panic: kernel diagnostic assertion "uvm_page_owner_locked_p(pg)" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 1269 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *308224 75435 0 0x14000 0x200 0 reaper db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82578b7d) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825ed7e1,ffffffff825a244d,4f5,ffffffff825a2480) at __assert+0x25 sys/kern/subr_prf.c:157 uvm_pageunwire(fffffd8006507700) at uvm_pageunwire+0x16b sys/uvm/uvm_page.c:1269 uvm_fault_unwire_locked(fffffd806b9a3120,94e58e7a000,94e58e7b000) at uvm_fault_unwire_locked+0x226 sys/uvm/uvm_fault.c:1682 uvm_unmap_kill_entry_withlock(fffffd806b9a3120,fffffd806a09cd80,0) at uvm_unmap_kill_entry_withlock+0x62 sys/uvm/uvm_map.c:1887 uvm_map_teardown(fffffd806b9a3120) at uvm_map_teardown+0x167 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd806b9a3120) at uvm_map_teardown+0x167 sys/uvm/uvm_map.c:2523 uvmspace_free(fffffd806b9a3120) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3436 reaper(ffff8000ffff9508) at reaper+0x15d sys/kern/kern_exit.c:448 end trace frame: 0x0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "uvm_page_owner_locked_p(pg)" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 1269 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82578b7d) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825ed7e1,ffffffff825a244d,4f5,ffffffff825a2480) at __assert+0x25 sys/kern/subr_prf.c:157 uvm_pageunwire(fffffd8006507700) at uvm_pageunwire+0x16b sys/uvm/uvm_page.c:1269 uvm_fault_unwire_locked(fffffd806b9a3120,94e58e7a000,94e58e7b000) at uvm_fault_unwire_locked+0x226 sys/uvm/uvm_fault.c:1682 uvm_unmap_kill_entry_withlock(fffffd806b9a3120,fffffd806a09cd80,0) at uvm_unmap_kill_entry_withlock+0x62 sys/uvm/uvm_map.c:1887 uvm_map_teardown(fffffd806b9a3120) at uvm_map_teardown+0x167 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd806b9a3120) at uvm_map_teardown+0x167 sys/uvm/uvm_map.c:2523 uvmspace_free(fffffd806b9a3120) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3436 reaper(ffff8000ffff9508) at reaper+0x15d sys/kern/kern_exit.c:448 end trace frame: 0x0, count: -9 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000216c0300 rbx 0xfffffd8006507700 rdx 0 rcx 0 rax 0xffff8000ffff9508 r8 0x101010101010101 r9 0x8080808080808080 r10 0xd75740aae654d6df r11 0x260d2243e46299af r12 0 r13 0xffff8000216c0428 r14 0 r15 0x1 rip 0xffffffff814ba148 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000216c02f0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (reaper) pid=308224 stat=onproc flags process=14000 proc=200 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000fffff7a0,0xffff8000ffff9278 process=0xffff8000ffffa3f0 user=0xffff8000216bb000, vmspace=0xffffffff82ac5148 estcpu=36, cpticks=27, pctcpu=19.40 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 6308 64866 31987 0 3 0x80 nanoslp syz-executor.5 6308 281608 31987 0 3 0x4000080 fsleep syz-executor.5 97328 491890 27184 0 3 0x82 nanoslp syz-executor.6 2321 508937 27184 0 3 0x82 nanoslp syz-executor.7 1869 333980 27184 0 3 0x82 nanoslp syz-executor.4 31987 267481 27184 0 3 0x82 nanoslp syz-executor.5 99296 362632 27184 0 3 0x82 nanoslp syz-executor.3 45268 247194 27184 0 3 0x82 nanoslp syz-executor.1 27184 368306 61477 0 3 0x82 wait syz-fuzzer 27184 146504 61477 0 3 0x4000082 thrsleep syz-fuzzer 27184 492848 61477 0 3 0x4000082 wait syz-fuzzer 27184 186994 61477 0 3 0x4000082 thrsleep syz-fuzzer 27184 336739 61477 0 3 0x4000082 wait syz-fuzzer 27184 399393 61477 0 3 0x4000082 wait syz-fuzzer 27184 450870 61477 0 3 0x4000082 wait syz-fuzzer 27184 32468 61477 0 3 0x4000082 thrsleep syz-fuzzer 27184 471164 61477 0 3 0x4000082 thrsleep syz-fuzzer 27184 258906 61477 0 3 0x4000082 wait syz-fuzzer 27184 514307 61477 0 3 0x4000082 wait syz-fuzzer 27184 90733 61477 0 3 0x4000082 wait syz-fuzzer 27184 334438 61477 0 3 0x4000082 thrsleep syz-fuzzer 27184 401598 61477 0 3 0x4000082 kqread syz-fuzzer 61477 155803 38047 0 3 0x10008a sigsusp ksh 38047 415056 56725 0 3 0x9a kqread sshd 4381 234114 1 0 3 0x100083 ttyin getty 56725 206954 1 0 3 0x88 kqread sshd 48966 251778 4195 73 2 0x1100010 syslogd 4195 78289 1 0 3 0x100082 netio syslogd 82404 397098 1 0 3 0x100080 kqread resolvd 99022 369297 36484 77 3 0x100092 kqread dhcpleased 58975 308570 36484 77 3 0x100092 kqread dhcpleased 36484 21696 1 0 3 0x80 kqread dhcpleased 24219 501487 0 0 3 0x14200 bored smr 82091 312059 0 0 2 0x14200 zerothread 48719 89406 0 0 3 0x14200 aiodoned aiodoned 94565 342051 0 0 3 0x14200 syncer update 62745 355445 0 0 3 0x14200 cleaner cleaner *75435 308224 0 0 7 0x14200 reaper 85574 296000 0 0 3 0x14200 pgdaemon pagedaemon 39551 152026 0 0 3 0x14200 bored viomb 25743 490323 0 0 3 0x40014200 acpi0 acpi0 19703 16445 0 0 3 0x14200 bored softnet 8117 201167 0 0 3 0x14200 bored softnet 69261 99799 0 0 3 0x14200 bored softnet 12523 272618 0 0 3 0x14200 bored softnet 25405 240002 0 0 3 0x14200 bored systqmp 6788 312809 0 0 3 0x14200 bored systq 89414 379472 0 0 3 0x40014200 bored softclock 57949 341262 0 0 3 0x40014200 idle0 1 399981 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10161 6396K 6530K 78643K 11287 0 pcb 13 8K 8K 78643K 17 0 rtable 190 5K 6K 78643K 349 0 ifaddr 68 14K 16K 78643K 84 0 counters 25 17K 17K 78643K 27 0 ioctlops 0 0K 2K 78643K 33 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1271 79K 79K 78643K 1295 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 0K 0K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 9 29K 65K 78643K 175 0 proc 55 58K 75K 78643K 450 0 subproc 78 4K 6K 78643K 104 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 77 5K 6K 78643K 99 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 25 122K 122K 78643K 25 0 exec 0 0K 2K 78643K 618 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 226 100K 100K 78643K 2209 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 4 0 NDP 9 0K 2K 78643K 27 0 temp 75 4711K 4776K 78643K 3766 0 kqueue 12 18K 18K 78643K 22 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 36 0 33 1 0 1 1 0 8 0 rtentry 112 111 0 23 4 0 4 4 0 8 0 unpcb 144 41 0 28 1 0 1 1 0 8 0 syncache 296 4 0 4 1 1 0 1 0 8 0 tcpqe 32 5 0 5 1 1 0 1 0 8 0 tcpcb 768 8 0 4 1 0 1 1 0 8 0 arp 88 18 0 4 1 0 1 1 0 8 0 inpcb 336 61 0 54 1 0 1 1 0 8 0 nd6 48 24 0 6 1 0 1 1 0 8 0 kcovpl 48 8 0 2 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 452 0 88 29 0 29 29 0 8 3 art_table 32 453 0 88 4 0 4 4 0 8 0 art_node 16 110 0 30 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1537 0 101 90 0 90 90 0 8 0 ffsino 240 1537 0 101 85 0 85 85 0 8 0 nchpl 144 1835 0 157 63 0 63 63 0 8 0 uvmvnodes 80 1656 0 0 34 0 34 34 0 8 0 vnodes 216 1656 0 0 92 0 92 92 0 8 0 namei 1024 5989 0 5989 4 3 1 2 0 8 1 kstatmem 264 22 0 4 2 0 2 2 0 8 0 scxspl 216 6381 0 6381 9 2 7 8 0 8 7 plimitpl 152 41 0 22 1 0 1 1 0 8 0 sigapl 424 462 0 417 6 1 5 6 0 8 0 futexpl 64 174 0 173 3 2 1 1 0 8 0 knotepl 120 12886 0 12810 3 0 3 3 0 8 0 kqueuepl 184 18 0 10 1 0 1 1 0 8 0 pipepl 288 125 0 99 3 1 2 3 0 8 0 fdescpl 432 446 0 426 5 2 3 4 0 8 0 filepl 120 1610 0 1412 8 0 8 8 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 23 0 7 1 0 1 1 0 8 0 pgrppl 48 23 0 7 1 0 1 1 0 8 0 ucredpl 104 55 0 45 1 0 1 1 0 8 0 zombiepl 144 426 0 417 1 0 1 1 0 8 0 processpl 1000 462 0 417 7 1 6 6 0 8 0 procpl 672 524 0 459 6 0 6 6 0 8 0 sockpl 456 138 0 115 6 2 4 4 0 8 1 mcl8k 8192 8 0 8 1 1 0 1 0 8 0 mcl4k 4096 4 0 4 1 1 0 1 0 8 0 mcl2k 2048 12619 0 12559 22 9 13 17 0 8 4 mtagpl 96 4 0 4 1 1 0 1 0 8 0 mbufpl 256 22766 0 22562 24 8 16 22 0 8 1 bufpl 288 6561 0 156 458 0 458 458 0 8 0 anonpl 24 162709 0 106020 375 33 342 342 0 188 0 amapchunkpl 152 10935 0 7377 145 8 137 137 0 158 0 amappl16 200 304 0 172 8 1 7 7 0 8 0 amappl15 192 107 0 98 1 0 1 1 0 8 0 amappl14 184 13 0 11 1 0 1 1 0 8 0 amappl13 176 90 0 85 1 0 1 1 0 8 0 amappl12 168 29 0 19 1 0 1 1 0 8 0 amappl11 160 39 0 28 1 0 1 1 0 8 0 amappl10 152 46 0 41 1 0 1 1 0 8 0 amappl9 144 935 0 923 1 0 1 1 0 8 0 amappl8 136 557 0 517 2 0 2 2 0 8 0 amappl7 128 130 0 113 1 0 1 1 0 8 0 amappl6 120 222 0 204 2 1 1 2 0 8 0 amappl5 112 129 0 113 1 0 1 1 0 8 0 amappl4 104 788 0 764 1 0 1 1 0 8 0 amappl3 96 796 0 715 2 0 2 2 0 8 0 amappl2 88 514 0 446 3 1 2 3 0 8 0 amappl1 80 12715 0 11926 23 6 17 21 0 8 0 amappl 88 1768 0 1618 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 446 0 418 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 446 0 418 1 0 1 1 0 8 0 vmmpekpl 168 8781 0 8740 2 0 2 2 0 8 0 vmmpepl 168 44605 0 42243 112 9 103 103 0 357 0 vmsppl 272 445 0 417 3 1 2 2 0 8 0 rwobjpl 24 14154 0 11254 19 1 18 18 0 8 0 pdppl 4096 898 0 834 105 41 64 64 0 8 0 pvpl 32 386780 0 308027 785 139 646 646 0 265 7 pmappl 216 445 0 417 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 833 0 67 22 0 22 22 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82578b7d) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825ed7e1,ffffffff825a244d,4f5,ffffffff825a2480) at __assert+0x25 sys/kern/subr_prf.c:157 uvm_pageunwire(fffffd8006507700) at uvm_pageunwire+0x16b sys/uvm/uvm_page.c:1269 uvm_fault_unwire_locked(fffffd806b9a3120,94e58e7a000,94e58e7b000) at uvm_fault_unwire_locked+0x226 sys/uvm/uvm_fault.c:1682 uvm_unmap_kill_entry_withlock(fffffd806b9a3120,fffffd806a09cd80,0) at uvm_unmap_kill_entry_withlock+0x62 sys/uvm/uvm_map.c:1887 uvm_map_teardown(fffffd806b9a3120) at uvm_map_teardown+0x167 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd806b9a3120) at uvm_map_teardown+0x167 sys/uvm/uvm_map.c:2523 uvmspace_free(fffffd806b9a3120) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3436 reaper(ffff8000ffff9508) at reaper+0x15d sys/kern/kern_exit.c:448 end trace frame: 0x0, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82578b7d) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825ed7e1,ffffffff825a244d,4f5,ffffffff825a2480) at __assert+0x25 sys/kern/subr_prf.c:157 uvm_pageunwire(fffffd8006507700) at uvm_pageunwire+0x16b sys/uvm/uvm_page.c:1269 uvm_fault_unwire_locked(fffffd806b9a3120,94e58e7a000,94e58e7b000) at uvm_fault_unwire_locked+0x226 sys/uvm/uvm_fault.c:1682 uvm_unmap_kill_entry_withlock(fffffd806b9a3120,fffffd806a09cd80,0) at uvm_unmap_kill_entry_withlock+0x62 sys/uvm/uvm_map.c:1887 uvm_map_teardown(fffffd806b9a3120) at uvm_map_teardown+0x167 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd806b9a3120) at uvm_map_teardown+0x167 sys/uvm/uvm_map.c:2523 uvmspace_free(fffffd806b9a3120) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3436 reaper(ffff8000ffff9508) at reaper+0x15d sys/kern/kern_exit.c:448 end trace frame: 0x0, count: -9