Hello,
syzbot found the following issue on:
HEAD commit: acb1415e3c0a Import ts(1) - a timestamp utility
git tree: openbsd
console output:
https://syzkaller.appspot.com/x/log.txt?x=174b21d4080000
kernel config:
https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link:
https://syzkaller.appspot.com/bug?extid=dd2d2684ad2818c927da
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+dd2d26...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "uvn->u_obj.uo_refs == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_vnode.c", line 234
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*139245 96814 32767 0x10 0x4000000 0K syz-executor.2
464124 76843 0 0x14000 0x200 1 reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825a1086) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff82613da6,ffffffff826356be,ea,ffffffff8262dfae) at __assert+0x25 sys/kern/subr_prf.c:161
uvn_attach(fffffd8074388e88,6) at uvn_attach+0x444 sys/uvm/uvm_vnode.c:234
uvm_mmapfile(fffffd806cefc5d8,ffff8000247ba3f8,10000,2,6,11,eb0e58e6c976dfb4,fffffd806cefc5d8,0,11) at uvm_mmapfile+0x194 sys/uvm/uvm_mmap.c:1029
sys_mmap(ffff800029a51a50,ffff8000247ba4a0,ffff8000247ba580) at sys_mmap+0xb4a sys/uvm/uvm_mmap.c:395
sys_pad_mmap(ffff800029a51a50,ffff8000247ba528,ffff8000247ba580) at sys_pad_mmap+0x68 sys/uvm/uvm_mmap.c:470
syscall(ffff8000247ba5f0) at syscall+0x484 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000247ba5f0) at syscall+0x484 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd7f34119360, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: kernel diagnostic assertion "uvn->u_obj.uo_refs == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_vnode.c", line 234
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825a1086) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff82613da6,ffffffff826356be,ea,ffffffff8262dfae) at __assert+0x25 sys/kern/subr_prf.c:161
uvn_attach(fffffd8074388e88,6) at uvn_attach+0x444 sys/uvm/uvm_vnode.c:234
uvm_mmapfile(fffffd806cefc5d8,ffff8000247ba3f8,10000,2,6,11,eb0e58e6c976dfb4,fffffd806cefc5d8,0,11) at uvm_mmapfile+0x194 sys/uvm/uvm_mmap.c:1029
sys_mmap(ffff800029a51a50,ffff8000247ba4a0,ffff8000247ba580) at sys_mmap+0xb4a sys/uvm/uvm_mmap.c:395
sys_pad_mmap(ffff800029a51a50,ffff8000247ba528,ffff8000247ba580) at sys_pad_mmap+0x68 sys/uvm/uvm_mmap.c:470
syscall(ffff8000247ba5f0) at syscall+0x484 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000247ba5f0) at syscall+0x484 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd7f34119360, count: -9
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff8000247ba090
rbx 0xffffffff82989bb7 cpu_info_full_primary+0x2bb7
rdx 0
rcx 0
rax 0xffff800029a51a50
r8 0x101010101010101
r9 0x8080808080808080
r10 0xd24146b1246febf5
r11 0xca51658726fff2f1
r12 0xffffffff829899b8 cpu_info_full_primary+0x29b8
r13 0
r14 0
r15 0x1
rip 0xffffffff813e2898 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000247ba080
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.2) pid=139245 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800029a647e0,0xffff800029a50aa0
process=0xffff8000fffe90b8 user=0xffff8000247b5000, vmspace=0xfffffd806cefc5d8
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
96081 502077 28657 32767 2 0x10 syz-executor.6
96814 206648 73483 32767 2 0x490 syz-executor.2
*96814 139245 73483 32767 7 0x4000010 syz-executor.2
96814 509360 73483 32767 3 0x4000090 fsleep syz-executor.2
91598 240121 0 0 3 0x14200 bored sosplice
6602 409733 47434 32767 2 0x490 syz-executor.5
28657 173369 16983 32767 3 0x90 nanoslp syz-executor.6
55224 422272 54898 32767 2 0x490 syz-executor.7
16983 414070 22980 0 3 0x82 wait syz-executor.6
54898 258304 22980 0 3 0x82 wait syz-executor.7
53541 135051 97989 32767 2 0x10 syz-executor.3
47434 481299 22980 0 3 0x82 wait syz-executor.5
98196 63635 56706 32767 2 0x490 syz-executor.1
68495 286996 25591 32767 3 0x90 nanoslp syz-executor.4
97989 343591 22980 0 3 0x82 wait syz-executor.3
73483 36446 10586 32767 2 0x490 syz-executor.2
56706 134976 22980 0 3 0x82 wait syz-executor.1
25591 285392 22980 0 3 0x82 wait syz-executor.4
6512 451306 81362 32767 2 0x490 syz-executor.0
10586 57587 22980 0 3 0x82 wait syz-executor.2
81362 144064 22980 0 3 0x82 wait syz-executor.0
22980 455939 47909 0 3 0x82 kqread syz-fuzzer
22980 208610 47909 0 2 0x4000482 syz-fuzzer
22980 477791 47909 0 3 0x4000082 thrsleep syz-fuzzer
22980 504147 47909 0 3 0x4000082 thrsleep syz-fuzzer
22980 170130 47909 0 3 0x4000082 thrsleep syz-fuzzer
22980 258781 47909 0 3 0x4000082 thrsleep syz-fuzzer
22980 432537 47909 0 3 0x4000082 thrsleep syz-fuzzer
22980 146123 47909 0 3 0x4000082 thrsleep syz-fuzzer
22980 521289 47909 0 3 0x4000082 thrsleep syz-fuzzer
47909 512554 98008 0 3 0x10008a sigsusp ksh
98008 13327 91890 0 3 0x9a kqread sshd
20898 339016 1 0 3 0x100083 ttyin getty
91890 313981 1 0 3 0x88 kqread sshd
55563 260232 59547 73 3 0x1100090 kqread syslogd
59547 153986 1 0 3 0x100082 netio syslogd
35423 467125 1 0 3 0x100080 kqread resolvd
48998 390527 29916 77 3 0x100092 kqread dhcpleased
90220 510099 29916 77 3 0x100092 kqread dhcpleased
29916 241380 1 0 3 0x80 kqread dhcpleased
21937 131306 0 0 3 0x14200 bored smr
53474 48946 0 0 2 0x14200 zerothread
86333 492403 0 0 3 0x14200 aiodoned aiodoned
82869 442701 0 0 3 0x14200 syncer update
63463 160108 0 0 3 0x14200 cleaner cleaner
76843 464124 0 0 7 0x14200 reaper
36359 11253 0 0 3 0x14200 pgdaemon pagedaemon
30350 177748 0 0 3 0x14200 bored viomb
68487 327076 0 0 3 0x40014200 acpi0 acpi0
51945 508059 0 0 3 0x40014200 idle1
47642 521260 0 0 3 0x14200 bored softnet
91254 131333 0 0 3 0x14200 bored softnet
75493 302443 0 0 3 0x14200 bored softnet
90954 92808 0 0 2 0x14200 softnet
77952 391893 0 0 3 0x14200 bored systqmp
19035 401046 0 0 3 0x14200 bored systq
2806 419101 0 0 2 0x40014200 softclock
428 392332 0 0 3 0x40014200 idle0
1 97831 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 1:
exclusive sched_lock &sched_lock r = 0 (0xffffffff82a153e0)
#0 witness_lock+0x44d
#1 wakeup_n+0x37
#2 uvm_pmr_freepageq+0x2ca sys/uvm/uvm_pmemrange.c:1353
#3 amap_wipeout+0x1ff sys/uvm/uvm_amap.c:523
#4 uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1599
#5 uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789
#6 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3684
#7 reaper+0x19a sys/kern/kern_exit.c:454
#8 proc_trampoline+0x1c
exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff82ba3868)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 uvm_pmr_freepageq+0xcc sys/uvm/uvm_pmemrange.c:1333
#4 amap_wipeout+0x1ff sys/uvm/uvm_amap.c:523
#5 uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1599
#6 uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789
#7 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3684
#8 reaper+0x19a sys/kern/kern_exit.c:454
#9 proc_trampoline+0x1c
Process 96814 (syz-executor.2) thread 0xffff800029a51a50 (139245)
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82ad3210)
#0 witness_lock+0x44d
#1 syscall+0x3e8 mi_syscall sys/sys/syscall_mi.h:93 [inline]
#1 syscall+0x3e8 sys/arch/amd64/amd64/trap.c:585
#2 Xsyscall+0x128
Process 53541 (syz-executor.3) thread 0xffff8000fffeca88 (135051)
exclusive rrwlock inode r = 0 (0xfffffd80740e8b38)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:567
#5 vget+0x1d3 sys/kern/vfs_subr.c:678
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1318
#8 ufs_lookup+0x13ba sys/ufs/ufs/ufs_lookup.c:487
#9 VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x6e5 sys/kern/vfs_lookup.c:561
#11 namei+0x36a sys/kern/vfs_lookup.c:245
#12 dounlinkat+0x99 sys/kern/vfs_syscalls.c:1852
#13 syscall+0x484 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#13 syscall+0x484 sys/arch/amd64/amd64/trap.c:585
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8064fcbc50)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:567
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413
#6 namei+0x36a sys/kern/vfs_lookup.c:245
#7 dounlinkat+0x99 sys/kern/vfs_syscalls.c:1852
#8 syscall+0x484 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8 syscall+0x484 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
Process 76843 (reaper) thread 0xffff8000212437a8 (464124)
uvm_fault(0xfffffd806cefc5d8, 0x0, 0, 1) -> e
kernel: page fault trap, code=0
Faulted in DDB; continuing...
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10223 6414K 6420K 78643K 11315 0
pcb 13 12K 14K 78643K 17 0
rtable 240 6K 7K 78643K 669 0
ifaddr 81 16K 16K 78643K 82 0
sysctl 2 0K 0K 78643K 2 0
counters 56 35K 35K 78643K 56 0
ioctlops 0 0K 2K 78643K 808 0
iov 0 0K 32K 78643K 1428 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1270 79K 79K 78643K 1578 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 27 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 467 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 20 73K 121K 78643K 3063 0
sigio 0 0K 0K 78643K 141 0
proc 56 78K 115K 78643K 798 0
subproc 104 6K 6K 78643K 104 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 314 0
in_multi 99 6K 6K 78643K 153 0
ether_multi 1 0K 0K 78643K 24 0
mrt 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 337 1500K 1500K 78643K 337 0
exec 0 0K 2K 78643K 1041 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 262 102K 105K 78643K 20211 0
UVM aobj 131 4K 4K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 89 0
NDP 11 0K 2K 78643K 27 0
temp 124 4722K 4842K 78643K 10196 0
kqueue 12 18K 24K 78643K 349 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 663 0 660 9 7 2 3 0 8 1
rtentry 112 115 0 2 4 0 4 4 0 8 0
unpcb 136 2188 0 2175 15 13 2 6 0 8 1
syncache 296 51 0 51 6 5 1 1 0 8 1
tcpqe 32 25 0 25 6 6 0 1 0 8 0
tcpcb 736 2927 0 2898 46 40 6 20 0 8 2
arp 120 19 0 0 1 0 1 1 0 8 0
ipq 40 1 0 1 1 1 0 1 0 8 0
ipqe 40 67 0 67 1 1 0 1 0 8 0
inpcb 320 6032 0 6014 51 44 7 13 0 8 5
nd6 48 27 0 1 1 0 1 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 469 0 2 30 0 30 30 0 8 0
art_table 32 470 0 2 4 0 4 4 0 8 0
art_node 16 114 0 11 1 0 1 1 0 8 0
sysvmsgpl 40 10 0 7 2 1 1 1 0 8 0
semupl 112 3 0 3 1 1 0 1 0 8 0
semapl 112 465 0 455 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 5280 0 3838 91 0 91 91 0 8 0
ffsino 272 5280 0 3838 97 0 97 97 0 8 0
nchpl 144 9580 0 7903 63 0 63 63 0 8 0
uvmvnodes 80 5393 0 0 111 0 111 111 0 8 0
vnodes 224 5393 0 0 318 0 318 318 0 8 0
namei 1024 37676 0 37676 2 1 1 2 0 8 1
percpumem 16 40 0 0 1 0 1 1 0 8 0
kstatmem 264 22 0 0 2 0 2 2 0 8 0
scxspl 216 29449 0 29449 16 12 4 8 0 8 4
plimitpl 152 503 0 480 4 3 1 2 0 8 0
sigapl 424 3342 0 3288 7 0 7 7 0 8 0
futexpl 64 29474 0 29473 1 0 1 1 0 8 0
knotepl 120 439 0 0 13 0 13 13 0 8 0
kqueuepl 224 711 0 703 11 6 5 5 0 8 4
pipepl 336 919 0 891 29 23 6 13 0 8 3
fdescpl 496 3324 0 3293 7 2 5 6 0 8 0
filepl 152 25382 0 25146 44 30 14 20 0 8 4
lockfpl 104 436 0 433 1 0 1 1 0 8 0
lockfspl 48 177 0 174 1 0 1 1 0 8 0
sessionpl 144 23 0 7 1 0 1 1 0 8 0
pgrppl 48 42 0 26 1 0 1 1 0 8 0
ucredpl 104 2971 0 2953 1 0 1 1 0 8 0
zombiepl 144 3293 0 3288 1 0 1 1 0 8 0
processpl 1064 3342 0 3288 5 1 4 5 0 8 0
procpl 672 9398 0 9330 9 2 7 8 0 8 0
sosppl 168 41 0 41 4 3 1 1 0 8 1
sockpl 480 8979 0 8948 149 137 12 35 0 8 7
mcl64k 65536 17 0 0 3 0 3 3 0 8 0
mcl16k 16384 17 0 0 3 0 3 3 0 8 0
mcl12k 12288 17 0 0 2 0 2 2 0 8 0
mcl9k 9216 15 0 0 2 0 2 2 0 8 0
mcl8k 8192 16 0 0 2 0 2 2 0 8 0
mcl4k 4096 17 0 0 3 0 3 3 0 8 0
mcl2k2 2112 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 175 0 0 17 0 17 17 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 6889 0 0 430 0 430 430 0 8 0
bufpl 288 9106 0 2775 453 0 453 453 0 8 0
anonpl 24 719948 0 707730 167 63 104 124 0 186 2
amapchunkpl 152 63390 0 62627 87 48 39 40 0 158 6
amappl16 200 13555 0 13193 89 56 33 41 0 8 9
amappl15 192 1457 0 1452 1 0 1 1 0 8 0
amappl14 184 1138 0 1128 1 0 1 1 0 8 0
amappl13 176 437 0 435 1 0 1 1 0 8 0
amappl12 168 7 0 4 1 0 1 1 0 8 0
amappl11 160 91 0 74 1 0 1 1 0 8 0
amappl10 152 38 0 35 1 0 1 1 0 8 0
amappl9 144 908 0 902 1 0 1 1 0 8 0
amappl8 136 1029 0 949 3 0 3 3 0 8 0
amappl7 128 471 0 458 1 0 1 1 0 8 0
amappl6 120 643 0 625 2 1 1 2 0 8 0
amappl5 112 2355 0 2337 1 0 1 1 0 8 0
amappl4 104 1546 0 1516 2 0 2 2 0 8 0
amappl3 96 9694 0 9648 2 0 2 2 0 8 0
amappl2 88 4060 0 3996 3 1 2 3 0 8 0
amappl1 80 82215 0 81557 20 3 17 19 0 8 1
amappl 88 19629 0 19469 6 1 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 3324 0 3291 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 3324 0 3291 1 0 1 1 0 8 0
vmmpekpl 168 29242 0 29184 3 0 3 3 0 8 0
vmmpepl 168 329628 0 327102 182 43 139 139 0 357 8
vmsppl 368 3323 0 3290 4 0 4 4 0 8 0
rwobjpl 56 92614 0 85766 104 2 102 102 0 8 0
pdppl 4096 6655 0 6580 175 94 81 93 0 8 6
pvpl 32 1383633 0 1366515 289 102 187 250 0 265 6
pmappl 248 3323 0 3290 4 1 3 3 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 1392 0 160 36 0 36 36 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825a1086) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff82613da6,ffffffff826356be,ea,ffffffff8262dfae) at __assert+0x25 sys/kern/subr_prf.c:161
uvn_attach(fffffd8074388e88,6) at uvn_attach+0x444 sys/uvm/uvm_vnode.c:234
uvm_mmapfile(fffffd806cefc5d8,ffff8000247ba3f8,10000,2,6,11,eb0e58e6c976dfb4,fffffd806cefc5d8,0,11) at uvm_mmapfile+0x194 sys/uvm/uvm_mmap.c:1029
sys_mmap(ffff800029a51a50,ffff8000247ba4a0,ffff8000247ba580) at sys_mmap+0xb4a sys/uvm/uvm_mmap.c:395
sys_pad_mmap(ffff800029a51a50,ffff8000247ba528,ffff8000247ba580) at sys_pad_mmap+0x68 sys/uvm/uvm_mmap.c:470
syscall(ffff8000247ba5f0) at syscall+0x484 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000247ba5f0) at syscall+0x484 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd7f34119360, count: -9
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020de8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f kd_curproc sys/dev/kcov.c:578 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f sys/dev/kcov.c:148
__mp_lock(ffffffff82ad3008) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82ad3008) at __mp_lock+0x133 sys/kern/kern_lock.c:147
uvm_unmap_detach(ffff800021249280,1) at uvm_unmap_detach+0x113 sys/uvm/uvm_map.c:1615
uvm_map_teardown(fffffd806cefc2f8) at uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789
uvmspace_free(fffffd806cefc2f8) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3684
reaper(ffff8000212437a8) at reaper+0x19a sys/kern/kern_exit.c:454
end trace frame: 0x0, count: 6
ddb{1}> trace
x86_ipi_db(ffff800020de8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f kd_curproc sys/dev/kcov.c:578 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f sys/dev/kcov.c:148
__mp_lock(ffffffff82ad3008) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82ad3008) at __mp_lock+0x133 sys/kern/kern_lock.c:147
uvm_unmap_detach(ffff800021249280,1) at uvm_unmap_detach+0x113 sys/uvm/uvm_map.c:1615
uvm_map_teardown(fffffd806cefc2f8) at uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789
uvmspace_free(fffffd806cefc2f8) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3684
reaper(ffff8000212437a8) at reaper+0x19a sys/kern/kern_exit.c:454
end trace frame: 0x0, count: -9
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.