panic: kernel diagnostic assertion "next != NULL && next->start <= entry->end" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_fault.c", line 1354 Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 8626 36715 0 0 0x4000000 0K syz-executor1 db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 __assert(ffffffff8132b5f4,ffff8000211c1530,20008000,20011000) at __assert+0x24 sys/kern/subr_prf.c:155 uvm_fault_unwire_locked(20000000,20011000,0) at uvm_fault_unwire_locked+0x1f9 sys/uvm/uvm_fault.c:1351 uvm_fault_unwire(10000,ffffff0078053b00,10000) at uvm_fault_unwire+0x3b sys/uvm/uvm_fault.c:1314 physio(ffff8000211c1828,ffffff005e9aae50,ffffff005e9aae50,ffff8000211c1828,ffff8000211c16f8) at physio+0x2ba sys/kern/kern_physio.c:183 spec_read(0) at spec_read+0xa5 sys/kern/spec_vnops.c:223 VOP_READ(ffff8000211c1828,ffffff005e9aae50,ffffff00685e4e20,0) at VOP_READ+0x5e sys/kern/vfs_vops.c:247 vn_read(ffffff00685e4e20,ffff8000210a3080,fffffe73) at vn_read+0x130 sys/kern/vfs_vnops.c:365 dofilereadv(ffff8000210a3080,ffff8000211c18d0,fffffe73,ffff8000211c18e8,363ce240ac8) at dofilereadv+0x14f sys/kern/sys_generic.c:235 sys_read(30,ffff8000210a3080,0) at sys_read+0x6e sys/kern/sys_generic.c:155 syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffffb9,0,3,3613cb70010) at Xsyscall+0x128 end of kernel end trace frame: 0x363ce240b50, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic kernel diagnostic assertion "next != NULL && next->start <= entry->end" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_fault.c", line 1354 ddb{0}> trace db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 __assert(ffffffff8132b5f4,ffff8000211c1530,20008000,20011000) at __assert+0x24 sys/kern/subr_prf.c:155 uvm_fault_unwire_locked(20000000,20011000,0) at uvm_fault_unwire_locked+0x1f9 sys/uvm/uvm_fault.c:1351 uvm_fault_unwire(10000,ffffff0078053b00,10000) at uvm_fault_unwire+0x3b sys/uvm/uvm_fault.c:1314 physio(ffff8000211c1828,ffffff005e9aae50,ffffff005e9aae50,ffff8000211c1828,ffff8000211c16f8) at physio+0x2ba sys/kern/kern_physio.c:183 spec_read(0) at spec_read+0xa5 sys/kern/spec_vnops.c:223 VOP_READ(ffff8000211c1828,ffffff005e9aae50,ffffff00685e4e20,0) at VOP_READ+0x5e sys/kern/vfs_vops.c:247vn_read(ffffff00685e4e20,ffff8000210a3080,fffffe73) at vn_read+0x130 dofilereadv(ffff8000210a3080,ffff8000211c18d0,fffffe73,ffff8000211c18e8,363ce240ac8) at dofilereadv+0x14f sys/kern/sys_generic.c:235 sys_read(30,ffff8000210a3080,0) at sys_read+0x6e sys/kern/sys_generic.c:155 syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffffb9,0,3,3613cb70010) at Xsyscall+0x128 end of kernel end trace frame: 0x363ce240b50, count: -13 ddb{0}> show registers rdi 0xffffffff81e27170 kprintf_mutex rsi 0xffffffff818e4fe9 db_enter+0x9 rbp 0xffff8000211c1490 rbx 0xffff8000211c1530 rdx 0xffff8000016d8000 rcx 0x69ab __ALIGN_SIZE+0x59ab rax 0xffff8000016d8000 r8 0xffff8000211c1460 r9 0x8080808080808080 r10 0 r11 0xffffffff812f8ba0 x86_bus_space_io_read_1 r12 0x3000000008 r13 0xffff8000211c14a0 r14 0x100 r15 0xffffffff81bf514e cmd0646_9_tim_udma+0x1eab3 rip 0xffffffff818e4fea db_enter+0xa cs 0x8 rflags 0x202 rsp 0xffff8000211c1490 ss 0x10 db_enter+0xa: popq %rbp ddb{0}> show proc PROC (syz-executor1) pid=8626 stat=onproc flags process=0 proc=4000000 pri=17, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff8000210a2bd0,0xffff8000210a3c48 process=0xffff8000210b7c90 user=0xffff8000211bc000, vmspace=0xffffff007f125108 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 36715 156254 20653 0 3 0x80 nanosleep syz-executor1 *36715 8626 20653 0 7 0x4000000 syz-executor1 36715 119801 20653 0 3 0x4000080 fsleep syz-executor1 51414 410891 90886 0 3 0x80 nanosleep syz-executor0 51414 497061 90886 0 3 0x4000080 fifor syz-executor0 51414 380196 90886 0 3 0x4000080 fifor syz-executor0 51414 234752 90886 0 3 0x4000080 fsleep syz-executor0 87929 77004 0 0 3 0x14200 bored sosplice 76065 158995 1 0 3 0x100083 ttyin getty 20653 294811 20427 0 3 0x82 nanosleep syz-executor1 90886 498931 20427 0 3 0x82 nanosleep syz-executor0 20427 22442 40981 0 3 0x82 thrsleep syz-fuzzer 20427 915 40981 0 3 0x4000082 thrsleep syz-fuzzer 20427 492298 40981 0 3 0x4000082 thrsleep syz-fuzzer 20427 396314 40981 0 3 0x4000082 thrsleep syz-fuzzer 20427 364536 40981 0 3 0x4000082 thrsleep syz-fuzzer 20427 16330 40981 0 3 0x4000082 thrsleep syz-fuzzer 20427 287495 40981 0 3 0x4000082 thrsleep syz-fuzzer 20427 41688 40981 0 3 0x4000082 kqread syz-fuzzer 20427 249406 40981 0 3 0x4000082 thrsleep syz-fuzzer 20427 355770 40981 0 3 0x4000082 thrsleep syz-fuzzer 40981 320259 60371 0 3 0x10008a pause ksh 60371 167707 2602 0 3 0x92 select sshd 2602 163968 1 0 3 0x80 select sshd 12219 53945 59586 73 3 0x100090 kqread syslogd 59586 479814 1 0 3 0x100082 netio syslogd 69030 449404 1 77 3 0x100090 poll dhclient 70027 505907 1 0 3 0x80 poll dhclient 39411 513527 0 0 3 0x14200 pgzero zerothread 88934 186997 0 0 3 0x14200 aiodoned aiodoned 17108 444864 0 0 3 0x14200 syncer update 73688 102978 0 0 3 0x14200 cleaner cleaner 87288 299673 0 0 3 0x14200 reaper reaper 47084 487387 0 0 3 0x14200 pgdaemon pagedaemon 27226 198758 0 0 3 0x14200 bored crynlk 33606 402459 0 0 3 0x14200 bored crypto 3097 303292 0 0 3 0x40014200 acpi0 acpi0 38934 217832 0 0 7 0x40014200 idle1 36582 502502 0 0 3 0x14200 bored softnet 2299 127865 0 0 3 0x14200 bored systqmp 25401 193032 0 0 3 0x14200 bored systq 62753 91399 0 0 3 0x40014200 bored softclock 13117 314437 0 0 3 0x40014200 idle0 1 148627 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper