panic: pmap_unwire: invalid PDE
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*319220 25732 32767 0x10 0x4000000 1K syz-executor.0
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8296cb41) at panic+0x17b sys/kern/subr_prf.c:198
pmap_unwire(fffffd807f003e88,20000000) at pmap_unwire+0x1d9 sys/arch/amd64/amd64/pmap.c:2225
uvm_fault_unwire_locked(fffffd806f1e7548,20000000,20001000) at uvm_fault_unwire_locked+0x20c sys/uvm/uvm_fault.c:1691
uvm_fault_unwire(fffffd806f1e7548,20000000,20001000) at uvm_fault_unwire+0x43 sys/uvm/uvm_fault.c:1623
sys_sysctl(ffff80002a17e008,ffff80002a248320,ffff80002a248270) at sys_sysctl+0x239 sys/kern/kern_sysctl.c:259
syscall(ffff80002a248320) at syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
syscall(ffff80002a248320) at syscall+0x533 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9a9565ab370, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: pmap_unwire: invalid PDE
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8296cb41) at panic+0x17b sys/kern/subr_prf.c:198
pmap_unwire(fffffd807f003e88,20000000) at pmap_unwire+0x1d9 sys/arch/amd64/amd64/pmap.c:2225
uvm_fault_unwire_locked(fffffd806f1e7548,20000000,20001000) at uvm_fault_unwire_locked+0x20c sys/uvm/uvm_fault.c:1691
uvm_fault_unwire(fffffd806f1e7548,20000000,20001000) at uvm_fault_unwire+0x43 sys/uvm/uvm_fault.c:1623
sys_sysctl(ffff80002a17e008,ffff80002a248320,ffff80002a248270) at sys_sysctl+0x239 sys/kern/kern_sysctl.c:259
syscall(ffff80002a248320) at syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
syscall(ffff80002a248320) at syscall+0x533 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9a9565ab370, count: -8
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002a247fc0
rbx 0xffff800029ceccb7
rdx 0x3fd
rcx 0
rax 0x20
r8 0x101010101010101
r9 0x8080808080808080
r10 0x9c2869a57a0fe875
r11 0x14ea633403d746e3
r12 0xffff800029cecab8
r13 0
r14 0
r15 0x1
rip 0xffffffff819322cc db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff80002a247fb0
ss 0x10
db_enter+0x1c: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.0) tid=319220 pid=25732 tcnt=3 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
runpri=32, usrpri=86, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff80002a146d40,0xffff80002a17ed60
process=0xffff8000ffff8d58 user=0xffff80002a243000, vmspace=0xfffffd806f1e7548
estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=0, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
25732 287170 88264 32767 3 0x10 vmmaplk syz-executor.0
*25732 319220 88264 32767 7 0x4000010 syz-executor.0
25732 248772 88264 32767 3 0x4000010 biowait syz-executor.0
88264 76852 24690 32767 3 0x90 nanoslp syz-executor.0
24690 506491 69542 0 3 0x82 wait syz-executor.0
69542 31045 15285 0 3 0x2000082 thrsleep syz-execprog
69542 6067 15285 0 3 0x6000082 nanoslp syz-execprog
69542 33566 15285 0 3 0x6000082 thrsleep syz-execprog
69542 500711 15285 0 3 0x6000082 thrsleep syz-execprog
69542 397866 15285 0 3 0x6000082 thrsleep syz-execprog
69542 287516 15285 0 3 0x6000082 wait syz-execprog
69542 522433 15285 0 3 0x6000082 thrsleep syz-execprog
69542 83559 15285 0 3 0x6000082 kqread syz-execprog
69542 311088 15285 0 3 0x6000082 thrsleep syz-execprog
69542 186122 15285 0 3 0x6000082 thrsleep syz-execprog
69542 76774 15285 0 3 0x6000082 thrsleep syz-execprog
15285 493298 58182 0 3 0x10008a sigsusp ksh
58182 82976 8837 0 3 0x9a kqread sshd
16033 91826 1 0 3 0x100083 ttyin getty
8837 48511 1 0 3 0x88 kqread sshd
24237 301502 14327 73 3 0x1100090 kqread syslogd
14327 462218 1 0 3 0x100082 netio syslogd
78654 454457 1 0 3 0x100080 kqread resolvd
36518 225672 33985 77 3 0x100092 kqread dhcpleased
44732 34393 33985 77 3 0x100092 kqread dhcpleased
33985 72935 1 0 3 0x80 kqread dhcpleased
97366 28988 0 0 3 0x14200 bored smr
51912 409658 0 0 3 0x14200 pgzero zerothread
95743 25625 0 0 3 0x14200 aiodoned aiodoned
52064 351738 0 0 3 0x14200 syncer update
96776 476426 0 0 3 0x14200 cleaner cleaner
2684 471642 0 0 3 0x14200 reaper reaper
69460 303512 0 0 3 0x14200 pgdaemon pagedaemon
48767 193327 0 0 3 0x14200 bored viomb
64245 26252 0 0 3 0x40014200 acpi0 acpi0
98636 334337 0 0 3 0x40014200 idle1
82986 385529 0 0 3 0x14200 bored softnet3
55912 277064 0 0 3 0x14200 bored softnet2
59514 159554 0 0 3 0x14200 bored softnet1
69137 471963 0 0 3 0x14200 bored softnet0
31721 418183 0 0 3 0x14200 bored systqmp
45168 251449 0 0 3 0x14200 bored systq
60835 140346 0 0 3 0x14200 tmoslp softclockmp
63753 318378 0 0 3 0x40014200 tmoslp softclock
32028 304971 0 0 7 0x40014200 idle0
1 110251 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 25732 (syz-executor.0) thread 0xffff80002a17e008 (319220)
exclusive rwlock uobjlk r = 0 (0xfffffd806bc0eef8)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 uvm_fault_unwire_locked+0x1d6 sys/uvm/uvm_fault.c:1682
#3 uvm_fault_unwire+0x43 sys/uvm/uvm_fault.c:1623
#4 sys_sysctl+0x239 sys/kern/kern_sysctl.c:259
#5 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#5 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#6 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82e2c380)
#0 witness_lock+0x447
#1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
#2 mi_switch+0x46f sys/kern/sched_bsd.c:470
#3 sleep_finish+0x19b sys/kern/kern_synch.c:414
#4 rw_enter+0x341 sys/kern/kern_rwlock.c:285
#5 uvm_fault_unwire_locked+0x1d6 sys/uvm/uvm_fault.c:1682
#6 uvm_fault_unwire+0x43 sys/uvm/uvm_fault.c:1623
#7 sys_sysctl+0x239 sys/kern/kern_sysctl.c:259
#8 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#8 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#9 Xsyscall+0x128
shared rwlock vmmaplk r = 0 (0xfffffd806f1e7640)
#0 witness_lock+0x447
#1 uvm_fault_unwire+0x35 sys/uvm/uvm_fault.c:1622
#2 sys_sysctl+0x239 sys/kern/kern_sysctl.c:259
#3 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#3 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#4 Xsyscall+0x128
exclusive rwlock sysctllk r = 0 (0xffffffff82cb2bb0)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 sys_sysctl+0x1c3 sys/kern/kern_sysctl.c:238
#3 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#3 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#4 Xsyscall+0x128
Process 25732 (syz-executor.0) thread 0xffff80002a17ed50 (248772)
exclusive rrwlock inode r = 0 (0xfffffd8069c95f78)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 sys_ftruncate+0x12e sys/kern/vfs_syscalls.c:2872
#6 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#6 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#7 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10152 6391K 6419K 166960K 11230 0
pcb 15 10K 10K 166960K 15 0
rtable 80 2K 2K 166960K 140 0
pf 15 6K 6K 166960K 15 0
ifaddr 16 10K 10K 166960K 16 0
ifgroup 22 1K 1K 166960K 22 0
counters 50 34K 34K 166960K 50 0
ioctlops 0 0K 2K 166960K 22 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1174 73K 74K 166960K 1187 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 1K 166960K 2 0
VM map 2 1K 1K 166960K 2 0
sem 2 0K 0K 166960K 2 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 5 13K 17K 166960K 89 0
proc 56 78K 91K 166960K 275 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
in_multi 22 1K 1K 166960K 22 0
ether_multi 1 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 25 122K 122K 166960K 25 0
exec 0 0K 1K 166960K 273 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 159 15K 15K 166960K 3579 0
UVM aobj 3 2K 2K 166960K 3 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
NDP 4 0K 0K 166960K 6 0
temp 1 6756K 6820K 166960K 3318 0
kqueue 12 18K 18K 166960K 25 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 22 0 19 1 0 1 1 0 8 0
rtentry 112 34 0 1 1 0 1 1 0 8 0
unpcb 144 33 0 20 1 0 1 1 0 8 0
syncache 320 5 0 5 1 1 0 1 0 8 0
tcpqe 32 131 0 131 1 1 0 1 0 8 0
tcpcb 808 8 0 5 1 0 1 1 0 8 0
arp 120 4 0 0 1 0 1 1 0 8 0
inpcb 376 30 0 24 1 0 1 1 0 8 0
nd6 136 3 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 144 0 0 9 0 9 9 0 8 0
art_table 32 145 0 0 2 0 2 2 0 8 0
art_node 16 33 0 3 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1586 0 181 89 0 89 89 0 8 1
ffsino 272 1586 0 181 94 0 94 94 0 8 0
nchpl 144 1953 0 322 61 0 61 61 0 8 0
uvmvnodes 80 1595 0 0 33 0 33 33 0 8 0
vnodes 216 1595 0 0 89 0 89 89 0 8 0
namei 1024 5644 0 5644 2 0 2 2 0 8 2
percpumem 16 39 0 0 1 0 1 1 0 8 0
kstatmem 264 8 0 0 1 0 1 1 0 8 0
scxspl 216 7372 0 7370 3 2 1 2 1 8 0
plimitpl 152 28 0 19 1 0 1 1 0 8 0
sigapl 424 407 0 373 5 0 5 5 0 8 1
futexpl 64 338 0 338 1 0 1 1 0 8 1
knotepl 120 76 0 0 3 0 3 3 0 8 0
kqueuepl 216 21 0 13 1 0 1 1 0 8 0
pipepl 320 111 0 104 2 0 2 2 0 8 1
fdescpl 496 389 0 373 5 1 4 4 0 8 1
filepl 152 1521 0 1455 4 0 4 4 0 8 1
lockfpl 104 6 0 4 1 0 1 1 0 8 0
lockfspl 48 4 0 2 1 0 1 1 0 8 0
sessionpl 144 18 0 9 1 0 1 1 0 8 0
pgrppl 48 18 0 9 1 0 1 1 0 8 0
ucredpl 104 69 0 58 1 0 1 1 0 8 0
zombiepl 144 373 0 373 1 0 1 1 0 8 1
processpl 1136 407 0 373 4 0 4 4 0 8 1
procpl 680 614 0 568 5 0 5 5 0 8 1
sockpl 584 85 0 63 2 0 2 2 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 254 0 0 32 0 32 32 0 8 0
mtagpl 96 1 0 0 1 0 1 1 0 8 0
mbufpl 256 267 0 0 17 0 17 17 0 8 0
bufpl 280 4236 0 135 293 0 293 293 0 8 0
anonpl 24 185646 0 182088 56 0 56 56 0 186 31
amapchunkpl 152 11865 0 11481 27 0 27 27 0 158 10
amappl16 200 5153 0 5083 6 0 6 6 0 8 0
amappl15 192 16 0 14 2 1 1 1 0 8 0
amappl14 184 133 0 123 2 0 2 2 0 8 1
amappl13 176 7 0 7 2 1 1 1 0 8 1
amappl12 168 905 0 889 2 0 2 2 0 8 1
amappl11 160 54 0 44 1 0 1 1 0 8 0
amappl10 152 21 0 18 1 0 1 1 0 8 0
amappl9 144 149 0 148 1 0 1 1 0 8 0
amappl8 136 115 0 94 2 0 2 2 0 8 1
amappl7 128 160 0 144 2 0 2 2 0 8 0
amappl6 120 144 0 135 1 0 1 1 0 8 0
amappl5 112 118 0 110 1 0 1 1 0 8 0
amappl4 104 389 0 366 2 0 2 2 0 8 1
amappl3 96 2900 0 2855 2 0 2 2 0 8 0
amappl2 88 802 0 744 3 0 3 3 0 8 0
amappl1 80 9979 0 9523 24 4 20 22 0 8 8
amappl 88 3159 0 3059 4 0 4 4 0 92 1
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
uaddrrnd 24 389 0 373 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 389 0 373 1 0 1 1 0 8 0
vmmpekpl 168 9747 0 9727 2 0 2 2 0 8 0
vmmpepl 168 43596 0 42358 113 1 112 112 0 357 57
vmsppl 448 388 0 373 3 0 3 3 0 8 1
rwobjpl 56 20991 0 18584 45 0 45 45 0 8 7
pdppl 4096 785 0 746 77 32 45 61 0 8 6
pvpl 32 44321 0 0 358 0 358 358 0 265 0
pmappl 248 388 0 373 3 1 2 2 0 8 1
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 340 0 34 10 0 10 10 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffffffff82d32ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x36 sys/dev/kcov.c:164
intr_handler(ffff80002a102680,ffff80000006bc00) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:539
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206
sched_idle(ffffffff82d32ff0) at sched_idle+0x41e sys/kern/kern_sched.c:183
end trace frame: 0x0, count: 7
ddb{0}> trace
x86_ipi_db(ffffffff82d32ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x36 sys/dev/kcov.c:164
intr_handler(ffff80002a102680,ffff80000006bc00) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:539
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206
sched_idle(ffffffff82d32ff0) at sched_idle+0x41e sys/kern/kern_sched.c:183
end trace frame: 0x0, count: -8
ddb{0}>