uvm_fault(0xffffffff82522438, 0xffff800000b86000, 0, 1) -> e kernel: page fault trap, code=0 Stopped at uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff82522438, 0xffff800000b86000, 0, 1) -> e uvm_unmap_remove(ffff800000b85f00,0,80000000,ffff800017b13d98,1,0) at uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:497 [inline] uvm_unmap_remove(ffff800000b85f00,0,80000000,ffff800017b13d98,1,0) at uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2217 end trace frame: 0xffff800017b13dd0, count: 0 ddb> trace uvm_unmap_remove(ffff800000b85f00,0,80000000,ffff800017b13d98,1,0) at uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:497 [inline] uvm_unmap_remove(ffff800000b85f00,0,80000000,ffff800017b13d98,1,0) at uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2217 uvm_map_deallocate(ffff800000b85f00) at uvm_map_deallocate+0x6e sys/uvm/uvm_map.c:4233 vm_impl_init_vmx(ffff800017b59ca8,ffff800017b4b3d8) at vm_impl_init_vmx+0x1e0 vm_create(ffff800000b77000,ffff800017b4b3d8) at vm_create+0x182 vm_impl_init sys/arch/amd64/amd64/vmm.c:1375 [inline] vm_create(ffff800000b77000,ffff800017b4b3d8) at vm_create+0x182 sys/arch/amd64/amd64/vmm.c:1164 VOP_IOCTL(fffffd8036190340,c5005601,ffff800000b77000,1,fffffd803f7c6960,ffff800017b4b3d8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291 vn_ioctl(fffffd802f149f10,c5005601,ffff800000b77000,ffff800017b4b3d8) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:524 sys_ioctl(ffff800017b4b3d8,ffff800017b14178,ffff800017b141c0) at sys_ioctl+0x5b9 syscall(ffff800017b14240) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff59,0,3,1e0bfa58010) at Xsyscall+0x128 end of kernel end trace frame: 0x1e2cda87da0, count: -9 ddb> show registers rdi 0 rsi 0 rbp 0xffff800017b13d80 rbx 0 rdx 0x19df __ALIGN_SIZE+0x9df rcx 0xffff800016b09000 rax 0xffff800000b85f00 r8 0x1 r9 0 r10 0x1646adbb47887f9c r11 0x3cdf310c4437ac79 r12 0 r13 0xfffffd802f1f3ad0 r14 0 r15 0xffff800000b85f00 rip 0xffffffff8172244b uvm_unmap_remove+0x3eb cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800017b13cd0 ss 0x10 uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15 ddb> show proc PROC (syz-executor.0) pid=505756 stat=onproc flags process=0 proc=4000000 pri=81, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff800017b4a290,0xffffffff82585f08 process=0xffff8000ffff6d90 user=0xffff800017b0f000, vmspace=0xfffffd803f014110 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 30862 233724 22288 0 2 0 syz-executor.0 *30862 505756 22288 0 7 0x4000000 syz-executor.0 22288 64945 57917 0 3 0x82 nanosleep syz-executor.0 41453 488584 0 0 3 0x14200 acct acct 7615 294785 57917 0 2 0x2 syz-executor.1 1697 352861 1 0 3 0x100083 ttyin getty 19373 147940 0 0 3 0x14200 bored sosplice 57917 290986 70827 0 3 0x82 thrsleep syz-fuzzer 57917 307233 70827 0 3 0x4000082 nanosleep syz-fuzzer 57917 92306 70827 0 3 0x4000082 thrsleep syz-fuzzer 57917 346967 70827 0 3 0x4000082 thrsleep syz-fuzzer 57917 114677 70827 0 3 0x4000082 thrsleep syz-fuzzer 57917 73805 70827 0 3 0x4000082 kqread syz-fuzzer 57917 437106 70827 0 3 0x4000082 thrsleep syz-fuzzer 57917 329216 70827 0 3 0x4000082 thrsleep syz-fuzzer 70827 374936 51513 0 3 0x10008a pause ksh 51513 512269 47933 0 3 0x92 select sshd 47933 119839 1 0 3 0x80 select sshd 33469 195994 13749 73 2 0x100090 syslogd 13749 97313 1 0 3 0x100082 netio syslogd 58207 188805 1 77 3 0x100090 poll dhclient 2929 203188 1 0 3 0x80 poll dhclient 30344 372203 0 0 2 0x14200 zerothread 60013 150891 0 0 3 0x14200 aiodoned aiodoned 86538 130587 0 0 3 0x14200 syncer update 48178 78468 0 0 3 0x14200 cleaner cleaner 97395 257676 0 0 3 0x14200 reaper reaper 98582 178194 0 0 3 0x14200 pgdaemon pagedaemon 71428 42003 0 0 3 0x14200 bored crynlk 10648 427040 0 0 3 0x14200 bored crypto 24446 452833 0 0 3 0x40014200 acpi0 acpi0 91020 366373 0 0 3 0x14200 bored softnet 93656 115038 0 0 3 0x14200 bored systqmp 80570 109148 0 0 3 0x14200 bored systq 60909 335605 0 0 3 0x40014200 bored softclock 4896 478180 0 0 3 0x40014200 idle0 6280 403727 0 0 3 0x14200 bored smr 1 476330 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9602 6421K 14744K 78643K 40296 0 0 pcb 13 8K 8K 78643K 1565 0 0 rtable 121 8K 9K 78643K 4177 0 0 ifaddr 91 24K 27K 78643K 1405 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 1 2K 2K 78643K 441 0 0 iov 0 0K 24K 78643K 1415 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1220 77K 77K 78643K 12953 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 9K 78643K 226 0 0 VM map 3 0K 0K 78643K 21 0 0 sem 12 0K 1K 78643K 4356 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 12931 0 0 sigio 0 0K 0K 78643K 157 0 0 proc 50 38K 55K 78643K 3227 0 0 subproc 32 2K 2K 78643K 788 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 1490 0 0 in_multi 38 2K 2K 78643K 922 0 0 ether_multi 1 0K 0K 78643K 79 0 0 mrt 0 0K 0K 78643K 38 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 186 821K 821K 78643K 186 0 0 exec 0 0K 1K 78643K 1984 0 0 pfkey data 0 0K 4K 78643K 4 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 115 22K 32K 78643K 31423 0 0 UVM aobj 130 4K 4K 78643K 137 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 1496 0 0 NDP 21 0K 0K 78643K 439 0 0 temp 232 3533K 4173K 78643K 206574 0 0 kqueue 0 0K 0K 78643K 92 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 98 0 92 1 0 1 1 0 8 0 rtpcb 80 756 0 754 1 0 1 1 0 8 0 rtentry 112 546 0 502 2 0 2 2 0 8 0 unpcb 120 5314 0 5288 7 5 2 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 5961 0 5961 1 1 0 1 0 8 0 tcpcb 544 2742 0 2738 2 1 1 2 0 8 0 ipq 40 29 0 29 12 12 0 1 0 8 0 ipqe 40 64 0 64 12 12 0 1 0 8 0 inpcb 280 8289 0 8280 22 21 1 2 0 8 0 rttmr 72 6 0 6 4 4 0 1 0 8 0 nd6 48 92 0 88 2 1 1 1 0 8 0 pkpcb 40 66 0 66 27 26 1 1 0 8 1 swfcl 56 6 0 0 1 0 1 1 0 8 0 ppxss 1128 212 0 212 49 48 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2300 0 2053 28 12 16 16 0 8 0 art_table 32 2301 0 2053 3 0 3 3 0 8 0 art_node 16 522 0 482 1 0 1 1 0 8 0 sysvmsgpl 40 36 0 36 3 3 0 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 4354 0 4344 1 0 1 1 0 8 0 shmpl 112 135 0 7 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 21477 0 20066 46 0 46 46 0 8 0 ffsino 240 21477 0 20066 84 0 84 84 0 8 0 nchpl 144 47673 0 45985 63 0 63 63 0 8 0 uvmvnodes 72 9376 0 0 171 0 171 171 0 8 0 vnodes 208 9376 0 0 494 0 494 494 0 8 0 namei 1024 160401 0 160401 7 6 1 1 0 8 1 vmpool 520 19 0 18 8 7 1 1 0 8 0 scsiplug 64 17 0 17 12 12 0 1 0 8 0 scxspl 192 124893 0 124893 42 41 1 7 0 8 1 plimitpl 152 1387 0 1380 1 0 1 1 0 8 0 sigapl 432 12971 0 12958 2 0 2 2 0 8 0 futexpl 56 284303 0 284303 6 5 1 1 0 8 1 knotepl 112 2815 0 2796 5 4 1 3 0 8 0 kqueuepl 104 3088 0 3086 1 0 1 1 0 8 0 pipepl 112 6778 0 6759 27 26 1 2 0 8 0 fdescpl 424 12972 0 12958 2 0 2 2 0 8 0 filepl 120 108087 0 107991 25 21 4 7 0 8 1 lockfpl 104 4332 0 4331 1 0 1 1 0 8 0 lockfspl 48 1429 0 1428 1 0 1 1 0 8 0 sessionpl 112 62 0 52 1 0 1 1 0 8 0 pgrppl 48 181 0 171 1 0 1 1 0 8 0 ucredpl 96 19248 0 19241 1 0 1 1 0 8 0 zombiepl 144 12968 0 12968 3 2 1 1 0 8 1 processpl 864 12998 0 12968 4 0 4 4 0 8 0 procpl 632 28525 0 28487 6 2 4 5 0 8 0 sosppl 128 160 0 160 42 41 1 1 0 8 1 sockpl 384 14541 0 14506 30 25 5 7 0 8 0 mcl64k 65536 1457 0 1457 177 176 1 33 0 8 1 mcl16k 16384 73 0 73 40 40 0 1 0 8 0 mcl12k 12288 246 0 246 39 38 1 1 0 8 1 mcl9k 9216 134 0 134 44 43 1 1 0 8 1 mcl8k 8192 454 0 454 40 39 1 1 0 8 1 mcl4k 4096 895 0 895 13 12 1 1 0 8 1 mcl2k2 2112 104 0 104 44 43 1 1 0 8 1 mcl2k 2048 71129 0 71082 32 25 7 19 0 8 0 mtagpl 80 350 0 312 6 5 1 1 0 8 0 mbufpl 256 191769 0 191588 120 108 12 34 0 8 0 bufpl 256 39068 0 29692 587 0 587 587 0 8 0 anonpl 16 1216552 0 1202186 384 311 73 105 0 62 10 amapchunkpl 152 57926 0 57819 171 165 6 34 0 158 0 amappl16 192 65082 0 64287 421 372 49 53 0 8 8 amappl15 184 3929 0 3929 6 6 0 1 0 8 0 amappl14 176 1576 0 1572 2 1 1 1 0 8 0 amappl13 168 1352 0 1351 7 6 1 1 0 8 0 amappl12 160 3727 0 3724 1 0 1 1 0 8 0 amappl11 152 528 0 517 1 0 1 1 0 8 0 amappl10 144 1153 0 1149 1 0 1 1 0 8 0 amappl9 136 2509 0 2500 1 0 1 1 0 8 0 amappl8 128 2031 0 1988 2 0 2 2 0 8 0 amappl7 120 1354 0 1346 1 0 1 1 0 8 0 amappl6 112 450 0 436 1 0 1 1 0 8 0 amappl5 104 4226 0 4216 1 0 1 1 0 8 0 amappl4 96 10811 0 10780 1 0 1 1 0 8 0 amappl3 88 4440 0 4434 1 0 1 1 0 8 0 amappl2 80 103693 0 103627 4 2 2 3 0 8 0 amappl1 72 239747 0 239341 26 16 10 20 0 8 0 amappl 80 29467 0 29431 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 136 0 7 3 0 3 3 0 8 0 uaddrrnd 24 12991 0 12958 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 12991 0 12958 1 0 1 1 0 8 0 vmmpekpl 168 79331 0 79304 2 0 2 2 0 8 0 vmmpepl 168 1517545 0 1515678 690 594 96 114 0 357 7 vmsppl 272 12971 0 12958 6 5 1 2 0 8 0 pdppl 4096 25988 0 25952 6 1 5 6 0 8 0 pvpl 32 3574459 0 3556968 999 809 190 344 0 265 43 pmappl 200 12990 0 12976 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 1148 0 427 24 2 22 22 0 8 0