panic: kernel diagnostic assertion "va >= entry->start" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_fault.c", line 1694 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *482577 65801 0 0x10 0x4000000 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830bc6a4) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83074e3f,ffffffff82ff477d,69e,ffffffff82fd9b20) at __assert+0x29 uvm_fault_unwire_locked(fffffd8073ee6848,20000000,20011000) at uvm_fault_unwire_locked+0x4b4 uvm_fault_unwire(fffffd8073ee6848,20000000,20011000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1657 kern_sysctl(ffff80003761f2d4,5,20000100,ffff80003761f308,0,37,75beebf78e4307a4) at kern_sysctl+0xc4c sys_sysctl(ffff80002a4571c0,ffff80003761f440,ffff80003761f390) at sys_sysctl+0x425 syscall(ffff80003761f440) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcddca597bd0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "va >= entry->start" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_fault.c", line 1694 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830bc6a4) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83074e3f,ffffffff82ff477d,69e,ffffffff82fd9b20) at __assert+0x29 uvm_fault_unwire_locked(fffffd8073ee6848,20000000,20011000) at uvm_fault_unwire_locked+0x4b4 uvm_fault_unwire(fffffd8073ee6848,20000000,20011000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1657 kern_sysctl(ffff80003761f2d4,5,20000100,ffff80003761f308,0,37,75beebf78e4307a4) at kern_sysctl+0xc4c sys_sysctl(ffff80002a4571c0,ffff80003761f440,ffff80003761f390) at sys_sysctl+0x425 syscall(ffff80003761f440) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcddca597bd0, count: -9 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003761ef70 rbx 0x20004000 rdx 0 rcx 0 rax 0xffff80002a4571c0 r8 0 r9 0x8080808080808080 r10 0x569e1f7dae6df6bb r11 0xea7e276f69650ea3 r12 0 r13 0xffffffff833088e8 uvm_map_addr_RBT_INFO r14 0 r15 0x1 rip 0xffffffff8142e3d5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003761ef60 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=482577 pid=65801 tcnt=4 stat=onproc flags process=10 proc=4000000 runpri=36, usrpri=78, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a4c2a40,0xffff8000376ed710 process=0xffff8000ffff6ae8 user=0xffff80003761a000, vmspace=0xfffffd8073ee6848 estcpu=28, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 37964 258155 45568 0 2 0 syz-executor 37964 54965 45568 0 2 0x4000000 syz-executor 65801 220370 40354 0 2 0x10 syz-executor 65801 416189 40354 0 3 0x4000090 fsleep syz-executor *65801 482577 40354 0 7 0x4000010 syz-executor 65801 518315 40354 0 2 0x4000010 syz-executor 6621 138828 98742 0 2 0x2 syz-executor 59226 489777 63437 0 2 0x100002 sh 74826 34456 98685 0 3 0 vmmaplk syz-executor 74826 430469 98685 0 2 0x4000000 syz-executor 40354 441212 98742 0 2 0x482 syz-executor 63437 107867 98742 0 3 0x82 wait syz-executor 70557 13152 98742 0 2 0x482 syz-executor 52221 110324 98742 0 3 0x82 piperd syz-executor 23716 262632 0 0 3 0x14280 nfsidl nfsio 71001 424584 0 0 3 0x14280 nfsidl nfsio 8142 338913 0 0 3 0x14280 nfsidl nfsio 35545 86153 0 0 3 0x14280 nfsidl nfsio 38283 190484 0 0 3 0x14280 nfsidl nfsio 28649 68749 0 0 3 0x14280 nfsidl nfsio 86207 65431 0 0 3 0x14280 nfsidl nfsio 96100 174837 0 0 3 0x14280 nfsidl nfsio 40724 105855 0 0 3 0x14280 nfsidl nfsio 38936 508718 0 0 3 0x14280 nfsidl nfsio 70575 132897 0 0 3 0x14280 nfsidl nfsio 23901 341589 0 0 3 0x14280 nfsidl nfsio 1735 162462 0 0 3 0x14280 nfsidl nfsio 21841 279615 0 0 3 0x14280 nfsidl nfsio 24229 461811 0 0 3 0x14280 nfsidl nfsio 12647 473873 0 0 3 0x14280 nfsidl nfsio 43163 509073 0 0 3 0x14280 nfsidl nfsio 29769 423447 0 0 3 0x14280 nfsidl nfsio 50259 761 0 0 3 0x14280 nfsidl nfsio 74404 281027 0 0 3 0x14280 nfsidl nfsio 90915 29716 0 0 3 0x14200 bored sosplice 66188 303073 0 0 3 0x14200 acct acct 45568 378677 98742 0 2 0x482 syz-executor 98685 97484 98742 0 2 0x482 syz-executor 98742 379311 42728 0 3 0x82 nanoslp syz-executor 42728 164781 22277 0 3 0x10008a sigsusp ksh 22277 131318 43217 0 3 0x98 kqread sshd-session 43217 411229 70598 0 3 0x92 kqread sshd-session 81794 327824 1 0 3 0x100083 ttyin getty 70598 30659 1 0 3 0x88 kqread sshd 30154 442613 34292 73 2 0x1100010 syslogd 34292 361220 1 0 3 0x100082 sbwait syslogd 70114 303684 1 0 3 0x100080 kqread resolvd 92848 179122 23592 77 3 0x100092 kqread dhcpleased 63432 246086 23592 77 3 0x100092 kqread dhcpleased 23592 40688 1 0 3 0x80 kqread dhcpleased 16967 51388 0 0 3 0x14200 bored smr 29000 76616 0 0 2 0x14200 zerothread 67899 57217 0 0 3 0x14200 aiodoned aiodoned 27226 339459 0 0 3 0x14200 syncer update 99538 351627 0 0 3 0x14200 cleaner cleaner 27673 370037 0 0 3 0x14200 reaper reaper 48785 509798 0 0 3 0x14200 pgdaemon pagedaemon 97368 231906 0 0 3 0x14200 bored viomb 14988 504097 0 0 3 0x40014200 acpi0 acpi0 83154 343876 0 0 3 0x14200 bored softnet3 75712 389909 0 0 3 0x14200 bored softnet2 29695 223779 0 0 3 0x14200 bored softnet1 43801 280765 0 0 3 0x14200 bored softnet0 51555 447981 0 0 3 0x14200 bored systqmp 71306 428909 0 0 3 0x14200 bored systq 2343 183548 0 0 3 0x40014200 tmoslp softclock 58589 253455 0 0 3 0x40014200 idle0 1 259508 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10203 11122K 11486K 166960K 12242 0 pcb 17 14K 16K 166960K 111 0 rtable 133 6K 7K 166960K 509 0 pf 30 13K 16K 166960K 63 0 ifaddr 24 3K 7K 166960K 66 0 ifgroup 42 1K 2K 166960K 83 0 sysctl 3 0K 0K 166960K 3 0 counters 28 17K 17K 166960K 40 0 ioctlops 0 0K 4K 166960K 110 0 iov 0 0K 16K 166960K 43 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1465 92K 92K 166960K 2154 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 10 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 31 0 dirhash 12 2K 2K 166960K 15 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 14 49K 93K 166960K 756 0 sigio 0 0K 0K 166960K 19 0 proc 60 59K 91K 166960K 621 0 subproc 91 5K 6K 166960K 286 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 66 0 in_multi 43 3K 7K 166960K 151 0 ether_multi 1 0K 0K 166960K 10 0 mrt 1 0K 0K 166960K 3 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 247 1102K 1102K 166960K 247 0 exec 0 0K 1K 166960K 470 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 195 59K 87K 166960K 7909 0 UVM aobj 18 2K 4K 166960K 23 0 pinsyscall 35 70K 95K 166960K 1843 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 27 0 NDP 9 0K 2K 166960K 43 0 temp 69 6819K 6896K 166960K 29397 0 kqueue 13 20K 30K 166960K 129 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 87 0 84 1 0 1 1 0 8 0 rtentry 112 155 0 102 4 0 4 4 0 8 2 unpcb 144 687 0 672 8 4 4 4 0 8 3 syncache 336 5 0 5 1 1 0 1 0 8 0 tcpcb 808 298 0 294 11 10 1 11 0 8 0 arp 88 27 0 19 1 0 1 1 0 8 0 ipq 40 3 0 1 1 0 1 1 0 8 0 ipqe 40 7 0 4 1 0 1 1 0 8 0 inpcb 336 853 0 845 13 11 2 10 0 8 1 nd6 104 34 0 25 1 0 1 1 0 8 0 pkpcb 40 6 0 6 3 3 0 1 0 8 0 kcovpl 48 21 0 15 1 0 1 1 0 8 0 ppxss 1072 5 0 5 4 3 1 1 0 8 1 pfstscr 40 4 0 4 2 2 0 1 0 8 0 pfrktable 1344 4 0 1 1 0 1 1 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 9 0 7 2 1 1 1 0 8 0 pfstate 344 7 0 6 2 1 1 1 0 8 0 pfrule 1344 37 0 36 2 1 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 604 0 375 29 9 20 29 0 8 5 art_table 32 606 0 375 4 0 4 4 0 8 2 art_node 16 154 0 106 1 0 1 1 0 8 0 sysvmsgpl 40 1 0 1 1 1 0 1 0 8 0 semupl 112 2 0 2 2 1 1 1 0 8 1 semapl 112 23 0 13 1 0 1 1 0 8 0 shmpl 112 20 0 5 1 0 1 1 0 8 0 dirhash 1024 19 0 2 3 0 3 3 0 8 0 dino2pl 256 2655 0 1146 95 0 95 95 0 8 0 ffsino 240 2656 0 1146 89 0 89 89 0 8 0 nchpl 144 3639 0 1946 63 0 63 63 0 8 0 uvmvnodes 80 3276 0 0 67 0 67 67 0 8 0 vnodes 216 3276 0 0 182 0 182 182 0 8 0 namei 1024 12770 0 12768 5 4 1 2 0 8 0 pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0 kstatmem 264 42 0 24 2 0 2 2 0 8 0 scsiplug 72 2 0 2 2 1 1 1 0 8 1 scxspl 216 11822 0 11822 9 8 1 8 1 8 1 plimitpl 152 160 0 145 1 0 1 1 0 8 0 sigapl 424 1024 0 960 8 0 8 8 0 8 0 futexpl 64 8813 0 8812 1 0 1 1 0 8 0 knotepl 120 39496 0 39449 28 21 7 16 0 8 3 kqueuepl 184 238 0 228 4 3 1 4 0 8 0 pipepl 288 191 0 164 3 0 3 3 0 8 0 fdescpl 432 986 0 960 5 1 4 5 0 8 0 filepl 120 6669 0 6447 20 7 13 13 0 8 4 lockfpl 104 236 0 234 1 0 1 1 0 8 0 lockfspl 48 70 0 68 1 0 1 1 0 8 0 sessionpl 144 34 0 26 1 0 1 1 0 8 0 pgrppl 48 62 0 47 1 0 1 1 0 8 0 ucredpl 104 1065 0 1053 1 0 1 1 0 8 0 zombiepl 144 989 0 987 2 1 1 1 0 8 0 processpl 1096 1024 0 960 5 0 5 5 0 8 0 procpl 648 1817 0 1747 8 0 8 8 0 8 0 sosppl 168 3 0 3 2 1 1 1 0 8 1 sockpl 504 1687 0 1661 32 20 12 18 0 8 8 mcl64k 65536 7 0 7 4 3 1 1 0 8 1 mcl8k 8192 9 0 9 2 1 1 1 0 8 1 mcl4k 4096 3344 0 3294 18 10 8 16 0 8 1 mcl2k 2048 692 0 687 4 3 1 3 0 8 0 mtagpl 96 24 0 22 1 0 1 1 0 8 0 mbufpl 256 10354 0 10253 20 5 15 15 0 8 4 bufpl 280 5764 0 99 405 0 405 405 0 8 0 anonpl 24 227245 0 223275 121 69 52 57 0 187 26 amapchunkpl 152 26896 0 26456 50 18 32 32 0 158 14 amappl16 200 5933 0 5920 28 25 3 15 0 8 0 amappl15 192 14 0 14 1 1 0 1 0 8 0 amappl14 184 115 0 105 1 0 1 1 0 8 0 amappl13 176 12 0 11 1 0 1 1 0 8 0 amappl12 168 1656 0 1629 2 0 2 2 0 8 0 amappl11 160 51 0 41 1 0 1 1 0 8 0 amappl10 152 6 0 6 1 1 0 1 0 8 0 amappl9 144 127 0 127 1 1 0 1 0 8 0 amappl8 136 22 0 20 1 0 1 1 0 8 0 amappl7 128 109 0 99 1 0 1 1 0 8 0 amappl6 120 193 0 191 1 0 1 1 0 8 0 amappl5 112 148 0 139 1 0 1 1 0 8 0 amappl4 104 289 0 274 1 0 1 1 0 8 0 amappl3 96 4815 0 4742 3 0 3 3 0 8 0 amappl2 88 1266 0 1191 2 0 2 2 0 8 0 amappl1 80 9132 0 8623 13 1 12 13 0 8 0 amappl 88 7494 0 7353 5 0 5 5 0 92 0 dma4096 4096 3 0 3 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 22 0 5 1 0 1 1 0 8 0 uaddrrnd 24 986 0 960 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 986 0 960 1 0 1 1 0 8 0 vmmpekpl 168 9016 0 8969 3 0 3 3 0 8 0 vmmpepl 168 68313 0 66765 102 22 80 90 0 357 4 vmsppl 352 985 0 960 4 1 3 4 0 8 0 rwobjpl 24 25402 0 21309 26 1 25 25 0 8 0 pdppl 4096 1978 0 1920 114 48 66 80 0 8 8 pvpl 32 501022 0 491852 317 101 216 216 0 265 134 pmappl 216 985 0 960 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 448 0 127 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830bc6a4) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83074e3f,ffffffff82ff477d,69e,ffffffff82fd9b20) at __assert+0x29 uvm_fault_unwire_locked(fffffd8073ee6848,20000000,20011000) at uvm_fault_unwire_locked+0x4b4 uvm_fault_unwire(fffffd8073ee6848,20000000,20011000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1657 kern_sysctl(ffff80003761f2d4,5,20000100,ffff80003761f308,0,37,75beebf78e4307a4) at kern_sysctl+0xc4c sys_sysctl(ffff80002a4571c0,ffff80003761f440,ffff80003761f390) at sys_sysctl+0x425 syscall(ffff80003761f440) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcddca597bd0, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830bc6a4) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83074e3f,ffffffff82ff477d,69e,ffffffff82fd9b20) at __assert+0x29 uvm_fault_unwire_locked(fffffd8073ee6848,20000000,20011000) at uvm_fault_unwire_locked+0x4b4 uvm_fault_unwire(fffffd8073ee6848,20000000,20011000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1657 kern_sysctl(ffff80003761f2d4,5,20000100,ffff80003761f308,0,37,75beebf78e4307a4) at kern_sysctl+0xc4c sys_sysctl(ffff80002a4571c0,ffff80003761f440,ffff80003761f390) at sys_sysctl+0x425 syscall(ffff80003761f440) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xcddca597bd0, count: -9