login: panic: kernel diagnostic assertion "pmap->pm_type != PMAP_TYPE_EPT" failed: file "/syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/pmap.c", line 401
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*167747 13952 0 0x14000 0x200 0 reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8259b217) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff82612c02,ffffffff825be8f2,191,ffffffff82619881) at __assert+0x25 sys/kern/subr_prf.c:161
pmap_page_remove(fffffd80079d1120) at pmap_page_remove+0x5a4 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:415 [inline]
pmap_page_remove(fffffd80079d1120) at pmap_page_remove+0x5a4 sys/arch/amd64/amd64/pmap.c:1919
uvm_anfree_list(fffffd806897dbb8,ffff8000211491d8) at uvm_anfree_list+0x98
amap_wipeout(fffffd806fbeeb40) at amap_wipeout+0x1b1 sys/uvm/uvm_amap.c:504
uvm_unmap_detach(ffff8000211492a0,1) at uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1599
uvm_map_teardown(fffffd806aee6010) at uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789
uvmspace_free(fffffd806aee6010) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3684
reaper(ffff8000211437a8) at reaper+0x19a sys/kern/kern_exit.c:454
end trace frame: 0x0, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: kernel diagnostic assertion "pmap->pm_type != PMAP_TYPE_EPT" failed: file "/syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/pmap.c", line 401
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8259b217) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff82612c02,ffffffff825be8f2,191,ffffffff82619881) at __assert+0x25 sys/kern/subr_prf.c:161
pmap_page_remove(fffffd80079d1120) at pmap_page_remove+0x5a4 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:415 [inline]
pmap_page_remove(fffffd80079d1120) at pmap_page_remove+0x5a4 sys/arch/amd64/amd64/pmap.c:1919
uvm_anfree_list(fffffd806897dbb8,ffff8000211491d8) at uvm_anfree_list+0x98
amap_wipeout(fffffd806fbeeb40) at amap_wipeout+0x1b1 sys/uvm/uvm_amap.c:504
uvm_unmap_detach(ffff8000211492a0,1) at uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1599
uvm_map_teardown(fffffd806aee6010) at uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789
uvmspace_free(fffffd806aee6010) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3684
reaper(ffff8000211437a8) at reaper+0x19a sys/kern/kern_exit.c:454
end trace frame: 0x0, count: -10
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800021149020
rbx 0xffffffff82981c5f cpu_info_full_primary+0x2c5f
rdx 0
rcx 0
rax 0xffff8000211437a8
r8 0
r9 0x8080808080808080
r10 0xbed43e74c5bc94d3
r11 0x14bb0b04b861fd04
r12 0xffffffff82981a60 cpu_info_full_primary+0x2a60
r13 0
r14 0
r15 0x1
rip 0xffffffff815da138 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800021149010
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (reaper) pid=167747 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
pri=4, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff800021143ce8,0xffff800021143518
process=0xffff8000fffff608 user=0xffff800021144000, vmspace=0xffffffff82a1c1d8
estcpu=1, cpticks=3, pctcpu=0.52
user=0, sys=2, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
66135 172900 55040 0 2 0 syz-executor.2
66135 401788 55040 0 3 0x4000080 fsleep syz-executor.2
93383 407947 64459 0 2 0 syz-executor.6
93383 180437 64459 0 3 0x4000080 fsleep syz-executor.6
77022 286466 55410 0 2 0x2 syz-executor.5
56909 7148 55410 0 2 0x482 syz-executor.3
7725 269965 55410 0 2 0x482 syz-executor.1
64459 316282 55410 0 2 0x482 syz-executor.6
62524 323118 55410 0 2 0x2 syz-executor.4
55502 346412 1 0 3 0x100083 ttyopn getty
73360 170245 0 0 3 0x14200 acct acct
84838 462724 55410 0 3 0x82 piperd syz-executor.0
24728 194278 0 0 3 0x14280 nfsidl nfsio
60204 427968 0 0 3 0x14280 nfsidl nfsio
93121 325284 0 0 3 0x14280 nfsidl nfsio
80594 355660 0 0 3 0x14280 nfsidl nfsio
33678 356646 0 0 3 0x14280 nfsidl nfsio
81120 390181 0 0 3 0x14280 nfsidl nfsio
8342 117202 0 0 3 0x14280 nfsidl nfsio
10123 228733 0 0 3 0x14280 nfsidl nfsio
2458 85814 0 0 3 0x14280 nfsidl nfsio
71105 215739 0 0 3 0x14280 nfsidl nfsio
25198 304773 0 0 3 0x14280 nfsidl nfsio
50470 280881 0 0 3 0x14280 nfsidl nfsio
30748 110372 0 0 3 0x14280 nfsidl nfsio
47223 363193 0 0 3 0x14280 nfsidl nfsio
50469 5 0 0 3 0x14280 nfsidl nfsio
6898 118894 0 0 3 0x14280 nfsidl nfsio
56348 463246 0 0 3 0x14280 nfsidl nfsio
99717 246799 0 0 3 0x14280 nfsidl nfsio
58536 310625 0 0 3 0x14280 nfsidl nfsio
65761 250010 0 0 3 0x14280 nfsidl nfsio
98764 353008 0 0 3 0x14200 bored sosplice
55040 482296 55410 0 2 0x482 syz-executor.2
55410 96863 17271 0 3 0x82 thrsleep syz-fuzzer
55410 264071 17271 0 2 0x4000482 syz-fuzzer
55410 161909 17271 0 2 0x4000082 syz-fuzzer
55410 187855 17271 0 3 0x4000082 thrsleep syz-fuzzer
55410 8109 17271 0 3 0x4000082 thrsleep syz-fuzzer
55410 242699 17271 0 2 0x4000482 syz-fuzzer
55410 486343 17271 0 3 0x4000082 thrsleep syz-fuzzer
55410 317050 17271 0 3 0x4000082 thrsleep syz-fuzzer
55410 364220 17271 0 3 0x4000082 thrsleep syz-fuzzer
17271 235514 67832 0 3 0x10008a sigsusp ksh
67832 213649 90073 0 3 0x9a kqread sshd
90073 304927 1 0 3 0x88 kqread sshd
5426 453828 45225 74 3 0x1100092 bpf pflogd
45225 295013 1 0 3 0x80 netio pflogd
56594 345725 18526 73 3 0x1100090 kqread syslogd
18526 89718 1 0 3 0x100082 netio syslogd
16523 10846 1 0 3 0x100080 kqread resolvd
26564 279445 67539 77 3 0x100092 kqread dhcpleased
88623 198542 67539 77 3 0x100092 kqread dhcpleased
67539 249905 1 0 3 0x80 kqread dhcpleased
8414 311122 0 0 3 0x14200 bored smr
49981 497150 0 0 2 0x14200 zerothread
24913 46610 0 0 3 0x14200 aiodoned aiodoned
98113 490850 0 0 3 0x14200 syncer update
40637 34204 0 0 3 0x14200 cleaner cleaner
*13952 167747 0 0 7 0x14200 reaper
52849 83090 0 0 3 0x14200 pgdaemon pagedaemon
86124 441936 0 0 3 0x14200 bored viomb
73993 235118 0 0 3 0x40014200 acpi0 acpi0
85418 25309 0 0 7 0x40014200 idle1
6800 263255 0 0 3 0x14200 bored softnet
37056 431757 0 0 3 0x14200 bored softnet
44239 121894 0 0 3 0x14200 bored softnet
40610 159838 0 0 3 0x14200 bored softnet
16437 37391 0 0 3 0x14200 bored systqmp
29286 227001 0 0 3 0x14200 bored systq
33571 135885 0 0 3 0x40014200 bored softclock
14069 5293 0 0 3 0x40014200 idle0
1 23116 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 77022 (syz-executor.5) thread 0xffff800021229cf0 (286466)
Process 62524 (syz-executor.4) thread 0xffff8000fffefce8 (323118)
Process 13952 (reaper) thread 0xffff8000211437a8 (167747)
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10202 6501K 7434K 78643K 37451 0
pcb 13 14K 16K 78643K 1047 0
rtable 179 12K 15K 78643K 2075 0
ifaddr 85 19K 22K 78643K 1138 0
sysctl 3 1K 3K 78643K 12 0
counters 52 35K 36K 78643K 266 0
ioctlops 0 0K 4K 78643K 3665 0
iov 0 0K 28K 78643K 943 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1555 97K 98K 78643K 8342 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 72 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 1167 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 11 37K 89K 78643K 9173 0
sigio 0 0K 0K 78643K 302 0
proc 74 91K 127K 78643K 1399 0
subproc 91 5K 6K 78643K 286 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 431 0
in_multi 67 4K 6K 78643K 392 0
ether_multi 1 0K 0K 78643K 34 0
mrt 1 0K 0K 78643K 19 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 163 731K 731K 78643K 163 0
exec 0 0K 2K 78643K 2190 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 409 807K 816K 78643K 54362 0
UVM aobj 131 4K 4K 78643K 141 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 270 0
NDP 12 0K 1K 78643K 172 0
temp 362 5196K 5770K 78643K 59499 0
kqueue 12 18K 26K 78643K 756 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 377 0 374 6 5 1 3 0 8 0
rtentry 112 353 0 288 4 1 3 4 0 8 0
unpcb 136 5514 0 5499 63 62 1 6 0 8 0
syncache 296 35 0 35 9 8 1 1 0 8 1
sackhl 24 1 0 1 1 1 0 1 0 8 0
tcpqe 32 103 0 103 7 7 0 1 0 8 0
tcpcb 736 2574 0 2564 80 73 7 15 0 8 6
arp 120 49 0 38 1 0 1 1 0 8 0
inpcb 312 6410 0 6400 104 98 6 11 0 8 5
ip6q 72 23 0 23 2 2 0 1 0 8 0
ip6af 40 69 0 69 2 2 0 1 0 8 0
nd6 48 77 0 62 1 0 1 1 0 8 0
pkpcb 40 11 0 11 3 3 0 1 0 8 0
kcovpl 48 22 0 15 1 0 1 1 0 8 0
ppxss 1248 42 0 42 11 10 1 1 0 8 1
pfstscr 40 86 0 86 7 7 0 1 0 8 0
pffrag 232 15 0 15 4 4 0 1 0 482 0
pffrnode 88 15 0 15 4 4 0 1 0 8 0
pffrent 40 38 0 38 4 4 0 1 0 8 0
pfosfp 40 1432 0 1008 5 0 5 5 0 8 0
pfosfpen 112 1432 0 717 21 0 21 21 0 8 0
pfrktable 1344 406 0 394 4 3 1 2 0 8 0
pftag 88 9 0 5 1 0 1 1 0 8 0
pfstitem 24 43 0 41 1 0 1 1 0 8 0
pfstkey 112 397 0 395 1 0 1 1 0 8 0
pfstate 336 216 0 214 2 1 1 2 0 8 0
pfsrctr 152 10 0 9 1 0 1 1 0 8 0
pfrule 1360 632 0 573 7 2 5 5 0 8 0
rttmr 64 6 0 6 2 2 0 1 0 8 0
art_heap8 4096 3 0 2 3 2 1 3 0 8 0
art_heap4 256 1492 0 1181 44 18 26 29 0 8 2
art_table 32 1495 0 1183 4 0 4 4 0 8 0
art_node 16 345 0 290 1 0 1 1 0 8 0
sysvmsgpl 40 86 0 46 1 0 1 1 0 8 0
semapl 112 1165 0 1155 1 0 1 1 0 8 0
shmpl 112 138 0 10 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 13802 0 12335 93 0 93 93 0 8 0
ffsino 272 13802 0 12335 99 0 99 99 0 8 0
nchpl 144 25916 0 24264 63 0 63 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 224 5926 0 0 349 0 349 349 0 8 0
namei 1024 99522 0 99521 10 9 1 2 0 8 0
percpumem 16 145 0 107 1 0 1 1 0 8 0
vcpupl 2048 84 0 2 11 0 11 11 0 8 0
vmpool 560 89 0 7 6 0 6 6 0 8 0
pfiaddrpl 120 129 0 110 2 1 1 1 0 8 0
kstatmem 264 238 0 214 5 2 3 3 0 8 1
scsiplug 72 15 0 15 5 5 0 1 0 8 0
scxspl 216 78729 0 78729 26 25 1 8 0 8 1
plimitpl 152 1070 0 1055 1 0 1 1 0 8 0
sigapl 424 9496 0 9430 11 3 8 8 0 8 0
futexpl 64 84303 0 84301 5 4 1 1 0 8 0
knotepl 120 759 0 0 11 0 11 11 0 8 0
kqueuepl 216 1920 0 1912 30 29 1 7 0 8 0
pipepl 336 1554 0 1525 44 40 4 8 0 8 1
fdescpl 496 9436 0 9412 5 1 4 5 0 8 0
filepl 152 67652 0 67426 159 144 15 23 0 8 5
lockfpl 104 3391 0 3389 9 8 1 2 0 8 0
lockfspl 48 950 0 948 1 0 1 1 0 8 0
sessionpl 144 40 0 23 1 0 1 1 0 8 0
pgrppl 48 48 0 31 1 0 1 1 0 8 0
ucredpl 96 9254 0 9239 1 0 1 1 0 8 0
zombiepl 144 9433 0 9430 2 1 1 1 0 8 0
processpl 1064 9496 0 9430 5 0 5 5 0 8 0
procpl 672 25687 0 25611 27 19 8 9 0 8 0
srpgc 96 24 0 24 10 9 1 1 0 8 1
sosppl 168 56 0 56 9 9 0 1 0 8 0
sockpl 480 12325 0 12297 307 295 12 24 0 8 7
mcl64k 65536 24 0 0 3 1 2 3 0 8 0
mcl16k 16384 23 0 0 3 1 2 3 0 8 0
mcl12k 12288 19 0 0 2 0 2 2 0 8 0
mcl9k 9216 17 0 0 2 0 2 2 0 8 0
mcl8k 8192 17 0 0 3 0 3 3 0 8 0
mcl4k 4096 34 0 0 4 2 2 3 0 8 0
mcl2k2 2112 6 0 0 1 0 1 1 0 8 0
mcl2k 2048 242 0 0 20 1 19 20 0 8 0
mtagpl 96 1254 0 0 28 0 28 28 0 8 0
mbufpl 256 1673 0 0 91 0 91 91 0 8 0
bufpl 288 17295 0 10965 453 0 453 453 0 8 0
anonpl 24 1774919 0 1757902 245 122 123 150 0 186 3
amapchunkpl 152 160906 0 160164 87 52 35 44 0 158 0
amappl16 200 23672 0 23108 123 90 33 53 0 8 0
amappl15 192 3474 0 3471 4 3 1 1 0 8 0
amappl14 184 2193 0 2188 1 0 1 1 0 8 0
amappl13 176 1810 0 1806 1 0 1 1 0 8 0
amappl12 168 496 0 492 1 0 1 1 0 8 0
amappl11 160 578 0 558 5 4 1 2 0 8 0
amappl10 152 706 0 699 1 0 1 1 0 8 0
amappl9 144 968 0 964 1 0 1 1 0 8 0
amappl8 136 2755 0 2657 4 0 4 4 0 8 0
amappl7 128 1932 0 1920 1 0 1 1 0 8 0
amappl6 120 797 0 772 2 1 1 2 0 8 0
amappl5 112 6675 0 6658 1 0 1 1 0 8 0
amappl4 104 4402 0 4366 5 3 2 2 0 8 0
amappl3 96 28290 0 28249 2 0 2 2 0 8 0
amappl2 88 12035 0 11976 3 1 2 3 0 8 0
amappl1 80 225271 0 224698 25 10 15 20 0 8 0
amappl 88 53388 0 53177 7 1 6 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 140 0 10 3 0 3 3 0 8 0
uaddrrnd 24 9525 0 9419 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 9525 0 9419 1 0 1 1 0 8 0
vmmpekpl 168 69400 0 69326 4 0 4 4 0 8 0
vmmpepl 168 909299 0 906869 265 133 132 159 0 357 0
vmsppl 368 9524 0 9418 12 1 11 11 0 8 0
rwobjpl 56 226816 0 219140 137 26 111 114 0 8 0
pdppl 4096 19057 0 18918 583 432 151 151 0 8 12
pvpl 32 3605871 0 3584565 502 291 211 257 0 265 22
pmappl 248 9524 0 9418 9 1 8 8 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 1675 0 683 29 0 29 29 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8259b217) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff82612c02,ffffffff825be8f2,191,ffffffff82619881) at __assert+0x25 sys/kern/subr_prf.c:161
pmap_page_remove(fffffd80079d1120) at pmap_page_remove+0x5a4 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:415 [inline]
pmap_page_remove(fffffd80079d1120) at pmap_page_remove+0x5a4 sys/arch/amd64/amd64/pmap.c:1919
uvm_anfree_list(fffffd806897dbb8,ffff8000211491d8) at uvm_anfree_list+0x98
amap_wipeout(fffffd806fbeeb40) at amap_wipeout+0x1b1 sys/uvm/uvm_amap.c:504
uvm_unmap_detach(ffff8000211492a0,1) at uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1599
uvm_map_teardown(fffffd806aee6010) at uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789
uvmspace_free(fffffd806aee6010) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3684
reaper(ffff8000211437a8) at reaper+0x19a sys/kern/kern_exit.c:454
end trace frame: 0x0, count: -10
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206
sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178
end trace frame: 0x0, count: 10
ddb{1}> trace
x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206
sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178
end trace frame: 0x0, count: -5