assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno (4)
1 view
Skip to first unread message
syzbot
Mar 13, 2024, 11:18:36 AMMar 13
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 8f79da2a7ab2 Add regress test showing that OpenBSD IPv6 fr..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=167df9b6180000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=a75e7174b254bdc350bd
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/af294ee628c0/disk-8f79da2a.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/56b5e8ac2bf7/bsd-8f79da2a.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6fc7f23311d7/kernel-8f79da2a.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a75e71...@syzkaller.appspotmail.com
panpanic: kernel diagnostic assertion "((flags & PGO_LOCKED) != 0 && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_vnode.c", line 953
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*300256 54798 0 0 0x4000000 1 syz-executor.5
285702 25665 0 0x2 0 0 syz-executor.6
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828a6210) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff829320b7,ffffffff828a19f9,3b9,ffffffff8288774e) at __assert+0x29 sys/kern/subr_prf.c:157
uvn_get(fffffd806d5141a0,4f000,ffff8000308eece0,ffff8000308eeb54,3,4,61d0fb88713dda8e,fffffd806d5141a0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff8000308eed60,ffff8000308eed98,ffff8000308eece0) at uvm_fault_lower_lookup+0xf7 sys/uvm/uvm_fault.c:1128
uvm_fault_lower(ffff8000308eed60,ffff8000308eed98,ffff8000308eece0,0) at uvm_fault_lower+0x63 sys/uvm/uvm_fault.c:1227
uvm_fault(fffffd8065816e28,34629e94000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000308eeee0,34629e94910) at upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188
usertrap(ffff8000308eeee0) at usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x34894e4d170, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu0: vop_generic_badop
cpu1: kernel diagnostic assertion "((flags & PGO_LOCKED) != 0 && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_vnode.c", line 953
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828a6210) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff829320b7,ffffffff828a19f9,3b9,ffffffff8288774e) at __assert+0x29 sys/kern/subr_prf.c:157
uvn_get(fffffd806d5141a0,4f000,ffff8000308eece0,ffff8000308eeb54,3,4,61d0fb88713dda8e,fffffd806d5141a0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff8000308eed60,ffff8000308eed98,ffff8000308eece0) at uvm_fault_lower_lookup+0xf7 sys/uvm/uvm_fault.c:1128
uvm_fault_lower(ffff8000308eed60,ffff8000308eed98,ffff8000308eece0,0) at uvm_fault_lower+0x63 sys/uvm/uvm_fault.c:1227
uvm_fault(fffffd8065816e28,34629e94000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000308eeee0,34629e94910) at upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188
usertrap(ffff8000308eeee0) at usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x34894e4d170, count: -10
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff8000308ee980
rbx 0xffff800029ceccb7
rdx 0
rcx 0xffff80002f0c1d50
rax 0xffff800029cebff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xf07481354bcaa5d2
r11 0xd0575b77563fa677
r12 0xffff800029cecab8
r13 0
r14 0xffffffff82ca1ab8 cpu_info_full_primary+0x2ab8
r15 0x1
rip 0xffffffff8247d33c db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff8000308ee970
ss 0
db_enter+0x1c: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.5) tid=300256 pid=54798 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=83, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff80002f0c2a98,0xffff80002f0c2008
process=0xffff80002cc95f38 user=0xffff8000308e9000, vmspace=0xfffffd8065816e28
estcpu=33, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
5509 181674 66829 0 2 0 syz-executor.3
5509 84500 66829 0 2 0x4000000 syz-executor.3
5509 480606 66829 0 2 0x4000000 syz-executor.3
24067 62415 40632 0 2 0 syz-executor.0
24067 14162 40632 0 2 0x4000000 syz-executor.0
74421 496262 18568 0 2 0 syz-executor.1
54798 71650 75515 0 2 0 syz-executor.5
*54798 300256 75515 0 7 0x4000000 syz-executor.5
75515 40248 8620 0 3 0x82 nanoslp syz-executor.5
48145 137036 1 0 3 0x100083 ttyin getty
18568 353384 8620 0 3 0x82 nanoslp syz-executor.1
66829 266996 8620 0 3 0x82 nanoslp syz-executor.3
28223 497270 0 0 3 0x14280 nfsidl nfsio
62478 18445 0 0 3 0x14280 nfsidl nfsio
33549 396890 0 0 3 0x14280 nfsidl nfsio
99888 431926 0 0 3 0x14280 nfsidl nfsio
44083 218341 0 0 3 0x14280 nfsidl nfsio
79108 56772 0 0 3 0x14280 nfsidl nfsio
10317 381972 0 0 3 0x14280 nfsidl nfsio
53070 383919 0 0 3 0x14280 nfsidl nfsio
30291 71144 0 0 3 0x14280 nfsidl nfsio
14841 398574 0 0 3 0x14280 nfsidl nfsio
95570 488091 0 0 3 0x14280 nfsidl nfsio
25581 246204 0 0 3 0x14280 nfsidl nfsio
12302 515367 0 0 3 0x14280 nfsidl nfsio
5796 475079 0 0 3 0x14280 nfsidl nfsio
40817 209578 0 0 3 0x14280 nfsidl nfsio
19856 59743 0 0 3 0x14280 nfsidl nfsio
59594 380751 0 0 3 0x14280 nfsidl nfsio
44538 237569 0 0 3 0x14280 nfsidl nfsio
85487 241899 0 0 3 0x14280 nfsidl nfsio
71334 9678 0 0 3 0x14280 nfsidl nfsio
55403 416502 0 0 3 0x14200 bored sosplice
78703 295160 8620 0 3 0x2 biowait syz-executor.7
25665 285702 8620 0 7 0x2 syz-executor.6
27285 199668 8620 0 3 0x2 biowait syz-executor.4
63707 83330 8620 0 2 0x2 syz-executor.2
40632 7119 8620 0 3 0x82 nanoslp syz-executor.0
8620 319372 39001 0 3 0x2000082 wait syz-fuzzer
8620 472294 39001 0 3 0x6000082 nanoslp syz-fuzzer
8620 510297 39001 0 3 0x6000082 wait syz-fuzzer
8620 22229 39001 0 3 0x6000082 thrsleep syz-fuzzer
8620 90483 39001 0 3 0x6000082 wait syz-fuzzer
8620 277068 39001 0 3 0x6000082 thrsleep syz-fuzzer
8620 260116 39001 0 3 0x6000082 wait syz-fuzzer
8620 204527 39001 0 3 0x6000082 wait syz-fuzzer
8620 160897 39001 0 3 0x6000082 wait syz-fuzzer
8620 3282 39001 0 3 0x6000082 thrsleep syz-fuzzer
8620 284910 39001 0 3 0x6000082 thrsleep syz-fuzzer
8620 279551 39001 0 3 0x6000082 wait syz-fuzzer
8620 397514 39001 0 3 0x6000082 kqread syz-fuzzer
8620 472851 39001 0 3 0x6000082 wait syz-fuzzer
8620 464581 39001 0 3 0x6000082 thrsleep syz-fuzzer
39001 116445 76924 0 3 0x10008a sigsusp ksh
76924 196162 28591 0 3 0x9a kqread sshd
28591 20473 1 0 3 0x88 kqread sshd
18153 326896 74110 74 3 0x1100092 bpf pflogd
74110 435432 1 0 3 0x80 netio pflogd
95444 164856 19767 73 3 0x1100090 kqread syslogd
19767 47473 1 0 3 0x100082 netio syslogd
36819 468999 1 0 3 0x100080 kqread resolvd
54724 77766 97753 77 3 0x100092 kqread dhcpleased
76849 371524 97753 77 3 0x100092 kqread dhcpleased
97753 177543 1 0 3 0x80 kqread dhcpleased
55082 472207 0 0 3 0x14200 bored smr
32754 89004 0 0 2 0x14200 zerothread
95943 470233 0 0 3 0x14200 aiodoned aiodoned
20797 363251 0 0 3 0x14200 syncer update
97149 411111 0 0 3 0x14200 cleaner cleaner
27620 386396 0 0 3 0x14200 reaper reaper
65937 382466 0 0 3 0x14200 pgdaemon pagedaemon
98878 73445 0 0 3 0x14200 bored viomb
14657 16960 0 0 3 0x40014200 acpi0 acpi0
79855 198668 0 0 3 0x40014200 idle1
76196 130241 0 0 3 0x14200 bored softnet3
35086 325649 0 0 3 0x14200 bored softnet2
5684 7853 0 0 3 0x14200 bored softnet1
33479 334451 0 0 3 0x14200 bored softnet0
94242 254219 0 0 3 0x14200 bored systqmp
72804 323406 0 0 3 0x14200 bored systq
88968 499140 0 0 3 0x14200 tmoslp softclockmp
15661 24138 0 0 3 0x40014200 tmoslp softclock
94981 413728 0 0 3 0x40014200 idle0
1 362649 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 78703 (syz-executor.7) thread 0xffff80002a225558 (295160)
exclusive rrwlock inode r = 0 (0xfffffd8072a13b40)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vget+0x200 sys/kern/vfs_subr.c:676
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1201
#8 ufs_lookup+0x1323 sys/ufs/ufs/ufs_lookup.c:478
#9 VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x6e2 sys/kern/vfs_lookup.c:566
#11 namei+0x55a sys/kern/vfs_lookup.c:250
#12 dounlinkat+0x9d sys/kern/vfs_syscalls.c:1847
#13 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#13 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806b5b4e78)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd5 sys/kern/vfs_lookup.c:418
#6 namei+0x55a sys/kern/vfs_lookup.c:250
#7 dounlinkat+0x9d sys/kern/vfs_syscalls.c:1847
#8 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#8 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#9 Xsyscall+0x128
Process 25665 (syz-executor.6) thread 0xffff80002a226a98 (285702)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82e88c90)
#0 witness_lock+0x447
#1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
#2 mi_switch+0x46f sys/kern/sched_bsd.c:470
#3 sleep_finish+0x19b sys/kern/kern_synch.c:414
#4 biowait+0x91 sys/kern/vfs_bio.c:1254
#5 bwrite+0x21c sys/kern/vfs_bio.c:766
#6 ffs_update+0x28b sys/ufs/ffs/ffs_inode.c:111
#7 ufs_mkdir+0x517 sys/ufs/ufs/ufs_vnops.c:1175
#8 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
#9 domkdirat+0x125 sys/kern/vfs_syscalls.c:3069
#10 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#10 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8072a133d0)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vget+0x200 sys/kern/vfs_subr.c:676
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1201
#8 ffs_inode_alloc+0x1c5 sys/ufs/ffs/ffs_alloc.c:393
#9 ufs_mkdir+0xfb sys/ufs/ufs/ufs_vnops.c:1127
#10 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
#11 domkdirat+0x125 sys/kern/vfs_syscalls.c:3069
#12 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#12 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#13 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806b5b4c58)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd5 sys/kern/vfs_lookup.c:418
#6 namei+0x55a sys/kern/vfs_lookup.c:250
#7 domkdirat+0x79 sys/kern/vfs_syscalls.c:3054
#8 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#8 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#9 Xsyscall+0x128
Process 27285 (syz-executor.4) thread 0xffff80002a17e2b8 (199668)
exclusive rrwlock inode r = 0 (0xfffffd8072a13f80)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 ufs_ihashins+0x46 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1230
#6 ffs_inode_alloc+0x1c5 sys/ufs/ffs/ffs_alloc.c:393
#7 ufs_mkdir+0xfb sys/ufs/ufs/ufs_vnops.c:1127
#8 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
#9 domkdirat+0x125 sys/kern/vfs_syscalls.c:3069
#10 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#10 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806b5b40a8)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd5 sys/kern/vfs_lookup.c:418
#6 namei+0x55a sys/kern/vfs_lookup.c:250
#7 domkdirat+0x79 sys/kern/vfs_syscalls.c:3054
#8 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#8 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#9 Xsyscall+0x128
Process 63707 (syz-executor.2) thread 0xffff80002a2077f8 (83330)
exclusive rrwlock inode r = 0 (0xfffffd8072a13c50)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 ufs_ihashins+0x46 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1230
#6 ffs_inode_alloc+0x1c5 sys/ufs/ffs/ffs_alloc.c:393
#7 ufs_mkdir+0xfb sys/ufs/ufs/ufs_vnops.c:1127
#8 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
#9 domkdirat+0x125 sys/kern/vfs_syscalls.c:3069
#10 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#10 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806b861098)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd5 sys/kern/vfs_lookup.c:418
#6 namei+0x55a sys/kern/vfs_lookup.c:250
#7 domkdirat+0x79 sys/kern/vfs_syscalls.c:3054
#8 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#8 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#9 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10222 6546K 6869K 166960K 14895 0
pcb 15 18K 20K 166960K 223 0
rtable 204 6K 7K 166960K 563 0
pf 34 9K 10K 166960K 81 0
ifaddr 41 14K 15K 166960K 86 0
ifgroup 59 2K 2K 166960K 127 0
sysctl 4 1K 3K 166960K 8 0
counters 66 36K 36K 166960K 102 0
ioctlops 0 0K 4K 166960K 1522 0
iov 0 0K 16K 166960K 221 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1385 87K 87K 166960K 2434 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 26 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 1K 166960K 105 0
dirhash 12 2K 2K 166960K 15 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 14 49K 85K 166960K 2433 0
sigio 0 0K 0K 166960K 92 0
proc 69 91K 115K 166960K 736 0
subproc 104 6K 6K 166960K 145 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 196 0
in_multi 83 6K 7K 166960K 214 0
ether_multi 1 0K 0K 166960K 9 0
mrt 1 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 211 943K 943K 166960K 211 0
exec 0 0K 1K 166960K 631 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 342 135K 140K 166960K 26520 0
UVM aobj 86 3K 3K 166960K 86 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 65 0
NDP 13 0K 2K 166960K 60 0
temp 72 6771K 6889K 166960K 26932 0
kqueue 12 18K 29K 166960K 259 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 99 0 96 1 0 1 1 0 8 0
rtentry 112 182 0 90 4 0 4 4 0 8 0
unpcb 144 1730 0 1715 18 16 2 7 0 8 1
syncache 336 38 0 38 7 6 1 1 0 8 1
sackhl 24 3 0 3 1 1 0 1 0 8 0
tcpqe 32 240 0 240 6 5 1 1 0 8 1
tcpcb 808 820 0 787 37 27 10 12 0 8 6
arp 120 24 0 10 1 0 1 1 0 8 0
inpcb 392 1984 0 1948 56 45 11 14 0 8 6
nd6 136 41 0 22 1 0 1 1 0 8 0
pkpcb 40 11 0 11 2 2 0 1 0 8 0
kcovpl 48 11 0 3 1 0 1 1 0 8 0
ppxss 1168 2 0 2 1 1 0 1 0 8 0
pffrag 232 3 0 1 2 1 1 1 0 482 0
pffrnode 88 3 0 1 2 1 1 1 0 8 0
pffrent 40 12 0 10 2 1 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 85 0 66 1 0 1 1 0 8 0
pfstkey 128 85 0 66 2 0 2 2 0 8 0
pfstate 376 85 0 66 4 1 3 4 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 4 0 3 3 2 1 3 0 8 0
art_heap4 256 787 0 396 36 8 28 29 0 8 0
art_table 32 791 0 399 4 0 4 4 0 8 0
art_node 16 178 0 94 1 0 1 1 0 8 0
sysvmsgpl 40 5 0 0 1 0 1 1 0 8 0
semapl 112 103 0 93 1 0 1 1 0 8 0
shmpl 112 83 0 0 3 0 3 3 0 8 0
dirhash 1024 19 0 2 3 0 3 3 0 8 0
dino2pl 256 4458 0 3007 91 0 91 91 0 8 0
ffsino 272 4458 0 3007 98 0 98 98 0 8 0
nchpl 144 7842 0 6192 63 0 63 63 0 8 0
uvmvnodes 80 5458 0 0 112 0 112 112 0 8 0
vnodes 216 5458 0 0 304 0 304 304 0 8 0
namei 1024 25654 0 25651 5 4 1 2 0 8 0
percpumem 16 65 0 18 1 0 1 1 0 8 0
vcpupl 2048 6 0 0 1 0 1 1 0 8 0
vmpool 696 6 0 0 1 0 1 1 0 8 0
kstatmem 264 62 0 36 2 0 2 2 0 8 0
scxspl 216 24666 0 24664 19 15 4 8 1 8 3
plimitpl 152 305 0 289 1 0 1 1 0 8 0
sigapl 424 2762 0 2696 9 1 8 8 0 8 0
futexpl 64 17882 0 17882 2 1 1 1 0 8 1
knotepl 120 184 0 0 5 0 5 5 0 8 0
kqueuepl 216 463 0 455 9 6 3 5 0 8 2
pipepl 320 331 0 303 7 4 3 6 0 8 0
fdescpl 496 2723 0 2696 5 0 5 5 0 8 0
filepl 152 14317 0 14077 36 23 13 16 0 8 3
lockfpl 104 943 0 940 1 0 1 1 0 8 0
lockfspl 48 221 0 218 1 0 1 1 0 8 0
sessionpl 144 28 0 11 1 0 1 1 0 8 0
pgrppl 48 205 0 188 1 0 1 1 0 8 0
ucredpl 104 1505 0 1492 1 0 1 1 0 8 0
zombiepl 144 2696 0 2696 3 2 1 1 0 8 1
processpl 1136 2762 0 2696 6 0 6 6 0 8 0
procpl 680 7072 0 6988 12 3 9 9 0 8 0
srpgc 96 6 0 6 2 2 0 1 0 8 0
sosppl 168 23 0 18 4 3 1 1 0 8 0
sockpl 584 3826 0 3772 52 43 9 14 0 8 4
mcl64k 65536 19 0 0 3 0 3 3 0 8 1
mcl16k 16384 16 0 0 2 0 2 2 0 8 0
mcl12k 12288 11 0 0 2 0 2 2 0 8 0
mcl9k 9216 7 0 0 1 0 1 1 0 8 0
mcl8k 8192 17 0 0 3 0 3 3 0 8 0
mcl4k 4096 17 0 0 3 0 3 3 0 8 0
mcl2k2 2112 4 0 0 1 0 1 1 0 8 0
mcl2k 2048 288 0 0 36 0 36 36 0 8 0
mtagpl 96 129 0 0 4 0 4 4 0 8 0
mbufpl 256 523 0 0 27 0 27 27 0 8 0
bufpl 280 8193 0 1873 452 0 452 452 0 8 0
anonpl 24 396075 0 382416 97 6 91 94 0 186 0
amapchunkpl 152 83779 0 82964 48 9 39 40 0 158 1
amappl16 200 9039 0 8611 29 4 25 27 0 8 0
amappl15 192 30 0 29 1 0 1 1 0 8 0
amappl14 184 169 0 154 2 1 1 2 0 8 0
amappl13 176 20 0 20 1 1 0 1 0 8 0
amappl12 168 3428 0 3400 3 1 2 2 0 8 0
amappl11 160 58 0 44 1 0 1 1 0 8 0
amappl10 152 37 0 24 1 0 1 1 0 8 0
amappl9 144 193 0 191 1 0 1 1 0 8 0
amappl8 136 302 0 231 3 0 3 3 0 8 0
amappl7 128 194 0 169 3 1 2 3 0 8 0
amappl6 120 320 0 311 1 0 1 1 0 8 0
amappl5 112 159 0 148 1 0 1 1 0 8 0
amappl4 104 511 0 483 2 1 1 2 0 8 0
amappl3 96 16790 0 16715 5 2 3 3 0 8 0
amappl2 88 3278 0 3202 4 2 2 4 0 8 0
amappl1 80 18038 0 17490 23 10 13 23 0 8 0
amappl 88 25904 0 25686 9 2 7 7 0 92 1
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 85 0 0 2 0 2 2 0 8 0
uaddrrnd 24 2729 0 2696 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2729 0 2696 1 0 1 1 0 8 0
vmmpekpl 168 25506 0 25443 4 0 4 4 0 8 0
vmmpepl 168 181204 0 178954 182 63 119 126 0 357 10
vmsppl 448 2728 0 2696 6 1 5 5 0 8 0
rwobjpl 56 56013 0 48965 103 3 100 100 0 8 0
pdppl 4096 5465 0 5398 203 134 69 79 0 8 2
pvpl 32 45408 0 0 369 2 367 367 0 265 0
pmappl 248 2728 0 2696 3 0 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 632 0 231 12 0 12 12 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffffffff82ca0ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82e88a88) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82e88a88) at __mp_lock+0x122 sys/kern/kern_lock.c:147
intr_handler(ffff800033f41590,ffff80000006bc00) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:539
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
Xspllower() at Xspllower+0x1d
cnputc(6e) at cnputc+0x4f sys/dev/cons.c:218
db_putchar(6e) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x6bc sys/kern/subr_prf.c:724
db_printf(ffffffff82932a61) at db_printf+0x89 sys/kern/subr_prf.c:498
panic(ffffffff8289c3be) at panic+0xdb sys/kern/subr_prf.c:216
vop_generic_badop(ffff800033f419b8) at vop_generic_badop+0x1f sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd8065d46cc0,fffffd8072d1d7b0) at VOP_STRATEGY+0x9f sys/kern/vfs_vops.c:628
end trace frame: 0xffff800033f41a60, count: 0
ddb{0}> trace
x86_ipi_db(ffffffff82ca0ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82e88a88) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82e88a88) at __mp_lock+0x122 sys/kern/kern_lock.c:147
intr_handler(ffff800033f41590,ffff80000006bc00) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:539
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
Xspllower() at Xspllower+0x1d
cnputc(6e) at cnputc+0x4f sys/dev/cons.c:218
db_putchar(6e) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x6bc sys/kern/subr_prf.c:724
db_printf(ffffffff82932a61) at db_printf+0x89 sys/kern/subr_prf.c:498
panic(ffffffff8289c3be) at panic+0xdb sys/kern/subr_prf.c:216
vop_generic_badop(ffff800033f419b8) at vop_generic_badop+0x1f sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd8065d46cc0,fffffd8072d1d7b0) at VOP_STRATEGY+0x9f sys/kern/vfs_vops.c:628
bwrite(fffffd8072d1d7b0) at bwrite+0x1f1 sys/kern/vfs_bio.c:757
VOP_BWRITE(fffffd8072d1d7b0) at VOP_BWRITE+0x4e sys/kern/vfs_vops.c:640
ufs_mkdir(ffff800033f41c40) at ufs_mkdir+0x52c sys/ufs/ufs/ufs_vnops.c:1175
VOP_MKDIR(fffffd806b948a68,ffff800033f41da0,ffff800033f41dd0,ffff800033f41cd0) at VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
domkdirat(ffff80002a226a98,ffffff9c,78b2a4bc58d0,1ff) at domkdirat+0x125 sys/kern/vfs_syscalls.c:3069
syscall(ffff800033f41f50) at syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
syscall(ffff800033f41f50) at syscall+0x533 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x78b2a4bc5940, count: -21
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x1c: addq $0x8,%rsp
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828a6210) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff829320b7,ffffffff828a19f9,3b9,ffffffff8288774e) at __assert+0x29 sys/kern/subr_prf.c:157
uvn_get(fffffd806d5141a0,4f000,ffff8000308eece0,ffff8000308eeb54,3,4,61d0fb88713dda8e,fffffd806d5141a0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff8000308eed60,ffff8000308eed98,ffff8000308eece0) at uvm_fault_lower_lookup+0xf7 sys/uvm/uvm_fault.c:1128
uvm_fault_lower(ffff8000308eed60,ffff8000308eed98,ffff8000308eece0,0) at uvm_fault_lower+0x63 sys/uvm/uvm_fault.c:1227
uvm_fault(fffffd8065816e28,34629e94000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000308eeee0,34629e94910) at upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188
usertrap(ffff8000308eeee0) at usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x34894e4d170, count: 5
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828a6210) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff829320b7,ffffffff828a19f9,3b9,ffffffff8288774e) at __assert+0x29 sys/kern/subr_prf.c:157
uvn_get(fffffd806d5141a0,4f000,ffff8000308eece0,ffff8000308eeb54,3,4,61d0fb88713dda8e,fffffd806d5141a0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff8000308eed60,ffff8000308eed98,ffff8000308eece0) at uvm_fault_lower_lookup+0xf7 sys/uvm/uvm_fault.c:1128
uvm_fault_lower(ffff8000308eed60,ffff8000308eed98,ffff8000308eece0,0) at uvm_fault_lower+0x63 sys/uvm/uvm_fault.c:1227
uvm_fault(fffffd8065816e28,34629e94000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000308eeee0,34629e94910) at upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188
usertrap(ffff8000308eeee0) at usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x34894e4d170, count: -10
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 8f79da2a7ab2 Add regress test showing that OpenBSD IPv6 fr..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=167df9b6180000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=a75e7174b254bdc350bd
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/af294ee628c0/disk-8f79da2a.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/56b5e8ac2bf7/bsd-8f79da2a.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6fc7f23311d7/kernel-8f79da2a.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a75e71...@syzkaller.appspotmail.com
panpanic: kernel diagnostic assertion "((flags & PGO_LOCKED) != 0 && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_vnode.c", line 953
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*300256 54798 0 0 0x4000000 1 syz-executor.5
285702 25665 0 0x2 0 0 syz-executor.6
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828a6210) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff829320b7,ffffffff828a19f9,3b9,ffffffff8288774e) at __assert+0x29 sys/kern/subr_prf.c:157
uvn_get(fffffd806d5141a0,4f000,ffff8000308eece0,ffff8000308eeb54,3,4,61d0fb88713dda8e,fffffd806d5141a0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff8000308eed60,ffff8000308eed98,ffff8000308eece0) at uvm_fault_lower_lookup+0xf7 sys/uvm/uvm_fault.c:1128
uvm_fault_lower(ffff8000308eed60,ffff8000308eed98,ffff8000308eece0,0) at uvm_fault_lower+0x63 sys/uvm/uvm_fault.c:1227
uvm_fault(fffffd8065816e28,34629e94000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000308eeee0,34629e94910) at upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188
usertrap(ffff8000308eeee0) at usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x34894e4d170, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu0: vop_generic_badop
cpu1: kernel diagnostic assertion "((flags & PGO_LOCKED) != 0 && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_vnode.c", line 953
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828a6210) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff829320b7,ffffffff828a19f9,3b9,ffffffff8288774e) at __assert+0x29 sys/kern/subr_prf.c:157
uvn_get(fffffd806d5141a0,4f000,ffff8000308eece0,ffff8000308eeb54,3,4,61d0fb88713dda8e,fffffd806d5141a0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff8000308eed60,ffff8000308eed98,ffff8000308eece0) at uvm_fault_lower_lookup+0xf7 sys/uvm/uvm_fault.c:1128
uvm_fault_lower(ffff8000308eed60,ffff8000308eed98,ffff8000308eece0,0) at uvm_fault_lower+0x63 sys/uvm/uvm_fault.c:1227
uvm_fault(fffffd8065816e28,34629e94000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000308eeee0,34629e94910) at upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188
usertrap(ffff8000308eeee0) at usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x34894e4d170, count: -10
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff8000308ee980
rbx 0xffff800029ceccb7
rdx 0
rcx 0xffff80002f0c1d50
rax 0xffff800029cebff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xf07481354bcaa5d2
r11 0xd0575b77563fa677
r12 0xffff800029cecab8
r13 0
r14 0xffffffff82ca1ab8 cpu_info_full_primary+0x2ab8
r15 0x1
rip 0xffffffff8247d33c db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff8000308ee970
ss 0
db_enter+0x1c: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.5) tid=300256 pid=54798 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=83, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff80002f0c2a98,0xffff80002f0c2008
process=0xffff80002cc95f38 user=0xffff8000308e9000, vmspace=0xfffffd8065816e28
estcpu=33, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
5509 181674 66829 0 2 0 syz-executor.3
5509 84500 66829 0 2 0x4000000 syz-executor.3
5509 480606 66829 0 2 0x4000000 syz-executor.3
24067 62415 40632 0 2 0 syz-executor.0
24067 14162 40632 0 2 0x4000000 syz-executor.0
74421 496262 18568 0 2 0 syz-executor.1
54798 71650 75515 0 2 0 syz-executor.5
*54798 300256 75515 0 7 0x4000000 syz-executor.5
75515 40248 8620 0 3 0x82 nanoslp syz-executor.5
48145 137036 1 0 3 0x100083 ttyin getty
18568 353384 8620 0 3 0x82 nanoslp syz-executor.1
66829 266996 8620 0 3 0x82 nanoslp syz-executor.3
28223 497270 0 0 3 0x14280 nfsidl nfsio
62478 18445 0 0 3 0x14280 nfsidl nfsio
33549 396890 0 0 3 0x14280 nfsidl nfsio
99888 431926 0 0 3 0x14280 nfsidl nfsio
44083 218341 0 0 3 0x14280 nfsidl nfsio
79108 56772 0 0 3 0x14280 nfsidl nfsio
10317 381972 0 0 3 0x14280 nfsidl nfsio
53070 383919 0 0 3 0x14280 nfsidl nfsio
30291 71144 0 0 3 0x14280 nfsidl nfsio
14841 398574 0 0 3 0x14280 nfsidl nfsio
95570 488091 0 0 3 0x14280 nfsidl nfsio
25581 246204 0 0 3 0x14280 nfsidl nfsio
12302 515367 0 0 3 0x14280 nfsidl nfsio
5796 475079 0 0 3 0x14280 nfsidl nfsio
40817 209578 0 0 3 0x14280 nfsidl nfsio
19856 59743 0 0 3 0x14280 nfsidl nfsio
59594 380751 0 0 3 0x14280 nfsidl nfsio
44538 237569 0 0 3 0x14280 nfsidl nfsio
85487 241899 0 0 3 0x14280 nfsidl nfsio
71334 9678 0 0 3 0x14280 nfsidl nfsio
55403 416502 0 0 3 0x14200 bored sosplice
78703 295160 8620 0 3 0x2 biowait syz-executor.7
25665 285702 8620 0 7 0x2 syz-executor.6
27285 199668 8620 0 3 0x2 biowait syz-executor.4
63707 83330 8620 0 2 0x2 syz-executor.2
40632 7119 8620 0 3 0x82 nanoslp syz-executor.0
8620 319372 39001 0 3 0x2000082 wait syz-fuzzer
8620 472294 39001 0 3 0x6000082 nanoslp syz-fuzzer
8620 510297 39001 0 3 0x6000082 wait syz-fuzzer
8620 22229 39001 0 3 0x6000082 thrsleep syz-fuzzer
8620 90483 39001 0 3 0x6000082 wait syz-fuzzer
8620 277068 39001 0 3 0x6000082 thrsleep syz-fuzzer
8620 260116 39001 0 3 0x6000082 wait syz-fuzzer
8620 204527 39001 0 3 0x6000082 wait syz-fuzzer
8620 160897 39001 0 3 0x6000082 wait syz-fuzzer
8620 3282 39001 0 3 0x6000082 thrsleep syz-fuzzer
8620 284910 39001 0 3 0x6000082 thrsleep syz-fuzzer
8620 279551 39001 0 3 0x6000082 wait syz-fuzzer
8620 397514 39001 0 3 0x6000082 kqread syz-fuzzer
8620 472851 39001 0 3 0x6000082 wait syz-fuzzer
8620 464581 39001 0 3 0x6000082 thrsleep syz-fuzzer
39001 116445 76924 0 3 0x10008a sigsusp ksh
76924 196162 28591 0 3 0x9a kqread sshd
28591 20473 1 0 3 0x88 kqread sshd
18153 326896 74110 74 3 0x1100092 bpf pflogd
74110 435432 1 0 3 0x80 netio pflogd
95444 164856 19767 73 3 0x1100090 kqread syslogd
19767 47473 1 0 3 0x100082 netio syslogd
36819 468999 1 0 3 0x100080 kqread resolvd
54724 77766 97753 77 3 0x100092 kqread dhcpleased
76849 371524 97753 77 3 0x100092 kqread dhcpleased
97753 177543 1 0 3 0x80 kqread dhcpleased
55082 472207 0 0 3 0x14200 bored smr
32754 89004 0 0 2 0x14200 zerothread
95943 470233 0 0 3 0x14200 aiodoned aiodoned
20797 363251 0 0 3 0x14200 syncer update
97149 411111 0 0 3 0x14200 cleaner cleaner
27620 386396 0 0 3 0x14200 reaper reaper
65937 382466 0 0 3 0x14200 pgdaemon pagedaemon
98878 73445 0 0 3 0x14200 bored viomb
14657 16960 0 0 3 0x40014200 acpi0 acpi0
79855 198668 0 0 3 0x40014200 idle1
76196 130241 0 0 3 0x14200 bored softnet3
35086 325649 0 0 3 0x14200 bored softnet2
5684 7853 0 0 3 0x14200 bored softnet1
33479 334451 0 0 3 0x14200 bored softnet0
94242 254219 0 0 3 0x14200 bored systqmp
72804 323406 0 0 3 0x14200 bored systq
88968 499140 0 0 3 0x14200 tmoslp softclockmp
15661 24138 0 0 3 0x40014200 tmoslp softclock
94981 413728 0 0 3 0x40014200 idle0
1 362649 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 78703 (syz-executor.7) thread 0xffff80002a225558 (295160)
exclusive rrwlock inode r = 0 (0xfffffd8072a13b40)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vget+0x200 sys/kern/vfs_subr.c:676
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1201
#8 ufs_lookup+0x1323 sys/ufs/ufs/ufs_lookup.c:478
#9 VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x6e2 sys/kern/vfs_lookup.c:566
#11 namei+0x55a sys/kern/vfs_lookup.c:250
#12 dounlinkat+0x9d sys/kern/vfs_syscalls.c:1847
#13 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#13 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806b5b4e78)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd5 sys/kern/vfs_lookup.c:418
#6 namei+0x55a sys/kern/vfs_lookup.c:250
#7 dounlinkat+0x9d sys/kern/vfs_syscalls.c:1847
#8 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#8 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#9 Xsyscall+0x128
Process 25665 (syz-executor.6) thread 0xffff80002a226a98 (285702)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82e88c90)
#0 witness_lock+0x447
#1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
#2 mi_switch+0x46f sys/kern/sched_bsd.c:470
#3 sleep_finish+0x19b sys/kern/kern_synch.c:414
#4 biowait+0x91 sys/kern/vfs_bio.c:1254
#5 bwrite+0x21c sys/kern/vfs_bio.c:766
#6 ffs_update+0x28b sys/ufs/ffs/ffs_inode.c:111
#7 ufs_mkdir+0x517 sys/ufs/ufs/ufs_vnops.c:1175
#8 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
#9 domkdirat+0x125 sys/kern/vfs_syscalls.c:3069
#10 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#10 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8072a133d0)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vget+0x200 sys/kern/vfs_subr.c:676
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1201
#8 ffs_inode_alloc+0x1c5 sys/ufs/ffs/ffs_alloc.c:393
#9 ufs_mkdir+0xfb sys/ufs/ufs/ufs_vnops.c:1127
#10 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
#11 domkdirat+0x125 sys/kern/vfs_syscalls.c:3069
#12 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#12 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#13 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806b5b4c58)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd5 sys/kern/vfs_lookup.c:418
#6 namei+0x55a sys/kern/vfs_lookup.c:250
#7 domkdirat+0x79 sys/kern/vfs_syscalls.c:3054
#8 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#8 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#9 Xsyscall+0x128
Process 27285 (syz-executor.4) thread 0xffff80002a17e2b8 (199668)
exclusive rrwlock inode r = 0 (0xfffffd8072a13f80)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 ufs_ihashins+0x46 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1230
#6 ffs_inode_alloc+0x1c5 sys/ufs/ffs/ffs_alloc.c:393
#7 ufs_mkdir+0xfb sys/ufs/ufs/ufs_vnops.c:1127
#8 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
#9 domkdirat+0x125 sys/kern/vfs_syscalls.c:3069
#10 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#10 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806b5b40a8)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd5 sys/kern/vfs_lookup.c:418
#6 namei+0x55a sys/kern/vfs_lookup.c:250
#7 domkdirat+0x79 sys/kern/vfs_syscalls.c:3054
#8 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#8 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#9 Xsyscall+0x128
Process 63707 (syz-executor.2) thread 0xffff80002a2077f8 (83330)
exclusive rrwlock inode r = 0 (0xfffffd8072a13c50)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 ufs_ihashins+0x46 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1230
#6 ffs_inode_alloc+0x1c5 sys/ufs/ffs/ffs_alloc.c:393
#7 ufs_mkdir+0xfb sys/ufs/ufs/ufs_vnops.c:1127
#8 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
#9 domkdirat+0x125 sys/kern/vfs_syscalls.c:3069
#10 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#10 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806b861098)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd5 sys/kern/vfs_lookup.c:418
#6 namei+0x55a sys/kern/vfs_lookup.c:250
#7 domkdirat+0x79 sys/kern/vfs_syscalls.c:3054
#8 syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
#8 syscall+0x533 sys/arch/amd64/amd64/trap.c:577
#9 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10222 6546K 6869K 166960K 14895 0
pcb 15 18K 20K 166960K 223 0
rtable 204 6K 7K 166960K 563 0
pf 34 9K 10K 166960K 81 0
ifaddr 41 14K 15K 166960K 86 0
ifgroup 59 2K 2K 166960K 127 0
sysctl 4 1K 3K 166960K 8 0
counters 66 36K 36K 166960K 102 0
ioctlops 0 0K 4K 166960K 1522 0
iov 0 0K 16K 166960K 221 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1385 87K 87K 166960K 2434 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 26 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 1K 166960K 105 0
dirhash 12 2K 2K 166960K 15 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 14 49K 85K 166960K 2433 0
sigio 0 0K 0K 166960K 92 0
proc 69 91K 115K 166960K 736 0
subproc 104 6K 6K 166960K 145 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 196 0
in_multi 83 6K 7K 166960K 214 0
ether_multi 1 0K 0K 166960K 9 0
mrt 1 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 211 943K 943K 166960K 211 0
exec 0 0K 1K 166960K 631 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 342 135K 140K 166960K 26520 0
UVM aobj 86 3K 3K 166960K 86 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 65 0
NDP 13 0K 2K 166960K 60 0
temp 72 6771K 6889K 166960K 26932 0
kqueue 12 18K 29K 166960K 259 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 99 0 96 1 0 1 1 0 8 0
rtentry 112 182 0 90 4 0 4 4 0 8 0
unpcb 144 1730 0 1715 18 16 2 7 0 8 1
syncache 336 38 0 38 7 6 1 1 0 8 1
sackhl 24 3 0 3 1 1 0 1 0 8 0
tcpqe 32 240 0 240 6 5 1 1 0 8 1
tcpcb 808 820 0 787 37 27 10 12 0 8 6
arp 120 24 0 10 1 0 1 1 0 8 0
inpcb 392 1984 0 1948 56 45 11 14 0 8 6
nd6 136 41 0 22 1 0 1 1 0 8 0
pkpcb 40 11 0 11 2 2 0 1 0 8 0
kcovpl 48 11 0 3 1 0 1 1 0 8 0
ppxss 1168 2 0 2 1 1 0 1 0 8 0
pffrag 232 3 0 1 2 1 1 1 0 482 0
pffrnode 88 3 0 1 2 1 1 1 0 8 0
pffrent 40 12 0 10 2 1 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 85 0 66 1 0 1 1 0 8 0
pfstkey 128 85 0 66 2 0 2 2 0 8 0
pfstate 376 85 0 66 4 1 3 4 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 4 0 3 3 2 1 3 0 8 0
art_heap4 256 787 0 396 36 8 28 29 0 8 0
art_table 32 791 0 399 4 0 4 4 0 8 0
art_node 16 178 0 94 1 0 1 1 0 8 0
sysvmsgpl 40 5 0 0 1 0 1 1 0 8 0
semapl 112 103 0 93 1 0 1 1 0 8 0
shmpl 112 83 0 0 3 0 3 3 0 8 0
dirhash 1024 19 0 2 3 0 3 3 0 8 0
dino2pl 256 4458 0 3007 91 0 91 91 0 8 0
ffsino 272 4458 0 3007 98 0 98 98 0 8 0
nchpl 144 7842 0 6192 63 0 63 63 0 8 0
uvmvnodes 80 5458 0 0 112 0 112 112 0 8 0
vnodes 216 5458 0 0 304 0 304 304 0 8 0
namei 1024 25654 0 25651 5 4 1 2 0 8 0
percpumem 16 65 0 18 1 0 1 1 0 8 0
vcpupl 2048 6 0 0 1 0 1 1 0 8 0
vmpool 696 6 0 0 1 0 1 1 0 8 0
kstatmem 264 62 0 36 2 0 2 2 0 8 0
scxspl 216 24666 0 24664 19 15 4 8 1 8 3
plimitpl 152 305 0 289 1 0 1 1 0 8 0
sigapl 424 2762 0 2696 9 1 8 8 0 8 0
futexpl 64 17882 0 17882 2 1 1 1 0 8 1
knotepl 120 184 0 0 5 0 5 5 0 8 0
kqueuepl 216 463 0 455 9 6 3 5 0 8 2
pipepl 320 331 0 303 7 4 3 6 0 8 0
fdescpl 496 2723 0 2696 5 0 5 5 0 8 0
filepl 152 14317 0 14077 36 23 13 16 0 8 3
lockfpl 104 943 0 940 1 0 1 1 0 8 0
lockfspl 48 221 0 218 1 0 1 1 0 8 0
sessionpl 144 28 0 11 1 0 1 1 0 8 0
pgrppl 48 205 0 188 1 0 1 1 0 8 0
ucredpl 104 1505 0 1492 1 0 1 1 0 8 0
zombiepl 144 2696 0 2696 3 2 1 1 0 8 1
processpl 1136 2762 0 2696 6 0 6 6 0 8 0
procpl 680 7072 0 6988 12 3 9 9 0 8 0
srpgc 96 6 0 6 2 2 0 1 0 8 0
sosppl 168 23 0 18 4 3 1 1 0 8 0
sockpl 584 3826 0 3772 52 43 9 14 0 8 4
mcl64k 65536 19 0 0 3 0 3 3 0 8 1
mcl16k 16384 16 0 0 2 0 2 2 0 8 0
mcl12k 12288 11 0 0 2 0 2 2 0 8 0
mcl9k 9216 7 0 0 1 0 1 1 0 8 0
mcl8k 8192 17 0 0 3 0 3 3 0 8 0
mcl4k 4096 17 0 0 3 0 3 3 0 8 0
mcl2k2 2112 4 0 0 1 0 1 1 0 8 0
mcl2k 2048 288 0 0 36 0 36 36 0 8 0
mtagpl 96 129 0 0 4 0 4 4 0 8 0
mbufpl 256 523 0 0 27 0 27 27 0 8 0
bufpl 280 8193 0 1873 452 0 452 452 0 8 0
anonpl 24 396075 0 382416 97 6 91 94 0 186 0
amapchunkpl 152 83779 0 82964 48 9 39 40 0 158 1
amappl16 200 9039 0 8611 29 4 25 27 0 8 0
amappl15 192 30 0 29 1 0 1 1 0 8 0
amappl14 184 169 0 154 2 1 1 2 0 8 0
amappl13 176 20 0 20 1 1 0 1 0 8 0
amappl12 168 3428 0 3400 3 1 2 2 0 8 0
amappl11 160 58 0 44 1 0 1 1 0 8 0
amappl10 152 37 0 24 1 0 1 1 0 8 0
amappl9 144 193 0 191 1 0 1 1 0 8 0
amappl8 136 302 0 231 3 0 3 3 0 8 0
amappl7 128 194 0 169 3 1 2 3 0 8 0
amappl6 120 320 0 311 1 0 1 1 0 8 0
amappl5 112 159 0 148 1 0 1 1 0 8 0
amappl4 104 511 0 483 2 1 1 2 0 8 0
amappl3 96 16790 0 16715 5 2 3 3 0 8 0
amappl2 88 3278 0 3202 4 2 2 4 0 8 0
amappl1 80 18038 0 17490 23 10 13 23 0 8 0
amappl 88 25904 0 25686 9 2 7 7 0 92 1
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 85 0 0 2 0 2 2 0 8 0
uaddrrnd 24 2729 0 2696 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2729 0 2696 1 0 1 1 0 8 0
vmmpekpl 168 25506 0 25443 4 0 4 4 0 8 0
vmmpepl 168 181204 0 178954 182 63 119 126 0 357 10
vmsppl 448 2728 0 2696 6 1 5 5 0 8 0
rwobjpl 56 56013 0 48965 103 3 100 100 0 8 0
pdppl 4096 5465 0 5398 203 134 69 79 0 8 2
pvpl 32 45408 0 0 369 2 367 367 0 265 0
pmappl 248 2728 0 2696 3 0 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 632 0 231 12 0 12 12 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffffffff82ca0ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82e88a88) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82e88a88) at __mp_lock+0x122 sys/kern/kern_lock.c:147
intr_handler(ffff800033f41590,ffff80000006bc00) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:539
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
Xspllower() at Xspllower+0x1d
cnputc(6e) at cnputc+0x4f sys/dev/cons.c:218
db_putchar(6e) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x6bc sys/kern/subr_prf.c:724
db_printf(ffffffff82932a61) at db_printf+0x89 sys/kern/subr_prf.c:498
panic(ffffffff8289c3be) at panic+0xdb sys/kern/subr_prf.c:216
vop_generic_badop(ffff800033f419b8) at vop_generic_badop+0x1f sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd8065d46cc0,fffffd8072d1d7b0) at VOP_STRATEGY+0x9f sys/kern/vfs_vops.c:628
end trace frame: 0xffff800033f41a60, count: 0
ddb{0}> trace
x86_ipi_db(ffffffff82ca0ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82e88a88) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82e88a88) at __mp_lock+0x122 sys/kern/kern_lock.c:147
intr_handler(ffff800033f41590,ffff80000006bc00) at intr_handler+0x62 sys/arch/amd64/amd64/intr.c:539
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
Xspllower() at Xspllower+0x1d
cnputc(6e) at cnputc+0x4f sys/dev/cons.c:218
db_putchar(6e) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x6bc sys/kern/subr_prf.c:724
db_printf(ffffffff82932a61) at db_printf+0x89 sys/kern/subr_prf.c:498
panic(ffffffff8289c3be) at panic+0xdb sys/kern/subr_prf.c:216
vop_generic_badop(ffff800033f419b8) at vop_generic_badop+0x1f sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd8065d46cc0,fffffd8072d1d7b0) at VOP_STRATEGY+0x9f sys/kern/vfs_vops.c:628
bwrite(fffffd8072d1d7b0) at bwrite+0x1f1 sys/kern/vfs_bio.c:757
VOP_BWRITE(fffffd8072d1d7b0) at VOP_BWRITE+0x4e sys/kern/vfs_vops.c:640
ufs_mkdir(ffff800033f41c40) at ufs_mkdir+0x52c sys/ufs/ufs/ufs_vnops.c:1175
VOP_MKDIR(fffffd806b948a68,ffff800033f41da0,ffff800033f41dd0,ffff800033f41cd0) at VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
domkdirat(ffff80002a226a98,ffffff9c,78b2a4bc58d0,1ff) at domkdirat+0x125 sys/kern/vfs_syscalls.c:3069
syscall(ffff800033f41f50) at syscall+0x533 mi_syscall sys/sys/syscall_mi.h:183 [inline]
syscall(ffff800033f41f50) at syscall+0x533 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x78b2a4bc5940, count: -21
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x1c: addq $0x8,%rsp
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828a6210) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff829320b7,ffffffff828a19f9,3b9,ffffffff8288774e) at __assert+0x29 sys/kern/subr_prf.c:157
uvn_get(fffffd806d5141a0,4f000,ffff8000308eece0,ffff8000308eeb54,3,4,61d0fb88713dda8e,fffffd806d5141a0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff8000308eed60,ffff8000308eed98,ffff8000308eece0) at uvm_fault_lower_lookup+0xf7 sys/uvm/uvm_fault.c:1128
uvm_fault_lower(ffff8000308eed60,ffff8000308eed98,ffff8000308eece0,0) at uvm_fault_lower+0x63 sys/uvm/uvm_fault.c:1227
uvm_fault(fffffd8065816e28,34629e94000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000308eeee0,34629e94910) at upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188
usertrap(ffff8000308eeee0) at usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x34894e4d170, count: 5
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828a6210) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff829320b7,ffffffff828a19f9,3b9,ffffffff8288774e) at __assert+0x29 sys/kern/subr_prf.c:157
uvn_get(fffffd806d5141a0,4f000,ffff8000308eece0,ffff8000308eeb54,3,4,61d0fb88713dda8e,fffffd806d5141a0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff8000308eed60,ffff8000308eed98,ffff8000308eece0) at uvm_fault_lower_lookup+0xf7 sys/uvm/uvm_fault.c:1128
uvm_fault_lower(ffff8000308eed60,ffff8000308eed98,ffff8000308eece0,0) at uvm_fault_lower+0x63 sys/uvm/uvm_fault.c:1227
uvm_fault(fffffd8065816e28,34629e94000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000308eeee0,34629e94910) at upageflttrap+0x86 sys/arch/amd64/amd64/trap.c:188
usertrap(ffff8000308eeee0) at usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x34894e4d170, count: -10
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages