panic: kernel diagnostic assertion "pg->wire_count != NUM" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_p
0 views
Skip to first unread message
syzbot
Jan 6, 2026, 8:15:24 AM (6 days ago) Jan 6
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 4459f914e6b0 Do not log theme if pane is NULL.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=105e4922580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=484d1d3ec128e70ffa31
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/6c2d557e3459/disk-4459f914.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/4be10fc7b7dc/bsd-4459f914.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/198bf11806b8/kernel-4459f914.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+484d1d...@syzkaller.appspotmail.com
panic: WkAeRrNnINeG: l SPdiL agNOnTo sLtOWicER aEDs OsNe rStYioSnC AL"Lp g-0> w0 iErXe_IcTo u0n ta
!= Stopped at savectx+0xae: movl $0,%gs:0x688
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*282195 97509 0 0x2 0 0 syz-executor
savectx() at savectx+0xae
end trace frame: 0x0, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu1: kernel diagnostic assertion "pg->wire_count != 0" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_page.c", line 1250
ddb{0}> trace
savectx() at savectx+0xae
end trace frame: 0x0, count: -1
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80002a320cf0
rbx 0
rdx 0
rcx 0xffff80002a263c98
rax 0x31
r8 0xffff80002a320c20
r9 0x81714 acpi_pdirpa+0x6d585
r10 0xdcbd5b84d1aa1275
r11 0x9550c34d9b059a68
r12 0
r13 0
r14 0xffff80002a263c98
r15 0
rip 0xffffffff8117f3ee savectx+0xae
cs 0x8
rflags 0x46
rsp 0xffff80002a320c70
ss 0x10
savectx+0xae: movl $0,%gs:0x688
ddb{0}> show proc
PROC (syz-executor) tid=282195 pid=97509 tcnt=1 stat=onproc
flags process=2<EXEC> proc=0
runpri=50, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003a3efa18,0xffffffff838da008
process=0xffff80003bc0dd00 user=0xffff80002a31b000, vmspace=0xfffffd800d79d5e0
estcpu=26, cpticks=1, pctcpu=0.0, user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*97509 282195 20093 0 7 0x2 syz-executor
95892 289585 48062 32767 2 0xc90 syz-executor
95892 370011 48062 32767 3 0x4000090 msgwait syz-executor
95892 307717 48062 32767 3 0x4000090 msgwait syz-executor
95892 49645 48062 32767 3 0x4000090 fsleep syz-executor
95092 449882 90690 0 3 0x100082 sbwait arp
90690 482209 9386 0 3 0x10008a sigsusp sh
48062 134290 39586 32767 3 0x90 nanoslp syz-executor
81707 271769 15677 32767 2 0x10 syz-executor
89836 291491 73395 32767 3 0x90 nanoslp syz-executor
19010 117100 68008 32767 2 0x90 syz-executor
75025 46678 82768 32767 2 0x10 syz-executor
9386 67681 24000 0 3 0x80 wait syz-executor
82768 472546 20093 0 3 0x82 wait syz-executor
68008 322467 20093 0 3 0x82 wait syz-executor
15677 475556 20093 0 3 0x82 wait syz-executor
39586 452111 20093 0 3 0x82 wait syz-executor
24000 500932 20093 0 3 0x82 wait syz-executor
73395 455818 20093 0 3 0x82 wait syz-executor
20093 309121 92543 0 3 0x82 nanoslp syz-executor
92543 158484 54893 0 3 0x10008a sigsusp ksh
54893 356165 35752 0 3 0x98 kqread sshd-session
35752 393176 9448 0 3 0x92 kqread sshd-session
77820 212070 1 0 3 0x100083 ttyin getty
9448 262618 1 0 3 0x88 kqread sshd
16009 314530 24693 73 3 0x1100090 kqread syslogd
24693 56834 1 0 3 0x100082 sbwait syslogd
85033 39347 1 0 3 0x100080 kqread resolvd
8556 447079 16083 77 3 0x100092 kqread dhcpleased
10415 470565 16083 77 3 0x100092 kqread dhcpleased
16083 409563 1 0 3 0x80 kqread dhcpleased
90786 454192 0 0 3 0x14200 bored smr
81773 460882 0 0 2 0x14200 zerothread
74689 426272 0 0 3 0x14200 aiodoned aiodoned
69133 504015 0 0 3 0x14200 syncer update
71549 145257 0 0 3 0x14200 cleaner cleaner
92324 449694 0 0 3 0x14200 reaper reaper
25992 342470 0 0 3 0x14200 pgdaemon pagedaemon
73813 435155 0 0 3 0x14200 bored viomb
82412 338830 0 0 3 0x40014200 acpi0 acpi0
98922 456270 0 0 3 0x40014200 idle1
68407 23658 0 0 3 0x14200 bored softnet1
45985 195167 0 0 2 0x14200 softnet0
7311 387592 0 0 3 0x14200 bored systqmp
94941 384318 0 0 3 0x14200 bored systq
94456 415623 0 0 3 0x14200 tmoslp softclockmp
93365 190668 0 0 3 0x40014200 tmoslp softclock
37222 156306 0 0 3 0x40014200 idle0
1 289400 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff83999c70)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 uvm_pmr_freepages+0x1a8 sys/uvm/uvm_pmemrange.c:-1
#3 uvm_anfree+0xe9 sys/uvm/uvm_anon.c:112
#4 amap_wipeout+0x246 sys/uvm/uvm_amap.c:-1
#5 uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
#6 uvmspace_exec+0x3b7 sys/uvm/uvm_map.c:3398
#7 sys_execve+0xc31 sys/kern/kern_exec.c:453
#8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
#9 Xsyscall+0x128
Process 97509 (syz-executor) thread 0xffff80002a263c98 (282195)
exclusive rwlock amaplk r = 0 (0xfffffd806dac7b88)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 amap_unref+0x3d sys/uvm/uvm_amap.c:1329
#3 uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
#4 uvmspace_exec+0x3b7 sys/uvm/uvm_map.c:3398
#5 sys_execve+0xc31 sys/kern/kern_exec.c:453
#6 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
#7 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83a106c8)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline]
#1 syscall+0xaf4 sys/arch/amd64/amd64/trap.c:775
#2 Xsyscall+0x128
exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff83999c70)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 uvm_pmr_freepages+0x1a8 sys/uvm/uvm_pmemrange.c:-1
#3 uvm_anfree+0xe9 sys/uvm/uvm_anon.c:112
#4 amap_wipeout+0x246 sys/uvm/uvm_amap.c:-1
#5 uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
#6 uvmspace_exec+0x3b7 sys/uvm/uvm_map.c:3398
#7 sys_execve+0xc31 sys/kern/kern_exec.c:453
#8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
#9 Xsyscall+0x128
Process 75025 (syz-executor) thread 0xffff8000fffee018 (46678)
exclusive rrwlock inode r = 0 (0xfffffd80681c27c8)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4 ufs_ihashins+0x4f ufs_ihash sys/ufs/ufs/ufs_ihash.c:-1 [inline]
#4 ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:159
#5 ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1232
#6 ffs_inode_alloc+0x279 sys/ufs/ffs/ffs_alloc.c:393
#7 ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112
#8 VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394
#9 domkdirat+0x179 sys/kern/vfs_syscalls.c:3113
#10 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#10 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd807a305698)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570
#5 vfs_lookup+0x11c sys/kern/vfs_lookup.c:-1
#6 namei+0x7ca sys/kern/vfs_lookup.c:250
#7 domkdirat+0x8b sys/kern/vfs_syscalls.c:3098
#8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
#9 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11046 12014K 12034K 166960K 12143 0
pcb 17 12K 12K 166960K 17 0
rtable 181 5K 6K 166960K 347 0
pf 27 16K 16K 166960K 31 0
ifaddr 32 5K 7K 166960K 42 0
ifgroup 42 1K 2K 166960K 50 0
sysctl 3 1K 9K 166960K 8 0
counters 66 36K 37K 166960K 70 0
ioctlops 0 0K 2K 166960K 29 0
iov 0 0K 24K 166960K 19 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1336 84K 84K 166960K 1559 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 11 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 22 0
dirhash 12 2K 2K 166960K 24 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 62K 125K 166960K 455 0
sigio 0 0K 0K 166960K 6 0
proc 58 99K 180K 166960K 506 0
subproc 54 3K 4K 166960K 225 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 88 0
in_multi 67 5K 6K 166960K 94 0
ether_multi 1 0K 0K 166960K 2 0
mrt 1 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 73 334K 334K 166960K 73 0
exec 0 0K 1K 166960K 384 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 212 146K 180K 166960K 5797 0
UVM aobj 13 2K 3K 166960K 17 0
pinsyscall 40 80K 116K 166960K 1526 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 16 0
NDP 9 0K 1K 166960K 25 0
temp 43 8673K 8738K 166960K 5244 0
kqueue 13 20K 28K 166960K 63 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 62 0 58 1 0 1 1 0 8 0
rtentry 176 108 0 26 5 0 5 5 0 8 0
unpcb 144 359 0 344 4 0 4 4 0 8 3
syncache 336 12 0 12 1 0 1 1 0 8 1
tcpqe 32 2 0 2 1 0 1 1 0 8 1
tcpcb 736 181 0 175 5 0 5 5 0 8 3
arp 136 17 0 4 1 0 1 1 0 8 0
ipq 40 5 0 0 1 0 1 1 0 8 0
ipqe 40 7 0 1 1 0 1 1 0 8 0
inpcb 328 350 0 341 5 0 5 5 0 8 3
nd6 152 26 0 9 1 0 1 1 0 8 0
kcovpl 48 25 0 19 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 421 0 94 27 0 27 27 0 8 4
art_table 40 422 0 94 5 0 5 5 0 8 0
art_node 32 108 0 33 1 0 1 1 0 8 0
sysvmsgpl 40 12 0 9 1 0 1 1 0 8 0
semapl 112 17 0 7 1 0 1 1 0 8 0
shmpl 112 14 0 4 1 0 1 1 0 8 0
dirhash 1024 25 0 8 3 0 3 3 0 8 0
dino2pl 256 1999 0 470 96 0 96 96 0 8 0
ffsino 296 1999 0 470 118 0 118 118 0 8 0
nchpl 144 2542 0 840 64 0 64 64 0 8 0
vnodes 216 2233 0 0 125 0 125 125 0 8 0
namei 1024 7997 0 7996 1 0 1 1 0 8 0
percpumem 16 50 0 2 1 0 1 1 0 8 0
kstatmem 264 24 0 4 2 0 2 2 0 8 0
scxspl 216 8460 0 8460 11 3 8 8 1 8 8
plimitpl 152 246 0 225 2 0 2 2 0 8 1
sigapl 424 709 0 662 7 0 7 7 0 8 0
knotepl 120 284 0 0 9 0 9 9 0 8 0
kqueuepl 224 87 0 78 2 0 2 2 0 8 1
pipepl 344 192 0 165 4 0 4 4 0 8 0
fdescpl 528 693 0 663 4 0 4 4 0 8 1
filepl 160 3524 0 3342 16 0 16 16 0 8 7
lockfpl 104 91 0 89 1 0 1 1 0 8 0
lockfspl 48 34 0 32 1 0 1 1 0 8 0
sessionpl 144 46 0 32 1 0 1 1 0 8 0
pgrppl 48 76 0 55 1 0 1 1 0 8 0
ucredpl 104 540 0 524 1 0 1 1 0 8 0
zombiepl 144 663 0 662 1 0 1 1 0 8 0
processpl 1232 709 0 662 5 0 5 5 0 8 0
procpl 664 1160 0 1110 7 0 7 7 0 8 1
sosppl 176 4 0 4 1 0 1 1 0 8 1
sockpl 752 775 0 747 12 1 11 12 0 8 7
mcl64k 65536 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 114 0 0 15 0 15 15 0 8 0
mcl2k 2048 39 0 0 5 0 5 5 0 8 0
mtagpl 96 3 0 0 1 0 1 1 0 8 0
mbufpl 256 1211 0 0 76 0 76 76 0 8 0
bufpl 280 4993 0 119 349 0 349 349 0 8 0
anonpl 32 9401 0 0 76 0 76 76 0 246 0
amapchunkpl 152 32796 0 32134 42 0 42 42 0 158 12
amappl16 200 2921 0 2902 16 4 12 14 0 8 8
amappl15 192 3 0 3 1 1 0 1 0 8 0
amappl14 184 6 0 6 2 1 1 1 0 8 1
amappl13 176 398 0 396 1 0 1 1 0 8 0
amappl12 168 1043 0 1004 3 0 3 3 0 8 0
amappl11 160 4 0 4 1 1 0 1 0 8 0
amappl10 152 45 0 35 1 0 1 1 0 8 0
amappl9 144 249 0 249 1 1 0 1 0 8 0
amappl8 136 22 0 21 1 0 1 1 0 8 0
amappl7 128 70 0 69 1 0 1 1 0 8 0
amappl6 120 270 0 257 1 0 1 1 0 8 0
amappl5 112 82 0 75 1 0 1 1 0 8 0
amappl4 104 512 0 485 1 0 1 1 0 8 0
amappl3 96 2760 0 2684 3 0 3 3 0 8 0
amappl2 88 871 0 800 3 0 3 3 0 8 1
amappl1 80 12012 0 11464 15 0 15 15 0 8 0
amappl 88 5013 0 4874 5 0 5 5 0 92 0
uvmvnodes 80 118 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 16 0 4 1 0 1 1 0 8 0
uaddrrnd 24 693 0 662 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 693 0 662 1 0 1 1 0 8 0
vmmpekpl 168 8414 0 8355 3 0 3 3 0 8 0
vmmpepl 168 54934 0 53207 105 0 105 105 0 357 12
vmsppl 488 692 0 662 7 1 6 6 0 8 0
rwobjpl 80 18977 0 18043 26 0 26 26 0 8 1
pdppl 4096 1394 0 1324 112 30 82 98 0 8 12
pvpl 32 27584 0 0 223 0 223 223 0 265 0
pmappl 256 692 0 662 4 1 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 351 0 33 10 0 10 10 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
savectx() at savectx+0xae
end trace frame: 0x0, count: -1
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:670
comcnputc(800,20) at comcnputc+0x250 comcn_read_reg sys/dev/ic/com.c:1655 [inline]
comcnputc(800,20) at comcnputc+0x250 sys/dev/ic/com.c:1269
cnputc(20) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(30) at db_putchar+0x126 db_force_whitespace sys/ddb/db_output.c:102 [inline]
db_putchar(30) at db_putchar+0x126 sys/ddb/db_output.c:153
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
db_printf(ffffffff8338ef81) at db_printf+0x9b sys/kern/subr_prf.c:-1
panic(ffffffff833b6ae5) at panic+0x103 sys/kern/subr_prf.c:217
__assert(ffffffff833f33db,ffffffff8334251b,4e2,ffffffff83342550) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pageunwire(fffffd8008b9b550) at uvm_pageunwire+0x17d sys/uvm/uvm_page.c:1249
uvm_fault_unwire_locked(fffffd806cb14ba0,cce7d411000,cce7d810000) at uvm_fault_unwire_locked+0x33a sys/uvm/uvm_fault.c:1790
uvm_unmap_kill_entry_withlock(fffffd806cb14ba0,fffffd806d1cbe08,0) at uvm_unmap_kill_entry_withlock+0x81 sys/uvm/uvm_map.c:1860
end trace frame: 0xffff80003bc0a330, count: 0
ddb{1}> trace
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:670
comcnputc(800,20) at comcnputc+0x250 comcn_read_reg sys/dev/ic/com.c:1655 [inline]
comcnputc(800,20) at comcnputc+0x250 sys/dev/ic/com.c:1269
cnputc(20) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(30) at db_putchar+0x126 db_force_whitespace sys/ddb/db_output.c:102 [inline]
db_putchar(30) at db_putchar+0x126 sys/ddb/db_output.c:153
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
db_printf(ffffffff8338ef81) at db_printf+0x9b sys/kern/subr_prf.c:-1
panic(ffffffff833b6ae5) at panic+0x103 sys/kern/subr_prf.c:217
__assert(ffffffff833f33db,ffffffff8334251b,4e2,ffffffff83342550) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pageunwire(fffffd8008b9b550) at uvm_pageunwire+0x17d sys/uvm/uvm_page.c:1249
uvm_fault_unwire_locked(fffffd806cb14ba0,cce7d411000,cce7d810000) at uvm_fault_unwire_locked+0x33a sys/uvm/uvm_fault.c:1790
uvm_unmap_kill_entry_withlock(fffffd806cb14ba0,fffffd806d1cbe08,0) at uvm_unmap_kill_entry_withlock+0x81 sys/uvm/uvm_map.c:1860
uvm_map_teardown(fffffd806cb14ba0) at uvm_map_teardown+0x117 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:-1 [inline]
uvm_map_teardown(fffffd806cb14ba0) at uvm_map_teardown+0x117 sys/uvm/uvm_map.c:2491
exit1(ffff8000fffe6550,0,0,1) at exit1+0x6fc sys/kern/kern_exit.c:260
sys_exit(ffff8000fffe6550,ffff80003bc0a4c0,ffff80003bc0a410) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80003bc0a4c0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003bc0a4c0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7af56fdaf060, count: -19
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 4459f914e6b0 Do not log theme if pane is NULL.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=105e4922580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=484d1d3ec128e70ffa31
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/6c2d557e3459/disk-4459f914.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/4be10fc7b7dc/bsd-4459f914.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/198bf11806b8/kernel-4459f914.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+484d1d...@syzkaller.appspotmail.com
panic: WkAeRrNnINeG: l SPdiL agNOnTo sLtOWicER aEDs OsNe rStYioSnC AL"Lp g-0> w0 iErXe_IcTo u0n ta
!= Stopped at savectx+0xae: movl $0,%gs:0x688
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*282195 97509 0 0x2 0 0 syz-executor
savectx() at savectx+0xae
end trace frame: 0x0, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu1: kernel diagnostic assertion "pg->wire_count != 0" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_page.c", line 1250
ddb{0}> trace
savectx() at savectx+0xae
end trace frame: 0x0, count: -1
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80002a320cf0
rbx 0
rdx 0
rcx 0xffff80002a263c98
rax 0x31
r8 0xffff80002a320c20
r9 0x81714 acpi_pdirpa+0x6d585
r10 0xdcbd5b84d1aa1275
r11 0x9550c34d9b059a68
r12 0
r13 0
r14 0xffff80002a263c98
r15 0
rip 0xffffffff8117f3ee savectx+0xae
cs 0x8
rflags 0x46
rsp 0xffff80002a320c70
ss 0x10
savectx+0xae: movl $0,%gs:0x688
ddb{0}> show proc
PROC (syz-executor) tid=282195 pid=97509 tcnt=1 stat=onproc
flags process=2<EXEC> proc=0
runpri=50, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003a3efa18,0xffffffff838da008
process=0xffff80003bc0dd00 user=0xffff80002a31b000, vmspace=0xfffffd800d79d5e0
estcpu=26, cpticks=1, pctcpu=0.0, user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*97509 282195 20093 0 7 0x2 syz-executor
95892 289585 48062 32767 2 0xc90 syz-executor
95892 370011 48062 32767 3 0x4000090 msgwait syz-executor
95892 307717 48062 32767 3 0x4000090 msgwait syz-executor
95892 49645 48062 32767 3 0x4000090 fsleep syz-executor
95092 449882 90690 0 3 0x100082 sbwait arp
90690 482209 9386 0 3 0x10008a sigsusp sh
48062 134290 39586 32767 3 0x90 nanoslp syz-executor
81707 271769 15677 32767 2 0x10 syz-executor
89836 291491 73395 32767 3 0x90 nanoslp syz-executor
19010 117100 68008 32767 2 0x90 syz-executor
75025 46678 82768 32767 2 0x10 syz-executor
9386 67681 24000 0 3 0x80 wait syz-executor
82768 472546 20093 0 3 0x82 wait syz-executor
68008 322467 20093 0 3 0x82 wait syz-executor
15677 475556 20093 0 3 0x82 wait syz-executor
39586 452111 20093 0 3 0x82 wait syz-executor
24000 500932 20093 0 3 0x82 wait syz-executor
73395 455818 20093 0 3 0x82 wait syz-executor
20093 309121 92543 0 3 0x82 nanoslp syz-executor
92543 158484 54893 0 3 0x10008a sigsusp ksh
54893 356165 35752 0 3 0x98 kqread sshd-session
35752 393176 9448 0 3 0x92 kqread sshd-session
77820 212070 1 0 3 0x100083 ttyin getty
9448 262618 1 0 3 0x88 kqread sshd
16009 314530 24693 73 3 0x1100090 kqread syslogd
24693 56834 1 0 3 0x100082 sbwait syslogd
85033 39347 1 0 3 0x100080 kqread resolvd
8556 447079 16083 77 3 0x100092 kqread dhcpleased
10415 470565 16083 77 3 0x100092 kqread dhcpleased
16083 409563 1 0 3 0x80 kqread dhcpleased
90786 454192 0 0 3 0x14200 bored smr
81773 460882 0 0 2 0x14200 zerothread
74689 426272 0 0 3 0x14200 aiodoned aiodoned
69133 504015 0 0 3 0x14200 syncer update
71549 145257 0 0 3 0x14200 cleaner cleaner
92324 449694 0 0 3 0x14200 reaper reaper
25992 342470 0 0 3 0x14200 pgdaemon pagedaemon
73813 435155 0 0 3 0x14200 bored viomb
82412 338830 0 0 3 0x40014200 acpi0 acpi0
98922 456270 0 0 3 0x40014200 idle1
68407 23658 0 0 3 0x14200 bored softnet1
45985 195167 0 0 2 0x14200 softnet0
7311 387592 0 0 3 0x14200 bored systqmp
94941 384318 0 0 3 0x14200 bored systq
94456 415623 0 0 3 0x14200 tmoslp softclockmp
93365 190668 0 0 3 0x40014200 tmoslp softclock
37222 156306 0 0 3 0x40014200 idle0
1 289400 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff83999c70)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 uvm_pmr_freepages+0x1a8 sys/uvm/uvm_pmemrange.c:-1
#3 uvm_anfree+0xe9 sys/uvm/uvm_anon.c:112
#4 amap_wipeout+0x246 sys/uvm/uvm_amap.c:-1
#5 uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
#6 uvmspace_exec+0x3b7 sys/uvm/uvm_map.c:3398
#7 sys_execve+0xc31 sys/kern/kern_exec.c:453
#8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
#9 Xsyscall+0x128
Process 97509 (syz-executor) thread 0xffff80002a263c98 (282195)
exclusive rwlock amaplk r = 0 (0xfffffd806dac7b88)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 amap_unref+0x3d sys/uvm/uvm_amap.c:1329
#3 uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
#4 uvmspace_exec+0x3b7 sys/uvm/uvm_map.c:3398
#5 sys_execve+0xc31 sys/kern/kern_exec.c:453
#6 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
#7 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83a106c8)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 syscall+0xaf4 mi_syscall sys/sys/syscall_mi.h:175 [inline]
#1 syscall+0xaf4 sys/arch/amd64/amd64/trap.c:775
#2 Xsyscall+0x128
exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff83999c70)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 uvm_pmr_freepages+0x1a8 sys/uvm/uvm_pmemrange.c:-1
#3 uvm_anfree+0xe9 sys/uvm/uvm_anon.c:112
#4 amap_wipeout+0x246 sys/uvm/uvm_amap.c:-1
#5 uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
#6 uvmspace_exec+0x3b7 sys/uvm/uvm_map.c:3398
#7 sys_execve+0xc31 sys/kern/kern_exec.c:453
#8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
#9 Xsyscall+0x128
Process 75025 (syz-executor) thread 0xffff8000fffee018 (46678)
exclusive rrwlock inode r = 0 (0xfffffd80681c27c8)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4 ufs_ihashins+0x4f ufs_ihash sys/ufs/ufs/ufs_ihash.c:-1 [inline]
#4 ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:159
#5 ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1232
#6 ffs_inode_alloc+0x279 sys/ufs/ffs/ffs_alloc.c:393
#7 ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112
#8 VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394
#9 domkdirat+0x179 sys/kern/vfs_syscalls.c:3113
#10 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#10 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd807a305698)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570
#5 vfs_lookup+0x11c sys/kern/vfs_lookup.c:-1
#6 namei+0x7ca sys/kern/vfs_lookup.c:250
#7 domkdirat+0x8b sys/kern/vfs_syscalls.c:3098
#8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
#9 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11046 12014K 12034K 166960K 12143 0
pcb 17 12K 12K 166960K 17 0
rtable 181 5K 6K 166960K 347 0
pf 27 16K 16K 166960K 31 0
ifaddr 32 5K 7K 166960K 42 0
ifgroup 42 1K 2K 166960K 50 0
sysctl 3 1K 9K 166960K 8 0
counters 66 36K 37K 166960K 70 0
ioctlops 0 0K 2K 166960K 29 0
iov 0 0K 24K 166960K 19 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1336 84K 84K 166960K 1559 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 11 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 22 0
dirhash 12 2K 2K 166960K 24 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 62K 125K 166960K 455 0
sigio 0 0K 0K 166960K 6 0
proc 58 99K 180K 166960K 506 0
subproc 54 3K 4K 166960K 225 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 88 0
in_multi 67 5K 6K 166960K 94 0
ether_multi 1 0K 0K 166960K 2 0
mrt 1 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 73 334K 334K 166960K 73 0
exec 0 0K 1K 166960K 384 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 212 146K 180K 166960K 5797 0
UVM aobj 13 2K 3K 166960K 17 0
pinsyscall 40 80K 116K 166960K 1526 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 16 0
NDP 9 0K 1K 166960K 25 0
temp 43 8673K 8738K 166960K 5244 0
kqueue 13 20K 28K 166960K 63 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 62 0 58 1 0 1 1 0 8 0
rtentry 176 108 0 26 5 0 5 5 0 8 0
unpcb 144 359 0 344 4 0 4 4 0 8 3
syncache 336 12 0 12 1 0 1 1 0 8 1
tcpqe 32 2 0 2 1 0 1 1 0 8 1
tcpcb 736 181 0 175 5 0 5 5 0 8 3
arp 136 17 0 4 1 0 1 1 0 8 0
ipq 40 5 0 0 1 0 1 1 0 8 0
ipqe 40 7 0 1 1 0 1 1 0 8 0
inpcb 328 350 0 341 5 0 5 5 0 8 3
nd6 152 26 0 9 1 0 1 1 0 8 0
kcovpl 48 25 0 19 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 421 0 94 27 0 27 27 0 8 4
art_table 40 422 0 94 5 0 5 5 0 8 0
art_node 32 108 0 33 1 0 1 1 0 8 0
sysvmsgpl 40 12 0 9 1 0 1 1 0 8 0
semapl 112 17 0 7 1 0 1 1 0 8 0
shmpl 112 14 0 4 1 0 1 1 0 8 0
dirhash 1024 25 0 8 3 0 3 3 0 8 0
dino2pl 256 1999 0 470 96 0 96 96 0 8 0
ffsino 296 1999 0 470 118 0 118 118 0 8 0
nchpl 144 2542 0 840 64 0 64 64 0 8 0
vnodes 216 2233 0 0 125 0 125 125 0 8 0
namei 1024 7997 0 7996 1 0 1 1 0 8 0
percpumem 16 50 0 2 1 0 1 1 0 8 0
kstatmem 264 24 0 4 2 0 2 2 0 8 0
scxspl 216 8460 0 8460 11 3 8 8 1 8 8
plimitpl 152 246 0 225 2 0 2 2 0 8 1
sigapl 424 709 0 662 7 0 7 7 0 8 0
knotepl 120 284 0 0 9 0 9 9 0 8 0
kqueuepl 224 87 0 78 2 0 2 2 0 8 1
pipepl 344 192 0 165 4 0 4 4 0 8 0
fdescpl 528 693 0 663 4 0 4 4 0 8 1
filepl 160 3524 0 3342 16 0 16 16 0 8 7
lockfpl 104 91 0 89 1 0 1 1 0 8 0
lockfspl 48 34 0 32 1 0 1 1 0 8 0
sessionpl 144 46 0 32 1 0 1 1 0 8 0
pgrppl 48 76 0 55 1 0 1 1 0 8 0
ucredpl 104 540 0 524 1 0 1 1 0 8 0
zombiepl 144 663 0 662 1 0 1 1 0 8 0
processpl 1232 709 0 662 5 0 5 5 0 8 0
procpl 664 1160 0 1110 7 0 7 7 0 8 1
sosppl 176 4 0 4 1 0 1 1 0 8 1
sockpl 752 775 0 747 12 1 11 12 0 8 7
mcl64k 65536 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 114 0 0 15 0 15 15 0 8 0
mcl2k 2048 39 0 0 5 0 5 5 0 8 0
mtagpl 96 3 0 0 1 0 1 1 0 8 0
mbufpl 256 1211 0 0 76 0 76 76 0 8 0
bufpl 280 4993 0 119 349 0 349 349 0 8 0
anonpl 32 9401 0 0 76 0 76 76 0 246 0
amapchunkpl 152 32796 0 32134 42 0 42 42 0 158 12
amappl16 200 2921 0 2902 16 4 12 14 0 8 8
amappl15 192 3 0 3 1 1 0 1 0 8 0
amappl14 184 6 0 6 2 1 1 1 0 8 1
amappl13 176 398 0 396 1 0 1 1 0 8 0
amappl12 168 1043 0 1004 3 0 3 3 0 8 0
amappl11 160 4 0 4 1 1 0 1 0 8 0
amappl10 152 45 0 35 1 0 1 1 0 8 0
amappl9 144 249 0 249 1 1 0 1 0 8 0
amappl8 136 22 0 21 1 0 1 1 0 8 0
amappl7 128 70 0 69 1 0 1 1 0 8 0
amappl6 120 270 0 257 1 0 1 1 0 8 0
amappl5 112 82 0 75 1 0 1 1 0 8 0
amappl4 104 512 0 485 1 0 1 1 0 8 0
amappl3 96 2760 0 2684 3 0 3 3 0 8 0
amappl2 88 871 0 800 3 0 3 3 0 8 1
amappl1 80 12012 0 11464 15 0 15 15 0 8 0
amappl 88 5013 0 4874 5 0 5 5 0 92 0
uvmvnodes 80 118 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 16 0 4 1 0 1 1 0 8 0
uaddrrnd 24 693 0 662 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 693 0 662 1 0 1 1 0 8 0
vmmpekpl 168 8414 0 8355 3 0 3 3 0 8 0
vmmpepl 168 54934 0 53207 105 0 105 105 0 357 12
vmsppl 488 692 0 662 7 1 6 6 0 8 0
rwobjpl 80 18977 0 18043 26 0 26 26 0 8 1
pdppl 4096 1394 0 1324 112 30 82 98 0 8 12
pvpl 32 27584 0 0 223 0 223 223 0 265 0
pmappl 256 692 0 662 4 1 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 351 0 33 10 0 10 10 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
savectx() at savectx+0xae
end trace frame: 0x0, count: -1
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:670
comcnputc(800,20) at comcnputc+0x250 comcn_read_reg sys/dev/ic/com.c:1655 [inline]
comcnputc(800,20) at comcnputc+0x250 sys/dev/ic/com.c:1269
cnputc(20) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(30) at db_putchar+0x126 db_force_whitespace sys/ddb/db_output.c:102 [inline]
db_putchar(30) at db_putchar+0x126 sys/ddb/db_output.c:153
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
db_printf(ffffffff8338ef81) at db_printf+0x9b sys/kern/subr_prf.c:-1
panic(ffffffff833b6ae5) at panic+0x103 sys/kern/subr_prf.c:217
__assert(ffffffff833f33db,ffffffff8334251b,4e2,ffffffff83342550) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pageunwire(fffffd8008b9b550) at uvm_pageunwire+0x17d sys/uvm/uvm_page.c:1249
uvm_fault_unwire_locked(fffffd806cb14ba0,cce7d411000,cce7d810000) at uvm_fault_unwire_locked+0x33a sys/uvm/uvm_fault.c:1790
uvm_unmap_kill_entry_withlock(fffffd806cb14ba0,fffffd806d1cbe08,0) at uvm_unmap_kill_entry_withlock+0x81 sys/uvm/uvm_map.c:1860
end trace frame: 0xffff80003bc0a330, count: 0
ddb{1}> trace
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:670
comcnputc(800,20) at comcnputc+0x250 comcn_read_reg sys/dev/ic/com.c:1655 [inline]
comcnputc(800,20) at comcnputc+0x250 sys/dev/ic/com.c:1269
cnputc(20) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(30) at db_putchar+0x126 db_force_whitespace sys/ddb/db_output.c:102 [inline]
db_putchar(30) at db_putchar+0x126 sys/ddb/db_output.c:153
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
db_printf(ffffffff8338ef81) at db_printf+0x9b sys/kern/subr_prf.c:-1
panic(ffffffff833b6ae5) at panic+0x103 sys/kern/subr_prf.c:217
__assert(ffffffff833f33db,ffffffff8334251b,4e2,ffffffff83342550) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pageunwire(fffffd8008b9b550) at uvm_pageunwire+0x17d sys/uvm/uvm_page.c:1249
uvm_fault_unwire_locked(fffffd806cb14ba0,cce7d411000,cce7d810000) at uvm_fault_unwire_locked+0x33a sys/uvm/uvm_fault.c:1790
uvm_unmap_kill_entry_withlock(fffffd806cb14ba0,fffffd806d1cbe08,0) at uvm_unmap_kill_entry_withlock+0x81 sys/uvm/uvm_map.c:1860
uvm_map_teardown(fffffd806cb14ba0) at uvm_map_teardown+0x117 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:-1 [inline]
uvm_map_teardown(fffffd806cb14ba0) at uvm_map_teardown+0x117 sys/uvm/uvm_map.c:2491
exit1(ffff8000fffe6550,0,0,1) at exit1+0x6fc sys/kern/kern_exit.c:260
sys_exit(ffff8000fffe6550,ffff80003bc0a4c0,ffff80003bc0a410) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80003bc0a4c0) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003bc0a4c0) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7af56fdaf060, count: -19
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages