panic: apcaqnuiic:ri nkg ebrloncekla b l e sl ee p l o c k w i t h s p i n l oc k o r cr i ti c a l
0 views
Skip to first unread message
syzbot
Mar 22, 2022, 1:58:19 AM3/22/22
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 6be6ed882de0 Reduce dmesg spam by nor printing the "Apple"..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=158851db700000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=88122ab53703ea068397
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+88122a...@syzkaller.appspotmail.com
panic: apcaqnuiic:ri nkg ebrloncekla b l e sl ee p l o c k w i t h s p i n l oc k o r cr i ti c a l s ec t i on h el d ( k e r n e dl_ilagoncok)s t ic a s se r t i on " ! _k e r n e l_ l o c k &_kheelrdn(e)l_"flaoilcked
: Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*122406 37712 32767 0x10 0x4000000 0 syz-executor.3
10278 47011 0 0x14000 0x200 1 reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a183e) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82a73908,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd807d456358) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd807d456358) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd807d456240) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f676ea0,fffffd8067e85b00,fffffd806072f4b0,0,14,fffffd806072f4c4,c680a7f2d7c61057,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff800024676608,ffff800024676614,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff800024676608,ffff800024676614,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff800024676608,ffff800024676614,ffff80002488f000,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff800024676608,ffff800024676614,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd806072f400) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd806072f400,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd806112b600,0,fffffd806f676078,0,0,fffffd806f676000,5b96b22f53d8cb5b) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd806112b600,0,fffffd806f676078,0,0,fffffd806f676000,5b96b22f53d8cb5b) at ip_output+0xb05 sys/netinet/ip_output.c:332
end trace frame: 0xffff800024676880, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock
cpu1: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_map.c", line 2734
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a183e) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82a73908,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd807d456358) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd807d456358) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd807d456240) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f676ea0,fffffd8067e85b00,fffffd806072f4b0,0,14,fffffd806072f4c4,c680a7f2d7c61057,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff800024676608,ffff800024676614,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff800024676608,ffff800024676614,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff800024676608,ffff800024676614,ffff80002488f000,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff800024676608,ffff800024676614,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd806072f400) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd806072f400,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd806112b600,0,fffffd806f676078,0,0,fffffd806f676000,5b96b22f53d8cb5b) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd806112b600,0,fffffd806f676078,0,0,fffffd806f676000,5b96b22f53d8cb5b) at ip_output+0xb05 sys/netinet/ip_output.c:332
udp_output(fffffd806f676000,fffffd806112b600,0,0) at udp_output+0x58d sys/netinet/udp_usrreq.c:1011
sosend(fffffd807d456600,0,ffff800024676a18,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582
dofilewritev(ffff8000ffff6fd0,4,ffff800024676a18,0,ffff800024676b10) at dofilewritev+0x19c sys/kern/sys_generic.c:381
sys_write(ffff8000ffff6fd0,ffff800024676ab8,ffff800024676b10) at sys_write+0x83 sys/kern/sys_generic.c:301
syscall(ffff800024676b80) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800024676b80) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x6becacc3700, count: -20
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800024676040
rbx 0xffffffff828f2bff cpu_info_full_primary+0x2bff
rdx 0xffff800000bca680
rcx 0
rax 0xffff8000ffff6fd0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xe73eea002c5ec715
r11 0x3ba0d3c12d1f8d1f
r12 0xffffffff828f2a00 cpu_info_full_primary+0x2a00
r13 0
r14 0
r15 0x1
rip 0xffffffff819ed3a8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800024676030
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.3) pid=122406 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800027abfce8,0xffffffff82b20cb0
process=0xffff8000ffff2580 user=0xffff800024671000, vmspace=0xfffffd80670f3468
estcpu=36, cpticks=3, pctcpu=0.0
user=0, sys=2, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
37712 209145 14206 32767 2 0x10 syz-executor.3
*37712 122406 14206 32767 7 0x4000010 syz-executor.3
53060 110206 47946 32767 3 0x90 nanoslp syz-executor.6
53060 308974 47946 32767 3 0x4000090 piperd syz-executor.6
53060 297010 47946 32767 3 0x4000090 fsleep syz-executor.6
42382 12207 87219 32767 3 0x10 biowait syz-executor.7
87219 65773 98688 0 3 0x82 wait syz-executor.7
53025 153245 68159 32767 3 0x90 piperd syz-executor.1
68159 248262 98688 0 3 0x82 wait syz-executor.1
47946 171616 3513 32767 3 0x90 nanoslp syz-executor.6
3513 95975 98688 0 3 0x82 wait syz-executor.6
81352 335762 14668 32767 3 0x90 nanoslp syz-executor.0
14668 130137 98688 0 3 0x82 wait syz-executor.0
38843 137636 54018 32767 3 0x90 piperd syz-executor.5
54018 347426 98688 0 3 0x82 wait syz-executor.5
21351 36931 47317 32767 3 0x90 piperd syz-executor.2
47317 507931 98688 0 3 0x82 wait syz-executor.2
14206 521452 6797 32767 2 0x490 syz-executor.3
6797 351181 98688 0 3 0x82 wait syz-executor.3
30767 137601 87025 32767 3 0x90 nanoslp syz-executor.4
87025 313392 98688 0 3 0x82 wait syz-executor.4
50944 110158 0 0 3 0x14200 bored sosplice
98688 107397 86226 0 3 0x82 thrsleep syz-fuzzer
98688 521657 86226 0 3 0x4000082 nanoslp syz-fuzzer
98688 302593 86226 0 2 0x4000082 syz-fuzzer
98688 351874 86226 0 3 0x4000082 thrsleep syz-fuzzer
98688 461730 86226 0 3 0x4000082 thrsleep syz-fuzzer
98688 484094 86226 0 3 0x4000082 thrsleep syz-fuzzer
98688 45055 86226 0 3 0x4000082 thrsleep syz-fuzzer
98688 120042 86226 0 3 0x4000082 kqread syz-fuzzer
98688 295856 86226 0 3 0x4000082 thrsleep syz-fuzzer
86226 342911 83058 0 3 0x10008a sigsusp ksh
83058 101009 33710 0 2 0x9a sshd
62988 420929 1 0 3 0x100083 ttyin getty
33710 387601 1 0 3 0x88 kqread sshd
85255 422372 53909 73 3 0x1100090 kqread syslogd
53909 252153 1 0 3 0x100082 netio syslogd
32257 179184 1 0 3 0x100080 kqread resolvd
14473 66139 96004 77 3 0x100092 kqread dhcpleased
75987 327126 96004 77 3 0x100092 kqread dhcpleased
96004 92790 1 0 3 0x80 kqread dhcpleased
77521 88357 0 0 3 0x14200 bored smr
98611 117929 0 0 2 0x14200 zerothread
20929 357438 0 0 3 0x14200 aiodoned aiodoned
46190 160874 0 0 3 0x14200 syncer update
12886 317179 0 0 3 0x14200 cleaner cleaner
47011 10278 0 0 7 0x14200 reaper
37640 243547 0 0 3 0x14200 pgdaemon pagedaemon
47166 310788 0 0 3 0x14200 bored viomb
52553 208049 0 0 3 0x40014200 acpi0 acpi0
64176 290145 0 0 3 0x40014200 idle1
98800 494103 0 0 3 0x14200 bored softnet
50572 503176 0 0 3 0x14200 bored systqmp
95899 212864 0 0 3 0x14200 bored systq
61950 181710 0 0 3 0x40014200 bored softclock
52280 36054 0 0 3 0x40014200 idle0
1 501880 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &table->inpt_mtx r = 0 (0xffffffff829cb1d0)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 udp_input+0x7b0
#4 ip_deliver+0x322 sys/netinet/ip_input.c:657
#5 ip_ours+0x3ba sys/netinet/ip_input.c:616
#6 ip_input_if+0x2a1
#7 ipv4_input+0x48 sys/netinet/ip_input.c:242
#8 if_input_local+0x10e sys/net/if.c:774
#9 ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
#9 ip_output+0xb05 sys/netinet/ip_output.c:332
#10 udp_output+0x58d sys/netinet/udp_usrreq.c:1011
#11 sosend+0x632 sys/kern/uipc_socket.c:582
#12 dofilewritev+0x19c sys/kern/sys_generic.c:381
#13 sys_write+0x83 sys/kern/sys_generic.c:301
#14 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#14 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#15 Xsyscall+0x128
Process 37712 (syz-executor.3) thread 0xffff8000ffff6fd0 (122406)
exclusive rwlock netlock r = 0 (0xffffffff828ee470)
#0 witness_lock+0x44d
#1 solock+0x86 sys/kern/uipc_socket2.c:295
#2 sosend+0x517 sys/kern/uipc_socket.c:570
#3 dofilewritev+0x19c sys/kern/sys_generic.c:381
#4 sys_write+0x83 sys/kern/sys_generic.c:301
#5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#6 Xsyscall+0x128
exclusive mutex &table->inpt_mtx r = 0 (0xffffffff829cb1d0)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 udp_input+0x7b0
#4 ip_deliver+0x322 sys/netinet/ip_input.c:657
#5 ip_ours+0x3ba sys/netinet/ip_input.c:616
#6 ip_input_if+0x2a1
#7 ipv4_input+0x48 sys/netinet/ip_input.c:242
#8 if_input_local+0x10e sys/net/if.c:774
#9 ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
#9 ip_output+0xb05 sys/netinet/ip_output.c:332
#10 udp_output+0x58d sys/netinet/udp_usrreq.c:1011
#11 sosend+0x632 sys/kern/uipc_socket.c:582
#12 dofilewritev+0x19c sys/kern/sys_generic.c:381
#13 sys_write+0x83 sys/kern/sys_generic.c:301
#14 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#14 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#15 Xsyscall+0x128
Process 42382 (syz-executor.7) thread 0xffff8000fffee7e8 (12207)
exclusive rrwlock inode r = 0 (0xfffffd806e641b38)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vget+0x1d3 sys/kern/vfs_subr.c:677
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1318
#8 ufs_lookup+0x13ba sys/ufs/ufs/ufs_lookup.c:487
#9 VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x6e5 sys/kern/vfs_lookup.c:561
#11 namei+0x36a sys/kern/vfs_lookup.c:245
#12 dounlinkat+0x99 sys/kern/vfs_syscalls.c:1850
#13 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#13 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806e64ab40)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413
#6 namei+0x36a sys/kern/vfs_lookup.c:245
#7 dounlinkat+0x99 sys/kern/vfs_syscalls.c:1850
#8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10214 6413K 6419K 78643K 11459 0
pcb 13 12K 14K 78643K 17 0
rtable 270 7K 8K 78643K 5551 0
ifaddr 81 17K 17K 78643K 441 0
sysctl 3 1K 3K 78643K 134 0
counters 56 35K 35K 78643K 158 0
ioctlops 0 0K 2K 78643K 357 0
iov 0 0K 32K 78643K 6983 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1271 79K 79K 78643K 11427 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 13K 78643K 431 0
VM map 2 1K 1K 78643K 2 0
sem 10 1K 1K 78643K 23 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 20 73K 121K 78643K 46340 0
sigio 0 0K 0K 78643K 659 0
proc 56 74K 123K 78643K 5160 0
subproc 104 6K 6K 78643K 767 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 3497 0
in_multi 99 6K 7K 78643K 1146 0
ether_multi 1 0K 0K 78643K 185 0
mrt 3 0K 0K 78643K 6 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 301 1341K 1341K 78643K 301 0
exec 0 0K 2K 78643K 8623 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 477 101K 118K 78643K 598500 0
UVM aobj 131 4K 4K 78643K 131 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 1320 0
NDP 11 0K 2K 78643K 180 0
temp 125 4711K 4839K 78643K 113426 0
kqueue 13 20K 30K 78643K 4142 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 3644 0 3641 41 40 1 3 0 8 0
rtentry 112 747 0 621 4 0 4 4 0 8 0
unpcb 136 33465 0 33452 291 290 1 9 0 8 0
syncache 296 445 0 445 83 82 1 1 0 8 1
sackhl 24 2 0 2 2 2 0 1 0 8 0
tcpqe 32 396 0 396 49 49 0 1 0 8 0
tcpcb 736 18036 0 18022 539 537 2 20 0 8 0
arp 120 127 0 109 1 0 1 1 0 8 0
ipq 40 50 0 50 26 26 0 1 0 8 0
ipqe 40 530 0 530 26 26 0 1 0 8 0
inpcb 312 38408 0 38398 520 514 6 17 0 8 5
rttmr 72 13 0 13 3 3 0 1 0 8 0
ip6q 72 78 0 77 22 21 1 1 0 8 0
ip6af 40 150 0 149 22 21 1 1 0 8 0
nd6 48 244 0 204 1 0 1 1 0 8 0
kcovpl 48 59 0 51 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 3134 0 2513 46 5 41 41 0 8 0
art_table 32 3135 0 2513 6 0 6 6 0 8 0
art_node 16 746 0 630 1 0 1 1 0 8 0
sysvmsgpl 40 42 0 31 1 0 1 1 0 8 0
semupl 112 4 0 4 1 1 0 1 0 8 0
semapl 112 8 0 0 1 0 1 1 0 8 0
shmpl 112 128 0 0 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 68733 0 67251 94 0 94 94 0 8 0
ffsino 272 68733 0 67251 100 0 100 100 0 8 0
nchpl 144 141619 0 139987 63 1 62 63 0 8 0
uvmvnodes 80 6742 0 0 138 0 138 138 0 8 0
vnodes 224 6742 0 0 397 0 397 397 0 8 0
namei 1024 489910 0 489910 30 29 1 2 0 8 1
percpumem 16 91 0 51 1 0 1 1 0 8 0
scxspl 216 424044 0 424043 177 176 1 8 0 8 0
plimitpl 152 10756 0 10733 41 40 1 2 0 8 0
sigapl 424 46512 0 46464 7 1 6 7 0 8 0
futexpl 64 415529 0 415528 30 29 1 1 0 8 0
knotepl 120 3190 0 0 29 7 22 24 0 8 0
kqueuepl 216 15764 0 15755 268 267 1 8 0 8 0
pipepl 336 10809 0 10780 312 309 3 13 0 8 0
fdescpl 496 46497 0 46466 7 2 5 6 0 8 0
filepl 152 360624 0 360385 499 487 12 22 0 8 2
lockfpl 104 6340 0 6338 5 4 1 2 0 8 0
lockfspl 48 1980 0 1978 1 0 1 1 0 8 0
sessionpl 144 74 0 58 1 0 1 1 0 8 0
pgrppl 48 606 0 590 1 0 1 1 0 8 0
ucredpl 96 59143 0 59125 1 0 1 1 0 8 0
zombiepl 144 46466 0 46464 10 9 1 1 0 8 0
processpl 1064 46512 0 46464 5 1 4 4 0 8 0
procpl 672 137011 0 136949 74 67 7 8 0 8 1
sosppl 168 632 0 632 70 70 0 1 0 8 0
sockpl 480 76743 0 76714 1507 1494 13 34 0 8 8
mcl64k 65536 129 0 0 6 3 3 3 0 8 0
mcl16k 16384 65 0 0 6 3 3 3 0 8 0
mcl12k 12288 113 0 0 4 2 2 2 0 8 0
mcl9k 9216 73 0 0 3 1 2 2 0 8 0
mcl8k 8192 82 0 0 6 3 3 3 0 8 0
mcl4k 4096 113 0 0 6 3 3 3 0 8 0
mcl2k2 2112 26 0 0 2 0 2 2 0 8 0
mcl2k 2048 854 0 0 23 6 17 21 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 5990 0 0 234 3 231 231 0 8 0
bufpl 288 82795 0 76052 482 0 482 482 0 8 0
anonpl 24 13700669 0 13686168 453 336 117 144 0 186 0
amapchunkpl 152 1544076 0 1543327 568 533 35 49 0 158 0
amappl16 200 143105 0 142756 666 644 22 46 0 8 0
amappl15 192 11452 0 11445 1 0 1 1 0 8 0
amappl14 184 6094 0 6085 1 0 1 1 0 8 0
amappl13 176 2892 0 2888 1 0 1 1 0 8 0
amappl12 168 4234 0 4229 1 0 1 1 0 8 0
amappl11 160 2390 0 2378 1 0 1 1 0 8 0
amappl10 152 3827 0 3819 1 0 1 1 0 8 0
amappl9 144 12520 0 12517 1 0 1 1 0 8 0
amappl8 136 8065 0 7815 10 1 9 9 0 8 0
amappl7 128 4762 0 4748 1 0 1 1 0 8 0
amappl6 120 12423 0 12395 5 3 2 2 0 8 0
amappl5 112 48155 0 48132 1 0 1 1 0 8 0
amappl4 104 8117 0 8087 1 0 1 1 0 8 0
amappl3 96 9998 0 9981 1 0 1 1 0 8 0
amappl2 88 8072 0 8018 3 1 2 3 0 8 0
amappl1 80 836519 0 835913 26 11 15 18 0 8 0
amappl 88 595241 0 594982 8 0 8 8 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 130 0 0 3 0 3 3 0 8 0
uaddrrnd 24 46497 0 46465 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 46497 0 46465 1 0 1 1 0 8 0
vmmpekpl 168 374636 0 374582 3 0 3 3 0 8 0
vmmpepl 168 4263332 0 4260724 517 385 132 151 0 357 0
vmsppl 368 46496 0 46465 4 0 4 4 0 8 0
rwobjpl 56 1043110 0 1034762 159 40 119 120 0 8 0
pdppl 4096 93001 0 92930 1168 1087 81 93 0 8 10
pvpl 32 22573086 0 22553138 1361 1144 217 257 0 265 27
pmappl 248 46496 0 46465 4 1 3 3 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 3583 0 2504 33 1 32 32 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a183e) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82a73908,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd807d456358) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd807d456358) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd807d456240) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f676ea0,fffffd8067e85b00,fffffd806072f4b0,0,14,fffffd806072f4c4,c680a7f2d7c61057,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff800024676608,ffff800024676614,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff800024676608,ffff800024676614,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff800024676608,ffff800024676614,ffff80002488f000,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff800024676608,ffff800024676614,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd806072f400) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd806072f400,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd806112b600,0,fffffd806f676078,0,0,fffffd806f676000,5b96b22f53d8cb5b) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd806112b600,0,fffffd806f676078,0,0,fffffd806f676000,5b96b22f53d8cb5b) at ip_output+0xb05 sys/netinet/ip_output.c:332
udp_output(fffffd806f676000,fffffd806112b600,0,0) at udp_output+0x58d sys/netinet/udp_usrreq.c:1011
sosend(fffffd807d456600,0,ffff800024676a18,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582
dofilewritev(ffff8000ffff6fd0,4,ffff800024676a18,0,ffff800024676b10) at dofilewritev+0x19c sys/kern/sys_generic.c:381
sys_write(ffff8000ffff6fd0,ffff800024676ab8,ffff800024676b10) at sys_write+0x83 sys/kern/sys_generic.c:301
syscall(ffff800024676b80) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800024676b80) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x6becacc3700, count: -20
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f kd_curproc sys/dev/kcov.c:578 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f sys/dev/kcov.c:148
kputchar(66,14,0) at kputchar+0x3f sys/kern/subr_prf.c:358
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82607594) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff8258e8f2) at panic+0xd7 sys/kern/subr_prf.c:220
__assert(ffffffff82601511,ffffffff826271db,aae,ffffffff825bd978) at __assert+0x25 sys/kern/subr_prf.c:161
uvm_map_teardown(fffffd80670f3e78) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2736
uvmspace_free(fffffd80670f3e78) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
reaper(ffff8000210f97a0) at reaper+0x18b sys/kern/kern_exit.c:457
end trace frame: 0x0, count: 3
ddb{1}> trace
x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f kd_curproc sys/dev/kcov.c:578 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f sys/dev/kcov.c:148
kputchar(66,14,0) at kputchar+0x3f sys/kern/subr_prf.c:358
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82607594) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff8258e8f2) at panic+0xd7 sys/kern/subr_prf.c:220
__assert(ffffffff82601511,ffffffff826271db,aae,ffffffff825bd978) at __assert+0x25 sys/kern/subr_prf.c:161
uvm_map_teardown(fffffd80670f3e78) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2736
uvmspace_free(fffffd80670f3e78) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
reaper(ffff8000210f97a0) at reaper+0x18b sys/kern/kern_exit.c:457
end trace frame: 0x0, count: -12
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 6be6ed882de0 Reduce dmesg spam by nor printing the "Apple"..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=158851db700000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=88122ab53703ea068397
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+88122a...@syzkaller.appspotmail.com
panic: apcaqnuiic:ri nkg ebrloncekla b l e sl ee p l o c k w i t h s p i n l oc k o r cr i ti c a l s ec t i on h el d ( k e r n e dl_ilagoncok)s t ic a s se r t i on " ! _k e r n e l_ l o c k &_kheelrdn(e)l_"flaoilcked
: Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*122406 37712 32767 0x10 0x4000000 0 syz-executor.3
10278 47011 0 0x14000 0x200 1 reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a183e) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82a73908,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd807d456358) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd807d456358) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd807d456240) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f676ea0,fffffd8067e85b00,fffffd806072f4b0,0,14,fffffd806072f4c4,c680a7f2d7c61057,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff800024676608,ffff800024676614,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff800024676608,ffff800024676614,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff800024676608,ffff800024676614,ffff80002488f000,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff800024676608,ffff800024676614,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd806072f400) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd806072f400,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd806112b600,0,fffffd806f676078,0,0,fffffd806f676000,5b96b22f53d8cb5b) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd806112b600,0,fffffd806f676078,0,0,fffffd806f676000,5b96b22f53d8cb5b) at ip_output+0xb05 sys/netinet/ip_output.c:332
end trace frame: 0xffff800024676880, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock
cpu1: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_map.c", line 2734
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a183e) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82a73908,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd807d456358) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd807d456358) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd807d456240) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f676ea0,fffffd8067e85b00,fffffd806072f4b0,0,14,fffffd806072f4c4,c680a7f2d7c61057,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff800024676608,ffff800024676614,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff800024676608,ffff800024676614,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff800024676608,ffff800024676614,ffff80002488f000,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff800024676608,ffff800024676614,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd806072f400) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd806072f400,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd806112b600,0,fffffd806f676078,0,0,fffffd806f676000,5b96b22f53d8cb5b) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd806112b600,0,fffffd806f676078,0,0,fffffd806f676000,5b96b22f53d8cb5b) at ip_output+0xb05 sys/netinet/ip_output.c:332
udp_output(fffffd806f676000,fffffd806112b600,0,0) at udp_output+0x58d sys/netinet/udp_usrreq.c:1011
sosend(fffffd807d456600,0,ffff800024676a18,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582
dofilewritev(ffff8000ffff6fd0,4,ffff800024676a18,0,ffff800024676b10) at dofilewritev+0x19c sys/kern/sys_generic.c:381
sys_write(ffff8000ffff6fd0,ffff800024676ab8,ffff800024676b10) at sys_write+0x83 sys/kern/sys_generic.c:301
syscall(ffff800024676b80) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800024676b80) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x6becacc3700, count: -20
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800024676040
rbx 0xffffffff828f2bff cpu_info_full_primary+0x2bff
rdx 0xffff800000bca680
rcx 0
rax 0xffff8000ffff6fd0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xe73eea002c5ec715
r11 0x3ba0d3c12d1f8d1f
r12 0xffffffff828f2a00 cpu_info_full_primary+0x2a00
r13 0
r14 0
r15 0x1
rip 0xffffffff819ed3a8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800024676030
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.3) pid=122406 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800027abfce8,0xffffffff82b20cb0
process=0xffff8000ffff2580 user=0xffff800024671000, vmspace=0xfffffd80670f3468
estcpu=36, cpticks=3, pctcpu=0.0
user=0, sys=2, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
37712 209145 14206 32767 2 0x10 syz-executor.3
*37712 122406 14206 32767 7 0x4000010 syz-executor.3
53060 110206 47946 32767 3 0x90 nanoslp syz-executor.6
53060 308974 47946 32767 3 0x4000090 piperd syz-executor.6
53060 297010 47946 32767 3 0x4000090 fsleep syz-executor.6
42382 12207 87219 32767 3 0x10 biowait syz-executor.7
87219 65773 98688 0 3 0x82 wait syz-executor.7
53025 153245 68159 32767 3 0x90 piperd syz-executor.1
68159 248262 98688 0 3 0x82 wait syz-executor.1
47946 171616 3513 32767 3 0x90 nanoslp syz-executor.6
3513 95975 98688 0 3 0x82 wait syz-executor.6
81352 335762 14668 32767 3 0x90 nanoslp syz-executor.0
14668 130137 98688 0 3 0x82 wait syz-executor.0
38843 137636 54018 32767 3 0x90 piperd syz-executor.5
54018 347426 98688 0 3 0x82 wait syz-executor.5
21351 36931 47317 32767 3 0x90 piperd syz-executor.2
47317 507931 98688 0 3 0x82 wait syz-executor.2
14206 521452 6797 32767 2 0x490 syz-executor.3
6797 351181 98688 0 3 0x82 wait syz-executor.3
30767 137601 87025 32767 3 0x90 nanoslp syz-executor.4
87025 313392 98688 0 3 0x82 wait syz-executor.4
50944 110158 0 0 3 0x14200 bored sosplice
98688 107397 86226 0 3 0x82 thrsleep syz-fuzzer
98688 521657 86226 0 3 0x4000082 nanoslp syz-fuzzer
98688 302593 86226 0 2 0x4000082 syz-fuzzer
98688 351874 86226 0 3 0x4000082 thrsleep syz-fuzzer
98688 461730 86226 0 3 0x4000082 thrsleep syz-fuzzer
98688 484094 86226 0 3 0x4000082 thrsleep syz-fuzzer
98688 45055 86226 0 3 0x4000082 thrsleep syz-fuzzer
98688 120042 86226 0 3 0x4000082 kqread syz-fuzzer
98688 295856 86226 0 3 0x4000082 thrsleep syz-fuzzer
86226 342911 83058 0 3 0x10008a sigsusp ksh
83058 101009 33710 0 2 0x9a sshd
62988 420929 1 0 3 0x100083 ttyin getty
33710 387601 1 0 3 0x88 kqread sshd
85255 422372 53909 73 3 0x1100090 kqread syslogd
53909 252153 1 0 3 0x100082 netio syslogd
32257 179184 1 0 3 0x100080 kqread resolvd
14473 66139 96004 77 3 0x100092 kqread dhcpleased
75987 327126 96004 77 3 0x100092 kqread dhcpleased
96004 92790 1 0 3 0x80 kqread dhcpleased
77521 88357 0 0 3 0x14200 bored smr
98611 117929 0 0 2 0x14200 zerothread
20929 357438 0 0 3 0x14200 aiodoned aiodoned
46190 160874 0 0 3 0x14200 syncer update
12886 317179 0 0 3 0x14200 cleaner cleaner
47011 10278 0 0 7 0x14200 reaper
37640 243547 0 0 3 0x14200 pgdaemon pagedaemon
47166 310788 0 0 3 0x14200 bored viomb
52553 208049 0 0 3 0x40014200 acpi0 acpi0
64176 290145 0 0 3 0x40014200 idle1
98800 494103 0 0 3 0x14200 bored softnet
50572 503176 0 0 3 0x14200 bored systqmp
95899 212864 0 0 3 0x14200 bored systq
61950 181710 0 0 3 0x40014200 bored softclock
52280 36054 0 0 3 0x40014200 idle0
1 501880 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &table->inpt_mtx r = 0 (0xffffffff829cb1d0)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 udp_input+0x7b0
#4 ip_deliver+0x322 sys/netinet/ip_input.c:657
#5 ip_ours+0x3ba sys/netinet/ip_input.c:616
#6 ip_input_if+0x2a1
#7 ipv4_input+0x48 sys/netinet/ip_input.c:242
#8 if_input_local+0x10e sys/net/if.c:774
#9 ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
#9 ip_output+0xb05 sys/netinet/ip_output.c:332
#10 udp_output+0x58d sys/netinet/udp_usrreq.c:1011
#11 sosend+0x632 sys/kern/uipc_socket.c:582
#12 dofilewritev+0x19c sys/kern/sys_generic.c:381
#13 sys_write+0x83 sys/kern/sys_generic.c:301
#14 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#14 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#15 Xsyscall+0x128
Process 37712 (syz-executor.3) thread 0xffff8000ffff6fd0 (122406)
exclusive rwlock netlock r = 0 (0xffffffff828ee470)
#0 witness_lock+0x44d
#1 solock+0x86 sys/kern/uipc_socket2.c:295
#2 sosend+0x517 sys/kern/uipc_socket.c:570
#3 dofilewritev+0x19c sys/kern/sys_generic.c:381
#4 sys_write+0x83 sys/kern/sys_generic.c:301
#5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#6 Xsyscall+0x128
exclusive mutex &table->inpt_mtx r = 0 (0xffffffff829cb1d0)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 udp_input+0x7b0
#4 ip_deliver+0x322 sys/netinet/ip_input.c:657
#5 ip_ours+0x3ba sys/netinet/ip_input.c:616
#6 ip_input_if+0x2a1
#7 ipv4_input+0x48 sys/netinet/ip_input.c:242
#8 if_input_local+0x10e sys/net/if.c:774
#9 ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
#9 ip_output+0xb05 sys/netinet/ip_output.c:332
#10 udp_output+0x58d sys/netinet/udp_usrreq.c:1011
#11 sosend+0x632 sys/kern/uipc_socket.c:582
#12 dofilewritev+0x19c sys/kern/sys_generic.c:381
#13 sys_write+0x83 sys/kern/sys_generic.c:301
#14 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#14 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#15 Xsyscall+0x128
Process 42382 (syz-executor.7) thread 0xffff8000fffee7e8 (12207)
exclusive rrwlock inode r = 0 (0xfffffd806e641b38)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vget+0x1d3 sys/kern/vfs_subr.c:677
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1318
#8 ufs_lookup+0x13ba sys/ufs/ufs/ufs_lookup.c:487
#9 VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x6e5 sys/kern/vfs_lookup.c:561
#11 namei+0x36a sys/kern/vfs_lookup.c:245
#12 dounlinkat+0x99 sys/kern/vfs_syscalls.c:1850
#13 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#13 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806e64ab40)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413
#6 namei+0x36a sys/kern/vfs_lookup.c:245
#7 dounlinkat+0x99 sys/kern/vfs_syscalls.c:1850
#8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10214 6413K 6419K 78643K 11459 0
pcb 13 12K 14K 78643K 17 0
rtable 270 7K 8K 78643K 5551 0
ifaddr 81 17K 17K 78643K 441 0
sysctl 3 1K 3K 78643K 134 0
counters 56 35K 35K 78643K 158 0
ioctlops 0 0K 2K 78643K 357 0
iov 0 0K 32K 78643K 6983 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1271 79K 79K 78643K 11427 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 13K 78643K 431 0
VM map 2 1K 1K 78643K 2 0
sem 10 1K 1K 78643K 23 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 20 73K 121K 78643K 46340 0
sigio 0 0K 0K 78643K 659 0
proc 56 74K 123K 78643K 5160 0
subproc 104 6K 6K 78643K 767 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 3497 0
in_multi 99 6K 7K 78643K 1146 0
ether_multi 1 0K 0K 78643K 185 0
mrt 3 0K 0K 78643K 6 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 301 1341K 1341K 78643K 301 0
exec 0 0K 2K 78643K 8623 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 477 101K 118K 78643K 598500 0
UVM aobj 131 4K 4K 78643K 131 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 1320 0
NDP 11 0K 2K 78643K 180 0
temp 125 4711K 4839K 78643K 113426 0
kqueue 13 20K 30K 78643K 4142 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 3644 0 3641 41 40 1 3 0 8 0
rtentry 112 747 0 621 4 0 4 4 0 8 0
unpcb 136 33465 0 33452 291 290 1 9 0 8 0
syncache 296 445 0 445 83 82 1 1 0 8 1
sackhl 24 2 0 2 2 2 0 1 0 8 0
tcpqe 32 396 0 396 49 49 0 1 0 8 0
tcpcb 736 18036 0 18022 539 537 2 20 0 8 0
arp 120 127 0 109 1 0 1 1 0 8 0
ipq 40 50 0 50 26 26 0 1 0 8 0
ipqe 40 530 0 530 26 26 0 1 0 8 0
inpcb 312 38408 0 38398 520 514 6 17 0 8 5
rttmr 72 13 0 13 3 3 0 1 0 8 0
ip6q 72 78 0 77 22 21 1 1 0 8 0
ip6af 40 150 0 149 22 21 1 1 0 8 0
nd6 48 244 0 204 1 0 1 1 0 8 0
kcovpl 48 59 0 51 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 3134 0 2513 46 5 41 41 0 8 0
art_table 32 3135 0 2513 6 0 6 6 0 8 0
art_node 16 746 0 630 1 0 1 1 0 8 0
sysvmsgpl 40 42 0 31 1 0 1 1 0 8 0
semupl 112 4 0 4 1 1 0 1 0 8 0
semapl 112 8 0 0 1 0 1 1 0 8 0
shmpl 112 128 0 0 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 68733 0 67251 94 0 94 94 0 8 0
ffsino 272 68733 0 67251 100 0 100 100 0 8 0
nchpl 144 141619 0 139987 63 1 62 63 0 8 0
uvmvnodes 80 6742 0 0 138 0 138 138 0 8 0
vnodes 224 6742 0 0 397 0 397 397 0 8 0
namei 1024 489910 0 489910 30 29 1 2 0 8 1
percpumem 16 91 0 51 1 0 1 1 0 8 0
scxspl 216 424044 0 424043 177 176 1 8 0 8 0
plimitpl 152 10756 0 10733 41 40 1 2 0 8 0
sigapl 424 46512 0 46464 7 1 6 7 0 8 0
futexpl 64 415529 0 415528 30 29 1 1 0 8 0
knotepl 120 3190 0 0 29 7 22 24 0 8 0
kqueuepl 216 15764 0 15755 268 267 1 8 0 8 0
pipepl 336 10809 0 10780 312 309 3 13 0 8 0
fdescpl 496 46497 0 46466 7 2 5 6 0 8 0
filepl 152 360624 0 360385 499 487 12 22 0 8 2
lockfpl 104 6340 0 6338 5 4 1 2 0 8 0
lockfspl 48 1980 0 1978 1 0 1 1 0 8 0
sessionpl 144 74 0 58 1 0 1 1 0 8 0
pgrppl 48 606 0 590 1 0 1 1 0 8 0
ucredpl 96 59143 0 59125 1 0 1 1 0 8 0
zombiepl 144 46466 0 46464 10 9 1 1 0 8 0
processpl 1064 46512 0 46464 5 1 4 4 0 8 0
procpl 672 137011 0 136949 74 67 7 8 0 8 1
sosppl 168 632 0 632 70 70 0 1 0 8 0
sockpl 480 76743 0 76714 1507 1494 13 34 0 8 8
mcl64k 65536 129 0 0 6 3 3 3 0 8 0
mcl16k 16384 65 0 0 6 3 3 3 0 8 0
mcl12k 12288 113 0 0 4 2 2 2 0 8 0
mcl9k 9216 73 0 0 3 1 2 2 0 8 0
mcl8k 8192 82 0 0 6 3 3 3 0 8 0
mcl4k 4096 113 0 0 6 3 3 3 0 8 0
mcl2k2 2112 26 0 0 2 0 2 2 0 8 0
mcl2k 2048 854 0 0 23 6 17 21 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 5990 0 0 234 3 231 231 0 8 0
bufpl 288 82795 0 76052 482 0 482 482 0 8 0
anonpl 24 13700669 0 13686168 453 336 117 144 0 186 0
amapchunkpl 152 1544076 0 1543327 568 533 35 49 0 158 0
amappl16 200 143105 0 142756 666 644 22 46 0 8 0
amappl15 192 11452 0 11445 1 0 1 1 0 8 0
amappl14 184 6094 0 6085 1 0 1 1 0 8 0
amappl13 176 2892 0 2888 1 0 1 1 0 8 0
amappl12 168 4234 0 4229 1 0 1 1 0 8 0
amappl11 160 2390 0 2378 1 0 1 1 0 8 0
amappl10 152 3827 0 3819 1 0 1 1 0 8 0
amappl9 144 12520 0 12517 1 0 1 1 0 8 0
amappl8 136 8065 0 7815 10 1 9 9 0 8 0
amappl7 128 4762 0 4748 1 0 1 1 0 8 0
amappl6 120 12423 0 12395 5 3 2 2 0 8 0
amappl5 112 48155 0 48132 1 0 1 1 0 8 0
amappl4 104 8117 0 8087 1 0 1 1 0 8 0
amappl3 96 9998 0 9981 1 0 1 1 0 8 0
amappl2 88 8072 0 8018 3 1 2 3 0 8 0
amappl1 80 836519 0 835913 26 11 15 18 0 8 0
amappl 88 595241 0 594982 8 0 8 8 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 130 0 0 3 0 3 3 0 8 0
uaddrrnd 24 46497 0 46465 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 46497 0 46465 1 0 1 1 0 8 0
vmmpekpl 168 374636 0 374582 3 0 3 3 0 8 0
vmmpepl 168 4263332 0 4260724 517 385 132 151 0 357 0
vmsppl 368 46496 0 46465 4 0 4 4 0 8 0
rwobjpl 56 1043110 0 1034762 159 40 119 120 0 8 0
pdppl 4096 93001 0 92930 1168 1087 81 93 0 8 10
pvpl 32 22573086 0 22553138 1361 1144 217 257 0 265 27
pmappl 248 46496 0 46465 4 1 3 3 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 3583 0 2504 33 1 32 32 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a183e) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff82a73908,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd807d456358) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd807d456358) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd807d456240) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd806f676ea0,fffffd8067e85b00,fffffd806072f4b0,0,14,fffffd806072f4c4,c680a7f2d7c61057,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff800024676608,ffff800024676614,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff800024676608,ffff800024676614,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff800024676608,ffff800024676614,ffff80002488f000,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff800024676608,ffff800024676614,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd806072f400) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd806072f400,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd806112b600,0,fffffd806f676078,0,0,fffffd806f676000,5b96b22f53d8cb5b) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd806112b600,0,fffffd806f676078,0,0,fffffd806f676000,5b96b22f53d8cb5b) at ip_output+0xb05 sys/netinet/ip_output.c:332
udp_output(fffffd806f676000,fffffd806112b600,0,0) at udp_output+0x58d sys/netinet/udp_usrreq.c:1011
sosend(fffffd807d456600,0,ffff800024676a18,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582
dofilewritev(ffff8000ffff6fd0,4,ffff800024676a18,0,ffff800024676b10) at dofilewritev+0x19c sys/kern/sys_generic.c:381
sys_write(ffff8000ffff6fd0,ffff800024676ab8,ffff800024676b10) at sys_write+0x83 sys/kern/sys_generic.c:301
syscall(ffff800024676b80) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800024676b80) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x6becacc3700, count: -20
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f kd_curproc sys/dev/kcov.c:578 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f sys/dev/kcov.c:148
kputchar(66,14,0) at kputchar+0x3f sys/kern/subr_prf.c:358
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82607594) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff8258e8f2) at panic+0xd7 sys/kern/subr_prf.c:220
__assert(ffffffff82601511,ffffffff826271db,aae,ffffffff825bd978) at __assert+0x25 sys/kern/subr_prf.c:161
uvm_map_teardown(fffffd80670f3e78) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2736
uvmspace_free(fffffd80670f3e78) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
reaper(ffff8000210f97a0) at reaper+0x18b sys/kern/kern_exit.c:457
end trace frame: 0x0, count: 3
ddb{1}> trace
x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f kd_curproc sys/dev/kcov.c:578 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2f sys/dev/kcov.c:148
kputchar(66,14,0) at kputchar+0x3f sys/kern/subr_prf.c:358
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82607594) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff8258e8f2) at panic+0xd7 sys/kern/subr_prf.c:220
__assert(ffffffff82601511,ffffffff826271db,aae,ffffffff825bd978) at __assert+0x25 sys/kern/subr_prf.c:161
uvm_map_teardown(fffffd80670f3e78) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2736
uvmspace_free(fffffd80670f3e78) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
reaper(ffff8000210f97a0) at reaper+0x18b sys/kern/kern_exit.c:457
end trace frame: 0x0, count: -12
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Anton Lindqvist
Mar 22, 2022, 7:48:45 AM3/22/22
to syzbot, syzkaller-o...@googlegroups.com
#syz invalid
Dmitry Vyukov
Mar 22, 2022, 8:04:34 AM3/22/22
to syzbot, syzkaller-o...@googlegroups.com, syzkaller, Greg Steuck
On Tue, 22 Mar 2022 at 12:48, Anton Lindqvist <an...@basename.se> wrote:
>
> #syz invalid
FWIW Linux also had lots of these.
But over time we were fixing prink atomicity, fixing some printk
statements so a single line is not split across multiple statements,
added ability to attribute each line to thread/cpu. Now there are
almost none of these.
FWIW there is also an ability to mark reports as "corrupted" then they
won't be reported as separate bugs. However I am not sure how to do
that so such reports... maybe too many "single character separated by
spaces".
>
> #syz invalid
FWIW Linux also had lots of these.
But over time we were fixing prink atomicity, fixing some printk
statements so a single line is not split across multiple statements,
added ability to attribute each line to thread/cpu. Now there are
almost none of these.
FWIW there is also an ability to mark reports as "corrupted" then they
won't be reported as separate bugs. However I am not sure how to do
that so such reports... maybe too many "single character separated by
spaces".
Reply all
Reply to author
Forward
0 new messages