panic: uvm_fault_unwire_locked: address not in map Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *185751 7894 32767 0x10 0x4000000 0 syz-executor 89420 14925 32767 0x10 0 1 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b7b9c) at panic+0x1e5 sys/kern/subr_prf.c:198 uvm_fault_unwire_locked(fffffd8069ecfa60,20000000,20001000) at uvm_fault_unwire_locked+0x487 sys/uvm/uvm_fault.c:1663 uvm_fault_unwire(fffffd8069ecfa60,20000000,20001000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1623 kern_sysctl(ffff8000371e0e24,3,20000100,ffff8000371e0e58,0,2e,ccb91fe78bd9b0be) at kern_sysctl+0x38e sysctl_vsunlock sys/kern/kern_sysctl.c:204 [inline] kern_sysctl(ffff8000371e0e24,3,20000100,ffff8000371e0e58,0,2e,ccb91fe78bd9b0be) at kern_sysctl+0x38e sys/kern/kern_sysctl.c:502 sys_sysctl(ffff800037213980,ffff8000371e0f90,ffff8000371e0ee0) at sys_sysctl+0x422 syscall(ffff8000371e0f90) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371e0f90) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x534cd4271d0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault_unwire_locked: address not in map ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b7b9c) at panic+0x1e5 sys/kern/subr_prf.c:198 uvm_fault_unwire_locked(fffffd8069ecfa60,20000000,20001000) at uvm_fault_unwire_locked+0x487 sys/uvm/uvm_fault.c:1663 uvm_fault_unwire(fffffd8069ecfa60,20000000,20001000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1623 kern_sysctl(ffff8000371e0e24,3,20000100,ffff8000371e0e58,0,2e,ccb91fe78bd9b0be) at kern_sysctl+0x38e sysctl_vsunlock sys/kern/kern_sysctl.c:204 [inline] kern_sysctl(ffff8000371e0e24,3,20000100,ffff8000371e0e58,0,2e,ccb91fe78bd9b0be) at kern_sysctl+0x38e sys/kern/kern_sysctl.c:502 sys_sysctl(ffff800037213980,ffff8000371e0f90,ffff8000371e0ee0) at sys_sysctl+0x422 syscall(ffff8000371e0f90) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371e0f90) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x534cd4271d0, count: -8 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff8000371e0ad0 rbx 0xffffffff83469d87 cpu_info_full_primary+0x2d87 rdx 0 rcx 0xffff800037213980 rax 0xffffffff83468ff0 cpu_info_full_primary+0x1ff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x623b967c65687585 r11 0x7ce2d332ce4e3fc3 r12 0xffffffff83469b88 cpu_info_full_primary+0x2b88 r13 0 r14 0 r15 0x1 rip 0xffffffff82330ee5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff8000371e0ac0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=185751 pid=7894 tcnt=4 stat=onproc flags process=10 proc=4000000 runpri=36, usrpri=50, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff800037212540,0xffff800037213708 process=0xffff800029fe9fc0 user=0xffff8000371dc000, vmspace=0xfffffd8069ecfa60 estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 7894 499756 26346 32767 2 0x10 syz-executor * 7894 185751 26346 32767 7 0x4000010 syz-executor 7894 199385 26346 32767 2 0x4000010 syz-executor 7894 443446 26346 32767 2 0x4000010 syz-executor 7170 268506 19100 32767 3 0x90 nanoslp syz-executor 7170 489144 19100 32767 3 0x4000090 sbwait syz-executor 7170 453047 19100 32767 3 0x4000090 fsleep syz-executor 7170 117079 19100 32767 3 0x4000090 fsleep syz-executor 49119 324966 12372 32767 3 0x90 nanoslp syz-executor 49119 504728 12372 32767 3 0x4000090 kqread syz-executor 49119 41694 12372 32767 3 0x4000090 fsleep syz-executor 97975 319629 14925 32767 2 0x490 syz-executor 97975 150719 14925 32767 3 0x4000090 piperd syz-executor 97975 88961 14925 32767 3 0x4000090 fsleep syz-executor 12372 522404 85029 32767 3 0x90 nanoslp syz-executor 85029 340810 32738 0 3 0x82 wait syz-executor 26346 22756 24666 32767 3 0x90 nanoslp syz-executor 24666 153033 32738 0 3 0x82 wait syz-executor 22867 435167 29719 32767 3 0x90 nanoslp syz-executor 29719 363380 32738 0 3 0x82 wait syz-executor 21192 16745 49714 32767 2 0x10 syz-executor 49714 280159 32738 0 3 0x82 wait syz-executor 14925 89420 27922 32767 7 0x10 syz-executor 27922 233618 32738 0 3 0x82 wait syz-executor 23309 268962 99026 32767 2 0x490 syz-executor 99026 160453 32738 0 3 0x82 wait syz-executor 19100 351838 68759 32767 3 0x90 nanoslp syz-executor 68759 371177 32738 0 3 0x82 wait syz-executor 89861 211506 59757 32767 2 0x490 syz-executor 59757 397600 32738 0 3 0x82 wait syz-executor 57763 158189 29626 0 3 0x100082 sbwait ndp 29626 282236 67533 0 3 0x10008a sigsusp sh 67533 478965 1 0 3 0x80 wait syz-executor 62626 414499 0 0 3 0x14200 bored sosplice 32738 374832 29588 0 3 0x82 kqread syz-executor 29588 31148 76653 0 3 0x10008a sigsusp ksh 76653 482136 48795 0 3 0x98 kqread sshd-session 48795 99204 41991 0 3 0x92 kqread sshd-session 27250 504940 1 0 3 0x100083 ttyin getty 41991 177503 1 0 3 0x88 kqread sshd 62354 473268 50279 73 3 0x1100090 kqread syslogd 50279 42331 1 0 3 0x100082 sbwait syslogd 8539 450638 1 0 3 0x100080 kqread resolvd 42896 398696 33668 77 3 0x100092 kqread dhcpleased 43624 66642 33668 77 3 0x100092 kqread dhcpleased 33668 432374 1 0 3 0x80 kqread dhcpleased 2538 467583 0 0 3 0x14200 bored smr 60360 260399 0 0 3 0x14200 pgzero zerothread 29731 145851 0 0 3 0x14200 aiodoned aiodoned 58407 168402 0 0 3 0x14200 syncer update 47931 115881 0 0 3 0x14200 cleaner cleaner 99629 145176 0 0 3 0x14200 reaper reaper 69789 170309 0 0 3 0x14200 pgdaemon pagedaemon 60730 247355 0 0 3 0x14200 bored viomb 98592 438629 0 0 3 0x40014200 acpi0 acpi0 20919 305795 0 0 3 0x40014200 idle1 64275 145707 0 0 3 0x14200 bored softnet3 29228 178261 0 0 3 0x14200 bored softnet2 57794 234969 0 0 3 0x14200 bored softnet1 46778 164512 0 0 3 0x14200 bored softnet0 60600 247681 0 0 3 0x14200 bored systqmp 75335 468583 0 0 3 0x14200 bored systq 48044 225928 0 0 3 0x14200 tmoslp softclockmp 25207 395472 0 0 2 0x40014200 softclock 37951 327869 0 0 3 0x40014200 idle0 1 310649 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 7894 (syz-executor) thread 0xffff800037213980 (185751) shared rwlock vmmaplk r = 0 (0xfffffd8069ecfb50) #0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 uvm_fault_unwire+0x3e sys/uvm/uvm_fault.c:1622 #3 kern_sysctl+0x38e sysctl_vsunlock sys/kern/kern_sysctl.c:204 [inline] #3 kern_sysctl+0x38e sys/kern/kern_sysctl.c:502 #4 sys_sysctl+0x422 #5 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #5 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #6 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff835a9898) #0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151 #1 __mp_acquire_count+0x58 #2 mi_switch+0x658 sys/kern/sched_bsd.c:460 #3 sleep_finish+0x219 sys/kern/kern_synch.c:416 #4 rw_enter+0x348 sys/kern/kern_rwlock.c:285 #5 uvm_fault_unwire+0x3e sys/uvm/uvm_fault.c:1622 #6 kern_sysctl+0x38e sysctl_vsunlock sys/kern/kern_sysctl.c:204 [inline] #6 kern_sysctl+0x38e sys/kern/kern_sysctl.c:502 #7 sys_sysctl+0x422 #8 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #8 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #9 Xsyscall+0x128 exclusive rwlock sysctllk r = 0 (0xffffffff8349c950) #0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 sysctl_vslock+0x45 sys/kern/kern_sysctl.c:176 #3 kern_sysctl+0x1b3 sys/kern/kern_sysctl.c:498 #4 sys_sysctl+0x422 #5 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #5 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #6 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10244 14127K 14131K 166960K 13871 0 pcb 17 20K 22K 166960K 25 0 rtable 244 6K 7K 166960K 30979 0 pf 31 16K 16K 166960K 1740 0 ifaddr 42 15K 17K 166960K 3446 0 ifgroup 50 2K 2K 166960K 3457 0 sysctl 4 1K 5K 166960K 23 0 counters 64 36K 36K 166960K 1762 0 ioctlops 0 0K 2K 166960K 2117 0 iov 0 0K 36K 166960K 5338 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1478 93K 93K 166960K 24988 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 13K 166960K 1080 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 2205 0 dirhash 18 3K 4K 166960K 1803 0 ACPI 1690 195K 286K 166960K 12418 0 file desc 29 109K 169K 166960K 61236 0 sigio 1 0K 0K 166960K 2356 0 proc 58 79K 176K 166960K 29935 0 subproc 117 7K 13K 166960K 13403 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 15235 0 in_multi 99 7K 8K 166960K 11949 0 ether_multi 1 0K 0K 166960K 461 0 mrt 1 0K 0K 166960K 13 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 403 1791K 1791K 166960K 403 0 exec 0 0K 1K 166960K 22299 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 311 85K 140K 166960K 534992 0 UVM aobj 131 5K 7K 166960K 155 0 pinsyscall 51 102K 134K 166960K 88576 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 4584 0 NDP 11 0K 2K 166960K 2569 0 temp 79 6824K 6952K 166960K 497627 0 kqueue 14 22K 40K 166960K 9971 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 9669 0 9665 55 53 2 5 0 8 1 rtentry 112 10034 0 9919 14 10 4 4 0 8 0 unpcb 144 61251 0 61099 221 212 9 11 0 8 3 syncache 336 1101 0 1101 31 30 1 1 0 8 1 tcpqe 32 409 0 409 60 59 1 1 0 8 1 tcpcb 808 39355 0 39333 369 355 14 20 0 8 6 arp 120 1748 0 1729 1 0 1 1 0 8 0 ipq 40 480 0 472 5 4 1 1 0 8 0 ipqe 40 6770 0 6760 5 4 1 1 0 8 0 inpcb 336 91702 0 91675 437 425 12 21 0 8 4 ip6q 72 81 0 81 15 15 0 1 0 8 0 ip6af 40 162 0 162 15 15 0 1 0 8 0 nd6 136 3135 0 3107 11 9 2 2 0 8 0 kcovpl 48 1031 0 1022 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 40508 0 40036 215 183 32 33 0 8 0 art_table 32 40509 0 40036 12 7 5 5 0 8 0 art_node 16 10033 0 9928 1 0 1 1 0 8 0 sysvmsgpl 40 45 0 5 1 0 1 1 0 8 0 semapl 112 2199 0 2189 1 0 1 1 0 8 0 shmpl 112 152 0 24 4 0 4 4 0 8 0 dirhash 1024 1239 0 1205 13 8 5 5 0 8 0 dino2pl 256 81860 0 77049 305 3 302 302 0 8 0 ffsino 272 81860 0 77049 326 4 322 322 0 8 0 nchpl 144 149786 0 146583 123 3 120 121 0 8 0 uvmvnodes 80 11593 0 0 237 0 237 237 0 8 0 vnodes 216 11593 0 0 645 0 645 645 0 8 0 namei 1024 644841 0 644841 31 30 1 2 0 8 1 percpumem 16 895 0 849 1 0 1 1 0 8 0 kstatmem 264 1720 0 1698 2 0 2 2 0 8 0 scxspl 216 595802 0 595802 114 111 3 4 1 8 3 plimitpl 152 20062 0 20036 2 0 2 2 0 8 0 sigapl 424 60331 0 60271 24 16 8 9 0 8 0 futexpl 64 746614 0 746610 30 29 1 1 0 8 0 knotepl 120 2341 0 0 25 0 25 25 0 8 0 kqueuepl 216 21885 0 21875 183 180 3 9 0 8 2 pipepl 320 12619 0 12587 134 130 4 14 0 8 0 fdescpl 496 60312 0 60271 20 13 7 8 0 8 0 filepl 152 452638 0 452235 290 269 21 26 0 8 5 lockfpl 104 15017 0 15015 9 8 1 2 0 8 0 lockfspl 48 4613 0 4611 1 0 1 1 0 8 0 sessionpl 144 1733 0 1716 1 0 1 1 0 8 0 pgrppl 48 3760 0 3735 1 0 1 1 0 8 0 ucredpl 104 90243 0 90224 1 0 1 1 0 8 0 zombiepl 144 60275 0 60271 1 0 1 1 0 8 0 processpl 1160 60331 0 60271 7 2 5 6 0 8 0 procpl 648 142934 0 142864 11 4 7 8 0 8 0 srpgc 96 31 0 31 13 13 0 1 0 8 0 sosppl 168 805 0 805 40 39 1 1 0 8 1 sockpl 664 164220 0 164034 630 610 20 33 0 8 4 mcl64k 65536 99 0 0 5 2 3 3 0 8 0 mcl16k 16384 6 0 0 1 0 1 1 0 8 0 mcl12k 12288 4 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 41 0 0 4 1 3 3 0 8 0 mcl4k 4096 4 0 0 1 0 1 1 0 8 0 mcl2k2 2112 33 0 0 2 0 2 2 0 8 0 mcl2k 2048 1024 0 0 42 19 23 30 0 8 0 mtagpl 96 12 0 0 1 0 1 1 0 8 0 mbufpl 256 9799 0 0 563 2 561 561 0 8 0 bufpl 280 100582 0 88980 830 0 830 830 0 8 0 anonpl 24 7099332 0 7081278 493 360 133 158 0 185 0 amapchunkpl 152 1769152 0 1768151 467 414 53 57 0 158 8 amappl16 200 151761 0 151183 538 495 43 56 0 8 7 amappl15 192 14 0 14 11 11 0 1 0 8 0 amappl14 184 3551 0 3539 1 0 1 1 0 8 0 amappl13 176 66 0 66 42 42 0 1 0 8 0 amappl12 168 75401 0 75358 7 4 3 3 0 8 0 amappl11 160 55 0 44 1 0 1 1 0 8 0 amappl10 152 10 0 8 1 0 1 1 0 8 0 amappl9 144 135 0 134 2 1 1 1 0 8 0 amappl8 136 27 0 24 1 0 1 1 0 8 0 amappl7 128 2655 0 2642 1 0 1 1 0 8 0 amappl6 120 8624 0 8620 1 0 1 1 0 8 0 amappl5 112 4391 0 4381 1 0 1 1 0 8 0 amappl4 104 6334 0 6315 1 0 1 1 0 8 0 amappl3 96 359294 0 359144 6 1 5 5 0 8 0 amappl2 88 22362 0 22294 5 2 3 3 0 8 0 amappl1 80 460978 0 460396 44 28 16 19 0 8 0 amappl 88 519097 0 518844 9 2 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 154 0 24 3 0 3 3 0 8 0 uaddrrnd 24 60312 0 60271 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 60312 0 60271 1 0 1 1 0 8 0 vmmpekpl 168 590848 0 590801 7 3 4 5 0 8 0 vmmpepl 168 4086372 0 4083582 549 404 145 163 0 357 3 vmsppl 440 60311 0 60271 19 13 6 7 0 8 0 rwobjpl 56 1051989 0 1038726 234 44 190 191 0 8 0 pdppl 4096 120631 0 120542 1928 1835 93 119 0 8 4 pvpl 32 47733 0 0 383 1 382 382 0 265 0 pmappl 248 60311 0 60271 5 2 3 4 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 4275 0 2899 40 0 40 40 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b7b9c) at panic+0x1e5 sys/kern/subr_prf.c:198 uvm_fault_unwire_locked(fffffd8069ecfa60,20000000,20001000) at uvm_fault_unwire_locked+0x487 sys/uvm/uvm_fault.c:1663 uvm_fault_unwire(fffffd8069ecfa60,20000000,20001000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1623 kern_sysctl(ffff8000371e0e24,3,20000100,ffff8000371e0e58,0,2e,ccb91fe78bd9b0be) at kern_sysctl+0x38e sysctl_vsunlock sys/kern/kern_sysctl.c:204 [inline] kern_sysctl(ffff8000371e0e24,3,20000100,ffff8000371e0e58,0,2e,ccb91fe78bd9b0be) at kern_sysctl+0x38e sys/kern/kern_sysctl.c:502 sys_sysctl(ffff800037213980,ffff8000371e0f90,ffff8000371e0ee0) at sys_sysctl+0x422 syscall(ffff8000371e0f90) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff8000371e0f90) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x534cd4271d0, count: -8 ddb{0}> machine ddbcpu 1