uvm_faulta(0xffffffff824ffg518, 0xffff80000e0b1a000, 0, 1) - > e fault trap, code=0 Stopped at uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff824ff518, 0xffff800000b1a000, 0, 1) -> e uvm_unmap_remove(ffff800000b19f00,0,80000000,ffff80001491e788,1,0) at uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:497 [inline] uvm_unmap_remove(ffff800000b19f00,0,80000000,ffff80001491e788,1,0) at uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2217 end trace frame: 0xffff80001491e7c0, count: 0 ddb> trace uvm_unmap_remove(ffff800000b19f00,0,80000000,ffff80001491e788,1,0) at uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:497 [inline] uvm_unmap_remove(ffff800000b19f00,0,80000000,ffff80001491e788,1,0) at uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2217 uvm_map_deallocate(ffff800000b19f00) at uvm_map_deallocate+0x6e sys/uvm/uvm_map.c:4233 vm_impl_init_vmx(ffff800016b54208,ffff8000ffff3b40) at vm_impl_init_vmx+0x1e0 vm_create(ffff800000a62800,ffff8000ffff3b40) at vm_create+0x193 vm_impl_init sys/arch/amd64/amd64/vmm.c:1385 [inline] vm_create(ffff800000a62800,ffff8000ffff3b40) at vm_create+0x193 sys/arch/amd64/amd64/vmm.c:1174 VOP_IOCTL(fffffd803acb48f0,c5005601,ffff800000a62800,1,fffffd803f7c6c00,ffff8000ffff3b40) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291 vn_ioctl(fffffd803aaab348,c5005601,ffff800000a62800,ffff8000ffff3b40) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:536 sys_ioctl(ffff8000ffff3b40,ffff80001491eb68,ffff80001491ebb0) at sys_ioctl+0x5b9 syscall(ffff80001491ec30) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff59,0,3,4a33f4b010) at Xsyscall+0x128 end of kernel end trace frame: 0x4ceb0a8b40, count: -9 ddb> show registers rdi 0 rsi 0 rbp 0xffff80001491e770 rbx 0 rdx 0x8ac rcx 0xffff800014931000 rax 0xffff800000b19f00 r8 0x1 r9 0 r10 0xe9257e0220c6a976 r11 0x8a3ad8ed12f7da9f r12 0 r13 0xfffffd80387d18c0 r14 0 r15 0xffff800000b19f00 rip 0xffffffff81559f4b uvm_unmap_remove+0x3eb cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80001491e6c0 ss 0x10 uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15 ddb> show proc PROC (syz-executor.1) pid=455850 stat=onproc flags process=0 proc=4000000 pri=83, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff3650,0xffffffff8259ac98 process=0xffff8000148a2a38 user=0xffff800014919000, vmspace=0xfffffd803f013dd0 estcpu=33, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 58920 300070 54360 0 2 0 syz-executor.1 *58920 455850 54360 0 7 0x4000000 syz-executor.1 57605 68210 40057 0 2 0x2 syz-executor.0 54360 444400 40057 0 2 0x482 syz-executor.1 20716 46803 0 0 3 0x14200 bored sosplice 40057 61394 25167 0 3 0x82 thrsleep syz-fuzzer 40057 85539 25167 0 2 0x4000482 syz-fuzzer 40057 509325 25167 0 3 0x4000082 thrsleep syz-fuzzer 40057 479910 25167 0 3 0x4000082 thrsleep syz-fuzzer 40057 502119 25167 0 3 0x4000082 thrsleep syz-fuzzer 40057 417699 25167 0 3 0x4000082 kqread syz-fuzzer 40057 92579 25167 0 3 0x4000082 thrsleep syz-fuzzer 25167 448432 70715 0 3 0x10008a pause ksh 70715 211960 92367 0 3 0x92 select sshd 67347 492449 1 0 3 0x100083 ttyin getty 92367 470353 1 0 3 0x80 select sshd 58186 73022 16409 73 2 0x100090 syslogd 16409 512635 1 0 3 0x100082 netio syslogd 22273 474662 1 77 3 0x100090 poll dhclient 29387 95024 1 0 3 0x80 poll dhclient 1618 239627 0 0 2 0x14200 zerothread 58386 70380 0 0 3 0x14200 aiodoned aiodoned 67804 130583 0 0 3 0x14200 syncer update 7005 346082 0 0 3 0x14200 cleaner cleaner 56339 85762 0 0 3 0x14200 reaper reaper 1041 327847 0 0 3 0x14200 pgdaemon pagedaemon 94912 302666 0 0 3 0x14200 bored crynlk 7374 35287 0 0 3 0x14200 bored crypto 44866 455292 0 0 3 0x40014200 acpi0 acpi0 43156 179193 0 0 3 0x14200 bored softnet 94423 492482 0 0 3 0x14200 bored systqmp 55959 372229 0 0 3 0x14200 bored systq 17586 10424 0 0 3 0x40014200 bored softclock 47650 188635 0 0 3 0x40014200 idle0 90471 302993 0 0 3 0x14200 bored smr 1 145611 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9549 6353K 7376K 78643K 15620 0 0 pcb 13 10K 12K 78643K 298 0 0 rtable 98 4K 5K 78643K 2709 0 0 ifaddr 75 15K 16K 78643K 263 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 1 2K 2K 78643K 978 0 0 iov 0 0K 16K 78643K 303 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1221 77K 77K 78643K 3195 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 34 0 0 VM map 12 3K 3K 78643K 16 0 0 sem 12 0K 0K 78643K 225 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 2386 0 0 sigio 0 0K 0K 78643K 14 0 0 proc 48 38K 63K 78643K 911 0 0 subproc 32 2K 2K 78643K 238 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 432 0 0 in_multi 23 1K 2K 78643K 191 0 0 ether_multi 1 0K 0K 78643K 8 0 0 mrt 0 0K 0K 78643K 6 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 60 265K 265K 78643K 60 0 0 exec 0 0K 1K 78643K 505 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 121 103K 119K 78643K 6396 0 0 UVM aobj 109 3K 3K 78643K 118 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 224 0 0 NDP 18 0K 0K 78643K 86 0 0 temp 212 3540K 4180K 78643K 62505 0 0 kqueue 0 0K 0K 78643K 11 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 208 0 202 1 0 1 1 0 8 0 rtpcb 80 147 0 145 1 0 1 1 0 8 0 rtentry 112 702 0 666 2 0 2 2 0 8 0 unpcb 120 599 0 587 3 1 2 2 0 8 1 syncache 264 11 0 11 5 4 1 1 0 8 1 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 77 0 77 3 3 0 1 0 8 0 tcpcb 544 1081 0 1077 18 12 6 15 0 8 5 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 2 0 2 1 1 0 1 0 8 0 inpcb 280 2314 0 2305 14 8 6 9 0 8 5 rttmr 72 2 0 2 1 1 0 1 0 8 0 ip6q 72 1 0 0 1 0 1 1 0 8 0 nd6 48 29 0 27 1 0 1 1 0 8 0 pkpcb 40 8 0 8 3 2 1 1 0 8 1 ppxss 1128 21 0 21 8 7 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2018 0 1843 20 6 14 16 0 8 3 art_table 32 2019 0 1843 3 1 2 3 0 8 0 art_node 16 694 0 661 1 0 1 1 0 8 0 sysvmsgpl 40 48 0 35 1 0 1 1 0 8 0 semapl 112 223 0 213 1 0 1 1 0 8 0 shmpl 112 116 0 9 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 4843 0 3449 46 0 46 46 0 8 0 ffsino 240 4843 0 3449 83 0 83 83 0 8 0 nchpl 144 8478 0 6878 60 0 60 60 0 8 0 uvmvnodes 72 6373 0 0 116 0 116 116 0 8 0 vnodes 208 6373 0 0 336 0 336 336 0 8 0 namei 1024 27188 0 27188 4 3 1 1 0 8 1 vcpupl 1984 9 0 0 2 0 2 2 0 8 0 vmpool 520 14 0 4 1 0 1 1 0 8 0 scsiplug 64 3 0 3 1 1 0 1 0 8 0 scxspl 192 27658 0 27658 15 13 2 7 0 8 2 plimitpl 152 136 0 129 1 0 1 1 0 8 0 sigapl 432 2521 0 2508 2 0 2 2 0 8 0 futexpl 56 63965 0 63965 3 2 1 1 0 8 1 knotepl 112 447 0 428 1 0 1 1 0 8 0 kqueuepl 104 468 0 466 4 3 1 4 0 8 0 pipepl 112 1798 0 1779 5 4 1 2 0 8 0 fdescpl 424 2522 0 2508 2 0 2 2 0 8 0 filepl 120 17316 0 17218 16 8 8 11 0 8 5 lockfpl 104 380 0 379 1 0 1 1 0 8 0 lockfspl 48 141 0 140 1 0 1 1 0 8 0 sessionpl 112 29 0 19 1 0 1 1 0 8 0 pgrppl 48 45 0 35 1 0 1 1 0 8 0 ucredpl 96 1724 0 1717 1 0 1 1 0 8 0 zombiepl 144 2509 0 2509 3 2 1 1 0 8 1 processpl 864 2538 0 2509 4 0 4 4 0 8 0 procpl 632 5077 0 5041 4 0 4 4 0 8 0 sosppl 128 15 0 15 6 6 0 1 0 8 0 sockpl 384 3081 0 3060 21 13 8 14 0 8 5 mcl64k 65536 112 0 112 4 3 1 1 0 8 1 mcl16k 16384 24 0 24 6 5 1 1 0 8 1 mcl12k 12288 47 0 47 6 5 1 1 0 8 1 mcl9k 9216 18 0 18 7 6 1 1 0 8 1 mcl8k 8192 96 0 96 4 3 1 1 0 8 1 mcl4k 4096 905 0 905 4 3 1 1 0 8 1 mcl2k2 2112 10 0 10 7 6 1 1 0 8 1 mcl2k 2048 67559 0 67518 23 16 7 14 0 8 1 mtagpl 80 47 0 47 3 2 1 1 0 8 1 mbufpl 256 129449 0 129371 55 41 14 44 0 8 4 bufpl 256 12277 0 5900 399 0 399 399 0 8 0 anonpl 16 276180 0 262103 106 28 78 88 0 62 6 amapchunkpl 152 12748 0 12615 56 42 14 20 0 158 7 amappl16 192 13117 0 12127 122 62 60 72 0 8 8 amappl15 184 191 0 190 1 0 1 1 0 8 0 amappl14 176 907 0 902 2 1 1 1 0 8 0 amappl13 168 394 0 394 2 1 1 1 0 8 1 amappl12 160 158 0 154 2 1 1 1 0 8 0 amappl11 152 79 0 68 1 0 1 1 0 8 0 amappl10 144 213 0 212 3 2 1 1 0 8 0 amappl9 136 1078 0 1072 1 0 1 1 0 8 0 amappl8 128 622 0 592 2 0 2 2 0 8 1 amappl7 120 282 0 276 1 0 1 1 0 8 0 amappl6 112 100 0 91 1 0 1 1 0 8 0 amappl5 104 417 0 404 1 0 1 1 0 8 0 amappl4 96 2870 0 2846 1 0 1 1 0 8 0 amappl3 88 293 0 286 1 0 1 1 0 8 0 amappl2 80 18826 0 18754 4 2 2 3 0 8 0 amappl1 72 53741 0 53335 27 18 9 20 0 8 0 amappl 80 5516 0 5466 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 117 0 9 2 0 2 2 0 8 0 uaddrrnd 24 2536 0 2508 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2536 0 2508 1 0 1 1 0 8 0 vmmpekpl 168 18972 0 18945 2 0 2 2 0 8 0 vmmpepl 168 304471 0 302407 219 77 142 142 0 357 44 vmsppl 272 2521 0 2508 4 2 2 2 0 8 1 pdppl 4096 5078 0 5033 7 1 6 6 0 8 0 pvpl 32 762389 0 745433 317 92 225 303 0 265 57 pmappl 200 2535 0 2512 2 0 2 2 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 637 0 97 16 0 16 16 0 8 0