uvm_fault(0xffffffff824f7790, 0xffff800000b2d000, 0, 1) -> e kernel: page fault trap, code=0 Stopped at uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff824f7790, 0xffff800000b2d000, 0, 1) -> e uvm_unmap_remove(ffff800000b2cf00,0,80000000,ffff800014b0e458,1,0) at uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:496 [inline] uvm_unmap_remove(ffff800000b2cf00,0,80000000,ffff800014b0e458,1,0) at uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2215 end trace frame: 0xffff800014b0e490, count: 0 ddb> trace uvm_unmap_remove(ffff800000b2cf00,0,80000000,ffff800014b0e458,1,0) at uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:496 [inline] uvm_unmap_remove(ffff800000b2cf00,0,80000000,ffff800014b0e458,1,0) at uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2215 uvm_map_deallocate(ffff800000b2cf00) at uvm_map_deallocate+0x6e sys/uvm/uvm_map.c:4231 vm_impl_init_vmx(ffff800016b1bc98,ffff8000ffff33d8) at vm_impl_init_vmx+0x1e0 vm_create(ffff800000aab800,ffff8000ffff33d8) at vm_create+0x182 vm_impl_init sys/arch/amd64/amd64/vmm.c:1376 [inline] vm_create(ffff800000aab800,ffff8000ffff33d8) at vm_create+0x182 sys/arch/amd64/amd64/vmm.c:1164 VOP_IOCTL(fffffd80371124e0,c5005601,ffff800000aab800,1,fffffd803f7c68a0,ffff8000ffff33d8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291 vn_ioctl(fffffd8039391170,c5005601,ffff800000aab800,ffff8000ffff33d8) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:524 sys_ioctl(ffff8000ffff33d8,ffff800014b0e838,ffff800014b0e880) at sys_ioctl+0x5b9 syscall(ffff800014b0e900) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff59,0,3,d2b192ee010) at Xsyscall+0x128 end of kernel end trace frame: 0xd2d4c92df20, count: -9 ddb> show registers rdi 0 rsi 0 rbp 0xffff800014b0e440 rbx 0 rdx 0x16d7 __ALIGN_SIZE+0x6d7 rcx 0xffff800015d09000 rax 0xffff800000b2cf00 r8 0x1 r9 0 r10 0xb94a42b066f38555 r11 0x3961a985da818b58 r12 0 r13 0xfffffd80266358e0 r14 0 r15 0xffff800000b2cf00 rip 0xffffffff81f780db uvm_unmap_remove+0x3eb cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800014b0e390 ss 0x10 uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15 ddb> show proc PROC (syz-executor.0) pid=288883 stat=onproc flags process=0 proc=4000000 pri=82, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff38c8,0xffffffff82562a20 process=0xffff8000148a3458 user=0xffff800014b09000, vmspace=0xfffffd803f014bb0 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 54969 207023 69626 0 2 0 syz-executor.0 *54969 288883 69626 0 7 0x4000000 syz-executor.0 11588 121628 24321 0 2 0x2 syz-executor.1 15657 48667 0 0 3 0x14200 acct acct 69626 220457 24321 0 2 0x482 syz-executor.0 42014 352587 1 0 3 0x100083 ttyin getty 26978 354210 0 0 3 0x14200 bored sosplice 24321 87928 65402 0 3 0x82 thrsleep syz-fuzzer 24321 31008 65402 0 2 0x4000482 syz-fuzzer 24321 59828 65402 0 3 0x4000082 kqread syz-fuzzer 24321 518233 65402 0 3 0x4000082 thrsleep syz-fuzzer 24321 427015 65402 0 3 0x4000082 thrsleep syz-fuzzer 24321 483036 65402 0 3 0x4000082 thrsleep syz-fuzzer 24321 198922 65402 0 3 0x4000082 thrsleep syz-fuzzer 24321 201779 65402 0 3 0x4000082 thrsleep syz-fuzzer 65402 253236 60441 0 3 0x10008a pause ksh 60441 47408 90276 0 3 0x92 select sshd 90276 401297 1 0 3 0x80 select sshd 53894 499250 9620 73 2 0x100010 syslogd 9620 345693 1 0 3 0x100082 netio syslogd 20525 496030 1 77 3 0x100090 poll dhclient 97132 375007 1 0 3 0x80 poll dhclient 4728 454624 0 0 2 0x14200 zerothread 2843 53001 0 0 3 0x14200 aiodoned aiodoned 83493 99452 0 0 3 0x14200 syncer update 23012 116660 0 0 3 0x14200 cleaner cleaner 26074 307204 0 0 3 0x14200 reaper reaper 56783 297892 0 0 3 0x14200 pgdaemon pagedaemon 71319 441507 0 0 3 0x14200 bored crynlk 46155 85834 0 0 3 0x14200 bored crypto 9442 507862 0 0 3 0x40014200 acpi0 acpi0 49428 167544 0 0 3 0x14200 bored softnet 13744 376519 0 0 3 0x14200 bored systqmp 66115 178224 0 0 3 0x14200 bored systq 66225 57846 0 0 3 0x40014200 bored softclock 52619 443566 0 0 3 0x40014200 idle0 47812 248201 0 0 3 0x14200 bored smr 1 369125 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9596 6645K 14835K 78643K 30085 0 0 pcb 13 8K 8K 78643K 1010 0 0 rtable 120 12K 12K 78643K 2936 0 0 ifaddr 73 18K 19K 78643K 901 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 1 2K 2K 78643K 286 0 0 iov 0 0K 32K 78643K 937 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1211 76K 77K 78643K 8689 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 3 5K 5K 78643K 102 0 0 VM map 3 0K 0K 78643K 16 0 0 sem 12 0K 0K 78643K 2336 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 7940 0 0 sigio 2 0K 0K 78643K 134 0 0 proc 50 38K 55K 78643K 2556 0 0 subproc 32 2K 2K 78643K 673 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 9380 0 0 in_multi 33 2K 2K 78643K 647 0 0 ether_multi 1 0K 0K 78643K 41 0 0 mrt 2 0K 0K 78643K 25 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 162 715K 715K 78643K 162 0 0 exec 0 0K 1K 78643K 1357 0 0 pfkey data 0 0K 4K 78643K 4 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 115 22K 31K 78643K 19886 0 0 UVM aobj 130 6K 6K 78643K 153 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 984 0 0 NDP 17 0K 0K 78643K 295 0 0 temp 205 3536K 4174K 78643K 138162 0 0 kqueue 0 0K 0K 78643K 47 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 82 0 76 1 0 1 1 0 8 0 rtpcb 80 478 0 476 1 0 1 1 0 8 0 rtentry 112 429 0 384 2 0 2 2 0 8 0 unpcb 120 7247 0 7232 18 17 1 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 sackhl 24 2 0 2 2 2 0 1 0 8 0 tcpqe 32 4207 0 4207 1 1 0 1 0 8 0 tcpcb 544 9792 0 9788 31 29 2 3 0 8 1 ipq 40 16 0 16 8 8 0 1 0 8 0 ipqe 40 36 0 36 8 8 0 1 0 8 0 inpcb 280 13130 0 13123 23 21 2 3 0 8 1 rttmr 72 2 0 2 2 2 0 1 0 8 0 nd6 48 78 0 74 1 0 1 1 0 8 0 pkpcb 40 33 0 33 15 15 0 1 0 8 0 ppxss 1128 127 0 127 30 29 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1936 0 1718 24 10 14 15 0 8 0 art_table 32 1937 0 1718 2 0 2 2 0 8 0 art_node 16 419 0 379 1 0 1 1 0 8 0 sysvmsgpl 40 22 0 18 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 2332 0 2322 1 0 1 1 0 8 0 shmpl 112 151 0 23 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 13159 0 11767 46 0 46 46 0 8 0 ffsino 240 13159 0 11767 83 0 83 83 0 8 0 nchpl 144 27057 0 25418 62 0 62 62 0 8 0 uvmvnodes 72 8106 0 0 148 0 148 148 0 8 0 vnodes 208 8106 0 0 427 0 427 427 0 8 0 namei 1024 88202 0 88202 7 6 1 1 0 8 1 vmpool 520 14 0 13 6 5 1 1 0 8 0 scsiplug 64 24 0 24 14 14 0 1 0 8 0 scxspl 192 84927 0 84927 24 23 1 7 0 8 1 plimitpl 152 711 0 704 1 0 1 1 0 8 0 sigapl 432 8004 0 7991 2 0 2 2 0 8 0 futexpl 56 189846 0 189846 6 5 1 1 0 8 1 knotepl 112 1964 0 1945 5 4 1 3 0 8 0 kqueuepl 104 1778 0 1776 1 0 1 1 0 8 0 pipepl 112 8248 0 8229 27 25 2 2 0 8 1 fdescpl 424 8005 0 7991 2 0 2 2 0 8 0 filepl 120 72826 0 72729 46 41 5 6 0 8 2 lockfpl 104 2362 0 2361 1 0 1 1 0 8 0 lockfspl 48 805 0 804 1 0 1 1 0 8 0 sessionpl 112 58 0 48 1 0 1 1 0 8 0 pgrppl 48 144 0 134 1 0 1 1 0 8 0 ucredpl 96 9490 0 9483 1 0 1 1 0 8 0 zombiepl 144 7993 0 7993 3 2 1 1 0 8 1 processpl 864 8023 0 7993 4 0 4 4 0 8 0 procpl 632 17436 0 17398 4 0 4 4 0 8 0 sosppl 128 108 0 108 28 28 0 1 0 8 0 sockpl 384 20975 0 20951 66 61 5 8 0 8 2 mcl64k 65536 1097 0 1097 114 113 1 29 0 8 1 mcl16k 16384 54 0 54 26 26 0 1 0 8 0 mcl12k 12288 151 0 151 23 23 0 1 0 8 0 mcl9k 9216 87 0 87 33 32 1 1 0 8 1 mcl8k 8192 219 0 219 23 22 1 1 0 8 1 mcl4k 4096 674 0 673 9 8 1 1 0 8 0 mcl2k2 2112 73 0 73 25 25 0 1 0 8 0 mcl2k 2048 64178 0 64131 18 11 7 13 0 8 0 mtagpl 80 243 0 230 5 4 1 1 0 8 0 mbufpl 256 166730 0 166629 65 55 10 21 0 8 0 bufpl 256 26413 0 18308 507 0 507 507 0 8 0 anonpl 16 768462 0 754495 273 204 69 77 0 62 5 amapchunkpl 152 36501 0 36393 76 70 6 15 0 158 0 amappl16 192 39770 0 38958 263 215 48 55 0 8 6 amappl15 184 2704 0 2700 7 6 1 1 0 8 0 amappl14 176 1356 0 1352 2 1 1 1 0 8 0 amappl13 168 240 0 240 5 5 0 1 0 8 0 amappl12 160 436 0 433 1 0 1 1 0 8 0 amappl11 152 829 0 817 1 0 1 1 0 8 0 amappl10 144 1012 0 1012 7 7 0 1 0 8 0 amappl9 136 2762 0 2756 1 0 1 1 0 8 0 amappl8 128 2247 0 2212 4 2 2 2 0 8 0 amappl7 120 1202 0 1195 1 0 1 1 0 8 0 amappl6 112 748 0 733 1 0 1 1 0 8 0 amappl5 104 862 0 851 1 0 1 1 0 8 0 amappl4 96 7437 0 7406 1 0 1 1 0 8 0 amappl3 88 2303 0 2298 1 0 1 1 0 8 0 amappl2 80 62621 0 62554 4 2 2 3 0 8 0 amappl1 72 152855 0 152453 28 19 9 20 0 8 0 amappl 80 18237 0 18200 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 152 0 23 3 0 3 3 0 8 0 uaddrrnd 24 8019 0 7991 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 8019 0 7991 1 0 1 1 0 8 0 vmmpekpl 168 56140 0 56112 2 0 2 2 0 8 0 vmmpepl 168 946182 0 944308 492 384 108 117 0 357 16 vmsppl 272 8004 0 7991 6 5 1 2 0 8 0 pdppl 4096 16044 0 16008 6 1 5 6 0 8 0 pvpl 32 2327707 0 2310584 702 490 212 288 0 265 61 pmappl 200 8018 0 8004 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 925 0 288 20 0 20 20 0 8 0