uvm_fault(0xffffffff827b8f28, 0x7f811ad53f38, 0, 2) -> e kernel: page fault trap, code=0 Stopped at pmap_page_remove+0x2fd: xchgq %rax,0(%r12,%rcx,1) ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff827b8f28, 0x7f811ad53f38, 0, 2) -> e pmap_page_remove(fffffd8005228e80) at pmap_page_remove+0x2fd _atomic_swap_64 machine/atomic.h:117 [inline] pmap_page_remove(fffffd8005228e80) at pmap_page_remove+0x2fd sys/arch/amd64/amd64/pmap.c:1946 end trace frame: 0xffff80001d694300, count: 0 ddb> trace pmap_page_remove(fffffd8005228e80) at pmap_page_remove+0x2fd _atomic_swap_64 machine/atomic.h:117 [inline] pmap_page_remove(fffffd8005228e80) at pmap_page_remove+0x2fd sys/arch/amd64/amd64/pmap.c:1946 uvm_anfree_list(fffffd80571b5440,ffff80001d694320) at uvm_anfree_list+0x4e sys/uvm/uvm_anon.c:104 amap_wipeout(fffffd805e7fc210) at amap_wipeout+0x171 sys/uvm/uvm_amap.c:461 uvm_unmap_detach(ffff80001d6943e0,1) at uvm_unmap_detach+0x163 sys/uvm/uvm_map.c:1586 uvm_map_teardown(fffffd806ab19000) at uvm_map_teardown+0x232 sys/uvm/uvm_map.c:2759 uvmspace_free(fffffd806ab19000) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3646 uvm_exit(ffff80001e828ef0) at uvm_exit+0x29 sys/uvm/uvm_glue.c:297 reaper(ffff8000fffff638) at reaper+0x15c sys/kern/kern_exit.c:456 end trace frame: 0x0, count: -8 ddb> show registers rdi 0 rsi 0 rbp 0xffff80001d6942b0 rbx 0 rdx 0 rcx 0x7f8000000000 rax 0 r8 0x2362cd23000 r9 0xffffffff8188fa7c amap_unref+0xfc r10 0x9d34c02f5b0d1abe r11 0x9a6e1e4ad608216c r12 0x11ad53f38 r13 0xfffffd8059501c00 r14 0x7fbfc0000000 r15 0x800000006c3b6000 rip 0xffffffff812b038d pmap_page_remove+0x2fd cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80001d694220 ss 0 pmap_page_remove+0x2fd: xchgq %rax,0(%r12,%rcx,1) ddb> show proc PROC (reaper) pid=469041 stat=onproc flags process=14000 proc=200 pri=4, usrpri=52, nice=20 forw=0xffffffffffffffff, list=0xffff8000fffff148,0xffff8000fffff8c0 process=0xffff8000ffffa008 user=0xffff80001d68f000, vmspace=0xffffffff827b8f28 estcpu=2, cpticks=2, pctcpu=5.14 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 86225 81250 1 0 2 0 syz-executor.0 86225 93158 1 0 2 0x4000000 syz-executor.0 39133 135369 53017 0 2 0x2 syz-executor.1 65630 162937 0 0 3 0x14200 acct acct 40320 451578 0 0 3 0x14280 nfsidl nfsio 61908 347169 0 0 3 0x14280 nfsidl nfsio 70052 224534 0 0 3 0x14280 nfsidl nfsio 11969 353772 0 0 3 0x14280 nfsidl nfsio 78032 289304 0 0 3 0x14280 nfsidl nfsio 7290 500653 0 0 3 0x14280 nfsidl nfsio 59039 393257 0 0 3 0x14280 nfsidl nfsio 90398 27638 0 0 3 0x14280 nfsidl nfsio 36476 413284 0 0 3 0x14280 nfsidl nfsio 52680 487384 0 0 3 0x14280 nfsidl nfsio 73288 195808 0 0 3 0x14280 nfsidl nfsio 52707 74320 0 0 3 0x14280 nfsidl nfsio 81332 38117 0 0 3 0x14280 nfsidl nfsio 63580 272753 0 0 3 0x14280 nfsidl nfsio 85086 200372 0 0 3 0x14280 nfsidl nfsio 86039 399471 0 0 3 0x14280 nfsidl nfsio 28306 222346 0 0 3 0x14280 nfsidl nfsio 67743 63270 0 0 3 0x14280 nfsidl nfsio 80835 378804 0 0 3 0x14280 nfsidl nfsio 3105 264857 0 0 3 0x14280 nfsidl nfsio 24603 379534 0 0 3 0x14200 bored sosplice 53017 418596 96438 0 3 0x82 thrsleep syz-fuzzer 53017 253860 96438 0 3 0x4000082 nanosleep syz-fuzzer 53017 35396 96438 0 3 0x4000082 thrsleep syz-fuzzer 53017 407575 96438 0 3 0x4000082 thrsleep syz-fuzzer 53017 96975 96438 0 3 0x4000082 thrsleep syz-fuzzer 53017 466752 96438 0 3 0x4000082 thrsleep syz-fuzzer 53017 415603 96438 0 2 0x4000002 syz-fuzzer 96438 115726 4101 0 3 0x10008a pause ksh 4101 258861 32965 0 3 0x92 select sshd 63732 371778 1 0 3 0x100083 ttyin getty 32965 323394 1 0 3 0x80 select sshd 77496 48434 909 73 3 0x100090 kqread syslogd 909 512353 1 0 3 0x100082 netio syslogd 17496 291092 1 77 3 0x100090 poll dhclient 47359 16655 1 0 3 0x80 poll dhclient 84637 179054 0 0 3 0x14200 bored smr 45170 324235 0 0 2 0x14200 zerothread 74246 71382 0 0 3 0x14200 aiodoned aiodoned 50239 143175 0 0 3 0x14200 syncer update 249 41465 0 0 3 0x14200 cleaner cleaner *97858 469041 0 0 7 0x14200 reaper 8209 143281 0 0 3 0x14200 pgdaemon pagedaemon 58291 31063 0 0 3 0x14200 bored crynlk 86548 147803 0 0 3 0x14200 bored crypto 26189 75009 0 0 3 0x40014200 acpi0 acpi0 91476 82910 0 0 3 0x14200 bored softnet 44231 333855 0 0 3 0x14200 bored systqmp 13566 153876 0 0 3 0x14200 bored systq 82167 190630 0 0 3 0x40014200 bored softclock 7103 247912 0 0 3 0x40014200 idle0 1 427506 0 0 2 0x82 init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9534 6379K 6896K 78643K 13567 0 pcb 13 8K 8K 78643K 557 0 rtable 172 24K 25K 78643K 2094 0 ifaddr 118 24K 25K 78643K 596 0 sysctl 2 0K 0K 78643K 2 0 counters 21 16K 17K 78643K 87 0 ioctlops 0 0K 4K 78643K 1151 0 iov 0 0K 16K 78643K 224 0 mount 1 1K 1K 78643K 1 0 vnodes 1216 76K 77K 78643K 2363 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 35 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 901 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 4 9K 25K 78643K 3057 0 sigio 0 0K 0K 78643K 17 0 proc 51 38K 55K 78643K 883 0 subproc 32 2K 2K 78643K 187 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 234 0 in_multi 24 1K 2K 78643K 426 0 ether_multi 1 0K 0K 78643K 64 0 mrt 0 0K 0K 78643K 21 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 67 307K 307K 78643K 67 0 exec 0 0K 2K 78643K 738 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 189 285K 301K 78643K 7533 0 UVM aobj 85 3K 3K 78643K 116 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 307 0 NDP 16 0K 0K 78643K 121 0 temp 189 4039K 4103K 78643K 50653 0 kqueue 3 4K 10K 78643K 107 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 36 0 30 1 0 1 1 0 8 0 rtpcb 88 165 0 163 1 0 1 1 0 8 0 rtentry 112 273 0 242 2 0 2 2 0 8 0 unpcb 120 870 0 861 1 0 1 1 0 8 0 syncache 272 27 0 27 8 8 0 1 0 8 0 tcpqe 32 239 0 239 3 3 0 1 0 8 0 tcpcb 592 3150 0 3118 25 20 5 5 0 8 2 ipq 40 18 0 17 5 4 1 1 0 8 0 ipqe 40 91 0 90 5 4 1 1 0 8 0 inpcb 296 4598 0 4591 6 4 2 2 0 8 1 rttmr 72 8 0 8 5 5 0 1 0 8 0 ip6q 72 3 0 3 3 2 1 1 0 8 1 ip6af 40 6 0 6 3 2 1 1 0 8 1 nd6 48 68 0 62 1 0 1 1 0 8 0 pkpcb 40 14 0 14 4 4 0 1 0 8 0 swfcl 56 4 0 0 1 0 1 1 0 8 0 ppxss 1136 8 0 8 6 6 0 1 0 8 0 pfstscr 40 4 0 2 1 0 1 1 0 8 0 pfosfp 40 1 0 0 1 0 1 1 0 8 0 pfosfpen 112 1 0 0 1 0 1 1 0 8 0 pfrke_plain 160 11 0 11 1 1 0 1 0 8 0 pfrktable 1344 392 0 351 10 6 4 4 0 8 0 pftag 88 33 0 24 2 1 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 112 4 0 2 1 0 1 1 0 8 0 pfstate 328 2 0 1 1 0 1 1 0 8 0 pfrule 1360 346 0 101 22 1 21 21 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1214 0 1092 21 12 9 16 0 8 0 art_table 32 1215 0 1092 3 1 2 2 0 8 0 art_node 16 270 0 246 1 0 1 1 0 8 0 sysvmsgpl 40 50 0 39 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 895 0 885 1 0 1 1 0 8 0 shmpl 112 113 0 32 3 0 3 3 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 5165 0 3770 88 0 88 88 0 8 0 ffsino 240 5165 0 3770 83 0 83 83 0 8 0 nchpl 144 9414 0 7834 60 0 60 60 0 8 0 rtmask 32 6 0 6 1 1 0 1 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 208 5926 0 0 312 0 312 312 0 8 0 namei 1024 27095 0 27095 4 3 1 1 0 8 1 vcpupl 1984 25 0 0 4 0 4 4 0 8 0 vmpool 528 40 0 15 3 1 2 2 0 8 0 pfiaddrpl 120 179 0 120 3 1 2 2 0 8 0 scsiplug 72 2 0 2 2 2 0 1 0 8 0 scxspl 200 34646 0 34646 2 1 1 1 0 8 1 plimitpl 152 222 0 215 1 0 1 1 0 8 0 sigapl 424 3241 0 3192 6 0 6 6 0 8 0 futexpl 56 62748 0 62748 4 3 1 1 0 8 1 knotepl 112 320 0 300 1 0 1 1 0 8 0 kqueuepl 152 1729 0 1723 1 0 1 1 0 8 0 pipepl 272 443 0 432 8 7 1 2 0 8 0 fdescpl 432 3202 0 3189 2 0 2 2 0 8 0 filepl 120 19410 0 19315 7 3 4 5 0 8 1 lockfpl 104 553 0 552 1 0 1 1 0 8 0 lockfspl 48 204 0 203 1 0 1 1 0 8 0 sessionpl 120 26 0 16 1 0 1 1 0 8 0 pgrppl 48 58 0 48 1 0 1 1 0 8 0 ucredpl 96 1569 0 1561 1 0 1 1 0 8 0 zombiepl 144 3192 0 3191 1 0 1 1 0 8 0 processpl 944 3241 0 3191 7 0 7 7 0 8 0 procpl 632 6638 0 6581 6 0 6 6 0 8 0 sosppl 144 18 0 18 6 6 0 1 0 8 0 sockpl 400 5654 0 5636 15 11 4 4 0 8 1 mcl64k 65536 121 0 121 8 7 1 1 0 8 1 mcl16k 16384 31 0 31 13 12 1 1 0 8 1 mcl12k 12288 74 0 74 9 8 1 1 0 8 1 mcl9k 9216 47 0 47 11 10 1 1 0 8 1 mcl8k 8192 208 0 208 6 5 1 1 0 8 1 mcl4k 4096 271 0 271 7 6 1 1 0 8 1 mcl2k2 2112 10 0 10 8 7 1 1 0 8 1 mcl2k 2048 95935 0 95883 37 29 8 24 0 8 0 mtagpl 96 221 0 207 4 3 1 3 0 8 0 mbufpl 256 174289 0 174186 32 19 13 24 0 8 1 bufpl 280 11118 0 5746 384 0 384 384 0 8 0 anonpl 16 319885 0 300110 109 25 84 88 0 107 2 amapchunkpl 152 17439 0 17223 84 74 10 22 0 158 0 amappl16 192 12460 