panic: kernel diagnostic aWAsRsNIeNG:r tSPLi NoOn "T LdOWuEpeRE =D= NONU LLSY"S fCAaLilL e1d10 :5 3f ilEeX I"T 0/ sayzk
alStopped at savectx+0xae: movl $0,%gs:0x680
TID PID UID PRFLAGS PFLAGS CPU COMMAND
370026 49256 0 0x8000002 0 1 syz-executor
*420802 56271 0 0x8000002 0 0 syz-executor
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7e7e4b33f2e0, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu1: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 144
ddb{0}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7e7e4b33f2e0, count: -1
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80002a082ee0
rbx 0
rdx 0
rcx 0xffff8000ffffca30
rax 0x34
r8 0xffff80002a082e10
r9 0
r10 0x209230607f47878e
r11 0x769a5299a558f399
r12 0
r13 0
r14 0xffff8000ffffca30
r15 0
rip 0xffffffff82ce53ee savectx+0xae
cs 0x8
rflags 0x46
rsp 0xffff80002a082e60
ss 0x10
savectx+0xae: movl $0,%gs:0x680
ddb{0}> show proc
PROC (syz-executor) tid=420802 pid=56271 tcnt=1 stat=onproc
flags process=8000002<EXEC,PIN> proc=0
runpri=24, usrpri=78, slppri=24, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff800029fd9958,0xffff80002db73480
process=0xffff800029fe8908 user=0xffff80002a07d000, vmspace=0xfffffd80092f2528
estcpu=28, cpticks=1, pctcpu=0.43, user=195, sys=2056, intr=37
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
61001 163983 31632 0 3 0x8000080 nanoslp syz-executor
61001 294319 31632 0 3 0xc000080 fsleep syz-executor
61001 516261 31632 0 3 0xc000080 fsleep syz-executor
61001 380522 31632 0 3 0xc000080 fsleep syz-executor
77972 151702 40972 0 3 0x8000080 nanoslp syz-executor
77972 468752 40972 0 3 0xc000080 fsleep syz-executor
77972 500352 40972 0 3 0xc000080 fsleep syz-executor
77972 23902 40972 0 3 0xc000080 fsleep syz-executor
48621 90644 57221 60928 3 0x8000090 nanoslp syz-executor
48621 267739 57221 60928 3 0xc000090 kqread syz-executor
48621 181883 57221 60928 3 0xc000090 fsleep syz-executor
16994 417913 1610 0 2 0x8000000 syz-executor
16994 223680 1610 0 3 0xc000080 lockf syz-executor
16994 140471 1610 0 3 0xc000080 lockf syz-executor
16994 284638 1610 0 3 0xc000000 vmmaplk syz-executor
16994 330802 1610 0 2 0xc000000 syz-executor
2713 144931 56271 0 3 0x8000002 biowait syz-executor
40972 168133 56271 0 3 0x8000082 nanoslp syz-executor
99639 151945 56271 0 3 0x8000002 biowait syz-executor
57221 65951 56271 0 3 0x8000082 nanoslp syz-executor
46554 187400 56271 0 3 0x8000002 biowait syz-executor
31632 179483 56271 0 3 0x8000082 nanoslp syz-executor
49256 370026 56271 0 7 0x8000002 syz-executor
1610 167660 56271 0 2 0x8000482 syz-executor
37514 505361 1 0 3 0x18100083 ttyin getty
86920 268350 0 0 3 0x14200 bored sosplice
*56271 420802 34976 0 7 0x8000002 syz-executor
34976 40680 75327 0 3 0x810008a sigsusp ksh
75327 64578 37374 0 3 0x18000098 kqread sshd-session
37374 170050 53825 0 3 0x18000092 kqread sshd-session
53825 428088 1 0 3 0x18000088 kqread sshd
3626 86130 39051 74 3 0x19100092 bpf pflogd
39051 391116 1 0 3 0x18000080 sbwait pflogd
79460 327727 74473 73 3 0x19100090 kqread syslogd
74473 23776 1 0 3 0x18100082 sbwait syslogd
41244 449048 1 0 3 0x18100080 kqread resolvd
1712 523948 4305 77 3 0x18100092 kqread dhcpleased
37408 373697 4305 77 3 0x18100092 kqread dhcpleased
4305 408888 1 0 3 0x18000080 kqread dhcpleased
61563 39829 0 0 3 0x14200 bored smr
95591 308231 0 0 2 0x14200 zerothread
46169 164660 0 0 3 0x14200 aiodoned aiodoned
57108 19074 0 0 3 0x14200 syncer update
47259 124236 0 0 3 0x14200 cleaner cleaner
20117 193833 0 0 3 0x14200 reaper reaper
57544 272785 0 0 3 0x14200 pgdaemon pagedaemon
75813 334627 0 0 3 0x14200 bored viomb
19438 236203 0 0 3 0x40014200 acpi0 acpi0
91332 208589 0 0 3 0x40014200 idle1
77321 272693 0 0 3 0x14200 bored softnet3
8276 366771 0 0 3 0x14200 bored softnet2
31578 27678 0 0 3 0x14200 bored softnet1
18554 392645 0 0 3 0x14200 bored softnet0
86679 410224 0 0 3 0x14200 bored systqmp
28323 108140 0 0 3 0x14200 bored systq
50358 84806 0 0 3 0x14200 tmoslp softclockmp
5083 137996 0 0 3 0x40014200 tmoslp softclock
19340 491855 0 0 3 0x40014200 idle0
1 492073 0 0 3 0x8080082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd806d1398d0)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 mtx_enter_try+0x178
#2 mtx_enter+0x60 sys/kern/kern_lock.c:239
#3 pmap_do_remove+0xa9 rcr3 machine/cpufunc.h:139 [inline]
#3 pmap_do_remove+0xa9 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:430 [inline]
#3 pmap_do_remove+0xa9 sys/arch/amd64/amd64/pmap.c:1815
#4 uvm_unmap_kill_entry_withlock+0x274 sys/uvm/uvm_map.c:1865
#5 uvm_unmap_remove+0x6a2 sys/uvm/uvm_map.c:2004
#6 uvm_mapanon+0x5f9 sys/uvm/uvm_map.c:805
#7 uvm_mmapanon+0x1d0 sys/uvm/uvm_mmap.c:1020
#8 sys_mmap+0xa96 sys/uvm/uvm_mmap.c:421
#9 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#9 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#10 Xsyscall+0x128
CPU 1:
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd806d1396e0)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 mtx_enter_try+0x178
#2 mtx_enter+0x60 sys/kern/kern_lock.c:239
#3 pmap_enter+0x246 rcr3 machine/cpufunc.h:139 [inline]
#3 pmap_enter+0x246 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:430 [inline]
#3 pmap_enter+0x246 sys/arch/amd64/amd64/pmap.c:2755
#4 uvm_fault_upper+0x376 sys/uvm/uvm_fault.c:1056
#5 uvm_fault+0x1b2 sys/uvm/uvm_fault.c:608
#6 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188
#7 usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436
#8 recall_trap+0x8
Process 16994 (syz-executor) thread 0xffff80002f5742c0 (330802)
uvm_fault(0xfffffd80092f2528, 0x200000012, 0, 1) -> e
fatal page fault in supervisor mode
trap type 6 code 0 rip ffffffff825e91ed cs 8 rflags 10202 cr2 200000012 cpl d rsp ffff80002a082a50
gsbase 0xffffffff83413ff0 kgsbase 0x0
panic: trap type 6, code=0, pc=ffffffff825e91ed
Starting stack trace...
panic(ffffffff82fd066b) at panic+0x1d0 sys/kern/subr_prf.c:229
kerntrap(ffff80002a0829a0) at kerntrap+0x29b sys/arch/amd64/amd64/trap.c:327
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
witness_ddb_list(ffff80002f5742c0) at witness_ddb_list+0x12d witness_list_lock sys/kern/subr_witness.c:1836 [inline]
witness_ddb_list(ffff80002f5742c0) at witness_ddb_list+0x12d witness_list_locks sys/kern/subr_witness.c:1961 [inline]
witness_ddb_list(ffff80002f5742c0) at witness_ddb_list+0x12d sys/kern/subr_witness.c:2107
db_witness_list_all(ffffffff82ce53ee,0,ffffffffffffffff,ffff80002a082b20) at db_witness_list_all+0x42c sys/kern/subr_witness.c:2168
db_command(ffffffff835c5130,ffffffff83275160) at db_command+0x647 sys/ddb/db_command.c:293
db_command_loop() at db_command_loop+0x132 sys/ddb/db_command.c:724
db_trap(1,0) at db_trap+0x2af sys/ddb/db_trap.c:56
db_ktrap(1,0,ffff80002a082db0) at db_ktrap+0x303 sys/arch/amd64/amd64/db_interface.c:151
kerntrap(ffff80002a082db0) at kerntrap+0x1dc sys/arch/amd64/amd64/trap.c:323
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7e7e4b33f2e0, count: 245
End of stack trace.
dump to dev 4,1 not possible