assert "_kernel_lock_held()" failed in uvm_device.c
0 views
Skip to first unread message
syzbot
Aug 31, 2021, 11:40:22 PM8/31/21
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 444296aeff58 Honour netinet6 when generating symlinks to t..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=158fc723300000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=5066429ecc0d98db5a30
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+506642...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "_kernel_lock_held()" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_device.c", line 230
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*409398 43734 0 0 0x4000000 0 syz-executor.0
392313 21937 0 0x2 0x4000480 1 syz-fuzzer
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff824502ee) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff824bffea,ffffffff824476b7,e6,ffffffff824ce6c6) at __assert+0x25 sys/kern/subr_prf.c:161
udv_reference(ffff800000b0b900) at udv_reference+0x84 sys/uvm/uvm_device.c:230
uvm_mapent_clone(fffffd807f0088a0,2000,1fe000,0,7,7) at uvm_mapent_clone+0x1a2 sys/uvm/uvm_map.c:3810
uvm_share(fffffd807f0088a0,0,7,fffffd807f008a10,20000000,200000) at uvm_share+0x45c uvm_mapent_share sys/uvm/uvm_map.c:3840 [inline]
uvm_share(fffffd807f0088a0,0,7,fffffd807f008a10,20000000,200000) at uvm_share+0x45c sys/uvm/uvm_map.c:3739
vm_impl_init_vmx(ffff800021297a40,ffff8000212117a0) at vm_impl_init_vmx+0xb4 sys/arch/amd64/amd64/vmm.c:1591
vm_create(ffff800000b5d000,ffff8000212117a0) at vm_create+0x19b vm_impl_init sys/arch/amd64/amd64/vmm.c:1690 [inline]
vm_create(ffff800000b5d000,ffff8000212117a0) at vm_create+0x19b sys/arch/amd64/amd64/vmm.c:1510
vmmioctl(a00,c5005601,ffff800000b5d000,1,ffff8000212117a0) at vmmioctl+0x1f2
VOP_IOCTL(fffffd806e054910,c5005601,ffff800000b5d000,1,fffffd807f7d87e0,ffff8000212117a0) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:295
vn_ioctl(fffffd80699ed448,c5005601,ffff800000b5d000,ffff8000212117a0) at vn_ioctl+0xba sys/kern/vfs_vnops.c:531
sys_ioctl(ffff8000212117a0,ffff8000222a2ee8,ffff8000222a2f30) at sys_ioctl+0x4a2
syscall(ffff8000222a2fb0) at syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000222a2fb0) at syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x8e5ff2b600, count: 1
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: kernel diagnostic assertion "_kernel_lock_held()" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_device.c", line 230
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff824502ee) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff824bffea,ffffffff824476b7,e6,ffffffff824ce6c6) at __assert+0x25 sys/kern/subr_prf.c:161
udv_reference(ffff800000b0b900) at udv_reference+0x84 sys/uvm/uvm_device.c:230
uvm_mapent_clone(fffffd807f0088a0,2000,1fe000,0,7,7) at uvm_mapent_clone+0x1a2 sys/uvm/uvm_map.c:3810
uvm_share(fffffd807f0088a0,0,7,fffffd807f008a10,20000000,200000) at uvm_share+0x45c uvm_mapent_share sys/uvm/uvm_map.c:3840 [inline]
uvm_share(fffffd807f0088a0,0,7,fffffd807f008a10,20000000,200000) at uvm_share+0x45c sys/uvm/uvm_map.c:3739
vm_impl_init_vmx(ffff800021297a40,ffff8000212117a0) at vm_impl_init_vmx+0xb4 sys/arch/amd64/amd64/vmm.c:1591
vm_create(ffff800000b5d000,ffff8000212117a0) at vm_create+0x19b vm_impl_init sys/arch/amd64/amd64/vmm.c:1690 [inline]
vm_create(ffff800000b5d000,ffff8000212117a0) at vm_create+0x19b sys/arch/amd64/amd64/vmm.c:1510
vmmioctl(a00,c5005601,ffff800000b5d000,1,ffff8000212117a0) at vmmioctl+0x1f2
VOP_IOCTL(fffffd806e054910,c5005601,ffff800000b5d000,1,fffffd807f7d87e0,ffff8000212117a0) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:295
vn_ioctl(fffffd80699ed448,c5005601,ffff800000b5d000,ffff8000212117a0) at vn_ioctl+0xba sys/kern/vfs_vnops.c:531
sys_ioctl(ffff8000212117a0,ffff8000222a2ee8,ffff8000222a2f30) at sys_ioctl+0x4a2
syscall(ffff8000222a2fb0) at syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000222a2fb0) at syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x8e5ff2b600, count: -14
