panic: uvm_fault_unwire_locked: address not in map Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *287279 27069 32767 0x10 0x4000000 0 syz-executor 460264 27069 32767 0x10 0x4000000 1 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b8c16) at panic+0x1e5 sys/kern/subr_prf.c:198 uvm_fault_unwire_locked(fffffd80681e9008,20001000,20002000) at uvm_fault_unwire_locked+0x487 sys/uvm/uvm_fault.c:1663 uvm_fault_unwire(fffffd80681e9008,20001000,20002000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1623 sysctl_vsunlock(20001140,0) at sysctl_vsunlock+0x7b sys/kern/kern_sysctl.c:204 net_sysctl(ffff8000368400e4,3,20001140,ffff800036840118,0,0,6a07fbce0b007fc9) at net_sysctl+0x69a sys/kern/uipc_domain.c:251 sys_sysctl(ffff8000369cfc00,ffff800036840250,ffff8000368401a0) at sys_sysctl+0x422 syscall(ffff800036840250) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff800036840250) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x989c874a090, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: uvm_fault_unwire_locked: address not in map ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b8c16) at panic+0x1e5 sys/kern/subr_prf.c:198 uvm_fault_unwire_locked(fffffd80681e9008,20001000,20002000) at uvm_fault_unwire_locked+0x487 sys/uvm/uvm_fault.c:1663 uvm_fault_unwire(fffffd80681e9008,20001000,20002000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1623 sysctl_vsunlock(20001140,0) at sysctl_vsunlock+0x7b sys/kern/kern_sysctl.c:204 net_sysctl(ffff8000368400e4,3,20001140,ffff800036840118,0,0,6a07fbce0b007fc9) at net_sysctl+0x69a sys/kern/uipc_domain.c:251 sys_sysctl(ffff8000369cfc00,ffff800036840250,ffff8000368401a0) at sys_sysctl+0x422 syscall(ffff800036840250) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff800036840250) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x989c874a090, count: -9 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80003683fe60 rbx 0xffffffff834c5dcf cpu_info_full_primary+0x2dcf rdx 0 rcx 0xffff8000369cfc00 rax 0xffffffff834c4ff0 cpu_info_full_primary+0x1ff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x3a81a239f65d1cfd r11 0x8af600a72bf1fb16 r12 0xffffffff834c5bd0 cpu_info_full_primary+0x2bd0 r13 0 r14 0 r15 0x1 rip 0xffffffff81972da5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003683fe50 ss 0 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=287279 pid=27069 tcnt=3 stat=onproc flags process=10 proc=4000000 runpri=36, usrpri=50, slppri=36, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000369ce7c0,0xffff8000369cf1f0 process=0xffff8000369c2460 user=0xffff80003683b000, vmspace=0xfffffd80681e9008 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 27069 429620 44910 32767 2 0x10 syz-executor *27069 287279 44910 32767 7 0x4000010 syz-executor 27069 460264 44910 32767 7 0x4000010 syz-executor 69717 208772 59562 32767 2 0x10 syz-executor 69717 517276 59562 32767 3 0x4000090 fsleep syz-executor 75699 38005 35809 32767 2 0x10 syz-executor 17582 347165 56932 32767 2 0x10 syz-executor 17582 178175 56932 32767 2 0x4000010 syz-executor 17582 185489 56932 32767 3 0x4000090 fsleep syz-executor 17582 507824 56932 32767 3 0x4000090 fsleep syz-executor 13037 294839 9014 32767 2 0x10 syz-executor 13037 374556 9014 32767 3 0x4000090 fsleep syz-executor 13037 327539 9014 32767 3 0x4000090 ttyretype syz-executor 56932 238817 32824 32767 3 0x90 nanoslp syz-executor 32824 301073 75879 0 3 0x82 wait syz-executor 44524 422043 29195 32767 2 0x10 syz-executor 29195 79105 75879 0 3 0x82 wait syz-executor 59562 347544 82127 32767 3 0x90 nanoslp syz-executor 82127 431072 75879 0 3 0x82 wait syz-executor 35809 65452 89788 32767 2 0x10 syz-executor 89788 303401 75879 0 3 0x82 wait syz-executor 73639 341202 93565 32767 3 0x90 nanoslp syz-executor 93565 256189 75879 0 3 0x82 wait syz-executor 9014 482767 40292 32767 3 0x90 nanoslp syz-executor 40292 508899 75879 0 3 0x82 wait syz-executor 44910 245899 98941 32767 3 0x90 nanoslp syz-executor 98941 88265 75879 0 3 0x82 wait syz-executor 25549 167668 116 0 3 0x82 netio sshd-session 11282 202811 70964 32767 3 0x90 wait syz-executor 70964 40426 75879 0 3 0x82 wait syz-executor 53802 89760 60634 32767 3 0x3810 suspend syz-executor 53802 494230 60634 32767 4 0x4081810 syz-executor 60634 202417 1 32767 3 0x90 wait syz-executor 7541 87401 52472 0 3 0x100082 sbwait ndp 52472 224856 23125 0 3 0x10008a sigsusp sh 23125 40304 1 0 3 0x80 wait syz-executor 99478 344087 59749 32767 3 0x102010 suspend syz-executor 99478 408053 59749 32767 4 0x4182010 syz-executor 99478 314677 59749 32767 4 0x4182010 syz-executor 99478 328810 59749 32767 4 0x4182010 syz-executor 59749 315745 1 32767 3 0x90 wait syz-executor 61562 235056 84754 0 3 0x100082 sbwait arp 84754 229062 94510 0 3 0x10008a sigsusp sh 94510 129505 1 0 3 0x80 wait syz-executor 38441 218524 0 0 3 0x14200 bored sosplice 75879 228006 27175 0 2 0x2 syz-executor 27175 61899 64961 0 3 0x10008a sigsusp ksh 64961 369892 33442 0 3 0x98 kqread sshd-session 33442 22678 116 0 3 0x92 kqread sshd-session 353 65240 1 0 3 0x100083 ttyin getty 116 393222 1 0 3 0x88 kqread sshd 54827 520692 81473 73 3 0x1100090 kqread syslogd 81473 154423 1 0 3 0x100082 sbwait syslogd 63275 523222 1 0 3 0x100080 kqread resolvd 31136 328470 72329 77 3 0x100092 kqread dhcpleased 20025 123300 72329 77 3 0x100092 kqread dhcpleased 72329 523389 1 0 3 0x80 kqread dhcpleased 20934 56870 0 0 3 0x14200 bored smr 26825 93235 0 0 3 0x14200 pgzero zerothread 32998 516932 0 0 3 0x14200 aiodoned aiodoned 60442 269781 0 0 3 0x14200 syncer update 84695 304315 0 0 3 0x14200 cleaner cleaner 5101 51910 0 0 3 0x14200 reaper reaper 76648 333353 0 0 3 0x14200 pgdaemon pagedaemon 52596 422222 0 0 3 0x14200 bored viomb 7617 510408 0 0 3 0x40014200 acpi0 acpi0 48100 418377 0 0 3 0x40014200 idle1 54234 494731 0 0 3 0x14200 bored softnet3 39254 72688 0 0 3 0x14200 bored softnet2 16586 371291 0 0 3 0x14200 bored softnet1 45983 512491 0 0 3 0x14200 bored softnet0 30289 12060 0 0 3 0x14200 bored systqmp 90986 72652 0 0 3 0x14200 bored systq 19899 362179 0 0 3 0x14200 tmoslp softclockmp 31691 494770 0 0 3 0x40014200 tmoslp softclock 86622 32248 0 0 3 0x40014200 idle0 1 513287 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 27069 (syz-executor) thread 0xffff8000369cfc00 (287279) shared rwlock vmmaplk r = 0 (0xfffffd80681e90f8) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 uvm_fault_unwire+0x3e sys/uvm/uvm_fault.c:1622 #3 sysctl_vsunlock+0x7b sys/kern/kern_sysctl.c:204 #4 net_sysctl+0x69a sys/kern/uipc_domain.c:251 #5 sys_sysctl+0x422 #6 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #6 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #7 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83603a10) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 __mp_acquire_count+0x58 #2 mi_switch+0x658 sys/kern/sched_bsd.c:460 #3 sleep_finish+0x219 sys/kern/kern_synch.c:416 #4 rw_enter+0x348 sys/kern/kern_rwlock.c:285 #5 uvm_fault_unwire+0x3e sys/uvm/uvm_fault.c:1622 #6 sysctl_vsunlock+0x7b sys/kern/kern_sysctl.c:204 #7 net_sysctl+0x69a sys/kern/uipc_domain.c:251 #8 sys_sysctl+0x422 #9 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #9 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #10 Xsyscall+0x128 exclusive rwlock sysctllk r = 0 (0xffffffff8349f1f0) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 rw_enter+0x41b sys/kern/kern_rwlock.c:309 #2 sysctl_vslock+0x45 sys/kern/kern_sysctl.c:176 #3 net_sysctl+0x5a1 sys/kern/uipc_domain.c:245 #4 sys_sysctl+0x422 #5 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #5 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #6 Xsyscall+0x128 Process 27069 (syz-executor) thread 0xffff8000369cf1e0 (460264) exclusive rwlock futex r = 0 (0xffffffff834cb200) #0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5bb sys/kern/subr_witness.c:1155 #1 sys_futex+0x69 sys/kern/sys_futex.c:98 #2 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] #2 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 #3 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10244 14127K 14131K 166960K 13592 0 pcb 17 24K 28K 166960K 27 0 rtable 246 7K 7K 166960K 27718 0 pf 31 16K 16K 166960K 1560 0 ifaddr 42 15K 17K 166960K 3066 0 ifgroup 50 2K 2K 166960K 3091 0 sysctl 4 1K 5K 166960K 40 0 counters 64 36K 36K 166960K 1576 0 ioctlops 0 0K 2K 166960K 1876 0 iov 1 0K 32K 166960K 5621 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1495 94K 94K 166960K 21000 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 17K 166960K 974 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 2182 0 dirhash 33 6K 6K 166960K 1320 0 ACPI 1690 195K 286K 166960K 12418 0 file desc 35 133K 189K 166960K 54679 0 sigio 0 0K 0K 166960K 1911 0 proc 58 79K 176K 166960K 26387 0 subproc 156 9K 14K 166960K 12038 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 13220 0 in_multi 99 7K 8K 166960K 10475 0 ether_multi 1 0K 0K 166960K 364 0 mrt 1 0K 0K 166960K 6 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 403 1791K 1791K 166960K 403 0 exec 0 0K 1K 166960K 19407 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 351 111K 157K 166960K 475766 0 UVM aobj 131 4K 8K 166960K 148 0 pinsyscall 60 120K 154K 166960K 77778 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 2 0K 0K 166960K 3925 0 NDP 11 0K 2K 166960K 2283 0 temp 90 6825K 6953K 166960K 335492 0 kqueue 14 22K 38K 166960K 9308 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 24 0 0 1 0 1 1 0 8 0 rtpcb 120 8380 0 8375 59 58 1 3 0 8 0 rtentry 112 8987 0 8871 16 12 4 4 0 8 0 unpcb 144 54748 0 54729 261 257 4 10 0 8 3 syncache 336 1091 0 1091 60 59 1 1 0 8 1 tcpqe 32 487 0 487 65 64 1 1 0 8 1 tcpcb 808 38585 0 38513 320 305 15 18 0 8 5 arp 120 1556 0 1536 1 0 1 1 0 8 0 ipq 40 310 0 307 10 9 1 1 0 8 0 ipqe 40 5856 0 5853 10 9 1 1 0 8 0 inpcb 336 85083 0 85005 412 396 16 22 0 8 3 ip6q 72 15 0 15 15 15 0 1 0 8 0 ip6af 40 30 0 30 15 15 0 1 0 8 0 nd6 136 2854 0 2826 9 7 2 2 0 8 0 kcovpl 48 926 0 914 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 36328 0 35850 255 225 30 33 0 8 0 art_table 32 36329 0 35850 14 9 5 5 0 8 0 art_node 16 8986 0 8880 1 0 1 1 0 8 0 sysvmsgpl 40 54 0 16 1 0 1 1 0 8 0 semapl 112 2176 0 2166 1 0 1 1 0 8 0 shmpl 112 145 0 17 4 0 4 4 0 8 0 dirhash 1024 904 0 865 12 6 6 6 0 8 1 dino2pl 256 71116 0 66835 272 4 268 268 0 8 0 ffsino 272 71116 0 66835 286 0 286 286 0 8 0 nchpl 144 132531 0 129342 119 0 119 119 0 8 0 uvmvnodes 80 11326 0 0 232 0 232 232 0 8 0 vnodes 216 11326 0 0 630 0 630 630 0 8 0 namei 1024 563706 0 563706 69 68 1 2 0 8 1 percpumem 16 802 0 756 1 0 1 1 0 8 0 kstatmem 264 1534 0 1512 2 0 2 2 0 8 0 scxspl 216 565957 0 565957 142 138 4 8 1 8 4 plimitpl 152 17888 0 17858 2 0 2 2 0 8 0 sigapl 424 53631 0 53564 22 13 9 10 0 8 0 futexpl 64 659112 0 659108 37 36 1 1 0 8 0 knotepl 120 2594 0 0 27 0 27 27 0 8 0 kqueuepl 216 19554 0 19543 177 175 2 11 0 8 1 pipepl 320 10803 0 10763 99 94 5 14 0 8 0 fdescpl 496 53612 0 53564 24 17 7 8 0 8 0 filepl 152 395998 0 395672 291 272 19 27 0 8 1 lockfpl 104 15537 0 15535 8 7 1 2 0 8 0 lockfspl 48 4309 0 4307 1 0 1 1 0 8 0 sessionpl 144 1286 0 1265 2 0 2 2 0 8 0 pgrppl 48 3305 0 3276 1 0 1 1 0 8 0 ucredpl 104 73035 0 73014 1 0 1 1 0 8 0 zombiepl 144 53566 0 53564 1 0 1 1 0 8 0 processpl 1160 53631 0 53564 10 4 6 6 0 8 0 procpl 648 127825 0 127746 16 8 8 9 0 8 0 srpgc 96 67 0 67 30 30 0 1 0 8 0 sosppl 168 679 0 677 40 39 1 1 0 8 0 sockpl 664 149522 0 149420 593 572 21 29 0 8 6 mcl64k 65536 90 0 0 6 2 4 4 0 8 0 mcl16k 16384 7 0 0 1 0 1 1 0 8 0 mcl12k 12288 4 0 0 1 0 1 1 0 8 0 mcl9k 9216 3 0 0 1 0 1 1 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 12 0 0 2 0 2 2 0 8 0 mcl2k2 2112 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 1054 0 0 30 10 20 29 0 8 0 mtagpl 96 20 0 0 1 0 1 1 0 8 0 mbufpl 256 9060 0 0 511 0 511 511 0 8 0 bufpl 280 92345 0 81019 810 0 810 810 0 8 0 anonpl 24 6570295 0 6554176 746 648 98 124 0 185 0 amapchunkpl 152 1540742 0 1539686 472 417 55 59 0 158 11 amappl16 200 151781 0 151273 678 651 27 41 0 8 0 amappl15 192 26 0 25 2 1 1 1 0 8 0 amappl14 184 2672 0 2659 1 0 1 1 0 8 0 amappl13 176 48 0 48 32 32 0 1 0 8 0 amappl12 168 66848 0 66798 14 11 3 3 0 8 0 amappl11 160 54 0 43 1 0 1 1 0 8 0 amappl10 152 29 0 29 1 1 0 1 0 8 0 amappl9 144 210 0 209 2 1 1 1 0 8 0 amappl8 136 25 0 23 1 0 1 1 0 8 0 amappl7 128 2157 0 2142 1 0 1 1 0 8 0 amappl6 120 7677 0 7673 1 0 1 1 0 8 0 amappl5 112 3659 0 3648 1 0 1 1 0 8 0 amappl4 104 4633 0 4614 1 0 1 1 0 8 0 amappl3 96 320536 0 320368 5 0 5 5 0 8 0 amappl2 88 17213 0 17135 8 5 3 3 0 8 0 amappl1 80 346607 0 345901 54 34 20 23 0 8 0 amappl 88 463114 0 462834 11 3 8 8 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 147 0 17 3 0 3 3 0 8 0 uaddrrnd 24 53612 0 53564 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 53612 0 53564 1 0 1 1 0 8 0 vmmpekpl 168 487440 0 487371 7 2 5 5 0 8 0 vmmpepl 168 3405442 0 3402377 609 467 142 158 0 357 1 vmsppl 440 53611 0 53564 18 12 6 7 0 8 0 rwobjpl 56 897216 0 884095 237 50 187 188 0 8 0 pdppl 4096 107231 0 107128 2222 2115 107 133 0 8 4 pvpl 32 49843 0 0 402 0 402 402 0 265 0 pmappl 248 53611 0 53564 7 3 4 4 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 4465 0 3192 38 1 37 37 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b8c16) at panic+0x1e5 sys/kern/subr_prf.c:198 uvm_fault_unwire_locked(fffffd80681e9008,20001000,20002000) at uvm_fault_unwire_locked+0x487 sys/uvm/uvm_fault.c:1663 uvm_fault_unwire(fffffd80681e9008,20001000,20002000) at uvm_fault_unwire+0x55 sys/uvm/uvm_fault.c:1623 sysctl_vsunlock(20001140,0) at sysctl_vsunlock+0x7b sys/kern/kern_sysctl.c:204 net_sysctl(ffff8000368400e4,3,20001140,ffff800036840118,0,0,6a07fbce0b007fc9) at net_sysctl+0x69a sys/kern/uipc_domain.c:251 sys_sysctl(ffff8000369cfc00,ffff800036840250,ffff8000368401a0) at sys_sysctl+0x422 syscall(ffff800036840250) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline] syscall(ffff800036840250) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x989c874a090, count: -9 ddb{0}> machine ddbcpu 1