uvm_fault(0xffffffff82522438, 0xffff800000aeb000, 0, 1) -> e kernel: page fault trap, code=0 Stopped at uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15 ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff82522438, 0xffff800000aeb000, 0, 1) -> e uvm_unmap_remove(ffff800000aeaf00,0,80000000,ffff80001775a048,1,0) at uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:497 [inline] uvm_unmap_remove(ffff800000aeaf00,0,80000000,ffff80001775a048,1,0) at uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2217 end trace frame: 0xffff80001775a080, count: 0 ddb> trace uvm_unmap_remove(ffff800000aeaf00,0,80000000,ffff80001775a048,1,0) at uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:497 [inline] uvm_unmap_remove(ffff800000aeaf00,0,80000000,ffff80001775a048,1,0) at uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2217 uvm_map_deallocate(ffff800000aeaf00) at uvm_map_deallocate+0x6e sys/uvm/uvm_map.c:4233 vm_impl_init_vmx(ffff800015923c80,ffff8000ffff2508) at vm_impl_init_vmx+0x1e0 vm_create(ffff800000a8e000,ffff8000ffff2508) at vm_create+0x182 vm_impl_init sys/arch/amd64/amd64/vmm.c:1375 [inline] vm_create(ffff800000a8e000,ffff8000ffff2508) at vm_create+0x182 sys/arch/amd64/amd64/vmm.c:1164 VOP_IOCTL(fffffd80361735b0,c5005601,ffff800000a8e000,1,fffffd803f7c69c0,ffff8000ffff2508) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291 vn_ioctl(fffffd802f32cae0,c5005601,ffff800000a8e000,ffff8000ffff2508) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:524 sys_ioctl(ffff8000ffff2508,ffff80001775a428,ffff80001775a470) at sys_ioctl+0x5b9 syscall(ffff80001775a4f0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,ffffffffffffff59,0,3,41b8e0b70e0) at Xsyscall+0x128 end of kernel end trace frame: 0x41e278f6620, count: -9 ddb> show registers rdi 0 rsi 0 rbp 0xffff80001775a030 rbx 0 rdx 0x1782 __ALIGN_SIZE+0x782 rcx 0xffff80001895f000 rax 0xffff800000aeaf00 r8 0x1 r9 0 r10 0xdd76f8ca8c34037e r11 0x436c89d0c05f88fc r12 0 r13 0xfffffd802ebe7698 r14 0 r15 0xffff800000aeaf00 rip 0xffffffff8172244b uvm_unmap_remove+0x3eb cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800017759f80 ss 0x10 uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15 ddb> show proc PROC (syz-executor.1) pid=441149 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff2c70,0xffffffff82585f08 process=0xffff8000ffff7450 user=0xffff800017755000, vmspace=0xfffffd803f014990 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 68553 170415 29563 0 2 0 syz-executor.1 68553 78783 29563 0 3 0x4000080 fsleep syz-executor.1 *68553 441149 29563 0 7 0x4000000 syz-executor.1 68652 436478 23483 0 2 0x2 syz-executor.0 29563 303469 23483 0 2 0x482 syz-executor.1 1974 304227 0 0 3 0x14200 bored sosplice 23483 286391 72510 0 3 0x82 thrsleep syz-fuzzer 23483 129214 72510 0 2 0x4000482 syz-fuzzer 23483 60088 72510 0 3 0x4000082 thrsleep