panic: kernel diagnostic assertion "va >= entry->start" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_fault.c", line 1694 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *456171 95324 -1 0x10 0x4000000 0K syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830f33c6) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff830a7595,ffffffff8304875f,69e,ffffffff83009f55) at __assert+0x29 uvm_fault_unwire_locked(fffffd806bef9e28,20000000,20011000) at uvm_fault_unwire_locked+0x4b4 uvm_fault_unwire(fffffd806bef9e28,20000000,20011000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1657 kern_sysctl(ffff80002a034ca4,5,20000100,ffff80002a034cd8,0,37,163be6ae883fa1a0) at kern_sysctl+0x500 sysctl_vsunlock sys/kern/kern_sysctl.c:209 [inline] kern_sysctl(ffff80002a034ca4,5,20000100,ffff80002a034cd8,0,37,163be6ae883fa1a0) at kern_sysctl+0x500 sys/kern/kern_sysctl.c:508 sys_sysctl(ffff800029fd96d0,ffff80002a034e10,ffff80002a034d60) at sys_sysctl+0x425 syscall(ffff80002a034e10) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff80002a034e10) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x334ae662f50, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "va >= entry->start" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_fault.c", line 1694 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830f33c6) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff830a7595,ffffffff8304875f,69e,ffffffff83009f55) at __assert+0x29 uvm_fault_unwire_locked(fffffd806bef9e28,20000000,20011000) at uvm_fault_unwire_locked+0x4b4 uvm_fault_unwire(fffffd806bef9e28,20000000,20011000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1657 kern_sysctl(ffff80002a034ca4,5,20000100,ffff80002a034cd8,0,37,163be6ae883fa1a0) at kern_sysctl+0x500 sysctl_vsunlock sys/kern/kern_sysctl.c:209 [inline] kern_sysctl(ffff80002a034ca4,5,20000100,ffff80002a034cd8,0,37,163be6ae883fa1a0) at kern_sysctl+0x500 sys/kern/kern_sysctl.c:508 sys_sysctl(ffff800029fd96d0,ffff80002a034e10,ffff80002a034d60) at sys_sysctl+0x425 syscall(ffff80002a034e10) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff80002a034e10) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x334ae662f50, count: -9 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002a034930 rbx 0xffffffff834c4dbf cpu_info_full_primary+0x2dbf rdx 0xffff80000129f580 rcx 0xffff800029fd96d0 rax 0xffffffff834c3ff0 cpu_info_full_primary+0x1ff0 r8 0 r9 0x8080808080808080 r10 0x6bc2ca1506e7c362 r11 0x22c18d88861e271 r12 0xffffffff834c4bc0 cpu_info_full_primary+0x2bc0 r13 0 r14 0 r15 0x1 rip 0xffffffff82677605 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a034920 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=456171 pid=95324 tcnt=3 stat=onproc flags process=10 proc=4000000 runpri=36, usrpri=85, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a141700,0xffff800029fd9458 process=0xffff8000fffebaf0 user=0xffff80002a02f000, vmspace=0xfffffd806bef9e28 estcpu=35, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 59346 242071 47643 0 3 0 futex syz-executor 59346 245577 47643 0 3 0x4000000 futex syz-executor 26491 183249 6 0 2 0 syz-executor 26491 388765 6 0 3 0x4000000 futex syz-executor 26491 231691 6 0 2 0x4000000 syz-executor 27530 329683 45854 0 2 0 syz-executor 27530 37968 45854 0 3 0x4000000 futex syz-executor 27530 358292 45854 0 3 0x4000080 fsleep syz-executor 13809 505641 99768 0 2 0 syz-executor 13809 515846 99768 0 3 0x4000080 fsleep syz-executor 13809 496120 99768 0 2 0x4000000 syz-executor 95324 484169 8644 -1 2 0x10 syz-executor *95324 456171 8644 -1 7 0x4000010 syz-executor 95324 408617 8644 -1 2 0x4000010 syz-executor 88281 270243 95937 0 3 0 futex syz-executor 88281 37123 95937 0 3 0x4000080 pppxread syz-executor 88281 510797 95937 0 3 0x4000080 fsleep syz-executor 88281 135386 95937 0 3 0x4000080 fsleep syz-executor 88281 327871 95937 0 2 0x4000000 syz-executor 78488 338135 86746 0 3 0 vmmaplk syz-executor 78488 33027 86746 0 2 0x4000000 syz-executor 78488 114386 86746 0 3 0x4000080 fsleep syz-executor 78488 102872 86746 0 3 0x4000000 vmmaplk syz-executor 27237 271007 41951 0 3 0 futex syz-executor 27237 497663 41951 0 2 0x4000000 syz-executor 27237 364801 41951 0 3 0x4000080 fsleep syz-executor 27237 385712 41951 0 3 0x4000080 fsleep syz-executor 41951 440451 86588 0 2 0x482 syz-executor 47669 426097 0 0 3 0x14200 acct acct 45854 189830 86588 0 2 0x482 syz-executor 47643 184946 86588 0 3 0x82 nanoslp syz-executor 99768 218857 86588 0 2 0x482 syz-executor 6 236967 86588 0 2 0x482 syz-executor 95937 475103 86588 0 2 0x482 syz-executor 86746 444378 86588 0 2 0x482 syz-executor 23357 74593 1 0 3 0x100083 ttyin getty 67038 363737 0 0 3 0x14200 bored sosplice 8644 265903 86588 0 3 0x82 nanoslp syz-executor 86588 197536 18759 0 3 0x82 kqread syz-executor 18759 351625 69076 0 3 0x10008a sigsusp ksh 69076 401936 11233 0 3 0x98 kqread sshd-session 11233 89627 1 0 3 0x92 kqread sshd-session 59622 187935 11956 74 3 0x1100092 bpf pflogd 11956 202723 1 0 3 0x80 sbwait pflogd 89920 399255 13238 73 3 0x1100090 kqread syslogd 13238 354485 1 0 3 0x100082 sbwait syslogd 14825 330535 1 0 3 0x100080 kqread resolvd 31957 474104 84980 77 3 0x100092 kqread dhcpleased 57402 24803 84980 77 3 0x100092 kqread dhcpleased 84980 238498 1 0 3 0x80 kqread dhcpleased 20777 311759 0 0 3 0x14200 bored smr 45831 224032 0 0 2 0x14200 zerothread 36681 64164 0 0 3 0x14200 aiodoned aiodoned 8799 196273 0 0 3 0x14200 syncer update 73676 109039 0 0 3 0x14200 cleaner cleaner 68059 449491 0 0 3 0x14200 reaper reaper 3279 459858 0 0 3 0x14200 pgdaemon pagedaemon 86305 214400 0 0 3 0x14200 bored viomb 42127 341856 0 0 3 0x40014200 acpi0 acpi0 72094 325589 0 0 7 0x40014200 idle1 81953 369730 0 0 3 0x14200 bored softnet3 91869 341944 0 0 3 0x14200 bored softnet2 72376 76669 0 0 3 0x14200 bored softnet1 43540 83176 0 0 3 0x14200 bored softnet0 32550 210299 0 0 3 0x14200 bored systqmp 56488 87128 0 0 3 0x14200 bored systq 13642 227547 0 0 3 0x14200 tmoslp softclockmp 93214 518972 0 0 3 0x40014200 netlock softclock 20334 517784 0 0 3 0x40014200 idle0 1 277858 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 26491 (syz-executor) thread 0xffff8000ffff27b8 (231691) Process 95324 (syz-executor) thread 0xffff800029fd96d0 (456171) Process 78488 (syz-executor) thread 0xffff8000ffff1978 (33027) Process 27237 (syz-executor) thread 0xffff80002a140548 (497663) Process 93214 (softclock) thread 0xffff8000ffffe510 (518972) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10242 11162K 11677K 166960K 18460 0 pcb 17 20K 22K 166960K 1601 0 rtable 188 7K 8K 166960K 1504 0 pf 37 18K 81K 166960K 234 0 ifaddr 37 6K 8K 166960K 178 0 ifgroup 62 2K 3K 166960K 313 0 sysctl 4 1K 5K 166960K 82 0 counters 66 36K 37K 166960K 224 0 ioctlops 0 0K 4K 166960K 2355 0 iov 1 2K 24K 166960K 594 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1421 89K 90K 166960K 6037 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 60K 64K 166960K 116 0 VM map 2 1K 1K 166960K 2 0 sem 24 29K 45K 166960K 301 0 dirhash 12 2K 2K 166960K 78 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 18 65K 93K 166960K 5655 0 sigio 1 0K 0K 166960K 170 0 proc 72 91K 128K 166960K 1313 0 subproc 104 6K 6K 166960K 235 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 1 0K 0K 166960K 816 0 in_multi 61 4K 7K 166960K 364 0 ether_multi 1 0K 0K 166960K 47 0 mrt 1 0K 0K 166960K 20 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 289 1288K 1288K 166960K 289 0 exec 0 0K 1K 166960K 1844 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 8 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 269 74K 88K 166960K 55127 0 UVM aobj 226 17K 19K 166960K 243 0 pinsyscall 41 82K 109K 166960K 7098 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 405 0 NDP 13 0K 2K 166960K 131 0 temp 86 6824K 7080K 166960K 243876 0 kqueue 12 18K 32K 166960K 1001 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 568 0 565 5 4 1 3 0 8 0 rtentry 112 442 0 363 4 0 4 4 0 8 0 unpcb 144 4351 0 4328 29 28 1 6 0 8 0 syncache 336 19 0 19 4 4 0 1 0 8 0 tcpqe 32 1 0 1 1 1 0 1 0 8 0 tcpcb 808 2566 0 2562 38 37 1 8 0 8 0 arp 120 100 0 82 1 0 1 1 0 8 0 inpcb 336 9002 0 8990 84 82 2 12 0 8 0 nd6 136 69 0 50 1 0 1 1 0 8 0 pkpcb 40 26 0 26 13 12 1 1 0 8 1 kcovpl 48 18 0 10 1 0 1 1 0 8 0 ppxss 1168 45 0 45 11 11 0 1 0 8 0 pffrag 232 33 0 28 2 1 1 1 0 482 0 pffrnode 88 31 0 26 2 1 1 1 0 8 0 pffrent 40 148 0 143 2 1 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 503 0 393 2 0 2 2 0 8 0 pfstkey 128 503 0 393 8 0 8 8 0 8 0 pfstate 376 503 0 393 24 3 21 24 0 8 0 pfrule 1344 23 0 18 2 1 1 2 0 8 0 rttmr 136 2 0 2 2 2 0 1 0 8 0 art_heap8 4096 7 0 2 7 2 5 6 0 8 0 art_heap4 256 1475 0 1172 39 16 23 31 0 8 0 art_table 32 1482 0 1174 5 1 4 4 0 8 0 art_node 16 426 0 360 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 7 1 0 1 1 0 8 0 semupl 112 3 0 3 2 2 0 1 0 8 0 semapl 112 288 0 266 1 0 1 1 0 8 0 shmpl 112 240 0 17 7 0 7 7 0 8 0 dirhash 1024 61 0 44 3 0 3 3 0 8 0 dino2pl 256 12112 0 10573 97 0 97 97 0 8 0 ffsino 272 12112 0 10573 103 0 103 103 0 8 0 nchpl 144 20575 0 19942 64 39 25 64 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 74515 0 74515 8 7 1 2 0 8 1 percpumem 16 126 0 79 1 0 1 1 0 8 0 kstatmem 264 184 0 158 6 4 2 3 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 23 0 23 12 11 1 1 0 8 1 scxspl 216 60695 0 60695 19 18 1 8 1 8 1 plimitpl 152 1493 0 1476 1 0 1 1 0 8 0 sigapl 424 5994 0 5943 10 3 7 9 0 8 0 futexpl 64 84823 0 84815 1 0 1 1 0 8 0 knotepl 120 795 0 0 24 0 24 24 0 8 0 kqueuepl 216 2165 0 2157 21 20 1 5 0 8 0 pipepl 320 797 0 768 11 8 3 8 0 8 0 fdescpl 496 5941 0 5910 5 0 5 5 0 8 0 filepl 152 46156 0 45898 59 46 13 22 0 8 0 lockfpl 104 2697 0 2692 3 2 1 2 0 8 0 lockfspl 48 958 0 953 1 0 1 1 0 8 0 sessionpl 144 49 0 41 1 0 1 1 0 8 0 pgrppl 48 130 0 114 1 0 1 1 0 8 0 ucredpl 104 9610 0 9596 1 0 1 1 0 8 0 zombiepl 144 6854 0 6854 1 0 1 1 0 8 1 processpl 1160 5994 0 5943 7 2 5 6 0 8 0 procpl 648 15113 0 15043 8 1 7 8 0 8 0 srpgc 96 29 0 29 6 6 0 1 0 8 0 sosppl 168 38 0 38 8 8 0 1 0 8 0 sockpl 664 14689 0 14651 107 103 4 16 0 8 0 mcl64k 65536 8 0 0 1 0 1 1 0 8 0 mcl16k 16384 6 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 9 0 0 2 0 2 2 0 8 0 mcl4k 4096 132 0 0 17 0 17 17 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 39 0 0 5 0 5 5 0 8 0 mtagpl 96 135 0 0 3 0 3 3 0 8 0 mbufpl 256 1305 0 0 75 0 75 75 0 8 0 bufpl 280 16726 0 10552 442 0 442 442 0 8 0 anonpl 24 767746 0 755315 278 184 94 115 0 185 0 amapchunkpl 152 180151 0 179349 73 42 31 35 0 158 0 amappl16 200 19273 0 18917 175 144 31 45 0 8 0 amappl15 192 11 0 11 2 2 0 1 0 8 0 amappl14 184 187 0 176 1 0 1 1 0 8 0 amappl13 176 14 0 14 3 3 0 1 0 8 0 amappl12 168 6791 0 6760 4 2 2 3 0 8 0 amappl11 160 57 0 42 1 0 1 1 0 8 0 amappl10 152 29 0 27 1 0 1 1 0 8 0 amappl9 144 164 0 164 2 2 0 1 0 8 0 amappl8 136 23 0 20 1 0 1 1 0 8 0 amappl7 128 152 0 140 1 0 1 1 0 8 0 amappl6 120 277 0 275 1 0 1 1 0 8 0 amappl5 112 221 0 208 1 0 1 1 0 8 0 amappl4 104 419 0 401 1 0 1 1 0 8 0 amappl3 96 33387 0 33276 4 1 3 4 0 8 0 amappl2 88 6426 0 6344 3 0 3 3 0 8 0 amappl1 80 28769 0 28282 16 2 14 15 0 8 0 amappl 88 53946 0 53735 5 0 5 5 0 92 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma32768 32768 1 0 1 1 1 0 1 0 8 0 dma4096 4096 3 0 3 3 3 0 1 0 8 0 dma2048 2048 2 0 2 2 2 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma512 512 4 0 4 4 4 0 1 0 8 0 dma256 256 9 0 9 4 4 0 1 0 8 0 dma128 128 258 0 258 5 5 0 1 0 8 0 dma64 64 8 0 8 3 3 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 22 0 21 1 0 1 1 0 8 0 aobjpl 72 242 0 17 5 0 5 5 0 8 0 uaddrrnd 24 5941 0 5910 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5941 0 5910 1 0 1 1 0 8 0 vmmpekpl 168 42968 0 42906 4 0 4 4 0 8 0 vmmpepl 168 365815 0 363635 189 83 106 121 0 357 0 vmsppl 448 5940 0 5910 6 2 4 5 0 8 0 rwobjpl 56 97299 0 89928 122 13 109 111 0 8 0 pdppl 4096 11889 0 11820 147 78 69 85 0 8 0 pvpl 32 25036 0 0 202 1 201 201 0 265 0 pmappl 248 5940 0 5910 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 664 0 254 13 0 13 13 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830f33c6) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff830a7595,ffffffff8304875f,69e,ffffffff83009f55) at __assert+0x29 uvm_fault_unwire_locked(fffffd806bef9e28,20000000,20011000) at uvm_fault_unwire_locked+0x4b4 uvm_fault_unwire(fffffd806bef9e28,20000000,20011000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1657 kern_sysctl(ffff80002a034ca4,5,20000100,ffff80002a034cd8,0,37,163be6ae883fa1a0) at kern_sysctl+0x500 sysctl_vsunlock sys/kern/kern_sysctl.c:209 [inline] kern_sysctl(ffff80002a034ca4,5,20000100,ffff80002a034cd8,0,37,163be6ae883fa1a0) at kern_sysctl+0x500 sys/kern/kern_sysctl.c:508 sys_sysctl(ffff800029fd96d0,ffff80002a034e10,ffff80002a034d60) at sys_sysctl+0x425 syscall(ffff80002a034e10) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:178 [inline] syscall(ffff80002a034e10) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x334ae662f50, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x41e sys/dev/acpi/acpicpu.c:1218 sched_idle(ffff800029b7bff0) at sched_idle+0x558 sys/kern/kern_sched.c:182 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x41e sys/dev/acpi/acpicpu.c:1218 sched_idle(ffff800029b7bff0) at sched_idle+0x558 sys/kern/kern_sched.c:182 end trace frame: 0x0, count: -5