panic: kernel diagnostic assertion "uvm_page_owner_locked_p(pg)" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 1248 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *428994 9133 0 0x14000 0x200 0 reaper db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b259a) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83068fa3,ffffffff82fb7555,4e0,ffffffff830bb00e) at __assert+0x29 uvm_pageunwire(fffffd8006b89200) at uvm_pageunwire+0x1dd sys/uvm/uvm_page.c:1248 uvm_fault_unwire_locked(fffffd8077a376e8,98bead3e000,98beaf3d000) at uvm_fault_unwire_locked+0x33e sys/uvm/uvm_fault.c:1695 uvm_unmap_kill_entry_withlock(fffffd8077a376e8,fffffd8075eeadc8,0) at uvm_unmap_kill_entry_withlock+0x81 sys/uvm/uvm_map.c:1861 uvm_map_teardown(fffffd8077a376e8) at uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2498 uvmspace_free(fffffd8077a376e8) at uvmspace_free+0xbd sys/uvm/uvm_map.c:3422 reaper(ffff80002a457be0) at reaper+0x225 sys/kern/kern_exit.c:478 end trace frame: 0x0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "uvm_page_owner_locked_p(pg)" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 1248 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b259a) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83068fa3,ffffffff82fb7555,4e0,ffffffff830bb00e) at __assert+0x29 uvm_pageunwire(fffffd8006b89200) at uvm_pageunwire+0x1dd sys/uvm/uvm_page.c:1248 uvm_fault_unwire_locked(fffffd8077a376e8,98bead3e000,98beaf3d000) at uvm_fault_unwire_locked+0x33e sys/uvm/uvm_fault.c:1695 uvm_unmap_kill_entry_withlock(fffffd8077a376e8,fffffd8075eeadc8,0) at uvm_unmap_kill_entry_withlock+0x81 sys/uvm/uvm_map.c:1861 uvm_map_teardown(fffffd8077a376e8) at uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2498 uvmspace_free(fffffd8077a376e8) at uvmspace_free+0xbd sys/uvm/uvm_map.c:3422 reaper(ffff80002a457be0) at reaper+0x225 sys/kern/kern_exit.c:478 end trace frame: 0x0, count: -9 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a455330 rbx 0xfffffd8006b89200 rdx 0 rcx 0 rax 0xffff80002a457be0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x6491fb9ed53bb994 r11 0x5538aca15001e913 r12 0 r13 0xffffffff83324ef8 uvm_map_addr_RBT_INFO r14 0 r15 0x1 rip 0xffffffff81133ca5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a455320 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (reaper) tid=428994 pid=9133 tcnt=1 stat=onproc flags process=14000 proc=200 runpri=86, usrpri=86, slppri=4, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a40dbd8,0xffff80002a4576e0 process=0xffff8000fffff360 user=0xffff80002a450000, vmspace=0xffffffff834cee58 estcpu=36, cpticks=27, pctcpu=17.43, user=0, sys=4251, intr=6 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 60472 511864 0 0 2 0x14600 acct 58603 252621 1 0 3 0x100083 ttyin getty 37043 209571 35140 0 3 0x82 wait syz-executor 49472 33271 35140 0 3 0x82 wait syz-executor 62424 85286 0 0 3 0x14280 nfsidl nfsio 76173 261532 0 0 3 0x14280 nfsidl nfsio 30293 245771 0 0 3 0x14280 nfsidl nfsio 24486 145355 0 0 3 0x14280 nfsidl nfsio 11091 326418 0 0 3 0x14280 nfsidl nfsio 77202 398998 0 0 3 0x14280 nfsidl nfsio 21206 37938 0 0 3 0x14280 nfsidl nfsio 95071 430989 0 0 3 0x14280 nfsidl nfsio 50299 434339 0 0 3 0x14280 nfsidl nfsio 78338 375256 0 0 3 0x14280 nfsidl nfsio 6556 269897 0 0 3 0x14280 nfsidl nfsio 67037 469220 0 0 3 0x14280 nfsidl nfsio 172 105922 0 0 3 0x14280 nfsidl nfsio 7634 119394 0 0 3 0x14280 nfsidl nfsio 54760 51629 0 0 3 0x14280 nfsidl nfsio 32186 326060 0 0 3 0x14280 nfsidl nfsio 36701 45580 0 0 3 0x14280 nfsidl nfsio 14710 205794 0 0 3 0x14280 nfsidl nfsio 60582 454763 0 0 3 0x14280 nfsidl nfsio 2464 57037 0 0 3 0x14280 nfsidl nfsio 45478 182069 0 0 3 0x14200 bored sosplice 79901 281438 35140 0 3 0x82 wait syz-executor 73633 201267 35140 0 3 0x82 wait syz-executor 91385 341656 35140 0 3 0x82 wait syz-executor 48133 344140 35140 0 3 0x82 wait syz-executor 35140 421167 66223 0 3 0x82 wait syz-executor 66223 104374 46842 0 3 0x10008a sigsusp ksh 46842 402395 13588 0 3 0x98 kqread sshd-session 13588 91030 1 0 3 0x92 kqread sshd-session 51526 130970 6 73 2 0x1100010 syslogd 6 40858 1 0 3 0x100082 sbwait syslogd 18236 134809 1 0 3 0x100080 kqread resolvd 46570 95711 25777 77 3 0x100092 kqread dhcpleased 12128 212947 25777 77 2 0x100492 dhcpleased 25777 160625 1 0 3 0x80 kqread dhcpleased 19522 57826 0 0 3 0x14200 bored smr 15157 115265 0 0 2 0x14200 zerothread 49426 358110 0 0 3 0x14200 aiodoned aiodoned 62243 289126 0 0 2 0x14600 update 92035 441670 0 0 3 0x14200 cleaner cleaner * 9133 428994 0 0 7 0x14200 reaper 17051 237447 0 0 3 0x14200 pgdaemon pagedaemon 31017 253792 0 0 3 0x14200 bored viomb 92733 48242 0 0 3 0x40014200 acpi0 acpi0 31018 141501 0 0 3 0x14200 bored softnet3 16912 63833 0 0 3 0x14200 bored softnet2 98286 40307 0 0 3 0x14200 bored softnet1 31698 459592 0 0 2 0x14200 softnet0 48310 442070 0 0 3 0x14200 bored systqmp 566 118495 0 0 3 0x14200 bored systq 25248 348019 0 0 2 0x40014200 softclock 46587 347807 0 0 3 0x40014200 idle0 1 386922 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10182 11057K 11490K 166960K 14911 0 pcb 17 17K 19K 166960K 691 0 rtable 174 6K 7K 166960K 740 0 pf 26 12K 21K 166960K 311 0 ifaddr 31 5K 7K 166960K 104 0 ifgroup 42 1K 2K 166960K 157 0 sysctl 3 1K 1K 166960K 3 0 counters 28 17K 17K 166960K 60 0 ioctlops 0 0K 4K 166960K 465 0 iov 0 0K 24K 166960K 197 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1501 94K 94K 166960K 3402 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 2K 10K 166960K 45 0 VM map 2 1K 1K 166960K 2 0 sem 33 16K 16K 166960K 112 0 dirhash 12 2K 2K 166960K 42 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 8 25K 97K 166960K 2166 0 sigio 0 0K 0K 166960K 72 0 proc 60 59K 124K 166960K 838 0 subproc 78 4K 7K 166960K 195 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 413 0 in_multi 64 4K 7K 166960K 232 0 ether_multi 1 0K 0K 166960K 16 0 mrt 1 0K 0K 166960K 10 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 97 440K 440K 166960K 97 0 exec 0 0K 1K 166960K 748 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 3 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 223 82K 91K 166960K 21411 0 UVM aobj 65 5K 5K 166960K 70 0 pinsyscall 27 54K 96K 166960K 3323 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 161 0 NDP 9 0K 2K 166960K 71 0 temp 76 6816K 6956K 166960K 112411 0 kqueue 12 18K 30K 166960K 394 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 236 0 233 2 1 1 2 0 8 0 rtentry 112 240 0 163 4 0 4 4 0 8 0 unpcb 144 2192 0 2177 10 9 1 6 0 8 0 syncache 336 5 0 5 2 2 0 1 0 8 0 tcpqe 32 2 0 2 1 1 0 1 0 8 0 tcpcb 808 822 0 820 21 14 7 8 0 8 6 arp 88 41 0 23 1 0 1 1 0 8 0 ipq 40 7 0 6 1 0 1 1 0 8 0 ipqe 40 124 0 122 1 0 1 1 0 8 0 inpcb 336 3182 0 3176 36 26 10 13 0 8 8 nd6 104 58 0 43 1 0 1 1 0 8 0 pkpcb 40 10 0 10 2 2 0 1 0 8 0 kcovpl 48 15 0 9 1 0 1 1 0 8 0 ppxss 1072 12 0 12 2 2 0 1 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pfrule 1344 35 0 2 3 0 3 3 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 965 0 636 34 8 26 30 0 8 0 art_table 32 969 0 636 4 0 4 4 0 8 0 art_node 16 235 0 166 1 0 1 1 0 8 0 sysvmsgpl 40 40 0 0 1 0 1 1 0 8 0 semapl 112 106 0 75 1 0 1 1 0 8 0 shmpl 112 67 0 5 2 0 2 2 0 8 0 dirhash 1024 37 0 20 3 0 3 3 0 8 0 dino2pl 256 5308 0 3807 95 0 95 95 0 8 0 ffsino 240 5308 0 3807 89 0 89 89 0 8 0 nchpl 144 8434 0 6742 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 29868 0 29868 4 3 1 2 0 8 1 kstatmem 264 82 0 64 2 0 2 2 0 8 0 scsiplug 72 6 0 6 2 2 0 1 0 8 0 scxspl 216 23885 0 23885 13 12 1 8 1 8 1 plimitpl 152 770 0 753 1 0 1 1 0 8 0 sigapl 424 2459 0 2392 9 1 8 8 0 8 0 futexpl 64 31761 0 31761 1 0 1 1 0 8 1 knotepl 120 522388 0 522342 57 45 12 19 0 8 8 kqueuepl 184 760 0 752 8 6 2 6 0 8 1 pipepl 288 286 0 259 3 0 3 3 0 8 0 fdescpl 432 2416 0 2397 5 1 4 5 0 8 0 filepl 120 18345 0 18147 21 9 12 14 0 8 1 lockfpl 104 809 0 807 2 0 2 2 0 8 1 lockfspl 48 280 0 278 1 0 1 1 0 8 0 sessionpl 144 31 0 24 1 0 1 1 0 8 0 pgrppl 48 76 0 60 1 0 1 1 0 8 0 ucredpl 104 3492 0 3479 1 0 1 1 0 8 0 zombiepl 144 2664 0 2654 2 1 1 1 0 8 0 processpl 1096 2459 0 2392 5 0 5 5 0 8 0 procpl 648 5519 0 5446 9 1 8 8 0 8 1 sosppl 168 11 0 11 2 2 0 1 0 8 0 sockpl 504 5657 0 5634 76 64 12 23 0 8 8 mcl64k 65536 31 0 31 3 2 1 1 0 8 1 mcl16k 16384 4 0 4 2 2 0 1 0 8 0 mcl12k 12288 1 0 1 1 0 1 1 0 8 1 mcl9k 9216 2 0 2 2 2 0 1 0 8 0 mcl8k 8192 101 0 101 4 3 1 1 0 8 1 mcl4k 4096 5497 0 5444 17 9 8 15 0 8 0 mcl2k2 2112 3 0 3 2 2 0 1 0 8 0 mcl2k 2048 2574 0 2563 5 2 3 3 0 8 1 mtagpl 96 226 0 176 2 0 2 2 0 8 0 mbufpl 256 27925 0 27714 99 73 26 79 0 8 8 bufpl 280 8666 0 2419 447 0 447 447 0 8 0 anonpl 24 411678 0 396205 112 18 94 100 0 187 0 amapchunkpl 152 76089 0 75276 66 27 39 39 0 158 7 amappl16 200 9727 0 9300 47 11 36 38 0 8 2 amappl15 192 15 0 15 1 1 0 1 0 8 0 amappl14 184 129 0 120 1 0 1 1 0 8 0 amappl13 176 10 0 10 2 2 0 1 0 8 0 amappl12 168 3104 0 3075 3 1 2 3 0 8 0 amappl11 160 50 0 40 1 0 1 1 0 8 0 amappl10 152 37 0 37 3 3 0 1 0 8 0 amappl9 144 130 0 130 1 1 0 1 0 8 0 amappl8 136 24 0 22 1 0 1 1 0 8 0 amappl7 128 110 0 101 1 0 1 1 0 8 0 amappl6 120 219 0 216 1 0 1 1 0 8 0 amappl5 112 165 0 155 1 0 1 1 0 8 0 amappl4 104 347 0 332 1 0 1 1 0 8 0 amappl3 96 12969 0 12874 3 0 3 3 0 8 0 amappl2 88 2723 0 2648 2 0 2 2 0 8 0 amappl1 80 13872 0 13423 13 1 12 13 0 8 0 amappl 88 20726 0 20553 5 0 5 5 0 92 0 dma65536 65536 65 0 65 1 1 0 1 0 8 0 dma8192 8192 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 1 1 1 0 8 1 dma128 128 258 0 258 3 3 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 69 0 5 2 0 2 2 0 8 0 uaddrrnd 24 2416 0 2388 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2416 0 2388 1 0 1 1 0 8 0 vmmpekpl 168 18200 0 18158 3 0 3 3 0 8 0 vmmpepl 168 155202 0 153136 123 15 108 113 0 357 3 vmsppl 352 2415 0 2387 4 1 3 4 0 8 0 rwobjpl 24 46821 0 39651 46 0 46 46 0 8 2 pdppl 4096 4838 0 4774 150 86 64 82 0 8 0 pvpl 32 1068989 0 1051310 322 52 270 270 0 265 60 pmappl 216 2415 0 2387 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 654 0 299 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b259a) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83068fa3,ffffffff82fb7555,4e0,ffffffff830bb00e) at __assert+0x29 uvm_pageunwire(fffffd8006b89200) at uvm_pageunwire+0x1dd sys/uvm/uvm_page.c:1248 uvm_fault_unwire_locked(fffffd8077a376e8,98bead3e000,98beaf3d000) at uvm_fault_unwire_locked+0x33e sys/uvm/uvm_fault.c:1695 uvm_unmap_kill_entry_withlock(fffffd8077a376e8,fffffd8075eeadc8,0) at uvm_unmap_kill_entry_withlock+0x81 sys/uvm/uvm_map.c:1861 uvm_map_teardown(fffffd8077a376e8) at uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2498 uvmspace_free(fffffd8077a376e8) at uvmspace_free+0xbd sys/uvm/uvm_map.c:3422 reaper(ffff80002a457be0) at reaper+0x225 sys/kern/kern_exit.c:478 end trace frame: 0x0, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b259a) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83068fa3,ffffffff82fb7555,4e0,ffffffff830bb00e) at __assert+0x29 uvm_pageunwire(fffffd8006b89200) at uvm_pageunwire+0x1dd sys/uvm/uvm_page.c:1248 uvm_fault_unwire_locked(fffffd8077a376e8,98bead3e000,98beaf3d000) at uvm_fault_unwire_locked+0x33e sys/uvm/uvm_fault.c:1695 uvm_unmap_kill_entry_withlock(fffffd8077a376e8,fffffd8075eeadc8,0) at uvm_unmap_kill_entry_withlock+0x81 sys/uvm/uvm_map.c:1861 uvm_map_teardown(fffffd8077a376e8) at uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2498 uvmspace_free(fffffd8077a376e8) at uvmspace_free+0xbd sys/uvm/uvm_map.c:3422 reaper(ffff80002a457be0) at reaper+0x225 sys/kern/kern_exit.c:478 end trace frame: 0x0, count: -9