uvm_fault(0xfffffd806bc0aaa0, 0x24, 0, 2) -> e kernel: page fault trap, code=0 Stopped at pmap_page_remove+0x69: incl 0x24(%rax) ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xfffffd806bc0aaa0, 0x24, 0, 2) -> e pmap_page_remove(fffffd8005015e80) at pmap_page_remove+0x69 _atomic_inc_int machine/atomic.h:139 [inline] pmap_page_remove(fffffd8005015e80) at pmap_page_remove+0x69 pmap_reference sys/arch/amd64/amd64/pmap.c:1414 [inline] pmap_page_remove(fffffd8005015e80) at pmap_page_remove+0x69 sys/arch/amd64/amd64/pmap.c:1901 end trace frame: 0xffff80001d7b40b0, count: 0 ddb> trace pmap_page_remove(fffffd8005015e80) at pmap_page_remove+0x69 _atomic_inc_int machine/atomic.h:139 [inline] pmap_page_remove(fffffd8005015e80) at pmap_page_remove+0x69 pmap_reference sys/arch/amd64/amd64/pmap.c:1414 [inline] pmap_page_remove(fffffd8005015e80) at pmap_page_remove+0x69 sys/arch/amd64/amd64/pmap.c:1901 uvm_anfree_list(fffffd806537ec50,0) at uvm_anfree_list+0x4e sys/uvm/uvm_anon.c:104 uvm_map_clean(fffffd806bc0aaa0,c00342a000,c00343e000,8) at uvm_map_clean+0x5f5 sys/uvm/uvm_map.c:4722 syscall(ffff80001d7b4260) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd6928, count: -5 ddb> show registers rdi 0 rsi 0xa rbp 0xffff80001d7b4060 rbx 0xfffffd806537d000 rdx 0x4 rcx 0xc rax 0 r8 0xffffffff81b199f3 uvm_map_clean+0x483 r9 0x5 r10 0x4a703a0250d8e0e7 r11 0x7d1557bc762c30e1 r12 0 r13 0 r14 0xfffffd806537ec50 r15 0xfffffd8005015ee8 rip 0xffffffff81f2bf99 pmap_page_remove+0x69 cs 0x8 rflags 0x10286 __ALIGN_SIZE+0xf286 rsp 0xffff80001d7b3fd0 ss 0x10 pmap_page_remove+0x69: incl 0x24(%rax) ddb> show proc PROC (syz-fuzzer) pid=331238 stat=onproc flags process=2 proc=0 pri=32, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff80001d7979d0,0xffff80001d798610 process=0xffff8000ffff8e78 user=0xffff80001d7af000, vmspace=0xfffffd806bc0aaa0 estcpu=0, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 90084 332393 83937 0 2 0 syz-executor.1 90084 169561 83937 0 3 0x4000080 fsleep syz-executor.1 92650 257543 2227 0 2 0 syz-executor.0 92650 288805 2227 0 3 0x4000080 piperd syz-executor.0 2489 424206 0 0 3 0x14200 bored sosplice 83937 441378 46949 0 3 0x82 nanosleep syz-executor.1 2227 429369 46949 0 3 0x82 nanosleep syz-executor.0 *46949 331238 88801 0 7 0x2 syz-fuzzer 46949 471974 88801 0 3 0x4000082 nanosleep syz-fuzzer 46949 229179 88801 0 2 0x4000002 syz-fuzzer 46949 195665 88801 0 3 0x4000082 thrsleep syz-fuzzer 46949 489254 88801 0 3 0x4000082 thrsleep syz-fuzzer 46949 409979 88801 0 3 0x4000082 thrsleep syz-fuzzer 46949 430334 88801 0 3 0x4000082 thrsleep syz-fuzzer 46949 125002 88801 0 3 0x4000082 kqread syz-fuzzer 88801 417399 2371 0 3 0x10008a pause ksh 2371 115591 17748 0 3 0x92 select sshd 35231 183421 1 0 3 0x100083 ttyin getty 17748 501988 1 0 3 0x80 select sshd 97456 473760 58809 73 3 0x100090 kqread syslogd 58809 421617 1 0 3 0x100082 netio syslogd 81542 149396 1 77 3 0x100090 poll dhclient 18596 351143 1 0 3 0x80 poll dhclient 72742 433733 0 0 3 0x14200 bored smr 6260 523907 0 0 2 0x14200 zerothread 50073 373519 0 0 3 0x14200 aiodoned aiodoned 38124 211898 0 0 3 0x14200 syncer update 63760 469992 0 0 3 0x14200 cleaner cleaner 43835 362568 0 0 3 0x14200 reaper reaper 87621 198279 0 0 3 0x14200 pgdaemon pagedaemon 2848 256277 0 0 3 0x14200 bored crynlk 80372 313155 0 0 3 0x14200 bored crypto 80344 56888 0 0 3 0x40014200 acpi0 acpi0 88148 129797 0 0 3 0x14200 bored softnet 55873 168248 0 0 3 0x14200 bored systqmp 11926 413594 0 0 3 0x14200 bored systq 48208 28818 0 0 3 0x40014200 bored softclock 834 517285 0 0 3 0x40014200 idle0 1 423836 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9482 6345K 6583K 78643K 11041 0 pcb 13 8K 8K 78643K 376 0 rtable 112 4K 7K 78643K 744 0 ifaddr 64 13K 14K 78643K 104 0 counters 21 16K 16K 78643K 23 0 ioctlops 0 0K 4K 78643K 33 0 iov 0 0K 16K 78643K 40 0 mount 1 1K 1K 78643K 1 0 vnodes 1228 77K 78K 78643K 1335 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 5 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 1K 78643K 476 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 6 17K 25K 78643K 1100 0 sigio 0 0K 0K 78643K 2 0 proc 50 38K 63K 78643K 379 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 4 0 in_multi 53 3K 3K 78643K 69 0 ether_multi 1 0K 0K 78643K 5 0 mrt 0 0K 0K 78643K 284 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 1K 78643K 197 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 127 23K 43K 78643K 3110 0 UVM aobj 13 2K 2K 78643K 14 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 20 0 NDP 9 0K 0K 78643K 15 0 temp 85 3030K 3094K 78643K 11072 0 kqueue 3 4K 8K 78643K 13 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 7 0 0 1 0 1 1 0 8 0 rtpcb 80 23 0 21 1 0 1 1 0 8 0 rtentry 112 173 0 128 2 0 2 2 0 8 0 unpcb 120 899 0 891 1 0 1 1 0 8 0 syncache 264 7 0 7 2 1 1 1 0 8 1 tcpqe 32 116 0 116 2 1 1 1 0 8 1 tcpcb 544 236 0 232 1 0 1 1 0 8 0 inpcb 280 1777 0 1769 2 1 1 2 0 8 0 rttmr 72 127 0 127 1 1 0 1 0 8 0 ip6q 72 2 0 2 1 1 0 1 0 8 0 ip6af 40 6 0 6 1 1 0 1 0 8 0 nd6 48 6 0 0 1 0 1 1 0 8 0 ppxss 1128 1 0 1 1 0 1 1 0 8 1 pfrktable 1344 43 0 42 1 0 1 1 0 8 0 pftag 88 10 0 8 1 0 1 1 0 8 0 pfrule 1360 10 0 8 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 190 0 0 12 0 12 12 0 8 0 art_table 32 191 0 0 2 0 2 2 0 8 0 art_node 16 172 0 131 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 470 0 460 1 0 1 1 0 8 0 shmpl 112 12 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 3147 0 1752 88 0 88 88 0 8 0 ffsino 240 3147 0 1752 83 0 83 83 0 8 0 nchpl 144 5333 0 3729 60 0 60 60 0 8 0 uvmvnodes 72 3264 0 0 60 0 60 60 0 8 0 vnodes 208 3264 0 0 172 0 172 172 0 8 0 namei 1024 13879 0 13879 1 0 1 1 0 8 1 vmpool 528 3 0 3 2 2 0 1 0 8 0 pfiaddrpl 120 12 0 12 1 1 0 1 0 8 0 scxspl 192 15297 0 15297 1 0 1 1 0 8 1 plimitpl 152 24 0 17 1 0 1 1 0 8 0 sigapl 424 1287 0 1257 4 0 4 4 0 8 0 futexpl 56 20089 0 20088 1 0 1 1 0 8 0 knotepl 112 76 0 57 1 0 1 1 0 8 0 kqueuepl 144 35 0 33 1 0 1 1 0 8 0 pipelkpl 16 201 0 190 1 0 1 1 0 8 0 pipepl 120 402 0 381 1 0 1 1 0 8 0 fdescpl 432 1272 0 1257 2 0 2 2 0 8 0 filepl 120 7371 0 7271 4 0 4 4 0 8 0 lockfpl 104 88 0 87 1 0 1 1 0 8 0 lockfspl 48 37 0 36 1 0 1 1 0 8 0 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 19 0 9 1 0 1 1 0 8 0 ucredpl 96 531 0 524 1 0 1 1 0 8 0 zombiepl 144 1257 0 1257 1 0 1 1 0 8 1 processpl 920 1287 0 1257 4 0 4 4 0 8 0 procpl 624 2386 0 2347 4 0 4 4 0 8 0 sosppl 128 4 0 4 2 1 1 1 0 8 1 sockpl 400 2766 0 2749 5 2 3 4 0 8 1 mcl64k 65536 269 0 269 34 33 1 33 0 8 1 mcl12k 12288 35 0 35 2 2 0 1 0 8 0 mcl9k 9216 5 0 5 1 1 0 1 0 8 0 mcl8k 8192 38 0 38 3 2 1 1 0 8 1 mcl4k 4096 323 0 323 3 2 1 1 0 8 1 mcl2k2 2112 2 0 2 2 1 1 1 0 8 1 mcl2k 2048 65744 0 65678 20 9 11 16 0 8 1 mtagpl 80 20 0 4 2 1 1 1 0 8 0 mbufpl 256 113314 0 113174 43 10 33 33 0 8 18 bufpl 280 5355 0 130 374 0 374 374 0 8 0 anonpl 16 100781 0 85491 79 15 64 76 0 107 0 amapchunkpl 152 5173 0 5040 32 16 16 19 0 158 10 amappl16 192 4948 0 4079 55 11 44 53 0 8 0 amappl15 184 1043 0 1038 1 0 1 1 0 8 0 amappl14 176 24 0 18 1 0 1 1 0 8 0 amappl13 168 28 0 24 1 0 1 1 0 8 0 amappl12 160 9 0 7 1 0 1 1 0 8 0 amappl11 152 633 0 622 1 0 1 1 0 8 0 amappl10 144 11 0 7 1 0 1 1 0 8 0 amappl9 136 368 0 367 1 0 1 1 0 8 0 amappl8 128 350 0 298 2 0 2 2 0 8 0 amappl7 120 108 0 96 1 0 1 1 0 8 0 amappl6 112 614 0 606 1 0 1 1 0 8 0 amappl5 104 602 0 590 1 0 1 1 0 8 0 amappl4 96 984 0 951 1 0 1 1 0 8 0 amappl3 88 144 0 139 1 0 1 1 0 8 0 amappl2 80 9368 0 9291 2 0 2 2 0 8 0 amappl1 72 29904 0 29471 23 14 9 17 0 8 0 amappl 80 2631 0 2589 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 13 0 1 1 0 1 1 0 8 0 uaddrrnd 24 1275 0 1260 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1275 0 1260 1 0 1 1 0 8 0 vmmpekpl 168 10417 0 10389 2 0 2 2 0 8 0 vmmpepl 168 150131 0 148044 116 24 92 109 0 357 1 vmsppl 272 1274 0 1260 2 1 1 2 0 8 0 pdppl 4096 2556 0 2520 6 1 5 6 0 8 0 pvpl 32 302567 0 284229 182 28 154 180 0 265 2 pmappl 200 1274 0 1260 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 312 0 62 9 0 9 9 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pmap_page_remove(fffffd8005015e80) at pmap_page_remove+0x69 _atomic_inc_int machine/atomic.h:139 [inline] pmap_page_remove(fffffd8005015e80) at pmap_page_remove+0x69 pmap_reference sys/arch/amd64/amd64/pmap.c:1414 [inline] pmap_page_remove(fffffd8005015e80) at pmap_page_remove+0x69 sys/arch/amd64/amd64/pmap.c:1901 uvm_anfree_list(fffffd806537ec50,0) at uvm_anfree_list+0x4e sys/uvm/uvm_anon.c:104 uvm_map_clean(fffffd806bc0aaa0,c00342a000,c00343e000,8) at uvm_map_clean+0x5f5 sys/uvm/uvm_map.c:4722 syscall(ffff80001d7b4260) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd6928, count: -5 ddb> machine ddbcpu 1 No such command ddb> trace pmap_page_remove(fffffd8005015e80) at pmap_page_remove+0x69 _atomic_inc_int machine/atomic.h:139 [inline] pmap_page_remove(fffffd8005015e80) at pmap_page_remove+0x69 pmap_reference sys/arch/amd64/amd64/pmap.c:1414 [inline] pmap_page_remove(fffffd8005015e80) at pmap_page_remove+0x69 sys/arch/amd64/amd64/pmap.c:1901 uvm_anfree_list(fffffd806537ec50,0) at uvm_anfree_list+0x4e sys/uvm/uvm_anon.c:104 uvm_map_clean(fffffd806bc0aaa0,c00342a000,c00343e000,8) at uvm_map_clean+0x5f5 sys/uvm/uvm_map.c:4722 syscall(ffff80001d7b4260) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffd6928, count: -5