panic: vm_object_terminate_single_page: page 0xfffffe00013c5080 does not belong to a queue cpuid = 1 time = 4 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0xc6/frame 0xfffffe0056d6a4f0 kdb_backtrace() at kdb_backtrace+0xd0/frame 0xfffffe0056d6a650 vpanic() at vpanic+0x257/frame 0xfffffe0056d6a810 panic() at panic+0xb5/frame 0xfffffe0056d6a8d0 vm_object_terminate_single_page() at vm_object_terminate_single_page+0x210/frame 0xfffffe0056d6a910 pctrie_reclaim_resume_cb() at pctrie_reclaim_resume_cb+0xf5/frame 0xfffffe0056d6a970 vm_object_terminate() at vm_object_terminate+0x232/frame 0xfffffe0056d6aa30 vm_object_deallocate() at vm_object_deallocate+0x617/frame 0xfffffe0056d6ab10 vm_map_process_deferred() at vm_map_process_deferred+0x1a0/frame 0xfffffe0056d6ab50 vmspace_dofree() at vmspace_dofree+0xfd/frame 0xfffffe0056d6ab90 vmspace_exit() at vmspace_exit+0x278/frame 0xfffffe0056d6ac50 exit1() at exit1+0x99b/frame 0xfffffe0056d6acf0 sys__exit() at sys__exit+0x28/frame 0xfffffe0056d6ad10 amd64_syscall() at amd64_syscall+0x4e2/frame 0xfffffe0056d6af30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0056d6af30 --- syscall (1, FreeBSD ELF64, _exit), rip = 0x3a723a, rsp = 0x8205ee348, rbp = 0x8205ee350 --- KDB: enter: panic [ thread pid 991 tid 100113 ] Stopped at kdb_enter+0x6e: movq $0,0x259df67(%rip) db> db> set $lines = 0 db> set $maxwidth = 0 db> show registers cs 0x20 ds 0x3b es 0x3b fs 0x13 gs 0x1b ss 0x28 rax 0x12 rcx 0xfffffe0002bf1850 rdx 0 rbx 0xffffffff8280e800 .str.27 rsp 0xfffffe0056d6a630 rbp 0xfffffe0056d6a650 rsi 0 rdi 0xffffffff81646849 printf+0x149 r8 0 r9 0xffffffff r10 0 r11 0x3f r12 0xfffffe00540ff000 r13 0xfffffffffffffffd r14 0xffffffff8280e800 .str.27 r15 0 rip 0xffffffff8162fc2e kdb_enter+0x6e rflags 0x46 kdb_enter+0x6e: movq $0,0x259df67(%rip) db> show proc Process 991 (syz-executor) at 0xfffffe0054105000: state: NORMAL uid: 0 gid: 0 supp gids: 0, 5 parent: pid 766 at 0xfffffe0007809ac0 ABI: FreeBSD ELF64 flag: 0x10002000 flag2: 0x40000 arguments: ./syz-executor exec reaper: 0xfffffe0007809010 reapsubtree: 1 sigparent: 20 vmspace: 0xffffffff83b59060 (map 0xffffffff83b59060) (map.pmap 0xffffffff83b59100) (pmap 0xffffffff83b59170) threads: 1 100113 Run CPU 1 syz-executor db> ps pid ppid pgrp uid state wmesg wchan cmd 997 764 764 0 R (threaded) syz-executor 100101 Run uwait 0xfffffe00582e0600 syz-executor 100317 S sbwait 0xfffffe005993660c syz-executor 995 0 0 0 DL (threaded) [so_splice] 100292 D - 0xfffffe0077894e80 [thr_0] 100315 D - 0xfffffe0077894ec0 [thr_1] 991 766 766 0 RE CPU 1 syz-executor 987 1 764 0 S uwait 0xfffffe006e50c700 syz-executor 981 1 764 0 S uwait 0xfffffe0058528980 syz-executor 972 0 0 0 DL (threaded) [KTLS] 100272 D - 0xfffffe0053ebd600 [thr_0] 100273 D - 0xfffffe0053ebd680 [thr_1] 100274 D - 0xffffffff83cd0628 [reclaim_0] 966 1 766 0 S uwait 0xfffffe00582e0900 syz-executor 960 0 0 0 DL - 0xffffffff83b59520 [accounting] 950 1 766 0 S uwait 0xfffffe00582dfc00 syz-executor 946 1 766 0 S uwait 0xfffffe00582e0400 syz-executor 942 1 942 0 Ss+ ttyin 0xfffffe0053f768b0 getty 941 1 941 0 Ss+ ttyin 0xfffffe0053f778b0 getty 940 1 940 0 Ss+ ttyin 0xfffffe00582c70b0 getty 939 1 939 0 Ss+ ttyin 0xfffffe00594bc8b0 getty 934 1 934 0 Ss+ ttyin 0xfffffe00582d44b0 getty 933 1 933 0 Ss+ ttyin 0xfffffe00594bd0b0 getty 932 1 932 0 Ss+ ttyin 0xfffffe00594bd8b0 getty 931 1 931 0 Ss+ ttyin 0xfffffe0053f760b0 getty 930 1 930 0 Ss+ ttyin 0xfffffe0053f770b0 getty 900 1 764 0 S uwait 0xfffffe006e50cd00 syz-executor 892 886 886 0 S tun_con 0xfffffe006df3be28 ifconfig 890 0 0 0 DL - 0xffffffff83ccee00 [soaiod4] 889 0 0 0 DL - 0xffffffff83ccee00 [soaiod3] 888 0 0 0 DL - 0xffffffff83ccee00 [soaiod2] 887 0 0 0 DL - 0xffffffff83ccee00 [soaiod1] 886 762 886 0 S wait 0xfffffe00540eeab0 syz-executor 868 1 763 -1 S uwait 0xfffffe006e50cc00 syz-executor 856 1 766 0 S uwait 0xfffffe006e50e080 syz-executor 828 1 766 0 S uwait 0xfffffe0058528600 syz-executor 826 1 765 0 S uwait 0xfffffe00582e2f00 syz-executor 821 1 763 0 S uwait 0xfffffe0058528e80 syz-executor 812 0 0 0 DL aiordy 0xfffffe00540ef560 [aiod4] 811 0 0 0 DL aiordy 0xfffffe00540efab8 [aiod3] 810 0 0 0 DL aiordy 0xfffffe00540f0568 [aiod2] 809 0 0 0 DL aiordy 0xfffffe00540f0010 [aiod1] 766 762 766 0 S nanslp 0xffffffff83baec40 syz-executor 764 762 764 0 R syz-executor 763 762 763 0 R syz-executor 762 1 760 0 S select 0xfffffe006dc31640 syz-executor 737 1 17 0 S+ piperd 0xfffffe005989f140 logger 736 735 17 0 S+ nanslp 0xffffffff83baec41 sleep 735 1 17 0 S+ wait 0xfffffe005400bab8 sh 685 1 685 0 Ss nanslp 0xffffffff83baec40 cron 681 1 681 0 Ss select 0xfffffe006dfb6f40 sshd 494 1 494 0 Ss select 0xfffffe006dc31ac0 syslogd 16 0 0 0 DL syncer 0xffffffff83cdc820 [syncer] 15 0 0 0 DL vlruwt 0xfffffe0054002558 [vnlru] 14 0 0 0 DL (threaded) [bufdaemon] 100079 D psleep 0xffffffff83cdad60 [bufdaemon] 100082 D - 0xffffffff83001ec0 [bufspacedaemon-0] 100095 D sdflush 0xfffffe0059958ce8 [/ worker] 9 0 0 0 DL psleep 0xffffffff83d1bc40 [vmdaemon] 8 0 0 0 DL (threaded) [pagedaemon] 100077 D psleep 0xffffffff83d01d08 [dom0] 100080 D launds 0xffffffff83d01d14 [laundry: dom0] 100081 D umarcl 0xffffffff81e17e20 [uma] 7 0 0 0 DL - 0xffffffff839275f8 [rand_harvestq] 6 0 0 0 TL pftm 0xffffffff844e6f60 [pf purge] 5 0 0 0 DL waiting 0xffffffff8490c700 [sctp_iterator] 4 0 0 0 DL (threaded) [cam] 100045 D - 0xffffffff838f1340 [doneq0] 100046 D - 0xffffffff838f12c0 [async] 100075 D - 0xffffffff838f1140 [scanner] 3 0 0 0 DL (threaded) [crypto] 100042