uvm_fault(0xffffffff82522058, 0xffff800000b1343c, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at amap_pp_adjref+0x2ec: movl 0(%r15,%rax,4),%r14d
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xffffffff82522058, 0xffff800000b1343c, 0, 1) -> e
amap_pp_adjref(fffffd802a53e418,1f0,fea,1) at amap_pp_adjref+0x2ec pp_getreflen sys/uvm/uvm_amap.c:203 [inline]
amap_pp_adjref(fffffd802a53e418,1f0,fea,1) at amap_pp_adjref+0x2ec sys/uvm/uvm_amap.c:832
end trace frame: 0xffff80001593b8f0, count: 0
ddb> trace
amap_pp_adjref(fffffd802a53e418,1f0,fea,1) at amap_pp_adjref+0x2ec pp_getreflen sys/uvm/uvm_amap.c:203 [inline]
amap_pp_adjref(fffffd802a53e418,1f0,fea,1) at amap_pp_adjref+0x2ec sys/uvm/uvm_amap.c:832
uvm_mapent_clone(ffff800000aeb600,0,fea000,1f0000,7,7) at uvm_mapent_clone+0x14c sys/uvm/uvm_map.c:3729
uvm_share(ffff800000aeb600,0,7,fffffd803f014990,20200000,80000000) at uvm_share+0x4b4 uvm_mapent_share sys/uvm/uvm_map.c:3763 [inline]
uvm_share(ffff800000aeb600,0,7,fffffd803f014990,20200000,80000000) at uvm_share+0x4b4 sys/uvm/uvm_map.c:3664
vm_impl_init_vmx(ffff8000148ff6b0,ffff8000ffff84f8) at vm_impl_init_vmx+0xf1 sys/arch/amd64/amd64/vmm.c:1270
vm_create(ffff800000a74000,ffff8000ffff84f8) at vm_create+0x193 vm_impl_init sys/arch/amd64/amd64/vmm.c:1385 [inline]
vm_create(ffff800000a74000,ffff8000ffff84f8) at vm_create+0x193 sys/arch/amd64/amd64/vmm.c:1174
VOP_IOCTL(fffffd80360f0820,c5005601,ffff800000a74000,1,fffffd803f7c6ba0,ffff8000ffff84f8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291
vn_ioctl(fffffd803622a2d8,c5005601,ffff800000a74000,ffff8000ffff84f8) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:524
sys_ioctl(ffff8000ffff84f8,ffff80001593bd98,ffff80001593bde0) at sys_ioctl+0x5b9
syscall(ffff80001593be60) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff59,0,3,82b51ed1010) at Xsyscall+0x128
end of kernel
end trace frame: 0x82e283baa20, count: -10
ddb> show registers
rdi 0xffffffff82061635 amap_pp_adjref+0x2e5
rsi 0x38e
rbp 0xffff80001593b860
rbx 0x11f
rdx 0x38f
rcx 0xffff800015965000
rax 0x110f __ALIGN_SIZE+0x10f
r8 0
r9 0x7
r10 0xffff800000a64980
r11 0x131bffdf22b39d91
r12 0x110f __ALIGN_SIZE+0x10f
r13 0x11da __ALIGN_SIZE+0x1da
r14 0
r15 0xffff800000b0f000
rip 0xffffffff8206163c amap_pp_adjref+0x2ec
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80001593b7a0
ss 0x10
amap_pp_adjref+0x2ec: movl 0(%r15,%rax,4),%r14d
ddb> show proc
PROC (syz-executor.0) pid=88567 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=82, usrpri=82, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff89e8,0xffffffff8256b218
process=0xffff8000ffff6010 user=0xffff800015936000, vmspace=0xfffffd803f014990
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
19999 180729 58184 0 2 0 syz-executor.0
*19999 88567 58184 0 7 0x4000000 syz-executor.0
36949 331322 80787 0 2 0x2 syz-executor.1
58184 479441 80787 0 2 0x482 syz-executor.0
36691 110472 1 0 3 0x100083 ttyin getty
68240 84826 0 0 3 0x14200 bored sosplice
80787 336958 74986 0 3 0x82 thrsleep syz-fuzzer
80787 397640 74986 0 3 0x4000082 nanosleep syz-fuzzer
80787 470464 74986 0 3 0x4000082 thrsleep syz-fuzzer
80787 119854 74986 0 3 0x4000082 kqread syz-fuzzer
80787 438407 74986 0 3 0x4000082 thrsleep syz-fuzzer
80787 142128 74986 0 3 0x4000082 thrsleep syz-fuzzer
80787 52148 74986 0 3 0x4000082 thrsleep syz-fuzzer
80787 113688 74986 0 3 0x4000082 thrsleep syz-fuzzer
74986 21483 65943 0 3 0x10008a pause ksh
65943 347103 89373 0 3 0x92 select sshd
89373 77227 1 0 3 0x80 select sshd
64983 129203 90207 73 2 0x100010 syslogd
90207 401380 1 0 3 0x100082 netio syslogd
50267 92570 1 77 3 0x100090 poll dhclient
84909 493240 1 0 3 0x80 poll dhclient
91798 308835 0 0 2 0x14200 zerothread
10769 181897 0 0 3 0x14200 aiodoned aiodoned
97549 486452 0 0 3 0x14200 syncer update
91471 521163 0 0 3 0x14200 cleaner cleaner
8250 206466 0 0 3 0x14200 reaper reaper
64170 107997 0 0 3 0x14200 pgdaemon pagedaemon
81431 386712 0 0 3 0x14200 bored crynlk
72196 472747 0 0 3 0x14200 bored crypto
25316 447694 0 0 3 0x40014200 acpi0 acpi0
6915 257884 0 0 3 0x14200 bored softnet
72148 44423 0 0 3 0x14200 bored systqmp
65580 114661 0 0 3 0x14200 bored systq
12437 48384 0 0 3 0x40014200 bored softclock
98176 74810 0 0 3 0x40014200 idle0
25322 45702 0 0 3 0x14200 bored smr
1 24067 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9586 7022K 7666K 78643K 17788 0 0
pcb 13 10K 12K 78643K 598 0 0
rtable 114 12K 13K 78643K 1989 0 0
ifaddr 89 19K 22K 78643K 554 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 1 2K 2K 78643K 203 0 0
iov 0 0K 32K 78643K 620 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1214 76K 77K 78643K 4152 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 28 0 0
VM map 3 0K 0K 78643K 66 0 0
sem 12 1K 1K 78643K 15 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 5 13K 25K 78643K 3081 0 0
sigio 0 0K 0K 78643K 54 0 0
proc 49 38K 63K 78643K 1403 0 0
subproc 32 2K 2K 78643K 325 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 191 0 0
in_multi 25 1K 2K 78643K 336 0 0
ether_multi 1 0K 0K 78643K 27 0 0
mrt 0 0K 0K 78643K 17 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 108 477K 477K 78643K 108 0 0
exec 0 0K 1K 78643K 734 0 0
pfkey data 0 0K 0K 78643K 2 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 114 38K 40K 78643K 9271 0 0
UVM aobj 130 6K 6K 78643K 144 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 640 0 0
NDP 22 0K 1K 78643K 171 0 0
temp 240 3541K 4189K 78643K 114926 0 0
kqueue 0 0K 0K 78643K 14 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 76 0 71 1 0 1 1 0 8 0
rtpcb 80 306 0 304 1 0 1 1 0 8 0
rtentry 112 366 0 328 2 0 2 2 0 8 0
unpcb 120 1167 0 1158 1 0 1 1 0 8 0
syncache 264 23 0 23 8 8 0 1 0 8 0
sackhl 24 2 0 2 1 1 0 1 0 8 0
tcpqe 32 6019 0 6019 4 4 0 1 0 8 0
tcpcb 544 1626 0 1622 44 43 1 15 0 8 0
ipq 40 22 0 22 8 8 0 1 0 8 0
ipqe 40 277 0 277 8 8 0 1 0 8 0
inpcb 280 3674 0 3667 39 38 1 9 0 8 0
rttmr 72 5 0 4 4 3 1 1 0 8 0
nd6 48 41 0 39 3 2 1 1 0 8 0
pkpcb 40 18 0 18 8 8 0 1 0 8 0
swfcl 56 4 0 0 1 0 1 1 0 8 0
ppxss 1128 73 0 73 18 17 1 1 0 8 1
art_heap8 4096 26 0 24 16 14 2 3 0 8 0
art_heap4 256 1484 0 1280 31 17 14 18 0 8 0
art_table 32 1510 0 1304 3 0 3 3 0 8 0
art_node 16 359 0 324 1 0 1 1 0 8 0
sysvmsgpl 40 34 0 24 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 11 0 1 1 0 1 1 0 8 0
shmpl 112 142 0 14 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 6417 0 5026 46 0 46 46 0 8 0
ffsino 240 6417 0 5026 83 0 83 83 0 8 0
nchpl 144 10850 0 9248 60 0 60 60 0 8 0
uvmvnodes 72 7390 0 0 135 0 135 135 0 8 0
vnodes 208 7390 0 0 389 0 389 389 0 8 0
namei 1024 41015 0 41015 7 6 1 1 0 8 1
vmpool 520 64 0 63 12 11 1 1 0 8 0
scsiplug 64 6 0 6 4 4 0 1 0 8 0
scxspl 192 52857 0 52857 30 29 1 7 0 8 1
plimitpl 152 316 0 309 1 0 1 1 0 8 0
sigapl 432 3203 0 3190 2 0 2 2 0 8 0
futexpl 56 82039 0 82039 6 5 1 1 0 8 1
knotepl 112 885 0 866 6 4 2 3 0 8 1
kqueuepl 104 1792 0 1790 10 9 1 4 0 8 0
pipepl 112 1844 0 1825 13 12 1 2 0 8 0
fdescpl 424 3204 0 3190 2 0 2 2 0 8 0
filepl 120 27511 0 27413 33 28 5 11 0 8 1
lockfpl 104 1239 0 1238 1 0 1 1 0 8 0
lockfspl 48 415 0 414 1 0 1 1 0 8 0
sessionpl 112 36 0 26 1 0 1 1 0 8 0
pgrppl 48 66 0 56 1 0 1 1 0 8 0
ucredpl 96 7763 0 7756 1 0 1 1 0 8 0
zombiepl 144 3191 0 3191 3 2 1 1 0 8 1
processpl 864 3220 0 3191 4 0 4 4 0 8 0
procpl 632 7631 0 7594 8 4 4 5 0 8 0
sosppl 128 57 0 57 14 14 0 1 0 8 0
sockpl 384 5187 0 5169 49 45 4 14 0 8 1
mcl64k 65536 754 0 754 69 68 1 33 0 8 1
mcl16k 16384 40 0 40 15 15 0 1 0 8 0
mcl12k 12288 69 0 69 18 17 1 1 0 8 1
mcl9k 9216 45 0 45 18 18 0 1 0 8 0
mcl8k 8192 135 0 135 13 12 1 1 0 8 1
mcl4k 4096 364 0 364 6 5 1 1 0 8 1
mcl2k2 2112 27 0 27 17 17 0 1 0 8 0
mcl2k 2048 63833 0 63787 27 20 7 18 0 8 0
mtagpl 80 163 0 163 4 3 1 1 0 8 1
mbufpl 256 134466 0 134391 149 140 9 36 0 8 1
bufpl 256 21009 0 13353 481 2 479 480 0 8 0
anonpl 16 432588 0 416263 213 136 77 89 0 62 2
amapchunkpl 152 20353 0 20239 90 84 6 19 0 158 1
amappl16 192 19606 0 18637 211 154 57 61 0 8 8
amappl15 184 1346 0 1343 3 2 1 1 0 8 0
amappl14 176 725 0 720 2 1 1 1 0 8 0
amappl13 168 359 0 359 2 2 0 1 0 8 0
amappl12 160 497 0 497 6 6 0 1 0 8 0
amappl11 152 130 0 119 1 0 1 1 0 8 0
amappl10 144 86 0 85 1 0 1 1 0 8 0
amappl9 136 1061 0 1055 1 0 1 1 0 8 0
amappl8 128 591 0 559 3 1 2 2 0 8 0
amappl7 120 181 0 174 1 0 1 1 0 8 0
amappl6 112 124 0 113 1 0 1 1 0 8 0
amappl5 104 785 0 776 1 0 1 1 0 8 0
amappl4 96 3175 0 3145 1 0 1 1 0 8 0
amappl3 88 968 0 963 1 0 1 1 0 8 0
amappl2 80 25061 0 24995 4 2 2 3 0 8 0
amappl1 72 70036 0 69633 28 19 9 20 0 8 0
amappl 80 8192 0 8153 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 17 0 17 1 1 0 1 0 8 0
aobjpl 64 143 0 14 3 0 3 3 0 8 0
uaddrrnd 24 3268 0 3190 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 3268 0 3190 1 0 1 1 0 8 0
vmmpekpl 168 25171 0 25143 2 0 2 2 0 8 0
vmmpepl 168 400229 0 398209 407 282 125 131 0 357 30
vmsppl 272 3203 0 3190 9 8 1 2 0 8 0
pdppl 4096 6542 0 6506 6 1 5 6 0 8 0
pvpl 32 1295443 0 1275965 583 347 236 315 0 265 61
pmappl 200 3267 0 3253 1 0 1 1 0 8 0
extentpl 40 41 0 26 1 0 1 1 0 8 0
phpool 112 961 0 353 20 0 20 20 0 8 0