panic: kernel diagnostic assertion "nlevel >= IPL_NONE" failed: file "/syzkaller/managers/main/kernel/sys/arch/amd64/amd64/intr.c", line 803
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83412c7c) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff83452125,ffffffff833bb6f4,323,ffffffff833f607f) at __assert+0x29 sys/kern/subr_prf.c:-1
splraise(bb83a271) at splraise+0xad
mtx_enter(fffffd806c7cf7a8) at mtx_enter+0xc8 sys/kern/kern_lock.c:554
pmap_page_remove(fffffd80071a8900) at pmap_page_remove+0xc9 rcr3 sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:139 [inline]
pmap_page_remove(fffffd80071a8900) at pmap_page_remove+0xc9 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:437 [inline]
pmap_page_remove(fffffd80071a8900) at pmap_page_remove+0xc9 sys/arch/amd64/amd64/pmap.c:1974
uvm_anfree(fffffd806da73e10) at uvm_anfree+0xd8 sys/uvm/uvm_anon.c:111
amap_wipeout(fffffd806ea87248) at amap_wipeout+0x246 sys/uvm/uvm_amap.c:-1
uvm_unmap_detach(ffff80002a8b32b0,0) at uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1359
uvm_map_teardown(fffffd80766db008) at uvm_map_teardown+0x357 sys/uvm/uvm_map.c:2536
exit1(ffff80002a746008,43,0,1) at exit1+0x6e6 sys/kern/kern_exit.c:259
sys_exit(ffff80002a746008,ffff80002a8b3470,ffff80002a8b33c0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a8b3470) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a8b3470) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x70663b0836a0, count: 1
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: kernel diagnostic assertion "nlevel >= IPL_NONE" failed: file "/syzkaller/managers/main/kernel/sys/arch/amd64/amd64/intr.c", line 803
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83412c7c) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff83452125,ffffffff833bb6f4,323,ffffffff833f607f) at __assert+0x29 sys/kern/subr_prf.c:-1
splraise(bb83a271) at splraise+0xad
mtx_enter(fffffd806c7cf7a8) at mtx_enter+0xc8 sys/kern/kern_lock.c:554
pmap_page_remove(fffffd80071a8900) at pmap_page_remove+0xc9 rcr3 sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:139 [inline]
pmap_page_remove(fffffd80071a8900) at pmap_page_remove+0xc9 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:437 [inline]
pmap_page_remove(fffffd80071a8900) at pmap_page_remove+0xc9 sys/arch/amd64/amd64/pmap.c:1974
uvm_anfree(fffffd806da73e10) at uvm_anfree+0xd8 sys/uvm/uvm_anon.c:111
amap_wipeout(fffffd806ea87248) at amap_wipeout+0x246 sys/uvm/uvm_amap.c:-1
uvm_unmap_detach(ffff80002a8b32b0,0) at uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1359
uvm_map_teardown(fffffd80766db008) at uvm_map_teardown+0x357 sys/uvm/uvm_map.c:2536
exit1(ffff80002a746008,43,0,1) at exit1+0x6e6 sys/kern/kern_exit.c:259
sys_exit(ffff80002a746008,ffff80002a8b3470,ffff80002a8b33c0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a8b3470) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a8b3470) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x70663b0836a0, count: -14
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80002a8b2fe0
rbx 0
rdx 0
rcx 0
rax 0xffff80002a746008
r8 0x101010101010101
r9 0x8080808080808080
r10 0x8ac8c985646f2fc9
r11 0xc568143ca232db67
r12 0
r13 0xfffffd80071a8968
r14 0
r15 0x1
rip 0xffffffff82654795 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80002a8b2fd0
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=210689 pid=63020 tcnt=0 stat=onproc
flags process=a<EXEC,EXITING> proc=2000<WEXIT>
runpri=50, usrpri=86, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=1
forw=0xffffffffffffffff, list=0xffff80002a746d00,0xffff80003c90b788
process=0xffff80002a7afa90 user=0xffff80002a8ae000, vmspace=0xfffffd80766db008
estcpu=36, cpticks=48, pctcpu=0.0, user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
72061 364182 10344 0 2 0 syz-executor
72061 69100 10344 0 2 0x4000000 syz-executor
58492 328320 71423 0 2 0xc80 syz-executor
58492 163587 71423 0 3 0x4000080 sysctllk syz-executor
58492 113598 71423 0 3 0x4000080 sysctllk syz-executor
58492 498809 71423 0 3 0x4000080 fsleep syz-executor
32311 463900 73304 0 3 0x82 sysctllk syz-executor
27368 69708 73304 0 3 0x82 sysctllk syz-executor
42836 173031 0 0 3 0x14200 acct acct
20433 446499 73304 0 3 0x82 sysctllk syz-executor
59792 262166 1 0 3 0x3000 suspend syz-executor
59792 467226 1 0 3 0x4081000 sysctllk syz-executor
64704 273923 73304 0 3 0x82 sysctllk syz-executor
75051 440418 15211 0 3 0x82 sysctllk sshd-session
57488 422704 15211 0 3 0x82 sysctllk sshd-session
958 143839 15211 0 3 0x82 sysctllk sshd-session
53800 344135 1 0 3 0x82 sysctllk getty
96259 469198 15211 0 3 0x82 sysctllk sshd-session
63579 296389 15211 0 3 0x82 sysctllk sshd-session
41083 368555 15211 0 3 0x82 sysctllk sshd-session
50598 511613 15211 0 3 0x82 sysctllk sshd-session
51821 364191 1 0 3 0 vmmapbsy syz-executor
51821 384188 1 0 3 0x4000000 vmmapbsy syz-executor
51821 514586 1 0 2 0x4000c00 syz-executor
51821 357837 1 0 2 0x4000c00 syz-executor
71423 462556 73304 0 2 0xc82 syz-executor
58494 392410 73304 0 2 0x2 syz-executor
10344 392783 73304 0 2 0xc82 syz-executor
73304 394483 37751 0 2 0x82 syz-executor
37751 223397 4267 0 3 0x10008a sigsusp ksh
4267 311273 8212 0 3 0x98 kqread sshd-session
8212 93170 15211 0 3 0x92 kqread sshd-session
15211 16267 1 0 3 0x88 kqread sshd
54290 189741 78194 73 3 0x1100090 kqread syslogd
78194 176291 1 0 3 0x100082 sbwait syslogd
75717 183482 1 0 3 0x100080 sysctllk resolvd
97384 108658 70810 77 3 0x100092 kqread dhcpleased
42263 516729 70810 77 3 0x100092 kqread dhcpleased
70810 52506 1 0 3 0x80 kqread dhcpleased
4927 171311 0 0 3 0x14200 bored smr
14294 394034 0 0 2 0x14200 zerothread
79362 183343 0 0 3 0x14200 aiodoned aiodoned
69691 321499 0 0 3 0x14200 syncer update
83121 312799 0 0 3 0x14200 cleaner cleaner
2884 425608 0 0 3 0x14200 reaper reaper
59821 475664 0 0 3 0x14200 pgdaemon pagedaemon
9400 491020 0 0 3 0x14200 bored viomb
39714 42764 0 0 3 0x40014200 acpi0 acpi0
33335 317079 0 0 3 0x14200 bored softnet0
54678 479866 0 0 3 0x14200 bored systqmp
6408 13447 0 0 3 0x14200 bored systq
63872 201299 0 0 2 0x40014200 softclock
55032 340201 0 0 3 0x40014200 idle0
1 462872 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11089 12310K 14227K 166960K 17566 0
pcb 18 20K 25K 166960K 713 0
rtable 177 17K 18K 166960K 604 0
pf 28 12K 14K 166960K 196 0
ifaddr 29 5K 8K 166960K 137 0
ifgroup 43 1K 2K 166960K 257 0
sysctl 4 1K 9K 166960K 24 0
counters 32 17K 18K 166960K 203 0
ioctlops 0 0K 4K 166960K 817 0
iov 0 0K 24K 166960K 84 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1597 100K 101K 166960K 4147 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 27 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 1K 166960K 106 0
dirhash 12 2K 3K 166960K 36 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 13 33K 97K 166960K 1979 0
sigio 0 0K 0K 166960K 96 0
proc 51 50K 124K 166960K 674 0
subproc 45 2K 4K 166960K 74 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 243 0
in_multi 54 3K 7K 166960K 163 0
ether_multi 1 0K 0K 166960K 14 0
mrt 1 0K 0K 166960K 40 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 235 1049K 1049K 166960K 235 0
exec 0 0K 1K 166960K 860 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 7 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 251 126K 170K 166960K 19666 0
UVM aobj 84 19K 19K 166960K 95 0
pinsyscall 48 96K 106K 166960K 3151 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 206 0
NDP 10 0K 2K 166960K 98 0
temp 73 9079K 9147K 166960K 103581 0
kqueue 13 20K 30K 166960K 347 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 239 0 234 3 2 1 2 0 8 0
rtentry 136 162 0 106 4 0 4 4 0 8 0
unpcb 144 1901 0 1872 10 6 4 6 0 8 2
syncache 336 13 0 13 2 2 0 1 0 8 0
tcpcb 736 940 0 921 16 8 8 8 0 8 5
arp 96 20 0 9 1 0 1 1 0 8 0
ipq 40 9 0 8 2 1 1 1 0 8 0
ipqe 40 11 0 10 2 1 1 1 0 8 0
inpcb 328 2846 0 2822 35 24 11 15 0 8 7
ip6q 72 8 0 7 2 1 1 1 0 8 0
ip6af 40 11 0 10 2 1 1 1 0 8 0
nd6 112 35 0 23 1 0 1 1 0 8 0
pkpcb 40 47 0 47 3 2 1 1 0 8 1
kcovpl 48 8 0 3 1 0 1 1 0 8 0
ppxss 1072 144 0 144 3 2 1 1 0 8 1
pppxif 1384 13 0 13 3 2 1 1 0 8 1
pfrktable 1344 2 0 2 1 1 0 1 0 8 0
rttmr 136 4 0 4 1 1 0 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 715 0 460 30 7 23 30 0 8 0
art_table 40 717 0 460 5 0 5 5 0 8 0
art_node 32 159 0 110 1 0 1 1 0 8 0
sysvmsgpl 40 45 0 5 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 97 0 87 1 0 1 1 0 8 0
shmpl 112 83 0 9 3 0 3 3 0 8 0
dirhash 1024 33 0 16 3 0 3 3 0 8 0
dino2pl 256 5267 0 3810 93 0 93 93 0 8 0
ffsino 256 5267 0 3810 93 0 93 93 0 8 0
nchpl 144 8005 0 6303 64 0 64 64 0 8 0
rtmask 32 16 0 16 3 2 1 1 0 8 1
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 30347 0 30346 4 3 1 2 0 8 0
vcpupl 3904 9 0 2 1 0 1 1 0 8 0
vmpool 808 9 0 2 1 0 1 1 0 8 0
kstatmem 264 162 0 142 3 1 2 3 0 8 0
scsiplug 72 9 0 9 3 2 1 1 0 8 1
scxspl 216 33370 0 33370 10 8 2 8 1 8 2
plimitpl 152 771 0 753 1 0 1 1 0 8 0
sigapl 424 2295 0 2248 6 0 6 6 0 8 0
knotepl 120 760314 0 760260 59 48 11 17 0 8 8
kqueuepl 184 737 0 728 6 2 4 4 0 8 3
pipepl 304 768 0 737 13 5 8 8 0 8 5
fdescpl 448 2272 0 2240 5 1 4 5 0 8 0
filepl 120 19055 0 18844 25 11 14 15 0 8 4
lockfpl 104 1260 0 1258 3 1 2 2 0 8 1
lockfspl 48 529 0 527 1 0 1 1 0 8 0
sessionpl 144 31 0 17 1 0 1 1 0 8 0
pgrppl 48 145 0 121 1 0 1 1 0 8 0
ucredpl 104 3223 0 3212 1 0 1 1 0 8 0
zombiepl 144 2561 0 2559 3 2 1 1 0 8 0
processpl 1152 2295 0 2248 4 0 4 4 0 8 0
procpl 664 5480 0 5425 8 1 7 7 0 8 0
sosppl 176 8 0 8 3 2 1 1 0 8 1
sockpl 552 5102 0 5044 41 28 13 18 0 8 7
mcl64k 65536 292 0 288 1 0 1 1 0 8 0
mcl16k 16384 4 0 4 1 1 0 1 0 8 0
mcl12k 12288 1 0 1 1 1 0 1 0 8 0
mcl9k 9216 2 0 2 1 1 0 1 0 8 0
mcl8k 8192 139 0 139 3 2 1 1 0 8 1
mcl4k 4096 5187 0 5122 15 6 9 15 0 8 0
mcl2k2 2112 4 0 4 1 1 0 1 0 8 0
mcl2k 2048 2151 0 2124 7 3 4 4 0 8 0
mtagpl 96 194 0 111 4 0 4 4 0 8 0
mbufpl 256 115574 0 115097 192 155 37 125 0 8 6
bufpl 280 11079 0 4865 445 0 445 445 0 8 0
anonpl 24 358335 0 344075 126 1 125 125 0 187 20
amapchunkpl 152 70190 0 69645 50 18 32 40 0 158 5
amappl16 200 7157 0 6618 66 23 43 43 0 8 6
amappl15 192 6 0 6 1 1 0 1 0 8 0
amappl14 184 425 0 424 1 0 1 1 0 8 0
amappl13 176 138 0 121 1 0 1 1 0 8 0
amappl12 168 2513 0 2493 2 0 2 2 0 8 0
amappl11 160 15 0 15 1 1 0 1 0 8 0
amappl10 152 60 0 50 1 0 1 1 0 8 0
amappl9 144 251 0 251 3 2 1 1 0 8 1
amappl8 136 106 0 104 1 0 1 1 0 8 0
amappl7 128 164 0 145 1 0 1 1 0 8 0
amappl6 120 214 0 211 1 0 1 1 0 8 0
amappl5 112 113 0 98 1 0 1 1 0 8 0
amappl4 104 299 0 282 1 0 1 1 0 8 0
amappl3 96 14062 0 13972 4 0 4 4 0 8 0
amappl2 88 598 0 509 3 0 3 3 0 8 1
amappl1 80 18476 0 17740 16 0 16 16 0 8 0
amappl 88 18751 0 18595 5 0 5 5 0 92 0
uvmvnodes 80 151 0 0 4 0 4 4 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 3 0 2 1 0 1 1 0 8 0
dma256 256 7 0 7 1 1 0 1 0 8 0
dma128 128 254 0 254 2 1 1 1 0 8 1
dma64 64 7 0 7 2 1 1 1 0 8 1
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 94 0 11 2 0 2 2 0 8 0
uaddrrnd 24 2272 0 2240 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2272 0 2240 1 0 1 1 0 8 0
vmmpekpl 168 20542 0 20485 3 0 3 3 0 8 0
vmmpepl 168 153635 0 151116 155 15 140 140 0 357 13
vmsppl 368 2271 0 2239 4 0 4 4 0 8 0
rwobjpl 40 39920 0 38065 24 2 22 22 0 8 1
pdppl 4096 4568 0 4489 132 49 83 83 0 8 4
pvpl 32 1022998 0 1001460 256 26 230 230 0 265 33
pmappl 216 2280 0 2241 3 0 3 3 0 8 0
pool(pmappl): free list modified: page 0xfffffd806c7cf000; item ordinal 1; addr 0xfffffd806c7cf7a8 (p 0xfffffd806c7cf000); offset 0x1c=0xdeaf4153
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 607 0 239 13 0 13 13 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83412c7c) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff83452125,ffffffff833bb6f4,323,ffffffff833f607f) at __assert+0x29 sys/kern/subr_prf.c:-1
splraise(bb83a271) at splraise+0xad
mtx_enter(fffffd806c7cf7a8) at mtx_enter+0xc8 sys/kern/kern_lock.c:554
pmap_page_remove(fffffd80071a8900) at pmap_page_remove+0xc9 rcr3 sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:139 [inline]
pmap_page_remove(fffffd80071a8900) at pmap_page_remove+0xc9 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:437 [inline]
pmap_page_remove(fffffd80071a8900) at pmap_page_remove+0xc9 sys/arch/amd64/amd64/pmap.c:1974
uvm_anfree(fffffd806da73e10) at uvm_anfree+0xd8 sys/uvm/uvm_anon.c:111
amap_wipeout(fffffd806ea87248) at amap_wipeout+0x246 sys/uvm/uvm_amap.c:-1
uvm_unmap_detach(ffff80002a8b32b0,0) at uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1359
uvm_map_teardown(fffffd80766db008) at uvm_map_teardown+0x357 sys/uvm/uvm_map.c:2536
exit1(ffff80002a746008,43,0,1) at exit1+0x6e6 sys/kern/kern_exit.c:259
sys_exit(ffff80002a746008,ffff80002a8b3470,ffff80002a8b33c0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a8b3470) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a8b3470) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x70663b0836a0, count: -14
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83412c7c) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff83452125,ffffffff833bb6f4,323,ffffffff833f607f) at __assert+0x29 sys/kern/subr_prf.c:-1
splraise(bb83a271) at splraise+0xad
mtx_enter(fffffd806c7cf7a8) at mtx_enter+0xc8 sys/kern/kern_lock.c:554
pmap_page_remove(fffffd80071a8900) at pmap_page_remove+0xc9 rcr3 sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:139 [inline]
pmap_page_remove(fffffd80071a8900) at pmap_page_remove+0xc9 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:437 [inline]
pmap_page_remove(fffffd80071a8900) at pmap_page_remove+0xc9 sys/arch/amd64/amd64/pmap.c:1974
uvm_anfree(fffffd806da73e10) at uvm_anfree+0xd8 sys/uvm/uvm_anon.c:111
amap_wipeout(fffffd806ea87248) at amap_wipeout+0x246 sys/uvm/uvm_amap.c:-1
uvm_unmap_detach(ffff80002a8b32b0,0) at uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1359
uvm_map_teardown(fffffd80766db008) at uvm_map_teardown+0x357 sys/uvm/uvm_map.c:2536
exit1(ffff80002a746008,43,0,1) at exit1+0x6e6 sys/kern/kern_exit.c:259
sys_exit(ffff80002a746008,ffff80002a8b3470,ffff80002a8b33c0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a8b3470) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a8b3470) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x70663b0836a0, count: -14