panic: uvm_fault_unwire_locked: address not in map Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *471678 8209 32767 0x10 0x4000000 1K syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830bbae4) at panic+0x1e5 sys/kern/subr_prf.c:198 uvm_fault_unwire_locked(fffffd806befe540,20000000,20010000) at uvm_fault_unwire_locked+0x487 sys/uvm/uvm_fault.c:1663 uvm_fault_unwire(fffffd806befe540,20000000,20010000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1623 sysctl_vsunlock(20000080,fec1) at sysctl_vsunlock+0x7b sys/kern/kern_sysctl.c:204 net_sysctl(ffff80003702f064,3,20000080,ffff80003702f098,0,d1ef4960be19f686,13850ae76754483c) at net_sysctl+0x69a sys/kern/uipc_domain.c:251 sys_sysctl(ffff800036fb99c8,ffff80003702f1d0,ffff80003702f120) at sys_sysctl+0x422 syscall(ffff80003702f1d0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80003702f1d0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf7fb8098a10, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: uvm_fault_unwire_locked: address not in map ddb{1}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830bbae4) at panic+0x1e5 sys/kern/subr_prf.c:198 uvm_fault_unwire_locked(fffffd806befe540,20000000,20010000) at uvm_fault_unwire_locked+0x487 sys/uvm/uvm_fault.c:1663 uvm_fault_unwire(fffffd806befe540,20000000,20010000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1623 sysctl_vsunlock(20000080,fec1) at sysctl_vsunlock+0x7b sys/kern/kern_sysctl.c:204 net_sysctl(ffff80003702f064,3,20000080,ffff80003702f098,0,d1ef4960be19f686,13850ae76754483c) at net_sysctl+0x69a sys/kern/uipc_domain.c:251 sys_sysctl(ffff800036fb99c8,ffff80003702f1d0,ffff80003702f120) at sys_sysctl+0x422 syscall(ffff80003702f1d0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80003702f1d0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf7fb8098a10, count: -9 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff80003702ede0 rbx 0xffff800029b7cdcf rdx 0 rcx 0xffff800036fb99c8 rax 0xffff800029b7bff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x6af7676565325e2d r11 0xcf9cba9ab66511e8 r12 0xffff800029b7cbd0 r13 0 r14 0 r15 0x1 rip 0xffffffff822b4aa5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003702edd0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor) tid=471678 pid=8209 tcnt=3 stat=onproc flags process=10 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800036fb9c50,0xffffffff835b6d38 process=0xffff800036fa7b08 user=0xffff80003702a000, vmspace=0xfffffd806befe540 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 8209 221750 49201 32767 3 0x90 nanoslp syz-executor 8209 31090 49201 32767 3 0x4000090 fsleep syz-executor * 8209 471678 49201 32767 7 0x4000010 syz-executor 85182 347292 50406 32767 3 0x90 wait syz-executor 50406 47049 44088 0 3 0x82 wait syz-executor 16492 423755 96098 32767 3 0x90 wait syz-executor 96098 300471 44088 0 3 0x82 wait syz-executor 27312 360488 24047 32767 3 0x90 nanoslp syz-executor 24047 356903 44088 0 3 0x82 wait syz-executor 84450 233865 94020 32767 3 0x90 nanoslp syz-executor 94020 98416 44088 0 3 0x82 wait syz-executor 23330 277587 99414 32767 3 0x90 nanoslp syz-executor 99414 111187 44088 0 3 0x82 wait syz-executor 49201 262194 48265 32767 3 0x90 nanoslp syz-executor 48265 112584 44088 0 3 0x82 wait syz-executor 18969 284450 52213 32767 3 0x90 nanoslp syz-executor 52213 408060 44088 0 3 0x82 wait syz-executor 64287 227632 9222 32767 3 0x90 wait syz-executor 9222 508069 44088 0 3 0x82 wait syz-executor 48614 151342 0 0 3 0x14200 bored sosplice 44088 16933 13827 0 3 0x82 kqread syz-executor 13827 162218 48276 0 3 0x10008a sigsusp ksh 48276 173882 93569 0 3 0x98 kqread sshd-session 93569 518813 75002 0 3 0x92 kqread sshd-session 49967 379978 1 0 3 0x100083 ttyin getty 75002 38416 1 0 3 0x88 kqread sshd 4163 319646 2987 73 3 0x1100090 kqread syslogd 2987 460111 1 0 3 0x100082 sbwait syslogd 59272 143970 1 0 3 0x100080 kqread resolvd 4069 316916 58892 77 3 0x100092 kqread dhcpleased 96848 138785 58892 77 3 0x100092 kqread dhcpleased 58892 238031 1 0 3 0x80 kqread dhcpleased 6547 385827 0 0 3 0x14200 bored smr 91451 295475 0 0 3 0x14200 pgzero zerothread 98875 403832 0 0 3 0x14200 aiodoned aiodoned 68274 143003 0 0 3 0x14200 syncer update 41957 214964 0 0 3 0x14200 cleaner cleaner 72069 56178 0 0 3 0x14200 reaper reaper 55069 195349 0 0 3 0x14200 pgdaemon pagedaemon 40767 169947 0 0 3 0x14200 bored viomb 84260 59863 0 0 3 0x40014200 acpi0 acpi0 51479 153254 0 0 3 0x40014200 idle1 63533 440489 0 0 3 0x14200 bored softnet3 32302 47488 0 0 3 0x14200 bored softnet2 87887 148078 0 0 3 0x14200 bored softnet1 51544 102400 0 0 3 0x14200 bored softnet0 60833 293557 0 0 3 0x14200 bored systqmp 87031 470982 0 0 3 0x14200 bored systq 4191 247684 0 0 3 0x14200 tmoslp softclockmp 49965 54434 0 0 3 0x40014200 tmoslp softclock 1115 295286 0 0 7 0x40014200 idle0 1 356859 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 8209 (syz-executor) thread 0xffff800036fb99c8 (471678) shared rwlock vmmaplk r = 0 (0xfffffd806befe630) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 uvm_fault_unwire+0x3e sys/uvm/uvm_fault.c:1622 #2 sysctl_vsunlock+0x7b sys/kern/kern_sysctl.c:204 #3 net_sysctl+0x69a sys/kern/uipc_domain.c:251 #4 sys_sysctl+0x422 #5 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #5 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #6 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83582c48) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 sysctl_vslock+0x80 sys/kern/kern_sysctl.c:181 #2 net_sysctl+0x5a1 sys/kern/uipc_domain.c:245 #3 sys_sysctl+0x422 #4 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #4 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #5 Xsyscall+0x128 exclusive rwlock sysctllk r = 0 (0xffffffff834344e0) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 sysctl_vslock+0x45 sys/kern/kern_sysctl.c:176 #3 net_sysctl+0x5a1 sys/kern/uipc_domain.c:245 #4 sys_sysctl+0x422 #5 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #5 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #6 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10226 14125K 14131K 166960K 12281 0 pcb 17 18K 20K 166960K 23 0 rtable 242 6K 7K 166960K 10750 0 pf 31 16K 16K 166960K 693 0 ifaddr 42 11K 11K 166960K 1351 0 ifgroup 50 2K 2K 166960K 1362 0 sysctl 4 1K 4K 166960K 8 0 counters 64 36K 36K 166960K 714 0 ioctlops 0 0K 2K 166960K 609 0 iov 0 0K 24K 166960K 863 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1456 92K 92K 166960K 7988 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 144 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 321 0 dirhash 15 2K 4K 166960K 246 0 ACPI 1690 195K 286K 166960K 12418 0 file desc 26 97K 157K 166960K 12509 0 sigio 0 0K 0K 166960K 284 0 proc 58 79K 176K 166960K 10413 0 subproc 104 6K 12K 166960K 5330 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 2066 0 in_multi 99 7K 7K 166960K 4057 0 ether_multi 1 0K 0K 166960K 65 0 mrt 1 0K 0K 166960K 5 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 295 1314K 1314K 166960K 295 0 exec 0 0K 1K 166960K 6550 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 295 76K 133K 166960K 97438 0 UVM aobj 131 5K 7K 166960K 152 0 pinsyscall 47 94K 138K 166960K 22321 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 659 0 NDP 11 0K 2K 166960K 999 0 temp 75 6824K 6952K 166960K 104096 0 kqueue 13 20K 34K 166960K 1463 0 SYN cache 2 16K 16K 166960K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 2148 0 2145 16 14 2 3 0 8 1 rtentry 112 3763 0 3649 19 15 4 4 0 8 0 unpcb 144 8130 0 8114 69 67 2 9 0 8 1 syncache 336 159 0 159 27 26 1 1 0 8 1 tcpqe 32 74 0 74 21 20 1 1 0 8 1 tcpcb 808 6022 0 5978 124 114 10 17 0 8 5 arp 120 675 0 656 1 0 1 1 0 8 0 ipq 40 52 0 49 5 4 1 1 0 8 0 ipqe 40 785 0 782 5 4 1 1 0 8 0 inpcb 336 15257 0 15207 133 122 11 20 0 8 6 nd6 136 1075 0 1048 5 3 2 2 0 8 1 kcovpl 48 410 0 402 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 15248 0 14780 206 176 30 31 0 8 0 art_table 32 15249 0 14780 13 9 4 4 0 8 0 art_node 16 3762 0 3658 1 0 1 1 0 8 0 sysvmsgpl 40 24 0 19 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 319 0 309 1 0 1 1 0 8 0 shmpl 112 149 0 21 4 0 4 4 0 8 0 dirhash 1024 180 0 157 5 1 4 4 0 8 1 dino2pl 256 13408 0 10972 153 0 153 153 0 8 0 ffsino 272 13408 0 10972 165 1 164 164 0 8 0 nchpl 144 23477 0 21136 87 0 87 87 0 8 0 uvmvnodes 80 9510 0 0 195 0 195 195 0 8 0 vnodes 216 9510 0 0 529 0 529 529 0 8 0 namei 1024 116175 0 116175 45 44 1 2 0 8 1 percpumem 16 371 0 325 1 0 1 1 0 8 0 kstatmem 264 672 0 650 3 1 2 2 0 8 0 scxspl 216 194962 0 194962 44 40 4 8 1 8 4 plimitpl 152 3765 0 3738 2 0 2 2 0 8 0 sigapl 424 12057 0 12000 19 11 8 9 0 8 1 futexpl 64 107723 0 107722 31 30 1 1 0 8 0 knotepl 120 1129 0 0 17 1 16 17 0 8 0 kqueuepl 216 3277 0 3268 33 28 5 8 0 8 4 pipepl 320 2560 0 2533 30 24 6 8 0 8 2 fdescpl 496 12038 0 12000 17 11 6 8 0 8 1 filepl 152 73701 0 73444 69 53 16 20 0 8 3 lockfpl 104 2449 0 2446 3 2 1 2 0 8 0 lockfspl 48 730 0 727 1 0 1 1 0 8 0 sessionpl 144 426 0 410 1 0 1 1 0 8 0 pgrppl 48 1118 0 1094 1 0 1 1 0 8 0 ucredpl 104 13497 0 13478 1 0 1 1 0 8 0 zombiepl 144 12007 0 12000 1 0 1 1 0 8 0 processpl 1160 12057 0 12000 15 9 6 6 0 8 1 procpl 648 24299 0 24240 17 10 7 7 0 8 0 srpgc 96 21 0 21 8 8 0 1 0 8 0 sosppl 168 131 0 131 20 19 1 1 0 8 1 sockpl 664 25743 0 25675 197 182 15 22 0 8 8 mcl64k 65536 14 0 0 2 0 2 2 0 8 0 mcl16k 16384 4 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 2 0 0 1 0 1 1 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 524 0 0 28 7 21 28 0 8 0 mtagpl 96 15 0 0 1 0 1 1 0 8 0 mbufpl 256 5164 0 0 301 0 301 301 0 8 0 bufpl 280 22013 0 12496 680 0 680 680 0 8 0 anonpl 24 1531623 0 1522715 310 228 82 106 0 185 0 amapchunkpl 152 322645 0 321817 150 103 47 51 0 158 14 amappl16 200 27791 0 27605 236 217 19 33 0 8 2 amappl15 192 10 0 10 3 2 1 1 0 8 1 amappl14 184 924 0 914 1 0 1 1 0 8 0 amappl13 176 21 0 21 9 8 1 1 0 8 1 amappl12 168 17983 0 17944 15 12 3 3 0 8 0 amappl11 160 49 0 39 1 0 1 1 0 8 0 amappl10 152 15 0 15 1 1 0 1 0 8 0 amappl9 144 177 0 177 2 2 0 1 0 8 0 amappl8 136 42 0 40 1 0 1 1 0 8 0 amappl7 128 824 0 813 1 0 1 1 0 8 0 amappl6 120 3402 0 3399 1 0 1 1 0 8 0 amappl5 112 1538 0 1529 1 0 1 1 0 8 0 amappl4 104 1583 0 1567 1 0 1 1 0 8 0 amappl3 96 61643 0 61494 6 1 5 5 0 8 0 amappl2 88 6119 0 6056 5 2 3 3 0 8 0 amappl1 80 84192 0 83659 31 10 21 22 0 8 0 amappl 88 93727 0 93488 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 151 0 21 3 0 3 3 0 8 0 uaddrrnd 24 12038 0 12000 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 12038 0 12000 1 0 1 1 0 8 0 vmmpekpl 168 106218 0 106154 6 1 5 5 0 8 0 vmmpepl 168 785153 0 782895 303 189 114 139 0 357 2 vmsppl 440 12037 0 12000 10 4 6 7 0 8 1 rwobjpl 56 209424 0 198727 177 19 158 159 0 8 0 pdppl 4096 24083 0 24000 1080 993 87 119 0 8 4 pvpl 32 49446 0 0 393 0 393 393 0 265 0 pmappl 248 12037 0 12000 12 9 3 4 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2278 0 1486 24 1 23 23 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffffffff8343aff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83582a40) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff83582a40) at __mp_lock+0x192 sys/kern/kern_lock.c:144 softintr_dispatch(0) at softintr_dispatch+0x5b sys/arch/amd64/amd64/softintr.c:88 Xsoftclock() at Xsoftclock+0x27 acpicpu_idle() at acpicpu_idle+0x41e sys/dev/acpi/acpicpu.c:1219 sched_idle(ffffffff8343aff0) at sched_idle+0x558 sys/kern/kern_sched.c:182 end trace frame: 0x0, count: 7 ddb{0}> trace x86_ipi_db(ffffffff8343aff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff83582a40) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline] __mp_lock(ffffffff83582a40) at __mp_lock+0x192 sys/kern/kern_lock.c:144 softintr_dispatch(0) at softintr_dispatch+0x5b sys/arch/amd64/amd64/softintr.c:88 Xsoftclock() at Xsoftclock+0x27 acpicpu_idle() at acpicpu_idle+0x41e sys/dev/acpi/acpicpu.c:1219 sched_idle(ffffffff8343aff0) at sched_idle+0x558 sys/kern/kern_sched.c:182 end trace frame: 0x0, count: -8 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x25: addq $0x8,%rsp db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830bbae4) at panic+0x1e5 sys/kern/subr_prf.c:198 uvm_fault_unwire_locked(fffffd806befe540,20000000,20010000) at uvm_fault_unwire_locked+0x487 sys/uvm/uvm_fault.c:1663 uvm_fault_unwire(fffffd806befe540,20000000,20010000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1623 sysctl_vsunlock(20000080,fec1) at sysctl_vsunlock+0x7b sys/kern/kern_sysctl.c:204 net_sysctl(ffff80003702f064,3,20000080,ffff80003702f098,0,d1ef4960be19f686,13850ae76754483c) at net_sysctl+0x69a sys/kern/uipc_domain.c:251 sys_sysctl(ffff800036fb99c8,ffff80003702f1d0,ffff80003702f120) at sys_sysctl+0x422 syscall(ffff80003702f1d0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80003702f1d0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf7fb8098a10, count: 6 ddb{1}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830bbae4) at panic+0x1e5 sys/kern/subr_prf.c:198 uvm_fault_unwire_locked(fffffd806befe540,20000000,20010000) at uvm_fault_unwire_locked+0x487 sys/uvm/uvm_fault.c:1663 uvm_fault_unwire(fffffd806befe540,20000000,20010000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1623 sysctl_vsunlock(20000080,fec1) at sysctl_vsunlock+0x7b sys/kern/kern_sysctl.c:204 net_sysctl(ffff80003702f064,3,20000080,ffff80003702f098,0,d1ef4960be19f686,13850ae76754483c) at net_sysctl+0x69a sys/kern/uipc_domain.c:251 sys_sysctl(ffff800036fb99c8,ffff80003702f1d0,ffff80003702f120) at sys_sysctl+0x422 syscall(ffff80003702f1d0) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff80003702f1d0) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xf7fb8098a10, count: -9