uvm_fault(0xffffffff82516880, 0xffff800000c0c000, 0, 1) -> e kernel: page fault trap, code=0 Stopped at uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff82516880, 0xffff800000c0c000, 0, 1) -> e uvm_unmap_remove(ffff800000c0bf00,0,80000000,ffff800014938758,1,0) at uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:496 [inline] uvm_unmap_remove(ffff800000c0bf00,0,80000000,ffff800014938758,1,0) at uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2215 end trace frame: 0xffff800014938790, count: 0 ddb> trace uvm_unmap_remove(ffff800000c0bf00,0,80000000,ffff800014938758,1,0) at uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:496 [inline] uvm_unmap_remove(ffff800000c0bf00,0,80000000,ffff800014938758,1,0) at uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2215 uvm_map_deallocate(ffff800000c0bf00) at uvm_map_deallocate+0x6e sys/uvm/uvm_map.c:4231 vm_impl_init_vmx(ffff80001594ba70,ffff8000ffff3650) at vm_impl_init_vmx+0x1e0 vm_create(ffff800000a64800,ffff8000ffff3650) at vm_create+0x182 vm_impl_init sys/arch/amd64/amd64/vmm.c:1376 [inline] vm_create(ffff800000a64800,ffff8000ffff3650) at vm_create+0x182 sys/arch/amd64/amd64/vmm.c:1164 VOP_IOCTL(fffffd8036169820,c5005601,ffff800000a64800,1,fffffd803f7c6b40,ffff8000ffff3650) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291 vn_ioctl(fffffd803904a358,c5005601,ffff800000a64800,ffff8000ffff3650) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:524 sys_ioctl(ffff8000ffff3650,ffff800014938b38,ffff800014938b80) at sys_ioctl+0x5b9 syscall(ffff800014938c00) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff59,0,3,4605f1e8010) at Xsyscall+0x128 end of kernel end trace frame: 0x46306762a90, count: -9 ddb> show registers rdi 0 rsi 0 rbp 0xffff800014938740 rbx 0 rdx 0x16d8 __ALIGN_SIZE+0x6d8 rcx 0xffff800016b47000 rax 0xffff800000c0bf00 r8 0x1 r9 0 r10 0x17730cd030fbc2ee r11 0x1f0fa8c9fcf1a7d7 r12 0 r13 0xfffffd80373b2220 r14 0 r15 0xffff800000c0bf00 rip 0xffffffff81dfd0bb uvm_unmap_remove+0x3eb cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800014938690 ss 0x10 uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15 ddb> show proc PROC (syz-executor.1) pid=478195 stat=onproc flags process=0 proc=4000000 pri=79, usrpri=79, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff2018,0xffffffff82555660 process=0xffff8000ffff7b10 user=0xffff800014933000, vmspace=0xfffffd803f013dd0 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 53771 368848 69112 0 2 0 syz-executor.1 *53771 478195 69112 0 7 0x4000000 syz-executor.1 4307 425028 1 0 3 0x100083 ttyin getty 70708 46932 97426 0 2 0x2 syz-executor.0 82560 444512 0 0 3 0x14200 bored sosplice 69112 128343 97426 0 2 0x482 syz-executor.1 97426 141790 36006 0 3 0x82 kqread syz-fuzzer 97426 302581 36006 0 2 0x4000482 syz-fuzzer 97426 62441 36006 0 3 0x4000082 thrsleep syz-fuzzer 97426 127054 36006 0 3 0x4000082 thrsleep syz-fuzzer 97426 50220 36006 0 3 0x4000082 thrsleep syz-fuzzer 97426 471639 36006 0 3 0x4000082 thrsleep syz-fuzzer 97426 333245 36006 0 3 0x4000082 thrsleep syz-fuzzer 36006 16499 58747 0 3 0x10008a pause ksh 58747 469102 12491 0 3 0x92 select sshd 12491 110382 1 0 3 0x80 select sshd 9958 400547 89195 73 2 0x100010 syslogd 89195 62617 1 0 3 0x100082 netio syslogd 69620 487161 1 77 3 0x100090 poll dhclient 20434 291915 1 0 3 0x80 poll dhclient 67060 5019 0 0 2 0x14200 zerothread 67894 223635 0 0 3 0x14200 aiodoned aiodoned 38395 339331 0 0 3 0x14200 syncer update 96437 38400 0 0 3 0x14200 cleaner cleaner 56550 35808 0 0 3 0x14200 reaper reaper 19232 195062 0 0 3 0x14200 pgdaemon pagedaemon 50542 177600 0 0 3 0x14200 bored crynlk 30816 105527 0 0 3 0x14200 bored crypto 8002 254866 0 0 3 0x40014200 acpi0 acpi0 70613 482057 0 0 3 0x14200 bored softnet 22116 466330 0 0 3 0x14200 bored systqmp 54525 226727 0 0 3 0x14200 bored systq 91705 410972 0 0 3 0x40014200 bored softclock 86350 295688 0 0 3 0x40014200 idle0 26467 76264 0 0 3 0x14200 bored smr 1 73075 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9537 6730K 7680K 78643K 14191 0 0 pcb 13 8K 8K 78643K 129 0 0 rtable 108 3K 4K 78643K 422 0 0 ifaddr 55 13K 14K 78643K 142 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 1 2K 2K 78643K 55 0 0 iov 0 0K 16K 78643K 82 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1236 78K 78K 78643K 2541 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 11 0 0 VM map 3 0K 0K 78643K 6 0 0 sem 12 0K 0K 78643K 220 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 789 0 0 sigio 0 0K 0K 78643K 8 0 0 proc 50 38K 63K 78643K 517 0 0 subproc 32 2K 2K 78643K 68 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 82 0 0 in_multi 33 2K 2K 78643K 102 0 0 ether_multi 1 0K 0K 78643K 10 0 0 mrt 0 0K 0K 78643K 5 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 168 742K 742K 78643K 168 0 0 exec 0 0K 1K 78643K 263 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 91 21K 30K 78643K 2694 0 0 UVM aobj 39 2K 2K 78643K 47 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 113 0 0 NDP 11 0K 0K 78643K 41 0 0 temp 163 3531K 3600K 78643K 12145 0 0 kqueue 0 0K 0K 78643K 4 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 10 0 4 1 0 1 1 0 8 0 rtpcb 80 45 0 43 1 0 1 1 0 8 0 rtentry 112 66 0 22 2 0 2 2 0 8 0 unpcb 120 311 0 303 2 1 1 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 6238 0 6238 1 1 0 1 0 8 0 tcpcb 544 160 0 156 1 0 1 1 0 8 0 inpcb 280 852 0 843 4 3 1 2 0 8 0 rttmr 72 1 0 1 1 1 0 1 0 8 0 nd6 48 8 0 4 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 ppxss 1128 12 0 12 3 3 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 327 0 111 17 3 14 15 0 8 0 art_table 32 328 0 111 2 0 2 2 0 8 0 art_node 16 65 0 25 1 0 1 1 0 8 0 sysvmsgpl 40 26 0 22 1 0 1 1 0 8 0 semapl 112 218 0 208 1 0 1 1 0 8 0 shmpl 112 45 0 8 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2576 0 1183 46 0 46 46 0 8 0 ffsino 240 2576 0 1183 83 0 83 83 0 8 0 nchpl 144 4070 0 2465 61 1 60 61 0 8 0 uvmvnodes 72 3758 0 0 69 0 69 69 0 8 0 vnodes 208 3758 0 0 198 0 198 198 0 8 0 namei 1024 13253 0 13253 3 2 1 1 0 8 1 vmpool 520 4 0 3 2 1 1 1 0 8 0 scxspl 192 11206 0 11206 14 10 4 7 0 8 4 plimitpl 152 92 0 85 1 0 1 1 0 8 0 sigapl 432 955 0 942 2 0 2 2 0 8 0 futexpl 56 17757 0 17757 1 0 1 1 0 8 1 knotepl 112 202 0 183 1 0 1 1 0 8 0 kqueuepl 104 172 0 170 1 0 1 1 0 8 0 pipepl 112 444 0 425 2 1 1 1 0 8 0 fdescpl 424 956 0 942 2 0 2 2 0 8 0 filepl 120 7778 0 7675 7 3 4 7 0 8 0 lockfpl 104 262 0 261 1 0 1 1 0 8 0 lockfspl 48 91 0 90 1 0 1 1 0 8 0 sessionpl 112 20 0 10 1 0 1 1 0 8 0 pgrppl 48 25 0 15 1 0 1 1 0 8 0 ucredpl 96 1095 0 1088 1 0 1 1 0 8 0 zombiepl 144 942 0 942 3 2 1 1 0 8 1 processpl 864 971 0 942 4 0 4 4 0 8 0 procpl 632 1919 0 1883 4 0 4 4 0 8 0 sosppl 128 14 0 14 4 3 1 1 0 8 1 sockpl 384 1244 0 1225 7 4 3 7 0 8 1 mcl64k 65536 21 0 21 4 3 1 1 0 8 1 mcl16k 16384 4 0 4 2 2 0 1 0 8 0 mcl12k 12288 18 0 18 3 2 1 1 0 8 1 mcl9k 9216 9 0 9 5 4 1 1 0 8 1 mcl8k 8192 20 0 20 2 1 1 1 0 8 1 mcl4k 4096 68 0 68 2 1 1 1 0 8 1 mcl2k2 2112 5 0 5 3 3 0 1 0 8 0 mcl2k 2048 52754 0 52699 24 16 8 20 0 8 0 mtagpl 80 47 0 19 2 1 1 1 0 8 0 mbufpl 256 90550 0 90428 17 7 10 12 0 8 0 bufpl 256 8973 0 2964 376 0 376 376 0 8 0 anonpl 16 97342 0 83710 74 18 56 72 0 62 0 amapchunkpl 152 4115 0 4011 14 8 6 12 0 158 0 amappl16 192 4708 0 3939 57 17 40 51 0 8 1 amappl14 176 171 0 166 2 1 1 1 0 8 0 amappl13 168 156 0 155 1 0 1 1 0 8 0 amappl12 160 7 0 6 1 0 1 1 0 8 0 amappl11 152 51 0 40 1 0 1 1 0 8 0 amappl10 144 12 0 11 1 0 1 1 0 8 0 amappl9 136 1065 0 1056 1 0 1 1 0 8 0 amappl8 128 619 0 598 1 0 1 1 0 8 0 amappl7 120 44 0 39 1 0 1 1 0 8 0 amappl6 112 64 0 57 1 0 1 1 0 8 0 amappl5 104 160 0 150 1 0 1 1 0 8 0 amappl4 96 1337 0 1308 1 0 1 1 0 8 0 amappl3 88 142 0 135 1 0 1 1 0 8 0 amappl2 80 6747 0 6681 4 2 2 3 0 8 0 amappl1 72 26281 0 25872 28 19 9 20 0 8 0 amappl 80 2169 0 2134 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 46 0 8 1 0 1 1 0 8 0 uaddrrnd 24 960 0 942 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 960 0 942 1 0 1 1 0 8 0 vmmpekpl 168 9478 0 9453 2 0 2 2 0 8 0 vmmpepl 168 118426 0 116615 161 68 93 107 0 357 12 vmsppl 272 955 0 942 2 1 1 2 0 8 0 pdppl 4096 1926 0 1890 6 1 5 6 0 8 0 pvpl 32 327754 0 311064 280 43 237 261 0 265 100 pmappl 200 959 0 945 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 545 0 39 15 0 15 15 0 8 0