panic: kernel diagnostic assertion "nlevel >= IPL_NONE" failed: file "/syzkaller/managers/main/kernel/sys/arch/amd64/amd64/intr.c", line 706
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*247201 2629 0 0x14000 0x200 0 reaper
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82885f6d) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff829092f8,ffffffff8289f9c3,2c2,ffffffff82885576) at __assert+0x29 sys/kern/subr_prf.c:157
splraise(dfa1166a) at splraise+0xa9 sys/arch/amd64/amd64/intr.c:706
mtx_enter(fffffd8065400880) at mtx_enter+0x73 sys/kern/kern_lock.c:333
pmap_page_remove(fffffd8006810680) at pmap_page_remove+0xa3 rcr3 machine/cpufunc.h:141 [inline]
pmap_page_remove(fffffd8006810680) at pmap_page_remove+0xa3 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:425 [inline]
pmap_page_remove(fffffd8006810680) at pmap_page_remove+0xa3 sys/arch/amd64/amd64/pmap.c:1950
uvm_anfree_list(fffffd8064680858,ffff80002a5c5be8) at uvm_anfree_list+0x98
amap_wipeout(fffffd806bc35ec8) at amap_wipeout+0x1c1 sys/uvm/uvm_amap.c:504
uvm_unmap_detach(ffff80002a5c5cb0,1) at uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1366
uvm_map_teardown(fffffd807f01b6e0) at uvm_map_teardown+0x28f sys/uvm/uvm_map.c:2587
uvmspace_free(fffffd807f01b6e0) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3497
reaper(ffff80002a5c7a98) at reaper+0x15d sys/kern/kern_exit.c:463
end trace frame: 0x0, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: kernel diagnostic assertion "nlevel >= IPL_NONE" failed: file "/syzkaller/managers/main/kernel/sys/arch/amd64/amd64/intr.c", line 706
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82885f6d) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff829092f8,ffffffff8289f9c3,2c2,ffffffff82885576) at __assert+0x29 sys/kern/subr_prf.c:157
splraise(dfa1166a) at splraise+0xa9 sys/arch/amd64/amd64/intr.c:706
mtx_enter(fffffd8065400880) at mtx_enter+0x73 sys/kern/kern_lock.c:333
pmap_page_remove(fffffd8006810680) at pmap_page_remove+0xa3 rcr3 machine/cpufunc.h:141 [inline]
pmap_page_remove(fffffd8006810680) at pmap_page_remove+0xa3 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:425 [inline]
pmap_page_remove(fffffd8006810680) at pmap_page_remove+0xa3 sys/arch/amd64/amd64/pmap.c:1950
uvm_anfree_list(fffffd8064680858,ffff80002a5c5be8) at uvm_anfree_list+0x98
amap_wipeout(fffffd806bc35ec8) at amap_wipeout+0x1c1 sys/uvm/uvm_amap.c:504
uvm_unmap_detach(ffff80002a5c5cb0,1) at uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1366
uvm_map_teardown(fffffd807f01b6e0) at uvm_map_teardown+0x28f sys/uvm/uvm_map.c:2587
uvmspace_free(fffffd807f01b6e0) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3497
reaper(ffff80002a5c7a98) at reaper+0x15d sys/kern/kern_exit.c:463
end trace frame: 0x0, count: -12
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80002a5c59b0
rbx 0x1
rdx 0
rcx 0
rax 0xffff80002a5c7a98
r8 0
r9 0x8080808080808080
r10 0x41e13b39cefef02f
r11 0x593947651dd27492
r12 0
r13 0xfffffd80068106e8
r14 0
r15 0x1
rip 0xffffffff81061a4c db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff80002a5c59a0
ss 0x10
db_enter+0x1c: addq $0x8,%rsp
ddb> show proc
PROC (reaper) tid=247201 pid=2629 tcnt=1 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
runpri=4, usrpri=50, slppri=4, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff80002a57dd38,0xffff80002a5c72b0
process=0xffff8000fffff240 user=0xffff80002a5c0000, vmspace=0xffffffff82e440a8
estcpu=0, cpticks=1, pctcpu=0.1, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
20972 278732 70567 0 3 0x80 fsleep syz-executor.7
20972 27863 70567 0 3 0x4000080 netio syz-executor.7
20972 349494 70567 0 3 0x4000080 fsleep syz-executor.7
20972 24734 70567 0 3 0x4000080 fsleep syz-executor.7
65626 408492 61061 60928 3 0x90 fsleep syz-executor.0
65626 69806 61061 60928 3 0x4000090 fsleep syz-executor.0
65626 126764 61061 60928 3 0x4000090 fsleep syz-executor.0
65626 215135 61061 60928 3 0x4000090 fifor syz-executor.0
43178 491884 78386 0 2 0x2 syz-executor.5
15367 186179 1 0 3 0x100083 ttyin getty
59319 519736 78386 0 2 0x482 syz-executor.2
55946 491330 78386 0 2 0x482 syz-executor.4
68054 52249 78386 0 2 0x482 syz-executor.6
34514 409775 78386 0 2 0x2 syz-executor.3
70567 129865 78386 0 2 0x482 syz-executor.7
22744 172885 0 0 3 0x14200 acct acct
98805 446420 1 0 3 0x80 fsleep syz-executor.4
98805 439429 1 0 3 0x4000080 netio syz-executor.4
45176 241534 0 0 3 0x14200 bored sosplice
61061 401291 78386 0 3 0x82 nanoslp syz-executor.0
78386 289412 4099 0 3 0x2000082 wait syz-fuzzer
78386 387859 4099 0 3 0x6000082 nanoslp syz-fuzzer
78386 250958 4099 0 3 0x6000082 thrsleep syz-fuzzer
78386 255435 4099 0 3 0x6000082 wait syz-fuzzer
78386 458942 4099 0 2 0x6000002 syz-fuzzer
78386 372069 4099 0 3 0x6000082 wait syz-fuzzer
78386 247814 4099 0 3 0x6000082 thrsleep syz-fuzzer
78386 182877 4099 0 3 0x6000082 wait syz-fuzzer
78386 218025 4099 0 3 0x6000082 wait syz-fuzzer
78386 15382 4099 0 3 0x6000082 thrsleep syz-fuzzer
78386 378167 4099 0 3 0x6000082 wait syz-fuzzer
78386 339236 4099 0 3 0x6000082 wait syz-fuzzer
78386 246371 4099 0 3 0x6000082 wait syz-fuzzer
78386 76422 4099 0 3 0x6000082 thrsleep syz-fuzzer
4099 60367 44352 0 3 0x10008a sigsusp ksh
44352 162625 93292 0 2 0x12 sshd
93292 26485 1 0 3 0x88 kqread sshd
20 22625 25273 73 3 0x1100090 kqread syslogd
25273 499845 1 0 3 0x100082 netio syslogd
72253 321266 1 0 3 0x100080 kqread resolvd
28222 305502 93491 77 3 0x100092 kqread dhcpleased
57916 78028 93491 77 3 0x100092 kqread dhcpleased
93491 330814 1 0 3 0x80 kqread dhcpleased
65872 123541 0 0 3 0x14200 bored smr
46954 410129 0 0 2 0x14200 zerothread
50605 486086 0 0 3 0x14200 aiodoned aiodoned
36760 41322 0 0 3 0x14200 syncer update
2234 191046 0 0 3 0x14200 cleaner cleaner
* 2629 247201 0 0 7 0x14200 reaper
83543 463495 0 0 3 0x14200 pgdaemon pagedaemon
9467 25204 0 0 3 0x14200 bored viomb
41010 170653 0 0 3 0x40014200 acpi0 acpi0
47739 448919 0 0 3 0x14200 bored softnet3
89536 231735 0 0 3 0x14200 bored softnet2
86729 74289 0 0 3 0x14200 bored softnet1
73651 475485 0 0 2 0x14200 softnet0
30293 398586 0 0 3 0x14200 bored systqmp
80078 282621 0 0 3 0x14200 bored systq
28785 415923 0 0 3 0x40014200 tmoslp softclock
85173 216516 0 0 3 0x40014200 idle0
1 338886 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10207 6430K 8552K 166960K 57302 0
pcb 15 14K 16K 166960K 967 0
rtable 196 14K 15K 166960K 3468 0
pf 31 9K 9K 166960K 140 0
ifaddr 42 11K 11K 166960K 148 0
ifgroup 54 2K 2K 166960K 241 0
sysctl 3 0K 0K 166960K 5 0
counters 31 17K 17K 166960K 80 0
ioctlops 0 0K 2K 166960K 4998 0
iov 0 0K 32K 166960K 1214 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1658 104K 104K 166960K 21785 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 13K 166960K 1127 0
VM map 2 1K 1K 166960K 2 0
sem 12 1K 1K 166960K 15 0
dirhash 12 2K 2K 166960K 18 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 12 41K 73K 166960K 35563 0
sigio 0 0K 0K 166960K 1257 0
proc 63 59K 75K 166960K 1219 0
subproc 104 6K 8K 166960K 388 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 913 0
in_multi 77 5K 7K 166960K 303 0
ether_multi 1 0K 0K 166960K 9 0
mrt 1 0K 0K 166960K 9 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 235 1049K 1049K 166960K 235 0
exec 0 0K 1K 166960K 2070 0
pfkey data 0 0K 4K 166960K 47 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 383 164K 172K 166960K 339681 0
UVM aobj 131 4K 4K 166960K 151 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 275 0
NDP 12 0K 2K 166960K 105 0
temp 78 6764K 7076K 166960K 133037 0
kqueue 12 18K 28K 166960K 2750 0
SYN cache 2 104K 112K 166960K 3 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 496 0 493 3 0 3 3 0 8 2
rtentry 112 1354 0 1266 4 0 4 4 0 8 1
unpcb 144 13854 0 13835 11 2 9 11 0 8 8
syncache 336 71 0 71 2 1 1 1 0 8 1
tcpqe 32 163 0 163 2 1 1 1 0 8 1
tcpcb 808 4357 0 4348 8 0 8 8 0 8 6
arp 88 402 0 388 1 0 1 1 0 8 0
ipq 40 7 0 7 2 1 1 1 0 8 1
ipqe 40 15 0 15 2 1 1 1 0 8 1
inpcb 360 22280 0 22268 18 9 9 13 0 8 7
nd6 104 71 0 53 1 0 1 1 0 8 0
pkpcb 40 199 0 199 1 0 1 1 0 8 1
kcovpl 48 29 0 21 1 0 1 1 0 8 0
ppxss 1072 10 0 10 2 1 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 3277 0 2906 34 10 24 30 0 8 0
art_table 32 3278 0 2906 4 0 4 4 0 8 1
art_node 16 1341 0 1261 1 0 1 1 0 8 0
sysvmsgpl 40 10 0 0 1 0 1 1 0 8 0
semapl 112 10 0 0 1 0 1 1 0 8 0
shmpl 112 148 0 20 4 0 4 4 0 8 0
dirhash 1024 21 0 4 3 0 3 3 0 8 0
dino2pl 256 42671 0 41224 91 0 91 91 0 8 0
ffsino 240 42671 0 41224 86 0 86 86 0 8 0
nchpl 144 88225 0 86576 63 0 63 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 249049 0 249049 4 2 2 3 0 8 2
vcpupl 2048 26 0 5 3 0 3 3 0 8 0
vmpool 664 26 0 5 2 0 2 2 0 8 0
kstatmem 264 122 0 98 2 0 2 2 0 8 0
scxspl 216 231506 0 231506 11 7 4 8 1 8 4
plimitpl 152 343 0 327 1 0 1 1 0 8 0
sigapl 424 35924 0 35879 8 0 8 8 0 8 2
futexpl 64 237038 0 237031 1 0 1 1 0 8 0
knotepl 120 270579 0 270496 28 17 11 18 0 8 8
kqueuepl 184 7478 0 7469 7 0 7 7 0 8 6
pipepl 288 4111 0 4082 11 0 11 11 0 8 8
fdescpl 432 35806 0 35783 4 0 4 4 0 8 0
filepl 120 160607 0 160369 17 0 17 17 0 8 8
lockfpl 104 6084 0 6082 2 0 2 2 0 8 1
lockfspl 48 2209 0 2207 1 0 1 1 0 8 0
sessionpl 144 41 0 24 1 0 1 1 0 8 0
pgrppl 48 478 0 461 1 0 1 1 0 8 0
ucredpl 104 20933 0 20918 1 0 1 1 0 8 0
zombiepl 144 35883 0 35879 1 0 1 1 0 8 0
processpl 1072 35924 0 35879 5 0 5 5 0 8 0
procpl 680 96464 0 96399 9 0 9 9 0 8 2
sosppl 168 90 0 90 2 1 1 1 0 8 1
sockpl 488 36836 0 36802 329 315 14 36 0 8 8
mcl64k 65536 770 0 770 2 1 1 1 0 8 1
mcl16k 16384 278 0 278 2 1 1 1 0 8 1
mcl12k 12288 889 0 889 2 1 1 1 0 8 1
mcl9k 9216 403 0 403 1 0 1 1 0 8 1
mcl8k 8192 1062 0 1062 10 2 8 9 0 8 8
mcl4k 4096 2772 0 2772 2 1 1 1 0 8 1
mcl2k2 2112 203 0 203 2 1 1 1 0 8 1
mcl2k 2048 107078 0 107035 50 37 13 28 0 8 6
mtagpl 96 2516 0 2404 21 13 8 21 0 8 5
mbufpl 256 355741 0 354767 505 431 74 273 0 8 7
bufpl 280 43130 0 36738 457 0 457 457 0 8 0
anonpl 24 2752596 0 2740521 108 6 102 102 0 188 18
amapchunkpl 152 1065452 0 1064711 41 4 37 37 0 158 4
amappl16 200 45643 0 45252 72 41 31 34 0 8 8
amappl15 192 58 0 57 1 0 1 1 0 8 0
amappl14 184 205 0 192 2 1 1 2 0 8 0
amappl13 176 68 0 65 1 0 1 1 0 8 0
amappl12 168 36683 0 36656 2 0 2 2 0 8 0
amappl11 160 49 0 39 1 0 1 1 0 8 0
amappl10 152 46 0 35 1 0 1 1 0 8 0
amappl9 144 225 0 225 2 1 1 1 0 8 1
amappl8 136 730 0 621 4 0 4 4 0 8 0
amappl7 128 278 0 254 2 0 2 2 0 8 0
amappl6 120 587 0 577 1 0 1 1 0 8 0
amappl5 112 526 0 518 1 0 1 1 0 8 0
amappl4 104 736 0 716 2 1 1 2 0 8 0
amappl3 96 212133 0 212047 4 0 4 4 0 8 1
amappl2 88 36993 0 36918 3 1 2 3 0 8 0
amappl1 80 132309 0 131797 22 10 12 22 0 8 0
amappl 88 338817 0 338610 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 150 0 20 3 0 3 3 0 8 0
uaddrrnd 24 35832 0 35788 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 35832 0 35788 1 0 1 1 0 8 0
vmmpekpl 168 235321 0 235247 4 0 4 4 0 8 0
vmmpepl 168 2016014 0 2013905 146 20 126 126 0 357 19
vmsppl 352 35831 0 35787 5 0 5 5 0 8 0
rwobjpl 24 454186 0 446665 48 0 48 48 0 8 1
pdppl 4096 71670 0 71595 2462 2377 85 85 0 8 10
pvpl 32 8284881 0 8267466 422 233 189 362 0 265 34
pmappl 216 35831 0 35787 3 0 3 3 0 8 0
pool(pmappl): free list modified: page 0xfffffd8065400000; item ordinal 3; addr 0xfffffd8065400880 (p 0xfffffd8065400000); offset 0x1c=0xdeadbef0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 3288 0 2865 19 1 18 18 0 8 1
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82885f6d) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff829092f8,ffffffff8289f9c3,2c2,ffffffff82885576) at __assert+0x29 sys/kern/subr_prf.c:157
splraise(dfa1166a) at splraise+0xa9 sys/arch/amd64/amd64/intr.c:706
mtx_enter(fffffd8065400880) at mtx_enter+0x73 sys/kern/kern_lock.c:333
pmap_page_remove(fffffd8006810680) at pmap_page_remove+0xa3 rcr3 machine/cpufunc.h:141 [inline]
pmap_page_remove(fffffd8006810680) at pmap_page_remove+0xa3 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:425 [inline]
pmap_page_remove(fffffd8006810680) at pmap_page_remove+0xa3 sys/arch/amd64/amd64/pmap.c:1950
uvm_anfree_list(fffffd8064680858,ffff80002a5c5be8) at uvm_anfree_list+0x98
amap_wipeout(fffffd806bc35ec8) at amap_wipeout+0x1c1 sys/uvm/uvm_amap.c:504
uvm_unmap_detach(ffff80002a5c5cb0,1) at uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1366
uvm_map_teardown(fffffd807f01b6e0) at uvm_map_teardown+0x28f sys/uvm/uvm_map.c:2587
uvmspace_free(fffffd807f01b6e0) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3497
reaper(ffff80002a5c7a98) at reaper+0x15d sys/kern/kern_exit.c:463
end trace frame: 0x0, count: -12
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82885f6d) at panic+0x165 sys/kern/subr_prf.c:198
__assert(ffffffff829092f8,ffffffff8289f9c3,2c2,ffffffff82885576) at __assert+0x29 sys/kern/subr_prf.c:157
splraise(dfa1166a) at splraise+0xa9 sys/arch/amd64/amd64/intr.c:706
mtx_enter(fffffd8065400880) at mtx_enter+0x73 sys/kern/kern_lock.c:333
pmap_page_remove(fffffd8006810680) at pmap_page_remove+0xa3 rcr3 machine/cpufunc.h:141 [inline]
pmap_page_remove(fffffd8006810680) at pmap_page_remove+0xa3 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:425 [inline]
pmap_page_remove(fffffd8006810680) at pmap_page_remove+0xa3 sys/arch/amd64/amd64/pmap.c:1950
uvm_anfree_list(fffffd8064680858,ffff80002a5c5be8) at uvm_anfree_list+0x98
amap_wipeout(fffffd806bc35ec8) at amap_wipeout+0x1c1 sys/uvm/uvm_amap.c:504
uvm_unmap_detach(ffff80002a5c5cb0,1) at uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1366
uvm_map_teardown(fffffd807f01b6e0) at uvm_map_teardown+0x28f sys/uvm/uvm_map.c:2587
uvmspace_free(fffffd807f01b6e0) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3497
reaper(ffff80002a5c7a98) at reaper+0x15d sys/kern/kern_exit.c:463
end trace frame: 0x0, count: -12