panic: uvm_fault_unwire_locked: address not in map Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 16998 15142 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff833da232) at panic+0x1cf sys/kern/subr_prf.c:198 uvm_fault_unwire_locked(fffffd807e135440,400000000000,400000001000) at uvm_fault_unwire_locked+0x48d sys/uvm/uvm_fault.c:1739 uvm_fault_unwire(fffffd807e135440,400000000000,400000001000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1702 hw_sysctl(ffff80003c95dbc4,4,400000000040,ffff80003c95dbf8,0,0,1407f098316f6711) at hw_sysctl+0x4b8 sys_sysctl(ffff80002a800cf0,ffff80003c95dd30,ffff80003c95dc80) at sys_sysctl+0x425 syscall(ffff80003c95dd30) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcf16c2bf90, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: uvm_fault_unwire_locked: address not in map ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff833da232) at panic+0x1cf sys/kern/subr_prf.c:198 uvm_fault_unwire_locked(fffffd807e135440,400000000000,400000001000) at uvm_fault_unwire_locked+0x48d sys/uvm/uvm_fault.c:1739 uvm_fault_unwire(fffffd807e135440,400000000000,400000001000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1702 hw_sysctl(ffff80003c95dbc4,4,400000000040,ffff80003c95dbf8,0,0,1407f098316f6711) at hw_sysctl+0x4b8 sys_sysctl(ffff80002a800cf0,ffff80003c95dd30,ffff80003c95dc80) at sys_sysctl+0x425 syscall(ffff80003c95dd30) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcf16c2bf90, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003c95d980 rbx 0x400000000040 rdx 0 rcx 0 rax 0xffff80002a800cf0 r8 0 r9 0x8080808080808080 r10 0x75c5c52839a64f62 r11 0x951648677462bcc2 r12 0 r13 0x7f7fffffc000 r14 0 r15 0x1 rip 0xffffffff82678c05 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c95d970 ss 0 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=16998 pid=15142 tcnt=3 stat=onproc flags process=0 proc=4000000 runpri=36, usrpri=84, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a7cd208,0xffff80002a8014b0 process=0xffff80002a844d30 user=0xffff80003c958000, vmspace=0xfffffd807e135440 estcpu=34, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 50892 307626 27863 0 3 0x100082 sysctllk sh 46751 340500 25562 0 2 0 syz-executor 28143 330121 68295 0 2 0 syz-executor 15142 110361 87531 0 2 0 syz-executor 15142 140892 87531 0 2 0x4000000 syz-executor *15142 16998 87531 0 7 0x4000000 syz-executor 67283 49117 91673 0 2 0 syz-executor 67283 413224 91673 0 2 0x4000000 syz-executor 65290 210250 532 0 2 0 syz-executor 65290 484315 532 0 3 0x4000080 fsleep syz-executor 65290 177815 532 0 3 0x4000080 fsleep syz-executor 27863 507483 42045 0 3 0x82 wait syz-executor 64359 428882 0 0 3 0x14200 acct acct 99273 240121 42045 0 2 0x2 syz-executor 68295 322210 42045 0 2 0x482 syz-executor 25562 221778 42045 0 2 0x482 syz-executor 87531 25259 42045 0 2 0x482 syz-executor 78754 421173 0 0 3 0x14200 bored sosplice 532 275070 42045 0 2 0x482 syz-executor 91673 283056 42045 0 2 0x482 syz-executor 67706 71502 42045 0 2 0x2 syz-executor 42045 329948 20849 0 3 0x82 kqread syz-executor 20849 390104 19396 0 3 0x10008a sigsusp ksh 19396 154775 61966 0 3 0x98 kqread sshd-session 61966 424969 56523 0 3 0x92 kqread sshd-session 53850 286732 1 0 3 0x100083 ttyin getty 56523 473841 1 0 3 0x88 kqread sshd 1567 403580 68217 73 3 0x1100090 kqread syslogd 68217 519224 1 0 3 0x100082 sbwait syslogd 64459 94531 1 0 3 0x100080 kqread resolvd 38122 332073 57300 77 3 0x100092 kqread dhcpleased 38602 419413 57300 77 3 0x100092 kqread dhcpleased 57300 23885 1 0 3 0x80 kqread dhcpleased 27324 255410 0 0 3 0x14200 bored smr 31953 391993 0 0 2 0x14200 zerothread 80156 60438 0 0 3 0x14200 aiodoned aiodoned 70757 507815 0 0 3 0x14200 syncer update 54177 490749 0 0 3 0x14200 cleaner cleaner 47587 436832 0 0 3 0x14200 reaper reaper 41850 408489 0 0 3 0x14200 pgdaemon pagedaemon 81685 228815 0 0 3 0x14200 bored viomb 98769 245053 0 0 3 0x40014200 acpi0 acpi0 89181 55217 0 0 3 0x14200 bored softnet3 71660 89395 0 0 3 0x14200 bored softnet2 86292 522908 0 0 3 0x14200 bored softnet1 41349 22933 0 0 3 0x14200 bored softnet0 47185 232769 0 0 3 0x14200 bored systqmp 13360 114618 0 0 3 0x14200 bored systq 37114 170176 0 0 2 0x40014200 softclock 18642 483516 0 0 3 0x40014200 idle0 1 335677 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10205 11051K 11804K 166960K 17443 0 pcb 17 18K 20K 166960K 572 0 rtable 177 10K 12K 166960K 1219 0 pf 34 14K 19K 166960K 261 0 ifaddr 31 5K 8K 166960K 196 0 ifgroup 46 2K 2K 166960K 319 0 sysctl 4 1K 2K 166960K 11 0 counters 29 17K 18K 166960K 140 0 ioctlops 0 0K 8K 166960K 411 0 iov 0 0K 42K 166960K 407 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1525 96K 97K 166960K 4716 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 2K 9K 166960K 57 0 VM map 2 1K 1K 166960K 2 0 sem 25 11K 13K 166960K 109 0 dirhash 12 2K 3K 166960K 78 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 98K 166960K 3048 0 sigio 0 0K 0K 166960K 125 0 proc 60 59K 116K 166960K 1221 0 subproc 72 4K 4K 166960K 235 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 422 0 in_multi 62 4K 7K 166960K 388 0 ether_multi 1 0K 0K 166960K 38 0 mrt 2 0K 0K 166960K 13 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 229 1023K 1023K 166960K 229 0 exec 0 0K 1K 166960K 1466 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 7 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 196 72K 102K 166960K 29628 0 UVM aobj 181 5K 7K 166960K 191 0 pinsyscall 37 74K 94K 166960K 4507 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 190 0 NDP 10 0K 2K 166960K 146 0 temp 76 8684K 8912K 166960K 69068 0 kqueue 13 20K 33K 166960K 562 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 567 0 564 7 6 1 3 0 8 0 rtentry 128 366 0 298 4 0 4 4 0 8 0 unpcb 144 2069 0 2054 15 9 6 6 0 8 5 syncache 336 3 0 3 1 1 0 1 0 8 0 tcpcb 808 852 0 848 23 16 7 8 0 8 6 arp 88 63 0 49 1 0 1 1 0 8 0 ipq 40 11 0 10 3 2 1 1 0 8 0 ipqe 40 146 0 145 3 2 1 1 0 8 0 inpcb 344 3539 0 3531 37 30 7 13 0 8 6 nd6 104 94 0 78 1 0 1 1 0 8 0 pkpcb 40 25 0 25 5 4 1 1 0 8 1 kcovpl 48 26 0 18 1 0 1 1 0 8 0 mppekey 1024 2 0 2 2 1 1 1 0 8 1 ppxss 1072 70 0 70 5 4 1 1 0 8 1 pppxif 1384 7 0 7 4 3 1 1 0 8 1 pfrktable 1344 4 0 1 1 0 1 1 0 8 0 pfanchor 1288 2 0 0 1 0 1 1 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 6 0 0 1 0 1 1 0 8 0 pfstkey 128 8 0 3 1 0 1 1 0 8 0 pfstate 344 4 0 1 1 0 1 1 0 8 0 pfrule 1344 9 0 8 1 0 1 1 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 1471 0 1160 35 9 26 29 0 8 1 art_table 32 1475 0 1160 4 0 4 4 0 8 0 art_node 16 359 0 298 1 0 1 1 0 8 0 sysvmsgpl 40 2 0 2 1 1 0 1 0 8 0 semapl 112 35 0 12 1 0 1 1 0 8 0 shmpl 112 188 0 10 6 0 6 6 0 8 0 dirhash 1024 61 0 44 3 0 3 3 0 8 0 dino2pl 256 6887 0 5360 96 0 96 96 0 8 0 ffsino 248 6887 0 5360 96 0 96 96 0 8 0 nchpl 144 10978 0 10428 65 0 65 65 0 8 40 rtmask 32 9 0 9 4 4 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 41558 0 41556 3 1 2 2 0 8 1 pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0 kstatmem 264 188 0 168 2 0 2 2 0 8 0 scsiplug 72 12 0 12 5 4 1 1 0 8 1 scxspl 216 30860 0 30860 11 9 2 8 1 8 2 plimitpl 152 1086 0 1070 1 0 1 1 0 8 0 sigapl 424 3312 0 3266 8 1 7 8 0 8 1 futexpl 64 43753 0 43751 1 0 1 1 0 8 0 knotepl 120 293446 0 293399 55 43 12 17 0 8 8 kqueuepl 184 1309 0 1300 12 8 4 7 0 8 3 pipepl 296 676 0 649 15 7 8 8 0 8 5 fdescpl 440 3266 0 3238 5 1 4 5 0 8 0 filepl 120 24378 0 24176 24 13 11 13 0 8 3 lockfpl 104 807 0 805 1 0 1 1 0 8 0 lockfspl 48 330 0 328 1 0 1 1 0 8 0 sessionpl 144 39 0 31 1 0 1 1 0 8 0 pgrppl 48 95 0 79 1 0 1 1 0 8 0 ucredpl 104 4722 0 4711 1 0 1 1 0 8 0 zombiepl 144 4229 0 4229 2 1 1 1 0 8 1 processpl 1112 3312 0 3266 6 1 5 6 0 8 0 procpl 656 7906 0 7855 8 1 7 8 0 8 1 sosppl 168 24 0 24 5 4 1 1 0 8 1 sockpl 528 6230 0 6204 43 33 10 11 0 8 7 mcl64k 65536 113 0 113 5 4 1 1 0 8 1 mcl16k 16384 6 0 6 3 3 0 1 0 8 0 mcl12k 12288 3 0 3 2 2 0 1 0 8 0 mcl9k 9216 2 0 2 2 1 1 1 0 8 1 mcl8k 8192 39 0 39 5 4 1 1 0 8 1 mcl4k 4096 6367 0 6316 18 10 8 14 0 8 0 mcl2k2 2112 1 0 1 1 1 0 1 0 8 0 mcl2k 2048 3480 0 3476 7 5 2 3 0 8 1 mtagpl 96 553 0 449 6 0 6 6 0 8 1 mbufpl 256 47456 0 47254 566 542 24 549 0 8 3 bufpl 280 8221 0 1993 446 0 446 446 0 8 0 anonpl 24 415918 0 409259 142 60 82 82 0 187 26 amapchunkpl 152 100107 0 99636 85 47 38 41 0 158 16 amappl16 200 7624 0 7449 56 31 25 28 0 8 8 amappl15 192 6 0 4 1 0 1 1 0 8 0 amappl14 184 138 0 128 1 0 1 1 0 8 0 amappl13 176 10 0 10 2 2 0 1 0 8 0 amappl12 168 4159 0 4131 2 0 2 2 0 8 0 amappl11 160 46 0 36 1 0 1 1 0 8 0 amappl10 152 6 0 6 2 1 1 1 0 8 1 amappl9 144 249 0 249 1 1 0 1 0 8 0 amappl8 136 28 0 26 1 0 1 1 0 8 0 amappl7 128 138 0 128 1 0 1 1 0 8 0 amappl6 120 342 0 337 1 0 1 1 0 8 0 amappl5 112 184 0 177 1 0 1 1 0 8 0 amappl4 104 338 0 322 1 0 1 1 0 8 0 amappl3 96 20083 0 19992 5 1 4 4 0 8 1 amappl2 88 867 0 807 2 0 2 2 0 8 0 amappl1 80 17213 0 16695 13 1 12 13 0 8 0 amappl 88 28972 0 28826 5 0 5 5 0 92 0 dma16384 16384 2 0 2 2 2 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 2 0 1 0 8 0 dma128 128 257 0 257 3 3 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 190 0 10 4 0 4 4 0 8 0 uaddrrnd 24 3266 0 3238 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3266 0 3238 1 0 1 1 0 8 0 vmmpekpl 168 25944 0 25895 3 0 3 3 0 8 0 vmmpepl 168 200612 0 198826 123 22 101 101 0 357 15 vmsppl 360 3265 0 3238 4 1 3 4 0 8 0 rwobjpl 32 55541 0 48455 62 1 61 61 0 8 2 pdppl 4096 6538 0 6476 168 104 64 80 0 8 2 pvpl 32 1306427 0 1294775 278 122 156 156 0 265 37 pmappl 216 3265 0 3238 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 945 0 705 22 14 8 22 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff833da232) at panic+0x1cf sys/kern/subr_prf.c:198 uvm_fault_unwire_locked(fffffd807e135440,400000000000,400000001000) at uvm_fault_unwire_locked+0x48d sys/uvm/uvm_fault.c:1739 uvm_fault_unwire(fffffd807e135440,400000000000,400000001000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1702 hw_sysctl(ffff80003c95dbc4,4,400000000040,ffff80003c95dbf8,0,0,1407f098316f6711) at hw_sysctl+0x4b8 sys_sysctl(ffff80002a800cf0,ffff80003c95dd30,ffff80003c95dc80) at sys_sysctl+0x425 syscall(ffff80003c95dd30) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcf16c2bf90, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff833da232) at panic+0x1cf sys/kern/subr_prf.c:198 uvm_fault_unwire_locked(fffffd807e135440,400000000000,400000001000) at uvm_fault_unwire_locked+0x48d sys/uvm/uvm_fault.c:1739 uvm_fault_unwire(fffffd807e135440,400000000000,400000001000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1702 hw_sysctl(ffff80003c95dbc4,4,400000000040,ffff80003c95dbf8,0,0,1407f098316f6711) at hw_sysctl+0x4b8 sys_sysctl(ffff80002a800cf0,ffff80003c95dd30,ffff80003c95dc80) at sys_sysctl+0x425 syscall(ffff80003c95dd30) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcf16c2bf90, count: -8