0 11405 123 65 58 65 0 8 4 amappl15 184 9 0 8 1 0 1 1 0 8 0 amappl14 176 287 0 277 1 0 1 1 0 8 0 amappl13 168 928 0 926 1 0 1 1 0 8 0 amappl12 160 124 0 121 1 0 1 1 0 8 0 amappl11 152 1154 0 1144 1 0 1 1 0 8 0 amappl10 144 273 0 269 1 0 1 1 0 8 0 amappl9 136 650 0 649 2 1 1 1 0 8 0 amappl8 128 581 0 514 3 0 3 3 0 8 0 amappl7 120 601 0 592 1 0 1 1 0 8 0 amappl6 112 1245 0 1231 1 0 1 1 0 8 0 amappl5 104 1734 0 1722 1 0 1 1 0 8 0 amappl4 96 2286 0 2253 1 0 1 1 0 8 0 amappl3 88 1069 0 1060 1 0 1 1 0 8 0 amappl2 80 21759 0 21694 2 0 2 2 0 8 0 amappl1 72 88217 0 87800 24 14 10 18 0 8 0 amappl 80 7031 0 6961 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 115 0 31 2 0 2 2 0 8 0 uaddrrnd 24 3242 0 3204 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3242 0 3204 1 0 1 1 0 8 0 vmmpekpl 168 18832 0 18788 4 1 3 3 0 8 0 vmmpepl 168 400620 0 398421 285 159 126 154 0 357 21 vmsppl 272 3241 0 3203 4 1 3 3 0 8 0 pdppl 4096 6490 0 6431 11 3 8 9 0 8 0 pvpl 32 907184 0 884667 345 72 273 312 0 265 82 pmappl 200 3241 0 3203 3 0 3 3 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 373 0 126 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pmap_page_remove(fffffd8005228e80) at pmap_page_remove+0x2fd _atomic_swap_64 machine/atomic.h:117 [inline] pmap_page_remove(fffffd8005228e80) at pmap_page_remove+0x2fd sys/arch/amd64/amd64/pmap.c:1946 uvm_anfree_list(fffffd80571b5440,ffff80001d694320) at uvm_anfree_list+0x4e sys/uvm/uvm_anon.c:104 amap_wipeout(fffffd805e7fc210) at amap_wipeout+0x171 sys/uvm/uvm_amap.c:461 uvm_unmap_detach(ffff80001d6943e0,1) at uvm_unmap_detach+0x163 sys/uvm/uvm_map.c:1586 uvm_map_teardown(fffffd806ab19000) at uvm_map_teardown+0x232 sys/uvm/uvm_map.c:2759 uvmspace_free(fffffd806ab19000) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3646 uvm_exit(ffff80001e828ef0) at uvm_exit+0x29 sys/uvm/uvm_glue.c:297 reaper(ffff8000fffff638) at reaper+0x15c sys/kern/kern_exit.c:456 end trace frame: 0x0, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace pmap_page_remove(fffffd8005228e80) at pmap_page_remove+0x2fd _atomic_swap_64 machine/atomic.h:117 [inline] pmap_page_remove(fffffd8005228e80) at pmap_page_remove+0x2fd sys/arch/amd64/amd64/pmap.c:1946 uvm_anfree_list(fffffd80571b5440,ffff80001d694320) at uvm_anfree_list+0x4e sys/uvm/uvm_anon.c:104 amap_wipeout(fffffd805e7fc210) at amap_wipeout+0x171 sys/uvm/uvm_amap.c:461 uvm_unmap_detach(ffff80001d6943e0,1) at uvm_unmap_detach+0x163 sys/uvm/uvm_map.c:1586 uvm_map_teardown(fffffd806ab19000) at uvm_map_teardown+0x232 sys/uvm/uvm_map.c:2759 uvmspace_free(fffffd806ab19000) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3646 uvm_exit(ffff80001e828ef0) at uvm_exit+0x29 sys/uvm/uvm_glue.c:297 reaper(ffff8000fffff638) at reaper+0x15c sys/kern/kern_exit.c:456 end trace frame: 0x0, count: -8