syz-fuzzer 23483 272347 72510 0 3 0x4000082 thrsleep syz-fuzzer 23483 176754 72510 0 3 0x4000082 kqread syz-fuzzer 23483 216817 72510 0 3 0x4000082 thrsleep syz-fuzzer 23483 125898 72510 0 3 0x4000082 thrsleep syz-fuzzer 23483 131771 72510 0 3 0x4000082 thrsleep syz-fuzzer 72510 454891 56299 0 3 0x10008a pause ksh 56299 467444 64722 0 3 0x92 select sshd 57796 49678 1 0 3 0x100083 ttyin getty 64722 346895 1 0 3 0x80 select sshd 72434 6909 15151 73 2 0x100010 syslogd 15151 346471 1 0 3 0x100082 netio syslogd 34277 110080 1 77 3 0x100090 poll dhclient 66036 67 1 0 3 0x80 poll dhclient 82938 424479 0 0 2 0x14200 zerothread 70631 446660 0 0 3 0x14200 aiodoned aiodoned 71051 170286 0 0 3 0x14200 syncer update 88275 162121 0 0 3 0x14200 cleaner cleaner 62518 371294 0 0 3 0x14200 reaper reaper 87830 402444 0 0 3 0x14200 pgdaemon pagedaemon 17013 135084 0 0 3 0x14200 bored crynlk 84330 205897 0 0 3 0x14200 bored crypto 1412 309156 0 0 3 0x40014200 acpi0 acpi0 67333 241094 0 0 3 0x14200 bored softnet 94518 380144 0 0 3 0x14200 bored systqmp 82852 122875 0 0 3 0x14200 bored systq 97162 489840 0 0 3 0x40014200 bored softclock 645 185458 0 0 3 0x40014200 idle0 19007 429507 0 0 3 0x14200 bored smr 1 225685 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9557 6491K 6983K 78643K 15516 0 0 pcb 13 8K 8K 78643K 287 0 0 rtable 111 4K 4K 78643K 875 0 0 ifaddr 71 16K 16K 78643K 283 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 1 2K 2K 78643K 111 0 0 iov 0 0K 32K 78643K 262 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1220 77K 78K 78643K 3112 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 9K 78643K 28 0 0 VM map 3 0K 0K 78643K 8 0 0 sem 12 0K 0K 78643K 278 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 2049 0 0 sigio 0 0K 0K 78643K 24 0 0 proc 50 38K 55K 78643K 877 0 0 subproc 32 2K 2K 78643K 170 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 176 0 0 in_multi 33 2K 2K 78643K 185 0 0 ether_multi 1 0K 0K 78643K 12 0 0 mrt 0 0K 0K 78643K 11 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 96 424K 424K 78643K 96 0 0 exec 0 0K 1K 78643K 483 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 105 21K 30K 78643K 5783 0 0 UVM aobj 56 2K 2K 78643K 56 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 261 0 0 NDP 16 0K 0K 78643K 88 0 0 temp 198 3536K 4175K 78643K 39134 0 0 kqueue 0 0K 0K 78643K 12 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 22 0 16 1 0 1 1 0 8 0 rtpcb 80 133 0 131 1 0 1 1 0 8 0 rtentry 112 131 0 87 2 0 2 2 0 8 0 unpcb 120 2168 0 2158 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 5316 0 5316 1 1 0 1 0 8 0 tcpcb 544 399 0 395 1 0 1 1 0 8 0 inpcb 280 3145 0 3134 8 6 2 3 0 8 1 rttmr 72 2 0 2 2 2 0 1 0 8 0 nd6 48 20 0 16 1 0 1 1 0 8 0 pkpcb 40 22 0 22 5 5 0 1 0 8 0 ppxss 1128 33 0 33 7 6 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 572 0 354 16 2 14 14 0 8 0 art_table 32 573 0 354 2 0 2 2 0 8 0 art_node 16 126 0 86 1 0 1 1 0 8 0 sysvmsgpl 40 28 0 15 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 274 0 264 1 0 1 1 0 8 0 shmpl 112 54 0 0 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 4502 0 3107 46 0 46 46 0 8 0 ffsino 240 4502 0 3107 83 0 83 83 0 8 0 nchpl 144 7463 0 5851 60 0 60 60 0 8 0 uvmvnodes 72 5878 0 0 107 0 107 107 0 8 0 vnodes 208 5878 0 0 310 0 310 310 0 8 0 namei 1024 24071 0 24071 3 2 1 1 0 8 1 vmpool 520 6 0 5 3 2 1 1 0 8 0 scsiplug 64 1 0 1 1 1 0 1 0 8 0 scxspl 192 21505 0 21505 16 15 1 7 0 8 1 plimitpl 152 204 0 197 1 0 1 1 0 8 0 sigapl 432 2196 0 2183 2 0 2 2 0 8 0 futexpl 56 44952 0 44951 3 2 1 1 0 8 0 knotepl 112 523 0 504 2 1 1 2 0 8 0 kqueuepl 104 440 0 438 1 0 1 1 0 8 0 pipepl 112 1254 0 1235 4 3 1 2 0 8 0 fdescpl 424 2197 0 2183 2 0 2 2 0 8 0 filepl 120 16951 0 16850 9 5 4 6 0 8 0 lockfpl 104 618 0 617 1 0 1 1 0 8 0 lockfspl 48 196 0 195 1 0 1 1 0 8 0 sessionpl 112 25 0 15 1 0 1 1 0 8 0 pgrppl 48 47 0 37 1 0 1 1 0 8 0 ucredpl 96 2834 0 2826 1 0 1 1 0 8 0 zombiepl 144 2183 0 2183 2 1 1 1 0 8 1 processpl 864 2212 0 2183 4 0 4 4 0 8 0 procpl 632 4711 0 4673 4 0 4 4 0 8 0 sosppl 128 17 0 17 5 5 0 1 0 8 0 sockpl 384 5485 0 5462 14 10 4 5 0 8 1 mcl64k 65536 73 0 73 7 6 1 1 0 8 1 mcl16k 16384 17 0 17 11 10 1 1 0 8 1 mcl12k 12288 35 0 35 8 7 1 1 0 8 1 mcl9k 9216 17 0 17 11 10 1 1 0 8 1 mcl8k 8192 33 0 33 9 8 1 1 0 8 1 mcl4k 4096 130 0 130 4 3 1 1 0 8 1 mcl2k2 2112 16 0 16 10 10 0 1 0 8 0 mcl2k 2048 59669 0 59627 20 14 6 15 0 8 0 mtagpl 80 55 0 49 2 1 1 1 0 8 0 mbufpl 256 109776 0 109689 17 8 9 10 0 8 0 bufpl 256 11465 0 5382 381 0 381 381 0 8 0 anonpl 16 214772 0 200808 126 63 63 74 0 62 5 amapchunkpl 152 9502 0 9396 22 16 6 10 0 158 1 amappl16 192 11269 0 10465 100 59 41 53 0 8 0 amappl15 184 2 0 1 1 0 1 1 0 8 0 amappl14 176 140 0 136 1 0 1 1 0 8 0 amappl13 168 538 0 537 3 2 1 1 0 8 0 amappl12 160 13 0 10 1 0 1 1 0 8 0 amappl11 152 582 0 571 1 0 1 1 0 8 0 amappl10 144 7 0 7 1 1 0 1 0 8 0 amappl9 136 1209 0 1201 1 0 1 1 0 8 0 amappl8 128 780 0 749 3 1 2 2 0 8 0 amappl7 120 69 0 63 1 0 1 1 0 8 0 amappl6 112 595 0 583 1 0 1 1 0 8 0 amappl5 104 213 0 200 1 0 1 1 0 8 0 amappl4 96 2556 0 2528 1 0 1 1 0 8 0 amappl3 88 167 0 161 1 0 1 1 0 8 0 amappl2 80 16662 0 16594 3 1 2 3 0 8 0 amappl1 72 48776 0 48359 28 19 9 20 0 8 0 amappl 80 5060 0 5024 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 55 0 0 1 0 1 1 0 8 0 uaddrrnd 24 2203 0 2183 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2203 0 2183 1 0 1 1 0 8 0 vmmpekpl 168 16705 0 16675 2 0 2 2 0 8 0 vmmpepl 168 264267 0 262392 227 116 111 111 0 357 26 vmsppl 272 2196 0 2183 2 1 1 2 0 8 0 pdppl 4096 4412 0 4376 6 1 5 6 0 8 0 pvpl 32 570294 0 553303 268 100 168 179 0 265 28 pmappl 200 2202 0 2188 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 566 0 57 15 0 15 15 0 8 0