panic: kernel diagnostic assertion "(pg->pg_flags & (PQ_INACTIVE|PQ_ACTIWAVE)R) NI=N= G:0" S PfLa iNlOeTd L:O WfiElReE D"/ sON SyYzSkCaAlLLl er9/1m a1n993a9g1e15r44s /EmXultIiTc o0 rce
/Stopped at        savectx+0xae:   movl    $0,%gs:0x688
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
 158668  20564      0           0  0x4000000    0  syz-executor
*223815  39083      0         0x2          0    1  syz-executor
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7b6776d8ace0, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{1}> 
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu0: kernel diagnostic assertion "(pg->pg_flags & (PQ_INACTIVE|PQ_ACTIVE)) == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 1309
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7b6776d8ace0, count: -1
ddb{1}> show registers
rdi                                0
rsi                                0
rbp               0xffff80002a372370
rbx                                0
rdx                                0
rcx               0xffff80003abf8550
rax                             0x3b
r8                0xffff80002a3722a0
r9                0xffff80002a371f68
r10               0x9db84a70ed006527
r11               0x5397fb7157102a9c
r12                                0
r13                                0
r14               0xffff80003abf8550
r15                                0
rip               0xffffffff8201e3ee    savectx+0xae
cs                               0x8
rflags                          0x46
rsp               0xffff80002a3722f0
ss                              0x10
savectx+0xae:   movl    $0,%gs:0x688
ddb{1}> show proc
PROC (syz-executor) tid=223815 pid=39083 tcnt=1 stat=onproc
    flags process=2<EXEC> proc=0
    runpri=32, usrpri=50, slppri=32, nice=20
    wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
    forw=0xffffffffffffffff, list=0xffff8000fffef240,0xffff800032fcbce0
    process=0xffff80002a3bc9b8 user=0xffff80002a36d000, vmspace=0xfffffd800df9f208
    estcpu=36, cpticks=55, pctcpu=0.34, user=0, sys=20, intr=35
ddb{1}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 20564  463185  39083      0  3           0  vmmapbsy      syz-executor
 20564   85000  39083      0  3   0x4000080  fsleep        syz-executor
 20564  158668  39083      0  7   0x4000000                syz-executor
 20564   45648  39083      0  3   0x4000080  fsleep        syz-executor
 91084   19746  94890      0  3        0x80  nanoslp       syz-executor
 91084   73841  94890      0  3   0x4000080  ttyin         syz-executor
 91084  115492  94890      0  3   0x4000080  fsleep        syz-executor
 79458  382118  27836      0  3        0x80  nanoslp       syz-executor
 79458  353587  27836      0  3   0x4000080  netcon        syz-executor
 79458  122677  27836      0  3   0x4000080  fsleep        syz-executor
 88605  138706  56229      0  3        0x80  nanoslp       syz-executor
 88605  462871  56229      0  3   0x4000080  kqsel         syz-executor
 88605  347859  56229      0  3   0x4000080  fsleep        syz-executor
 88605  127356  56229      0  3   0x4000080  fsleep        syz-executor
 74836  195763  97172  60929  3        0x90  nanoslp       syz-executor
 74836  218474  97172  60929  3   0x4000090  kqsel         syz-executor
 74836  148360  97172  60929  3   0x4000090  fsleep        syz-executor
*39083  223815  13677      0  7         0x2                syz-executor
 97172  284421  13677      0  3        0x82  nanoslp       syz-executor
 13183  103699      0      0  3     0x14280  nfsidl        nfsio
 71565  147229      0      0  3     0x14280  nfsidl        nfsio
 52525   87849      0      0  3     0x14280  nfsidl        nfsio
 38009  309714  13677      0  3        0x82  nanoslp       syz-executor
 56229  271130  13677      0  3        0x82  nanoslp       syz-executor
 41594   36975  13677      0  3        0x82  wait          syz-executor
 94890  469275  13677      0  3        0x82  nanoslp       syz-executor
 21017  461665      1      0  3    0x100083  ttyopn        getty
 33758   31087  13677      0  3        0x82  nanoslp       syz-executor
 27836   20980  13677      0  3        0x82  nanoslp       syz-executor
 13677    6159  77375      0  3        0x82  kqread        syz-executor
 77375   37192  39486      0  3    0x10008a  sigsusp       ksh
 39486  369727  28183      0  3        0x98  kqread        sshd-session
 28183  188343  43534      0  3        0x92  kqread        sshd-session
 43534  187214      1      0  3        0x88  kqread        sshd
 99765  513252   9948     74  3   0x1100092  bpf           pflogd
  9948  487711      1      0  3        0x80  sbwait        pflogd
 98129  168631  45048     73  3   0x1100090  kqread        syslogd
 45048  523045      1      0  3    0x100082  sbwait        syslogd
 83186    1134      1      0  3    0x100080  kqread        resolvd
 37795  226800   2472     77  3    0x100092  kqread        dhcpleased
 88077  380499   2472     77  3    0x100092  kqread        dhcpleased
  2472  222067      1      0  3        0x80  kqread        dhcpleased
  4316  192370      0      0  3     0x14200  bored         smr
   758  460632      0      0  3     0x14200  pgzero        zerothread
 24850  430975      0      0  3     0x14200  aiodoned      aiodoned
 56430  198796      0      0  3     0x14200  syncer        update
 98275  382371      0      0  3     0x14200  cleaner       cleaner
 64738  136746      0      0  3     0x14200  reaper        reaper
  6021  416447      0      0  3     0x14200  pgdaemon      pagedaemon
 63116   81925      0      0  3     0x14200  bored         viomb
 48076   23704      0      0  3  0x40014200  acpi0         acpi0
 38524  244620      0      0  3  0x40014200                idle1
 45335  249002      0      0  3     0x14200  bored         softnet1
 11871  247773      0      0  2     0x14200                softnet0
 17278  213674      0      0  3     0x14200  bored         systqmp
 86691   35451      0      0  3     0x14200  bored         systq
 79980   77493      0      0  3     0x14200  tmoslp        softclockmp
 68202  298780      0      0  3  0x40014200  tmoslp        softclock
 91007    9350      0      0  3  0x40014200                idle0
     1  399253      0      0  3        0x82  wait          init
     0       0     -1      0  3  0x10010200  scheduler     swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex &sched_lock r = 0 (0xffffffff839b50c8)
#0  witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1  mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2  sleep_finish+0x1d6 sys/kern/kern_synch.c:357
#3  msleep_nsec+0x132 sys/kern/kern_synch.c:219
#4  vm_map_lock_ln+0xc4 sys/uvm/uvm_map.c:5156
#5  uvm_map_protect+0xe0 sys/uvm/uvm_map.c:3064
#6  sys_mprotect+0x351 sys/uvm/uvm_mmap.c:590
#7  syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#7  syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775
#8  Xsyscall+0x128
Process 20564 (syz-executor) thread 0xffff8000fffee2b0 (158668)
ddb{1}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf 10259  11178K   12358K 166960K     21858        0
            pcb    19     22K      26K 166960K      3230        0
         rtable   232     21K      21K 166960K      3120        0
             pf    37     18K      22K 166960K      1275        0
         ifaddr    36     13K      17K 166960K       839        0
        ifgroup    57      2K       3K 166960K      1618        0
         sysctl     4      1K       9K 166960K       184        0
       counters    72     37K      38K 166960K      1928        0
       ioctlops     0      0K       8K 166960K      5917        0
            iov     0      0K      32K 166960K       997        0
          mount     1      1K       1K 166960K         1        0
            log     0      0K       0K 166960K         4        0
         vnodes  1570     99K      99K 166960K     11191        0
      UFS quota     1     32K      32K 166960K         1        0
      UFS mount     5     36K      36K 166960K         5        0
            shm     2      2K       6K 166960K        25        0
         VM map     2      1K       1K 166960K         2        0
            sem    26    137K     137K 166960K       197        0
        dirhash    12      2K       3K 166960K       144        0
           ACPI  1692    195K     286K 166960K     12470        0
      file desc    18     65K     354K 166960K     13727        0
          sigio     0      0K       0K 166960K       412        0
           proc    75    115K     164K 166960K      3043        0
        subproc    72      4K       4K 166960K       461        0
    NFS srvsock     1      0K       0K 166960K         1        0
     NFS daemon     1     16K      16K 166960K         1        0
    ip_moptions     0      0K       0K 166960K      2249        0
       in_multi    48      3K       7K 166960K      1188        0
    ether_multi     1      0K       0K 166960K       181        0
            mrt     3      0K       0K 166960K        99        0
    ISOFS mount     1     32K      32K 166960K         1        0
  MSDOSFS mount     1     16K      16K 166960K         1        0
           ttys   289   1288K    1288K 166960K       289        0
           exec     0      0K       1K 166960K      3570        0
   fusefs mount     1     32K      32K 166960K         1        0
     pfkey data     0      0K       0K 166960K        20        0
            tdb     3      0K       0K 166960K         3        0
        VM swap     8     62K      64K 166960K        10        0
       UVM amap   268    177K     204K 166960K    123641        0
       UVM aobj   287    100K     100K 166960K       313        0
     pinsyscall    43     86K     105K 166960K     16010        0
        memdesc     1      4K       4K 166960K         1        0
    crypto data     1      1K       1K 166960K         1        0
    ip6_options     2      0K       1K 166960K      1170        0
            NDP    13      0K       1K 166960K       641        0
           temp    95   8680K    9196K 166960K    597181        0
         kqueue    13     20K      32K 166960K      2639        0
      SYN cache     2     16K      16K 166960K         2        0
ddb{1}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache    128       26    0        0     1     0     1     1     0     8    0
rtpcb      120     1197    0     1193     6     5     1     2     0     8    0
rtentry    176      943    0      872     7     2     5     6     0     8    0
unpcb      144    10753    0    10736    83    77     6    11     0     8    5
syncache   336       35    0       35    12    12     0     1     0     8    0
tcpqe       32       17    0       17     9     9     0     1     0     8    0
tcpcb      736     5668    0     5661    91    87     4    13     0     8    3
arp        136      139    0      123     1     0     1     1     0     8    0
ipq         40       41    0       34     1     0     1     1     0     8    0
ipqe        40      204    0      194     1     0     1     1     0     8    0
inpcb      328    18171    0    18158   136   130     6    18     0     8    4
ip6q        72      116    0      116     1     1     0     1     0     8    0
ip6af       40      207    0      207     1     1     0     1     0     8    0
nd6        152      199    0      185     4     3     1     2     0     8    0
pkpcb       40       91    0       91    15    14     1     1     0     8    1
kcovpl      48       51    0       43     1     0     1     1     0     8    0
mppekey    1024      10    0       10     7     7     0     1     0     8    0
ppxss      1192     720    0      719     9     8     1     1     0     8    0
pppxif     1504     164    0      164    19    18     1     1     0     8    1
pfstscr     40        1    0        1     1     1     0     1     0     8    0
pffrag     232       17    0       17     2     2     0     1     0   482    0
pffrnode    88       14    0       14     2     2     0     1     0     8    0
pffrent     40       32    0       32     2     2     0     1     0     8    0
pfosfp      40     1428    0     1005     5     0     5     5     0     8    0
pfosfpen   112     1428    0      714    21     0    21    21     0     8    0
pfrktable  1344       4    0        4     2     2     0     1     0     8    0
pfstitem    24      154    0      152     1     0     1     1     0     8    0
pfstkey    128      156    0      154     4     3     1     4     0     8    0
pfstate    448      155    0      153    11    10     1    11     0     8    0
pfrule     1344      23    0       18     2     1     1     2     0     8    0
rttmr      136       18    0       18    14    14     0     1     0     8    0
art_heap8  4096       8    0        3     7     2     5     6     0     8    0
art_heap4  256     4106    0     3865    55    34    21    32     0     8    3
art_table   40     4114    0     3868     6     1     5     6     0     8    0
art_node    32      934    0      879     1     0     1     1     0     8    0
sysvmsgpl   40       30    0       22     1     0     1     1     0     8    0
semupl     112        9    0        9     7     7     0     1     0     8    0
semapl     112      189    0      165     1     0     1     1     0     8    0
shmpl      112      251    0       13     7     0     7     7     0     8    0
dirhash    1024     108    0       91     3     0     3     3     0     8    0
dino2pl    256    27870    0    26241   103     0   103   103     0     8    0
ffsino     296    27870    0    26241   127     1   126   126     0     8    0
nchpl      144    46496    0    45755    67    38    29    67     0     8    0
rtmask      32      124    0      124    24    24     0     1     0     8    0
vnodes     216     5926    0        0   330     0   330   330     0     8    0
namei      1024  173170    0   173170    11    10     1     3     0     8    1
percpumem   16      979    0      928     1     0     1     1     0     8    0
vcpupl     3968      50    0        4     6     0     6     6     0     8    0
vmpool     848       59    0       13     6     0     6     6     0     8    0
kstatmem   264     1042    0     1012     5     2     3     3     0     8    0
acpiwqpl    32        9    0        9     1     0     1     1     1     8    1
scsiplug    72       58    0       58    21    21     0     1     0     8    0
scxspl     216   277797    0   277797    33    31     2     8     1     8    2
plimitpl   152     3467    0     3449     1     0     1     1     0     8    0
sigapl     424    13886    0    13835    11     5     6     8     0     8    0
knotepl    120     1027    0        0    24     0    24    24     0     8    0
kqueuepl   224     6025    0     6011    55    51     4     5     0     8    3
pipepl     344     2108    0     2081    41    38     3     9     0     8    0
fdescpl    528    13813    0    13781     3     0     3     3     0     8    0
filepl     160   108284    0   108045    93    76    17    23     0     8    4
lockfpl    104     7097    0     7092    13    12     1     4     0     8    0
lockfspl    48     2211    0     2207     1     0     1     1     0     8    0
sessionpl  144      100    0       91     1     0     1     1     0     8    0
pgrppl      48      343    0      326     1     0     1     1     0     8    0
ucredpl    104    19761    0    19742     1     0     1     1     0     8    0
zombiepl   144    17492    0    17489     2     1     1     1     0     8    0
processpl  1232   13886    0    13835     6     1     5     6     0     8    0
procpl     664    36461    0    36398    10     4     6     7     0     8    0
sosppl     176      133    0      133    18    17     1     1     0     8    1
sockpl     752    30892    0    30857   290   279    11    29     0     8    7
mcl64k     65536     13    0        0     2     0     2     2     0     8    0
mcl16k     16384      5    0        0     1     0     1     1     0     8    0
mcl12k     12288      4    0        0     1     0     1     1     0     8    0
mcl9k      9216       3    0        0     1     0     1     1     0     8    0
mcl8k      8192       6    0        0     1     0     1     1     0     8    0
mcl4k      4096     136    0        0    15     0    15    15     0     8    0
mcl2k2     2112       3    0        0     1     0     1     1     0     8    0
mcl2k      2048     128    0        0     8     0     8     8     0     8    0
mtagpl      96      214    0        0     6     1     5     6     0     8    0
mbufpl     256     1546    0        0    84     0    84    84     0     8    0
bufpl      280   109986    0   103850   439     0   439   439     0     8    0
anonpl      32    15486    0        0   123     1   122   122     0   246    0
amapchunkpl 152  448634    0   447932   160   133    27    41     0   158    0
amappl16   200    40870    0    40835   255   239    16    37     0     8    4
amappl15   192        6    0        6     3     3     0     1     0     8    0
amappl14   184        8    0        7     1     0     1     1     0     8    0
amappl13   176      964    0      962     1     0     1     1     0     8    0
amappl12   168    14541    0    14496     3     0     3     3     0     8    0
amappl11   160        7    0        7     1     1     0     1     0     8    0
amappl10   152       57    0       42     1     0     1     1     0     8    0
amappl9    144      252    0      251     2     1     1     1     0     8    0
amappl8    136       24    0       21     1     0     1     1     0     8    0
amappl7    128      255    0      253     1     0     1     1     0     8    0
amappl6    120      842    0      827     1     0     1     1     0     8    0
amappl5    112      103    0       91     1     0     1     1     0     8    0
amappl4    104      810    0      780     1     0     1     1     0     8    0
amappl3     96    91810    0    91689     5     1     4     4     0     8    0
amappl2     88     1172    0     1109     2     0     2     2     0     8    0
amappl1     80    75301    0    74701    19     4    15    15     0     8    0
amappl      88   119814    0   119625     5     0     5     5     0    92    0
uvmvnodes   80      338    0        0     7     0     7     7     0     8    0
dma65536   65536     19    0       19     8     8     0     1     0     8    0
dma32768   32768      4    0        4     3     3     0     1     0     8    0
dma16384   16384      2    0        2     2     2     0     1     0     8    0
dma8192    8192       1    0        1     1     1     0     1     0     8    0
dma4096    4096       8    0        8     6     5     1     1     0     8    1
dma2048    2048       5    0        5     5     5     0     1     0     8    0
dma1024    1024       3    0        2     1     0     1     1     0     8    0
dma512     512        2    0        2     2     2     0     1     0     8    0
dma256     256       10    0       10     5     5     0     1     0     8    0
dma128     128      271    0      271    11    11     0     1     0     8    0
dma64       64        8    0        8     3     3     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       21    0       20     1     0     1     1     0     8    0
aobjpl      72      312    0       26     6     0     6     6     0     8    0
uaddrrnd    24    13813    0    13781     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24    13813    0    13781     1     0     1     1     0     8    0
vmmpekpl   168    91081    0    91014     4     0     4     4     0     8    0
vmmpepl    168   857919    0   855886   222   114   108   117     0   357    8
vmsppl     488    13812    0    13781     5     0     5     5     0     8    0
rwobjpl     80   206265    0   204660    57    16    41    44     0     8    0
pdppl      4096   27751    0    27634   282   165   117   118     0     8    0
pvpl        32    26264    0        0   207     1   206   206     0   265    0
pmappl     256    13871    0    13794     5     0     5     5     0     8    0
extentpl    40       45    0       27     1     0     1     1     0     8    0
phpool     112      731    0      358    11     0    11    11     0     8    0
ddb{1}> machine ddbcpu 0
Stopped at      x86_ipi_db+0x27:        addq    $0x8,%rsp
x86_ipi_db(ffffffff8388cff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff839c2d80) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff839c2d80) at __mp_lock+0x192 sys/kern/kern_lock.c:173
softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83
dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862
Xsoftclock() at Xsoftclock+0x27
cnputc(2f) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(2f) at db_putchar+0x36d sys/ddb/db_output.c:155
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
db_printf(ffffffff833897e1) at db_printf+0x9b sys/kern/subr_prf.c:-1
panic(ffffffff833b1a7d) at panic+0x103 sys/kern/subr_prf.c:217
__assert(ffffffff833ef671,ffffffff833e2949,51d,ffffffff8341fa87) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pageactivate(fffffd80049afa38) at uvm_pageactivate+0x1e3 sys/uvm/uvm_page.c:1306
end trace frame: 0xffff80003c461010, count: 0
ddb{0}> trace
x86_ipi_db(ffffffff8388cff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff839c2d80) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff839c2d80) at __mp_lock+0x192 sys/kern/kern_lock.c:173
softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83
dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862
Xsoftclock() at Xsoftclock+0x27
cnputc(2f) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(2f) at db_putchar+0x36d sys/ddb/db_output.c:155
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
db_printf(ffffffff833897e1) at db_printf+0x9b sys/kern/subr_prf.c:-1
panic(ffffffff833b1a7d) at panic+0x103 sys/kern/subr_prf.c:217
__assert(ffffffff833ef671,ffffffff833e2949,51d,ffffffff8341fa87) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pageactivate(fffffd80049afa38) at uvm_pageactivate+0x1e3 sys/uvm/uvm_page.c:1306
uvm_fault_lower(ffff80003c461120,ffff80003c461158,ffff80003c4610a0) at uvm_fault_lower+0x25c sys/uvm/uvm_fault.c:1379
uvm_fault(fffffd806caea3e8,200000000000,2,1) at uvm_fault+0x274 sys/uvm/uvm_fault.c:-1
uvm_fault_wire(fffffd806caea3e8,200000000000,200000013000,1) at uvm_fault_wire+0x73 sys/uvm/uvm_fault.c:1703
uvm_map_pageable_wire(fffffd806caea3e8,fffffd806dc3be90,fffffd806dc3b6b0,ffff8000fffee2b0,0,0) at uvm_map_pageable_wire+0x3dc sys/uvm/uvm_map.c:2125
sys_mlock(ffff8000fffee2b0,ffff80003c461440,ffff80003c461390) at sys_mlock+0x23d sys/uvm/uvm_mmap.c:849
syscall(ffff80003c461440) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c461440) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x973f67eed50, count: -21
ddb{0}> machine ddbcpu 1
Stopped at      savectx+0xae:   movl    $0,%gs:0x688
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7b6776d8ace0, count: 14
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7b6776d8ace0, count: -1