login: panic: kernel diagnostic assertion "pmap->pm_type != PMAP_TYPE_EPT" failed: file "/syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/pmap.c", line 401 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *167747 13952 0 0x14000 0x200 0 reaper db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8259b217) at panic+0x177 sys/kern/subr_prf.c:202 __assert(ffffffff82612c02,ffffffff825be8f2,191,ffffffff82619881) at __assert+0x25 sys/kern/subr_prf.c:161 pmap_page_remove(fffffd80079d1120) at pmap_page_remove+0x5a4 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:415 [inline] pmap_page_remove(fffffd80079d1120) at pmap_page_remove+0x5a4 sys/arch/amd64/amd64/pmap.c:1919 uvm_anfree_list(fffffd806897dbb8,ffff8000211491d8) at uvm_anfree_list+0x98 amap_wipeout(fffffd806fbeeb40) at amap_wipeout+0x1b1 sys/uvm/uvm_amap.c:504 uvm_unmap_detach(ffff8000211492a0,1) at uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1599 uvm_map_teardown(fffffd806aee6010) at uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789 uvmspace_free(fffffd806aee6010) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3684 reaper(ffff8000211437a8) at reaper+0x19a sys/kern/kern_exit.c:454 end trace frame: 0x0, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "pmap->pm_type != PMAP_TYPE_EPT" failed: file "/syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/pmap.c", line 401 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8259b217) at panic+0x177 sys/kern/subr_prf.c:202 __assert(ffffffff82612c02,ffffffff825be8f2,191,ffffffff82619881) at __assert+0x25 sys/kern/subr_prf.c:161 pmap_page_remove(fffffd80079d1120) at pmap_page_remove+0x5a4 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:415 [inline] pmap_page_remove(fffffd80079d1120) at pmap_page_remove+0x5a4 sys/arch/amd64/amd64/pmap.c:1919 uvm_anfree_list(fffffd806897dbb8,ffff8000211491d8) at uvm_anfree_list+0x98 amap_wipeout(fffffd806fbeeb40) at amap_wipeout+0x1b1 sys/uvm/uvm_amap.c:504 uvm_unmap_detach(ffff8000211492a0,1) at uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1599 uvm_map_teardown(fffffd806aee6010) at uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789 uvmspace_free(fffffd806aee6010) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3684 reaper(ffff8000211437a8) at reaper+0x19a sys/kern/kern_exit.c:454 end trace frame: 0x0, count: -10 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800021149020 rbx 0xffffffff82981c5f cpu_info_full_primary+0x2c5f rdx 0 rcx 0 rax 0xffff8000211437a8 r8 0 r9 0x8080808080808080 r10 0xbed43e74c5bc94d3 r11 0x14bb0b04b861fd04 r12 0xffffffff82981a60 cpu_info_full_primary+0x2a60 r13 0 r14 0 r15 0x1 rip 0xffffffff815da138 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021149010 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (reaper) pid=167747 stat=onproc flags process=14000 proc=200 pri=4, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff800021143ce8,0xffff800021143518 process=0xffff8000fffff608 user=0xffff800021144000, vmspace=0xffffffff82a1c1d8 estcpu=1, cpticks=3, pctcpu=0.52 user=0, sys=2, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 66135 172900 55040 0 2 0 syz-executor.2 66135 401788 55040 0 3 0x4000080 fsleep syz-executor.2 93383 407947 64459 0 2 0 syz-executor.6 93383 180437 64459 0 3 0x4000080 fsleep syz-executor.6 77022 286466 55410 0 2 0x2 syz-executor.5 56909 7148 55410 0 2 0x482 syz-executor.3 7725 269965 55410 0 2 0x482 syz-executor.1 64459 316282 55410 0 2 0x482 syz-executor.6 62524 323118 55410 0 2 0x2 syz-executor.4 55502 346412 1 0 3 0x100083 ttyopn getty 73360 170245 0 0 3 0x14200 acct acct 84838 462724 55410 0 3 0x82 piperd syz-executor.0 24728 194278 0 0 3 0x14280 nfsidl nfsio 60204 427968 0 0 3 0x14280 nfsidl nfsio 93121 325284 0 0 3 0x14280 nfsidl nfsio 80594 355660 0 0 3 0x14280 nfsidl nfsio 33678 356646 0 0 3 0x14280 nfsidl nfsio 81120 390181 0 0 3 0x14280 nfsidl nfsio 8342 117202 0 0 3 0x14280 nfsidl nfsio 10123 228733 0 0 3 0x14280 nfsidl nfsio 2458 85814 0 0 3 0x14280 nfsidl nfsio 71105 215739 0 0 3 0x14280 nfsidl nfsio 25198 304773 0 0 3 0x14280 nfsidl nfsio 50470 280881 0 0 3 0x14280 nfsidl nfsio 30748 110372 0 0 3 0x14280 nfsidl nfsio 47223 363193 0 0 3 0x14280 nfsidl nfsio 50469 5 0 0 3 0x14280 nfsidl nfsio 6898 118894 0 0 3 0x14280 nfsidl nfsio 56348 463246 0 0 3 0x14280 nfsidl nfsio 99717 246799 0 0 3 0x14280 nfsidl nfsio 58536 310625 0 0 3 0x14280 nfsidl nfsio 65761 250010 0 0 3 0x14280 nfsidl nfsio 98764 353008 0 0 3 0x14200 bored sosplice 55040 482296 55410 0 2 0x482 syz-executor.2 55410 96863 17271 0 3 0x82 thrsleep syz-fuzzer 55410 264071 17271 0 2 0x4000482 syz-fuzzer 55410 161909 17271 0 2 0x4000082 syz-fuzzer 55410 187855 17271 0 3 0x4000082 thrsleep syz-fuzzer 55410 8109 17271 0 3 0x4000082 thrsleep syz-fuzzer 55410 242699 17271 0 2 0x4000482 syz-fuzzer 55410 486343 17271 0 3 0x4000082 thrsleep syz-fuzzer 55410 317050 17271 0 3 0x4000082 thrsleep syz-fuzzer 55410 364220 17271 0 3 0x4000082 thrsleep syz-fuzzer 17271 235514 67832 0 3 0x10008a sigsusp ksh 67832 213649 90073 0 3 0x9a kqread sshd 90073 304927 1 0 3 0x88 kqread sshd 5426 453828 45225 74 3 0x1100092 bpf pflogd 45225 295013 1 0 3 0x80 netio pflogd 56594 345725 18526 73 3 0x1100090 kqread syslogd 18526 89718 1 0 3 0x100082 netio syslogd 16523 10846 1 0 3 0x100080 kqread resolvd 26564 279445 67539 77 3 0x100092 kqread dhcpleased 88623 198542 67539 77 3 0x100092 kqread dhcpleased 67539 249905 1 0 3 0x80 kqread dhcpleased 8414 311122 0 0 3 0x14200 bored smr 49981 497150 0 0 2 0x14200 zerothread 24913 46610 0 0 3 0x14200 aiodoned aiodoned 98113 490850 0 0 3 0x14200 syncer update 40637 34204 0 0 3 0x14200 cleaner cleaner *13952 167747 0 0 7 0x14200 reaper 52849 83090 0 0 3 0x14200 pgdaemon pagedaemon 86124 441936 0 0 3 0x14200 bored viomb 73993 235118 0 0 3 0x40014200 acpi0 acpi0 85418 25309 0 0 7 0x40014200 idle1 6800 263255 0 0 3 0x14200 bored softnet 37056 431757 0 0 3 0x14200 bored softnet 44239 121894 0 0 3 0x14200 bored softnet 40610 159838 0 0 3 0x14200 bored softnet 16437 37391 0 0 3 0x14200 bored systqmp 29286 227001 0 0 3 0x14200 bored systq 33571 135885 0 0 3 0x40014200 bored softclock 14069 5293 0 0 3 0x40014200 idle0 1 23116 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 77022 (syz-executor.5) thread 0xffff800021229cf0 (286466) Process 62524 (syz-executor.4) thread 0xffff8000fffefce8 (323118) Process 13952 (reaper) thread 0xffff8000211437a8 (167747) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10202 6501K 7434K 78643K 37451 0 pcb 13 14K 16K 78643K 1047 0 rtable 179 12K 15K 78643K 2075 0 ifaddr 85 19K 22K 78643K 1138 0 sysctl 3 1K 3K 78643K 12 0 counters 52 35K 36K 78643K 266 0 ioctlops 0 0K 4K 78643K 3665 0 iov 0 0K 28K 78643K 943 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1555 97K 98K 78643K 8342 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 72 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 1167 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 11 37K 89K 78643K 9173 0 sigio 0 0K 0K 78643K 302 0 proc 74 91K 127K 78643K 1399 0 subproc 91 5K 6K 78643K 286 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 431 0 in_multi 67 4K 6K 78643K 392 0 ether_multi 1 0K 0K 78643K 34 0 mrt 1 0K 0K 78643K 19 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 163 731K 731K 78643K 163 0 exec 0 0K 2K 78643K 2190 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 409 807K 816K 78643K 54362 0 UVM aobj 131 4K 4K 78643K 141 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 270 0 NDP 12 0K 1K 78643K 172 0 temp 362 5196K 5770K 78643K 59499 0 kqueue 12 18K 26K 78643K 756 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 377 0 374 6 5 1 3 0 8 0 rtentry 112 353 0 288 4 1 3 4 0 8 0 unpcb 136 5514 0 5499 63 62 1 6 0 8 0 syncache 296 35 0 35 9 8 1 1 0 8 1 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 103 0 103 7 7 0 1 0 8 0 tcpcb 736 2574 0 2564 80 73 7 15 0 8 6 arp 120 49 0 38 1 0 1 1 0 8 0 inpcb 312 6410 0 6400 104 98 6 11 0 8 5 ip6q 72 23 0 23 2 2 0 1 0 8 0 ip6af 40 69 0 69 2 2 0 1 0 8 0 nd6 48 77 0 62 1 0 1 1 0 8 0 pkpcb 40 11 0 11 3 3 0 1 0 8 0 kcovpl 48 22 0 15 1 0 1 1 0 8 0 ppxss 1248 42 0 42 11 10 1 1 0 8 1 pfstscr 40 86 0 86 7 7 0 1 0 8 0 pffrag 232 15 0 15 4 4 0 1 0 482 0 pffrnode 88 15 0 15 4 4 0 1 0 8 0 pffrent 40 38 0 38 4 4 0 1 0 8 0 pfosfp 40 1432 0 1008 5 0 5 5 0 8 0 pfosfpen 112 1432 0 717 21 0 21 21 0 8 0 pfrktable 1344 406 0 394 4 3 1 2 0 8 0 pftag 88 9 0 5 1 0 1 1 0 8 0 pfstitem 24 43 0 41 1 0 1 1 0 8 0 pfstkey 112 397 0 395 1 0 1 1 0 8 0 pfstate 336 216 0 214 2 1 1 2 0 8 0 pfsrctr 152 10 0 9 1 0 1 1 0 8 0 pfrule 1360 632 0 573 7 2 5 5 0 8 0 rttmr 64 6 0 6 2 2 0 1 0 8 0 art_heap8 4096 3 0 2 3 2 1 3 0 8 0 art_heap4 256 1492 0 1181 44 18 26 29 0 8 2 art_table 32 1495 0 1183 4 0 4 4 0 8 0 art_node 16 345 0 290 1 0 1 1 0 8 0 sysvmsgpl 40 86 0 46 1 0 1 1 0 8 0 semapl 112 1165 0 1155 1 0 1 1 0 8 0 shmpl 112 138 0 10 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 13802 0 12335 93 0 93 93 0 8 0 ffsino 272 13802 0 12335 99 0 99 99 0 8 0 nchpl 144 25916 0 24264 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 99522 0 99521 10 9 1 2 0 8 0 percpumem 16 145 0 107 1 0 1 1 0 8 0 vcpupl 2048 84 0 2 11 0 11 11 0 8 0 vmpool 560 89 0 7 6 0 6 6 0 8 0 pfiaddrpl 120 129 0 110 2 1 1 1 0 8 0 kstatmem 264 238 0 214 5 2 3 3 0 8 1 scsiplug 72 15 0 15 5 5 0 1 0 8 0 scxspl 216 78729 0 78729 26 25 1 8 0 8 1 plimitpl 152 1070 0 1055 1 0 1 1 0 8 0 sigapl 424 9496 0 9430 11 3 8 8 0 8 0 futexpl 64 84303 0 84301 5 4 1 1 0 8 0 knotepl 120 759 0 0 11 0 11 11 0 8 0 kqueuepl 216 1920 0 1912 30 29 1 7 0 8 0 pipepl 336 1554 0 1525 44 40 4 8 0 8 1 fdescpl 496 9436 0 9412 5 1 4 5 0 8 0 filepl 152 67652 0 67426 159 144 15 23 0 8 5 lockfpl 104 3391 0 3389 9 8 1 2 0 8 0 lockfspl 48 950 0 948 1 0 1 1 0 8 0 sessionpl 144 40 0 23 1 0 1 1 0 8 0 pgrppl 48 48 0 31 1 0 1 1 0 8 0 ucredpl 96 9254 0 9239 1 0 1 1 0 8 0 zombiepl 144 9433 0 9430 2 1 1 1 0 8 0 processpl 1064 9496 0 9430 5 0 5 5 0 8 0 procpl 672 25687 0 25611 27 19 8 9 0 8 0 srpgc 96 24 0 24 10 9 1 1 0 8 1 sosppl 168 56 0 56 9 9 0 1 0 8 0 sockpl 480 12325 0 12297 307 295 12 24 0 8 7 mcl64k 65536 24 0 0 3 1 2 3 0 8 0 mcl16k 16384 23 0 0 3 1 2 3 0 8 0 mcl12k 12288 19 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 34 0 0 4 2 2 3 0 8 0 mcl2k2 2112 6 0 0 1 0 1 1 0 8 0 mcl2k 2048 242 0 0 20 1 19 20 0 8 0 mtagpl 96 1254 0 0 28 0 28 28 0 8 0 mbufpl 256 1673 0 0 91 0 91 91 0 8 0 bufpl 288 17295 0 10965 453 0 453 453 0 8 0 anonpl 24 1774919 0 1757902 245 122 123 150 0 186 3 amapchunkpl 152 160906 0 160164 87 52 35 44 0 158 0 amappl16 200 23672 0 23108 123 90 33 53 0 8 0 amappl15 192 3474 0 3471 4 3 1 1 0 8 0 amappl14 184 2193 0 2188 1 0 1 1 0 8 0 amappl13 176 1810 0 1806 1 0 1 1 0 8 0 amappl12 168 496 0 492 1 0 1 1 0 8 0 amappl11 160 578 0 558 5 4 1 2 0 8 0 amappl10 152 706 0 699 1 0 1 1 0 8 0 amappl9 144 968 0 964 1 0 1 1 0 8 0 amappl8 136 2755 0 2657 4 0 4 4 0 8 0 amappl7 128 1932 0 1920 1 0 1 1 0 8 0 amappl6 120 797 0 772 2 1 1 2 0 8 0 amappl5 112 6675 0 6658 1 0 1 1 0 8 0 amappl4 104 4402 0 4366 5 3 2 2 0 8 0 amappl3 96 28290 0 28249 2 0 2 2 0 8 0 amappl2 88 12035 0 11976 3 1 2 3 0 8 0 amappl1 80 225271 0 224698 25 10 15 20 0 8 0 amappl 88 53388 0 53177 7 1 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 140 0 10 3 0 3 3 0 8 0 uaddrrnd 24 9525 0 9419 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 9525 0 9419 1 0 1 1 0 8 0 vmmpekpl 168 69400 0 69326 4 0 4 4 0 8 0 vmmpepl 168 909299 0 906869 265 133 132 159 0 357 0 vmsppl 368 9524 0 9418 12 1 11 11 0 8 0 rwobjpl 56 226816 0 219140 137 26 111 114 0 8 0 pdppl 4096 19057 0 18918 583 432 151 151 0 8 12 pvpl 32 3605871 0 3584565 502 291 211 257 0 265 22 pmappl 248 9524 0 9418 9 1 8 8 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 1675 0 683 29 0 29 29 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8259b217) at panic+0x177 sys/kern/subr_prf.c:202 __assert(ffffffff82612c02,ffffffff825be8f2,191,ffffffff82619881) at __assert+0x25 sys/kern/subr_prf.c:161 pmap_page_remove(fffffd80079d1120) at pmap_page_remove+0x5a4 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:415 [inline] pmap_page_remove(fffffd80079d1120) at pmap_page_remove+0x5a4 sys/arch/amd64/amd64/pmap.c:1919 uvm_anfree_list(fffffd806897dbb8,ffff8000211491d8) at uvm_anfree_list+0x98 amap_wipeout(fffffd806fbeeb40) at amap_wipeout+0x1b1 sys/uvm/uvm_amap.c:504 uvm_unmap_detach(ffff8000211492a0,1) at uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1599 uvm_map_teardown(fffffd806aee6010) at uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789 uvmspace_free(fffffd806aee6010) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3684 reaper(ffff8000211437a8) at reaper+0x19a sys/kern/kern_exit.c:454 end trace frame: 0x0, count: -10 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5