panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock (4)
0 views
Skip to first unread message
syzbot
Mar 21, 2022, 8:33:30 AM3/21/22
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 4ff57d1d979c Adjust to renaming of F_CTL_ACTIVE/F_PREF_ACT..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1545d3cb700000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=7596cb96fb9f3c9d6f4f
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7596cb...@syzkaller.appspotmail.com
panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
268561 41893 0 0 0 1 syz-executor.3
*297404 41893 0 0 0x4000000 0 syz-executor.3
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a56b6) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82b47030,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd8077c23310) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd8077c23310) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd8077c231f8) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f684270,fffffd8067c2c200,fffffd80671aa5b0,0,14,fffffd80671aa5c4,67cfad0090c80da1,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff80002b12dd68,ffff80002b12dd74,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff80002b12dd68,ffff80002b12dd74,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002b12dd68,ffff80002b12dd74,ffff8000246bb000,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002b12dd68,ffff80002b12dd74,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd80671aa500) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd80671aa500,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd80671aa600,0,fffffd806f684de0,0,0,fffffd806f684d68,e208c024ee8180e7) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd80671aa600,0,fffffd806f684de0,0,0,fffffd806f684d68,e208c024ee8180e7) at ip_output+0xb05 sys/netinet/ip_output.c:332
end trace frame: 0xffff80002b12dfe0, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a56b6) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82b47030,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd8077c23310) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd8077c23310) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd8077c231f8) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f684270,fffffd8067c2c200,fffffd80671aa5b0,0,14,fffffd80671aa5c4,67cfad0090c80da1,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff80002b12dd68,ffff80002b12dd74,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff80002b12dd68,ffff80002b12dd74,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002b12dd68,ffff80002b12dd74,ffff8000246bb000,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002b12dd68,ffff80002b12dd74,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd80671aa500) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd80671aa500,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd80671aa600,0,fffffd806f684de0,0,0,fffffd806f684d68,e208c024ee8180e7) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd80671aa600,0,fffffd806f684de0,0,0,fffffd806f684d68,e208c024ee8180e7) at ip_output+0xb05 sys/netinet/ip_output.c:332
udp_output(fffffd806f684d68,fffffd80671aa600,0,0) at udp_output+0x58d sys/netinet/udp_usrreq.c:1011
sosend(fffffd8077c23d38,0,ffff80002b12e178,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582
dofilewritev(ffff8000260dc2a8,4,ffff80002b12e178,0,ffff80002b12e270) at dofilewritev+0x19c sys/kern/sys_generic.c:381
sys_write(ffff8000260dc2a8,ffff80002b12e218,ffff80002b12e270) at sys_write+0x83 sys/kern/sys_generic.c:301
syscall(ffff80002b12e2e0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002b12e2e0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x492fa06bc70, count: -20
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002b12d7a0
rbx 0xffffffff8294ebff cpu_info_full_primary+0x2bff
rdx 0xffff800000bdfe00
rcx 0
rax 0xffff8000260dc2a8
r8 0x101010101010101
r9 0x8080808080808080
r10 0xb2c629d71defe3e5
r11 0x82f3c33cabc85342
r12 0xffffffff8294ea00 cpu_info_full_primary+0x2a00
r13 0
r14 0
r15 0x1
rip 0xffffffff81f18858 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80002b12d790
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.3) pid=297404 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=78, nice=20
forw=0xffffffffffffffff, list=0xffff8000260dd268,0xffffffff82b44c30
process=0xffff8000ffff2580 user=0xffff80002b129000, vmspace=0xfffffd806a876b90
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
41893 268561 12043 0 7 0 syz-executor.3
*41893 297404 12043 0 7 0x4000000 syz-executor.3
26530 261174 8010 0 2 0 syz-executor.4
18375 198141 20312 0 2 0 syz-executor.7
18375 227721 20312 0 3 0x4000080 fsleep syz-executor.7
77342 124063 13787 0 2 0 syz-executor.5
77342 305273 13787 0 3 0x4000080 bell syz-executor.5
83011 3617 36974 0 2 0 syz-executor.0
83011 471546 36974 0 3 0x4000080 fsleep syz-executor.0
54191 51357 2468 0 2 0 syz-executor.1
54191 388444 2468 0 3 0x4000080 fsleep syz-executor.1
20312 465782 26313 0 3 0x82 nanoslp syz-executor.7
13787 183999 26313 0 3 0x82 nanoslp syz-executor.5
37222 410640 26313 0 3 0x82 nanoslp syz-executor.6
8010 329795 26313 0 3 0x82 nanoslp syz-executor.4
12043 216624 26313 0 3 0x82 nanoslp syz-executor.3
23150 267526 26313 0 3 0x82 nanoslp syz-executor.2
2468 265133 26313 0 3 0x82 nanoslp syz-executor.1
36974 338562 26313 0 3 0x82 nanoslp syz-executor.0
26313 280629 35240 0 3 0x82 thrsleep syz-fuzzer
26313 99653 35240 0 3 0x4000082 nanoslp syz-fuzzer
26313 352840 35240 0 3 0x4000082 thrsleep syz-fuzzer
26313 98633 35240 0 3 0x4000082 thrsleep syz-fuzzer
26313 1136 35240 0 3 0x4000082 kqread syz-fuzzer
26313 198363 35240 0 3 0x4000082 thrsleep syz-fuzzer
26313 431578 35240 0 3 0x4000082 thrsleep syz-fuzzer
26313 206699 35240 0 3 0x4000082 nanoslp syz-fuzzer
26313 33851 35240 0 3 0x4000082 thrsleep syz-fuzzer
35240 57937 89396 0 3 0x10008a sigsusp ksh
89396 465218 29030 0 3 0x9a kqread sshd
87951 167233 1 0 3 0x100083 ttyin getty
29030 260010 1 0 3 0x88 kqread sshd
54937 228292 62368 74 3 0x1100092 bpf pflogd
62368 258962 1 0 3 0x80 netio pflogd
31549 489726 68506 73 3 0x1100090 kqread syslogd
68506 502289 1 0 3 0x100082 netio syslogd
9345 88510 1 0 3 0x100080 kqread resolvd
16394 434259 62339 77 3 0x100092 kqread dhcpleased
99875 379582 62339 77 3 0x100092 kqread dhcpleased
62339 487472 1 0 3 0x80 kqread dhcpleased
6576 29471 0 0 3 0x14200 bored smr
67419 268378 0 0 2 0x14200 zerothread
56067 105965 0 0 3 0x14200 aiodoned aiodoned
81774 189879 0 0 3 0x14200 syncer update
59855 220535 0 0 3 0x14200 cleaner cleaner
47973 261560 0 0 3 0x14200 reaper reaper
63061 351602 0 0 3 0x14200 pgdaemon pagedaemon
12634 275339 0 0 3 0x14200 bored viomb
94846 60478 0 0 3 0x40014200 acpi0 acpi0
18830 228766 0 0 3 0x40014200 idle1
30157 25920 0 0 3 0x14200 bored softnet
58919 451751 0 0 3 0x14200 bored systqmp
6245 277847 0 0 3 0x14200 bored systq
45212 461120 0 0 3 0x40014200 bored softclock
56966 82429 0 0 3 0x40014200 idle0
1 183637 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &table->inpt_mtx r = 0 (0xffffffff82a88990)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 udp_input+0x7b0
#4 ip_deliver+0x322 sys/netinet/ip_input.c:657
#5 ip_ours+0x3ba sys/netinet/ip_input.c:616
#6 ip_input_if+0x2a1
#7 ipv4_input+0x48 sys/netinet/ip_input.c:242
#8 if_input_local+0x10e sys/net/if.c:774
#9 ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
#9 ip_output+0xb05 sys/netinet/ip_output.c:332
#10 udp_output+0x58d sys/netinet/udp_usrreq.c:1011
#11 sosend+0x632 sys/kern/uipc_socket.c:582
#12 dofilewritev+0x19c sys/kern/sys_generic.c:381
#13 sys_write+0x83 sys/kern/sys_generic.c:301
#14 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#14 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#15 Xsyscall+0x128
Process 41893 (syz-executor.3) thread 0xffff8000260dc2a8 (297404)
exclusive rwlock netlock r = 0 (0xffffffff828f7720)
#0 witness_lock+0x44d
#1 solock+0x86 sys/kern/uipc_socket2.c:295
#2 sosend+0x517 sys/kern/uipc_socket.c:570
#3 dofilewritev+0x19c sys/kern/sys_generic.c:381
#4 sys_write+0x83 sys/kern/sys_generic.c:301
#5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#6 Xsyscall+0x128
exclusive mutex &table->inpt_mtx r = 0 (0xffffffff82a88990)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 udp_input+0x7b0
#4 ip_deliver+0x322 sys/netinet/ip_input.c:657
#5 ip_ours+0x3ba sys/netinet/ip_input.c:616
#6 ip_input_if+0x2a1
#7 ipv4_input+0x48 sys/netinet/ip_input.c:242
#8 if_input_local+0x10e sys/net/if.c:774
#9 ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
#9 ip_output+0xb05 sys/netinet/ip_output.c:332
#10 udp_output+0x58d sys/netinet/udp_usrreq.c:1011
#11 sosend+0x632 sys/kern/uipc_socket.c:582
#12 dofilewritev+0x19c sys/kern/sys_generic.c:381
#13 sys_write+0x83 sys/kern/sys_generic.c:301
#14 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#14 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#15 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10191 6613K 7386K 78643K 11619 0
pcb 13 8K 8K 78643K 13 0
rtable 240 6K 7K 78643K 354 0
ifaddr 91 18K 18K 78643K 116 0
counters 58 35K 35K 78643K 66 0
ioctlops 0 0K 4K 78643K 1487 0
iov 0 0K 0K 78643K 19 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1277 80K 80K 78643K 1376 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 33K 78643K 30 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 43 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 17 61K 89K 78643K 390 0
proc 69 87K 111K 78643K 508 0
subproc 104 6K 6K 78643K 104 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 99 6K 6K 78643K 99 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 43 201K 201K 78643K 43 0
exec 0 0K 2K 78643K 644 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 285 76K 76K 78643K 6253 0
UVM aobj 31 2K 2K 78643K 31 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 10 0
NDP 13 0K 2K 78643K 33 0
temp 94 4697K 4761K 78643K 4981 0
kqueue 12 18K 18K 78643K 22 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 33 0 30 1 0 1 1 0 8 0
rtentry 112 112 0 1 4 0 4 4 0 8 0
unpcb 136 123 0 108 1 0 1 1 0 8 0
syncache 296 4 0 4 1 1 0 1 0 8 0
tcpcb 736 116 0 99 7 0 7 7 0 8 5
arp 120 19 0 0 1 0 1 1 0 8 0
inpcb 312 350 0 339 4 0 4 4 0 8 3
nd6 48 24 0 0 1 0 1 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 49 0 0 1 0 1 1 0 8 0
pfstkey 112 49 0 0 2 0 2 2 0 8 0
pfstate 320 49 0 0 5 0 5 5 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 454 0 0 29 0 29 29 0 8 0
art_table 32 455 0 0 4 0 4 4 0 8 0
art_node 16 111 0 10 1 0 1 1 0 8 0
semapl 112 41 0 31 1 0 1 1 0 8 0
shmpl 112 28 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1806 0 370 91 0 91 91 0 8 1
ffsino 272 1806 0 370 97 0 97 97 0 8 1
nchpl 144 2357 0 686 63 0 63 63 0 8 0
uvmvnodes 80 2003 0 0 41 0 41 41 0 8 0
vnodes 224 2003 0 0 118 0 118 118 0 8 0
namei 1024 7491 0 7491 2 1 1 2 0 8 1
percpumem 16 45 0 4 1 0 1 1 0 8 0
scxspl 216 7084 0 7084 2 1 1 2 0 8 1
plimitpl 152 36 0 21 1 0 1 1 0 8 0
sigapl 424 693 0 648 6 0 6 6 0 8 0
futexpl 64 2501 0 2498 1 0 1 1 0 8 0
knotepl 120 102 0 0 4 0 4 4 0 8 0
kqueuepl 216 37 0 29 1 0 1 1 0 8 0
pipepl 336 129 0 101 3 0 3 3 0 8 0
fdescpl 496 679 0 649 5 0 5 5 0 8 1
filepl 152 2578 0 2334 11 0 11 11 0 8 1
lockfpl 104 82 0 80 1 0 1 1 0 8 0
lockfspl 48 42 0 40 1 0 1 1 0 8 0
sessionpl 144 24 0 7 1 0 1 1 0 8 0
pgrppl 48 24 0 7 1 0 1 1 0 8 0
ucredpl 96 186 0 174 1 0 1 1 0 8 0
zombiepl 144 650 0 648 1 0 1 1 0 8 0
processpl 1064 693 0 648 4 0 4 4 0 8 0
procpl 672 1007 0 949 7 0 7 7 0 8 2
sockpl 480 525 0 496 8 0 8 8 0 8 4
mcl64k 65536 4 0 0 1 0 1 1 0 8 0
mcl12k 12288 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 12 0 0 2 0 2 2 0 8 0
mcl4k 4096 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 120 0 0 14 0 14 14 0 8 0
mtagpl 96 76 0 0 2 0 2 2 0 8 0
mbufpl 256 351 0 0 22 0 22 22 0 8 0
bufpl 288 3935 0 146 271 0 271 271 0 8 0
anonpl 24 127363 0 119123 58 3 55 55 0 186 0
amapchunkpl 152 13672 0 13039 28 0 28 28 0 158 2
amappl16 200 809 0 676 9 1 8 8 0 8 0
amappl15 192 96 0 90 1 0 1 1 0 8 0
amappl14 184 33 0 29 1 0 1 1 0 8 0
amappl13 176 82 0 80 1 0 1 1 0 8 0
amappl12 168 84 0 77 1 0 1 1 0 8 0
amappl11 160 133 0 115 1 0 1 1 0 8 0
amappl10 152 31 0 26 1 0 1 1 0 8 0
amappl9 144 489 0 482 1 0 1 1 0 8 0
amappl8 136 661 0 614 2 0 2 2 0 8 0
amappl7 128 186 0 171 1 0 1 1 0 8 0
amappl6 120 290 0 266 2 1 1 2 0 8 0
amappl5 112 517 0 498 1 0 1 1 0 8 0
amappl4 104 944 0 916 2 1 1 2 0 8 0
amappl3 96 216 0 201 1 0 1 1 0 8 0
amappl2 88 610 0 565 3 1 2 3 0 8 0
amappl1 80 15158 0 14561 19 5 14 19 0 8 0
amappl 88 5791 0 5561 6 0 6 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 30 0 0 1 0 1 1 0 8 0
uaddrrnd 24 679 0 649 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 679 0 649 1 0 1 1 0 8 0
vmmpekpl 168 9160 0 9120 3 0 3 3 0 8 0
vmmpepl 168 61722 0 59611 99 0 99 99 0 357 5
vmsppl 368 678 0 649 4 0 4 4 0 8 1
rwobjpl 56 17818 0 14694 45 0 45 45 0 8 0
pdppl 4096 1365 0 1298 101 32 69 81 0 8 2
pvpl 32 363559 0 350880 263 4 259 262 0 265 155
pmappl 248 678 0 649 3 0 3 3 0 8 1
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 658 0 36 18 0 18 18 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a56b6) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82b47030,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd8077c23310) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd8077c23310) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd8077c231f8) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f684270,fffffd8067c2c200,fffffd80671aa5b0,0,14,fffffd80671aa5c4,67cfad0090c80da1,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff80002b12dd68,ffff80002b12dd74,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff80002b12dd68,ffff80002b12dd74,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002b12dd68,ffff80002b12dd74,ffff8000246bb000,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002b12dd68,ffff80002b12dd74,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd80671aa500) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd80671aa500,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd80671aa600,0,fffffd806f684de0,0,0,fffffd806f684d68,e208c024ee8180e7) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd80671aa600,0,fffffd806f684de0,0,0,fffffd806f684d68,e208c024ee8180e7) at ip_output+0xb05 sys/netinet/ip_output.c:332
udp_output(fffffd806f684d68,fffffd80671aa600,0,0) at udp_output+0x58d sys/netinet/udp_usrreq.c:1011
sosend(fffffd8077c23d38,0,ffff80002b12e178,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582
dofilewritev(ffff8000260dc2a8,4,ffff80002b12e178,0,ffff80002b12e270) at dofilewritev+0x19c sys/kern/sys_generic.c:381
sys_write(ffff8000260dc2a8,ffff80002b12e218,ffff80002b12e270) at sys_write+0x83 sys/kern/sys_generic.c:301
syscall(ffff80002b12e2e0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002b12e2e0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x492fa06bc70, count: -20
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
end of kernel
end trace frame: 0x7f7ffffe78e0, count: 12
ddb{1}> trace
x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
end of kernel
end trace frame: 0x7f7ffffe78e0, count: -3
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 4ff57d1d979c Adjust to renaming of F_CTL_ACTIVE/F_PREF_ACT..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1545d3cb700000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=7596cb96fb9f3c9d6f4f
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7596cb...@syzkaller.appspotmail.com
panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
268561 41893 0 0 0 1 syz-executor.3
*297404 41893 0 0 0x4000000 0 syz-executor.3
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a56b6) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82b47030,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd8077c23310) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd8077c23310) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd8077c231f8) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f684270,fffffd8067c2c200,fffffd80671aa5b0,0,14,fffffd80671aa5c4,67cfad0090c80da1,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff80002b12dd68,ffff80002b12dd74,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff80002b12dd68,ffff80002b12dd74,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002b12dd68,ffff80002b12dd74,ffff8000246bb000,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002b12dd68,ffff80002b12dd74,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd80671aa500) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd80671aa500,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd80671aa600,0,fffffd806f684de0,0,0,fffffd806f684d68,e208c024ee8180e7) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd80671aa600,0,fffffd806f684de0,0,0,fffffd806f684d68,e208c024ee8180e7) at ip_output+0xb05 sys/netinet/ip_output.c:332
end trace frame: 0xffff80002b12dfe0, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a56b6) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82b47030,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd8077c23310) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd8077c23310) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd8077c231f8) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f684270,fffffd8067c2c200,fffffd80671aa5b0,0,14,fffffd80671aa5c4,67cfad0090c80da1,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff80002b12dd68,ffff80002b12dd74,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff80002b12dd68,ffff80002b12dd74,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002b12dd68,ffff80002b12dd74,ffff8000246bb000,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002b12dd68,ffff80002b12dd74,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd80671aa500) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd80671aa500,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd80671aa600,0,fffffd806f684de0,0,0,fffffd806f684d68,e208c024ee8180e7) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd80671aa600,0,fffffd806f684de0,0,0,fffffd806f684d68,e208c024ee8180e7) at ip_output+0xb05 sys/netinet/ip_output.c:332
udp_output(fffffd806f684d68,fffffd80671aa600,0,0) at udp_output+0x58d sys/netinet/udp_usrreq.c:1011
sosend(fffffd8077c23d38,0,ffff80002b12e178,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582
dofilewritev(ffff8000260dc2a8,4,ffff80002b12e178,0,ffff80002b12e270) at dofilewritev+0x19c sys/kern/sys_generic.c:381
sys_write(ffff8000260dc2a8,ffff80002b12e218,ffff80002b12e270) at sys_write+0x83 sys/kern/sys_generic.c:301
syscall(ffff80002b12e2e0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002b12e2e0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x492fa06bc70, count: -20
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002b12d7a0
rbx 0xffffffff8294ebff cpu_info_full_primary+0x2bff
rdx 0xffff800000bdfe00
rcx 0
rax 0xffff8000260dc2a8
r8 0x101010101010101
r9 0x8080808080808080
r10 0xb2c629d71defe3e5
r11 0x82f3c33cabc85342
r12 0xffffffff8294ea00 cpu_info_full_primary+0x2a00
r13 0
r14 0
r15 0x1
rip 0xffffffff81f18858 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80002b12d790
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.3) pid=297404 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=78, nice=20
forw=0xffffffffffffffff, list=0xffff8000260dd268,0xffffffff82b44c30
process=0xffff8000ffff2580 user=0xffff80002b129000, vmspace=0xfffffd806a876b90
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
41893 268561 12043 0 7 0 syz-executor.3
*41893 297404 12043 0 7 0x4000000 syz-executor.3
26530 261174 8010 0 2 0 syz-executor.4
18375 198141 20312 0 2 0 syz-executor.7
18375 227721 20312 0 3 0x4000080 fsleep syz-executor.7
77342 124063 13787 0 2 0 syz-executor.5
77342 305273 13787 0 3 0x4000080 bell syz-executor.5
83011 3617 36974 0 2 0 syz-executor.0
83011 471546 36974 0 3 0x4000080 fsleep syz-executor.0
54191 51357 2468 0 2 0 syz-executor.1
54191 388444 2468 0 3 0x4000080 fsleep syz-executor.1
20312 465782 26313 0 3 0x82 nanoslp syz-executor.7
13787 183999 26313 0 3 0x82 nanoslp syz-executor.5
37222 410640 26313 0 3 0x82 nanoslp syz-executor.6
8010 329795 26313 0 3 0x82 nanoslp syz-executor.4
12043 216624 26313 0 3 0x82 nanoslp syz-executor.3
23150 267526 26313 0 3 0x82 nanoslp syz-executor.2
2468 265133 26313 0 3 0x82 nanoslp syz-executor.1
36974 338562 26313 0 3 0x82 nanoslp syz-executor.0
26313 280629 35240 0 3 0x82 thrsleep syz-fuzzer
26313 99653 35240 0 3 0x4000082 nanoslp syz-fuzzer
26313 352840 35240 0 3 0x4000082 thrsleep syz-fuzzer
26313 98633 35240 0 3 0x4000082 thrsleep syz-fuzzer
26313 1136 35240 0 3 0x4000082 kqread syz-fuzzer
26313 198363 35240 0 3 0x4000082 thrsleep syz-fuzzer
26313 431578 35240 0 3 0x4000082 thrsleep syz-fuzzer
26313 206699 35240 0 3 0x4000082 nanoslp syz-fuzzer
26313 33851 35240 0 3 0x4000082 thrsleep syz-fuzzer
35240 57937 89396 0 3 0x10008a sigsusp ksh
89396 465218 29030 0 3 0x9a kqread sshd
87951 167233 1 0 3 0x100083 ttyin getty
29030 260010 1 0 3 0x88 kqread sshd
54937 228292 62368 74 3 0x1100092 bpf pflogd
62368 258962 1 0 3 0x80 netio pflogd
31549 489726 68506 73 3 0x1100090 kqread syslogd
68506 502289 1 0 3 0x100082 netio syslogd
9345 88510 1 0 3 0x100080 kqread resolvd
16394 434259 62339 77 3 0x100092 kqread dhcpleased
99875 379582 62339 77 3 0x100092 kqread dhcpleased
62339 487472 1 0 3 0x80 kqread dhcpleased
6576 29471 0 0 3 0x14200 bored smr
67419 268378 0 0 2 0x14200 zerothread
56067 105965 0 0 3 0x14200 aiodoned aiodoned
81774 189879 0 0 3 0x14200 syncer update
59855 220535 0 0 3 0x14200 cleaner cleaner
47973 261560 0 0 3 0x14200 reaper reaper
63061 351602 0 0 3 0x14200 pgdaemon pagedaemon
12634 275339 0 0 3 0x14200 bored viomb
94846 60478 0 0 3 0x40014200 acpi0 acpi0
18830 228766 0 0 3 0x40014200 idle1
30157 25920 0 0 3 0x14200 bored softnet
58919 451751 0 0 3 0x14200 bored systqmp
6245 277847 0 0 3 0x14200 bored systq
45212 461120 0 0 3 0x40014200 bored softclock
56966 82429 0 0 3 0x40014200 idle0
1 183637 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &table->inpt_mtx r = 0 (0xffffffff82a88990)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 udp_input+0x7b0
#4 ip_deliver+0x322 sys/netinet/ip_input.c:657
#5 ip_ours+0x3ba sys/netinet/ip_input.c:616
#6 ip_input_if+0x2a1
#7 ipv4_input+0x48 sys/netinet/ip_input.c:242
#8 if_input_local+0x10e sys/net/if.c:774
#9 ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
#9 ip_output+0xb05 sys/netinet/ip_output.c:332
#10 udp_output+0x58d sys/netinet/udp_usrreq.c:1011
#11 sosend+0x632 sys/kern/uipc_socket.c:582
#12 dofilewritev+0x19c sys/kern/sys_generic.c:381
#13 sys_write+0x83 sys/kern/sys_generic.c:301
#14 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#14 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#15 Xsyscall+0x128
Process 41893 (syz-executor.3) thread 0xffff8000260dc2a8 (297404)
exclusive rwlock netlock r = 0 (0xffffffff828f7720)
#0 witness_lock+0x44d
#1 solock+0x86 sys/kern/uipc_socket2.c:295
#2 sosend+0x517 sys/kern/uipc_socket.c:570
#3 dofilewritev+0x19c sys/kern/sys_generic.c:381
#4 sys_write+0x83 sys/kern/sys_generic.c:301
#5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#6 Xsyscall+0x128
exclusive mutex &table->inpt_mtx r = 0 (0xffffffff82a88990)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 udp_input+0x7b0
#4 ip_deliver+0x322 sys/netinet/ip_input.c:657
#5 ip_ours+0x3ba sys/netinet/ip_input.c:616
#6 ip_input_if+0x2a1
#7 ipv4_input+0x48 sys/netinet/ip_input.c:242
#8 if_input_local+0x10e sys/net/if.c:774
#9 ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
#9 ip_output+0xb05 sys/netinet/ip_output.c:332
#10 udp_output+0x58d sys/netinet/udp_usrreq.c:1011
#11 sosend+0x632 sys/kern/uipc_socket.c:582
#12 dofilewritev+0x19c sys/kern/sys_generic.c:381
#13 sys_write+0x83 sys/kern/sys_generic.c:301
#14 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#14 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#15 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10191 6613K 7386K 78643K 11619 0
pcb 13 8K 8K 78643K 13 0
rtable 240 6K 7K 78643K 354 0
ifaddr 91 18K 18K 78643K 116 0
counters 58 35K 35K 78643K 66 0
ioctlops 0 0K 4K 78643K 1487 0
iov 0 0K 0K 78643K 19 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1277 80K 80K 78643K 1376 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 33K 78643K 30 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 43 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 17 61K 89K 78643K 390 0
proc 69 87K 111K 78643K 508 0
subproc 104 6K 6K 78643K 104 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 99 6K 6K 78643K 99 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 43 201K 201K 78643K 43 0
exec 0 0K 2K 78643K 644 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 285 76K 76K 78643K 6253 0
UVM aobj 31 2K 2K 78643K 31 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 10 0
NDP 13 0K 2K 78643K 33 0
temp 94 4697K 4761K 78643K 4981 0
kqueue 12 18K 18K 78643K 22 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 33 0 30 1 0 1 1 0 8 0
rtentry 112 112 0 1 4 0 4 4 0 8 0
unpcb 136 123 0 108 1 0 1 1 0 8 0
syncache 296 4 0 4 1 1 0 1 0 8 0
tcpcb 736 116 0 99 7 0 7 7 0 8 5
arp 120 19 0 0 1 0 1 1 0 8 0
inpcb 312 350 0 339 4 0 4 4 0 8 3
nd6 48 24 0 0 1 0 1 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 49 0 0 1 0 1 1 0 8 0
pfstkey 112 49 0 0 2 0 2 2 0 8 0
pfstate 320 49 0 0 5 0 5 5 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 454 0 0 29 0 29 29 0 8 0
art_table 32 455 0 0 4 0 4 4 0 8 0
art_node 16 111 0 10 1 0 1 1 0 8 0
semapl 112 41 0 31 1 0 1 1 0 8 0
shmpl 112 28 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1806 0 370 91 0 91 91 0 8 1
ffsino 272 1806 0 370 97 0 97 97 0 8 1
nchpl 144 2357 0 686 63 0 63 63 0 8 0
uvmvnodes 80 2003 0 0 41 0 41 41 0 8 0
vnodes 224 2003 0 0 118 0 118 118 0 8 0
namei 1024 7491 0 7491 2 1 1 2 0 8 1
percpumem 16 45 0 4 1 0 1 1 0 8 0
scxspl 216 7084 0 7084 2 1 1 2 0 8 1
plimitpl 152 36 0 21 1 0 1 1 0 8 0
sigapl 424 693 0 648 6 0 6 6 0 8 0
futexpl 64 2501 0 2498 1 0 1 1 0 8 0
knotepl 120 102 0 0 4 0 4 4 0 8 0
kqueuepl 216 37 0 29 1 0 1 1 0 8 0
pipepl 336 129 0 101 3 0 3 3 0 8 0
fdescpl 496 679 0 649 5 0 5 5 0 8 1
filepl 152 2578 0 2334 11 0 11 11 0 8 1
lockfpl 104 82 0 80 1 0 1 1 0 8 0
lockfspl 48 42 0 40 1 0 1 1 0 8 0
sessionpl 144 24 0 7 1 0 1 1 0 8 0
pgrppl 48 24 0 7 1 0 1 1 0 8 0
ucredpl 96 186 0 174 1 0 1 1 0 8 0
zombiepl 144 650 0 648 1 0 1 1 0 8 0
processpl 1064 693 0 648 4 0 4 4 0 8 0
procpl 672 1007 0 949 7 0 7 7 0 8 2
sockpl 480 525 0 496 8 0 8 8 0 8 4
mcl64k 65536 4 0 0 1 0 1 1 0 8 0
mcl12k 12288 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 12 0 0 2 0 2 2 0 8 0
mcl4k 4096 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 120 0 0 14 0 14 14 0 8 0
mtagpl 96 76 0 0 2 0 2 2 0 8 0
mbufpl 256 351 0 0 22 0 22 22 0 8 0
bufpl 288 3935 0 146 271 0 271 271 0 8 0
anonpl 24 127363 0 119123 58 3 55 55 0 186 0
amapchunkpl 152 13672 0 13039 28 0 28 28 0 158 2
amappl16 200 809 0 676 9 1 8 8 0 8 0
amappl15 192 96 0 90 1 0 1 1 0 8 0
amappl14 184 33 0 29 1 0 1 1 0 8 0
amappl13 176 82 0 80 1 0 1 1 0 8 0
amappl12 168 84 0 77 1 0 1 1 0 8 0
amappl11 160 133 0 115 1 0 1 1 0 8 0
amappl10 152 31 0 26 1 0 1 1 0 8 0
amappl9 144 489 0 482 1 0 1 1 0 8 0
amappl8 136 661 0 614 2 0 2 2 0 8 0
amappl7 128 186 0 171 1 0 1 1 0 8 0
amappl6 120 290 0 266 2 1 1 2 0 8 0
amappl5 112 517 0 498 1 0 1 1 0 8 0
amappl4 104 944 0 916 2 1 1 2 0 8 0
amappl3 96 216 0 201 1 0 1 1 0 8 0
amappl2 88 610 0 565 3 1 2 3 0 8 0
amappl1 80 15158 0 14561 19 5 14 19 0 8 0
amappl 88 5791 0 5561 6 0 6 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 30 0 0 1 0 1 1 0 8 0
uaddrrnd 24 679 0 649 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 679 0 649 1 0 1 1 0 8 0
vmmpekpl 168 9160 0 9120 3 0 3 3 0 8 0
vmmpepl 168 61722 0 59611 99 0 99 99 0 357 5
vmsppl 368 678 0 649 4 0 4 4 0 8 1
rwobjpl 56 17818 0 14694 45 0 45 45 0 8 0
pdppl 4096 1365 0 1298 101 32 69 81 0 8 2
pvpl 32 363559 0 350880 263 4 259 262 0 265 155
pmappl 248 678 0 649 3 0 3 3 0 8 1
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 658 0 36 18 0 18 18 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a56b6) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82b47030,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd8077c23310) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd8077c23310) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd8077c231f8) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f684270,fffffd8067c2c200,fffffd80671aa5b0,0,14,fffffd80671aa5c4,67cfad0090c80da1,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff80002b12dd68,ffff80002b12dd74,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff80002b12dd68,ffff80002b12dd74,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002b12dd68,ffff80002b12dd74,ffff8000246bb000,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002b12dd68,ffff80002b12dd74,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd80671aa500) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd80671aa500,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd80671aa600,0,fffffd806f684de0,0,0,fffffd806f684d68,e208c024ee8180e7) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd80671aa600,0,fffffd806f684de0,0,0,fffffd806f684d68,e208c024ee8180e7) at ip_output+0xb05 sys/netinet/ip_output.c:332
udp_output(fffffd806f684d68,fffffd80671aa600,0,0) at udp_output+0x58d sys/netinet/udp_usrreq.c:1011
sosend(fffffd8077c23d38,0,ffff80002b12e178,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582
dofilewritev(ffff8000260dc2a8,4,ffff80002b12e178,0,ffff80002b12e270) at dofilewritev+0x19c sys/kern/sys_generic.c:381
sys_write(ffff8000260dc2a8,ffff80002b12e218,ffff80002b12e270) at sys_write+0x83 sys/kern/sys_generic.c:301
syscall(ffff80002b12e2e0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002b12e2e0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x492fa06bc70, count: -20
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
end of kernel
end trace frame: 0x7f7ffffe78e0, count: 12
ddb{1}> trace
x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
end of kernel
end trace frame: 0x7f7ffffe78e0, count: -3
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 21, 2022, 9:07:22 AM3/21/22
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 4ff57d1d979c Adjust to renaming of F_CTL_ACTIVE/F_PREF_ACT..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=118a2ced700000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=156728db700000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7596cb...@syzkaller.appspotmail.com
panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*335720 66269 0 0 0x4000000 1 syz-executor3787790407
263022 25669 0 0 0 0 syz-executor3787790407
selwakeup(fffffd806dcd58b0) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd806dcd5798) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f67aaf8,fffffd806e534900,fffffd806e5341b0,0,14,fffffd806e5341c4,17a838f1d7c02518,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff80002122aa38,ffff80002122aa44,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff80002122aa38,ffff80002122aa44,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002122aa38,ffff80002122aa44,fffffd806e5341bc,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002122aa38,ffff80002122aa44,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd806e534100) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd806e534100,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd807f00ec00,0,fffffd806f67a7c8,0,0,fffffd806f67a750,55108209fcf15a8b) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd807f00ec00,0,fffffd806f67a7c8,0,0,fffffd806f67a750,55108209fcf15a8b) at ip_output+0xb05 sys/netinet/ip_output.c:332
end trace frame: 0xffff80002122acb0, count: 0
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock
ddb{1}> trace
selwakeup(fffffd806dcd58b0) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd806dcd5798) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f67aaf8,fffffd806e534900,fffffd806e5341b0,0,14,fffffd806e5341c4,17a838f1d7c02518,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff80002122aa38,ffff80002122aa44,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff80002122aa38,ffff80002122aa44,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002122aa38,ffff80002122aa44,fffffd806e5341bc,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002122aa38,ffff80002122aa44,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd806e534100) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd806e534100,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd807f00ec00,0,fffffd806f67a7c8,0,0,fffffd806f67a750,55108209fcf15a8b) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd807f00ec00,0,fffffd806f67a7c8,0,0,fffffd806f67a750,55108209fcf15a8b) at ip_output+0xb05 sys/netinet/ip_output.c:332
udp_output(fffffd806f67a750,fffffd807f00ec00,0,0) at udp_output+0x58d sys/netinet/udp_usrreq.c:1011
sosend(fffffd806dcd5018,0,ffff80002122ae48,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582
dofilewritev(ffff8000212457a8,3,ffff80002122ae48,0,ffff80002122af40) at dofilewritev+0x19c sys/kern/sys_generic.c:381
sys_write(ffff8000212457a8,ffff80002122aee8,ffff80002122af40) at sys_write+0x83 sys/kern/sys_generic.c:301
syscall(ffff80002122afb0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002122afb0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002122a470
rbx 0xffff800020ce9bff
rdx 0x3fd
rcx 0
rax 0x68
r8 0x101010101010101
r9 0x8080808080808080
r10 0x5f2221f2b3552f78
r11 0x10a105246ba82695
r12 0xffff800020ce9a00
PROC (syz-executor3787790407) pid=335720 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=52, nice=20
forw=0xffffffffffffffff, list=0xffff800021245ce8,0xffff800021245278
process=0xffff8000ffffa998 user=0xffff800021226000, vmspace=0xfffffd806cbe7180
estcpu=2, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
99610 176689 91066 0 2 0 syz-executor3787790407
31601 194813 56726 0 2 0 syz-executor3787790407
31601 257662 56726 0 3 0x4000080 fsleep syz-executor3787790407
48377 6882 29390 0 2 0 syz-executor3787790407
66269 278821 95112 0 2 0 syz-executor3787790407
*66269 335720 95112 0 7 0x4000000 syz-executor3787790407
42493 150938 79103 0 2 0 syz-executor3787790407
42493 59356 79103 0 3 0x4000080 fsleep syz-executor3787790407
88613 184236 35025 0 3 0x80 nanoslp syz-executor3787790407
95112 328311 35025 0 3 0x80 nanoslp syz-executor3787790407
79103 34876 35025 0 2 0 syz-executor3787790407
91066 355683 35025 0 3 0x80 nanoslp syz-executor3787790407
29390 269297 35025 0 3 0x80 nanoslp syz-executor3787790407
56726 377131 35025 0 3 0x80 nanoslp syz-executor3787790407
57602 486358 35025 0 3 0x80 nanoslp syz-executor3787790407
25669 263022 35025 0 7 0 syz-executor3787790407
35025 338014 66222 0 3 0x82 nanoslp syz-executor3787790407
66222 45561 5405 0 3 0x10008a sigsusp ksh
5405 414319 51339 0 3 0x9a kqread sshd
62992 145240 1 0 3 0x100083 ttyin getty
51339 498724 1 0 3 0x88 kqread sshd
78792 224076 43815 74 3 0x1100092 bpf pflogd
43815 215486 1 0 3 0x80 netio pflogd
28345 445775 20120 73 3 0x1100090 kqread syslogd
20120 24159 1 0 3 0x100082 netio syslogd
80198 263185 1 0 3 0x100080 kqread resolvd
75783 14205 19145 77 3 0x100092 kqread dhcpleased
68377 213139 19145 77 3 0x100092 kqread dhcpleased
19145 362390 1 0 3 0x80 kqread dhcpleased
61430 429857 0 0 3 0x14200 bored smr
3009 33622 0 0 2 0x14200 zerothread
79405 274699 0 0 3 0x14200 aiodoned aiodoned
13366 495784 0 0 3 0x14200 syncer update
65450 199786 0 0 3 0x14200 cleaner cleaner
49197 380142 0 0 3 0x14200 reaper reaper
23764 161392 0 0 3 0x14200 pgdaemon pagedaemon
45178 140690 0 0 3 0x14200 bored viomb
97312 354580 0 0 3 0x40014200 acpi0 acpi0
72096 24210 0 0 3 0x40014200 idle1
21243 472673 0 0 3 0x14200 bored softnet
43134 312498 0 0 3 0x14200 bored systqmp
94029 499347 0 0 3 0x14200 bored systq
94462 146360 0 0 3 0x40014200 bored softclock
70746 321574 0 0 3 0x40014200 idle0
1 517353 0 0 3 0x82 wait init
CPU 1:
Process 25669 (syz-executor3787790407) thread 0xffff8000ffff62b0 (263022)
exclusive rrwlock inode r = 0 (0xfffffd806cc1a5e8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1347
#6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162
#8 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
#9 domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
#10 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#10 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806d41d928)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413
#6 namei+0x36a sys/kern/vfs_lookup.c:245
#7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3086
#8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
ddb{1}> show malloc
ifaddr 29 8K 8K 78643K 32 0
counters 40 33K 33K 78643K 40 0
ioctlops 0 0K 4K 78643K 1479 0
proc 67 87K 87K 78643K 282 0
exec 0 0K 2K 78643K 430 0
UVM aobj 3 2K 2K 78643K 3 0
temp 24 4694K 4758K 78643K 3313 0
kqueue 11 16K 18K 78643K 24 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 136 35 0 20 1 0 1 1 0 8 0
syncache 296 5 0 5 1 0 1 1 0 8 1
tcpcb 736 8 0 5 1 0 1 1 0 8 0
arp 120 2 0 0 1 0 1 1 0 8 0
inpcb 312 46 0 34 1 0 1 1 0 8 0
pfstkey 112 8 0 0 1 0 1 1 0 8 0
pfstate 320 8 0 0 1 0 1 1 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
ffsino 272 1443 0 42 94 0 94 94 0 8 0
nchpl 144 1628 0 58 59 0 59 59 0 8 0
uvmvnodes 80 1453 0 0 30 0 30 30 0 8 0
vnodes 224 1453 0 0 86 0 86 86 0 8 0
namei 1024 4469 0 4468 2 0 2 2 0 8 1
percpumem 16 32 0 0 1 0 1 1 0 8 0
scxspl 216 3923 0 3923 2 0 2 2 0 8 2
plimitpl 152 16 0 9 1 0 1 1 0 8 0
sigapl 424 337 0 293 6 0 6 6 0 8 0
futexpl 64 35 0 33 1 0 1 1 0 8 0
knotepl 120 44 0 0 2 0 2 2 0 8 0
kqueuepl 216 20 0 13 1 0 1 1 0 8 0
pipepl 336 86 0 83 1 0 1 1 0 8 0
fdescpl 496 323 0 294 4 0 4 4 0 8 0
filepl 152 1162 0 1098 3 0 3 3 0 8 0
lockfpl 104 6 0 4 1 0 1 1 0 8 0
lockfspl 48 4 0 2 1 0 1 1 0 8 0
sessionpl 144 18 0 9 1 0 1 1 0 8 0
pgrppl 48 18 0 9 1 0 1 1 0 8 0
ucredpl 96 69 0 57 1 0 1 1 0 8 0
zombiepl 144 294 0 293 1 0 1 1 0 8 0
processpl 1064 337 0 293 4 0 4 4 0 8 0
procpl 672 344 0 297 5 0 5 5 0 8 0
sockpl 480 98 0 68 4 0 4 4 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 4 0 0 1 0 1 1 0 8 0
mcl2k 2048 57 0 0 8 0 8 8 0 8 0
mtagpl 96 1 0 0 1 0 1 1 0 8 0
mbufpl 256 104 0 0 7 0 7 7 0 8 0
bufpl 288 2045 0 93 140 0 140 140 0 8 0
anonpl 24 44404 0 40399 28 2 26 26 0 186 0
amapchunkpl 152 4259 0 3949 13 0 13 13 0 158 0
amappl16 200 39 0 33 2 1 1 1 0 8 0
amappl15 192 67 0 64 1 0 1 1 0 8 0
amappl13 176 34 0 33 1 0 1 1 0 8 0
amappl12 168 18 0 18 1 0 1 1 0 8 1
amappl11 160 51 0 37 1 0 1 1 0 8 0
amappl10 152 6 0 4 1 0 1 1 0 8 0
amappl9 144 458 0 455 1 0 1 1 0 8 0
amappl8 136 387 0 371 1 0 1 1 0 8 0
amappl7 128 66 0 63 1 0 1 1 0 8 0
amappl6 120 115 0 102 1 0 1 1 0 8 0
amappl5 112 178 0 166 1 0 1 1 0 8 0
amappl4 104 637 0 615 1 0 1 1 0 8 0
amappl3 96 125 0 114 1 0 1 1 0 8 0
amappl2 88 378 0 334 2 0 2 2 0 8 0
amappl1 80 8876 0 8400 10 0 10 10 0 8 0
amappl 88 2021 0 1881 4 0 4 4 0 92 0
uaddrrnd 24 323 0 294 1 0 1 1 0 8 0
vmmpekpl 168 6266 0 6243 2 0 2 2 0 8 0
vmmpepl 168 27217 0 25885 61 0 61 61 0 357 0
vmsppl 368 322 0 294 3 0 3 3 0 8 0
rwobjpl 56 9746 0 7622 31 0 31 31 0 8 0
pdppl 4096 653 0 588 83 14 69 69 0 8 4
pvpl 32 138625 0 132235 53 0 53 53 0 265 0
pmappl 248 322 0 294 2 0 2 2 0 8 0
ddb{1}> machine ddbcpu 0
__mp_lock(ffffffff82b46e28) at __mp_lock+0x122 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82b46e28,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x3d3 sys/kern/sched_bsd.c:416
sleep_finish(ffff8000211cf1e0,1) at sleep_finish+0x198 sys/kern/kern_synch.c:437
tsleep(fffffd806f4b85c0,11,ffffffff826081f3,0) at tsleep+0x12c sys/kern/kern_synch.c:158
biowait(fffffd806f4b85c0) at biowait+0x91 sys/kern/vfs_bio.c:1271
bwrite(fffffd806f4b85c0) at bwrite+0x21b sys/kern/vfs_bio.c:772
ffs_update(fffffd806d41d890,1) at ffs_update+0x27d sys/ufs/ffs/ffs_inode.c:113
ufs_mkdir(ffff8000211cf510) at ufs_mkdir+0x433 sys/ufs/ufs/ufs_vnops.c:1197
VOP_MKDIR(fffffd806d422318,ffff8000211cf670,ffff8000211cf6a0,ffff8000211cf5a0) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff8000ffff62b0,ffffff9c,7f7ffffea360,1ff) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
end trace frame: 0xffff8000211cf810, count: 0
ddb{0}> trace
x86_ipi_db(ffffffff8294dff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
__mp_lock(ffffffff82b46e28) at __mp_lock+0x122 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82b46e28,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x3d3 sys/kern/sched_bsd.c:416
sleep_finish(ffff8000211cf1e0,1) at sleep_finish+0x198 sys/kern/kern_synch.c:437
tsleep(fffffd806f4b85c0,11,ffffffff826081f3,0) at tsleep+0x12c sys/kern/kern_synch.c:158
biowait(fffffd806f4b85c0) at biowait+0x91 sys/kern/vfs_bio.c:1271
bwrite(fffffd806f4b85c0) at bwrite+0x21b sys/kern/vfs_bio.c:772
ffs_update(fffffd806d41d890,1) at ffs_update+0x27d sys/ufs/ffs/ffs_inode.c:113
ufs_mkdir(ffff8000211cf510) at ufs_mkdir+0x433 sys/ufs/ufs/ufs_vnops.c:1197
VOP_MKDIR(fffffd806d422318,ffff8000211cf670,ffff8000211cf6a0,ffff8000211cf5a0) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff8000ffff62b0,ffffff9c,7f7ffffea360,1ff) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
syscall(ffff8000211cf820) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000211cf820) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
selwakeup(fffffd806dcd58b0) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd806dcd5798) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f67aaf8,fffffd806e534900,fffffd806e5341b0,0,14,fffffd806e5341c4,17a838f1d7c02518,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff80002122aa38,ffff80002122aa44,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff80002122aa38,ffff80002122aa44,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002122aa38,ffff80002122aa44,fffffd806e5341bc,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002122aa38,ffff80002122aa44,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd806e534100) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd806e534100,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd807f00ec00,0,fffffd806f67a7c8,0,0,fffffd806f67a750,55108209fcf15a8b) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd807f00ec00,0,fffffd806f67a7c8,0,0,fffffd806f67a750,55108209fcf15a8b) at ip_output+0xb05 sys/netinet/ip_output.c:332
end trace frame: 0xffff80002122acb0, count: 0
ddb{1}> trace
selwakeup(fffffd806dcd58b0) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd806dcd5798) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f67aaf8,fffffd806e534900,fffffd806e5341b0,0,14,fffffd806e5341c4,17a838f1d7c02518,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff80002122aa38,ffff80002122aa44,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff80002122aa38,ffff80002122aa44,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002122aa38,ffff80002122aa44,fffffd806e5341bc,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002122aa38,ffff80002122aa44,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd806e534100) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd806e534100,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd807f00ec00,0,fffffd806f67a7c8,0,0,fffffd806f67a750,55108209fcf15a8b) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd807f00ec00,0,fffffd806f67a7c8,0,0,fffffd806f67a750,55108209fcf15a8b) at ip_output+0xb05 sys/netinet/ip_output.c:332
udp_output(fffffd806f67a750,fffffd807f00ec00,0,0) at udp_output+0x58d sys/netinet/udp_usrreq.c:1011
sosend(fffffd806dcd5018,0,ffff80002122ae48,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582
dofilewritev(ffff8000212457a8,3,ffff80002122ae48,0,ffff80002122af40) at dofilewritev+0x19c sys/kern/sys_generic.c:381
sys_write(ffff8000212457a8,ffff80002122aee8,ffff80002122af40) at sys_write+0x83 sys/kern/sys_generic.c:301
syscall(ffff80002122afb0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002122afb0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
ddb{1}>
HEAD commit: 4ff57d1d979c Adjust to renaming of F_CTL_ACTIVE/F_PREF_ACT..
git tree: openbsd
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=7596cb96fb9f3c9d6f4f
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17985ef9700000
dashboard link: https://syzkaller.appspot.com/bug?extid=7596cb96fb9f3c9d6f4f
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=156728db700000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7596cb...@syzkaller.appspotmail.com
panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
263022 25669 0 0 0 0 syz-executor3787790407
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a56b6) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82b47030,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd806dcd58b0) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
panic(ffffffff825a56b6) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82b47030,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd806dcd58b0) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd806dcd5798) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f67aaf8,fffffd806e534900,fffffd806e5341b0,0,14,fffffd806e5341c4,17a838f1d7c02518,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff80002122aa38,ffff80002122aa44,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff80002122aa38,ffff80002122aa44,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002122aa38,ffff80002122aa44,fffffd806e5341bc,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002122aa38,ffff80002122aa44,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd806e534100) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd806e534100,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd807f00ec00,0,fffffd806f67a7c8,0,0,fffffd806f67a750,55108209fcf15a8b) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd807f00ec00,0,fffffd806f67a7c8,0,0,fffffd806f67a750,55108209fcf15a8b) at ip_output+0xb05 sys/netinet/ip_output.c:332
end trace frame: 0xffff80002122acb0, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a56b6) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82b47030,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd806dcd58b0) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
panic(ffffffff825a56b6) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82b47030,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd806dcd58b0) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd806dcd5798) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f67aaf8,fffffd806e534900,fffffd806e5341b0,0,14,fffffd806e5341c4,17a838f1d7c02518,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff80002122aa38,ffff80002122aa44,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff80002122aa38,ffff80002122aa44,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002122aa38,ffff80002122aa44,fffffd806e5341bc,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002122aa38,ffff80002122aa44,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd806e534100) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd806e534100,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd807f00ec00,0,fffffd806f67a7c8,0,0,fffffd806f67a750,55108209fcf15a8b) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd807f00ec00,0,fffffd806f67a7c8,0,0,fffffd806f67a750,55108209fcf15a8b) at ip_output+0xb05 sys/netinet/ip_output.c:332
udp_output(fffffd806f67a750,fffffd807f00ec00,0,0) at udp_output+0x58d sys/netinet/udp_usrreq.c:1011
sosend(fffffd806dcd5018,0,ffff80002122ae48,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582
dofilewritev(ffff8000212457a8,3,ffff80002122ae48,0,ffff80002122af40) at dofilewritev+0x19c sys/kern/sys_generic.c:381
sys_write(ffff8000212457a8,ffff80002122aee8,ffff80002122af40) at sys_write+0x83 sys/kern/sys_generic.c:301
syscall(ffff80002122afb0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002122afb0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x1ae3e97b750, count: -20
end of kernel
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002122a470
rbx 0xffff800020ce9bff
rdx 0x3fd
rcx 0
rax 0x68
r8 0x101010101010101
r9 0x8080808080808080
r10 0x5f2221f2b3552f78
r11 0x10a105246ba82695
r12 0xffff800020ce9a00
r13 0
r14 0
r15 0x1
rip 0xffffffff81f18858 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80002122a460
r14 0
r15 0x1
rip 0xffffffff81f18858 db_enter+0x18
cs 0x8
rflags 0x246
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
db_enter+0x18: addq $0x8,%rsp
PROC (syz-executor3787790407) pid=335720 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=52, nice=20
forw=0xffffffffffffffff, list=0xffff800021245ce8,0xffff800021245278
process=0xffff8000ffffa998 user=0xffff800021226000, vmspace=0xfffffd806cbe7180
estcpu=2, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
46312 463659 88613 0 2 0 syz-executor3787790407
99610 176689 91066 0 2 0 syz-executor3787790407
31601 194813 56726 0 2 0 syz-executor3787790407
31601 257662 56726 0 3 0x4000080 fsleep syz-executor3787790407
48377 6882 29390 0 2 0 syz-executor3787790407
66269 278821 95112 0 2 0 syz-executor3787790407
*66269 335720 95112 0 7 0x4000000 syz-executor3787790407
42493 150938 79103 0 2 0 syz-executor3787790407
42493 59356 79103 0 3 0x4000080 fsleep syz-executor3787790407
88613 184236 35025 0 3 0x80 nanoslp syz-executor3787790407
95112 328311 35025 0 3 0x80 nanoslp syz-executor3787790407
79103 34876 35025 0 2 0 syz-executor3787790407
91066 355683 35025 0 3 0x80 nanoslp syz-executor3787790407
29390 269297 35025 0 3 0x80 nanoslp syz-executor3787790407
56726 377131 35025 0 3 0x80 nanoslp syz-executor3787790407
57602 486358 35025 0 3 0x80 nanoslp syz-executor3787790407
25669 263022 35025 0 7 0 syz-executor3787790407
35025 338014 66222 0 3 0x82 nanoslp syz-executor3787790407
66222 45561 5405 0 3 0x10008a sigsusp ksh
5405 414319 51339 0 3 0x9a kqread sshd
62992 145240 1 0 3 0x100083 ttyin getty
51339 498724 1 0 3 0x88 kqread sshd
78792 224076 43815 74 3 0x1100092 bpf pflogd
43815 215486 1 0 3 0x80 netio pflogd
28345 445775 20120 73 3 0x1100090 kqread syslogd
20120 24159 1 0 3 0x100082 netio syslogd
80198 263185 1 0 3 0x100080 kqread resolvd
75783 14205 19145 77 3 0x100092 kqread dhcpleased
68377 213139 19145 77 3 0x100092 kqread dhcpleased
19145 362390 1 0 3 0x80 kqread dhcpleased
61430 429857 0 0 3 0x14200 bored smr
3009 33622 0 0 2 0x14200 zerothread
79405 274699 0 0 3 0x14200 aiodoned aiodoned
13366 495784 0 0 3 0x14200 syncer update
65450 199786 0 0 3 0x14200 cleaner cleaner
49197 380142 0 0 3 0x14200 reaper reaper
23764 161392 0 0 3 0x14200 pgdaemon pagedaemon
45178 140690 0 0 3 0x14200 bored viomb
97312 354580 0 0 3 0x40014200 acpi0 acpi0
72096 24210 0 0 3 0x40014200 idle1
21243 472673 0 0 3 0x14200 bored softnet
43134 312498 0 0 3 0x14200 bored systqmp
94029 499347 0 0 3 0x14200 bored systq
94462 146360 0 0 3 0x40014200 bored softclock
70746 321574 0 0 3 0x40014200 idle0
1 517353 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex &table->inpt_mtx r = 0 (0xffffffff82a88990)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 udp_input+0x7b0
#4 ip_deliver+0x322 sys/netinet/ip_input.c:657
#5 ip_ours+0x3ba sys/netinet/ip_input.c:616
#6 ip_input_if+0x2a1
#7 ipv4_input+0x48 sys/netinet/ip_input.c:242
#8 if_input_local+0x10e sys/net/if.c:774
#9 ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
#9 ip_output+0xb05 sys/netinet/ip_output.c:332
#10 udp_output+0x58d sys/netinet/udp_usrreq.c:1011
#11 sosend+0x632 sys/kern/uipc_socket.c:582
#12 dofilewritev+0x19c sys/kern/sys_generic.c:381
#13 sys_write+0x83 sys/kern/sys_generic.c:301
#14 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#14 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#15 Xsyscall+0x128
Process 66269 (syz-executor3787790407) thread 0xffff8000212457a8 (335720)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 udp_input+0x7b0
#4 ip_deliver+0x322 sys/netinet/ip_input.c:657
#5 ip_ours+0x3ba sys/netinet/ip_input.c:616
#6 ip_input_if+0x2a1
#7 ipv4_input+0x48 sys/netinet/ip_input.c:242
#8 if_input_local+0x10e sys/net/if.c:774
#9 ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
#9 ip_output+0xb05 sys/netinet/ip_output.c:332
#10 udp_output+0x58d sys/netinet/udp_usrreq.c:1011
#11 sosend+0x632 sys/kern/uipc_socket.c:582
#12 dofilewritev+0x19c sys/kern/sys_generic.c:381
#13 sys_write+0x83 sys/kern/sys_generic.c:301
#14 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#14 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#15 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806cc1a5e8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1347
#6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162
#8 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
#9 domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
#10 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#10 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806d41d928)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413
#6 namei+0x36a sys/kern/vfs_lookup.c:245
#7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3086
#8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10149 6454K 6455K 78643K 11239 0
pcb 13 8K 8K 78643K 13 0
rtable 62 2K 2K 78643K 112 0
ifaddr 29 8K 8K 78643K 32 0
counters 40 33K 33K 78643K 40 0
ioctlops 0 0K 4K 78643K 1479 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1167 73K 73K 78643K 1180 0
log 0 0K 0K 78643K 5 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
UFS mount 5 36K 36K 78643K 5 0
VM map 2 1K 1K 78643K 2 0
sem 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 1 0K 0K 78643K 1 0
ACPI 1697 195K 286K 78643K 12548 0
proc 67 87K 87K 78643K 282 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 11 0K 0K 78643K 11 0
NFS daemon 1 16K 16K 78643K 1 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 25 122K 122K 78643K 25 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
exec 0 0K 2K 78643K 430 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 165 7K 7K 78643K 2313 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM aobj 3 2K 2K 78643K 3 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 4 0K 0K 78643K 4 0
crypto data 1 1K 1K 78643K 1 0
temp 24 4694K 4758K 78643K 3313 0
kqueue 11 16K 18K 78643K 24 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 17 0 14 1 0 1 1 0 8 0
plcache 128 22 0 0 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 136 35 0 20 1 0 1 1 0 8 0
syncache 296 5 0 5 1 0 1 1 0 8 1
tcpcb 736 8 0 5 1 0 1 1 0 8 0
arp 120 2 0 0 1 0 1 1 0 8 0
inpcb 312 46 0 34 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 8 0 0 1 0 1 1 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstkey 112 8 0 0 1 0 1 1 0 8 0
pfstate 320 8 0 0 1 0 1 1 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 96 0 0 6 0 6 6 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1443 0 42 88 0 88 88 0 8 0
ffsino 272 1443 0 42 94 0 94 94 0 8 0
nchpl 144 1628 0 58 59 0 59 59 0 8 0
uvmvnodes 80 1453 0 0 30 0 30 30 0 8 0
vnodes 224 1453 0 0 86 0 86 86 0 8 0
namei 1024 4469 0 4468 2 0 2 2 0 8 1
percpumem 16 32 0 0 1 0 1 1 0 8 0
scxspl 216 3923 0 3923 2 0 2 2 0 8 2
plimitpl 152 16 0 9 1 0 1 1 0 8 0
sigapl 424 337 0 293 6 0 6 6 0 8 0
futexpl 64 35 0 33 1 0 1 1 0 8 0
knotepl 120 44 0 0 2 0 2 2 0 8 0
kqueuepl 216 20 0 13 1 0 1 1 0 8 0
pipepl 336 86 0 83 1 0 1 1 0 8 0
fdescpl 496 323 0 294 4 0 4 4 0 8 0
filepl 152 1162 0 1098 3 0 3 3 0 8 0
lockfpl 104 6 0 4 1 0 1 1 0 8 0
lockfspl 48 4 0 2 1 0 1 1 0 8 0
sessionpl 144 18 0 9 1 0 1 1 0 8 0
pgrppl 48 18 0 9 1 0 1 1 0 8 0
ucredpl 96 69 0 57 1 0 1 1 0 8 0
zombiepl 144 294 0 293 1 0 1 1 0 8 0
processpl 1064 337 0 293 4 0 4 4 0 8 0
procpl 672 344 0 297 5 0 5 5 0 8 0
sockpl 480 98 0 68 4 0 4 4 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 4 0 0 1 0 1 1 0 8 0
mcl2k 2048 57 0 0 8 0 8 8 0 8 0
mtagpl 96 1 0 0 1 0 1 1 0 8 0
mbufpl 256 104 0 0 7 0 7 7 0 8 0
bufpl 288 2045 0 93 140 0 140 140 0 8 0
anonpl 24 44404 0 40399 28 2 26 26 0 186 0
amapchunkpl 152 4259 0 3949 13 0 13 13 0 158 0
amappl16 200 39 0 33 2 1 1 1 0 8 0
amappl15 192 67 0 64 1 0 1 1 0 8 0
amappl13 176 34 0 33 1 0 1 1 0 8 0
amappl12 168 18 0 18 1 0 1 1 0 8 1
amappl11 160 51 0 37 1 0 1 1 0 8 0
amappl10 152 6 0 4 1 0 1 1 0 8 0
amappl9 144 458 0 455 1 0 1 1 0 8 0
amappl8 136 387 0 371 1 0 1 1 0 8 0
amappl7 128 66 0 63 1 0 1 1 0 8 0
amappl6 120 115 0 102 1 0 1 1 0 8 0
amappl5 112 178 0 166 1 0 1 1 0 8 0
amappl4 104 637 0 615 1 0 1 1 0 8 0
amappl3 96 125 0 114 1 0 1 1 0 8 0
amappl2 88 378 0 334 2 0 2 2 0 8 0
amappl1 80 8876 0 8400 10 0 10 10 0 8 0
amappl 88 2021 0 1881 4 0 4 4 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
uaddrrnd 24 323 0 294 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 323 0 294 1 0 1 1 0 8 0
vmmpekpl 168 6266 0 6243 2 0 2 2 0 8 0
vmmpepl 168 27217 0 25885 61 0 61 61 0 357 0
vmsppl 368 322 0 294 3 0 3 3 0 8 0
rwobjpl 56 9746 0 7622 31 0 31 31 0 8 0
pdppl 4096 653 0 588 83 14 69 69 0 8 4
pvpl 32 138625 0 132235 53 0 53 53 0 265 0
pmappl 248 322 0 294 2 0 2 2 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 445 0 17 13 0 13 13 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff8294dff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82b46e28) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82b46e28) at __mp_lock+0x122 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82b46e28,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x3d3 sys/kern/sched_bsd.c:416
sleep_finish(ffff8000211cf1e0,1) at sleep_finish+0x198 sys/kern/kern_synch.c:437
tsleep(fffffd806f4b85c0,11,ffffffff826081f3,0) at tsleep+0x12c sys/kern/kern_synch.c:158
biowait(fffffd806f4b85c0) at biowait+0x91 sys/kern/vfs_bio.c:1271
bwrite(fffffd806f4b85c0) at bwrite+0x21b sys/kern/vfs_bio.c:772
ffs_update(fffffd806d41d890,1) at ffs_update+0x27d sys/ufs/ffs/ffs_inode.c:113
ufs_mkdir(ffff8000211cf510) at ufs_mkdir+0x433 sys/ufs/ufs/ufs_vnops.c:1197
VOP_MKDIR(fffffd806d422318,ffff8000211cf670,ffff8000211cf6a0,ffff8000211cf5a0) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff8000ffff62b0,ffffff9c,7f7ffffea360,1ff) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
end trace frame: 0xffff8000211cf810, count: 0
ddb{0}> trace
x86_ipi_db(ffffffff8294dff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82b46e28) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82b46e28) at __mp_lock+0x122 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82b46e28,1) at __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x3d3 sys/kern/sched_bsd.c:416
sleep_finish(ffff8000211cf1e0,1) at sleep_finish+0x198 sys/kern/kern_synch.c:437
tsleep(fffffd806f4b85c0,11,ffffffff826081f3,0) at tsleep+0x12c sys/kern/kern_synch.c:158
biowait(fffffd806f4b85c0) at biowait+0x91 sys/kern/vfs_bio.c:1271
bwrite(fffffd806f4b85c0) at bwrite+0x21b sys/kern/vfs_bio.c:772
ffs_update(fffffd806d41d890,1) at ffs_update+0x27d sys/ufs/ffs/ffs_inode.c:113
ufs_mkdir(ffff8000211cf510) at ufs_mkdir+0x433 sys/ufs/ufs/ufs_vnops.c:1197
VOP_MKDIR(fffffd806d422318,ffff8000211cf670,ffff8000211cf6a0,ffff8000211cf5a0) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff8000ffff62b0,ffffff9c,7f7ffffea360,1ff) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
syscall(ffff8000211cf820) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000211cf820) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffea3c0, count: -16
end of kernel
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x18: addq $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a56b6) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82b47030,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd806dcd58b0) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
panic(ffffffff825a56b6) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82b47030,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd806dcd58b0) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd806dcd5798) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f67aaf8,fffffd806e534900,fffffd806e5341b0,0,14,fffffd806e5341c4,17a838f1d7c02518,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff80002122aa38,ffff80002122aa44,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff80002122aa38,ffff80002122aa44,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002122aa38,ffff80002122aa44,fffffd806e5341bc,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002122aa38,ffff80002122aa44,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd806e534100) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd806e534100,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd807f00ec00,0,fffffd806f67a7c8,0,0,fffffd806f67a750,55108209fcf15a8b) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd807f00ec00,0,fffffd806f67a7c8,0,0,fffffd806f67a750,55108209fcf15a8b) at ip_output+0xb05 sys/netinet/ip_output.c:332
end trace frame: 0xffff80002122acb0, count: 0
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a56b6) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82b47030,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd806dcd58b0) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
panic(ffffffff825a56b6) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82b47030,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82b46e28) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd806dcd58b0) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd806dcd5798) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f67aaf8,fffffd806e534900,fffffd806e5341b0,0,14,fffffd806e5341c4,17a838f1d7c02518,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff80002122aa38,ffff80002122aa44,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff80002122aa38,ffff80002122aa44,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002122aa38,ffff80002122aa44,fffffd806e5341bc,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002122aa38,ffff80002122aa44,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd806e534100) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd806e534100,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd807f00ec00,0,fffffd806f67a7c8,0,0,fffffd806f67a750,55108209fcf15a8b) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd807f00ec00,0,fffffd806f67a7c8,0,0,fffffd806f67a750,55108209fcf15a8b) at ip_output+0xb05 sys/netinet/ip_output.c:332
udp_output(fffffd806f67a750,fffffd807f00ec00,0,0) at udp_output+0x58d sys/netinet/udp_usrreq.c:1011
sosend(fffffd806dcd5018,0,ffff80002122ae48,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582
dofilewritev(ffff8000212457a8,3,ffff80002122ae48,0,ffff80002122af40) at dofilewritev+0x19c sys/kern/sys_generic.c:381
sys_write(ffff8000212457a8,ffff80002122aee8,ffff80002122af40) at sys_write+0x83 sys/kern/sys_generic.c:301
syscall(ffff80002122afb0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002122afb0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x1ae3e97b750, count: -20
end of kernel
ddb{1}>
Alexander Bluhm
Mar 21, 2022, 9:29:27 AM3/21/22
to syzbot, syzkaller-o...@googlegroups.com
On Mon, Mar 21, 2022 at 06:07:21AM -0700, syzbot wrote:
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 4ff57d1d979c Adjust to renaming of F_CTL_ACTIVE/F_PREF_ACT..
> git tree: openbsd
> console output: https://syzkaller.appspot.com/x/log.txt?x=118a2ced700000
> kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
> dashboard link: https://syzkaller.appspot.com/bug?extid=7596cb96fb9f3c9d6f4f
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17985ef9700000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=156728db700000
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+7596cb...@syzkaller.appspotmail.com
>
> panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock
I broke this with my mutex for PCB tables commit. Problem is that
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 4ff57d1d979c Adjust to renaming of F_CTL_ACTIVE/F_PREF_ACT..
> git tree: openbsd
> console output: https://syzkaller.appspot.com/x/log.txt?x=118a2ced700000
> kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
> dashboard link: https://syzkaller.appspot.com/bug?extid=7596cb96fb9f3c9d6f4f
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17985ef9700000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=156728db700000
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+7596cb...@syzkaller.appspotmail.com
>
> panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock
udp_sbappend() does too much when called from a loop that holds
udbtable.inpt_mtx. I will try to delay the call to udp_sbappend()
after the loop and without mutex protection.
bluhm
> You received this message because you are subscribed to the Google Groups "syzkaller-openbsd-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-openbsd...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-openbsd-bugs/0000000000003d176d05daba2d2f%40google.com.
Anton Lindqvist
Mar 22, 2022, 7:45:27 AM3/22/22
to syzbot, syzkaller-o...@googlegroups.com
#syz invalid
Reply all
Reply to author
Forward
0 new messages