assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno (2)
0 views
Skip to first unread message
syzbot
Jan 11, 2023, 4:33:41 PM1/11/23
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 86a45bbd35a5 timeout.9: document new interfaces, miscellan..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11ae4086480000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=f8f7959db972d5d82c98
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/689e6c4278d7/disk-86a45bbd.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/dfa3b0a66e9f/bsd-86a45bbd.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0d0bc49238b5/kernel-86a45bbd.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f8f795...@syzkaller.appspotmail.com
panicpanic: kernel diagnostic assertion "((flags & PGO_LOCKED) != 0 && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_vnode.c", line 953
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*383370 21922 32767 0x10 0 1 syz-executor.1
116952 17121 32767 0x10 0x4000000 0 syz-executor.2
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825ad2fa) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff826222ff,ffffffff826437c3,3b9,ffffffff8258adf8) at __assert+0x25 sys/kern/subr_prf.c:157
uvn_get(fffffd806da3abf0,2a000,ffff8000284063e0,ffff800028406254,3,4,edc83c53bcb4e983,fffffd806da3abf0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff800028406460,ffff800028406498,ffff8000284063e0) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff800028406460,ffff800028406498,ffff8000284063e0,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd80687bd018,1c267e82000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000284065d0,1c267e82790) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
usertrap(ffff8000284065d0) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffd4b70, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu0: vop_generic_badop
cpu1: kernel diagnostic assertion "((flags & PGO_LOCKED) != 0 && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_vnode.c", line 953
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825ad2fa) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff826222ff,ffffffff826437c3,3b9,ffffffff8258adf8) at __assert+0x25 sys/kern/subr_prf.c:157
uvn_get(fffffd806da3abf0,2a000,ffff8000284063e0,ffff800028406254,3,4,edc83c53bcb4e983,fffffd806da3abf0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff800028406460,ffff800028406498,ffff8000284063e0) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff800028406460,ffff800028406498,ffff8000284063e0,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd80687bd018,1c267e82000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000284065d0,1c267e82790) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
usertrap(ffff8000284065d0) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffd4b70, count: -10
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800028406080
rbx 0xffff800020dd9b8f
rdx 0
rcx 0
rax 0xffff8000ffff37a8
r8 0x101010101010101
r9 0x8080808080808080
r10 0x99dd1c3cbff793d
r11 0x6eff20ac2e85fc80
r12 0xffff800020dd9990
r13 0
r14 0xffffffff829c6990 cpu_info_full_primary+0x2990
r15 0x1
rip 0xffffffff8218bc88 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800028406070
ss 0
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.1) pid=383370 stat=onproc
flags process=10<SUGID> proc=0
pri=83, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff2d28,0xffff800028458a90
process=0xffff800021299d60 user=0xffff800028401000, vmspace=0xfffffd80687bd018
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
43540 441019 56687 32767 2 0x10 syz-executor.4
*21922 383370 20353 32767 7 0x10 syz-executor.1
17121 78646 24352 32767 2 0x10 syz-executor.2
17121 116952 24352 32767 7 0x4000010 syz-executor.2
91183 507183 50522 32767 2 0x10 syz-executor.7
91183 30904 50522 32767 3 0x4000090 netio syz-executor.7
13105 288241 14775 32767 2 0x10 syz-executor.5
13105 408582 14775 32767 2 0x4000010 syz-executor.5
4834 314305 74361 32767 2 0x10 syz-executor.3
4834 477886 74361 32767 3 0x4000090 fsleep syz-executor.3
4834 457563 74361 32767 2 0x4000010 syz-executor.3
4834 233567 74361 32767 3 0x4000090 fsleep syz-executor.3
69023 211952 27390 32767 3 0x10 biowait syz-executor.0
27390 405825 85175 0 3 0x82 wait syz-executor.0
14775 273918 60916 32767 3 0x90 nanoslp syz-executor.5
60916 190151 85175 0 3 0x82 wait syz-executor.5
24352 393342 30422 32767 3 0x90 nanoslp syz-executor.2
30422 337150 85175 0 3 0x82 wait syz-executor.2
56687 13475 77728 32767 3 0x90 nanoslp syz-executor.4
77728 200362 85175 0 3 0x82 wait syz-executor.4
82523 218017 48531 32767 2 0x10 syz-executor.6
48531 31112 85175 0 3 0x82 wait syz-executor.6
57602 95565 0 0 3 0x14200 bored sosplice
20353 327078 74372 32767 3 0x90 nanoslp syz-executor.1
50522 70012 91982 32767 3 0x90 nanoslp syz-executor.7
91982 75729 85175 0 3 0x82 wait syz-executor.7
74361 67553 44893 32767 3 0x90 nanoslp syz-executor.3
44893 198646 85175 0 3 0x82 wait syz-executor.3
74372 167088 85175 0 3 0x82 wait syz-executor.1
85175 1041 27680 0 3 0x82 wait syz-fuzzer
85175 196450 27680 0 3 0x4000082 thrsleep syz-fuzzer
85175 376258 27680 0 2 0x4000002 syz-fuzzer
85175 43126 27680 0 3 0x4000082 wait syz-fuzzer
85175 139811 27680 0 3 0x4000082 thrsleep syz-fuzzer
85175 269419 27680 0 3 0x4000082 thrsleep syz-fuzzer
85175 180549 27680 0 3 0x4000082 thrsleep syz-fuzzer
85175 479634 27680 0 3 0x4000082 thrsleep syz-fuzzer
85175 280713 27680 0 3 0x4000082 thrsleep syz-fuzzer
85175 131081 27680 0 3 0x4000082 wait syz-fuzzer
85175 48845 27680 0 3 0x4000082 wait syz-fuzzer
85175 401692 27680 0 3 0x4000082 wait syz-fuzzer
85175 388962 27680 0 3 0x4000082 wait syz-fuzzer
85175 364777 27680 0 3 0x4000082 wait syz-fuzzer
85175 115973 27680 0 2 0x4000082 syz-fuzzer
85175 170645 27680 0 3 0x4000082 wait syz-fuzzer
27680 277614 29477 0 3 0x10008a sigsusp ksh
29477 74264 51284 0 3 0x9a kqread sshd
16998 129157 1 0 3 0x100083 ttyin getty
51284 82874 1 0 3 0x88 kqread sshd
90685 430048 62762 73 3 0x1100090 kqread syslogd
62762 397813 1 0 3 0x100082 netio syslogd
64046 219827 1 0 3 0x100080 kqread resolvd
13069 175202 81958 77 3 0x100092 kqread dhcpleased
935 360940 81958 77 3 0x100092 kqread dhcpleased
81958 235351 1 0 3 0x80 kqread dhcpleased
68156 240279 0 0 3 0x14200 bored smr
68257 435128 0 0 2 0x14200 zerothread
15784 15969 0 0 3 0x14200 aiodoned aiodoned
28508 308576 0 0 3 0x14200 syncer update
67201 292390 0 0 3 0x14200 cleaner cleaner
83746 448204 0 0 3 0x14200 reaper reaper
86923 346072 0 0 3 0x14200 pgdaemon pagedaemon
3172 98926 0 0 3 0x14200 bored viomb
85949 254516 0 0 3 0x40014200 acpi0 acpi0
21969 72833 0 0 3 0x40014200 idle1
49371 391454 0 0 3 0x14200 bored softnet
84660 453875 0 0 3 0x14200 bored softnet
31836 466712 0 0 3 0x14200 bored softnet
11681 496590 0 0 3 0x14200 bored softnet
83086 53905 0 0 3 0x14200 bored systqmp
71505 67573 0 0 3 0x14200 bored systq
39729 222181 0 0 3 0x40014200 bored softclock
86776 136635 0 0 3 0x40014200 idle0
1 437323 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd8067e0dda0)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pmap_enter+0x1bf pmap_map_ptes sys/arch/amd64/amd64/pmap.c:420 [inline]
#3 pmap_enter+0x1bf sys/arch/amd64/amd64/pmap.c:2699
#4 uvm_fault_lower_lookup+0x2a7 sys/uvm/uvm_fault.c:1193
#5 uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
#6 uvm_fault+0x238
#7 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
#8 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
#9 recall_trap+0x8
Process 43540 (syz-executor.4) thread 0xffff800028458a80 (441019)
exclusive rwlock uobjlk r = 0 (0xfffffd806dee1a28)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 uvm_fault_lower_lookup+0x46 sys/uvm/uvm_fault.c:1127
#3 uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
#4 uvm_fault+0x238
#5 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
#6 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
#7 recall_trap+0x8
shared rwlock vmmaplk r = 0 (0xfffffd80687bd510)
#0 witness_lock+0x44d
#1 uvmfault_lookup+0xc9 sys/uvm/uvm_fault.c:1773
#2 uvm_fault_check+0x3a sys/uvm/uvm_fault.c:673
#3 uvm_fault+0xf2 sys/uvm/uvm_fault.c:601
#4 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
#5 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
#6 recall_trap+0x8
Process 17121 (syz-executor.2) thread 0xffff8000ffff2008 (116952)
exclusive rrwlock inode r = 0 (0xfffffd806e4933d8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vget+0x1fc sys/kern/vfs_subr.c:676
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1324
#8 ufs_lookup+0x122c sys/ufs/ufs/ufs_lookup.c:582
#9 VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x6e5 sys/kern/vfs_lookup.c:560
#11 namei+0x36a sys/kern/vfs_lookup.c:244
#12 dolinkat+0xaf sys/kern/vfs_syscalls.c:1716
#13 syscall+0x438 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#13 syscall+0x438 sys/arch/amd64/amd64/trap.c:599
#14 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82bb5c58)
#0 witness_lock+0x44d
#1 syscall+0x424 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#1 syscall+0x424 sys/arch/amd64/amd64/trap.c:599
#2 Xsyscall+0x128
Process 69023 (syz-executor.0) thread 0xffff8000ffff2fc8 (211952)
exclusive rrwlock inode r = 0 (0xfffffd806e49ac50)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1353
#6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1150
#8 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:388
#9 domkdirat+0x121 sys/kern/vfs_syscalls.c:3112
#10 syscall+0x438 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#10 syscall+0x438 sys/arch/amd64/amd64/trap.c:599
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806e4931b8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:412
#6 namei+0x36a sys/kern/vfs_lookup.c:244
#7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3097
#8 syscall+0x438 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#8 syscall+0x438 sys/arch/amd64/amd64/trap.c:599
#9 Xsyscall+0x128
Process 82523 (syz-executor.6) thread 0xffff800028458000 (218017)
exclusive rrwlock inode r = 0 (0xfffffd806e493708)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1353
#6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1150
#8 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:388
#9 domkdirat+0x121 sys/kern/vfs_syscalls.c:3112
#10 syscall+0x438 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#10 syscall+0x438 sys/arch/amd64/amd64/trap.c:599
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8067acac58)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:412
#6 namei+0x36a sys/kern/vfs_lookup.c:244
#7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3097
#8 syscall+0x438 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#8 syscall+0x438 sys/arch/amd64/amd64/trap.c:599
#9 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10232 6414K 6420K 78643K 11351 0
pcb 13 12K 14K 78643K 17 0
rtable 248 7K 7K 78643K 1112 0
ifaddr 71 16K 16K 78643K 129 0
sysctl 2 0K 0K 78643K 2 0
counters 60 35K 35K 78643K 78 0
ioctlops 0 0K 2K 78643K 103 0
iov 0 0K 28K 78643K 2410 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1272 80K 80K 78643K 3453 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 112 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 1K 78643K 707 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 24 89K 113K 78643K 9102 0
sigio 0 0K 0K 78643K 224 0
proc 56 78K 115K 78643K 1247 0
subproc 104 6K 6K 78643K 221 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 721 0
in_multi 99 6K 6K 78643K 306 0
ether_multi 1 0K 0K 78643K 29 0
mrt 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 301 1341K 1341K 78643K 301 0
exec 0 0K 1K 78643K 2676 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 408 95K 986K 78643K 67461 0
UVM aobj 131 4K 5K 78643K 137 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 319 0
NDP 11 0K 2K 78643K 54 0
temp 124 4694K 4758K 78643K 25708 0
kqueue 12 18K 26K 78643K 845 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 3715 0 3712 36 33 3 5 0 8 2
rtentry 112 224 0 107 4 0 4 4 0 8 0
unpcb 144 18723 0 18710 111 105 6 13 0 8 5
syncache 296 90 0 90 20 19 1 1 0 8 1
tcpqe 32 47 0 47 13 12 1 1 0 8 1
tcpcb 776 5253 0 5249 116 112 4 18 0 8 3
arp 120 37 0 19 1 0 1 1 0 8 0
ipq 40 41 0 41 4 4 0 1 0 8 0
ipqe 40 291 0 291 4 4 0 1 0 8 0
inpcb 368 9583 0 9574 126 119 7 19 0 8 6
ip6q 72 4 0 4 1 1 0 1 0 8 0
ip6af 40 12 0 12 1 1 0 1 0 8 0
nd6 48 64 0 33 1 0 1 1 0 8 0
kcovpl 48 17 0 9 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 914 0 434 32 2 30 31 0 8 0
art_table 32 915 0 434 4 0 4 4 0 8 0
art_node 16 223 0 116 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 705 0 695 1 0 1 1 0 8 0
shmpl 112 134 0 6 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 14149 0 12702 91 0 91 91 0 8 0
ffsino 272 14149 0 12702 97 0 97 97 0 8 0
nchpl 144 26684 0 25053 63 0 63 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 93430 0 93428 6 5 1 2 0 8 0
percpumem 16 51 0 9 1 0 1 1 0 8 0
kstatmem 264 40 0 18 2 0 2 2 0 8 0
scxspl 216 86015 0 86014 33 30 3 8 0 8 2
plimitpl 152 2587 0 2564 18 16 2 2 0 8 1
sigapl 424 9372 0 9319 7 0 7 7 0 8 0
futexpl 64 94974 0 94972 4 3 1 1 0 8 0
knotepl 120 696 0 0 11 1 10 11 0 8 0
kqueuepl 216 2767 0 2759 44 43 1 7 0 8 0
pipepl 320 2299 0 2271 60 52 8 9 0 8 5
fdescpl 496 9354 0 9319 7 2 5 6 0 8 0
filepl 152 79507 0 79272 137 122 15 25 0 8 5
lockfpl 104 1446 0 1444 1 0 1 1 0 8 0
lockfspl 48 397 0 395 1 0 1 1 0 8 0
sessionpl 144 32 0 16 1 0 1 1 0 8 0
pgrppl 48 275 0 259 1 0 1 1 0 8 0
ucredpl 104 12552 0 12534 1 0 1 1 0 8 0
zombiepl 144 9319 0 9319 1 0 1 1 0 8 1
processpl 1072 9372 0 9319 4 0 4 4 0 8 0
procpl 672 28336 0 28262 16 8 8 9 0 8 0
sosppl 168 154 0 154 16 15 1 1 0 8 1
sockpl 488 32345 0 32320 630 617 13 45 0 8 9
mcl64k 65536 33 0 0 4 1 3 3 0 8 0
mcl16k 16384 33 0 0 3 0 3 3 0 8 0
mcl12k 12288 25 0 0 2 0 2 2 0 8 0
mcl9k 9216 23 0 0 2 0 2 2 0 8 0
mcl8k 8192 25 0 0 4 1 3 3 0 8 0
mcl4k 4096 17 0 0 3 0 3 3 0 8 0
mcl2k2 2112 8 0 0 1 0 1 1 0 8 0
mcl2k 2048 327 0 0 31 6 25 31 0 8 0
mtagpl 96 3 0 0 1 0 1 1 0 8 0
mbufpl 256 4900 0 0 284 0 284 284 0 8 0
bufpl 288 19980 0 13652 453 0 453 453 0 8 0
anonpl 24 2060589 0 2046526 245 132 113 127 0 186 8
amapchunkpl 152 453843 0 453067 4489 4443 46 4421 0 158 13
amappl16 200 23965 0 23578 200 171 29 43 0 8 8
amappl15 192 9 0 9 1 1 0 1 0 8 0
amappl14 184 167 0 156 1 0 1 1 0 8 0
amappl13 176 11 0 10 1 0 1 1 0 8 0
amappl12 168 526 0 519 1 0 1 1 0 8 0
amappl11 160 54 0 43 1 0 1 1 0 8 0
amappl10 152 53 0 41 1 0 1 1 0 8 0
amappl9 144 1032 0 1032 5 4 1 1 0 8 1
amappl8 136 530 0 405 6 1 5 5 0 8 0
amappl7 128 205 0 181 2 1 1 2 0 8 0
amappl6 120 297 0 278 1 0 1 1 0 8 0
amappl5 112 309 0 302 1 0 1 1 0 8 0
amappl4 104 740 0 709 2 1 1 2 0 8 0
amappl3 96 29204 0 29144 2 0 2 2 0 8 0
amappl2 88 10169 0 10087 3 1 2 3 0 8 0
amappl1 80 217482 0 216719 22 4 18 22 0 8 0
amappl 88 66422 0 66197 7 1 6 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 136 0 6 3 0 3 3 0 8 0
uaddrrnd 24 9354 0 9319 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 9354 0 9319 1 0 1 1 0 8 0
vmmpekpl 168 83308 0 83239 4 0 4 4 0 8 0
vmmpepl 168 873971 0 871004 271 126 145 154 0 357 4
vmsppl 368 9353 0 9319 4 0 4 4 0 8 0
rwobjpl 56 245794 0 238150 127 15 112 115 0 8 1
pdppl 4096 18715 0 18638 324 243 81 89 0 8 4
pvpl 32 3937272 0 3916919 499 296 203 255 0 265 13
pmappl 248 9353 0 9319 4 1 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1469 0 379 32 0 32 32 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff829c5ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82bb5a50) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82bb5a50) at __mp_lock+0x122 sys/kern/kern_lock.c:147
intr_handler(ffff800023c10190,ffff80000006ba00) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f
Xspllower() at Xspllower+0x19
cnputc(63) at cnputc+0x4b sys/dev/cons.c:218
db_putchar(63) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x6ac sys/kern/subr_prf.c:724
db_printf(ffffffff8262765d) at db_printf+0x85 sys/kern/subr_prf.c:498
panic(ffffffff8259f89f) at panic+0xd7 sys/kern/subr_prf.c:216
vop_generic_badop(ffff800023c105b0) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_READLINK(fffffd8077d9a520,ffff800023c10620,fffffd807f7d7340) at VOP_READLINK+0xb6 sys/kern/vfs_vops.c:460
end trace frame: 0xffff800023c106b0, count: 0
ddb{0}> trace
x86_ipi_db(ffffffff829c5ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82bb5a50) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82bb5a50) at __mp_lock+0x122 sys/kern/kern_lock.c:147
intr_handler(ffff800023c10190,ffff80000006ba00) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f
Xspllower() at Xspllower+0x19
cnputc(63) at cnputc+0x4b sys/dev/cons.c:218
db_putchar(63) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x6ac sys/kern/subr_prf.c:724
db_printf(ffffffff8262765d) at db_printf+0x85 sys/kern/subr_prf.c:498
panic(ffffffff8259f89f) at panic+0xd7 sys/kern/subr_prf.c:216
vop_generic_badop(ffff800023c105b0) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_READLINK(fffffd8077d9a520,ffff800023c10620,fffffd807f7d7340) at VOP_READLINK+0xb6 sys/kern/vfs_vops.c:460
namei(ffff800023c106c8) at namei+0x48a sys/kern/vfs_lookup.c:289
dolinkat(ffff8000ffff2008,ffffff9c,20000000,ffffff9c,20000100,4) at dolinkat+0xaf sys/kern/vfs_syscalls.c:1716
syscall(ffff800023c108d0) at syscall+0x438 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff800023c108d0) at syscall+0x438 sys/arch/amd64/amd64/trap.c:599
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa5b58781390, count: -18
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x18: addq $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825ad2fa) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff826222ff,ffffffff826437c3,3b9,ffffffff8258adf8) at __assert+0x25 sys/kern/subr_prf.c:157
uvn_get(fffffd806da3abf0,2a000,ffff8000284063e0,ffff800028406254,3,4,edc83c53bcb4e983,fffffd806da3abf0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff800028406460,ffff800028406498,ffff8000284063e0) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff800028406460,ffff800028406498,ffff8000284063e0,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd80687bd018,1c267e82000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000284065d0,1c267e82790) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
usertrap(ffff8000284065d0) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffd4b70, count: 5
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825ad2fa) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff826222ff,ffffffff826437c3,3b9,ffffffff8258adf8) at __assert+0x25 sys/kern/subr_prf.c:157
uvn_get(fffffd806da3abf0,2a000,ffff8000284063e0,ffff800028406254,3,4,edc83c53bcb4e983,fffffd806da3abf0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff800028406460,ffff800028406498,ffff8000284063e0) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff800028406460,ffff800028406498,ffff8000284063e0,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd80687bd018,1c267e82000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000284065d0,1c267e82790) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
usertrap(ffff8000284065d0) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffd4b70, count: -10
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 86a45bbd35a5 timeout.9: document new interfaces, miscellan..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11ae4086480000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=f8f7959db972d5d82c98
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/689e6c4278d7/disk-86a45bbd.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/dfa3b0a66e9f/bsd-86a45bbd.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0d0bc49238b5/kernel-86a45bbd.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f8f795...@syzkaller.appspotmail.com
panicpanic: kernel diagnostic assertion "((flags & PGO_LOCKED) != 0 && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_vnode.c", line 953
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*383370 21922 32767 0x10 0 1 syz-executor.1
116952 17121 32767 0x10 0x4000000 0 syz-executor.2
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825ad2fa) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff826222ff,ffffffff826437c3,3b9,ffffffff8258adf8) at __assert+0x25 sys/kern/subr_prf.c:157
uvn_get(fffffd806da3abf0,2a000,ffff8000284063e0,ffff800028406254,3,4,edc83c53bcb4e983,fffffd806da3abf0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff800028406460,ffff800028406498,ffff8000284063e0) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff800028406460,ffff800028406498,ffff8000284063e0,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd80687bd018,1c267e82000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000284065d0,1c267e82790) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
usertrap(ffff8000284065d0) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffd4b70, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu0: vop_generic_badop
cpu1: kernel diagnostic assertion "((flags & PGO_LOCKED) != 0 && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_vnode.c", line 953
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825ad2fa) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff826222ff,ffffffff826437c3,3b9,ffffffff8258adf8) at __assert+0x25 sys/kern/subr_prf.c:157
uvn_get(fffffd806da3abf0,2a000,ffff8000284063e0,ffff800028406254,3,4,edc83c53bcb4e983,fffffd806da3abf0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff800028406460,ffff800028406498,ffff8000284063e0) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff800028406460,ffff800028406498,ffff8000284063e0,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd80687bd018,1c267e82000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000284065d0,1c267e82790) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
usertrap(ffff8000284065d0) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffd4b70, count: -10
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800028406080
rbx 0xffff800020dd9b8f
rdx 0
rcx 0
rax 0xffff8000ffff37a8
r8 0x101010101010101
r9 0x8080808080808080
r10 0x99dd1c3cbff793d
r11 0x6eff20ac2e85fc80
r12 0xffff800020dd9990
r13 0
r14 0xffffffff829c6990 cpu_info_full_primary+0x2990
r15 0x1
rip 0xffffffff8218bc88 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800028406070
ss 0
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.1) pid=383370 stat=onproc
flags process=10<SUGID> proc=0
pri=83, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff2d28,0xffff800028458a90
process=0xffff800021299d60 user=0xffff800028401000, vmspace=0xfffffd80687bd018
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
43540 441019 56687 32767 2 0x10 syz-executor.4
*21922 383370 20353 32767 7 0x10 syz-executor.1
17121 78646 24352 32767 2 0x10 syz-executor.2
17121 116952 24352 32767 7 0x4000010 syz-executor.2
91183 507183 50522 32767 2 0x10 syz-executor.7
91183 30904 50522 32767 3 0x4000090 netio syz-executor.7
13105 288241 14775 32767 2 0x10 syz-executor.5
13105 408582 14775 32767 2 0x4000010 syz-executor.5
4834 314305 74361 32767 2 0x10 syz-executor.3
4834 477886 74361 32767 3 0x4000090 fsleep syz-executor.3
4834 457563 74361 32767 2 0x4000010 syz-executor.3
4834 233567 74361 32767 3 0x4000090 fsleep syz-executor.3
69023 211952 27390 32767 3 0x10 biowait syz-executor.0
27390 405825 85175 0 3 0x82 wait syz-executor.0
14775 273918 60916 32767 3 0x90 nanoslp syz-executor.5
60916 190151 85175 0 3 0x82 wait syz-executor.5
24352 393342 30422 32767 3 0x90 nanoslp syz-executor.2
30422 337150 85175 0 3 0x82 wait syz-executor.2
56687 13475 77728 32767 3 0x90 nanoslp syz-executor.4
77728 200362 85175 0 3 0x82 wait syz-executor.4
82523 218017 48531 32767 2 0x10 syz-executor.6
48531 31112 85175 0 3 0x82 wait syz-executor.6
57602 95565 0 0 3 0x14200 bored sosplice
20353 327078 74372 32767 3 0x90 nanoslp syz-executor.1
50522 70012 91982 32767 3 0x90 nanoslp syz-executor.7
91982 75729 85175 0 3 0x82 wait syz-executor.7
74361 67553 44893 32767 3 0x90 nanoslp syz-executor.3
44893 198646 85175 0 3 0x82 wait syz-executor.3
74372 167088 85175 0 3 0x82 wait syz-executor.1
85175 1041 27680 0 3 0x82 wait syz-fuzzer
85175 196450 27680 0 3 0x4000082 thrsleep syz-fuzzer
85175 376258 27680 0 2 0x4000002 syz-fuzzer
85175 43126 27680 0 3 0x4000082 wait syz-fuzzer
85175 139811 27680 0 3 0x4000082 thrsleep syz-fuzzer
85175 269419 27680 0 3 0x4000082 thrsleep syz-fuzzer
85175 180549 27680 0 3 0x4000082 thrsleep syz-fuzzer
85175 479634 27680 0 3 0x4000082 thrsleep syz-fuzzer
85175 280713 27680 0 3 0x4000082 thrsleep syz-fuzzer
85175 131081 27680 0 3 0x4000082 wait syz-fuzzer
85175 48845 27680 0 3 0x4000082 wait syz-fuzzer
85175 401692 27680 0 3 0x4000082 wait syz-fuzzer
85175 388962 27680 0 3 0x4000082 wait syz-fuzzer
85175 364777 27680 0 3 0x4000082 wait syz-fuzzer
85175 115973 27680 0 2 0x4000082 syz-fuzzer
85175 170645 27680 0 3 0x4000082 wait syz-fuzzer
27680 277614 29477 0 3 0x10008a sigsusp ksh
29477 74264 51284 0 3 0x9a kqread sshd
16998 129157 1 0 3 0x100083 ttyin getty
51284 82874 1 0 3 0x88 kqread sshd
90685 430048 62762 73 3 0x1100090 kqread syslogd
62762 397813 1 0 3 0x100082 netio syslogd
64046 219827 1 0 3 0x100080 kqread resolvd
13069 175202 81958 77 3 0x100092 kqread dhcpleased
935 360940 81958 77 3 0x100092 kqread dhcpleased
81958 235351 1 0 3 0x80 kqread dhcpleased
68156 240279 0 0 3 0x14200 bored smr
68257 435128 0 0 2 0x14200 zerothread
15784 15969 0 0 3 0x14200 aiodoned aiodoned
28508 308576 0 0 3 0x14200 syncer update
67201 292390 0 0 3 0x14200 cleaner cleaner
83746 448204 0 0 3 0x14200 reaper reaper
86923 346072 0 0 3 0x14200 pgdaemon pagedaemon
3172 98926 0 0 3 0x14200 bored viomb
85949 254516 0 0 3 0x40014200 acpi0 acpi0
21969 72833 0 0 3 0x40014200 idle1
49371 391454 0 0 3 0x14200 bored softnet
84660 453875 0 0 3 0x14200 bored softnet
31836 466712 0 0 3 0x14200 bored softnet
11681 496590 0 0 3 0x14200 bored softnet
83086 53905 0 0 3 0x14200 bored systqmp
71505 67573 0 0 3 0x14200 bored systq
39729 222181 0 0 3 0x40014200 bored softclock
86776 136635 0 0 3 0x40014200 idle0
1 437323 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd8067e0dda0)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pmap_enter+0x1bf pmap_map_ptes sys/arch/amd64/amd64/pmap.c:420 [inline]
#3 pmap_enter+0x1bf sys/arch/amd64/amd64/pmap.c:2699
#4 uvm_fault_lower_lookup+0x2a7 sys/uvm/uvm_fault.c:1193
#5 uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
#6 uvm_fault+0x238
#7 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
#8 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
#9 recall_trap+0x8
Process 43540 (syz-executor.4) thread 0xffff800028458a80 (441019)
exclusive rwlock uobjlk r = 0 (0xfffffd806dee1a28)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 uvm_fault_lower_lookup+0x46 sys/uvm/uvm_fault.c:1127
#3 uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
#4 uvm_fault+0x238
#5 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
#6 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
#7 recall_trap+0x8
shared rwlock vmmaplk r = 0 (0xfffffd80687bd510)
#0 witness_lock+0x44d
#1 uvmfault_lookup+0xc9 sys/uvm/uvm_fault.c:1773
#2 uvm_fault_check+0x3a sys/uvm/uvm_fault.c:673
#3 uvm_fault+0xf2 sys/uvm/uvm_fault.c:601
#4 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
#5 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
#6 recall_trap+0x8
Process 17121 (syz-executor.2) thread 0xffff8000ffff2008 (116952)
exclusive rrwlock inode r = 0 (0xfffffd806e4933d8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vget+0x1fc sys/kern/vfs_subr.c:676
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1324
#8 ufs_lookup+0x122c sys/ufs/ufs/ufs_lookup.c:582
#9 VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x6e5 sys/kern/vfs_lookup.c:560
#11 namei+0x36a sys/kern/vfs_lookup.c:244
#12 dolinkat+0xaf sys/kern/vfs_syscalls.c:1716
#13 syscall+0x438 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#13 syscall+0x438 sys/arch/amd64/amd64/trap.c:599
#14 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82bb5c58)
#0 witness_lock+0x44d
#1 syscall+0x424 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#1 syscall+0x424 sys/arch/amd64/amd64/trap.c:599
#2 Xsyscall+0x128
Process 69023 (syz-executor.0) thread 0xffff8000ffff2fc8 (211952)
exclusive rrwlock inode r = 0 (0xfffffd806e49ac50)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1353
#6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1150
#8 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:388
#9 domkdirat+0x121 sys/kern/vfs_syscalls.c:3112
#10 syscall+0x438 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#10 syscall+0x438 sys/arch/amd64/amd64/trap.c:599
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806e4931b8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:412
#6 namei+0x36a sys/kern/vfs_lookup.c:244
#7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3097
#8 syscall+0x438 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#8 syscall+0x438 sys/arch/amd64/amd64/trap.c:599
#9 Xsyscall+0x128
Process 82523 (syz-executor.6) thread 0xffff800028458000 (218017)
exclusive rrwlock inode r = 0 (0xfffffd806e493708)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1353
#6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1150
#8 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:388
#9 domkdirat+0x121 sys/kern/vfs_syscalls.c:3112
#10 syscall+0x438 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#10 syscall+0x438 sys/arch/amd64/amd64/trap.c:599
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8067acac58)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:412
#6 namei+0x36a sys/kern/vfs_lookup.c:244
#7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3097
#8 syscall+0x438 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#8 syscall+0x438 sys/arch/amd64/amd64/trap.c:599
#9 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10232 6414K 6420K 78643K 11351 0
pcb 13 12K 14K 78643K 17 0
rtable 248 7K 7K 78643K 1112 0
ifaddr 71 16K 16K 78643K 129 0
sysctl 2 0K 0K 78643K 2 0
counters 60 35K 35K 78643K 78 0
ioctlops 0 0K 2K 78643K 103 0
iov 0 0K 28K 78643K 2410 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1272 80K 80K 78643K 3453 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 112 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 1K 78643K 707 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 24 89K 113K 78643K 9102 0
sigio 0 0K 0K 78643K 224 0
proc 56 78K 115K 78643K 1247 0
subproc 104 6K 6K 78643K 221 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 721 0
in_multi 99 6K 6K 78643K 306 0
ether_multi 1 0K 0K 78643K 29 0
mrt 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 301 1341K 1341K 78643K 301 0
exec 0 0K 1K 78643K 2676 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 408 95K 986K 78643K 67461 0
UVM aobj 131 4K 5K 78643K 137 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 319 0
NDP 11 0K 2K 78643K 54 0
temp 124 4694K 4758K 78643K 25708 0
kqueue 12 18K 26K 78643K 845 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 3715 0 3712 36 33 3 5 0 8 2
rtentry 112 224 0 107 4 0 4 4 0 8 0
unpcb 144 18723 0 18710 111 105 6 13 0 8 5
syncache 296 90 0 90 20 19 1 1 0 8 1
tcpqe 32 47 0 47 13 12 1 1 0 8 1
tcpcb 776 5253 0 5249 116 112 4 18 0 8 3
arp 120 37 0 19 1 0 1 1 0 8 0
ipq 40 41 0 41 4 4 0 1 0 8 0
ipqe 40 291 0 291 4 4 0 1 0 8 0
inpcb 368 9583 0 9574 126 119 7 19 0 8 6
ip6q 72 4 0 4 1 1 0 1 0 8 0
ip6af 40 12 0 12 1 1 0 1 0 8 0
nd6 48 64 0 33 1 0 1 1 0 8 0
kcovpl 48 17 0 9 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 914 0 434 32 2 30 31 0 8 0
art_table 32 915 0 434 4 0 4 4 0 8 0
art_node 16 223 0 116 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 705 0 695 1 0 1 1 0 8 0
shmpl 112 134 0 6 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 14149 0 12702 91 0 91 91 0 8 0
ffsino 272 14149 0 12702 97 0 97 97 0 8 0
nchpl 144 26684 0 25053 63 0 63 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 93430 0 93428 6 5 1 2 0 8 0
percpumem 16 51 0 9 1 0 1 1 0 8 0
kstatmem 264 40 0 18 2 0 2 2 0 8 0
scxspl 216 86015 0 86014 33 30 3 8 0 8 2
plimitpl 152 2587 0 2564 18 16 2 2 0 8 1
sigapl 424 9372 0 9319 7 0 7 7 0 8 0
futexpl 64 94974 0 94972 4 3 1 1 0 8 0
knotepl 120 696 0 0 11 1 10 11 0 8 0
kqueuepl 216 2767 0 2759 44 43 1 7 0 8 0
pipepl 320 2299 0 2271 60 52 8 9 0 8 5
fdescpl 496 9354 0 9319 7 2 5 6 0 8 0
filepl 152 79507 0 79272 137 122 15 25 0 8 5
lockfpl 104 1446 0 1444 1 0 1 1 0 8 0
lockfspl 48 397 0 395 1 0 1 1 0 8 0
sessionpl 144 32 0 16 1 0 1 1 0 8 0
pgrppl 48 275 0 259 1 0 1 1 0 8 0
ucredpl 104 12552 0 12534 1 0 1 1 0 8 0
zombiepl 144 9319 0 9319 1 0 1 1 0 8 1
processpl 1072 9372 0 9319 4 0 4 4 0 8 0
procpl 672 28336 0 28262 16 8 8 9 0 8 0
sosppl 168 154 0 154 16 15 1 1 0 8 1
sockpl 488 32345 0 32320 630 617 13 45 0 8 9
mcl64k 65536 33 0 0 4 1 3 3 0 8 0
mcl16k 16384 33 0 0 3 0 3 3 0 8 0
mcl12k 12288 25 0 0 2 0 2 2 0 8 0
mcl9k 9216 23 0 0 2 0 2 2 0 8 0
mcl8k 8192 25 0 0 4 1 3 3 0 8 0
mcl4k 4096 17 0 0 3 0 3 3 0 8 0
mcl2k2 2112 8 0 0 1 0 1 1 0 8 0
mcl2k 2048 327 0 0 31 6 25 31 0 8 0
mtagpl 96 3 0 0 1 0 1 1 0 8 0
mbufpl 256 4900 0 0 284 0 284 284 0 8 0
bufpl 288 19980 0 13652 453 0 453 453 0 8 0
anonpl 24 2060589 0 2046526 245 132 113 127 0 186 8
amapchunkpl 152 453843 0 453067 4489 4443 46 4421 0 158 13
amappl16 200 23965 0 23578 200 171 29 43 0 8 8
amappl15 192 9 0 9 1 1 0 1 0 8 0
amappl14 184 167 0 156 1 0 1 1 0 8 0
amappl13 176 11 0 10 1 0 1 1 0 8 0
amappl12 168 526 0 519 1 0 1 1 0 8 0
amappl11 160 54 0 43 1 0 1 1 0 8 0
amappl10 152 53 0 41 1 0 1 1 0 8 0
amappl9 144 1032 0 1032 5 4 1 1 0 8 1
amappl8 136 530 0 405 6 1 5 5 0 8 0
amappl7 128 205 0 181 2 1 1 2 0 8 0
amappl6 120 297 0 278 1 0 1 1 0 8 0
amappl5 112 309 0 302 1 0 1 1 0 8 0
amappl4 104 740 0 709 2 1 1 2 0 8 0
amappl3 96 29204 0 29144 2 0 2 2 0 8 0
amappl2 88 10169 0 10087 3 1 2 3 0 8 0
amappl1 80 217482 0 216719 22 4 18 22 0 8 0
amappl 88 66422 0 66197 7 1 6 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 136 0 6 3 0 3 3 0 8 0
uaddrrnd 24 9354 0 9319 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 9354 0 9319 1 0 1 1 0 8 0
vmmpekpl 168 83308 0 83239 4 0 4 4 0 8 0
vmmpepl 168 873971 0 871004 271 126 145 154 0 357 4
vmsppl 368 9353 0 9319 4 0 4 4 0 8 0
rwobjpl 56 245794 0 238150 127 15 112 115 0 8 1
pdppl 4096 18715 0 18638 324 243 81 89 0 8 4
pvpl 32 3937272 0 3916919 499 296 203 255 0 265 13
pmappl 248 9353 0 9319 4 1 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1469 0 379 32 0 32 32 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff829c5ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82bb5a50) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82bb5a50) at __mp_lock+0x122 sys/kern/kern_lock.c:147
intr_handler(ffff800023c10190,ffff80000006ba00) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f
Xspllower() at Xspllower+0x19
cnputc(63) at cnputc+0x4b sys/dev/cons.c:218
db_putchar(63) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x6ac sys/kern/subr_prf.c:724
db_printf(ffffffff8262765d) at db_printf+0x85 sys/kern/subr_prf.c:498
panic(ffffffff8259f89f) at panic+0xd7 sys/kern/subr_prf.c:216
vop_generic_badop(ffff800023c105b0) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_READLINK(fffffd8077d9a520,ffff800023c10620,fffffd807f7d7340) at VOP_READLINK+0xb6 sys/kern/vfs_vops.c:460
end trace frame: 0xffff800023c106b0, count: 0
ddb{0}> trace
x86_ipi_db(ffffffff829c5ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82bb5a50) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82bb5a50) at __mp_lock+0x122 sys/kern/kern_lock.c:147
intr_handler(ffff800023c10190,ffff80000006ba00) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f
Xspllower() at Xspllower+0x19
cnputc(63) at cnputc+0x4b sys/dev/cons.c:218
db_putchar(63) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x6ac sys/kern/subr_prf.c:724
db_printf(ffffffff8262765d) at db_printf+0x85 sys/kern/subr_prf.c:498
panic(ffffffff8259f89f) at panic+0xd7 sys/kern/subr_prf.c:216
vop_generic_badop(ffff800023c105b0) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_READLINK(fffffd8077d9a520,ffff800023c10620,fffffd807f7d7340) at VOP_READLINK+0xb6 sys/kern/vfs_vops.c:460
namei(ffff800023c106c8) at namei+0x48a sys/kern/vfs_lookup.c:289
dolinkat(ffff8000ffff2008,ffffff9c,20000000,ffffff9c,20000100,4) at dolinkat+0xaf sys/kern/vfs_syscalls.c:1716
syscall(ffff800023c108d0) at syscall+0x438 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff800023c108d0) at syscall+0x438 sys/arch/amd64/amd64/trap.c:599
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa5b58781390, count: -18
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x18: addq $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825ad2fa) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff826222ff,ffffffff826437c3,3b9,ffffffff8258adf8) at __assert+0x25 sys/kern/subr_prf.c:157
uvn_get(fffffd806da3abf0,2a000,ffff8000284063e0,ffff800028406254,3,4,edc83c53bcb4e983,fffffd806da3abf0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff800028406460,ffff800028406498,ffff8000284063e0) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff800028406460,ffff800028406498,ffff8000284063e0,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd80687bd018,1c267e82000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000284065d0,1c267e82790) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
usertrap(ffff8000284065d0) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffd4b70, count: 5
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825ad2fa) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff826222ff,ffffffff826437c3,3b9,ffffffff8258adf8) at __assert+0x25 sys/kern/subr_prf.c:157
uvn_get(fffffd806da3abf0,2a000,ffff8000284063e0,ffff800028406254,3,4,edc83c53bcb4e983,fffffd806da3abf0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff800028406460,ffff800028406498,ffff8000284063e0) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff800028406460,ffff800028406498,ffff8000284063e0,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd80687bd018,1c267e82000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000284065d0,1c267e82790) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
usertrap(ffff8000284065d0) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffd4b70, count: -10
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 11, 2023, 5:33:42 PM4/11/23
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages