panic: kernel diagnostic assertion "uvm_page_owner_locked_p(pg)" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 1275 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *412523 97779 0 0x14000 0x200 0 reaper db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8254d596) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825c0f2f,ffffffff825729ad,4fb,ffffffff825729e0) at __assert+0x25 sys/kern/subr_prf.c:161 uvm_pageunwire(fffffd8005d04a80) at uvm_pageunwire+0x19b sys/uvm/uvm_page.c:1275 uvm_fault_unwire_locked(fffffd805a3eeef0,c34a8d17000,c34a8f16000) at uvm_fault_unwire_locked+0x23b sys/uvm/uvm_fault.c:1668 uvm_unmap_kill_entry_withlock(fffffd805a3eeef0,fffffd806a927558,0) at uvm_unmap_kill_entry_withlock+0x62 sys/uvm/uvm_map.c:2135 uvm_map_teardown(fffffd805a3eeef0) at uvm_map_teardown+0x167 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd805a3eeef0) at uvm_map_teardown+0x167 sys/uvm/uvm_map.c:2771 uvmspace_free(fffffd805a3eeef0) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3685 reaper(ffff8000fffff500) at reaper+0x15e sys/kern/kern_exit.c:457 end trace frame: 0x0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "uvm_page_owner_locked_p(pg)" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 1275 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8254d596) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825c0f2f,ffffffff825729ad,4fb,ffffffff825729e0) at __assert+0x25 sys/kern/subr_prf.c:161 uvm_pageunwire(fffffd8005d04a80) at uvm_pageunwire+0x19b sys/uvm/uvm_page.c:1275 uvm_fault_unwire_locked(fffffd805a3eeef0,c34a8d17000,c34a8f16000) at uvm_fault_unwire_locked+0x23b sys/uvm/uvm_fault.c:1668 uvm_unmap_kill_entry_withlock(fffffd805a3eeef0,fffffd806a927558,0) at uvm_unmap_kill_entry_withlock+0x62 sys/uvm/uvm_map.c:2135 uvm_map_teardown(fffffd805a3eeef0) at uvm_map_teardown+0x167 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd805a3eeef0) at uvm_map_teardown+0x167 sys/uvm/uvm_map.c:2771 uvmspace_free(fffffd805a3eeef0) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3685 reaper(ffff8000fffff500) at reaper+0x15e sys/kern/kern_exit.c:457 end trace frame: 0x0, count: -9 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000215beb20 rbx 0xfffffd8005d04a80 rdx 0 rcx 0 rax 0xffff8000fffff500 r8 0x101010101010101 r9 0x8080808080808080 r10 0x1251ef47dafabbd8 r11 0x4edcb01e6941bf28 r12 0 r13 0xffffffff826e1e38 uvm_map_addr_RBT_INFO r14 0 r15 0x1 rip 0xffffffff81044318 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000215beb10 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (reaper) pid=412523 stat=onproc flags process=14000 proc=200 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffffed20,0xffff8000fffffa50 process=0xffff8000ffffb390 user=0xffff8000215b9000, vmspace=0xffffffff82a9d1b0 estcpu=36, cpticks=100, pctcpu=20.9 user=0, sys=311, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 97220 322939 98191 0 3 0x82 wait syz-executor.2 56978 20034 98191 0 3 0x82 wait syz-executor.0 90960 210179 98191 0 3 0x82 wait syz-executor.7 24409 272835 98191 0 3 0x82 wait syz-executor.4 98191 317317 30483 0 3 0x82 thrsleep syz-fuzzer 98191 317165 30483 0 2 0x4000482 syz-fuzzer 98191 517705 30483 0 2 0x4000002 syz-fuzzer 98191 62368 30483 0 3 0x4000082 thrsleep syz-fuzzer 98191 23490 30483 0 3 0x4000082 thrsleep syz-fuzzer 98191 12480 30483 0 3 0x4000082 thrsleep syz-fuzzer 98191 496861 30483 0 3 0x4000082 thrsleep syz-fuzzer 98191 501545 30483 0 3 0x4000082 thrsleep syz-fuzzer 98191 124057 30483 0 2 0x4000002 syz-fuzzer 98191 284486 30483 0 3 0x4000082 thrsleep syz-fuzzer 30483 349743 16892 0 3 0x10008a sigsusp ksh 16892 15570 75862 0 3 0x9a kqread sshd 75385 194371 1 0 3 0x100083 ttyin getty 75862 19169 1 0 3 0x88 kqread sshd 58514 222978 53093 73 2 0x1100010 syslogd 53093 140727 1 0 3 0x100082 netio syslogd 49691 142525 1 0 3 0x100080 kqread resolvd 28486 241500 47109 77 3 0x100092 kqread dhcpleased 85734 324084 47109 77 3 0x100092 kqread dhcpleased 47109 208751 1 0 3 0x80 kqread dhcpleased 50659 408773 0 0 3 0x14200 bored smr 27838 226283 0 0 2 0x14200 zerothread 8923 28709 0 0 3 0x14200 aiodoned aiodoned 90683 120971 0 0 2 0x14600 update 55623 463378 0 0 3 0x14200 cleaner cleaner *97779 412523 0 0 7 0x14200 reaper 66111 172709 0 0 3 0x14200 pgdaemon pagedaemon 7354 494231 0 0 3 0x14200 bored viomb 52801 520461 0 0 3 0x40014200 acpi0 acpi0 75788 406787 0 0 3 0x14200 bored softnet 33076 57782 0 0 2 0x14200 systqmp 10509 434769 0 0 3 0x14200 bored systq 64254 232386 0 0 2 0x40014200 softclock 33151 359870 0 0 3 0x40014200 idle0 1 242159 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10160 6408K 6918K 78643K 11944 0 pcb 13 8K 8K 78643K 62 0 rtable 150 4K 7K 78643K 814 0 ifaddr 53 12K 17K 78643K 195 0 counters 23 16K 17K 78643K 43 0 ioctlops 0 0K 2K 78643K 56 0 iov 0 0K 36K 78643K 23 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1280 80K 80K 78643K 1751 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 1K 78643K 110 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 6 17K 93K 78643K 1039 0 proc 57 55K 87K 78643K 965 0 subproc 52 3K 6K 78643K 312 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 97 0 in_multi 55 3K 7K 78643K 385 0 ether_multi 1 0K 0K 78643K 23 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 121 546K 546K 78643K 121 0 exec 0 0K 2K 78643K 997 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 252 57K 113K 78643K 12046 0 UVM aobj 5 2K 3K 78643K 6 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 35 0 NDP 7 0K 2K 78643K 73 0 temp 64 4685K 4750K 78643K 7984 0 kqueue 12 18K 20K 78643K 38 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 124 0 121 1 0 1 1 0 8 0 rtentry 112 280 0 214 9 6 3 4 0 8 0 unpcb 136 62 0 49 1 0 1 1 0 8 0 syncache 296 4 0 4 1 1 0 1 0 8 0 tcpqe 32 11 0 11 2 2 0 1 0 8 0 tcpcb 736 205 0 201 5 4 1 5 0 8 0 arp 88 50 0 40 1 0 1 1 0 8 0 inpcb 304 478 0 471 2 1 1 2 0 8 0 nd6 48 69 0 57 3 2 1 1 0 8 0 kcovpl 48 24 0 20 3 2 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1130 0 851 68 45 23 29 0 8 3 art_table 32 1131 0 851 10 7 3 4 0 8 0 art_node 16 279 0 219 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 105 0 95 1 0 1 1 0 8 0 shmpl 112 3 0 1 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2393 0 963 90 0 90 90 0 8 0 ffsino 240 2393 0 963 85 0 85 85 0 8 0 nchpl 144 3593 0 1947 62 0 62 62 0 8 0 uvmvnodes 80 2876 0 0 59 0 59 59 0 8 0 vnodes 224 2876 0 0 170 0 170 170 0 8 0 namei 1024 12223 0 12223 21 20 1 2 0 8 1 scsiplug 72 3 0 3 1 1 0 1 0 8 0 scxspl 216 17082 0 17082 9 8 1 8 0 8 1 plimitpl 152 103 0 91 1 0 1 1 0 8 0 sigapl 424 1272 0 1236 8 3 5 6 0 8 0 futexpl 64 5434 0 5434 8 8 0 1 0 8 0 knotepl 120 12435 0 12363 4 0 4 4 0 8 0 kqueuepl 184 41 0 33 1 0 1 1 0 8 0 pipepl 304 196 0 172 3 0 3 3 0 8 0 fdescpl 432 1259 0 1242 10 7 3 5 0 8 0 filepl 120 4117 0 3950 9 1 8 9 0 8 0 lockfpl 104 151 0 149 1 0 1 1 0 8 0 lockfspl 48 55 0 53 1 0 1 1 0 8 0 sessionpl 144 39 0 25 1 0 1 1 0 8 0 pgrppl 48 49 0 35 1 0 1 1 0 8 0 ucredpl 96 493 0 483 1 0 1 1 0 8 0 zombiepl 144 1242 0 1236 1 0 1 1 0 8 0 processpl 1000 1272 0 1236 10 4 6 7 0 8 0 procpl 672 2005 0 1954 7 2 5 6 0 8 0 sockpl 448 686 0 663 6 3 3 5 0 8 0 mcl64k 65536 18 0 18 9 9 0 1 0 8 0 mcl12k 12288 24 0 24 1 1 0 1 0 8 0 mcl9k 9216 16 0 16 1 1 0 1 0 8 0 mcl8k 8192 22 0 22 2 2 0 1 0 8 0 mcl4k 4096 36 0 36 2 2 0 1 0 8 0 mcl2k 2048 11617 0 11556 33 24 9 14 0 8 0 mtagpl 96 71 0 71 3 3 0 2 0 8 0 mbufpl 256 31882 0 31668 39 22 17 25 0 8 0 bufpl 288 9233 0 1972 519 0 519 519 0 8 0 anonpl 24 456015 0 436161 632 370 262 503 0 188 118 amapchunkpl 152 39357 0 38045 207 54 153 202 0 158 95 amappl16 200 1972 0 1836 13 4 9 12 0 8 0 amappl15 192 156 0 149 1 0 1 1 0 8 0 amappl14 184 129 0 124 1 0 1 1 0 8 0 amappl13 176 273 0 271 1 0 1 1 0 8 0 amappl12 168 120 0 116 4 3 1 1 0 8 0 amappl11 160 224 0 214 1 0 1 1 0 8 0 amappl10 152 123 0 118 1 0 1 1 0 8 0 amappl9 144 517 0 514 1 0 1 1 0 8 0 amappl8 136 924 0 882 2 0 2 2 0 8 0 amappl7 128 262 0 249 1 0 1 1 0 8 0 amappl6 120 332 0 312 2 1 1 2 0 8 0 amappl5 112 825 0 809 1 0 1 1 0 8 0 amappl4 104 1501 0 1471 2 0 2 2 0 8 0 amappl3 96 443 0 428 1 0 1 1 0 8 0 amappl2 88 846 0 797 3 1 2 3 0 8 0 amappl1 80 24980 0 24458 21 9 12 18 0 8 0 amappl 88 11381 0 11189 8 3 5 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 5 0 1 1 0 1 1 0 8 0 uaddrrnd 24 1259 0 1237 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1259 0 1237 1 0 1 1 0 8 0 vmmpekpl 168 12345 0 12308 3 0 3 3 0 8 0 vmmpepl 168 114903 0 113132 114 35 79 95 0 357 0 vmsppl 272 1258 0 1236 6 3 3 3 0 8 0 rwobjpl 24 30069 0 26190 25 1 24 24 0 8 0 pdppl 4096 2524 0 2472 196 144 52 78 0 8 0 pvpl 32 909847 0 884283 1280 787 493 871 0 265 238 pmappl 216 1258 0 1236 2 0 2 2 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 1088 0 280 25 0 25 25 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8254d596) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825c0f2f,ffffffff825729ad,4fb,ffffffff825729e0) at __assert+0x25 sys/kern/subr_prf.c:161 uvm_pageunwire(fffffd8005d04a80) at uvm_pageunwire+0x19b sys/uvm/uvm_page.c:1275 uvm_fault_unwire_locked(fffffd805a3eeef0,c34a8d17000,c34a8f16000) at uvm_fault_unwire_locked+0x23b sys/uvm/uvm_fault.c:1668 uvm_unmap_kill_entry_withlock(fffffd805a3eeef0,fffffd806a927558,0) at uvm_unmap_kill_entry_withlock+0x62 sys/uvm/uvm_map.c:2135 uvm_map_teardown(fffffd805a3eeef0) at uvm_map_teardown+0x167 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd805a3eeef0) at uvm_map_teardown+0x167 sys/uvm/uvm_map.c:2771 uvmspace_free(fffffd805a3eeef0) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3685 reaper(ffff8000fffff500) at reaper+0x15e sys/kern/kern_exit.c:457 end trace frame: 0x0, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff8254d596) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825c0f2f,ffffffff825729ad,4fb,ffffffff825729e0) at __assert+0x25 sys/kern/subr_prf.c:161 uvm_pageunwire(fffffd8005d04a80) at uvm_pageunwire+0x19b sys/uvm/uvm_page.c:1275 uvm_fault_unwire_locked(fffffd805a3eeef0,c34a8d17000,c34a8f16000) at uvm_fault_unwire_locked+0x23b sys/uvm/uvm_fault.c:1668 uvm_unmap_kill_entry_withlock(fffffd805a3eeef0,fffffd806a927558,0) at uvm_unmap_kill_entry_withlock+0x62 sys/uvm/uvm_map.c:2135 uvm_map_teardown(fffffd805a3eeef0) at uvm_map_teardown+0x167 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd805a3eeef0) at uvm_map_teardown+0x167 sys/uvm/uvm_map.c:2771 uvmspace_free(fffffd805a3eeef0) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3685 reaper(ffff8000fffff500) at reaper+0x15e sys/kern/kern_exit.c:457 end trace frame: 0x0, count: -9