uvm_fault(0xffffffff82227fe8, 0x7f807c2cf6f8, 0, 2) -> e kernel: page fault trap, code=0 Stopped at pmap_page_remove+0x348: xchgq %rax,0(%rbx,%rcx,1) ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic kernel page fault uvm_fault(0xffffffff82227fe8, 0x7f807c2cf6f8, 0, 2) -> e pmap_page_remove(8686452ff6d2bee) at pmap_page_remove+0x348 _atomic_swap_64 sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:117 [inline] pmap_page_remove(8686452ff6d2bee) at pmap_page_remove+0x348 sys/arch/amd64/amd64/pmap.c:1871 end trace frame: 0xffff800020fb7cc0, count: 0 ddb{0}> trace pmap_page_remove(8686452ff6d2bee) at pmap_page_remove+0x348 _atomic_swap_64 sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:117 [inline] pmap_page_remove(8686452ff6d2bee) at pmap_page_remove+0x348 sys/arch/amd64/amd64/pmap.c:1871 uvm_anfree(8944742658ffea93) at uvm_anfree+0x4f sys/uvm/uvm_anon.c:104 amap_wiperange(112cb8c1addde161,ffff8000039e7100,0) at amap_wiperange+0x2ad amap_wiperange_chunk sys/uvm/uvm_amap.c:868 [inline] amap_wiperange(112cb8c1addde161,ffff8000039e7100,0) at amap_wiperange+0x2ad sys/uvm/uvm_amap.c:919 amap_pp_adjref(5c837a7934de26c5,ffff800020fb7e78,0,1) at amap_pp_adjref+0x517 sys/uvm/uvm_amap.c:829 uvm_unmap_detach(e22b9c468749cf72,0) at uvm_unmap_detach+0xd7 sys/uvm/uvm_map.c:1549 uvm_map_teardown(4cc14b480f591f2d) at uvm_map_teardown+0x26c sys/uvm/uvm_map.c:2650 uvmspace_free(3be0f38b629696fe) at uvmspace_free+0x83 sys/uvm/uvm_map.c:3501 uvm_exit(4ef5184a934359bd) at uvm_exit+0x27 sys/uvm/uvm_glue.c:297 reaper(0) at reaper+0x174 sys/kern/kern_exit.c:431 end trace frame: 0x0, count: -9 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff800020fb7c90 rbx 0x7c2cf6f8 rdx 0x1 rcx 0x7f8000000000 rax 0 r8 0xffffffff8167adc8 amap_unref+0xf8 r9 0x7 r10 0x9205ff5a0db4f1a3 r11 0x2920336c3463ec42 r12 0 r13 0x800000007f7be000 r14 0xfffffd806ab1bca0 r15 0xfffffd80054449e8 rip 0xffffffff819af018 pmap_page_remove+0x348 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800020fb7c20 ss 0x10 pmap_page_remove+0x348: xchgq %rax,0(%rbx,%rcx,1) ddb{0}> show proc PROC (reaper) pid=37813 stat=onproc flags process=14000 proc=200 pri=4, usrpri=52, nice=20 forw=0xffffffffffffffff, list=0xffff800020f712c0,0xffff800020f71780 process=0xffff800020faad28 user=0xffff800020fb2000, vmspace=0xffffffff82227fe8 estcpu=2, cpticks=7, pctcpu=0.21 user=0, sys=7, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 79722 204502 1 0 3 0x100083 ttyin getty 54180 199597 0 0 3 0x14200 bored sosplice 49362 183046 13163 0 3 0x82 thrsleep syz-fuzzer 49362 339676 13163 0 2 0x4000482 syz-fuzzer 49362 108451 13163 0 3 0x4000082 thrsleep syz-fuzzer 49362 352585 13163 0 3 0x4000082 thrsleep syz-fuzzer 49362 187924 13163 0 7 0x4000002 syz-fuzzer 49362 61751 13163 0 3 0x4000082 thrsleep syz-fuzzer 49362 254036 13163 0 3 0x4000082 thrsleep syz-fuzzer 49362 494519 13163 0 3 0x4000082 kqread syz-fuzzer 49362 246335 13163 0 2 0x4000002 syz-fuzzer 49362 156449 13163 0 3 0x4000002 biowait syz-fuzzer 49362 132858 13163 0 3 0x4000082 thrsleep syz-fuzzer 49362 414025 13163 0 3 0x4000082 thrsleep syz-fuzzer 13163 229648 2110 0 3 0x10008a pause ksh 2110 519546 57550 0 3 0x92 select sshd 57550 210272 1 0 3 0x80 select sshd 72233 147827 88198 73 2 0x100010 syslogd 88198 423002 1 0 3 0x100082 netio syslogd 42649 8492 1 77 3 0x100090 poll dhclient 41663 396311 1 0 3 0x80 poll dhclient 91498 275409 0 0 2 0x14200 zerothread 24282 313049 0 0 3 0x14200 aiodoned aiodoned 23176 268547 0 0 3 0x14200 syncer update 98990 434228 0 0 3 0x14200 cleaner cleaner *11875 37813 0 0 7 0x14200 reaper 97444 116970 0 0 3 0x14200 pgdaemon pagedaemon 72319 182606 0 0 3 0x14200 bored crynlk 46885 140603 0 0 3 0x14200 bored crypto 94300 456967 0 0 3 0x40014200 acpi0 acpi0 95628 454045 0 0 3 0x40014200 idle1 41229 319355 0 0 3 0x14200 bored softnet 33826 503801 0 0 3 0x14200 bored systqmp 98699 192785 0 0 3 0x14200 bored systq 29874 300341 0 0 3 0x40014200 bored softclock 3958 30193 0 0 3 0x40014200 idle0 1 157550 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper