uvm_fault(0xffffffff82512c50, 0xffff800000a89000, 0, 1) -> e kernel: page fault trap, code=0 Stopped at uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff82512c50, 0xffff800000a89000, 0, 1) -> e uvm_unmap_remove(ffff800000a88f00,0,1ef000,ffff800015970c90,0,1) at uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:501 [inline] uvm_unmap_remove(ffff800000a88f00,0,1ef000,ffff800015970c90,0,1) at uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2232 end trace frame: 0xffff800015970d40, count: 0 ddb> trace uvm_unmap_remove(ffff800000a88f00,0,1ef000,ffff800015970c90,0,1) at uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:501 [inline] uvm_unmap_remove(ffff800000a88f00,0,1ef000,ffff800015970c90,0,1) at uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2232 uvm_share(ffff800000a88f00,0,7,fffffd803f012ee0,20000000,200000) at uvm_share+0x55b vm_impl_init_vmx(ffff800014923c78,ffff800014892f50) at vm_impl_init_vmx+0xf1 sys/arch/amd64/amd64/vmm.c:1269 vm_create(ffff800000ad0800,ffff800014892f50) at vm_create+0x193 vm_impl_init sys/arch/amd64/amd64/vmm.c:1384 [inline] vm_create(ffff800000ad0800,ffff800014892f50) at vm_create+0x193 sys/arch/amd64/amd64/vmm.c:1173 VOP_IOCTL(fffffd80360ada90,c5005601,ffff800000ad0800,c1,fffffd803f7c69c0,ffff800014892f50) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291 vn_ioctl(fffffd802d6b9e98,c5005601,ffff800000ad0800,ffff800014892f50) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:533 sys_ioctl(ffff800014892f50,ffff8000159710e8,ffff800015971130) at sys_ioctl+0x5b9 syscall(ffff8000159711b0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x3ba0994c3a0, count: -9 ddb> show registers rdi 0 rsi 0 rbp 0xffff800015970c60 rbx 0 rdx 0x297a __ALIGN_SIZE+0x197a rcx 0xffff80001493f000 rax 0xffff800000a88f00 r8 0 r9 0x1 r10 0x997ccb570e714a4 r11 0x5437f168dc3a7d53 r12 0 r13 0xfffffd802e2d5250 r14 0x10000 __ALIGN_SIZE+0xf000 r15 0xffff800000a88f00 rip 0xffffffff81fdb9fb uvm_unmap_remove+0x3eb cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800015970bb0 ss 0x10 uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15 ddb> show proc PROC (syz-executor.1) pid=40941 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000148922a8,0xffffffff825b2828 process=0xffff8000ffff6710 user=0xffff80001596c000, vmspace=0xfffffd803f012ee0 estcpu=36, cpticks=49, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 59351 310791 80446 0 2 0 syz-executor.1 *59351 40941 80446 0 7 0x4000000 syz-executor.1 95254 153550 12847 0 3 0x82 nanosleep syz-executor.0 76174 239491 0 0 3 0x14200 bored sosplice 80446 105494 12847 0 3 0x82 nanosleep syz-executor.1 12847 462938 64267 0 3 0x82 thrsleep syz-fuzzer 12847 500878 64267 0 3 0x4000082 thrsleep syz-fuzzer 12847 287550 64267 0 3 0x4000082 thrsleep syz-fuzzer 12847 432393 64267 0 3 0x4000082 thrsleep syz-fuzzer 12847 257858 64267 0 3 0x4000082 thrsleep syz-fuzzer 12847 331855 64267 0 3 0x4000082 thrsleep syz-fuzzer 12847 386454 64267 0 3 0x4000082 thrsleep syz-fuzzer 12847 46553 64267 0 3 0x4000082 kqread syz-fuzzer 64267 316699 23150 0 3 0x10008a pause ksh 23150 515021 32881 0 3 0x92 select sshd 33135 315094 1 0 3 0x100083 ttyin getty 32881 506754 1 0 3 0x80 select sshd 75048 385516 66455 73 3 0x100090 kqread syslogd 66455 131677 1 0 3 0x100082 netio syslogd 93439 283614 1 77 3 0x100090 poll dhclient 13282 310913 1 0 3 0x80 poll dhclient 26715 117854 0 0 2 0x14200 zerothread 28271 244462 0 0 3 0x14200 aiodoned aiodoned 10542 163940 0 0 3 0x14200 syncer update 49010 300450 0 0 3 0x14200 cleaner cleaner 71233 514205 0 0 3 0x14200 reaper reaper 64076 392093 0 0 3 0x14200 pgdaemon pagedaemon 16455 135387 0 0 3 0x14200 bored crynlk 40029 315995 0 0 3 0x14200 bored crypto 65608 54676 0 0 3 0x40014200 acpi0 acpi0 54938 67142 0 0 3 0x14200 bored softnet 94282 54723 0 0 3 0x14200 bored systqmp 24103 153345 0 0 3 0x14200 bored systq 85667 132856 0 0 3 0x40014200 bored softclock 88619 509102 0 0 3 0x40014200 idle0 7663 400678 0 0 3 0x14200 bored smr 1 39416 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9488 6340K 6793K 78643K 11244 0 pcb 13 8K 8K 78643K 81 0 rtable 110 3K 4K 78643K 338 0 ifaddr 73 15K 16K 78643K 117 0 counters 19 16K 16K 78643K 19 0 ioctlops 1 2K 2K 78643K 33 0 iov 0 0K 18K 78643K 250 0 mount 1 1K 1K 78643K 1 0 vnodes 1214 76K 77K 78643K 1487 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 10 0 VM map 3 0K 0K 78643K 5 0 sem 12 0K 1K 78643K 89 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1794 195K 288K 78643K 12646 0 file desc 5 13K 25K 78643K 332 0 sigio 0 0K 0K 78643K 13 0 proc 48 38K 63K 78643K 449 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 23 0 in_multi 80 4K 4K 78643K 103 0 ether_multi 1 0K 0K 78643K 7 0 mrt 0 0K 0K 78643K 6 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 54 238K 238K 78643K 54 0 exec 0 0K 1K 78643K 266 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 114 22K 23K 78643K 1715 0 UVM aobj 34 2K 2K 78643K 34 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 98 0 NDP 10 0K 0K 78643K 24 0 temp 126 3562K 3628K 78643K 10646 0 kqueue 0 0K 0K 78643K 2 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 13 0 7 1 0 1 1 0 8 0 rtpcb 96 39 0 37 1 0 1 1 0 8 0 rtentry 112 71 0 26 2 0 2 2 0 8 0 unpcb 120 314 0 306 1 0 1 1 0 8 0 syncache 280 4 0 4 1 1 0 1 0 8 0 tcpqe 32 149 0 149 1 1 0 1 0 8 0 tcpcb 640 292 0 288 3 2 1 2 0 8 0 ipq 40 4 0 4 1 1 0 1 0 8 0 ipqe 40 176 0 176 1 1 0 1 0 8 0 inpcb 280 720 0 713 3 1 2 2 0 8 1 rttmr 72 2 0 2 1 1 0 1 0 8 0 nd6 48 6 0 2 1 0 1 1 0 8 0 pkpcb 40 4 0 4 1 0 1 1 0 8 1 ppxss 1128 4 0 4 1 1 0 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 290 0 62 15 0 15 15 0 8 0 art_table 32 292 0 62 2 0 2 2 0 8 0 art_node 16 70 0 29 1 0 1 1 0 8 0 sysvmsgpl 40 46 0 41 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 87 0 77 1 0 1 1 0 8 0 shmpl 112 32 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1901 0 508 46 0 46 46 0 8 0 ffsino 240 1901 0 508 83 0 83 83 0 8 0 nchpl 144 2651 0 1053 60 0 60 60 0 8 0 uvmvnodes 72 2122 0 0 39 0 39 39 0 8 0 vnodes 208 2122 0 0 112 0 112 112 0 8 0 namei 1024 7351 0 7351 1 0 1 1 0 8 1 vmpool 520 3 0 2 2 1 1 1 0 8 0 scxspl 208 7916 0 7916 11 7 4 7 0 8 4 plimitpl 152 44 0 37 1 0 1 1 0 8 0 sigapl 432 499 0 486 2 0 2 2 0 8 0 futexpl 56 9919 0 9919 1 0 1 1 0 8 1 knotepl 112 117 0 98 1 0 1 1 0 8 0 kqueuepl 104 152 0 149 1 0 1 1 0 8 0 pipepl 128 446 0 427 3 0 3 3 0 8 2 fdescpl 424 500 0 486 2 0 2 2 0 8 0 filepl 120 4187 0 4090 5 0 5 5 0 8 2 lockfpl 104 98 0 96 1 0 1 1 0 8 0 lockfspl 48 39 0 37 1 0 1 1 0 8 0 sessionpl 128 18 0 8 1 0 1 1 0 8 0 pgrppl 48 22 0 12 1 0 1 1 0 8 0 ucredpl 96 420 0 413 1 0 1 1 0 8 0 zombiepl 144 486 0 485 1 0 1 1 0 8 0 processpl 896 515 0 485 4 0 4 4 0 8 0 procpl 648 942 0 904 5 1 4 5 0 8 0 sosppl 144 8 0 8 2 1 1 1 0 8 1 sockpl 384 1089 0 1072 6 0 6 6 0 8 4 mcl64k 65536 39 0 35 3 1 2 2 0 8 1 mcl16k 16384 9 0 9 1 0 1 1 0 8 1 mcl12k 12288 8 0 8 2 1 1 1 0 8 1 mcl9k 9216 5 0 5 1 1 0 1 0 8 0 mcl8k 8192 10 0 10 1 0 1 1 0 8 1 mcl4k 4096 51 0 51 2 1 1 1 0 8 1 mcl2k2 2112 2 0 2 1 1 0 1 0 8 0 mcl2k 2048 69879 0 69855 13 9 4 11 0 8 0 mtagpl 80 20 0 7 2 1 1 1 0 8 0 mbufpl 256 113960 0 113507 42 10 32 39 0 8 0 bufpl 280 7338 0 2458 349 0 349 349 0 8 0 anonpl 16 74877 0 50670 107 9 98 98 0 62 0 amapchunkpl 152 2652 0 2479 14 6 8 12 0 158 0 amappl16 192 3050 0 1706 79 11 68 68 0 8 0 amappl14 176 107 0 101 1 0 1 1 0 8 0 amappl13 168 144 0 141 1 0 1 1 0 8 0 amappl12 160 16 0 16 2 2 0 1 0 8 0 amappl11 152 51 0 40 1 0 1 1 0 8 0 amappl10 144 97 0 93 1 0 1 1 0 8 0 amappl9 136 579 0 575 1 0 1 1 0 8 0 amappl8 128 175 0 142 2 0 2 2 0 8 0 amappl7 120 124 0 119 1 0 1 1 0 8 0 amappl6 112 57 0 47 1 0 1 1 0 8 0 amappl5 104 146 0 136 1 0 1 1 0 8 0 amappl4 96 862 0 830 1 0 1 1 0 8 0 amappl3 88 178 0 171 1 0 1 1 0 8 0 amappl2 80 3157 0 3091 3 1 2 3 0 8 0 amappl1 72 18593 0 18186 27 18 9 20 0 8 0 amappl 80 1218 0 1172 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 33 0 0 1 0 1 1 0 8 0 uaddrrnd 24 503 0 486 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 503 0 486 1 0 1 1 0 8 0 vmmpekpl 168 7723 0 7700 2 0 2 2 0 8 0 vmmpepl 168 67705 0 65258 155 22 133 137 0 357 26 vmsppl 272 499 0 486 2 1 1 2 0 8 0 pdppl 4096 1012 0 976 6 1 5 6 0 8 0 pvpl 32 212511 0 184744 233 8 225 225 0 265 1 pmappl 200 502 0 488 1 0 1 1 0 8 0 extentpl 40 46 0 29 1 0 1 1 0 8 0 phpool 112 176 0 25 5 0 5 5 0 8 0