uvm_fault(0xffffffff82538f58, 0xffff800000a27000, 0, 1) -> e kernel: page fault trap, code=0 Stopped at uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff82538f58, 0xffff800000a27000, 0, 1) -> e uvm_unmap_remove(ffff800000a26f00,0,80000000,ffff800015967c18,1,0) at uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:501 [inline] uvm_unmap_remove(ffff800000a26f00,0,80000000,ffff800015967c18,1,0) at uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2225 end trace frame: 0xffff800015967c50, count: 0 ddb> trace uvm_unmap_remove(ffff800000a26f00,0,80000000,ffff800015967c18,1,0) at uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:501 [inline] uvm_unmap_remove(ffff800000a26f00,0,80000000,ffff800015967c18,1,0) at uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2225 uvm_map_deallocate(ffff800000a26f00) at uvm_map_deallocate+0x6e sys/uvm/uvm_map.c:4242 vm_impl_init_vmx(ffff800015b2ae38,ffff8000ffff38c8) at vm_impl_init_vmx+0x1e0 vm_create(ffff800000a0b800,ffff8000ffff38c8) at vm_create+0x193 vm_impl_init sys/arch/amd64/amd64/vmm.c:1384 [inline] vm_create(ffff800000a0b800,ffff8000ffff38c8) at vm_create+0x193 sys/arch/amd64/amd64/vmm.c:1173 VOP_IOCTL(fffffd8038d6b820,c5005601,ffff800000a0b800,1,fffffd803f7c6a80,ffff8000ffff38c8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291 vn_ioctl(fffffd802e913d20,c5005601,ffff800000a0b800,ffff8000ffff38c8) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:533 sys_ioctl(ffff8000ffff38c8,ffff800015967ff8,ffff800015968040) at sys_ioctl+0x5b9 syscall(ffff8000159680c0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x8ad6e84e1d0, count: -9 ddb> show registers rdi 0 rsi 0 rbp 0xffff800015967c00 rbx 0 rdx 0x1a28 __ALIGN_SIZE+0xa28 rcx 0xffff800016b31000 rax 0xffff800000a26f00 r8 0x1 r9 0 r10 0x26aee6e920f435aa r11 0x88983302114309e7 r12 0 r13 0xfffffd802d44ad70 r14 0 r15 0xffff800000a26f00 rip 0xffffffff815649cb uvm_unmap_remove+0x3eb cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800015967b50 ss 0x10 uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15 ddb> show proc PROC (syz-executor.0) pid=505649 stat=onproc flags process=0 proc=4000000 pri=70, usrpri=70, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff3160,0xffffffff82545ea8 process=0xffff8000ffff70f0 user=0xffff800015963000, vmspace=0xfffffd803f012220 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 17125 71648 51941 0 2 0 syz-executor.0 *17125 505649 51941 0 7 0x4000000 syz-executor.0 32922 263543 75974 0 3 0x80 nanosleep syz-executor.1 32922 322688 75974 0 3 0x4000080 netio syz-executor.1 32922 482327 75974 0 3 0x4000080 fsleep syz-executor.1 51941 11086 76395 0 2 0x482 syz-executor.0 75974 311801 76395 0 3 0x82 nanosleep syz-executor.1 76395 270180 80499 0 3 0x82 thrsleep syz-fuzzer 76395 186830 80499 0 2 0x4000482 syz-fuzzer 76395 185830 80499 0 3 0x4000082 thrsleep syz-fuzzer 76395 135953 80499 0 3 0x4000082 thrsleep syz-fuzzer 76395 282975 80499 0 3 0x4000082 thrsleep syz-fuzzer 76395 471565 80499 0 3 0x4000082 thrsleep syz-fuzzer 76395 102704 80499 0 3 0x4000082 thrsleep syz-fuzzer 76395 278063 80499 0 3 0x4000082 kqread syz-fuzzer 80499 237951 95920 0 3 0x10008a pause ksh 95920 273748 67303 0 3 0x92 select sshd 6113 146970 1 0 3 0x100083 ttyin getty 67303 131273 1 0 3 0x80 select sshd 2766 56653 89883 73 3 0x100090 kqread syslogd 89883 311966 1 0 3 0x100082 netio syslogd 50377 164057 1 77 3 0x100090 poll dhclient 84289 464710 1 0 3 0x80 poll dhclient 68892 497016 0 0 2 0x14200 zerothread 60152 213158 0 0 3 0x14200 aiodoned aiodoned 15041 428243 0 0 3 0x14200 syncer update 82043 385418 0 0 3 0x14200 cleaner cleaner 60169 301536 0 0 3 0x14200 reaper reaper 5719 446904 0 0 3 0x14200 pgdaemon pagedaemon 58025 65570 0 0 3 0x14200 bored crynlk 32801 489873 0 0 3 0x14200 bored crypto 20039 472611 0 0 3 0x40014200 acpi0 acpi0 56179 194352 0 0 3 0x14200 bored softnet 75450 220593 0 0 3 0x14200 bored systqmp 19899 241827 0 0 3 0x14200 bored systq 58014 2659 0 0 3 0x40014200 bored softclock 40549 109777 0 0 3 0x40014200 idle0 54900 129303 0 0 3 0x14200 bored smr 1 378413 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9474 6340K 6848K 78643K 10775 0 pcb 13 8K 8K 78643K 53 0 rtable 108 3K 4K 78643K 274 0 ifaddr 54 12K 12K 78643K 81 0 counters 19 16K 16K 78643K 19 0 ioctlops 1 2K 2K 78643K 21 0 iov 0 0K 16K 78643K 28 0 mount 1 1K 1K 78643K 1 0 vnodes 1218 77K 77K 78643K 1304 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 3 0 VM map 3 0K 0K 78643K 3 0 sem 11 0K 0K 78643K 16 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 6 17K 25K 78643K 149 0 sigio 0 0K 0K 78643K 4 0 proc 48 38K 63K 78643K 401 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 10 0 in_multi 40 2K 2K 78643K 51 0 ether_multi 1 0K 0K 78643K 1 0 mrt 0 0K 0K 78643K 8 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 42 185K 185K 78643K 42 0 exec 0 0K 1K 78643K 204 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 115 22K 24K 78643K 1246 0 UVM aobj 5 2K 2K 78643K 5 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 17 0 NDP 8 0K 0K 78643K 18 0 temp 118 3018K 3084K 78643K 6217 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 2 1 0 1 1 0 8 0 rtpcb 80 29 0 27 1 0 1 1 0 8 0 rtentry 112 59 0 15 2 0 2 2 0 8 0 unpcb 120 90 0 78 1 0 1 1 0 8 0 syncache 264 5 0 5 2 1 1 1 0 8 1 tcpqe 32 36 0 36 1 1 0 1 0 8 0 tcpcb 544 88 0 84 2 0 2 2 0 8 1 inpcb 280 248 0 240 4 0 4 4 0 8 3 rttmr 72 4 0 4 1 1 0 1 0 8 0 nd6 48 6 0 2 1 0 1 1 0 8 0 pkpcb 40 6 0 6 1 0 1 1 0 8 1 ppxss 1128 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 255 0 43 14 0 14 14 0 8 0 art_table 32 256 0 43 2 0 2 2 0 8 0 art_node 16 58 0 18 1 0 1 1 0 8 0 sysvmsgpl 40 5 0 3 1 0 1 1 0 8 0 semapl 112 14 0 5 1 0 1 1 0 8 0 shmpl 112 3 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1586 0 185 46 0 46 46 0 8 0 ffsino 240 1586 0 185 83 0 83 83 0 8 0 nchpl 144 2025 0 428 60 0 60 60 0 8 0 uvmvnodes 72 1691 0 0 31 0 31 31 0 8 0 vnodes 208 1691 0 0 89 0 89 89 0 8 0 namei 1024 5295 0 5295 1 0 1 1 0 8 1 vmpool 520 1 0 0 1 0 1 1 0 8 0 scxspl 192 5920 0 5920 8 1 7 7 0 8 7 plimitpl 152 19 0 12 1 0 1 1 0 8 0 sigapl 432 317 0 303 2 0 2 2 0 8 0 futexpl 56 3655 0 3654 1 0 1 1 0 8 0 knotepl 112 102 0 83 1 0 1 1 0 8 0 kqueuepl 104 206 0 204 1 0 1 1 0 8 0 pipepl 128 210 0 191 1 0 1 1 0 8 0 fdescpl 424 318 0 303 2 0 2 2 0 8 0 filepl 120 2307 0 2207 5 0 5 5 0 8 1 lockfpl 104 40 0 39 1 0 1 1 0 8 0 lockfspl 48 13 0 12 1 0 1 1 0 8 0 sessionpl 112 18 0 8 1 0 1 1 0 8 0 pgrppl 48 18 0 8 1 0 1 1 0 8 0 ucredpl 96 174 0 167 1 0 1 1 0 8 0 zombiepl 144 303 0 303 1 0 1 1 0 8 1 processpl 864 332 0 303 4 0 4 4 0 8 0 procpl 632 489 0 450 4 0 4 4 0 8 0 sockpl 384 382 0 360 6 0 6 6 0 8 3 mcl64k 65536 1 0 1 1 0 1 1 0 8 1 mcl16k 16384 1 0 1 1 0 1 1 0 8 1 mcl12k 12288 4 0 4 2 1 1 1 0 8 1 mcl9k 9216 2 0 2 1 0 1 1 0 8 1 mcl8k 8192 6 0 6 1 0 1 1 0 8 1 mcl4k 4096 18 0 18 2 1 1 1 0 8 1 mcl2k 2048 67468 0 67424 15 6 9 13 0 8 3 mtagpl 80 10 0 2 2 1 1 1 0 8 0 mbufpl 256 107685 0 107593 11 3 8 10 0 8 0 bufpl 280 6593 0 1718 349 0 349 349 0 8 0 anonpl 16 58685 0 40216 80 1 79 79 0 62 0 amapchunkpl 152 1893 0 1730 12 1 11 12 0 158 2 amappl16 192 2025 0 940 65 4 61 65 0 8 6 amappl15 184 52 0 48 1 0 1 1 0 8 0 amappl14 176 43 0 40 1 0 1 1 0 8 0 amappl13 168 8 0 7 1 0 1 1 0 8 0 amappl12 160 4 0 4 1 1 0 1 0 8 0 amappl11 152 93 0 80 1 0 1 1 0 8 0 amappl10 144 10 0 8 1 0 1 1 0 8 0 amappl9 136 620 0 613 1 0 1 1 0 8 0 amappl8 128 168 0 142 1 0 1 1 0 8 0 amappl7 120 97 0 85 1 0 1 1 0 8 0 amappl6 112 103 0 93 1 0 1 1 0 8 0 amappl5 104 144 0 135 1 0 1 1 0 8 0 amappl4 96 528 0 500 1 0 1 1 0 8 0 amappl3 88 124 0 116 1 0 1 1 0 8 0 amappl2 80 1690 0 1612 3 1 2 3 0 8 0 amappl1 72 15614 0 15170 26 15 11 20 0 8 1 amappl 80 737 0 688 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 4 0 0 1 0 1 1 0 8 0 uaddrrnd 24 319 0 303 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 319 0 303 1 0 1 1 0 8 0 vmmpekpl 168 6363 0 6343 2 0 2 2 0 8 0 vmmpepl 168 47770 0 45462 141 5 136 137 0 357 35 vmsppl 272 317 0 303 2 1 1 2 0 8 0 pdppl 4096 644 0 606 6 1 5 6 0 8 0 pvpl 32 166928 0 145396 187 0 187 187 0 265 5 pmappl 200 318 0 303 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 145 0 14 4 0 4 4 0 8 0