panic: kernel diagnostic assertion "uvm_page_owner_locked_p(pg)" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 1269 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *156631 94467 0 0x14000 0x200 0 reaper db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8258015e) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f218a,ffffffff825a697d,4f5,ffffffff825a69b0) at __assert+0x25 sys/kern/subr_prf.c:157 uvm_pageunwire(fffffd8005f8c080) at uvm_pageunwire+0x16b sys/uvm/uvm_page.c:1269 uvm_fault_unwire_locked(fffffd8075160cd0,3ff74cfd000,3ff74cfe000) at uvm_fault_unwire_locked+0x236 sys/uvm/uvm_fault.c:1683 uvm_unmap_kill_entry_withlock(fffffd8075160cd0,fffffd807a8b7c10,0) at uvm_unmap_kill_entry_withlock+0x62 sys/uvm/uvm_map.c:1924 uvm_map_teardown(fffffd8075160cd0) at uvm_map_teardown+0x157 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd8075160cd0) at uvm_map_teardown+0x157 sys/uvm/uvm_map.c:2578 uvmspace_free(fffffd8075160cd0) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3513 reaper(ffff8000ffff9ce8) at reaper+0x15d sys/kern/kern_exit.c:448 end trace frame: 0x0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "uvm_page_owner_locked_p(pg)" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 1269 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8258015e) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f218a,ffffffff825a697d,4f5,ffffffff825a69b0) at __assert+0x25 sys/kern/subr_prf.c:157 uvm_pageunwire(fffffd8005f8c080) at uvm_pageunwire+0x16b sys/uvm/uvm_page.c:1269 uvm_fault_unwire_locked(fffffd8075160cd0,3ff74cfd000,3ff74cfe000) at uvm_fault_unwire_locked+0x236 sys/uvm/uvm_fault.c:1683 uvm_unmap_kill_entry_withlock(fffffd8075160cd0,fffffd807a8b7c10,0) at uvm_unmap_kill_entry_withlock+0x62 sys/uvm/uvm_map.c:1924 uvm_map_teardown(fffffd8075160cd0) at uvm_map_teardown+0x157 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd8075160cd0) at uvm_map_teardown+0x157 sys/uvm/uvm_map.c:2578 uvmspace_free(fffffd8075160cd0) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3513 reaper(ffff8000ffff9ce8) at reaper+0x15d sys/kern/kern_exit.c:448 end trace frame: 0x0, count: -9 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000216c01f0 rbx 0xfffffd8005f8c080 rdx 0 rcx 0 rax 0xffff8000ffff9ce8 r8 0x101010101010101 r9 0x8080808080808080 r10 0xc3953810f9c16516 r11 0xc7c4b5caa17f3b0b r12 0 r13 0xffff8000216c0318 r14 0 r15 0x1 rip 0xffffffff82162de8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000216c01e0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (reaper) pid=156631 stat=onproc flags process=14000 proc=200 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000fffffce0,0xffff8000ffff9a58 process=0xffff8000ffffa7e8 user=0xffff8000216bb000, vmspace=0xffffffff82ad2d40 estcpu=36, cpticks=31, pctcpu=19.30 user=0, sys=3, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 6544 196760 1 0 2 0x480 syz-executor.4 6544 44989 1 0 3 0x4000080 fsleep syz-executor.4 6544 118045 1 0 3 0x4000080 fsleep syz-executor.4 87888 199725 1 0 3 0x100083 ttyopn getty 2845 401681 0 0 3 0x14200 acct acct 8338 150671 0 0 3 0x14280 nfsidl nfsio 28134 403896 0 0 3 0x14280 nfsidl nfsio 71074 463308 0 0 3 0x14280 nfsidl nfsio 88268 170789 0 0 3 0x14280 nfsidl nfsio 29274 456898 0 0 3 0x14280 nfsidl nfsio 43917 163644 0 0 3 0x14280 nfsidl nfsio 6203 347764 0 0 3 0x14280 nfsidl nfsio 79002 321189 0 0 3 0x14280 nfsidl nfsio 82104 507261 0 0 3 0x14280 nfsidl nfsio 27215 15278 0 0 3 0x14280 nfsidl nfsio 59826 283973 0 0 3 0x14280 nfsidl nfsio 4015 408008 0 0 3 0x14280 nfsidl nfsio 87772 355788 0 0 3 0x14280 nfsidl nfsio 26864 389365 0 0 3 0x14280 nfsidl nfsio 97612 331483 0 0 3 0x14280 nfsidl nfsio 27198 222092 0 0 3 0x14280 nfsidl nfsio 48863 295813 0 0 3 0x14280 nfsidl nfsio 39461 489129 0 0 3 0x14280 nfsidl nfsio 61123 509992 0 0 3 0x14280 nfsidl nfsio 77398 392197 0 0 3 0x14280 nfsidl nfsio 22136 319423 0 0 3 0x14200 bored sosplice 11095 362528 1436 0 3 0x82 thrsleep syz-fuzzer 11095 270571 1436 0 2 0x4000482 syz-fuzzer 11095 510050 1436 0 3 0x4000082 thrsleep syz-fuzzer 11095 426452 1436 0 3 0x4000082 wait syz-fuzzer 11095 472926 1436 0 3 0x4000082 wait syz-fuzzer 11095 171180 1436 0 3 0x4000082 wait syz-fuzzer 11095 426067 1436 0 3 0x4000082 wait syz-fuzzer 11095 43797 1436 0 3 0x4000082 thrsleep syz-fuzzer 11095 400499 1436 0 3 0x4000082 wait syz-fuzzer 11095 476858 1436 0 3 0x4000082 wait syz-fuzzer 11095 226364 1436 0 3 0x4000082 wait syz-fuzzer 11095 516203 1436 0 3 0x4000082 kqread syz-fuzzer 11095 243378 1436 0 3 0x4000082 thrsleep syz-fuzzer 11095 27615 1436 0 3 0x4000082 wait syz-fuzzer 11095 114491 1436 0 3 0x4000082 thrsleep syz-fuzzer 1436 187879 34226 0 3 0x10008a sigsusp ksh 34226 437666 29457 0 3 0x9a kqread sshd 29457 397731 1 0 3 0x88 kqread sshd 22867 23322 44722 73 2 0x1100010 syslogd 44722 400337 1 0 3 0x100082 netio syslogd 95344 472644 1 0 3 0x100080 kqread resolvd 52307 483901 0 0 3 0x14200 bored smr 64146 253892 0 0 2 0x14200 zerothread 99221 169153 0 0 3 0x14200 aiodoned aiodoned 21758 219292 0 0 3 0x14200 syncer update 92740 200393 0 0 3 0x14200 cleaner cleaner *94467 156631 0 0 7 0x14200 reaper 33290 192333 0 0 3 0x14200 pgdaemon pagedaemon 44176 484096 0 0 3 0x14200 bored viomb 13639 104754 0 0 3 0x40014200 acpi0 acpi0 92079 447585 0 0 3 0x14200 bored softnet 10136 159057 0 0 3 0x14200 bored softnet 827 250293 0 0 3 0x14200 bored softnet 19853 417852 0 0 3 0x14200 bored softnet 5623 123189 0 0 3 0x14200 bored systqmp 54781 25252 0 0 3 0x14200 bored systq 11844 92812 0 0 2 0x40014200 softclock 12611 202204 0 0 3 0x40014200 idle0 1 464404 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10206 6426K 6734K 78643K 19614 0 pcb 13 18K 23K 78643K 2772 0 rtable 179 9K 11K 78643K 4350 0 ifaddr 393 101K 104K 78643K 1884 0 sysctl 3 1K 5K 78643K 12 0 counters 25 17K 17K 78643K 680 0 ioctlops 0 0K 4K 78643K 4103 0 iov 0 0K 28K 78643K 18305 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1595 100K 100K 78643K 13159 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 146 0 VM map 2 0K 0K 78643K 2 0 sem 14 10K 20K 78643K 383 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 7 21K 73K 78643K 14641 0 sigio 0 0K 0K 78643K 1461 0 proc 62 43K 75K 78643K 2971 0 subproc 65 4K 8K 78643K 1080 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 674 0 in_multi 70 4K 6K 78643K 1261 0 ether_multi 1 0K 0K 78643K 93 0 mrt 1 0K 0K 78643K 116 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 259 1155K 1155K 78643K 259 0 exec 0 0K 1K 78643K 3439 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 590 1597K 1597K 78643K 100288 0 UVM aobj 131 4K 4K 78643K 153 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 700 0 NDP 9 0K 1K 78643K 496 0 temp 116 4685K 70221K 78643K 235149 0 kqueue 6 10K 26K 78643K 1220 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1549 0 1548 19 18 1 3 0 8 0 rtentry 112 1402 0 1330 5 2 3 4 0 8 0 unpcb 144 16582 0 16576 174 173 1 10 0 8 0 syncache 296 89 0 89 26 26 0 1 0 8 0 tcpqe 32 104 0 104 13 13 0 1 0 8 0 tcpcb 776 5636 0 5632 239 231 8 14 0 8 7 arp 88 173 0 161 1 0 1 1 0 8 0 ipq 40 2 0 2 2 2 0 1 0 8 0 ipqe 40 40 0 40 2 2 0 1 0 8 0 inpcb 336 15392 0 15388 342 337 5 17 0 8 4 nd6 48 270 0 254 1 0 1 1 0 8 0 pkpcb 40 6 0 6 2 2 0 1 0 8 0 kcovpl 48 80 0 75 1 0 1 1 0 8 0 mppekey 1024 45 0 45 5 5 0 1 0 8 0 ppxss 1160 430 0 430 32 32 0 1 0 8 0 pppxif 1352 297 0 297 20 20 0 1 0 8 0 pfstscr 40 2068 0 1775 3 0 3 3 0 8 0 pfosfp 40 11 0 9 1 0 1 1 0 8 0 pfosfpen 112 11 0 5 1 0 1 1 0 8 0 pfanchor 1280 966 53 454 51 8 43 43 0 8 0 pfqueue 264 13 0 13 4 4 0 1 0 8 0 pfstitem 24 1460 0 914 4 0 4 4 0 8 0 pfstkey 128 2788 0 2661 6 1 5 5 0 8 0 pfstate 352 1403 0 1126 26 0 26 26 0 8 0 rttmr 136 26 0 26 7 7 0 1 0 8 0 art_heap8 4096 9 0 8 8 7 1 3 0 8 0 art_heap4 256 5800 0 5435 61 34 27 30 0 8 0 art_table 32 5809 0 5443 4 0 4 4 0 8 0 art_node 16 1329 0 1267 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 374 0 362 1 0 1 1 0 8 0 shmpl 112 150 0 22 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 21885 0 20398 94 0 94 94 0 8 0 ffsino 240 21885 0 20398 88 0 88 88 0 8 0 nchpl 144 40909 0 39271 63 1 62 63 0 8 0 rtmask 32 13 0 13 4 4 0 1 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 171038 0 171038 6 5 1 2 0 8 1 vcpupl 2048 321 0 0 41 0 41 41 0 8 0 vmpool 536 418 0 97 24 2 22 22 0 8 0 kstatmem 264 632 0 614 2 0 2 2 0 8 0 scsiplug 72 17 0 17 7 7 0 1 0 8 0 scxspl 216 111816 0 111816 31 30 1 8 0 8 1 plimitpl 152 2320 0 2305 1 0 1 1 0 8 0 sigapl 424 14910 0 14848 10 2 8 8 0 8 0 futexpl 64 157980 0 157978 2 1 1 1 0 8 0 knotepl 120 233404 0 233354 122 118 4 12 0 8 0 kqueuepl 184 3246 0 3241 43 42 1 7 0 8 0 pipepl 288 4783 0 4762 116 113 3 7 0 8 0 fdescpl 432 14772 0 14757 5 2 3 4 0 8 0 filepl 120 134064 0 133911 225 216 9 19 0 8 0 lockfpl 104 3580 0 3579 5 4 1 2 0 8 0 lockfspl 48 1231 0 1230 1 0 1 1 0 8 0 sessionpl 144 99 0 84 1 0 1 1 0 8 0 pgrppl 48 255 0 240 1 0 1 1 0 8 0 ucredpl 104 15785 0 15778 1 0 1 1 0 8 0 zombiepl 144 14861 0 14848 1 0 1 1 0 8 0 processpl 1008 14910 0 14848 13 4 9 9 0 8 0 procpl 672 39393 0 39312 28 19 9 9 0 8 0 sosppl 168 146 0 146 26 26 0 1 0 8 0 sockpl 456 33641 0 33630 1004 998 6 32 0 8 4 mcl64k 65536 709 0 709 57 57 0 1 0 8 0 mcl16k 16384 310 0 310 52 52 0 1 0 8 0 mcl12k 12288 610 0 610 49 49 0 1 0 8 0 mcl9k 9216 164 0 164 51 51 0 1 0 8 0 mcl8k 8192 919 0 919 44 44 0 1 0 8 0 mcl4k 4096 1952 0 1952 16 16 0 1 0 8 0 mcl2k2 2112 142 0 142 57 57 0 1 0 8 0 mcl2k 2048 108722 0 108681 81 75 6 27 0 8 0 mtagpl 96 530 0 530 14 14 0 10 0 8 0 mbufpl 256 332663 0 332612 1370 1363 7 276 0 8 0 bufpl 288 27803 0 21401 458 0 458 458 0 8 0 anonpl 24 13246902 0 13217136 1011 821 190 267 0 188 0 amapchunkpl 152 329693 0 328349 197 145 52 55 0 158 0 amappl16 200 630170 0 629260 2553 2493 60 98 0 8 0 amappl15 192 14 0 14 5 5 0 1 0 8 0 amappl14 184 436 0 423 2 1 1 2 0 8 0 amappl13 176 15 0 14 1 0 1 1 0 8 0 amappl12 168 1274 0 1269 1 0 1 1 0 8 0 amappl11 160 46 0 42 1 0 1 1 0 8 0 amappl10 152 117 0 106 1 0 1 1 0 8 0 amappl9 144 1022 0 1022 23 23 0 1 0 8 0 amappl8 136 674 0 567 4 0 4 4 0 8 0 amappl7 128 338 0 316 2 0 2 2 0 8 0 amappl6 120 602 0 586 1 0 1 1 0 8 0 amappl5 112 639 0 636 1 0 1 1 0 8 0 amappl4 104 1566 0 1539 2 1 1 2 0 8 0 amappl3 96 42600 0 42553 2 0 2 2 0 8 0 amappl2 88 16162 0 16107 3 1 2 3 0 8 0 amappl1 80 336027 0 335414 25 11 14 22 0 8 0 amappl 88 98456 0 98179 10 3 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 152 0 22 3 0 3 3 0 8 0 uaddrrnd 24 15190 0 14846 4 1 3 3 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 15190 0 14846 4 1 3 3 0 8 0 vmmpekpl 168 115499 0 115407 5 0 5 5 0 8 0 vmmpepl 168 1977749 0 1974451 754 593 161 198 0 357 0 vmsppl 272 15189 0 14845 27 3 24 24 0 8 0 rwobjpl 24 963133 0 955079 64 11 53 55 0 8 0 pdppl 4096 30386 0 30011 1309 934 375 379 0 8 0 pvpl 32 16295133 0 16270808 1177 914 263 359 0 265 0 pmappl 216 15189 0 14845 20 0 20 20 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 4181 0 3047 40 6 34 37 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8258015e) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f218a,ffffffff825a697d,4f5,ffffffff825a69b0) at __assert+0x25 sys/kern/subr_prf.c:157 uvm_pageunwire(fffffd8005f8c080) at uvm_pageunwire+0x16b sys/uvm/uvm_page.c:1269 uvm_fault_unwire_locked(fffffd8075160cd0,3ff74cfd000,3ff74cfe000) at uvm_fault_unwire_locked+0x236 sys/uvm/uvm_fault.c:1683 uvm_unmap_kill_entry_withlock(fffffd8075160cd0,fffffd807a8b7c10,0) at uvm_unmap_kill_entry_withlock+0x62 sys/uvm/uvm_map.c:1924 uvm_map_teardown(fffffd8075160cd0) at uvm_map_teardown+0x157 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd8075160cd0) at uvm_map_teardown+0x157 sys/uvm/uvm_map.c:2578 uvmspace_free(fffffd8075160cd0) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3513 reaper(ffff8000ffff9ce8) at reaper+0x15d sys/kern/kern_exit.c:448 end trace frame: 0x0, count: -9 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8258015e) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f218a,ffffffff825a697d,4f5,ffffffff825a69b0) at __assert+0x25 sys/kern/subr_prf.c:157 uvm_pageunwire(fffffd8005f8c080) at uvm_pageunwire+0x16b sys/uvm/uvm_page.c:1269 uvm_fault_unwire_locked(fffffd8075160cd0,3ff74cfd000,3ff74cfe000) at uvm_fault_unwire_locked+0x236 sys/uvm/uvm_fault.c:1683 uvm_unmap_kill_entry_withlock(fffffd8075160cd0,fffffd807a8b7c10,0) at uvm_unmap_kill_entry_withlock+0x62 sys/uvm/uvm_map.c:1924 uvm_map_teardown(fffffd8075160cd0) at uvm_map_teardown+0x157 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd8075160cd0) at uvm_map_teardown+0x157 sys/uvm/uvm_map.c:2578 uvmspace_free(fffffd8075160cd0) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3513 reaper(ffff8000ffff9ce8) at reaper+0x15d sys/kern/kern_exit.c:448 end trace frame: 0x0, count: -9