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff8000222a2850
rbx 0xffffffff8280abff cpu_info_full_primary+0x2bff
rdx 0x8b
rcx 0x2
rax 0x8c
r8 0xffffffff81a0be34 kprintf+0x144
r9 0x1
r10 0xf7aefa378bc85014
r11 0x39f6c6e74a866712
r12 0xffffffff8280aa00 cpu_info_full_primary+0x2a00
r13 0
r14 0
r15 0x1
rip 0xffffffff81e3e908 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000222a2840
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.0) pid=409398 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=75, nice=20
forw=0xffffffffffffffff, list=0xffff800021210d20,0xffffffff82913618
process=0xffff8000ffff9928 user=0xffff80002229e000, vmspace=0xfffffd807f008a10
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
43734 268366 24523 0 3 0 vmmaplk syz-executor.0
*43734 409398 24523 0 7 0x4000000 syz-executor.0
46909 50510 21937 0 2 0x482 syz-executor.1
24523 195089 21937 0 2 0x482 syz-executor.0
21937 3065 38575 0 3 0x82 thrsleep syz-fuzzer
21937 392313 38575 0 7 0x4000482 syz-fuzzer
21937 499339 38575 0 3 0x4000082 thrsleep syz-fuzzer
21937 486899 38575 0 3 0x4000082 thrsleep syz-fuzzer
21937 77071 38575 0 3 0x4000082 thrsleep syz-fuzzer
21937 158472 38575 0 3 0x4000082 thrsleep syz-fuzzer
21937 162103 38575 0 3 0x4000082 thrsleep syz-fuzzer
21937 249440 38575 0 2 0x4000482 syz-fuzzer
38575 372548 89234 0 3 0x10008a sigsusp ksh
89234 121820 85738 0 3 0x9a select sshd
85103 52720 1 0 3 0x100083 ttyin getty
85738 157429 1 0 3 0x88 select sshd
35921 327088 43908 74 3 0x100092 bpf pflogd
43908 29502 1 0 3 0x80 netio pflogd
98707 52681 76686 73 3 0x100090 kqread syslogd
76686 431441 1 0 3 0x100082 netio syslogd
86588 347094 1 0 3 0x100080 kqread resolvd
67435 206964 78797 77 3 0x100092 kqread dhcpleased
13708 93658 78797 77 3 0x100092 kqread dhcpleased
78797 85189 1 0 3 0x80 kqread dhcpleased
96285 453557 0 0 3 0x14200 bored smr
36334 275427 0 0 3 0x14200 pgzero zerothread
23522 286787 0 0 3 0x14200 aiodoned aiodoned
19685 315367 0 0 3 0x14200 syncer update
95161 174608 0 0 3 0x14200 cleaner cleaner
99296 379163 0 0 3 0x14200 reaper reaper
97983 239483 0 0 3 0x14200 pgdaemon pagedaemon
20617 485083 0 0 3 0x14200 bored crynlk
13438 436284 0 0 3 0x14200 bored crypto
99865 496086 0 0 3 0x14200 bored viomb
4598 448711 0 0 3 0x40014200 acpi0 acpi0
19739 368035 0 0 3 0x40014200 idle1
29768 5446 0 0 3 0x14200 bored softnet
35663 90806 0 0 3 0x14200 bored systqmp
70916 256800 0 0 3 0x14200 bored systq
71680 366900 0 0 3 0x40014200 bored softclock
22497 415141 0 0 3 0x40014200 idle0
1 380458 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 43734 (syz-executor.0) thread 0xffff8000212117a0 (409398)
shared rwlock vmmaplk r = 0 (0xfffffd807f008a28)
#0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182
#1 rw_enter+0x3e2 sys/kern/kern_rwlock.c:310
#2 uvm_share+0xd2 vm_map_lock_read_ln sys/uvm/uvm_map.c:5447 [inline]
#2 uvm_share+0xd2 sys/uvm/uvm_map.c:3691
#3 vm_impl_init_vmx+0xb4 sys/arch/amd64/amd64/vmm.c:1591
#4 vm_create+0x19b vm_impl_init sys/arch/amd64/amd64/vmm.c:1690 [inline]
#4 vm_create+0x19b sys/arch/amd64/amd64/vmm.c:1510
#5 vmmioctl+0x1f2
#6 VOP_IOCTL+0x9a sys/kern/vfs_vops.c:295
#7 vn_ioctl+0xba sys/kern/vfs_vnops.c:531
#8 sys_ioctl+0x4a2
#9 syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#9 syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
#10 Xsyscall+0x128
exclusive rwlock vmmaplk r = 0 (0xfffffd807f0088b8)
#0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182
#1 rw_enter+0x3e2 sys/kern/kern_rwlock.c:310
#2 vm_map_lock_ln+0xda sys/uvm/uvm_map.c:5425
#3 uvm_share+0xaa vm_map_lock_read_ln sys/uvm/uvm_map.c:5446 [inline]
#3 uvm_share+0xaa sys/uvm/uvm_map.c:3691
#4 vm_impl_init_vmx+0xb4 sys/arch/amd64/amd64/vmm.c:1591
#5 vm_create+0x19b vm_impl_init sys/arch/amd64/amd64/vmm.c:1690 [inline]
#5 vm_create+0x19b sys/arch/amd64/amd64/vmm.c:1510
#6 vmmioctl+0x1f2
#7 VOP_IOCTL+0x9a sys/kern/vfs_vops.c:295
#8 vn_ioctl+0xba sys/kern/vfs_vnops.c:531
#9 sys_ioctl+0x4a2
#10 syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#10 syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
#11 Xsyscall+0x128
exclusive rwlock vmlistlock r = 0 (0xffff800000655c78)
#0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182
#1 vm_create+0x12e vm_impl_init sys/arch/amd64/amd64/vmm.c:1688 [inline]
#1 vm_create+0x12e sys/arch/amd64/amd64/vmm.c:1510
#2 vmmioctl+0x1f2
#3 VOP_IOCTL+0x9a sys/kern/vfs_vops.c:295
#4 vn_ioctl+0xba sys/kern/vfs_vnops.c:531
#5 sys_ioctl+0x4a2
#6 syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#6 syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
#7 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10146 6554K 6811K 78643K 11742 0
pcb 13 8K 8K 78643K 75 0
rtable 110 3K 4K 78643K 193 0
ifaddr 53 12K 13K 78643K 113 0
sysctl 1 1K 1K 78643K 1 0
counters 44 34K 34K 78643K 70 0
ioctlops 1 2K 4K 78643K 1485 0
iov 0 0K 12K 78643K 35 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 6 0
vnodes 1219 77K 77K 78643K 1411 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 1K 1K 78643K 2 0
sem 11 1K 1K 78643K 27 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12598 0
file desc 5 13K 25K 78643K 717 0
sigio 0 0K 0K 78643K 5 0
proc 70 87K 111K 78643K 451 0
subproc 32 2K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 14 0
in_multi 33 2K 2K 78643K 33 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 49 228K 228K 78643K 49 0
exec 0 0K 2K 78643K 409 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 198 42K 42K 78643K 10280 0
UVM aobj 3 2K 2K 78643K 3 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 10 0
NDP 8 0K 0K 78643K 25 0
temp 115 4206K 4270K 78643K 4142 0
kqueue 10 14K 18K 78643K 72 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 31 0 28 1 0 1 1 0 8 0
rtentry 112 45 0 1 2 0 2 2 0 8 0
unpcb 120 105 0 90 1 0 1 1 0 8 0
syncache 296 4 0 4 1 1 0 1 0 8 0
tcpqe 32 30 0 30 1 1 0 1 0 8 0
tcpcb 736 33 0 29 2 0 2 2 0 8 1
arp 120 6 0 0 1 0 1 1 0 8 0
inpcb 304 222 0 215 1 0 1 1 0 8 0
nd6 48 6 0 0 1 0 1 1 0 8 0
kcovpl 48 2 0 0 1 0 1 1 0 8 0
pffrent 40 5 0 5 1 0 1 1 0 8 1
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 13 0 6 1 0 1 1 0 8 0
pfstkey 112 13 0 6 1 0 1 1 0 8 0
pfstate 320 13 0 6 2 1 1 2 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 189 0 0 12 0 12 12 0 8 0
art_table 32 190 0 0 2 0 2 2 0 8 0
art_node 16 44 0 4 1 0 1 1 0 8 0
sysvmsgpl 40 77 0 64 1 0 1 1 0 8 0
semupl 112 6 0 6 1 1 0 1 0 8 0
semapl 112 9 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 2444 0 1033 89 0 89 89 0 8 0
ffsino 272 2444 0 1033 95 0 95 95 0 8 0
nchpl 144 3549 0 1929 61 0 61 61 0 8 0
uvmvnodes 72 2592 0 0 48 0 48 48 0 8 0
vnodes 224 2592 0 0 153 0 153 153 0 8 0
namei 1024 9023 0 9023 1 0 1 1 0 8 1
percpumem 16 47 0 13 1 0 1 1 0 8 0
vcpupl 2048 1 0 0 1 0 1 1 0 8 0
vmpool 560 2 0 0 1 0 1 1 0 8 0
scxspl 216 11503 0 11503 9 8 1 8 0 8 1
plimitpl 152 33 0 23 1 0 1 1 0 8 0
sigapl 424 967 0 933 5 1 4 5 0 8 0
futexpl 56 5575 0 5575 1 0 1 1 0 8 1
knotepl 112 52 0 0 2 0 2 2 0 8 0
kqueuepl 216 339 0 332 1 0 1 1 0 8 0
pipepl 336 89 0 79 2 0 2 2 0 8 1
fdescpl 496 951 0 933 3 0 3 3 0 8 0
filepl 152 3216 0 3101 5 0 5 5 0 8 0
lockfpl 104 155 0 153 1 0 1 1 0 8 0
lockfspl 48 64 0 62 1 0 1 1 0 8 0
sessionpl 144 18 0 7 1 0 1 1 0 8 0
pgrppl 48 18 0 7 1 0 1 1 0 8 0
ucredpl 96 419 0 407 1 0 1 1 0 8 0
zombiepl 144 933 0 932 1 0 1 1 0 8 0
processpl 1072 967 0 932 3 0 3 3 0 8 0
procpl 672 1795 0 1752 5 1 4 5 0 8 0
sockpl 480 358 0 333 4 0 4 4 0 8 0
mcl12k 12288 6 0 0 1 0 1 1 0 8 0
mcl8k 8192 13 0 0 2 0 2 2 0 8 0
mcl4k 4096 10 0 0 2 0 2 2 0 8 0
mcl2k 2048 152 0 0 17 0 17 17 0 8 0
mtagpl 96 39 0 0 1 0 1 1 0 8 0
mbufpl 256 505 0 0 32 0 32 32 0 8 0
bufpl 280 5414 0 139 377 0 377 377 0 8 0
anonpl 24 223378 0 215951 53 2 51 51 0 186 4
amapchunkpl 152 28619 0 28198 37 7 30 31 0 158 12
amappl16 200 2028 0 1854 12 1 11 11 0 8 1
amappl15 192 346 0 345 1 0 1 1 0 8 0
amappl14 184 7 0 5 1 0 1 1 0 8 0
amappl13 176 36 0 34 1 0 1 1 0 8 0
amappl12 168 11 0 9 1 0 1 1 0 8 0
amappl11 160 391 0 376 1 0 1 1 0 8 0
amappl10 152 42 0 32 1 0 1 1 0 8 0
amappl9 144 251 0 248 1 0 1 1 0 8 0
amappl8 136 376 0 337 2 0 2 2 0 8 0
amappl7 128 72 0 58 1 0 1 1 0 8 0
amappl6 120 128 0 116 1 0 1 1 0 8 0
amappl5 112 842 0 823 1 0 1 1 0 8 0
amappl4 104 930 0 903 1 0 1 1 0 8 0
amappl3 96 64 0 59 1 0 1 1 0 8 0
amappl2 88 494 0 441 2 0 2 2 0 8 0
amappl1 80 19093 0 18648 13 3 10 13 0 8 0
amappl 88 9913 0 9778 4 0 4 4 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 2 0 0 1 0 1 1 0 8 0
uaddrrnd 24 953 0 933 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 953 0 933 1 0 1 1 0 8 0
vmmpekpl 168 9331 0 9306 2 0 2 2 0 8 0
vmmpepl 168 102498 0 101009 72 1 71 71 0 357 3
vmsppl 368 952 0 933 2 0 2 2 0 8 0
rwobjpl 56 20930 0 20009 15 1 14 14 0 8 0
pdppl 4096 1914 0 1867 65 18 47 50 0 8 0
pvpl 32 567358 0 556425 138 25 113 138 0 265 22
pmappl 224 952 0 933 2 0 2 2 0 8 0
extentpl 40 58 0 40 1 0 1 1 0 8 0
phpool 112 331 0 21 9 0 9 9 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff824502ee) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff824bffea,ffffffff824476b7,e6,ffffffff824ce6c6) at __assert+0x25 sys/kern/subr_prf.c:161
udv_reference(ffff800000b0b900) at udv_reference+0x84 sys/uvm/uvm_device.c:230
uvm_mapent_clone(fffffd807f0088a0,2000,1fe000,0,7,7) at uvm_mapent_clone+0x1a2 sys/uvm/uvm_map.c:3810
uvm_share(fffffd807f0088a0,0,7,fffffd807f008a10,20000000,200000) at uvm_share+0x45c uvm_mapent_share sys/uvm/uvm_map.c:3840 [inline]
uvm_share(fffffd807f0088a0,0,7,fffffd807f008a10,20000000,200000) at uvm_share+0x45c sys/uvm/uvm_map.c:3739
vm_impl_init_vmx(ffff800021297a40,ffff8000212117a0) at vm_impl_init_vmx+0xb4 sys/arch/amd64/amd64/vmm.c:1591
vm_create(ffff800000b5d000,ffff8000212117a0) at vm_create+0x19b vm_impl_init sys/arch/amd64/amd64/vmm.c:1690 [inline]
vm_create(ffff800000b5d000,ffff8000212117a0) at vm_create+0x19b sys/arch/amd64/amd64/vmm.c:1510
vmmioctl(a00,c5005601,ffff800000b5d000,1,ffff8000212117a0) at vmmioctl+0x1f2
VOP_IOCTL(fffffd806e054910,c5005601,ffff800000b5d000,1,fffffd807f7d87e0,ffff8000212117a0) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:295
vn_ioctl(fffffd80699ed448,c5005601,ffff800000b5d000,ffff8000212117a0) at vn_ioctl+0xba sys/kern/vfs_vnops.c:531
sys_ioctl(ffff8000212117a0,ffff8000222a2ee8,ffff8000222a2f30) at sys_ioctl+0x4a2
syscall(ffff8000222a2fb0) at syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000222a2fb0) at syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x8e5ff2b600, count: -14
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82838a18) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82838a18) at __mp_lock+0x122 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82838a18,1) at __mp_acquire_count+0x4c sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x3d3 sys/kern/sched_bsd.c:433
sleep_finish(ffff800021231ba0,1) at sleep_finish+0x1b2 sys/kern/kern_synch.c:433
tsleep(ffffffff8291e840,120,ffffffff82432f56,2) at tsleep+0x125 sys/kern/kern_synch.c:158
sys_nanosleep(ffff8000ffff6fd0,ffff800021231cc0,ffff800021231d10) at sys_nanosleep+0x1f5 sys/kern/kern_time.c:299
syscall(ffff800021231d90) at syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800021231d90) at syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x238c17440, count: 4
ddb{1}> trace
x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82838a18) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82838a18) at __mp_lock+0x122 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82838a18,1) at __mp_acquire_count+0x4c sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x3d3 sys/kern/sched_bsd.c:433
sleep_finish(ffff800021231ba0,1) at sleep_finish+0x1b2 sys/kern/kern_synch.c:433
tsleep(ffffffff8291e840,120,ffffffff82432f56,2) at tsleep+0x125 sys/kern/kern_synch.c:158
sys_nanosleep(ffff8000ffff6fd0,ffff800021231cc0,ffff800021231d10) at sys_nanosleep+0x1f5 sys/kern/kern_time.c:299
syscall(ffff800021231d90) at syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800021231d90) at syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x238c17440, count: -11
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 444296aeff58 Honour netinet6 when generating symlinks to t..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=158fc723300000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=5066429ecc0d98db5a30
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+506642...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "_kernel_lock_held()" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_device.c", line 230
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*409398 43734 0 0 0x4000000 0 syz-executor.0
392313 21937 0 0x2 0x4000480 1 syz-fuzzer
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff824502ee) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff824bffea,ffffffff824476b7,e6,ffffffff824ce6c6) at __assert+0x25 sys/kern/subr_prf.c:161
udv_reference(ffff800000b0b900) at udv_reference+0x84 sys/uvm/uvm_device.c:230
uvm_mapent_clone(fffffd807f0088a0,2000,1fe000,0,7,7) at uvm_mapent_clone+0x1a2 sys/uvm/uvm_map.c:3810
uvm_share(fffffd807f0088a0,0,7,fffffd807f008a10,20000000,200000) at uvm_share+0x45c uvm_mapent_share sys/uvm/uvm_map.c:3840 [inline]
uvm_share(fffffd807f0088a0,0,7,fffffd807f008a10,20000000,200000) at uvm_share+0x45c sys/uvm/uvm_map.c:3739
vm_impl_init_vmx(ffff800021297a40,ffff8000212117a0) at vm_impl_init_vmx+0xb4 sys/arch/amd64/amd64/vmm.c:1591
vm_create(ffff800000b5d000,ffff8000212117a0) at vm_create+0x19b vm_impl_init sys/arch/amd64/amd64/vmm.c:1690 [inline]
vm_create(ffff800000b5d000,ffff8000212117a0) at vm_create+0x19b sys/arch/amd64/amd64/vmm.c:1510
vmmioctl(a00,c5005601,ffff800000b5d000,1,ffff8000212117a0) at vmmioctl+0x1f2
VOP_IOCTL(fffffd806e054910,c5005601,ffff800000b5d000,1,fffffd807f7d87e0,ffff8000212117a0) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:295
vn_ioctl(fffffd80699ed448,c5005601,ffff800000b5d000,ffff8000212117a0) at vn_ioctl+0xba sys/kern/vfs_vnops.c:531
sys_ioctl(ffff8000212117a0,ffff8000222a2ee8,ffff8000222a2f30) at sys_ioctl+0x4a2
syscall(ffff8000222a2fb0) at syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000222a2fb0) at syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x8e5ff2b600, count: 1
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: kernel diagnostic assertion "_kernel_lock_held()" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_device.c", line 230
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff824502ee) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff824bffea,ffffffff824476b7,e6,ffffffff824ce6c6) at __assert+0x25 sys/kern/subr_prf.c:161
udv_reference(ffff800000b0b900) at udv_reference+0x84 sys/uvm/uvm_device.c:230
uvm_mapent_clone(fffffd807f0088a0,2000,1fe000,0,7,7) at uvm_mapent_clone+0x1a2 sys/uvm/uvm_map.c:3810
uvm_share(fffffd807f0088a0,0,7,fffffd807f008a10,20000000,200000) at uvm_share+0x45c uvm_mapent_share sys/uvm/uvm_map.c:3840 [inline]
uvm_share(fffffd807f0088a0,0,7,fffffd807f008a10,20000000,200000) at uvm_share+0x45c sys/uvm/uvm_map.c:3739
vm_impl_init_vmx(ffff800021297a40,ffff8000212117a0) at vm_impl_init_vmx+0xb4 sys/arch/amd64/amd64/vmm.c:1591
vm_create(ffff800000b5d000,ffff8000212117a0) at vm_create+0x19b vm_impl_init sys/arch/amd64/amd64/vmm.c:1690 [inline]
vm_create(ffff800000b5d000,ffff8000212117a0) at vm_create+0x19b sys/arch/amd64/amd64/vmm.c:1510
vmmioctl(a00,c5005601,ffff800000b5d000,1,ffff8000212117a0) at vmmioctl+0x1f2
VOP_IOCTL(fffffd806e054910,c5005601,ffff800000b5d000,1,fffffd807f7d87e0,ffff8000212117a0) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:295
vn_ioctl(fffffd80699ed448,c5005601,ffff800000b5d000,ffff8000212117a0) at vn_ioctl+0xba sys/kern/vfs_vnops.c:531
sys_ioctl(ffff8000212117a0,ffff8000222a2ee8,ffff8000222a2f30) at sys_ioctl+0x4a2
syscall(ffff8000222a2fb0) at syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000222a2fb0) at syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x8e5ff2b600, count: -14
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff8000222a2850
rbx 0xffffffff8280abff cpu_info_full_primary+0x2bff
rdx 0x8b
rcx 0x2
rax 0x8c
r8 0xffffffff81a0be34 kprintf+0x144
r9 0x1
r10 0xf7aefa378bc85014
r11 0x39f6c6e74a866712
r12 0xffffffff8280aa00 cpu_info_full_primary+0x2a00
r13 0
r14 0
r15 0x1
rip 0xffffffff81e3e908 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000222a2840
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.0) pid=409398 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=75, nice=20
forw=0xffffffffffffffff, list=0xffff800021210d20,0xffffffff82913618
process=0xffff8000ffff9928 user=0xffff80002229e000, vmspace=0xfffffd807f008a10
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
43734 268366 24523 0 3 0 vmmaplk syz-executor.0
*43734 409398 24523 0 7 0x4000000 syz-executor.0
46909 50510 21937 0 2 0x482 syz-executor.1
24523 195089 21937 0 2 0x482 syz-executor.0
21937 3065 38575 0 3 0x82 thrsleep syz-fuzzer
21937 392313 38575 0 7 0x4000482 syz-fuzzer
21937 499339 38575 0 3 0x4000082 thrsleep syz-fuzzer
21937 486899 38575 0 3 0x4000082 thrsleep syz-fuzzer
21937 77071 38575 0 3 0x4000082 thrsleep syz-fuzzer
21937 158472 38575 0 3 0x4000082 thrsleep syz-fuzzer
21937 162103 38575 0 3 0x4000082 thrsleep syz-fuzzer
21937 249440 38575 0 2 0x4000482 syz-fuzzer
38575 372548 89234 0 3 0x10008a sigsusp ksh
89234 121820 85738 0 3 0x9a select sshd
85103 52720 1 0 3 0x100083 ttyin getty
85738 157429 1 0 3 0x88 select sshd
35921 327088 43908 74 3 0x100092 bpf pflogd
43908 29502 1 0 3 0x80 netio pflogd
98707 52681 76686 73 3 0x100090 kqread syslogd
76686 431441 1 0 3 0x100082 netio syslogd
86588 347094 1 0 3 0x100080 kqread resolvd
67435 206964 78797 77 3 0x100092 kqread dhcpleased
13708 93658 78797 77 3 0x100092 kqread dhcpleased
78797 85189 1 0 3 0x80 kqread dhcpleased
96285 453557 0 0 3 0x14200 bored smr
36334 275427 0 0 3 0x14200 pgzero zerothread
23522 286787 0 0 3 0x14200 aiodoned aiodoned
19685 315367 0 0 3 0x14200 syncer update
95161 174608 0 0 3 0x14200 cleaner cleaner
99296 379163 0 0 3 0x14200 reaper reaper
97983 239483 0 0 3 0x14200 pgdaemon pagedaemon
20617 485083 0 0 3 0x14200 bored crynlk
13438 436284 0 0 3 0x14200 bored crypto
99865 496086 0 0 3 0x14200 bored viomb
4598 448711 0 0 3 0x40014200 acpi0 acpi0
19739 368035 0 0 3 0x40014200 idle1
29768 5446 0 0 3 0x14200 bored softnet
35663 90806 0 0 3 0x14200 bored systqmp
70916 256800 0 0 3 0x14200 bored systq
71680 366900 0 0 3 0x40014200 bored softclock
22497 415141 0 0 3 0x40014200 idle0
1 380458 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 43734 (syz-executor.0) thread 0xffff8000212117a0 (409398)
shared rwlock vmmaplk r = 0 (0xfffffd807f008a28)
#0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182
#1 rw_enter+0x3e2 sys/kern/kern_rwlock.c:310
#2 uvm_share+0xd2 vm_map_lock_read_ln sys/uvm/uvm_map.c:5447 [inline]
#2 uvm_share+0xd2 sys/uvm/uvm_map.c:3691
#3 vm_impl_init_vmx+0xb4 sys/arch/amd64/amd64/vmm.c:1591
#4 vm_create+0x19b vm_impl_init sys/arch/amd64/amd64/vmm.c:1690 [inline]
#4 vm_create+0x19b sys/arch/amd64/amd64/vmm.c:1510
#5 vmmioctl+0x1f2
#6 VOP_IOCTL+0x9a sys/kern/vfs_vops.c:295
#7 vn_ioctl+0xba sys/kern/vfs_vnops.c:531
#8 sys_ioctl+0x4a2
#9 syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#9 syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
#10 Xsyscall+0x128
exclusive rwlock vmmaplk r = 0 (0xfffffd807f0088b8)
#0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182
#1 rw_enter+0x3e2 sys/kern/kern_rwlock.c:310
#2 vm_map_lock_ln+0xda sys/uvm/uvm_map.c:5425
#3 uvm_share+0xaa vm_map_lock_read_ln sys/uvm/uvm_map.c:5446 [inline]
#3 uvm_share+0xaa sys/uvm/uvm_map.c:3691
#4 vm_impl_init_vmx+0xb4 sys/arch/amd64/amd64/vmm.c:1591
#5 vm_create+0x19b vm_impl_init sys/arch/amd64/amd64/vmm.c:1690 [inline]
#5 vm_create+0x19b sys/arch/amd64/amd64/vmm.c:1510
#6 vmmioctl+0x1f2
#7 VOP_IOCTL+0x9a sys/kern/vfs_vops.c:295
#8 vn_ioctl+0xba sys/kern/vfs_vnops.c:531
#9 sys_ioctl+0x4a2
#10 syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#10 syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
#11 Xsyscall+0x128
exclusive rwlock vmlistlock r = 0 (0xffff800000655c78)
#0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline]
#0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182
#1 vm_create+0x12e vm_impl_init sys/arch/amd64/amd64/vmm.c:1688 [inline]
#1 vm_create+0x12e sys/arch/amd64/amd64/vmm.c:1510
#2 vmmioctl+0x1f2
#3 VOP_IOCTL+0x9a sys/kern/vfs_vops.c:295
#4 vn_ioctl+0xba sys/kern/vfs_vnops.c:531
#5 sys_ioctl+0x4a2
#6 syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#6 syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
#7 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10146 6554K 6811K 78643K 11742 0
pcb 13 8K 8K 78643K 75 0
rtable 110 3K 4K 78643K 193 0
ifaddr 53 12K 13K 78643K 113 0
sysctl 1 1K 1K 78643K 1 0
counters 44 34K 34K 78643K 70 0
ioctlops 1 2K 4K 78643K 1485 0
iov 0 0K 12K 78643K 35 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 6 0
vnodes 1219 77K 77K 78643K 1411 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 1K 1K 78643K 2 0
sem 11 1K 1K 78643K 27 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12598 0
file desc 5 13K 25K 78643K 717 0
sigio 0 0K 0K 78643K 5 0
proc 70 87K 111K 78643K 451 0
subproc 32 2K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 14 0
in_multi 33 2K 2K 78643K 33 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 49 228K 228K 78643K 49 0
exec 0 0K 2K 78643K 409 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 198 42K 42K 78643K 10280 0
UVM aobj 3 2K 2K 78643K 3 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 10 0
NDP 8 0K 0K 78643K 25 0
temp 115 4206K 4270K 78643K 4142 0
kqueue 10 14K 18K 78643K 72 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 31 0 28 1 0 1 1 0 8 0
rtentry 112 45 0 1 2 0 2 2 0 8 0
unpcb 120 105 0 90 1 0 1 1 0 8 0
syncache 296 4 0 4 1 1 0 1 0 8 0
tcpqe 32 30 0 30 1 1 0 1 0 8 0
tcpcb 736 33 0 29 2 0 2 2 0 8 1
arp 120 6 0 0 1 0 1 1 0 8 0
inpcb 304 222 0 215 1 0 1 1 0 8 0
nd6 48 6 0 0 1 0 1 1 0 8 0
kcovpl 48 2 0 0 1 0 1 1 0 8 0
pffrent 40 5 0 5 1 0 1 1 0 8 1
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 13 0 6 1 0 1 1 0 8 0
pfstkey 112 13 0 6 1 0 1 1 0 8 0
pfstate 320 13 0 6 2 1 1 2 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 189 0 0 12 0 12 12 0 8 0
art_table 32 190 0 0 2 0 2 2 0 8 0
art_node 16 44 0 4 1 0 1 1 0 8 0
sysvmsgpl 40 77 0 64 1 0 1 1 0 8 0
semupl 112 6 0 6 1 1 0 1 0 8 0
semapl 112 9 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 2444 0 1033 89 0 89 89 0 8 0
ffsino 272 2444 0 1033 95 0 95 95 0 8 0
nchpl 144 3549 0 1929 61 0 61 61 0 8 0
uvmvnodes 72 2592 0 0 48 0 48 48 0 8 0
vnodes 224 2592 0 0 153 0 153 153 0 8 0
namei 1024 9023 0 9023 1 0 1 1 0 8 1
percpumem 16 47 0 13 1 0 1 1 0 8 0
vcpupl 2048 1 0 0 1 0 1 1 0 8 0
vmpool 560 2 0 0 1 0 1 1 0 8 0
scxspl 216 11503 0 11503 9 8 1 8 0 8 1
plimitpl 152 33 0 23 1 0 1 1 0 8 0
sigapl 424 967 0 933 5 1 4 5 0 8 0
futexpl 56 5575 0 5575 1 0 1 1 0 8 1
knotepl 112 52 0 0 2 0 2 2 0 8 0
kqueuepl 216 339 0 332 1 0 1 1 0 8 0
pipepl 336 89 0 79 2 0 2 2 0 8 1
fdescpl 496 951 0 933 3 0 3 3 0 8 0
filepl 152 3216 0 3101 5 0 5 5 0 8 0
lockfpl 104 155 0 153 1 0 1 1 0 8 0
lockfspl 48 64 0 62 1 0 1 1 0 8 0
sessionpl 144 18 0 7 1 0 1 1 0 8 0
pgrppl 48 18 0 7 1 0 1 1 0 8 0
ucredpl 96 419 0 407 1 0 1 1 0 8 0
zombiepl 144 933 0 932 1 0 1 1 0 8 0
processpl 1072 967 0 932 3 0 3 3 0 8 0
procpl 672 1795 0 1752 5 1 4 5 0 8 0
sockpl 480 358 0 333 4 0 4 4 0 8 0
mcl12k 12288 6 0 0 1 0 1 1 0 8 0
mcl8k 8192 13 0 0 2 0 2 2 0 8 0
mcl4k 4096 10 0 0 2 0 2 2 0 8 0
mcl2k 2048 152 0 0 17 0 17 17 0 8 0
mtagpl 96 39 0 0 1 0 1 1 0 8 0
mbufpl 256 505 0 0 32 0 32 32 0 8 0
bufpl 280 5414 0 139 377 0 377 377 0 8 0
anonpl 24 223378 0 215951 53 2 51 51 0 186 4
amapchunkpl 152 28619 0 28198 37 7 30 31 0 158 12
amappl16 200 2028 0 1854 12 1 11 11 0 8 1
amappl15 192 346 0 345 1 0 1 1 0 8 0
amappl14 184 7 0 5 1 0 1 1 0 8 0
amappl13 176 36 0 34 1 0 1 1 0 8 0
amappl12 168 11 0 9 1 0 1 1 0 8 0
amappl11 160 391 0 376 1 0 1 1 0 8 0
amappl10 152 42 0 32 1 0 1 1 0 8 0
amappl9 144 251 0 248 1 0 1 1 0 8 0
amappl8 136 376 0 337 2 0 2 2 0 8 0
amappl7 128 72 0 58 1 0 1 1 0 8 0
amappl6 120 128 0 116 1 0 1 1 0 8 0
amappl5 112 842 0 823 1 0 1 1 0 8 0
amappl4 104 930 0 903 1 0 1 1 0 8 0
amappl3 96 64 0 59 1 0 1 1 0 8 0
amappl2 88 494 0 441 2 0 2 2 0 8 0
amappl1 80 19093 0 18648 13 3 10 13 0 8 0
amappl 88 9913 0 9778 4 0 4 4 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 2 0 0 1 0 1 1 0 8 0
uaddrrnd 24 953 0 933 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 953 0 933 1 0 1 1 0 8 0
vmmpekpl 168 9331 0 9306 2 0 2 2 0 8 0
vmmpepl 168 102498 0 101009 72 1 71 71 0 357 3
vmsppl 368 952 0 933 2 0 2 2 0 8 0
rwobjpl 56 20930 0 20009 15 1 14 14 0 8 0
pdppl 4096 1914 0 1867 65 18 47 50 0 8 0
pvpl 32 567358 0 556425 138 25 113 138 0 265 22
pmappl 224 952 0 933 2 0 2 2 0 8 0
extentpl 40 58 0 40 1 0 1 1 0 8 0
phpool 112 331 0 21 9 0 9 9 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff824502ee) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff824bffea,ffffffff824476b7,e6,ffffffff824ce6c6) at __assert+0x25 sys/kern/subr_prf.c:161
udv_reference(ffff800000b0b900) at udv_reference+0x84 sys/uvm/uvm_device.c:230
uvm_mapent_clone(fffffd807f0088a0,2000,1fe000,0,7,7) at uvm_mapent_clone+0x1a2 sys/uvm/uvm_map.c:3810
uvm_share(fffffd807f0088a0,0,7,fffffd807f008a10,20000000,200000) at uvm_share+0x45c uvm_mapent_share sys/uvm/uvm_map.c:3840 [inline]
uvm_share(fffffd807f0088a0,0,7,fffffd807f008a10,20000000,200000) at uvm_share+0x45c sys/uvm/uvm_map.c:3739
vm_impl_init_vmx(ffff800021297a40,ffff8000212117a0) at vm_impl_init_vmx+0xb4 sys/arch/amd64/amd64/vmm.c:1591
vm_create(ffff800000b5d000,ffff8000212117a0) at vm_create+0x19b vm_impl_init sys/arch/amd64/amd64/vmm.c:1690 [inline]
vm_create(ffff800000b5d000,ffff8000212117a0) at vm_create+0x19b sys/arch/amd64/amd64/vmm.c:1510
vmmioctl(a00,c5005601,ffff800000b5d000,1,ffff8000212117a0) at vmmioctl+0x1f2
VOP_IOCTL(fffffd806e054910,c5005601,ffff800000b5d000,1,fffffd807f7d87e0,ffff8000212117a0) at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:295
vn_ioctl(fffffd80699ed448,c5005601,ffff800000b5d000,ffff8000212117a0) at vn_ioctl+0xba sys/kern/vfs_vnops.c:531
sys_ioctl(ffff8000212117a0,ffff8000222a2ee8,ffff8000222a2f30) at sys_ioctl+0x4a2
syscall(ffff8000222a2fb0) at syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000222a2fb0) at syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x8e5ff2b600, count: -14
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82838a18) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82838a18) at __mp_lock+0x122 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82838a18,1) at __mp_acquire_count+0x4c sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x3d3 sys/kern/sched_bsd.c:433
sleep_finish(ffff800021231ba0,1) at sleep_finish+0x1b2 sys/kern/kern_synch.c:433
tsleep(ffffffff8291e840,120,ffffffff82432f56,2) at tsleep+0x125 sys/kern/kern_synch.c:158
sys_nanosleep(ffff8000ffff6fd0,ffff800021231cc0,ffff800021231d10) at sys_nanosleep+0x1f5 sys/kern/kern_time.c:299
syscall(ffff800021231d90) at syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800021231d90) at syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x238c17440, count: 4
ddb{1}> trace
x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82838a18) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82838a18) at __mp_lock+0x122 sys/kern/kern_lock.c:147
__mp_acquire_count(ffffffff82838a18,1) at __mp_acquire_count+0x4c sys/kern/kern_lock.c:227
mi_switch() at mi_switch+0x3d3 sys/kern/sched_bsd.c:433
sleep_finish(ffff800021231ba0,1) at sleep_finish+0x1b2 sys/kern/kern_synch.c:433
tsleep(ffffffff8291e840,120,ffffffff82432f56,2) at tsleep+0x125 sys/kern/kern_synch.c:158
sys_nanosleep(ffff8000ffff6fd0,ffff800021231cc0,ffff800021231d10) at sys_nanosleep+0x1f5 sys/kern/kern_time.c:299
syscall(ffff800021231d90) at syscall+0x5a9 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800021231d90) at syscall+0x5a9 sys/arch/amd64/amd64/trap.c:587
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x238c17440, count: -11
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Anton Lindqvist
Sep 7, 2021, 1:03:53 PM9/7/21
to syzbot, syzkaller-o...@googlegroups.com
#syz fix: vmm(4): grab kernel lock before vmspace init
Reply all
Reply to author
Forward
0 new messages