assert "!pmap_is_ept(pmap)" failed in pmap.c
0 views
Skip to first unread message
syzbot
Nov 27, 2025, 2:25:25 PM (2 days ago) Nov 27
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 7de01a79e4ba vmd(8): Use 32-bit direct kernel launch for b..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1459ce12580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=74b64e0e8600f66e0644
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/5bfef76306e0/disk-7de01a79.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/3f2c5b2918b3/bsd-7de01a79.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7ffdb23c4a3c/kernel-7de01a79.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+74b64e...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "!pmap_is_ept(pmap)" failed: file "/syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/pmap.c", line 424
Starting stack trace...
panic(ffffffff833ada7f) at panic+0x1d0 sys/kern/subr_prf.c:229
__assert(ffffffff833eb0f7,ffffffff833dfc53,1a8,ffffffff833ae6b1) at __assert+0x29 sys/kern/subr_prf.c:-1
pmap_page_remove(fffffd8008300470) at pmap_page_remove+0x7bd pmap_map_ptes sys/arch/amd64/amd64/pmap.c:438 [inline]
pmap_page_remove(fffffd8008300470) at pmap_page_remove+0x7bd sys/arch/amd64/amd64/pmap.c:1974
uvm_anfree_list(fffffd80604f94a0,0) at uvm_anfree_list+0xd6 sys/uvm/uvm_anon.c:112
amap_wipeout(fffffd806c797798) at amap_
wipeout+0x248
uvm_unmap_detach(ffff80002a37bdd0,0) at uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
uvm_map_teardown(fffffd800b063988) at uvm_map_teardown+0x360 sys/uvm/uvm_map.c:2525
exit1(ffff800031be6550,43,0,1) at exit1+0x6fc sys/kern/kern_exit.c:260
sys_exit(ffff800031be6550,ffff80002a37bfa0,ffff80002a37bef0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a37bfa0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a37bfa0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7222a991da20, count: 246
End of stack trace.
syncing disks...set $lines = 0
set $maxwidth = 0
show panic
trace
show registers
show proc
ps
show all locks
show malloc
show all pools
machine ddbcpu 0
trace
machine ddbcpu 1
trace
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 7de01a79e4ba vmd(8): Use 32-bit direct kernel launch for b..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1459ce12580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=74b64e0e8600f66e0644
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/5bfef76306e0/disk-7de01a79.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/3f2c5b2918b3/bsd-7de01a79.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7ffdb23c4a3c/kernel-7de01a79.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+74b64e...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "!pmap_is_ept(pmap)" failed: file "/syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/pmap.c", line 424
Starting stack trace...
panic(ffffffff833ada7f) at panic+0x1d0 sys/kern/subr_prf.c:229
__assert(ffffffff833eb0f7,ffffffff833dfc53,1a8,ffffffff833ae6b1) at __assert+0x29 sys/kern/subr_prf.c:-1
pmap_page_remove(fffffd8008300470) at pmap_page_remove+0x7bd pmap_map_ptes sys/arch/amd64/amd64/pmap.c:438 [inline]
pmap_page_remove(fffffd8008300470) at pmap_page_remove+0x7bd sys/arch/amd64/amd64/pmap.c:1974
uvm_anfree_list(fffffd80604f94a0,0) at uvm_anfree_list+0xd6 sys/uvm/uvm_anon.c:112
amap_wipeout(fffffd806c797798) at amap_
wipeout+0x248
uvm_unmap_detach(ffff80002a37bdd0,0) at uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
uvm_map_teardown(fffffd800b063988) at uvm_map_teardown+0x360 sys/uvm/uvm_map.c:2525
exit1(ffff800031be6550,43,0,1) at exit1+0x6fc sys/kern/kern_exit.c:260
sys_exit(ffff800031be6550,ffff80002a37bfa0,ffff80002a37bef0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a37bfa0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a37bfa0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7222a991da20, count: 246
End of stack trace.
syncing disks...set $lines = 0
set $maxwidth = 0
show panic
trace
show registers
show proc
ps
show all locks
show malloc
show all pools
machine ddbcpu 0
trace
machine ddbcpu 1
trace
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages