panic: kernel diagnostic assertion "(pg->pg_flags & PG_BUSY) == 0" failed: file "/syzkaller/managers/main/kernel/sys/arch/amd64/amd64/pmap.c", line 1422 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *267638 88456 0 0x8000000 0x4000000 0 syz-executor.6 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292f061) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e5f62,ffffffff8283efe6,58e,ffffffff82895b9e) at __assert+0x29 sys/kern/subr_prf.c:157 pmap_destroy(fffffd806d169520) at pmap_destroy+0x2a4 sys/arch/amd64/amd64/pmap.c:1422 uvm_map_teardown(fffffd8069192418) at uvm_map_teardown+0x287 sys/uvm/uvm_map.c:2557 uvmspace_free(fffffd8069192418) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3461 vm_teardown(ffff8000343bd080) at vm_teardown+0x105 sys/dev/vmm/vmm.c:555 vm_terminate(ffff8000343bd320) at vm_terminate+0x121 sys/dev/vmm/vmm.c:688 vmmioctl(a00,80045604,ffff8000343bd320,81,ffff80002c0e3748) at vmmioctl+0x291 sys/dev/vmm/vmm.c:248 VOP_IOCTL(fffffd8070eec438,80045604,ffff8000343bd320,81,fffffd807f7d7958,ffff80002c0e3748) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8071056270,80045604,ffff8000343bd320,ffff80002c0e3748) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002c0e3748,ffff8000343bd500,ffff8000343bd450) at sys_ioctl+0x4a5 syscall(ffff8000343bd500) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1b742fb2910, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "(pg->pg_flags & PG_BUSY) == 0" failed: file "/syzkaller/managers/main/kernel/sys/arch/amd64/amd64/pmap.c", line 1422 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292f061) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e5f62,ffffffff8283efe6,58e,ffffffff82895b9e) at __assert+0x29 sys/kern/subr_prf.c:157 pmap_destroy(fffffd806d169520) at pmap_destroy+0x2a4 sys/arch/amd64/amd64/pmap.c:1422 uvm_map_teardown(fffffd8069192418) at uvm_map_teardown+0x287 sys/uvm/uvm_map.c:2557 uvmspace_free(fffffd8069192418) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3461 vm_teardown(ffff8000343bd080) at vm_teardown+0x105 sys/dev/vmm/vmm.c:555 vm_terminate(ffff8000343bd320) at vm_terminate+0x121 sys/dev/vmm/vmm.c:688 vmmioctl(a00,80045604,ffff8000343bd320,81,ffff80002c0e3748) at vmmioctl+0x291 sys/dev/vmm/vmm.c:248 VOP_IOCTL(fffffd8070eec438,80045604,ffff8000343bd320,81,fffffd807f7d7958,ffff80002c0e3748) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8071056270,80045604,ffff8000343bd320,ffff80002c0e3748) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002c0e3748,ffff8000343bd500,ffff8000343bd450) at sys_ioctl+0x4a5 syscall(ffff8000343bd500) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1b742fb2910, count: -14 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000343bce70 rbx 0x1 rdx 0xffff800000dca580 rcx 0 rax 0xffff80002c0e3748 r8 0 r9 0x8080808080808080 r10 0x86dfb896c88a5e20 r11 0xa4c8f968361ffd8b r12 0 r13 0xfffffd8005bb1580 r14 0 r15 0x1 rip 0xffffffff81172bbc db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff8000343bce60 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.6) tid=267638 pid=88456 tcnt=2 stat=onproc flags process=8000000 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002c0e27e8,0xffffffff82e61dc8 process=0xffff80002c13f698 user=0xffff8000343b8000, vmspace=0xfffffd8067184170 estcpu=5, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 88456 124509 59233 0 2 0x8000000 syz-executor.6 *88456 267638 59233 0 7 0xc000000 syz-executor.6 37138 117853 78202 0 2 0x8000002 sh 13957 487001 67073 0 2 0x8000000 syz-executor.1 13957 463594 67073 0 3 0xc000080 netcon syz-executor.1 7000 71484 38262 0 2 0x8100002 sh 50561 348343 71932 0 2 0x8000480 syz-executor.4 50561 467379 71932 0 3 0xc000080 kqread syz-executor.4 50561 16295 71932 0 3 0xc000080 fsleep syz-executor.4 38262 519781 14985 0 3 0x8000082 wait syz-executor.3 78202 210735 14985 0 3 0x8000082 wait syz-executor.0 67073 339475 14985 0 2 0x8000482 syz-executor.1 29659 91526 14985 0 2 0x8000002 syz-executor.7 35810 165930 14985 0 2 0x8000002 syz-executor.2 71932 405525 14985 0 2 0x8000482 syz-executor.4 59233 225900 14985 0 2 0x8000482 syz-executor.6 90479 458449 14985 0 2 0x8000002 syz-executor.5 55001 524083 0 0 3 0x14280 nfsidl nfsio 90038 92845 0 0 3 0x14280 nfsidl nfsio 43357 473427 0 0 3 0x14280 nfsidl nfsio 85723 350269 0 0 3 0x14280 nfsidl nfsio 41057 134143 0 0 3 0x14280 nfsidl nfsio 36850 211611 0 0 3 0x14280 nfsidl nfsio 34729 222998 0 0 3 0x14280 nfsidl nfsio 34113 250962 0 0 3 0x14280 nfsidl nfsio 31519 518489 0 0 3 0x14280 nfsidl nfsio 41742 177501 0 0 3 0x14280 nfsidl nfsio 40359 325360 0 0 3 0x14280 nfsidl nfsio 71556 351027 0 0 3 0x14280 nfsidl nfsio 46804 183107 0 0 3 0x14280 nfsidl nfsio 3587 418536 0 0 3 0x14280 nfsidl nfsio 74065 383646 0 0 3 0x14280 nfsidl nfsio 35057 271965 0 0 3 0x14280 nfsidl nfsio 43697 97965 0 0 3 0x14280 nfsidl nfsio 38016 136255 0 0 3 0x14280 nfsidl nfsio 43853 328873 0 0 3 0x14280 nfsidl nfsio 18308 264818 0 0 3 0x14280 nfsidl nfsio 67904 116835 1 0 3 0x18100083 ttyin getty 19698 255070 0 0 3 0x14200 bored sosplice 14985 228773 76858 0 3 0x1a000082 kqread syz-fuzzer 14985 207391 76858 0 2 0x1e000482 syz-fuzzer 14985 426287 76858 0 3 0x1e000082 wait syz-fuzzer 14985 50970 76858 0 3 0x1e000082 wait syz-fuzzer 14985 516216 76858 0 3 0x1e000082 thrsleep syz-fuzzer 14985 129315 76858 0 3 0x1e000082 wait syz-fuzzer 14985 298455 76858 0 3 0x1e000082 thrsleep syz-fuzzer 14985 346218 76858 0 3 0x1e000082 wait syz-fuzzer 14985 516757 76858 0 3 0x1e000082 wait syz-fuzzer 14985 167717 76858 0 3 0x1e000082 thrsleep syz-fuzzer 14985 74599 76858 0 3 0x1e000082 wait syz-fuzzer 14985 363465 76858 0 3 0x1e000082 wait syz-fuzzer 14985 473760 76858 0 3 0x1e000082 wait syz-fuzzer 14985 50903 76858 0 3 0x1e000082 thrsleep syz-fuzzer 76858 239988 40983 0 3 0x810008a sigsusp ksh 40983 188048 99691 0 3 0x1800009a kqread sshd 99691 167187 1 0 3 0x18000088 kqread sshd 35892 144238 78543 73 2 0x19100010 syslogd 78543 152980 1 0 3 0x18100082 sbwait syslogd 33553 132382 1 0 3 0x18100080 kqread resolvd 54053 313666 91084 77 3 0x18100092 kqread dhcpleased 27841 205193 91084 77 3 0x18100092 kqread dhcpleased 91084 133214 1 0 3 0x18000080 kqread dhcpleased 59719 68796 0 0 3 0x14200 bored smr 55094 343745 0 0 2 0x14200 zerothread 46029 301096 0 0 3 0x14200 aiodoned aiodoned 43153 159907 0 0 3 0x14200 syncer update 45453 330253 0 0 3 0x14200 cleaner cleaner 94877 54550 0 0 3 0x14200 reaper reaper 97062 20494 0 0 3 0x14200 pgdaemon pagedaemon 42858 507896 0 0 3 0x14200 bored viomb 80565 131599 0 0 3 0x40014200 acpi0 acpi0 52083 381630 0 0 3 0x14200 bored softnet3 86891 358787 0 0 3 0x14200 bored softnet2 23595 313931 0 0 3 0x14200 bored softnet1 41812 326465 0 0 3 0x14200 bored softnet0 19139 514836 0 0 3 0x14200 bored systqmp 68548 127992 0 0 3 0x14200 bored systq 80803 369569 0 0 3 0x40014200 tmoslp softclock 16366 373712 0 0 3 0x40014200 idle0 1 169546 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10190 6560K 7274K 166960K 15419 0 pcb 17 12K 12K 166960K 282 0 rtable 212 15K 16K 166960K 3831 0 pf 35 9K 10K 166960K 338 0 ifaddr 41 12K 13K 166960K 526 0 ifgroup 62 2K 2K 166960K 621 0 sysctl 4 1K 1K 166960K 5 0 counters 33 17K 18K 166960K 171 0 ioctlops 0 0K 2K 166960K 226 0 iov 0 0K 18K 166960K 113 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1428 90K 90K 166960K 4529 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 56 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 168 0 dirhash 12 2K 2K 166960K 75 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 15 53K 105K 166960K 3385 0 sigio 0 0K 0K 166960K 30 0 proc 58 59K 124K 166960K 3673 0 subproc 104 6K 8K 166960K 1560 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 288 0 in_multi 78 5K 7K 166960K 1343 0 ether_multi 1 0K 0K 166960K 12 0 mrt 1 0K 0K 166960K 8 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 85 387K 387K 166960K 85 0 exec 0 0K 1K 166960K 2109 0 pfkey data 0 0K 0K 166960K 5 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 236 75K 129K 166960K 20837 0 UVM aobj 84 3K 3K 166960K 91 0 pinsyscall 35 70K 102K 166960K 7488 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 100 0 NDP 14 0K 2K 166960K 383 0 temp 77 6812K 6884K 166960K 146491 0 kqueue 13 20K 30K 166960K 283 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 429 0 426 1 0 1 1 0 8 0 rtentry 112 1362 0 1269 4 0 4 4 0 8 1 unpcb 144 1376 0 1363 3 2 1 3 0 8 0 syncache 336 5 0 5 1 1 0 1 0 8 0 sackhl 24 3 8 3 1 1 0 1 0 8 0 tcpqe 32 28 0 28 1 1 0 1 0 8 0 tcpcb 808 536 0 528 3 1 2 2 0 8 1 arp 88 254 0 236 1 0 1 1 0 8 0 ipq 40 7 0 7 1 0 1 1 0 8 1 ipqe 40 97 0 97 1 0 1 1 0 8 1 inpcb 352 2258 0 2246 3 1 2 3 0 8 0 nd6 104 359 0 341 1 0 1 1 0 8 0 pkpcb 40 10 0 10 1 1 0 1 0 8 0 kcovpl 48 120 0 112 1 0 1 1 0 8 0 ppxss 1072 11 0 11 2 1 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 5388 0 5018 81 57 24 30 0 8 0 art_table 32 5389 0 5018 4 0 4 4 0 8 1 art_node 16 1355 0 1270 1 0 1 1 0 8 0 sysvmsgpl 40 16 0 3 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 165 0 155 1 0 1 1 0 8 0 shmpl 112 88 0 7 3 0 3 3 0 8 0 dirhash 1024 59 0 42 3 0 3 3 0 8 0 dino2pl 256 4884 0 3379 96 0 96 96 0 8 0 ffsino 240 4884 0 3379 90 0 90 90 0 8 0 nchpl 144 8531 0 7939 67 40 27 67 0 8 0 uvmvnodes 80 7543 0 0 154 0 154 154 0 8 0 vnodes 216 7543 0 0 420 0 420 420 0 8 0 namei 1024 40237 0 40235 5 3 2 3 0 8 1 vcpupl 3904 4 0 1 1 0 1 1 0 8 0 vmpool 664 14 0 10 1 0 1 1 0 8 0 kstatmem 264 304 0 276 3 0 3 3 0 8 1 scsiplug 72 3 0 3 1 1 0 1 0 8 0 scxspl 216 72569 0 72569 8 7 1 8 1 8 1 plimitpl 152 404 0 389 1 0 1 1 0 8 0 sigapl 424 3485 0 3422 9 0 9 9 0 8 0 futexpl 64 34260 0 34259 1 0 1 1 0 8 0 knotepl 120 11817 0 11730 25 14 11 17 0 8 7 kqueuepl 184 537 0 528 1 0 1 1 0 8 0 pipepl 288 772 0 744 3 0 3 3 0 8 0 fdescpl 432 3448 0 3422 5 1 4 5 0 8 0 filepl 120 18366 0 18124 12 3 9 12 0 8 1 lockfpl 104 615 0 613 1 0 1 1 0 8 0 lockfspl 48 273 0 271 1 0 1 1 0 8 0 sessionpl 144 136 0 120 1 0 1 1 0 8 0 pgrppl 48 158 0 142 1 0 1 1 0 8 0 ucredpl 104 2659 0 2649 1 0 1 1 0 8 0 zombiepl 144 3422 0 3422 2 1 1 1 0 8 1 processpl 1072 3485 0 3422 6 0 6 6 0 8 0 procpl 656 5507 0 5427 8 0 8 8 0 8 0 sosppl 168 14 0 14 1 1 0 1 0 8 0 sockpl 504 4097 0 4069 15 9 6 13 0 8 2 mcl64k 65536 15 0 15 2 1 1 1 0 8 1 mcl16k 16384 1 0 1 1 1 0 1 0 8 0 mcl12k 12288 4 0 4 1 1 0 1 0 8 0 mcl8k 8192 146 0 146 2 1 1 1 0 8 1 mcl4k 4096 10 0 10 1 1 0 1 0 8 0 mcl2k2 2112 1 0 1 1 1 0 1 0 8 0 mcl2k 2048 33441 0 33339 51 32 19 37 0 8 3 mtagpl 96 110 0 110 1 0 1 1 0 8 1 mbufpl 256 87016 0 86807 125 101 24 64 0 8 8 bufpl 280 12640 0 4493 583 0 583 583 0 8 0 anonpl 24 548405 0 542286 94 28 66 92 0 188 1 amapchunkpl 152 64401 0 63894 54 21 33 49 0 158 6 amappl16 200 11070 0 10941 60 44 16 21 0 8 8 amappl15 192 140 0 139 1 0 1 1 0 8 0 amappl14 184 489 0 476 2 1 1 2 0 8 0 amappl13 176 17 0 17 1 1 0 1 0 8 0 amappl12 168 5709 0 5681 3 1 2 3 0 8 0 amappl11 160 50 0 40 1 0 1 1 0 8 0 amappl10 152 157 0 147 1 0 1 1 0 8 0 amappl9 144 186 0 186 1 1 0 1 0 8 0 amappl8 136 364 0 333 2 0 2 2 0 8 0 amappl7 128 71 0 56 1 0 1 1 0 8 0 amappl6 120 1857 0 1839 2 1 1 2 0 8 0 amappl5 112 613 0 601 1 0 1 1 0 8 0 amappl4 104 1273 0 1244 2 1 1 2 0 8 0 amappl3 96 15343 0 15276 3 0 3 3 0 8 1 amappl2 88 4172 0 4103 4 2 2 4 0 8 0 amappl1 80 89641 0 89010 28 8 20 23 0 8 3 amappl 88 19386 0 19236 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 90 0 7 2 0 2 2 0 8 0 uaddrrnd 24 3462 0 3433 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3462 0 3433 1 0 1 1 0 8 0 vmmpekpl 168 29520 0 29467 4 0 4 4 0 8 0 vmmpepl 168 377297 0 375339 130 18 112 122 0 357 18 vmsppl 344 3461 0 3432 4 0 4 4 0 8 0 rwobjpl 24 113060 0 104261 55 0 55 55 0 8 0 pdppl 4096 6930 0 6868 393 321 72 87 0 8 10 pvpl 32 1506342 0 1494288 407 234 173 369 0 265 40 pmappl 216 3461 0 3432 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 876 0 531 12 1 11 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292f061) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e5f62,ffffffff8283efe6,58e,ffffffff82895b9e) at __assert+0x29 sys/kern/subr_prf.c:157 pmap_destroy(fffffd806d169520) at pmap_destroy+0x2a4 sys/arch/amd64/amd64/pmap.c:1422 uvm_map_teardown(fffffd8069192418) at uvm_map_teardown+0x287 sys/uvm/uvm_map.c:2557 uvmspace_free(fffffd8069192418) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3461 vm_teardown(ffff8000343bd080) at vm_teardown+0x105 sys/dev/vmm/vmm.c:555 vm_terminate(ffff8000343bd320) at vm_terminate+0x121 sys/dev/vmm/vmm.c:688 vmmioctl(a00,80045604,ffff8000343bd320,81,ffff80002c0e3748) at vmmioctl+0x291 sys/dev/vmm/vmm.c:248 VOP_IOCTL(fffffd8070eec438,80045604,ffff8000343bd320,81,fffffd807f7d7958,ffff80002c0e3748) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8071056270,80045604,ffff8000343bd320,ffff80002c0e3748) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002c0e3748,ffff8000343bd500,ffff8000343bd450) at sys_ioctl+0x4a5 syscall(ffff8000343bd500) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1b742fb2910, count: -14 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292f061) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e5f62,ffffffff8283efe6,58e,ffffffff82895b9e) at __assert+0x29 sys/kern/subr_prf.c:157 pmap_destroy(fffffd806d169520) at pmap_destroy+0x2a4 sys/arch/amd64/amd64/pmap.c:1422 uvm_map_teardown(fffffd8069192418) at uvm_map_teardown+0x287 sys/uvm/uvm_map.c:2557 uvmspace_free(fffffd8069192418) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3461 vm_teardown(ffff8000343bd080) at vm_teardown+0x105 sys/dev/vmm/vmm.c:555 vm_terminate(ffff8000343bd320) at vm_terminate+0x121 sys/dev/vmm/vmm.c:688 vmmioctl(a00,80045604,ffff8000343bd320,81,ffff80002c0e3748) at vmmioctl+0x291 sys/dev/vmm/vmm.c:248 VOP_IOCTL(fffffd8070eec438,80045604,ffff8000343bd320,81,fffffd807f7d7958,ffff80002c0e3748) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264 vn_ioctl(fffffd8071056270,80045604,ffff8000343bd320,ffff80002c0e3748) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525 sys_ioctl(ffff80002c0e3748,ffff8000343bd500,ffff8000343bd450) at sys_ioctl+0x4a5 syscall(ffff8000343bd500) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x1b742fb2910, count: -14