panic: kernel diagnostic assertion "va >= entry->start" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_fault.c", line 1739 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *487738 6918 0 0 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83407b62) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833b441d,ffffffff833267f1,6cb,ffffffff83308a0a) at __assert+0x29 uvm_fault_unwire_locked(fffffd807dd5ee18,400000000000,400000010000) at uvm_fault_unwire_locked+0x4c1 uvm_fault_unwire(fffffd807dd5ee18,400000000000,400000010000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1702 kern_sysctl_dirs(50,ffff80003cb2fba8,1,400000000100,ffff80003cb2fbd8,0,5dcba8977545aaf8,1) at kern_sysctl_dirs+0x5d1 kern_sysctl(ffff80003cb2fba4,2,400000000100,ffff80003cb2fbd8,0,37,7cd3ddab31ac2ac0) at kern_sysctl+0x12d sys/kern/kern_sysctl.c:526 sys_sysctl(ffff80002a7fc7e0,ffff80003cb2fd10,ffff80003cb2fc60) at sys_sysctl+0x425 syscall(ffff80003cb2fd10) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa760cd32730, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "va >= entry->start" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_fault.c", line 1739 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83407b62) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833b441d,ffffffff833267f1,6cb,ffffffff83308a0a) at __assert+0x29 uvm_fault_unwire_locked(fffffd807dd5ee18,400000000000,400000010000) at uvm_fault_unwire_locked+0x4c1 uvm_fault_unwire(fffffd807dd5ee18,400000000000,400000010000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1702 kern_sysctl_dirs(50,ffff80003cb2fba8,1,400000000100,ffff80003cb2fbd8,0,5dcba8977545aaf8,1) at kern_sysctl_dirs+0x5d1 kern_sysctl(ffff80003cb2fba4,2,400000000100,ffff80003cb2fbd8,0,37,7cd3ddab31ac2ac0) at kern_sysctl+0x12d sys/kern/kern_sysctl.c:526 sys_sysctl(ffff80002a7fc7e0,ffff80003cb2fd10,ffff80003cb2fc60) at sys_sysctl+0x425 syscall(ffff80003cb2fd10) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa760cd32730, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003cb2f780 rbx 0x400000004000 rdx 0 rcx 0 rax 0xffff80002a7fc7e0 r8 0 r9 0x8080808080808080 r10 0x7be9fa7f0dd8ff13 r11 0xe7c3c1a977649f53 r12 0 r13 0xffffffff834feae8 uvm_map_addr_RBT_INFO r14 0 r15 0x1 rip 0xffffffff821f53e5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003cb2f770 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=487738 pid=6918 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=36, usrpri=86, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a8a2fa0,0xffff80002a7fd230 process=0xffff8000ffff9178 user=0xffff80003cb2a000, vmspace=0xfffffd807dd5ee18 estcpu=36, cpticks=20, pctcpu=0.0, user=0, sys=20, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 61457 323690 51923 0 3 0 futex syz-executor 61457 125034 51923 0 3 0x4000000 futex syz-executor 13034 9897 16912 0 2 0 syz-executor 46449 468878 74379 0 2 0 syz-executor 46449 315986 74379 0 2 0x4000000 syz-executor 46449 108873 74379 0 3 0x4000080 fsleep syz-executor 6918 39652 21805 0 2 0 syz-executor 6918 102399 21805 0 2 0x4000000 syz-executor * 6918 487738 21805 0 7 0x4000000 syz-executor 6918 258117 21805 0 2 0x4000000 syz-executor 28524 243583 65315 0 2 0 syz-executor 28524 149551 65315 0 3 0x4000080 ttyout syz-executor 28524 374079 65315 0 3 0x4000080 fsleep syz-executor 28524 261030 65315 0 2 0x4000000 syz-executor 8484 86668 64585 0 3 0 futex syz-executor 8484 52521 64585 0 3 0x4000080 fsleep syz-executor 8484 190821 64585 0 3 0x4000080 fsleep syz-executor 19136 313326 91650 0 3 0x3000 suspend syz-executor 19136 488056 91650 0 3 0x4081000 futex syz-executor 19136 461003 91650 0 3 0x4081000 futex syz-executor 74379 415799 24213 0 2 0x482 syz-executor 45909 364273 24213 0 2 0x2 syz-executor 21805 509407 24213 0 2 0x3 syz-executor 64585 273100 24213 0 2 0x482 syz-executor 16912 405351 24213 0 2 0x482 syz-executor 65315 44430 24213 0 2 0x3 syz-executor 91650 53138 24213 0 2 0x482 syz-executor 34273 445069 1 0 3 0x100083 ttyin getty 51923 372018 24213 0 2 0x482 syz-executor 61656 207834 0 0 3 0x14280 nfsidl nfsio 12459 316582 0 0 3 0x14280 nfsidl nfsio 58188 251122 0 0 3 0x14280 nfsidl nfsio 56628 61384 0 0 3 0x14280 nfsidl nfsio 61315 122354 0 0 3 0x14280 nfsidl nfsio 31826 275209 0 0 3 0x14280 nfsidl nfsio 89025 265217 0 0 3 0x14280 nfsidl nfsio 9211 165868 0 0 3 0x14280 nfsidl nfsio 78923 1752 0 0 3 0x14280 nfsidl nfsio 97837 57294 0 0 3 0x14280 nfsidl nfsio 55430 285003 0 0 3 0x14280 nfsidl nfsio 8732 264373 0 0 3 0x14280 nfsidl nfsio 94776 52137 0 0 3 0x14280 nfsidl nfsio 72054 333902 0 0 3 0x14280 nfsidl nfsio 74887 206584 0 0 3 0x14280 nfsidl nfsio 47905 11126 0 0 3 0x14280 nfsidl nfsio 6511 291677 0 0 3 0x14280 nfsidl nfsio 92475 223047 0 0 3 0x14280 nfsidl nfsio 41576 104302 0 0 3 0x14280 nfsidl nfsio 42271 108980 0 0 3 0x14280 nfsidl nfsio 16585 279583 0 0 3 0x14200 bored sosplice 24213 65906 14828 0 3 0x82 kqread syz-executor 14828 59535 2059 0 3 0x10008a sigsusp ksh 2059 445068 20166 0 3 0x98 kqread sshd-session 20166 162365 20974 0 3 0x92 kqread sshd-session 20974 451428 1 0 3 0x88 kqread sshd 88526 178451 93256 73 3 0x1100090 kqread syslogd 93256 462146 1 0 3 0x100082 sbwait syslogd 42778 502494 1 0 3 0x100080 kqread resolvd 91819 254938 5502 77 3 0x100092 kqread dhcpleased 47027 507069 5502 77 3 0x100092 kqread dhcpleased 5502 22570 1 0 3 0x80 kqread dhcpleased 51412 136292 0 0 3 0x14200 bored smr 95853 504728 0 0 2 0x14200 zerothread 89603 473442 0 0 3 0x14200 aiodoned aiodoned 87163 165335 0 0 3 0x14200 syncer update 96589 262596 0 0 3 0x14200 cleaner cleaner 1897 464280 0 0 3 0x14200 reaper reaper 21672 89855 0 0 3 0x14200 pgdaemon pagedaemon 97675 176761 0 0 3 0x14200 bored viomb 65289 349411 0 0 3 0x40014200 acpi0 acpi0 31590 497375 0 0 3 0x14200 bored softnet3 29770 221581 0 0 3 0x14200 bored softnet2 40350 281357 0 0 3 0x14200 bored softnet1 85409 272922 0 0 2 0x14200 softnet0 35855 256850 0 0 3 0x14200 bored systqmp 86440 138318 0 0 3 0x14200 bored systq 11766 391142 0 0 2 0x40014200 softclock 14547 38559 0 0 3 0x40014200 idle0 1 394184 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10212 11070K 11574K 166960K 14644 0 pcb 18 20K 22K 166960K 1108 0 rtable 196 14K 16K 166960K 1272 0 pf 34 14K 21K 166960K 350 0 ifaddr 33 7K 8K 166960K 248 0 ifgroup 44 1K 2K 166960K 396 0 sysctl 4 1K 5K 166960K 14 0 counters 29 17K 18K 166960K 218 0 ioctlops 0 0K 8K 166960K 782 0 iov 0 0K 24K 166960K 381 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1462 92K 92K 166960K 4520 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 98 0 VM map 2 1K 1K 166960K 2 0 sem 26 41K 41K 166960K 85 0 dirhash 12 2K 3K 166960K 90 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 240K 166960K 4648 0 sigio 0 0K 0K 166960K 188 0 proc 61 59K 124K 166960K 1322 0 subproc 72 4K 4K 166960K 208 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 755 0 in_multi 65 5K 7K 166960K 413 0 ether_multi 1 0K 0K 166960K 41 0 mrt 1 0K 0K 166960K 11 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 271 1208K 1208K 166960K 271 0 exec 0 0K 1K 166960K 1261 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 8 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 234 73K 93K 166960K 43737 0 UVM aobj 87 4K 5K 166960K 107 0 pinsyscall 39 78K 96K 166960K 6091 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 271 0 NDP 10 0K 2K 166960K 176 0 temp 80 8636K 8764K 166960K 172391 0 kqueue 16 26K 32K 166960K 871 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 483 0 480 3 2 1 3 0 8 0 rtentry 112 397 0 325 4 0 4 4 0 8 0 unpcb 144 4262 0 4242 24 22 2 6 0 8 1 syncache 336 11 0 11 5 5 0 1 0 8 0 tcpqe 32 3 0 3 2 2 0 1 0 8 0 tcpcb 808 1624 0 1620 39 38 1 11 0 8 0 arp 88 70 0 55 1 0 1 1 0 8 0 ipq 40 21 0 19 1 0 1 1 0 8 0 ipqe 40 45 0 43 1 0 1 1 0 8 0 inpcb 344 5942 0 5932 57 55 2 13 0 8 0 nd6 104 92 0 76 1 0 1 1 0 8 0 pkpcb 40 70 0 70 8 7 1 1 0 8 1 kcovpl 48 23 0 15 1 0 1 1 0 8 0 mppekey 1024 6 0 6 3 3 0 1 0 8 0 ppxss 1072 144 0 143 6 5 1 1 0 8 0 pppxif 1376 20 0 20 6 6 0 1 0 8 0 pfstscr 40 1 0 1 1 1 0 1 0 8 0 pfrktable 1344 5 0 2 1 0 1 1 0 8 0 pfanchor 1288 3 0 0 1 0 1 1 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfqueue 320 1 0 1 1 1 0 1 0 8 0 pfstitem 24 3 0 0 1 0 1 1 0 8 0 pfstkey 128 4 0 1 1 0 1 1 0 8 0 pfstate 344 3 0 1 1 0 1 1 0 8 0 pfrule 1344 11 0 10 4 3 1 1 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 1533 0 1231 34 7 27 29 0 8 0 art_table 32 1537 0 1231 4 0 4 4 0 8 0 art_node 16 376 0 314 1 0 1 1 0 8 0 sysvmsgpl 40 20 0 8 1 0 1 1 0 8 0 semupl 112 4 0 4 3 3 0 1 0 8 0 semapl 112 73 0 49 1 0 1 1 0 8 0 shmpl 112 104 0 20 3 0 3 3 0 8 0 dirhash 1024 70 0 53 3 0 3 3 0 8 0 dino2pl 256 9964 0 8442 96 0 96 96 0 8 0 ffsino 248 9964 0 8442 96 0 96 96 0 8 0 nchpl 144 16468 0 15901 64 40 24 64 0 8 0 rtmask 32 29 0 29 6 6 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 61642 0 61642 8 7 1 2 0 8 1 pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0 kstatmem 264 256 0 236 2 0 2 2 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 18 0 18 5 5 0 1 0 8 0 scxspl 216 47860 0 47860 16 15 1 8 1 8 1 plimitpl 152 1587 0 1570 1 0 1 1 0 8 0 sigapl 424 4912 0 4845 9 1 8 8 0 8 0 futexpl 64 69765 0 69758 1 0 1 1 0 8 0 knotepl 120 875799 0 875744 118 114 4 17 0 8 0 kqueuepl 184 1693 0 1680 11 10 1 4 0 8 0 pipepl 296 629 0 565 9 4 5 5 0 8 0 fdescpl 440 4866 0 4836 5 1 4 5 0 8 0 filepl 120 37917 0 37621 34 25 9 15 0 8 0 lockfpl 104 1591 0 1585 2 1 1 2 0 8 0 lockfspl 48 505 0 499 1 0 1 1 0 8 0 sessionpl 144 46 0 38 1 0 1 1 0 8 0 pgrppl 48 158 0 142 1 0 1 1 0 8 0 ucredpl 104 7708 0 7696 1 0 1 1 0 8 0 zombiepl 144 5631 0 5631 3 2 1 1 0 8 1 processpl 1112 4912 0 4845 5 0 5 5 0 8 0 procpl 656 11672 0 11591 9 1 8 8 0 8 0 sosppl 168 20 0 20 7 7 0 1 0 8 0 sockpl 528 10913 0 10880 64 59 5 15 0 8 2 mcl64k 65536 69 0 69 9 8 1 1 0 8 1 mcl16k 16384 7 0 7 4 4 0 1 0 8 0 mcl12k 12288 4 0 4 3 3 0 1 0 8 0 mcl9k 9216 5 0 5 4 4 0 1 0 8 0 mcl8k 8192 128 0 128 7 7 0 1 0 8 0 mcl4k 4096 8587 0 8537 19 11 8 13 0 8 0 mcl2k2 2112 1 0 1 1 1 0 1 0 8 0 mcl2k 2048 5006 0 4999 8 6 2 4 0 8 0 mtagpl 96 135 0 135 4 4 0 3 0 8 0 mbufpl 256 55556 0 55421 36 21 15 25 0 8 0 bufpl 280 12492 0 6264 446 0 446 446 0 8 0 anonpl 24 604292 0 590724 152 49 103 119 0 187 0 amapchunkpl 152 179992 0 179350 101 71 30 40 0 158 3 amappl16 200 10705 0 10166 58 18 40 42 0 8 0 amappl15 192 15 0 15 1 1 0 1 0 8 0 amappl14 184 151 0 141 1 0 1 1 0 8 0 amappl13 176 8 0 8 2 2 0 1 0 8 0 amappl12 168 5710 0 5681 2 0 2 2 0 8 0 amappl11 160 47 0 37 1 0 1 1 0 8 0 amappl10 152 20 0 20 3 3 0 1 0 8 0 amappl9 144 238 0 237 2 1 1 1 0 8 0 amappl8 136 30 0 28 1 0 1 1 0 8 0 amappl7 128 138 0 127 1 0 1 1 0 8 0 amappl6 120 329 0 325 1 0 1 1 0 8 0 amappl5 112 180 0 173 1 0 1 1 0 8 0 amappl4 104 377 0 362 1 0 1 1 0 8 0 amappl3 96 30419 0 30304 5 1 4 4 0 8 0 amappl2 88 915 0 858 2 0 2 2 0 8 0 amappl1 80 23303 0 22777 15 3 12 13 0 8 0 amappl 88 42911 0 42727 6 1 5 5 0 92 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma16384 16384 1 0 1 1 1 0 1 0 8 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 3 0 3 3 3 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma512 512 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 259 0 259 6 6 0 1 0 8 0 dma64 64 7 0 7 2 2 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 106 0 20 2 0 2 2 0 8 0 uaddrrnd 24 4866 0 4836 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4866 0 4836 1 0 1 1 0 8 0 vmmpekpl 168 32046 0 31979 5 1 4 4 0 8 0 vmmpepl 168 296633 0 294342 144 24 120 123 0 357 1 vmsppl 360 4865 0 4836 4 1 3 4 0 8 0 rwobjpl 32 74301 0 66899 62 0 62 62 0 8 0 pdppl 4096 9739 0 9672 195 128 67 83 0 8 0 pvpl 32 1949445 0 1930306 302 104 198 224 0 265 3 pmappl 216 4865 0 4836 3 1 2 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 480 0 254 8 0 8 8 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83407b62) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833b441d,ffffffff833267f1,6cb,ffffffff83308a0a) at __assert+0x29 uvm_fault_unwire_locked(fffffd807dd5ee18,400000000000,400000010000) at uvm_fault_unwire_locked+0x4c1 uvm_fault_unwire(fffffd807dd5ee18,400000000000,400000010000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1702 kern_sysctl_dirs(50,ffff80003cb2fba8,1,400000000100,ffff80003cb2fbd8,0,5dcba8977545aaf8,1) at kern_sysctl_dirs+0x5d1 kern_sysctl(ffff80003cb2fba4,2,400000000100,ffff80003cb2fbd8,0,37,7cd3ddab31ac2ac0) at kern_sysctl+0x12d sys/kern/kern_sysctl.c:526 sys_sysctl(ffff80002a7fc7e0,ffff80003cb2fd10,ffff80003cb2fc60) at sys_sysctl+0x425 syscall(ffff80003cb2fd10) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa760cd32730, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff83407b62) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833b441d,ffffffff833267f1,6cb,ffffffff83308a0a) at __assert+0x29 uvm_fault_unwire_locked(fffffd807dd5ee18,400000000000,400000010000) at uvm_fault_unwire_locked+0x4c1 uvm_fault_unwire(fffffd807dd5ee18,400000000000,400000010000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1702 kern_sysctl_dirs(50,ffff80003cb2fba8,1,400000000100,ffff80003cb2fbd8,0,5dcba8977545aaf8,1) at kern_sysctl_dirs+0x5d1 kern_sysctl(ffff80003cb2fba4,2,400000000100,ffff80003cb2fbd8,0,37,7cd3ddab31ac2ac0) at kern_sysctl+0x12d sys/kern/kern_sysctl.c:526 sys_sysctl(ffff80002a7fc7e0,ffff80003cb2fd10,ffff80003cb2fc60) at sys_sysctl+0x425 syscall(ffff80003cb2fd10) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa760cd32730, count: -10