panic: vop_genepranici_c:bakdeorpn
0 views
Skip to first unread message
syzbot
May 30, 2022, 5:05:18 AM5/30/22
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c51a0c5ef40d Device tree bindings for this device are offi..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16cc3723f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=110a0c48bef518dc93f7
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+110a0c...@syzkaller.appspotmail.com
panic: vop_genepranici_c:bakdeorpn
eStopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*461211 46248 32767 0x10 0x4000000 1 syz-executor.5
145206 48739 32767 0x10 0x4000000 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82594086) at panic+0x177 sys/kern/subr_prf.c:202
vop_generic_badop(ffff800027f49348) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd806966c4f8,fffffd807a10cc98) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:644
bwrite(fffffd807a10cc98) at bwrite+0x1f0 sys/kern/vfs_bio.c:763
VOP_BWRITE(fffffd807a10cc98) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:656
ufs_mkdir(ffff800027f495e0) at ufs_mkdir+0x6b4 sys/ufs/ufs/ufs_vnops.c:1248
VOP_MKDIR(fffffd806966c098,ffff800027f49740,ffff800027f49770,ffff800027f49670) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff80002955d500,ffffff9c,20000100,0) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3116
syscall(ffff800027f498f0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800027f498f0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x912d99192c0, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
cpu0: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_fork.c", line 678
*cpu1: vop_generic_badop
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82594086) at panic+0x177 sys/kern/subr_prf.c:202
vop_generic_badop(ffff800027f49348) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd806966c4f8,fffffd807a10cc98) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:644
bwrite(fffffd807a10cc98) at bwrite+0x1f0 sys/kern/vfs_bio.c:763
VOP_BWRITE(fffffd807a10cc98) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:656
ufs_mkdir(ffff800027f495e0) at ufs_mkdir+0x6b4 sys/ufs/ufs/ufs_vnops.c:1248
VOP_MKDIR(fffffd806966c098,ffff800027f49740,ffff800027f49770,ffff800027f49670) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff80002955d500,ffffff9c,20000100,0) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3116
syscall(ffff800027f498f0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800027f498f0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x912d99192c0, count: -11
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800027f49270
rbx 0xffff800020cd9c5f
rdx 0
rcx 0
rax 0xffff80002955d500
r8 0x101010101010101
r9 0x8080808080808080
r10 0x918732fd50a07b32
r11 0x6f372f81e6555e2c
r12 0xffff800020cd9a60
r13 0
r14 0
r15 0x1
rip 0xffffffff81b2fee8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800027f49260
ss 0
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.5) pid=461211 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=17, usrpri=80, nice=20
forw=0xffffffffffffffff, list=0xffff80002955cd20,0xffff80002955d270
process=0xffff800027b06158 user=0xffff800027f44000, vmspace=0xfffffd8066b268b8
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
69092 120172 9965 32767 2 0x10 syz-executor.2
46248 34037 36415 32767 2 0x10 syz-executor.5
*46248 461211 36415 32767 7 0x4000010 syz-executor.5
48739 36395 11915 32767 2 0x10 syz-executor.0
48739 261522 11915 32767 3 0x4000090 fsleep syz-executor.0
48739 145206 11915 32767 7 0x4000010 syz-executor.0
12698 426038 32218 32767 3 0x90 piperd syz-executor.7
32218 342847 41811 0 3 0x82 wait syz-executor.7
58560 506594 0 0 3 0x14200 bored sosplice
54183 116415 2137 32767 3 0x90 piperd syz-executor.4
36415 237900 57809 32767 3 0x90 nanoslp syz-executor.5
21914 474638 69282 32767 3 0x90 nanoslp syz-executor.6
69282 84414 41811 0 3 0x82 wait syz-executor.6
57809 325970 41811 0 3 0x82 wait syz-executor.5
79266 120452 71849 32767 3 0x90 piperd syz-executor.3
2137 47343 41811 0 3 0x82 wait syz-executor.4
9965 302483 29005 32767 3 0x90 nanoslp syz-executor.2
71849 79812 41811 0 3 0x82 wait syz-executor.3
78560 368384 50251 32767 2 0x10 syz-executor.1
29005 71295 41811 0 3 0x82 wait syz-executor.2
11915 330678 73968 32767 3 0x90 nanoslp syz-executor.0
50251 189871 41811 0 3 0x82 wait syz-executor.1
73968 361758 41811 0 3 0x82 wait syz-executor.0
41811 469083 30530 0 3 0x82 thrsleep syz-fuzzer
41811 371560 30530 0 3 0x4000082 nanoslp syz-fuzzer
41811 253905 30530 0 3 0x4000082 thrsleep syz-fuzzer
41811 358333 30530 0 3 0x4000082 thrsleep syz-fuzzer
41811 344575 30530 0 3 0x4000082 thrsleep syz-fuzzer
41811 36575 30530 0 3 0x4000082 kqread syz-fuzzer
41811 460784 30530 0 3 0x4000082 thrsleep syz-fuzzer
41811 390691 30530 0 3 0x4000082 thrsleep syz-fuzzer
41811 32878 30530 0 3 0x4000082 thrsleep syz-fuzzer
30530 442813 7698 0 3 0x10008a sigsusp ksh
7698 228434 81556 0 3 0x9a kqread sshd
36334 186791 1 0 3 0x100083 ttyin getty
81556 8417 1 0 3 0x88 kqread sshd
52975 252718 44835 73 3 0x1100090 kqread syslogd
44835 280106 1 0 3 0x100082 netio syslogd
57199 144542 1 0 3 0x100080 kqread resolvd
38077 433695 68116 77 3 0x100092 kqread dhcpleased
29129 457587 68116 77 3 0x100092 kqread dhcpleased
68116 114007 1 0 3 0x80 kqread dhcpleased
74462 471022 0 0 3 0x14200 bored smr
36554 396415 0 0 2 0x14200 zerothread
91706 190040 0 0 3 0x14200 aiodoned aiodoned
24498 337070 0 0 3 0x14200 syncer update
12627 423991 0 0 3 0x14200 cleaner cleaner
19911 129579 0 0 3 0x14200 reaper reaper
43093 447356 0 0 3 0x14200 pgdaemon pagedaemon
50110 501336 0 0 3 0x14200 bored viomb
44321 235648 0 0 3 0x40014200 acpi0 acpi0
1472 320844 0 0 3 0x40014200 idle1
3159 24551 0 0 3 0x14200 bored softnet
79845 200740 0 0 3 0x14200 bored softnet
5485 189130 0 0 3 0x14200 bored softnet
51279 81227 0 0 3 0x14200 bored softnet
6175 461380 0 0 3 0x14200 bored systqmp
40107 200109 0 0 3 0x14200 bored systq
1061 176536 0 0 3 0x40014200 bored softclock
44027 44958 0 0 3 0x40014200 idle0
1 73665 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 46248 (syz-executor.5) thread 0xffff80002955d500 (461211)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff829e1220)
#0 witness_lock+0x44d
#1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
#2 mi_switch+0x3d3 sys/kern/sched_bsd.c:416
#3 sleep_finish+0x180 sys/kern/kern_synch.c:420
#4 tsleep+0x12c sys/kern/kern_synch.c:158
#5 biowait+0x91 sys/kern/vfs_bio.c:1271
#6 bwrite+0x21b sys/kern/vfs_bio.c:772
#7 ffs_update+0x27d sys/ufs/ffs/ffs_inode.c:113
#8 ufs_mkdir+0x662 sys/ufs/ufs/ufs_vnops.c:1232
#9 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
#10 domkdirat+0x121 sys/kern/vfs_syscalls.c:3116
#11 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#11 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#12 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8069678f88)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vget+0x1d3 sys/kern/vfs_subr.c:678
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1318
#8 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#9 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162
#10 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
#11 domkdirat+0x121 sys/kern/vfs_syscalls.c:3116
#12 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#12 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#13 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8069678b48)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413
#6 namei+0x36a sys/kern/vfs_lookup.c:245
#7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3101
#8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
Process 48739 (syz-executor.0) thread 0xffff800027b03270 (36395)
exclusive rwlock amaplk r = 0 (0xfffffd807b326128)
#0 witness_lock+0x44d
#1 uvm_fault_check+0x3ca sys/uvm/uvm_fault.c:774
#2 uvm_fault+0x102 sys/uvm/uvm_fault.c:602
#3 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
#4 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403
#5 recall_trap+0x8
shared rwlock vmmaplk r = 0 (0xfffffd8066b26e90)
#0 witness_lock+0x44d
#1 uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1762
#2 uvm_fault_check+0x3a sys/uvm/uvm_fault.c:674
#3 uvm_fault+0x102 sys/uvm/uvm_fault.c:602
#4 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
#5 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403
#6 recall_trap+0x8
Process 48739 (syz-executor.0) thread 0xffff800027b02550 (261522)
exclusive rrwlock inode r = 0 (0xfffffd8064a533d0)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1347
#6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_makeinode+0xae sys/ufs/ufs/ufs_vnops.c:1830
#8 ufs_create+0x41 sys/ufs/ufs/ufs_vnops.c:152
#9 VOP_CREATE+0xbc sys/kern/vfs_vops.c:103
#10 vn_open+0x28f sys/kern/vfs_vnops.c:122
#11 doopenat+0x26a sys/kern/vfs_syscalls.c:1131
#12 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#12 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#13 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd80696782c8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413
#6 namei+0x36a sys/kern/vfs_lookup.c:245
#7 vn_open+0x188 sys/kern/vfs_vnops.c:113
#8 doopenat+0x26a sys/kern/vfs_syscalls.c:1131
#9 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#9 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#10 Xsyscall+0x128
Process 78560 (syz-executor.1) thread 0xffff8000fffee2a0 (368384)
exclusive rrwlock inode r = 0 (0xfffffd8064a53810)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1347
#6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162
#8 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
#9 domkdirat+0x121 sys/kern/vfs_syscalls.c:3116
#10 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#10 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd807af582b8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413
#6 namei+0x36a sys/kern/vfs_lookup.c:245
#7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3101
#8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10194 6410K 6420K 78643K 11294 0
pcb 13 12K 14K 78643K 17 0
rtable 238 6K 7K 78643K 856 0
ifaddr 81 16K 16K 78643K 103 0
sysctl 2 0K 0K 78643K 2 0
counters 56 35K 35K 78643K 62 0
ioctlops 0 0K 2K 78643K 44 0
iov 0 0K 28K 78643K 492 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1270 79K 79K 78643K 1957 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 38 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 1K 78643K 590 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 21 77K 113K 78643K 2773 0
sigio 0 0K 0K 78643K 59 0
proc 56 78K 115K 78643K 793 0
subproc 104 6K 6K 78643K 143 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 286 0
in_multi 99 6K 6K 78643K 186 0
ether_multi 1 0K 0K 78643K 33 0
mrt 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 163 731K 731K 78643K 163 0
exec 0 0K 2K 78643K 1311 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 233 84K 94K 78643K 18436 0
UVM aobj 131 4K 4K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 111 0
NDP 11 0K 2K 78643K 36 0
temp 124 4730K 4794K 78643K 10276 0
kqueue 12 18K 24K 78643K 274 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 645 0 642 7 6 1 4 0 8 0
rtentry 112 149 0 37 4 0 4 4 0 8 0
unpcb 136 2054 0 2041 19 18 1 6 0 8 0
syncache 296 24 0 24 6 6 0 1 0 8 0
tcpqe 32 8 0 8 2 2 0 1 0 8 0
tcpcb 736 1022 0 1011 43 40 3 14 0 8 1
arp 120 26 0 6 1 0 1 1 0 8 0
inpcb 312 4489 0 4466 53 43 10 15 0 8 6
ip6q 72 2 0 2 1 1 0 1 0 8 0
ip6af 40 6 0 6 1 1 0 1 0 8 0
nd6 48 36 0 12 1 0 1 1 0 8 0
kcovpl 48 11 0 3 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 603 0 149 30 1 29 30 0 8 0
art_table 32 604 0 149 4 0 4 4 0 8 0
art_node 16 148 0 46 1 0 1 1 0 8 0
semupl 112 5 0 5 1 1 0 1 0 8 0
semapl 112 585 0 575 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 5269 0 3836 90 0 90 90 0 8 0
ffsino 272 5269 0 3836 96 0 96 96 0 8 0
nchpl 144 9498 0 7865 63 0 63 63 0 8 0
uvmvnodes 80 5421 0 0 111 0 111 111 0 8 0
vnodes 224 5421 0 0 319 0 319 319 0 8 0
namei 1024 34236 0 34234 3 2 1 2 0 8 0
percpumem 16 43 0 3 1 0 1 1 0 8 0
kstatmem 264 28 0 6 2 0 2 2 0 8 0
scxspl 216 25060 0 25060 14 13 1 8 0 8 1
plimitpl 152 846 0 824 4 2 2 2 0 8 1
sigapl 424 3045 0 2994 7 0 7 7 0 8 0
futexpl 64 25523 0 25522 1 0 1 1 0 8 0
knotepl 120 340 0 0 10 0 10 10 0 8 0
kqueuepl 216 647 0 639 9 8 1 5 0 8 0
pipepl 336 990 0 962 28 25 3 8 0 8 0
fdescpl 496 3027 0 2995 7 2 5 6 0 8 0
filepl 152 23446 0 23210 47 34 13 18 0 8 2
lockfpl 104 609 0 607 1 0 1 1 0 8 0
lockfspl 48 134 0 132 1 0 1 1 0 8 0
sessionpl 144 26 0 10 1 0 1 1 0 8 0
pgrppl 48 112 0 96 1 0 1 1 0 8 0
ucredpl 96 3817 0 3799 1 0 1 1 0 8 0
zombiepl 144 2995 0 2994 1 0 1 1 0 8 0
processpl 1064 3045 0 2994 4 0 4 4 0 8 0
procpl 672 8482 0 8420 11 3 8 8 0 8 1
sosppl 168 60 0 60 7 7 0 1 0 8 0
sockpl 480 7225 0 7195 150 133 17 24 0 8 11
mcl64k 65536 25 0 0 4 1 3 3 0 8 0
mcl16k 16384 17 0 0 3 0 3 3 0 8 0
mcl12k 12288 17 0 0 2 0 2 2 0 8 0
mcl9k 9216 10 0 0 1 0 1 1 0 8 0
mcl8k 8192 20 0 0 3 0 3 3 0 8 0
mcl4k 4096 17 0 0 3 0 3 3 0 8 0
mcl2k2 2112 8 0 0 1 0 1 1 0 8 0
mcl2k 2048 161 0 0 19 0 19 19 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 738 0 0 40 0 40 40 0 8 0
bufpl 288 7410 0 1083 453 0 453 453 0 8 0
anonpl 24 581087 0 568895 162 67 95 105 0 186 10
amapchunkpl 152 52194 0 51626 34 3 31 33 0 158 0
amappl16 200 7543 0 7196 57 38 19 31 0 8 0
amappl15 192 5 0 3 2 1 1 1 0 8 0
amappl14 184 26 0 22 1 0 1 1 0 8 0
amappl13 176 99 0 97 1 0 1 1 0 8 0
amappl12 168 645 0 639 1 0 1 1 0 8 0
amappl11 160 83 0 67 1 0 1 1 0 8 0
amappl10 152 845 0 836 1 0 1 1 0 8 0
amappl9 144 1173 0 1167 1 0 1 1 0 8 0
amappl8 136 1232 0 1161 3 0 3 3 0 8 0
amappl7 128 663 0 649 1 0 1 1 0 8 0
amappl6 120 903 0 884 2 1 1 2 0 8 0
amappl5 112 3225 0 3204 1 0 1 1 0 8 0
amappl4 104 884 0 860 1 0 1 1 0 8 0
amappl3 96 9304 0 9256 2 0 2 2 0 8 0
amappl2 88 3779 0 3712 3 1 2 3 0 8 0
amappl1 80 73815 0 73188 20 4 16 19 0 8 0
amappl 88 17823 0 17670 6 1 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 3027 0 2995 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 3027 0 2995 1 0 1 1 0 8 0
vmmpekpl 168 28898 0 28833 4 0 4 4 0 8 0
vmmpepl 168 298295 0 295914 167 39 128 136 0 357 6
vmsppl 368 3026 0 2995 4 0 4 4 0 8 0
rwobjpl 56 79685 0 72872 99 1 98 98 0 8 0
pdppl 4096 6061 0 5990 164 83 81 89 0 8 10
pvpl 32 1196242 0 1179253 305 133 172 239 0 265 21
pmappl 248 3026 0 2995 4 1 3 3 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 1043 0 197 25 0 25 25 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff829bdff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x28 sys/arch/amd64/amd64/bus_space.c:639
comcnputc(800,6c) at comcnputc+0x97 sys/dev/ic/com.c:1259
cnputc(6c) at cnputc+0x4b sys/dev/cons.c:239
db_putchar(6c) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82618f7d) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff8259f5e6) at panic+0xd7 sys/kern/subr_prf.c:220
__assert(ffffffff82615eb5,ffffffff825de0a9,2a6,ffffffff825d5026) at __assert+0x25 sys/kern/subr_prf.c:161
proc_trampoline_mp() at proc_trampoline_mp+0x131
end trace frame: 0x0, count: 3
ddb{0}> trace
x86_ipi_db(ffffffff829bdff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x28 sys/arch/amd64/amd64/bus_space.c:639
comcnputc(800,6c) at comcnputc+0x97 sys/dev/ic/com.c:1259
cnputc(6c) at cnputc+0x4b sys/dev/cons.c:239
db_putchar(6c) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82618f7d) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff8259f5e6) at panic+0xd7 sys/kern/subr_prf.c:220
__assert(ffffffff82615eb5,ffffffff825de0a9,2a6,ffffffff825d5026) at __assert+0x25 sys/kern/subr_prf.c:161
proc_trampoline_mp() at proc_trampoline_mp+0x131
end trace frame: 0x0, count: -12
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x18: addq $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82594086) at panic+0x177 sys/kern/subr_prf.c:202
vop_generic_badop(ffff800027f49348) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd806966c4f8,fffffd807a10cc98) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:644
bwrite(fffffd807a10cc98) at bwrite+0x1f0 sys/kern/vfs_bio.c:763
VOP_BWRITE(fffffd807a10cc98) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:656
ufs_mkdir(ffff800027f495e0) at ufs_mkdir+0x6b4 sys/ufs/ufs/ufs_vnops.c:1248
VOP_MKDIR(fffffd806966c098,ffff800027f49740,ffff800027f49770,ffff800027f49670) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff80002955d500,ffffff9c,20000100,0) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3116
syscall(ffff800027f498f0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800027f498f0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x912d99192c0, count: 4
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82594086) at panic+0x177 sys/kern/subr_prf.c:202
vop_generic_badop(ffff800027f49348) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd806966c4f8,fffffd807a10cc98) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:644
bwrite(fffffd807a10cc98) at bwrite+0x1f0 sys/kern/vfs_bio.c:763
VOP_BWRITE(fffffd807a10cc98) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:656
ufs_mkdir(ffff800027f495e0) at ufs_mkdir+0x6b4 sys/ufs/ufs/ufs_vnops.c:1248
VOP_MKDIR(fffffd806966c098,ffff800027f49740,ffff800027f49770,ffff800027f49670) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff80002955d500,ffffff9c,20000100,0) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3116
syscall(ffff800027f498f0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800027f498f0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x912d99192c0, count: -11
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: c51a0c5ef40d Device tree bindings for this device are offi..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16cc3723f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=110a0c48bef518dc93f7
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+110a0c...@syzkaller.appspotmail.com
panic: vop_genepranici_c:bakdeorpn
eStopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*461211 46248 32767 0x10 0x4000000 1 syz-executor.5
145206 48739 32767 0x10 0x4000000 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82594086) at panic+0x177 sys/kern/subr_prf.c:202
vop_generic_badop(ffff800027f49348) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd806966c4f8,fffffd807a10cc98) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:644
bwrite(fffffd807a10cc98) at bwrite+0x1f0 sys/kern/vfs_bio.c:763
VOP_BWRITE(fffffd807a10cc98) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:656
ufs_mkdir(ffff800027f495e0) at ufs_mkdir+0x6b4 sys/ufs/ufs/ufs_vnops.c:1248
VOP_MKDIR(fffffd806966c098,ffff800027f49740,ffff800027f49770,ffff800027f49670) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff80002955d500,ffffff9c,20000100,0) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3116
syscall(ffff800027f498f0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800027f498f0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x912d99192c0, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
cpu0: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_fork.c", line 678
*cpu1: vop_generic_badop
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82594086) at panic+0x177 sys/kern/subr_prf.c:202
vop_generic_badop(ffff800027f49348) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd806966c4f8,fffffd807a10cc98) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:644
bwrite(fffffd807a10cc98) at bwrite+0x1f0 sys/kern/vfs_bio.c:763
VOP_BWRITE(fffffd807a10cc98) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:656
ufs_mkdir(ffff800027f495e0) at ufs_mkdir+0x6b4 sys/ufs/ufs/ufs_vnops.c:1248
VOP_MKDIR(fffffd806966c098,ffff800027f49740,ffff800027f49770,ffff800027f49670) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff80002955d500,ffffff9c,20000100,0) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3116
syscall(ffff800027f498f0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800027f498f0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x912d99192c0, count: -11
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800027f49270
rbx 0xffff800020cd9c5f
rdx 0
rcx 0
rax 0xffff80002955d500
r8 0x101010101010101
r9 0x8080808080808080
r10 0x918732fd50a07b32
r11 0x6f372f81e6555e2c
r12 0xffff800020cd9a60
r13 0
r14 0
r15 0x1
rip 0xffffffff81b2fee8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800027f49260
ss 0
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.5) pid=461211 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=17, usrpri=80, nice=20
forw=0xffffffffffffffff, list=0xffff80002955cd20,0xffff80002955d270
process=0xffff800027b06158 user=0xffff800027f44000, vmspace=0xfffffd8066b268b8
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
69092 120172 9965 32767 2 0x10 syz-executor.2
46248 34037 36415 32767 2 0x10 syz-executor.5
*46248 461211 36415 32767 7 0x4000010 syz-executor.5
48739 36395 11915 32767 2 0x10 syz-executor.0
48739 261522 11915 32767 3 0x4000090 fsleep syz-executor.0
48739 145206 11915 32767 7 0x4000010 syz-executor.0
12698 426038 32218 32767 3 0x90 piperd syz-executor.7
32218 342847 41811 0 3 0x82 wait syz-executor.7
58560 506594 0 0 3 0x14200 bored sosplice
54183 116415 2137 32767 3 0x90 piperd syz-executor.4
36415 237900 57809 32767 3 0x90 nanoslp syz-executor.5
21914 474638 69282 32767 3 0x90 nanoslp syz-executor.6
69282 84414 41811 0 3 0x82 wait syz-executor.6
57809 325970 41811 0 3 0x82 wait syz-executor.5
79266 120452 71849 32767 3 0x90 piperd syz-executor.3
2137 47343 41811 0 3 0x82 wait syz-executor.4
9965 302483 29005 32767 3 0x90 nanoslp syz-executor.2
71849 79812 41811 0 3 0x82 wait syz-executor.3
78560 368384 50251 32767 2 0x10 syz-executor.1
29005 71295 41811 0 3 0x82 wait syz-executor.2
11915 330678 73968 32767 3 0x90 nanoslp syz-executor.0
50251 189871 41811 0 3 0x82 wait syz-executor.1
73968 361758 41811 0 3 0x82 wait syz-executor.0
41811 469083 30530 0 3 0x82 thrsleep syz-fuzzer
41811 371560 30530 0 3 0x4000082 nanoslp syz-fuzzer
41811 253905 30530 0 3 0x4000082 thrsleep syz-fuzzer
41811 358333 30530 0 3 0x4000082 thrsleep syz-fuzzer
41811 344575 30530 0 3 0x4000082 thrsleep syz-fuzzer
41811 36575 30530 0 3 0x4000082 kqread syz-fuzzer
41811 460784 30530 0 3 0x4000082 thrsleep syz-fuzzer
41811 390691 30530 0 3 0x4000082 thrsleep syz-fuzzer
41811 32878 30530 0 3 0x4000082 thrsleep syz-fuzzer
30530 442813 7698 0 3 0x10008a sigsusp ksh
7698 228434 81556 0 3 0x9a kqread sshd
36334 186791 1 0 3 0x100083 ttyin getty
81556 8417 1 0 3 0x88 kqread sshd
52975 252718 44835 73 3 0x1100090 kqread syslogd
44835 280106 1 0 3 0x100082 netio syslogd
57199 144542 1 0 3 0x100080 kqread resolvd
38077 433695 68116 77 3 0x100092 kqread dhcpleased
29129 457587 68116 77 3 0x100092 kqread dhcpleased
68116 114007 1 0 3 0x80 kqread dhcpleased
74462 471022 0 0 3 0x14200 bored smr
36554 396415 0 0 2 0x14200 zerothread
91706 190040 0 0 3 0x14200 aiodoned aiodoned
24498 337070 0 0 3 0x14200 syncer update
12627 423991 0 0 3 0x14200 cleaner cleaner
19911 129579 0 0 3 0x14200 reaper reaper
43093 447356 0 0 3 0x14200 pgdaemon pagedaemon
50110 501336 0 0 3 0x14200 bored viomb
44321 235648 0 0 3 0x40014200 acpi0 acpi0
1472 320844 0 0 3 0x40014200 idle1
3159 24551 0 0 3 0x14200 bored softnet
79845 200740 0 0 3 0x14200 bored softnet
5485 189130 0 0 3 0x14200 bored softnet
51279 81227 0 0 3 0x14200 bored softnet
6175 461380 0 0 3 0x14200 bored systqmp
40107 200109 0 0 3 0x14200 bored systq
1061 176536 0 0 3 0x40014200 bored softclock
44027 44958 0 0 3 0x40014200 idle0
1 73665 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 46248 (syz-executor.5) thread 0xffff80002955d500 (461211)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff829e1220)
#0 witness_lock+0x44d
#1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
#2 mi_switch+0x3d3 sys/kern/sched_bsd.c:416
#3 sleep_finish+0x180 sys/kern/kern_synch.c:420
#4 tsleep+0x12c sys/kern/kern_synch.c:158
#5 biowait+0x91 sys/kern/vfs_bio.c:1271
#6 bwrite+0x21b sys/kern/vfs_bio.c:772
#7 ffs_update+0x27d sys/ufs/ffs/ffs_inode.c:113
#8 ufs_mkdir+0x662 sys/ufs/ufs/ufs_vnops.c:1232
#9 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
#10 domkdirat+0x121 sys/kern/vfs_syscalls.c:3116
#11 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#11 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#12 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8069678f88)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vget+0x1d3 sys/kern/vfs_subr.c:678
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1318
#8 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#9 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162
#10 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
#11 domkdirat+0x121 sys/kern/vfs_syscalls.c:3116
#12 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#12 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#13 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8069678b48)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413
#6 namei+0x36a sys/kern/vfs_lookup.c:245
#7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3101
#8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
Process 48739 (syz-executor.0) thread 0xffff800027b03270 (36395)
exclusive rwlock amaplk r = 0 (0xfffffd807b326128)
#0 witness_lock+0x44d
#1 uvm_fault_check+0x3ca sys/uvm/uvm_fault.c:774
#2 uvm_fault+0x102 sys/uvm/uvm_fault.c:602
#3 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
#4 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403
#5 recall_trap+0x8
shared rwlock vmmaplk r = 0 (0xfffffd8066b26e90)
#0 witness_lock+0x44d
#1 uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1762
#2 uvm_fault_check+0x3a sys/uvm/uvm_fault.c:674
#3 uvm_fault+0x102 sys/uvm/uvm_fault.c:602
#4 upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
#5 usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403
#6 recall_trap+0x8
Process 48739 (syz-executor.0) thread 0xffff800027b02550 (261522)
exclusive rrwlock inode r = 0 (0xfffffd8064a533d0)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1347
#6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_makeinode+0xae sys/ufs/ufs/ufs_vnops.c:1830
#8 ufs_create+0x41 sys/ufs/ufs/ufs_vnops.c:152
#9 VOP_CREATE+0xbc sys/kern/vfs_vops.c:103
#10 vn_open+0x28f sys/kern/vfs_vnops.c:122
#11 doopenat+0x26a sys/kern/vfs_syscalls.c:1131
#12 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#12 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#13 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd80696782c8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413
#6 namei+0x36a sys/kern/vfs_lookup.c:245
#7 vn_open+0x188 sys/kern/vfs_vnops.c:113
#8 doopenat+0x26a sys/kern/vfs_syscalls.c:1131
#9 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#9 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#10 Xsyscall+0x128
Process 78560 (syz-executor.1) thread 0xffff8000fffee2a0 (368384)
exclusive rrwlock inode r = 0 (0xfffffd8064a53810)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1347
#6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162
#8 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
#9 domkdirat+0x121 sys/kern/vfs_syscalls.c:3116
#10 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#10 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd807af582b8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413
#6 namei+0x36a sys/kern/vfs_lookup.c:245
#7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3101
#8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10194 6410K 6420K 78643K 11294 0
pcb 13 12K 14K 78643K 17 0
rtable 238 6K 7K 78643K 856 0
ifaddr 81 16K 16K 78643K 103 0
sysctl 2 0K 0K 78643K 2 0
counters 56 35K 35K 78643K 62 0
ioctlops 0 0K 2K 78643K 44 0
iov 0 0K 28K 78643K 492 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1270 79K 79K 78643K 1957 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 38 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 1K 78643K 590 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 21 77K 113K 78643K 2773 0
sigio 0 0K 0K 78643K 59 0
proc 56 78K 115K 78643K 793 0
subproc 104 6K 6K 78643K 143 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 286 0
in_multi 99 6K 6K 78643K 186 0
ether_multi 1 0K 0K 78643K 33 0
mrt 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 163 731K 731K 78643K 163 0
exec 0 0K 2K 78643K 1311 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 233 84K 94K 78643K 18436 0
UVM aobj 131 4K 4K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 111 0
NDP 11 0K 2K 78643K 36 0
temp 124 4730K 4794K 78643K 10276 0
kqueue 12 18K 24K 78643K 274 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 645 0 642 7 6 1 4 0 8 0
rtentry 112 149 0 37 4 0 4 4 0 8 0
unpcb 136 2054 0 2041 19 18 1 6 0 8 0
syncache 296 24 0 24 6 6 0 1 0 8 0
tcpqe 32 8 0 8 2 2 0 1 0 8 0
tcpcb 736 1022 0 1011 43 40 3 14 0 8 1
arp 120 26 0 6 1 0 1 1 0 8 0
inpcb 312 4489 0 4466 53 43 10 15 0 8 6
ip6q 72 2 0 2 1 1 0 1 0 8 0
ip6af 40 6 0 6 1 1 0 1 0 8 0
nd6 48 36 0 12 1 0 1 1 0 8 0
kcovpl 48 11 0 3 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 603 0 149 30 1 29 30 0 8 0
art_table 32 604 0 149 4 0 4 4 0 8 0
art_node 16 148 0 46 1 0 1 1 0 8 0
semupl 112 5 0 5 1 1 0 1 0 8 0
semapl 112 585 0 575 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 5269 0 3836 90 0 90 90 0 8 0
ffsino 272 5269 0 3836 96 0 96 96 0 8 0
nchpl 144 9498 0 7865 63 0 63 63 0 8 0
uvmvnodes 80 5421 0 0 111 0 111 111 0 8 0
vnodes 224 5421 0 0 319 0 319 319 0 8 0
namei 1024 34236 0 34234 3 2 1 2 0 8 0
percpumem 16 43 0 3 1 0 1 1 0 8 0
kstatmem 264 28 0 6 2 0 2 2 0 8 0
scxspl 216 25060 0 25060 14 13 1 8 0 8 1
plimitpl 152 846 0 824 4 2 2 2 0 8 1
sigapl 424 3045 0 2994 7 0 7 7 0 8 0
futexpl 64 25523 0 25522 1 0 1 1 0 8 0
knotepl 120 340 0 0 10 0 10 10 0 8 0
kqueuepl 216 647 0 639 9 8 1 5 0 8 0
pipepl 336 990 0 962 28 25 3 8 0 8 0
fdescpl 496 3027 0 2995 7 2 5 6 0 8 0
filepl 152 23446 0 23210 47 34 13 18 0 8 2
lockfpl 104 609 0 607 1 0 1 1 0 8 0
lockfspl 48 134 0 132 1 0 1 1 0 8 0
sessionpl 144 26 0 10 1 0 1 1 0 8 0
pgrppl 48 112 0 96 1 0 1 1 0 8 0
ucredpl 96 3817 0 3799 1 0 1 1 0 8 0
zombiepl 144 2995 0 2994 1 0 1 1 0 8 0
processpl 1064 3045 0 2994 4 0 4 4 0 8 0
procpl 672 8482 0 8420 11 3 8 8 0 8 1
sosppl 168 60 0 60 7 7 0 1 0 8 0
sockpl 480 7225 0 7195 150 133 17 24 0 8 11
mcl64k 65536 25 0 0 4 1 3 3 0 8 0
mcl16k 16384 17 0 0 3 0 3 3 0 8 0
mcl12k 12288 17 0 0 2 0 2 2 0 8 0
mcl9k 9216 10 0 0 1 0 1 1 0 8 0
mcl8k 8192 20 0 0 3 0 3 3 0 8 0
mcl4k 4096 17 0 0 3 0 3 3 0 8 0
mcl2k2 2112 8 0 0 1 0 1 1 0 8 0
mcl2k 2048 161 0 0 19 0 19 19 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 738 0 0 40 0 40 40 0 8 0
bufpl 288 7410 0 1083 453 0 453 453 0 8 0
anonpl 24 581087 0 568895 162 67 95 105 0 186 10
amapchunkpl 152 52194 0 51626 34 3 31 33 0 158 0
amappl16 200 7543 0 7196 57 38 19 31 0 8 0
amappl15 192 5 0 3 2 1 1 1 0 8 0
amappl14 184 26 0 22 1 0 1 1 0 8 0
amappl13 176 99 0 97 1 0 1 1 0 8 0
amappl12 168 645 0 639 1 0 1 1 0 8 0
amappl11 160 83 0 67 1 0 1 1 0 8 0
amappl10 152 845 0 836 1 0 1 1 0 8 0
amappl9 144 1173 0 1167 1 0 1 1 0 8 0
amappl8 136 1232 0 1161 3 0 3 3 0 8 0
amappl7 128 663 0 649 1 0 1 1 0 8 0
amappl6 120 903 0 884 2 1 1 2 0 8 0
amappl5 112 3225 0 3204 1 0 1 1 0 8 0
amappl4 104 884 0 860 1 0 1 1 0 8 0
amappl3 96 9304 0 9256 2 0 2 2 0 8 0
amappl2 88 3779 0 3712 3 1 2 3 0 8 0
amappl1 80 73815 0 73188 20 4 16 19 0 8 0
amappl 88 17823 0 17670 6 1 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 3027 0 2995 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 3027 0 2995 1 0 1 1 0 8 0
vmmpekpl 168 28898 0 28833 4 0 4 4 0 8 0
vmmpepl 168 298295 0 295914 167 39 128 136 0 357 6
vmsppl 368 3026 0 2995 4 0 4 4 0 8 0
rwobjpl 56 79685 0 72872 99 1 98 98 0 8 0
pdppl 4096 6061 0 5990 164 83 81 89 0 8 10
pvpl 32 1196242 0 1179253 305 133 172 239 0 265 21
pmappl 248 3026 0 2995 4 1 3 3 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 1043 0 197 25 0 25 25 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff829bdff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x28 sys/arch/amd64/amd64/bus_space.c:639
comcnputc(800,6c) at comcnputc+0x97 sys/dev/ic/com.c:1259
cnputc(6c) at cnputc+0x4b sys/dev/cons.c:239
db_putchar(6c) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82618f7d) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff8259f5e6) at panic+0xd7 sys/kern/subr_prf.c:220
__assert(ffffffff82615eb5,ffffffff825de0a9,2a6,ffffffff825d5026) at __assert+0x25 sys/kern/subr_prf.c:161
proc_trampoline_mp() at proc_trampoline_mp+0x131
end trace frame: 0x0, count: 3
ddb{0}> trace
x86_ipi_db(ffffffff829bdff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x28 sys/arch/amd64/amd64/bus_space.c:639
comcnputc(800,6c) at comcnputc+0x97 sys/dev/ic/com.c:1259
cnputc(6c) at cnputc+0x4b sys/dev/cons.c:239
db_putchar(6c) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82618f7d) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff8259f5e6) at panic+0xd7 sys/kern/subr_prf.c:220
__assert(ffffffff82615eb5,ffffffff825de0a9,2a6,ffffffff825d5026) at __assert+0x25 sys/kern/subr_prf.c:161
proc_trampoline_mp() at proc_trampoline_mp+0x131
end trace frame: 0x0, count: -12
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x18: addq $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82594086) at panic+0x177 sys/kern/subr_prf.c:202
vop_generic_badop(ffff800027f49348) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd806966c4f8,fffffd807a10cc98) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:644
bwrite(fffffd807a10cc98) at bwrite+0x1f0 sys/kern/vfs_bio.c:763
VOP_BWRITE(fffffd807a10cc98) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:656
ufs_mkdir(ffff800027f495e0) at ufs_mkdir+0x6b4 sys/ufs/ufs/ufs_vnops.c:1248
VOP_MKDIR(fffffd806966c098,ffff800027f49740,ffff800027f49770,ffff800027f49670) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff80002955d500,ffffff9c,20000100,0) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3116
syscall(ffff800027f498f0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800027f498f0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x912d99192c0, count: 4
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82594086) at panic+0x177 sys/kern/subr_prf.c:202
vop_generic_badop(ffff800027f49348) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd806966c4f8,fffffd807a10cc98) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:644
bwrite(fffffd807a10cc98) at bwrite+0x1f0 sys/kern/vfs_bio.c:763
VOP_BWRITE(fffffd807a10cc98) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:656
ufs_mkdir(ffff800027f495e0) at ufs_mkdir+0x6b4 sys/ufs/ufs/ufs_vnops.c:1248
VOP_MKDIR(fffffd806966c098,ffff800027f49740,ffff800027f49770,ffff800027f49670) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff80002955d500,ffffff9c,20000100,0) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3116
syscall(ffff800027f498f0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800027f498f0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x912d99192c0, count: -11
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Anton Lindqvist
Jun 2, 2022, 1:14:09 AM6/2/22
to syzbot, syzkaller-o...@googlegroups.com
#syz invalid
Reply all
Reply to author
Forward
0 new messages