uvm_fault: witness_checkorder (3)
0 views
Skip to first unread message
syzbot
Jan 1, 2023, 10:10:41 PM1/1/23
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 86a45bbd35a5 timeout.9: document new interfaces, miscellan..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1574260c480000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=f26faa051726a8fed517
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9f8855afbd94/disk-86a45bbd.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/d9d2b229fd1e/bsd-86a45bbd.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/8ce6f80b244b/kernel-86a45bbd.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f26faa...@syzkaller.appspotmail.com
uvm_fault(0xfffffd806edffe68, 0x400000008, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at witness_checkorder+0x1ef: movl 0x8(%r14),%ebx
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*138899 86292 0 0x2 0x1 0K syz-executor.4
424382 4871 0 0x14000 0x200 1 reaper
witness_checkorder(fffffd806f03b208,9,0) at witness_checkorder+0x1ef sys/kern/subr_witness.c:789
rw_enter(fffffd806f03b1f8,1) at rw_enter+0xd1 sys/kern/kern_rwlock.c:250
rwsleep(fffffd806f03b338,fffffd806f03b1f8,118,ffffffff8261e0cc,0) at rwsleep+0x100 sys/kern/kern_synch.c:314
sosend(fffffd806f03b1f0,0,ffff8000261afd28,0,0,0) at sosend+0x7a8 sys/kern/uipc_socket.c:615
fifo_write(ffff8000261afc70) at fifo_write+0x7c sys/miscfs/fifofs/fifo_vnops.c:281
VOP_WRITE(fffffd8067ff26c8,ffff8000261afd28,3,fffffd807f7d76e8) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245
ktrwriteraw(ffff8000ffff4a88,fffffd8067ff26c8,fffffd807f7d76e8,ffff8000261afe08,ffff8000261afdd0) at ktrwriteraw+0x15f sys/kern/kern_ktrace.c:660
ktrsysret(ffff8000ffff4a88,b,0,ffff8000261aff00) at ktrsysret+0x18c ktrwrite2 sys/kern/kern_ktrace.c:625 [inline]
ktrsysret(ffff8000ffff4a88,b,0,ffff8000261aff00) at ktrsysret+0x18c sys/kern/kern_ktrace.c:207
syscall(ffff8000261aff80) at syscall+0x5d0 mi_syscall_return sys/sys/syscall_mi.h:131 [inline]
syscall(ffff8000261aff80) at syscall+0x5d0 sys/arch/amd64/amd64/trap.c:620
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff0f20, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: uvm_fault(0xfffffd806edffe68, 0x400000008, 0, 1) -> e
ddb{0}> trace
witness_checkorder(fffffd806f03b208,9,0) at witness_checkorder+0x1ef sys/kern/subr_witness.c:789
rw_enter(fffffd806f03b1f8,1) at rw_enter+0xd1 sys/kern/kern_rwlock.c:250
rwsleep(fffffd806f03b338,fffffd806f03b1f8,118,ffffffff8261e0cc,0) at rwsleep+0x100 sys/kern/kern_synch.c:314
sosend(fffffd806f03b1f0,0,ffff8000261afd28,0,0,0) at sosend+0x7a8 sys/kern/uipc_socket.c:615
fifo_write(ffff8000261afc70) at fifo_write+0x7c sys/miscfs/fifofs/fifo_vnops.c:281
VOP_WRITE(fffffd8067ff26c8,ffff8000261afd28,3,fffffd807f7d76e8) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245
ktrwriteraw(ffff8000ffff4a88,fffffd8067ff26c8,fffffd807f7d76e8,ffff8000261afe08,ffff8000261afdd0) at ktrwriteraw+0x15f sys/kern/kern_ktrace.c:660
ktrsysret(ffff8000ffff4a88,b,0,ffff8000261aff00) at ktrsysret+0x18c ktrwrite2 sys/kern/kern_ktrace.c:625 [inline]
ktrsysret(ffff8000ffff4a88,b,0,ffff8000261aff00) at ktrsysret+0x18c sys/kern/kern_ktrace.c:207
syscall(ffff8000261aff80) at syscall+0x5d0 mi_syscall_return sys/sys/syscall_mi.h:131 [inline]
syscall(ffff8000261aff80) at syscall+0x5d0 sys/arch/amd64/amd64/trap.c:620
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff0f20, count: -10
ddb{0}> show registers
rdi 0
rsi 0x20000 acpi_pdirpa+0xbe63
rbp 0xffff8000261af9e0
rbx 0xe
rdx 0
rcx 0
rax 0xffffffff82924ff0 cpu_info_full_primary+0x1ff0
r8 0x44b82fa09b5a53
r9 0
r10 0x64a2e29be9d804ab
r11 0xe6daf9e8d016d624
r12 0
r13 0xfffffd806f03b208
r14 0x400000000
r15 0xffff8000ffff4a88
rip 0xffffffff824ab3ef witness_checkorder+0x1ef
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff8000261af930
ss 0x10
witness_checkorder+0x1ef: movl 0x8(%r14),%ebx
ddb{0}> show proc
PROC (syz-executor.4) pid=138899 stat=onproc
flags process=2<EXEC> proc=1<INKTR>
pri=24, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff4548,0xffff8000212f4d40
process=0xffff80002129b250 user=0xffff8000261ab000, vmspace=0xfffffd806edffe68
estcpu=36, cpticks=3, pctcpu=0.3
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
10690 36234 69455 0 3 0x80 nanoslp syz-executor.5
10690 457008 69455 0 3 0x4000080 fsleep syz-executor.5
10690 205424 69455 0 3 0x4000080 fsleep syz-executor.5
10690 243969 69455 0 2 0x4000000 syz-executor.5
85799 326575 31769 0 2 0x81000 syz-executor.7
85799 196803 31769 0 2 0x4081000 syz-executor.7
85799 300989 31769 0 2 0x4081000 syz-executor.7
85799 468556 31769 0 3 0x4003000 suspend syz-executor.7
85799 227922 31769 0 2 0x4081000 syz-executor.7
11069 191050 66995 0 2 0x4081000 syz-executor.6
11069 118833 66995 0 3 0x4003000 suspend syz-executor.6
47578 142373 4780 0 2 0 syz-executor.3
47578 293191 4780 0 2 0x4000081 syz-executor.3
7004 342498 15259 0 2 0 syz-executor.1
7004 281162 15259 0 2 0x4000000 syz-executor.1
66995 208643 32458 0 2 0x83 syz-executor.6
98833 344436 1 0 3 0x100083 ttyin getty
69455 228477 32458 0 2 0x83 syz-executor.5
31769 165426 32458 0 2 0x482 syz-executor.7
4780 428144 32458 0 2 0x83 syz-executor.3
55766 515853 32458 0 2 0x482 syz-executor.0
56178 152593 32458 0 2 0x83 syz-executor.2
15259 20879 32458 0 2 0x482 syz-executor.1
98028 154300 0 0 3 0x14280 nfsidl nfsio
53617 142906 0 0 3 0x14280 nfsidl nfsio
30243 393796 0 0 3 0x14280 nfsidl nfsio
53571 75502 0 0 3 0x14280 nfsidl nfsio
72914 154707 0 0 3 0x14280 nfsidl nfsio
68835 134462 0 0 3 0x14280 nfsidl nfsio
10144 159505 0 0 3 0x14280 nfsidl nfsio
32134 262194 0 0 3 0x14280 nfsidl nfsio
32419 14558 0 0 3 0x14280 nfsidl nfsio
55450 164547 0 0 3 0x14280 nfsidl nfsio
70756 180018 0 0 3 0x14280 nfsidl nfsio
4082 64026 0 0 3 0x14280 nfsidl nfsio
2721 350053 0 0 3 0x14280 nfsidl nfsio
57836 459439 0 0 3 0x14280 nfsidl nfsio
65167 240072 0 0 3 0x14280 nfsidl nfsio
34963 160761 0 0 3 0x14280 nfsidl nfsio
89844 460252 0 0 3 0x14280 nfsidl nfsio
72539 227639 0 0 3 0x14280 nfsidl nfsio
34220 430239 0 0 3 0x14280 nfsidl nfsio
64525 279279 0 0 3 0x14280 nfsidl nfsio
12828 87818 0 0 3 0x14200 acct acct
83876 162266 0 0 3 0x14200 bored sosplice
*86292 138899 32458 0 7 0x3 syz-executor.4
32458 477231 64481 0 3 0x82 thrsleep syz-fuzzer
32458 314801 64481 0 3 0x4000082 thrsleep syz-fuzzer
32458 230819 64481 0 3 0x4000082 wait syz-fuzzer
32458 86061 64481 0 3 0x4000082 thrsleep syz-fuzzer
32458 235602 64481 0 3 0x4000082 thrsleep syz-fuzzer
32458 299517 64481 0 3 0x4000082 wait syz-fuzzer
32458 170184 64481 0 3 0x4000082 thrsleep syz-fuzzer
32458 320017 64481 0 3 0x4000082 wait syz-fuzzer
32458 14524 64481 0 3 0x4000082 thrsleep syz-fuzzer
32458 231829 64481 0 3 0x4000082 thrsleep syz-fuzzer
32458 501996 64481 0 3 0x4000082 wait syz-fuzzer
32458 111873 64481 0 3 0x4000082 wait syz-fuzzer
32458 435974 64481 0 3 0x4000082 wait syz-fuzzer
32458 240634 64481 0 3 0x4000082 wait syz-fuzzer
32458 333581 64481 0 3 0x4000082 wait syz-fuzzer
32458 487070 64481 0 3 0x4000082 kqread syz-fuzzer
64481 423317 31959 0 3 0x10008a sigsusp ksh
31959 280331 4761 0 3 0x9a kqread sshd
4761 185691 1 0 3 0x88 kqread sshd
18146 270041 87306 74 3 0x1100092 bpf pflogd
87306 92786 1 0 3 0x80 netio pflogd
99955 335465 15408 73 3 0x1100090 kqread syslogd
15408 154083 1 0 3 0x100082 netio syslogd
84389 11511 1 0 3 0x100080 kqread resolvd
59982 291242 0 0 3 0x14200 bored smr
33443 179480 0 0 2 0x14200 zerothread
25954 368547 0 0 3 0x14200 aiodoned aiodoned
75577 350255 0 0 3 0x14200 syncer update
41488 482931 0 0 3 0x14200 cleaner cleaner
4871 424382 0 0 7 0x14200 reaper
1698 44069 0 0 3 0x14200 pgdaemon pagedaemon
46361 389845 0 0 3 0x14200 bored viomb
88373 315329 0 0 3 0x40014200 acpi0 acpi0
97030 266625 0 0 3 0x40014200 idle1
44836 15861 0 0 3 0x14200 bored softnet
41442 491685 0 0 3 0x14200 bored softnet
66552 310158 0 0 3 0x14200 bored softnet
71384 76978 0 0 3 0x14200 bored softnet
15476 287921 0 0 3 0x14200 bored systqmp
40151 350838 0 0 3 0x14200 bored systq
62550 309403 0 0 3 0x40014200 bored softclock
8424 80430 0 0 3 0x40014200 idle0
1 88959 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 86292 (syz-executor.4) thread 0xffff8000ffff4a88 (138899)
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82aaf200)
#0 witness_lock+0x44d
#1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
#2 mi_switch+0x3bb sys/kern/sched_bsd.c:415
#3 sleep_finish+0x180 sys/kern/kern_synch.c:417
#4 rwsleep+0xd5 sys/kern/kern_synch.c:311
#5 sosend+0x7a8 sys/kern/uipc_socket.c:615
#6 fifo_write+0x7c sys/miscfs/fifofs/fifo_vnops.c:281
#7 VOP_WRITE+0xbf sys/kern/vfs_vops.c:245
#8 ktrwriteraw+0x15f sys/kern/kern_ktrace.c:660
#9 ktrsysret+0x18c ktrwrite2 sys/kern/kern_ktrace.c:625 [inline]
#9 ktrsysret+0x18c sys/kern/kern_ktrace.c:207
#10 syscall+0x5d0 mi_syscall_return sys/sys/syscall_mi.h:131 [inline]
#10 syscall+0x5d0 sys/arch/amd64/amd64/trap.c:620
#11 Xsyscall+0x128
Process 4871 (reaper) thread 0xffff8000212337a8 (424382)
uvm_fault(0xfffffd806edffe68, 0x400000000, 0, 1) -> e
kernel: page fault trap, code=0
Faulted in DDB; continuing...
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10215 6482K 6956K 78643K 15000 0
pcb 13 13K 15K 78643K 791 0
rtable 228 16K 19K 78643K 911 0
ifaddr 85 19K 21K 78643K 312 0
sysctl 3 1K 1K 78643K 3 0
counters 58 35K 36K 78643K 192 0
ioctlops 0 0K 4K 78643K 1915 0
iov 0 0K 24K 78643K 445 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1502 94K 94K 78643K 3531 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 44 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 423 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 15 53K 81K 78643K 3823 0
sigio 0 0K 0K 78643K 262 0
proc 64 67K 140K 78643K 965 0
subproc 104 6K 6K 78643K 230 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 264 0
in_multi 88 5K 7K 78643K 337 0
ether_multi 1 0K 0K 78643K 26 0
mrt 1 0K 0K 78643K 16 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 157 705K 705K 78643K 157 0
exec 0 0K 1K 78643K 827 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 336 84K 96K 78643K 28385 0
UVM aobj 131 4K 4K 78643K 131 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 107 0
NDP 14 0K 1K 78643K 104 0
temp 137 4694K 5718K 78643K 20760 0
kqueue 7 12K 26K 78643K 280 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 273 0 272 5 4 1 3 0 8 0
rtentry 112 278 0 179 4 0 4 4 0 8 0
unpcb 144 4274 0 4264 49 43 6 8 0 8 5
syncache 296 36 0 36 10 9 1 1 0 8 1
tcpqe 32 132 0 132 6 5 1 1 0 8 1
tcpcb 776 1305 0 1299 50 42 8 11 0 8 7
arp 120 42 0 26 1 0 1 1 0 8 0
inpcb 368 3651 0 3645 64 55 9 13 0 8 8
nd6 48 65 0 44 1 0 1 1 0 8 0
pkpcb 40 77 0 77 3 2 1 1 0 8 1
kcovpl 48 17 0 9 1 0 1 1 0 8 0
mppekey 1024 3 0 3 2 2 0 1 0 8 0
ppxss 1256 38 0 38 8 7 1 1 0 8 1
pppxif 1448 16 0 16 5 4 1 1 0 8 1
pfstscr 40 71 0 71 2 2 0 1 0 8 0
pffrag 232 12 0 11 2 1 1 1 0 482 0
pffrnode 88 12 0 11 2 1 1 1 0 8 0
pffrent 40 74 0 73 2 1 1 1 0 8 0
pfosfp 40 1434 0 1010 5 0 5 5 0 8 0
pfosfpen 112 1434 0 719 21 0 21 21 0 8 0
pfanchor 1280 134 0 63 12 4 8 12 0 8 0
pfstitem 24 142 0 126 1 0 1 1 0 8 0
pfstkey 128 284 0 268 2 0 2 2 0 8 0
pfstate 384 213 0 197 6 3 3 5 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
rttmr 136 3 0 3 1 1 0 1 0 8 0
art_heap8 4096 2 0 1 2 1 1 2 0 8 0
art_heap4 256 1158 0 741 36 7 29 31 0 8 2
art_table 32 1160 0 742 5 0 5 5 0 8 0
art_node 16 274 0 186 1 0 1 1 0 8 0
sysvmsgpl 40 76 0 73 1 0 1 1 0 8 0
semapl 112 421 0 411 1 0 1 1 0 8 0
shmpl 112 128 0 0 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 6513 0 5058 92 0 92 92 0 8 0
ffsino 272 6513 0 5058 98 0 98 98 0 8 0
nchpl 144 12462 0 10809 63 0 63 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 45251 0 45251 3 2 1 2 0 8 1
percpumem 16 108 0 67 1 0 1 1 0 8 0
vmpool 696 3 0 3 1 1 0 1 0 8 0
kstatmem 264 118 0 90 3 0 3 3 0 8 0
scxspl 216 36223 0 36223 12 11 1 8 0 8 1
plimitpl 152 646 0 630 1 0 1 1 0 8 0
sigapl 424 4136 0 4070 9 1 8 8 0 8 0
futexpl 64 34067 0 34065 2 1 1 1 0 8 0
knotepl 120 688 0 0 15 0 15 15 0 8 0
kqueuepl 216 760 0 754 16 15 1 5 0 8 0
pipepl 320 1873 0 1842 48 40 8 8 0 8 5
fdescpl 496 4097 0 4072 6 2 4 5 0 8 0
filepl 152 33613 0 33381 75 60 15 21 0 8 5
lockfpl 104 879 0 877 1 0 1 1 0 8 0
lockfspl 48 236 0 234 1 0 1 1 0 8 0
sessionpl 144 34 0 18 1 0 1 1 0 8 0
pgrppl 48 47 0 31 1 0 1 1 0 8 0
ucredpl 104 4477 0 4467 1 0 1 1 0 8 0
zombiepl 144 4074 0 4070 1 0 1 1 0 8 0
processpl 1072 4136 0 4070 5 0 5 5 0 8 0
procpl 672 11422 0 11326 15 6 9 10 0 8 0
srpgc 96 15 0 15 6 6 0 1 0 8 0
sosppl 168 35 0 35 5 5 0 1 0 8 0
sockpl 488 8282 0 8265 201 182 19 29 0 8 16
mcl64k 65536 25 0 0 4 1 3 3 0 8 0
mcl16k 16384 17 0 0 3 0 3 3 0 8 0
mcl12k 12288 25 0 0 2 0 2 2 0 8 0
mcl9k 9216 9 0 0 1 0 1 1 0 8 0
mcl8k 8192 17 0 0 3 0 3 3 0 8 0
mcl4k 4096 17 0 0 3 0 3 3 0 8 0
mcl2k2 2112 6 0 0 1 0 1 1 0 8 0
mcl2k 2048 404 0 0 50 6 44 50 0 8 0
mtagpl 96 120 0 0 3 1 2 3 0 8 0
mbufpl 256 1143 0 0 63 0 63 63 0 8 0
bufpl 288 9508 0 3176 453 0 453 453 0 8 0
anonpl 24 826502 0 808597 139 24 115 126 0 186 0
amapchunkpl 152 79633 0 78825 69 34 35 47 0 158 0
amappl16 200 7040 0 6498 39 8 31 32 0 8 1
amappl15 192 14 0 13 1 0 1 1 0 8 0
amappl14 184 178 0 164 2 1 1 2 0 8 0
amappl13 176 9 0 9 3 3 0 1 0 8 0
amappl12 168 521 0 518 1 0 1 1 0 8 0
amappl11 160 57 0 48 1 0 1 1 0 8 0
amappl10 152 64 0 51 1 0 1 1 0 8 0
amappl9 144 972 0 971 1 0 1 1 0 8 0
amappl8 136 303 0 228 3 0 3 3 0 8 0
amappl7 128 174 0 151 2 0 2 2 0 8 0
amappl6 120 226 0 211 1 0 1 1 0 8 0
amappl5 112 198 0 192 1 0 1 1 0 8 0
amappl4 104 634 0 603 2 1 1 2 0 8 0
amappl3 96 11881 0 11823 2 0 2 2 0 8 0
amappl2 88 4638 0 4578 3 1 2 3 0 8 0
amappl1 80 95759 0 95060 23 5 18 23 0 8 0
amappl 88 27703 0 27501 7 2 5 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 130 0 0 3 0 3 3 0 8 0
uaddrrnd 24 4100 0 4074 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 4100 0 4074 1 0 1 1 0 8 0
vmmpekpl 168 42964 0 42903 3 0 3 3 0 8 0
vmmpepl 168 378906 0 376225 206 76 130 154 0 357 3
vmsppl 368 4099 0 4073 4 1 3 4 0 8 0
rwobjpl 56 106920 0 99205 113 1 112 112 0 8 0
pdppl 4096 8207 0 8146 278 215 63 77 0 8 2
pvpl 32 1717127 0 1693700 318 116 202 266 0 265 0
pmappl 248 4099 0 4073 3 0 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1172 0 299 26 0 26 26 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
witness_checkorder(fffffd806f03b208,9,0) at witness_checkorder+0x1ef sys/kern/subr_witness.c:789
rw_enter(fffffd806f03b1f8,1) at rw_enter+0xd1 sys/kern/kern_rwlock.c:250
rwsleep(fffffd806f03b338,fffffd806f03b1f8,118,ffffffff8261e0cc,0) at rwsleep+0x100 sys/kern/kern_synch.c:314
sosend(fffffd806f03b1f0,0,ffff8000261afd28,0,0,0) at sosend+0x7a8 sys/kern/uipc_socket.c:615
fifo_write(ffff8000261afc70) at fifo_write+0x7c sys/miscfs/fifofs/fifo_vnops.c:281
VOP_WRITE(fffffd8067ff26c8,ffff8000261afd28,3,fffffd807f7d76e8) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245
ktrwriteraw(ffff8000ffff4a88,fffffd8067ff26c8,fffffd807f7d76e8,ffff8000261afe08,ffff8000261afdd0) at ktrwriteraw+0x15f sys/kern/kern_ktrace.c:660
ktrsysret(ffff8000ffff4a88,b,0,ffff8000261aff00) at ktrsysret+0x18c ktrwrite2 sys/kern/kern_ktrace.c:625 [inline]
ktrsysret(ffff8000ffff4a88,b,0,ffff8000261aff00) at ktrsysret+0x18c sys/kern/kern_ktrace.c:207
syscall(ffff8000261aff80) at syscall+0x5d0 mi_syscall_return sys/sys/syscall_mi.h:131 [inline]
syscall(ffff8000261aff80) at syscall+0x5d0 sys/arch/amd64/amd64/trap.c:620
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff0f20, count: -10
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82aaeff8) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82aaeff8) at __mp_lock+0x122 sys/kern/kern_lock.c:147
uvm_unmap_detach(ffff800021239ca0,1) at uvm_unmap_detach+0x113 sys/uvm/uvm_map.c:1382
uvm_map_teardown(fffffd807effc8a0) at uvm_map_teardown+0x28d sys/uvm/uvm_map.c:2598
uvmspace_free(fffffd807effc8a0) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3513
reaper(ffff8000212337a8) at reaper+0x19a sys/kern/kern_exit.c:448
end trace frame: 0x0, count: 7
ddb{1}> trace
x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82aaeff8) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82aaeff8) at __mp_lock+0x122 sys/kern/kern_lock.c:147
uvm_unmap_detach(ffff800021239ca0,1) at uvm_unmap_detach+0x113 sys/uvm/uvm_map.c:1382
uvm_map_teardown(fffffd807effc8a0) at uvm_map_teardown+0x28d sys/uvm/uvm_map.c:2598
uvmspace_free(fffffd807effc8a0) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3513
reaper(ffff8000212337a8) at reaper+0x19a sys/kern/kern_exit.c:448
end trace frame: 0x0, count: -8
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 86a45bbd35a5 timeout.9: document new interfaces, miscellan..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1574260c480000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=f26faa051726a8fed517
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9f8855afbd94/disk-86a45bbd.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/d9d2b229fd1e/bsd-86a45bbd.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/8ce6f80b244b/kernel-86a45bbd.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f26faa...@syzkaller.appspotmail.com
uvm_fault(0xfffffd806edffe68, 0x400000008, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at witness_checkorder+0x1ef: movl 0x8(%r14),%ebx
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*138899 86292 0 0x2 0x1 0K syz-executor.4
424382 4871 0 0x14000 0x200 1 reaper
witness_checkorder(fffffd806f03b208,9,0) at witness_checkorder+0x1ef sys/kern/subr_witness.c:789
rw_enter(fffffd806f03b1f8,1) at rw_enter+0xd1 sys/kern/kern_rwlock.c:250
rwsleep(fffffd806f03b338,fffffd806f03b1f8,118,ffffffff8261e0cc,0) at rwsleep+0x100 sys/kern/kern_synch.c:314
sosend(fffffd806f03b1f0,0,ffff8000261afd28,0,0,0) at sosend+0x7a8 sys/kern/uipc_socket.c:615
fifo_write(ffff8000261afc70) at fifo_write+0x7c sys/miscfs/fifofs/fifo_vnops.c:281
VOP_WRITE(fffffd8067ff26c8,ffff8000261afd28,3,fffffd807f7d76e8) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245
ktrwriteraw(ffff8000ffff4a88,fffffd8067ff26c8,fffffd807f7d76e8,ffff8000261afe08,ffff8000261afdd0) at ktrwriteraw+0x15f sys/kern/kern_ktrace.c:660
ktrsysret(ffff8000ffff4a88,b,0,ffff8000261aff00) at ktrsysret+0x18c ktrwrite2 sys/kern/kern_ktrace.c:625 [inline]
ktrsysret(ffff8000ffff4a88,b,0,ffff8000261aff00) at ktrsysret+0x18c sys/kern/kern_ktrace.c:207
syscall(ffff8000261aff80) at syscall+0x5d0 mi_syscall_return sys/sys/syscall_mi.h:131 [inline]
syscall(ffff8000261aff80) at syscall+0x5d0 sys/arch/amd64/amd64/trap.c:620
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff0f20, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: uvm_fault(0xfffffd806edffe68, 0x400000008, 0, 1) -> e
ddb{0}> trace
witness_checkorder(fffffd806f03b208,9,0) at witness_checkorder+0x1ef sys/kern/subr_witness.c:789
rw_enter(fffffd806f03b1f8,1) at rw_enter+0xd1 sys/kern/kern_rwlock.c:250
rwsleep(fffffd806f03b338,fffffd806f03b1f8,118,ffffffff8261e0cc,0) at rwsleep+0x100 sys/kern/kern_synch.c:314
sosend(fffffd806f03b1f0,0,ffff8000261afd28,0,0,0) at sosend+0x7a8 sys/kern/uipc_socket.c:615
fifo_write(ffff8000261afc70) at fifo_write+0x7c sys/miscfs/fifofs/fifo_vnops.c:281
VOP_WRITE(fffffd8067ff26c8,ffff8000261afd28,3,fffffd807f7d76e8) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245
ktrwriteraw(ffff8000ffff4a88,fffffd8067ff26c8,fffffd807f7d76e8,ffff8000261afe08,ffff8000261afdd0) at ktrwriteraw+0x15f sys/kern/kern_ktrace.c:660
ktrsysret(ffff8000ffff4a88,b,0,ffff8000261aff00) at ktrsysret+0x18c ktrwrite2 sys/kern/kern_ktrace.c:625 [inline]
ktrsysret(ffff8000ffff4a88,b,0,ffff8000261aff00) at ktrsysret+0x18c sys/kern/kern_ktrace.c:207
syscall(ffff8000261aff80) at syscall+0x5d0 mi_syscall_return sys/sys/syscall_mi.h:131 [inline]
syscall(ffff8000261aff80) at syscall+0x5d0 sys/arch/amd64/amd64/trap.c:620
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff0f20, count: -10
ddb{0}> show registers
rdi 0
rsi 0x20000 acpi_pdirpa+0xbe63
rbp 0xffff8000261af9e0
rbx 0xe
rdx 0
rcx 0
rax 0xffffffff82924ff0 cpu_info_full_primary+0x1ff0
r8 0x44b82fa09b5a53
r9 0
r10 0x64a2e29be9d804ab
r11 0xe6daf9e8d016d624
r12 0
r13 0xfffffd806f03b208
r14 0x400000000
r15 0xffff8000ffff4a88
rip 0xffffffff824ab3ef witness_checkorder+0x1ef
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff8000261af930
ss 0x10
witness_checkorder+0x1ef: movl 0x8(%r14),%ebx
ddb{0}> show proc
PROC (syz-executor.4) pid=138899 stat=onproc
flags process=2<EXEC> proc=1<INKTR>
pri=24, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff4548,0xffff8000212f4d40
process=0xffff80002129b250 user=0xffff8000261ab000, vmspace=0xfffffd806edffe68
estcpu=36, cpticks=3, pctcpu=0.3
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
10690 36234 69455 0 3 0x80 nanoslp syz-executor.5
10690 457008 69455 0 3 0x4000080 fsleep syz-executor.5
10690 205424 69455 0 3 0x4000080 fsleep syz-executor.5
10690 243969 69455 0 2 0x4000000 syz-executor.5
85799 326575 31769 0 2 0x81000 syz-executor.7
85799 196803 31769 0 2 0x4081000 syz-executor.7
85799 300989 31769 0 2 0x4081000 syz-executor.7
85799 468556 31769 0 3 0x4003000 suspend syz-executor.7
85799 227922 31769 0 2 0x4081000 syz-executor.7
11069 191050 66995 0 2 0x4081000 syz-executor.6
11069 118833 66995 0 3 0x4003000 suspend syz-executor.6
47578 142373 4780 0 2 0 syz-executor.3
47578 293191 4780 0 2 0x4000081 syz-executor.3
7004 342498 15259 0 2 0 syz-executor.1
7004 281162 15259 0 2 0x4000000 syz-executor.1
66995 208643 32458 0 2 0x83 syz-executor.6
98833 344436 1 0 3 0x100083 ttyin getty
69455 228477 32458 0 2 0x83 syz-executor.5
31769 165426 32458 0 2 0x482 syz-executor.7
4780 428144 32458 0 2 0x83 syz-executor.3
55766 515853 32458 0 2 0x482 syz-executor.0
56178 152593 32458 0 2 0x83 syz-executor.2
15259 20879 32458 0 2 0x482 syz-executor.1
98028 154300 0 0 3 0x14280 nfsidl nfsio
53617 142906 0 0 3 0x14280 nfsidl nfsio
30243 393796 0 0 3 0x14280 nfsidl nfsio
53571 75502 0 0 3 0x14280 nfsidl nfsio
72914 154707 0 0 3 0x14280 nfsidl nfsio
68835 134462 0 0 3 0x14280 nfsidl nfsio
10144 159505 0 0 3 0x14280 nfsidl nfsio
32134 262194 0 0 3 0x14280 nfsidl nfsio
32419 14558 0 0 3 0x14280 nfsidl nfsio
55450 164547 0 0 3 0x14280 nfsidl nfsio
70756 180018 0 0 3 0x14280 nfsidl nfsio
4082 64026 0 0 3 0x14280 nfsidl nfsio
2721 350053 0 0 3 0x14280 nfsidl nfsio
57836 459439 0 0 3 0x14280 nfsidl nfsio
65167 240072 0 0 3 0x14280 nfsidl nfsio
34963 160761 0 0 3 0x14280 nfsidl nfsio
89844 460252 0 0 3 0x14280 nfsidl nfsio
72539 227639 0 0 3 0x14280 nfsidl nfsio
34220 430239 0 0 3 0x14280 nfsidl nfsio
64525 279279 0 0 3 0x14280 nfsidl nfsio
12828 87818 0 0 3 0x14200 acct acct
83876 162266 0 0 3 0x14200 bored sosplice
*86292 138899 32458 0 7 0x3 syz-executor.4
32458 477231 64481 0 3 0x82 thrsleep syz-fuzzer
32458 314801 64481 0 3 0x4000082 thrsleep syz-fuzzer
32458 230819 64481 0 3 0x4000082 wait syz-fuzzer
32458 86061 64481 0 3 0x4000082 thrsleep syz-fuzzer
32458 235602 64481 0 3 0x4000082 thrsleep syz-fuzzer
32458 299517 64481 0 3 0x4000082 wait syz-fuzzer
32458 170184 64481 0 3 0x4000082 thrsleep syz-fuzzer
32458 320017 64481 0 3 0x4000082 wait syz-fuzzer
32458 14524 64481 0 3 0x4000082 thrsleep syz-fuzzer
32458 231829 64481 0 3 0x4000082 thrsleep syz-fuzzer
32458 501996 64481 0 3 0x4000082 wait syz-fuzzer
32458 111873 64481 0 3 0x4000082 wait syz-fuzzer
32458 435974 64481 0 3 0x4000082 wait syz-fuzzer
32458 240634 64481 0 3 0x4000082 wait syz-fuzzer
32458 333581 64481 0 3 0x4000082 wait syz-fuzzer
32458 487070 64481 0 3 0x4000082 kqread syz-fuzzer
64481 423317 31959 0 3 0x10008a sigsusp ksh
31959 280331 4761 0 3 0x9a kqread sshd
4761 185691 1 0 3 0x88 kqread sshd
18146 270041 87306 74 3 0x1100092 bpf pflogd
87306 92786 1 0 3 0x80 netio pflogd
99955 335465 15408 73 3 0x1100090 kqread syslogd
15408 154083 1 0 3 0x100082 netio syslogd
84389 11511 1 0 3 0x100080 kqread resolvd
59982 291242 0 0 3 0x14200 bored smr
33443 179480 0 0 2 0x14200 zerothread
25954 368547 0 0 3 0x14200 aiodoned aiodoned
75577 350255 0 0 3 0x14200 syncer update
41488 482931 0 0 3 0x14200 cleaner cleaner
4871 424382 0 0 7 0x14200 reaper
1698 44069 0 0 3 0x14200 pgdaemon pagedaemon
46361 389845 0 0 3 0x14200 bored viomb
88373 315329 0 0 3 0x40014200 acpi0 acpi0
97030 266625 0 0 3 0x40014200 idle1
44836 15861 0 0 3 0x14200 bored softnet
41442 491685 0 0 3 0x14200 bored softnet
66552 310158 0 0 3 0x14200 bored softnet
71384 76978 0 0 3 0x14200 bored softnet
15476 287921 0 0 3 0x14200 bored systqmp
40151 350838 0 0 3 0x14200 bored systq
62550 309403 0 0 3 0x40014200 bored softclock
8424 80430 0 0 3 0x40014200 idle0
1 88959 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 86292 (syz-executor.4) thread 0xffff8000ffff4a88 (138899)
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82aaf200)
#0 witness_lock+0x44d
#1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
#2 mi_switch+0x3bb sys/kern/sched_bsd.c:415
#3 sleep_finish+0x180 sys/kern/kern_synch.c:417
#4 rwsleep+0xd5 sys/kern/kern_synch.c:311
#5 sosend+0x7a8 sys/kern/uipc_socket.c:615
#6 fifo_write+0x7c sys/miscfs/fifofs/fifo_vnops.c:281
#7 VOP_WRITE+0xbf sys/kern/vfs_vops.c:245
#8 ktrwriteraw+0x15f sys/kern/kern_ktrace.c:660
#9 ktrsysret+0x18c ktrwrite2 sys/kern/kern_ktrace.c:625 [inline]
#9 ktrsysret+0x18c sys/kern/kern_ktrace.c:207
#10 syscall+0x5d0 mi_syscall_return sys/sys/syscall_mi.h:131 [inline]
#10 syscall+0x5d0 sys/arch/amd64/amd64/trap.c:620
#11 Xsyscall+0x128
Process 4871 (reaper) thread 0xffff8000212337a8 (424382)
uvm_fault(0xfffffd806edffe68, 0x400000000, 0, 1) -> e
kernel: page fault trap, code=0
Faulted in DDB; continuing...
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10215 6482K 6956K 78643K 15000 0
pcb 13 13K 15K 78643K 791 0
rtable 228 16K 19K 78643K 911 0
ifaddr 85 19K 21K 78643K 312 0
sysctl 3 1K 1K 78643K 3 0
counters 58 35K 36K 78643K 192 0
ioctlops 0 0K 4K 78643K 1915 0
iov 0 0K 24K 78643K 445 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1502 94K 94K 78643K 3531 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 44 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 423 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 15 53K 81K 78643K 3823 0
sigio 0 0K 0K 78643K 262 0
proc 64 67K 140K 78643K 965 0
subproc 104 6K 6K 78643K 230 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 264 0
in_multi 88 5K 7K 78643K 337 0
ether_multi 1 0K 0K 78643K 26 0
mrt 1 0K 0K 78643K 16 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 157 705K 705K 78643K 157 0
exec 0 0K 1K 78643K 827 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 336 84K 96K 78643K 28385 0
UVM aobj 131 4K 4K 78643K 131 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 107 0
NDP 14 0K 1K 78643K 104 0
temp 137 4694K 5718K 78643K 20760 0
kqueue 7 12K 26K 78643K 280 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 273 0 272 5 4 1 3 0 8 0
rtentry 112 278 0 179 4 0 4 4 0 8 0
unpcb 144 4274 0 4264 49 43 6 8 0 8 5
syncache 296 36 0 36 10 9 1 1 0 8 1
tcpqe 32 132 0 132 6 5 1 1 0 8 1
tcpcb 776 1305 0 1299 50 42 8 11 0 8 7
arp 120 42 0 26 1 0 1 1 0 8 0
inpcb 368 3651 0 3645 64 55 9 13 0 8 8
nd6 48 65 0 44 1 0 1 1 0 8 0
pkpcb 40 77 0 77 3 2 1 1 0 8 1
kcovpl 48 17 0 9 1 0 1 1 0 8 0
mppekey 1024 3 0 3 2 2 0 1 0 8 0
ppxss 1256 38 0 38 8 7 1 1 0 8 1
pppxif 1448 16 0 16 5 4 1 1 0 8 1
pfstscr 40 71 0 71 2 2 0 1 0 8 0
pffrag 232 12 0 11 2 1 1 1 0 482 0
pffrnode 88 12 0 11 2 1 1 1 0 8 0
pffrent 40 74 0 73 2 1 1 1 0 8 0
pfosfp 40 1434 0 1010 5 0 5 5 0 8 0
pfosfpen 112 1434 0 719 21 0 21 21 0 8 0
pfanchor 1280 134 0 63 12 4 8 12 0 8 0
pfstitem 24 142 0 126 1 0 1 1 0 8 0
pfstkey 128 284 0 268 2 0 2 2 0 8 0
pfstate 384 213 0 197 6 3 3 5 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
rttmr 136 3 0 3 1 1 0 1 0 8 0
art_heap8 4096 2 0 1 2 1 1 2 0 8 0
art_heap4 256 1158 0 741 36 7 29 31 0 8 2
art_table 32 1160 0 742 5 0 5 5 0 8 0
art_node 16 274 0 186 1 0 1 1 0 8 0
sysvmsgpl 40 76 0 73 1 0 1 1 0 8 0
semapl 112 421 0 411 1 0 1 1 0 8 0
shmpl 112 128 0 0 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 6513 0 5058 92 0 92 92 0 8 0
ffsino 272 6513 0 5058 98 0 98 98 0 8 0
nchpl 144 12462 0 10809 63 0 63 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 45251 0 45251 3 2 1 2 0 8 1
percpumem 16 108 0 67 1 0 1 1 0 8 0
vmpool 696 3 0 3 1 1 0 1 0 8 0
kstatmem 264 118 0 90 3 0 3 3 0 8 0
scxspl 216 36223 0 36223 12 11 1 8 0 8 1
plimitpl 152 646 0 630 1 0 1 1 0 8 0
sigapl 424 4136 0 4070 9 1 8 8 0 8 0
futexpl 64 34067 0 34065 2 1 1 1 0 8 0
knotepl 120 688 0 0 15 0 15 15 0 8 0
kqueuepl 216 760 0 754 16 15 1 5 0 8 0
pipepl 320 1873 0 1842 48 40 8 8 0 8 5
fdescpl 496 4097 0 4072 6 2 4 5 0 8 0
filepl 152 33613 0 33381 75 60 15 21 0 8 5
lockfpl 104 879 0 877 1 0 1 1 0 8 0
lockfspl 48 236 0 234 1 0 1 1 0 8 0
sessionpl 144 34 0 18 1 0 1 1 0 8 0
pgrppl 48 47 0 31 1 0 1 1 0 8 0
ucredpl 104 4477 0 4467 1 0 1 1 0 8 0
zombiepl 144 4074 0 4070 1 0 1 1 0 8 0
processpl 1072 4136 0 4070 5 0 5 5 0 8 0
procpl 672 11422 0 11326 15 6 9 10 0 8 0
srpgc 96 15 0 15 6 6 0 1 0 8 0
sosppl 168 35 0 35 5 5 0 1 0 8 0
sockpl 488 8282 0 8265 201 182 19 29 0 8 16
mcl64k 65536 25 0 0 4 1 3 3 0 8 0
mcl16k 16384 17 0 0 3 0 3 3 0 8 0
mcl12k 12288 25 0 0 2 0 2 2 0 8 0
mcl9k 9216 9 0 0 1 0 1 1 0 8 0
mcl8k 8192 17 0 0 3 0 3 3 0 8 0
mcl4k 4096 17 0 0 3 0 3 3 0 8 0
mcl2k2 2112 6 0 0 1 0 1 1 0 8 0
mcl2k 2048 404 0 0 50 6 44 50 0 8 0
mtagpl 96 120 0 0 3 1 2 3 0 8 0
mbufpl 256 1143 0 0 63 0 63 63 0 8 0
bufpl 288 9508 0 3176 453 0 453 453 0 8 0
anonpl 24 826502 0 808597 139 24 115 126 0 186 0
amapchunkpl 152 79633 0 78825 69 34 35 47 0 158 0
amappl16 200 7040 0 6498 39 8 31 32 0 8 1
amappl15 192 14 0 13 1 0 1 1 0 8 0
amappl14 184 178 0 164 2 1 1 2 0 8 0
amappl13 176 9 0 9 3 3 0 1 0 8 0
amappl12 168 521 0 518 1 0 1 1 0 8 0
amappl11 160 57 0 48 1 0 1 1 0 8 0
amappl10 152 64 0 51 1 0 1 1 0 8 0
amappl9 144 972 0 971 1 0 1 1 0 8 0
amappl8 136 303 0 228 3 0 3 3 0 8 0
amappl7 128 174 0 151 2 0 2 2 0 8 0
amappl6 120 226 0 211 1 0 1 1 0 8 0
amappl5 112 198 0 192 1 0 1 1 0 8 0
amappl4 104 634 0 603 2 1 1 2 0 8 0
amappl3 96 11881 0 11823 2 0 2 2 0 8 0
amappl2 88 4638 0 4578 3 1 2 3 0 8 0
amappl1 80 95759 0 95060 23 5 18 23 0 8 0
amappl 88 27703 0 27501 7 2 5 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 130 0 0 3 0 3 3 0 8 0
uaddrrnd 24 4100 0 4074 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 4100 0 4074 1 0 1 1 0 8 0
vmmpekpl 168 42964 0 42903 3 0 3 3 0 8 0
vmmpepl 168 378906 0 376225 206 76 130 154 0 357 3
vmsppl 368 4099 0 4073 4 1 3 4 0 8 0
rwobjpl 56 106920 0 99205 113 1 112 112 0 8 0
pdppl 4096 8207 0 8146 278 215 63 77 0 8 2
pvpl 32 1717127 0 1693700 318 116 202 266 0 265 0
pmappl 248 4099 0 4073 3 0 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1172 0 299 26 0 26 26 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
witness_checkorder(fffffd806f03b208,9,0) at witness_checkorder+0x1ef sys/kern/subr_witness.c:789
rw_enter(fffffd806f03b1f8,1) at rw_enter+0xd1 sys/kern/kern_rwlock.c:250
rwsleep(fffffd806f03b338,fffffd806f03b1f8,118,ffffffff8261e0cc,0) at rwsleep+0x100 sys/kern/kern_synch.c:314
sosend(fffffd806f03b1f0,0,ffff8000261afd28,0,0,0) at sosend+0x7a8 sys/kern/uipc_socket.c:615
fifo_write(ffff8000261afc70) at fifo_write+0x7c sys/miscfs/fifofs/fifo_vnops.c:281
VOP_WRITE(fffffd8067ff26c8,ffff8000261afd28,3,fffffd807f7d76e8) at VOP_WRITE+0xbf sys/kern/vfs_vops.c:245
ktrwriteraw(ffff8000ffff4a88,fffffd8067ff26c8,fffffd807f7d76e8,ffff8000261afe08,ffff8000261afdd0) at ktrwriteraw+0x15f sys/kern/kern_ktrace.c:660
ktrsysret(ffff8000ffff4a88,b,0,ffff8000261aff00) at ktrsysret+0x18c ktrwrite2 sys/kern/kern_ktrace.c:625 [inline]
ktrsysret(ffff8000ffff4a88,b,0,ffff8000261aff00) at ktrsysret+0x18c sys/kern/kern_ktrace.c:207
syscall(ffff8000261aff80) at syscall+0x5d0 mi_syscall_return sys/sys/syscall_mi.h:131 [inline]
syscall(ffff8000261aff80) at syscall+0x5d0 sys/arch/amd64/amd64/trap.c:620
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff0f20, count: -10
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82aaeff8) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82aaeff8) at __mp_lock+0x122 sys/kern/kern_lock.c:147
uvm_unmap_detach(ffff800021239ca0,1) at uvm_unmap_detach+0x113 sys/uvm/uvm_map.c:1382
uvm_map_teardown(fffffd807effc8a0) at uvm_map_teardown+0x28d sys/uvm/uvm_map.c:2598
uvmspace_free(fffffd807effc8a0) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3513
reaper(ffff8000212337a8) at reaper+0x19a sys/kern/kern_exit.c:448
end trace frame: 0x0, count: 7
ddb{1}> trace
x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82aaeff8) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82aaeff8) at __mp_lock+0x122 sys/kern/kern_lock.c:147
uvm_unmap_detach(ffff800021239ca0,1) at uvm_unmap_detach+0x113 sys/uvm/uvm_map.c:1382
uvm_map_teardown(fffffd807effc8a0) at uvm_map_teardown+0x28d sys/uvm/uvm_map.c:2598
uvmspace_free(fffffd807effc8a0) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3513
reaper(ffff8000212337a8) at reaper+0x19a sys/kern/kern_exit.c:448
end trace frame: 0x0, count: -8
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Sep 4, 2023, 8:01:09 PM9/4/23
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: e36cf0cab4c6 rework DESCRIPTION for readability. put the B..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=166cd458680000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/79a0cb974316/disk-e36cf0ca.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/a90f8ce66b4f/bsd-e36cf0ca.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/2bffc76d7b08/kernel-e36cf0ca.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f26faa...@syzkaller.appspotmail.com
uvm_fault(0xfffffd806ba62598, 0x8, 0, 1) -> e
witness_checkorder(fffffd806f2bd1c0,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794
mtx_enter(fffffd806f2bd1b0) at mtx_enter+0x3e sys/kern/kern_lock.c:265
knote_remove(ffff80002129d7f0,fffffd806f2bd1b0,fffffd806f2bd238,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881
knote_fdclose(ffff80002129d7f0,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934
fdfree(ffff80002129d7f0) at fdfree+0xdf sys/kern/kern_descrip.c:1196
exit1(ffff80002129d7f0,0,0,1) at exit1+0x3ff sys/kern/kern_exit.c:206
sys_exit(ffff80002129d7f0,ffff80002139da30,ffff80002139da80) at sys_exit+0x1a sys/kern/kern_exit.c:89
syscall(ffff80002139db00) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002139db00) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: uvm_fault(0xfffffd806ba62598, 0x8, 0, 1) -> e
ddb{1}> trace
witness_checkorder(fffffd806f2bd1c0,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794
mtx_enter(fffffd806f2bd1b0) at mtx_enter+0x3e sys/kern/kern_lock.c:265
knote_remove(ffff80002129d7f0,fffffd806f2bd1b0,fffffd806f2bd238,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881
knote_fdclose(ffff80002129d7f0,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934
fdfree(ffff80002129d7f0) at fdfree+0xdf sys/kern/kern_descrip.c:1196
exit1(ffff80002129d7f0,0,0,1) at exit1+0x3ff sys/kern/kern_exit.c:206
sys_exit(ffff80002129d7f0,ffff80002139da30,ffff80002139da80) at sys_exit+0x1a sys/kern/kern_exit.c:89
syscall(ffff80002139db00) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002139db00) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
ddb{1}> show registers
rbx 0xe
rdx 0
rcx 0xfffffd80037e3460
rax 0xffff800020d58ff0
r8 0x1
r9 0x1
r10 0x59f70afdcfd35571
r11 0xd0b4d0d8661ebebe
r12 0
r13 0xfffffd806f2bd1c0
r14 0
r15 0xffff80002129d7f0
rip 0xffffffff81b8d00c witness_checkorder+0x1ec
ss 0x10
witness_checkorder+0x1ec: movl 0x8(%r14),%ebx
ddb{1}> show proc
PROC (syz-executor.6) pid=348779 stat=onproc
flags process=1018<EXITING,SUGID,SINGLEEXIT> proc=2000<WEXIT>
pri=0, usrpri=71, nice=20
forw=0xffffffffffffffff, list=0xffff80002129cd50,0xffff80002129d008
process=0xffff80002141d0e0 user=0xffff800021398000, vmspace=0xfffffd806ba62598
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
72874 315294 16500 32767 2 0x4000010 syz-executor.0
18316 487713 74545 32767 2 0x10 syz-executor.2
31069 417735 70411 32767 2 0x10 syz-executor.3
31069 83214 70411 32767 3 0x4000090 fsleep syz-executor.3
24164 485120 50422 32767 2 0x10 syz-executor.4
24164 249597 50422 32767 2 0x4000010 syz-executor.4
36281 256623 4086 32767 2 0x10 syz-executor.5
