panic: uvm_fault_unwire_locked: address not in map Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *120991 13259 0 0 0x4000000 1 syz-executor.2 193101 82290 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828507b4) at panic+0x17b sys/kern/subr_prf.c:198 uvm_fault_unwire_locked(fffffd80715ec020,20000000,20002000) at uvm_fault_unwire_locked+0x321 sys/uvm/uvm_fault.c:1663 uvm_fault_unwire(fffffd80715ec020,20000000,20002000) at uvm_fault_unwire+0x43 sys/uvm/uvm_fault.c:1623 sys_sysctl(ffff800021277d38,ffff8000213ddce0,ffff8000213ddd30) at sys_sysctl+0x239 sys/kern/kern_sysctl.c:256 syscall(ffff8000213dddb0) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff8000213dddb0) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x481383296f0, count: 8 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault_unwire_locked: address not in map ddb{1}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828507b4) at panic+0x17b sys/kern/subr_prf.c:198 uvm_fault_unwire_locked(fffffd80715ec020,20000000,20002000) at uvm_fault_unwire_locked+0x321 sys/uvm/uvm_fault.c:1663 uvm_fault_unwire(fffffd80715ec020,20000000,20002000) at uvm_fault_unwire+0x43 sys/uvm/uvm_fault.c:1623 sys_sysctl(ffff800021277d38,ffff8000213ddce0,ffff8000213ddd30) at sys_sysctl+0x239 sys/kern/kern_sysctl.c:256 syscall(ffff8000213dddb0) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff8000213dddb0) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x481383296f0, count: -7 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff8000213ddab0 rbx 0xffff800020d59ba7 rdx 0x3fd rcx 0 rax 0x33 r8 0x101010101010101 r9 0x8080808080808080 r10 0x418032f21762ca31 r11 0x18fb3598a6d72544 r12 0xffff800020d599a8 r13 0 r14 0 r15 0x1 rip 0xffffffff81f17f7c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff8000213ddaa0 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor.2) pid=120991 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff800021276aa0,0xffff800021276560 process=0xffff800021381508 user=0xffff8000213d8000, vmspace=0xfffffd80715ec020 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 13259 191158 83873 0 3 0x80 nanoslp syz-executor.2 *13259 120991 83873 0 7 0x4000000 syz-executor.2 13259 10796 83873 0 3 0x4000080 fsleep syz-executor.2 95842 406773 13170 0 3 0x80 nanoslp syz-executor.3 95842 155158 13170 0 3 0x4000080 fsleep syz-executor.3 95842 294530 13170 0 3 0x4000080 fsleep syz-executor.3 82290 317528 669 0 2 0 syz-executor.0 82290 193101 669 0 7 0x4000000 syz-executor.0 37367 183296 31460 0 2 0 syz-executor.6 37367 238305 31460 0 3 0x4000080 fsleep syz-executor.6 28316 129673 28325 0 3 0x82 piperd syz-executor.7 83873 488694 28325 0 3 0x82 nanoslp syz-executor.2 82437 410940 28325 0 3 0x82 nanoslp syz-executor.5 669 308219 28325 0 3 0x82 nanoslp syz-executor.0 13864 469722 28325 0 3 0x82 nanoslp syz-executor.4 31460 421702 28325 0 3 0x82 nanoslp syz-executor.6 13170 297701 28325 0 3 0x82 nanoslp syz-executor.3 28204 190615 28325 0 3 0x82 nanoslp syz-executor.1 28325 269014 45863 0 3 0x2000082 wait syz-execprog 28325 31369 45863 0 3 0x6000082 thrsleep syz-execprog 28325 26528 45863 0 3 0x6000082 thrsleep syz-execprog 28325 253754 45863 0 3 0x6000082 wait syz-execprog 28325 145965 45863 0 3 0x6000082 wait syz-execprog 28325 492629 45863 0 3 0x6000082 wait syz-execprog 28325 85545 45863 0 3 0x6000082 wait syz-execprog 28325 292859 45863 0 3 0x6000082 wait syz-execprog 28325 320730 45863 0 3 0x6000082 wait syz-execprog 28325 269863 45863 0 3 0x6000082 thrsleep syz-execprog 28325 505587 45863 0 3 0x6000082 thrsleep syz-execprog 28325 304695 45863 0 3 0x6000082 wait syz-execprog 28325 33655 45863 0 3 0x6000082 thrsleep syz-execprog 28325 415874 45863 0 3 0x6000082 thrsleep syz-execprog 28325 443602 45863 0 3 0x6000082 thrsleep syz-execprog 28325 372267 45863 0 3 0x6000082 kqread syz-execprog 45863 167043 55700 0 3 0x10008a sigsusp ksh 55700 352793 56142 0 3 0x9a kqread sshd 22895 269828 1 0 3 0x100083 ttyin getty 56142 420751 1 0 3 0x88 kqread sshd 87811 307268 60949 73 3 0x1100090 kqread syslogd 60949 408248 1 0 3 0x100082 netio syslogd 50687 213778 1 0 3 0x100080 kqread resolvd 22192 61788 89390 77 3 0x100092 kqread dhcpleased 23423 331762 89390 77 3 0x100092 kqread dhcpleased 89390 764 1 0 3 0x80 kqread dhcpleased 84471 459215 0 0 3 0x14200 bored smr 60772 228944 0 0 2 0x14200 zerothread 76938 93670 0 0 3 0x14200 aiodoned aiodoned 89018 433714 0 0 3 0x14200 syncer update 79539 184726 0 0 3 0x14200 cleaner cleaner 52156 475411 0 0 3 0x14200 reaper reaper 98662 258460 0 0 3 0x14200 pgdaemon pagedaemon 53614 111968 0 0 3 0x14200 bored viomb 71041 483106 0 0 3 0x40014200 acpi0 acpi0 49781 394699 0 0 3 0x40014200 idle1 64561 421042 0 0 3 0x14200 bored softnet3 38026 422642 0 0 3 0x14200 bored softnet2 59699 137245 0 0 3 0x14200 bored softnet1 7681 302638 0 0 3 0x14200 bored softnet0 50553 345991 0 0 3 0x14200 bored systqmp 45790 338555 0 0 3 0x14200 bored systq 23073 354117 0 0 3 0x40014200 bored softclock 44371 294703 0 0 3 0x40014200 idle0 1 36333 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks CPU 0: exclusive sched_lock &sched_lock r = 0 (0xffffffff82d288d8) #0 witness_lock+0x447 #1 sleep_finish+0x142 sys/kern/kern_synch.c:398 #2 sys_nanosleep+0x1f5 sys/kern/kern_time.c:297 #3 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] #3 syscall+0x606 sys/arch/amd64/amd64/trap.c:623 #4 Xsyscall+0x128 Process 13259 (syz-executor.2) thread 0xffff800021277d38 (120991) shared rwlock vmmaplk r = 0 (0xfffffd80715ec118) #0 witness_lock+0x447 #1 uvm_fault_unwire+0x35 sys/uvm/uvm_fault.c:1622 #2 sys_sysctl+0x239 sys/kern/kern_sysctl.c:256 #3 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] #3 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 #4 Xsyscall+0x128 exclusive rwlock sysctllk r = 0 (0xffffffff82c3a1f0) #0 witness_lock+0x447 #1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309 #2 sys_sysctl+0x1c3 sys/kern/kern_sysctl.c:235 #3 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] #3 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 #4 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82c779c8) #0 witness_lock+0x447 #1 syscall+0x5cd mi_syscall sys/sys/syscall_mi.h:110 [inline] #1 syscall+0x5cd sys/arch/amd64/amd64/trap.c:623 #2 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10180 6408K 6420K 78643K 11258 0 pcb 13 8K 8K 78643K 13 0 rtable 234 6K 6K 78643K 350 0 pf 29 8K 8K 78643K 29 0 ifaddr 44 15K 15K 78643K 46 0 ifgroup 50 2K 2K 78643K 50 0 counters 60 35K 35K 78643K 60 0 ioctlops 0 0K 2K 78643K 29 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1174 73K 74K 78643K 1187 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 14 49K 93K 78643K 8404 0 proc 55 78K 103K 78643K 470 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 99 7K 7K 78643K 99 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 25 122K 122K 78643K 25 0 exec 0 0K 1K 78643K 364 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 252 76K 77K 78643K 80784 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 11 0K 2K 78643K 27 0 temp 1 5904K 5968K 78643K 28770 0 kqueue 12 18K 18K 78643K 25 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 36 0 33 1 0 1 1 0 8 0 rtentry 112 111 0 1 4 0 4 4 0 8 0 unpcb 144 33 0 20 1 0 1 1 0 8 0 syncache 304 5 0 5 2 2 0 1 0 8 0 tcpqe 32 116 0 116 1 1 0 1 0 8 0 tcpcb 808 8 0 5 1 0 1 1 0 8 0 arp 120 18 0 0 1 0 1 1 0 8 0 inpcb 368 58 0 52 1 0 1 1 0 8 0 nd6 136 24 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 452 0 0 29 0 29 29 0 8 0 art_table 32 453 0 0 4 0 4 4 0 8 0 art_node 16 110 0 10 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 9757 0 8318 90 0 90 90 0 8 0 ffsino 272 9757 0 8318 96 0 96 96 0 8 0 nchpl 144 34692 0 33002 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 47374 0 47374 3 2 1 2 0 8 1 percpumem 16 43 0 0 1 0 1 1 0 8 0 kstatmem 264 22 0 0 2 0 2 2 0 8 0 scxspl 216 56117 0 56117 10 9 1 8 1 8 1 plimitpl 152 34 0 19 1 0 1 1 0 8 0 sigapl 424 8704 0 8659 6 0 6 6 0 8 0 futexpl 64 33889 0 33885 1 0 1 1 0 8 0 knotepl 120 106 0 0 4 0 4 4 0 8 0 kqueuepl 216 21 0 13 1 0 1 1 0 8 0 pipepl 320 139 0 111 4 1 3 3 0 8 0 fdescpl 496 8687 0 8662 6 2 4 5 0 8 0 filepl 152 18112 0 17984 6 0 6 6 0 8 1 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 25 0 9 1 0 1 1 0 8 0 pgrppl 48 25 0 9 1 0 1 1 0 8 0 ucredpl 104 66 0 56 1 0 1 1 0 8 0 zombiepl 144 8662 0 8659 2 1 1 1 0 8 0 processpl 1072 8704 0 8659 4 0 4 4 0 8 0 procpl 680 21325 0 21259 8 2 6 7 0 8 0 sockpl 488 127 0 105 4 1 3 4 0 8 0 mcl8k 8192 7 0 0 1 0 1 1 0 8 0 mcl4k 4096 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 246 0 0 31 5 26 31 0 8 0 mtagpl 96 2 0 0 1 0 1 1 0 8 0 mbufpl 256 386 0 0 16 1 15 16 0 8 0 bufpl 288 12350 0 6022 453 0 453 453 0 8 0 anonpl 24 737408 0 732001 68 34 34 52 0 186 0 amapchunkpl 152 254692 0 254067 34 5 29 29 0 158 3 amappl16 200 14289 0 14197 10 4 6 6 0 8 0 amappl15 192 14 0 14 2 2 0 1 0 8 0 amappl14 184 168 0 155 2 1 1 2 0 8 0 amappl13 176 16 0 15 1 0 1 1 0 8 0 amappl12 168 9313 0 9287 2 0 2 2 0 8 0 amappl11 160 56 0 46 1 0 1 1 0 8 0 amappl10 152 25 0 17 2 1 1 1 0 8 0 amappl9 144 208 0 205 2 1 1 1 0 8 0 amappl8 136 150 0 114 2 0 2 2 0 8 0 amappl7 128 78 0 63 2 0 2 2 0 8 0 amappl6 120 225 0 207 1 0 1 1 0 8 0 amappl5 112 163 0 155 1 0 1 1 0 8 0 amappl4 104 560 0 527 2 0 2 2 0 8 0 amappl3 96 50848 0 50776 3 0 3 3 0 8 1 amappl2 88 8928 0 8866 4 2 2 3 0 8 0 amappl1 80 35612 0 35111 26 15 11 22 0 8 0 amappl 88 80293 0 80123 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 8687 0 8662 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 8687 0 8662 1 0 1 1 0 8 0 vmmpekpl 168 60309 0 60279 2 0 2 2 0 8 0 vmmpepl 168 418007 0 416396 119 41 78 111 0 357 3 vmsppl 464 8686 0 8662 6 2 4 5 0 8 0 rwobjpl 56 119163 0 112235 100 1 99 99 0 8 1 pdppl 4096 17382 0 17324 140 74 66 80 0 8 8 pvpl 32 1956779 0 1946524 352 72 280 333 0 265 195 pmappl 248 8686 0 8662 4 2 2 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 877 0 86 23 0 23 23 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffffffff82b7fff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82c777c0) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82c777c0) at __mp_lock+0x122 sys/kern/kern_lock.c:147 softintr_dispatch(0) at softintr_dispatch+0x52 sys/arch/amd64/amd64/softintr.c:88 Xsoftclock() at Xsoftclock+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x10 sys/dev/kcov.c:154 syscall(ffff8000213b5e00) at syscall+0x5cd mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff8000213b5e00) at syscall+0x5cd sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc8ffd48a400, count: 6 ddb{0}> trace x86_ipi_db(ffffffff82b7fff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82c777c0) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82c777c0) at __mp_lock+0x122 sys/kern/kern_lock.c:147 softintr_dispatch(0) at softintr_dispatch+0x52 sys/arch/amd64/amd64/softintr.c:88 Xsoftclock() at Xsoftclock+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x10 sys/dev/kcov.c:154 syscall(ffff8000213b5e00) at syscall+0x5cd mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff8000213b5e00) at syscall+0x5cd sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xc8ffd48a400, count: -9 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x1c: addq $0x8,%rsp db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828507b4) at panic+0x17b sys/kern/subr_prf.c:198 uvm_fault_unwire_locked(fffffd80715ec020,20000000,20002000) at uvm_fault_unwire_locked+0x321 sys/uvm/uvm_fault.c:1663 uvm_fault_unwire(fffffd80715ec020,20000000,20002000) at uvm_fault_unwire+0x43 sys/uvm/uvm_fault.c:1623 sys_sysctl(ffff800021277d38,ffff8000213ddce0,ffff8000213ddd30) at sys_sysctl+0x239 sys/kern/kern_sysctl.c:256 syscall(ffff8000213dddb0) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff8000213dddb0) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x481383296f0, count: 8 ddb{1}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828507b4) at panic+0x17b sys/kern/subr_prf.c:198 uvm_fault_unwire_locked(fffffd80715ec020,20000000,20002000) at uvm_fault_unwire_locked+0x321 sys/uvm/uvm_fault.c:1663 uvm_fault_unwire(fffffd80715ec020,20000000,20002000) at uvm_fault_unwire+0x43 sys/uvm/uvm_fault.c:1623 sys_sysctl(ffff800021277d38,ffff8000213ddce0,ffff8000213ddd30) at sys_sysctl+0x239 sys/kern/kern_sysctl.c:256 syscall(ffff8000213dddb0) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff8000213dddb0) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x481383296f0, count: -7