panic: kernel diagnostic assertion "(pg->pg_flags & (PQ_INACTIVE|PQ_ACTIVE)) == 0" failed: file "/syzkaller/managers/main/ker
nel/sys/uvm/uvm_page.c", line 1267
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*347786 1862 0 0 0x4000000 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8337b3d0) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff833ba87a,ffffffff833a49ed,4f3,ffffffff833e9e0d) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pagedeactivate(fffffd8006cd1380) at uvm_pagedeactivate+0x347 sys/uvm/uvm_page.c:1264
uvn_flush(fffffd806a37abf8,0,2000,4) at uvn_flush+0x43b sys/uvm/uvm_vnode.c:668
uvm_map_clean(fffffd807eb82a10,200000000000,200000004000,4) at uvm_map_clean+0x7c7 sys/uvm/uvm_map.c:4484
syscall(ffff800038117d60) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff800038117d60) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe31fd16c0d0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: kernel diagnostic assertion "(pg->pg_flags & (PQ_INACTIVE|PQ_ACTIVE)) == 0" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 1267
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8337b3d0) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff833ba87a,ffffffff833a49ed,4f3,ffffffff833e9e0d) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pagedeactivate(fffffd8006cd1380) at uvm_pagedeactivate+0x347 sys/uvm/uvm_page.c:1264
uvn_flush(fffffd806a37abf8,0,2000,4) at uvn_flush+0x43b sys/uvm/uvm_vnode.c:668
uvm_map_clean(fffffd807eb82a10,200000000000,200000004000,4) at uvm_map_clean+0x7c7 sys/uvm/uvm_map.c:4484
syscall(ffff800038117d60) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff800038117d60) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe31fd16c0d0, count: -8
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff800038117990
rbx 0x4
rdx 0
rcx 0
rax 0xffff80002a7aa568
r8 0x101010101010101
r9 0x8080808080808080
r10 0x6eeecd6e44fc6c7f
r11 0x4ae6eed8ee0f66b6
r12 0
r13 0x304000c __kernel_phys_base+0x204000c
r14 0
r15 0x1
rip 0xffffffff81d1ca85 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff800038117980
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=347786 pid=1862 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a7aad30,0xffff80002a7ab508
process=0xffff80003c9f2420 user=0xffff800038112000, vmspace=0xfffffd807eb82a10
estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
38445 110849 45600 0 2 0x10 syz-executor
38445 417439 45600 0 3 0x4000090 fsleep syz-executor
1862 312759 3343 0 2 0 syz-executor
* 1862 347786 3343 0 7 0x4000000 syz-executor
85152 65896 83038 0 2 0 syz-executor
85152 159831 83038 0 3 0x4000080 fsleep syz-executor
85437 211073 80241 0 2 0 syz-executor
85437 352062 80241 0 3 0x4000080 fsleep syz-executor
69227 248808 86709 8192 3 0x90 nanoslp syz-executor
69227 395452 86709 8192 3 0x4000090 kqsel syz-executor
69227 410646 86709 8192 3 0x4000090 fsleep syz-executor
89261 489203 86606 0 2 0 syz-executor
89261 88490 86606 0 3 0x4000080 fsleep syz-executor
37906 287483 67374 0 3 0x80 nanoslp syz-executor
37906 523022 67374 0 3 0x4000080 ttyretype syz-executor
37906 412095 67374 0 3 0x4000080 fsleep syz-executor
37906 66656 67374 0 3 0x4000080 fsleep syz-executor
80241 376205 68304 0 3 0x82 nanoslp syz-executor
86606 285496 68304 0 3 0x82 nanoslp syz-executor
64756 520220 0 0 3 0x14200 acct acct
66273 114349 72424 0 3 0x82 sbwait sshd-session
67374 79486 68304 0 3 0x82 nanoslp syz-executor
27763 510295 1 0 3 0x100083 ttyopn getty
56211 139339 72424 0 3 0x82 sbwait sshd-session
99077 205588 68304 0 3 0x82 nanoslp syz-executor
86709 15946 68304 0 3 0x82 nanoslp syz-executor
83038 467492 68304 0 3 0x82 nanoslp syz-executor
45600 334509 68304 0 3 0x82 nanoslp syz-executor
3343 459983 68304 0 3 0x82 nanoslp syz-executor
68304 314709 95058 0 3 0x82 kqread syz-executor
95058 32539 83998 0 3 0x10008a sigsusp ksh
83998 378004 69875 0 3 0x98 kqread sshd-session
69875 469868 72424 0 3 0x92 kqread sshd-session
72424 192717 1 0 3 0x88 kqread sshd
2693 199163 78252 73 3 0x1100090 kqread syslogd
78252 328487 1 0 3 0x100082 sbwait syslogd
51362 123674 1 0 3 0x100080 kqread resolvd
47636 87805 82449 77 3 0x100092 kqread dhcpleased
59785 35176 82449 77 3 0x100092 kqread dhcpleased
82449 399008 1 0 3 0x80 kqread dhcpleased
71227 214216 0 0 3 0x14200 bored smr
58362 424294 0 0 2 0x14200 zerothread
92268 278390 0 0 3 0x14200 aiodoned aiodoned
38557 329001 0 0 3 0x14200 syncer update
58819 365122 0 0 3 0x14200 cleaner cleaner
64692 99054 0 0 3 0x14200 reaper reaper
8473 228489 0 0 3 0x14200 pgdaemon pagedaemon
92105 118593 0 0 3 0x14200 bored viomb
34365 387161 0 0 3 0x40014200 acpi0 acpi0
28429 440186 0 0 3 0x14200 bored softnet0
22278 464123 0 0 3 0x14200 bored systqmp
57544 488104 0 0 3 0x14200 bored systq
5945 24575 0 0 3 0x40014200 tmoslp softclock
13674 386527 0 0 3 0x40014200 idle0
1 368300 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10215 11093K 11720K 166960K 14439 0
pcb 20 20K 22K 166960K 660 0
rtable 203 8K 9K 166960K 881 0
pf 35 14K 21K 166960K 191 0
ifaddr 39 7K 8K 166960K 125 0
ifgroup 53 2K 2K 166960K 200 0
sysctl 4 1K 9K 166960K 21 0
counters 33 17K 18K 166960K 110 0
ioctlops 0 0K 4K 166960K 370 0
iov 0 0K 48K 166960K 227 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1542 97K 97K 166960K 3404 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 27 0
VM map 2 1K 1K 166960K 2 0
sem 29 6K 6K 166960K 70 0
dirhash 12 2K 2K 166960K 42 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 240K 166960K 1830 0
sigio 0 0K 0K 166960K 78 0
proc 61 59K 108K 166960K 780 0
subproc 72 4K 4K 166960K 118 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 1 0K 0K 166960K 331 0
in_multi 78 5K 7K 166960K 222 0
ether_multi 1 0K 0K 166960K 25 0
mrt 2 0K 0K 166960K 17 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 241 1076K 1076K 166960K 241 0
exec 0 0K 1K 166960K 577 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 5 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 259 172K 181K 166960K 17316 0
UVM aobj 53 14K 16K 166960K 59 0
pinsyscall 43 86K 94K 166960K 3060 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 213 0
NDP 11 0K 2K 166960K 87 0
temp 147 8673K 8795K 166960K 61813 0
kqueue 15 24K 34K 166960K 351 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 179 0 175 2 0 2 2 0 8 1
rtentry 136 274 0 192 4 0 4 4 0 8 0
unpcb 144 1623 0 1603 11 5 6 6 0 8 5
syncache 336 14 0 14 2 1 1 1 0 8 1
tcpqe 32 4 0 4 2 1 1 1 0 8 1
tcpcb 736 909 0 895 16 6 10 14 0 8 8
arp 96 30 0 16 1 0 1 1 0 8 0
ipq 40 12 0 9 1 0 1 1 0 8 0
ipqe 40 26 0 23 1 0 1 1 0 8 0
inpcb 328 2514 0 2493 26 15 11 18 0 8 8
ip6q 72 8 0 4 1 0 1 1 0 8 0
ip6af 40 13 0 8 1 0 1 1 0 8 0
nd6 112 50 0 31 1 0 1 1 0 8 0
pkpcb 40 9 0 9 2 1 1 1 0 8 1
kcovpl 48 13 0 5 1 0 1 1 0 8 0
mppekey 1024 1 0 1 1 1 0 1 0 8 0
ppxss 1072 60 0 60 2 1 1 1 0 8 1
pppxif 1384 9 0 9 2 1 1 1 0 8 1
pfrktable 1344 2 0 1 1 0 1 1 0 8 0
pfanchor 1288 2 0 0 1 0 1 1 0 8 0
pftag 88 3 0 0 1 0 1 1 0 8 0
pfrule 1344 5 0 4 1 0 1 1 0 8 0
rttmr 136 4 0 4 2 1 1 1 0 8 1
art_heap8 4096 4 0 0 4 0 4 4 0 8 0
art_heap4 256 933 0 568 31 4 27 31 0 8 4
art_table 40 937 0 568 5 0 5 5 0 8 0
art_node 32 272 0 200 2 0 2 2 0 8 1
sysvmsgpl 40 52 0 45 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 58 0 31 1 0 1 1 0 8 0
shmpl 112 50 0 5 2 0 2 2 0 8 0
dirhash 1024 39 0 22 3 0 3 3 0 8 0
dino2pl 256 4873 0 3372 95 0 95 95 0 8 0
ffsino 256 4873 0 3372 95 0 95 95 0 8 0
nchpl 144 7383 0 5675 64 0 64 64 0 8 0
rtmask 32 7 0 7 2 1 1 1 0 8 1
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 25671 0 25671 3 2 1 2 0 8 1
vcpupl 3904 5 0 0 1 0 1 1 0 8 0
vmpool 800 6 0 1 1 0 1 1 0 8 0
kstatmem 264 122 0 100 3 0 3 3 0 8 1
scsiplug 72 8 0 8 2 1 1 1 0 8 1
scxspl 216 30354 0 30354 15 7 8 8 1 8 8
plimitpl 152 581 0 564 1 0 1 1 0 8 0
sigapl 424 2130 0 2084 8 2 6 8 0 8 0
knotepl 120 86843 0 86546 32 22 10 17 0 8 1
kqueuepl 184 591 0 579 3 2 1 3 0 8 0
pipepl 304 304 0 277 5 2 3 5 0 8 0
fdescpl 448 2084 0 2052 5 1 4 5 0 8 0
filepl 120 15500 0 15267 20 5 15 15 0 8 5
lockfpl 104 1154 0 1151 6 3 3 4 0 8 2
lockfspl 48 269 0 266 1 0 1 1 0 8 0
sessionpl 144 37 0 27 1 0 1 1 0 8 0
pgrppl 48 68 0 49 1 0 1 1 0 8 0
ucredpl 104 2893 0 2879 1 0 1 1 0 8 0
zombiepl 144 2085 0 2084 1 0 1 1 0 8 0
processpl 1152 2130 0 2084 5 0 5 5 0 8 0
procpl 664 4525 0 4469 8 2 6 7 0 8 0
sosppl 176 6 0 6 2 1 1 1 0 8 1
sockpl 552 4375 0 4330 33 20 13 19 0 8 8
mcl64k 65536 111 0 111 2 1 1 1 0 8 1
mcl16k 16384 2 0 2 2 1 1 1 0 8 1
mcl12k 12288 2 0 2 2 1 1 1 0 8 1
mcl9k 9216 9 0 9 2 1 1 1 0 8 1
mcl8k 8192 26 0 26 2 1 1 1 0 8 1
mcl4k 4096 4665 0 4608 16 7 9 15 0 8 1
mcl2k2 2112 4 0 4 2 1 1 1 0 8 1
mcl2k 2048 2713 0 2701 5 1 4 4 0 8 2
mtagpl 96 57 0 30 1 0 1 1 0 8 0
mbufpl 256 22920 0 22749 25 5 20 20 0 8 4
bufpl 280 11564 0 5343 445 0 445 445 0 8 0
anonpl 24 318967 0 315339 69 16 53 53 0 187 18
amapchunkpl 152 59419 0 58898 41 8 33 33 0 158 7
amappl16 200 5957 0 5917 45 33 12 15 0 8 8
amappl15 192 4 0 4 1 1 0 1 0 8 0
amappl14 184 3 0 3 1 1 0 1 0 8 0
amappl13 176 463 0 462 1 0 1 1 0 8 0
amappl12 168 2481 0 2438 2 0 2 2 0 8 0
amappl11 160 5 0 5 1 1 0 1 0 8 0
amappl10 152 47 0 37 1 0 1 1 0 8 0
amappl9 144 257 0 257 1 1 0 1 0 8 0
amappl8 136 26 0 25 1 0 1 1 0 8 0
amappl7 128 104 0 102 1 0 1 1 0 8 0
amappl6 120 346 0 332 1 0 1 1 0 8 0
amappl5 112 78 0 68 1 0 1 1 0 8 0
amappl4 104 456 0 429 1 0 1 1 0 8 0
amappl3 96 11991 0 11876 4 0 4 4 0 8 0
amappl2 88 631 0 562 2 0 2 2 0 8 0
amappl1 80 18222 0 17507 17 0 17 17 0 8 1
amappl 88 16185 0 16010 5 0 5 5 0 92 0
uvmvnodes 80 154 0 0 4 0 4 4 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 3 0 2 1 0 1 1 0 8 0
dma256 256 7 0 7 2 1 1 1 0 8 1
dma128 128 257 0 257 2 1 1 1 0 8 1
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 58 0 6 1 0 1 1 0 8 0
uaddrrnd 24 2084 0 2052 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2084 0 2052 1 0 1 1 0 8 0
vmmpekpl 168 17333 0 17292 3 0 3 3 0 8 0
vmmpepl 168 136477 0 134342 114 11 103 107 0 357 8
vmsppl 368 2083 0 2052 4 1 3 4 0 8 0
rwobjpl 40 36014 0 34738 16 1 15 16 0 8 0
pdppl 4096 4186 0 4111 125 50 75 80 0 8 0
pvpl 32 910289 0 899816 161 27 134 134 0 265 28
pmappl 216 2089 0 2053 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 440 0 84 11 0 11 11 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8337b3d0) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff833ba87a,ffffffff833a49ed,4f3,ffffffff833e9e0d) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pagedeactivate(fffffd8006cd1380) at uvm_pagedeactivate+0x347 sys/uvm/uvm_page.c:1264
uvn_flush(fffffd806a37abf8,0,2000,4) at uvn_flush+0x43b sys/uvm/uvm_vnode.c:668
uvm_map_clean(fffffd807eb82a10,200000000000,200000004000,4) at uvm_map_clean+0x7c7 sys/uvm/uvm_map.c:4484
syscall(ffff800038117d60) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff800038117d60) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe31fd16c0d0, count: -8
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8337b3d0) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff833ba87a,ffffffff833a49ed,4f3,ffffffff833e9e0d) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pagedeactivate(fffffd8006cd1380) at uvm_pagedeactivate+0x347 sys/uvm/uvm_page.c:1264
uvn_flush(fffffd806a37abf8,0,2000,4) at uvn_flush+0x43b sys/uvm/uvm_vnode.c:668
uvm_map_clean(fffffd807eb82a10,200000000000,200000004000,4) at uvm_map_clean+0x7c7 sys/uvm/uvm_map.c:4484
syscall(ffff800038117d60) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff800038117d60) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe31fd16c0d0, count: -8