 3 0x14200 cleaner cleaner
29465 510213 0 0 3 0x14200 reaper reaper
40740 287837 0 0 3 0x14200 pgdaemon pagedaemon
25241 357106 0 0 3 0x14200 bored viomb
88049 501174 0 0 3 0x40014200 acpi0 acpi0
79586 195353 0 0 7 0x40014200 idle1
16159 494029 0 0 3 0x14200 bored softnet1
16079 361007 0 0 3 0x14200 bored softnet0
51156 372077 0 0 3 0x14200 bored systqmp
37063 232727 0 0 3 0x14200 bored systq
64264 273523 0 0 3 0x14200 tmoslp softclockmp
90356 75104 0 0 3 0x40014200 tmoslp softclock
7043 230644 0 0 3 0x40014200 idle0
1 489975 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd806c86f210)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 pmap_page_remove+0xca rcr3 sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:139 [inline]
#2 pmap_page_remove+0xca pmap_map_ptes sys/arch/amd64/amd64/pmap.c:437 [inline]
#2 pmap_page_remove+0xca sys/arch/amd64/amd64/pmap.c:1974
#3 uvm_anfree+0xd8 sys/uvm/uvm_anon.c:111
#4 amap_wipeout+0x246 sys/uvm/uvm_amap.c:-1
#5 uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
#6 uvm_map_teardown+0x360 sys/uvm/uvm_map.c:2530
#7 exit1+0x6fc sys/kern/kern_exit.c:260
#8 sys_exit+0x1a sys/kern/kern_exit.c:-1
#9 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#9 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
#10 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11086 12092K 13657K 166960K 14966 0
pcb 17 17K 22K 166960K 382 0
rtable 203 10K 12K 166960K 668 0
pf 33 17K 82K 166960K 177 0
ifaddr 32 5K 8K 166960K 121 0
ifgroup 52 2K 2K 166960K 204 0
sysctl 4 1K 9K 166960K 17 0
counters 66 36K 38K 166960K 278 0
ioctlops 0 0K 4K 166960K 1789 0
iov 0 0K 20K 166960K 58 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1410 89K 89K 166960K 2785 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 3 5K 9K 166960K 22 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 43 0
dirhash 12 2K 3K 166960K 54 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 244K 166960K 1619 0
sigio 0 0K 0K 166960K 98 0
proc 73 115K 164K 166960K 855 0
subproc 72 4K 5K 166960K 119 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 343 0
in_multi 63 4K 7K 166960K 223 0
ether_multi 1 0K 0K 166960K 24 0
mrt 0 0K 0K 166960K 19 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 247 1102K 1102K 166960K 247 0
exec 0 0K 1K 166960K 619 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 273 171K 188K 166960K 16472 0
UVM aobj 116 12K 12K 166960K 126 0
pinsyscall 44 88K 104K 166960K 2843 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 2 0K 1K 166960K 105 0
NDP 10 0K 2K 166960K 90 0
temp 81 8680K 8804K 166960K 68146 0
kqueue 13 20K 32K 166960K 282 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 229 0 225 3 2 1 3 0 8 0
rtentry 176 200 0 123 6 0 6 6 0 8 0
unpcb 144 1353 0 1330 16 13 3 8 0 8 2
syncache 336 5 0 5 1 1 0 1 0 8 0
tcpcb 736 414 0 409 7 0 7 7 0 8 6
arp 136 32 0 17 1 0 1 1 0 8 0
inpcb 328 1690 0 1678 23 16 7 12 0 8 6
nd6 152 43 0 27 1 0 1 1 0 8 0
pkpcb 40 3 0 3 2 2 0 1 0 8 0
kcovpl 48 13 0 5 1 0 1 1 0 8 0
ppxss 1192 84 0 84 2 1 1 1 0 8 1
pppxif 1504 4 0 4 2 2 0 1 0 8 0
pffrag 232 14 0 3 1 0 1 1 0 482 0
pffrnode 88 14 0 3 1 0 1 1 0 8 0
pffrent 40 24 0 13 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfanchor 1288 1 0 0 1 0 1 1 0 8 0
pfstitem 24 107 0 44 1 0 1 1 0 8 0
pfstkey 128 108 0 45 3 0 3 3 0 8 0
pfstate 448 108 0 45 8 0 8 8 0 8 0
pfrule 1344 25 0 20 2 1 1 2 0 8 0
rttmr 136 3 0 3 2 2 0 1 0 8 0
art_heap8 4096 3 0 0 3 0 3 3 0 8 0
art_heap4 256 835 0 504 31 3 28 31 0 8 1
art_table 40 838 0 504 5 0 5 5 0 8 0
art_node 32 200 0 130 1 0 1 1 0 8 0
sysvmsgpl 40 16 0 13 1 0 1 1 0 8 0
semapl 112 37 0 27 1 0 1 1 0 8 0
shmpl 112 116 0 6 4 0 4 4 0 8 0
dirhash 1024 45 0 28 3 0 3 3 0 8 0
dino2pl 256 4405 0 2894 95 0 95 95 0 8 0
ffsino 296 4405 0 2894 117 0 117 117 0 8 0
nchpl 144 6472 0 4758 64 0 64 64 0 8 0
rtmask 32 13 0 13 4 4 0 1 0 8 0
vnodes 216 5208 0 0 290 0 290 290 0 8 0
namei 1024 24218 0 24218 5 3 2 2 0 8 2
percpumem 16 154 0 106 1 0 1 1 0 8 0
vcpupl 3968 4 0 1 1 0 1 1 0 8 0
vmpool 848 7 0 4 1 0 1 1 0 8 0
kstatmem 264 120 0 98 5 3 2 3 0 8 0
scsiplug 72 5 0 5 4 3 1 1 0 8 1
scxspl 216 43958 0 43958 15 14 1 8 1 8 1
plimitpl 152 583 0 564 1 0 1 1 0 8 0
sigapl 424 1894 0 1825 8 0 8 8 0 8 0
knotepl 120 546 0 0 17 0 17 17 0 8 0
kqueuepl 224 627 0 615 10 5 5 5 0 8 4
pipepl 344 294 0 263 6 3 3 6 0 8 0
fdescpl 528 1858 0 1826 3 0 3 3 0 8 0
filepl 160 12753 0 12510 23 9 14 18 0 8 1
lockfpl 104 781 0 777 2 1 1 2 0 8 0
lockfspl 48 232 0 229 1 0 1 1 0 8 0
sessionpl 144 30 0 21 1 0 1 1 0 8 0
pgrppl 48 59 0 41 1 0 1 1 0 8 0
ucredpl 104 2135 0 2120 1 0 1 1 0 8 0
zombiepl 144 2048 0 2043 1 0 1 1 0 8 0
processpl 1232 1894 0 1825 6 0 6 6 0 8 0
procpl 664 4316 0 4241 8 0 8 8 0 8 0
sosppl 176 7 0 7 2 2 0 1 0 8 0
sockpl 752 3314 0 3274 54 44 10 23 0 8 5
mcl64k 65536 18 0 0 3 0 3 3 0 8 0
mcl16k 16384 3 0 0 1 0 1 1 0 8 0
mcl12k 12288 1 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 3 0 0 1 0 1 1 0 8 0
mcl4k 4096 115 0 0 15 0 15 15 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 51 0 0 6 0 6 6 0 8 0
mtagpl 96 103 0 0 3 0 3 3 0 8 0
mbufpl 256 1153 0 0 73 0 73 73 0 8 0
bufpl 280 18156 0 12020 439 0 439 439 0 8 0
anonpl 32 12164 0 0 98 0 98 98 0 246 0
amapchunkpl 152 55657 0 54979 42 13 29 34 0 158 0
amappl16 200 7175 0 7144 54 39 15 29 0 8 5
amappl15 192 6 0 6 1 1 0 1 0 8 0
amappl14 184 6 0 6 1 1 0 1 0 8 0
amappl13 176 505 0 502 1 0 1 1 0 8 0
amappl12 168 2252 0 2208 3 0 3 3 0 8 0
amappl11 160 31 0 31 1 1 0 1 0 8 0
amappl10 152 47 0 33 1 0 1 1 0 8 0
amappl9 144 263 0 263 1 1 0 1 0 8 0
amappl8 136 31 0 28 1 0 1 1 0 8 0
amappl7 128 129 0 127 1 0 1 1 0 8 0
amappl6 120 344 0 328 1 0 1 1 0 8 0
amappl5 112 86 0 75 1 0 1 1 0 8 0
amappl4 104 461 0 427 2 1 1 2 0 8 0
amappl3 96 10906 0 10783 5 1 4 4 0 8 0
amappl2 88 596 0 533 2 0 2 2 0 8 0
amappl1 80 15853 0 15232 15 1 14 15 0 8 0
amappl 88 15435 0 15248 5 0 5 5 0 92 0
uvmvnodes 80 151 0 0 4 0 4 4 0 8 0
dma8192 8192 2 0 2 2 2 0 1 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma2048 2048 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 255 0 255 3 3 0 1 0 8 0
dma64 64 8 0 8 2 2 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 125 0 10 3 0 3 3 0 8 0
uaddrrnd 24 1858 0 1826 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1858 0 1826 1 0 1 1 0 8 0
vmmpekpl 168 15736 0 15678 3 0 3 3 0 8 0
vmmpepl 168 123287 0 121268 132 29 103 112 0 357 3
vmsppl 488 1857 0 1825 5 0 5 5 0 8 0
rwobjpl 80 35007 0 33745 38 6 32 36 0 8 0
pdppl 4096 3737 0 3661 113 33 80 83 0 8 4
pvpl 32 19502 0 0 158 1 157 157 0 265 0
pmappl 256 1864 0 1829 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 374 0 45 10 0 10 10 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
pmap_page_remove(fffffd80091a5190) at pmap_page_remove+0x45d _atomic_swap_64 sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:117 [inline]
pmap_page_remove(fffffd80091a5190) at pmap_page_remove+0x45d sys/arch/amd64/amd64/pmap.c:2014
uvm_anfree(fffffd806b408ec0) at uvm_anfree+0xd8 sys/uvm/uvm_anon.c:111
amap_wipeout(fffffd806ecb0e78) at amap_wipeout+0x246 sys/uvm/uvm_amap.c:-1
uvm_unmap_detach(ffff80002a382a20,0) at uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
uvm_map_teardown(fffffd800b0637a0) at uvm_map_teardown+0x360 sys/uvm/uvm_map.c:2530
exit1(ffff8000fffefa08,43,0,1) at exit1+0x6fc sys/kern/kern_exit.c:260
sys_exit(ffff8000fffefa08,ffff80002a382bf0,ffff80002a382b40) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a382bf0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a382bf0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x76fadc37e420, count: -9
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
acpicpu_idle() at acpicpu_idle+0x457 sys/dev/acpi/acpicpu_x86.c:1224
sched_idle(ffff8000299ddff0) at sched_idle+0x391 sys/kern/kern_sched.c:191
end trace frame: 0x0, count: 10
ddb{1}> trace
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
acpicpu_idle() at acpicpu_idle+0x457 sys/dev/acpi/acpicpu_x86.c:1224
sched_idle(ffff8000299ddff0) at sched_idle+0x391 sys/kern/kern_sched.c:191
end trace frame: 0x0, count: -5