panic: kernel diagnostic assertion "uvm_page_owner_locked_p(pg)" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 1269 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *286968 41073 0 0x14000 0x200 0K reaper db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff825a7274) at panic+0x177 sys/kern/subr_prf.c:198 __assert(ffffffff8261cfaa,ffffffff82593c44,4f5,ffffffff825ca81a) at __assert+0x25 sys/kern/subr_prf.c:157 uvm_pageunwire(fffffd8007ec4aa0) at uvm_pageunwire+0x16b sys/uvm/uvm_page.c:1269 uvm_fault_unwire_locked(fffffd805a5cd188,a698130c000,a698150b000) at uvm_fault_unwire_locked+0x226 sys/uvm/uvm_fault.c:1682 uvm_unmap_kill_entry_withlock(fffffd805a5cd188,fffffd80673c9770,0) at uvm_unmap_kill_entry_withlock+0x67 sys/uvm/uvm_map.c:1897 uvm_map_teardown(fffffd805a5cd188) at uvm_map_teardown+0x197 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd805a5cd188) at uvm_map_teardown+0x197 sys/uvm/uvm_map.c:2546 uvmspace_free(fffffd805a5cd188) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3464 reaper(ffff800021232fc8) at reaper+0x19a sys/kern/kern_exit.c:448 end trace frame: 0x0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "uvm_page_owner_locked_p(pg)" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 1269 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff825a7274) at panic+0x177 sys/kern/subr_prf.c:198 __assert(ffffffff8261cfaa,ffffffff82593c44,4f5,ffffffff825ca81a) at __assert+0x25 sys/kern/subr_prf.c:157 uvm_pageunwire(fffffd8007ec4aa0) at uvm_pageunwire+0x16b sys/uvm/uvm_page.c:1269 uvm_fault_unwire_locked(fffffd805a5cd188,a698130c000,a698150b000) at uvm_fault_unwire_locked+0x226 sys/uvm/uvm_fault.c:1682 uvm_unmap_kill_entry_withlock(fffffd805a5cd188,fffffd80673c9770,0) at uvm_unmap_kill_entry_withlock+0x67 sys/uvm/uvm_map.c:1897 uvm_map_teardown(fffffd805a5cd188) at uvm_map_teardown+0x197 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd805a5cd188) at uvm_map_teardown+0x197 sys/uvm/uvm_map.c:2546 uvmspace_free(fffffd805a5cd188) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3464 reaper(ffff800021232fc8) at reaper+0x19a sys/kern/kern_exit.c:448 end trace frame: 0x0, count: -9 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800021238ef0 rbx 0xffffffff829dbb8f cpu_info_full_primary+0x2b8f rdx 0 rcx 0 rax 0xffff800021232fc8 r8 0x101010101010101 r9 0x8080808080808080 r10 0x8c3668f9a5063bed r11 0x305c5211f054c084 r12 0xffffffff829db990 cpu_info_full_primary+0x2990 r13 0 r14 0 r15 0x1 rip 0xffffffff81e501f8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021238ee0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (reaper) pid=286968 stat=onproc flags process=14000 proc=200 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800021233ce8,0xffff800021232a98 process=0xffff8000ffffe990 user=0xffff800021234000, vmspace=0xffffffff82b9e480 estcpu=36, cpticks=43, pctcpu=14.51 user=0, sys=4, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 37671 177869 0 0 3 0x14200 acct acct 30858 235718 1824 0 3 0x82 wait syz-executor.5 91052 121215 1824 0 3 0x82 wait syz-executor.2 43429 38001 1824 0 3 0x82 wait syz-executor.3 21371 383513 1824 0 3 0x82 wait syz-executor.1 79389 103347 1824 0 3 0x82 wait syz-executor.6 41331 411232 1824 0 3 0x82 wait syz-executor.0 2515 468902 1824 0 3 0x82 wait syz-executor.7 98322 465497 1 0 3 0x100083 ttyin getty 5529 458166 0 0 3 0x14200 bored sosplice 1824 368322 14692 0 3 0x82 wait syz-fuzzer 1824 112431 14692 0 2 0x4000482 syz-fuzzer 1824 166051 14692 0 3 0x4000082 thrsleep syz-fuzzer 1824 82425 14692 0 3 0x4000082 wait syz-fuzzer 1824 211348 14692 0 3 0x4000082 wait syz-fuzzer 1824 70802 14692 0 3 0x4000082 thrsleep syz-fuzzer 1824 168518 14692 0 3 0x4000082 wait syz-fuzzer 1824 440989 14692 0 3 0x4000082 thrsleep syz-fuzzer 1824 437497 14692 0 3 0x4000082 thrsleep syz-fuzzer 1824 468317 14692 0 3 0x4000082 thrsleep syz-fuzzer 1824 10381 14692 0 3 0x4000082 kqread syz-fuzzer 1824 292089 14692 0 2 0x4000002 syz-fuzzer 1824 289250 14692 0 3 0x4000082 wait syz-fuzzer 1824 451083 14692 0 3 0x4000082 thrsleep syz-fuzzer 1824 303076 14692 0 3 0x4000082 wait syz-fuzzer 1824 41916 14692 0 3 0x4000082 wait syz-fuzzer 1824 185937 14692 0 3 0x4000082 thrsleep syz-fuzzer 14692 411569 54318 0 3 0x10008a sigsusp ksh 54318 467411 87747 0 3 0x9a kqread sshd 87747 7205 1 0 3 0x88 kqread sshd 34456 77708 26014 74 3 0x1100092 bpf pflogd 26014 335649 1 0 3 0x80 netio pflogd 23023 110873 61963 73 2 0x1100010 syslogd 61963 315634 1 0 3 0x100082 netio syslogd 64695 300054 1 0 3 0x100080 kqread resolvd 30773 502686 31745 77 3 0x100092 kqread dhcpleased 90342 136186 31745 77 3 0x100092 kqread dhcpleased 31745 334696 1 0 3 0x80 kqread dhcpleased 87244 440321 0 0 3 0x14200 bored smr 22285 238439 0 0 2 0x14200 zerothread 25212 276964 0 0 3 0x14200 aiodoned aiodoned 32461 290230 0 0 3 0x14200 syncer update 21904 302863 0 0 3 0x14200 cleaner cleaner *41073 286968 0 0 7 0x14200 reaper 98863 250469 0 0 3 0x14200 pgdaemon pagedaemon 1132 356847 0 0 3 0x14200 bored viomb 77796 313343 0 0 3 0x40014200 acpi0 acpi0 16560 376585 0 0 7 0x40014200 idle1 4702 419565 0 0 3 0x14200 bored softnet 11034 1760 0 0 3 0x14200 bored softnet 35866 360383 0 0 3 0x14200 bored softnet 89097 413786 0 0 3 0x14200 bored softnet 95988 439783 0 0 3 0x14200 bored systqmp 43987 146292 0 0 3 0x14200 bored systq 58598 466257 0 0 2 0x40014200 softclock 86550 422538 0 0 3 0x40014200 idle0 1 253901 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10220 6527K 7397K 78643K 56860 0 pcb 13 22K 30K 78643K 5326 0 rtable 204 17K 19K 78643K 7758 0 ifaddr 184 51K 57K 78643K 2921 0 sysctl 3 1K 2K 78643K 107 0 counters 56 35K 36K 78643K 1408 0 ioctlops 0 0K 4K 78643K 7746 0 iov 0 0K 32K 78643K 2980 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1628 102K 102K 78643K 15364 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 288 0 VM map 2 1K 1K 78643K 2 0 sem 11 16K 32K 78643K 28 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 9 29K 89K 78643K 31234 0 sigio 0 0K 0K 78643K 753 0 proc 74 91K 128K 