protection_fault: witness_checkorder (2)
0 views
Skip to first unread message
syzbot
Jul 15, 2023, 10:50:51 AM7/15/23
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 5144f9456b75 Check if the OWN bit of Tx descriptor instead..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=17340fa2a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=e665b698e1914d3b36dc
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/5cd81d916361/disk-5144f945.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/254e466baed0/bsd-5144f945.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b71370adf5e0/kernel-5144f945.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e665b6...@syzkaller.appspotmail.com
login: kernel: protection fault trap, code=0
Stopped at witness_checkorder+0x1ec: movl 0x8(%r14),%ebx
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
the kernel did not panic
ddb{1}> trace
witness_checkorder(fffffd806d8dd030,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794
rw_enter(fffffd806d8dd020,1) at rw_enter+0xd5 sys/kern/kern_rwlock.c:249
rwsleep(fffffd806d8dd160,fffffd806d8dd020,118,ffffffff8280d317,0) at rwsleep+0xd6 sys/kern/kern_synch.c:303
sosend(fffffd806d8dd018,0,ffff800021255338,0,0,0) at sosend+0x76b sys/kern/uipc_socket.c:623
fifo_write(ffff800021255280) at fifo_write+0x80 sys/miscfs/fifofs/fifo_vnops.c:279
VOP_WRITE(fffffd8065581cb8,ffff800021255338,3,fffffd807f7d64e0) at VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
ktrwriteraw(ffff800021216db0,fffffd8065581cb8,fffffd807f7d64e0,ffff800021255408,ffff8000212553e0) at ktrwriteraw+0x16c sys/kern/kern_ktrace.c:664
ktrgenio(ffff800021216db0,f,0,ffff800000d6c220,10000) at ktrgenio+0x272 ktrwrite2 sys/kern/kern_ktrace.c:626 [inline]
ktrgenio(ffff800021216db0,f,0,ffff800000d6c220,10000) at ktrgenio+0x272 sys/kern/kern_ktrace.c:258
dofilereadv(ffff800021216db0,f,ffff800021255578,0,ffff800021255660) at dofilereadv+0x2e7 sys/kern/sys_generic.c:263
sys_read(ffff800021216db0,ffff800021255610,ffff800021255660) at sys_read+0x87 sys/kern/sys_generic.c:167
syscall(ffff8000212556e0) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff8000212556e0) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7078f5c0c920, count: -12
ddb{1}> show registers
rdi 0
rsi 0x20000 acpi_pdirpa+0xbe63
rbp 0xffff800021255000
rbx 0xe
rdx 0
rcx 0
rax 0xffff800020d58ff0
r8 0xffffffffffffffff
r9 0x1
r10 0x6d3abe544e7feeef
r11 0xa5c3bc718bd1c8dc
r12 0
r13 0xfffffd806d8dd030
r14 0xcccccccccccc0416
r15 0xffff800021216db0
rip 0xffffffff81d6d0cc witness_checkorder+0x1ec
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff800021254f50
ss 0x10
witness_checkorder+0x1ec: movl 0x8(%r14),%ebx
ddb{1}> show proc
PROC (syz-fuzzer) pid=224112 stat=onproc
flags process=2<EXEC> proc=1<INKTR>
pri=24, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff8000212162d0,0xffff800021216028
process=0xffff8000212210d0 user=0xffff800021250000, vmspace=0xfffffd806e3731e0
estcpu=1, cpticks=2, pctcpu=0.19
user=0, sys=0, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
21272 117049 2875 0 3 0x80 nanoslp syz-executor.1
21272 496868 2875 0 3 0x4000080 pipewr syz-executor.1
21272 344807 2875 0 3 0x4000080 fsleep syz-executor.1
55437 169917 1 0 3 0x100083 ttyin getty
1387 505594 82954 0 2 0x83 syz-executor.4
2165 523204 82954 0 3 0x82 piperd syz-executor.2
2875 98038 82954 0 3 0x82 nanoslp syz-executor.1
15660 244781 0 0 3 0x14200 acct acct
69336 341745 0 0 3 0x14280 nfsidl nfsio
70014 432571 0 0 3 0x14280 nfsidl nfsio
63098 409033 0 0 3 0x14280 nfsidl nfsio
57466 306622 0 0 3 0x14280 nfsidl nfsio
18786 95429 0 0 3 0x14280 nfsidl nfsio
36933 296659 0 0 3 0x14280 nfsidl nfsio
89556 322903 0 0 3 0x14280 nfsidl nfsio
7173 263314 0 0 3 0x14280 nfsidl nfsio
11412 430795 0 0 3 0x14280 nfsidl nfsio
20356 80669 0 0 3 0x14280 nfsidl nfsio
39466 320172 0 0 3 0x14280 nfsidl nfsio
88681 313141 0 0 3 0x14280 nfsidl nfsio
22859 226550 0 0 3 0x14280 nfsidl nfsio
42845 64678 0 0 3 0x14280 nfsidl nfsio
43168 379648 0 0 3 0x14280 nfsidl nfsio
70599 391610 0 0 3 0x14280 nfsidl nfsio
50356 467634 0 0 3 0x14280 nfsidl nfsio
99980 483577 0 0 3 0x14280 nfsidl nfsio
6540 381468 0 0 3 0x14280 nfsidl nfsio
36001 378663 0 0 3 0x14280 nfsidl nfsio
43542 366543 0 0 3 0x14200 bored sosplice
743 83536 82954 0 2 0x83 syz-executor.7
22468 37408 82954 0 2 0x83 syz-executor.6
77413 50856 82954 0 3 0x82 nanoslp syz-executor.5
81105 163289 82954 0 2 0x83 syz-executor.3
11665 130444 82954 0 3 0x82 nanoslp syz-executor.0
*82954 224112 48207 0 7 0x3 syz-fuzzer
82954 343649 48207 0 3 0x4000082 nanoslp syz-fuzzer
82954 364963 48207 0 3 0x4000082 wait syz-fuzzer
82954 317602 48207 0 3 0x4000082 thrsleep syz-fuzzer
82954 323511 48207 0 3 0x4000082 kqread syz-fuzzer
82954 128749 48207 0 3 0x4000082 wait syz-fuzzer
82954 205539 48207 0 3 0x4000082 thrsleep syz-fuzzer
82954 36666 48207 0 3 0x4000082 wait syz-fuzzer
82954 381113 48207 0 3 0x4000082 wait syz-fuzzer
82954 361401 48207 0 3 0x4000082 thrsleep syz-fuzzer
82954 89713 48207 0 3 0x4000082 wait syz-fuzzer
82954 495778 48207 0 3 0x4000082 thrsleep syz-fuzzer
82954 64861 48207 0 3 0x4000082 wait syz-fuzzer
82954 230548 48207 0 3 0x4000082 wait syz-fuzzer
82954 434587 48207 0 3 0x4000082 wait syz-fuzzer
82954 366248 48207 0 2 0x4000083 syz-fuzzer
48207 259314 63810 0 3 0x10008a sigsusp ksh
63810 321046 7062 0 2 0x93 sshd
7062 115004 1 0 3 0x88 kqread sshd
98788 449287 71929 74 3 0x1100092 bpf pflogd
71929 199773 1 0 3 0x80 netio pflogd
57885 139889 57539 73 3 0x1100090 kqread syslogd
57539 320277 1 0 3 0x100082 netio syslogd
60824 129772 1 0 3 0x100080 kqread resolvd
73648 199039 16491 77 3 0x100092 kqread dhcpleased
22881 86437 16491 77 3 0x100092 kqread dhcpleased
16491 12916 1 0 3 0x80 kqread dhcpleased
77664 279786 0 0 3 0x14200 bored smr
22149 419281 0 0 3 0x14200 pgzero zerothread
88913 187542 0 0 3 0x14200 aiodoned aiodoned
5047 244578 0 0 3 0x14200 syncer update
8455 363778 0 0 3 0x14200 cleaner cleaner
42797 258223 0 0 7 0x14200 reaper
24623 392695 0 0 3 0x14200 pgdaemon pagedaemon
64259 275600 0 0 3 0x14200 bored viomb
15566 456616 0 0 3 0x40014200 acpi0 acpi0
49829 417721 0 0 3 0x40014200 idle1
47035 320225 0 0 3 0x14200 bored softnet3
89325 146371 0 0 3 0x14200 bored softnet2
46328 204612 0 0 3 0x14200 bored softnet1
23390 451399 0 0 3 0x14200 bored softnet0
38766 390225 0 0 3 0x14200 bored systqmp
16032 200998 0 0 3 0x14200 bored systq
536 143392 0 0 3 0x40014200 bored softclock
67140 122749 0 0 3 0x40014200 idle0
1 413520 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 82954 (syz-fuzzer) thread 0xffff800021216db0 (224112)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82d05008)
#0 witness_lock+0x447
#1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
#2 mi_switch+0x3bb sys/kern/sched_bsd.c:405
#3 sleep_finish+0x184 sys/kern/kern_synch.c:411
#4 rwsleep+0xab sys/kern/kern_synch.c:300
#5 sosend+0x76b sys/kern/uipc_socket.c:623
#6 fifo_write+0x80 sys/miscfs/fifofs/fifo_vnops.c:279
#7 VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
#8 ktrwriteraw+0x16c sys/kern/kern_ktrace.c:664
#9 ktrgenio+0x272 ktrwrite2 sys/kern/kern_ktrace.c:626 [inline]
#9 ktrgenio+0x272 sys/kern/kern_ktrace.c:258
#10 dofilereadv+0x2e7 sys/kern/sys_generic.c:263
#11 sys_read+0x87 sys/kern/sys_generic.c:167
#12 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#12 syscall+0x606 sys/arch/amd64/amd64/trap.c:623
#13 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10206 6607K 7508K 78643K 24978 0
pcb 13 9K 10K 78643K 137 0
rtable 242 6K 7K 78643K 462 0
pf 32 9K 10K 78643K 81 0
ifaddr 45 15K 15K 78643K 77 0
ifgroup 55 2K 2K 78643K 105 0
sysctl 2 0K 0K 78643K 2 0
counters 60 35K 36K 78643K 98 0
ioctlops 0 0K 4K 78643K 1570 0
iov 0 0K 16K 78643K 253 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1491 93K 93K 78643K 4938 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 50 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 190 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 11 37K 85K 78643K 3238 0
sigio 0 0K 0K 78643K 68 0
proc 72 91K 128K 78643K 783 0
subproc 104 6K 7K 78643K 146 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 21 0
in_multi 99 7K 7K 78643K 143 0
ether_multi 1 0K 0K 78643K 3 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 133 599K 599K 78643K 133 0
exec 0 0K 1K 78643K 765 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 344 87K 91K 78643K 34007 0
UVM aobj 115 3K 3K 78643K 118 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 60 0
NDP 12 0K 2K 78643K 53 0
temp 88 5873K 5996K 78643K 48777 0
kqueue 12 18K 26K 78643K 277 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 56 0 53 1 0 1 1 0 8 0
rtentry 112 149 0 35 4 0 4 4 0 8 0
unpcb 144 1842 0 1827 28 22 6 6 0 8 5
syncache 296 7 0 7 2 2 0 1 0 8 0
tcpqe 32 254 0 254 2 2 0 1 0 8 0
tcpcb 808 376 0 372 16 15 1 7 0 8 0
arp 120 24 0 6 1 0 1 1 0 8 0
inpcb 368 1012 0 1003 35 34 1 7 0 8 0
nd6 136 38 0 10 1 0 1 1 0 8 0
pkpcb 40 73 0 73 3 2 1 1 0 8 1
kcovpl 48 11 0 3 1 0 1 1 0 8 0
ppxss 1256 13 0 13 2 2 0 1 0 8 0
pffrag 232 21 0 20 1 0 1 1 0 482 0
pffrnode 88 21 0 20 1 0 1 1 0 8 0
pffrent 40 54 0 53 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 110 0 89 1 0 1 1 0 8 0
pfstkey 128 110 0 89 2 1 1 2 0 8 0
pfstate 376 110 0 89 6 3 3 4 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 614 0 134 30 0 30 30 0 8 0
art_table 32 615 0 134 4 0 4 4 0 8 0
art_node 16 148 0 44 1 0 1 1 0 8 0
sysvmsgpl 40 2 0 0 1 0 1 1 0 8 0
semapl 112 188 0 178 1 0 1 1 0 8 0
shmpl 112 115 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 5745 0 4275 93 0 93 93 0 8 0
ffsino 272 5745 0 4275 99 0 99 99 0 8 0
nchpl 144 10772 0 10267 64 0 64 64 0 8 40
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 35976 0 35976 3 2 1 2 0 8 1
percpumem 16 62 0 19 1 0 1 1 0 8 0
kstatmem 264 62 0 38 2 0 2 2 0 8 0
scxspl 216 28164 0 28164 11 10 1 8 0 8 1
plimitpl 152 301 0 285 1 0 1 1 0 8 0
sigapl 424 3575 0 3510 9 1 8 8 0 8 0
futexpl 64 25021 0 25020 1 0 1 1 0 8 0
knotepl 120 274 0 0 8 0 8 8 0 8 0
kqueuepl 216 614 0 606 11 10 1 5 0 8 0
pipepl 320 671 0 643 23 20 3 8 0 8 0
fdescpl 496 3536 0 3512 5 0 5 5 0 8 0
filepl 152 20872 0 20631 61 46 15 18 0 8 5
lockfpl 104 5146 0 5143 16 15 1 4 0 8 0
lockfspl 48 2478 0 2475 5 4 1 2 0 8 0
sessionpl 144 28 0 11 1 0 1 1 0 8 0
pgrppl 48 372 0 355 1 0 1 1 0 8 0
ucredpl 104 2699 0 2684 1 0 1 1 0 8 0
zombiepl 144 3512 0 3510 1 0 1 1 0 8 0
processpl 1072 3575 0 3510 5 0 5 5 0 8 0
procpl 696 9109 0 9026 19 10 9 10 0 8 0
sosppl 168 25 0 25 5 5 0 1 0 8 0
sockpl 488 2987 0 2960 113 101 12 29 0 8 8
mcl64k 65536 19 0 0 3 1 2 3 0 8 0
mcl16k 16384 8 0 0 1 0 1 1 0 8 0
mcl12k 12288 17 0 0 2 0 2 2 0 8 0
mcl9k 9216 11 0 0 1 0 1 1 0 8 0
mcl8k 8192 17 0 0 3 0 3 3 0 8 0
mcl4k 4096 16 0 0 2 0 2 2 0 8 0
mcl2k2 2112 4 0 0 1 0 1 1 0 8 0
mcl2k 2048 348 0 0 42 2 40 42 0 8 0
mtagpl 96 1606 0 0 39 0 39 39 0 8 0
mbufpl 256 1859 0 0 112 0 112 112 0 8 0
bufpl 288 8023 0 1709 452 0 452 452 0 8 0
anonpl 24 488486 0 472744 142 43 99 99 0 186 3
amapchunkpl 152 107487 0 106710 57 21 36 38 0 158 0
amappl16 200 12311 0 11748 65 35 30 31 0 8 0
amappl15 192 86 0 86 1 1 0 1 0 8 0
amappl14 184 168 0 154 2 1 1 2 0 8 0
amappl13 176 30 0 28 1 0 1 1 0 8 0
amappl12 168 4263 0 4233 3 1 2 2 0 8 0
amappl11 160 57 0 43 1 0 1 1 0 8 0
amappl10 152 61 0 51 1 0 1 1 0 8 0
amappl9 144 217 0 216 2 1 1 2 0 8 0
amappl8 136 329 0 243 3 0 3 3 0 8 0
amappl7 128 82 0 66 1 0 1 1 0 8 0
amappl6 120 308 0 287 2 1 1 2 0 8 0
amappl5 112 216 0 206 1 0 1 1 0 8 0
amappl4 104 744 0 697 3 1 2 3 0 8 0
amappl3 96 21246 0 21173 4 1 3 3 0 8 0
amappl2 88 3886 0 3824 3 1 2 3 0 8 0
amappl1 80 21099 0 20555 23 10 13 23 0 8 0
amappl 88 33372 0 33163 8 2 6 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 117 0 3 3 0 3 3 0 8 0
uaddrrnd 24 3536 0 3511 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 3536 0 3511 1 0 1 1 0 8 0
vmmpekpl 168 30865 0 30798 4 0 4 4 0 8 0
vmmpepl 168 227047 0 224715 179 64 115 124 0 357 6
vmsppl 464 3535 0 3511 5 0 5 5 0 8 0
rwobjpl 56 68289 0 60591 118 8 110 110 0 8 1
pdppl 4096 7080 0 7022 310 240 70 80 0 8 12
pvpl 32 1167077 0 1145845 396 212 184 364 0 265 9
pmappl 248 3535 0 3511 3 0 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1210 0 298 27 0 27 27 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
ddb{0}> trace
x86_ipi_db(ffffffff82b62ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x25 kd_curproc sys/dev/kcov.c:577 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x25 sys/dev/kcov.c:148
__mp_lock(ffffffff82d04e00) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82d04e00) at __mp_lock+0x133 sys/kern/kern_lock.c:147
softintr_dispatch(0) at softintr_dispatch+0x52 sys/arch/amd64/amd64/softintr.c:88
Xsoftclock() at Xsoftclock+0x23
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc
reaper(ffff8000211ad5c8) at reaper+0x160 sys/kern/kern_exit.c:437
end trace frame: 0x0, count: -9
ddb{0}> machine ddbcpu 1
Stopped at witness_checkorder+0x1ec: movl 0x8(%r14),%ebx
ddb{1}> trace
witness_checkorder(fffffd806d8dd030,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794
rw_enter(fffffd806d8dd020,1) at rw_enter+0xd5 sys/kern/kern_rwlock.c:249
rwsleep(fffffd806d8dd160,fffffd806d8dd020,118,ffffffff8280d317,0) at rwsleep+0xd6 sys/kern/kern_synch.c:303
sosend(fffffd806d8dd018,0,ffff800021255338,0,0,0) at sosend+0x76b sys/kern/uipc_socket.c:623
fifo_write(ffff800021255280) at fifo_write+0x80 sys/miscfs/fifofs/fifo_vnops.c:279
VOP_WRITE(fffffd8065581cb8,ffff800021255338,3,fffffd807f7d64e0) at VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
ktrwriteraw(ffff800021216db0,fffffd8065581cb8,fffffd807f7d64e0,ffff800021255408,ffff8000212553e0) at ktrwriteraw+0x16c sys/kern/kern_ktrace.c:664
ktrgenio(ffff800021216db0,f,0,ffff800000d6c220,10000) at ktrgenio+0x272 ktrwrite2 sys/kern/kern_ktrace.c:626 [inline]
ktrgenio(ffff800021216db0,f,0,ffff800000d6c220,10000) at ktrgenio+0x272 sys/kern/kern_ktrace.c:258
dofilereadv(ffff800021216db0,f,ffff800021255578,0,ffff800021255660) at dofilereadv+0x2e7 sys/kern/sys_generic.c:263
sys_read(ffff800021216db0,ffff800021255610,ffff800021255660) at sys_read+0x87 sys/kern/sys_generic.c:167
syscall(ffff8000212556e0) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff8000212556e0) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7078f5c0c920, count: -12
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 5144f9456b75 Check if the OWN bit of Tx descriptor instead..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=17340fa2a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=e665b698e1914d3b36dc
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/5cd81d916361/disk-5144f945.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/254e466baed0/bsd-5144f945.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b71370adf5e0/kernel-5144f945.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e665b6...@syzkaller.appspotmail.com
login: kernel: protection fault trap, code=0
Stopped at witness_checkorder+0x1ec: movl 0x8(%r14),%ebx
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
the kernel did not panic
ddb{1}> trace
witness_checkorder(fffffd806d8dd030,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794
rw_enter(fffffd806d8dd020,1) at rw_enter+0xd5 sys/kern/kern_rwlock.c:249
rwsleep(fffffd806d8dd160,fffffd806d8dd020,118,ffffffff8280d317,0) at rwsleep+0xd6 sys/kern/kern_synch.c:303
sosend(fffffd806d8dd018,0,ffff800021255338,0,0,0) at sosend+0x76b sys/kern/uipc_socket.c:623
fifo_write(ffff800021255280) at fifo_write+0x80 sys/miscfs/fifofs/fifo_vnops.c:279
VOP_WRITE(fffffd8065581cb8,ffff800021255338,3,fffffd807f7d64e0) at VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
ktrwriteraw(ffff800021216db0,fffffd8065581cb8,fffffd807f7d64e0,ffff800021255408,ffff8000212553e0) at ktrwriteraw+0x16c sys/kern/kern_ktrace.c:664
ktrgenio(ffff800021216db0,f,0,ffff800000d6c220,10000) at ktrgenio+0x272 ktrwrite2 sys/kern/kern_ktrace.c:626 [inline]
ktrgenio(ffff800021216db0,f,0,ffff800000d6c220,10000) at ktrgenio+0x272 sys/kern/kern_ktrace.c:258
dofilereadv(ffff800021216db0,f,ffff800021255578,0,ffff800021255660) at dofilereadv+0x2e7 sys/kern/sys_generic.c:263
sys_read(ffff800021216db0,ffff800021255610,ffff800021255660) at sys_read+0x87 sys/kern/sys_generic.c:167
syscall(ffff8000212556e0) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff8000212556e0) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7078f5c0c920, count: -12
ddb{1}> show registers
rdi 0
rsi 0x20000 acpi_pdirpa+0xbe63
rbp 0xffff800021255000
rbx 0xe
rdx 0
rcx 0
rax 0xffff800020d58ff0
r8 0xffffffffffffffff
r9 0x1
r10 0x6d3abe544e7feeef
r11 0xa5c3bc718bd1c8dc
r12 0
r13 0xfffffd806d8dd030
r14 0xcccccccccccc0416
r15 0xffff800021216db0
rip 0xffffffff81d6d0cc witness_checkorder+0x1ec
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff800021254f50
ss 0x10
witness_checkorder+0x1ec: movl 0x8(%r14),%ebx
ddb{1}> show proc
PROC (syz-fuzzer) pid=224112 stat=onproc
flags process=2<EXEC> proc=1<INKTR>
pri=24, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff8000212162d0,0xffff800021216028
process=0xffff8000212210d0 user=0xffff800021250000, vmspace=0xfffffd806e3731e0
estcpu=1, cpticks=2, pctcpu=0.19
user=0, sys=0, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
21272 117049 2875 0 3 0x80 nanoslp syz-executor.1
21272 496868 2875 0 3 0x4000080 pipewr syz-executor.1
21272 344807 2875 0 3 0x4000080 fsleep syz-executor.1
55437 169917 1 0 3 0x100083 ttyin getty
1387 505594 82954 0 2 0x83 syz-executor.4
2165 523204 82954 0 3 0x82 piperd syz-executor.2
2875 98038 82954 0 3 0x82 nanoslp syz-executor.1
15660 244781 0 0 3 0x14200 acct acct
69336 341745 0 0 3 0x14280 nfsidl nfsio
70014 432571 0 0 3 0x14280 nfsidl nfsio
63098 409033 0 0 3 0x14280 nfsidl nfsio
57466 306622 0 0 3 0x14280 nfsidl nfsio
18786 95429 0 0 3 0x14280 nfsidl nfsio
36933 296659 0 0 3 0x14280 nfsidl nfsio
89556 322903 0 0 3 0x14280 nfsidl nfsio
7173 263314 0 0 3 0x14280 nfsidl nfsio
11412 430795 0 0 3 0x14280 nfsidl nfsio
20356 80669 0 0 3 0x14280 nfsidl nfsio
39466 320172 0 0 3 0x14280 nfsidl nfsio
88681 313141 0 0 3 0x14280 nfsidl nfsio
22859 226550 0 0 3 0x14280 nfsidl nfsio
42845 64678 0 0 3 0x14280 nfsidl nfsio
43168 379648 0 0 3 0x14280 nfsidl nfsio
70599 391610 0 0 3 0x14280 nfsidl nfsio
50356 467634 0 0 3 0x14280 nfsidl nfsio
99980 483577 0 0 3 0x14280 nfsidl nfsio
6540 381468 0 0 3 0x14280 nfsidl nfsio
36001 378663 0 0 3 0x14280 nfsidl nfsio
43542 366543 0 0 3 0x14200 bored sosplice
743 83536 82954 0 2 0x83 syz-executor.7
22468 37408 82954 0 2 0x83 syz-executor.6
77413 50856 82954 0 3 0x82 nanoslp syz-executor.5
81105 163289 82954 0 2 0x83 syz-executor.3
11665 130444 82954 0 3 0x82 nanoslp syz-executor.0
*82954 224112 48207 0 7 0x3 syz-fuzzer
82954 343649 48207 0 3 0x4000082 nanoslp syz-fuzzer
82954 364963 48207 0 3 0x4000082 wait syz-fuzzer
82954 317602 48207 0 3 0x4000082 thrsleep syz-fuzzer
82954 323511 48207 0 3 0x4000082 kqread syz-fuzzer
82954 128749 48207 0 3 0x4000082 wait syz-fuzzer
82954 205539 48207 0 3 0x4000082 thrsleep syz-fuzzer
82954 36666 48207 0 3 0x4000082 wait syz-fuzzer
82954 381113 48207 0 3 0x4000082 wait syz-fuzzer
82954 361401 48207 0 3 0x4000082 thrsleep syz-fuzzer
82954 89713 48207 0 3 0x4000082 wait syz-fuzzer
82954 495778 48207 0 3 0x4000082 thrsleep syz-fuzzer
82954 64861 48207 0 3 0x4000082 wait syz-fuzzer
82954 230548 48207 0 3 0x4000082 wait syz-fuzzer
82954 434587 48207 0 3 0x4000082 wait syz-fuzzer
82954 366248 48207 0 2 0x4000083 syz-fuzzer
48207 259314 63810 0 3 0x10008a sigsusp ksh
63810 321046 7062 0 2 0x93 sshd
7062 115004 1 0 3 0x88 kqread sshd
98788 449287 71929 74 3 0x1100092 bpf pflogd
71929 199773 1 0 3 0x80 netio pflogd
57885 139889 57539 73 3 0x1100090 kqread syslogd
57539 320277 1 0 3 0x100082 netio syslogd
60824 129772 1 0 3 0x100080 kqread resolvd
73648 199039 16491 77 3 0x100092 kqread dhcpleased
22881 86437 16491 77 3 0x100092 kqread dhcpleased
16491 12916 1 0 3 0x80 kqread dhcpleased
77664 279786 0 0 3 0x14200 bored smr
22149 419281 0 0 3 0x14200 pgzero zerothread
88913 187542 0 0 3 0x14200 aiodoned aiodoned
5047 244578 0 0 3 0x14200 syncer update
8455 363778 0 0 3 0x14200 cleaner cleaner
42797 258223 0 0 7 0x14200 reaper
24623 392695 0 0 3 0x14200 pgdaemon pagedaemon
64259 275600 0 0 3 0x14200 bored viomb
15566 456616 0 0 3 0x40014200 acpi0 acpi0
49829 417721 0 0 3 0x40014200 idle1
47035 320225 0 0 3 0x14200 bored softnet3
89325 146371 0 0 3 0x14200 bored softnet2
46328 204612 0 0 3 0x14200 bored softnet1
23390 451399 0 0 3 0x14200 bored softnet0
38766 390225 0 0 3 0x14200 bored systqmp
16032 200998 0 0 3 0x14200 bored systq
536 143392 0 0 3 0x40014200 bored softclock
67140 122749 0 0 3 0x40014200 idle0
1 413520 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 82954 (syz-fuzzer) thread 0xffff800021216db0 (224112)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82d05008)
#0 witness_lock+0x447
#1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
#2 mi_switch+0x3bb sys/kern/sched_bsd.c:405
#3 sleep_finish+0x184 sys/kern/kern_synch.c:411
#4 rwsleep+0xab sys/kern/kern_synch.c:300
#5 sosend+0x76b sys/kern/uipc_socket.c:623
#6 fifo_write+0x80 sys/miscfs/fifofs/fifo_vnops.c:279
#7 VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
#8 ktrwriteraw+0x16c sys/kern/kern_ktrace.c:664
#9 ktrgenio+0x272 ktrwrite2 sys/kern/kern_ktrace.c:626 [inline]
#9 ktrgenio+0x272 sys/kern/kern_ktrace.c:258
#10 dofilereadv+0x2e7 sys/kern/sys_generic.c:263
#11 sys_read+0x87 sys/kern/sys_generic.c:167
#12 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#12 syscall+0x606 sys/arch/amd64/amd64/trap.c:623
#13 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10206 6607K 7508K 78643K 24978 0
pcb 13 9K 10K 78643K 137 0
rtable 242 6K 7K 78643K 462 0
pf 32 9K 10K 78643K 81 0
ifaddr 45 15K 15K 78643K 77 0
ifgroup 55 2K 2K 78643K 105 0
sysctl 2 0K 0K 78643K 2 0
counters 60 35K 36K 78643K 98 0
ioctlops 0 0K 4K 78643K 1570 0
iov 0 0K 16K 78643K 253 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1491 93K 93K 78643K 4938 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 50 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 190 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 11 37K 85K 78643K 3238 0
sigio 0 0K 0K 78643K 68 0
proc 72 91K 128K 78643K 783 0
subproc 104 6K 7K 78643K 146 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 21 0
in_multi 99 7K 7K 78643K 143 0
ether_multi 1 0K 0K 78643K 3 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 133 599K 599K 78643K 133 0
exec 0 0K 1K 78643K 765 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 344 87K 91K 78643K 34007 0
UVM aobj 115 3K 3K 78643K 118 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 60 0
NDP 12 0K 2K 78643K 53 0
temp 88 5873K 5996K 78643K 48777 0
kqueue 12 18K 26K 78643K 277 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 56 0 53 1 0 1 1 0 8 0
rtentry 112 149 0 35 4 0 4 4 0 8 0
unpcb 144 1842 0 1827 28 22 6 6 0 8 5
syncache 296 7 0 7 2 2 0 1 0 8 0
tcpqe 32 254 0 254 2 2 0 1 0 8 0
tcpcb 808 376 0 372 16 15 1 7 0 8 0
arp 120 24 0 6 1 0 1 1 0 8 0
inpcb 368 1012 0 1003 35 34 1 7 0 8 0
nd6 136 38 0 10 1 0 1 1 0 8 0
pkpcb 40 73 0 73 3 2 1 1 0 8 1
kcovpl 48 11 0 3 1 0 1 1 0 8 0
ppxss 1256 13 0 13 2 2 0 1 0 8 0
pffrag 232 21 0 20 1 0 1 1 0 482 0
pffrnode 88 21 0 20 1 0 1 1 0 8 0
pffrent 40 54 0 53 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 110 0 89 1 0 1 1 0 8 0
pfstkey 128 110 0 89 2 1 1 2 0 8 0
pfstate 376 110 0 89 6 3 3 4 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 614 0 134 30 0 30 30 0 8 0
art_table 32 615 0 134 4 0 4 4 0 8 0
art_node 16 148 0 44 1 0 1 1 0 8 0
sysvmsgpl 40 2 0 0 1 0 1 1 0 8 0
semapl 112 188 0 178 1 0 1 1 0 8 0
shmpl 112 115 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 5745 0 4275 93 0 93 93 0 8 0
ffsino 272 5745 0 4275 99 0 99 99 0 8 0
nchpl 144 10772 0 10267 64 0 64 64 0 8 40
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 35976 0 35976 3 2 1 2 0 8 1
percpumem 16 62 0 19 1 0 1 1 0 8 0
kstatmem 264 62 0 38 2 0 2 2 0 8 0
scxspl 216 28164 0 28164 11 10 1 8 0 8 1
plimitpl 152 301 0 285 1 0 1 1 0 8 0
sigapl 424 3575 0 3510 9 1 8 8 0 8 0
futexpl 64 25021 0 25020 1 0 1 1 0 8 0
knotepl 120 274 0 0 8 0 8 8 0 8 0
kqueuepl 216 614 0 606 11 10 1 5 0 8 0
pipepl 320 671 0 643 23 20 3 8 0 8 0
fdescpl 496 3536 0 3512 5 0 5 5 0 8 0
filepl 152 20872 0 20631 61 46 15 18 0 8 5
lockfpl 104 5146 0 5143 16 15 1 4 0 8 0
lockfspl 48 2478 0 2475 5 4 1 2 0 8 0
sessionpl 144 28 0 11 1 0 1 1 0 8 0
pgrppl 48 372 0 355 1 0 1 1 0 8 0
ucredpl 104 2699 0 2684 1 0 1 1 0 8 0
zombiepl 144 3512 0 3510 1 0 1 1 0 8 0
processpl 1072 3575 0 3510 5 0 5 5 0 8 0
procpl 696 9109 0 9026 19 10 9 10 0 8 0
sosppl 168 25 0 25 5 5 0 1 0 8 0
sockpl 488 2987 0 2960 113 101 12 29 0 8 8
mcl64k 65536 19 0 0 3 1 2 3 0 8 0
mcl16k 16384 8 0 0 1 0 1 1 0 8 0
mcl12k 12288 17 0 0 2 0 2 2 0 8 0
mcl9k 9216 11 0 0 1 0 1 1 0 8 0
mcl8k 8192 17 0 0 3 0 3 3 0 8 0
mcl4k 4096 16 0 0 2 0 2 2 0 8 0
mcl2k2 2112 4 0 0 1 0 1 1 0 8 0
mcl2k 2048 348 0 0 42 2 40 42 0 8 0
mtagpl 96 1606 0 0 39 0 39 39 0 8 0
mbufpl 256 1859 0 0 112 0 112 112 0 8 0
bufpl 288 8023 0 1709 452 0 452 452 0 8 0
anonpl 24 488486 0 472744 142 43 99 99 0 186 3
amapchunkpl 152 107487 0 106710 57 21 36 38 0 158 0
amappl16 200 12311 0 11748 65 35 30 31 0 8 0
amappl15 192 86 0 86 1 1 0 1 0 8 0
amappl14 184 168 0 154 2 1 1 2 0 8 0
amappl13 176 30 0 28 1 0 1 1 0 8 0
amappl12 168 4263 0 4233 3 1 2 2 0 8 0
amappl11 160 57 0 43 1 0 1 1 0 8 0
amappl10 152 61 0 51 1 0 1 1 0 8 0
amappl9 144 217 0 216 2 1 1 2 0 8 0
amappl8 136 329 0 243 3 0 3 3 0 8 0
amappl7 128 82 0 66 1 0 1 1 0 8 0
amappl6 120 308 0 287 2 1 1 2 0 8 0
amappl5 112 216 0 206 1 0 1 1 0 8 0
amappl4 104 744 0 697 3 1 2 3 0 8 0
amappl3 96 21246 0 21173 4 1 3 3 0 8 0
amappl2 88 3886 0 3824 3 1 2 3 0 8 0
amappl1 80 21099 0 20555 23 10 13 23 0 8 0
amappl 88 33372 0 33163 8 2 6 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 117 0 3 3 0 3 3 0 8 0
uaddrrnd 24 3536 0 3511 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 3536 0 3511 1 0 1 1 0 8 0
vmmpekpl 168 30865 0 30798 4 0 4 4 0 8 0
vmmpepl 168 227047 0 224715 179 64 115 124 0 357 6
vmsppl 464 3535 0 3511 5 0 5 5 0 8 0
rwobjpl 56 68289 0 60591 118 8 110 110 0 8 1
pdppl 4096 7080 0 7022 310 240 70 80 0 8 12
pvpl 32 1167077 0 1145845 396 212 184 364 0 265 9
pmappl 248 3535 0 3511 3 0 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1210 0 298 27 0 27 27 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
ddb{0}> trace
x86_ipi_db(ffffffff82b62ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x25 kd_curproc sys/dev/kcov.c:577 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x25 sys/dev/kcov.c:148
__mp_lock(ffffffff82d04e00) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82d04e00) at __mp_lock+0x133 sys/kern/kern_lock.c:147
softintr_dispatch(0) at softintr_dispatch+0x52 sys/arch/amd64/amd64/softintr.c:88
Xsoftclock() at Xsoftclock+0x23
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc
reaper(ffff8000211ad5c8) at reaper+0x160 sys/kern/kern_exit.c:437
end trace frame: 0x0, count: -9
ddb{0}> machine ddbcpu 1
Stopped at witness_checkorder+0x1ec: movl 0x8(%r14),%ebx
ddb{1}> trace
witness_checkorder(fffffd806d8dd030,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794
rw_enter(fffffd806d8dd020,1) at rw_enter+0xd5 sys/kern/kern_rwlock.c:249
rwsleep(fffffd806d8dd160,fffffd806d8dd020,118,ffffffff8280d317,0) at rwsleep+0xd6 sys/kern/kern_synch.c:303
sosend(fffffd806d8dd018,0,ffff800021255338,0,0,0) at sosend+0x76b sys/kern/uipc_socket.c:623
fifo_write(ffff800021255280) at fifo_write+0x80 sys/miscfs/fifofs/fifo_vnops.c:279
VOP_WRITE(fffffd8065581cb8,ffff800021255338,3,fffffd807f7d64e0) at VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
ktrwriteraw(ffff800021216db0,fffffd8065581cb8,fffffd807f7d64e0,ffff800021255408,ffff8000212553e0) at ktrwriteraw+0x16c sys/kern/kern_ktrace.c:664
ktrgenio(ffff800021216db0,f,0,ffff800000d6c220,10000) at ktrgenio+0x272 ktrwrite2 sys/kern/kern_ktrace.c:626 [inline]
ktrgenio(ffff800021216db0,f,0,ffff800000d6c220,10000) at ktrgenio+0x272 sys/kern/kern_ktrace.c:258
dofilereadv(ffff800021216db0,f,ffff800021255578,0,ffff800021255660) at dofilereadv+0x2e7 sys/kern/sys_generic.c:263
sys_read(ffff800021216db0,ffff800021255610,ffff800021255660) at sys_read+0x87 sys/kern/sys_generic.c:167
syscall(ffff8000212556e0) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff8000212556e0) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7078f5c0c920, count: -12
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Sep 5, 2023, 10:23:19 AM9/5/23
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: b3774972aa78 Address the case 2b version of inconsistent v..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=152c2808680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17bb6748680000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/754057e3bae1/disk-b3774972.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/f82f961f15cf/bsd-b3774972.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/76d45f18b991/kernel-b3774972.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e665b6...@syzkaller.appspotmail.com
witness_checkorder(fffffd806f1e70e8,9,0) at witness_checkorder+0x4f5 sys/kern/subr_witness.c:890
mtx_enter(fffffd806f1e70d8) at mtx_enter+0x3e sys/kern/kern_lock.c:265
knote_remove(ffff80002121b808,fffffd806f1e70d8,fffffd806f1e7160,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881
knote_fdclose(ffff80002121b808,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934
fdfree(ffff80002121b808) at fdfree+0xdf sys/kern/kern_descrip.c:1196
exit1(ffff80002121b808,0,0,1) at exit1+0x3ff sys/kern/kern_exit.c:206
sys_exit(ffff80002121b808,ffff80002129f3a0,ffff80002129f3f0) at sys_exit+0x1a sys/kern/kern_exit.c:89
syscall(ffff80002129f470) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002129f470) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
ddb{1}> show registers
rdi 0xffffffff
rsi 0xffffffff
rbp 0xffff80002129f140
rbx 0xffffffff
rdx 0
rcx 0xc
rax 0xfffffd80031ee000
r8 0x2
r9 0x1
r10 0x42bf657dd6aebbe7
r11 0xe4966b3826293d15
r12 0xfffffd80031c6300
r13 0xfffffd806f1e70e8
r14 0xdeaf4152deaf4152
r15 0xfffffd80039b5a40
rip 0xffffffff811d0715 witness_checkorder+0x4f5
cs 0x8
rflags 0x10212 __ALIGN_SIZE+0xf212
rsp 0xffff80002129f090
ss 0x10
witness_checkorder+0x4f5: movl 0x10(%r14),%ecx
ddb{1}> show proc
PROC (syz-executor1650604283) pid=360464 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
pri=0, usrpri=73, nice=20
forw=0xffffffffffffffff, list=0xffff80002121bab0,0xffff80002121a580
process=0xffff8000212c4878 user=0xffff80002129a000, vmspace=0xfffffd8076e421f0
estcpu=36, cpticks=2, pctcpu=0.0
93475 185472 91014 0 2 0 syz-executor1650604283
81148 234162 41998 0 2 0 syz-executor1650604283
81148 498550 41998 0 3 0x4000080 fsleep syz-executor1650604283
87111 162488 27939 0 2 0 syz-executor1650604283
87111 493558 27939 0 3 0x4000080 fsleep syz-executor1650604283
97657 96688 21583 0 2 0 syz-executor1650604283
97657 409667 21583 0 2 0x4000080 syz-executor1650604283
21583 312827 32991 0 3 0x80 nanoslp syz-executor1650604283
99272 454519 32991 0 3 0x80 nanoslp syz-executor1650604283
93191 24146 32991 0 3 0x80 nanoslp syz-executor1650604283
41998 522296 32991 0 3 0x80 nanoslp syz-executor1650604283
91014 210610 32991 0 3 0x80 nanoslp syz-executor1650604283
3622 482383 32991 0 2 0 syz-executor1650604283
44527 48561 32991 0 3 0x80 nanoslp syz-executor1650604283
27939 153703 32991 0 3 0x80 nanoslp syz-executor1650604283
32991 417522 46426 0 3 0x82 nanoslp syz-executor1650604283
46426 9866 1233 0 3 0x10008a sigsusp ksh
1233 359181 41282 0 3 0x9a kqread sshd
49979 339909 1 0 3 0x100083 ttyin getty
41282 176384 1 0 3 0x88 kqread sshd
83588 56429 91941 73 3 0x1100090 kqread syslogd
91941 146095 1 0 3 0x100082 netio syslogd
7390 282487 1 0 3 0x100080 kqread resolvd
15423 26662 97901 77 3 0x100092 kqread dhcpleased
19141 260323 97901 77 3 0x100092 kqread dhcpleased
97901 415848 1 0 3 0x80 kqread dhcpleased
83923 376695 0 0 3 0x14200 bored smr
45862 364944 0 0 2 0x14200 zerothread
95722 440340 0 0 3 0x14200 aiodoned aiodoned
27023 161623 0 0 3 0x14200 syncer update
69192 256780 0 0 3 0x14200 cleaner cleaner
62713 351212 0 0 7 0x14200 reaper
64560 427512 0 0 3 0x14200 pgdaemon pagedaemon
55563 455176 0 0 3 0x14200 bored viomb
43132 416628 0 0 3 0x40014200 acpi0 acpi0
84841 211804 0 0 3 0x40014200 idle1
38460 321221 0 0 3 0x14200 bored softnet3
25395 224808 0 0 3 0x14200 bored softnet2
5575 269163 0 0 3 0x14200 bored softnet1
59381 491031 0 0 3 0x14200 bored softnet0
89675 168789 0 0 3 0x14200 bored systqmp
64679 102099 0 0 3 0x14200 bored systq
29466 306228 0 0 3 0x40014200 bored softclock
99385 189844 0 0 3 0x40014200 idle0
1 50847 0 0 3 0x82 wait init
pcb 13 8K 8K 78643K 13 0
rtable 58 1K 2K 78643K 110 0
pf 12 6K 6K 78643K 12 0
ifaddr 12 9K 9K 78643K 12 0
ifgroup 17 1K 1K 78643K 17 0
counters 44 33K 33K 78643K 44 0
ioctlops 0 0K 2K 78643K 21 0
proc 55 78K 79K 78643K 246 0
ether_multi 1 0K 0K 78643K 1 0
exec 0 0K 1K 78643K 243 0
UVM aobj 3 2K 2K 78643K 3 0
temp 1 5904K 5968K 78643K 3800 0
kqueue 11 16K 26K 78643K 994 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 144 33 0 20 1 0 1 1 0 8 0
syncache 304 5 0 5 1 0 1 1 0 8 1
tcpqe 32 227 0 227 1 1 0 1 0 8 0
tcpcb 808 978 0 974 2 0 2 2 0 8 1
arp 120 2 0 0 1 0 1 1 0 8 0
inpcb 368 996 0 989 2 0 2 2 0 8 1
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
ffsino 272 1885 0 500 93 0 93 93 0 8 0
nchpl 144 2069 0 510 58 0 58 58 0 8 0
uvmvnodes 80 1894 0 0 39 0 39 39 0 8 0
vnodes 216 1894 0 0 106 0 106 106 0 8 0
namei 1024 12028 0 12028 1 0 1 1 0 8 1
percpumem 16 35 0 0 1 0 1 1 0 8 0
kstatmem 264 6 0 0 1 0 1 1 0 8 0
scxspl 216 4805 0 4805 3 2 1 2 1 8 1
plimitpl 152 16 0 10 1 0 1 1 0 8 0
sigapl 424 1292 0 1246 6 0 6 6 0 8 0
futexpl 64 3249 0 3247 1 0 1 1 0 8 0
knotepl 120 55 0 0 2 0 2 2 0 8 0
kqueuepl 216 990 0 983 1 0 1 1 0 8 0
pipepl 320 87 0 84 1 0 1 1 0 8 0
fdescpl 496 1275 0 1248 5 1 4 4 0 8 0
filepl 152 7925 0 7862 4 0 4 4 0 8 1
lockfpl 104 6 0 4 1 0 1 1 0 8 0
lockfspl 48 4 0 2 1 0 1 1 0 8 0
sessionpl 144 17 0 9 1 0 1 1 0 8 0
pgrppl 48 17 0 9 1 0 1 1 0 8 0
ucredpl 104 5895 0 5885 1 0 1 1 0 8 0
zombiepl 144 1249 0 1246 1 0 1 1 0 8 0
processpl 1072 1292 0 1246 4 0 4 4 0 8 0
procpl 680 2294 0 2244 5 0 5 5 0 8 0
sockpl 488 1049 0 1026 4 0 4 4 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 5 0 0 1 0 1 1 0 8 0
mcl2k 2048 252 0 0 32 0 32 32 0 8 0
mtagpl 96 3 0 0 1 0 1 1 0 8 0
mbufpl 256 260 0 0 17 0 17 17 0 8 0
bufpl 288 2512 0 88 174 0 174 174 0 8 0
anonpl 24 211839 0 209837 25 10 15 23 0 186 2
amapchunkpl 152 25646 0 25431 12 0 12 12 0 158 0
amappl16 200 5747 0 5746 5 4 1 5 0 8 0
amappl15 192 15 0 15 1 1 0 1 0 8 0
amappl14 184 111 0 102 1 0 1 1 0 8 0
amappl13 176 10 0 10 1 1 0 1 0 8 0
amappl12 168 1830 0 1814 2 1 1 2 0 8 0
amappl11 160 87 0 77 1 0 1 1 0 8 0
amappl10 152 17 0 17 1 1 0 1 0 8 0
amappl9 144 172 0 172 1 1 0 1 0 8 0
amappl8 136 33 0 31 1 0 1 1 0 8 0
amappl7 128 1036 0 1021 1 0 1 1 0 8 0
amappl6 120 157 0 144 1 0 1 1 0 8 0
amappl5 112 107 0 97 1 0 1 1 0 8 0
amappl4 104 417 0 387 1 0 1 1 0 8 0
amappl3 96 6915 0 6868 2 0 2 2 0 8 0
amappl2 88 461 0 419 2 0 2 2 0 8 0
amappl1 80 13936 0 13475 11 0 11 11 0 8 0
amappl 88 7608 0 7527 3 0 3 3 0 92 0
uaddrrnd 24 1275 0 1248 1 0 1 1 0 8 0
vmmpekpl 168 11540 0 11516 2 0 2 2 0 8 0
vmmpepl 168 68643 0 67442 59 1 58 58 0 357 0
vmsppl 464 1274 0 1248 5 1 4 4 0 8 0
rwobjpl 56 30955 0 28394 39 2 37 37 0 8 0
pdppl 4096 2558 0 2496 82 16 66 66 0 8 4
pvpl 32 355494 0 350731 52 8 44 52 0 265 3
pmappl 248 1274 0 1248 3 1 2 2 0 8 0
__mp_lock(ffffffff82d8cde8) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82d8cde8) at __mp_lock+0x122 sys/kern/kern_lock.c:147
reaper(ffff8000211b2d50) at reaper+0x160 sys/kern/kern_exit.c:452
end trace frame: 0x0, count: -5
ddb{1}> trace
witness_checkorder(fffffd806f1e70e8,9,0) at witness_checkorder+0x4f5 witness_lock_order_check sys/kern/subr_witness.c:2442 [inline]
witness_checkorder(fffffd806f1e70e8,9,0) at witness_checkorder+0x4f5 sys/kern/subr_witness.c:890
mtx_enter(fffffd806f1e70d8) at mtx_enter+0x3e sys/kern/kern_lock.c:265
knote_remove(ffff80002121b808,fffffd806f1e70d8,fffffd806f1e7160,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881
knote_fdclose(ffff80002121b808,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934
fdfree(ffff80002121b808) at fdfree+0xdf sys/kern/kern_descrip.c:1196
exit1(ffff80002121b808,0,0,1) at exit1+0x3ff sys/kern/kern_exit.c:206
sys_exit(ffff80002121b808,ffff80002129f3a0,ffff80002129f3f0) at sys_exit+0x1a sys/kern/kern_exit.c:89
syscall(ffff80002129f470) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002129f470) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: b3774972aa78 Address the case 2b version of inconsistent v..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=152c2808680000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=e665b698e1914d3b36dc
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=115ed1b8680000
dashboard link: https://syzkaller.appspot.com/bug?extid=e665b698e1914d3b36dc
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17bb6748680000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/754057e3bae1/disk-b3774972.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/f82f961f15cf/bsd-b3774972.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/76d45f18b991/kernel-b3774972.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e665b6...@syzkaller.appspotmail.com
kernel: protection fault trap, code=0
Stopped at witness_checkorder+0x4f5: movl 0x10(%r14),%ecx
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
the kernel did not panic
ddb{1}> trace
witness_checkorder(fffffd806f1e70e8,9,0) at witness_checkorder+0x4f5 witness_lock_order_check sys/kern/subr_witness.c:2442 [inline]
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
the kernel did not panic
ddb{1}> trace
witness_checkorder(fffffd806f1e70e8,9,0) at witness_checkorder+0x4f5 sys/kern/subr_witness.c:890
mtx_enter(fffffd806f1e70d8) at mtx_enter+0x3e sys/kern/kern_lock.c:265
knote_remove(ffff80002121b808,fffffd806f1e70d8,fffffd806f1e7160,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881
knote_fdclose(ffff80002121b808,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934
fdfree(ffff80002121b808) at fdfree+0xdf sys/kern/kern_descrip.c:1196
exit1(ffff80002121b808,0,0,1) at exit1+0x3ff sys/kern/kern_exit.c:206
sys_exit(ffff80002121b808,ffff80002129f3a0,ffff80002129f3f0) at sys_exit+0x1a sys/kern/kern_exit.c:89
syscall(ffff80002129f470) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002129f470) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7db9d75213e0, count: -9
end of kernel
ddb{1}> show registers
rdi 0xffffffff
rsi 0xffffffff
rbp 0xffff80002129f140
rbx 0xffffffff
rdx 0
rcx 0xc
rax 0xfffffd80031ee000
r8 0x2
r9 0x1
r10 0x42bf657dd6aebbe7
r11 0xe4966b3826293d15
r12 0xfffffd80031c6300
r13 0xfffffd806f1e70e8
r14 0xdeaf4152deaf4152
r15 0xfffffd80039b5a40
rip 0xffffffff811d0715 witness_checkorder+0x4f5
cs 0x8
rflags 0x10212 __ALIGN_SIZE+0xf212
rsp 0xffff80002129f090
ss 0x10
witness_checkorder+0x4f5: movl 0x10(%r14),%ecx
ddb{1}> show proc
PROC (syz-executor1650604283) pid=360464 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
pri=0, usrpri=73, nice=20
forw=0xffffffffffffffff, list=0xffff80002121bab0,0xffff80002121a580
process=0xffff8000212c4878 user=0xffff80002129a000, vmspace=0xfffffd8076e421f0
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=0, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
45258 97594 93191 0 2 0 syz-executor1650604283
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
93475 185472 91014 0 2 0 syz-executor1650604283
81148 234162 41998 0 2 0 syz-executor1650604283
81148 498550 41998 0 3 0x4000080 fsleep syz-executor1650604283
87111 162488 27939 0 2 0 syz-executor1650604283
87111 493558 27939 0 3 0x4000080 fsleep syz-executor1650604283
97657 96688 21583 0 2 0 syz-executor1650604283
97657 409667 21583 0 2 0x4000080 syz-executor1650604283
21583 312827 32991 0 3 0x80 nanoslp syz-executor1650604283
99272 454519 32991 0 3 0x80 nanoslp syz-executor1650604283
93191 24146 32991 0 3 0x80 nanoslp syz-executor1650604283
41998 522296 32991 0 3 0x80 nanoslp syz-executor1650604283
91014 210610 32991 0 3 0x80 nanoslp syz-executor1650604283
3622 482383 32991 0 2 0 syz-executor1650604283
44527 48561 32991 0 3 0x80 nanoslp syz-executor1650604283
27939 153703 32991 0 3 0x80 nanoslp syz-executor1650604283
32991 417522 46426 0 3 0x82 nanoslp syz-executor1650604283
46426 9866 1233 0 3 0x10008a sigsusp ksh
1233 359181 41282 0 3 0x9a kqread sshd
49979 339909 1 0 3 0x100083 ttyin getty
41282 176384 1 0 3 0x88 kqread sshd
83588 56429 91941 73 3 0x1100090 kqread syslogd
91941 146095 1 0 3 0x100082 netio syslogd
7390 282487 1 0 3 0x100080 kqread resolvd
15423 26662 97901 77 3 0x100092 kqread dhcpleased
19141 260323 97901 77 3 0x100092 kqread dhcpleased
97901 415848 1 0 3 0x80 kqread dhcpleased
83923 376695 0 0 3 0x14200 bored smr
45862 364944 0 0 2 0x14200 zerothread
95722 440340 0 0 3 0x14200 aiodoned aiodoned
27023 161623 0 0 3 0x14200 syncer update
69192 256780 0 0 3 0x14200 cleaner cleaner
62713 351212 0 0 7 0x14200 reaper
64560 427512 0 0 3 0x14200 pgdaemon pagedaemon
55563 455176 0 0 3 0x14200 bored viomb
43132 416628 0 0 3 0x40014200 acpi0 acpi0
84841 211804 0 0 3 0x40014200 idle1
38460 321221 0 0 3 0x14200 bored softnet3
25395 224808 0 0 3 0x14200 bored softnet2
5575 269163 0 0 3 0x14200 bored softnet1
59381 491031 0 0 3 0x14200 bored softnet0
89675 168789 0 0 3 0x14200 bored systqmp
64679 102099 0 0 3 0x14200 bored systq
29466 306228 0 0 3 0x40014200 bored softclock
99385 189844 0 0 3 0x40014200 idle0
1 50847 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
ddb{1}> show all locks
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10166 6390K 6420K 78643K 11244 0
Type InUse MemUse HighUse Limit Requests Type Lim
pcb 13 8K 8K 78643K 13 0
rtable 58 1K 2K 78643K 110 0
pf 12 6K 6K 78643K 12 0
ifaddr 12 9K 9K 78643K 12 0
ifgroup 17 1K 1K 78643K 17 0
counters 44 33K 33K 78643K 44 0
ioctlops 0 0K 2K 78643K 21 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1174 73K 74K 78643K 1650 0
log 0 0K 0K 78643K 4 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
UFS mount 5 36K 36K 78643K 5 0
VM map 2 1K 1K 78643K 2 0
sem 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 5 8K 17K 78643K 2920 0
ACPI 1697 195K 286K 78643K 12548 0
proc 55 78K 79K 78643K 246 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 11 0K 0K 78643K 11 0
NFS daemon 1 16K 16K 78643K 1 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 85 387K 387K 78643K 85 0
MSDOSFS mount 1 16K 16K 78643K 1 0
exec 0 0K 1K 78643K 243 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 119 6K 7K 78643K 7877 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM aobj 3 2K 2K 78643K 3 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 3 0K 0K 78643K 3 0
crypto data 1 1K 1K 78643K 1 0
temp 1 5904K 5968K 78643K 3800 0
kqueue 11 16K 26K 78643K 994 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 20 0 17 1 0 1 1 0 8 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 144 33 0 20 1 0 1 1 0 8 0
syncache 304 5 0 5 1 0 1 1 0 8 1
tcpqe 32 227 0 227 1 1 0 1 0 8 0
tcpcb 808 978 0 974 2 0 2 2 0 8 1
arp 120 2 0 0 1 0 1 1 0 8 0
inpcb 368 996 0 989 2 0 2 2 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 96 0 0 6 0 6 6 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1885 0 500 87 0 87 87 0 8 0
ffsino 272 1885 0 500 93 0 93 93 0 8 0
nchpl 144 2069 0 510 58 0 58 58 0 8 0
uvmvnodes 80 1894 0 0 39 0 39 39 0 8 0
vnodes 216 1894 0 0 106 0 106 106 0 8 0
namei 1024 12028 0 12028 1 0 1 1 0 8 1
percpumem 16 35 0 0 1 0 1 1 0 8 0
kstatmem 264 6 0 0 1 0 1 1 0 8 0
scxspl 216 4805 0 4805 3 2 1 2 1 8 1
plimitpl 152 16 0 10 1 0 1 1 0 8 0
sigapl 424 1292 0 1246 6 0 6 6 0 8 0
futexpl 64 3249 0 3247 1 0 1 1 0 8 0
knotepl 120 55 0 0 2 0 2 2 0 8 0
kqueuepl 216 990 0 983 1 0 1 1 0 8 0
pipepl 320 87 0 84 1 0 1 1 0 8 0
fdescpl 496 1275 0 1248 5 1 4 4 0 8 0
filepl 152 7925 0 7862 4 0 4 4 0 8 1
lockfpl 104 6 0 4 1 0 1 1 0 8 0
lockfspl 48 4 0 2 1 0 1 1 0 8 0
sessionpl 144 17 0 9 1 0 1 1 0 8 0
pgrppl 48 17 0 9 1 0 1 1 0 8 0
ucredpl 104 5895 0 5885 1 0 1 1 0 8 0
zombiepl 144 1249 0 1246 1 0 1 1 0 8 0
processpl 1072 1292 0 1246 4 0 4 4 0 8 0
procpl 680 2294 0 2244 5 0 5 5 0 8 0
sockpl 488 1049 0 1026 4 0 4 4 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 5 0 0 1 0 1 1 0 8 0
mcl2k 2048 252 0 0 32 0 32 32 0 8 0
mtagpl 96 3 0 0 1 0 1 1 0 8 0
mbufpl 256 260 0 0 17 0 17 17 0 8 0
bufpl 288 2512 0 88 174 0 174 174 0 8 0
anonpl 24 211839 0 209837 25 10 15 23 0 186 2
amapchunkpl 152 25646 0 25431 12 0 12 12 0 158 0
amappl16 200 5747 0 5746 5 4 1 5 0 8 0
amappl15 192 15 0 15 1 1 0 1 0 8 0
amappl14 184 111 0 102 1 0 1 1 0 8 0
amappl13 176 10 0 10 1 1 0 1 0 8 0
amappl12 168 1830 0 1814 2 1 1 2 0 8 0
amappl11 160 87 0 77 1 0 1 1 0 8 0
amappl10 152 17 0 17 1 1 0 1 0 8 0
amappl9 144 172 0 172 1 1 0 1 0 8 0
amappl8 136 33 0 31 1 0 1 1 0 8 0
amappl7 128 1036 0 1021 1 0 1 1 0 8 0
amappl6 120 157 0 144 1 0 1 1 0 8 0
amappl5 112 107 0 97 1 0 1 1 0 8 0
amappl4 104 417 0 387 1 0 1 1 0 8 0
amappl3 96 6915 0 6868 2 0 2 2 0 8 0
amappl2 88 461 0 419 2 0 2 2 0 8 0
amappl1 80 13936 0 13475 11 0 11 11 0 8 0
amappl 88 7608 0 7527 3 0 3 3 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
uaddrrnd 24 1275 0 1248 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1275 0 1248 1 0 1 1 0 8 0
vmmpekpl 168 11540 0 11516 2 0 2 2 0 8 0
vmmpepl 168 68643 0 67442 59 1 58 58 0 357 0
vmsppl 464 1274 0 1248 5 1 4 4 0 8 0
rwobjpl 56 30955 0 28394 39 2 37 37 0 8 0
pdppl 4096 2558 0 2496 82 16 66 66 0 8 4
pvpl 32 355494 0 350731 52 8 44 52 0 265 3
pmappl 248 1274 0 1248 3 1 2 2 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 510 0 18 15 0 15 15 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
ddb{0}> trace
x86_ipi_db(ffffffff82ba3ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
ddb{0}> trace
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82d8cde8) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82d8cde8) at __mp_lock+0x122 sys/kern/kern_lock.c:147
reaper(ffff8000211b2d50) at reaper+0x160 sys/kern/kern_exit.c:452
end trace frame: 0x0, count: -5
ddb{0}> machine ddbcpu 1
Stopped at witness_checkorder+0x4f5: movl 0x10(%r14),%ecx
ddb{1}> trace
witness_checkorder(fffffd806f1e70e8,9,0) at witness_checkorder+0x4f5 witness_lock_order_check sys/kern/subr_witness.c:2442 [inline]
witness_checkorder(fffffd806f1e70e8,9,0) at witness_checkorder+0x4f5 sys/kern/subr_witness.c:890
mtx_enter(fffffd806f1e70d8) at mtx_enter+0x3e sys/kern/kern_lock.c:265
knote_remove(ffff80002121b808,fffffd806f1e70d8,fffffd806f1e7160,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881
knote_fdclose(ffff80002121b808,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934
fdfree(ffff80002121b808) at fdfree+0xdf sys/kern/kern_descrip.c:1196
exit1(ffff80002121b808,0,0,1) at exit1+0x3ff sys/kern/kern_exit.c:206
sys_exit(ffff80002121b808,ffff80002129f3a0,ffff80002129f3f0) at sys_exit+0x1a sys/kern/kern_exit.c:89
syscall(ffff80002129f470) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002129f470) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7db9d75213e0, count: -9
end of kernel
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Dec 27, 2023, 8:55:16 PM12/27/23
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
No recent activity, existing reproducers are no longer triggering the issue.
No recent activity, existing reproducers are no longer triggering the issue.
Reply all
Reply to author
Forward
0 new messages