panic: vop_generic_pbaandiopc
0 views
Skip to first unread message
syzbot
Apr 22, 2022, 10:33:24 PM4/22/22
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 92de9a74c2fa Only run agent-ptrace.sh if gdb is available ..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=17b5e464f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=ffd59dcadca48697fc3f
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ffd59d...@syzkaller.appspotmail.com
panic: vop_generic_pbaandiopc
: kStopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
336227 93279 32767 0x10 0x4000000 0 syz-executor.4
*436575 3220 32767 0x10 0 1 syz-executor.2
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8258a027) at panic+0x177 sys/kern/subr_prf.c:202
vop_generic_badop(ffff8000232492f8) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd8062f31958,fffffd8067db9b48) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:644
bwrite(fffffd8067db9b48) at bwrite+0x1f0 sys/kern/vfs_bio.c:763
VOP_BWRITE(fffffd8067db9b48) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:656
ufs_mkdir(ffff800023249590) at ufs_mkdir+0x6b4 sys/ufs/ufs/ufs_vnops.c:1248
VOP_MKDIR(fffffd8067b9ece0,ffff8000232496f0,ffff800023249720,ffff800023249620) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff800021209260,ffffff9c,7f7ffffd3e10,1ff) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
syscall(ffff8000232498a0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000232498a0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd3e80, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
cpu0: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_fork.c", line 678
*cpu1: vop_generic_badop
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8258a027) at panic+0x177 sys/kern/subr_prf.c:202
vop_generic_badop(ffff8000232492f8) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd8062f31958,fffffd8067db9b48) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:644
bwrite(fffffd8067db9b48) at bwrite+0x1f0 sys/kern/vfs_bio.c:763
VOP_BWRITE(fffffd8067db9b48) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:656
ufs_mkdir(ffff800023249590) at ufs_mkdir+0x6b4 sys/ufs/ufs/ufs_vnops.c:1248
VOP_MKDIR(fffffd8067b9ece0,ffff8000232496f0,ffff800023249720,ffff800023249620) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff800021209260,ffffff9c,7f7ffffd3e10,1ff) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
syscall(ffff8000232498a0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000232498a0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd3e80, count: -11
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800023249220
rbx 0xffff800020ce9bff
rdx 0
rcx 0
rax 0xffff800021209260
r8 0x101010101010101
r9 0x8080808080808080
r10 0x194da1c164824e6e
r11 0x37771a2a8d349b4
r12 0xffff800020ce9a00
r13 0
r14 0
r15 0x1
rip 0xffffffff81b884b8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800023249210
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.2) pid=436575 stat=onproc
flags process=10<SUGID> proc=0
pri=17, usrpri=80, nice=20
forw=0xffffffffffffffff, list=0xffff800021208540,0xffff80002607ad40
process=0xffff800029507a50 user=0xffff800023244000, vmspace=0xfffffd8067273e78
estcpu=36, cpticks=1, pctcpu=0.1
user=0, sys=0, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
72981 247034 71503 32767 2 0x10 syz-executor.7
72981 480205 71503 32767 2 0x4000010 syz-executor.7
54191 457591 69646 32767 2 0x10 syz-executor.6
54191 285472 69646 32767 3 0x4000090 fsleep syz-executor.6
54191 455002 69646 32767 3 0x4000090 fsleep syz-executor.6
93279 441990 30762 32767 2 0x10 syz-executor.4
93279 336227 30762 32767 7 0x4000010 syz-executor.4
74066 114772 95228 32767 2 0x10 syz-executor.3
74066 493860 95228 32767 2 0x4000010 syz-executor.3
44003 350675 23945 32767 2 0x10 syz-executor.1
44003 188954 23945 32767 2 0x4000010 syz-executor.1
71503 161932 69311 32767 3 0x90 nanoslp syz-executor.7
69311 452991 52587 0 3 0x82 wait syz-executor.7
69646 165696 85682 32767 3 0x90 nanoslp syz-executor.6
85682 500412 52587 0 3 0x82 wait syz-executor.6
95228 104841 86655 32767 3 0x90 nanoslp syz-executor.3
86655 292996 52587 0 3 0x82 wait syz-executor.3
30762 184086 15839 32767 2 0x10 syz-executor.4
15839 133402 52587 0 3 0x82 wait syz-executor.4
* 3220 436575 33699 32767 7 0x10 syz-executor.2
33699 358560 52587 0 3 0x82 wait syz-executor.2
47659 507741 78665 32767 2 0x10 syz-executor.5
78665 282449 52587 0 3 0x82 wait syz-executor.5
23945 25652 47672 32767 2 0x490 syz-executor.1
47672 109088 52587 0 3 0x82 wait syz-executor.1
42950 379154 0 0 3 0x14200 bored sosplice
18068 499910 62442 32767 2 0x10 syz-executor.0
62442 331379 52587 0 3 0x82 wait syz-executor.0
52587 3108 47940 0 3 0x82 thrsleep syz-fuzzer
52587 258547 47940 0 3 0x4000082 nanoslp syz-fuzzer
52587 355145 47940 0 3 0x4000082 thrsleep syz-fuzzer
52587 389595 47940 0 2 0x4000002 syz-fuzzer
52587 409339 47940 0 3 0x4000082 thrsleep syz-fuzzer
52587 96122 47940 0 3 0x4000082 kqread syz-fuzzer
52587 306213 47940 0 3 0x4000082 thrsleep syz-fuzzer
52587 35111 47940 0 3 0x4000082 thrsleep syz-fuzzer
47940 74390 45609 0 3 0x10008a sigsusp ksh
45609 375287 9476 0 3 0x9a kqread sshd
11653 369176 1 0 3 0x100083 ttyin getty
9476 352935 1 0 3 0x88 kqread sshd
70760 19895 37552 73 3 0x1100090 kqread syslogd
37552 418192 1 0 3 0x100082 netio syslogd
1176 75171 1 0 3 0x100080 kqread resolvd
39678 232032 52525 77 3 0x100092 kqread dhcpleased
90875 33181 52525 77 3 0x100092 kqread dhcpleased
52525 370496 1 0 3 0x80 kqread dhcpleased
74938 314734 0 0 3 0x14200 bored smr
14743 371669 0 0 2 0x14200 zerothread
47751 44380 0 0 3 0x14200 aiodoned aiodoned
9803 44472 0 0 3 0x14200 syncer update
5208 137983 0 0 3 0x14200 cleaner cleaner
59243 485978 0 0 3 0x14200 reaper reaper
13956 523845 0 0 3 0x14200 pgdaemon pagedaemon
66910 245555 0 0 3 0x14200 bored viomb
75855 333576 0 0 3 0x40014200 acpi0 acpi0
67320 273129 0 0 3 0x40014200 idle1
37354 381652 0 0 3 0x14200 bored softnet
20496 475417 0 0 3 0x14200 bored systqmp
125 327334 0 0 3 0x14200 bored systq
78304 148727 0 0 3 0x40014200 bored softclock
82095 210166 0 0 3 0x40014200 idle0
1 473280 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 54191 (syz-executor.6) thread 0xffff80002607b510 (457591)
exclusive rwlock futexpl r = 0 (0xffffffff829e1410)
#0 witness_lock+0x44d
#1 pool_put+0x8a sys/kern/subr_pool.c:799
#2 futex_requeue+0x1c5 sys/kern/sys_futex.c:318
#3 sys_futex+0x115 sys/kern/sys_futex.c:115
#4 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#4 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#5 Xsyscall+0x128
exclusive rwlock futex r = 0 (0xffffffff829135e0)
#0 witness_lock+0x44d
#1 sys_futex+0x5c sys/kern/sys_futex.c:108
#2 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#2 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#3 Xsyscall+0x128
Process 44003 (syz-executor.1) thread 0xffff80002607a2b0 (188954)
exclusive rrwlock inode r = 0 (0xfffffd805c2502c0)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vn_write+0x123 sys/kern/vfs_vnops.c:411
#6 dofilewritev+0x19c sys/kern/sys_generic.c:381
#7 sys_pad_pwrite+0x92 sys_pwrite sys/kern/vfs_syscalls.c:3355 [inline]
#7 sys_pad_pwrite+0x92 sys/kern/vfs_syscalls.c:3427
#8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
Process 3220 (syz-executor.2) thread 0xffff800021209260 (436575)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82b6b678)
#0 witness_lock+0x44d
#1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
#2 mi_switch+0x3d3 sys/kern/sched_bsd.c:416
#3 sleep_finish+0x198 sys/kern/kern_synch.c:437
#4 tsleep+0x12c sys/kern/kern_synch.c:158
#5 biowait+0x91 sys/kern/vfs_bio.c:1271
#6 bwrite+0x21b sys/kern/vfs_bio.c:772
#7 ffs_update+0x27d sys/ufs/ffs/ffs_inode.c:113
#8 ufs_mkdir+0x662 sys/ufs/ufs/ufs_vnops.c:1232
#9 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
#10 domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
#11 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#11 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#12 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd805c250a30)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vget+0x1d3 sys/kern/vfs_subr.c:678
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1318
#8 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#9 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162
#10 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
#11 domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
#12 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#12 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#13 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8067d12d58)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413
#6 namei+0x36a sys/kern/vfs_lookup.c:245
#7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3086
#8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
Process 18068 (syz-executor.0) thread 0xffff800021208d20 (499910)
exclusive rrwlock inode r = 0 (0xfffffd8067d121a8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1347
#6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162
#8 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
#9 domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
#10 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#10 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806c85fd68)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413
#6 namei+0x36a sys/kern/vfs_lookup.c:245
#7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3086
#8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10205 6411K 6419K 78643K 11429 0
pcb 13 12K 14K 78643K 17 0
rtable 266 7K 8K 78643K 3141 0
ifaddr 81 17K 17K 78643K 392 0
sysctl 3 1K 3K 78643K 7 0
counters 56 35K 35K 78643K 144 0
ioctlops 0 0K 2K 78643K 410 0
iov 0 0K 32K 78643K 5066 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1271 79K 79K 78643K 7619 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 13K 78643K 265 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 5804 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 23 85K 129K 78643K 28588 0
sigio 1 0K 0K 78643K 2681 0
proc 56 78K 127K 78643K 4012 0
subproc 104 6K 6K 78643K 676 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 1852 0
in_multi 99 6K 7K 78643K 947 0
ether_multi 1 0K 0K 78643K 125 0
mrt 4 0K 0K 78643K 9 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 247 1102K 1102K 78643K 247 0
exec 0 0K 2K 78643K 6044 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 382 94K 111K 78643K 171422 0
UVM aobj 131 4K 4K 78643K 131 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 791 0
NDP 11 0K 2K 78643K 159 0
temp 124 4730K 4858K 78643K 73647 0
kqueue 12 18K 28K 78643K 2381 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 2555 0 2552 40 37 3 6 0 8 2
rtentry 112 661 0 535 4 0 4 4 0 8 0
unpcb 136 26981 0 26968 237 236 1 10 0 8 0
syncache 296 252 0 252 48 48 0 1 0 8 0
tcpqe 32 208 0 208 30 30 0 1 0 8 0
tcpcb 736 11129 0 11125 299 291 8 19 0 8 7
arp 120 113 0 94 1 0 1 1 0 8 0
ipq 40 45 0 45 13 12 1 1 0 8 1
ipqe 40 279 0 279 13 12 1 1 0 8 1
inpcb 312 21736 0 21726 305 299 6 14 0 8 5
ip6q 72 81 0 81 14 14 0 1 0 8 0
ip6af 40 175 0 175 14 14 0 1 0 8 0
nd6 48 207 0 170 1 0 1 1 0 8 0
kcovpl 48 52 0 44 1 0 1 1 0 8 0
rttmrq 48 4 0 0 1 0 1 1 0 8 0
rttmr 72 135 0 133 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 2971 0 2337 52 10 42 42 0 8 0
art_table 32 2972 0 2337 6 0 6 6 0 8 0
art_node 16 660 0 544 1 0 1 1 0 8 0
semapl 112 5802 0 5792 1 0 1 1 0 8 0
shmpl 112 128 0 0 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 39579 0 38132 91 0 91 91 0 8 0
ffsino 272 39579 0 38132 98 0 98 98 0 8 0
nchpl 144 76842 0 75080 66 0 66 66 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 224 5926 0 0 349 0 349 349 0 8 0
namei 1024 289872 0 289870 17 16 1 2 0 8 0
percpumem 16 84 0 44 1 0 1 1 0 8 0
kstatmem 264 110 0 88 2 0 2 2 0 8 0
scxspl 216 236984 0 236984 85 82 3 8 0 8 3
plimitpl 152 6021 0 5998 16 15 1 2 0 8 0
sigapl 424 28773 0 28724 7 1 6 7 0 8 0
futexpl 64 244030 0 244028 18 17 1 1 0 8 0
knotepl 120 2046 0 0 24 0 24 24 0 8 0
kqueuepl 216 7754 0 7746 131 130 1 8 0 8 0
pipepl 336 6379 0 6351 167 164 3 13 0 8 0
fdescpl 496 28758 0 28724 7 2 5 6 0 8 0
filepl 152 211139 0 210902 345 330 15 24 0 8 5
lockfpl 104 3439 0 3436 2 1 1 2 0 8 0
lockfspl 48 1090 0 1087 1 0 1 1 0 8 0
sessionpl 144 67 0 51 1 0 1 1 0 8 0
pgrppl 48 226 0 210 1 0 1 1 0 8 0
ucredpl 96 34093 0 34075 1 0 1 1 0 8 0
zombiepl 144 28724 0 28724 7 6 1 1 0 8 1
processpl 1064 28773 0 28724 5 1 4 4 0 8 0
procpl 672 84081 0 84019 48 41 7 8 0 8 1
sosppl 168 429 0 429 39 38 1 1 0 8 1
sockpl 480 52142 0 52117 1117 1105 12 36 0 8 8
mcl64k 65536 73 0 0 6 3 3 3 0 8 0
mcl16k 16384 57 0 0 6 3 3 3 0 8 0
mcl12k 12288 59 0 0 3 1 2 2 0 8 0
mcl9k 9216 25 0 0 2 0 2 2 0 8 0
mcl8k 8192 41 0 0 5 2 3 3 0 8 0
mcl4k 4096 49 0 0 4 1 3 3 0 8 0
mcl2k2 2112 13 0 0 1 0 1 1 0 8 0
mcl2k 2048 594 0 0 23 8 15 18 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 10055 0 0 553 0 553 553 0 8 0
bufpl 288 53363 0 47032 453 0 453 453 0 8 0
anonpl 24 5667406 0 5653650 352 246 106 136 0 186 0
amapchunkpl 152 500563 0 499958 158 128 30 39 0 158 0
amappl16 200 81053 0 80642 301 276 25 47 0 8 0
amappl15 192 9341 0 9336 1 0 1 1 0 8 0
amappl14 184 2705 0 2698 1 0 1 1 0 8 0
amappl13 176 2993 0 2991 2 1 1 1 0 8 0
amappl12 168 4090 0 4088 1 0 1 1 0 8 0
amappl11 160 163 0 146 1 0 1 1 0 8 0
amappl10 152 5485 0 5479 1 0 1 1 0 8 0
amappl9 144 5049 0 5042 1 0 1 1 0 8 0
amappl8 136 3630 0 3416 9 1 8 8 0 8 0
amappl7 128 1486 0 1472 1 0 1 1 0 8 0
amappl6 120 5149 0 5124 2 1 1 2 0 8 0
amappl5 112 29933 0 29912 1 0 1 1 0 8 0
amappl4 104 4284 0 4251 2 1 1 2 0 8 0
amappl3 96 92242 0 92193 2 0 2 2 0 8 0
amappl2 88 34859 0 34785 3 1 2 3 0 8 0
amappl1 80 683412 0 682730 23 7 16 19 0 8 0
amappl 88 169101 0 168920 7 2 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 130 0 0 3 0 3 3 0 8 0
uaddrrnd 24 28758 0 28724 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 28758 0 28724 1 0 1 1 0 8 0
vmmpekpl 168 226808 0 226746 4 0 4 4 0 8 0
vmmpepl 168 2813797 0 2810974 400 263 137 149 0 357 0
vmsppl 368 28757 0 28724 5 1 4 5 0 8 0
rwobjpl 56 694703 0 687128 123 12 111 113 0 8 0
pdppl 4096 57523 0 57448 861 780 81 97 0 8 6
pvpl 32 10877759 0 10858568 694 501 193 239 0 265 0
pmappl 248 28757 0 28724 4 1 3 3 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 2952 0 1580 40 0 40 40 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff8296cff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_write_1(3f8,0,6b) at x86_bus_space_io_write_1+0x31 sys/arch/amd64/amd64/bus_space.c:759
comcnputc(800,6b) at comcnputc+0x128 bus_space_barrier machine/bus.h:481 [inline]
comcnputc(800,6b) at comcnputc+0x128 sys/dev/ic/com.c:1263
cnputc(6b) at cnputc+0x4b sys/dev/cons.c:239
db_putchar(6b) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82610273) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff82596ac4) at panic+0xd7 sys/kern/subr_prf.c:220
__assert(ffffffff8260b734,ffffffff825d0c99,2a6,ffffffff825c92ee) at __assert+0x25 sys/kern/subr_prf.c:161
proc_trampoline_mp() at proc_trampoline_mp+0x131
end trace frame: 0x0, count: 3
ddb{0}> trace
x86_ipi_db(ffffffff8296cff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_write_1(3f8,0,6b) at x86_bus_space_io_write_1+0x31 sys/arch/amd64/amd64/bus_space.c:759
comcnputc(800,6b) at comcnputc+0x128 bus_space_barrier machine/bus.h:481 [inline]
comcnputc(800,6b) at comcnputc+0x128 sys/dev/ic/com.c:1263
cnputc(6b) at cnputc+0x4b sys/dev/cons.c:239
db_putchar(6b) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82610273) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff82596ac4) at panic+0xd7 sys/kern/subr_prf.c:220
__assert(ffffffff8260b734,ffffffff825d0c99,2a6,ffffffff825c92ee) at __assert+0x25 sys/kern/subr_prf.c:161
proc_trampoline_mp() at proc_trampoline_mp+0x131
end trace frame: 0x0, count: -12
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x18: addq $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8258a027) at panic+0x177 sys/kern/subr_prf.c:202
vop_generic_badop(ffff8000232492f8) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd8062f31958,fffffd8067db9b48) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:644
bwrite(fffffd8067db9b48) at bwrite+0x1f0 sys/kern/vfs_bio.c:763
VOP_BWRITE(fffffd8067db9b48) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:656
ufs_mkdir(ffff800023249590) at ufs_mkdir+0x6b4 sys/ufs/ufs/ufs_vnops.c:1248
VOP_MKDIR(fffffd8067b9ece0,ffff8000232496f0,ffff800023249720,ffff800023249620) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff800021209260,ffffff9c,7f7ffffd3e10,1ff) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
syscall(ffff8000232498a0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000232498a0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd3e80, count: 4
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8258a027) at panic+0x177 sys/kern/subr_prf.c:202
vop_generic_badop(ffff8000232492f8) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd8062f31958,fffffd8067db9b48) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:644
bwrite(fffffd8067db9b48) at bwrite+0x1f0 sys/kern/vfs_bio.c:763
VOP_BWRITE(fffffd8067db9b48) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:656
ufs_mkdir(ffff800023249590) at ufs_mkdir+0x6b4 sys/ufs/ufs/ufs_vnops.c:1248
VOP_MKDIR(fffffd8067b9ece0,ffff8000232496f0,ffff800023249720,ffff800023249620) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff800021209260,ffffff9c,7f7ffffd3e10,1ff) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
syscall(ffff8000232498a0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000232498a0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd3e80, count: -11
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 92de9a74c2fa Only run agent-ptrace.sh if gdb is available ..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=17b5e464f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=ffd59dcadca48697fc3f
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ffd59d...@syzkaller.appspotmail.com
panic: vop_generic_pbaandiopc
: kStopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
336227 93279 32767 0x10 0x4000000 0 syz-executor.4
*436575 3220 32767 0x10 0 1 syz-executor.2
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8258a027) at panic+0x177 sys/kern/subr_prf.c:202
vop_generic_badop(ffff8000232492f8) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd8062f31958,fffffd8067db9b48) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:644
bwrite(fffffd8067db9b48) at bwrite+0x1f0 sys/kern/vfs_bio.c:763
VOP_BWRITE(fffffd8067db9b48) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:656
ufs_mkdir(ffff800023249590) at ufs_mkdir+0x6b4 sys/ufs/ufs/ufs_vnops.c:1248
VOP_MKDIR(fffffd8067b9ece0,ffff8000232496f0,ffff800023249720,ffff800023249620) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff800021209260,ffffff9c,7f7ffffd3e10,1ff) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
syscall(ffff8000232498a0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000232498a0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd3e80, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
cpu0: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_fork.c", line 678
*cpu1: vop_generic_badop
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8258a027) at panic+0x177 sys/kern/subr_prf.c:202
vop_generic_badop(ffff8000232492f8) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd8062f31958,fffffd8067db9b48) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:644
bwrite(fffffd8067db9b48) at bwrite+0x1f0 sys/kern/vfs_bio.c:763
VOP_BWRITE(fffffd8067db9b48) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:656
ufs_mkdir(ffff800023249590) at ufs_mkdir+0x6b4 sys/ufs/ufs/ufs_vnops.c:1248
VOP_MKDIR(fffffd8067b9ece0,ffff8000232496f0,ffff800023249720,ffff800023249620) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff800021209260,ffffff9c,7f7ffffd3e10,1ff) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
syscall(ffff8000232498a0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000232498a0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd3e80, count: -11
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800023249220
rbx 0xffff800020ce9bff
rdx 0
rcx 0
rax 0xffff800021209260
r8 0x101010101010101
r9 0x8080808080808080
r10 0x194da1c164824e6e
r11 0x37771a2a8d349b4
r12 0xffff800020ce9a00
r13 0
r14 0
r15 0x1
rip 0xffffffff81b884b8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800023249210
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.2) pid=436575 stat=onproc
flags process=10<SUGID> proc=0
pri=17, usrpri=80, nice=20
forw=0xffffffffffffffff, list=0xffff800021208540,0xffff80002607ad40
process=0xffff800029507a50 user=0xffff800023244000, vmspace=0xfffffd8067273e78
estcpu=36, cpticks=1, pctcpu=0.1
user=0, sys=0, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
72981 247034 71503 32767 2 0x10 syz-executor.7
72981 480205 71503 32767 2 0x4000010 syz-executor.7
54191 457591 69646 32767 2 0x10 syz-executor.6
54191 285472 69646 32767 3 0x4000090 fsleep syz-executor.6
54191 455002 69646 32767 3 0x4000090 fsleep syz-executor.6
93279 441990 30762 32767 2 0x10 syz-executor.4
93279 336227 30762 32767 7 0x4000010 syz-executor.4
74066 114772 95228 32767 2 0x10 syz-executor.3
74066 493860 95228 32767 2 0x4000010 syz-executor.3
44003 350675 23945 32767 2 0x10 syz-executor.1
44003 188954 23945 32767 2 0x4000010 syz-executor.1
71503 161932 69311 32767 3 0x90 nanoslp syz-executor.7
69311 452991 52587 0 3 0x82 wait syz-executor.7
69646 165696 85682 32767 3 0x90 nanoslp syz-executor.6
85682 500412 52587 0 3 0x82 wait syz-executor.6
95228 104841 86655 32767 3 0x90 nanoslp syz-executor.3
86655 292996 52587 0 3 0x82 wait syz-executor.3
30762 184086 15839 32767 2 0x10 syz-executor.4
15839 133402 52587 0 3 0x82 wait syz-executor.4
* 3220 436575 33699 32767 7 0x10 syz-executor.2
33699 358560 52587 0 3 0x82 wait syz-executor.2
47659 507741 78665 32767 2 0x10 syz-executor.5
78665 282449 52587 0 3 0x82 wait syz-executor.5
23945 25652 47672 32767 2 0x490 syz-executor.1
47672 109088 52587 0 3 0x82 wait syz-executor.1
42950 379154 0 0 3 0x14200 bored sosplice
18068 499910 62442 32767 2 0x10 syz-executor.0
62442 331379 52587 0 3 0x82 wait syz-executor.0
52587 3108 47940 0 3 0x82 thrsleep syz-fuzzer
52587 258547 47940 0 3 0x4000082 nanoslp syz-fuzzer
52587 355145 47940 0 3 0x4000082 thrsleep syz-fuzzer
52587 389595 47940 0 2 0x4000002 syz-fuzzer
52587 409339 47940 0 3 0x4000082 thrsleep syz-fuzzer
52587 96122 47940 0 3 0x4000082 kqread syz-fuzzer
52587 306213 47940 0 3 0x4000082 thrsleep syz-fuzzer
52587 35111 47940 0 3 0x4000082 thrsleep syz-fuzzer
47940 74390 45609 0 3 0x10008a sigsusp ksh
45609 375287 9476 0 3 0x9a kqread sshd
11653 369176 1 0 3 0x100083 ttyin getty
9476 352935 1 0 3 0x88 kqread sshd
70760 19895 37552 73 3 0x1100090 kqread syslogd
37552 418192 1 0 3 0x100082 netio syslogd
1176 75171 1 0 3 0x100080 kqread resolvd
39678 232032 52525 77 3 0x100092 kqread dhcpleased
90875 33181 52525 77 3 0x100092 kqread dhcpleased
52525 370496 1 0 3 0x80 kqread dhcpleased
74938 314734 0 0 3 0x14200 bored smr
14743 371669 0 0 2 0x14200 zerothread
47751 44380 0 0 3 0x14200 aiodoned aiodoned
9803 44472 0 0 3 0x14200 syncer update
5208 137983 0 0 3 0x14200 cleaner cleaner
59243 485978 0 0 3 0x14200 reaper reaper
13956 523845 0 0 3 0x14200 pgdaemon pagedaemon
66910 245555 0 0 3 0x14200 bored viomb
75855 333576 0 0 3 0x40014200 acpi0 acpi0
67320 273129 0 0 3 0x40014200 idle1
37354 381652 0 0 3 0x14200 bored softnet
20496 475417 0 0 3 0x14200 bored systqmp
125 327334 0 0 3 0x14200 bored systq
78304 148727 0 0 3 0x40014200 bored softclock
82095 210166 0 0 3 0x40014200 idle0
1 473280 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 54191 (syz-executor.6) thread 0xffff80002607b510 (457591)
exclusive rwlock futexpl r = 0 (0xffffffff829e1410)
#0 witness_lock+0x44d
#1 pool_put+0x8a sys/kern/subr_pool.c:799
#2 futex_requeue+0x1c5 sys/kern/sys_futex.c:318
#3 sys_futex+0x115 sys/kern/sys_futex.c:115
#4 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#4 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#5 Xsyscall+0x128
exclusive rwlock futex r = 0 (0xffffffff829135e0)
#0 witness_lock+0x44d
#1 sys_futex+0x5c sys/kern/sys_futex.c:108
#2 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#2 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#3 Xsyscall+0x128
Process 44003 (syz-executor.1) thread 0xffff80002607a2b0 (188954)
exclusive rrwlock inode r = 0 (0xfffffd805c2502c0)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vn_write+0x123 sys/kern/vfs_vnops.c:411
#6 dofilewritev+0x19c sys/kern/sys_generic.c:381
#7 sys_pad_pwrite+0x92 sys_pwrite sys/kern/vfs_syscalls.c:3355 [inline]
#7 sys_pad_pwrite+0x92 sys/kern/vfs_syscalls.c:3427
#8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
Process 3220 (syz-executor.2) thread 0xffff800021209260 (436575)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82b6b678)
#0 witness_lock+0x44d
#1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
#2 mi_switch+0x3d3 sys/kern/sched_bsd.c:416
#3 sleep_finish+0x198 sys/kern/kern_synch.c:437
#4 tsleep+0x12c sys/kern/kern_synch.c:158
#5 biowait+0x91 sys/kern/vfs_bio.c:1271
#6 bwrite+0x21b sys/kern/vfs_bio.c:772
#7 ffs_update+0x27d sys/ufs/ffs/ffs_inode.c:113
#8 ufs_mkdir+0x662 sys/ufs/ufs/ufs_vnops.c:1232
#9 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
#10 domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
#11 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#11 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#12 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd805c250a30)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vget+0x1d3 sys/kern/vfs_subr.c:678
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1318
#8 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#9 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162
#10 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
#11 domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
#12 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#12 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#13 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8067d12d58)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413
#6 namei+0x36a sys/kern/vfs_lookup.c:245
#7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3086
#8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
Process 18068 (syz-executor.0) thread 0xffff800021208d20 (499910)
exclusive rrwlock inode r = 0 (0xfffffd8067d121a8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1347
#6 ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162
#8 VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
#9 domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
#10 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#10 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806c85fd68)
#0 witness_lock+0x44d
#1 rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8b sys/kern/kern_rwlock.c:461
#3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:534
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:579
#5 vfs_lookup+0xd1 sys/kern/vfs_lookup.c:413
#6 namei+0x36a sys/kern/vfs_lookup.c:245
#7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3086
#8 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#8 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#9 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10205 6411K 6419K 78643K 11429 0
pcb 13 12K 14K 78643K 17 0
rtable 266 7K 8K 78643K 3141 0
ifaddr 81 17K 17K 78643K 392 0
sysctl 3 1K 3K 78643K 7 0
counters 56 35K 35K 78643K 144 0
ioctlops 0 0K 2K 78643K 410 0
iov 0 0K 32K 78643K 5066 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1271 79K 79K 78643K 7619 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 13K 78643K 265 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 5804 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 23 85K 129K 78643K 28588 0
sigio 1 0K 0K 78643K 2681 0
proc 56 78K 127K 78643K 4012 0
subproc 104 6K 6K 78643K 676 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 1852 0
in_multi 99 6K 7K 78643K 947 0
ether_multi 1 0K 0K 78643K 125 0
mrt 4 0K 0K 78643K 9 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 247 1102K 1102K 78643K 247 0
exec 0 0K 2K 78643K 6044 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 382 94K 111K 78643K 171422 0
UVM aobj 131 4K 4K 78643K 131 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 791 0
NDP 11 0K 2K 78643K 159 0
temp 124 4730K 4858K 78643K 73647 0
kqueue 12 18K 28K 78643K 2381 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 2555 0 2552 40 37 3 6 0 8 2
rtentry 112 661 0 535 4 0 4 4 0 8 0
unpcb 136 26981 0 26968 237 236 1 10 0 8 0
syncache 296 252 0 252 48 48 0 1 0 8 0
tcpqe 32 208 0 208 30 30 0 1 0 8 0
tcpcb 736 11129 0 11125 299 291 8 19 0 8 7
arp 120 113 0 94 1 0 1 1 0 8 0
ipq 40 45 0 45 13 12 1 1 0 8 1
ipqe 40 279 0 279 13 12 1 1 0 8 1
inpcb 312 21736 0 21726 305 299 6 14 0 8 5
ip6q 72 81 0 81 14 14 0 1 0 8 0
ip6af 40 175 0 175 14 14 0 1 0 8 0
nd6 48 207 0 170 1 0 1 1 0 8 0
kcovpl 48 52 0 44 1 0 1 1 0 8 0
rttmrq 48 4 0 0 1 0 1 1 0 8 0
rttmr 72 135 0 133 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 2971 0 2337 52 10 42 42 0 8 0
art_table 32 2972 0 2337 6 0 6 6 0 8 0
art_node 16 660 0 544 1 0 1 1 0 8 0
semapl 112 5802 0 5792 1 0 1 1 0 8 0
shmpl 112 128 0 0 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 39579 0 38132 91 0 91 91 0 8 0
ffsino 272 39579 0 38132 98 0 98 98 0 8 0
nchpl 144 76842 0 75080 66 0 66 66 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 224 5926 0 0 349 0 349 349 0 8 0
namei 1024 289872 0 289870 17 16 1 2 0 8 0
percpumem 16 84 0 44 1 0 1 1 0 8 0
kstatmem 264 110 0 88 2 0 2 2 0 8 0
scxspl 216 236984 0 236984 85 82 3 8 0 8 3
plimitpl 152 6021 0 5998 16 15 1 2 0 8 0
sigapl 424 28773 0 28724 7 1 6 7 0 8 0
futexpl 64 244030 0 244028 18 17 1 1 0 8 0
knotepl 120 2046 0 0 24 0 24 24 0 8 0
kqueuepl 216 7754 0 7746 131 130 1 8 0 8 0
pipepl 336 6379 0 6351 167 164 3 13 0 8 0
fdescpl 496 28758 0 28724 7 2 5 6 0 8 0
filepl 152 211139 0 210902 345 330 15 24 0 8 5
lockfpl 104 3439 0 3436 2 1 1 2 0 8 0
lockfspl 48 1090 0 1087 1 0 1 1 0 8 0
sessionpl 144 67 0 51 1 0 1 1 0 8 0
pgrppl 48 226 0 210 1 0 1 1 0 8 0
ucredpl 96 34093 0 34075 1 0 1 1 0 8 0
zombiepl 144 28724 0 28724 7 6 1 1 0 8 1
processpl 1064 28773 0 28724 5 1 4 4 0 8 0
procpl 672 84081 0 84019 48 41 7 8 0 8 1
sosppl 168 429 0 429 39 38 1 1 0 8 1
sockpl 480 52142 0 52117 1117 1105 12 36 0 8 8
mcl64k 65536 73 0 0 6 3 3 3 0 8 0
mcl16k 16384 57 0 0 6 3 3 3 0 8 0
mcl12k 12288 59 0 0 3 1 2 2 0 8 0
mcl9k 9216 25 0 0 2 0 2 2 0 8 0
mcl8k 8192 41 0 0 5 2 3 3 0 8 0
mcl4k 4096 49 0 0 4 1 3 3 0 8 0
mcl2k2 2112 13 0 0 1 0 1 1 0 8 0
mcl2k 2048 594 0 0 23 8 15 18 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 10055 0 0 553 0 553 553 0 8 0
bufpl 288 53363 0 47032 453 0 453 453 0 8 0
anonpl 24 5667406 0 5653650 352 246 106 136 0 186 0
amapchunkpl 152 500563 0 499958 158 128 30 39 0 158 0
amappl16 200 81053 0 80642 301 276 25 47 0 8 0
amappl15 192 9341 0 9336 1 0 1 1 0 8 0
amappl14 184 2705 0 2698 1 0 1 1 0 8 0
amappl13 176 2993 0 2991 2 1 1 1 0 8 0
amappl12 168 4090 0 4088 1 0 1 1 0 8 0
amappl11 160 163 0 146 1 0 1 1 0 8 0
amappl10 152 5485 0 5479 1 0 1 1 0 8 0
amappl9 144 5049 0 5042 1 0 1 1 0 8 0
amappl8 136 3630 0 3416 9 1 8 8 0 8 0
amappl7 128 1486 0 1472 1 0 1 1 0 8 0
amappl6 120 5149 0 5124 2 1 1 2 0 8 0
amappl5 112 29933 0 29912 1 0 1 1 0 8 0
amappl4 104 4284 0 4251 2 1 1 2 0 8 0
amappl3 96 92242 0 92193 2 0 2 2 0 8 0
amappl2 88 34859 0 34785 3 1 2 3 0 8 0
amappl1 80 683412 0 682730 23 7 16 19 0 8 0
amappl 88 169101 0 168920 7 2 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 130 0 0 3 0 3 3 0 8 0
uaddrrnd 24 28758 0 28724 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 28758 0 28724 1 0 1 1 0 8 0
vmmpekpl 168 226808 0 226746 4 0 4 4 0 8 0
vmmpepl 168 2813797 0 2810974 400 263 137 149 0 357 0
vmsppl 368 28757 0 28724 5 1 4 5 0 8 0
rwobjpl 56 694703 0 687128 123 12 111 113 0 8 0
pdppl 4096 57523 0 57448 861 780 81 97 0 8 6
pvpl 32 10877759 0 10858568 694 501 193 239 0 265 0
pmappl 248 28757 0 28724 4 1 3 3 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 2952 0 1580 40 0 40 40 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff8296cff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_write_1(3f8,0,6b) at x86_bus_space_io_write_1+0x31 sys/arch/amd64/amd64/bus_space.c:759
comcnputc(800,6b) at comcnputc+0x128 bus_space_barrier machine/bus.h:481 [inline]
comcnputc(800,6b) at comcnputc+0x128 sys/dev/ic/com.c:1263
cnputc(6b) at cnputc+0x4b sys/dev/cons.c:239
db_putchar(6b) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82610273) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff82596ac4) at panic+0xd7 sys/kern/subr_prf.c:220
__assert(ffffffff8260b734,ffffffff825d0c99,2a6,ffffffff825c92ee) at __assert+0x25 sys/kern/subr_prf.c:161
proc_trampoline_mp() at proc_trampoline_mp+0x131
end trace frame: 0x0, count: 3
ddb{0}> trace
x86_ipi_db(ffffffff8296cff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_write_1(3f8,0,6b) at x86_bus_space_io_write_1+0x31 sys/arch/amd64/amd64/bus_space.c:759
comcnputc(800,6b) at comcnputc+0x128 bus_space_barrier machine/bus.h:481 [inline]
comcnputc(800,6b) at comcnputc+0x128 sys/dev/ic/com.c:1263
cnputc(6b) at cnputc+0x4b sys/dev/cons.c:239
db_putchar(6b) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82610273) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff82596ac4) at panic+0xd7 sys/kern/subr_prf.c:220
__assert(ffffffff8260b734,ffffffff825d0c99,2a6,ffffffff825c92ee) at __assert+0x25 sys/kern/subr_prf.c:161
proc_trampoline_mp() at proc_trampoline_mp+0x131
end trace frame: 0x0, count: -12
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x18: addq $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8258a027) at panic+0x177 sys/kern/subr_prf.c:202
vop_generic_badop(ffff8000232492f8) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd8062f31958,fffffd8067db9b48) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:644
bwrite(fffffd8067db9b48) at bwrite+0x1f0 sys/kern/vfs_bio.c:763
VOP_BWRITE(fffffd8067db9b48) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:656
ufs_mkdir(ffff800023249590) at ufs_mkdir+0x6b4 sys/ufs/ufs/ufs_vnops.c:1248
VOP_MKDIR(fffffd8067b9ece0,ffff8000232496f0,ffff800023249720,ffff800023249620) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff800021209260,ffffff9c,7f7ffffd3e10,1ff) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
syscall(ffff8000232498a0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000232498a0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd3e80, count: 4
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8258a027) at panic+0x177 sys/kern/subr_prf.c:202
vop_generic_badop(ffff8000232492f8) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd8062f31958,fffffd8067db9b48) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:644
bwrite(fffffd8067db9b48) at bwrite+0x1f0 sys/kern/vfs_bio.c:763
VOP_BWRITE(fffffd8067db9b48) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:656
ufs_mkdir(ffff800023249590) at ufs_mkdir+0x6b4 sys/ufs/ufs/ufs_vnops.c:1248
VOP_MKDIR(fffffd8067b9ece0,ffff8000232496f0,ffff800023249720,ffff800023249620) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:404
domkdirat(ffff800021209260,ffffff9c,7f7ffffd3e10,1ff) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3101
syscall(ffff8000232498a0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000232498a0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd3e80, count: -11
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Anton Lindqvist
Apr 23, 2022, 12:35:40 AM4/23/22
to syzbot, syzkaller-o...@googlegroups.com
#syz invalid
Reply all
Reply to author
Forward
0 new messages