uvm_fault: db_enter (5)

0 views
Skip to first unread message

syzbot

unread,
Sep 11, 2023, 4:12:04 AM9/11/23
to syzkaller-o...@googlegroups.com
Hello,

syzbot found the following issue on:

HEAD commit: c824b3ec91bf Neomagic -> NeoMagic
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=123cc50c680000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=2420d1ce1c8f5ba1e7ae

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e33b5491444b/disk-c824b3ec.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/a59a98d318d9/bsd-c824b3ec.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c50a53a2ebf3/kernel-c824b3ec.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2420d1...@syzkaller.appspotmail.com

uvm_fault(0xfffffd8067e413c8, 0x7, 0, 1) -> e
kernel: page fault trap, cpanic: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_fork.c", line 677
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*519589 27917 32767 0x10 0x4000000 1 syz-executor.0
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827a57c9) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff828214f5,ffffffff827e441a,2a5,ffffffff827da394) at __assert+0x29 sys/kern/subr_prf.c:157
proc_trampoline_mp() at proc_trampoline_mp+0x135
end trace frame: 0x0, count: 11
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu0: uvm_fault(0xfffffd8067e413c8, 0x7, 0, 1) -> e
cpu1: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_fork.c", line 677
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827a57c9) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff828214f5,ffffffff827e441a,2a5,ffffffff827da394) at __assert+0x29 sys/kern/subr_prf.c:157
proc_trampoline_mp() at proc_trampoline_mp+0x135
end trace frame: 0x0, count: -4
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002613f6d0
rbx 0xffff800020d59b9f
rdx 0
rcx 0xffff8000212622c8
rax 0xffff800020d58ff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0x4d2bfbe14c758575
r11 0xdae98bdf51f622fa
r12 0xffff800020d599a0
r13 0
r14 0xffffffff82c3a9a0 cpu_info_full_primary+0x29a0
r15 0x1
rip 0xffffffff814d940c db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff80002613f6c0
ss 0
db_enter+0x1c: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.0) pid=519589 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=82, usrpri=82, nice=20
forw=0xffffffffffffffff, list=0xffff800021262020,0xffff800021262580
process=0xffff80002e4150e0 user=0xffff80002613a000, vmspace=0xfffffd8069ad9b00
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
27917 194733 78436 32767 2 0x10 syz-executor.0
*27917 519589 78436 32767 7 0x4000010 syz-executor.0
27917 221746 78436 32767 2 0x4000010 syz-executor.0
18312 151791 47761 32767 2 0x10 syz-executor.7
18312 267195 47761 32767 3 0x4000090 fsleep syz-executor.7
96656 369366 42465 32767 2 0x10 syz-executor.1
96656 353362 42465 32767 3 0x4000090 netio syz-executor.1
96656 62267 42465 32767 3 0x4000090 netio syz-executor.1
96656 405714 42465 32767 3 0x4000090 fsleep syz-executor.1
96656 488084 42465 32767 2 0x4000010 syz-executor.1
5577 463358 0 0 3 0x14200 bored sosplice
47761 100682 53936 32767 3 0x90 nanoslp syz-executor.7
53936 472082 81977 0 3 0x82 wait syz-executor.7
7404 169238 74652 32767 3 0x90 nanoslp syz-executor.6
74652 1383 81977 0 3 0x82 wait syz-executor.6
74738 318110 17736 32767 3 0x90 nanoslp syz-executor.5
17736 363573 81977 0 3 0x82 wait syz-executor.5
81451 91762 92697 32767 2 0x10 syz-executor.2
94669 517721 30230 32767 2 0x10 syz-executor.4
30230 38616 81977 0 3 0x82 wait syz-executor.4
42465 287493 32652 32767 3 0x90 nanoslp syz-executor.1
33330 459112 33347 32767 3 0x90 nanoslp syz-executor.3
92697 39923 81977 0 3 0x82 wait syz-executor.2
78436 482610 20159 32767 3 0x90 nanoslp syz-executor.0
33347 211842 81977 0 3 0x82 wait syz-executor.3
32652 521074 81977 0 3 0x82 wait syz-executor.1
20159 2613 81977 0 3 0x82 wait syz-executor.0
81977 511970 82295 0 3 0x2000082 thrsleep syz-fuzzer
81977 427949 82295 0 3 0x6000082 nanoslp syz-fuzzer
81977 495753 82295 0 3 0x6000082 wait syz-fuzzer
81977 329714 82295 0 3 0x6000082 wait syz-fuzzer
81977 485237 82295 0 3 0x6000082 wait syz-fuzzer
81977 457382 82295 0 3 0x6000082 thrsleep syz-fuzzer
81977 154917 82295 0 3 0x6000082 wait syz-fuzzer
81977 501512 82295 0 3 0x6000082 thrsleep syz-fuzzer
81977 479040 82295 0 3 0x6000082 wait syz-fuzzer
81977 419358 82295 0 3 0x6000082 wait syz-fuzzer
81977 476399 82295 0 3 0x6000082 wait syz-fuzzer
81977 155553 82295 0 3 0x6000082 thrsleep syz-fuzzer
81977 218073 82295 0 3 0x6000082 thrsleep syz-fuzzer
81977 80264 82295 0 3 0x6000082 wait syz-fuzzer
81977 120705 82295 0 2 0x6000082 syz-fuzzer
81977 257185 82295 0 2 0x6000082 syz-fuzzer
82295 326664 44765 0 3 0x10008a sigsusp ksh
44765 423033 57068 0 2 0x9a sshd
78765 87963 1 0 3 0x100083 ttyin getty
57068 26311 1 0 3 0x88 kqread sshd
74015 93786 55875 73 3 0x1100090 kqread syslogd
55875 304378 1 0 3 0x100082 netio syslogd
82940 197543 1 0 3 0x100080 kqread resolvd
5062 185244 14516 77 3 0x100092 kqread dhcpleased
48457 383982 14516 77 3 0x100092 kqread dhcpleased
14516 475755 1 0 3 0x80 kqread dhcpleased
9848 139247 0 0 3 0x14200 bored smr
75624 6573 0 0 2 0x14200 zerothread
69211 271430 0 0 3 0x14200 aiodoned aiodoned
23139 197238 0 0 3 0x14200 syncer update
8242 169841 0 0 3 0x14200 cleaner cleaner
47929 68670 0 0 2 0x14200 reaper
17010 314765 0 0 3 0x14200 pgdaemon pagedaemon
82779 512438 0 0 3 0x14200 bored viomb
37418 310635 0 0 3 0x40014200 acpi0 acpi0
86063 452196 0 0 3 0x40014200 idle1
60316 474303 0 0 3 0x14200 bored softnet3
6863 34662 0 0 3 0x14200 bored softnet2
94761 143874 0 0 3 0x14200 bored softnet1
14240 294377 0 0 2 0x14200 softnet0
47130 482750 0 0 3 0x14200 bored systqmp
86919 161614 0 0 3 0x14200 bored systq
72052 340402 0 0 3 0x40014200 bored softclock
39723 445042 0 0 3 0x40014200 idle0
1 85518 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 94669 (syz-executor.4) thread 0xffff8000212632b8 (517721)
exclusive rrwlock inode r = 0 (0xfffffd80774fd3d8)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vget+0x200 sys/kern/vfs_subr.c:676
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1314
#8 ufs_lookup+0x13ba sys/ufs/ufs/ufs_lookup.c:487
#9 VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x6e2 sys/kern/vfs_lookup.c:566
#11 namei+0x55a sys/kern/vfs_lookup.c:250
#12 dounlinkat+0x9d sys/kern/vfs_syscalls.c:1847
#13 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#13 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8066988d58)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vget+0x200 sys/kern/vfs_subr.c:676
#6 cache_lookup+0x2b4 sys/kern/vfs_cache.c:222
#7 ufs_lookup+0x1ac sys/ufs/ufs/ufs_lookup.c:162
#8 VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85
#9 vfs_lookup+0x6e2 sys/kern/vfs_lookup.c:566
#10 namei+0x55a sys/kern/vfs_lookup.c:250
#11 dounlinkat+0x9d sys/kern/vfs_syscalls.c:1847
#12 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#12 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
#13 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10191 6409K 6420K 78643K 11269 0
pcb 13 14K 18K 78643K 17 0
rtable 236 6K 6K 78643K 363 0
pf 29 8K 8K 78643K 29 0
ifaddr 44 15K 15K 78643K 46 0
ifgroup 50 2K 2K 78643K 50 0
sysctl 2 0K 0K 78643K 2 0
counters 60 35K 35K 78643K 60 0
ioctlops 0 0K 2K 78643K 42 0
iov 1 2K 16K 78643K 155 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1278 80K 80K 78643K 1641 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 23 0
VM map 2 1K 1K 78643K 2 0
sem 10 1K 1K 78643K 14 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 22 81K 121K 78643K 1404 0
sigio 0 0K 0K 78643K 19 0
proc 56 78K 103K 78643K 534 0
subproc 104 6K 6K 78643K 104 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 35 0
in_multi 99 7K 7K 78643K 108 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 85 387K 387K 78643K 85 0
exec 0 0K 1K 78643K 504 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 338 84K 86K 78643K 15910 0
UVM aobj 75 3K 3K 78643K 75 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 31 0
NDP 11 0K 2K 78643K 27 0
temp 74 5920K 5986K 78643K 7262 0
kqueue 12 18K 24K 78643K 129 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 56 0 53 1 0 1 1 0 8 0
rtentry 112 113 0 2 4 0 4 4 0 8 0
unpcb 144 763 0 747 10 5 5 5 0 8 4
syncache 304 24 0 24 6 5 1 1 0 8 1
tcpqe 32 252 0 252 4 3 1 1 0 8 1
tcpcb 808 536 0 524 22 14 8 8 0 8 6
arp 120 18 0 0 1 0 1 1 0 8 0
ipq 40 7 0 7 1 0 1 1 0 8 1
ipqe 40 26 0 26 1 0 1 1 0 8 1
inpcb 368 1898 0 1883 40 32 8 23 0 8 6
nd6 136 26 0 1 1 0 1 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 462 0 7 29 0 29 29 0 8 0
art_table 32 463 0 7 4 0 4 4 0 8 0
art_node 16 112 0 11 1 0 1 1 0 8 0
semupl 112 7 0 7 1 1 0 1 0 8 0
semapl 112 8 0 0 1 0 1 1 0 8 0
shmpl 112 72 0 0 3 0 3 3 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 3315 0 1873 91 0 91 91 0 8 0
ffsino 272 3315 0 1873 97 0 97 97 0 8 0
nchpl 144 5218 0 3536 63 0 63 63 0 8 0
uvmvnodes 80 3428 0 0 70 0 70 70 0 8 0
vnodes 216 3428 0 0 191 0 191 191 0 8 0
namei 1024 17712 0 17712 2 1 1 2 0 8 1
percpumem 16 43 0 0 1 0 1 1 0 8 0
kstatmem 264 22 0 0 2 0 2 2 0 8 0
scxspl 216 24265 0 24265 16 12 4 8 1 8 4
plimitpl 152 161 0 137 2 1 1 2 0 8 0
sigapl 424 1703 0 1650 7 0 7 7 0 8 0
futexpl 64 10588 0 10586 2 1 1 1 0 8 0
knotepl 120 563 0 0 18 2 16 18 0 8 0
kqueuepl 216 278 0 270 5 4 1 5 0 8 0
pipepl 320 442 0 414 11 3 8 8 0 8 5
fdescpl 496 1685 0 1652 7 2 5 6 0 8 0
filepl 152 10671 0 10429 34 19 15 19 0 8 5
lockfpl 104 348 0 346 2 1 1 2 0 8 0
lockfspl 48 73 0 71 1 0 1 1 0 8 0
sessionpl 144 23 0 7 1 0 1 1 0 8 0
pgrppl 48 274 0 258 1 0 1 1 0 8 0
ucredpl 104 1725 0 1707 1 0 1 1 0 8 0
zombiepl 144 1653 0 1650 1 0 1 1 0 8 0
processpl 1072 1703 0 1650 5 0 5 5 0 8 0
procpl 680 4086 0 4010 10 2 8 8 0 8 1
sosppl 168 27 0 27 4 3 1 1 0 8 1
sockpl 488 2731 0 2697 72 59 13 34 0 8 8
mcl64k 65536 8 0 0 1 0 1 1 0 8 0
mcl16k 16384 12 0 0 2 0 2 2 0 8 0
mcl12k 12288 7 0 0 1 0 1 1 0 8 0
mcl9k 9216 7 0 0 1 0 1 1 0 8 0
mcl8k 8192 9 0 0 2 0 2 2 0 8 0
mcl4k 4096 39 0 0 5 2 3 5 0 8 0
mcl2k2 2112 2 0 0 1 0 1 1 0 8 0
mcl2k 2048 270 0 0 34 0 34 34 0 8 0
mtagpl 96 1 0 0 1 0 1 1 0 8 0
mbufpl 256 1017 0 0 60 0 60 60 0 8 0
bufpl 288 6717 0 392 452 0 452 452 0 8 0
anonpl 24 432975 0 421850 134 18 116 118 0 186 25
amapchunkpl 152 51350 0 50512 53 13 40 46 0 158 5
amappl16 200 15067 0 14765 83 58 25 42 0 8 8
amappl15 192 8 0 8 1 1 0 1 0 8 0
amappl14 184 151 0 140 2 1 1 2 0 8 0
amappl13 176 20 0 19 1 0 1 1 0 8 0
amappl12 168 2320 0 2285 2 0 2 2 0 8 0
amappl11 160 48 0 38 1 0 1 1 0 8 0
amappl10 152 26 0 17 1 0 1 1 0 8 0
amappl9 144 181 0 179 2 1 1 1 0 8 0
amappl8 136 251 0 188 3 0 3 3 0 8 0
amappl7 128 65 0 52 2 0 2 2 0 8 0
amappl6 120 219 0 202 2 1 1 2 0 8 0
amappl5 112 201 0 191 1 0 1 1 0 8 0
amappl4 104 595 0 555 3 1 2 3 0 8 0
amappl3 96 10435 0 10347 3 0 3 3 0 8 0
amappl2 88 1991 0 1922 3 1 2 3 0 8 0
amappl1 80 14241 0 13717 22 9 13 22 0 8 0
amappl 88 15360 0 15133 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 74 0 0 2 0 2 2 0 8 0
uaddrrnd 24 1685 0 1652 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1685 0 1652 1 0 1 1 0 8 0
vmmpekpl 168 19101 0 19043 3 0 3 3 0 8 0
vmmpepl 168 125349 0 123083 147 21 126 128 0 357 20
vmsppl 464 1684 0 1652 7 2 5 6 0 8 0
rwobjpl 56 47174 0 42376 71 1 70 70 0 8 0
pdppl 4096 3377 0 3304 143 62 81 93 0 8 8
pvpl 32 905039 0 888070 363 83 280 362 0 265 126
pmappl 248 1684 0 1652 4 1 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 997 0 115 26 0 26 26 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffffffff82c39ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82c85668) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82c85668) at __mp_lock+0x122 sys/kern/kern_lock.c:147
intr_handler(ffff80002c9dede0,ffff800000077d00) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge16_untramp() at Xintr_ioapic_edge16_untramp+0x18f
__mp_lock(ffffffff82c85668) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82c85668) at __mp_lock+0x122 sys/kern/kern_lock.c:147
softintr_dispatch(0) at softintr_dispatch+0x52 sys/arch/amd64/amd64/softintr.c:88
Xsoftclock() at Xsoftclock+0x27
cnputc(63) at cnputc+0x4f sys/dev/cons.c:218
db_putchar(63) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x6bc sys/kern/subr_prf.c:724
db_printf(ffffffff827b90a2) at db_printf+0x89 sys/kern/subr_prf.c:498
db_ktrap(6,0,ffff80002c9df2a0) at db_ktrap+0x12c sys/arch/amd64/amd64/db_interface.c:128
end trace frame: 0xffff80002c9df290, count: 0
ddb{0}> trace
x86_ipi_db(ffffffff82c39ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82c85668) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82c85668) at __mp_lock+0x122 sys/kern/kern_lock.c:147
intr_handler(ffff80002c9dede0,ffff800000077d00) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge16_untramp() at Xintr_ioapic_edge16_untramp+0x18f
__mp_lock(ffffffff82c85668) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82c85668) at __mp_lock+0x122 sys/kern/kern_lock.c:147
softintr_dispatch(0) at softintr_dispatch+0x52 sys/arch/amd64/amd64/softintr.c:88
Xsoftclock() at Xsoftclock+0x27
cnputc(63) at cnputc+0x4f sys/dev/cons.c:218
db_putchar(63) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x6bc sys/kern/subr_prf.c:724
db_printf(ffffffff827b90a2) at db_printf+0x89 sys/kern/subr_prf.c:498
db_ktrap(6,0,ffff80002c9df2a0) at db_ktrap+0x12c sys/arch/amd64/amd64/db_interface.c:128
kerntrap(ffff80002c9df2a0) at kerntrap+0x143 sys/arch/amd64/amd64/trap.c:323
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
witness_checkorder(fffffd806f1e35f8,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794
mtx_enter(fffffd806f1e35e8) at mtx_enter+0x3e sys/kern/kern_lock.c:265
knote_remove(ffff800026363548,fffffd806f1e35e8,fffffd806f1e3670,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881
knote_fdclose(ffff800026363548,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934
fdfree(ffff800026363548) at fdfree+0xdf sys/kern/kern_descrip.c:1196
exit1(ffff800026363548,0,0,1) at exit1+0x3e4 sys/kern/kern_exit.c:206
sys_exit(ffff800026363548,ffff80002c9df660,ffff80002c9df6b0) at sys_exit+0x1a sys/kern/kern_exit.c:89
syscall(ffff80002c9df730) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002c9df730) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7a91499070d0, count: -25
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x1c: addq $0x8,%rsp
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827a57c9) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff828214f5,ffffffff827e441a,2a5,ffffffff827da394) at __assert+0x29 sys/kern/subr_prf.c:157
proc_trampoline_mp() at proc_trampoline_mp+0x135
end trace frame: 0x0, count: 11
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827a57c9) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff828214f5,ffffffff827e441a,2a5,ffffffff827da394) at __assert+0x29 sys/kern/subr_prf.c:157
proc_trampoline_mp() at proc_trampoline_mp+0x135
end trace frame: 0x0, count: -4


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages