assert "(pg->pg_flags & (PQ_INACTIVE|PQ_ACTIVE)) == NUM" failed in NOuvT mL_OpageW.EcR
0 views
Skip to first unread message
syzbot
7:19 PM (4 hours ago) 7:19 PM
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: a762189c5efb let if_vinput and if_input_proto requeue pack..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16f8561a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=97e5fa3fcf1af4e0346a
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/df2fede60536/disk-a762189c.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/67ab1adbf472/bsd-a762189c.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/8e6eb3f061ed/kernel-a762189c.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+97e5fa...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "(pg->pg_flags & (PQ_INACTIVE|PQ_ACTIVE)) == 0" failed: file "/syzkaller/managers/multicore/keWrnARelN/INsGys: /SuPvmL/ NOuvT mL_OpageW.EcR"E,D liOnNe 1S3YS09
CALStL a9rt1 i1n8g6 st7a2c0k1832 EXIT 0 a
Stopped at savectx+0xae: movl $0,%gs:0x688
TID PID UID PRFLAGS PFLAGS CPU COMMAND
522234 84102 0 0 0x4000000 0 syz-executor
*111726 88892 0 0x10 0 1 syz-executor
savectx() at savectx+0xae
end of kernel
end trace frame: 0x79de6f4b3d10, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu0: kernel diagnostic assertion "(pg->pg_flags & (PQ_INACTIVE|PQ_ACTIVE)) == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 1309
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x79de6f4b3d10, count: -1
ddb{1}> show registers
rdi 0
rsi 0
rbp 0xffff800034ff1f00
rbx 0
rdx 0
rcx 0xffff80003c43e028
rax 0x3b
r8 0xffff800034ff1e30
r9 0x1
r10 0xb20b140bc028ea88
r11 0x20742b96e8540cb4
r12 0
r13 0
r14 0xffff80003c43e028
r15 0
rip 0xffffffff82e2b3ee savectx+0xae
cs 0x8
rflags 0x46
rsp 0xffff800034ff1e80
ss 0
savectx+0xae: movl $0,%gs:0x688
ddb{1}> show proc
PROC (syz-executor) tid=111726 pid=88892 tcnt=3 stat=onproc
flags process=10<SUGID> proc=0
runpri=32, usrpri=86, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003c43f4e8,0xffff80003c43ea98
process=0xffff80002efdf048 user=0xffff800034fec000, vmspace=0xfffffd800b0631e8
estcpu=36, cpticks=4, pctcpu=0.0, user=3, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
70099 146521 70651 0 2 0 syz-executor
70099 509108 70651 0 2 0x4000000 syz-executor
84102 291939 72057 0 2 0xc80 syz-executor
84102 522234 72057 0 7 0x4000000 syz-executor
84102 179507 72057 0 3 0x4000080 fsleep syz-executor
15135 524128 68701 0 2 0xc80 syz-executor
15135 477615 68701 0 3 0x4000080 bell syz-executor
15135 125051 68701 0 3 0x4000080 fsleep syz-executor
15135 454749 68701 0 3 0x4000080 fsleep syz-executor
*88892 111726 55649 0 7 0x10 syz-executor
88892 141730 55649 0 3 0x4000010 smrbar syz-executor
88892 467285 55649 0 3 0x4000090 fsleep syz-executor
12205 344159 46876 0 2 0xc80 syz-executor
12205 491311 46876 0 3 0x4000080 kqread syz-executor
12205 431166 46876 0 3 0x4000080 fsleep syz-executor
9946 125140 51318 0 2 0xc80 syz-executor
9946 29915 51318 0 3 0x4000080 ttyin syz-executor
9946 167344 51318 0 3 0x4000080 fsleep syz-executor
84776 85004 79860 0 2 0xc82 syz-executor
37777 406898 1 0 3 0x100083 ttyopn getty
51318 446727 79860 0 2 0xc82 syz-executor
57793 248591 0 0 3 0x14200 acct acct
46876 259363 79860 0 2 0xc82 syz-executor
62996 75030 79860 0 2 0xc82 syz-executor
55649 22774 79860 0 2 0xc82 syz-executor
70651 257799 79860 0 2 0xc82 syz-executor
68701 104432 79860 0 2 0xc82 syz-executor
72057 494777 79860 0 2 0xc82 syz-executor
79860 218422 83765 0 3 0x82 kqread syz-executor
83765 5286 20864 0 3 0x10008a sigsusp ksh
20864 44997 99479 0 3 0x98 kqread sshd-session
99479 454207 1964 0 3 0x92 kqread sshd-session
1964 225278 1 0 3 0x88 kqread sshd
75802 333886 37713 74 3 0x1100092 bpf pflogd
37713 84387 1 0 3 0x80 sbwait pflogd
72982 159903 9919 73 3 0x1100090 kqread syslogd
9919 324977 1 0 3 0x100082 sbwait syslogd
92554 226252 1 0 3 0x100080 kqread resolvd
21722 115257 8412 77 3 0x100092 kqread dhcpleased
10368 390918 8412 77 3 0x100092 kqread dhcpleased
8412 500038 1 0 3 0x80 kqread dhcpleased
57890 138598 0 0 3 0x14200 pause smr
10278 355902 0 0 2 0x14200 zerothread
56537 172122 0 0 3 0x14200 aiodoned aiodoned
48133 288314 0 0 3 0x14200 syncer update
21129 483868 0 0 3 0x14200 cleaner cleaner
60611 199435 0 0 2 0x14200 reaper
94483 423338 0 0 3 0x14200 pgdaemon pagedaemon
87348 399638 0 0 3 0x14200 bored viomb
1065 249427 0 0 3 0x40014200 acpi0 acpi0
56102 452646 0 0 3 0x40014200 idle1
31907 474783 0 0 3 0x14200 bored softnet1
23899 137662 0 0 3 0x14200 bored softnet0
60459 45 0 0 3 0x14200 bored systqmp
84736 478699 0 0 3 0x14200 bored systq
25001 462881 0 0 3 0x14200 tmoslp softclockmp
74720 419260 0 0 3 0x40014200 tmoslp softclock
93194 322141 0 0 3 0x40014200 idle0
1 396561 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd806c90e910)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter_try+0x1ad sys/kern/kern_lock.c:311
#2 mtx_enter+0x62 sys/kern/kern_lock.c:261
#3 pmap_do_remove+0xa9 rcr3 sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:139 [inline]
#3 pmap_do_remove+0xa9 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:437 [inline]
#3 pmap_do_remove+0xa9 sys/arch/amd64/amd64/pmap.c:1824
#4 uvm_unmap_kill_entry_withlock+0x269 sys/uvm/uvm_map.c:1863
#5 uvm_map_teardown+0x117 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:-1 [inline]
#5 uvm_map_teardown+0x117 sys/uvm/uvm_map.c:2486
#6 exit1+0x6fc sys/kern/kern_exit.c:260
#7 sys_exit+0x1a sys/kern/kern_exit.c:-1
#8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
#9 Xsyscall+0x128
Process 84102 (syz-executor) thread 0xffff80003c44e030 (522234)
exclusive rwlock uobjlk r = 0 (0xfffffd805c791318)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 uvm_fault_lower_lookup+0x53 sys/uvm/uvm_fault.c:1204
#3 uvm_fault_lower+0x89 sys/uvm/uvm_fault.c:1334
#4 uvm_fault+0x274 sys/uvm/uvm_fault.c:-1
#5 kpageflttrap+0x2f4 sys/arch/amd64/amd64/trap.c:283
#6 kerntrap+0x19c sys/arch/amd64/amd64/trap.c:520
#7 alltraps_kern_meltdown+0x7b
#8 _copyin+0x5b
#9 sys_pwritev+0x67 sys/kern/vfs_syscalls.c:3387
#10 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#10 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775
#11 Xsyscall+0x128
shared rwlock vmmaplk r = 0 (0xfffffd806caedc88)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_read+0x3e8 sys/kern/kern_rwlock.c:413
#2 uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1880
#3 uvm_fault_check+0x4f sys/uvm/uvm_fault.c:693
#4 uvm_fault+0x106 sys/uvm/uvm_fault.c:627
#5 kpageflttrap+0x2f4 sys/arch/amd64/amd64/trap.c:283
#6 kerntrap+0x19c sys/arch/amd64/amd64/trap.c:520
#7 alltraps_kern_meltdown+0x7b
#8 _copyin+0x5b
#9 sys_pwritev+0x67 sys/kern/vfs_syscalls.c:3387
#10 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#10 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775
#11 Xsyscall+0x128
Process 88892 (syz-executor) thread 0xffff80003c43ed20 (141730)
exclusive rwlock clonelk r = 0 (0xffffffff837cd588)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 if_clone_destroy+0x93 sys/net/if.c:-1
#3 ifioctl+0x59d sys/net/if.c:2159
#4 sys_ioctl+0x674 sys/kern/sys_generic.c:-1
#5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775
#6 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10293 11395K 11901K 166960K 16378 0
pcb 17 18K 19K 166960K 535 0
rtable 220 19K 19K 166960K 657 0
pf 42 19K 22K 166960K 282 0
ifaddr 38 6K 8K 166960K 160 0
ifgroup 63 2K 3K 166960K 292 0
sysctl 4 1K 9K 166960K 32 0
counters 74 37K 38K 166960K 316 0
ioctlops 0 0K 4K 166960K 2268 0
iov 0 0K 24K 166960K 202 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1528 96K 96K 166960K 3971 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 32 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 1K 166960K 173 0
dirhash 12 2K 2K 166960K 24 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 240K 166960K 2279 0
sigio 0 0K 0K 166960K 176 0
proc 73 115K 180K 166960K 831 0
subproc 72 4K 4K 166960K 90 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 495 0
in_multi 66 4K 7K 166960K 179 0
ether_multi 1 0K 0K 166960K 19 0
mrt 2 0K 0K 166960K 20 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 397 1765K 1765K 166960K 397 0
exec 0 0K 1K 166960K 722 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 5 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 250 169K 194K 166960K 22467 0
UVM aobj 141 28K 28K 166960K 151 0
pinsyscall 42 84K 100K 166960K 3485 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 135 0
NDP 14 0K 1K 166960K 115 0
temp 82 8680K 8760K 166960K 100451 0
kqueue 15 24K 30K 166960K 372 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 467 0 464 7 6 1 3 0 8 0
rtentry 176 175 0 100 5 0 5 5 0 8 0
unpcb 144 1856 0 1839 10 6 4 6 0 8 3
syncache 336 16 0 16 2 2 0 1 0 8 0
tcpqe 32 4 0 4 2 2 0 1 0 8 0
tcpcb 736 1213 0 1204 15 9 6 10 0 8 4
arp 136 23 0 10 1 0 1 1 0 8 0
inpcb 328 3140 0 3127 14 8 6 10 0 8 4
nd6 152 34 0 17 1 0 1 1 0 8 0
pkpcb 40 20 0 20 2 1 1 1 0 8 1
kcovpl 48 10 0 2 1 0 1 1 0 8 0
mppekey 1024 1 0 1 1 1 0 1 0 8 0
ppxss 1192 95 0 95 1 0 1 1 0 8 1
pppxif 1504 18 0 18 1 0 1 1 0 8 1
pfstscr 40 1 0 0 1 0 1 1 0 8 0
pffrag 232 5 0 1 1 0 1 1 0 482 0
pffrnode 88 5 0 1 1 0 1 1 0 8 0
pffrent 40 14 0 10 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 8 0 8 3 3 0 1 0 8 0
pfanchor 1288 4 0 4 1 1 0 1 0 8 0
pftag 88 5 0 0 1 0 1 1 0 8 0
pfstitem 24 146 0 35 1 0 1 1 0 8 0
pfstkey 128 148 0 37 4 0 4 4 0 8 0
pfstate 448 143 0 35 12 0 12 12 0 8 0
pfrule 1344 97 0 92 2 1 1 2 0 8 0
art_heap8 4096 3 0 0 3 0 3 3 0 8 0
art_heap4 256 804 0 480 31 8 23 31 0 8 1
art_table 40 807 0 480 5 0 5 5 0 8 0
art_node 32 175 0 110 1 0 1 1 0 8 0
sysvmsgpl 40 22 0 9 1 0 1 1 0 8 0
semapl 112 171 0 161 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 25 0 8 3 0 3 3 0 8 0
dino2pl 256 5734 0 4222 96 0 96 96 0 8 0
ffsino 296 5734 0 4222 118 0 118 118 0 8 0
nchpl 144 8966 0 7253 64 0 64 64 0 8 0
rtmask 32 16 0 16 3 2 1 1 0 8 1
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 33109 0 33109 3 1 2 2 0 8 2
percpumem 16 173 0 121 1 0 1 1 0 8 0
vcpupl 3968 12 0 2 2 0 2 2 0 8 0
vmpool 840 17 0 7 2 0 2 2 0 8 0
pfiaddrpl 120 2 0 2 1 1 0 1 0 8 0
kstatmem 264 196 0 160 3 0 3 3 0 8 0
scsiplug 72 9 0 9 2 1 1 1 0 8 1
scxspl 216 62088 0 62088 11 9 2 8 1 8 2
plimitpl 152 1183 0 1166 1 0 1 1 0 8 0
sigapl 424 2597 0 2548 8 2 6 8 0 8 0
knotepl 120 769 0 0 23 0 23 23 0 8 0
kqueuepl 224 759 0 748 6 3 3 3 0 8 2
pipepl 344 421 0 393 10 6 4 6 0 8 1
fdescpl 528 2553 0 2522 3 0 3 3 0 8 0
filepl 160 20294 0 20061 25 12 13 21 0 8 1
lockfpl 104 818 0 814 2 1 1 2 0 8 0
lockfspl 48 313 0 309 1 0 1 1 0 8 0
sessionpl 144 35 0 26 1 0 1 1 0 8 0
pgrppl 48 76 0 59 1 0 1 1 0 8 0
ucredpl 104 3535 0 3520 1 0 1 1 0 8 0
zombiepl 144 2550 0 2548 1 0 1 1 0 8 0
processpl 1232 2597 0 2548 6 1 5 6 0 8 0
procpl 664 6277 0 6216 7 1 6 7 0 8 0
sosppl 176 27 0 27 1 0 1 1 0 8 1
sockpl 752 5542 0 5509 48 38 10 24 0 8 6
mcl64k 65536 33 0 0 5 0 5 5 0 8 2
mcl16k 16384 2 0 0 1 0 1 1 0 8 0
mcl12k 12288 1 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 3 0 0 1 0 1 1 0 8 0
mcl4k 4096 114 0 0 15 0 15 15 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 58 0 0 7 0 7 7 0 8 0
mtagpl 96 181 0 0 5 0 5 5 0 8 0
mbufpl 256 1013 0 0 63 0 63 63 0 8 0
bufpl 280 27554 0 21417 439 0 439 439 0 8 0
anonpl 32 12907 0 0 105 0 105 105 0 246 0
amapchunkpl 152 78984 0 78343 40 8 32 37 0 158 2
amappl16 200 11887 0 11847 84 66 18 30 0 8 7
amappl15 192 11 0 10 1 0 1 1 0 8 0
amappl14 184 4 0 4 1 1 0 1 0 8 0
amappl13 176 451 0 450 1 0 1 1 0 8 0
amappl12 168 2958 0 2916 3 1 2 3 0 8 0
amappl11 160 7 0 7 1 1 0 1 0 8 0
amappl10 152 51 0 37 1 0 1 1 0 8 0
amappl9 144 279 0 279 1 1 0 1 0 8 0
amappl8 136 25 0 21 1 0 1 1 0 8 0
amappl7 128 89 0 87 1 0 1 1 0 8 0
amappl6 120 324 0 311 1 0 1 1 0 8 0
amappl5 112 85 0 74 1 0 1 1 0 8 0
amappl4 104 489 0 458 1 0 1 1 0 8 0
amappl3 96 15778 0 15667 5 1 4 4 0 8 0
amappl2 88 632 0 570 2 0 2 2 0 8 0
amappl1 80 20339 0 19739 17 2 15 15 0 8 0
amappl 88 21247 0 21076 5 0 5 5 0 92 0
uvmvnodes 80 170 0 0 4 0 4 4 0 8 0
dma65536 65536 1 0 1 1 1 0 1 0 8 0
dma16384 16384 1 0 1 1 1 0 1 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma512 512 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 254 0 254 2 2 0 1 0 8 0
dma64 64 10 0 10 3 2 1 1 0 8 1
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 19 0 18 1 0 1 1 0 8 0
aobjpl 72 150 0 10 3 0 3 3 0 8 0
uaddrrnd 24 2553 0 2522 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2553 0 2522 1 0 1 1 0 8 0
vmmpekpl 168 22796 0 22757 3 0 3 3 0 8 0
vmmpepl 168 171822 0 169854 115 12 103 111 0 357 5
vmsppl 488 2552 0 2521 5 0 5 5 0 8 0
rwobjpl 80 48437 0 47172 36 1 35 35 0 8 2
pdppl 4096 5147 0 5066 118 37 81 83 0 8 0
pvpl 32 22245 0 0 180 1 179 179 0 265 0
pmappl 256 2569 0 2528 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 385 0 63 10 0 10 10 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff83890ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff839ece88) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline]
__mp_lock(ffffffff839ece88) at __mp_lock+0x192 sys/kern/kern_lock.c:165
softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83
dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862
Xsoftclock() at Xsoftclock+0x27
cnputc(6b) at cnputc+0x67 sys/dev/cons.c:218
kputchar(6b,5,0) at kputchar+0x2ed sys/kern/subr_prf.c:367
kprintf() at kprintf+0x203 sys/kern/subr_prf.c:723
printf(ffffffff8336165c) at printf+0x8b sys/kern/subr_prf.c:529
db_stack_dump() at db_stack_dump+0x7c sys/ddb/db_output.c:241
panic(ffffffff833b25de) at panic+0x1d0 sys/kern/subr_prf.c:229
__assert(ffffffff833f06fd,ffffffff833e3066,51d,ffffffff83420198) at __assert+0x29 sys/kern/subr_prf.c:-1
end trace frame: 0xffff80003c43d800, count: 0
ddb{0}> trace
x86_ipi_db(ffffffff83890ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff839ece88) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline]
__mp_lock(ffffffff839ece88) at __mp_lock+0x192 sys/kern/kern_lock.c:165
softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83
dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862
Xsoftclock() at Xsoftclock+0x27
cnputc(6b) at cnputc+0x67 sys/dev/cons.c:218
kputchar(6b,5,0) at kputchar+0x2ed sys/kern/subr_prf.c:367
kprintf() at kprintf+0x203 sys/kern/subr_prf.c:723
printf(ffffffff8336165c) at printf+0x8b sys/kern/subr_prf.c:529
db_stack_dump() at db_stack_dump+0x7c sys/ddb/db_output.c:241
panic(ffffffff833b25de) at panic+0x1d0 sys/kern/subr_prf.c:229
__assert(ffffffff833f06fd,ffffffff833e3066,51d,ffffffff83420198) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pageactivate(fffffd80091193a8) at uvm_pageactivate+0x1e3 sys/uvm/uvm_page.c:1306
uvm_fault_lower(ffff80003c43d9c0,ffff80003c43d9f8,ffff80003c43d940) at uvm_fault_lower+0x25c sys/uvm/uvm_fault.c:1379
uvm_fault(fffffd806caedb88,200000002000,0,1) at uvm_fault+0x274 sys/uvm/uvm_fault.c:-1
kpageflttrap(ffff80003c43db70,200000002540) at kpageflttrap+0x2f4 sys/arch/amd64/amd64/trap.c:283
kerntrap(ffff80003c43db70) at kerntrap+0x19c sys/arch/amd64/amd64/trap.c:520
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
_copyin() at _copyin+0x5b
sys_pwritev(ffff80003c44e030,ffff80003c43dea0,ffff80003c43ddf0) at sys_pwritev+0x67 sys/kern/vfs_syscalls.c:3387
syscall(ffff80003c43dea0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c43dea0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xce06aecae40, count: -24
ddb{0}> machine ddbcpu 1
Stopped at savectx+0xae: movl $0,%gs:0x688
savectx() at savectx+0xae
end of kernel
end trace frame: 0x79de6f4b3d10, count: 14
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x79de6f4b3d10, count: -1
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: a762189c5efb let if_vinput and if_input_proto requeue pack..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16f8561a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=97e5fa3fcf1af4e0346a
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/df2fede60536/disk-a762189c.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/67ab1adbf472/bsd-a762189c.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/8e6eb3f061ed/kernel-a762189c.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+97e5fa...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "(pg->pg_flags & (PQ_INACTIVE|PQ_ACTIVE)) == 0" failed: file "/syzkaller/managers/multicore/keWrnARelN/INsGys: /SuPvmL/ NOuvT mL_OpageW.EcR"E,D liOnNe 1S3YS09
CALStL a9rt1 i1n8g6 st7a2c0k1832 EXIT 0 a
Stopped at savectx+0xae: movl $0,%gs:0x688
TID PID UID PRFLAGS PFLAGS CPU COMMAND
522234 84102 0 0 0x4000000 0 syz-executor
*111726 88892 0 0x10 0 1 syz-executor
savectx() at savectx+0xae
end of kernel
end trace frame: 0x79de6f4b3d10, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu0: kernel diagnostic assertion "(pg->pg_flags & (PQ_INACTIVE|PQ_ACTIVE)) == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 1309
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x79de6f4b3d10, count: -1
ddb{1}> show registers
rdi 0
rsi 0
rbp 0xffff800034ff1f00
rbx 0
rdx 0
rcx 0xffff80003c43e028
rax 0x3b
r8 0xffff800034ff1e30
r9 0x1
r10 0xb20b140bc028ea88
r11 0x20742b96e8540cb4
r12 0
r13 0
r14 0xffff80003c43e028
r15 0
rip 0xffffffff82e2b3ee savectx+0xae
cs 0x8
rflags 0x46
rsp 0xffff800034ff1e80
ss 0
savectx+0xae: movl $0,%gs:0x688
ddb{1}> show proc
PROC (syz-executor) tid=111726 pid=88892 tcnt=3 stat=onproc
flags process=10<SUGID> proc=0
runpri=32, usrpri=86, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003c43f4e8,0xffff80003c43ea98
process=0xffff80002efdf048 user=0xffff800034fec000, vmspace=0xfffffd800b0631e8
estcpu=36, cpticks=4, pctcpu=0.0, user=3, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
70099 146521 70651 0 2 0 syz-executor
70099 509108 70651 0 2 0x4000000 syz-executor
84102 291939 72057 0 2 0xc80 syz-executor
84102 522234 72057 0 7 0x4000000 syz-executor
84102 179507 72057 0 3 0x4000080 fsleep syz-executor
15135 524128 68701 0 2 0xc80 syz-executor
15135 477615 68701 0 3 0x4000080 bell syz-executor
15135 125051 68701 0 3 0x4000080 fsleep syz-executor
15135 454749 68701 0 3 0x4000080 fsleep syz-executor
*88892 111726 55649 0 7 0x10 syz-executor
88892 141730 55649 0 3 0x4000010 smrbar syz-executor
88892 467285 55649 0 3 0x4000090 fsleep syz-executor
12205 344159 46876 0 2 0xc80 syz-executor
12205 491311 46876 0 3 0x4000080 kqread syz-executor
12205 431166 46876 0 3 0x4000080 fsleep syz-executor
9946 125140 51318 0 2 0xc80 syz-executor
9946 29915 51318 0 3 0x4000080 ttyin syz-executor
9946 167344 51318 0 3 0x4000080 fsleep syz-executor
84776 85004 79860 0 2 0xc82 syz-executor
37777 406898 1 0 3 0x100083 ttyopn getty
51318 446727 79860 0 2 0xc82 syz-executor
57793 248591 0 0 3 0x14200 acct acct
46876 259363 79860 0 2 0xc82 syz-executor
62996 75030 79860 0 2 0xc82 syz-executor
55649 22774 79860 0 2 0xc82 syz-executor
70651 257799 79860 0 2 0xc82 syz-executor
68701 104432 79860 0 2 0xc82 syz-executor
72057 494777 79860 0 2 0xc82 syz-executor
79860 218422 83765 0 3 0x82 kqread syz-executor
83765 5286 20864 0 3 0x10008a sigsusp ksh
20864 44997 99479 0 3 0x98 kqread sshd-session
99479 454207 1964 0 3 0x92 kqread sshd-session
1964 225278 1 0 3 0x88 kqread sshd
75802 333886 37713 74 3 0x1100092 bpf pflogd
37713 84387 1 0 3 0x80 sbwait pflogd
72982 159903 9919 73 3 0x1100090 kqread syslogd
9919 324977 1 0 3 0x100082 sbwait syslogd
92554 226252 1 0 3 0x100080 kqread resolvd
21722 115257 8412 77 3 0x100092 kqread dhcpleased
10368 390918 8412 77 3 0x100092 kqread dhcpleased
8412 500038 1 0 3 0x80 kqread dhcpleased
57890 138598 0 0 3 0x14200 pause smr
10278 355902 0 0 2 0x14200 zerothread
56537 172122 0 0 3 0x14200 aiodoned aiodoned
48133 288314 0 0 3 0x14200 syncer update
21129 483868 0 0 3 0x14200 cleaner cleaner
60611 199435 0 0 2 0x14200 reaper
94483 423338 0 0 3 0x14200 pgdaemon pagedaemon
87348 399638 0 0 3 0x14200 bored viomb
1065 249427 0 0 3 0x40014200 acpi0 acpi0
56102 452646 0 0 3 0x40014200 idle1
31907 474783 0 0 3 0x14200 bored softnet1
23899 137662 0 0 3 0x14200 bored softnet0
60459 45 0 0 3 0x14200 bored systqmp
84736 478699 0 0 3 0x14200 bored systq
25001 462881 0 0 3 0x14200 tmoslp softclockmp
74720 419260 0 0 3 0x40014200 tmoslp softclock
93194 322141 0 0 3 0x40014200 idle0
1 396561 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd806c90e910)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter_try+0x1ad sys/kern/kern_lock.c:311
#2 mtx_enter+0x62 sys/kern/kern_lock.c:261
#3 pmap_do_remove+0xa9 rcr3 sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:139 [inline]
#3 pmap_do_remove+0xa9 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:437 [inline]
#3 pmap_do_remove+0xa9 sys/arch/amd64/amd64/pmap.c:1824
#4 uvm_unmap_kill_entry_withlock+0x269 sys/uvm/uvm_map.c:1863
#5 uvm_map_teardown+0x117 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:-1 [inline]
#5 uvm_map_teardown+0x117 sys/uvm/uvm_map.c:2486
#6 exit1+0x6fc sys/kern/kern_exit.c:260
#7 sys_exit+0x1a sys/kern/kern_exit.c:-1
#8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:775
#9 Xsyscall+0x128
Process 84102 (syz-executor) thread 0xffff80003c44e030 (522234)
exclusive rwlock uobjlk r = 0 (0xfffffd805c791318)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 uvm_fault_lower_lookup+0x53 sys/uvm/uvm_fault.c:1204
#3 uvm_fault_lower+0x89 sys/uvm/uvm_fault.c:1334
#4 uvm_fault+0x274 sys/uvm/uvm_fault.c:-1
#5 kpageflttrap+0x2f4 sys/arch/amd64/amd64/trap.c:283
#6 kerntrap+0x19c sys/arch/amd64/amd64/trap.c:520
#7 alltraps_kern_meltdown+0x7b
#8 _copyin+0x5b
#9 sys_pwritev+0x67 sys/kern/vfs_syscalls.c:3387
#10 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#10 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775
#11 Xsyscall+0x128
shared rwlock vmmaplk r = 0 (0xfffffd806caedc88)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_read+0x3e8 sys/kern/kern_rwlock.c:413
#2 uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1880
#3 uvm_fault_check+0x4f sys/uvm/uvm_fault.c:693
#4 uvm_fault+0x106 sys/uvm/uvm_fault.c:627
#5 kpageflttrap+0x2f4 sys/arch/amd64/amd64/trap.c:283
#6 kerntrap+0x19c sys/arch/amd64/amd64/trap.c:520
#7 alltraps_kern_meltdown+0x7b
#8 _copyin+0x5b
#9 sys_pwritev+0x67 sys/kern/vfs_syscalls.c:3387
#10 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#10 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775
#11 Xsyscall+0x128
Process 88892 (syz-executor) thread 0xffff80003c43ed20 (141730)
exclusive rwlock clonelk r = 0 (0xffffffff837cd588)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 if_clone_destroy+0x93 sys/net/if.c:-1
#3 ifioctl+0x59d sys/net/if.c:2159
#4 sys_ioctl+0x674 sys/kern/sys_generic.c:-1
#5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775
#6 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10293 11395K 11901K 166960K 16378 0
pcb 17 18K 19K 166960K 535 0
rtable 220 19K 19K 166960K 657 0
pf 42 19K 22K 166960K 282 0
ifaddr 38 6K 8K 166960K 160 0
ifgroup 63 2K 3K 166960K 292 0
sysctl 4 1K 9K 166960K 32 0
counters 74 37K 38K 166960K 316 0
ioctlops 0 0K 4K 166960K 2268 0
iov 0 0K 24K 166960K 202 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1528 96K 96K 166960K 3971 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 32 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 1K 166960K 173 0
dirhash 12 2K 2K 166960K 24 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 240K 166960K 2279 0
sigio 0 0K 0K 166960K 176 0
proc 73 115K 180K 166960K 831 0
subproc 72 4K 4K 166960K 90 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 495 0
in_multi 66 4K 7K 166960K 179 0
ether_multi 1 0K 0K 166960K 19 0
mrt 2 0K 0K 166960K 20 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 397 1765K 1765K 166960K 397 0
exec 0 0K 1K 166960K 722 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 5 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 250 169K 194K 166960K 22467 0
UVM aobj 141 28K 28K 166960K 151 0
pinsyscall 42 84K 100K 166960K 3485 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 135 0
NDP 14 0K 1K 166960K 115 0
temp 82 8680K 8760K 166960K 100451 0
kqueue 15 24K 30K 166960K 372 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 467 0 464 7 6 1 3 0 8 0
rtentry 176 175 0 100 5 0 5 5 0 8 0
unpcb 144 1856 0 1839 10 6 4 6 0 8 3
syncache 336 16 0 16 2 2 0 1 0 8 0
tcpqe 32 4 0 4 2 2 0 1 0 8 0
tcpcb 736 1213 0 1204 15 9 6 10 0 8 4
arp 136 23 0 10 1 0 1 1 0 8 0
inpcb 328 3140 0 3127 14 8 6 10 0 8 4
nd6 152 34 0 17 1 0 1 1 0 8 0
pkpcb 40 20 0 20 2 1 1 1 0 8 1
kcovpl 48 10 0 2 1 0 1 1 0 8 0
mppekey 1024 1 0 1 1 1 0 1 0 8 0
ppxss 1192 95 0 95 1 0 1 1 0 8 1
pppxif 1504 18 0 18 1 0 1 1 0 8 1
pfstscr 40 1 0 0 1 0 1 1 0 8 0
pffrag 232 5 0 1 1 0 1 1 0 482 0
pffrnode 88 5 0 1 1 0 1 1 0 8 0
pffrent 40 14 0 10 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 8 0 8 3 3 0 1 0 8 0
pfanchor 1288 4 0 4 1 1 0 1 0 8 0
pftag 88 5 0 0 1 0 1 1 0 8 0
pfstitem 24 146 0 35 1 0 1 1 0 8 0
pfstkey 128 148 0 37 4 0 4 4 0 8 0
pfstate 448 143 0 35 12 0 12 12 0 8 0
pfrule 1344 97 0 92 2 1 1 2 0 8 0
art_heap8 4096 3 0 0 3 0 3 3 0 8 0
art_heap4 256 804 0 480 31 8 23 31 0 8 1
art_table 40 807 0 480 5 0 5 5 0 8 0
art_node 32 175 0 110 1 0 1 1 0 8 0
sysvmsgpl 40 22 0 9 1 0 1 1 0 8 0
semapl 112 171 0 161 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 25 0 8 3 0 3 3 0 8 0
dino2pl 256 5734 0 4222 96 0 96 96 0 8 0
ffsino 296 5734 0 4222 118 0 118 118 0 8 0
nchpl 144 8966 0 7253 64 0 64 64 0 8 0
rtmask 32 16 0 16 3 2 1 1 0 8 1
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 33109 0 33109 3 1 2 2 0 8 2
percpumem 16 173 0 121 1 0 1 1 0 8 0
vcpupl 3968 12 0 2 2 0 2 2 0 8 0
vmpool 840 17 0 7 2 0 2 2 0 8 0
pfiaddrpl 120 2 0 2 1 1 0 1 0 8 0
kstatmem 264 196 0 160 3 0 3 3 0 8 0
scsiplug 72 9 0 9 2 1 1 1 0 8 1
scxspl 216 62088 0 62088 11 9 2 8 1 8 2
plimitpl 152 1183 0 1166 1 0 1 1 0 8 0
sigapl 424 2597 0 2548 8 2 6 8 0 8 0
knotepl 120 769 0 0 23 0 23 23 0 8 0
kqueuepl 224 759 0 748 6 3 3 3 0 8 2
pipepl 344 421 0 393 10 6 4 6 0 8 1
fdescpl 528 2553 0 2522 3 0 3 3 0 8 0
filepl 160 20294 0 20061 25 12 13 21 0 8 1
lockfpl 104 818 0 814 2 1 1 2 0 8 0
lockfspl 48 313 0 309 1 0 1 1 0 8 0
sessionpl 144 35 0 26 1 0 1 1 0 8 0
pgrppl 48 76 0 59 1 0 1 1 0 8 0
ucredpl 104 3535 0 3520 1 0 1 1 0 8 0
zombiepl 144 2550 0 2548 1 0 1 1 0 8 0
processpl 1232 2597 0 2548 6 1 5 6 0 8 0
procpl 664 6277 0 6216 7 1 6 7 0 8 0
sosppl 176 27 0 27 1 0 1 1 0 8 1
sockpl 752 5542 0 5509 48 38 10 24 0 8 6
mcl64k 65536 33 0 0 5 0 5 5 0 8 2
mcl16k 16384 2 0 0 1 0 1 1 0 8 0
mcl12k 12288 1 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 3 0 0 1 0 1 1 0 8 0
mcl4k 4096 114 0 0 15 0 15 15 0 8 0
mcl2k2 2112 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 58 0 0 7 0 7 7 0 8 0
mtagpl 96 181 0 0 5 0 5 5 0 8 0
mbufpl 256 1013 0 0 63 0 63 63 0 8 0
bufpl 280 27554 0 21417 439 0 439 439 0 8 0
anonpl 32 12907 0 0 105 0 105 105 0 246 0
amapchunkpl 152 78984 0 78343 40 8 32 37 0 158 2
amappl16 200 11887 0 11847 84 66 18 30 0 8 7
amappl15 192 11 0 10 1 0 1 1 0 8 0
amappl14 184 4 0 4 1 1 0 1 0 8 0
amappl13 176 451 0 450 1 0 1 1 0 8 0
amappl12 168 2958 0 2916 3 1 2 3 0 8 0
amappl11 160 7 0 7 1 1 0 1 0 8 0
amappl10 152 51 0 37 1 0 1 1 0 8 0
amappl9 144 279 0 279 1 1 0 1 0 8 0
amappl8 136 25 0 21 1 0 1 1 0 8 0
amappl7 128 89 0 87 1 0 1 1 0 8 0
amappl6 120 324 0 311 1 0 1 1 0 8 0
amappl5 112 85 0 74 1 0 1 1 0 8 0
amappl4 104 489 0 458 1 0 1 1 0 8 0
amappl3 96 15778 0 15667 5 1 4 4 0 8 0
amappl2 88 632 0 570 2 0 2 2 0 8 0
amappl1 80 20339 0 19739 17 2 15 15 0 8 0
amappl 88 21247 0 21076 5 0 5 5 0 92 0
uvmvnodes 80 170 0 0 4 0 4 4 0 8 0
dma65536 65536 1 0 1 1 1 0 1 0 8 0
dma16384 16384 1 0 1 1 1 0 1 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma512 512 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 254 0 254 2 2 0 1 0 8 0
dma64 64 10 0 10 3 2 1 1 0 8 1
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 19 0 18 1 0 1 1 0 8 0
aobjpl 72 150 0 10 3 0 3 3 0 8 0
uaddrrnd 24 2553 0 2522 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2553 0 2522 1 0 1 1 0 8 0
vmmpekpl 168 22796 0 22757 3 0 3 3 0 8 0
vmmpepl 168 171822 0 169854 115 12 103 111 0 357 5
vmsppl 488 2552 0 2521 5 0 5 5 0 8 0
rwobjpl 80 48437 0 47172 36 1 35 35 0 8 2
pdppl 4096 5147 0 5066 118 37 81 83 0 8 0
pvpl 32 22245 0 0 180 1 179 179 0 265 0
pmappl 256 2569 0 2528 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 385 0 63 10 0 10 10 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff83890ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff839ece88) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline]
__mp_lock(ffffffff839ece88) at __mp_lock+0x192 sys/kern/kern_lock.c:165
softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83
dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862
Xsoftclock() at Xsoftclock+0x27
cnputc(6b) at cnputc+0x67 sys/dev/cons.c:218
kputchar(6b,5,0) at kputchar+0x2ed sys/kern/subr_prf.c:367
kprintf() at kprintf+0x203 sys/kern/subr_prf.c:723
printf(ffffffff8336165c) at printf+0x8b sys/kern/subr_prf.c:529
db_stack_dump() at db_stack_dump+0x7c sys/ddb/db_output.c:241
panic(ffffffff833b25de) at panic+0x1d0 sys/kern/subr_prf.c:229
__assert(ffffffff833f06fd,ffffffff833e3066,51d,ffffffff83420198) at __assert+0x29 sys/kern/subr_prf.c:-1
end trace frame: 0xffff80003c43d800, count: 0
ddb{0}> trace
x86_ipi_db(ffffffff83890ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff839ece88) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:134 [inline]
__mp_lock(ffffffff839ece88) at __mp_lock+0x192 sys/kern/kern_lock.c:165
softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83
dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862
Xsoftclock() at Xsoftclock+0x27
cnputc(6b) at cnputc+0x67 sys/dev/cons.c:218
kputchar(6b,5,0) at kputchar+0x2ed sys/kern/subr_prf.c:367
kprintf() at kprintf+0x203 sys/kern/subr_prf.c:723
printf(ffffffff8336165c) at printf+0x8b sys/kern/subr_prf.c:529
db_stack_dump() at db_stack_dump+0x7c sys/ddb/db_output.c:241
panic(ffffffff833b25de) at panic+0x1d0 sys/kern/subr_prf.c:229
__assert(ffffffff833f06fd,ffffffff833e3066,51d,ffffffff83420198) at __assert+0x29 sys/kern/subr_prf.c:-1
uvm_pageactivate(fffffd80091193a8) at uvm_pageactivate+0x1e3 sys/uvm/uvm_page.c:1306
uvm_fault_lower(ffff80003c43d9c0,ffff80003c43d9f8,ffff80003c43d940) at uvm_fault_lower+0x25c sys/uvm/uvm_fault.c:1379
uvm_fault(fffffd806caedb88,200000002000,0,1) at uvm_fault+0x274 sys/uvm/uvm_fault.c:-1
kpageflttrap(ffff80003c43db70,200000002540) at kpageflttrap+0x2f4 sys/arch/amd64/amd64/trap.c:283
kerntrap(ffff80003c43db70) at kerntrap+0x19c sys/arch/amd64/amd64/trap.c:520
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
_copyin() at _copyin+0x5b
sys_pwritev(ffff80003c44e030,ffff80003c43dea0,ffff80003c43ddf0) at sys_pwritev+0x67 sys/kern/vfs_syscalls.c:3387
syscall(ffff80003c43dea0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c43dea0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xce06aecae40, count: -24
ddb{0}> machine ddbcpu 1
Stopped at savectx+0xae: movl $0,%gs:0x688
savectx() at savectx+0xae
end of kernel
end trace frame: 0x79de6f4b3d10, count: 14
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x79de6f4b3d10, count: -1
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages