panic: uvm_fault_unwire_lWoARcNkeIdNG:: aSdPdLr eNsOsT nLoOtW Ein RmEDa pO N SStYaSrCtiAngL L 7s3t a40c9k t6ra cEXeI.T. .0 a Stopped at savectx+0xae: movl $0,%gs:0x680 TID PID UID PRFLAGS PFLAGS CPU COMMAND 512904 52426 0 0x10 0x4000000 1K syz-executor *211956 52426 0 0x10 0x4000000 0 syz-executor savectx() at savectx+0xae end of kernel end trace frame: 0x4e5e899d2d0, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu1: uvm_fault_unwire_locked: address not in map ddb{0}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x4e5e899d2d0, count: -1 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80002a44a7e0 rbx 0 rdx 0xffff80000149d940 rcx 0xffff80002a3d9708 rax 0x35 r8 0xffff80002a44a710 r9 0 r10 0xd81699f9e8fdd6 r11 0xe0228354da277e5e r12 0 r13 0 r14 0xffff80002a3d9708 r15 0 rip 0xffffffff832643ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80002a44a760 ss 0x10 savectx+0xae: movl $0,%gs:0x680 ddb{0}> show proc PROC (syz-executor) tid=211956 pid=52426 tcnt=4 stat=onproc flags process=10 proc=4000000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a3d8a60,0xffff80002a3d8560 process=0xffff8000364dd928 user=0xffff80002a445000, vmspace=0xfffffd8066ca61e8 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 95343 502197 81366 0 3 0x80 nanoslp syz-executor 95343 24738 81366 0 3 0x4000080 fsleep syz-executor 95343 228188 81366 0 3 0x4000080 fsleep syz-executor 95343 314179 81366 0 3 0x4000080 fsleep syz-executor 70773 146970 15652 0 3 0x80 nanoslp syz-executor 70773 166637 15652 0 3 0x4000080 ttyin syz-executor 70773 56512 15652 0 3 0x4000080 piperd syz-executor 70773 445961 15652 0 3 0x4000080 fsleep syz-executor 15527 387131 72153 0 3 0x80 nanoslp syz-executor 15527 162122 72153 0 3 0x4000080 kqread syz-executor 15527 306621 72153 0 3 0x4000080 fsleep syz-executor 52426 242432 52479 0 2 0x10 syz-executor 52426 512904 52479 0 7 0x4000010 syz-executor *52426 211956 52479 0 7 0x4000010 syz-executor 52426 345595 52479 0 3 0x4000090 fsleep syz-executor 44723 223746 7541 0 3 0x80 nanoslp syz-executor 44723 417967 7541 0 3 0x4000080 ttyout syz-executor 44723 45700 7541 0 3 0x4000080 ttyout syz-executor 44723 219440 7541 0 3 0x4000080 fsleep syz-executor 75110 332534 69554 0 3 0x80 nanoslp syz-executor 75110 402239 69554 0 3 0x4000080 kqread syz-executor 75110 421196 69554 0 3 0x4000080 kqread syz-executor 75110 122855 69554 0 3 0x4000080 fsleep syz-executor 53659 79774 41361 0 3 0x80 nanoslp syz-executor 53659 131140 41361 0 3 0x4000080 kqsel syz-executor 52479 477658 54545 0 3 0x82 nanoslp syz-executor 8426 31350 0 0 3 0x14200 acct acct 81366 243077 54545 0 3 0x82 nanoslp syz-executor 5400 245353 54545 0 3 0x82 nanoslp syz-executor 15652 325932 54545 0 3 0x82 nanoslp syz-executor 41361 223072 54545 0 3 0x82 nanoslp syz-executor 5829 513930 1 0 3 0x100083 ttyopn getty 72153 505685 54545 0 3 0x82 nanoslp syz-executor 69554 288531 54545 0 3 0x82 nanoslp syz-executor 31948 107131 0 0 3 0x14200 bored sosplice 7541 300180 54545 0 3 0x82 nanoslp syz-executor 54545 143887 77324 0 3 0x82 kqread syz-executor 77324 480428 35466 0 3 0x10008a sigsusp ksh 35466 105570 5820 0 3 0x98 kqread sshd-session 5820 371740 77050 0 3 0x92 kqread sshd-session 77050 363115 1 0 3 0x88 kqread sshd 54404 345264 60892 74 3 0x1100092 bpf pflogd 60892 59324 1 0 3 0x80 sbwait pflogd 78027 168711 76741 73 3 0x1100090 kqread syslogd 76741 511679 1 0 3 0x100082 sbwait syslogd 88930 196519 1 0 3 0x100080 kqread resolvd 19163 18792 93104 77 3 0x100092 kqread dhcpleased 4953 333619 93104 77 3 0x100092 kqread dhcpleased 93104 237476 1 0 3 0x80 kqread dhcpleased 54588 33978 0 0 3 0x14200 bored smr 1496 145819 0 0 2 0x14200 zerothread 83439 506480 0 0 3 0x14200 aiodoned aiodoned 1170 387268 0 0 3 0x14200 syncer update 73859 414568 0 0 3 0x14200 cleaner cleaner 21034 99377 0 0 3 0x14200 reaper reaper 40869 426922 0 0 3 0x14200 pgdaemon pagedaemon 72385 382284 0 0 3 0x14200 bored viomb 88799 444474 0 0 3 0x40014200 acpi0 acpi0 94188 162850 0 0 3 0x40014200 idle1 45273 489932 0 0 3 0x14200 bored softnet3 49139 76478 0 0 3 0x14200 bored softnet2 90486 282446 0 0 3 0x14200 bored softnet1 52508 514387 0 0 3 0x14200 bored softnet0 73442 37695 0 0 3 0x14200 bored systqmp 39757 107910 0 0 3 0x14200 bored systq 31316 420757 0 0 3 0x14200 tmoslp softclockmp 62404 407069 0 0 3 0x40014200 tmoslp softclock 87732 491063 0 0 3 0x40014200 idle0 1 431589 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex &uvm.pageqlock r = 0 (0xffffffff839142c8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 mtx_enter_try+0x178 #2 mtx_enter+0x60 sys/kern/kern_lock.c:239 #3 uvm_anfree_list+0xeb sys/uvm/uvm_anon.c:104 #4 amap_wiperange_chunk+0x1a8 sys/uvm/uvm_amap.c:983 #5 amap_pp_adjref+0x6f4 sys/uvm/uvm_amap.c:944 #6 amap_adjref_anons+0x22d sys/uvm/uvm_amap.c:1329 #7 uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353 #8 sys_munmap+0x32f sys/uvm/uvm_mmap.c:544 #9 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] #9 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577 #10 Xsyscall+0x128 Process 52426 (syz-executor) thread 0xffff8000ffff8020 (512904) Process 52426 (syz-executor) thread 0xffff80002a3d9708 (211956) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10240 11073K 11503K 166960K 15191 0 pcb 18 18K 20K 166960K 632 0 rtable 188 7K 9K 166960K 914 0 pf 40 18K 22K 166960K 194 0 ifaddr 36 6K 9K 166960K 142 0 ifgroup 57 2K 2K 166960K 211 0 sysctl 4 1K 3K 166960K 16 0 counters 66 36K 36K 166960K 170 0 ioctlops 0 0K 4K 166960K 1797 0 iov 0 0K 16K 166960K 233 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1464 92K 93K 166960K 3700 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 13K 166960K 51 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 240 0 dirhash 12 2K 3K 166960K 99 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 18 65K 93K 166960K 2652 0 sigio 0 0K 0K 166960K 114 0 proc 74 91K 152K 166960K 1077 0 subproc 72 4K 4K 166960K 175 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 361 0 in_multi 69 5K 7K 166960K 294 0 ether_multi 1 0K 0K 166960K 11 0 mrt 0 0K 0K 166960K 10 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 247 1102K 1102K 166960K 247 0 exec 0 0K 1K 166960K 859 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 255 74K 88K 166960K 26048 0 UVM aobj 120 12K 12K 166960K 133 0 pinsyscall 43 86K 104K 166960K 4084 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 0K 166960K 168 0 NDP 13 0K 2K 166960K 103 0 temp 81 8644K 8900K 166960K 91963 0 kqueue 17 28K 31K 166960K 476 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 277 0 274 3 1 2 2 0 8 1 rtentry 112 302 0 223 4 0 4 4 0 8 0 unpcb 144 2276 0 2259 28 20 8 9 0 8 7 syncache 336 16 0 16 5 4 1 1 0 8 1 tcpqe 32 3 0 3 3 2 1 1 0 8 1 tcpcb 808 984 0 976 15 8 7 8 0 8 6 arp 120 56 0 41 1 0 1 1 0 8 0 inpcb 376 3518 0 3505 36 28 8 15 0 8 6 nd6 136 68 0 50 2 0 2 2 0 8 0 pkpcb 40 12 0 12 4 4 0 1 0 8 0 kcovpl 48 19 0 11 1 0 1 1 0 8 0 ppxss 1168 26 0 25 4 3 1 1 0 8 0 pppxif 1472 6 0 6 4 4 0 1 0 8 0 pffrag 232 14 0 6 1 0 1 1 0 482 0 pffrnode 88 14 0 6 1 0 1 1 0 8 0 pffrent 40 88 0 80 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 1 0 0 1 0 1 1 0 8 0 pfanchor 1288 2 0 0 1 0 1 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 42 0 26 1 0 1 1 0 8 0 pfstkey 128 44 0 28 2 0 2 2 0 8 0 pfstate 376 43 0 27 4 0 4 4 0 8 0 pfrule 1344 28 0 19 2 1 1 2 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 1240 0 921 34 7 27 32 0 8 0 art_table 32 1243 0 921 5 0 5 5 0 8 0 art_node 16 298 0 230 1 0 1 1 0 8 0 sysvmsgpl 40 88 0 70 1 0 1 1 0 8 0 semupl 112 2 0 2 2 1 1 1 0 8 1 semapl 112 237 0 227 1 0 1 1 0 8 0 shmpl 112 130 0 13 4 0 4 4 0 8 0 dirhash 1024 76 0 59 3 0 3 3 0 8 0 dino2pl 256 6068 0 4533 97 0 97 97 0 8 0 ffsino 280 6068 0 4533 110 0 110 110 0 8 0 nchpl 144 9811 0 9171 64 39 25 64 0 8 0 rtmask 32 1 0 1 1 1 0 1 0 8 0 uvmvnodes 80 7639 0 0 156 0 156 156 0 8 0 vnodes 216 7639 0 0 425 0 425 425 0 8 0 namei 1024 35096 0 35096 3 2 1 2 0 8 1 percpumem 16 99 0 52 1 0 1 1 0 8 0 kstatmem 264 112 0 86 2 0 2 2 0 8 0 scsiplug 72 13 0 13 5 5 0 1 0 8 0 scxspl 216 28900 0 28900 14 12 2 7 1 8 2 plimitpl 152 810 0 792 1 0 1 1 0 8 0 sigapl 424 2966 0 2914 11 4 7 9 0 8 0 futexpl 64 37775 0 37767 1 0 1 1 0 8 0 knotepl 120 816 0 0 25 0 25 25 0 8 0 kqueuepl 216 908 0 893 13 10 3 5 0 8 2 pipepl 328 418 0 388 8 5 3 8 0 8 0 fdescpl 504 2924 0 2892 5 0 5 5 0 8 0 filepl 152 20193 0 19954 40 21 19 19 0 8 7 lockfpl 104 927 0 925 2 1 1 2 0 8 0 lockfspl 48 368 0 366 1 0 1 1 0 8 0 sessionpl 144 47 0 38 1 0 1 1 0 8 0 pgrppl 48 121 0 104 1 0 1 1 0 8 0 ucredpl 104 3189 0 3174 1 0 1 1 0 8 0 zombiepl 144 2925 0 2924 1 0 1 1 0 8 0 processpl 1168 2966 0 2914 7 2 5 6 0 8 0 procpl 648 6995 0 6925 9 2 7 8 0 8 0 srpgc 96 27 0 27 4 4 0 1 0 8 0 sosppl 168 11 0 11 3 2 1 1 0 8 1 sockpl 688 6151 0 6119 81 69 12 26 0 8 8 mcl64k 65536 9 0 0 2 0 2 2 0 8 0 mcl16k 16384 1 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 124 0 0 15 0 15 15 0 8 0 mcl2k 2048 47 0 0 6 1 5 6 0 8 0 mtagpl 96 55 0 0 2 0 2 2 0 8 0 mbufpl 256 346 0 0 22 1 21 21 0 8 0 bufpl 280 8506 0 2350 440 0 440 440 0 8 0 anonpl 24 343022 0 336868 118 55 63 74 0 184 13 amapchunkpl 152 84420 0 83776 42 14 28 33 0 158 1 amappl16 200 6497 0 6396 59 44 15 19 0 8 8 amappl15 192 4 0 4 1 1 0 1 0 8 0 amappl14 184 193 0 181 1 0 1 1 0 8 0 amappl13 176 5 0 5 1 1 0 1 0 8 0 amappl12 168 3755 0 3723 3 1 2 2 0 8 0 amappl11 160 66 0 52 1 0 1 1 0 8 0 amappl10 152 3 0 3 1 1 0 1 0 8 0 amappl9 144 244 0 244 1 1 0 1 0 8 0 amappl8 136 30 0 27 1 0 1 1 0 8 0 amappl7 128 140 0 128 1 0 1 1 0 8 0 amappl6 120 326 0 321 1 0 1 1 0 8 0 amappl5 112 174 0 164 1 0 1 1 0 8 0 amappl4 104 400 0 381 1 0 1 1 0 8 0 amappl3 96 17604 0 17480 4 0 4 4 0 8 0 amappl2 88 924 0 861 2 0 2 2 0 8 0 amappl1 80 19010 0 18433 17 3 14 15 0 8 0 amappl 88 25343 0 25145 5 0 5 5 0 92 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma512 512 1 0 1 1 0 1 1 0 8 1 dma256 256 7 0 7 2 1 1 1 0 8 1 dma128 128 258 0 258 4 4 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 132 0 13 3 0 3 3 0 8 0 uaddrrnd 24 2924 0 2892 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2924 0 2892 1 0 1 1 0 8 0 vmmpekpl 168 22526 0 22470 4 0 4 4 0 8 0 vmmpepl 168 182036 0 180008 124 22 102 103 0 357 12 vmsppl 456 2923 0 2892 5 0 5 5 0 8 0 rwobjpl 64 54045 0 45251 143 0 143 143 0 8 0 pdppl 4096 5855 0 5784 123 52 71 85 0 8 0 pvpl 32 19359 0 0 158 2 156 156 0 265 0 pmappl 248 2923 0 2892 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 352 0 83 8 0 8 8 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x4e5e899d2d0, count: -1 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff800029aabff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 db_elf_sym_search(ffffffff81d1e3d0,0,ffff8000334b2100) at db_elf_sym_search+0x80 sys/ddb/db_elf.c:281 db_search_symbol(ffffffff81d1e3d0,0,ffff8000334b2170) at db_search_symbol+0x52 sys/ddb/db_sym.c:106 db_stack_trace_print(ffff8000334b2240,1,100,ffffffff83371675,ffffffff81d1e9f0) at db_stack_trace_print+0x2fe sys/arch/amd64/amd64/db_trace.c:147 db_stack_dump() at db_stack_dump+0xa5 sys/ddb/db_output.c:243 panic(ffffffff83406ed4) at panic+0x1d0 sys/kern/subr_prf.c:229 uvm_fault_unwire_locked(fffffd8066ca61e8,4000001d0000,4000001dc000) at uvm_fault_unwire_locked+0x48d sys/uvm/uvm_fault.c:1739 uvm_fault_wire(fffffd8066ca61e8,4000001d0000,4000001e1000,3) at uvm_fault_wire+0x12d uvm_fault_unwire sys/uvm/uvm_fault.c:1702 [inline] uvm_fault_wire(fffffd8066ca61e8,4000001d0000,4000001e1000,3) at uvm_fault_wire+0x12d sys/uvm/uvm_fault.c:1684 uvm_vslock_device(ffff8000ffff8020,4000001d0040,10000,3,ffff8000334b24f0) at uvm_vslock_device+0x112 sys/uvm/uvm_glue.c:168 physio(ffffffff819aa600,d02,8000,ffffffff819aae60,ffff8000334b27a8) at physio+0x277 sys/kern/kern_physio.c:139 spec_read(ffff8000334b2610) at spec_read+0x155 sys/kern/spec_vnops.c:215 VOP_READ(fffffd8072d75038,ffff8000334b27a8,0,fffffd807f7d3340) at VOP_READ+0x102 sys/kern/vfs_vops.c:227 end trace frame: 0xffff8000334b2700, count: 0 ddb{1}> trace x86_ipi_db(ffff800029aabff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 db_elf_sym_search(ffffffff81d1e3d0,0,ffff8000334b2100) at db_elf_sym_search+0x80 sys/ddb/db_elf.c:281 db_search_symbol(ffffffff81d1e3d0,0,ffff8000334b2170) at db_search_symbol+0x52 sys/ddb/db_sym.c:106 db_stack_trace_print(ffff8000334b2240,1,100,ffffffff83371675,ffffffff81d1e9f0) at db_stack_trace_print+0x2fe sys/arch/amd64/amd64/db_trace.c:147 db_stack_dump() at db_stack_dump+0xa5 sys/ddb/db_output.c:243 panic(ffffffff83406ed4) at panic+0x1d0 sys/kern/subr_prf.c:229 uvm_fault_unwire_locked(fffffd8066ca61e8,4000001d0000,4000001dc000) at uvm_fault_unwire_locked+0x48d sys/uvm/uvm_fault.c:1739 uvm_fault_wire(fffffd8066ca61e8,4000001d0000,4000001e1000,3) at uvm_fault_wire+0x12d uvm_fault_unwire sys/uvm/uvm_fault.c:1702 [inline] uvm_fault_wire(fffffd8066ca61e8,4000001d0000,4000001e1000,3) at uvm_fault_wire+0x12d sys/uvm/uvm_fault.c:1684 uvm_vslock_device(ffff8000ffff8020,4000001d0040,10000,3,ffff8000334b24f0) at uvm_vslock_device+0x112 sys/uvm/uvm_glue.c:168 physio(ffffffff819aa600,d02,8000,ffffffff819aae60,ffff8000334b27a8) at physio+0x277 sys/kern/kern_physio.c:139 spec_read(ffff8000334b2610) at spec_read+0x155 sys/kern/spec_vnops.c:215 VOP_READ(fffffd8072d75038,ffff8000334b27a8,0,fffffd807f7d3340) at VOP_READ+0x102 sys/kern/vfs_vops.c:227 vn_read(fffffd80694ca610,ffff8000334b27a8,1) at vn_read+0x17b sys/kern/vfs_vnops.c:369 dofilereadv(ffff8000ffff8020,3,ffff8000334b27a8,1,ffff8000334b2860) at dofilereadv+0x230 sys/kern/sys_generic.c:252 sys_pread(ffff8000ffff8020,ffff8000334b2910,ffff8000334b2860) at sys_pread+0xae sys/kern/vfs_syscalls.c:3296 syscall(ffff8000334b2910) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff8000334b2910) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x4e5ebae09e0, count: -19