36281 166578 4086 32767 3 0x4000090 fsleep syz-executor.5
79793 189596 0 0 3 0x14200 bored sosplice
50422 299654 34497 32767 3 0x90 nanoslp syz-executor.4
12612 372484 93373 32767 3 0x90 nanoslp syz-executor.6
16500 217720 60296 32767 3 0x90 nanoslp syz-executor.0
29984 336917 70131 32767 2 0x10 syz-executor.7
34497 47351 27897 0 3 0x82 wait syz-executor.4
93373 37212 27897 0 3 0x82 wait syz-executor.6
70131 131079 27897 0 3 0x82 wait syz-executor.7
4086 162340 96493 32767 3 0x90 nanoslp syz-executor.5
74545 184776 6625 32767 3 0x90 nanoslp syz-executor.2
60296 436220 27897 0 3 0x82 wait syz-executor.0
96493 147195 27897 0 3 0x82 wait syz-executor.5
70411 71368 14637 32767 3 0x90 nanoslp syz-executor.3
6625 488022 27897 0 3 0x82 wait syz-executor.2
99314 196886 23967 32767 3 0x10 biowait syz-executor.1
23967 268680 27897 0 3 0x82 wait syz-executor.1
14637 365795 27897 0 3 0x82 wait syz-executor.3
27897 512241 36848 0 3 0x2000082 wait syz-execprog
27897 68766 36848 0 3 0x6000082 nanoslp syz-execprog
27897 289846 36848 0 3 0x6000082 wait syz-execprog
27897 318747 36848 0 3 0x6000082 wait syz-execprog
27897 109790 36848 0 3 0x6000082 wait syz-execprog
27897 157901 36848 0 3 0x6000082 thrsleep syz-execprog
27897 207551 36848 0 3 0x6000082 thrsleep syz-execprog
27897 373851 36848 0 3 0x6000082 wait syz-execprog
27897 384142 36848 0 3 0x6000082 wait syz-execprog
27897 79290 36848 0 3 0x6000082 thrsleep syz-execprog
27897 42338 36848 0 3 0x6000082 wait syz-execprog
27897 76885 36848 0 3 0x6000082 wait syz-execprog
27897 191280 36848 0 3 0x6000082 kqread syz-execprog
27897 370325 36848 0 3 0x6000082 thrsleep syz-execprog
27897 25985 36848 0 3 0x6000082 thrsleep syz-execprog
36848 338651 61369 0 3 0x10008a sigsusp ksh
61369 201455 85351 0 3 0x9a kqread sshd
64969 88192 1 0 3 0x100083 ttyin getty
85351 306604 1 0 3 0x88 kqread sshd
99767 367367 50831 73 3 0x1100090 kqread syslogd
50831 111464 1 0 3 0x100082 netio syslogd
15599 444964 1 0 3 0x100080 kqread resolvd
12287 334116 39006 77 3 0x100092 kqread dhcpleased
58999 453508 39006 77 3 0x100092 kqread dhcpleased
39006 242801 1 0 3 0x80 kqread dhcpleased
60505 412926 0 0 3 0x14200 bored smr
15967 21193 0 0 2 0x14200 zerothread
55729 250950 0 0 3 0x14200 aiodoned aiodoned
97208 144273 0 0 3 0x14200 syncer update
11347 321472 0 0 3 0x14200 cleaner cleaner
82628 512608 0 0 7 0x14200 reaper
79269 445247 0 0 3 0x14200 pgdaemon pagedaemon
51961 317653 0 0 3 0x14200 bored viomb
68889 110268 0 0 3 0x40014200 acpi0 acpi0
582 426662 0 0 3 0x40014200 idle1
70265 118708 0 0 3 0x14200 bored softnet3
39473 33574 0 0 3 0x14200 bored softnet2
71037 226557 0 0 3 0x14200 bored softnet1
38828 275399 0 0 3 0x14200 bored softnet0
60731 382310 0 0 3 0x14200 bored systqmp
36608 504161 0 0 3 0x14200 bored systq
78350 132174 0 0 3 0x40014200 bored softclock
36612 355906 0 0 3 0x40014200 idle0
1 513411 0 0 3 0x82 wait init
CPU 0:
exclusive sched_lock &sched_lock r = 0 (0xffffffff82cdefb0)
#0 witness_lock+0x447
#1 wakeup_n+0x37 sys/kern/kern_synch.c:541
#2 uvm_pmr_getpages+0xeef sys/uvm/uvm_pmemrange.c:1207
#3 uvm_pagealloc+0x1a8 sys/uvm/uvm_page.c:910
#4 pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1209
#5 pmap_enter+0x2be sys/arch/amd64/amd64/pmap.c:2716
#6 uvm_fault_lower+0x768 sys/uvm/uvm_fault.c:1505
#7 uvm_fault+0x238
#8 upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188
#9 usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
#10 recall_trap+0x8
exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff82d26320)
#0 witness_lock+0x447
#1 mtx_enter_try+0x104
#2 mtx_enter+0x4f sys/kern/kern_lock.c:266
#3 uvm_pmr_getpages+0xeac sys/uvm/uvm_pmemrange.c:1205
#4 uvm_pagealloc+0x1a8 sys/uvm/uvm_page.c:910
#5 pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1209
#6 pmap_enter+0x2be sys/arch/amd64/amd64/pmap.c:2716
#7 uvm_fault_lower+0x768 sys/uvm/uvm_fault.c:1505
#8 uvm_fault+0x238
#9 upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188
#10 usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
#11 recall_trap+0x8
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd806c4753f0)
#0 witness_lock+0x447
#1 mtx_enter_try+0x104
#2 mtx_enter+0x4f sys/kern/kern_lock.c:266
#3 pmap_enter+0x1c3 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:423 [inline]
#3 pmap_enter+0x1c3 sys/arch/amd64/amd64/pmap.c:2710
#4 uvm_fault_lower+0x768 sys/uvm/uvm_fault.c:1505
#5 uvm_fault+0x238
#6 upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188
#7 usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
#8 recall_trap+0x8
Process 24164 (syz-executor.4) thread 0xffff800021275298 (249597)
exclusive rwlock amaplk r = 0 (0xfffffd806bb78390)
#0 witness_lock+0x447
#1 uvm_fault_check+0x41a sys/uvm/uvm_fault.c:782
#2 uvm_fault+0xf2 sys/uvm/uvm_fault.c:600
#3 upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188
#4 usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
#5 recall_trap+0x8
shared rwlock vmmaplk r = 0 (0xfffffd806ba62860)
#0 witness_lock+0x447
#1 uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1772
#2 uvm_fault_check+0x3e sys/uvm/uvm_fault.c:672
#3 uvm_fault+0xf2 sys/uvm/uvm_fault.c:600
#4 upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188
#5 usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
#6 recall_trap+0x8
Process 99314 (syz-executor.1) thread 0xffff800021200810 (196886)
exclusive rrwlock inode r = 0 (0xfffffd806b6602c8)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vget+0x200 sys/kern/vfs_subr.c:676
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1314
#8 ufs_lookup+0x13ba sys/ufs/ufs/ufs_lookup.c:487
#9 VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x6e2 sys/kern/vfs_lookup.c:566
#11 namei+0x55a sys/kern/vfs_lookup.c:250
#12 dounlinkat+0x9d sys/kern/vfs_syscalls.c:1847
#13 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#13 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806bd66e70)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd5 sys/kern/vfs_lookup.c:418
#6 namei+0x55a sys/kern/vfs_lookup.c:250
#7 dounlinkat+0x9d sys/kern/vfs_syscalls.c:1847
#8 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#8 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
#9 Xsyscall+0x128
ddb{1}> show malloc
pcb 13 8K 8K 78643K 13 0
rtable 234 6K 6K 78643K 344 0
pf 29 8K 8K 78643K 29 0
ifaddr 44 15K 15K 78643K 46 0
ifgroup 50 2K 2K 78643K 50 0
counters 60 35K 35K 78643K 60 0
ioctlops 0 0K 2K 78643K 29 0
proc 56 78K 103K 78643K 471 0
ether_multi 1 0K 0K 78643K 1 0
exec 0 0K 1K 78643K 356 0
UVM aobj 3 2K 2K 78643K 3 0
temp 1 5904K 5968K 78643K 4421 0
kqueue 12 18K 26K 78643K 282 0
rtentry 112 111 0 1 4 0 4 4 0 8 0
unpcb 144 33 0 20 1 0 1 1 0 8 0
syncache 304 5 0 5 2 1 1 1 0 8 1
tcpqe 32 166 0 166 1 1 0 1 0 8 0
tcpcb 808 8 0 5 1 0 1 1 0 8 0
arp 120 18 0 0 1 0 1 1 0 8 0
inpcb 368 319 0 310 2 0 2 2 0 8 1
nd6 136 24 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 452 0 0 29 0 29 29 0 8 0
art_table 32 453 0 0 4 0 4 4 0 8 0
art_node 16 110 0 10 1 0 1 1 0 8 0
ffsino 272 1747 0 308 96 0 96 96 0 8 0
nchpl 144 2261 0 585 63 0 63 63 0 8 0
uvmvnodes 80 1756 0 0 36 0 36 36 0 8 0
vnodes 216 1756 0 0 98 0 98 98 0 8 0
namei 1024 7027 0 7027 4 1 3 3 0 8 3
percpumem 16 43 0 0 1 0 1 1 0 8 0
kstatmem 264 22 0 0 2 0 2 2 0 8 0
scxspl 216 8163 0 8162 10 9 1 8 1 8 0
plimitpl 152 42 0 19 1 0 1 1 0 8 0
sigapl 424 695 0 642 7 0 7 7 0 8 0
futexpl 64 1191 0 1189 1 0 1 1 0 8 0
knotepl 120 114 0 0 4 0 4 4 0 8 0
kqueuepl 216 280 0 272 1 0 1 1 0 8 0
pipepl 320 136 0 108 4 1 3 3 0 8 0
fdescpl 496 677 0 642 7 1 6 6 0 8 1
filepl 152 2080 0 1949 6 0 6 6 0 8 0
lockfpl 104 6 0 4 1 0 1 1 0 8 0
lockfspl 48 4 0 2 1 0 1 1 0 8 0
sessionpl 144 25 0 9 1 0 1 1 0 8 0
pgrppl 48 25 0 9 1 0 1 1 0 8 0
ucredpl 104 90 0 72 1 0 1 1 0 8 0
zombiepl 144 643 0 642 2 1 1 1 0 8 0
processpl 1072 695 0 642 5 0 5 5 0 8 0
procpl 680 977 0 906 7 0 7 7 0 8 0
sosppl 168 255 0 253 1 0 1 1 0 8 0
sockpl 488 385 0 360 4 0 4 4 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 255 0 0 32 2 30 32 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 359 0 0 18 1 17 18 0 8 0
bufpl 288 4368 0 141 302 0 302 302 0 8 0
anonpl 24 214644 0 209982 68 13 55 55 0 186 26
amapchunkpl 152 17959 0 17264 30 1 29 29 0 158 2
amappl16 200 5951 0 5877 10 5 5 5 0 8 0
amappl15 192 10 0 10 1 1 0 1 0 8 0
amappl14 184 175 0 162 2 0 2 2 0 8 1
amappl13 176 15 0 14 2 1 1 1 0 8 0
amappl12 168 1310 0 1274 3 0 3 3 0 8 0
amappl11 160 54 0 44 1 0 1 1 0 8 0
amappl10 152 26 0 18 2 1 1 1 0 8 0
amappl9 144 185 0 185 2 1 1 1 0 8 1
amappl8 136 154 0 126 2 0 2 2 0 8 0
amappl7 128 75 0 61 2 0 2 2 0 8 0
amappl6 120 222 0 205 2 0 2 2 0 8 1
amappl5 112 164 0 156 1 0 1 1 0 8 0
amappl4 104 542 0 506 2 0 2 2 0 8 0
amappl3 96 4026 0 3935 3 0 3 3 0 8 0
amappl2 88 916 0 846 4 1 3 3 0 8 1
amappl1 80 11596 0 11063 27 6 21 22 0 8 8
amappl 88 4948 0 4742 5 0 5 5 0 92 0
uaddrrnd 24 677 0 642 1 0 1 1 0 8 0
vmmpekpl 168 11130 0 11096 2 0 2 2 0 8 0
vmmpepl 168 57894 0 56035 120 9 111 111 0 357 28
vmsppl 464 676 0 642 7 1 6 6 0 8 1
rwobjpl 56 24575 0 21841 46 1 45 45 0 8 6
pdppl 4096 1362 0 1284 120 38 82 96 0 8 4
pvpl 32 452571 0 442217 366 30 336 345 0 265 248
pmappl 248 676 0 642 4 1 3 3 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffffffff82bffff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
__mp_lock(ffffffff82cd6528) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82cd6528) at __mp_lock+0x129 sys/kern/kern_lock.c:147
intr_handler(ffff8000211b8e40,ffff80000006bc00) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
mtx_leave(ffffffff82c98a58) at mtx_leave+0xf6 sys/kern/kern_lock.c:374
reaper(ffff8000211b2ff8) at reaper+0xdb sys/kern/kern_exit.c:435
x86_ipi_db(ffffffff82bffff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
__mp_lock(ffffffff82cd6528) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82cd6528) at __mp_lock+0x129 sys/kern/kern_lock.c:147
intr_handler(ffff8000211b8e40,ffff80000006bc00) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
mtx_leave(ffffffff82c98a58) at mtx_leave+0xf6 sys/kern/kern_lock.c:374
reaper(ffff8000211b2ff8) at reaper+0xdb sys/kern/kern_exit.c:435
witness_checkorder(fffffd806f2bd1c0,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794
mtx_enter(fffffd806f2bd1b0) at mtx_enter+0x3e sys/kern/kern_lock.c:265
knote_remove(ffff80002129d7f0,fffffd806f2bd1b0,fffffd806f2bd238,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881
knote_fdclose(ffff80002129d7f0,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934
fdfree(ffff80002129d7f0) at fdfree+0xdf sys/kern/kern_descrip.c:1196
exit1(ffff80002129d7f0,0,0,1) at exit1+0x3ff sys/kern/kern_exit.c:206
sys_exit(ffff80002129d7f0,ffff80002139da30,ffff80002139da80) at sys_exit+0x1a sys/kern/kern_exit.c:89
syscall(ffff80002139db00) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002139db00) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
ddb{1}> trace
witness_checkorder(fffffd806f2bd1c0,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794
mtx_enter(fffffd806f2bd1b0) at mtx_enter+0x3e sys/kern/kern_lock.c:265
knote_remove(ffff80002129d7f0,fffffd806f2bd1b0,fffffd806f2bd238,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881
knote_fdclose(ffff80002129d7f0,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934
fdfree(ffff80002129d7f0) at fdfree+0xdf sys/kern/kern_descrip.c:1196
exit1(ffff80002129d7f0,0,0,1) at exit1+0x3ff sys/kern/kern_exit.c:206
sys_exit(ffff80002129d7f0,ffff80002139da30,ffff80002139da80) at sys_exit+0x1a sys/kern/kern_exit.c:89
syscall(ffff80002139db00) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002139db00) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: e36cf0cab4c6 rework DESCRIPTION for readability. put the B..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=166cd458680000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=f26faa051726a8fed517
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10032577a80000
dashboard link: https://syzkaller.appspot.com/bug?extid=f26faa051726a8fed517
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/79a0cb974316/disk-e36cf0ca.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/a90f8ce66b4f/bsd-e36cf0ca.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/2bffc76d7b08/kernel-e36cf0ca.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f26faa...@syzkaller.appspotmail.com
kernel: page fault trap, code=0
Stopped at witness_checkorder+0x1ec: movl 0x8(%r14),%ebx
TID PID UID PRFLAGS PFLAGS CPU COMMAND
512608 82628 0 0x14000 0x200 0 reaper
witness_checkorder(fffffd806f2bd1c0,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794
mtx_enter(fffffd806f2bd1b0) at mtx_enter+0x3e sys/kern/kern_lock.c:265
knote_remove(ffff80002129d7f0,fffffd806f2bd1b0,fffffd806f2bd238,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881
knote_fdclose(ffff80002129d7f0,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934
fdfree(ffff80002129d7f0) at fdfree+0xdf sys/kern/kern_descrip.c:1196
exit1(ffff80002129d7f0,0,0,1) at exit1+0x3ff sys/kern/kern_exit.c:206
sys_exit(ffff80002129d7f0,ffff80002139da30,ffff80002139da80) at sys_exit+0x1a sys/kern/kern_exit.c:89
syscall(ffff80002139db00) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002139db00) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7ee42173c4a0, count: 6
end of kernel
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: uvm_fault(0xfffffd806ba62598, 0x8, 0, 1) -> e
ddb{1}> trace
witness_checkorder(fffffd806f2bd1c0,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794
mtx_enter(fffffd806f2bd1b0) at mtx_enter+0x3e sys/kern/kern_lock.c:265
knote_remove(ffff80002129d7f0,fffffd806f2bd1b0,fffffd806f2bd238,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881
knote_fdclose(ffff80002129d7f0,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934
fdfree(ffff80002129d7f0) at fdfree+0xdf sys/kern/kern_descrip.c:1196
exit1(ffff80002129d7f0,0,0,1) at exit1+0x3ff sys/kern/kern_exit.c:206
sys_exit(ffff80002129d7f0,ffff80002139da30,ffff80002139da80) at sys_exit+0x1a sys/kern/kern_exit.c:89
syscall(ffff80002139db00) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002139db00) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7ee42173c4a0, count: -9
end of kernel
ddb{1}> show registers
rdi 0
rsi 0x20000 acpi_pdirpa+0xbe63
rbp 0xffff80002139d7d0
rsi 0x20000 acpi_pdirpa+0xbe63
rbx 0xe
rdx 0
rcx 0xfffffd80037e3460
rax 0xffff800020d58ff0
r8 0x1
r9 0x1
r10 0x59f70afdcfd35571
r11 0xd0b4d0d8661ebebe
r12 0
r13 0xfffffd806f2bd1c0
r14 0
r15 0xffff80002129d7f0
rip 0xffffffff81b8d00c witness_checkorder+0x1ec
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002139d720
rflags 0x10246 __ALIGN_SIZE+0xf246
ss 0x10
witness_checkorder+0x1ec: movl 0x8(%r14),%ebx
ddb{1}> show proc
PROC (syz-executor.6) pid=348779 stat=onproc
flags process=1018<EXITING,SUGID,SINGLEEXIT> proc=2000<WEXIT>
pri=0, usrpri=71, nice=20
forw=0xffffffffffffffff, list=0xffff80002129cd50,0xffff80002129d008
process=0xffff80002141d0e0 user=0xffff800021398000, vmspace=0xfffffd806ba62598
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
72874 461874 16500 32767 2 0x10 syz-executor.0
72874 315294 16500 32767 2 0x4000010 syz-executor.0
18316 487713 74545 32767 2 0x10 syz-executor.2
31069 417735 70411 32767 2 0x10 syz-executor.3
31069 83214 70411 32767 3 0x4000090 fsleep syz-executor.3
24164 485120 50422 32767 2 0x10 syz-executor.4
24164 249597 50422 32767 2 0x4000010 syz-executor.4
36281 256623 4086 32767 2 0x10 syz-executor.5
36281 166578 4086 32767 3 0x4000090 fsleep syz-executor.5
79793 189596 0 0 3 0x14200 bored sosplice
50422 299654 34497 32767 3 0x90 nanoslp syz-executor.4
12612 372484 93373 32767 3 0x90 nanoslp syz-executor.6
16500 217720 60296 32767 3 0x90 nanoslp syz-executor.0
29984 336917 70131 32767 2 0x10 syz-executor.7
34497 47351 27897 0 3 0x82 wait syz-executor.4
93373 37212 27897 0 3 0x82 wait syz-executor.6
70131 131079 27897 0 3 0x82 wait syz-executor.7
4086 162340 96493 32767 3 0x90 nanoslp syz-executor.5
74545 184776 6625 32767 3 0x90 nanoslp syz-executor.2
60296 436220 27897 0 3 0x82 wait syz-executor.0
96493 147195 27897 0 3 0x82 wait syz-executor.5
70411 71368 14637 32767 3 0x90 nanoslp syz-executor.3
6625 488022 27897 0 3 0x82 wait syz-executor.2
99314 196886 23967 32767 3 0x10 biowait syz-executor.1
23967 268680 27897 0 3 0x82 wait syz-executor.1
14637 365795 27897 0 3 0x82 wait syz-executor.3
27897 512241 36848 0 3 0x2000082 wait syz-execprog
27897 68766 36848 0 3 0x6000082 nanoslp syz-execprog
27897 289846 36848 0 3 0x6000082 wait syz-execprog
27897 318747 36848 0 3 0x6000082 wait syz-execprog
27897 109790 36848 0 3 0x6000082 wait syz-execprog
27897 157901 36848 0 3 0x6000082 thrsleep syz-execprog
27897 207551 36848 0 3 0x6000082 thrsleep syz-execprog
27897 373851 36848 0 3 0x6000082 wait syz-execprog
27897 384142 36848 0 3 0x6000082 wait syz-execprog
27897 79290 36848 0 3 0x6000082 thrsleep syz-execprog
27897 42338 36848 0 3 0x6000082 wait syz-execprog
27897 76885 36848 0 3 0x6000082 wait syz-execprog
27897 191280 36848 0 3 0x6000082 kqread syz-execprog
27897 370325 36848 0 3 0x6000082 thrsleep syz-execprog
27897 25985 36848 0 3 0x6000082 thrsleep syz-execprog
36848 338651 61369 0 3 0x10008a sigsusp ksh
61369 201455 85351 0 3 0x9a kqread sshd
64969 88192 1 0 3 0x100083 ttyin getty
85351 306604 1 0 3 0x88 kqread sshd
99767 367367 50831 73 3 0x1100090 kqread syslogd
50831 111464 1 0 3 0x100082 netio syslogd
15599 444964 1 0 3 0x100080 kqread resolvd
12287 334116 39006 77 3 0x100092 kqread dhcpleased
58999 453508 39006 77 3 0x100092 kqread dhcpleased
39006 242801 1 0 3 0x80 kqread dhcpleased
60505 412926 0 0 3 0x14200 bored smr
15967 21193 0 0 2 0x14200 zerothread
55729 250950 0 0 3 0x14200 aiodoned aiodoned
97208 144273 0 0 3 0x14200 syncer update
11347 321472 0 0 3 0x14200 cleaner cleaner
82628 512608 0 0 7 0x14200 reaper
79269 445247 0 0 3 0x14200 pgdaemon pagedaemon
51961 317653 0 0 3 0x14200 bored viomb
68889 110268 0 0 3 0x40014200 acpi0 acpi0
582 426662 0 0 3 0x40014200 idle1
70265 118708 0 0 3 0x14200 bored softnet3
39473 33574 0 0 3 0x14200 bored softnet2
71037 226557 0 0 3 0x14200 bored softnet1
38828 275399 0 0 3 0x14200 bored softnet0
60731 382310 0 0 3 0x14200 bored systqmp
36608 504161 0 0 3 0x14200 bored systq
78350 132174 0 0 3 0x40014200 bored softclock
36612 355906 0 0 3 0x40014200 idle0
1 513411 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 0:
exclusive sched_lock &sched_lock r = 0 (0xffffffff82cdefb0)
#0 witness_lock+0x447
#1 wakeup_n+0x37 sys/kern/kern_synch.c:541
#2 uvm_pmr_getpages+0xeef sys/uvm/uvm_pmemrange.c:1207
#3 uvm_pagealloc+0x1a8 sys/uvm/uvm_page.c:910
#4 pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1209
#5 pmap_enter+0x2be sys/arch/amd64/amd64/pmap.c:2716
#6 uvm_fault_lower+0x768 sys/uvm/uvm_fault.c:1505
#7 uvm_fault+0x238
#8 upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188
#9 usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
#10 recall_trap+0x8
exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff82d26320)
#0 witness_lock+0x447
#1 mtx_enter_try+0x104
#2 mtx_enter+0x4f sys/kern/kern_lock.c:266
#3 uvm_pmr_getpages+0xeac sys/uvm/uvm_pmemrange.c:1205
#4 uvm_pagealloc+0x1a8 sys/uvm/uvm_page.c:910
#5 pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1209
#6 pmap_enter+0x2be sys/arch/amd64/amd64/pmap.c:2716
#7 uvm_fault_lower+0x768 sys/uvm/uvm_fault.c:1505
#8 uvm_fault+0x238
#9 upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188
#10 usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
#11 recall_trap+0x8
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd806c4753f0)
#0 witness_lock+0x447
#1 mtx_enter_try+0x104
#2 mtx_enter+0x4f sys/kern/kern_lock.c:266
#3 pmap_enter+0x1c3 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:423 [inline]
#3 pmap_enter+0x1c3 sys/arch/amd64/amd64/pmap.c:2710
#4 uvm_fault_lower+0x768 sys/uvm/uvm_fault.c:1505
#5 uvm_fault+0x238
#6 upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188
#7 usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
#8 recall_trap+0x8
Process 24164 (syz-executor.4) thread 0xffff800021275298 (249597)
exclusive rwlock amaplk r = 0 (0xfffffd806bb78390)
#0 witness_lock+0x447
#1 uvm_fault_check+0x41a sys/uvm/uvm_fault.c:782
#2 uvm_fault+0xf2 sys/uvm/uvm_fault.c:600
#3 upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188
#4 usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
#5 recall_trap+0x8
shared rwlock vmmaplk r = 0 (0xfffffd806ba62860)
#0 witness_lock+0x447
#1 uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1772
#2 uvm_fault_check+0x3e sys/uvm/uvm_fault.c:672
#3 uvm_fault+0xf2 sys/uvm/uvm_fault.c:600
#4 upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188
#5 usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
#6 recall_trap+0x8
Process 99314 (syz-executor.1) thread 0xffff800021200810 (196886)
exclusive rrwlock inode r = 0 (0xfffffd806b6602c8)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vget+0x200 sys/kern/vfs_subr.c:676
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1314
#8 ufs_lookup+0x13ba sys/ufs/ufs/ufs_lookup.c:487
#9 VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x6e2 sys/kern/vfs_lookup.c:566
#11 namei+0x55a sys/kern/vfs_lookup.c:250
#12 dounlinkat+0x9d sys/kern/vfs_syscalls.c:1847
#13 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#13 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806bd66e70)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd5 sys/kern/vfs_lookup.c:418
#6 namei+0x55a sys/kern/vfs_lookup.c:250
#7 dounlinkat+0x9d sys/kern/vfs_syscalls.c:1847
#8 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#8 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
#9 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10181 6407K 6420K 78643K 11259 0
pcb 13 8K 8K 78643K 13 0
rtable 234 6K 6K 78643K 344 0
pf 29 8K 8K 78643K 29 0
ifaddr 44 15K 15K 78643K 46 0
ifgroup 50 2K 2K 78643K 50 0
counters 60 35K 35K 78643K 60 0
ioctlops 0 0K 2K 78643K 29 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1174 73K 74K 78643K 1187 0
log 0 0K 0K 78643K 4 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
UFS mount 5 36K 36K 78643K 5 0
VM map 2 1K 1K 78643K 2 0
sem 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 24 89K 125K 78643K 405 0
ACPI 1697 195K 286K 78643K 12548 0
proc 56 78K 103K 78643K 471 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 99 7K 7K 78643K 99 0
NFS daemon 1 16K 16K 78643K 1 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 25 122K 122K 78643K 25 0
MSDOSFS mount 1 16K 16K 78643K 1 0
exec 0 0K 1K 78643K 356 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 281 77K 77K 78643K 5412 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM aobj 3 2K 2K 78643K 3 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 11 0K 2K 78643K 27 0
crypto data 1 1K 1K 78643K 1 0
temp 1 5904K 5968K 78643K 4421 0
kqueue 12 18K 26K 78643K 282 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 33 0 30 1 0 1 1 0 8 0
plcache 128 22 0 0 1 0 1 1 0 8 0
rtentry 112 111 0 1 4 0 4 4 0 8 0
unpcb 144 33 0 20 1 0 1 1 0 8 0
syncache 304 5 0 5 2 1 1 1 0 8 1
tcpqe 32 166 0 166 1 1 0 1 0 8 0
tcpcb 808 8 0 5 1 0 1 1 0 8 0
arp 120 18 0 0 1 0 1 1 0 8 0
inpcb 368 319 0 310 2 0 2 2 0 8 1
nd6 136 24 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 452 0 0 29 0 29 29 0 8 0
art_table 32 453 0 0 4 0 4 4 0 8 0
art_node 16 110 0 10 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1747 0 308 90 0 90 90 0 8 0
ffsino 272 1747 0 308 96 0 96 96 0 8 0
nchpl 144 2261 0 585 63 0 63 63 0 8 0
uvmvnodes 80 1756 0 0 36 0 36 36 0 8 0
vnodes 216 1756 0 0 98 0 98 98 0 8 0
namei 1024 7027 0 7027 4 1 3 3 0 8 3
percpumem 16 43 0 0 1 0 1 1 0 8 0
kstatmem 264 22 0 0 2 0 2 2 0 8 0
scxspl 216 8163 0 8162 10 9 1 8 1 8 0
plimitpl 152 42 0 19 1 0 1 1 0 8 0
sigapl 424 695 0 642 7 0 7 7 0 8 0
futexpl 64 1191 0 1189 1 0 1 1 0 8 0
knotepl 120 114 0 0 4 0 4 4 0 8 0
kqueuepl 216 280 0 272 1 0 1 1 0 8 0
pipepl 320 136 0 108 4 1 3 3 0 8 0
fdescpl 496 677 0 642 7 1 6 6 0 8 1
filepl 152 2080 0 1949 6 0 6 6 0 8 0
lockfpl 104 6 0 4 1 0 1 1 0 8 0
lockfspl 48 4 0 2 1 0 1 1 0 8 0
sessionpl 144 25 0 9 1 0 1 1 0 8 0
pgrppl 48 25 0 9 1 0 1 1 0 8 0
ucredpl 104 90 0 72 1 0 1 1 0 8 0
zombiepl 144 643 0 642 2 1 1 1 0 8 0
processpl 1072 695 0 642 5 0 5 5 0 8 0
procpl 680 977 0 906 7 0 7 7 0 8 0
sosppl 168 255 0 253 1 0 1 1 0 8 0
sockpl 488 385 0 360 4 0 4 4 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 1 0 0 1 0 1 1 0 8 0
mcl2k 2048 255 0 0 32 2 30 32 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 359 0 0 18 1 17 18 0 8 0
bufpl 288 4368 0 141 302 0 302 302 0 8 0
anonpl 24 214644 0 209982 68 13 55 55 0 186 26
amapchunkpl 152 17959 0 17264 30 1 29 29 0 158 2
amappl16 200 5951 0 5877 10 5 5 5 0 8 0
amappl15 192 10 0 10 1 1 0 1 0 8 0
amappl14 184 175 0 162 2 0 2 2 0 8 1
amappl13 176 15 0 14 2 1 1 1 0 8 0
amappl12 168 1310 0 1274 3 0 3 3 0 8 0
amappl11 160 54 0 44 1 0 1 1 0 8 0
amappl10 152 26 0 18 2 1 1 1 0 8 0
amappl9 144 185 0 185 2 1 1 1 0 8 1
amappl8 136 154 0 126 2 0 2 2 0 8 0
amappl7 128 75 0 61 2 0 2 2 0 8 0
amappl6 120 222 0 205 2 0 2 2 0 8 1
amappl5 112 164 0 156 1 0 1 1 0 8 0
amappl4 104 542 0 506 2 0 2 2 0 8 0
amappl3 96 4026 0 3935 3 0 3 3 0 8 0
amappl2 88 916 0 846 4 1 3 3 0 8 1
amappl1 80 11596 0 11063 27 6 21 22 0 8 8
amappl 88 4948 0 4742 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
uaddrrnd 24 677 0 642 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 677 0 642 1 0 1 1 0 8 0
vmmpekpl 168 11130 0 11096 2 0 2 2 0 8 0
vmmpepl 168 57894 0 56035 120 9 111 111 0 357 28
vmsppl 464 676 0 642 7 1 6 6 0 8 1
rwobjpl 56 24575 0 21841 46 1 45 45 0 8 6
pdppl 4096 1362 0 1284 120 38 82 96 0 8 4
pvpl 32 452571 0 442217 366 30 336 345 0 265 248
pmappl 248 676 0 642 4 1 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 710 0 44 20 0 20 20 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffffffff82bffff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82cd6528) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82cd6528) at __mp_lock+0x129 sys/kern/kern_lock.c:147
intr_handler(ffff8000211b8e40,ffff80000006bc00) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
mtx_leave(ffffffff82c98a58) at mtx_leave+0xf6 sys/kern/kern_lock.c:374
reaper(ffff8000211b2ff8) at reaper+0xdb sys/kern/kern_exit.c:435
end trace frame: 0x0, count: 7
ddb{0}> trace
x86_ipi_db(ffffffff82bffff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82cd6528) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82cd6528) at __mp_lock+0x129 sys/kern/kern_lock.c:147
intr_handler(ffff8000211b8e40,ffff80000006bc00) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
mtx_leave(ffffffff82c98a58) at mtx_leave+0xf6 sys/kern/kern_lock.c:374
reaper(ffff8000211b2ff8) at reaper+0xdb sys/kern/kern_exit.c:435
end trace frame: 0x0, count: -8
ddb{0}> machine ddbcpu 1
Stopped at witness_checkorder+0x1ec: movl 0x8(%r14),%ebx
witness_checkorder(fffffd806f2bd1c0,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794
mtx_enter(fffffd806f2bd1b0) at mtx_enter+0x3e sys/kern/kern_lock.c:265
knote_remove(ffff80002129d7f0,fffffd806f2bd1b0,fffffd806f2bd238,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881
knote_fdclose(ffff80002129d7f0,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934
fdfree(ffff80002129d7f0) at fdfree+0xdf sys/kern/kern_descrip.c:1196
exit1(ffff80002129d7f0,0,0,1) at exit1+0x3ff sys/kern/kern_exit.c:206
sys_exit(ffff80002129d7f0,ffff80002139da30,ffff80002139da80) at sys_exit+0x1a sys/kern/kern_exit.c:89
syscall(ffff80002139db00) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002139db00) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7ee42173c4a0, count: 6
end of kernel
ddb{1}> trace
witness_checkorder(fffffd806f2bd1c0,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794
mtx_enter(fffffd806f2bd1b0) at mtx_enter+0x3e sys/kern/kern_lock.c:265
knote_remove(ffff80002129d7f0,fffffd806f2bd1b0,fffffd806f2bd238,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881
knote_fdclose(ffff80002129d7f0,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934
fdfree(ffff80002129d7f0) at fdfree+0xdf sys/kern/kern_descrip.c:1196
exit1(ffff80002129d7f0,0,0,1) at exit1+0x3ff sys/kern/kern_exit.c:206
sys_exit(ffff80002129d7f0,ffff80002139da30,ffff80002139da80) at sys_exit+0x1a sys/kern/kern_exit.c:89
syscall(ffff80002139db00) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002139db00) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7ee42173c4a0, count: -9
end of kernel
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Sep 5, 2023, 12:19:51 AM9/5/23
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: e36cf0cab4c6 rework DESCRIPTION for readability. put the B..
git tree: openbsd
HEAD commit: e36cf0cab4c6 rework DESCRIPTION for readability. put the B..
console output: https://syzkaller.appspot.com/x/log.txt?x=14dca1d0680000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=f26faa051726a8fed517
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13416a3fa80000
dashboard link: https://syzkaller.appspot.com/bug?extid=f26faa051726a8fed517
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17597b7ba80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/79a0cb974316/disk-e36cf0ca.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/a90f8ce66b4f/bsd-e36cf0ca.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/2bffc76d7b08/kernel-e36cf0ca.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/a90f8ce66b4f/bsd-e36cf0ca.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/2bffc76d7b08/kernel-e36cf0ca.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f26faa...@syzkaller.appspotmail.com
uvm_fault(0xfffffd8075e271f0, 0x8, 0, 1) -> e
Reported-by: syzbot+f26faa...@syzkaller.appspotmail.com
kernel: page fault trap, code=0
Stopped at witness_checkorder+0x1ec: movl 0x8(%r14),%ebx
TID PID UID PRFLAGS PFLAGS CPU COMMAND
29094 23706 0 0x14000 0x200 0 reaper
witness_checkorder(fffffd806f167298,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794
mtx_enter(fffffd806f167288) at mtx_enter+0x3e sys/kern/kern_lock.c:265
knote_remove(ffff80002121b2b8,fffffd806f167288,fffffd806f167310,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881
knote_fdclose(ffff80002121b2b8,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934
fdfree(ffff80002121b2b8) at fdfree+0xdf sys/kern/kern_descrip.c:1196
exit1(ffff80002121b2b8,0,0,1) at exit1+0x3ff sys/kern/kern_exit.c:206
sys_exit(ffff80002121b2b8,ffff8000212a5400,ffff8000212a5450) at sys_exit+0x1a sys/kern/kern_exit.c:89
syscall(ffff8000212a54d0) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff8000212a54d0) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7c0434f0ebd0, count: 6
end of kernel
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: uvm_fault(0xfffffd8075e271f0, 0x8, 0, 1) -> e
ddb{1}> trace
witness_checkorder(fffffd806f167298,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794
mtx_enter(fffffd806f167288) at mtx_enter+0x3e sys/kern/kern_lock.c:265
knote_remove(ffff80002121b2b8,fffffd806f167288,fffffd806f167310,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881
knote_fdclose(ffff80002121b2b8,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934
fdfree(ffff80002121b2b8) at fdfree+0xdf sys/kern/kern_descrip.c:1196
exit1(ffff80002121b2b8,0,0,1) at exit1+0x3ff sys/kern/kern_exit.c:206
sys_exit(ffff80002121b2b8,ffff8000212a5400,ffff8000212a5450) at sys_exit+0x1a sys/kern/kern_exit.c:89
syscall(ffff8000212a54d0) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff8000212a54d0) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7c0434f0ebd0, count: -9
end of kernel
ddb{1}> show registers
rdi 0
rsi 0x20000 acpi_pdirpa+0xbe63
rbp 0xffff8000212a51a0
rsi 0x20000 acpi_pdirpa+0xbe63
rbx 0xe
rdx 0
rcx 0xfffffd80037e45e0
rax 0xffff800020d58ff0
r8 0x1
r9 0x1
r10 0x56c69e8cf696aaad
r8 0x1
r9 0x1
r11 0xb539ca2536a091f2
r12 0
r13 0xfffffd806f167298
r14 0
r15 0xffff80002121b2b8
rip 0xffffffff81b8d00c witness_checkorder+0x1ec
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff8000212a50f0
rflags 0x10246 __ALIGN_SIZE+0xf246
ss 0x10
witness_checkorder+0x1ec: movl 0x8(%r14),%ebx
ddb{1}> show proc
PROC (syz-executor1550576242) pid=300086 stat=onproc
witness_checkorder+0x1ec: movl 0x8(%r14),%ebx
ddb{1}> show proc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
pri=0, usrpri=57, nice=20
forw=0xffffffffffffffff, list=0xffff80002120cd60,0xffff80002121ad78
process=0xffff8000212ad0d8 user=0xffff8000212a0000, vmspace=0xfffffd8075e271f0
estcpu=7, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
62319 378202 95035 0 2 0 syz-executor1550576242
37834 41484 97503 0 2 0 syz-executor1550576242
629 306625 85796 0 2 0 syz-executor1550576242
34845 226832 82036 0 2 0 syz-executor1550576242
79631 312844 31165 0 2 0 syz-executor1550576242
9887 4247 74417 0 2 0 syz-executor1550576242
9887 385988 74417 0 3 0x4000080 fsleep syz-executor1550576242
85198 493741 12420 0 2 0 syz-executor1550576242
31165 406695 93385 0 3 0x80 nanoslp syz-executor1550576242
12420 265678 93385 0 3 0x80 nanoslp syz-executor1550576242
95035 340957 93385 0 3 0x80 nanoslp syz-executor1550576242
74417 144957 93385 0 3 0x80 nanoslp syz-executor1550576242
68117 465235 93385 0 3 0x80 nanoslp syz-executor1550576242
82036 395713 93385 0 2 0 syz-executor1550576242
97503 13525 93385 0 3 0x80 nanoslp syz-executor1550576242
85796 77724 93385 0 3 0x80 nanoslp syz-executor1550576242
93385 329886 62165 0 3 0x82 nanoslp syz-executor1550576242
62165 339847 55942 0 3 0x10008a sigsusp ksh
55942 253390 32828 0 3 0x9a kqread sshd
64571 402143 1 0 3 0x100083 ttyin getty
32828 503628 1 0 3 0x88 kqread sshd
49698 332101 96697 73 3 0x1100090 kqread syslogd
96697 437824 1 0 3 0x100082 netio syslogd
2757 377295 1 0 3 0x100080 kqread resolvd
29565 271742 96901 77 3 0x100092 kqread dhcpleased
92524 120300 96901 77 3 0x100092 kqread dhcpleased
96901 398646 1 0 3 0x80 kqread dhcpleased
43459 278867 0 0 3 0x14200 bored smr
49442 5075 0 0 2 0x14200 zerothread
27730 216215 0 0 3 0x14200 aiodoned aiodoned
86217 142195 0 0 3 0x14200 syncer update
45283 151 0 0 3 0x14200 cleaner cleaner
23706 29094 0 0 7 0x14200 reaper
17254 461588 0 0 3 0x14200 pgdaemon pagedaemon
22523 372893 0 0 3 0x14200 bored viomb
67623 257500 0 0 3 0x40014200 acpi0 acpi0
23243 494497 0 0 3 0x40014200 idle1
8845 225865 0 0 3 0x14200 bored softnet3
60659 373275 0 0 3 0x14200 bored softnet2
5440 96056 0 0 3 0x14200 bored softnet1
77364 368056 0 0 3 0x14200 bored softnet0
1379 225733 0 0 3 0x14200 bored systqmp
10098 375844 0 0 3 0x14200 bored systq
12037 364934 0 0 3 0x40014200 bored softclock
35759 234889 0 0 3 0x40014200 idle0
1 126698 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 0:
exclusive sched_lock &sched_lock r = 0 (0xffffffff82cdefb0)
#0 witness_lock+0x447
#1 preempt+0x37 sys/kern/sched_bsd.c:340
CPU 0:
exclusive sched_lock &sched_lock r = 0 (0xffffffff82cdefb0)
#0 witness_lock+0x447
#2 ast+0x109 mi_ast sys/sys/syscall_mi.h:192 [inline]
#2 ast+0x109 sys/arch/amd64/amd64/trap.c:541
#3 Xsyscall+0x156
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10156 6389K 6420K 78643K 11234 0
pcb 13 8K 8K 78643K 13 0
rtable 58 1K 2K 78643K 110 0
pf 12 6K 6K 78643K 12 0
ifaddr 12 9K 9K 78643K 12 0
ifgroup 17 1K 1K 78643K 17 0
counters 44 33K 33K 78643K 44 0
ioctlops 0 0K 2K 78643K 21 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1174 73K 74K 78643K 1187 0
log 0 0K 0K 78643K 4 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
UFS mount 5 36K 36K 78643K 5 0
VM map 2 1K 1K 78643K 2 0
sem 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 1 0K 0K 78643K 1 0
ACPI 1697 195K 286K 78643K 12548 0
proc 55 78K 79K 78643K 246 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 11 0K 0K 78643K 11 0
NFS daemon 1 16K 16K 78643K 1 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 25 122K 122K 78643K 25 0
MSDOSFS mount 1 16K 16K 78643K 1 0
exec 0 0K 1K 78643K 243 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 111 6K 7K 78643K 4670 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM aobj 3 2K 2K 78643K 3 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 3 0K 0K 78643K 3 0
crypto data 1 1K 1K 78643K 1 0
temp 1 5904K 5968K 78643K 2836 0
kqueue 12 18K 24K 78643K 437 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 20 0 17 1 0 1 1 0 8 0
plcache 128 22 0 0 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 144 33 0 20 1 0 1 1 0 8 0
syncache 304 5 0 5 2 1 1 1 0 8 1
tcpqe 32 145 0 145 1 1 0 1 0 8 0
tcpcb 808 8 0 5 1 0 1 1 0 8 0
arp 120 2 0 0 1 0 1 1 0 8 0
inpcb 368 440 0 432 2 0 2 2 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 96 0 0 6 0 6 6 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1422 0 37 87 0 87 87 0 8 0
ffsino 272 1422 0 37 93 0 93 93 0 8 0
nchpl 144 1606 0 47 58 0 58 58 0 8 0
uvmvnodes 80 1431 0 0 30 0 30 30 0 8 0
vnodes 216 1431 0 0 80 0 80 80 0 8 0
namei 1024 4256 0 4256 2 1 1 1 0 8 1
percpumem 16 35 0 0 1 0 1 1 0 8 0
kstatmem 264 6 0 0 1 0 1 1 0 8 0
scxspl 216 5148 0 5148 10 9 1 8 1 8 1
plimitpl 152 16 0 10 1 0 1 1 0 8 0
sigapl 424 737 0 691 6 0 6 6 0 8 0
futexpl 64 827 0 826 1 0 1 1 0 8 0
knotepl 120 49 0 0 2 0 2 2 0 8 0
kqueuepl 216 434 0 426 1 0 1 1 0 8 0
pipepl 320 87 0 84 2 1 1 1 0 8 0
fdescpl 496 720 0 691 5 1 4 4 0 8 0
filepl 152 1540 0 1485 3 0 3 3 0 8 0
lockfpl 104 6 0 4 1 0 1 1 0 8 0
lockfspl 48 4 0 2 1 0 1 1 0 8 0
sessionpl 144 17 0 9 1 0 1 1 0 8 0
pgrppl 48 17 0 9 1 0 1 1 0 8 0
ucredpl 104 66 0 56 1 0 1 1 0 8 0
zombiepl 144 692 0 691 2 1 1 1 0 8 0
processpl 1072 737 0 691 4 0 4 4 0 8 0
procpl 680 1159 0 1112 5 0 5 5 0 8 0
sockpl 488 493 0 469 4 0 4 4 0 8 1
mcl8k 8192 5 0 0 1 0 1 1 0 8 0
mcl4k 4096 4 0 0 1 0 1 1 0 8 0
mcl2k 2048 303 0 0 35 3 32 35 0 8 0
mtagpl 96 1 0 0 1 0 1 1 0 8 0
mbufpl 256 343 0 0 19 1 18 19 0 8 0
bufpl 288 2510 0 88 173 0 173 173 0 8 0
anonpl 24 180796 0 178874 25 12 13 23 0 186 0
amapchunkpl 152 15398 0 15216 12 1 11 11 0 158 2
amappl16 200 4967 0 4965 6 5 1 5 0 8 0
amappl15 192 13 0 13 1 1 0 1 0 8 0
amappl14 184 100 0 91 1 0 1 1 0 8 0
amappl13 176 8 0 8 1 1 0 1 0 8 0
amappl12 168 1201 0 1187 1 0 1 1 0 8 0
amappl11 160 49 0 39 1 0 1 1 0 8 0
amappl10 152 16 0 16 2 1 1 1 0 8 1
amappl9 144 192 0 192 1 1 0 1 0 8 0
amappl8 136 41 0 39 1 0 1 1 0 8 0
amappl7 128 450 0 436 1 0 1 1 0 8 0
amappl6 120 136 0 123 1 0 1 1 0 8 0
amappl5 112 106 0 98 1 0 1 1 0 8 0
amappl4 104 412 0 384 1 0 1 1 0 8 0
amappl3 96 3746 0 3712 2 0 2 2 0 8 1
amappl2 88 878 0 833 3 1 2 2 0 8 0
amappl1 80 11084 0 10630 15 4 11 11 0 8 0
amappl 88 4399 0 4326 3 0 3 3 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
uaddrrnd 24 720 0 691 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 720 0 691 1 0 1 1 0 8 0
vmmpekpl 168 8744 0 8723 2 0 2 2 0 8 0
vmmpepl 168 47874 0 46693 64 7 57 57 0 357 5
vmsppl 464 719 0 691 5 1 4 4 0 8 0
rwobjpl 56 23119 0 21051 32 1 31 31 0 8 1
pdppl 4096 1448 0 1382 88 22 66 66 0 8 0
pvpl 32 295893 0 291241 63 22 41 52 0 265 3
pmappl 248 719 0 691 3 1 2 2 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 520 0 29 15 0 15 15 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffffffff82bffff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82cd6528) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82cd6528) at __mp_lock+0x122 sys/kern/kern_lock.c:147
intr_handler(ffff8000211b9660,ffff80000067b300) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge26_untramp() at Xintr_ioapic_edge26_untramp+0x18f
mtx_enter_try(ffffffff82b722d0) at mtx_enter_try+0x19 sys/kern/kern_lock.c:282
mtx_enter(ffffffff82b722d0) at mtx_enter+0x4f sys/kern/kern_lock.c:266
msleep(ffffffff82c98a58,ffffffff82b722d0,4,ffffffff828590ec,0) at msleep+0x1f1 sys/kern/kern_synch.c:239
reaper(ffff8000211b3548) at reaper+0xdb sys/kern/kern_exit.c:435
end trace frame: 0x0, count: 5
ddb{0}> trace
x86_ipi_db(ffffffff82bffff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82cd6528) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82cd6528) at __mp_lock+0x122 sys/kern/kern_lock.c:147
intr_handler(ffff8000211b9660,ffff80000067b300) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge26_untramp() at Xintr_ioapic_edge26_untramp+0x18f
mtx_enter_try(ffffffff82b722d0) at mtx_enter_try+0x19 sys/kern/kern_lock.c:282
mtx_enter(ffffffff82b722d0) at mtx_enter+0x4f sys/kern/kern_lock.c:266
msleep(ffffffff82c98a58,ffffffff82b722d0,4,ffffffff828590ec,0) at msleep+0x1f1 sys/kern/kern_synch.c:239
reaper(ffff8000211b3548) at reaper+0xdb sys/kern/kern_exit.c:435
end trace frame: 0x0, count: -10
ddb{0}> machine ddbcpu 1
Stopped at witness_checkorder+0x1ec: movl 0x8(%r14),%ebx
witness_checkorder(fffffd806f167298,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794
mtx_enter(fffffd806f167288) at mtx_enter+0x3e sys/kern/kern_lock.c:265
knote_remove(ffff80002121b2b8,fffffd806f167288,fffffd806f167310,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881
knote_fdclose(ffff80002121b2b8,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934
fdfree(ffff80002121b2b8) at fdfree+0xdf sys/kern/kern_descrip.c:1196
exit1(ffff80002121b2b8,0,0,1) at exit1+0x3ff sys/kern/kern_exit.c:206
sys_exit(ffff80002121b2b8,ffff8000212a5400,ffff8000212a5450) at sys_exit+0x1a sys/kern/kern_exit.c:89
syscall(ffff8000212a54d0) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff8000212a54d0) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7c0434f0ebd0, count: 6
end of kernel
ddb{1}> trace
witness_checkorder(fffffd806f167298,9,0) at witness_checkorder+0x1ec sys/kern/subr_witness.c:794
mtx_enter(fffffd806f167288) at mtx_enter+0x3e sys/kern/kern_lock.c:265
knote_remove(ffff80002121b2b8,fffffd806f167288,fffffd806f167310,3,0) at knote_remove+0x20d sys/kern/kern_event.c:1881
knote_fdclose(ffff80002121b2b8,3) at knote_fdclose+0xae sys/kern/kern_event.c:1934
fdfree(ffff80002121b2b8) at fdfree+0xdf sys/kern/kern_descrip.c:1196
exit1(ffff80002121b2b8,0,0,1) at exit1+0x3ff sys/kern/kern_exit.c:206
sys_exit(ffff80002121b2b8,ffff8000212a5400,ffff8000212a5450) at sys_exit+0x1a sys/kern/kern_exit.c:89
syscall(ffff8000212a54d0) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff8000212a54d0) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7c0434f0ebd0, count: -9
end of kernel
syzbot
Nov 1, 2023, 8:30:16 AM11/1/23
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
No recent activity, existing reproducers are no longer triggering the issue.
No recent activity, existing reproducers are no longer triggering the issue.
Reply all
Reply to author
Forward
0 new messages