uvm_fault(0xffffffff81f9fef8, 0x7f8477aa81d8, 0, 2) -> e kernel: page fault trap, code=0 Stopped at pmap_page_remove+0x2a5: xchgq %rax,0(%r12,%rcx,1) ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic kernel page fault uvm_fault(0xffffffff81f9fef8, 0x7f8477aa81d8, 0, 2) -> e pmap_page_remove(584962cb09f2f76a) at pmap_page_remove+0x2a5 _atomic_swap_64 sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:117 [inline] pmap_page_remove(584962cb09f2f76a) at pmap_page_remove+0x2a5 sys/arch/amd64/amd64/pmap.c:1729 end trace frame: 0xffff8000210478c0, count: 0 ddb{1}> trace pmap_page_remove(584962cb09f2f76a) at pmap_page_remove+0x2a5 _atomic_swap_64 sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:117 [inline] pmap_page_remove(584962cb09f2f76a) at pmap_page_remove+0x2a5 sys/arch/amd64/amd64/pmap.c:1729 uvm_anfree(a779bc638f2d3720) at uvm_anfree+0x3f sys/uvm/uvm_anon.c:104 amap_wipeout(a9faa67e2ba842c0) at amap_wipeout+0x12d sys/uvm/uvm_amap.c:455 uvm_unmap_detach(1a8a553e9d658f37,0) at uvm_unmap_detach+0xc7 sys/uvm/uvm_map.c:1549 uvm_map_teardown(9877cf73b59f0d22) at uvm_map_teardown+0x22c sys/uvm/uvm_map.c:2650 uvmspace_free(71fe55f8926cb9b5) at uvmspace_free+0x65 sys/uvm/uvm_map.c:3501 uvm_exit(140b2671c6cf3090) at uvm_exit+0x27 sys/uvm/uvm_glue.c:289 reaper(0) at reaper+0x163 sys/kern/kern_exit.c:431 end trace frame: 0x0, count: -8 ddb{1}> show registers rdi 0xa rsi 0 rbp 0xffff800021047890 rbx 0xffffff007f123c00 rdx 0 rcx 0x7f8000000000 rax 0 r8 0xffffff00053f4e80 r9 0xffff800021047910 r10 0xffff800021047800 r11 0xd7d9e190b6f17008 r12 0x477aa81d8 r13 0xffffff00640b26c8 r14 0x80000000021c0000 r15 0xffffff00053f4f68 rip 0xffffffff810c2a95 pmap_page_remove+0x2a5 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800021047830 ss 0x10 pmap_page_remove+0x2a5: xchgq %rax,0(%r12,%rcx,1) ddb{1}> show proc PROC (reaper) pid=475252 stat=onproc flags process=14000 proc=200 pri=83, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff8000210004b0,0xffff800021000010 process=0xffff80002103a9e0 user=0xffff800021042000, vmspace=0xffffffff81f9fef8 estcpu=33, cpticks=1, pctcpu=64.73 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 41066 426072 1 65534 3 0x90 wait syz-executor0 39824 119715 1 65534 3 0x90 wait syz-executor1 57890 456615 0 0 3 0x14200 bored sosplice 74671 432940 9784 0 3 0x82 thrsleep syz-fuzzer 74671 153093 9784 0 3 0x4000082 nanosleep syz-fuzzer 74671 440192 9784 0 3 0x4000082 thrsleep syz-fuzzer 74671 479683 9784 0 3 0x4000082 thrsleep syz-fuzzer 74671 397865 9784 0 3 0x4000082 thrsleep syz-fuzzer 74671 439269 9784 0 3 0x4000082 thrsleep syz-fuzzer 74671 449997 9784 0 3 0x4000082 thrsleep syz-fuzzer 74671 63331 9784 0 3 0x4000082 thrsleep syz-fuzzer 74671 237374 9784 0 3 0x4000082 kqread syz-fuzzer 74671 376879 9784 0 3 0x4000082 thrsleep syz-fuzzer 74671 408960 9784 0 3 0x4000082 thrsleep syz-fuzzer 9784 447171 2680 0 3 0x10008a pause ksh 2680 482165 39200 0 3 0x92 select sshd 99416 108282 1 0 3 0x100083 ttyin getty 39200 481859 1 0 3 0x80 select sshd 19208 16521 78761 73 3 0x100010 biowait syslogd 78761 133349 1 0 3 0x100082 netio syslogd 69323 283092 1 77 3 0x100090 poll dhclient 25073 353859 1 0 3 0x80 poll dhclient 92786 385254 0 0 3 0x14200 pgzero zerothread 37332 206192 0 0 3 0x14200 aiodoned aiodoned 40265 8703 0 0 3 0x14200 syncer update 99798 144125 0 0 3 0x14200 cleaner cleaner *97047 475252 0 0 7 0x14200 reaper 53051 493099 0 0 3 0x14200 pgdaemon pagedaemon 36931 425323 0 0 3 0x14200 bored crynlk 28586 391703 0 0 3 0x14200 bored crypto 5462 335056 0 0 3 0x40014200 acpi0 acpi0 58741 22150 0 0 3 0x40014200 idle1 8900 448140 0 0 3 0x14200 bored softnet 93860 248637 0 0 3 0x14200 bored systqmp 7905 266435 0 0 3 0x14200 bored systq 99694 387698 0 0 3 0x40014200 bored softclock 68722 190211 0 0 7 0x40014200 idle0 1 44580 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper