panic: uvm_fault_unwire_locked: address not in map WARSNtIaNrGt:ing SsPtLa cNkO Tt rLaOcWeE.R.E. D ON TRAP EXIT a 0 Stopped at proc_trampoline+199: movl $0,%gs:1672 TID PID UID PRFLAGS PFLAGS CPU COMMAND *432556 67089 0 0 0x4000000 0 syz-executor 396964 29080 0 0 0x4000000 1 syz-executor proc_trampoline() at proc_trampoline+199 end of kernel end trace frame: 0x82342857310, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu1: uvm_fault_unwire_locked: address not in map ddb{0}> trace proc_trampoline() at proc_trampoline+199 end of kernel end trace frame: 0x82342857310, count: -1 ddb{0}> show registers rdi 0 rsi 0 rbp 18446603336929216320 rbx 0 rdx 0 rcx 18446603340516061776 rax 42 r8 18446603336929216112 r9 0 r10 10528328263825505640 r11 11194488403158085861 r12 0 r13 0 r14 0 r15 0 rip 18446744071603819719 proc_trampoline+199 cs 8 rflags 582 rsp 18446603336929216192 ss 16 proc_trampoline+199: movl $0,%gs:1672 ddb{0}> show proc PROC (syz-executor) tid=432556 pid=67089 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=84, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000fffe7a18,0xffff8000fffe7cc0 process=0xffff8000fffe39e8 user=0xffff80002a333000, vmspace=0xfffffd806c2475d0 estcpu=34, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 67089 435434 37448 0 2 0 syz-executor *67089 432556 37448 0 7 0x4000000 syz-executor 67089 416712 37448 0 3 0x4000080 fsleep syz-executor 46435 244302 57512 0 2 0 syz-executor 46435 60348 57512 0 3 0x4000080 fsleep syz-executor 46435 485563 57512 0 2 0x4000000 syz-executor 63846 253947 25556 0 2 0 syz-executor 63846 241885 25556 0 3 0x4000080 fsleep syz-executor 22666 247562 13065 0 3 0x80 nanoslp syz-executor 22666 447205 13065 0 3 0x4000080 kqsel syz-executor 22666 256924 13065 0 3 0x4000080 fsleep syz-executor 77218 236136 73735 0 3 0x80 nanoslp syz-executor 77218 419723 73735 0 3 0x4000080 wsevent_read syz-executor 77218 57638 73735 0 3 0x4000080 fsleep syz-executor 29080 41853 50976 0 2 0 syz-executor 29080 396964 50976 0 7 0x4000000 syz-executor 29080 196905 50976 0 2 0x4000000 syz-executor 29080 396694 50976 0 2 0x4000000 syz-executor 35436 324945 68662 0 3 0x3 inode syz-executor 74748 20453 0 0 3 0x14200 acct acct 25556 276163 68662 0 2 0x3 syz-executor 57512 373306 68662 0 3 0x82 nanoslp syz-executor 13065 320552 68662 0 2 0x2 syz-executor 9639 260956 68662 0 3 0x82 wait syz-executor 73735 235813 68662 0 3 0x82 nanoslp syz-executor 17563 203130 1 0 3 0x100083 ttyopn getty 50976 168522 68662 0 3 0x82 nanoslp syz-executor 7714 515921 22416 0 3 0x100082 sbwait arp 22416 509104 1 0 3 0x10008a sigsusp sh 37448 331155 68662 0 3 0x82 nanoslp syz-executor 68662 266665 99763 0 3 0x82 kqread syz-executor 99763 436329 7857 0 3 0x10008a sigsusp ksh 7857 454747 11957 0 3 0x98 kqread sshd-session 11957 475187 56693 0 3 0x92 kqread sshd-session 56693 462232 1 0 3 0x88 kqread sshd 6904 276063 80927 74 3 0x1100092 bpf pflogd 80927 70275 1 0 3 0x80 sbwait pflogd 14091 84087 30698 73 3 0x1100090 kqread syslogd 30698 2446 1 0 3 0x100082 sbwait syslogd 6600 465166 1 0 3 0x100080 kqread resolvd 61351 68142 0 0 3 0x14200 bored smr 19299 186097 0 0 2 0x14200 zerothread 61290 39509 0 0 3 0x14200 aiodoned aiodoned 76640 118850 0 0 3 0x14200 syncer update 95018 216452 0 0 3 0x14200 cleaner cleaner 64177 411209 0 0 3 0x14200 reaper reaper 20459 131757 0 0 3 0x14200 pgdaemon pagedaemon 8666 509232 0 0 3 0x14200 bored viomb 17153 465777 0 0 3 0x40014200 acpi0 acpi0 73986 407933 0 0 3 0x40014200 idle1 87384 487228 0 0 3 0x14200 bored softnet1 68730 8919 0 0 3 0x14200 bored softnet0 78983 215034 0 0 3 0x14200 bored systqmp 74063 348006 0 0 3 0x14200 bored systq 85386 93187 0 0 3 0x14200 tmoslp softclockmp 7178 458451 0 0 3 0x40014200 tmoslp softclock 24943 89992 0 0 3 0x40014200 idle0 1 214147 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex &(curpg)->mdpage.pv_mtx r = 0 (0xfffffd80084027e8) #0 witness_lock+1521 #1 mtx_enter+1204 #2 pmap_page_remove+81 #3 uvm_anfree_list+214 #4 amap_wipeout+584 #5 uvm_unmap_detach+138 #6 sys_munmap+809 #7 syscall+3028 #8 Xsyscall+296 Process 67089 (syz-executor) thread 0xffff8000fffe7a18 (435434) Process 29080 (syz-executor) thread 0xffff8000fffe6558 (396964) Process 29080 (syz-executor) thread 0xffff8000fffeda10 (396694) Process 25556 (syz-executor) thread 0xffff80002a3b2568 (276163) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10203 11057K 12329K 166960K 14875 0 pcb 17 16K 30K 166960K 1419 0 rtable 216 15K 15K 166960K 1496 0 pf 39 18K 67487K 166960K 491 0 ifaddr 32 6K 9K 166960K 288 0 ifgroup 52 2K 3K 166960K 507 0 sysctl 4 1K 9K 166960K 36 0 counters 66 36K 38K 166960K 576 0 ioctlops 0 0K 8K 166960K 2618 0 iov 0 0K 32K 166960K 485 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1496 94K 95K 166960K 4760 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 80K 88K 166960K 64 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 279 0 dirhash 12 2K 3K 166960K 105 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 19 69K 248K 166960K 4534 0 sigio 0 0K 0K 166960K 250 0 proc 70 99K 164K 166960K 1434 0 subproc 81 5K 5K 166960K 215 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 567 0 in_multi 56 4K 7K 166960K 448 0 ether_multi 1 0K 0K 166960K 67 0 mrt 4 0K 0K 166960K 55 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 109 493K 493K 166960K 109 0 exec 0 0K 1K 166960K 1739 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 20 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 234 132K 171K 166960K 43178 0 UVM aobj 83 158K 158K 166960K 84 0 pinsyscall 39 78K 104K 166960K 6090 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 275 0 NDP 11 0K 1K 166960K 211 0 temp 89 8660K 8740K 166960K 239094 0 kqueue 8 14K 34K 166960K 888 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 548 0 545 4 3 1 3 0 8 0 rtentry 176 493 0 421 6 1 5 5 0 8 0 unpcb 144 3120 0 3108 30 27 3 6 0 8 2 syncache 336 31 0 31 9 9 0 1 0 8 0 tcpqe 32 3 0 3 3 3 0 1 0 8 0 tcpcb 736 1429 0 1422 25 22 3 7 0 8 2 arp 136 95 0 82 1 0 1 1 0 8 0 inpcb 328 5464 0 5457 45 38 7 12 0 8 5 nd6 152 82 0 63 2 0 2 2 0 8 0 pkpcb 40 181 0 181 8 8 0 1 0 8 0 kcovpl 48 23 0 14 1 0 1 1 0 8 0 ppxss 1192 200 0 200 2 1 1 1 0 8 1 pppxif 1504 25 0 25 10 9 1 2 0 8 1 pfstscr 40 9 0 8 3 2 1 1 0 8 0 pffrag 232 33 0 23 1 0 1 1 0 482 0 pffrnode 88 29 0 20 1 0 1 1 0 8 0 pffrent 40 50 0 40 1 0 1 1 0 8 0 pfosfp 40 1433 0 1006 5 0 5 5 0 8 0 pfosfpen 112 1433 0 715 21 0 21 21 0 8 0 pfrktable 1344 8 0 8 4 4 0 1 0 8 0 pfanchor 1288 8 0 3 1 0 1 1 0 8 0 pftag 88 2 0 1 2 1 1 1 0 8 0 pfstitem 24 335 0 252 1 0 1 1 0 8 0 pfstkey 128 353 0 238 5 0 5 5 0 8 0 pfstate 384 310 0 229 10 0 10 10 0 8 0 pfrule 1344 107 0 102 2 1 1 2 0 8 0 rttmr 136 8 0 8 5 5 0 1 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 1704 0 1394 45 18 27 29 0 8 0 art_table 40 1708 0 1394 5 0 5 5 0 8 0 art_node 32 484 0 422 2 0 2 2 0 8 0 sysvmsgpl 40 21 0 13 1 0 1 1 0 8 0 semupl 112 3 0 3 3 3 0 1 0 8 0 semapl 112 274 0 264 1 0 1 1 0 8 0 shmpl 112 2 0 0 1 0 1 1 0 8 0 dirhash 1024 79 0 62 3 0 3 3 0 8 0 dino2pl 256 9956 0 8407 98 0 98 98 0 8 0 ffsino 296 9956 0 8407 121 1 120 120 0 8 0 nchpl 144 16002 0 14252 66 0 66 66 0 8 0 rtmask 32 45 0 45 8 7 1 1 0 8 1 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 58542 0 58542 2 1 1 2 0 8 1 percpumem 16 303 0 255 1 0 1 1 0 8 0 vcpupl 3968 79 0 1 10 0 10 10 0 8 0 vmpool 840 79 0 1 9 0 9 9 0 8 0 pfiaddrpl 120 1 0 1 1 1 0 1 0 8 0 kstatmem 264 338 0 312 4 1 3 3 0 8 0 acpiwqpl 32 4 0 4 1 0 1 1 1 8 1 scsiplug 72 19 0 19 7 6 1 1 0 8 1 scxspl 216 108154 0 108154 19 18 1 8 1 8 1 plimitpl 152 1027 0 1008 1 0 1 1 0 8 0 sigapl 424 4779 0 4732 7 0 7 7 0 8 0 knotepl 120 818 0 0 23 0 23 23 0 8 0 kqueuepl 224 1778 0 1769 15 12 3 5 0 8 2 pipepl 344 655 0 625 13 9 4 9 0 8 0 fdescpl 528 4749 0 4719 3 0 3 3 0 8 0 filepl 160 33668 0 33450 57 41 16 23 0 8 5 lockfpl 104 1813 0 1795 1 0 1 1 0 8 0 lockfspl 48 700 0 684 1 0 1 1 0 8 0 sessionpl 144 61 0 53 1 0 1 1 0 8 0 pgrppl 48 145 0 128 1 0 1 1 0 8 0 ucredpl 104 5355 0 5344 1 0 1 1 0 8 0 zombiepl 144 5484 0 5483 1 0 1 1 0 8 0 processpl 1232 4779 0 4732 6 1 5 5 0 8 0 procpl 664 12174 0 12114 8 1 7 7 0 8 0 sosppl 176 38 0 38 5 4 1 1 0 8 1 sockpl 752 9575 0 9553 97 86 11 27 0 8 8 mcl64k 65536 23 0 0 3 0 3 3 0 8 0 mcl16k 16384 7 0 0 1 0 1 1 0 8 0 mcl12k 12288 3 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 7 0 0 1 0 1 1 0 8 0 mcl4k 4096 134 0 0 15 0 15 15 0 8 0 mcl2k2 2112 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 99 0 0 10 1 9 10 0 8 0 mtagpl 96 13 0 0 1 0 1 1 0 8 0 mbufpl 256 1784 0 0 112 0 112 112 0 8 0 bufpl 280 44689 0 38550 439 0 439 439 0 8 0 anonpl 32 14044 0 0 113 0 113 113 0 246 0 amapchunkpl 152 153665 0 153151 64 28 36 36 0 158 10 amappl16 200 14835 0 14805 114 105 9 28 0 8 2 amappl15 192 6 0 6 1 1 0 1 0 8 0 amappl14 184 9 0 9 3 3 0 1 0 8 0 amappl13 176 602 0 600 1 0 1 1 0 8 0 amappl12 168 5265 0 5225 3 0 3 3 0 8 0 amappl11 160 7 0 7 1 1 0 1 0 8 0 amappl10 152 70 0 61 1 0 1 1 0 8 0 amappl9 144 252 0 251 2 1 1 1 0 8 0 amappl8 136 31 0 28 1 0 1 1 0 8 0 amappl7 128 140 0 139 1 0 1 1 0 8 0 amappl6 120 479 0 466 1 0 1 1 0 8 0 amappl5 112 96 0 87 1 0 1 1 0 8 0 amappl4 104 615 0 585 2 1 1 2 0 8 0 amappl3 96 26333 0 26238 3 0 3 3 0 8 0 amappl2 88 4992 0 4930 3 1 2 3 0 8 0 amappl1 80 34283 0 33748 18 3 15 17 0 8 0 amappl 88 41297 0 41125 5 0 5 5 0 92 0 uvmvnodes 80 229 0 0 5 0 5 5 0 8 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma512 512 2 0 2 2 2 0 1 0 8 0 dma256 256 10 0 10 3 3 0 1 0 8 0 dma128 128 260 0 260 6 6 0 1 0 8 0 dma64 64 8 0 8 3 3 0 1 0 8 0 dma32 32 9 0 9 3 3 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 83 0 1 2 0 2 2 0 8 0 uaddrrnd 24 4749 0 4719 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4749 0 4719 1 0 1 1 0 8 0 vmmpekpl 168 36963 0 36891 4 0 4 4 0 8 0 vmmpepl 168 307406 0 305609 159 61 98 111 0 357 3 vmsppl 488 4748 0 4719 5 0 5 5 0 8 0 rwobjpl 80 79554 0 78391 44 10 34 35 0 8 0 pdppl 4096 9663 0 9518 227 79 148 148 0 8 3 pvpl 32 24353 0 0 197 2 195 195 0 265 0 pmappl 256 4827 0 4720 7 0 7 7 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 571 0 138 13 0 13 13 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace proc_trampoline() at proc_trampoline+199 end of kernel end trace frame: 0x82342857310, count: -1 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+39: addq $8,%rsp x86_ipi_db(ffff8000299edff0) at x86_ipi_db+39 x86_ipi_handler() at x86_ipi_handler+217 Xresume_lapic_ipi() at Xresume_lapic_ipi+39 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+28 db_elf_sym_search(ffffffff812bb050,0,ffff80002a30e530) at db_elf_sym_search+194 db_search_symbol(ffffffff812bb050,0,ffff80002a30e5a0) at db_search_symbol+82 db_stack_trace_print(ffff80002a30e670,1,100,ffffffff8334a571,ffffffff812bb670) at db_stack_trace_print+766 db_stack_dump() at db_stack_dump+165 panic(ffffffff833e5d61) at panic+464 uvm_fault_unwire_locked(fffffd800b0275b8,200000370000,200000372000) at uvm_fault_unwire_locked+1262 uvm_fault_wire(fffffd800b0275b8,200000370000,200000381000,3) at uvm_fault_wire+301 uvm_vslock_device(ffff8000fffe6558,200000370040,10000,3,ffff80002a30e928) at uvm_vslock_device+274 physio(ffffffff81e0ec10,d02,8000,ffffffff81e0f460,ffff80002a30ec08) at physio+599 spec_read(ffff80002a30ea60) at spec_read+331 end trace frame: 0xffff80002a30ead0, count: 0 ddb{1}> trace x86_ipi_db(ffff8000299edff0) at x86_ipi_db+39 x86_ipi_handler() at x86_ipi_handler+217 Xresume_lapic_ipi() at Xresume_lapic_ipi+39 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+28 db_elf_sym_search(ffffffff812bb050,0,ffff80002a30e530) at db_elf_sym_search+194 db_search_symbol(ffffffff812bb050,0,ffff80002a30e5a0) at db_search_symbol+82 db_stack_trace_print(ffff80002a30e670,1,100,ffffffff8334a571,ffffffff812bb670) at db_stack_trace_print+766 db_stack_dump() at db_stack_dump+165 panic(ffffffff833e5d61) at panic+464 uvm_fault_unwire_locked(fffffd800b0275b8,200000370000,200000372000) at uvm_fault_unwire_locked+1262 uvm_fault_wire(fffffd800b0275b8,200000370000,200000381000,3) at uvm_fault_wire+301 uvm_vslock_device(ffff8000fffe6558,200000370040,10000,3,ffff80002a30e928) at uvm_vslock_device+274 physio(ffffffff81e0ec10,d02,8000,ffffffff81e0f460,ffff80002a30ec08) at physio+599 spec_read(ffff80002a30ea60) at spec_read+331 VOP_READ(fffffd8074f862c8,ffff80002a30ec08,0,fffffd80097fb208) at VOP_READ+257 vn_read(fffffd807368a5a0,ffff80002a30ec08,1) at vn_read+379 dofilereadv(ffff8000fffe6558,3,ffff80002a30ec08,1,ffff80002a30ecc0) at dofilereadv+602 sys_pread(ffff8000fffe6558,ffff80002a30ed70,ffff80002a30ecc0) at sys_pread+174 syscall(ffff80002a30ed70) at syscall+3028 Xsyscall() at Xsyscall+296 end of kernel end trace frame: 0xb4fff3d6010, count: -20