panic: uvm_fault_unwire_locked: address not in mapWA INGa:rtiSPLng stacOk tWERrED eN .. ALL 73 57344 EXIT 0 a Stopped at savectx+174: movl $0,%gs:1672 TID PID UID PRFLAGS PFLAGS CPU COMMAND 2585 17189 0 0 0x4000000 0K syz-executor *244811 17189 0 0 0x4000000 1 syz-executor savectx() at savectx+174 end of kernel end trace frame: 0x5d1522e1110, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu0: uvm_fault_unwire_locked: address not in map ddb{1}> trace savectx() at savectx+174 end of kernel end trace frame: 0x5d1522e1110, count: -1 ddb{1}> show registers rdi 0 rsi 0 rbp 18446603337127057472 rbx 0 rdx 18446603336242691840 rcx 18446603337232250104 rax 54 r8 18446603337127057264 r9 0 r10 14901798241004787998 r11 16050573269162783269 r12 0 r13 0 r14 18446603337232250104 r15 0 rip 18446744071593542638 savectx+174 cs 8 rflags 70 rsp 18446603337127057344 ss 16 savectx+174: movl $0,%gs:1672 ddb{1}> show proc PROC (syz-executor) tid=244811 pid=17189 tcnt=4 stat=onproc flags process=0 proc=4000000 runpri=82, usrpri=83, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c436800,0xffff80003c436048 process=0xffff80002a3d2698 user=0xffff800035fe0000, vmspace=0xfffffd806c0963f0 estcpu=33, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 27765 30154 79805 0 2 0 syz-executor 27765 250411 79805 0 3 0x4000080 fsleep syz-executor 27765 53610 79805 0 3 0x4000080 fsleep syz-executor 17189 140755 48587 0 2 0 syz-executor 17189 209349 48587 0 3 0x4000080 fsleep syz-executor 17189 2585 48587 0 7 0x4000000 syz-executor *17189 244811 48587 0 7 0x4000000 syz-executor 11651 310908 23945 0 3 0x82 nanoslp syz-executor 12788 46325 0 0 3 0x14280 nfsidl nfsio 70571 42944 0 0 3 0x14280 nfsidl nfsio 75328 353291 0 0 3 0x14280 nfsidl nfsio 54214 66212 0 0 3 0x14280 nfsidl nfsio 9142 71088 0 0 3 0x14280 nfsidl nfsio 71868 372594 0 0 3 0x14280 nfsidl nfsio 15843 425472 0 0 3 0x14280 nfsidl nfsio 58466 46221 0 0 3 0x14280 nfsidl nfsio 11405 98534 0 0 3 0x14280 nfsidl nfsio 6489 18724 0 0 3 0x14280 nfsidl nfsio 76346 138063 0 0 3 0x14280 nfsidl nfsio 92770 157803 0 0 3 0x14280 nfsidl nfsio 98326 223280 0 0 3 0x14280 nfsidl nfsio 28670 353211 0 0 3 0x14280 nfsidl nfsio 51352 286213 0 0 3 0x14280 nfsidl nfsio 53936 222418 0 0 3 0x14280 nfsidl nfsio 59773 419022 0 0 3 0x14280 nfsidl nfsio 22909 420957 0 0 3 0x14280 nfsidl nfsio 18321 175674 0 0 3 0x14280 nfsidl nfsio 75472 314106 0 0 3 0x14280 nfsidl nfsio 37146 214318 0 0 3 0x14200 acct acct 42101 20360 19018 0 3 0x100082 sbwait arp 19018 325513 74158 0 3 0x10008a sigsusp sh 79805 158447 23945 0 3 0x82 nanoslp syz-executor 74158 264588 23945 0 3 0x82 wait syz-executor 89945 175016 23945 0 3 0x82 nanoslp syz-executor 39487 476936 23945 0 3 0x82 nanoslp syz-executor 72728 346854 23945 0 3 0x82 wait syz-executor 48587 366586 23945 0 3 0x82 nanoslp syz-executor 37938 21669 23945 0 2 0x2 syz-executor 23945 62976 33751 0 3 0x82 kqread syz-executor 33751 373614 65061 0 3 0x10008a sigsusp ksh 65061 332446 35622 0 3 0x98 kqread sshd-session 35622 338432 13784 0 3 0x92 kqread sshd-session 40025 207732 1 0 3 0x100083 ttyopn getty 13784 81569 1 0 3 0x88 kqread sshd 53790 477481 95191 74 3 0x1100092 bpf pflogd 95191 387294 1 0 3 0x80 sbwait pflogd 84363 472155 26252 73 3 0x1100090 kqread syslogd 26252 335997 1 0 3 0x100082 sbwait syslogd 46045 189575 1 0 3 0x100080 kqread resolvd 16406 306400 0 0 3 0x14200 bored smr 78525 267769 0 0 3 0x14200 pgzero zerothread 78570 378572 0 0 3 0x14200 aiodoned aiodoned 62214 63247 0 0 3 0x14200 syncer update 24572 256239 0 0 3 0x14200 cleaner cleaner 54158 282729 0 0 3 0x14200 reaper reaper 14607 490505 0 0 3 0x14200 pgdaemon pagedaemon 83425 276052 0 0 3 0x14200 bored viomb 58242 83729 0 0 3 0x40014200 acpi0 acpi0 65226 441567 0 0 3 0x40014200 idle1 95209 408545 0 0 3 0x14200 bored softnet1 52167 313455 0 0 3 0x14200 bored softnet0 79125 245226 0 0 3 0x14200 bored systqmp 60512 27350 0 0 3 0x14200 bored systq 17442 46080 0 0 3 0x14200 tmoslp softclockmp 81646 64252 0 0 3 0x40014200 tmoslp softclock 38994 319038 0 0 3 0x40014200 idle0 1 374907 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks CPU 1: exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff839ab438) #0 witness_lock+1521 #1 mtx_enter+1204 #2 uvm_pmr_freepages+424 #3 uvm_anfree_list+485 #4 amap_wiperange_chunk+424 #5 amap_wiperange+1204 #6 amap_pp_adjref+1744 #7 amap_adjref_anons+557 #8 uvm_unmap_detach+138 #9 sys_munmap+809 #10 syscall+3028 #11 Xsyscall+296 Process 17189 (syz-executor) thread 0xffff80003c436800 (2585) shared rwlock vmmaplk r = 0 (0xfffffd806c0964f0) #0 witness_lock+1521 #1 rw_do_enter_read+1000 #2 uvm_fault_wire+278 #3 uvm_vslock_device+274 #4 physio+599 #5 spec_read+331 #6 VOP_READ+257 #7 vn_read+379 #8 dofilereadv+602 #9 sys_pread+174 #10 syscall+3028 #11 Xsyscall+296 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83901248) #0 witness_lock+1521 #1 __mp_acquire_count+88 #2 sleep_finish+728 #3 rw_do_enter_read+777 #4 uvmfault_lookup+290 #5 uvm_fault_check+79 #6 uvm_fault+262 #7 uvm_fault_wire+115 #8 uvm_vslock_device+274 #9 physio+599 #10 spec_read+331 #11 VOP_READ+257 #12 vn_read+379 #13 dofilereadv+602 #14 sys_pread+174 #15 syscall+3028 #16 Xsyscall+296 Process 17189 (syz-executor) thread 0xffff80003c4374f8 (244811) exclusive rwlock amaplk r = 0 (0xfffffd806ef661c8) #0 witness_lock+1521 #1 rw_do_enter_write+1049 #2 amap_unref+61 #3 uvm_unmap_detach+138 #4 sys_munmap+809 #5 syscall+3028 #6 Xsyscall+296 exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff839ab438) #0 witness_lock+1521 #1 mtx_enter+1204 #2 uvm_pmr_freepages+424 #3 uvm_anfree_list+485 #4 amap_wiperange_chunk+424 #5 amap_wiperange+1204 #6 amap_pp_adjref+1744 #7 amap_adjref_anons+557 #8 uvm_unmap_detach+138 #9 sys_munmap+809 #10 syscall+3028 #11 Xsyscall+296 Process 37938 (syz-executor) thread 0xffff8000ffffd230 (21669) exclusive rrwlock inode r = 0 (0xfffffd800eecb7d0) #0 witness_lock+1521 #1 rw_do_enter_write+1049 #2 rrw_enter+198 #3 VOP_LOCK+189 #4 ufs_ihashins+79 #5 ffs_vget+391 #6 ffs_inode_alloc+633 #7 ufs_mkdir+252 #8 VOP_MKDIR+257 #9 domkdirat+377 #10 syscall+2839 #11 Xsyscall+296 exclusive rrwlock inode r = 0 (0xfffffd806d85fea8) #0 witness_lock+1521 #1 rw_do_enter_write+1049 #2 rrw_enter+198 #3 VOP_LOCK+189 #4 vn_lock+164 #5 vfs_lookup+284 #6 namei+1994 #7 domkdirat+139 #8 syscall+2839 #9 Xsyscall+296 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10199 11017K 11307K 166960K 12628 0 pcb 17 16K 18K 166960K 307 0 rtable 202 10K 11K 166960K 570 0 pf 33 17K 21K 166960K 166 0 ifaddr 35 6K 7K 166960K 115 0 ifgroup 51 2K 2K 166960K 199 0 sysctl 4 1K 9K 166960K 13 0 counters 66 36K 38K 166960K 420 0 ioctlops 0 0K 4K 166960K 2109 0 iov 0 0K 18K 166960K 117 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1465 92K 92K 166960K 2614 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 3 5K 13K 166960K 26 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 96 0 dirhash 12 2K 2K 166960K 39 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 244K 166960K 1414 0 sigio 1 0K 0K 166960K 23 0 proc 75 100K 180K 166960K 691 0 subproc 72 4K 4K 166960K 82 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 232 0 in_multi 70 5K 6K 166960K 152 0 ether_multi 1 0K 0K 166960K 7 0 mrt 1 0K 0K 166960K 15 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 139 625K 625K 166960K 139 0 exec 0 0K 1K 166960K 544 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 5 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 244 154K 181K 166960K 15144 0 UVM aobj 41 10K 10K 166960K 46 0 pinsyscall 38 76K 106K 166960K 2568 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 90 0 NDP 11 0K 1K 166960K 78 0 temp 77 8664K 8913K 166960K 58910 0 kqueue 7 12K 28K 166960K 277 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 201 0 198 3 2 1 3 0 8 0 rtentry 176 157 0 78 5 0 5 5 0 8 0 unpcb 144 1056 0 1046 14 8 6 6 0 8 5 syncache 336 9 0 9 4 3 1 1 0 8 1 tcpcb 736 487 0 483 13 9 4 7 0 8 3 arp 136 25 0 7 1 0 1 1 0 8 0 inpcb 328 1425 0 1420 16 9 7 7 0 8 6 nd6 152 31 0 14 1 0 1 1 0 8 0 pkpcb 40 14 0 14 4 3 1 1 0 8 1 kcovpl 48 9 0 1 1 0 1 1 0 8 0 ppxss 1192 159 0 159 1 0 1 1 0 8 1 pppxif 1504 10 0 10 2 1 1 1 0 8 1 pffrag 232 32 0 20 1 0 1 1 0 482 0 pffrnode 88 32 0 20 1 0 1 1 0 8 0 pffrent 40 56 0 44 1 0 1 1 0 8 0 pfosfp 40 1429 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1429 0 714 21 0 21 21 0 8 0 pfrktable 1344 2 0 2 2 1 1 1 0 8 1 pfstitem 24 79 0 26 1 0 1 1 0 8 0 pfstkey 128 79 0 26 2 0 2 2 0 8 0 pfstate 384 79 0 26 6 0 6 6 0 8 0 pfrule 1344 26 0 20 2 1 1 2 0 8 0 rttmr 136 4 0 4 4 4 0 1 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 723 0 444 28 5 23 28 0 8 0 art_table 40 726 0 444 5 0 5 5 0 8 0 art_node 32 157 0 86 1 0 1 1 0 8 0 sysvmsgpl 40 34 0 14 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 86 0 76 1 0 1 1 0 8 0 shmpl 112 39 0 5 1 0 1 1 0 8 0 dirhash 1024 35 0 18 3 0 3 3 0 8 0 dino2pl 256 4196 0 2687 96 0 96 96 0 8 0 ffsino 296 4196 0 2687 117 0 117 117 0 8 0 nchpl 144 6215 0 4512 64 0 64 64 0 8 0 rtmask 32 16 0 16 4 3 1 1 0 8 1 vnodes 216 4847 0 0 270 0 270 270 0 8 0 namei 1024 21001 0 21000 1 0 1 1 0 8 0 percpumem 16 225 0 177 1 0 1 1 0 8 0 vcpupl 3968 4 0 0 1 0 1 1 0 8 0 vmpool 840 4 0 0 1 0 1 1 0 8 0 kstatmem 264 126 0 102 4 1 3 3 0 8 1 scsiplug 72 5 0 5 3 2 1 1 0 8 1 scxspl 216 36084 0 36084 11 10 1 8 1 8 1 plimitpl 152 391 0 374 1 0 1 1 0 8 0 sigapl 424 1729 0 1663 8 0 8 8 0 8 0 knotepl 120 582 0 0 17 0 17 17 0 8 0 kqueuepl 224 667 0 661 9 8 1 5 0 8 0 pipepl 344 327 0 299 12 3 9 9 0 8 6 fdescpl 528 1691 0 1662 3 0 3 3 0 8 0 filepl 160 11648 0 11440 27 8 19 19 0 8 7 lockfpl 104 592 0 591 1 0 1 1 0 8 0 lockfspl 48 199 0 198 1 0 1 1 0 8 0 sessionpl 144 29 0 21 1 0 1 1 0 8 0 pgrppl 48 89 0 73 1 0 1 1 0 8 0 ucredpl 104 2071 0 2060 1 0 1 1 0 8 0 zombiepl 144 2020 0 2016 1 0 1 1 0 8 0 processpl 1232 1729 0 1663 6 0 6 6 0 8 0 procpl 664 4050 0 3979 8 0 8 8 0 8 0 sosppl 176 8 0 8 4 3 1 1 0 8 1 sockpl 752 2745 0 2727 46 36 10 24 0 8 7 mcl64k 65536 31 0 0 4 0 4 4 0 8 0 mcl16k 16384 3 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 2 0 0 1 0 1 1 0 8 0 mcl4k 4096 125 0 0 16 0 16 16 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 39 0 0 5 0 5 5 0 8 0 mtagpl 96 4 0 0 1 0 1 1 0 8 0 mbufpl 256 1846 0 0 114 0 114 114 0 8 0 bufpl 280 14315 0 8177 439 0 439 439 0 8 0 anonpl 32 11738 0 0 95 0 95 95 0 246 0 amapchunkpl 152 51256 0 50676 41 15 26 35 0 158 1 amappl16 200 5925 0 5899 51 37 14 28 0 8 8 amappl15 192 9 0 9 1 1 0 1 0 8 0 amappl14 184 19 0 19 2 1 1 1 0 8 1 amappl13 176 438 0 436 1 0 1 1 0 8 0 amappl12 168 2084 0 2046 3 0 3 3 0 8 0 amappl11 160 39 0 39 1 1 0 1 0 8 0 amappl10 152 47 0 39 1 0 1 1 0 8 0 amappl9 144 276 0 275 2 1 1 1 0 8 0 amappl8 136 55 0 53 1 0 1 1 0 8 0 amappl7 128 83 0 82 1 0 1 1 0 8 0 amappl6 120 290 0 277 1 0 1 1 0 8 0 amappl5 112 107 0 99 1 0 1 1 0 8 0 amappl4 104 532 0 504 1 0 1 1 0 8 0 amappl3 96 8813 0 8715 4 1 3 3 0 8 0 amappl2 88 1851 0 1791 2 0 2 2 0 8 0 amappl1 80 16013 0 15490 15 0 15 15 0 8 0 amappl 88 14149 0 13972 5 0 5 5 0 92 0 uvmvnodes 80 157 0 0 4 0 4 4 0 8 0 dma32768 32768 1 0 1 1 0 1 1 0 8 1 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 8 0 8 2 2 0 1 0 8 0 dma128 128 256 0 256 4 3 1 1 0 8 1 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 45 0 5 1 0 1 1 0 8 0 uaddrrnd 24 1691 0 1662 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1691 0 1662 1 0 1 1 0 8 0 vmmpekpl 168 16125 0 16082 3 0 3 3 0 8 0 vmmpepl 168 115152 0 113424 123 19 104 109 0 357 15 vmsppl 488 1690 0 1662 5 0 5 5 0 8 0 rwobjpl 80 32828 0 31779 38 6 32 34 0 8 2 pdppl 4096 3397 0 3328 110 37 73 85 0 8 4 pvpl 32 20117 0 0 163 0 163 163 0 265 0 pmappl 256 1694 0 1662 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 408 0 58 12 1 11 11 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+39: addq $8,%rsp x86_ipi_db(ffffffff8384bff0) at x86_ipi_db+39 x86_ipi_handler() at x86_ipi_handler+217 Xresume_lapic_ipi() at Xresume_lapic_ipi+39 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+86 db_elf_sym_search(ffffffff81a940d0,0,ffff80003c4e70c0) at db_elf_sym_search+735 db_search_symbol(ffffffff81a940d0,0,ffff80003c4e7130) at db_search_symbol+82 db_stack_trace_print(ffff80003c4e7200,1,100,ffffffff8334b153,ffffffff81a946f0) at db_stack_trace_print+766 db_stack_dump() at db_stack_dump+165 panic(ffffffff833dfad0) at panic+464 uvm_fault_unwire_locked(fffffd806c0963f0,200000140000,200000141000) at uvm_fault_unwire_locked+1262 uvm_fault_wire(fffffd806c0963f0,200000140000,200000151000,3) at uvm_fault_wire+301 uvm_vslock_device(ffff80003c436800,200000140040,10000,3,ffff80003c4e74b8) at uvm_vslock_device+274 physio(ffffffff8101c680,d02,8000,ffffffff8101ced0,ffff80003c4e7798) at physio+599 spec_read(ffff80003c4e75f0) at spec_read+331 end trace frame: 0xffff80003c4e7660, count: 0 ddb{0}> trace x86_ipi_db(ffffffff8384bff0) at x86_ipi_db+39 x86_ipi_handler() at x86_ipi_handler+217 Xresume_lapic_ipi() at Xresume_lapic_ipi+39 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+86 db_elf_sym_search(ffffffff81a940d0,0,ffff80003c4e70c0) at db_elf_sym_search+735 db_search_symbol(ffffffff81a940d0,0,ffff80003c4e7130) at db_search_symbol+82 db_stack_trace_print(ffff80003c4e7200,1,100,ffffffff8334b153,ffffffff81a946f0) at db_stack_trace_print+766 db_stack_dump() at db_stack_dump+165 panic(ffffffff833dfad0) at panic+464 uvm_fault_unwire_locked(fffffd806c0963f0,200000140000,200000141000) at uvm_fault_unwire_locked+1262 uvm_fault_wire(fffffd806c0963f0,200000140000,200000151000,3) at uvm_fault_wire+301 uvm_vslock_device(ffff80003c436800,200000140040,10000,3,ffff80003c4e74b8) at uvm_vslock_device+274 physio(ffffffff8101c680,d02,8000,ffffffff8101ced0,ffff80003c4e7798) at physio+599 spec_read(ffff80003c4e75f0) at spec_read+331 VOP_READ(fffffd8060615dc0,ffff80003c4e7798,0,fffffd80097fb888) at VOP_READ+257 vn_read(fffffd805fed9020,ffff80003c4e7798,1) at vn_read+379 dofilereadv(ffff80003c436800,6,ffff80003c4e7798,1,ffff80003c4e7850) at dofilereadv+602 sys_pread(ffff80003c436800,ffff80003c4e7900,ffff80003c4e7850) at sys_pread+174 syscall(ffff80003c4e7900) at syscall+3028 Xsyscall() at Xsyscall+296 end of kernel end trace frame: 0x5d1cf280ad0, count: -20 ddb{0}> machine ddbcpu 1 Stopped at savectx+174: movl $0,%gs:1672 savectx() at savectx+174 end of kernel end trace frame: 0x5d1522e1110, count: 14 ddb{1}> trace savectx() at savectx+174 end of kernel end trace frame: 0x5d1522e1110, count: -1