panic: acquipraniincg: k e brnleolck daibaleg nsolseteip lc oacsks weirttiho n s "pi!nl_okecrkn oelr_ l corcik_thiec
0 views
Skip to first unread message
syzbot
Mar 22, 2022, 4:50:20 AM3/22/22
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 6be6ed882de0 Reduce dmesg spam by nor printing the "Apple"..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=147fd451700000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=0981beefccd29c20ed34
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0981be...@syzkaller.appspotmail.com
panic: acquipraniincg: k e brnleolck daibaleg nsolseteip lc oacsks weirttiho n s "pi!nl_okecrkn oelr_ l corcik_thieclald () " f a i l seed:c t i o n he ld ( fkielrnee l "_l/osyckz)k al l e r/ m a n a ge r s/ s e t u i d / k er n e l/ s y s /u v m/ uv m _ m a p . c " , l in e 2 7 3 4
&Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
194162 9987 32767 0x10 0x4000000 1 syz-executor.0
* 12114 60102 0 0x14000 0x200 0 reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff8258e8f2) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff82601511,ffffffff826271db,aae,ffffffff825bd978) at __assert+0x25 sys/kern/subr_prf.c:161
uvm_map_teardown(fffffd8068248b98) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2736
uvmspace_free(fffffd8068248b98) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
reaper(ffff8000210f9a40) at reaper+0x18b sys/kern/kern_exit.c:457
end trace frame: 0x0, count: 9
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
cpu0: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_map.c", line 2734
*cpu1: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff8258e8f2) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff82601511,ffffffff826271db,aae,ffffffff825bd978) at __assert+0x25 sys/kern/subr_prf.c:161
uvm_map_teardown(fffffd8068248b98) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2736
uvmspace_free(fffffd8068248b98) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
reaper(ffff8000210f9a40) at reaper+0x18b sys/kern/kern_exit.c:457
end trace frame: 0x0, count: -6
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800021135030
rbx 0xffffffff828f2bff cpu_info_full_primary+0x2bff
rdx 0
rcx 0
rax 0xffff8000210f9a40
r8 0x101010101010101
r9 0x8080808080808080
r10 0x69196a67801e3c11
r11 0xf048caebccde6fa8
r12 0xffffffff828f2a00 cpu_info_full_primary+0x2a00
r13 0
r14 0xffff800020ce9a00
r15 0x1
rip 0xffffffff819ed3a8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800021135020
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (reaper) pid=12114 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
pri=4, usrpri=58, nice=20
forw=0xffffffffffffffff, list=0xffff8000210f97a0,0xffff8000210f9cf0
process=0xffff8000ffffd8f0 user=0xffff800021130000, vmspace=0xffffffff82b6a868
estcpu=8, cpticks=4, pctcpu=1.89
user=0, sys=3, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
9987 427807 64751 32767 2 0x10 syz-executor.0
9987 194162 64751 32767 7 0x4000010 syz-executor.0
509 212497 76300 32767 2 0x10 syz-executor.4
509 511083 76300 32767 3 0x4000090 fsleep syz-executor.4
99128 172060 94036 32767 3 0x90 nanoslp syz-executor.2
99128 236515 94036 32767 3 0x4000090 netcon2 syz-executor.2
99128 38582 94036 32767 3 0x4000090 fsleep syz-executor.2
72014 420343 42937 32767 3 0x90 nanoslp syz-executor.3
72014 414709 42937 32767 3 0x4000090 fsleep syz-executor.3
72014 337793 42937 32767 3 0x4000090 netcon2 syz-executor.3
72014 510855 42937 32767 3 0x4000090 fsleep syz-executor.3
78204 246664 57104 32767 3 0x90 nanoslp syz-executor.7
78204 374213 57104 32767 3 0x4000090 netcon2 syz-executor.7
78204 335564 57104 32767 3 0x4000090 netcon2 syz-executor.7
78204 43639 57104 32767 3 0x4000090 fsleep syz-executor.7
64751 373771 27841 32767 3 0x90 nanoslp syz-executor.0
27841 319341 64099 0 3 0x82 wait syz-executor.0
924 208601 61600 32767 3 0x90 nanoslp syz-executor.6
61600 239346 64099 0 3 0x82 wait syz-executor.6
76300 61743 63260 32767 3 0x90 nanoslp syz-executor.4
63260 332531 64099 0 3 0x82 wait syz-executor.4
94036 228144 94674 32767 3 0x90 nanoslp syz-executor.2
94674 406585 64099 0 3 0x82 wait syz-executor.2
73780 307792 48943 32767 3 0x90 nanoslp syz-executor.1
48943 379474 64099 0 3 0x82 wait syz-executor.1
57104 362183 6718 32767 3 0x90 nanoslp syz-executor.7
6718 351764 64099 0 3 0x82 wait syz-executor.7
30591 159559 0 0 3 0x14200 bored sosplice
61832 428277 57345 32767 3 0x90 nanoslp syz-executor.5
57345 156694 64099 0 3 0x82 wait syz-executor.5
42937 309153 32780 32767 3 0x90 nanoslp syz-executor.3
32780 222924 64099 0 3 0x82 wait syz-executor.3
64099 58 29156 0 3 0x82 kqread syz-fuzzer
64099 206130 29156 0 3 0x4000082 thrsleep syz-fuzzer
64099 18921 29156 0 3 0x4000082 thrsleep syz-fuzzer
64099 221380 29156 0 3 0x4000082 thrsleep syz-fuzzer
64099 155448 29156 0 3 0x4000082 thrsleep syz-fuzzer
64099 205218 29156 0 3 0x4000082 thrsleep syz-fuzzer
64099 65982 29156 0 3 0x4000082 thrsleep syz-fuzzer
64099 317060 29156 0 3 0x4000082 thrsleep syz-fuzzer
64099 356890 29156 0 3 0x4000082 thrsleep syz-fuzzer
29156 373778 311 0 3 0x10008a sigsusp ksh
311 95576 23165 0 3 0x9a kqread sshd
83753 396773 1 0 3 0x100083 ttyin getty
23165 412391 1 0 3 0x88 kqread sshd
27534 243361 9088 73 3 0x1100090 kqread syslogd
9088 23666 1 0 3 0x100082 netio syslogd
76908 286970 1 0 3 0x100080 kqread resolvd
18402 98926 87991 77 3 0x100092 kqread dhcpleased
78573 257084 87991 77 3 0x100092 kqread dhcpleased
87991 181785 1 0 3 0x80 kqread dhcpleased
79649 40680 0 0 3 0x14200 bored smr
16872 146525 0 0 2 0x14200 zerothread
45197 376219 0 0 3 0x14200 aiodoned aiodoned
10686 188551 0 0 3 0x14200 syncer update
81179 343548 0 0 3 0x14200 cleaner cleaner
*60102 12114 0 0 7 0x14200 reaper
13608 482158 0 0 3 0x14200 pgdaemon pagedaemon
46992 411941 0 0 3 0x14200 bored viomb
66654 472187 0 0 3 0x40014200 acpi0 acpi0
12361 146720 0 0 3 0x40014200 idle1
32725 501513 0 0 3 0x14200 bored softnet
80423 388806 0 0 3 0x14200 bored systqmp
84057 122832 0 0 3 0x14200 bored systq
65740 211450 0 0 3 0x40014200 bored softclock
61181 248008 0 0 3 0x40014200 idle0
1 45857 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex anonpl r = 0 (0xffffffff82a73458)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pool_put+0x8a sys/kern/subr_pool.c:799
#4 amap_wipeout+0x1b1 sys/uvm/uvm_amap.c:504
#5 uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1599
#6 uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789
#7 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
#8 reaper+0x18b sys/kern/kern_exit.c:457
#9 proc_trampoline+0x1c
CPU 1:
exclusive mutex &table->inpt_mtx r = 0 (0xffffffff829cb1d0)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 udp_input+0x7b0
#4 ip_deliver+0x322 sys/netinet/ip_input.c:657
#5 ip_ours+0x3ba sys/netinet/ip_input.c:616
#6 ip_input_if+0x2a1
#7 ipv4_input+0x48 sys/netinet/ip_input.c:242
#8 if_input_local+0x10e sys/net/if.c:774
#9 ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
#9 ip_output+0xb05 sys/netinet/ip_output.c:332
#10 udp_output+0x58d sys/netinet/udp_usrreq.c:1011
#11 sosend+0x632 sys/kern/uipc_socket.c:582
#12 dofilewritev+0x19c sys/kern/sys_generic.c:381
#13 sys_write+0x83 sys/kern/sys_generic.c:301
#14 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#14 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#15 Xsyscall+0x128
Process 9987 (syz-executor.0) thread 0xffff800027abed20 (194162)
exclusive rwlock netlock r = 0 (0xffffffff828ee470)
#0 witness_lock+0x44d
#1 solock+0x86 sys/kern/uipc_socket2.c:295
#2 sosend+0x517 sys/kern/uipc_socket.c:570
#3 dofilewritev+0x19c sys/kern/sys_generic.c:381
#4 sys_write+0x83 sys/kern/sys_generic.c:301
#5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#6 Xsyscall+0x128
Process 60102 (reaper) thread 0xffff8000210f9a40 (12114)
uvm_fault(0xffffffff82b6a868, 0x0, 0, 1) -> e
kernel: page fault trap, code=0
Faulted in DDB; continuing...
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10212 6412K 6419K 78643K 11346 0
pcb 13 16K 20K 78643K 19 0
rtable 264 7K 8K 78643K 1591 0
ifaddr 81 17K 17K 78643K 181 0
sysctl 2 0K 0K 78643K 2 0
counters 56 35K 35K 78643K 84 0
ioctlops 0 0K 2K 78643K 170 0
iov 0 0K 28K 78643K 1467 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1271 79K 79K 78643K 3058 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 46 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 1339 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 23 85K 117K 78643K 9046 0
sigio 0 0K 0K 78643K 161 0
proc 59 87K 111K 78643K 1469 0
subproc 104 6K 6K 78643K 286 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 833 0
in_multi 99 6K 7K 78643K 325 0
ether_multi 1 0K 0K 78643K 21 0
mrt 2 0K 0K 78643K 3 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 289 1288K 1288K 78643K 289 0
exec 0 0K 2K 78643K 1961 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 459 93K 108K 78643K 119313 0
UVM aobj 131 6K 6K 78643K 133 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 330 0
NDP 11 0K 2K 78643K 69 0
temp 125 4711K 4775K 78643K 25447 0
kqueue 14 20K 26K 78643K 658 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 881 0 878 12 11 1 3 0 8 0
rtentry 112 293 0 170 4 0 4 4 0 8 0
unpcb 136 7731 0 7718 64 63 1 6 0 8 0
syncache 296 94 0 94 15 15 0 1 0 8 0
tcpqe 32 60 0 60 10 10 0 1 0 8 0
tcpcb 736 14223 0 14094 250 238 12 30 0 8 0
arp 120 47 0 29 1 0 1 1 0 8 0
ipq 40 10 0 10 5 5 0 1 0 8 0
ipqe 40 177 0 177 5 5 0 1 0 8 0
inpcb 312 18646 0 18559 154 144 10 17 0 8 2
ip6q 72 8 0 7 3 2 1 1 0 8 0
ip6af 40 14 0 13 3 2 1 1 0 8 0
nd6 48 93 0 56 1 0 1 1 0 8 0
kcovpl 48 22 0 14 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1221 0 692 36 2 34 35 0 8 0
art_table 32 1222 0 692 5 0 5 5 0 8 0
art_node 16 292 0 179 1 0 1 1 0 8 0
sysvmsgpl 40 43 0 3 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 1337 0 1327 1 0 1 1 0 8 0
shmpl 112 130 0 2 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 13641 0 12194 91 0 91 91 0 8 0
ffsino 272 13641 0 12194 97 0 97 97 0 8 0
nchpl 144 25586 0 23956 62 0 62 62 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 224 5926 0 0 349 0 349 349 0 8 0
namei 1024 85217 0 85217 3 2 1 2 0 8 1
percpumem 16 54 0 14 1 0 1 1 0 8 0
scxspl 216 76795 0 76795 33 30 3 8 0 8 3
plimitpl 152 1878 0 1856 6 5 1 2 0 8 0
sigapl 424 9295 0 9243 7 1 6 7 0 8 0
futexpl 64 79387 0 79382 2 1 1 1 0 8 0
knotepl 120 773 0 0 19 2 17 17 0 8 0
kqueuepl 216 2620 0 2609 45 44 1 8 0 8 0
pipepl 336 2054 0 2022 67 59 8 8 0 8 5
fdescpl 496 9280 0 9246 7 2 5 6 0 8 0
filepl 152 69563 0 69242 122 104 18 19 0 8 5
lockfpl 104 1188 0 1186 1 0 1 1 0 8 0
lockfspl 48 401 0 399 1 0 1 1 0 8 0
sessionpl 144 37 0 21 1 0 1 1 0 8 0
pgrppl 48 82 0 66 1 0 1 1 0 8 0
ucredpl 96 10387 0 10369 1 0 1 1 0 8 0
zombiepl 144 9246 0 9243 1 0 1 1 0 8 0
processpl 1064 9295 0 9243 5 1 4 4 0 8 0
procpl 672 28112 0 28041 22 14 8 8 0 8 0
sosppl 168 1432 0 1426 5 4 1 1 0 8 0
sockpl 480 27477 0 27374 513 497 16 30 0 8 1
mcl64k 65536 36 0 0 4 1 3 3 0 8 0
mcl16k 16384 17 0 0 3 0 3 3 0 8 0
mcl12k 12288 41 0 0 2 0 2 2 0 8 0
mcl9k 9216 19 0 0 2 0 2 2 0 8 0
mcl8k 8192 33 0 0 4 1 3 3 0 8 0
mcl4k 4096 25 0 0 3 0 3 3 0 8 0
mcl2k2 2112 6 0 0 1 0 1 1 0 8 0
mcl2k 2048 201 0 0 19 1 18 19 0 8 0
mtagpl 96 1 0 0 1 0 1 1 0 8 0
mbufpl 256 810 0 0 32 1 31 31 0 8 0
bufpl 288 18481 0 12146 453 0 453 453 0 8 0
anonpl 24 2742109 0 2727169 284 179 105 120 0 186 0
amapchunkpl 152 291536 0 290734 116 81 35 48 0 158 0
amappl16 200 29071 0 28677 151 129 22 34 0 8 0
amappl15 192 2723 0 2712 1 0 1 1 0 8 0
amappl14 184 384 0 381 1 0 1 1 0 8 0
amappl13 176 1147 0 1143 1 0 1 1 0 8 0
amappl12 168 174 0 171 1 0 1 1 0 8 0
amappl11 160 994 0 980 1 0 1 1 0 8 0
amappl10 152 1456 0 1442 1 0 1 1 0 8 0
amappl9 144 2838 0 2833 1 0 1 1 0 8 0
amappl8 136 1417 0 1233 7 0 7 7 0 8 0
amappl7 128 183 0 171 1 0 1 1 0 8 0
amappl6 120 2627 0 2601 2 1 1 2 0 8 0
amappl5 112 9828 0 9802 1 0 1 1 0 8 0
amappl4 104 2257 0 2226 2 0 2 2 0 8 0
amappl3 96 1913 0 1898 1 0 1 1 0 8 0
amappl2 88 2146 0 2095 3 1 2 3 0 8 0
amappl1 80 170865 0 170217 20 5 15 18 0 8 0
amappl 88 118208 0 117929 9 1 8 8 0 92 1
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 132 0 2 3 0 3 3 0 8 0
uaddrrnd 24 9280 0 9245 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 9280 0 9245 1 0 1 1 0 8 0
vmmpekpl 168 80916 0 80859 3 0 3 3 0 8 0
vmmpepl 168 858614 0 855807 261 129 132 145 0 357 1
vmsppl 368 9279 0 9245 4 0 4 4 0 8 0
rwobjpl 56 219181 0 211633 117 6 111 111 0 8 0
pdppl 4096 18567 0 18490 265 184 81 91 0 8 4
pvpl 32 4566409 0 4545872 507 314 193 248 0 265 15
pmappl 248 9279 0 9245 4 1 3 3 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 1492 0 635 26 0 26 26 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff8258e8f2) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff82601511,ffffffff826271db,aae,ffffffff825bd978) at __assert+0x25 sys/kern/subr_prf.c:161
uvm_map_teardown(fffffd8068248b98) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2736
uvmspace_free(fffffd8068248b98) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
reaper(ffff8000210f9a40) at reaper+0x18b sys/kern/kern_exit.c:457
end trace frame: 0x0, count: -6
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_write_1(3f8,0,26) at x86_bus_space_io_write_1+0x31 sys/arch/amd64/amd64/bus_space.c:759
comcnputc(800,26) at comcnputc+0x128 bus_space_barrier machine/bus.h:481 [inline]
comcnputc(800,26) at comcnputc+0x128 sys/dev/ic/com.c:1263
cnputc(26) at cnputc+0x4b sys/dev/cons.c:239
db_putchar(26) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82607594) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff825a183e) at panic+0xd7 sys/kern/subr_prf.c:220
witness_checkorder(ffffffff82a73908,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd8067a64308) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd8067a64308) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd8067a641f0) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
end trace frame: 0xffff80002c7558e0, count: 0
ddb{1}> trace
x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_write_1(3f8,0,26) at x86_bus_space_io_write_1+0x31 sys/arch/amd64/amd64/bus_space.c:759
comcnputc(800,26) at comcnputc+0x128 bus_space_barrier machine/bus.h:481 [inline]
comcnputc(800,26) at comcnputc+0x128 sys/dev/ic/com.c:1263
cnputc(26) at cnputc+0x4b sys/dev/cons.c:239
db_putchar(26) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82607594) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff825a183e) at panic+0xd7 sys/kern/subr_prf.c:220
witness_checkorder(ffffffff82a73908,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd8067a64308) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd8067a64308) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd8067a641f0) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd80682263b0,fffffd806ef6be00,fffffd807977f2b0,0,14,fffffd807977f2c4,833998a20bbebd1,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff80002c755bd8,ffff80002c755be4,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff80002c755bd8,ffff80002c755be4,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002c755bd8,ffff80002c755be4,ffff800021233000,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002c755bd8,ffff80002c755be4,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd807977f200) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd807977f200,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd805bfedc00,0,fffffd8068226560,0,0,fffffd80682264e8,be27a64ab3c6c3a1) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd805bfedc00,0,fffffd8068226560,0,0,fffffd80682264e8,be27a64ab3c6c3a1) at ip_output+0xb05 sys/netinet/ip_output.c:332
udp_output(fffffd80682264e8,fffffd805bfedc00,0,0) at udp_output+0x58d sys/netinet/udp_usrreq.c:1011
sosend(fffffd8067a643d0,0,ffff80002c755fe8,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582
dofilewritev(ffff800027abed20,4,ffff80002c755fe8,0,ffff80002c7560e0) at dofilewritev+0x19c sys/kern/sys_generic.c:381
sys_write(ffff800027abed20,ffff80002c756088,ffff80002c7560e0) at sys_write+0x83 sys/kern/sys_generic.c:301
syscall(ffff80002c756150) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002c756150) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9d8633d53f0, count: -28
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 6be6ed882de0 Reduce dmesg spam by nor printing the "Apple"..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=147fd451700000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=0981beefccd29c20ed34
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0981be...@syzkaller.appspotmail.com
panic: acquipraniincg: k e brnleolck daibaleg nsolseteip lc oacsks weirttiho n s "pi!nl_okecrkn oelr_ l corcik_thieclald () " f a i l seed:c t i o n he ld ( fkielrnee l "_l/osyckz)k al l e r/ m a n a ge r s/ s e t u i d / k er n e l/ s y s /u v m/ uv m _ m a p . c " , l in e 2 7 3 4
&Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
194162 9987 32767 0x10 0x4000000 1 syz-executor.0
* 12114 60102 0 0x14000 0x200 0 reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff8258e8f2) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff82601511,ffffffff826271db,aae,ffffffff825bd978) at __assert+0x25 sys/kern/subr_prf.c:161
uvm_map_teardown(fffffd8068248b98) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2736
uvmspace_free(fffffd8068248b98) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
reaper(ffff8000210f9a40) at reaper+0x18b sys/kern/kern_exit.c:457
end trace frame: 0x0, count: 9
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
cpu0: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_map.c", line 2734
*cpu1: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff8258e8f2) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff82601511,ffffffff826271db,aae,ffffffff825bd978) at __assert+0x25 sys/kern/subr_prf.c:161
uvm_map_teardown(fffffd8068248b98) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2736
uvmspace_free(fffffd8068248b98) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
reaper(ffff8000210f9a40) at reaper+0x18b sys/kern/kern_exit.c:457
end trace frame: 0x0, count: -6
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800021135030
rbx 0xffffffff828f2bff cpu_info_full_primary+0x2bff
rdx 0
rcx 0
rax 0xffff8000210f9a40
r8 0x101010101010101
r9 0x8080808080808080
r10 0x69196a67801e3c11
r11 0xf048caebccde6fa8
r12 0xffffffff828f2a00 cpu_info_full_primary+0x2a00
r13 0
r14 0xffff800020ce9a00
r15 0x1
rip 0xffffffff819ed3a8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800021135020
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (reaper) pid=12114 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
pri=4, usrpri=58, nice=20
forw=0xffffffffffffffff, list=0xffff8000210f97a0,0xffff8000210f9cf0
process=0xffff8000ffffd8f0 user=0xffff800021130000, vmspace=0xffffffff82b6a868
estcpu=8, cpticks=4, pctcpu=1.89
user=0, sys=3, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
9987 427807 64751 32767 2 0x10 syz-executor.0
9987 194162 64751 32767 7 0x4000010 syz-executor.0
509 212497 76300 32767 2 0x10 syz-executor.4
509 511083 76300 32767 3 0x4000090 fsleep syz-executor.4
99128 172060 94036 32767 3 0x90 nanoslp syz-executor.2
99128 236515 94036 32767 3 0x4000090 netcon2 syz-executor.2
99128 38582 94036 32767 3 0x4000090 fsleep syz-executor.2
72014 420343 42937 32767 3 0x90 nanoslp syz-executor.3
72014 414709 42937 32767 3 0x4000090 fsleep syz-executor.3
72014 337793 42937 32767 3 0x4000090 netcon2 syz-executor.3
72014 510855 42937 32767 3 0x4000090 fsleep syz-executor.3
78204 246664 57104 32767 3 0x90 nanoslp syz-executor.7
78204 374213 57104 32767 3 0x4000090 netcon2 syz-executor.7
78204 335564 57104 32767 3 0x4000090 netcon2 syz-executor.7
78204 43639 57104 32767 3 0x4000090 fsleep syz-executor.7
64751 373771 27841 32767 3 0x90 nanoslp syz-executor.0
27841 319341 64099 0 3 0x82 wait syz-executor.0
924 208601 61600 32767 3 0x90 nanoslp syz-executor.6
61600 239346 64099 0 3 0x82 wait syz-executor.6
76300 61743 63260 32767 3 0x90 nanoslp syz-executor.4
63260 332531 64099 0 3 0x82 wait syz-executor.4
94036 228144 94674 32767 3 0x90 nanoslp syz-executor.2
94674 406585 64099 0 3 0x82 wait syz-executor.2
73780 307792 48943 32767 3 0x90 nanoslp syz-executor.1
48943 379474 64099 0 3 0x82 wait syz-executor.1
57104 362183 6718 32767 3 0x90 nanoslp syz-executor.7
6718 351764 64099 0 3 0x82 wait syz-executor.7
30591 159559 0 0 3 0x14200 bored sosplice
61832 428277 57345 32767 3 0x90 nanoslp syz-executor.5
57345 156694 64099 0 3 0x82 wait syz-executor.5
42937 309153 32780 32767 3 0x90 nanoslp syz-executor.3
32780 222924 64099 0 3 0x82 wait syz-executor.3
64099 58 29156 0 3 0x82 kqread syz-fuzzer
64099 206130 29156 0 3 0x4000082 thrsleep syz-fuzzer
64099 18921 29156 0 3 0x4000082 thrsleep syz-fuzzer
64099 221380 29156 0 3 0x4000082 thrsleep syz-fuzzer
64099 155448 29156 0 3 0x4000082 thrsleep syz-fuzzer
64099 205218 29156 0 3 0x4000082 thrsleep syz-fuzzer
64099 65982 29156 0 3 0x4000082 thrsleep syz-fuzzer
64099 317060 29156 0 3 0x4000082 thrsleep syz-fuzzer
64099 356890 29156 0 3 0x4000082 thrsleep syz-fuzzer
29156 373778 311 0 3 0x10008a sigsusp ksh
311 95576 23165 0 3 0x9a kqread sshd
83753 396773 1 0 3 0x100083 ttyin getty
23165 412391 1 0 3 0x88 kqread sshd
27534 243361 9088 73 3 0x1100090 kqread syslogd
9088 23666 1 0 3 0x100082 netio syslogd
76908 286970 1 0 3 0x100080 kqread resolvd
18402 98926 87991 77 3 0x100092 kqread dhcpleased
78573 257084 87991 77 3 0x100092 kqread dhcpleased
87991 181785 1 0 3 0x80 kqread dhcpleased
79649 40680 0 0 3 0x14200 bored smr
16872 146525 0 0 2 0x14200 zerothread
45197 376219 0 0 3 0x14200 aiodoned aiodoned
10686 188551 0 0 3 0x14200 syncer update
81179 343548 0 0 3 0x14200 cleaner cleaner
*60102 12114 0 0 7 0x14200 reaper
13608 482158 0 0 3 0x14200 pgdaemon pagedaemon
46992 411941 0 0 3 0x14200 bored viomb
66654 472187 0 0 3 0x40014200 acpi0 acpi0
12361 146720 0 0 3 0x40014200 idle1
32725 501513 0 0 3 0x14200 bored softnet
80423 388806 0 0 3 0x14200 bored systqmp
84057 122832 0 0 3 0x14200 bored systq
65740 211450 0 0 3 0x40014200 bored softclock
61181 248008 0 0 3 0x40014200 idle0
1 45857 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex anonpl r = 0 (0xffffffff82a73458)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pool_put+0x8a sys/kern/subr_pool.c:799
#4 amap_wipeout+0x1b1 sys/uvm/uvm_amap.c:504
#5 uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1599
#6 uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789
#7 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
#8 reaper+0x18b sys/kern/kern_exit.c:457
#9 proc_trampoline+0x1c
CPU 1:
exclusive mutex &table->inpt_mtx r = 0 (0xffffffff829cb1d0)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 udp_input+0x7b0
#4 ip_deliver+0x322 sys/netinet/ip_input.c:657
#5 ip_ours+0x3ba sys/netinet/ip_input.c:616
#6 ip_input_if+0x2a1
#7 ipv4_input+0x48 sys/netinet/ip_input.c:242
#8 if_input_local+0x10e sys/net/if.c:774
#9 ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
#9 ip_output+0xb05 sys/netinet/ip_output.c:332
#10 udp_output+0x58d sys/netinet/udp_usrreq.c:1011
#11 sosend+0x632 sys/kern/uipc_socket.c:582
#12 dofilewritev+0x19c sys/kern/sys_generic.c:381
#13 sys_write+0x83 sys/kern/sys_generic.c:301
#14 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#14 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#15 Xsyscall+0x128
Process 9987 (syz-executor.0) thread 0xffff800027abed20 (194162)
exclusive rwlock netlock r = 0 (0xffffffff828ee470)
#0 witness_lock+0x44d
#1 solock+0x86 sys/kern/uipc_socket2.c:295
#2 sosend+0x517 sys/kern/uipc_socket.c:570
#3 dofilewritev+0x19c sys/kern/sys_generic.c:381
#4 sys_write+0x83 sys/kern/sys_generic.c:301
#5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#6 Xsyscall+0x128
Process 60102 (reaper) thread 0xffff8000210f9a40 (12114)
uvm_fault(0xffffffff82b6a868, 0x0, 0, 1) -> e
kernel: page fault trap, code=0
Faulted in DDB; continuing...
