uvm_fault(0xffffffff822e42b8, 0x7fbfbffffe38, 0, 2) -> e kernel: page fault trap, code=0 Stopped at pmap_page_remove+0x31d: xchgq %rax,0(%r12,%rcx,1) ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff822e42b8, 0x7fbfbffffe38, 0, 2) -> e pmap_page_remove(fffffd8003a5f500) at pmap_page_remove+0x31d _atomic_swap_64 sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:117 [inline] pmap_page_remove(fffffd8003a5f500) at pmap_page_remove+0x31d sys/arch/amd64/amd64/pmap.c:1875 end trace frame: 0xffff8000148f2260, count: 0 ddb> trace pmap_page_remove(fffffd8003a5f500) at pmap_page_remove+0x31d _atomic_swap_64 sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:117 [inline] pmap_page_remove(fffffd8003a5f500) at pmap_page_remove+0x31d sys/arch/amd64/amd64/pmap.c:1875 uvm_anfree(fffffd80289abc00) at uvm_anfree+0x51 sys/uvm/uvm_anon.c:104 amap_wipeout(fffffd8037cd11f8) at amap_wipeout+0x16d sys/uvm/uvm_amap.c:455 uvm_unmap_detach(ffff8000148f2338,1) at uvm_unmap_detach+0xb7 sys/uvm/uvm_map.c:1553 uvm_map_teardown(fffffd803f013b58) at uvm_map_teardown+0x22c sys/uvm/uvm_map.c:2660 uvmspace_free(fffffd803f013b58) at uvmspace_free+0x85 sys/uvm/uvm_map.c:3509 uvm_exit(ffff8000ffff73c0) at uvm_exit+0x29 sys/uvm/uvm_glue.c:297 reaper(ffff8000ffffee10) at reaper+0x143 sys/kern/kern_exit.c:431 end trace frame: 0x0, count: -8 ddb> show registers rdi 0 rsi 0 rbp 0xffff8000148f2220 rbx 0 rdx 0x100 rcx 0x7f8000000000 rax 0 r8 0xe533166f000 r9 0x7 r10 0x90581b9cea27e2bb r11 0xa1a5a7599138a31e r12 0x3fbffffe38 r13 0xfffffd80289b6a90 r14 0x7fbfc0000000 r15 0x800000003f7be000 rip 0xffffffff814f093d pmap_page_remove+0x31d cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff8000148f2190 ss 0x10 pmap_page_remove+0x31d: xchgq %rax,0(%r12,%rcx,1) ddb> show proc PROC (reaper) pid=224038 stat=onproc flags process=14000 proc=200 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffffebb8,0xffff8000fffff780 process=0xffff8000ffffad28 user=0xffff8000148ed000, vmspace=0xffffffff822e42b8 estcpu=36, cpticks=71, pctcpu=19.77 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 26862 138977 19620 0 3 0x10008a pause sh 19620 395868 64756 0 3 0x82 wait syz-executor.1 67613 117250 0 0 3 0x14200 bored sosplice 64756 184325 22079 0 2 0x82 syz-fuzzer 64756 107752 22079 0 3 0x4000082 nanosleep syz-fuzzer 64756 215316 22079 0 3 0x4000082 thrsleep syz-fuzzer 64756 354588 22079 0 3 0x4000082 thrsleep syz-fuzzer 64756 356892 22079 0 3 0x4000082 thrsleep syz-fuzzer 64756 20798 22079 0 3 0x4000082 thrsleep syz-fuzzer 64756 477374 22079 0 3 0x4000082 thrsleep syz-fuzzer 64756 88911 22079 0 3 0x4000082 thrsleep syz-fuzzer 64756 494757 22079 0 2 0x4000082 syz-fuzzer 22079 320034 84774 0 3 0x10008a pause ksh 84774 474326 3203 0 3 0x92 select sshd 26508 346621 1 0 3 0x100083 ttyin getty 3203 432947 1 0 3 0x80 select sshd 90490 144672 2270 73 2 0x100010 syslogd 2270 200151 1 0 3 0x100082 netio syslogd 1060 421666 1 77 3 0x100090 poll dhclient 96873 216757 1 0 3 0x80 poll dhclient 94936 131308 0 0 2 0x14200 zerothread 47807 515833 0 0 3 0x14200 aiodoned aiodoned 85981 413261 0 0 3 0x14200 syncer update 76277 376495 0 0 3 0x14200 cleaner cleaner * 604 224038 0 0 7 0x14200 reaper 30682 326815 0 0 3 0x14200 pgdaemon pagedaemon 9425 30004 0 0 3 0x14200 bored crynlk 49323 161745 0 0 3 0x14200 bored crypto 88787 335318 0 0 3 0x40014200 acpi0 acpi0 48118 458236 0 0 3 0x14200 bored softnet 10866 313153 0 0 3 0x14200 bored systqmp 55521 77771 0 0 3 0x14200 bored systq 817 248671 0 0 3 0x40014200 bored softclock 56069 178606 0 0 3 0x40014200 idle0 15251 376030 0 0 3 0x14200 bored smr 1 337667 0 0 2 0x82 init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9491 6342K 6350K 78643K 10795 0 0 pcb 23 9K 11K 78643K 373 0 0 rtable 73 3K 4K 78643K 561 0 0 ifaddr 47 11K 13K 78643K 160 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 27 0 0 iov 0 0K 16K 78643K 64 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1213 76K 76K 78643K 1627 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 14 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 1K 78643K 86 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12537 0 0 file desc 4 9K 25K 78643K 545 0 0 sigio 0 0K 0K 78643K 10 0 0 proc 41 30K 54K 78643K 497 0 0 subproc 32 32769K 69634K 78643K 391 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 53 0 0 in_multi 12 0K 2K 78643K 143 0 0 ether_multi 1 0K 0K 78643K 7 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 78 344K 344K 78643K 78 0 0 exec 0 0K 1K 78643K 259 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 70 12K 25K 78643K 2132 0 0 UVM aobj 59 4K 4K 78643K 60 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 34 0 0 NDP 10 0K 0K 78643K 53 0 0 temp 124 2349K 2415K 78643K 4904 0 0 kqueue 0 0K 0K 78643K 8 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 13 0 10 1 0 1 1 0 8 0 inpcbpl 280 315 0 308 1 0 1 1 0 8 0 plimitpl 152 33 0 25 1 0 1 1 0 8 0 rtentry 112 118 0 93 2 0 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 24 0 24 2 2 0 1 0 8 0 tcpcb 544 114 0 110 1 0 1 1 0 8 0 nd6 48 20 0 20 1 0 1 1 0 8 1 ppxss 1128 10 0 10 4 4 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 528 0 423 12 1 11 12 0 8 3 art_table 32 529 0 423 2 0 2 2 0 8 0 art_node 16 115 0 92 1 0 1 1 0 8 0 sysvmsgpl 40 18 0 9 1 0 1 1 0 8 0 semapl 112 80 0 70 1 0 1 1 0 8 0 shmpl 112 58 0 1 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2325 0 888 47 0 47 47 0 8 0 ffsino 240 2325 0 888 85 0 85 85 0 8 0 nchpl 144 3298 0 1658 61 0 61 61 0 8 0 uvmvnodes 72 2569 0 0 47 0 47 47 0 8 0 vnodes 200 2569 0 0 136 0 136 136 0 8 0 namei 1024 9583 0 9583 3 3 0 1 0 8 0 scxspl 192 14383 0 14383 9 8 1 6 0 8 1 sigapl 432 688 0 676 2 0 2 2 0 8 0 futexpl 56 8428 0 8428 3 3 0 1 0 8 0 knotepl 112 348 0 329 1 0 1 1 0 8 0 kqueuepl 104 125 0 123 1 0 1 1 0 8 0 pipepl 112 506 0 491 3 2 1 2 0 8 0 fdescpl 424 689 0 676 2 0 2 2 0 8 0 filepl 120 4373 0 4300 6 3 3 5 0 8 0 lockfpl 104 231 0 231 3 3 0 1 0 8 0 lockfspl 32 319 0 319 3 3 0 1 0 8 0 sessionpl 112 26 0 16 1 0 1 1 0 8 0 pgrppl 48 40 0 30 1 0 1 1 0 8 0 ucredpl 96 954 0 946 1 0 1 1 0 8 0 zombiepl 144 676 0 673 2 1 1 1 0 8 0 processpl 840 704 0 673 4 0 4 4 0 8 0 procpl 600 1380 0 1341 4 0 4 4 0 8 0 sosppl 128 9 0 9 3 3 0 1 0 8 0 sockpl 384 631 0 614 5 3 2 4 0 8 0 mcl64k 65536 524 0 524 34 18 16 32 0 8 16 mcl12k 12288 17 0 17 3 3 0 1 0 8 0 mcl9k 9216 7 0 7 3 3 0 1 0 8 0 mcl8k 8192 7 0 7 2 2 0 1 0 8 0 mcl4k 4096 34 0 34 4 4 0 1 0 8 0 mcl2k2 2112 5 0 5 2 2 0 1 0 8 0 mcl2k 2048 47866 0 47822 17 10 7 12 0 8 0 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 82363 0 82306 26 18 8 21 0 8 0 bufpl 256 9238 0 2439 425 0 425 425 0 8 0 anonpl 16 92386 0 85238 67 19 48 49 0 62 9 amapchunkpl 152 3775 0 3682 31 16 15 15 0 158 9 amappl16 192 3580 0 3129 58 34 24 36 0 8 0 amappl15 184 228 0 223 1 0 1 1 0 8 0 amappl14 176 121 0 119 2 1 1 1 0 8 0 amappl13 168 26 0 23 1 0 1 1 0 8 0 amappl12 160 72 0 69 1 0 1 1 0 8 0 amappl11 152 203 0 189 1 0 1 1 0 8 0 amappl10 144 136 0 134 2 1 1 1 0 8 0 amappl9 136 573 0 571 1 0 1 1 0 8 0 amappl8 128 158 0 144 1 0 1 1 0 8 0 amappl7 120 115 0 108 1 0 1 1 0 8 0 amappl6 112 57 0 49 1 0 1 1 0 8 0 amappl5 104 206 0 195 1 0 1 1 0 8 0 amappl4 96 873 0 849 2 1 1 2 0 8 0 amappl3 88 215 0 210 1 0 1 1 0 8 0 amappl2 80 5000 0 4959 2 0 2 2 0 8 0 amappl1 72 22125 0 21705 26 17 9 19 0 8 0 amappl 72 1658 0 1628 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 59 0 1 1 0 1 1 0 8 0 uaddrrnd 24 689 0 676 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 689 0 676 1 0 1 1 0 8 0 vmmpekpl 168 8939 0 8917 2 0 2 2 0 8 0 vmmpepl 168 83861 0 82568 140 69 71 95 0 357 10 vmsppl 264 688 0 675 2 1 1 2 0 8 0 pdppl 4096 1384 0 1350 6 1 5 6 0 8 0 pvpl 32 383929 0 373744 287 72 215 231 0 265 116 pmappl 192 688 0 675 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 621 0 59 17 0 17 17 0 8 0