uvm_fault(0xffffffff82e2c6e8, 0x7f8012ca67f0, 0, 2) -> e kernel: page fault trap, code=2 Stopped at pmap_page_remove+0x30d: xchgq %rax,0(%r15,%rcx,1) TID PID UID PRFLAGS PFLAGS CPU COMMAND * 37163 99098 0 0x14000 0x200 0 reaper pmap_page_remove(fffffd8006308600) at pmap_page_remove+0x30d _atomic_swap_64 machine/atomic.h:117 [inline] pmap_page_remove(fffffd8006308600) at pmap_page_remove+0x30d sys/arch/amd64/amd64/pmap.c:1990 uvm_anfree_list(fffffd8067d4d258,ffff80002a5d4f28) at uvm_anfree_list+0x98 amap_wipeout(fffffd806513b270) at amap_wipeout+0x1c1 sys/uvm/uvm_amap.c:504 uvm_unmap_detach(ffff80002a5d4ff0,1) at uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1366 uvm_map_teardown(fffffd8068d9e6f8) at uvm_map_teardown+0x28f sys/uvm/uvm_map.c:2587 uvmspace_free(fffffd8068d9e6f8) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3497 reaper(ffff80002a5d7d40) at reaper+0x15d sys/kern/kern_exit.c:463 end trace frame: 0x0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault(0xffffffff82e2c6e8, 0x7f8012ca67f0, 0, 2) -> e ddb> trace pmap_page_remove(fffffd8006308600) at pmap_page_remove+0x30d _atomic_swap_64 machine/atomic.h:117 [inline] pmap_page_remove(fffffd8006308600) at pmap_page_remove+0x30d sys/arch/amd64/amd64/pmap.c:1990 uvm_anfree_list(fffffd8067d4d258,ffff80002a5d4f28) at uvm_anfree_list+0x98 amap_wipeout(fffffd806513b270) at amap_wipeout+0x1c1 sys/uvm/uvm_amap.c:504 uvm_unmap_detach(ffff80002a5d4ff0,1) at uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1366 uvm_map_teardown(fffffd8068d9e6f8) at uvm_map_teardown+0x28f sys/uvm/uvm_map.c:2587 uvmspace_free(fffffd8068d9e6f8) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3497 reaper(ffff80002a5d7d40) at reaper+0x15d sys/kern/kern_exit.c:463 end trace frame: 0x0, count: -7 ddb> show registers rdi 0 rsi 0 rbp 0xffff80002a5d4ed0 rbx 0 rdx 0 rcx 0x7f8000000000 rax 0 r8 0x7cfe70662000 r9 0 r10 0x854c72a9338db669 r11 0x26335c45a6f2480c r12 0x7fbfc0000000 r13 0xfffffd806a67e4c8 r14 0x800000007f7cb000 r15 0x12ca67f0 __kernel_phys_end+0xfca67f0 rip 0xffffffff824e414d pmap_page_remove+0x30d cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff80002a5d4e40 ss 0x10 pmap_page_remove+0x30d: xchgq %rax,0(%r15,%rcx,1) ddb> show proc PROC (reaper) tid=37163 pid=99098 tcnt=1 stat=onproc flags process=14000 proc=200 runpri=4, usrpri=51, slppri=4, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a58d540,0xffff80002a5d7558 process=0xffff8000ffffee10 user=0xffff80002a5d0000, vmspace=0xffffffff82e2c6e8 estcpu=1, cpticks=2, pctcpu=0.17, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 12127 347861 45941 0 2 0 syz-executor.5 12127 503272 45941 0 3 0x4000080 fsleep syz-executor.5 12127 171533 45941 0 3 0x4000080 fsleep syz-executor.5 83675 179135 1 0 3 0x82 nanoslp getty 7167 286164 70151 0 3 0x80 nanoslp syz-executor.6 7167 299437 70151 0 2 0x4000000 syz-executor.6 7167 10201 70151 0 3 0x4000080 fsleep syz-executor.6 79783 178428 10814 0 2 0 syz-executor.0 79783 465077 10814 0 3 0x4000080 fsleep syz-executor.0 70151 282380 82387 0 3 0x82 nanoslp syz-executor.6 14006 129536 0 0 3 0x14280 nfsidl nfsio 8186 404312 0 0 3 0x14280 nfsidl nfsio 67306 478963 0 0 3 0x14280 nfsidl nfsio 51201 395975 0 0 3 0x14280 nfsidl nfsio 94707 121504 0 0 3 0x14280 nfsidl nfsio 57887 462084 0 0 3 0x14280 nfsidl nfsio 18930 395921 0 0 3 0x14280 nfsidl nfsio 67208 190041 0 0 3 0x14280 nfsidl nfsio 18005 77506 0 0 3 0x14280 nfsidl nfsio 30006 159684 0 0 3 0x14280 nfsidl nfsio 12965 274019 0 0 3 0x14280 nfsidl nfsio 27806 182225 0 0 3 0x14280 nfsidl nfsio 62292 192658 0 0 3 0x14280 nfsidl nfsio 5281 44054 0 0 3 0x14280 nfsidl nfsio 65417 56255 0 0 3 0x14280 nfsidl nfsio 79734 335761 0 0 3 0x14280 nfsidl nfsio 83779 16925 0 0 3 0x14280 nfsidl nfsio 60077 303377 0 0 3 0x14280 nfsidl nfsio 59412 174569 0 0 3 0x14280 nfsidl nfsio 62846 421500 0 0 3 0x14280 nfsidl nfsio 72213 432313 0 0 3 0x14200 bored sosplice 45941 370763 82387 0 3 0x82 nanoslp syz-executor.5 87035 365753 82387 0 3 0x82 nanoslp syz-executor.7 74311 322331 82387 0 3 0x82 nanoslp syz-executor.2 46704 68608 82387 0 3 0x82 nanoslp syz-executor.4 10814 170950 82387 0 3 0x82 nanoslp syz-executor.0 53963 244865 82387 0 3 0x82 nanoslp syz-executor.1 82387 47685 5072 0 3 0x2000082 wait syz-fuzzer 82387 458329 5072 0 3 0x6000082 thrsleep syz-fuzzer 82387 435349 5072 0 3 0x6000082 thrsleep syz-fuzzer 82387 332994 5072 0 3 0x6000082 thrsleep syz-fuzzer 82387 440896 5072 0 3 0x6000082 thrsleep syz-fuzzer 82387 176211 5072 0 3 0x6000082 wait syz-fuzzer 82387 293575 5072 0 3 0x6000082 wait syz-fuzzer 82387 294711 5072 0 3 0x6000082 wait syz-fuzzer 82387 296581 5072 0 3 0x6000082 wait syz-fuzzer 82387 372387 5072 0 3 0x6000082 wait syz-fuzzer 82387 120187 5072 0 3 0x6000082 thrsleep syz-fuzzer 82387 54459 5072 0 3 0x6000082 thrsleep syz-fuzzer 82387 345470 5072 0 3 0x6000082 wait syz-fuzzer 82387 15926 5072 0 2 0x6000002 syz-fuzzer 5072 60454 42503 0 3 0x10008a sigsusp ksh 42503 13162 5034 0 3 0x9a kqread sshd 5034 103282 1 0 3 0x88 kqread sshd 75805 8811 28130 73 3 0x1100090 kqread syslogd 28130 78743 1 0 3 0x100082 netio syslogd 45059 172717 1 0 3 0x100080 kqread resolvd 99697 19911 77257 77 3 0x100092 kqread dhcpleased 98365 375446 77257 77 3 0x100092 kqread dhcpleased 77257 518677 1 0 3 0x80 kqread dhcpleased 74451 173249 0 0 3 0x14200 bored smr 54284 223571 0 0 2 0x14200 zerothread 9296 216391 0 0 3 0x14200 aiodoned aiodoned 33823 359747 0 0 3 0x14200 syncer update 88511 127492 0 0 3 0x14200 cleaner cleaner *99098 37163 0 0 7 0x14200 reaper 36779 143832 0 0 3 0x14200 pgdaemon pagedaemon 1761 461865 0 0 3 0x14200 bored viomb 20394 155510 0 0 3 0x40014200 acpi0 acpi0 35868 494028 0 0 3 0x14200 bored softnet3 57084 100016 0 0 3 0x14200 bored softnet2 29534 269129 0 0 3 0x14200 bored softnet1 32914 434467 0 0 3 0x14200 bored softnet0 66052 458950 0 0 3 0x14200 bored systqmp 5484 178725 0 0 3 0x14200 bored systq 67505 222907 0 0 3 0x40014200 tmoslp softclock 45220 380564 0 0 3 0x40014200 idle0 1 70207 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10171 6526K 6870K 166960K 14127 0 pcb 15 16K 18K 166960K 303 0 rtable 193 6K 7K 166960K 730 0 pf 25 8K 9K 166960K 69 0 ifaddr 35 10K 11K 166960K 71 0 ifgroup 42 1K 2K 166960K 112 0 sysctl 3 0K 0K 166960K 3 0 counters 28 17K 17K 166960K 47 0 ioctlops 0 0K 2K 166960K 269 0 iov 0 0K 12K 166960K 189 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1413 88K 88K 166960K 2475 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 35 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 340 0 dirhash 12 2K 2K 166960K 12 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 13 45K 73K 166960K 1453 0 sigio 0 0K 0K 166960K 50 0 proc 56 58K 75K 166960K 580 0 subproc 91 5K 6K 166960K 132 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 184 0 in_multi 77 5K 7K 166960K 152 0 ether_multi 1 0K 0K 166960K 4 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 67 307K 307K 166960K 67 0 exec 0 0K 1K 166960K 549 0 pfkey data 0 0K 0K 166960K 3 0 tdb 3 0K 0K 166960K 3 0 pagedep 1 8K 8K 166960K 1 0 inodedep 1 32K 32K 166960K 1 0 newblk 1 0K 0K 166960K 1 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 331 96K 104K 166960K 15365 0 UVM aobj 117 3K 3K 166960K 120 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 17 0 NDP 9 0K 2K 166960K 48 0 temp 74 6704K 6776K 166960K 8989 0 kqueue 13 20K 26K 166960K 112 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 99 0 96 1 0 1 1 0 8 0 rtentry 112 219 0 131 5 2 3 4 0 8 0 unpcb 144 508 0 495 4 3 1 4 0 8 0 syncache 312 22 0 22 4 3 1 1 0 8 1 tcpqe 32 259 0 259 4 3 1 1 0 8 1 tcpcb 808 698 0 681 27 19 8 15 0 8 4 arp 88 29 0 15 1 0 1 1 0 8 0 ipq 40 2 0 1 1 0 1 1 0 8 0 ipqe 40 8 0 7 1 0 1 1 0 8 0 inpcb 336 1618 0 1598 27 18 9 13 0 8 4 nd6 104 30 0 12 1 0 1 1 0 8 0 pkpcb 40 4 0 4 2 1 1 1 0 8 1 kcovpl 48 10 0 3 1 0 1 1 0 8 0 ppxss 1072 6 0 6 2 2 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 580 0 213 33 10 23 30 0 8 0 art_table 32 581 0 213 4 1 3 4 0 8 0 art_node 16 151 0 71 1 0 1 1 0 8 0 sysvmsgpl 40 8 0 3 1 0 1 1 0 8 0 semupl 112 5 0 5 2 2 0 1 0 8 0 semapl 112 336 0 326 1 0 1 1 0 8 0 shmpl 112 117 0 3 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 3340 0 1891 91 0 91 91 0 8 0 ffsino 240 3340 0 1891 86 0 86 86 0 8 0 nchpl 144 5364 0 3726 63 0 63 63 0 8 0 uvmvnodes 80 4315 0 0 89 0 89 89 0 8 0 vnodes 216 4315 0 0 240 0 240 240 0 8 0 namei 1024 19275 0 19275 3 2 1 3 0 8 1 vcpupl 2048 8 0 1 1 0 1 1 0 8 0 vmpool 664 8 0 1 1 0 1 1 0 8 0 kstatmem 264 56 0 38 2 0 2 2 0 8 0 scxspl 216 16367 0 16367 13 12 1 8 1 8 1 plimitpl 152 309 0 293 1 0 1 1 0 8 0 sigapl 424 1772 0 1707 8 0 8 8 0 8 0 futexpl 64 13756 0 13752 1 0 1 1 0 8 0 knotepl 120 18789 0 18707 7 3 4 5 0 8 0 kqueuepl 184 330 0 321 5 4 1 4 0 8 0 pipepl 288 281 0 253 9 6 3 7 0 8 0 fdescpl 432 1735 0 1711 5 1 4 4 0 8 0 filepl 120 10919 0 10695 21 11 10 13 0 8 2 lockfpl 104 290 0 288 2 1 1 2 0 8 0 lockfspl 48 106 0 104 1 0 1 1 0 8 0 sessionpl 144 25 0 10 1 0 1 1 0 8 0 pgrppl 48 29 0 14 1 0 1 1 0 8 0 ucredpl 104 1784 0 1773 1 0 1 1 0 8 0 zombiepl 144 1712 0 1707 1 0 1 1 0 8 0 processpl 1072 1772 0 1707 5 0 5 5 0 8 0 procpl 680 3823 0 3740 11 3 8 9 0 8 0 sosppl 168 35 0 33 2 1 1 1 0 8 0 sockpl 456 2229 0 2193 48 34 14 22 0 8 4 mcl64k 65536 52 0 52 3 2 1 1 0 8 1 mcl16k 16384 25 0 25 2 1 1 1 0 8 1 mcl12k 12288 45 0 45 2 2 0 1 0 8 0 mcl9k 9216 32 0 32 5 4 1 1 0 8 1 mcl8k 8192 127 0 127 3 2 1 1 0 8 1 mcl4k 4096 206 0 206 3 2 1 2 0 8 1 mcl2k2 2112 7 0 7 3 3 0 1 0 8 0 mcl2k 2048 71891 0 71843 37 29 8 31 0 8 1 mtagpl 96 213 0 143 6 2 4 5 0 8 0 mbufpl 256 127837 0 127678 125 104 21 68 0 8 0 bufpl 288 6155 0 209 425 0 425 425 0 8 0 anonpl 24 308702 0 295336 94 9 85 94 0 188 1 amapchunkpl 152 50437 0 49624 54 18 36 44 0 158 2 amappl16 200 7474 0 7070 23 1 22 22 0 8 0 amappl15 192 14 0 14 1 1 0 1 0 8 0 amappl14 184 157 0 145 2 1 1 2 0 8 0 amappl13 176 35 0 34 1 0 1 1 0 8 0 amappl12 168 2396 0 2369 2 0 2 2 0 8 0 amappl11 160 53 0 42 1 0 1 1 0 8 0 amappl10 152 25 0 18 2 1 1 1 0 8 0 amappl9 144 162 0 161 1 0 1 1 0 8 0 amappl8 136 205 0 148 3 0 3 3 0 8 0 amappl7 128 161 0 141 2 0 2 2 0 8 0 amappl6 120 282 0 273 1 0 1 1 0 8 0 amappl5 112 137 0 128 1 0 1 1 0 8 0 amappl4 104 443 0 422 2 1 1 2 0 8 0 amappl3 96 10229 0 10149 4 1 3 3 0 8 0 amappl2 88 2234 0 2167 3 1 2 3 0 8 0 amappl1 80 14586 0 14086 22 10 12 22 0 8 0 amappl 88 14812 0 14597 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 119 0 3 3 0 3 3 0 8 0 uaddrrnd 24 1743 0 1712 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1743 0 1712 1 0 1 1 0 8 0 vmmpekpl 168 17894 0 17841 3 0 3 3 0 8 0 vmmpepl 168 122500 0 120423 137 27 110 115 0 357 12 vmsppl 352 1742 0 1711 4 0 4 4 0 8 0 rwobjpl 24 40337 0 34516 36 0 36 36 0 8 0 pdppl 4096 3492 0 3429 171 100 71 71 0 8 8 pvpl 32 715142 0 696564 360 194 166 334 0 265 10 pmappl 216 1742 0 1711 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1068 0 303 23 0 23 23 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pmap_page_remove(fffffd8006308600) at pmap_page_remove+0x30d _atomic_swap_64 machine/atomic.h:117 [inline] pmap_page_remove(fffffd8006308600) at pmap_page_remove+0x30d sys/arch/amd64/amd64/pmap.c:1990 uvm_anfree_list(fffffd8067d4d258,ffff80002a5d4f28) at uvm_anfree_list+0x98 amap_wipeout(fffffd806513b270) at amap_wipeout+0x1c1 sys/uvm/uvm_amap.c:504 uvm_unmap_detach(ffff80002a5d4ff0,1) at uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1366 uvm_map_teardown(fffffd8068d9e6f8) at uvm_map_teardown+0x28f sys/uvm/uvm_map.c:2587 uvmspace_free(fffffd8068d9e6f8) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3497 reaper(ffff80002a5d7d40) at reaper+0x15d sys/kern/kern_exit.c:463 end trace frame: 0x0, count: -7 ddb> machine ddbcpu 1 No such command ddb> trace pmap_page_remove(fffffd8006308600) at pmap_page_remove+0x30d _atomic_swap_64 machine/atomic.h:117 [inline] pmap_page_remove(fffffd8006308600) at pmap_page_remove+0x30d sys/arch/amd64/amd64/pmap.c:1990 uvm_anfree_list(fffffd8067d4d258,ffff80002a5d4f28) at uvm_anfree_list+0x98 amap_wipeout(fffffd806513b270) at amap_wipeout+0x1c1 sys/uvm/uvm_amap.c:504 uvm_unmap_detach(ffff80002a5d4ff0,1) at uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1366 uvm_map_teardown(fffffd8068d9e6f8) at uvm_map_teardown+0x28f sys/uvm/uvm_map.c:2587 uvmspace_free(fffffd8068d9e6f8) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3497 reaper(ffff80002a5d7d40) at reaper+0x15d sys/kern/kern_exit.c:463 end trace frame: 0x0, count: -7