uvm_fault(0xffffffff824f7790, 0xffff800000b2f000, 0, 1) -> e kernel: page fault trap, code=0 Stopped at uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff824f7790, 0xffff800000b2f000, 0, 1) -> e uvm_unmap_remove(ffff800000b2ef00,0,80000000,ffff800014930708,1,0) at uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:496 [inline] uvm_unmap_remove(ffff800000b2ef00,0,80000000,ffff800014930708,1,0) at uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2215 end trace frame: 0xffff800014930740, count: 0 ddb> trace uvm_unmap_remove(ffff800000b2ef00,0,80000000,ffff800014930708,1,0) at uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:496 [inline] uvm_unmap_remove(ffff800000b2ef00,0,80000000,ffff800014930708,1,0) at uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2215 uvm_map_deallocate(ffff800000b2ef00) at uvm_map_deallocate+0x6e sys/uvm/uvm_map.c:4231 vm_impl_init_vmx(ffff800017b69c70,ffff800014914508) at vm_impl_init_vmx+0x1e0 vm_create(ffff800000a8e000,ffff800014914508) at vm_create+0x182 vm_impl_init sys/arch/amd64/amd64/vmm.c:1376 [inline] vm_create(ffff800000a8e000,ffff800014914508) at vm_create+0x182 sys/arch/amd64/amd64/vmm.c:1164 VOP_IOCTL(fffffd803be3d340,c5005601,ffff800000a8e000,1,fffffd803f7c6840,ffff800014914508) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291 vn_ioctl(fffffd8037de4168,c5005601,ffff800000a8e000,ffff800014914508) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:524 sys_ioctl(ffff800014914508,ffff800014930ae8,ffff800014930b30) at sys_ioctl+0x5b9 syscall(ffff800014930bb0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff59,0,3,f9a499d7010) at Xsyscall+0x128 end of kernel end trace frame: 0xf9cc3d89280, count: -9 ddb> show registers rdi 0 rsi 0 rbp 0xffff8000149306f0 rbx 0 rdx 0x14f5 __ALIGN_SIZE+0x4f5 rcx 0xffff800015955000 rax 0xffff800000b2ef00 r8 0x1 r9 0 r10 0x40c0b6d56e28247e r11 0x5391d29ce4a8a3fc r12 0 r13 0xfffffd803906f560 r14 0 r15 0xffff800000b2ef00 rip 0xffffffff81f780db uvm_unmap_remove+0x3eb cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800014930640 ss 0x10 uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15 ddb> show proc PROC (syz-executor.0) pid=335630 stat=onproc flags process=0 proc=4000000 pri=79, usrpri=79, nice=20 forw=0xffffffffffffffff, list=0xffff800014914780,0xffffffff82562a20 process=0xffff8000148a2378 user=0xffff80001492b000, vmspace=0xfffffd803f014aa0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 37944 31904 94415 0 2 0 syz-executor.0 *37944 335630 94415 0 7 0x4000000 syz-executor.0 83070 34061 12666 0 2 0 syz-executor.1 83070 441750 12666 0 3 0x4000080 ttyout syz-executor.1 83070 47666 12666 0 3 0x4000080 fsleep syz-executor.1 20113 483470 1 0 3 0x100083 ttyin getty 94415 58434 98289 0 2 0x482 syz-executor.0 12666 31335 98289 0 2 0x482 syz-executor.1 2309 265597 0 0 3 0x14200 bored sosplice 98289 521376 91179 0 3 0x82 thrsleep syz-fuzzer 98289 448906 91179 0 3 0x4000082 thrsleep syz-fuzzer 98289 80061 91179 0 3 0x4000082 kqread syz-fuzzer 98289 224507 91179 0 3 0x4000082 thrsleep syz-fuzzer 98289 142146 91179 0 3 0x4000082 thrsleep syz-fuzzer 98289 44533 91179 0 3 0x4000082 thrsleep syz-fuzzer 98289 65235 91179 0 3 0x4000082 thrsleep syz-fuzzer 91179 289575 13993 0 3 0x10008a pause ksh 13993 413667 1995 0 3 0x92 select sshd 1995 444169 1 0 3 0x80 select sshd 81461 197934 49328 73 3 0x100090 kqread syslogd 49328 513708 1 0 3 0x100082 netio syslogd 53281 266121 1 77 3 0x100090 poll dhclient 32450 393808 1 0 3 0x80 poll dhclient 67174 478757 0 0 2 0x14200 zerothread 75413 417155 0 0 3 0x14200 aiodoned aiodoned 53933 241442 0 0 3 0x14200 syncer update 87974 353864 0 0 3 0x14200 cleaner cleaner 9556 379208 0 0 3 0x14200 reaper reaper 81301 84983 0 0 3 0x14200 pgdaemon pagedaemon 39004 286053 0 0 3 0x14200 bored crynlk 85789 346328 0 0 3 0x14200 bored crypto 36483 300717 0 0 3 0x40014200 acpi0 acpi0 72614 248899 0 0 3 0x14200 bored softnet 88101 489286 0 0 3 0x14200 bored systqmp 9419 491355 0 0 3 0x14200 bored systq 74429 143347 0 0 3 0x40014200 bored softclock 99650 266459 0 0 3 0x40014200 idle0 15403 450752 0 0 3 0x14200 bored smr 1 75167 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9538 7119K 7249K 78643K 13132 0 0 pcb 13 8K 8K 78643K 212 0 0 rtable 111 4K 4K 78643K 494 0 0 ifaddr 62 14K 14K 78643K 167 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 1 2K 2K 78643K 42 0 0 iov 0 0K 24K 78643K 109 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1218 77K 77K 78643K 2185 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 23 0 0 VM map 3 0K 0K 78643K 3 0 0 sem 12 1K 1K 78643K 157 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 6 17K 25K 78643K 1023 0 0 sigio 0 0K 0K 78643K 19 0 0 proc 48 38K 63K 78643K 588 0 0 subproc 32 2K 2K 78643K 85 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 78 0 0 in_multi 33 2K 2K 78643K 105 0 0 ether_multi 1 0K 0K 78643K 5 0 0 mrt 0 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 162 715K 715K 78643K 162 0 0 exec 0 0K 1K 78643K 320 0 0 pfkey data 0 0K 0K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 102 21K 31K 78643K 3260 0 0 UVM aobj 43 7K 7K 78643K 67 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 147 0 0 NDP 13 0K 0K 78643K 48 0 0 temp 174 3534K 4175K 78643K 22239 0 0 kqueue 0 0K 0K 78643K 4 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 12 0 6 1 0 1 1 0 8 0 rtpcb 80 61 0 59 1 0 1 1 0 8 0 rtentry 112 75 0 31 2 0 2 2 0 8 0 unpcb 120 497 0 489 2 1 1 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 5828 0 5828 1 1 0 1 0 8 0 tcpcb 544 1354 0 1350 7 4 3 3 0 8 2 inpcb 280 1885 0 1878 5 2 3 3 0 8 2 nd6 48 10 0 6 1 0 1 1 0 8 0 pkpcb 40 10 0 10 5 4 1 1 0 8 1 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 19 0 19 2 2 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 348 0 129 14 0 14 14 0 8 0 art_table 32 349 0 129 2 0 2 2 0 8 0 art_node 16 74 0 34 1 0 1 1 0 8 0 sysvmsgpl 40 13 0 13 3 2 1 1 0 8 1 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 155 0 145 1 0 1 1 0 8 0 shmpl 112 65 0 24 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2960 0 1568 46 0 46 46 0 8 0 ffsino 240 2960 0 1568 83 0 83 83 0 8 0 nchpl 144 4917 0 3313 60 0 60 60 0 8 0 uvmvnodes 72 3696 0 0 68 0 68 68 0 8 0 vnodes 208 3696 0 0 195 0 195 195 0 8 0 namei 1024 16201 0 16201 3 2 1 1 0 8 1 vmpool 520 1 0 0 1 0 1 1 0 8 0 scxspl 192 13470 0 13470 9 8 1 7 0 8 1 plimitpl 152 92 0 85 1 0 1 1 0 8 0 sigapl 432 1187 0 1173 2 0 2 2 0 8 0 futexpl 56 21626 0 21625 1 0 1 1 0 8 0 knotepl 112 270 0 251 1 0 1 1 0 8 0 kqueuepl 104 247 0 245 1 0 1 1 0 8 0 pipepl 112 638 0 619 5 4 1 2 0 8 0 fdescpl 424 1188 0 1173 2 0 2 2 0 8 0 filepl 120 9170 0 9068 9 5 4 7 0 8 0 lockfpl 104 326 0 325 1 0 1 1 0 8 0 lockfspl 48 103 0 102 1 0 1 1 0 8 0 sessionpl 112 22 0 12 1 0 1 1 0 8 0 pgrppl 48 26 0 16 1 0 1 1 0 8 0 ucredpl 96 1216 0 1209 1 0 1 1 0 8 0 zombiepl 144 1173 0 1173 3 2 1 1 0 8 1 processpl 864 1203 0 1173 4 0 4 4 0 8 0 procpl 632 2408 0 2369 4 0 4 4 0 8 0 sosppl 128 9 0 9 4 3 1 1 0 8 1 sockpl 384 2472 0 2455 14 9 5 7 0 8 3 mcl64k 65536 19 0 19 2 1 1 1 0 8 1 mcl16k 16384 9 0 9 4 3 1 1 0 8 1 mcl12k 12288 16 0 16 4 3 1 1 0 8 1 mcl9k 9216 11 0 11 3 2 1 1 0 8 1 mcl8k 8192 13 0 13 5 4 1 1 0 8 1 mcl4k 4096 84 0 84 2 1 1 1 0 8 1 mcl2k2 2112 5 0 5 4 4 0 1 0 8 0 mcl2k 2048 53998 0 53959 12 6 6 12 0 8 0 mtagpl 80 46 0 34 2 1 1 1 0 8 0 mbufpl 256 94422 0 94306 13 4 9 10 0 8 0 bufpl 256 8501 0 3526 312 0 312 312 0 8 0 anonpl 16 119808 0 106451 76 17 59 71 0 62 3 amapchunkpl 152 5144 0 5036 15 8 7 12 0 158 1 amappl16 192 6216 0 5461 61 21 40 50 0 8 1 amappl15 184 264 0 262 1 0 1 1 0 8 0 amappl14 176 56 0 53 2 1 1 1 0 8 0 amappl13 168 159 0 158 1 0 1 1 0 8 0 amappl12 160 11 0 8 1 0 1 1 0 8 0 amappl11 152 57 0 46 1 0 1 1 0 8 0 amappl10 144 7 0 7 1 1 0 1 0 8 0 amappl9 136 1155 0 1147 1 0 1 1 0 8 0 amappl8 128 713 0 684 1 0 1 1 0 8 0 amappl7 120 54 0 50 1 0 1 1 0 8 0 amappl6 112 68 0 59 1 0 1 1 0 8 0 amappl5 104 175 0 165 1 0 1 1 0 8 0 amappl4 96 1561 0 1531 1 0 1 1 0 8 0 amappl3 88 138 0 133 1 0 1 1 0 8 0 amappl2 80 8781 0 8706 4 2 2 3 0 8 0 amappl1 72 30529 0 30097 26 17 9 20 0 8 0 amappl 80 2684 0 2646 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 66 0 24 1 0 1 1 0 8 0 uaddrrnd 24 1189 0 1173 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1189 0 1173 1 0 1 1 0 8 0 vmmpekpl 168 11493 0 11465 2 0 2 2 0 8 0 vmmpepl 168 145797 0 143877 171 65 106 111 0 357 22 vmsppl 272 1187 0 1173 3 2 1 2 0 8 0 pdppl 4096 2384 0 2346 6 1 5 6 0 8 0 pvpl 32 339829 0 322938 195 49 146 172 0 265 9 pmappl 200 1188 0 1173 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 472 0 30 13 0 13 13 0 8 0