assert "ps->ps_uvncount == NUM" failed in kern_unveil.c (2)
1 view
Skip to first unread message
syzbot
May 19, 2022, 2:02:30 PM5/19/22
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: f9b15afb6ca0 Document that imsg_add(3) frees its msg argum..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=126392cef00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=27102d4b18b9ff02cffd
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+27102d...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c", line 191
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257048f) at panic+0x161 sys/kern/subr_prf.c:202
__assert(ffffffff825e3578,ffffffff8256410a,bf,ffffffff8258279f) at __assert+0x25 sys/kern/subr_prf.c:161
unveil_destroy(ffff8000230cf790) at unveil_destroy+0x1a4 sys/kern/kern_unveil.c:191
exit1(ffff800021660548,0,0,1) at exit1+0x3b5 sys/kern/kern_exit.c:225
sys_exit(ffff800021660548,ffff80002e839230,ffff80002e839290) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff80002e839300) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffb7d0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c", line 191
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257048f) at panic+0x161 sys/kern/subr_prf.c:202
__assert(ffffffff825e3578,ffffffff8256410a,bf,ffffffff8258279f) at __assert+0x25 sys/kern/subr_prf.c:161
unveil_destroy(ffff8000230cf790) at unveil_destroy+0x1a4 sys/kern/kern_unveil.c:191
exit1(ffff800021660548,0,0,1) at exit1+0x3b5 sys/kern/kern_exit.c:225
sys_exit(ffff800021660548,ffff80002e839230,ffff80002e839290) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff80002e839300) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffb7d0, count: -8
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80002e839050
rbx 0x2
rdx 0
rcx 0
rax 0xffff800021660548
r8 0
r9 0x8080808080808080
r10 0x6bca5dca09d141e2
r11 0x5240f38238dbefba
r12 0
r13 0xffff8000230cf790
r14 0
r15 0x1
rip 0xffffffff821edcc8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80002e839040
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.4) pid=487548 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800021661ce8,0xffff800021660a98
process=0xffff8000230cf790 user=0xffff80002e834000, vmspace=0xfffffd80787ad560
estcpu=36, cpticks=5, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
70011 395418 2371 0 2 0 syz-executor.5
70011 392334 2371 0 3 0x4000080 fsleep syz-executor.5
23427 277615 37210 0 2 0 syz-executor.3
23427 467777 37210 0 3 0x4000080 fsleep syz-executor.3
18355 63661 5446 0 2 0 syz-executor.1
18355 305800 5446 0 3 0x4000080 fsleep syz-executor.1
18355 360352 5446 0 3 0x4000080 fsleep syz-executor.1
33864 383605 33882 0 2 0 syz-executor.6
33864 50174 33882 0 3 0x4000080 fsleep syz-executor.6
33839 263319 97972 0 2 0 syz-executor.0
33839 118474 97972 0 3 0x4000080 fsleep syz-executor.0
33839 214806 97972 0 3 0x4000080 fsleep syz-executor.0
97246 498313 56207 0 2 0 syz-executor.2
97246 137715 56207 0 3 0x4000080 fsleep syz-executor.2
5446 427670 7619 0 3 0x82 nanoslp syz-executor.1
17945 456660 7619 0 2 0x482 syz-executor.4
97972 56729 7619 0 2 0x482 syz-executor.0
33882 312247 7619 0 3 0x82 nanoslp syz-executor.6
2371 49526 7619 0 3 0x82 nanoslp syz-executor.5
56207 335510 7619 0 2 0x482 syz-executor.2
37210 199257 7619 0 3 0x82 nanoslp syz-executor.3
83746 297782 7619 0 3 0x82 nanoslp syz-executor.7
28426 18723 0 0 3 0x14280 nfsidl nfsio
94616 169113 0 0 3 0x14280 nfsidl nfsio
71499 409496 0 0 3 0x14280 nfsidl nfsio
69438 243427 0 0 3 0x14280 nfsidl nfsio
15963 332013 0 0 3 0x14280 nfsidl nfsio
22446 439261 0 0 3 0x14280 nfsidl nfsio
80909 55981 0 0 3 0x14280 nfsidl nfsio
4538 413492 0 0 3 0x14280 nfsidl nfsio
42859 311766 0 0 3 0x14280 nfsidl nfsio
17299 18234 0 0 3 0x14280 nfsidl nfsio
94079 289108 0 0 3 0x14280 nfsidl nfsio
26716 222497 0 0 3 0x14280 nfsidl nfsio
79948 166868 0 0 3 0x14280 nfsidl nfsio
16230 423604 0 0 3 0x14280 nfsidl nfsio
48216 85981 0 0 3 0x14280 nfsidl nfsio
64120 198451 0 0 3 0x14280 nfsidl nfsio
80577 426971 0 0 3 0x14280 nfsidl nfsio
47615 240469 0 0 3 0x14280 nfsidl nfsio
51943 235510 0 0 3 0x14280 nfsidl nfsio
21665 198029 0 0 3 0x14280 nfsidl nfsio
7567 101198 1 0 3 0x100083 ttyopn getty
17393 520521 0 0 3 0x14200 bored sosplice
7619 112633 42291 0 3 0x82 thrsleep syz-fuzzer
7619 507753 42291 0 3 0x4000082 nanoslp syz-fuzzer
7619 278625 42291 0 3 0x4000082 kqread syz-fuzzer
7619 205486 42291 0 3 0x4000082 thrsleep syz-fuzzer
7619 293564 42291 0 3 0x4000082 thrsleep syz-fuzzer
7619 321612 42291 0 3 0x4000082 thrsleep syz-fuzzer
7619 450239 42291 0 3 0x4000082 thrsleep syz-fuzzer
7619 171144 42291 0 3 0x4000082 thrsleep syz-fuzzer
7619 24433 42291 0 3 0x4000082 thrsleep syz-fuzzer
42291 489393 54925 0 3 0x10008a sigsusp ksh
54925 113055 2329 0 3 0x9a kqread sshd
2329 137588 1 0 3 0x88 kqread sshd
87139 468583 51936 73 3 0x1100090 kqread syslogd
51936 357390 1 0 3 0x100082 netio syslogd
55970 51416 1 0 3 0x100080 kqread resolvd
24973 74338 8713 77 3 0x100092 kqread dhcpleased
56967 69977 8713 77 3 0x100092 kqread dhcpleased
8713 120542 1 0 3 0x80 kqread dhcpleased
97322 267949 0 0 3 0x14200 bored smr
69584 297184 0 0 2 0x14200 zerothread
44427 168213 0 0 3 0x14200 aiodoned aiodoned
60476 249659 0 0 3 0x14200 syncer update
86880 160505 0 0 3 0x14200 cleaner cleaner
11783 220660 0 0 2 0x14200 reaper
35382 410636 0 0 3 0x14200 pgdaemon pagedaemon
47782 82114 0 0 3 0x14200 bored viomb
51139 88050 0 0 3 0x40014200 acpi0 acpi0
2447 382179 0 0 3 0x14200 bored softnet
28282 509392 0 0 3 0x14200 bored softnet
76284 337723 0 0 3 0x14200 bored softnet
36329 171788 0 0 3 0x14200 bored softnet
35219 445301 0 0 3 0x14200 bored systqmp
3919 50963 0 0 3 0x14200 bored systq
60334 482661 0 0 2 0x40014200 softclock
94805 114180 0 0 3 0x40014200 idle0
1 302131 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10207 6534K 7190K 78643K 43992 0
pcb 13 16K 18K 78643K 2332 0
rtable 187 8K 9K 78643K 4540 0
ifaddr 87 26K 29K 78643K 1637 0
sysctl 3 1K 4K 78643K 13 0
counters 26 17K 17K 78643K 282 0
ioctlops 0 0K 4K 78643K 4130 0
iov 0 0K 32K 78643K 2937 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1458 91K 91K 78643K 14115 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 170 0
VM map 2 0K 0K 78643K 2 0
sem 12 1K 1K 78643K 19 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 16 57K 77K 78643K 17504 0
sigio 0 0K 0K 78643K 539 0
proc 80 76K 84K 78643K 3737 0
subproc 104 6K 6K 78643K 1199 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 556 0
in_multi 68 4K 6K 78643K 1836 0
ether_multi 1 0K 0K 78643K 61 0
mrt 1 0K 0K 78643K 63 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 271 1208K 1208K 78643K 271 0
exec 0 0K 2K 78643K 5336 0
pfkey data 0 0K 1K 78643K 81 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 621 1677K 1678K 78643K 98387 0
UVM aobj 131 4K 4K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 737 0
NDP 11 0K 2K 78643K 581 0
temp 127 4736K 21120K 78643K 207914 0
kqueue 12 18K 28K 78643K 1314 0
SYN cache 2 1992K 2000K 78643K 4 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 15320 0 15315 96 95 1 7 0 8 0
rtentry 112 1420 0 1342 7 4 3 4 0 8 0
unpcb 136 12833 0 12818 127 126 1 8 0 8 0
syncache 296 129 0 129 32 32 0 1 0 8 0
sackhl 24 2 0 2 2 2 0 1 0 8 0
tcpqe 32 318 0 318 11 11 0 1 0 8 0
tcpcb 736 6128 0 6123 220 218 2 14 0 8 1
arp 88 197 0 183 1 0 1 1 0 8 0
ipq 40 13 0 13 5 5 0 1 0 8 0
ipqe 40 25 0 25 5 5 0 1 0 8 0
inpcb 312 15161 0 15154 211 208 3 12 0 8 2
ip6q 72 2 0 2 1 1 0 1 0 8 0
ip6af 40 4 0 4 1 1 0 1 0 8 0
nd6 48 442 0 423 1 0 1 1 0 8 0
pkpcb 40 97 0 97 15 14 1 1 0 8 1
kcovpl 48 92 0 84 1 0 1 1 0 8 0
ppxss 1152 47 0 46 11 10 1 1 0 8 0
pfstscr 40 13 0 9 1 0 1 1 0 8 0
pfosfp 40 3 0 2 1 0 1 1 0 8 0
pfosfpen 112 3 0 0 1 0 1 1 0 8 0
pfrktable 1344 106 0 101 1 0 1 1 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfstitem 24 16 0 8 1 0 1 1 0 8 0
pfstkey 112 26 0 23 1 0 1 1 0 8 0
pfstate 336 13 0 9 1 0 1 1 0 8 0
pfrule 1360 119 0 113 3 2 1 2 0 8 0
rttmr 64 18 0 18 4 4 0 1 0 8 0
art_heap8 4096 2 0 1 2 1 1 2 0 8 0
art_heap4 256 5827 0 5520 72 49 23 29 0 8 0
art_table 32 5829 0 5521 7 4 3 4 0 8 0
art_node 16 1405 0 1338 1 0 1 1 0 8 0
sysvmsgpl 40 18 0 2 1 0 1 1 0 8 0
semupl 112 3 0 3 1 1 0 1 0 8 0
semapl 112 13 0 3 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 26711 0 25195 96 0 96 96 0 8 0
ffsino 240 26711 0 25195 90 0 90 90 0 8 0
nchpl 144 51504 0 49870 63 0 63 63 0 8 0
uvmvnodes 80 7190 0 0 147 0 147 147 0 8 0
vnodes 224 7190 0 0 423 0 423 423 0 8 0
namei 1024 195488 0 195488 12 11 1 2 0 8 1
vcpupl 1984 238 0 2 30 0 30 30 0 8 0
vmpool 528 261 0 25 16 0 16 16 0 8 0
pfiaddrpl 120 40 0 34 1 0 1 1 0 8 0
kstatmem 264 534 0 512 3 1 2 3 0 8 0
scsiplug 72 15 0 15 5 5 0 1 0 8 0
scxspl 216 142133 0 142133 48 47 1 8 0 8 1
plimitpl 152 2354 0 2340 1 0 1 1 0 8 0
sigapl 424 17679 0 17613 11 3 8 8 0 8 0
futexpl 64 175195 0 175187 5 4 1 1 0 8 0
knotepl 120 232884 0 232804 95 85 10 11 0 8 5
kqueuepl 184 4187 0 4178 61 60 1 7 0 8 0
pipepl 304 3889 0 3861 96 93 3 8 0 8 0
fdescpl 432 17600 0 17573 6 2 4 4 0 8 0
filepl 120 149129 0 148888 202 191 11 18 0 8 3
lockfpl 104 4821 0 4819 13 11 2 2 0 8 1
lockfspl 48 1310 0 1308 1 0 1 1 0 8 0
sessionpl 144 108 0 92 1 0 1 1 0 8 0
pgrppl 48 258 0 242 1 0 1 1 0 8 0
ucredpl 96 24391 0 24374 1 0 1 1 0 8 0
zombiepl 144 17917 0 17915 1 0 1 1 0 8 0
processpl 1000 17679 0 17613 16 7 9 9 0 8 0
procpl 672 44160 0 44077 28 20 8 9 0 8 0
sosppl 168 131 0 131 24 24 0 1 0 8 0
sockpl 448 43423 0 43389 690 683 7 41 0 8 2
mcl64k 65536 576 0 576 54 53 1 1 0 8 1
mcl16k 16384 173 0 173 47 46 1 1 0 8 1
mcl12k 12288 496 0 496 45 44 1 1 0 8 1
mcl9k 9216 240 0 240 41 41 0 1 0 8 0
mcl8k 8192 934 0 934 47 46 1 1 0 8 1
mcl4k 4096 1921 0 1921 30 29 1 1 0 8 1
mcl2k2 2112 131 0 131 49 48 1 1 0 8 1
mcl2k 2048 100997 0 100942 68 59 9 20 0 8 0
mtagpl 96 4584 0 4118 43 30 13 17 0 8 0
mbufpl 256 309355 0 308677 790 734 56 260 0 8 0
bufpl 288 34817 0 27626 514 0 514 514 0 8 0
anonpl 24 3635848 0 3615786 469 346 123 180 0 188 0
amapchunkpl 152 320390 0 319549 216 182 34 55 0 158 0
amappl16 200 47522 0 46832 208 169 39 54 0 8 1
amappl15 192 2351 0 2348 1 0 1 1 0 8 0
amappl14 184 3070 0 3062 1 0 1 1 0 8 0
amappl13 176 2089 0 2087 1 0 1 1 0 8 0
amappl12 168 1937 0 1932 1 0 1 1 0 8 0
amappl11 160 1312 0 1295 1 0 1 1 0 8 0
amappl10 152 1137 0 1132 1 0 1 1 0 8 0
amappl9 144 4218 0 4213 1 0 1 1 0 8 0
amappl8 136 5022 0 4910 4 0 4 4 0 8 0
amappl7 128 3268 0 3254 1 0 1 1 0 8 0
amappl6 120 4453 0 4428 2 1 1 2 0 8 0
amappl5 112 14041 0 14026 1 0 1 1 0 8 0
amappl4 104 5604 0 5567 4 2 2 2 0 8 0
amappl3 96 54773 0 54715 2 0 2 2 0 8 0
amappl2 88 21121 0 21050 3 1 2 3 0 8 0
amappl1 80 492973 0 492244 26 10 16 19 0 8 0
amappl 88 96018 0 95725 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 17861 0 17597 2 0 2 2 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 17861 0 17597 2 0 2 2 0 8 0
vmmpekpl 168 122416 0 122332 4 0 4 4 0 8 0
vmmpepl 168 2099629 0 2096067 371 209 162 167 0 357 0
vmsppl 272 17860 0 17597 20 2 18 18 0 8 0
rwobjpl 24 497184 0 487919 65 8 57 57 0 8 0
pdppl 4096 35728 0 35430 1243 943 300 300 0 8 2
pvpl 32 6968121 0 6946413 715 531 184 301 0 265 0
pmappl 216 17860 0 17597 17 2 15 15 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 4216 0 3086 40 6 34 34 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257048f) at panic+0x161 sys/kern/subr_prf.c:202
__assert(ffffffff825e3578,ffffffff8256410a,bf,ffffffff8258279f) at __assert+0x25 sys/kern/subr_prf.c:161
unveil_destroy(ffff8000230cf790) at unveil_destroy+0x1a4 sys/kern/kern_unveil.c:191
exit1(ffff800021660548,0,0,1) at exit1+0x3b5 sys/kern/kern_exit.c:225
sys_exit(ffff800021660548,ffff80002e839230,ffff80002e839290) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff80002e839300) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffb7d0, count: -8
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257048f) at panic+0x161 sys/kern/subr_prf.c:202
__assert(ffffffff825e3578,ffffffff8256410a,bf,ffffffff8258279f) at __assert+0x25 sys/kern/subr_prf.c:161
unveil_destroy(ffff8000230cf790) at unveil_destroy+0x1a4 sys/kern/kern_unveil.c:191
exit1(ffff800021660548,0,0,1) at exit1+0x3b5 sys/kern/kern_exit.c:225
sys_exit(ffff800021660548,ffff80002e839230,ffff80002e839290) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff80002e839300) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffb7d0, count: -8
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: f9b15afb6ca0 Document that imsg_add(3) frees its msg argum..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=126392cef00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=27102d4b18b9ff02cffd
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+27102d...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c", line 191
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257048f) at panic+0x161 sys/kern/subr_prf.c:202
__assert(ffffffff825e3578,ffffffff8256410a,bf,ffffffff8258279f) at __assert+0x25 sys/kern/subr_prf.c:161
unveil_destroy(ffff8000230cf790) at unveil_destroy+0x1a4 sys/kern/kern_unveil.c:191
exit1(ffff800021660548,0,0,1) at exit1+0x3b5 sys/kern/kern_exit.c:225
sys_exit(ffff800021660548,ffff80002e839230,ffff80002e839290) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff80002e839300) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffb7d0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c", line 191
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257048f) at panic+0x161 sys/kern/subr_prf.c:202
__assert(ffffffff825e3578,ffffffff8256410a,bf,ffffffff8258279f) at __assert+0x25 sys/kern/subr_prf.c:161
unveil_destroy(ffff8000230cf790) at unveil_destroy+0x1a4 sys/kern/kern_unveil.c:191
exit1(ffff800021660548,0,0,1) at exit1+0x3b5 sys/kern/kern_exit.c:225
sys_exit(ffff800021660548,ffff80002e839230,ffff80002e839290) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff80002e839300) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffb7d0, count: -8
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80002e839050
rbx 0x2
rdx 0
rcx 0
rax 0xffff800021660548
r8 0
r9 0x8080808080808080
r10 0x6bca5dca09d141e2
r11 0x5240f38238dbefba
r12 0
r13 0xffff8000230cf790
r14 0
r15 0x1
rip 0xffffffff821edcc8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80002e839040
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.4) pid=487548 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800021661ce8,0xffff800021660a98
process=0xffff8000230cf790 user=0xffff80002e834000, vmspace=0xfffffd80787ad560
estcpu=36, cpticks=5, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
70011 395418 2371 0 2 0 syz-executor.5
70011 392334 2371 0 3 0x4000080 fsleep syz-executor.5
23427 277615 37210 0 2 0 syz-executor.3
23427 467777 37210 0 3 0x4000080 fsleep syz-executor.3
18355 63661 5446 0 2 0 syz-executor.1
18355 305800 5446 0 3 0x4000080 fsleep syz-executor.1
18355 360352 5446 0 3 0x4000080 fsleep syz-executor.1
33864 383605 33882 0 2 0 syz-executor.6
33864 50174 33882 0 3 0x4000080 fsleep syz-executor.6
33839 263319 97972 0 2 0 syz-executor.0
33839 118474 97972 0 3 0x4000080 fsleep syz-executor.0
33839 214806 97972 0 3 0x4000080 fsleep syz-executor.0
97246 498313 56207 0 2 0 syz-executor.2
97246 137715 56207 0 3 0x4000080 fsleep syz-executor.2
5446 427670 7619 0 3 0x82 nanoslp syz-executor.1
17945 456660 7619 0 2 0x482 syz-executor.4
97972 56729 7619 0 2 0x482 syz-executor.0
33882 312247 7619 0 3 0x82 nanoslp syz-executor.6
2371 49526 7619 0 3 0x82 nanoslp syz-executor.5
56207 335510 7619 0 2 0x482 syz-executor.2
37210 199257 7619 0 3 0x82 nanoslp syz-executor.3
83746 297782 7619 0 3 0x82 nanoslp syz-executor.7
28426 18723 0 0 3 0x14280 nfsidl nfsio
94616 169113 0 0 3 0x14280 nfsidl nfsio
71499 409496 0 0 3 0x14280 nfsidl nfsio
69438 243427 0 0 3 0x14280 nfsidl nfsio
15963 332013 0 0 3 0x14280 nfsidl nfsio
22446 439261 0 0 3 0x14280 nfsidl nfsio
80909 55981 0 0 3 0x14280 nfsidl nfsio
4538 413492 0 0 3 0x14280 nfsidl nfsio
42859 311766 0 0 3 0x14280 nfsidl nfsio
17299 18234 0 0 3 0x14280 nfsidl nfsio
94079 289108 0 0 3 0x14280 nfsidl nfsio
26716 222497 0 0 3 0x14280 nfsidl nfsio
79948 166868 0 0 3 0x14280 nfsidl nfsio
16230 423604 0 0 3 0x14280 nfsidl nfsio
48216 85981 0 0 3 0x14280 nfsidl nfsio
64120 198451 0 0 3 0x14280 nfsidl nfsio
80577 426971 0 0 3 0x14280 nfsidl nfsio
47615 240469 0 0 3 0x14280 nfsidl nfsio
51943 235510 0 0 3 0x14280 nfsidl nfsio
21665 198029 0 0 3 0x14280 nfsidl nfsio
7567 101198 1 0 3 0x100083 ttyopn getty
17393 520521 0 0 3 0x14200 bored sosplice
7619 112633 42291 0 3 0x82 thrsleep syz-fuzzer
7619 507753 42291 0 3 0x4000082 nanoslp syz-fuzzer
7619 278625 42291 0 3 0x4000082 kqread syz-fuzzer
7619 205486 42291 0 3 0x4000082 thrsleep syz-fuzzer
7619 293564 42291 0 3 0x4000082 thrsleep syz-fuzzer
7619 321612 42291 0 3 0x4000082 thrsleep syz-fuzzer
7619 450239 42291 0 3 0x4000082 thrsleep syz-fuzzer
7619 171144 42291 0 3 0x4000082 thrsleep syz-fuzzer
7619 24433 42291 0 3 0x4000082 thrsleep syz-fuzzer
42291 489393 54925 0 3 0x10008a sigsusp ksh
54925 113055 2329 0 3 0x9a kqread sshd
2329 137588 1 0 3 0x88 kqread sshd
87139 468583 51936 73 3 0x1100090 kqread syslogd
51936 357390 1 0 3 0x100082 netio syslogd
55970 51416 1 0 3 0x100080 kqread resolvd
24973 74338 8713 77 3 0x100092 kqread dhcpleased
56967 69977 8713 77 3 0x100092 kqread dhcpleased
8713 120542 1 0 3 0x80 kqread dhcpleased
97322 267949 0 0 3 0x14200 bored smr
69584 297184 0 0 2 0x14200 zerothread
44427 168213 0 0 3 0x14200 aiodoned aiodoned
60476 249659 0 0 3 0x14200 syncer update
86880 160505 0 0 3 0x14200 cleaner cleaner
11783 220660 0 0 2 0x14200 reaper
35382 410636 0 0 3 0x14200 pgdaemon pagedaemon
47782 82114 0 0 3 0x14200 bored viomb
51139 88050 0 0 3 0x40014200 acpi0 acpi0
2447 382179 0 0 3 0x14200 bored softnet
28282 509392 0 0 3 0x14200 bored softnet
76284 337723 0 0 3 0x14200 bored softnet
36329 171788 0 0 3 0x14200 bored softnet
35219 445301 0 0 3 0x14200 bored systqmp
3919 50963 0 0 3 0x14200 bored systq
60334 482661 0 0 2 0x40014200 softclock
94805 114180 0 0 3 0x40014200 idle0
1 302131 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10207 6534K 7190K 78643K 43992 0
pcb 13 16K 18K 78643K 2332 0
rtable 187 8K 9K 78643K 4540 0
ifaddr 87 26K 29K 78643K 1637 0
sysctl 3 1K 4K 78643K 13 0
counters 26 17K 17K 78643K 282 0
ioctlops 0 0K 4K 78643K 4130 0
iov 0 0K 32K 78643K 2937 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1458 91K 91K 78643K 14115 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 170 0
VM map 2 0K 0K 78643K 2 0
sem 12 1K 1K 78643K 19 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 16 57K 77K 78643K 17504 0
sigio 0 0K 0K 78643K 539 0
proc 80 76K 84K 78643K 3737 0
subproc 104 6K 6K 78643K 1199 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 556 0
in_multi 68 4K 6K 78643K 1836 0
ether_multi 1 0K 0K 78643K 61 0
mrt 1 0K 0K 78643K 63 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 271 1208K 1208K 78643K 271 0
exec 0 0K 2K 78643K 5336 0
pfkey data 0 0K 1K 78643K 81 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 621 1677K 1678K 78643K 98387 0
UVM aobj 131 4K 4K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 737 0
NDP 11 0K 2K 78643K 581 0
temp 127 4736K 21120K 78643K 207914 0
kqueue 12 18K 28K 78643K 1314 0
SYN cache 2 1992K 2000K 78643K 4 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 15320 0 15315 96 95 1 7 0 8 0
rtentry 112 1420 0 1342 7 4 3 4 0 8 0
unpcb 136 12833 0 12818 127 126 1 8 0 8 0
syncache 296 129 0 129 32 32 0 1 0 8 0
sackhl 24 2 0 2 2 2 0 1 0 8 0
tcpqe 32 318 0 318 11 11 0 1 0 8 0
tcpcb 736 6128 0 6123 220 218 2 14 0 8 1
arp 88 197 0 183 1 0 1 1 0 8 0
ipq 40 13 0 13 5 5 0 1 0 8 0
ipqe 40 25 0 25 5 5 0 1 0 8 0
inpcb 312 15161 0 15154 211 208 3 12 0 8 2
ip6q 72 2 0 2 1 1 0 1 0 8 0
ip6af 40 4 0 4 1 1 0 1 0 8 0
nd6 48 442 0 423 1 0 1 1 0 8 0
pkpcb 40 97 0 97 15 14 1 1 0 8 1
kcovpl 48 92 0 84 1 0 1 1 0 8 0
ppxss 1152 47 0 46 11 10 1 1 0 8 0
pfstscr 40 13 0 9 1 0 1 1 0 8 0
pfosfp 40 3 0 2 1 0 1 1 0 8 0
pfosfpen 112 3 0 0 1 0 1 1 0 8 0
pfrktable 1344 106 0 101 1 0 1 1 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfstitem 24 16 0 8 1 0 1 1 0 8 0
pfstkey 112 26 0 23 1 0 1 1 0 8 0
pfstate 336 13 0 9 1 0 1 1 0 8 0
pfrule 1360 119 0 113 3 2 1 2 0 8 0
rttmr 64 18 0 18 4 4 0 1 0 8 0
art_heap8 4096 2 0 1 2 1 1 2 0 8 0
art_heap4 256 5827 0 5520 72 49 23 29 0 8 0
art_table 32 5829 0 5521 7 4 3 4 0 8 0
art_node 16 1405 0 1338 1 0 1 1 0 8 0
sysvmsgpl 40 18 0 2 1 0 1 1 0 8 0
semupl 112 3 0 3 1 1 0 1 0 8 0
semapl 112 13 0 3 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 26711 0 25195 96 0 96 96 0 8 0
ffsino 240 26711 0 25195 90 0 90 90 0 8 0
nchpl 144 51504 0 49870 63 0 63 63 0 8 0
uvmvnodes 80 7190 0 0 147 0 147 147 0 8 0
vnodes 224 7190 0 0 423 0 423 423 0 8 0
namei 1024 195488 0 195488 12 11 1 2 0 8 1
vcpupl 1984 238 0 2 30 0 30 30 0 8 0
vmpool 528 261 0 25 16 0 16 16 0 8 0
pfiaddrpl 120 40 0 34 1 0 1 1 0 8 0
kstatmem 264 534 0 512 3 1 2 3 0 8 0
scsiplug 72 15 0 15 5 5 0 1 0 8 0
scxspl 216 142133 0 142133 48 47 1 8 0 8 1
plimitpl 152 2354 0 2340 1 0 1 1 0 8 0
sigapl 424 17679 0 17613 11 3 8 8 0 8 0
futexpl 64 175195 0 175187 5 4 1 1 0 8 0
knotepl 120 232884 0 232804 95 85 10 11 0 8 5
kqueuepl 184 4187 0 4178 61 60 1 7 0 8 0
pipepl 304 3889 0 3861 96 93 3 8 0 8 0
fdescpl 432 17600 0 17573 6 2 4 4 0 8 0
filepl 120 149129 0 148888 202 191 11 18 0 8 3
lockfpl 104 4821 0 4819 13 11 2 2 0 8 1
lockfspl 48 1310 0 1308 1 0 1 1 0 8 0
sessionpl 144 108 0 92 1 0 1 1 0 8 0
pgrppl 48 258 0 242 1 0 1 1 0 8 0
ucredpl 96 24391 0 24374 1 0 1 1 0 8 0
zombiepl 144 17917 0 17915 1 0 1 1 0 8 0
processpl 1000 17679 0 17613 16 7 9 9 0 8 0
procpl 672 44160 0 44077 28 20 8 9 0 8 0
sosppl 168 131 0 131 24 24 0 1 0 8 0
sockpl 448 43423 0 43389 690 683 7 41 0 8 2
mcl64k 65536 576 0 576 54 53 1 1 0 8 1
mcl16k 16384 173 0 173 47 46 1 1 0 8 1
mcl12k 12288 496 0 496 45 44 1 1 0 8 1
mcl9k 9216 240 0 240 41 41 0 1 0 8 0
mcl8k 8192 934 0 934 47 46 1 1 0 8 1
mcl4k 4096 1921 0 1921 30 29 1 1 0 8 1
mcl2k2 2112 131 0 131 49 48 1 1 0 8 1
mcl2k 2048 100997 0 100942 68 59 9 20 0 8 0
mtagpl 96 4584 0 4118 43 30 13 17 0 8 0
mbufpl 256 309355 0 308677 790 734 56 260 0 8 0
bufpl 288 34817 0 27626 514 0 514 514 0 8 0
anonpl 24 3635848 0 3615786 469 346 123 180 0 188 0
amapchunkpl 152 320390 0 319549 216 182 34 55 0 158 0
amappl16 200 47522 0 46832 208 169 39 54 0 8 1
amappl15 192 2351 0 2348 1 0 1 1 0 8 0
amappl14 184 3070 0 3062 1 0 1 1 0 8 0
amappl13 176 2089 0 2087 1 0 1 1 0 8 0
amappl12 168 1937 0 1932 1 0 1 1 0 8 0
amappl11 160 1312 0 1295 1 0 1 1 0 8 0
amappl10 152 1137 0 1132 1 0 1 1 0 8 0
amappl9 144 4218 0 4213 1 0 1 1 0 8 0
amappl8 136 5022 0 4910 4 0 4 4 0 8 0
amappl7 128 3268 0 3254 1 0 1 1 0 8 0
amappl6 120 4453 0 4428 2 1 1 2 0 8 0
amappl5 112 14041 0 14026 1 0 1 1 0 8 0
amappl4 104 5604 0 5567 4 2 2 2 0 8 0
amappl3 96 54773 0 54715 2 0 2 2 0 8 0
amappl2 88 21121 0 21050 3 1 2 3 0 8 0
amappl1 80 492973 0 492244 26 10 16 19 0 8 0
amappl 88 96018 0 95725 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 17861 0 17597 2 0 2 2 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 17861 0 17597 2 0 2 2 0 8 0
vmmpekpl 168 122416 0 122332 4 0 4 4 0 8 0
vmmpepl 168 2099629 0 2096067 371 209 162 167 0 357 0
vmsppl 272 17860 0 17597 20 2 18 18 0 8 0
rwobjpl 24 497184 0 487919 65 8 57 57 0 8 0
pdppl 4096 35728 0 35430 1243 943 300 300 0 8 2
pvpl 32 6968121 0 6946413 715 531 184 301 0 265 0
pmappl 216 17860 0 17597 17 2 15 15 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 4216 0 3086 40 6 34 34 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257048f) at panic+0x161 sys/kern/subr_prf.c:202
__assert(ffffffff825e3578,ffffffff8256410a,bf,ffffffff8258279f) at __assert+0x25 sys/kern/subr_prf.c:161
unveil_destroy(ffff8000230cf790) at unveil_destroy+0x1a4 sys/kern/kern_unveil.c:191
exit1(ffff800021660548,0,0,1) at exit1+0x3b5 sys/kern/kern_exit.c:225
sys_exit(ffff800021660548,ffff80002e839230,ffff80002e839290) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff80002e839300) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffb7d0, count: -8
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8257048f) at panic+0x161 sys/kern/subr_prf.c:202
__assert(ffffffff825e3578,ffffffff8256410a,bf,ffffffff8258279f) at __assert+0x25 sys/kern/subr_prf.c:161
unveil_destroy(ffff8000230cf790) at unveil_destroy+0x1a4 sys/kern/kern_unveil.c:191
exit1(ffff800021660548,0,0,1) at exit1+0x3b5 sys/kern/kern_exit.c:225
sys_exit(ffff800021660548,ffff80002e839230,ffff80002e839290) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff80002e839300) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffb7d0, count: -8
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 15, 2023, 8:10:37 PM3/15/23
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages