panic: pmap_remove_ptes: unmanaged page marked PG_PVLIST: va ADDR, opte 0x3efff
0 views
Skip to first unread message
syzbot
Apr 15, 2024, 2:39:25 AMApr 15
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 7019ae976ad9 Run raw IP input in parallel.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=125e7393180000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=09f33fb71a11cf753c46
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/493fc62c8c8e/disk-7019ae97.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/2247efe5d319/bsd-7019ae97.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/cb27b5845795/kernel-7019ae97.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+09f33f...@syzkaller.appspotmail.com
login: panic: pmap_remove_ptes: unmanaged page marked PG_PVLIST: va 0xebfdd860000, opte 0x3efff
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*293493 69888 0 0x14000 0x200 1 reaper
263791 63647 0 0x14000 0x40000200 0 softclock
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828f0d20) at panic+0x17b sys/kern/subr_prf.c:198
pmap_remove_ptes(fffffd807df3c2e8,fffffd8008529ba0,7f875feec268,ebfdd84d000,ebfdd861000,0,7ddea3e27f9ac10f) at pmap_remove_ptes+0x33e
pmap_do_remove(fffffd807df3c2e8,ebfdd84d000,ebfdd861000,0) at pmap_do_remove+0x410 sys/arch/amd64/amd64/pmap.c:1896
uvm_unmap_kill_entry_withlock(fffffd8064871530,fffffd806b69c8c0,0) at uvm_unmap_kill_entry_withlock+0x1b1 sys/uvm/uvm_map.c:1897
uvm_map_teardown(fffffd8064871530) at uvm_map_teardown+0x1c7 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
uvm_map_teardown(fffffd8064871530) at uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2534
uvmspace_free(fffffd8064871530) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3461
reaper(ffff80002a149488) at reaper+0x197 sys/kern/kern_exit.c:463
end trace frame: 0x0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: pmap_remove_ptes: unmanaged page marked PG_PVLIST: va 0xebfdd860000, opte 0x3efff
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828f0d20) at panic+0x17b sys/kern/subr_prf.c:198
pmap_remove_ptes(fffffd807df3c2e8,fffffd8008529ba0,7f875feec268,ebfdd84d000,ebfdd861000,0,7ddea3e27f9ac10f) at pmap_remove_ptes+0x33e
pmap_do_remove(fffffd807df3c2e8,ebfdd84d000,ebfdd861000,0) at pmap_do_remove+0x410 sys/arch/amd64/amd64/pmap.c:1896
uvm_unmap_kill_entry_withlock(fffffd8064871530,fffffd806b69c8c0,0) at uvm_unmap_kill_entry_withlock+0x1b1 sys/uvm/uvm_map.c:1897
uvm_map_teardown(fffffd8064871530) at uvm_map_teardown+0x1c7 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
uvm_map_teardown(fffffd8064871530) at uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2534
uvmspace_free(fffffd8064871530) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3461
reaper(ffff80002a149488) at reaper+0x197 sys/kern/kern_exit.c:463
end trace frame: 0x0, count: -8
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002a155920
rbx 0xffff800029ceccdf
rdx 0
rcx 0xffff80002a149488
rax 0xffff800029cebff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0x6562e8858117fafd
r11 0x5a6f7cea8ec68f03
r12 0xffff800029cecae0
r13 0
r14 0
r15 0x1
rip 0xffffffff8283b48c db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff80002a155910
ss 0
db_enter+0x1c: addq $0x8,%rsp
ddb{1}> show proc
PROC (reaper) tid=293493 pid=69888 tcnt=1 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
runpri=4, usrpri=58, slppri=4, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff80002a149718,0xffff80002a149208
process=0xffff80002a15b9b8 user=0xffff80002a150000, vmspace=0xffffffff82da0858
estcpu=8, cpticks=7, pctcpu=6.36, user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
54771 383294 12955 0 2 0x8000000 syz-executor.6
54771 62848 12955 0 3 0xc000080 fsleep syz-executor.6
32342 313273 17998 0 2 0x8000000 syz-executor.2
32342 379928 17998 0 3 0xc000080 fsleep syz-executor.2
22307 492121 72846 0 2 0x8000000 syz-executor.0
22307 11054 72846 0 3 0xc000080 netcon syz-executor.0
43184 357685 77228 0 2 0x8000000 syz-executor.3
43184 188285 77228 0 3 0xc000080 fsleep syz-executor.3
43184 43888 77228 0 2 0xc000000 syz-executor.3
93703 173567 48316 0 2 0x8000000 syz-executor.1
93703 184269 48316 0 3 0xc000080 fsleep syz-executor.1
3853 369336 90604 0 2 0x8000010 syz-executor.4
3853 185675 90604 0 3 0xc000090 netcon2 syz-executor.4
84251 26201 79998 0 2 0x8000000 syz-executor.7
84251 226925 79998 0 3 0xc000080 ttyout syz-executor.7
84251 373693 79998 0 3 0xc000080 fsleep syz-executor.7
72846 342933 19378 0 2 0x8000002 syz-executor.0
81828 441108 19378 0 2 0x8000482 syz-executor.5
51927 56924 1 0 3 0x18100083 ttyin getty
79998 303864 19378 0 2 0x8000002 syz-executor.7
48316 258370 19378 0 2 0x8000482 syz-executor.1
77228 63535 19378 0 2 0x8000482 syz-executor.3
90604 135200 19378 0 2 0x8000002 syz-executor.4
17998 144023 19378 0 2 0x8000482 syz-executor.2
12955 288050 19378 0 3 0x8000082 nanoslp syz-executor.6
23874 41946 0 0 3 0x14280 nfsidl nfsio
67720 145778 0 0 3 0x14280 nfsidl nfsio
26180 438256 0 0 3 0x14280 nfsidl nfsio
19534 203485 0 0 3 0x14280 nfsidl nfsio
52872 520651 0 0 3 0x14280 nfsidl nfsio
70470 30076 0 0 3 0x14280 nfsidl nfsio
44826 288195 0 0 3 0x14280 nfsidl nfsio
26275 261153 0 0 3 0x14280 nfsidl nfsio
98636 83591 0 0 3 0x14280 nfsidl nfsio
94728 282159 0 0 3 0x14280 nfsidl nfsio
27917 74508 0 0 3 0x14280 nfsidl nfsio
81667 382681 0 0 3 0x14280 nfsidl nfsio
57711 497150 0 0 3 0x14280 nfsidl nfsio
56871 325981 0 0 3 0x14280 nfsidl nfsio
66917 66591 0 0 3 0x14280 nfsidl nfsio
70721 379224 0 0 3 0x14280 nfsidl nfsio
76509 87557 0 0 3 0x14280 nfsidl nfsio
96167 485796 0 0 3 0x14280 nfsidl nfsio
42887 491378 0 0 3 0x14280 nfsidl nfsio
41197 349335 0 0 3 0x14280 nfsidl nfsio
22258 512079 0 0 3 0x14200 bored sosplice
19378 204523 37685 0 3 0x1a000082 thrsleep syz-fuzzer
19378 182104 37685 0 3 0x1e000082 thrsleep syz-fuzzer
19378 97697 37685 0 3 0x1e000082 thrsleep syz-fuzzer
19378 28390 37685 0 3 0x1e000082 wait syz-fuzzer
19378 418363 37685 0 3 0x1e000082 thrsleep syz-fuzzer
19378 425772 37685 0 3 0x1e000082 wait syz-fuzzer
19378 380333 37685 0 3 0x1e000082 wait syz-fuzzer
19378 139293 37685 0 3 0x1e000082 wait syz-fuzzer
19378 87604 37685 0 3 0x1e000082 thrsleep syz-fuzzer
19378 84957 37685 0 3 0x1e000082 kqread syz-fuzzer
19378 187181 37685 0 3 0x1e000082 thrsleep syz-fuzzer
19378 479045 37685 0 3 0x1e000082 wait syz-fuzzer
19378 236039 37685 0 3 0x1e000082 thrsleep syz-fuzzer
19378 180205 37685 0 3 0x1e000082 wait syz-fuzzer
19378 436931 37685 0 3 0x1e000082 wait syz-fuzzer
19378 493389 37685 0 3 0x1e000082 wait syz-fuzzer
37685 312621 4283 0 3 0x810008a sigsusp ksh
4283 3862 88559 0 3 0x1800009a kqread sshd
88559 157792 1 0 3 0x18000088 kqread sshd
59150 131574 61705 74 3 0x19100092 bpf pflogd
61705 180555 1 0 3 0x18000080 sbwait pflogd
48128 80469 71985 73 3 0x19100090 kqread syslogd
71985 136519 1 0 3 0x18100082 sbwait syslogd
54704 384090 1 0 3 0x18100080 kqread resolvd
23371 284530 8511 77 3 0x18100092 kqread dhcpleased
3170 20279 8511 77 3 0x18100092 kqread dhcpleased
8511 504121 1 0 3 0x18000080 kqread dhcpleased
62116 183607 0 0 3 0x14200 bored smr
19294 308743 0 0 2 0x14200 zerothread
60083 142805 0 0 3 0x14200 aiodoned aiodoned
60503 487016 0 0 3 0x14200 syncer update
13395 19312 0 0 3 0x14200 cleaner cleaner
*69888 293493 0 0 7 0x14200 reaper
23618 425219 0 0 3 0x14200 pgdaemon pagedaemon
39832 428627 0 0 3 0x14200 bored viomb
89499 233489 0 0 3 0x40014200 acpi0 acpi0
54045 62276 0 0 3 0x40014200 idle1
43899 503905 0 0 3 0x14200 bored softnet3
94213 473181 0 0 3 0x14200 bored softnet2
61956 197377 0 0 3 0x14200 bored softnet1
68516 85373 0 0 3 0x14200 bored softnet0
83153 228958 0 0 3 0x14200 bored systqmp
52967 489697 0 0 3 0x14200 bored systq
55076 31780 0 0 3 0x14200 tmoslp softclockmp
63647 263791 0 0 7 0x40014200 softclock
76411 421455 0 0 3 0x40014200 idle0
1 49351 0 0 3 0x8080082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd807df3c2f8)
#0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x446 sys/kern/subr_witness.c:1187
#1 mtx_enter_try+0x103
#2 mtx_enter+0x4e sys/kern/kern_lock.c:266
#3 pmap_do_remove+0x99 rcr3 machine/cpufunc.h:141 [inline]
#3 pmap_do_remove+0x99 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:425 [inline]
#3 pmap_do_remove+0x99 sys/arch/amd64/amd64/pmap.c:1800
#4 uvm_unmap_kill_entry_withlock+0x1b1 sys/uvm/uvm_map.c:1897
#5 uvm_map_teardown+0x1c7 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
#5 uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2534
#6 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3461
#7 reaper+0x197 sys/kern/kern_exit.c:463
#8 proc_trampoline+0x10
Process 69888 (reaper) thread 0xffff80002a149488 (293493)
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10210 6630K 6760K 166960K 12527 0
pcb 17 12K 12K 166960K 215 0
rtable 243 8K 8K 166960K 1106 0
pf 34 9K 10K 166960K 148 0
ifaddr 46 16K 16K 166960K 154 0
ifgroup 59 2K 2K 166960K 240 0
sysctl 4 1K 1K 166960K 6 0
counters 66 36K 36K 166960K 152 0
ioctlops 0 0K 4K 166960K 1565 0
iov 0 0K 16K 166960K 113 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1427 90K 90K 166960K 2632 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 45 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 1K 166960K 192 0
dirhash 12 2K 2K 166960K 24 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 17 61K 85K 166960K 1830 0
sigio 0 0K 0K 166960K 108 0
proc 71 91K 128K 166960K 1207 0
subproc 104 6K 6K 166960K 354 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 2 0K 0K 166960K 232 0
in_multi 100 7K 7K 166960K 365 0
ether_multi 1 0K 0K 166960K 10 0
mrt 1 0K 0K 166960K 6 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 121 546K 546K 166960K 121 0
exec 0 0K 1K 166960K 845 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 350 129K 134K 166960K 18298 0
UVM aobj 131 4K 4K 166960K 139 0
pinsyscall 41 82K 108K 166960K 3553 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 126 0
NDP 13 0K 1K 166960K 110 0
temp 75 6816K 6892K 166960K 40672 0
kqueue 12 18K 28K 166960K 259 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 200 0 197 1 0 1 1 0 8 0
rtentry 112 371 0 260 5 1 4 4 0 8 0
unpcb 144 1374 0 1357 10 8 2 6 0 8 1
syncache 336 19 0 19 7 6 1 1 0 8 1
tcpqe 32 62 0 62 4 4 0 1 0 8 0
tcpcb 808 696 0 677 19 17 2 8 0 8 0
arp 120 71 0 53 1 0 1 1 0 8 0
ipq 40 1 0 1 1 1 0 1 0 8 0
ipqe 40 3 0 3 1 1 0 1 0 8 0
inpcb 392 2029 0 2003 29 25 4 9 0 8 0
nd6 136 91 0 65 1 0 1 1 0 8 0
pkpcb 40 4 0 4 4 3 1 1 0 8 1
kcovpl 48 27 0 19 1 0 1 1 0 8 0
ppxss 1168 4 0 4 4 4 0 1 0 8 0
pffrag 232 11 0 5 1 0 1 1 0 482 0
pffrnode 88 11 0 5 1 0 1 1 0 8 0
pffrent 40 58 0 52 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 157 0 92 1 0 1 1 0 8 0
pfstkey 128 157 0 92 3 0 3 3 0 8 0
pfstate 376 157 0 92 7 0 7 7 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 1368 0 903 40 10 30 30 0 8 0
art_table 32 1370 0 903 4 0 4 4 0 8 0
art_node 16 367 0 266 1 0 1 1 0 8 0
semupl 112 3 0 3 1 1 0 1 0 8 0
semapl 112 190 0 180 1 0 1 1 0 8 0
shmpl 112 136 0 8 4 0 4 4 0 8 0
dirhash 1024 25 0 8 3 0 3 3 0 8 0
dino2pl 256 4280 0 2756 96 0 96 96 0 8 0
ffsino 272 4280 0 2756 103 0 103 103 0 8 0
nchpl 144 6854 0 5112 67 0 67 67 0 8 0
uvmvnodes 80 5073 0 0 104 0 104 104 0 8 0
vnodes 216 5073 0 0 282 0 282 282 0 8 0
namei 1024 24564 0 24564 4 3 1 2 0 8 1
percpumem 16 90 0 43 1 0 1 1 0 8 0
vcpupl 3904 9 0 2 2 0 2 2 0 8 0
vmpool 696 11 0 4 1 0 1 1 0 8 0
kstatmem 264 112 0 86 2 0 2 2 0 8 0
scsiplug 72 6 0 6 4 3 1 1 0 8 1
scxspl 216 37390 0 37390 12 11 1 8 1 8 1
plimitpl 152 264 0 247 1 0 1 1 0 8 0
sigapl 424 2139 0 2069 8 0 8 8 0 8 0
futexpl 64 22323 0 22318 3 2 1 1 0 8 0
knotepl 120 628 0 0 18 0 18 18 0 8 0
kqueuepl 216 580 0 572 8 7 1 5 0 8 0
pipepl 320 338 0 310 3 0 3 3 0 8 0
fdescpl 496 2099 0 2069 8 3 5 5 0 8 0
filepl 152 13326 0 13069 34 19 15 17 0 8 3
lockfpl 104 576 0 574 2 1 1 2 0 8 0
lockfspl 48 242 0 240 1 0 1 1 0 8 0
sessionpl 144 46 0 29 1 0 1 1 0 8 0
pgrppl 48 65 0 48 1 0 1 1 0 8 0
ucredpl 104 2718 0 2705 1 0 1 1 0 8 0
zombiepl 144 2070 0 2069 2 1 1 1 0 8 0
processpl 1136 2139 0 2069 6 0 6 6 0 8 0
procpl 656 4176 0 4082 9 0 9 9 0 8 0
srpgc 96 16 0 16 3 3 0 1 0 8 0
sosppl 168 47 0 44 6 5 1 1 0 8 0
sockpl 664 3690 0 3643 35 30 5 14 0 8 0
mcl64k 65536 7 0 0 1 0 1 1 0 8 0
mcl16k 16384 7 0 0 1 0 1 1 0 8 0
mcl12k 12288 6 0 0 1 0 1 1 0 8 0
mcl9k 9216 3 0 0 1 0 1 1 0 8 0
mcl8k 8192 10 0 0 2 0 2 2 0 8 0
mcl4k 4096 23 0 0 3 0 3 3 0 8 0
mcl2k2 2112 7 0 0 1 0 1 1 0 8 0
mcl2k 2048 314 0 0 40 0 40 40 0 8 0
mtagpl 96 79 0 0 2 0 2 2 0 8 0
mbufpl 256 1143 0 0 65 0 65 65 0 8 0
bufpl 280 9302 0 3047 448 0 448 448 0 8 0
anonpl 24 381833 0 375275 111 56 55 86 0 186 0
amapchunkpl 152 58974 0 58246 57 26 31 42 0 158 2
amappl16 200 8932 0 8791 66 55 11 21 0 8 0
amappl15 192 10 0 10 1 1 0 1 0 8 0
amappl14 184 221 0 207 2 1 1 2 0 8 0
amappl13 176 11 0 11 1 1 0 1 0 8 0
amappl12 168 3072 0 3038 4 2 2 3 0 8 0
amappl11 160 75 0 61 1 0 1 1 0 8 0
amappl10 152 60 0 48 1 0 1 1 0 8 0
amappl9 144 177 0 176 4 3 1 1 0 8 0
amappl8 136 409 0 319 4 0 4 4 0 8 0
amappl7 128 59 0 44 1 0 1 1 0 8 0
amappl6 120 648 0 628 2 1 1 2 0 8 0
amappl5 112 280 0 265 1 0 1 1 0 8 0
amappl4 104 741 0 702 3 1 2 3 0 8 0
amappl3 96 11494 0 11399 3 0 3 3 0 8 0
amappl2 88 2649 0 2564 5 3 2 4 0 8 0
amappl1 80 17340 0 16790 23 10 13 23 0 8 0
amappl 88 17436 0 17218 6 0 6 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 138 0 8 3 0 3 3 0 8 0
uaddrrnd 24 2110 0 2073 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2110 0 2073 1 0 1 1 0 8 0
vmmpekpl 168 19018 0 18948 4 0 4 4 0 8 0
vmmpepl 168 151398 0 149234 164 52 112 121 0 357 7
vmsppl 440 2109 0 2072 6 1 5 5 0 8 0
rwobjpl 56 48098 0 41645 97 5 92 92 0 8 0
pdppl 4096 4227 0 4151 187 111 76 79 0 8 0
pvpl 32 48745 0 0 397 3 394 395 0 265 0
pmappl 248 2109 0 2072 4 1 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 580 0 153 13 0 13 13 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffffffff82d27ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82db3828) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82db3828) at __mp_lock+0x122 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82db3828,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x491 sys/kern/sched_bsd.c:470
sleep_finish(0,1) at sleep_finish+0x19a sys/kern/kern_synch.c:414
msleep(ffffffff82db5740,ffffffff82cf0500,0,ffffffff82958151,0) at msleep+0xeb sys/kern/kern_synch.c:249
softclock_thread(ffff8000ffffecd0) at softclock_thread+0xcf sys/kern/kern_timeout.c:810
end trace frame: 0x0, count: 6
ddb{0}> trace
x86_ipi_db(ffffffff82d27ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82db3828) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82db3828) at __mp_lock+0x122 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82db3828,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x491 sys/kern/sched_bsd.c:470
sleep_finish(0,1) at sleep_finish+0x19a sys/kern/kern_synch.c:414
msleep(ffffffff82db5740,ffffffff82cf0500,0,ffffffff82958151,0) at msleep+0xeb sys/kern/kern_synch.c:249
softclock_thread(ffff8000ffffecd0) at softclock_thread+0xcf sys/kern/kern_timeout.c:810
end trace frame: 0x0, count: -9
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x1c: addq $0x8,%rsp
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828f0d20) at panic+0x17b sys/kern/subr_prf.c:198
pmap_remove_ptes(fffffd807df3c2e8,fffffd8008529ba0,7f875feec268,ebfdd84d000,ebfdd861000,0,7ddea3e27f9ac10f) at pmap_remove_ptes+0x33e
pmap_do_remove(fffffd807df3c2e8,ebfdd84d000,ebfdd861000,0) at pmap_do_remove+0x410 sys/arch/amd64/amd64/pmap.c:1896
uvm_unmap_kill_entry_withlock(fffffd8064871530,fffffd806b69c8c0,0) at uvm_unmap_kill_entry_withlock+0x1b1 sys/uvm/uvm_map.c:1897
uvm_map_teardown(fffffd8064871530) at uvm_map_teardown+0x1c7 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
uvm_map_teardown(fffffd8064871530) at uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2534
uvmspace_free(fffffd8064871530) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3461
reaper(ffff80002a149488) at reaper+0x197 sys/kern/kern_exit.c:463
end trace frame: 0x0, count: 7
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828f0d20) at panic+0x17b sys/kern/subr_prf.c:198
pmap_remove_ptes(fffffd807df3c2e8,fffffd8008529ba0,7f875feec268,ebfdd84d000,ebfdd861000,0,7ddea3e27f9ac10f) at pmap_remove_ptes+0x33e
pmap_do_remove(fffffd807df3c2e8,ebfdd84d000,ebfdd861000,0) at pmap_do_remove+0x410 sys/arch/amd64/amd64/pmap.c:1896
uvm_unmap_kill_entry_withlock(fffffd8064871530,fffffd806b69c8c0,0) at uvm_unmap_kill_entry_withlock+0x1b1 sys/uvm/uvm_map.c:1897
uvm_map_teardown(fffffd8064871530) at uvm_map_teardown+0x1c7 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
uvm_map_teardown(fffffd8064871530) at uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2534
uvmspace_free(fffffd8064871530) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3461
reaper(ffff80002a149488) at reaper+0x197 sys/kern/kern_exit.c:463
end trace frame: 0x0, count: -8
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 7019ae976ad9 Run raw IP input in parallel.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=125e7393180000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=09f33fb71a11cf753c46
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/493fc62c8c8e/disk-7019ae97.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/2247efe5d319/bsd-7019ae97.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/cb27b5845795/kernel-7019ae97.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+09f33f...@syzkaller.appspotmail.com
login: panic: pmap_remove_ptes: unmanaged page marked PG_PVLIST: va 0xebfdd860000, opte 0x3efff
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*293493 69888 0 0x14000 0x200 1 reaper
263791 63647 0 0x14000 0x40000200 0 softclock
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828f0d20) at panic+0x17b sys/kern/subr_prf.c:198
pmap_remove_ptes(fffffd807df3c2e8,fffffd8008529ba0,7f875feec268,ebfdd84d000,ebfdd861000,0,7ddea3e27f9ac10f) at pmap_remove_ptes+0x33e
pmap_do_remove(fffffd807df3c2e8,ebfdd84d000,ebfdd861000,0) at pmap_do_remove+0x410 sys/arch/amd64/amd64/pmap.c:1896
uvm_unmap_kill_entry_withlock(fffffd8064871530,fffffd806b69c8c0,0) at uvm_unmap_kill_entry_withlock+0x1b1 sys/uvm/uvm_map.c:1897
uvm_map_teardown(fffffd8064871530) at uvm_map_teardown+0x1c7 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
uvm_map_teardown(fffffd8064871530) at uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2534
uvmspace_free(fffffd8064871530) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3461
reaper(ffff80002a149488) at reaper+0x197 sys/kern/kern_exit.c:463
end trace frame: 0x0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: pmap_remove_ptes: unmanaged page marked PG_PVLIST: va 0xebfdd860000, opte 0x3efff
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828f0d20) at panic+0x17b sys/kern/subr_prf.c:198
pmap_remove_ptes(fffffd807df3c2e8,fffffd8008529ba0,7f875feec268,ebfdd84d000,ebfdd861000,0,7ddea3e27f9ac10f) at pmap_remove_ptes+0x33e
pmap_do_remove(fffffd807df3c2e8,ebfdd84d000,ebfdd861000,0) at pmap_do_remove+0x410 sys/arch/amd64/amd64/pmap.c:1896
uvm_unmap_kill_entry_withlock(fffffd8064871530,fffffd806b69c8c0,0) at uvm_unmap_kill_entry_withlock+0x1b1 sys/uvm/uvm_map.c:1897
uvm_map_teardown(fffffd8064871530) at uvm_map_teardown+0x1c7 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
uvm_map_teardown(fffffd8064871530) at uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2534
uvmspace_free(fffffd8064871530) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3461
reaper(ffff80002a149488) at reaper+0x197 sys/kern/kern_exit.c:463
end trace frame: 0x0, count: -8
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002a155920
rbx 0xffff800029ceccdf
rdx 0
rcx 0xffff80002a149488
rax 0xffff800029cebff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0x6562e8858117fafd
r11 0x5a6f7cea8ec68f03
r12 0xffff800029cecae0
r13 0
r14 0
r15 0x1
rip 0xffffffff8283b48c db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff80002a155910
ss 0
db_enter+0x1c: addq $0x8,%rsp
ddb{1}> show proc
PROC (reaper) tid=293493 pid=69888 tcnt=1 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
runpri=4, usrpri=58, slppri=4, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff80002a149718,0xffff80002a149208
process=0xffff80002a15b9b8 user=0xffff80002a150000, vmspace=0xffffffff82da0858
estcpu=8, cpticks=7, pctcpu=6.36, user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
54771 383294 12955 0 2 0x8000000 syz-executor.6
54771 62848 12955 0 3 0xc000080 fsleep syz-executor.6
32342 313273 17998 0 2 0x8000000 syz-executor.2
32342 379928 17998 0 3 0xc000080 fsleep syz-executor.2
22307 492121 72846 0 2 0x8000000 syz-executor.0
22307 11054 72846 0 3 0xc000080 netcon syz-executor.0
43184 357685 77228 0 2 0x8000000 syz-executor.3
43184 188285 77228 0 3 0xc000080 fsleep syz-executor.3
43184 43888 77228 0 2 0xc000000 syz-executor.3
93703 173567 48316 0 2 0x8000000 syz-executor.1
93703 184269 48316 0 3 0xc000080 fsleep syz-executor.1
3853 369336 90604 0 2 0x8000010 syz-executor.4
3853 185675 90604 0 3 0xc000090 netcon2 syz-executor.4
84251 26201 79998 0 2 0x8000000 syz-executor.7
84251 226925 79998 0 3 0xc000080 ttyout syz-executor.7
84251 373693 79998 0 3 0xc000080 fsleep syz-executor.7
72846 342933 19378 0 2 0x8000002 syz-executor.0
81828 441108 19378 0 2 0x8000482 syz-executor.5
51927 56924 1 0 3 0x18100083 ttyin getty
79998 303864 19378 0 2 0x8000002 syz-executor.7
48316 258370 19378 0 2 0x8000482 syz-executor.1
77228 63535 19378 0 2 0x8000482 syz-executor.3
90604 135200 19378 0 2 0x8000002 syz-executor.4
17998 144023 19378 0 2 0x8000482 syz-executor.2
12955 288050 19378 0 3 0x8000082 nanoslp syz-executor.6
23874 41946 0 0 3 0x14280 nfsidl nfsio
67720 145778 0 0 3 0x14280 nfsidl nfsio
26180 438256 0 0 3 0x14280 nfsidl nfsio
19534 203485 0 0 3 0x14280 nfsidl nfsio
52872 520651 0 0 3 0x14280 nfsidl nfsio
70470 30076 0 0 3 0x14280 nfsidl nfsio
44826 288195 0 0 3 0x14280 nfsidl nfsio
26275 261153 0 0 3 0x14280 nfsidl nfsio
98636 83591 0 0 3 0x14280 nfsidl nfsio
94728 282159 0 0 3 0x14280 nfsidl nfsio
27917 74508 0 0 3 0x14280 nfsidl nfsio
81667 382681 0 0 3 0x14280 nfsidl nfsio
57711 497150 0 0 3 0x14280 nfsidl nfsio
56871 325981 0 0 3 0x14280 nfsidl nfsio
66917 66591 0 0 3 0x14280 nfsidl nfsio
70721 379224 0 0 3 0x14280 nfsidl nfsio
76509 87557 0 0 3 0x14280 nfsidl nfsio
96167 485796 0 0 3 0x14280 nfsidl nfsio
42887 491378 0 0 3 0x14280 nfsidl nfsio
41197 349335 0 0 3 0x14280 nfsidl nfsio
22258 512079 0 0 3 0x14200 bored sosplice
19378 204523 37685 0 3 0x1a000082 thrsleep syz-fuzzer
19378 182104 37685 0 3 0x1e000082 thrsleep syz-fuzzer
19378 97697 37685 0 3 0x1e000082 thrsleep syz-fuzzer
19378 28390 37685 0 3 0x1e000082 wait syz-fuzzer
19378 418363 37685 0 3 0x1e000082 thrsleep syz-fuzzer
19378 425772 37685 0 3 0x1e000082 wait syz-fuzzer
19378 380333 37685 0 3 0x1e000082 wait syz-fuzzer
19378 139293 37685 0 3 0x1e000082 wait syz-fuzzer
19378 87604 37685 0 3 0x1e000082 thrsleep syz-fuzzer
19378 84957 37685 0 3 0x1e000082 kqread syz-fuzzer
19378 187181 37685 0 3 0x1e000082 thrsleep syz-fuzzer
19378 479045 37685 0 3 0x1e000082 wait syz-fuzzer
19378 236039 37685 0 3 0x1e000082 thrsleep syz-fuzzer
19378 180205 37685 0 3 0x1e000082 wait syz-fuzzer
19378 436931 37685 0 3 0x1e000082 wait syz-fuzzer
19378 493389 37685 0 3 0x1e000082 wait syz-fuzzer
37685 312621 4283 0 3 0x810008a sigsusp ksh
4283 3862 88559 0 3 0x1800009a kqread sshd
88559 157792 1 0 3 0x18000088 kqread sshd
59150 131574 61705 74 3 0x19100092 bpf pflogd
61705 180555 1 0 3 0x18000080 sbwait pflogd
48128 80469 71985 73 3 0x19100090 kqread syslogd
71985 136519 1 0 3 0x18100082 sbwait syslogd
54704 384090 1 0 3 0x18100080 kqread resolvd
23371 284530 8511 77 3 0x18100092 kqread dhcpleased
3170 20279 8511 77 3 0x18100092 kqread dhcpleased
8511 504121 1 0 3 0x18000080 kqread dhcpleased
62116 183607 0 0 3 0x14200 bored smr
19294 308743 0 0 2 0x14200 zerothread
60083 142805 0 0 3 0x14200 aiodoned aiodoned
60503 487016 0 0 3 0x14200 syncer update
13395 19312 0 0 3 0x14200 cleaner cleaner
*69888 293493 0 0 7 0x14200 reaper
23618 425219 0 0 3 0x14200 pgdaemon pagedaemon
39832 428627 0 0 3 0x14200 bored viomb
89499 233489 0 0 3 0x40014200 acpi0 acpi0
54045 62276 0 0 3 0x40014200 idle1
43899 503905 0 0 3 0x14200 bored softnet3
94213 473181 0 0 3 0x14200 bored softnet2
61956 197377 0 0 3 0x14200 bored softnet1
68516 85373 0 0 3 0x14200 bored softnet0
83153 228958 0 0 3 0x14200 bored systqmp
52967 489697 0 0 3 0x14200 bored systq
55076 31780 0 0 3 0x14200 tmoslp softclockmp
63647 263791 0 0 7 0x40014200 softclock
76411 421455 0 0 3 0x40014200 idle0
1 49351 0 0 3 0x8080082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd807df3c2f8)
#0 witness_lock+0x446 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x446 sys/kern/subr_witness.c:1187
#1 mtx_enter_try+0x103
#2 mtx_enter+0x4e sys/kern/kern_lock.c:266
#3 pmap_do_remove+0x99 rcr3 machine/cpufunc.h:141 [inline]
#3 pmap_do_remove+0x99 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:425 [inline]
#3 pmap_do_remove+0x99 sys/arch/amd64/amd64/pmap.c:1800
#4 uvm_unmap_kill_entry_withlock+0x1b1 sys/uvm/uvm_map.c:1897
#5 uvm_map_teardown+0x1c7 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
#5 uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2534
#6 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3461
#7 reaper+0x197 sys/kern/kern_exit.c:463
#8 proc_trampoline+0x10
Process 69888 (reaper) thread 0xffff80002a149488 (293493)
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10210 6630K 6760K 166960K 12527 0
pcb 17 12K 12K 166960K 215 0
rtable 243 8K 8K 166960K 1106 0
pf 34 9K 10K 166960K 148 0
ifaddr 46 16K 16K 166960K 154 0
ifgroup 59 2K 2K 166960K 240 0
sysctl 4 1K 1K 166960K 6 0
counters 66 36K 36K 166960K 152 0
ioctlops 0 0K 4K 166960K 1565 0
iov 0 0K 16K 166960K 113 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1427 90K 90K 166960K 2632 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 45 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 1K 166960K 192 0
dirhash 12 2K 2K 166960K 24 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 17 61K 85K 166960K 1830 0
sigio 0 0K 0K 166960K 108 0
proc 71 91K 128K 166960K 1207 0
subproc 104 6K 6K 166960K 354 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 2 0K 0K 166960K 232 0
in_multi 100 7K 7K 166960K 365 0
ether_multi 1 0K 0K 166960K 10 0
mrt 1 0K 0K 166960K 6 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 121 546K 546K 166960K 121 0
exec 0 0K 1K 166960K 845 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 350 129K 134K 166960K 18298 0
UVM aobj 131 4K 4K 166960K 139 0
pinsyscall 41 82K 108K 166960K 3553 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 126 0
NDP 13 0K 1K 166960K 110 0
temp 75 6816K 6892K 166960K 40672 0
kqueue 12 18K 28K 166960K 259 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 200 0 197 1 0 1 1 0 8 0
rtentry 112 371 0 260 5 1 4 4 0 8 0
unpcb 144 1374 0 1357 10 8 2 6 0 8 1
syncache 336 19 0 19 7 6 1 1 0 8 1
tcpqe 32 62 0 62 4 4 0 1 0 8 0
tcpcb 808 696 0 677 19 17 2 8 0 8 0
arp 120 71 0 53 1 0 1 1 0 8 0
ipq 40 1 0 1 1 1 0 1 0 8 0
ipqe 40 3 0 3 1 1 0 1 0 8 0
inpcb 392 2029 0 2003 29 25 4 9 0 8 0
nd6 136 91 0 65 1 0 1 1 0 8 0
pkpcb 40 4 0 4 4 3 1 1 0 8 1
kcovpl 48 27 0 19 1 0 1 1 0 8 0
ppxss 1168 4 0 4 4 4 0 1 0 8 0
pffrag 232 11 0 5 1 0 1 1 0 482 0
pffrnode 88 11 0 5 1 0 1 1 0 8 0
pffrent 40 58 0 52 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 157 0 92 1 0 1 1 0 8 0
pfstkey 128 157 0 92 3 0 3 3 0 8 0
pfstate 376 157 0 92 7 0 7 7 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 1368 0 903 40 10 30 30 0 8 0
art_table 32 1370 0 903 4 0 4 4 0 8 0
art_node 16 367 0 266 1 0 1 1 0 8 0
semupl 112 3 0 3 1 1 0 1 0 8 0
semapl 112 190 0 180 1 0 1 1 0 8 0
shmpl 112 136 0 8 4 0 4 4 0 8 0
dirhash 1024 25 0 8 3 0 3 3 0 8 0
dino2pl 256 4280 0 2756 96 0 96 96 0 8 0
ffsino 272 4280 0 2756 103 0 103 103 0 8 0
nchpl 144 6854 0 5112 67 0 67 67 0 8 0
uvmvnodes 80 5073 0 0 104 0 104 104 0 8 0
vnodes 216 5073 0 0 282 0 282 282 0 8 0
namei 1024 24564 0 24564 4 3 1 2 0 8 1
percpumem 16 90 0 43 1 0 1 1 0 8 0
vcpupl 3904 9 0 2 2 0 2 2 0 8 0
vmpool 696 11 0 4 1 0 1 1 0 8 0
kstatmem 264 112 0 86 2 0 2 2 0 8 0
scsiplug 72 6 0 6 4 3 1 1 0 8 1
scxspl 216 37390 0 37390 12 11 1 8 1 8 1
plimitpl 152 264 0 247 1 0 1 1 0 8 0
sigapl 424 2139 0 2069 8 0 8 8 0 8 0
futexpl 64 22323 0 22318 3 2 1 1 0 8 0
knotepl 120 628 0 0 18 0 18 18 0 8 0
kqueuepl 216 580 0 572 8 7 1 5 0 8 0
pipepl 320 338 0 310 3 0 3 3 0 8 0
fdescpl 496 2099 0 2069 8 3 5 5 0 8 0
filepl 152 13326 0 13069 34 19 15 17 0 8 3
lockfpl 104 576 0 574 2 1 1 2 0 8 0
lockfspl 48 242 0 240 1 0 1 1 0 8 0
sessionpl 144 46 0 29 1 0 1 1 0 8 0
pgrppl 48 65 0 48 1 0 1 1 0 8 0
ucredpl 104 2718 0 2705 1 0 1 1 0 8 0
zombiepl 144 2070 0 2069 2 1 1 1 0 8 0
processpl 1136 2139 0 2069 6 0 6 6 0 8 0
procpl 656 4176 0 4082 9 0 9 9 0 8 0
srpgc 96 16 0 16 3 3 0 1 0 8 0
sosppl 168 47 0 44 6 5 1 1 0 8 0
sockpl 664 3690 0 3643 35 30 5 14 0 8 0
mcl64k 65536 7 0 0 1 0 1 1 0 8 0
mcl16k 16384 7 0 0 1 0 1 1 0 8 0
mcl12k 12288 6 0 0 1 0 1 1 0 8 0
mcl9k 9216 3 0 0 1 0 1 1 0 8 0
mcl8k 8192 10 0 0 2 0 2 2 0 8 0
mcl4k 4096 23 0 0 3 0 3 3 0 8 0
mcl2k2 2112 7 0 0 1 0 1 1 0 8 0
mcl2k 2048 314 0 0 40 0 40 40 0 8 0
mtagpl 96 79 0 0 2 0 2 2 0 8 0
mbufpl 256 1143 0 0 65 0 65 65 0 8 0
bufpl 280 9302 0 3047 448 0 448 448 0 8 0
anonpl 24 381833 0 375275 111 56 55 86 0 186 0
amapchunkpl 152 58974 0 58246 57 26 31 42 0 158 2
amappl16 200 8932 0 8791 66 55 11 21 0 8 0
amappl15 192 10 0 10 1 1 0 1 0 8 0
amappl14 184 221 0 207 2 1 1 2 0 8 0
amappl13 176 11 0 11 1 1 0 1 0 8 0
amappl12 168 3072 0 3038 4 2 2 3 0 8 0
amappl11 160 75 0 61 1 0 1 1 0 8 0
amappl10 152 60 0 48 1 0 1 1 0 8 0
amappl9 144 177 0 176 4 3 1 1 0 8 0
amappl8 136 409 0 319 4 0 4 4 0 8 0
amappl7 128 59 0 44 1 0 1 1 0 8 0
amappl6 120 648 0 628 2 1 1 2 0 8 0
amappl5 112 280 0 265 1 0 1 1 0 8 0
amappl4 104 741 0 702 3 1 2 3 0 8 0
amappl3 96 11494 0 11399 3 0 3 3 0 8 0
amappl2 88 2649 0 2564 5 3 2 4 0 8 0
amappl1 80 17340 0 16790 23 10 13 23 0 8 0
amappl 88 17436 0 17218 6 0 6 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 138 0 8 3 0 3 3 0 8 0
uaddrrnd 24 2110 0 2073 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2110 0 2073 1 0 1 1 0 8 0
vmmpekpl 168 19018 0 18948 4 0 4 4 0 8 0
vmmpepl 168 151398 0 149234 164 52 112 121 0 357 7
vmsppl 440 2109 0 2072 6 1 5 5 0 8 0
rwobjpl 56 48098 0 41645 97 5 92 92 0 8 0
pdppl 4096 4227 0 4151 187 111 76 79 0 8 0
pvpl 32 48745 0 0 397 3 394 395 0 265 0
pmappl 248 2109 0 2072 4 1 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 580 0 153 13 0 13 13 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffffffff82d27ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82db3828) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82db3828) at __mp_lock+0x122 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82db3828,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x491 sys/kern/sched_bsd.c:470
sleep_finish(0,1) at sleep_finish+0x19a sys/kern/kern_synch.c:414
msleep(ffffffff82db5740,ffffffff82cf0500,0,ffffffff82958151,0) at msleep+0xeb sys/kern/kern_synch.c:249
softclock_thread(ffff8000ffffecd0) at softclock_thread+0xcf sys/kern/kern_timeout.c:810
end trace frame: 0x0, count: 6
ddb{0}> trace
x86_ipi_db(ffffffff82d27ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82db3828) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82db3828) at __mp_lock+0x122 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82db3828,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x491 sys/kern/sched_bsd.c:470
sleep_finish(0,1) at sleep_finish+0x19a sys/kern/kern_synch.c:414
msleep(ffffffff82db5740,ffffffff82cf0500,0,ffffffff82958151,0) at msleep+0xeb sys/kern/kern_synch.c:249
softclock_thread(ffff8000ffffecd0) at softclock_thread+0xcf sys/kern/kern_timeout.c:810
end trace frame: 0x0, count: -9
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x1c: addq $0x8,%rsp
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828f0d20) at panic+0x17b sys/kern/subr_prf.c:198
pmap_remove_ptes(fffffd807df3c2e8,fffffd8008529ba0,7f875feec268,ebfdd84d000,ebfdd861000,0,7ddea3e27f9ac10f) at pmap_remove_ptes+0x33e
pmap_do_remove(fffffd807df3c2e8,ebfdd84d000,ebfdd861000,0) at pmap_do_remove+0x410 sys/arch/amd64/amd64/pmap.c:1896
uvm_unmap_kill_entry_withlock(fffffd8064871530,fffffd806b69c8c0,0) at uvm_unmap_kill_entry_withlock+0x1b1 sys/uvm/uvm_map.c:1897
uvm_map_teardown(fffffd8064871530) at uvm_map_teardown+0x1c7 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
uvm_map_teardown(fffffd8064871530) at uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2534
uvmspace_free(fffffd8064871530) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3461
reaper(ffff80002a149488) at reaper+0x197 sys/kern/kern_exit.c:463
end trace frame: 0x0, count: 7
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828f0d20) at panic+0x17b sys/kern/subr_prf.c:198
pmap_remove_ptes(fffffd807df3c2e8,fffffd8008529ba0,7f875feec268,ebfdd84d000,ebfdd861000,0,7ddea3e27f9ac10f) at pmap_remove_ptes+0x33e
pmap_do_remove(fffffd807df3c2e8,ebfdd84d000,ebfdd861000,0) at pmap_do_remove+0x410 sys/arch/amd64/amd64/pmap.c:1896
uvm_unmap_kill_entry_withlock(fffffd8064871530,fffffd806b69c8c0,0) at uvm_unmap_kill_entry_withlock+0x1b1 sys/uvm/uvm_map.c:1897
uvm_map_teardown(fffffd8064871530) at uvm_map_teardown+0x1c7 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
uvm_map_teardown(fffffd8064871530) at uvm_map_teardown+0x1c7 sys/uvm/uvm_map.c:2534
uvmspace_free(fffffd8064871530) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3461
reaper(ffff80002a149488) at reaper+0x197 sys/kern/kern_exit.c:463
end trace frame: 0x0, count: -8
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages