uvm_fault(0xffffffff827b8f28, 0x7f811ad53f38, 0, 2) -> e
kernel: page fault trap, code=0
Stopped at pmap_page_remove+0x2fd: xchgq %rax,0(%r12,%rcx,1)
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xffffffff827b8f28, 0x7f811ad53f38, 0, 2) -> e
pmap_page_remove(fffffd8005228e80) at pmap_page_remove+0x2fd _atomic_swap_64 machine/atomic.h:117 [inline]
pmap_page_remove(fffffd8005228e80) at pmap_page_remove+0x2fd sys/arch/amd64/amd64/pmap.c:1946
end trace frame: 0xffff80001d694300, count: 0
ddb> trace
pmap_page_remove(fffffd8005228e80) at pmap_page_remove+0x2fd _atomic_swap_64 machine/atomic.h:117 [inline]
pmap_page_remove(fffffd8005228e80) at pmap_page_remove+0x2fd sys/arch/amd64/amd64/pmap.c:1946
uvm_anfree_list(fffffd80571b5440,ffff80001d694320) at uvm_anfree_list+0x4e sys/uvm/uvm_anon.c:104
amap_wipeout(fffffd805e7fc210) at amap_wipeout+0x171 sys/uvm/uvm_amap.c:461
uvm_unmap_detach(ffff80001d6943e0,1) at uvm_unmap_detach+0x163 sys/uvm/uvm_map.c:1586
uvm_map_teardown(fffffd806ab19000) at uvm_map_teardown+0x232 sys/uvm/uvm_map.c:2759
uvmspace_free(fffffd806ab19000) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3646
uvm_exit(ffff80001e828ef0) at uvm_exit+0x29 sys/uvm/uvm_glue.c:297
reaper(ffff8000fffff638) at reaper+0x15c sys/kern/kern_exit.c:456
end trace frame: 0x0, count: -8
ddb> show registers
rdi 0
rsi 0
rbp 0xffff80001d6942b0
rbx 0
rdx 0
rcx 0x7f8000000000
rax 0
r8 0x2362cd23000
r9 0xffffffff8188fa7c amap_unref+0xfc
r10 0x9d34c02f5b0d1abe
r11 0x9a6e1e4ad608216c
r12 0x11ad53f38
r13 0xfffffd8059501c00
r14 0x7fbfc0000000
r15 0x800000006c3b6000
rip 0xffffffff812b038d pmap_page_remove+0x2fd
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80001d694220
ss 0
pmap_page_remove+0x2fd: xchgq %rax,0(%r12,%rcx,1)
ddb> show proc
PROC (reaper) pid=469041 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
pri=4, usrpri=52, nice=20
forw=0xffffffffffffffff, list=0xffff8000fffff148,0xffff8000fffff8c0
process=0xffff8000ffffa008 user=0xffff80001d68f000, vmspace=0xffffffff827b8f28
estcpu=2, cpticks=2, pctcpu=5.14
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
86225 81250 1 0 2 0 syz-executor.0
86225 93158 1 0 2 0x4000000 syz-executor.0
39133 135369 53017 0 2 0x2 syz-executor.1
65630 162937 0 0 3 0x14200 acct acct
40320 451578 0 0 3 0x14280 nfsidl nfsio
61908 347169 0 0 3 0x14280 nfsidl nfsio
70052 224534 0 0 3 0x14280 nfsidl nfsio
11969 353772 0 0 3 0x14280 nfsidl nfsio
78032 289304 0 0 3 0x14280 nfsidl nfsio
7290 500653 0 0 3 0x14280 nfsidl nfsio
59039 393257 0 0 3 0x14280 nfsidl nfsio
90398 27638 0 0 3 0x14280 nfsidl nfsio
36476 413284 0 0 3 0x14280 nfsidl nfsio
52680 487384 0 0 3 0x14280 nfsidl nfsio
73288 195808 0 0 3 0x14280 nfsidl nfsio
52707 74320 0 0 3 0x14280 nfsidl nfsio
81332 38117 0 0 3 0x14280 nfsidl nfsio
63580 272753 0 0 3 0x14280 nfsidl nfsio
85086 200372 0 0 3 0x14280 nfsidl nfsio
86039 399471 0 0 3 0x14280 nfsidl nfsio
28306 222346 0 0 3 0x14280 nfsidl nfsio
67743 63270 0 0 3 0x14280 nfsidl nfsio
80835 378804 0 0 3 0x14280 nfsidl nfsio
3105 264857 0 0 3 0x14280 nfsidl nfsio
24603 379534 0 0 3 0x14200 bored sosplice
53017 418596 96438 0 3 0x82 thrsleep syz-fuzzer
53017 253860 96438 0 3 0x4000082 nanosleep syz-fuzzer
53017 35396 96438 0 3 0x4000082 thrsleep syz-fuzzer
53017 407575 96438 0 3 0x4000082 thrsleep syz-fuzzer
53017 96975 96438 0 3 0x4000082 thrsleep syz-fuzzer
53017 466752 96438 0 3 0x4000082 thrsleep syz-fuzzer
53017 415603 96438 0 2 0x4000002 syz-fuzzer
96438 115726 4101 0 3 0x10008a pause ksh
4101 258861 32965 0 3 0x92 select sshd
63732 371778 1 0 3 0x100083 ttyin getty
32965 323394 1 0 3 0x80 select sshd
77496 48434 909 73 3 0x100090 kqread syslogd
909 512353 1 0 3 0x100082 netio syslogd
17496 291092 1 77 3 0x100090 poll dhclient
47359 16655 1 0 3 0x80 poll dhclient
84637 179054 0 0 3 0x14200 bored smr
45170 324235 0 0 2 0x14200 zerothread
74246 71382 0 0 3 0x14200 aiodoned aiodoned
50239 143175 0 0 3 0x14200 syncer update
249 41465 0 0 3 0x14200 cleaner cleaner
*97858 469041 0 0 7 0x14200 reaper
8209 143281 0 0 3 0x14200 pgdaemon pagedaemon
58291 31063 0 0 3 0x14200 bored crynlk
86548 147803 0 0 3 0x14200 bored crypto
26189 75009 0 0 3 0x40014200 acpi0 acpi0
91476 82910 0 0 3 0x14200 bored softnet
44231 333855 0 0 3 0x14200 bored systqmp
13566 153876 0 0 3 0x14200 bored systq
82167 190630 0 0 3 0x40014200 bored softclock
7103 247912 0 0 3 0x40014200 idle0
1 427506 0 0 2 0x82 init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9534 6379K 6896K 78643K 13567 0
pcb 13 8K 8K 78643K 557 0
rtable 172 24K 25K 78643K 2094 0
ifaddr 118 24K 25K 78643K 596 0
sysctl 2 0K 0K 78643K 2 0
counters 21 16K 17K 78643K 87 0
ioctlops 0 0K 4K 78643K 1151 0
iov 0 0K 16K 78643K 224 0
mount 1 1K 1K 78643K 1 0
vnodes 1216 76K 77K 78643K 2363 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 35 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 0K 78643K 901 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 195K 288K 78643K 12938 0
file desc 4 9K 25K 78643K 3057 0
sigio 0 0K 0K 78643K 17 0
proc 51 38K 55K 78643K 883 0
subproc 32 2K 2K 78643K 187 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 234 0
in_multi 24 1K 2K 78643K 426 0
ether_multi 1 0K 0K 78643K 64 0
mrt 0 0K 0K 78643K 21 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 67 307K 307K 78643K 67 0
exec 0 0K 2K 78643K 738 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 189 285K 301K 78643K 7533 0
UVM aobj 85 3K 3K 78643K 116 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 307 0
NDP 16 0K 0K 78643K 121 0
temp 189 4039K 4103K 78643K 50653 0
kqueue 3 4K 10K 78643K 107 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 36 0 30 1 0 1 1 0 8 0
rtpcb 88 165 0 163 1 0 1 1 0 8 0
rtentry 112 273 0 242 2 0 2 2 0 8 0
unpcb 120 870 0 861 1 0 1 1 0 8 0
syncache 272 27 0 27 8 8 0 1 0 8 0
tcpqe 32 239 0 239 3 3 0 1 0 8 0
tcpcb 592 3150 0 3118 25 20 5 5 0 8 2
ipq 40 18 0 17 5 4 1 1 0 8 0
ipqe 40 91 0 90 5 4 1 1 0 8 0
inpcb 296 4598 0 4591 6 4 2 2 0 8 1
rttmr 72 8 0 8 5 5 0 1 0 8 0
ip6q 72 3 0 3 3 2 1 1 0 8 1
ip6af 40 6 0 6 3 2 1 1 0 8 1
nd6 48 68 0 62 1 0 1 1 0 8 0
pkpcb 40 14 0 14 4 4 0 1 0 8 0
swfcl 56 4 0 0 1 0 1 1 0 8 0
ppxss 1136 8 0 8 6 6 0 1 0 8 0
pfstscr 40 4 0 2 1 0 1 1 0 8 0
pfosfp 40 1 0 0 1 0 1 1 0 8 0
pfosfpen 112 1 0 0 1 0 1 1 0 8 0
pfrke_plain 160 11 0 11 1 1 0 1 0 8 0
pfrktable 1344 392 0 351 10 6 4 4 0 8 0
pftag 88 33 0 24 2 1 1 1 0 8 0
pfstitem 24 2 0 0 1 0 1 1 0 8 0
pfstkey 112 4 0 2 1 0 1 1 0 8 0
pfstate 328 2 0 1 1 0 1 1 0 8 0
pfrule 1360 346 0 101 22 1 21 21 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1214 0 1092 21 12 9 16 0 8 0
art_table 32 1215 0 1092 3 1 2 2 0 8 0
art_node 16 270 0 246 1 0 1 1 0 8 0
sysvmsgpl 40 50 0 39 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 895 0 885 1 0 1 1 0 8 0
shmpl 112 113 0 32 3 0 3 3 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 5165 0 3770 88 0 88 88 0 8 0
ffsino 240 5165 0 3770 83 0 83 83 0 8 0
nchpl 144 9414 0 7834 60 0 60 60 0 8 0
rtmask 32 6 0 6 1 1 0 1 0 8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0
vnodes 208 5926 0 0 312 0 312 312 0 8 0
namei 1024 27095 0 27095 4 3 1 1 0 8 1
vcpupl 1984 25 0 0 4 0 4 4 0 8 0
vmpool 528 40 0 15 3 1 2 2 0 8 0
pfiaddrpl 120 179 0 120 3 1 2 2 0 8 0
scsiplug 72 2 0 2 2 2 0 1 0 8 0
scxspl 200 34646 0 34646 2 1 1 1 0 8 1
plimitpl 152 222 0 215 1 0 1 1 0 8 0
sigapl 424 3241 0 3192 6 0 6 6 0 8 0
futexpl 56 62748 0 62748 4 3 1 1 0 8 1
knotepl 112 320 0 300 1 0 1 1 0 8 0
kqueuepl 152 1729 0 1723 1 0 1 1 0 8 0
pipepl 272 443 0 432 8 7 1 2 0 8 0
fdescpl 432 3202 0 3189 2 0 2 2 0 8 0
filepl 120 19410 0 19315 7 3 4 5 0 8 1
lockfpl 104 553 0 552 1 0 1 1 0 8 0
lockfspl 48 204 0 203 1 0 1 1 0 8 0
sessionpl 120 26 0 16 1 0 1 1 0 8 0
pgrppl 48 58 0 48 1 0 1 1 0 8 0
ucredpl 96 1569 0 1561 1 0 1 1 0 8 0
zombiepl 144 3192 0 3191 1 0 1 1 0 8 0
processpl 944 3241 0 3191 7 0 7 7 0 8 0
procpl 632 6638 0 6581 6 0 6 6 0 8 0
sosppl 144 18 0 18 6 6 0 1 0 8 0
sockpl 400 5654 0 5636 15 11 4 4 0 8 1
mcl64k 65536 121 0 121 8 7 1 1 0 8 1
mcl16k 16384 31 0 31 13 12 1 1 0 8 1
mcl12k 12288 74 0 74 9 8 1 1 0 8 1
mcl9k 9216 47 0 47 11 10 1 1 0 8 1
mcl8k 8192 208 0 208 6 5 1 1 0 8 1
mcl4k 4096 271 0 271 7 6 1 1 0 8 1
mcl2k2 2112 10 0 10 8 7 1 1 0 8 1
mcl2k 2048 95935 0 95883 37 29 8 24 0 8 0
mtagpl 96 221 0 207 4 3 1 3 0 8 0
mbufpl 256 174289 0 174186 32 19 13 24 0 8 1
bufpl 280 11118 0 5746 384 0 384 384 0 8 0
anonpl 16 319885 0 300110 109 25 84 88 0 107 2
amapchunkpl 152 17439 0 17223 84 74 10 22 0 158 0
amappl16 192 12460 0 11405 123 65 58 65 0 8 4
amappl15 184 9 0 8 1 0 1 1 0 8 0
amappl14 176 287 0 277 1 0 1 1 0 8 0
amappl13 168 928 0 926 1 0 1 1 0 8 0
amappl12 160 124 0 121 1 0 1 1 0 8 0
amappl11 152 1154 0 1144 1 0 1 1 0 8 0
amappl10 144 273 0 269 1 0 1 1 0 8 0
amappl9 136 650 0 649 2 1 1 1 0 8 0
amappl8 128 581 0 514 3 0 3 3 0 8 0
amappl7 120 601 0 592 1 0 1 1 0 8 0
amappl6 112 1245 0 1231 1 0 1 1 0 8 0
amappl5 104 1734 0 1722 1 0 1 1 0 8 0
amappl4 96 2286 0 2253 1 0 1 1 0 8 0
amappl3 88 1069 0 1060 1 0 1 1 0 8 0
amappl2 80 21759 0 21694 2 0 2 2 0 8 0
amappl1 72 88217 0 87800 24 14 10 18 0 8 0
amappl 80 7031 0 6961 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 115 0 31 2 0 2 2 0 8 0
uaddrrnd 24 3242 0 3204 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 3242 0 3204 1 0 1 1 0 8 0
vmmpekpl 168 18832 0 18788 4 1 3 3 0 8 0
vmmpepl 168 400620 0 398421 285 159 126 154 0 357 21
vmsppl 272 3241 0 3203 4 1 3 3 0 8 0
pdppl 4096 6490 0 6431 11 3 8 9 0 8 0
pvpl 32 907184 0 884667 345 72 273 312 0 265 82
pmappl 200 3241 0 3203 3 0 3 3 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 373 0 126 8 0 8 8 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
pmap_page_remove(fffffd8005228e80) at pmap_page_remove+0x2fd _atomic_swap_64 machine/atomic.h:117 [inline]
pmap_page_remove(fffffd8005228e80) at pmap_page_remove+0x2fd sys/arch/amd64/amd64/pmap.c:1946
uvm_anfree_list(fffffd80571b5440,ffff80001d694320) at uvm_anfree_list+0x4e sys/uvm/uvm_anon.c:104
amap_wipeout(fffffd805e7fc210) at amap_wipeout+0x171 sys/uvm/uvm_amap.c:461
uvm_unmap_detach(ffff80001d6943e0,1) at uvm_unmap_detach+0x163 sys/uvm/uvm_map.c:1586
uvm_map_teardown(fffffd806ab19000) at uvm_map_teardown+0x232 sys/uvm/uvm_map.c:2759
uvmspace_free(fffffd806ab19000) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3646
uvm_exit(ffff80001e828ef0) at uvm_exit+0x29 sys/uvm/uvm_glue.c:297
reaper(ffff8000fffff638) at reaper+0x15c sys/kern/kern_exit.c:456
end trace frame: 0x0, count: -8
ddb> machine ddbcpu 1
No such command
ddb> trace
pmap_page_remove(fffffd8005228e80) at pmap_page_remove+0x2fd _atomic_swap_64 machine/atomic.h:117 [inline]
pmap_page_remove(fffffd8005228e80) at pmap_page_remove+0x2fd sys/arch/amd64/amd64/pmap.c:1946
uvm_anfree_list(fffffd80571b5440,ffff80001d694320) at uvm_anfree_list+0x4e sys/uvm/uvm_anon.c:104
amap_wipeout(fffffd805e7fc210) at amap_wipeout+0x171 sys/uvm/uvm_amap.c:461
uvm_unmap_detach(ffff80001d6943e0,1) at uvm_unmap_detach+0x163 sys/uvm/uvm_map.c:1586
uvm_map_teardown(fffffd806ab19000) at uvm_map_teardown+0x232 sys/uvm/uvm_map.c:2759
uvmspace_free(fffffd806ab19000) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3646
uvm_exit(ffff80001e828ef0) at uvm_exit+0x29 sys/uvm/uvm_glue.c:297
reaper(ffff8000fffff638) at reaper+0x15c sys/kern/kern_exit.c:456
end trace frame: 0x0, count: -8