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10212 6412K 6419K 78643K 11346 0
pcb 13 16K 20K 78643K 19 0
rtable 264 7K 8K 78643K 1591 0
ifaddr 81 17K 17K 78643K 181 0
sysctl 2 0K 0K 78643K 2 0
counters 56 35K 35K 78643K 84 0
ioctlops 0 0K 2K 78643K 170 0
iov 0 0K 28K 78643K 1467 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1271 79K 79K 78643K 3058 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 46 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 1339 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 23 85K 117K 78643K 9046 0
sigio 0 0K 0K 78643K 161 0
proc 59 87K 111K 78643K 1469 0
subproc 104 6K 6K 78643K 286 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 833 0
in_multi 99 6K 7K 78643K 325 0
ether_multi 1 0K 0K 78643K 21 0
mrt 2 0K 0K 78643K 3 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 289 1288K 1288K 78643K 289 0
exec 0 0K 2K 78643K 1961 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 459 93K 108K 78643K 119313 0
UVM aobj 131 6K 6K 78643K 133 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 330 0
NDP 11 0K 2K 78643K 69 0
temp 125 4711K 4775K 78643K 25447 0
kqueue 14 20K 26K 78643K 658 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 881 0 878 12 11 1 3 0 8 0
rtentry 112 293 0 170 4 0 4 4 0 8 0
unpcb 136 7731 0 7718 64 63 1 6 0 8 0
syncache 296 94 0 94 15 15 0 1 0 8 0
tcpqe 32 60 0 60 10 10 0 1 0 8 0
tcpcb 736 14223 0 14094 250 238 12 30 0 8 0
arp 120 47 0 29 1 0 1 1 0 8 0
ipq 40 10 0 10 5 5 0 1 0 8 0
ipqe 40 177 0 177 5 5 0 1 0 8 0
inpcb 312 18646 0 18559 154 144 10 17 0 8 2
ip6q 72 8 0 7 3 2 1 1 0 8 0
ip6af 40 14 0 13 3 2 1 1 0 8 0
nd6 48 93 0 56 1 0 1 1 0 8 0
kcovpl 48 22 0 14 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1221 0 692 36 2 34 35 0 8 0
art_table 32 1222 0 692 5 0 5 5 0 8 0
art_node 16 292 0 179 1 0 1 1 0 8 0
sysvmsgpl 40 43 0 3 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 1337 0 1327 1 0 1 1 0 8 0
shmpl 112 130 0 2 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 13641 0 12194 91 0 91 91 0 8 0
ffsino 272 13641 0 12194 97 0 97 97 0 8 0
nchpl 144 25586 0 23956 62 0 62 62 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 224 5926 0 0 349 0 349 349 0 8 0
namei 1024 85217 0 85217 3 2 1 2 0 8 1
percpumem 16 54 0 14 1 0 1 1 0 8 0
scxspl 216 76795 0 76795 33 30 3 8 0 8 3
plimitpl 152 1878 0 1856 6 5 1 2 0 8 0
sigapl 424 9295 0 9243 7 1 6 7 0 8 0
futexpl 64 79387 0 79382 2 1 1 1 0 8 0
knotepl 120 773 0 0 19 2 17 17 0 8 0
kqueuepl 216 2620 0 2609 45 44 1 8 0 8 0
pipepl 336 2054 0 2022 67 59 8 8 0 8 5
fdescpl 496 9280 0 9246 7 2 5 6 0 8 0
filepl 152 69563 0 69242 122 104 18 19 0 8 5
lockfpl 104 1188 0 1186 1 0 1 1 0 8 0
lockfspl 48 401 0 399 1 0 1 1 0 8 0
sessionpl 144 37 0 21 1 0 1 1 0 8 0
pgrppl 48 82 0 66 1 0 1 1 0 8 0
ucredpl 96 10387 0 10369 1 0 1 1 0 8 0
zombiepl 144 9246 0 9243 1 0 1 1 0 8 0
processpl 1064 9295 0 9243 5 1 4 4 0 8 0
procpl 672 28112 0 28041 22 14 8 8 0 8 0
sosppl 168 1432 0 1426 5 4 1 1 0 8 0
sockpl 480 27477 0 27374 513 497 16 30 0 8 1
mcl64k 65536 36 0 0 4 1 3 3 0 8 0
mcl16k 16384 17 0 0 3 0 3 3 0 8 0
mcl12k 12288 41 0 0 2 0 2 2 0 8 0
mcl9k 9216 19 0 0 2 0 2 2 0 8 0
mcl8k 8192 33 0 0 4 1 3 3 0 8 0
mcl4k 4096 25 0 0 3 0 3 3 0 8 0
mcl2k2 2112 6 0 0 1 0 1 1 0 8 0
mcl2k 2048 201 0 0 19 1 18 19 0 8 0
mtagpl 96 1 0 0 1 0 1 1 0 8 0
mbufpl 256 810 0 0 32 1 31 31 0 8 0
bufpl 288 18481 0 12146 453 0 453 453 0 8 0
anonpl 24 2742109 0 2727169 284 179 105 120 0 186 0
amapchunkpl 152 291536 0 290734 116 81 35 48 0 158 0
amappl16 200 29071 0 28677 151 129 22 34 0 8 0
amappl15 192 2723 0 2712 1 0 1 1 0 8 0
amappl14 184 384 0 381 1 0 1 1 0 8 0
amappl13 176 1147 0 1143 1 0 1 1 0 8 0
amappl12 168 174 0 171 1 0 1 1 0 8 0
amappl11 160 994 0 980 1 0 1 1 0 8 0
amappl10 152 1456 0 1442 1 0 1 1 0 8 0
amappl9 144 2838 0 2833 1 0 1 1 0 8 0
amappl8 136 1417 0 1233 7 0 7 7 0 8 0
amappl7 128 183 0 171 1 0 1 1 0 8 0
amappl6 120 2627 0 2601 2 1 1 2 0 8 0
amappl5 112 9828 0 9802 1 0 1 1 0 8 0
amappl4 104 2257 0 2226 2 0 2 2 0 8 0
amappl3 96 1913 0 1898 1 0 1 1 0 8 0
amappl2 88 2146 0 2095 3 1 2 3 0 8 0
amappl1 80 170865 0 170217 20 5 15 18 0 8 0
amappl 88 118208 0 117929 9 1 8 8 0 92 1
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 132 0 2 3 0 3 3 0 8 0
uaddrrnd 24 9280 0 9245 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 9280 0 9245 1 0 1 1 0 8 0
vmmpekpl 168 80916 0 80859 3 0 3 3 0 8 0
vmmpepl 168 858614 0 855807 261 129 132 145 0 357 1
vmsppl 368 9279 0 9245 4 0 4 4 0 8 0
rwobjpl 56 219181 0 211633 117 6 111 111 0 8 0
pdppl 4096 18567 0 18490 265 184 81 91 0 8 4
pvpl 32 4566409 0 4545872 507 314 193 248 0 265 15
pmappl 248 9279 0 9245 4 1 3 3 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 1492 0 635 26 0 26 26 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff8258e8f2) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff82601511,ffffffff826271db,aae,ffffffff825bd978) at __assert+0x25 sys/kern/subr_prf.c:161
uvm_map_teardown(fffffd8068248b98) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2736
uvmspace_free(fffffd8068248b98) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
reaper(ffff8000210f9a40) at reaper+0x18b sys/kern/kern_exit.c:457
end trace frame: 0x0, count: -6
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_write_1(3f8,0,26) at x86_bus_space_io_write_1+0x31 sys/arch/amd64/amd64/bus_space.c:759
comcnputc(800,26) at comcnputc+0x128 bus_space_barrier machine/bus.h:481 [inline]
comcnputc(800,26) at comcnputc+0x128 sys/dev/ic/com.c:1263
cnputc(26) at cnputc+0x4b sys/dev/cons.c:239
db_putchar(26) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82607594) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff825a183e) at panic+0xd7 sys/kern/subr_prf.c:220
witness_checkorder(ffffffff82a73908,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd8067a64308) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd8067a64308) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd8067a641f0) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
end trace frame: 0xffff80002c7558e0, count: 0
ddb{1}> trace
x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_write_1(3f8,0,26) at x86_bus_space_io_write_1+0x31 sys/arch/amd64/amd64/bus_space.c:759
comcnputc(800,26) at comcnputc+0x128 bus_space_barrier machine/bus.h:481 [inline]
comcnputc(800,26) at comcnputc+0x128 sys/dev/ic/com.c:1263
cnputc(26) at cnputc+0x4b sys/dev/cons.c:239
db_putchar(26) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82607594) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff825a183e) at panic+0xd7 sys/kern/subr_prf.c:220
witness_checkorder(ffffffff82a73908,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff82a73700) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd8067a64308) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd8067a64308) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd8067a641f0) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
udp_sbappend(fffffd80682263b0,fffffd806ef6be00,fffffd807977f2b0,0,14,fffffd807977f2c4,833998a20bbebd1,0) at udp_sbappend+0x3b1 sys/netinet/udp_usrreq.c:638
udp_input(ffff80002c755bd8,ffff80002c755be4,11,2) at udp_input+0xbcb sys/netinet/udp_usrreq.c:427
ip_deliver(ffff80002c755bd8,ffff80002c755be4,11,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002c755bd8,ffff80002c755be4,ffff800021233000,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002c755bd8,ffff80002c755be4,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd807977f200) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd807977f200,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd805bfedc00,0,fffffd8068226560,0,0,fffffd80682264e8,be27a64ab3c6c3a1) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd805bfedc00,0,fffffd8068226560,0,0,fffffd80682264e8,be27a64ab3c6c3a1) at ip_output+0xb05 sys/netinet/ip_output.c:332
udp_output(fffffd80682264e8,fffffd805bfedc00,0,0) at udp_output+0x58d sys/netinet/udp_usrreq.c:1011
sosend(fffffd8067a643d0,0,ffff80002c755fe8,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582
dofilewritev(ffff800027abed20,4,ffff80002c755fe8,0,ffff80002c7560e0) at dofilewritev+0x19c sys/kern/sys_generic.c:381
sys_write(ffff800027abed20,ffff80002c756088,ffff80002c7560e0) at sys_write+0x83 sys/kern/sys_generic.c:301
syscall(ffff80002c756150) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002c756150) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x9d8633d53f0, count: -28
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Anton Lindqvist
Mar 22, 2022, 7:49:34 AM3/22/22
to syzbot, syzkaller-o...@googlegroups.com
#syz invalid
Reply all
Reply to author
Forward
0 new messages