panic: kernel diagnostic assertion "pg->wire_count == NUM" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uv
0 views
Skip to first unread message
syzbot
8:23 AM (5 hours ago) 8:23 AM
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: d11ef3f2eb06 replace SRPs with SMRs for carp iface list ha..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14d63d92580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=beae8c85fac6090e135c
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2ae06efcd5aa/disk-d11ef3f2.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/4cc26937d629/bsd-d11ef3f2.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5e105dbf2941/kernel-d11ef3f2.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+beae8c...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "pg->wire_coWuAntR N=I=NG :0 "S PfLa iNlOeTd : fLOiWleER E"D/ sOyNz SkaYSlCleArLL/m a91na -g5e9r0s9/6m4u0l0t8i cEorXITe/ k0er n9e
l/syStopped at savectx+0xae: movl $0,%gs:0x688
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 28503 38239 0 0x2 0 0 syz-executor
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7237dcc69ac0, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu1: kernel diagnostic assertion "pg->wire_count == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 1326
ddb{0}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7237dcc69ac0, count: -1
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80003c4068d0
rbx 0
rdx 0
rcx 0xffff8000fffe9ca8
rax 0x3b
r8 0xffff80003c406800
r9 0xffff80003c4064c8
r10 0x30db80e4e27a77db
r11 0x852cd46419c4f576
r12 0
r13 0
r14 0xffff8000fffe9ca8
r15 0
rip 0xffffffff82bf03ee savectx+0xae
cs 0x8
rflags 0x46
rsp 0xffff80003c406850
ss 0x10
savectx+0xae: movl $0,%gs:0x688
ddb{0}> show proc
PROC (syz-executor) tid=28503 pid=38239 tcnt=1 stat=onproc
flags process=2<EXEC> proc=0
runpri=32, usrpri=86, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000fffe3cb0,0xffff8000ffffd240
process=0xffff8000fffe61d0 user=0xffff80003c401000, vmspace=0xfffffd806c962208
estcpu=36, cpticks=97, pctcpu=0.21, user=2, sys=74, intr=21
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
1095 60822 70695 0 3 0x80 fsleep syz-executor
1095 188877 70695 0 3 0x4000080 netcon syz-executor
50503 445748 38239 0 3 0x80 fsleep syz-executor
50503 139423 38239 0 3 0x4000080 kqsel syz-executor
34117 143797 95211 0 3 0x80 fsleep syz-executor
34117 120584 95211 0 3 0x4000080 ttyout syz-executor
34117 113672 95211 0 3 0x4000080 fsleep syz-executor
28714 510657 33952 0 3 0x80 fsleep syz-executor
28714 387380 33952 0 2 0x4000000 syz-executor
36049 480605 56275 0 3 0x80 fsleep syz-executor
36049 158470 56275 0 3 0x4000080 sbwait syz-executor
8209 12700 94164 0 3 0x80 fsleep syz-executor
8209 84225 94164 0 3 0x4000080 sbwait syz-executor
96240 182732 42973 0 3 0x80 fsleep syz-executor
96240 91236 42973 0 3 0x4000080 lockf syz-executor
35811 71502 0 0 3 0x14200 acct acct
38334 160029 54878 0 2 0xc82 syz-executor
33952 34518 54878 0 3 0x82 nanoslp syz-executor
42973 429816 54878 0 2 0xc82 syz-executor
94164 77515 54878 0 3 0x82 nanoslp syz-executor
56275 313731 54878 0 3 0x82 nanoslp syz-executor
70695 45761 54878 0 3 0x82 nanoslp syz-executor
13217 158413 0 0 3 0x14280 nfsidl nfsio
3947 149901 0 0 3 0x14280 nfsidl nfsio
5229 92205 0 0 3 0x14280 nfsidl nfsio
76306 237436 0 0 3 0x14280 nfsidl nfsio
76707 228254 0 0 3 0x14280 nfsidl nfsio
88560 125866 0 0 3 0x14280 nfsidl nfsio
13509 513257 0 0 3 0x14280 nfsidl nfsio
37108 473069 0 0 3 0x14280 nfsidl nfsio
56014 233220 0 0 3 0x14280 nfsidl nfsio
45660 394831 0 0 3 0x14280 nfsidl nfsio
51584 376172 0 0 3 0x14280 nfsidl nfsio
54495 471830 0 0 3 0x14280 nfsidl nfsio
78964 360597 0 0 3 0x14280 nfsidl nfsio
5924 180315 0 0 3 0x14280 nfsidl nfsio
4825 18002 0 0 3 0x14280 nfsidl nfsio
90074 476144 0 0 3 0x14280 nfsidl nfsio
56885 507184 0 0 3 0x14280 nfsidl nfsio