78643K 5821 0 subproc 91 5K 7K 78643K 1994 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1887 0 in_multi 68 4K 7K 78643K 2504 0 ether_multi 1 0K 0K 78643K 163 0 mrt 2 0K 0K 78643K 155 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 97 440K 440K 78643K 97 0 exec 0 0K 2K 78643K 7924 0 pfkey data 0 0K 0K 78643K 3 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 812 2005K 2005K 78643K 172296 0 UVM aobj 131 4K 4K 78643K 136 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 1048 0 NDP 16 0K 2K 78643K 910 0 temp 145 4734K 5759K 78643K 318222 0 kqueue 12 18K 28K 78643K 2425 0 SYN cache 2 16K 24K 78643K 3 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 2167 0 2164 24 23 1 3 0 8 0 rtentry 112 2581 0 2501 6 2 4 4 0 8 0 unpcb 144 18351 0 18336 224 223 1 10 0 8 0 syncache 296 81 0 81 21 21 0 1 0 8 0 sackhl 24 2 0 2 2 2 0 1 0 8 0 tcpqe 32 115 26 115 7 7 0 1 0 8 0 tcpcb 768 7762 0 7757 273 272 1 15 0 8 0 arp 120 461 0 447 1 0 1 1 0 8 0 inpcb 368 25522 0 25514 447 445 2 22 0 8 0 nd6 48 537 0 517 1 0 1 1 0 8 0 pkpcb 40 79 0 79 16 16 0 1 0 8 0 kcovpl 48 153 0 146 1 0 1 1 0 8 0 ppxss 1256 445 0 445 44 44 0 1 0 8 0 pppxif 1704 108 0 108 14 14 0 1 0 8 0 pffrag 232 186 0 186 6 6 0 1 0 482 0 pffrnode 88 166 0 166 6 6 0 1 0 8 0 pffrent 40 1048 0 1048 5 5 0 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 893 0 884 1 0 1 1 0 8 0 pfstkey 120 893 0 884 4 3 1 2 0 8 0 pfstate 336 893 0 884 16 13 3 5 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 rttmr 136 10 0 10 2 2 0 1 0 8 0 art_heap8 4096 11 0 10 11 10 1 3 0 8 0 art_heap4 256 10172 0 9860 74 50 24 30 0 8 0 art_table 32 10183 0 9870 6 2 4 4 0 8 0 art_node 16 2526 0 2458 1 0 1 1 0 8 0 sysvmsgpl 40 43 0 5 1 0 1 1 0 8 0 semupl 112 5 0 5 1 1 0 1 0 8 0 semapl 112 9 0 0 1 0 1 1 0 8 0 shmpl 112 133 0 5 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 38922 0 37299 102 0 102 102 0 8 0 ffsino 272 38922 0 37299 109 0 109 109 0 8 0 nchpl 144 86242 0 85739 63 39 24 63 0 8 0 rtmask 32 17 0 17 6 6 0 1 0 8 0 uvmvnodes 80 10509 0 0 215 0 215 215 0 8 0 vnodes 216 10509 0 0 584 0 584 584 0 8 0 namei 1024 335041 0 335041 17 16 1 2 0 8 1 percpumem 16 716 0 676 1 0 1 1 0 8 0 vcpupl 2048 295 0 0 37 0 37 37 0 8 0 vmpool 568 369 0 74 28 6 22 22 0 8 0 kstatmem 264 1094 0 1062 4 1 3 3 0 8 0 scsiplug 72 26 0 26 7 7 0 1 0 8 0 scxspl 216 257007 0 257007 51 50 1 8 0 8 1 plimitpl 152 4145 0 4129 1 0 1 1 0 8 0 sigapl 424 31288 0 31239 11 5 6 9 0 8 0 futexpl 64 302038 0 302038 6 5 1 1 0 8 1 knotepl 120 1847 0 0 21 2 19 19 0 8 0 kqueuepl 216 6119 0 6111 106 105 1 7 0 8 0 pipepl 320 5817 0 5790 155 152 3 13 0 8 0 fdescpl 496 31244 0 31222 8 4 4 5 0 8 0 filepl 152 229017 0 228796 361 351 10 23 0 8 0 lockfpl 104 9773 0 9771 18 17 1 2 0 8 0 lockfspl 48 3267 0 3265 1 0 1 1 0 8 0 sessionpl 144 171 0 154 1 0 1 1 0 8 0 pgrppl 48 340 0 323 1 0 1 1 0 8 0 ucredpl 104 36884 0 36872 1 0 1 1 0 8 0 zombiepl 144 31247 0 31239 10 9 1 1 0 8 0 processpl 1064 31288 0 31239 5 1 4 5 0 8 0 procpl 672 78865 0 78789 27 19 8 10 0 8 0 srpgc 96 180 0 180 39 39 0 1 0 8 0 sosppl 168 211 0 211 37 37 0 1 0 8 0 sockpl 488 46176 0 46150 1071 1065 6 34 0 8 1 mcl64k 65536 25 0 0 4 1 3 3 0 8 0 mcl16k 16384 13 0 0 2 0 2 2 0 8 0 mcl12k 12288 18 0 0 2 0 2 2 0 8 0 mcl9k 9216 18 0 0 2 0 2 2 0 8 0 mcl8k 8192 18 0 0 3 0 3 3 0 8 0 mcl4k 4096 17 0 0 3 0 3 3 0 8 0 mcl2k2 2112 8 0 0 1 0 1 1 0 8 0 mcl2k 2048 711 0 0 54 27 27 54 0 8 0 mtagpl 96 1553 0 0 12 0 12 12 0 8 0 mbufpl 256 4020 0 0 238 1 237 237 0 8 0 bufpl 288 54481 0 43477 787 0 787 787 0 8 0 anonpl 24 6051038 0 6027853 443 303 140 188 0 186 0 amapchunkpl 152 507012 0 505930 158 116 42 62 0 158 0 amappl16 200 91481 0 90785 306 268 38 52 0 8 0 amappl15 192 4427 0 4412 2 1 1 2 0 8 0 amappl14 184 3488 0 3483 1 0 1 1 0 8 0 amappl13 176 5180 0 5177 1 0 1 1 0 8 0 amappl12 168 5491 0 5480 1 0 1 1 0 8 0 amappl11 160 3464 0 3442 1 0 1 1 0 8 0 amappl10 152 4767 0 4750 1 0 1 1 0 8 0 amappl9 144 4211 0 4198 2 1 1 1 0 8 0 amappl8 136 7098 0 6859 11 2 9 9 0 8 0 amappl7 128 3976 0 3953 1 0 1 1 0 8 0 amappl6 120 4452 0 4414 2 0 2 2 0 8 0 amappl5 112 24234 0 24216 1 0 1 1 0 8 0 amappl4 104 11097 0 11034 3 1 2 2 0 8 0 amappl3 96 96648 0 96584 2 0 2 2 0 8 0 amappl2 88 39557 0 39477 3 1 2 3 0 8 0 amappl1 80 734222 0 733389 23 5 18 23 0 8 0 amappl 88 168539 0 168172 10 1 9 9 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 135 0 5 3 0 3 3 0 8 0 uaddrrnd 24 31614 0 31290 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 31614 0 31290 2 0 2 2 0 8 0 vmmpekpl 168 207700 0 207595 5 0 5 5 0 8 0 vmmpepl 168 3086688 0 3082721 636 448 188 211 0 357 0 vmsppl 368 31613 0 31289 32 2 30 30 0 8 0 rwobjpl 56 735185 0 722225 233 49 184 184 0 8 0 pdppl 4096 63235 0 62873 1868 1505 363 364 0 8 1 pvpl 32 11844271 0 11818819 966 706 260 336 0 265 24 pmappl 248 31613 0 31289 22 1 21 21 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 3856 0 2117 50 0 50 50 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff825a7274) at panic+0x177 sys/kern/subr_prf.c:198 __assert(ffffffff8261cfaa,ffffffff82593c44,4f5,ffffffff825ca81a) at __assert+0x25 sys/kern/subr_prf.c:157 uvm_pageunwire(fffffd8007ec4aa0) at uvm_pageunwire+0x16b sys/uvm/uvm_page.c:1269 uvm_fault_unwire_locked(fffffd805a5cd188,a698130c000,a698150b000) at uvm_fault_unwire_locked+0x226 sys/uvm/uvm_fault.c:1682 uvm_unmap_kill_entry_withlock(fffffd805a5cd188,fffffd80673c9770,0) at uvm_unmap_kill_entry_withlock+0x67 sys/uvm/uvm_map.c:1897 uvm_map_teardown(fffffd805a5cd188) at uvm_map_teardown+0x197 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd805a5cd188) at uvm_map_teardown+0x197 sys/uvm/uvm_map.c:2546 uvmspace_free(fffffd805a5cd188) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3464 reaper(ffff800021232fc8) at reaper+0x19a sys/kern/kern_exit.c:448 end trace frame: 0x0, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020dd8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:175 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020dd8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:175 end trace frame: 0x0, count: -5