panic: kernel diagnostic assertion "uvm_page_owner_locked_p(pg)" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 1248 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 19711 33193 0 0x14000 0x200 0 reaper db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830c0887) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83075efa,ffffffff82fc80a3,4e0,ffffffff830cbd10) at __assert+0x29 uvm_pageunwire(fffffd8006f0df00) at uvm_pageunwire+0x1dd sys/uvm/uvm_page.c:1248 uvm_fault_unwire_locked(fffffd806c223b10,5bbaf64000,5bbb163000) at uvm_fault_unwire_locked+0x33c sys/uvm/uvm_fault.c:1729 uvm_unmap_kill_entry_withlock(fffffd806c223b10,fffffd806cef3ee8,0) at uvm_unmap_kill_entry_withlock+0x81 sys/uvm/uvm_map.c:1860 uvm_map_teardown(fffffd806c223b10) at uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2496 uvmspace_free(fffffd806c223b10) at uvmspace_free+0xbd sys/uvm/uvm_map.c:3420 reaper(ffff80002a457958) at reaper+0x225 sys/kern/kern_exit.c:478 end trace frame: 0x0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "uvm_page_owner_locked_p(pg)" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 1248 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830c0887) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83075efa,ffffffff82fc80a3,4e0,ffffffff830cbd10) at __assert+0x29 uvm_pageunwire(fffffd8006f0df00) at uvm_pageunwire+0x1dd sys/uvm/uvm_page.c:1248 uvm_fault_unwire_locked(fffffd806c223b10,5bbaf64000,5bbb163000) at uvm_fault_unwire_locked+0x33c sys/uvm/uvm_fault.c:1729 uvm_unmap_kill_entry_withlock(fffffd806c223b10,fffffd806cef3ee8,0) at uvm_unmap_kill_entry_withlock+0x81 sys/uvm/uvm_map.c:1860 uvm_map_teardown(fffffd806c223b10) at uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2496 uvmspace_free(fffffd806c223b10) at uvmspace_free+0xbd sys/uvm/uvm_map.c:3420 reaper(ffff80002a457958) at reaper+0x225 sys/kern/kern_exit.c:478 end trace frame: 0x0, count: -9 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a455a60 rbx 0x5bbaf64000 rdx 0 rcx 0 rax 0xffff80002a457958 r8 0x101010101010101 r9 0x8080808080808080 r10 0x670c9bd20a6851c5 r11 0x7624e708852051f0 r12 0 r13 0xffffffff8322cfb8 uvm_map_addr_RBT_INFO r14 0 r15 0x1 rip 0xffffffff815279a5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a455a50 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (reaper) tid=19711 pid=33193 tcnt=1 stat=onproc flags process=14000 proc=200 runpri=86, usrpri=86, slppri=4, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a40d6c8,0xffff80002a4576e0 process=0xffff8000ffffe240 user=0xffff80002a450000, vmspace=0xffffffff8359b210 estcpu=36, cpticks=6, pctcpu=15.41, user=0, sys=3076, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 33777 394628 81016 0 2 0x480 syz-executor 33777 363623 81016 0 3 0x4000080 netacc syz-executor 33777 203904 81016 0 3 0x4000080 vgalk syz-executor 33777 191018 81016 0 3 0x4000080 fsleep syz-executor 75012 63091 47222 0 3 0x82 wait syz-executor 73838 184731 0 0 3 0x14200 acct acct 81016 355711 47222 0 2 0x482 syz-executor 61922 272697 47222 0 3 0x82 wait syz-executor 69117 146097 1 0 3 0x100083 ttyin getty 36699 322837 0 0 3 0x14200 bored sosplice 9594 256445 47222 0 2 0x482 syz-executor 12641 151443 47222 0 3 0x82 wait syz-executor 25985 50514 47222 0 3 0x82 wait syz-executor 47222 193759 3910 0 3 0x82 wait syz-executor 3910 340991 36961 0 3 0x10008a sigsusp ksh 36961 467931 68374 0 3 0x98 kqread sshd-session 68374 455076 82073 0 3 0x92 kqread sshd-session 82073 307680 1 0 3 0x88 kqread sshd 90156 185153 26948 73 2 0x1100010 syslogd 26948 92352 1 0 3 0x100082 sbwait syslogd 96000 146839 1 0 3 0x100080 kqread resolvd 61212 501508 93683 77 3 0x100092 kqread dhcpleased 13863 324388 93683 77 3 0x100092 kqread dhcpleased 93683 351604 1 0 3 0x80 kqread dhcpleased 58101 43158 0 0 2 0x14200 smr 35712 481113 0 0 2 0x14200 zerothread 3488 124768 0 0 3 0x14200 aiodoned aiodoned 61317 404537 0 0 2 0x14600 update 822 112670 0 0 3 0x14200 cleaner cleaner *33193 19711 0 0 7 0x14200 reaper 97225 269775 0 0 3 0x14200 pgdaemon pagedaemon 5966 367261 0 0 3 0x14200 bored viomb 31554 312291 0 0 3 0x40014200 acpi0 acpi0 77540 493580 0 0 3 0x14200 bored softnet3 11972 182173 0 0 3 0x14200 bored softnet2 57845 273000 0 0 3 0x14200 bored softnet1 26023 453949 0 0 2 0x14200 softnet0 4974 381291 0 0 3 0x14200 bored systqmp 80909 203337 0 0 3 0x14200 bored systq 58595 178719 0 0 2 0x40014200 softclock 12002 15573 0 0 3 0x40014200 idle0 1 281718 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10182 11061K 12262K 166960K 12716 0 pcb 17 16K 18K 166960K 264 0 rtable 192 6K 8K 166960K 528 0 pf 32 13K 17K 166960K 291 0 ifaddr 36 6K 7K 166960K 70 0 ifgroup 46 2K 2K 166960K 93 0 sysctl 3 0K 0K 166960K 3 0 counters 29 17K 17K 166960K 41 0 ioctlops 0 0K 4K 166960K 178 0 iov 0 0K 18K 166960K 188 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1570 99K 99K 166960K 2349 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 13K 166960K 17 0 VM map 2 1K 1K 166960K 2 0 sem 20 10K 10K 166960K 31 0 dirhash 12 2K 2K 166960K 24 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 10 33K 97K 166960K 1059 0 sigio 0 0K 0K 166960K 123 0 proc 60 59K 124K 166960K 650 0 subproc 91 5K 7K 166960K 208 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 81 0 in_multi 84 6K 7K 166960K 156 0 ether_multi 1 0K 0K 166960K 7 0 mrt 0 0K 0K 166960K 2 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 91 413K 413K 166960K 91 0 exec 0 0K 1K 166960K 595 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 231 82K 83K 166960K 11486 0 UVM aobj 27 2K 2K 166960K 30 0 pinsyscall 31 62K 106K 166960K 2169 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 41 0 NDP 10 0K 2K 166960K 47 0 temp 76 6819K 6891K 166960K 40725 0 kqueue 13 20K 32K 166960K 167 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 103 0 99 1 0 1 1 0 8 0 rtentry 112 165 0 78 4 0 4 4 0 8 0 unpcb 144 587 0 572 3 1 2 3 0 8 1 syncache 336 4 0 4 2 1 1 1 0 8 1 tcpqe 32 1 0 1 1 0 1 1 0 8 1 tcpcb 808 314 0 308 8 0 8 8 0 8 7 arp 88 27 0 13 1 0 1 1 0 8 0 ipq 40 73 0 72 1 0 1 1 0 8 0 ipqe 40 325 0 324 1 0 1 1 0 8 0 inpcb 336 1198 0 1187 13 4 9 12 0 8 8 nd6 104 41 0 17 1 0 1 1 0 8 0 pkpcb 40 8 0 8 1 0 1 1 0 8 1 kcovpl 48 16 0 9 1 0 1 1 0 8 0 ppxss 1072 5 0 5 1 0 1 1 0 8 1 pfstscr 40 2 0 2 1 0 1 1 0 8 1 pfrktable 1344 4 0 4 1 0 1 1 0 8 1 pfanchor 1288 3 0 1 1 0 1 1 0 8 0 pftag 88 2 0 1 1 0 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 4 0 2 1 0 1 1 0 8 0 pfstate 344 2 0 1 1 0 1 1 0 8 0 pfrule 1344 73 0 72 1 0 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 680 0 301 30 0 30 30 0 8 3 art_table 32 682 0 301 4 0 4 4 0 8 0 art_node 16 163 0 85 1 0 1 1 0 8 0 sysvmsgpl 40 7 0 5 2 1 1 1 0 8 0 semupl 112 2 0 2 1 0 1 1 0 8 1 semapl 112 24 0 6 1 0 1 1 0 8 0 shmpl 112 27 0 3 1 0 1 1 0 8 0 dirhash 1024 25 0 8 3 0 3 3 0 8 0 dino2pl 256 3104 0 1602 95 0 95 95 0 8 0 ffsino 240 3104 0 1602 89 0 89 89 0 8 0 nchpl 144 4668 0 2980 63 0 63 63 0 8 0 uvmvnodes 80 3937 0 0 81 0 81 81 0 8 0 vnodes 216 3937 0 0 219 0 219 219 0 8 0 namei 1024 16045 0 16045 5 2 3 3 0 8 3 pfiaddrpl 120 1 0 1 1 0 1 1 0 8 1 kstatmem 264 44 0 24 2 0 2 2 0 8 0 scsiplug 72 6 0 6 1 0 1 1 0 8 1 scxspl 216 13872 0 13872 10 2 8 8 1 8 8 plimitpl 152 175 0 157 1 0 1 1 0 8 0 sigapl 424 1328 0 1280 7 1 6 7 0 8 0 futexpl 64 13594 0 13593 1 0 1 1 0 8 0 knotepl 120 40198 0 40150 25 14 11 16 0 8 8 kqueuepl 184 252 0 243 1 0 1 1 0 8 0 pipepl 288 215 0 188 4 1 3 3 0 8 0 fdescpl 432 1309 0 1287 5 1 4 5 0 8 0 filepl 120 7599 0 7378 12 0 12 12 0 8 1 lockfpl 104 412 0 410 2 0 2 2 0 8 1 lockfspl 48 140 0 138 1 0 1 1 0 8 0 sessionpl 144 31 0 23 1 0 1 1 0 8 0 pgrppl 48 58 0 41 1 0 1 1 0 8 0 ucredpl 104 1029 0 1018 1 0 1 1 0 8 0 zombiepl 144 1815 0 1806 2 1 1 1 0 8 0 processpl 1096 1328 0 1280 4 0 4 4 0 8 0 procpl 648 2871 0 2813 6 0 6 6 0 8 0 sockpl 504 1911 0 1881 28 16 12 20 0 8 7 mcl64k 65536 83 0 83 1 0 1 1 0 8 1 mcl16k 16384 13 0 13 2 1 1 1 0 8 1 mcl12k 12288 2 0 2 1 0 1 1 0 8 1 mcl9k 9216 2 0 2 2 1 1 1 0 8 1 mcl8k 8192 27 0 27 2 1 1 1 0 8 1 mcl4k 4096 3921 0 3865 17 9 8 17 0 8 0 mcl2k2 2112 1 0 1 1 0 1 1 0 8 1 mcl2k 2048 1072 0 1065 3 0 3 3 0 8 1 mtagpl 96 23 0 14 1 0 1 1 0 8 0 mbufpl 256 41722 0 41605 76 56 20 74 0 8 8 bufpl 280 6773 0 526 447 0 447 447 0 8 0 anonpl 24 229565 0 217081 87 11 76 76 0 187 0 amapchunkpl 152 38556 0 37767 40 5 35 35 0 158 3 amappl16 200 5003 0 4752 25 7 18 18 0 8 3 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 115 0 105 1 0 1 1 0 8 0 amappl13 176 41 0 41 1 1 0 1 0 8 0 amappl12 168 1978 0 1949 3 1 2 3 0 8 0 amappl11 160 48 0 38 1 0 1 1 0 8 0 amappl10 152 14 0 14 2 1 1 1 0 8 1 amappl9 144 136 0 136 1 1 0 1 0 8 0 amappl8 136 84 0 83 1 0 1 1 0 8 0 amappl7 128 122 0 112 1 0 1 1 0 8 0 amappl6 120 202 0 201 1 0 1 1 0 8 0 amappl5 112 165 0 156 1 0 1 1 0 8 0 amappl4 104 295 0 280 1 0 1 1 0 8 0 amappl3 96 7054 0 6960 3 0 3 3 0 8 0 amappl2 88 1595 0 1514 2 0 2 2 0 8 0 amappl1 80 10463 0 9948 15 2 13 14 0 8 1 amappl 88 11025 0 10849 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma512 512 1 0 1 1 0 1 1 0 8 1 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 29 0 3 1 0 1 1 0 8 0 uaddrrnd 24 1309 0 1280 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1309 0 1280 1 0 1 1 0 8 0 vmmpekpl 168 11651 0 11607 3 0 3 3 0 8 0 vmmpepl 168 86145 0 84167 97 5 92 92 0 357 4 vmsppl 352 1308 0 1279 4 1 3 4 0 8 0 rwobjpl 24 29491 0 24441 31 0 31 31 0 8 0 pdppl 4096 2624 0 2558 110 44 66 82 0 8 0 pvpl 32 598313 0 582313 257 19 238 238 0 265 95 pmappl 216 1308 0 1279 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 494 0 137 12 0 12 12 0 8 1 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830c0887) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83075efa,ffffffff82fc80a3,4e0,ffffffff830cbd10) at __assert+0x29 uvm_pageunwire(fffffd8006f0df00) at uvm_pageunwire+0x1dd sys/uvm/uvm_page.c:1248 uvm_fault_unwire_locked(fffffd806c223b10,5bbaf64000,5bbb163000) at uvm_fault_unwire_locked+0x33c sys/uvm/uvm_fault.c:1729 uvm_unmap_kill_entry_withlock(fffffd806c223b10,fffffd806cef3ee8,0) at uvm_unmap_kill_entry_withlock+0x81 sys/uvm/uvm_map.c:1860 uvm_map_teardown(fffffd806c223b10) at uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2496 uvmspace_free(fffffd806c223b10) at uvmspace_free+0xbd sys/uvm/uvm_map.c:3420 reaper(ffff80002a457958) at reaper+0x225 sys/kern/kern_exit.c:478 end trace frame: 0x0, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830c0887) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83075efa,ffffffff82fc80a3,4e0,ffffffff830cbd10) at __assert+0x29 uvm_pageunwire(fffffd8006f0df00) at uvm_pageunwire+0x1dd sys/uvm/uvm_page.c:1248 uvm_fault_unwire_locked(fffffd806c223b10,5bbaf64000,5bbb163000) at uvm_fault_unwire_locked+0x33c sys/uvm/uvm_fault.c:1729 uvm_unmap_kill_entry_withlock(fffffd806c223b10,fffffd806cef3ee8,0) at uvm_unmap_kill_entry_withlock+0x81 sys/uvm/uvm_map.c:1860 uvm_map_teardown(fffffd806c223b10) at uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2496 uvmspace_free(fffffd806c223b10) at uvmspace_free+0xbd sys/uvm/uvm_map.c:3420 reaper(ffff80002a457958) at reaper+0x225 sys/kern/kern_exit.c:478 end trace frame: 0x0, count: -9