8369 309628 0 0 3 0x14280 nfsidl nfsio
25682 161735 0 0 3 0x14280 nfsidl nfsio
95115 395070 0 0 3 0x14280 nfsidl nfsio
*38239 28503 54878 0 7 0x2 syz-executor
6999 451196 1 0 3 0x100083 ttyopn getty
95211 324879 54878 0 2 0xc82 syz-executor
54878 199703 55222 0 3 0x82 kqread syz-executor
55222 114283 9939 0 3 0x10008a sigsusp ksh
9939 13822 16803 0 3 0x98 kqread sshd-session
16803 342028 96043 0 3 0x92 kqread sshd-session
96043 190107 1 0 3 0x88 kqread sshd
4724 374730 90634 74 3 0x1100092 bpf pflogd
90634 69645 1 0 3 0x80 sbwait pflogd
60649 367756 38223 73 3 0x1100090 kqread syslogd
38223 23085 1 0 3 0x100082 sbwait syslogd
38137 91821 1 0 3 0x100080 kqread resolvd
38647 126592 15557 77 3 0x100092 kqread dhcpleased
25229 439071 15557 77 3 0x100092 kqread dhcpleased
15557 124737 1 0 3 0x80 kqread dhcpleased
76597 269865 0 0 3 0x14200 bored smr
58089 214384 0 0 3 0x14200 pgzero zerothread
87981 159949 0 0 3 0x14200 aiodoned aiodoned
97502 451757 0 0 3 0x14200 syncer update
26357 436398 0 0 3 0x14200 cleaner cleaner
49205 5575 0 0 3 0x14200 reaper reaper
44738 303624 0 0 3 0x14200 pgdaemon pagedaemon
86251 129045 0 0 3 0x14200 bored viomb
20550 426785 0 0 3 0x40014200 acpi0 acpi0
84515 305210 0 0 3 0x40014200 idle1
26752 472648 0 0 3 0x14200 bored softnet1
9208 331391 0 0 3 0x14200 bored softnet0
55466 354334 0 0 3 0x14200 bored systqmp
77688 168831 0 0 3 0x14200 bored systq
7923 145723 0 0 3 0x14200 tmoslp softclockmp
95559 451799 0 0 3 0x40014200 tmoslp softclock
25448 480383 0 0 3 0x40014200 idle0
1 19003 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &diskp->dk_mtx r = 0 (0xffff8000001a10b0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 disk_busy+0x2e sys/kern/subr_disk.c:1232
#3 sdstart+0x486 sys/scsi/sd.c:676
#4 scsi_iopool_run+0x17d scsi_ioh_pending sys/scsi/scsi_base.c:-1 [inline]
#4 scsi_iopool_run+0x17d sys/scsi/scsi_base.c:423
#5 scsi_xsh_runqueue+0x39d sys/scsi/scsi_base.c:599
#6 scsi_xsh_add+0x10e sys/scsi/scsi_base.c:538
#7 sdstrategy+0x21b sys/scsi/sd.c:567
#8 spec_strategy+0x45 sys/kern/spec_vnops.c:448
#9 VOP_STRATEGY+0xca sys/kern/vfs_vops.c:639
#10 ufs_strategy+0x1f6 sys/ufs/ufs/ufs_vnops.c:-1
#11 VOP_STRATEGY+0xca sys/kern/vfs_vops.c:639
#12 bwrite+0x298 sys/kern/vfs_bio.c:745
#13 ffs2_balloc+0x18b4 sys/ufs/ffs/ffs_balloc.c:701
#14 ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345
#15 VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
#16 vn_write+0x1d3 sys/kern/vfs_vnops.c:408
#17 dofilewritev+0x242 sys/kern/sys_generic.c:380
#18 sys_write+0xa2 sys/kern/sys_generic.c:300
CPU 1:
exclusive mutex &uvm.pageqlock r = 0 (0xffffffff838e4d98)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 uvm_pageclean+0x29c sys/uvm/uvm_page.c:980
#3 uvm_pagefree+0x26 sys/uvm/uvm_page.c:1020
#4 uvm_anfree+0xe9 sys/uvm/uvm_anon.c:112
#5 amap_wiperange_chunk+0x1a6 sys/uvm/uvm_amap.c:-1
#6 amap_pp_adjref+0x6d0 sys/uvm/uvm_amap.c:-1
#7 amap_adjref_anons+0x22d sys/uvm/uvm_amap.c:1298
#8 uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
#9 uvm_map_teardown+0x360 sys/uvm/uvm_map.c:2525
#10 exit1+0x6fc sys/kern/kern_exit.c:260
#11 sys_exit+0x1a sys/kern/kern_exit.c:-1
#12 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#12 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
#13 Xsyscall+0x128
Process 28714 (syz-executor) thread 0xffff8000fffe34e8 (387380)
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10230 11132K 12479K 166960K 16605 0
pcb 17 16K 17K 166960K 792 0
rtable 258 13K 14K 166960K 1003 0
pf 42 19K 23K 166960K 332 0
ifaddr 45 8K 8K 166960K 212 0
ifgroup 63 2K 2K 166960K 350 0
sysctl 4 1K 9K 166960K 84 0
counters 74 37K 38K 166960K 400 0
ioctlops 0 0K 8K 166960K 2113 0
iov 1 8K 36K 166960K 178 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1520 96K 96K 166960K 4656 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 2K 14K 166960K 18 0
VM map 2 1K 1K 166960K 2 0
sem 24 136K 137K 166960K 40 0
dirhash 12 2K 2K 166960K 42 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 240K 166960K 2959 0
sigio 0 0K 0K 166960K 58 0
proc 74 115K 148K 166960K 1035 0
subproc 72 4K 4K 166960K 153 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 337 0
in_multi 86 6K 7K 166960K 321 0
ether_multi 1 0K 0K 166960K 33 0
mrt 1 0K 0K 166960K 28 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 115 519K 519K 166960K 115 0
exec 0 0K 1K 166960K 896 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 4 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 250 175K 203K 166960K 26785 0
UVM aobj 48 18K 18K 166960K 59 0
pinsyscall 42 84K 102K 166960K 4256 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 227 0
NDP 14 0K 2K 166960K 157 0
temp 80 8680K 8790K 166960K 116991 0
kqueue 13 20K 32K 166960K 479 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 188 0 185 1 0 1 1 0 8 0
rtentry 176 277 0 177 6 0 6 6 0 8 0
unpcb 144 1525 0 1505 11 7 4 4 0 8 3
syncache 336 12 0 12 4 3 1 1 0 8 1
tcpqe 32 3 0 3 2 1 1 1 0 8 1
tcpcb 736 711 0 701 9 7 2 4 0 8 1
arp 136 42 0 22 1 0 1 1 0 8 0
inpcb 328 3178 0 3163 31 21 10 12 0 8 8
nd6 152 63 0 39 2 0 2 2 0 8 0
pkpcb 40 13 0 13 5 4 1 1 0 8 1
kcovpl 48 17 0 9 1 0 1 1 0 8 0
mppekey 1024 2 0 2 2 1 1 1 0 8 1
ppxss 1192 129 0 129 3 2 1 1 0 8 1
pppxif 1504 17 0 17 5 4 1 1 0 8 1
pfstscr 40 6 0 5 1 0 1 1 0 8 0
pffrag 232 28 0 12 2 0 2 2 0 482 0
pffrnode 88 24 0 10 1 0 1 1 0 8 0
pffrent 40 54 0 37 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 189 0 78 1 0 1 1 0 8 0
pfstkey 128 203 0 88 5 0 5 5 0 8 0
pfstate 448 190 0 84 14 0 14 14 0 8 0
pfrule 1344 86 0 81 2 1 1 2 0 8 0
rttmr 136 7 0 7 3 2 1 1 0 8 1
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 1381 0 972 44 15 29 32 0 8 1
art_table 40 1383 0 972 6 0 6 6 0 8 0
art_node 32 276 0 190 1 0 1 1 0 8 0
sysvmsgpl 40 21 0 17 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 33 0 11 1 0 1 1 0 8 0
shmpl 112 45 0 7 2 0 2 2 0 8 0
dirhash 1024 37 0 20 3 0 3 3 0 8 0
dino2pl 256 6660 0 5135 96 0 96 96 0 8 0
ffsino 296 6660 0 5135 119 1 118 118 0 8 0
nchpl 144 10409 0 8685 65 0 65 65 0 8 0
rtmask 32 29 0 29 4 3 1 1 0 8 1
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 36050 0 36050 5 4 1 2 0 8 1
percpumem 16 215 0 163 1 0 1 1 0 8 0
vcpupl 3968 8 0 1 1 0 1 1 0 8 0
vmpool 848 11 0 4 1 0 1 1 0 8 0
kstatmem 264 236 0 202 5 2 3 3 0 8 0
scsiplug 72 12 0 12 4 4 0 1 0 8 0
scxspl 216 45365 0 45365 17 14 3 8 1 8 3
plimitpl 152 757 0 739 1 0 1 1 0 8 0
sigapl 424 3173 0 3104 9 1 8 8 0 8 0
knotepl 120 591 0 0 17 0 17 17 0 8 0
kqueuepl 224 1040 0 1030 13 11 2 5 0 8 1
pipepl 344 412 0 385 6 3 3 6 0 8 0
fdescpl 528 3132 0 3101 3 0 3 3 0 8 0
filepl 160 20548 0 20315 27 11 16 16 0 8 3
lockfpl 104 1124 0 1118 2 1 1 2 0 8 0
lockfspl 48 445 0 440 1 0 1 1 0 8 0
sessionpl 144 41 0 32 1 0 1 1 0 8 0
pgrppl 48 89 0 71 1 0 1 1 0 8 0
ucredpl 104 3328 0 3315 1 0 1 1 0 8 0
zombiepl 144 3293 0 3292 2 1 1 1 0 8 0
processpl 1232 3173 0 3104 6 0 6 6 0 8 0
procpl 664 7431 0 7354 8 0 8 8 0 8 0
sosppl 176 19 0 19 5 4 1 1 0 8 1
sockpl 752 4973 0 4935 49 37 12 19 0 8 8
mcl64k 65536 16 0 0 2 0 2 2 0 8 0
mcl16k 16384 12 0 0 2 0 2 2 0 8 0
mcl12k 12288 4 0 0 1 0 1 1 0 8 0
mcl9k 9216 3 0 0 1 0 1 1 0 8 0
mcl8k 8192 6 0 0 1 0 1 1 0 8 0
mcl4k 4096 118 0 0 15 0 15 15 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 97 0 0 10 0 10 10 0 8 0
mtagpl 96 153 0 0 4 0 4 4 0 8 0
mbufpl 256 325 0 0 20 0 20 20 0 8 0
bufpl 280 14440 0 8303 439 0 439 439 0 8 0
anonpl 32 10997 0 0 90 1 89 89 0 246 0
amapchunkpl 152 96444 0 95940 62 28 34 36 0 158 12
amappl16 200 8020 0 7765 77 51 26 26 0 8 0
amappl15 192 62 0 62 1 1 0 1 0 8 0
amappl14 184 12 0 12 1 1 0 1 0 8 0
amappl13 176 535 0 534 1 0 1 1 0 8 0
amappl12 168 3571 0 3529 3 0 3 3 0 8 0
amappl11 160 22 0 21 1 0 1 1 0 8 0
amappl10 152 45 0 31 1 0 1 1 0 8 0
amappl9 144 273 0 273 1 1 0 1 0 8 0
amappl8 136 43 0 40 1 0 1 1 0 8 0
amappl7 128 116 0 114 1 0 1 1 0 8 0
amappl6 120 397 0 383 1 0 1 1 0 8 0
amappl5 112 83 0 72 1 0 1 1 0 8 0
amappl4 104 551 0 520 1 0 1 1 0 8 0
amappl3 96 19177 0 19067 6 2 4 4 0 8 0
amappl2 88 689 0 629 2 0 2 2 0 8 0
amappl1 80 23336 0 22744 14 0 14 14 0 8 0
amappl 88 25447 0 25278 5 0 5 5 0 92 0
uvmvnodes 80 174 0 0 4 0 4 4 0 8 0
dma65536 65536 2 0 2 1 1 0 1 0 8 0
dma16384 16384 1 0 1 1 1 0 1 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 2 0 1 1 0 1 1 0 8 0
dma512 512 3 0 3 3 2 1 1 0 8 1
dma256 256 7 0 7 2 2 0 1 0 8 0
dma128 128 258 0 258 3 3 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 58 0 11 1 0 1 1 0 8 0
uaddrrnd 24 3132 0 3101 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 3132 0 3101 1 0 1 1 0 8 0
vmmpekpl 168 23313 0 23258 3 0 3 3 0 8 0
vmmpepl 168 200829 0 198658 134 28 106 106 0 357 0
vmsppl 488 3131 0 3100 5 0 5 5 0 8 1
rwobjpl 80 50289 0 48912 35 2 33 33 0 8 0
pdppl 4096 6293 0 6215 120 40 80 83 0 8 2
pvpl 32 19934 0 0 161 0 161 161 0 265 0
pmappl 256 3142 0 3104 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 361 0 77 9 0 9 9 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7237dcc69ac0, count: -1
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:682
acpitimer_delay(1) at acpitimer_delay+0xb7 acpitimer_read sys/dev/acpi/acpitimer.c:146 [inline]
acpitimer_delay(1) at acpitimer_delay+0xb7 sys/dev/acpi/acpitimer.c:120
comcnputc(800,79) at comcnputc+0x29b sys/dev/ic/com.c:1269
cnputc(79) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(79) at db_putchar+0x36d sys/ddb/db_output.c:155
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
db_printf(ffffffff833848e6) at db_printf+0x9b sys/kern/subr_prf.c:-1
panic(ffffffff833ad2e1) at panic+0x103 sys/kern/subr_prf.c:217
__assert(ffffffff833f03b9,ffffffff833e1c00,52e,ffffffff8340939f) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pagedequeue(fffffd8007e393b8) at uvm_pagedequeue+0x2dd sys/uvm/uvm_page.c:1324
uvm_pageclean(fffffd8007e393b8) at uvm_pageclean+0x2ad sys/uvm/uvm_page.c:981
end trace frame: 0xffff80002a337e10, count: 0
ddb{1}> trace
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:682
acpitimer_delay(1) at acpitimer_delay+0xb7 acpitimer_read sys/dev/acpi/acpitimer.c:146 [inline]
acpitimer_delay(1) at acpitimer_delay+0xb7 sys/dev/acpi/acpitimer.c:120
comcnputc(800,79) at comcnputc+0x29b sys/dev/ic/com.c:1269
cnputc(79) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(79) at db_putchar+0x36d sys/ddb/db_output.c:155
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
db_printf(ffffffff833848e6) at db_printf+0x9b sys/kern/subr_prf.c:-1
panic(ffffffff833ad2e1) at panic+0x103 sys/kern/subr_prf.c:217
__assert(ffffffff833f03b9,ffffffff833e1c00,52e,ffffffff8340939f) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pagedequeue(fffffd8007e393b8) at uvm_pagedequeue+0x2dd sys/uvm/uvm_page.c:1324
uvm_pageclean(fffffd8007e393b8) at uvm_pageclean+0x2ad sys/uvm/uvm_page.c:981
uvm_pagefree(fffffd8007e393b8) at uvm_pagefree+0x26 sys/uvm/uvm_page.c:1020
uvm_anfree(fffffd8068a61250) at uvm_anfree+0xe9 sys/uvm/uvm_anon.c:112
amap_wiperange_chunk(fffffd805cc97270,fffffd805cc972a0,0,4) at amap_wiperange_chunk+0x1a6 sys/uvm/uvm_amap.c:-1
amap_pp_adjref(fffffd805cc97270,0,4,ffffffff) at amap_pp_adjref+0x6d0 sys/uvm/uvm_amap.c:-1
amap_adjref_anons(fffffd805cc97270,0,4,ffffffff,0) at amap_adjref_anons+0x22d sys/uvm/uvm_amap.c:1298
uvm_unmap_detach(ffff80002a338090,0) at uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
uvm_map_teardown(fffffd806f78e5c0) at uvm_map_teardown+0x360 sys/uvm/uvm_map.c:2525
exit1(ffff80003c461cc0,0,0,1) at exit1+0x6fc sys/kern/kern_exit.c:260
sys_exit(ffff80003c461cc0,ffff80002a338260,ffff80002a3381b0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a338260) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a338260) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x73111d039d10, count: -25
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: d11ef3f2eb06 replace SRPs with SMRs for carp iface list ha..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14d63d92580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=beae8c85fac6090e135c
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2ae06efcd5aa/disk-d11ef3f2.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/4cc26937d629/bsd-d11ef3f2.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5e105dbf2941/kernel-d11ef3f2.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+beae8c...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "pg->wire_coWuAntR N=I=NG :0 "S PfLa iNlOeTd : fLOiWleER E"D/ sOyNz SkaYSlCleArLL/m a91na -g5e9r0s9/6m4u0l0t8i cEorXITe/ k0er n9e
l/syStopped at savectx+0xae: movl $0,%gs:0x688
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 28503 38239 0 0x2 0 0 syz-executor
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7237dcc69ac0, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu1: kernel diagnostic assertion "pg->wire_count == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 1326
ddb{0}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7237dcc69ac0, count: -1
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80003c4068d0
rbx 0
rdx 0
rcx 0xffff8000fffe9ca8
rax 0x3b
r8 0xffff80003c406800
r9 0xffff80003c4064c8
r10 0x30db80e4e27a77db
r11 0x852cd46419c4f576
r12 0
r13 0
r14 0xffff8000fffe9ca8
r15 0
rip 0xffffffff82bf03ee savectx+0xae
cs 0x8
rflags 0x46
rsp 0xffff80003c406850
ss 0x10
savectx+0xae: movl $0,%gs:0x688
ddb{0}> show proc
PROC (syz-executor) tid=28503 pid=38239 tcnt=1 stat=onproc
flags process=2<EXEC> proc=0
runpri=32, usrpri=86, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000fffe3cb0,0xffff8000ffffd240
process=0xffff8000fffe61d0 user=0xffff80003c401000, vmspace=0xfffffd806c962208
estcpu=36, cpticks=97, pctcpu=0.21, user=2, sys=74, intr=21
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
1095 60822 70695 0 3 0x80 fsleep syz-executor
1095 188877 70695 0 3 0x4000080 netcon syz-executor
50503 445748 38239 0 3 0x80 fsleep syz-executor
50503 139423 38239 0 3 0x4000080 kqsel syz-executor
34117 143797 95211 0 3 0x80 fsleep syz-executor
34117 120584 95211 0 3 0x4000080 ttyout syz-executor
34117 113672 95211 0 3 0x4000080 fsleep syz-executor
28714 510657 33952 0 3 0x80 fsleep syz-executor
28714 387380 33952 0 2 0x4000000 syz-executor
36049 480605 56275 0 3 0x80 fsleep syz-executor
36049 158470 56275 0 3 0x4000080 sbwait syz-executor
8209 12700 94164 0 3 0x80 fsleep syz-executor
8209 84225 94164 0 3 0x4000080 sbwait syz-executor
96240 182732 42973 0 3 0x80 fsleep syz-executor
96240 91236 42973 0 3 0x4000080 lockf syz-executor
35811 71502 0 0 3 0x14200 acct acct
38334 160029 54878 0 2 0xc82 syz-executor
33952 34518 54878 0 3 0x82 nanoslp syz-executor
42973 429816 54878 0 2 0xc82 syz-executor
94164 77515 54878 0 3 0x82 nanoslp syz-executor
56275 313731 54878 0 3 0x82 nanoslp syz-executor
70695 45761 54878 0 3 0x82 nanoslp syz-executor
13217 158413 0 0 3 0x14280 nfsidl nfsio
3947 149901 0 0 3 0x14280 nfsidl nfsio
5229 92205 0 0 3 0x14280 nfsidl nfsio
76306 237436 0 0 3 0x14280 nfsidl nfsio
76707 228254 0 0 3 0x14280 nfsidl nfsio
88560 125866 0 0 3 0x14280 nfsidl nfsio
13509 513257 0 0 3 0x14280 nfsidl nfsio
37108 473069 0 0 3 0x14280 nfsidl nfsio
56014 233220 0 0 3 0x14280 nfsidl nfsio
45660 394831 0 0 3 0x14280 nfsidl nfsio
51584 376172 0 0 3 0x14280 nfsidl nfsio
54495 471830 0 0 3 0x14280 nfsidl nfsio
78964 360597 0 0 3 0x14280 nfsidl nfsio
5924 180315 0 0 3 0x14280 nfsidl nfsio
4825 18002 0 0 3 0x14280 nfsidl nfsio
90074 476144 0 0 3 0x14280 nfsidl nfsio
56885 507184 0 0 3 0x14280 nfsidl nfsio
8369 309628 0 0 3 0x14280 nfsidl nfsio
25682 161735 0 0 3 0x14280 nfsidl nfsio
95115 395070 0 0 3 0x14280 nfsidl nfsio
*38239 28503 54878 0 7 0x2 syz-executor
6999 451196 1 0 3 0x100083 ttyopn getty
95211 324879 54878 0 2 0xc82 syz-executor
54878 199703 55222 0 3 0x82 kqread syz-executor
55222 114283 9939 0 3 0x10008a sigsusp ksh
9939 13822 16803 0 3 0x98 kqread sshd-session
16803 342028 96043 0 3 0x92 kqread sshd-session
96043 190107 1 0 3 0x88 kqread sshd
4724 374730 90634 74 3 0x1100092 bpf pflogd
90634 69645 1 0 3 0x80 sbwait pflogd
60649 367756 38223 73 3 0x1100090 kqread syslogd
38223 23085 1 0 3 0x100082 sbwait syslogd
38137 91821 1 0 3 0x100080 kqread resolvd
38647 126592 15557 77 3 0x100092 kqread dhcpleased
25229 439071 15557 77 3 0x100092 kqread dhcpleased
15557 124737 1 0 3 0x80 kqread dhcpleased
76597 269865 0 0 3 0x14200 bored smr
58089 214384 0 0 3 0x14200 pgzero zerothread
87981 159949 0 0 3 0x14200 aiodoned aiodoned
97502 451757 0 0 3 0x14200 syncer update
26357 436398 0 0 3 0x14200 cleaner cleaner
49205 5575 0 0 3 0x14200 reaper reaper
44738 303624 0 0 3 0x14200 pgdaemon pagedaemon
86251 129045 0 0 3 0x14200 bored viomb
20550 426785 0 0 3 0x40014200 acpi0 acpi0
84515 305210 0 0 3 0x40014200 idle1
26752 472648 0 0 3 0x14200 bored softnet1
9208 331391 0 0 3 0x14200 bored softnet0
55466 354334 0 0 3 0x14200 bored systqmp
77688 168831 0 0 3 0x14200 bored systq
7923 145723 0 0 3 0x14200 tmoslp softclockmp
95559 451799 0 0 3 0x40014200 tmoslp softclock
25448 480383 0 0 3 0x40014200 idle0
1 19003 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &diskp->dk_mtx r = 0 (0xffff8000001a10b0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 disk_busy+0x2e sys/kern/subr_disk.c:1232
#3 sdstart+0x486 sys/scsi/sd.c:676
#4 scsi_iopool_run+0x17d scsi_ioh_pending sys/scsi/scsi_base.c:-1 [inline]
#4 scsi_iopool_run+0x17d sys/scsi/scsi_base.c:423
#5 scsi_xsh_runqueue+0x39d sys/scsi/scsi_base.c:599
#6 scsi_xsh_add+0x10e sys/scsi/scsi_base.c:538
#7 sdstrategy+0x21b sys/scsi/sd.c:567
#8 spec_strategy+0x45 sys/kern/spec_vnops.c:448
#9 VOP_STRATEGY+0xca sys/kern/vfs_vops.c:639
#10 ufs_strategy+0x1f6 sys/ufs/ufs/ufs_vnops.c:-1
#11 VOP_STRATEGY+0xca sys/kern/vfs_vops.c:639
#12 bwrite+0x298 sys/kern/vfs_bio.c:745
#13 ffs2_balloc+0x18b4 sys/ufs/ffs/ffs_balloc.c:701
#14 ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345
#15 VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
#16 vn_write+0x1d3 sys/kern/vfs_vnops.c:408
#17 dofilewritev+0x242 sys/kern/sys_generic.c:380
#18 sys_write+0xa2 sys/kern/sys_generic.c:300
CPU 1:
exclusive mutex &uvm.pageqlock r = 0 (0xffffffff838e4d98)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 uvm_pageclean+0x29c sys/uvm/uvm_page.c:980
#3 uvm_pagefree+0x26 sys/uvm/uvm_page.c:1020
#4 uvm_anfree+0xe9 sys/uvm/uvm_anon.c:112
#5 amap_wiperange_chunk+0x1a6 sys/uvm/uvm_amap.c:-1
#6 amap_pp_adjref+0x6d0 sys/uvm/uvm_amap.c:-1
#7 amap_adjref_anons+0x22d sys/uvm/uvm_amap.c:1298
#8 uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
#9 uvm_map_teardown+0x360 sys/uvm/uvm_map.c:2525
#10 exit1+0x6fc sys/kern/kern_exit.c:260
#11 sys_exit+0x1a sys/kern/kern_exit.c:-1
#12 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#12 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
#13 Xsyscall+0x128
Process 28714 (syz-executor) thread 0xffff8000fffe34e8 (387380)
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10230 11132K 12479K 166960K 16605 0
pcb 17 16K 17K 166960K 792 0
rtable 258 13K 14K 166960K 1003 0
pf 42 19K 23K 166960K 332 0
ifaddr 45 8K 8K 166960K 212 0
ifgroup 63 2K 2K 166960K 350 0
sysctl 4 1K 9K 166960K 84 0
counters 74 37K 38K 166960K 400 0
ioctlops 0 0K 8K 166960K 2113 0
iov 1 8K 36K 166960K 178 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1520 96K 96K 166960K 4656 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 2K 14K 166960K 18 0
VM map 2 1K 1K 166960K 2 0
sem 24 136K 137K 166960K 40 0
dirhash 12 2K 2K 166960K 42 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 240K 166960K 2959 0
sigio 0 0K 0K 166960K 58 0
proc 74 115K 148K 166960K 1035 0
subproc 72 4K 4K 166960K 153 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 337 0
in_multi 86 6K 7K 166960K 321 0
ether_multi 1 0K 0K 166960K 33 0
mrt 1 0K 0K 166960K 28 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 115 519K 519K 166960K 115 0
exec 0 0K 1K 166960K 896 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 4 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 250 175K 203K 166960K 26785 0
UVM aobj 48 18K 18K 166960K 59 0
pinsyscall 42 84K 102K 166960K 4256 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 227 0
NDP 14 0K 2K 166960K 157 0
temp 80 8680K 8790K 166960K 116991 0
kqueue 13 20K 32K 166960K 479 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 188 0 185 1 0 1 1 0 8 0
rtentry 176 277 0 177 6 0 6 6 0 8 0
unpcb 144 1525 0 1505 11 7 4 4 0 8 3
syncache 336 12 0 12 4 3 1 1 0 8 1
tcpqe 32 3 0 3 2 1 1 1 0 8 1
tcpcb 736 711 0 701 9 7 2 4 0 8 1
arp 136 42 0 22 1 0 1 1 0 8 0
inpcb 328 3178 0 3163 31 21 10 12 0 8 8
nd6 152 63 0 39 2 0 2 2 0 8 0
pkpcb 40 13 0 13 5 4 1 1 0 8 1
kcovpl 48 17 0 9 1 0 1 1 0 8 0
mppekey 1024 2 0 2 2 1 1 1 0 8 1
ppxss 1192 129 0 129 3 2 1 1 0 8 1
pppxif 1504 17 0 17 5 4 1 1 0 8 1
pfstscr 40 6 0 5 1 0 1 1 0 8 0
pffrag 232 28 0 12 2 0 2 2 0 482 0
pffrnode 88 24 0 10 1 0 1 1 0 8 0
pffrent 40 54 0 37 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 189 0 78 1 0 1 1 0 8 0
pfstkey 128 203 0 88 5 0 5 5 0 8 0
pfstate 448 190 0 84 14 0 14 14 0 8 0
pfrule 1344 86 0 81 2 1 1 2 0 8 0
rttmr 136 7 0 7 3 2 1 1 0 8 1
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 1381 0 972 44 15 29 32 0 8 1
art_table 40 1383 0 972 6 0 6 6 0 8 0
art_node 32 276 0 190 1 0 1 1 0 8 0
sysvmsgpl 40 21 0 17 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 33 0 11 1 0 1 1 0 8 0
shmpl 112 45 0 7 2 0 2 2 0 8 0
dirhash 1024 37 0 20 3 0 3 3 0 8 0
dino2pl 256 6660 0 5135 96 0 96 96 0 8 0
ffsino 296 6660 0 5135 119 1 118 118 0 8 0
nchpl 144 10409 0 8685 65 0 65 65 0 8 0
rtmask 32 29 0 29 4 3 1 1 0 8 1
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 36050 0 36050 5 4 1 2 0 8 1
percpumem 16 215 0 163 1 0 1 1 0 8 0
vcpupl 3968 8 0 1 1 0 1 1 0 8 0
vmpool 848 11 0 4 1 0 1 1 0 8 0
kstatmem 264 236 0 202 5 2 3 3 0 8 0
scsiplug 72 12 0 12 4 4 0 1 0 8 0
scxspl 216 45365 0 45365 17 14 3 8 1 8 3
plimitpl 152 757 0 739 1 0 1 1 0 8 0
sigapl 424 3173 0 3104 9 1 8 8 0 8 0
knotepl 120 591 0 0 17 0 17 17 0 8 0
kqueuepl 224 1040 0 1030 13 11 2 5 0 8 1
pipepl 344 412 0 385 6 3 3 6 0 8 0
fdescpl 528 3132 0 3101 3 0 3 3 0 8 0
filepl 160 20548 0 20315 27 11 16 16 0 8 3
lockfpl 104 1124 0 1118 2 1 1 2 0 8 0
lockfspl 48 445 0 440 1 0 1 1 0 8 0
sessionpl 144 41 0 32 1 0 1 1 0 8 0
pgrppl 48 89 0 71 1 0 1 1 0 8 0
ucredpl 104 3328 0 3315 1 0 1 1 0 8 0
zombiepl 144 3293 0 3292 2 1 1 1 0 8 0
processpl 1232 3173 0 3104 6 0 6 6 0 8 0
procpl 664 7431 0 7354 8 0 8 8 0 8 0
sosppl 176 19 0 19 5 4 1 1 0 8 1
sockpl 752 4973 0 4935 49 37 12 19 0 8 8
mcl64k 65536 16 0 0 2 0 2 2 0 8 0
mcl16k 16384 12 0 0 2 0 2 2 0 8 0
mcl12k 12288 4 0 0 1 0 1 1 0 8 0
mcl9k 9216 3 0 0 1 0 1 1 0 8 0
mcl8k 8192 6 0 0 1 0 1 1 0 8 0
mcl4k 4096 118 0 0 15 0 15 15 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 97 0 0 10 0 10 10 0 8 0
mtagpl 96 153 0 0 4 0 4 4 0 8 0
mbufpl 256 325 0 0 20 0 20 20 0 8 0
bufpl 280 14440 0 8303 439 0 439 439 0 8 0
anonpl 32 10997 0 0 90 1 89 89 0 246 0
amapchunkpl 152 96444 0 95940 62 28 34 36 0 158 12
amappl16 200 8020 0 7765 77 51 26 26 0 8 0
amappl15 192 62 0 62 1 1 0 1 0 8 0
amappl14 184 12 0 12 1 1 0 1 0 8 0
amappl13 176 535 0 534 1 0 1 1 0 8 0
amappl12 168 3571 0 3529 3 0 3 3 0 8 0
amappl11 160 22 0 21 1 0 1 1 0 8 0
amappl10 152 45 0 31 1 0 1 1 0 8 0
amappl9 144 273 0 273 1 1 0 1 0 8 0
amappl8 136 43 0 40 1 0 1 1 0 8 0
amappl7 128 116 0 114 1 0 1 1 0 8 0
amappl6 120 397 0 383 1 0 1 1 0 8 0
amappl5 112 83 0 72 1 0 1 1 0 8 0
amappl4 104 551 0 520 1 0 1 1 0 8 0
amappl3 96 19177 0 19067 6 2 4 4 0 8 0
amappl2 88 689 0 629 2 0 2 2 0 8 0
amappl1 80 23336 0 22744 14 0 14 14 0 8 0
amappl 88 25447 0 25278 5 0 5 5 0 92 0
uvmvnodes 80 174 0 0 4 0 4 4 0 8 0
dma65536 65536 2 0 2 1 1 0 1 0 8 0
dma16384 16384 1 0 1 1 1 0 1 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 2 0 1 1 0 1 1 0 8 0
dma512 512 3 0 3 3 2 1 1 0 8 1
dma256 256 7 0 7 2 2 0 1 0 8 0
dma128 128 258 0 258 3 3 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 58 0 11 1 0 1 1 0 8 0
uaddrrnd 24 3132 0 3101 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 3132 0 3101 1 0 1 1 0 8 0
vmmpekpl 168 23313 0 23258 3 0 3 3 0 8 0
vmmpepl 168 200829 0 198658 134 28 106 106 0 357 0
vmsppl 488 3131 0 3100 5 0 5 5 0 8 1
rwobjpl 80 50289 0 48912 35 2 33 33 0 8 0
pdppl 4096 6293 0 6215 120 40 80 83 0 8 2
pvpl 32 19934 0 0 161 0 161 161 0 265 0
pmappl 256 3142 0 3104 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 361 0 77 9 0 9 9 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7237dcc69ac0, count: -1
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:682
acpitimer_delay(1) at acpitimer_delay+0xb7 acpitimer_read sys/dev/acpi/acpitimer.c:146 [inline]
acpitimer_delay(1) at acpitimer_delay+0xb7 sys/dev/acpi/acpitimer.c:120
comcnputc(800,79) at comcnputc+0x29b sys/dev/ic/com.c:1269
cnputc(79) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(79) at db_putchar+0x36d sys/ddb/db_output.c:155
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
db_printf(ffffffff833848e6) at db_printf+0x9b sys/kern/subr_prf.c:-1
panic(ffffffff833ad2e1) at panic+0x103 sys/kern/subr_prf.c:217
__assert(ffffffff833f03b9,ffffffff833e1c00,52e,ffffffff8340939f) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pagedequeue(fffffd8007e393b8) at uvm_pagedequeue+0x2dd sys/uvm/uvm_page.c:1324
uvm_pageclean(fffffd8007e393b8) at uvm_pageclean+0x2ad sys/uvm/uvm_page.c:981
end trace frame: 0xffff80002a337e10, count: 0
ddb{1}> trace
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:682
acpitimer_delay(1) at acpitimer_delay+0xb7 acpitimer_read sys/dev/acpi/acpitimer.c:146 [inline]
acpitimer_delay(1) at acpitimer_delay+0xb7 sys/dev/acpi/acpitimer.c:120
comcnputc(800,79) at comcnputc+0x29b sys/dev/ic/com.c:1269
cnputc(79) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(79) at db_putchar+0x36d sys/ddb/db_output.c:155
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
db_printf(ffffffff833848e6) at db_printf+0x9b sys/kern/subr_prf.c:-1
panic(ffffffff833ad2e1) at panic+0x103 sys/kern/subr_prf.c:217
__assert(ffffffff833f03b9,ffffffff833e1c00,52e,ffffffff8340939f) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pagedequeue(fffffd8007e393b8) at uvm_pagedequeue+0x2dd sys/uvm/uvm_page.c:1324
uvm_pageclean(fffffd8007e393b8) at uvm_pageclean+0x2ad sys/uvm/uvm_page.c:981
uvm_pagefree(fffffd8007e393b8) at uvm_pagefree+0x26 sys/uvm/uvm_page.c:1020
uvm_anfree(fffffd8068a61250) at uvm_anfree+0xe9 sys/uvm/uvm_anon.c:112
amap_wiperange_chunk(fffffd805cc97270,fffffd805cc972a0,0,4) at amap_wiperange_chunk+0x1a6 sys/uvm/uvm_amap.c:-1
amap_pp_adjref(fffffd805cc97270,0,4,ffffffff) at amap_pp_adjref+0x6d0 sys/uvm/uvm_amap.c:-1
amap_adjref_anons(fffffd805cc97270,0,4,ffffffff,0) at amap_adjref_anons+0x22d sys/uvm/uvm_amap.c:1298
uvm_unmap_detach(ffff80002a338090,0) at uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
uvm_map_teardown(fffffd806f78e5c0) at uvm_map_teardown+0x360 sys/uvm/uvm_map.c:2525
exit1(ffff80003c461cc0,0,0,1) at exit1+0x6fc sys/kern/kern_exit.c:260
sys_exit(ffff80003c461cc0,ffff80002a338260,ffff80002a3381b0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a338260) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a338260) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x73111d039d10, count: -25
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages