panic: kernel diagnostic assertion "uvm_page_owner_locked_p(pg)" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 1269 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *343294 64648 0 0x14000 0x200 0 reaper db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82584108) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f4fba,ffffffff825a2dde,4f5,ffffffff825a2e11) at __assert+0x25 sys/kern/subr_prf.c:157 uvm_pageunwire(fffffd8005f08300) at uvm_pageunwire+0x16b sys/uvm/uvm_page.c:1269 uvm_fault_unwire_locked(fffffd806d71b9a0,5dcd61dd000,5dcd61de000) at uvm_fault_unwire_locked+0x236 sys/uvm/uvm_fault.c:1683 uvm_unmap_kill_entry_withlock(fffffd806d71b9a0,fffffd80760af0e8,0) at uvm_unmap_kill_entry_withlock+0x62 sys/uvm/uvm_map.c:1924 uvm_map_teardown(fffffd806d71b9a0) at uvm_map_teardown+0x157 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd806d71b9a0) at uvm_map_teardown+0x157 sys/uvm/uvm_map.c:2578 uvmspace_free(fffffd806d71b9a0) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3513 reaper(ffff8000ffff9a48) at reaper+0x15d sys/kern/kern_exit.c:448 end trace frame: 0x0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "uvm_page_owner_locked_p(pg)" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 1269 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82584108) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f4fba,ffffffff825a2dde,4f5,ffffffff825a2e11) at __assert+0x25 sys/kern/subr_prf.c:157 uvm_pageunwire(fffffd8005f08300) at uvm_pageunwire+0x16b sys/uvm/uvm_page.c:1269 uvm_fault_unwire_locked(fffffd806d71b9a0,5dcd61dd000,5dcd61de000) at uvm_fault_unwire_locked+0x236 sys/uvm/uvm_fault.c:1683 uvm_unmap_kill_entry_withlock(fffffd806d71b9a0,fffffd80760af0e8,0) at uvm_unmap_kill_entry_withlock+0x62 sys/uvm/uvm_map.c:1924 uvm_map_teardown(fffffd806d71b9a0) at uvm_map_teardown+0x157 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd806d71b9a0) at uvm_map_teardown+0x157 sys/uvm/uvm_map.c:2578 uvmspace_free(fffffd806d71b9a0) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3513 reaper(ffff8000ffff9a48) at reaper+0x15d sys/kern/kern_exit.c:448 end trace frame: 0x0, count: -9 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000216bfdb0 rbx 0xfffffd8005f08300 rdx 0 rcx 0 rax 0xffff8000ffff9a48 r8 0x101010101010101 r9 0x8080808080808080 r10 0x453c4f46ecdfc180 r11 0xcb149e9dafa89a8a r12 0 r13 0xffff8000216bfed8 r14 0 r15 0x1 rip 0xffffffff818efcf8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000216bfda0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (reaper) pid=343294 stat=onproc flags process=14000 proc=200 pri=85, usrpri=85, nice=20 forw=0xffffffffffffffff, list=0xffff8000fffffce0,0xffff8000ffff97b8 process=0xffff8000ffffa3f8 user=0xffff8000216bb000, vmspace=0xffffffff82a4ae58 estcpu=35, cpticks=7, pctcpu=19.32 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 32682 189935 1 0 3 0x100083 ttyopn getty 68515 447244 0 0 3 0x14280 nfsidl nfsio 28788 446298 0 0 3 0x14280 nfsidl nfsio 29913 143180 0 0 3 0x14280 nfsidl nfsio 8140 455910 0 0 3 0x14280 nfsidl nfsio 52767 451985 0 0 3 0x14280 nfsidl nfsio 48020 309169 0 0 3 0x14280 nfsidl nfsio 34587 210189 0 0 3 0x14280 nfsidl nfsio 33316 37968 0 0 3 0x14280 nfsidl nfsio 43801 275673 0 0 3 0x14280 nfsidl nfsio 22761 267744 0 0 3 0x14280 nfsidl nfsio 98864 163035 0 0 3 0x14280 nfsidl nfsio 55904 84104 0 0 3 0x14280 nfsidl nfsio 90096 222873 0 0 3 0x14280 nfsidl nfsio 48767 22396 0 0 3 0x14280 nfsidl nfsio 50560 191187 0 0 3 0x14280 nfsidl nfsio 7739 77301 0 0 3 0x14280 nfsidl nfsio 45336 460891 0 0 3 0x14280 nfsidl nfsio 55779 484059 0 0 3 0x14280 nfsidl nfsio 91512 394864 0 0 3 0x14280 nfsidl nfsio 61188 179053 0 0 3 0x14280 nfsidl nfsio 40313 388385 0 0 3 0x14200 bored sosplice 19176 487032 77840 0 3 0x82 wait syz-fuzzer 19176 392299 77840 0 2 0x4000482 syz-fuzzer 19176 13184 77840 0 3 0x4000082 wait syz-fuzzer 19176 187566 77840 0 3 0x4000082 wait syz-fuzzer 19176 159700 77840 0 3 0x4000082 kqread syz-fuzzer 19176 100569 77840 0 3 0x4000082 thrsleep syz-fuzzer 19176 24496 77840 0 3 0x4000082 wait syz-fuzzer 19176 158050 77840 0 3 0x4000082 thrsleep syz-fuzzer 19176 50423 77840 0 3 0x4000082 thrsleep syz-fuzzer 19176 129933 77840 0 3 0x4000082 wait syz-fuzzer 19176 302649 77840 0 3 0x4000082 thrsleep syz-fuzzer 19176 204616 77840 0 3 0x4000082 wait syz-fuzzer 19176 45085 77840 0 3 0x4000082 wait syz-fuzzer 19176 49848 77840 0 3 0x4000082 wait syz-fuzzer 77840 325336 44902 0 3 0x10008a sigsusp ksh 44902 435568 91643 0 3 0x9a kqread sshd 91643 325461 1 0 3 0x88 kqread sshd 33989 220030 34358 73 2 0x1100010 syslogd 34358 241302 1 0 3 0x100082 netio syslogd 43812 444824 1 0 3 0x100080 kqread resolvd 95878 426039 9985 77 3 0x100092 kqread dhcpleased 60308 36677 9985 77 3 0x100092 kqread dhcpleased 9985 132835 1 0 3 0x80 kqread dhcpleased 81569 20901 0 0 3 0x14200 bored smr 58877 59498 0 0 2 0x14200 zerothread 23414 402978 0 0 3 0x14200 aiodoned aiodoned 99034 405060 0 0 3 0x14200 syncer update 43439 227490 0 0 3 0x14200 cleaner cleaner *64648 343294 0 0 7 0x14200 reaper 69597 14788 0 0 3 0x14200 pgdaemon pagedaemon 69998 343367 0 0 3 0x14200 bored viomb 97173 347956 0 0 3 0x40014200 acpi0 acpi0 68638 92182 0 0 3 0x14200 bored softnet 84010 25954 0 0 3 0x14200 bored softnet 36821 487836 0 0 3 0x14200 bored softnet 17988 250976 0 0 3 0x14200 bored softnet 60119 226307 0 0 3 0x14200 bored systqmp 27563 272540 0 0 3 0x14200 bored systq 38556 334445 0 0 3 0x40014200 bored softclock 94060 292220 0 0 3 0x40014200 idle0 1 490207 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10213 6436K 7263K 78643K 33952 0 pcb 13 20K 22K 78643K 6980 0 rtable 152 14K 17K 78643K 6460 0 ifaddr 124 34K 37K 78643K 1950 0 sysctl 2 0K 0K 78643K 12 0 counters 24 16K 17K 78643K 825 0 ioctlops 0 0K 4K 78643K 4313 0 iov 0 0K 32K 78643K 4018 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1729 108K 109K 78643K 41588 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 164 0 VM map 2 0K 0K 78643K 2 0 sem 14 16K 32K 78643K 328 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 6 17K 77K 78643K 20195 0 sigio 0 0K 0K 78643K 472 0 proc 65 59K 83K 78643K 4172 0 subproc 52 3K 7K 78643K 1456 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1100 0 in_multi 59 3K 6K 78643K 1792 0 ether_multi 1 0K 0K 78643K 94 0 mrt 1 0K 0K 78643K 568 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 241 1076K 1076K 78643K 241 0 exec 0 0K 1K 78643K 4672 0 pfkey data 0 0K 0K 78643K 73 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 362 91K 107K 78643K 129680 0 UVM aobj 131 4K 4K 78643K 138 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 1634 0 NDP 10 0K 1K 78643K 630 0 temp 127 4686K 5710K 78643K 269838 0 kqueue 12 18K 28K 78643K 1557 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 2375 0 2372 38 37 1 5 0 8 0 rtentry 112 1951 0 1891 6 3 3 4 0 8 0 unpcb 144 20088 0 20075 243 242 1 11 0 8 0 syncache 296 141 0 141 36 36 0 1 0 8 0 tcpqe 32 263 13 263 20 20 0 1 0 8 0 tcpcb 776 7830 0 7824 282 281 1 14 0 8 0 arp 88 242 0 232 1 0 1 1 0 8 0 ipq 40 7 0 7 4 4 0 1 0 8 0 ipqe 40 26 0 26 4 4 0 1 0 8 0 inpcb 336 25412 0 25403 378 377 1 15 0 8 0 nd6 48 364 0 352 1 0 1 1 0 8 0 pkpcb 40 122 0 122 11 11 0 1 0 8 0 kcovpl 48 112 0 108 1 0 1 1 0 8 0 mppekey 1024 7 0 7 3 3 0 1 0 8 0 ppxss 1160 520 0 520 41 41 0 1 0 8 0 pppxif 1352 343 0 343 34 34 0 1 0 8 0 pfosfp 40 988 0 977 1 0 1 1 0 8 0 pfosfpen 112 988 0 955 1 0 1 1 0 8 0 pfanchor 1280 1065 29 553 50 7 43 43 0 8 0 rttmr 136 231 0 231 11 11 0 1 0 8 0 art_heap8 4096 13 0 12 10 9 1 2 0 8 0 art_heap4 256 8063 0 7765 84 60 24 31 0 8 0 art_table 32 8076 0 7777 7 3 4 4 0 8 0 art_node 16 1900 0 1849 1 0 1 1 0 8 0 sysvmsgpl 40 35 0 34 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 314 0 302 1 0 1 1 0 8 0 shmpl 112 135 0 7 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 29165 0 27684 93 0 93 93 0 8 0 ffsino 240 29165 0 27684 88 0 88 88 0 8 0 nchpl 144 56619 0 54989 63 0 63 63 0 8 0 rtmask 32 12 0 12 4 4 0 1 0 8 0 uvmvnodes 80 6562 0 0 134 0 134 134 0 8 0 vnodes 216 6562 0 0 365 0 365 365 0 8 0 namei 1024 249244 0 249244 11 10 1 2 0 8 1 kstatmem 264 772 0 752 11 8 3 3 0 8 0 scsiplug 72 3 0 3 1 1 0 1 0 8 0 scxspl 216 152299 0 152299 42 41 1 8 0 8 1 plimitpl 152 2393 0 2377 1 0 1 1 0 8 0 sigapl 424 20443 0 20377 8 0 8 8 0 8 0 futexpl 64 222498 0 222498 6 5 1 1 0 8 1 knotepl 120 300717 0 300653 146 142 4 11 0 8 0 kqueuepl 184 4524 0 4516 79 78 1 6 0 8 0 pipepl 288 5288 0 5268 114 111 3 11 0 8 0 fdescpl 432 20265 0 20248 4 0 4 4 0 8 0 filepl 120 190630 0 190477 271 263 8 20 0 8 0 lockfpl 104 5634 0 5632 13 12 1 2 0 8 0 lockfspl 48 1690 0 1688 1 0 1 1 0 8 0 sessionpl 144 133 0 117 1 0 1 1 0 8 0 pgrppl 48 368 0 352 1 0 1 1 0 8 0 ucredpl 104 23324 0 23311 1 0 1 1 0 8 0 zombiepl 144 20393 0 20377 1 0 1 1 0 8 0 processpl 1008 20443 0 20377 11 2 9 9 0 8 0 procpl 672 51349 0 51261 46 38 8 9 0 8 0 sosppl 168 188 0 188 33 33 0 1 0 8 0 sockpl 456 48083 0 48058 1161 1157 4 45 0 8 0 mcl64k 65536 1373 0 1373 59 59 0 1 0 8 0 mcl16k 16384 295 0 295 58 58 0 1 0 8 0 mcl12k 12288 957 0 957 56 56 0 1 0 8 0 mcl9k 9216 246 0 246 54 54 0 1 0 8 0 mcl8k 8192 1162 0 1162 56 56 0 1 0 8 0 mcl4k 4096 2489 0 2489 25 25 0 1 0 8 0 mcl2k2 2112 179 0 179 66 66 0 1 0 8 0 mcl2k 2048 116320 0 116254 70 60 10 29 0 8 0 mtagpl 96 1829 0 1829 25 24 1 9 0 8 1 mbufpl 256 417736 0 417584 1716 1703 13 286 0 8 0 bufpl 288 35496 0 28434 505 0 505 505 0 8 0 anonpl 24 3775665 0 3753851 315 183 132 173 0 188 0 amapchunkpl 152 413340 0 412345 216 177 39 58 0 158 0 amappl16 200 32114 0 31490 164 131 33 45 0 8 0 amappl15 192 17 0 16 1 0 1 1 0 8 0 amappl14 184 484 0 474 1 0 1 1 0 8 0 amappl13 176 6 0 6 2 2 0 1 0 8 0 amappl12 168 1664 0 1660 1 0 1 1 0 8 0 amappl11 160 88 0 77 1 0 1 1 0 8 0 amappl10 152 132 0 121 1 0 1 1 0 8 0 amappl9 144 1012 0 1012 34 34 0 1 0 8 0 amappl8 136 839 0 742 4 0 4 4 0 8 0 amappl7 128 409 0 385 2 0 2 2 0 8 0 amappl6 120 758 0 741 1 0 1 1 0 8 0 amappl5 112 842 0 836 1 0 1 1 0 8 0 amappl4 104 1733 0 1703 2 1 1 2 0 8 0 amappl3 96 57325 0 57261 2 0 2 2 0 8 0 amappl2 88 21879 0 21796 3 1 2 3 0 8 0 amappl1 80 455523 0 454748 39 23 16 22 0 8 0 amappl 88 127971 0 127768 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 137 0 7 3 0 3 3 0 8 0 uaddrrnd 24 20265 0 20237 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 20265 0 20237 1 0 1 1 0 8 0 vmmpekpl 168 150901 0 150846 5 1 4 4 0 8 0 vmmpepl 168 1868103 0 1865102 483 342 141 162 0 357 0 vmsppl 272 20264 0 20236 4 2 2 3 0 8 0 rwobjpl 24 472870 0 464354 64 12 52 52 0 8 0 pdppl 4096 40536 0 40472 1365 1301 64 70 0 8 0 pvpl 32 7578857 0 7549213 670 418 252 304 0 265 6 pmappl 216 20264 0 20236 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 4645 0 3836 38 12 26 30 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82584108) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f4fba,ffffffff825a2dde,4f5,ffffffff825a2e11) at __assert+0x25 sys/kern/subr_prf.c:157 uvm_pageunwire(fffffd8005f08300) at uvm_pageunwire+0x16b sys/uvm/uvm_page.c:1269 uvm_fault_unwire_locked(fffffd806d71b9a0,5dcd61dd000,5dcd61de000) at uvm_fault_unwire_locked+0x236 sys/uvm/uvm_fault.c:1683 uvm_unmap_kill_entry_withlock(fffffd806d71b9a0,fffffd80760af0e8,0) at uvm_unmap_kill_entry_withlock+0x62 sys/uvm/uvm_map.c:1924 uvm_map_teardown(fffffd806d71b9a0) at uvm_map_teardown+0x157 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd806d71b9a0) at uvm_map_teardown+0x157 sys/uvm/uvm_map.c:2578 uvmspace_free(fffffd806d71b9a0) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3513 reaper(ffff8000ffff9a48) at reaper+0x15d sys/kern/kern_exit.c:448 end trace frame: 0x0, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82584108) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f4fba,ffffffff825a2dde,4f5,ffffffff825a2e11) at __assert+0x25 sys/kern/subr_prf.c:157 uvm_pageunwire(fffffd8005f08300) at uvm_pageunwire+0x16b sys/uvm/uvm_page.c:1269 uvm_fault_unwire_locked(fffffd806d71b9a0,5dcd61dd000,5dcd61de000) at uvm_fault_unwire_locked+0x236 sys/uvm/uvm_fault.c:1683 uvm_unmap_kill_entry_withlock(fffffd806d71b9a0,fffffd80760af0e8,0) at uvm_unmap_kill_entry_withlock+0x62 sys/uvm/uvm_map.c:1924 uvm_map_teardown(fffffd806d71b9a0) at uvm_map_teardown+0x157 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd806d71b9a0) at uvm_map_teardown+0x157 sys/uvm/uvm_map.c:2578 uvmspace_free(fffffd806d71b9a0) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3513 reaper(ffff8000ffff9a48) at reaper+0x15d sys/kern/kern_exit.c:448 end trace frame: 0x0, count: -9