login: panic: keWArnRNelI NdGi:a gSnPoLs tNiOcT aLsOseWErRtEioD n ON"p Sg-YS>wCAirLLe_ 3co 3un EtX I=T= 00 "a f aiStopped at savectx+0xae: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND *491587 12478 0 0x2 0 0 syz-executor savectx() at savectx+0xae end of kernel end trace frame: 0x7e9274015470, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu1: kernel diagnostic assertion "pg->wire_count == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_page.c", line 1326 ddb{0}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7e9274015470, count: -1 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80002a2c6150 rbx 0 rdx 0 rcx 0xffff8000ffffca68 rax 0x31 r8 0xffff80002a2c6080 r9 0 r10 0xa761c5b4a816ca1b r11 0x239cf3f99a68c9c4 r12 0 r13 0 r14 0xffff8000ffffca68 r15 0 rip 0xffffffff82ea63ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80002a2c60d0 ss 0x10 savectx+0xae: movl $0,%gs:0x688 ddb{0}> show proc PROC (syz-executor) tid=491587 pid=12478 tcnt=1 stat=onproc flags process=2 proc=0 runpri=70, usrpri=70, slppri=24, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000ffffcd00,0xffff8000ffffcfa8 process=0xffff8000ffff4008 user=0xffff80002a2c1000, vmspace=0xfffffd8070586b80 estcpu=20, cpticks=28, pctcpu=0.17, user=0, sys=21, intr=7 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 65607 108510 5819 32767 2 0x10 syz-executor 19316 72288 70738 32767 2 0x10 syz-executor 19316 473029 70738 32767 2 0x4000010 syz-executor 69584 60532 94650 32767 2 0x10 syz-executor 69584 207296 94650 32767 3 0x4000090 sbwait syz-executor 30308 73873 85518 32767 2 0x10 syz-executor 30308 116151 85518 32767 3 0x4000090 fsleep syz-executor 79980 68424 12478 0 2 0x2 syz-executor 70738 63577 84462 32767 2 0x10 syz-executor 18429 384839 75674 32767 3 0x90 wait syz-executor 5819 516319 26479 32767 3 0x90 nanoslp syz-executor 66131 649 95959 32767 3 0x90 nanoslp syz-executor 94650 420260 22154 32767 2 0x10 syz-executor 65532 89504 94221 32767 3 0x90 nanoslp syz-executor 85518 352376 26703 32767 3 0x90 nanoslp syz-executor 26479 252947 12478 0 3 0x82 wait syz-executor 84462 77973 12478 0 3 0x82 wait syz-executor 75674 103588 12478 0 3 0x82 wait syz-executor 22154 10528 12478 0 3 0x82 wait syz-executor 94221 399694 12478 0 3 0x82 wait syz-executor 26703 42505 12478 0 3 0x82 wait syz-executor 95959 435921 12478 0 3 0x82 wait syz-executor *12478 491587 13510 0 7 0x2 syz-executor 13510 243991 29399 0 3 0x10008a sigsusp ksh 29399 369261 61233 0 3 0x98 kqread sshd-session 61233 479332 37139 0 3 0x92 kqread sshd-session 35257 10277 1 0 3 0x100083 ttyin getty 37139 244122 1 0 3 0x88 kqread sshd 7925 421659 47505 73 3 0x1100090 kqread syslogd 47505 509484 1 0 3 0x100082 sbwait syslogd 16430 411446 1 0 3 0x100080 kqread resolvd 31244 286787 69349 77 3 0x100092 kqread dhcpleased 71573 460803 69349 77 3 0x100092 kqread dhcpleased 69349 499169 1 0 3 0x80 kqread dhcpleased 32369 132952 0 0 3 0x14200 bored smr 10207 506954 0 0 2 0x14200 zerothread 35839 372337 0 0 3 0x14200 aiodoned aiodoned 64132 294344 0 0 3 0x14200 syncer update 80916 270989 0 0 3 0x14200 cleaner cleaner 76900 361839 0 0 2 0x14200 reaper 99154 484678 0 0 3 0x14200 pgdaemon pagedaemon 60489 409399 0 0 3 0x14200 bored viomb 50469 410632 0 0 3 0x40014200 acpi0 acpi0 98590 71892 0 0 3 0x40014200 idle1 45538 281440 0 0 3 0x14200 bored softnet1 59975 47020 0 0 3 0x14200 bored softnet0 32916 99594 0 0 3 0x14200 bored systqmp 2240 376306 0 0 3 0x14200 bored systq 36584 44735 0 0 3 0x14200 tmoslp softclockmp 79197 167477 0 0 3 0x40014200 tmoslp softclock 27036 14852 0 0 3 0x40014200 idle0 1 195686 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd806cd1a810) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487 #2 pmap_do_remove+0xa9 rcr3 sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:139 [inline] #2 pmap_do_remove+0xa9 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:437 [inline] #2 pmap_do_remove+0xa9 sys/arch/amd64/amd64/pmap.c:1824 #3 uvm_unmap_kill_entry_withlock+0x269 sys/uvm/uvm_map.c:1863 #4 uvm_map_teardown+0x117 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:-1 [inline] #4 uvm_map_teardown+0x117 sys/uvm/uvm_map.c:2486 #5 exit1+0x6fc sys/kern/kern_exit.c:260 #6 sys_exit+0x1a sys/kern/kern_exit.c:-1 #7 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #7 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775 #8 Xsyscall+0x128 CPU 1: exclusive mutex &uvm.pageqlock r = 0 (0xffffffff839b7b50) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487 #2 uvm_pageclean+0x29c sys/uvm/uvm_page.c:980 #3 uvm_pagefree+0x26 sys/uvm/uvm_page.c:1020 #4 uvm_anfree+0xe9 sys/uvm/uvm_anon.c:112 #5 amap_wipeout+0x246 sys/uvm/uvm_amap.c:-1 #6 uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353 #7 uvm_map_teardown+0x360 sys/uvm/uvm_map.c:2525 #8 exit1+0x6fc sys/kern/kern_exit.c:260 #9 sys_exit+0x1a sys/kern/kern_exit.c:-1 #10 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #10 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775 #11 Xsyscall+0x128 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10188 10955K 10973K 166960K 11282 0 pcb 17 12K 12K 166960K 17 0 rtable 217 6K 7K 166960K 372 0 pf 29 16K 16K 166960K 31 0 ifaddr 38 6K 7K 166960K 44 0 ifgroup 46 2K 2K 166960K 50 0 sysctl 1 1K 9K 166960K 6 0 counters 68 36K 37K 166960K 70 0 ioctlops 0 0K 2K 166960K 96 0 iov 0 0K 16K 166960K 16 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1336 84K 84K 166960K 1475 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 5 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 26 0 dirhash 12 2K 2K 166960K 21 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 22 81K 125K 166960K 400 0 proc 58 99K 147K 166960K 509 0 subproc 72 4K 4K 166960K 171 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 28 0 in_multi 88 6K 7K 166960K 104 0 ether_multi 1 0K 0K 166960K 1 0 mrt 1 0K 0K 166960K 1 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 79 360K 360K 166960K 79 0 exec 0 0K 1K 166960K 395 0 fusefs mount 1 32K 32K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 230 175K 191K 166960K 5114 0 UVM aobj 9 2K 2K 166960K 9 0 pinsyscall 43 86K 110K 166960K 1481 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 18 0 NDP 10 0K 2K 166960K 27 0 temp 40 8667K 8732K 166960K 5002 0 kqueue 13 20K 26K 166960K 83 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 59 0 56 1 0 1 1 0 8 0 rtentry 176 115 0 15 6 0 6 6 0 8 1 unpcb 144 194 0 177 1 0 1 1 0 8 0 syncache 336 4 0 4 1 0 1 1 0 8 1 tcpqe 32 1 0 1 1 0 1 1 0 8 1 tcpcb 736 144 0 138 4 0 4 4 0 8 3 arp 136 18 0 2 1 0 1 1 0 8 0 ipq 40 5 0 0 1 0 1 1 0 8 0 ipqe 40 5 0 0 1 0 1 1 0 8 0 inpcb 328 377 0 368 7 0 7 7 0 8 5 nd6 152 28 0 6 2 0 2 2 0 8 1 kcovpl 48 18 0 11 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 458 0 49 29 0 29 29 0 8 2 art_table 40 459 0 49 5 0 5 5 0 8 0 art_node 32 115 0 24 1 0 1 1 0 8 0 sysvmsgpl 40 7 0 2 1 0 1 1 0 8 0 semupl 112 3 0 3 1 0 1 1 0 8 1 semapl 112 24 0 14 1 0 1 1 0 8 0 shmpl 112 6 0 0 1 0 1 1 0 8 0 dirhash 1024 23 0 6 3 0 3 3 0 8 0 dino2pl 256 1903 0 380 96 0 96 96 0 8 0 ffsino 296 1903 0 380 118 0 118 118 0 8 0 nchpl 144 2406 0 707 64 0 64 64 0 8 0 vnodes 216 2083 0 0 116 0 116 116 0 8 0 namei 1024 7386 0 7386 1 0 1 1 0 8 1 percpumem 16 50 0 1 1 0 1 1 0 8 0 kstatmem 264 24 0 2 2 0 2 2 0 8 0 scxspl 216 7946 0 7946 7 2 5 5 1 8 5 plimitpl 152 89 0 66 2 0 2 2 0 8 1 sigapl 424 671 0 619 7 0 7 7 0 8 0 knotepl 120 299 0 0 10 0 10 10 0 8 0 kqueuepl 224 157 0 148 5 1 4 5 0 8 3 pipepl 344 161 0 134 3 0 3 3 0 8 0 fdescpl 528 655 0 621 4 0 4 4 0 8 0 filepl 160 3011 0 2804 13 0 13 13 0 8 2 lockfpl 104 94 0 92 1 0 1 1 0 8 0 lockfspl 48 27 0 25 1 0 1 1 0 8 0 sessionpl 144 31 0 16 1 0 1 1 0 8 0 pgrppl 48 52 0 29 1 0 1 1 0 8 0 ucredpl 104 378 0 360 1 0 1 1 0 8 0 zombiepl 144 622 0 619 1 0 1 1 0 8 0 processpl 1232 671 0 619 5 0 5 5 0 8 0 procpl 664 1030 0 973 6 0 6 6 0 8 0 sosppl 176 8 0 8 1 0 1 1 0 8 1 sockpl 752 634 0 605 11 0 11 11 0 8 7 mcl64k 65536 5 0 0 1 0 1 1 0 8 0 mcl16k 16384 5 0 0 1 0 1 1 0 8 0 mcl12k 12288 1 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 120 0 0 15 0 15 15 0 8 0 mcl2k2 2112 1 0 0 1 0 1 1 0 8 0 mcl2k 2048 23 0 0 3 0 3 3 0 8 0 mtagpl 96 3 0 0 1 0 1 1 0 8 0 mbufpl 256 1161 0 0 73 0 73 73 0 8 0 bufpl 280 2617 0 114 179 0 179 179 0 8 0 anonpl 32 5625 0 0 46 0 46 46 0 246 0 amapchunkpl 152 15661 0 15173 33 0 33 33 0 158 12 amappl16 200 2196 0 2178 5 3 2 5 0 8 0 amappl15 192 5 0 5 1 1 0 1 0 8 0 amappl14 184 11 0 10 1 0 1 1 0 8 0 amappl13 176 410 0 409 1 0 1 1 0 8 0 amappl12 168 995 0 953 3 0 3 3 0 8 0 amappl11 160 2 0 2 1 1 0 1 0 8 0 amappl10 152 103 0 93 1 0 1 1 0 8 0 amappl9 144 251 0 251 1 1 0 1 0 8 0 amappl8 136 28 0 25 1 0 1 1 0 8 0 amappl7 128 118 0 117 1 0 1 1 0 8 0 amappl6 120 304 0 292 1 0 1 1 0 8 0 amappl5 112 75 0 68 1 0 1 1 0 8 0 amappl4 104 383 0 360 1 0 1 1 0 8 0 amappl3 96 2793 0 2689 4 0 4 4 0 8 0 amappl2 88 510 0 457 2 0 2 2 0 8 0 amappl1 80 9714 0 9166 13 0 13 13 0 8 0 amappl 88 4367 0 4207 5 0 5 5 0 92 0 uvmvnodes 80 108 0 0 3 0 3 3 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 8 0 0 1 0 1 1 0 8 0 uaddrrnd 24 655 0 621 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 655 0 621 1 0 1 1 0 8 0 vmmpekpl 168 7000 0 6957 3 0 3 3 0 8 0 vmmpepl 168 48425 0 46540 94 0 94 94 0 357 7 vmsppl 488 654 0 619 6 0 6 6 0 8 0 rwobjpl 80 15708 0 14795 22 1 21 21 0 8 0 pdppl 4096 1317 0 1238 119 38 81 99 0 8 2 pvpl 32 13513 0 0 109 0 109 109 0 265 0 pmappl 256 654 0 619 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 354 0 40 10 0 10 10 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace savectx() at savectx+0xae end of kernel end trace frame: 0x7e9274015470, count: -1 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_write_1(3f8,0,69) at x86_bus_space_io_write_1+0x40 sys/arch/amd64/amd64/bus_space.c:790 comcnputc(800,69) at comcnputc+0x1ab bus_space_barrier sys/dev/ic/com.c:-1 [inline] comcnputc(800,69) at comcnputc+0x1ab sys/dev/ic/com.c:1263 cnputc(69) at cnputc+0x67 sys/dev/cons.c:218 db_putchar(69) at db_putchar+0x36d sys/ddb/db_output.c:155 kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1 db_printf(ffffffff83381e2e) at db_printf+0x9b sys/kern/subr_prf.c:-1 panic(ffffffff833aa9aa) at panic+0x103 sys/kern/subr_prf.c:217 __assert(ffffffff833ee6a5,ffffffff833439b2,52e,ffffffff8340aa84) at __assert+0x29 sys/kern/subr_prf.c:-1 uvm_pagedequeue(fffffd80087e1d38) at uvm_pagedequeue+0x2dd sys/uvm/uvm_page.c:1324 uvm_pageclean(fffffd80087e1d38) at uvm_pageclean+0x2ad sys/uvm/uvm_page.c:981 uvm_pagefree(fffffd80087e1d38) at uvm_pagefree+0x26 sys/uvm/uvm_page.c:1020 end trace frame: 0xffff80003c4412a0, count: 0 ddb{1}> trace x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 x86_bus_space_io_write_1(3f8,0,69) at x86_bus_space_io_write_1+0x40 sys/arch/amd64/amd64/bus_space.c:790 comcnputc(800,69) at comcnputc+0x1ab bus_space_barrier sys/dev/ic/com.c:-1 [inline] comcnputc(800,69) at comcnputc+0x1ab sys/dev/ic/com.c:1263 cnputc(69) at cnputc+0x67 sys/dev/cons.c:218 db_putchar(69) at db_putchar+0x36d sys/ddb/db_output.c:155 kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1 db_printf(ffffffff83381e2e) at db_printf+0x9b sys/kern/subr_prf.c:-1 panic(ffffffff833aa9aa) at panic+0x103 sys/kern/subr_prf.c:217 __assert(ffffffff833ee6a5,ffffffff833439b2,52e,ffffffff8340aa84) at __assert+0x29 sys/kern/subr_prf.c:-1 uvm_pagedequeue(fffffd80087e1d38) at uvm_pagedequeue+0x2dd sys/uvm/uvm_page.c:1324 uvm_pageclean(fffffd80087e1d38) at uvm_pageclean+0x2ad sys/uvm/uvm_page.c:981 uvm_pagefree(fffffd80087e1d38) at uvm_pagefree+0x26 sys/uvm/uvm_page.c:1020 uvm_anfree(fffffd806bd37d00) at uvm_anfree+0xe9 sys/uvm/uvm_anon.c:112 amap_wipeout(fffffd8070483160) at amap_wipeout+0x246 sys/uvm/uvm_amap.c:-1 uvm_unmap_detach(ffff80003c441360,0) at uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353 uvm_map_teardown(fffffd806cc735d8) at uvm_map_teardown+0x360 sys/uvm/uvm_map.c:2525 exit1(ffff8000363e3cb0,0,0,1) at exit1+0x6fc sys/kern/kern_exit.c:260 sys_exit(ffff8000363e3cb0,ffff80003c441530,ffff80003c441480) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80003c441530) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003c441530) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x703eb1b63aa0, count: -22