panic: kernel diagnostic assertion "(pg->pg_flags & PG_BUSY) == 0" failed: file "/syzkaller/managers/main/kernel/sys/arch/amd64/amd64/pmap.c", line 1422 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *350673 61739 0 0x8000000 0x4000000 0 syz-executor.4 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82927f81) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e1476,ffffffff8283578e,58e,ffffffff8288c534) at __assert+0x29 sys/kern/subr_prf.c:157 pmap_destroy(fffffd806c4545f0) at pmap_destroy+0x2a4 sys/arch/amd64/amd64/pmap.c:1422 uvm_map_teardown(fffffd806b7b1ad8) at uvm_map_teardown+0x287 sys/uvm/uvm_map.c:2557 uvmspace_free(fffffd806b7b1ad8) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3461 vm_teardown(ffff800032b7b310) at vm_teardown+0x105 sys/dev/vmm/vmm.c:555 vm_terminate(ffff800032b7b5b0) at vm_terminate+0x121 sys/dev/vmm/vmm.c:688 vmmioctl(a00,80045604,ffff800032b7b5b0,1,ffff80002a6c2f88) at vmmioctl+0x291 sys/dev/vmm/vmm.c:248 VOP_IOCTL(fffffd806ed7c000,80045604,ffff800032b7b5b0,1,fffffd807f7d7820,ffff80002a6c2f88) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd80679df900,80045604,ffff800032b7b5b0,ffff80002a6c2f88) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002a6c2f88,ffff800032b7b790,ffff800032b7b6e0) at sys_ioctl+0x4a5 syscall(ffff800032b7b790) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xded21d45f50, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "(pg->pg_flags & PG_BUSY) == 0" failed: file "/syzkaller/managers/main/kernel/sys/arch/amd64/amd64/pmap.c", line 1422 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82927f81) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e1476,ffffffff8283578e,58e,ffffffff8288c534) at __assert+0x29 sys/kern/subr_prf.c:157 pmap_destroy(fffffd806c4545f0) at pmap_destroy+0x2a4 sys/arch/amd64/amd64/pmap.c:1422 uvm_map_teardown(fffffd806b7b1ad8) at uvm_map_teardown+0x287 sys/uvm/uvm_map.c:2557 uvmspace_free(fffffd806b7b1ad8) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3461 vm_teardown(ffff800032b7b310) at vm_teardown+0x105 sys/dev/vmm/vmm.c:555 vm_terminate(ffff800032b7b5b0) at vm_terminate+0x121 sys/dev/vmm/vmm.c:688 vmmioctl(a00,80045604,ffff800032b7b5b0,1,ffff80002a6c2f88) at vmmioctl+0x291 sys/dev/vmm/vmm.c:248 VOP_IOCTL(fffffd806ed7c000,80045604,ffff800032b7b5b0,1,fffffd807f7d7820,ffff80002a6c2f88) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd80679df900,80045604,ffff800032b7b5b0,ffff80002a6c2f88) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002a6c2f88,ffff800032b7b790,ffff800032b7b6e0) at sys_ioctl+0x4a5 syscall(ffff800032b7b790) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xded21d45f50, count: -14 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800032b7b100 rbx 0x1 rdx 0xffff800000045900 rcx 0xffff800000045900 rax 0xffff80002a6c2f88 r8 0 r9 0x8080808080808080 r10 0xc714f545558e29a9 r11 0xa299e8ee78f6850c r12 0 r13 0xfffffd8005ef4300 r14 0 r15 0x1 rip 0xffffffff814af6ec db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff800032b7b0f0 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.4) tid=350673 pid=61739 tcnt=2 stat=onproc flags process=8000000 proc=4000000 runpri=32, usrpri=51, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a6c2548,0xffffffff82e054d0 process=0xffff8000343f2e30 user=0xffff800032b76000, vmspace=0xfffffd806f1d1008 estcpu=1, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 61739 339027 38372 0 2 0x8000000 syz-executor.4 *61739 350673 38372 0 7 0xc000000 syz-executor.4 31516 51226 70921 0 2 0x8000000 syz-executor.1 31516 76331 70921 0 3 0xc000080 fsleep syz-executor.1 66212 194075 98477 0 2 0x8000000 syz-executor.5 73765 287969 14829 0 3 0x8000002 clonelk ifconfig 14829 54038 64265 0 3 0x810008a sigsusp sh 28156 50892 72094 0 3 0x8000002 clonelk ifconfig 64265 29835 4247 0 3 0x8000082 wait syz-executor.0 72094 27868 5845 0 3 0x810008a sigsusp sh 5845 232613 4247 0 3 0x8000082 wait syz-executor.3 38372 219884 4247 0 2 0x8000482 syz-executor.4 98477 457321 4247 0 2 0x8000002 syz-executor.5 70921 247639 4247 0 2 0x8000482 syz-executor.1 26278 163872 0 0 3 0x14200 bored sosplice 4247 475772 24194 0 3 0x1a000082 wait syz-fuzzer 4247 311053 24194 0 2 0x1e000482 syz-fuzzer 4247 107032 24194 0 3 0x1e000082 wait syz-fuzzer 4247 52000 24194 0 3 0x1e000082 wait syz-fuzzer 4247 172932 24194 0 3 0x1e000082 wait syz-fuzzer 4247 380935 24194 0 3 0x1e000082 thrsleep syz-fuzzer 4247 268682 24194 0 3 0x1e000082 thrsleep syz-fuzzer 4247 42524 24194 0 3 0x1e000082 thrsleep syz-fuzzer 4247 477508 24194 0 3 0x1e000082 thrsleep syz-fuzzer 4247 501143 24194 0 2 0x1e000002 syz-fuzzer 4247 277372 24194 0 3 0x1e000082 thrsleep syz-fuzzer 4247 440107 24194 0 3 0x1e000082 wait syz-fuzzer 4247 349954 24194 0 3 0x1e000082 wait syz-fuzzer 4247 450679 24194 0 3 0x1e000082 wait syz-fuzzer 24194 476718 56812 0 3 0x810008a sigsusp ksh 56812 419502 49045 0 3 0x1800009a kqread sshd 70982 288158 1 0 3 0x18100083 ttyin getty 49045 59750 1 0 3 0x18000088 kqread sshd 91608 412992 19378 73 2 0x19100010 syslogd 19378 22993 1 0 3 0x18100082 sbwait syslogd 76072 80605 1 0 3 0x18100080 kqread resolvd 60137 75324 53676 77 3 0x18100092 kqread dhcpleased 9645 224346 53676 77 3 0x18100092 kqread dhcpleased 53676 164582 1 0 3 0x18000080 kqread dhcpleased 57954 43249 0 0 3 0x14200 bored smr 17084 292253 0 0 2 0x14200 zerothread 3358 365035 0 0 3 0x14200 aiodoned aiodoned 54937 492528 0 0 3 0x14200 syncer update 17343 343396 0 0 3 0x14200 cleaner cleaner 46364 12099 0 0 3 0x14200 reaper reaper 21968 523076 0 0 3 0x14200 pgdaemon pagedaemon 27519 4417 0 0 3 0x14200 bored viomb 17065 489048 0 0 3 0x40014200 acpi0 acpi0 24304 420487 0 0 3 0x14200 bored softnet3 42491 98737 0 0 3 0x14200 bored softnet2 64193 456392 0 0 3 0x14200 bored softnet1 74115 84467 0 0 3 0x14200 bored softnet0 55775 336338 0 0 3 0x14200 bored systqmp 24320 432365 0 0 3 0x14200 bored systq 5058 84315 0 0 3 0x40014200 tmoslp softclock 16367 487168 0 0 3 0x40014200 idle0 1 473597 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10166 6416K 6867K 166960K 12740 0 pcb 18 14K 16K 166960K 329 0 rtable 158 5K 7K 166960K 2753 0 pf 25 8K 9K 166960K 223 0 ifaddr 31 9K 12K 166960K 372 0 ifgroup 42 1K 2K 166960K 414 0 sysctl 4 1K 2K 166960K 9 0 counters 28 17K 17K 166960K 123 0 ioctlops 0 0K 2K 166960K 196 0 iov 0 0K 16K 166960K 102 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1478 93K 93K 166960K 3458 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 108K 116K 166960K 49 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 161 0 dirhash 12 2K 3K 166960K 45 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 16 57K 117K 166960K 2984 0 sigio 0 0K 0K 166960K 35 0 proc 73 75K 124K 166960K 2782 0 subproc 91 5K 9K 166960K 1365 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 257 0 in_multi 64 4K 7K 166960K 981 0 ether_multi 1 0K 0K 166960K 27 0 mrt 1 0K 0K 166960K 13 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 91 413K 413K 166960K 91 0 exec 0 0K 1K 166960K 1564 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 267 108K 125K 166960K 24053 0 UVM aobj 107 3K 3K 166960K 116 0 pinsyscall 36 72K 106K 166960K 6161 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 142 0 NDP 15 0K 2K 166960K 268 0 temp 74 6811K 6892K 166960K 92318 0 kqueue 12 18K 28K 166960K 300 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 332 0 329 1 0 1 1 0 8 0 rtentry 112 985 0 916 4 0 4 4 0 8 0 unpcb 144 1268 0 1255 2 0 2 2 0 8 1 syncache 336 4 0 4 1 0 1 1 0 8 1 sackhl 24 1 2 1 1 0 1 1 0 8 1 tcpcb 808 642 0 637 8 0 8 8 0 8 7 arp 88 178 0 169 1 0 1 1 0 8 0 ipq 40 8 0 7 1 0 1 1 0 8 0 ipqe 40 258 0 257 1 0 1 1 0 8 0 inpcb 360 2372 0 2361 13 4 9 13 0 8 7 nd6 104 268 0 253 1 0 1 1 0 8 0 pkpcb 40 27 0 27 1 0 1 1 0 8 1 kcovpl 48 105 0 98 1 0 1 1 0 8 0 ppxss 1072 8 0 8 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 3897 0 3581 68 40 28 31 0 8 7 art_table 32 3898 0 3581 4 0 4 4 0 8 0 art_node 16 980 0 918 1 0 1 1 0 8 0 sysvmsgpl 40 31 0 17 1 0 1 1 0 8 0 semapl 112 158 0 148 1 0 1 1 0 8 0 shmpl 112 113 0 9 3 0 3 3 0 8 0 dirhash 1024 39 0 22 3 0 3 3 0 8 0 dino2pl 256 4756 0 3243 96 0 96 96 0 8 0 ffsino 240 4756 0 3243 90 0 90 90 0 8 0 nchpl 144 8367 0 6633 66 0 66 66 0 8 0 uvmvnodes 80 6513 0 0 133 0 133 133 0 8 0 vnodes 216 6513 0 0 362 0 362 362 0 8 0 namei 1024 34896 0 34896 2 0 2 2 0 8 2 vcpupl 3904 21 0 1 3 0 3 3 0 8 0 vmpool 664 27 0 6 2 0 2 2 0 8 0 kstatmem 264 208 0 190 2 0 2 2 0 8 0 scsiplug 72 4 0 4 1 0 1 1 0 8 1 scxspl 216 61637 0 61637 8 0 8 8 1 8 8 plimitpl 152 432 0 418 1 0 1 1 0 8 0 sigapl 424 3113 0 3068 8 0 8 8 0 8 2 futexpl 64 32841 0 32840 1 0 1 1 0 8 0 knotepl 120 9918 0 9838 11 0 11 11 0 8 7 kqueuepl 184 588 0 580 3 0 3 3 0 8 2 pipepl 288 694 0 669 3 0 3 3 0 8 0 fdescpl 432 3074 0 3047 5 0 5 5 0 8 1 filepl 120 16458 0 16240 15 0 15 15 0 8 6 lockfpl 104 408 0 406 1 0 1 1 0 8 0 lockfspl 48 172 0 170 1 0 1 1 0 8 0 sessionpl 144 102 0 87 1 0 1 1 0 8 0 pgrppl 48 129 0 114 1 0 1 1 0 8 0 ucredpl 104 2284 0 2272 1 0 1 1 0 8 0 zombiepl 144 3071 0 3068 1 0 1 1 0 8 0 processpl 1072 3113 0 3068 5 0 5 5 0 8 1 procpl 656 5252 0 5192 8 0 8 8 0 8 2 sosppl 168 36 0 36 1 0 1 1 0 8 1 sockpl 504 4017 0 3990 21 10 11 20 0 8 7 mcl64k 65536 7 0 7 1 0 1 1 0 8 1 mcl16k 16384 2 0 2 1 0 1 1 0 8 1 mcl12k 12288 7 0 7 1 0 1 1 0 8 1 mcl8k 8192 38 0 38 1 0 1 1 0 8 1 mcl4k 4096 13 0 13 1 0 1 1 0 8 1 mcl2k 2048 31555 0 31452 44 23 21 39 0 8 6 mtagpl 96 79 0 79 2 0 2 2 0 8 2 mbufpl 256 80691 0 80542 49 27 22 29 0 8 8 bufpl 280 13046 0 4472 613 0 613 613 0 8 0 anonpl 24 529184 0 523255 91 0 91 91 0 188 28 amapchunkpl 152 79185 0 78605 52 0 52 52 0 158 24 amappl16 200 11558 0 11453 36 19 17 20 0 8 8 amappl15 192 11 0 11 1 0 1 1 0 8 1 amappl14 184 397 0 385 2 0 2 2 0 8 1 amappl13 176 23 0 22 1 0 1 1 0 8 0 amappl12 168 4863 0 4834 3 0 3 3 0 8 0 amappl11 160 74 0 64 1 0 1 1 0 8 0 amappl10 152 143 0 135 1 0 1 1 0 8 0 amappl9 144 173 0 172 1 0 1 1 0 8 0 amappl8 136 234 0 206 2 0 2 2 0 8 0 amappl7 128 99 0 85 1 0 1 1 0 8 0 amappl6 120 1451 0 1431 2 0 2 2 0 8 0 amappl5 112 471 0 457 1 0 1 1 0 8 0 amappl4 104 1069 0 1040 2 0 2 2 0 8 1 amappl3 96 14493 0 14430 3 0 3 3 0 8 0 amappl2 88 3735 0 3665 4 0 4 4 0 8 2 amappl1 80 22980 0 22484 22 2 20 22 0 8 8 amappl 88 22863 0 22696 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 115 0 9 2 0 2 2 0 8 0 uaddrrnd 24 3101 0 3054 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3101 0 3054 1 0 1 1 0 8 0 vmmpekpl 168 27147 0 27095 3 0 3 3 0 8 0 vmmpepl 168 226702 0 225018 111 0 111 111 0 357 27 vmsppl 344 3100 0 3053 5 0 5 5 0 8 0 rwobjpl 24 63764 0 56102 47 0 47 47 0 8 0 pdppl 4096 6208 0 6127 304 221 83 98 0 8 2 pvpl 32 1384431 0 1372907 349 0 349 349 0 265 216 pmappl 216 3100 0 3053 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 697 0 321 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82927f81) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e1476,ffffffff8283578e,58e,ffffffff8288c534) at __assert+0x29 sys/kern/subr_prf.c:157 pmap_destroy(fffffd806c4545f0) at pmap_destroy+0x2a4 sys/arch/amd64/amd64/pmap.c:1422 uvm_map_teardown(fffffd806b7b1ad8) at uvm_map_teardown+0x287 sys/uvm/uvm_map.c:2557 uvmspace_free(fffffd806b7b1ad8) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3461 vm_teardown(ffff800032b7b310) at vm_teardown+0x105 sys/dev/vmm/vmm.c:555 vm_terminate(ffff800032b7b5b0) at vm_terminate+0x121 sys/dev/vmm/vmm.c:688 vmmioctl(a00,80045604,ffff800032b7b5b0,1,ffff80002a6c2f88) at vmmioctl+0x291 sys/dev/vmm/vmm.c:248 VOP_IOCTL(fffffd806ed7c000,80045604,ffff800032b7b5b0,1,fffffd807f7d7820,ffff80002a6c2f88) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd80679df900,80045604,ffff800032b7b5b0,ffff80002a6c2f88) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002a6c2f88,ffff800032b7b790,ffff800032b7b6e0) at sys_ioctl+0x4a5 syscall(ffff800032b7b790) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xded21d45f50, count: -14 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82927f81) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e1476,ffffffff8283578e,58e,ffffffff8288c534) at __assert+0x29 sys/kern/subr_prf.c:157 pmap_destroy(fffffd806c4545f0) at pmap_destroy+0x2a4 sys/arch/amd64/amd64/pmap.c:1422 uvm_map_teardown(fffffd806b7b1ad8) at uvm_map_teardown+0x287 sys/uvm/uvm_map.c:2557 uvmspace_free(fffffd806b7b1ad8) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3461 vm_teardown(ffff800032b7b310) at vm_teardown+0x105 sys/dev/vmm/vmm.c:555 vm_terminate(ffff800032b7b5b0) at vm_terminate+0x121 sys/dev/vmm/vmm.c:688 vmmioctl(a00,80045604,ffff800032b7b5b0,1,ffff80002a6c2f88) at vmmioctl+0x291 sys/dev/vmm/vmm.c:248 VOP_IOCTL(fffffd806ed7c000,80045604,ffff800032b7b5b0,1,fffffd807f7d7820,ffff80002a6c2f88) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd80679df900,80045604,ffff800032b7b5b0,ffff80002a6c2f88) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002a6c2f88,ffff800032b7b790,ffff800032b7b6e0) at sys_ioctl+0x4a5 syscall(ffff800032b7b790) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xded21d45f50, count: -14