uvm_fault(0xffffff003f12b318, 0x600011c, 0, 1) -> e kernel: page fault trap, code=0 Stopped at m_free+0x2a: movswq 0x1c(%r14),%rdx ddb> ddb> set $lines = 0 ddb> show panic kernel page fault uvm_fault(0xffffff003f12b318, 0x600011c, 0, 1) -> e m_free(6000100) at m_free+0x2a end trace frame: 0xffff800014aefd10, count: 0 ddb> trace m_free(6000100) at m_free+0x2a mq_purge(ffff800001b34f00) at mq_purge+0x6d switchclose(ffff8000ffffd2c8,ffff800014aefd88,ffffffff81657087,ffff800014aefd30) at switchclose+0x77 spec_close(ffffffff81e1e918) at spec_close+0x271 VOP_CLOSE(ffffff002a1d9be8,ffff8000ffffd2c8,ffffff003f7c79c0,3) at VOP_CLOSE+0x5f vn_closefile(ffff8000ffffd2c8,ffffff00306e1f10) at vn_closefile+0xfc fdrop(ffffff00306e1f10,ffff8000ffffd2c8) at fdrop+0xa4 closef(ffff8000ffffd2c8,ffffff003699dba0) at closef+0xd5 fdfree(ffff800014a15cb0) at fdfree+0x98 exit1(ffff800014af0050,ffff8000ffffd2c8,ffff800014a15cb0) at exit1+0x22f sys_exit(ffffffff815ded33,ffff800014aeff70,ffff800014af0050) at sys_exit+0x13 syscall(0) at syscall+0x3e4 Xsyscall(6,1,0,1,0,7f7ffffcef70) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffcef20, count: -13 ddb> show registers rdi 0x7 rsi 0xf0 rbp 0xffff800014aefce0 rbx 0xffffffff81657010 switchclose rdx 0xffff800014aefbf0 rcx 0xffffffff81e3e960 mbstat_boot_boot_cpumem rax 0 r8 0 r9 0 r10 0 r11 0xffffffff818c92d0 pool_lock_mtx_leave r12 0 r13 0x236161bc r14 0x6000100 __kernel_end_phys+0x4000100 r15 0x6000100 __kernel_end_phys+0x4000100 rip 0xffffffff8115980a m_free+0x2a cs 0x8 rflags 0x10282 __ALIGN_SIZE+0xf282 rsp 0xffff800014aefcc0 ss 0x10 m_free+0x2a: movswq 0x1c(%r14),%rdx ddb> show proc PROC (syz-executor0) pid=287469 stat=onproc flags process=1008 proc=2000 pri=50, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffffd070,0xffff8000ffffcbd0 process=0xffff800014a15cb0 user=0xffff800014aeb000, vmspace=0xffffff003f12b318 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 7600 523535 41047 0 3 0x80 nanosleep syz-executor1 7600 36599 41047 0 3 0x4000080 ttyin syz-executor1 7600 123158 41047 0 3 0x4000080 fsleep syz-executor1 48528 104903 0 0 3 0x14200 bored sosplice 90617 245114 51464 0 3 0x82 nanosleep syz-executor0 41047 73734 51464 0 3 0x82 nanosleep syz-executor1 51464 407405 55457 0 3 0x82 thrsleep syz-fuzzer 51464 73534 55457 0 3 0x4000082 thrsleep syz-fuzzer 51464 148 55457 0 3 0x4000082 thrsleep syz-fuzzer 51464 463507 55457 0 3 0x4000082 thrsleep syz-fuzzer 51464 402698 55457 0 3 0x4000082 thrsleep syz-fuzzer 51464 295013 55457 0 3 0x4000082 thrsleep syz-fuzzer 51464 43518 55457 0 3 0x4000082 kqread syz-fuzzer 55457 272859 54639 0 3 0x10008a pause ksh 54639 67383 29184 0 3 0x92 select sshd 63303 293382 1 0 3 0x100083 ttyin getty 29184 115337 1 0 3 0x80 select sshd 76422 101133 94432 73 2 0x100090 syslogd 94432 25227 1 0 3 0x100082 netio syslogd 8434 28188 1 77 3 0x100090 poll dhclient 86459 35304 1 0 3 0x80 poll dhclient 74488 63265 0 0 2 0x14200 zerothread 80458 415173 0 0 3 0x14200 aiodoned aiodoned 98360 340664 0 0 3 0x14200 syncer update 47463 378557 0 0 3 0x14200 cleaner cleaner 81451 396586 0 0 3 0x14200 reaper reaper 74239 458675 0 0 3 0x14200 pgdaemon pagedaemon 97583 217188 0 0 3 0x14200 bored crynlk 83760 158732 0 0 3 0x14200 bored crypto 1743 316758 0 0 3 0x40014200 acpi0 acpi0 56379 293359 0 0 3 0x14200 bored softnet 90179 495919 0 0 3 0x14200 bored systqmp 91727 470767 0 0 3 0x14200 bored systq 2896 380797 0 0 3 0x40014200 bored softclock 87465 248182 0 0 3 0x40014200 idle0 1 148502 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper