panic: rw_enter: solock locking against myself (2)
0 views
Skip to first unread message
syzbot
Jun 25, 2023, 3:24:48 PM6/25/23
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 55a13683696a ec_local.h: move ec_group_simple_order_bits d..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16c73f00a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=98889375a114b35f0717
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ca31d9e761b5/disk-55a13683.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/64e7ffdc2c1c/bsd-55a13683.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/1c6b321cd1b7/kernel-55a13683.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+988893...@syzkaller.appspotmail.com
panic: rw_enter: solock locking against myself
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 4031 31733 32767 0x10 0x4000000 0K syz-executor.4
12866 98224 32767 0x10 0 1 syz-executor.7
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827dc239) at panic+0x17b sys/kern/subr_prf.c:198
rw_enter(fffffd8079bf1600,1) at rw_enter+0x482 rw_enter_diag sys/kern/kern_rwlock.c:183 [inline]
rw_enter(fffffd8079bf1600,1) at rw_enter+0x482 sys/kern/kern_rwlock.c:274
soisconnected(fffffd8079bf1bb0) at soisconnected+0x243 solock sys/kern/uipc_socket2.c:352 [inline]
soisconnected(fffffd8079bf1bb0) at soisconnected+0x243 sys/kern/uipc_socket2.c:111
unp_connect2(fffffd8079bf15f8,fffffd8079bf1bb0) at unp_connect2+0xca
unp_connect(fffffd8079bf15f8,fffffd806d4efa00,ffff80002128d8a0) at unp_connect+0x46d sys/kern/uipc_usrreq.c:908
sys_connect(ffff80002128d8a0,ffff80002e437800,ffff80002e437850) at sys_connect+0x207 sys/kern/uipc_syscalls.c:422
syscall(ffff80002e4378d0) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002e4378d0) at syscall+0x606 sys/arch/amd64/amd64/trap.c:632
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x44c1d4a1880, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: rw_enter: solock locking against myself
ddb{0}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827dc239) at panic+0x17b sys/kern/subr_prf.c:198
rw_enter(fffffd8079bf1600,1) at rw_enter+0x482 rw_enter_diag sys/kern/kern_rwlock.c:183 [inline]
rw_enter(fffffd8079bf1600,1) at rw_enter+0x482 sys/kern/kern_rwlock.c:274
soisconnected(fffffd8079bf1bb0) at soisconnected+0x243 solock sys/kern/uipc_socket2.c:352 [inline]
soisconnected(fffffd8079bf1bb0) at soisconnected+0x243 sys/kern/uipc_socket2.c:111
unp_connect2(fffffd8079bf15f8,fffffd8079bf1bb0) at unp_connect2+0xca
unp_connect(fffffd8079bf15f8,fffffd806d4efa00,ffff80002128d8a0) at unp_connect+0x46d sys/kern/uipc_usrreq.c:908
sys_connect(ffff80002128d8a0,ffff80002e437800,ffff80002e437850) at sys_connect+0x207 sys/kern/uipc_syscalls.c:422
syscall(ffff80002e4378d0) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002e4378d0) at syscall+0x606 sys/arch/amd64/amd64/trap.c:632
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x44c1d4a1880, count: -9
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002e437430
rbx 0xffffffff82bbbb8f cpu_info_full_primary+0x2b8f
rdx 0
rcx 0
rax 0xffff80002128d8a0
r8 0x101010101010101
r9 0x8080808080808080
r10 0x16a3da92924fadec
r11 0xec01338941455011
r12 0xffffffff82bbb990 cpu_info_full_primary+0x2990
r13 0
r14 0
r15 0x1
rip 0xffffffff82078dac db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff80002e437420
ss 0x10
db_enter+0x1c: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.4) pid=4031 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=32, usrpri=79, nice=20
forw=0xffffffffffffffff, list=0xffff800021237328,0xffff80002128c5a8
process=0xffff8000ffff90c8 user=0xffff80002e432000, vmspace=0xfffffd80089fe570
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
6386 489703 81439 32767 2 0x10 syz-executor.1
35559 285604 78170 32767 2 0x10 syz-executor.6
35559 71616 78170 32767 2 0x4000010 syz-executor.6
57364 8456 14234 32767 2 0x10 syz-executor.0
31733 373300 38826 32767 2 0x10 syz-executor.4
*31733 4031 38826 32767 7 0x4000010 syz-executor.4
31733 274767 38826 32767 3 0x4000090 fsleep syz-executor.4
31733 16870 38826 32767 3 0x4000090 fsleep syz-executor.4
70209 220657 98224 32767 2 0x10 syz-executor.7
70209 132184 98224 32767 3 0x4000090 ttyretype syz-executor.7
70209 278292 98224 32767 3 0x4000090 ttyretype syz-executor.7
67594 398748 34451 32767 2 0x10 syz-executor.5
98224 12866 59340 32767 7 0x10 syz-executor.7
59340 401192 32653 0 3 0x82 wait syz-executor.7
81439 455184 19527 32767 3 0x90 nanoslp syz-executor.1
19527 209246 32653 0 3 0x82 wait syz-executor.1
3266 319771 93197 32767 2 0x10 syz-executor.3
93197 270944 32653 0 3 0x82 wait syz-executor.3
14234 412522 53810 32767 2 0x10 syz-executor.0
53810 226039 32653 0 3 0x82 wait syz-executor.0
51068 12406 54507 32767 3 0x90 nanoslp syz-executor.2
54507 93698 32653 0 3 0x82 wait syz-executor.2
34451 156314 70351 32767 2 0x10 syz-executor.5
70351 258440 32653 0 3 0x82 wait syz-executor.5
38826 363588 54054 32767 3 0x90 nanoslp syz-executor.4
54054 392142 32653 0 3 0x82 wait syz-executor.4
78170 163246 18476 32767 3 0x90 nanoslp syz-executor.6
18476 323535 32653 0 3 0x82 wait syz-executor.6
87776 506896 0 0 3 0x14200 bored sosplice
32653 507543 40295 0 3 0x82 wait syz-fuzzer
32653 428787 40295 0 3 0x4000082 nanoslp syz-fuzzer
32653 191497 40295 0 3 0x4000082 thrsleep syz-fuzzer
32653 176682 40295 0 3 0x4000082 wait syz-fuzzer
32653 104029 40295 0 3 0x4000082 thrsleep syz-fuzzer
32653 351535 40295 0 3 0x4000082 thrsleep syz-fuzzer
32653 93575 40295 0 3 0x4000082 wait syz-fuzzer
32653 412564 40295 0 3 0x4000082 thrsleep syz-fuzzer
32653 257665 40295 0 3 0x4000082 wait syz-fuzzer
32653 323250 40295 0 3 0x4000082 wait syz-fuzzer
32653 513502 40295 0 3 0x4000082 wait syz-fuzzer
32653 304075 40295 0 3 0x4000082 thrsleep syz-fuzzer
32653 420180 40295 0 3 0x4000082 thrsleep syz-fuzzer
32653 29529 40295 0 3 0x4000082 wait syz-fuzzer
32653 187704 40295 0 3 0x4000082 wait syz-fuzzer
32653 401690 40295 0 3 0x4000082 kqread syz-fuzzer
40295 15305 6684 0 3 0x10008a sigsusp ksh
6684 513149 88269 0 3 0x9a kqread sshd
13967 302528 1 0 3 0x100083 ttyin getty
88269 384304 1 0 3 0x88 kqread sshd
75292 7768 10605 73 3 0x1100090 kqread syslogd
10605 219239 1 0 3 0x100082 netio syslogd
80834 203177 1 0 3 0x100080 kqread resolvd
3081 4371 67514 77 3 0x100092 kqread dhcpleased
78014 502852 67514 77 3 0x100092 kqread dhcpleased
67514 352969 1 0 3 0x80 kqread dhcpleased
13233 171327 0 0 3 0x14200 bored smr
37074 12375 0 0 2 0x14200 zerothread
10692 99887 0 0 3 0x14200 aiodoned aiodoned
7356 371530 0 0 3 0x14200 syncer update
94070 154085 0 0 3 0x14200 cleaner cleaner
22526 367550 0 0 3 0x14200 reaper reaper
86998 102634 0 0 3 0x14200 pgdaemon pagedaemon
28332 228807 0 0 3 0x14200 bored viomb
45728 282956 0 0 3 0x40014200 acpi0 acpi0
81918 133489 0 0 3 0x40014200 idle1
16218 155592 0 0 3 0x14200 bored softnet3
70579 115041 0 0 3 0x14200 bored softnet2
31472 174572 0 0 3 0x14200 bored softnet1
70536 207516 0 0 3 0x14200 bored softnet0
72104 454699 0 0 3 0x14200 bored systqmp
82333 37164 0 0 3 0x14200 bored systq
34171 50410 0 0 3 0x40014200 bored softclock
60482 394034 0 0 3 0x40014200 idle0
1 129664 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 31733 (syz-executor.4) thread 0xffff80002128d8a0 (4031)
exclusive rwlock solock r = 0 (0xfffffd8079bf1610)
#0 witness_lock+0x44d
#1 solock_pair+0x9f solock sys/kern/uipc_socket2.c:352 [inline]
#1 solock_pair+0x9f sys/kern/uipc_socket2.c:402
#2 unp_connect+0x395 sys/kern/uipc_usrreq.c:880
#3 sys_connect+0x207 sys/kern/uipc_syscalls.c:422
#4 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#4 syscall+0x606 sys/arch/amd64/amd64/trap.c:632
#5 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd805a7012c8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e5 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8f sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vget+0x200 sys/kern/vfs_subr.c:676
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1324
#8 ufs_lookup+0x122c sys/ufs/ufs/ufs_lookup.c:582
#9 VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x6f5 sys/kern/vfs_lookup.c:566
#11 namei+0x55a sys/kern/vfs_lookup.c:250
#12 unp_connect+0x1ce sys/kern/uipc_usrreq.c:841
#13 sys_connect+0x207 sys/kern/uipc_syscalls.c:422
#14 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#14 syscall+0x606 sys/arch/amd64/amd64/trap.c:632
#15 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82cd16d8)
#0 witness_lock+0x44d
#1 unp_connect+0x1c6 sys/kern/uipc_usrreq.c:841
#2 sys_connect+0x207 sys/kern/uipc_syscalls.c:422
#3 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#3 syscall+0x606 sys/arch/amd64/amd64/trap.c:632
#4 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10213 6412K 6419K 78643K 11407 0
pcb 13 12K 14K 78643K 17 0
rtable 246 7K 7K 78643K 3400 0
ifaddr 73 24K 25K 78643K 283 0
sysctl 3 1K 1K 78643K 3 0
counters 60 35K 35K 78643K 128 0
ioctlops 0 0K 2K 78643K 527 0
iov 0 0K 36K 78643K 6284 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1279 80K 80K 78643K 8425 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 706 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 1K 78643K 9698 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 24 89K 113K 78643K 36484 0
sigio 1 0K 0K 78643K 979 0
proc 56 78K 103K 78643K 3741 0
subproc 104 6K 6K 78643K 546 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 3201 0
in_multi 99 6K 7K 78643K 913 0
ether_multi 1 0K 0K 78643K 127 0
mrt 1 0K 0K 78643K 2 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 271 1208K 1208K 78643K 271 0
exec 0 0K 1K 78643K 6395 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 526 97K 993K 78643K 366327 0
UVM aobj 131 6K 6K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 4860 0
NDP 11 0K 2K 78643K 129 0
temp 124 5866K 5994K 78643K 88599 0
kqueue 13 20K 31K 78643K 2882 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 3534 0 3531 47 46 1 5 0 8 0
rtentry 112 525 0 409 4 0 4 4 0 8 0
unpcb 144 35273 0 35255 259 256 3 9 0 8 2
syncache 296 433 0 433 64 63 1 1 0 8 1
sackhl 24 1 0 1 1 1 0 1 0 8 0
tcpqe 32 478 0 478 49 48 1 1 0 8 1
tcpcb 776 24695 0 24689 509 504 5 15 0 8 4
arp 120 99 0 80 1 0 1 1 0 8 0
ipq 40 71 0 70 23 22 1 1 0 8 0
ipqe 40 489 0 486 23 22 1 1 0 8 0
inpcb 368 58094 0 58082 579 574 5 19 0 8 3
ip6q 72 3 0 3 1 1 0 1 0 8 0
ip6af 40 4 0 4 1 1 0 1 0 8 0
nd6 136 153 0 124 2 0 2 2 0 8 0
kcovpl 48 42 0 34 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 2094 0 1624 35 5 30 32 0 8 0
art_table 32 2095 0 1624 6 2 4 5 0 8 0
art_node 16 524 0 418 1 0 1 1 0 8 0
sysvmsgpl 40 3 0 0 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 9695 0 9685 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 50404 0 48918 94 0 94 94 0 8 0
ffsino 272 50404 0 48918 100 0 100 100 0 8 0
nchpl 144 99444 0 97803 63 0 63 63 0 8 0
uvmvnodes 80 6549 0 0 134 0 134 134 0 8 0
vnodes 216 6549 0 0 364 0 364 364 0 8 0
namei 1024 324882 0 324882 7 6 1 2 0 8 1
percpumem 16 77 0 34 1 0 1 1 0 8 0
kstatmem 264 90 0 68 2 0 2 2 0 8 0
scxspl 216 305375 0 305375 103 102 1 8 0 8 1
plimitpl 152 6469 0 6445 68 67 1 2 0 8 0
sigapl 424 36706 0 36652 7 0 7 7 0 8 0
futexpl 64 352672 0 352670 11 10 1 1 0 8 0
knotepl 120 1990 0 0 18 5 13 16 0 8 0
kqueuepl 216 8792 0 8783 152 151 1 5 0 8 0
pipepl 320 10822 0 10794 282 276 6 13 0 8 3
fdescpl 496 36688 0 36653 7 2 5 6 0 8 0
filepl 152 269385 0 269145 414 399 15 22 0 8 5
lockfpl 104 3953 0 3951 5 4 1 2 0 8 0
lockfspl 48 1168 0 1166 1 0 1 1 0 8 0
sessionpl 144 57 0 41 1 0 1 1 0 8 0
pgrppl 48 1207 0 1191 1 0 1 1 0 8 0
ucredpl 104 42279 0 42261 1 0 1 1 0 8 0
zombiepl 144 36653 0 36652 1 0 1 1 0 8 0
processpl 1072 36706 0 36652 4 0 4 4 0 8 0
procpl 696 105486 0 105411 59 51 8 10 0 8 0
sosppl 168 516 0 515 56 55 1 1 0 8 0
sockpl 488 98668 0 98638 1616 1604 12 38 0 8 8
mcl64k 65536 50 0 0 6 3 3 3 0 8 0
mcl16k 16384 25 0 0 3 0 3 3 0 8 0
mcl12k 12288 90 0 0 2 0 2 2 0 8 0
mcl9k 9216 49 0 0 2 0 2 2 0 8 0
mcl8k 8192 57 0 0 4 1 3 3 0 8 0
mcl4k 4096 68 0 0 6 4 2 5 0 8 0
mcl2k2 2112 13 0 0 1 0 1 1 0 8 0
mcl2k 2048 699 0 0 41 30 11 39 0 8 0
mtagpl 96 6 0 0 1 0 1 1 0 8 0
mbufpl 256 5807 0 0 300 0 300 300 0 8 0
bufpl 288 65738 0 59180 469 0 469 469 0 8 0
anonpl 24 3858463 0 3845656 264 156 108 137 0 186 0
amapchunkpl 152 2086411 0 2085533 9035 8994 41 4427 0 158 0
amappl16 200 79238 0 78884 350 327 23 44 0 8 0
amappl15 192 21 0 19 1 0 1 1 0 8 0
amappl14 184 260 0 246 2 1 1 2 0 8 0
amappl13 176 36 0 36 9 9 0 1 0 8 0
amappl12 168 37827 0 37789 2 0 2 2 0 8 0
amappl11 160 61 0 49 1 0 1 1 0 8 0
amappl10 152 86 0 68 1 0 1 1 0 8 0
amappl9 144 528 0 528 71 71 0 2 0 8 0
amappl8 136 1643 0 1351 11 0 11 11 0 8 0
amappl7 128 295 0 277 1 0 1 1 0 8 0
amappl6 120 961 0 936 2 1 1 2 0 8 0
amappl5 112 1079 0 1072 1 0 1 1 0 8 0
amappl4 104 1932 0 1889 2 0 2 2 0 8 0
amappl3 96 225092 0 225000 60 57 3 4 0 8 0
amappl2 88 38748 0 38668 4 2 2 3 0 8 0
amappl1 80 136983 0 136462 22 10 12 22 0 8 0
amappl 88 364120 0 363870 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 36688 0 36653 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 36688 0 36653 1 0 1 1 0 8 0
vmmpekpl 168 305968 0 305903 4 0 4 4 0 8 0
vmmpepl 168 2153942 0 2151230 529 394 135 152 0 357 3
vmsppl 464 36687 0 36653 7 2 5 6 0 8 0
rwobjpl 56 528574 0 520281 143 24 119 121 0 8 0
pdppl 4096 73384 0 73306 922 840 82 90 0 8 4
pvpl 32 10763542 0 10744547 1027 842 185 350 0 265 0
pmappl 248 36687 0 36653 4 1 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 2573 0 1465 33 0 33 33 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827dc239) at panic+0x17b sys/kern/subr_prf.c:198
rw_enter(fffffd8079bf1600,1) at rw_enter+0x482 rw_enter_diag sys/kern/kern_rwlock.c:183 [inline]
rw_enter(fffffd8079bf1600,1) at rw_enter+0x482 sys/kern/kern_rwlock.c:274
soisconnected(fffffd8079bf1bb0) at soisconnected+0x243 solock sys/kern/uipc_socket2.c:352 [inline]
soisconnected(fffffd8079bf1bb0) at soisconnected+0x243 sys/kern/uipc_socket2.c:111
unp_connect2(fffffd8079bf15f8,fffffd8079bf1bb0) at unp_connect2+0xca
unp_connect(fffffd8079bf15f8,fffffd806d4efa00,ffff80002128d8a0) at unp_connect+0x46d sys/kern/uipc_usrreq.c:908
sys_connect(ffff80002128d8a0,ffff80002e437800,ffff80002e437850) at sys_connect+0x207 sys/kern/uipc_syscalls.c:422
syscall(ffff80002e4378d0) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002e4378d0) at syscall+0x606 sys/arch/amd64/amd64/trap.c:632
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x44c1d4a1880, count: -9
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82cd14d0) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82cd14d0) at __mp_lock+0x129 sys/kern/kern_lock.c:147
syscall(ffff80002128b770) at syscall+0x5cd mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002128b770) at syscall+0x5cd sys/arch/amd64/amd64/trap.c:632
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x796fca8708d0, count: 9
ddb{1}> trace
x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82cd14d0) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82cd14d0) at __mp_lock+0x129 sys/kern/kern_lock.c:147
syscall(ffff80002128b770) at syscall+0x5cd mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002128b770) at syscall+0x5cd sys/arch/amd64/amd64/trap.c:632
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x796fca8708d0, count: -6
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 55a13683696a ec_local.h: move ec_group_simple_order_bits d..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16c73f00a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=98889375a114b35f0717
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ca31d9e761b5/disk-55a13683.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/64e7ffdc2c1c/bsd-55a13683.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/1c6b321cd1b7/kernel-55a13683.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+988893...@syzkaller.appspotmail.com
panic: rw_enter: solock locking against myself
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 4031 31733 32767 0x10 0x4000000 0K syz-executor.4
12866 98224 32767 0x10 0 1 syz-executor.7
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827dc239) at panic+0x17b sys/kern/subr_prf.c:198
rw_enter(fffffd8079bf1600,1) at rw_enter+0x482 rw_enter_diag sys/kern/kern_rwlock.c:183 [inline]
rw_enter(fffffd8079bf1600,1) at rw_enter+0x482 sys/kern/kern_rwlock.c:274
soisconnected(fffffd8079bf1bb0) at soisconnected+0x243 solock sys/kern/uipc_socket2.c:352 [inline]
soisconnected(fffffd8079bf1bb0) at soisconnected+0x243 sys/kern/uipc_socket2.c:111
unp_connect2(fffffd8079bf15f8,fffffd8079bf1bb0) at unp_connect2+0xca
unp_connect(fffffd8079bf15f8,fffffd806d4efa00,ffff80002128d8a0) at unp_connect+0x46d sys/kern/uipc_usrreq.c:908
sys_connect(ffff80002128d8a0,ffff80002e437800,ffff80002e437850) at sys_connect+0x207 sys/kern/uipc_syscalls.c:422
syscall(ffff80002e4378d0) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002e4378d0) at syscall+0x606 sys/arch/amd64/amd64/trap.c:632
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x44c1d4a1880, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: rw_enter: solock locking against myself
ddb{0}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827dc239) at panic+0x17b sys/kern/subr_prf.c:198
rw_enter(fffffd8079bf1600,1) at rw_enter+0x482 rw_enter_diag sys/kern/kern_rwlock.c:183 [inline]
rw_enter(fffffd8079bf1600,1) at rw_enter+0x482 sys/kern/kern_rwlock.c:274
soisconnected(fffffd8079bf1bb0) at soisconnected+0x243 solock sys/kern/uipc_socket2.c:352 [inline]
soisconnected(fffffd8079bf1bb0) at soisconnected+0x243 sys/kern/uipc_socket2.c:111
unp_connect2(fffffd8079bf15f8,fffffd8079bf1bb0) at unp_connect2+0xca
unp_connect(fffffd8079bf15f8,fffffd806d4efa00,ffff80002128d8a0) at unp_connect+0x46d sys/kern/uipc_usrreq.c:908
sys_connect(ffff80002128d8a0,ffff80002e437800,ffff80002e437850) at sys_connect+0x207 sys/kern/uipc_syscalls.c:422
syscall(ffff80002e4378d0) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002e4378d0) at syscall+0x606 sys/arch/amd64/amd64/trap.c:632
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x44c1d4a1880, count: -9
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002e437430
rbx 0xffffffff82bbbb8f cpu_info_full_primary+0x2b8f
rdx 0
rcx 0
rax 0xffff80002128d8a0
r8 0x101010101010101
r9 0x8080808080808080
r10 0x16a3da92924fadec
r11 0xec01338941455011
r12 0xffffffff82bbb990 cpu_info_full_primary+0x2990
r13 0
r14 0
r15 0x1
rip 0xffffffff82078dac db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff80002e437420
ss 0x10
db_enter+0x1c: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.4) pid=4031 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=32, usrpri=79, nice=20
forw=0xffffffffffffffff, list=0xffff800021237328,0xffff80002128c5a8
process=0xffff8000ffff90c8 user=0xffff80002e432000, vmspace=0xfffffd80089fe570
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
6386 489703 81439 32767 2 0x10 syz-executor.1
35559 285604 78170 32767 2 0x10 syz-executor.6
35559 71616 78170 32767 2 0x4000010 syz-executor.6
57364 8456 14234 32767 2 0x10 syz-executor.0
31733 373300 38826 32767 2 0x10 syz-executor.4
*31733 4031 38826 32767 7 0x4000010 syz-executor.4
31733 274767 38826 32767 3 0x4000090 fsleep syz-executor.4
31733 16870 38826 32767 3 0x4000090 fsleep syz-executor.4
70209 220657 98224 32767 2 0x10 syz-executor.7
70209 132184 98224 32767 3 0x4000090 ttyretype syz-executor.7
70209 278292 98224 32767 3 0x4000090 ttyretype syz-executor.7
67594 398748 34451 32767 2 0x10 syz-executor.5
98224 12866 59340 32767 7 0x10 syz-executor.7
59340 401192 32653 0 3 0x82 wait syz-executor.7
81439 455184 19527 32767 3 0x90 nanoslp syz-executor.1
19527 209246 32653 0 3 0x82 wait syz-executor.1
3266 319771 93197 32767 2 0x10 syz-executor.3
93197 270944 32653 0 3 0x82 wait syz-executor.3
14234 412522 53810 32767 2 0x10 syz-executor.0
53810 226039 32653 0 3 0x82 wait syz-executor.0
51068 12406 54507 32767 3 0x90 nanoslp syz-executor.2
54507 93698 32653 0 3 0x82 wait syz-executor.2
34451 156314 70351 32767 2 0x10 syz-executor.5
70351 258440 32653 0 3 0x82 wait syz-executor.5
38826 363588 54054 32767 3 0x90 nanoslp syz-executor.4
54054 392142 32653 0 3 0x82 wait syz-executor.4
78170 163246 18476 32767 3 0x90 nanoslp syz-executor.6
18476 323535 32653 0 3 0x82 wait syz-executor.6
87776 506896 0 0 3 0x14200 bored sosplice
32653 507543 40295 0 3 0x82 wait syz-fuzzer
32653 428787 40295 0 3 0x4000082 nanoslp syz-fuzzer
32653 191497 40295 0 3 0x4000082 thrsleep syz-fuzzer
32653 176682 40295 0 3 0x4000082 wait syz-fuzzer
32653 104029 40295 0 3 0x4000082 thrsleep syz-fuzzer
32653 351535 40295 0 3 0x4000082 thrsleep syz-fuzzer
32653 93575 40295 0 3 0x4000082 wait syz-fuzzer
32653 412564 40295 0 3 0x4000082 thrsleep syz-fuzzer
32653 257665 40295 0 3 0x4000082 wait syz-fuzzer
32653 323250 40295 0 3 0x4000082 wait syz-fuzzer
32653 513502 40295 0 3 0x4000082 wait syz-fuzzer
32653 304075 40295 0 3 0x4000082 thrsleep syz-fuzzer
32653 420180 40295 0 3 0x4000082 thrsleep syz-fuzzer
32653 29529 40295 0 3 0x4000082 wait syz-fuzzer
32653 187704 40295 0 3 0x4000082 wait syz-fuzzer
32653 401690 40295 0 3 0x4000082 kqread syz-fuzzer
40295 15305 6684 0 3 0x10008a sigsusp ksh
6684 513149 88269 0 3 0x9a kqread sshd
13967 302528 1 0 3 0x100083 ttyin getty
88269 384304 1 0 3 0x88 kqread sshd
75292 7768 10605 73 3 0x1100090 kqread syslogd
10605 219239 1 0 3 0x100082 netio syslogd
80834 203177 1 0 3 0x100080 kqread resolvd
3081 4371 67514 77 3 0x100092 kqread dhcpleased
78014 502852 67514 77 3 0x100092 kqread dhcpleased
67514 352969 1 0 3 0x80 kqread dhcpleased
13233 171327 0 0 3 0x14200 bored smr
37074 12375 0 0 2 0x14200 zerothread
10692 99887 0 0 3 0x14200 aiodoned aiodoned
7356 371530 0 0 3 0x14200 syncer update
94070 154085 0 0 3 0x14200 cleaner cleaner
22526 367550 0 0 3 0x14200 reaper reaper
86998 102634 0 0 3 0x14200 pgdaemon pagedaemon
28332 228807 0 0 3 0x14200 bored viomb
45728 282956 0 0 3 0x40014200 acpi0 acpi0
81918 133489 0 0 3 0x40014200 idle1
16218 155592 0 0 3 0x14200 bored softnet3
70579 115041 0 0 3 0x14200 bored softnet2
31472 174572 0 0 3 0x14200 bored softnet1
70536 207516 0 0 3 0x14200 bored softnet0
72104 454699 0 0 3 0x14200 bored systqmp
82333 37164 0 0 3 0x14200 bored systq
34171 50410 0 0 3 0x40014200 bored softclock
60482 394034 0 0 3 0x40014200 idle0
1 129664 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 31733 (syz-executor.4) thread 0xffff80002128d8a0 (4031)
exclusive rwlock solock r = 0 (0xfffffd8079bf1610)
#0 witness_lock+0x44d
#1 solock_pair+0x9f solock sys/kern/uipc_socket2.c:352 [inline]
#1 solock_pair+0x9f sys/kern/uipc_socket2.c:402
#2 unp_connect+0x395 sys/kern/uipc_usrreq.c:880
#3 sys_connect+0x207 sys/kern/uipc_syscalls.c:422
#4 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#4 syscall+0x606 sys/arch/amd64/amd64/trap.c:632
#5 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd805a7012c8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e5 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8f sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vget+0x200 sys/kern/vfs_subr.c:676
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1324
#8 ufs_lookup+0x122c sys/ufs/ufs/ufs_lookup.c:582
#9 VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x6f5 sys/kern/vfs_lookup.c:566
#11 namei+0x55a sys/kern/vfs_lookup.c:250
#12 unp_connect+0x1ce sys/kern/uipc_usrreq.c:841
#13 sys_connect+0x207 sys/kern/uipc_syscalls.c:422
#14 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#14 syscall+0x606 sys/arch/amd64/amd64/trap.c:632
#15 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82cd16d8)
#0 witness_lock+0x44d
#1 unp_connect+0x1c6 sys/kern/uipc_usrreq.c:841
#2 sys_connect+0x207 sys/kern/uipc_syscalls.c:422
#3 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#3 syscall+0x606 sys/arch/amd64/amd64/trap.c:632
#4 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10213 6412K 6419K 78643K 11407 0
pcb 13 12K 14K 78643K 17 0
rtable 246 7K 7K 78643K 3400 0
ifaddr 73 24K 25K 78643K 283 0
sysctl 3 1K 1K 78643K 3 0
counters 60 35K 35K 78643K 128 0
ioctlops 0 0K 2K 78643K 527 0
iov 0 0K 36K 78643K 6284 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1279 80K 80K 78643K 8425 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 706 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 1K 78643K 9698 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 24 89K 113K 78643K 36484 0
sigio 1 0K 0K 78643K 979 0
proc 56 78K 103K 78643K 3741 0
subproc 104 6K 6K 78643K 546 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 3201 0
in_multi 99 6K 7K 78643K 913 0
ether_multi 1 0K 0K 78643K 127 0
mrt 1 0K 0K 78643K 2 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 271 1208K 1208K 78643K 271 0
exec 0 0K 1K 78643K 6395 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 526 97K 993K 78643K 366327 0
UVM aobj 131 6K 6K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 4860 0
NDP 11 0K 2K 78643K 129 0
temp 124 5866K 5994K 78643K 88599 0
kqueue 13 20K 31K 78643K 2882 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 3534 0 3531 47 46 1 5 0 8 0
rtentry 112 525 0 409 4 0 4 4 0 8 0
unpcb 144 35273 0 35255 259 256 3 9 0 8 2
syncache 296 433 0 433 64 63 1 1 0 8 1
sackhl 24 1 0 1 1 1 0 1 0 8 0
tcpqe 32 478 0 478 49 48 1 1 0 8 1
tcpcb 776 24695 0 24689 509 504 5 15 0 8 4
arp 120 99 0 80 1 0 1 1 0 8 0
ipq 40 71 0 70 23 22 1 1 0 8 0
ipqe 40 489 0 486 23 22 1 1 0 8 0
inpcb 368 58094 0 58082 579 574 5 19 0 8 3
ip6q 72 3 0 3 1 1 0 1 0 8 0
ip6af 40 4 0 4 1 1 0 1 0 8 0
nd6 136 153 0 124 2 0 2 2 0 8 0
kcovpl 48 42 0 34 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 2094 0 1624 35 5 30 32 0 8 0
art_table 32 2095 0 1624 6 2 4 5 0 8 0
art_node 16 524 0 418 1 0 1 1 0 8 0
sysvmsgpl 40 3 0 0 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 9695 0 9685 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 50404 0 48918 94 0 94 94 0 8 0
ffsino 272 50404 0 48918 100 0 100 100 0 8 0
nchpl 144 99444 0 97803 63 0 63 63 0 8 0
uvmvnodes 80 6549 0 0 134 0 134 134 0 8 0
vnodes 216 6549 0 0 364 0 364 364 0 8 0
namei 1024 324882 0 324882 7 6 1 2 0 8 1
percpumem 16 77 0 34 1 0 1 1 0 8 0
kstatmem 264 90 0 68 2 0 2 2 0 8 0
scxspl 216 305375 0 305375 103 102 1 8 0 8 1
plimitpl 152 6469 0 6445 68 67 1 2 0 8 0
sigapl 424 36706 0 36652 7 0 7 7 0 8 0
futexpl 64 352672 0 352670 11 10 1 1 0 8 0
knotepl 120 1990 0 0 18 5 13 16 0 8 0
kqueuepl 216 8792 0 8783 152 151 1 5 0 8 0
pipepl 320 10822 0 10794 282 276 6 13 0 8 3
fdescpl 496 36688 0 36653 7 2 5 6 0 8 0
filepl 152 269385 0 269145 414 399 15 22 0 8 5
lockfpl 104 3953 0 3951 5 4 1 2 0 8 0
lockfspl 48 1168 0 1166 1 0 1 1 0 8 0
sessionpl 144 57 0 41 1 0 1 1 0 8 0
pgrppl 48 1207 0 1191 1 0 1 1 0 8 0
ucredpl 104 42279 0 42261 1 0 1 1 0 8 0
zombiepl 144 36653 0 36652 1 0 1 1 0 8 0
processpl 1072 36706 0 36652 4 0 4 4 0 8 0
procpl 696 105486 0 105411 59 51 8 10 0 8 0
sosppl 168 516 0 515 56 55 1 1 0 8 0
sockpl 488 98668 0 98638 1616 1604 12 38 0 8 8
mcl64k 65536 50 0 0 6 3 3 3 0 8 0
mcl16k 16384 25 0 0 3 0 3 3 0 8 0
mcl12k 12288 90 0 0 2 0 2 2 0 8 0
mcl9k 9216 49 0 0 2 0 2 2 0 8 0
mcl8k 8192 57 0 0 4 1 3 3 0 8 0
mcl4k 4096 68 0 0 6 4 2 5 0 8 0
mcl2k2 2112 13 0 0 1 0 1 1 0 8 0
mcl2k 2048 699 0 0 41 30 11 39 0 8 0
mtagpl 96 6 0 0 1 0 1 1 0 8 0
mbufpl 256 5807 0 0 300 0 300 300 0 8 0
bufpl 288 65738 0 59180 469 0 469 469 0 8 0
anonpl 24 3858463 0 3845656 264 156 108 137 0 186 0
amapchunkpl 152 2086411 0 2085533 9035 8994 41 4427 0 158 0
amappl16 200 79238 0 78884 350 327 23 44 0 8 0
amappl15 192 21 0 19 1 0 1 1 0 8 0
amappl14 184 260 0 246 2 1 1 2 0 8 0
amappl13 176 36 0 36 9 9 0 1 0 8 0
amappl12 168 37827 0 37789 2 0 2 2 0 8 0
amappl11 160 61 0 49 1 0 1 1 0 8 0
amappl10 152 86 0 68 1 0 1 1 0 8 0
amappl9 144 528 0 528 71 71 0 2 0 8 0
amappl8 136 1643 0 1351 11 0 11 11 0 8 0
amappl7 128 295 0 277 1 0 1 1 0 8 0
amappl6 120 961 0 936 2 1 1 2 0 8 0
amappl5 112 1079 0 1072 1 0 1 1 0 8 0
amappl4 104 1932 0 1889 2 0 2 2 0 8 0
amappl3 96 225092 0 225000 60 57 3 4 0 8 0
amappl2 88 38748 0 38668 4 2 2 3 0 8 0
amappl1 80 136983 0 136462 22 10 12 22 0 8 0
amappl 88 364120 0 363870 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 36688 0 36653 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 36688 0 36653 1 0 1 1 0 8 0
vmmpekpl 168 305968 0 305903 4 0 4 4 0 8 0
vmmpepl 168 2153942 0 2151230 529 394 135 152 0 357 3
vmsppl 464 36687 0 36653 7 2 5 6 0 8 0
rwobjpl 56 528574 0 520281 143 24 119 121 0 8 0
pdppl 4096 73384 0 73306 922 840 82 90 0 8 4
pvpl 32 10763542 0 10744547 1027 842 185 350 0 265 0
pmappl 248 36687 0 36653 4 1 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 2573 0 1465 33 0 33 33 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827dc239) at panic+0x17b sys/kern/subr_prf.c:198
rw_enter(fffffd8079bf1600,1) at rw_enter+0x482 rw_enter_diag sys/kern/kern_rwlock.c:183 [inline]
rw_enter(fffffd8079bf1600,1) at rw_enter+0x482 sys/kern/kern_rwlock.c:274
soisconnected(fffffd8079bf1bb0) at soisconnected+0x243 solock sys/kern/uipc_socket2.c:352 [inline]
soisconnected(fffffd8079bf1bb0) at soisconnected+0x243 sys/kern/uipc_socket2.c:111
unp_connect2(fffffd8079bf15f8,fffffd8079bf1bb0) at unp_connect2+0xca
unp_connect(fffffd8079bf15f8,fffffd806d4efa00,ffff80002128d8a0) at unp_connect+0x46d sys/kern/uipc_usrreq.c:908
sys_connect(ffff80002128d8a0,ffff80002e437800,ffff80002e437850) at sys_connect+0x207 sys/kern/uipc_syscalls.c:422
syscall(ffff80002e4378d0) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002e4378d0) at syscall+0x606 sys/arch/amd64/amd64/trap.c:632
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x44c1d4a1880, count: -9
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82cd14d0) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82cd14d0) at __mp_lock+0x129 sys/kern/kern_lock.c:147
syscall(ffff80002128b770) at syscall+0x5cd mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002128b770) at syscall+0x5cd sys/arch/amd64/amd64/trap.c:632
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x796fca8708d0, count: 9
ddb{1}> trace
x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82cd14d0) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82cd14d0) at __mp_lock+0x129 sys/kern/kern_lock.c:147
syscall(ffff80002128b770) at syscall+0x5cd mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002128b770) at syscall+0x5cd sys/arch/amd64/amd64/trap.c:632
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x796fca8708d0, count: -6
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jun 25, 2023, 4:41:41 PM6/25/23
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 55a13683696a ec_local.h: move ec_group_simple_order_bits d..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1189aa77280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ca31d9e761b5/disk-55a13683.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/64e7ffdc2c1c/bsd-55a13683.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/1c6b321cd1b7/kernel-55a13683.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+988893...@syzkaller.appspotmail.com
panic: rw_enter: solock locking against myself
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*370344 56681 32767 0x10 0x4000000 1K syz-executor.3
6403 72085 0 0x14000 0x200 0 zerothread
rw_enter(fffffd806f0e13e0,1) at rw_enter+0x482 sys/kern/kern_rwlock.c:274
soisconnected(fffffd8069800050) at soisconnected+0x243 solock sys/kern/uipc_socket2.c:352 [inline]
soisconnected(fffffd8069800050) at soisconnected+0x243 sys/kern/uipc_socket2.c:111
unp_connect2(fffffd806f0e13d8,fffffd8069800050) at unp_connect2+0xca
unp_connect(fffffd806f0e13d8,fffffd806d212000,ffff8000212355e8) at unp_connect+0x46d sys/kern/uipc_usrreq.c:908
sys_connect(ffff8000212355e8,ffff8000212a1070,ffff8000212a10c0) at sys_connect+0x207 sys/kern/uipc_syscalls.c:422
syscall(ffff8000212a1140) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff8000212a1140) at syscall+0x606 sys/arch/amd64/amd64/trap.c:632
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: rw_enter: solock locking against myself
ddb{1}> trace
rw_enter(fffffd806f0e13e0,1) at rw_enter+0x482 sys/kern/kern_rwlock.c:274
soisconnected(fffffd8069800050) at soisconnected+0x243 solock sys/kern/uipc_socket2.c:352 [inline]
soisconnected(fffffd8069800050) at soisconnected+0x243 sys/kern/uipc_socket2.c:111
unp_connect2(fffffd806f0e13d8,fffffd8069800050) at unp_connect2+0xca
unp_connect(fffffd806f0e13d8,fffffd806d212000,ffff8000212355e8) at unp_connect+0x46d sys/kern/uipc_usrreq.c:908
sys_connect(ffff8000212355e8,ffff8000212a1070,ffff8000212a10c0) at sys_connect+0x207 sys/kern/uipc_syscalls.c:422
syscall(ffff8000212a1140) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff8000212a1140) at syscall+0x606 sys/arch/amd64/amd64/trap.c:632
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff8000212a0ca0
rbx 0xffff800020d59b8f
rdx 0x3fd
rcx 0
rax 0x2f
r8 0x101010101010101
r9 0x8080808080808080
r10 0xaeb501b9592c2306
r11 0x24985fb9720657e
r12 0xffff800020d59990
PROC (syz-executor.3) pid=370344 stat=onproc
forw=0xffffffffffffffff, list=0xffff800021294858,0xffff8000211d98d8
process=0xffff8000ffff65c8 user=0xffff80002129c000, vmspace=0xfffffd806953e3c8
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
26040 382218 56921 32767 3 0x4000090 fsleep syz-executor.4
26040 257063 56921 32767 3 0x4000090 fsleep syz-executor.4
26040 457494 56921 32767 3 0x4000090 fsleep syz-executor.4
56681 232549 7329 32767 2 0x10 syz-executor.3
*56681 370344 7329 32767 7 0x4000010 syz-executor.3
56681 469444 7329 32767 3 0x4000090 fsleep syz-executor.3
56681 257411 7329 32767 3 0x4000090 fsleep syz-executor.3
66262 379399 75455 32767 2 0x10 syz-executor.5
66262 132088 75455 32767 3 0x4000090 fsleep syz-executor.5
66262 59980 75455 32767 3 0x4000090 fsleep syz-executor.5
66262 77473 75455 32767 3 0x4000090 fsleep syz-executor.5
72159 57104 90130 32767 3 0x90 nanoslp syz-executor.2
75455 433846 38792 32767 3 0x90 nanoslp syz-executor.5
56916 284737 73907 32767 3 0x10 biowait syz-executor.7
73907 339099 86172 0 3 0x82 wait syz-executor.7
38792 176053 86172 0 3 0x82 wait syz-executor.5
3784 62031 50908 32767 3 0x90 nanoslp syz-executor.1
90130 171273 86172 0 3 0x82 wait syz-executor.2
50908 420043 86172 0 3 0x82 wait syz-executor.1
56921 297752 35827 32767 3 0x90 nanoslp syz-executor.4
7329 182262 49874 32767 3 0x90 nanoslp syz-executor.3
35827 489863 86172 0 3 0x82 wait syz-executor.4
7774 218422 29817 32767 3 0x10 biowait syz-executor.6
49874 218223 86172 0 3 0x82 wait syz-executor.3
29817 346327 86172 0 3 0x82 wait syz-executor.6
30546 378753 74915 32767 3 0x90 nanoslp syz-executor.0
74915 86982 86172 0 3 0x82 wait syz-executor.0
86172 435716 15998 0 3 0x82 thrsleep syz-execprog
86172 520224 15998 0 3 0x4000082 nanoslp syz-execprog
86172 208459 15998 0 3 0x4000082 wait syz-execprog
86172 137504 15998 0 3 0x4000082 wait syz-execprog
86172 141933 15998 0 3 0x4000082 wait syz-execprog
86172 330591 15998 0 3 0x4000082 thrsleep syz-execprog
86172 295182 15998 0 3 0x4000082 wait syz-execprog
86172 124673 15998 0 3 0x4000082 wait syz-execprog
86172 307622 15998 0 3 0x4000082 wait syz-execprog
86172 191646 15998 0 3 0x4000082 thrsleep syz-execprog
86172 523761 15998 0 3 0x4000082 wait syz-execprog
86172 289126 15998 0 3 0x4000082 kqread syz-execprog
86172 297228 15998 0 3 0x4000082 wait syz-execprog
86172 279157 15998 0 3 0x4000082 thrsleep syz-execprog
86172 279958 15998 0 3 0x4000082 thrsleep syz-execprog
86172 145092 15998 0 3 0x4000082 thrsleep syz-execprog
15998 165891 74593 0 3 0x10008a sigsusp ksh
74593 147156 11346 0 3 0x9a kqread sshd
23146 352669 1 0 3 0x100083 ttyin getty
11346 15057 1 0 3 0x88 kqread sshd
99353 59547 9963 73 3 0x1100090 kqread syslogd
9963 102066 1 0 3 0x100082 netio syslogd
60598 222466 1 0 3 0x100080 kqread resolvd
92191 93159 28671 77 3 0x100092 kqread dhcpleased
70087 48024 28671 77 3 0x100092 kqread dhcpleased
28671 357189 1 0 3 0x80 kqread dhcpleased
26897 371929 0 0 3 0x14200 bored smr
72085 6403 0 0 7 0x14200 zerothread
78412 230325 0 0 3 0x14200 aiodoned aiodoned
7533 373109 0 0 3 0x14200 syncer update
20560 181823 0 0 3 0x14200 cleaner cleaner
36934 123221 0 0 3 0x14200 reaper reaper
36694 485937 0 0 3 0x14200 pgdaemon pagedaemon
82080 180703 0 0 3 0x14200 bored viomb
61626 213725 0 0 3 0x40014200 acpi0 acpi0
41225 397307 0 0 3 0x40014200 idle1
45648 289082 0 0 3 0x14200 bored softnet3
42655 519677 0 0 3 0x14200 bored softnet2
71229 92413 0 0 3 0x14200 bored softnet1
42931 327799 0 0 3 0x14200 bored softnet0
82618 30432 0 0 3 0x14200 bored systqmp
23301 380158 0 0 3 0x14200 bored systq
31919 437144 0 0 3 0x40014200 bored softclock
10000 390737 0 0 3 0x40014200 idle0
1 358327 0 0 3 0x82 wait init
Process 56681 (syz-executor.3) thread 0xffff8000212355e8 (370344)
exclusive rwlock solock r = 0 (0xfffffd806f0e13f0)
#0 witness_lock+0x44d
#1 unp_connect+0x395 sys/kern/uipc_usrreq.c:880
exclusive rrwlock inode r = 0 (0xfffffd8072c7d4d8)
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1353
#6 ffs_inode_alloc+0x1c2 sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_mkdir+0xf8 sys/ufs/ufs/ufs_vnops.c:1149
#8 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
#9 domkdirat+0x125 sys/kern/vfs_syscalls.c:3074
#10 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#10 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:632
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8069a0e708)
#6 namei+0x55a sys/kern/vfs_lookup.c:250
#7 domkdirat+0x79 sys/kern/vfs_syscalls.c:3059
#8 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#8 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:632
#9 Xsyscall+0x128
Process 7774 (syz-executor.6) thread 0xffff800021235330 (218422)
exclusive rrwlock inode r = 0 (0xfffffd8072c7d3c8)
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1353
#6 ffs_inode_alloc+0x1c2 sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_mkdir+0xf8 sys/ufs/ufs/ufs_vnops.c:1149
#8 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
#9 domkdirat+0x125 sys/kern/vfs_syscalls.c:3074
#10 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#10 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:632
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8072c1a1b0)
#6 namei+0x55a sys/kern/vfs_lookup.c:250
#7 domkdirat+0x79 sys/kern/vfs_syscalls.c:3059
#8 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#8 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:632
#9 Xsyscall+0x128
ddb{1}> show malloc
pcb 13 8K 8K 78643K 13 0
rtable 234 6K 6K 78643K 350 0
ifaddr 73 24K 24K 78643K 75 0
counters 60 35K 35K 78643K 60 0
ioctlops 0 0K 2K 78643K 29 0
proc 56 78K 103K 78643K 471 0
ether_multi 1 0K 0K 78643K 1 0
exec 0 0K 1K 78643K 364 0
UVM aobj 3 2K 2K 78643K 3 0
temp 51 5850K 5914K 78643K 37012 0
kqueue 12 18K 18K 78643K 25 0
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 55a13683696a ec_local.h: move ec_group_simple_order_bits d..
git tree: openbsd
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=98889375a114b35f0717
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16fe98c7280000
dashboard link: https://syzkaller.appspot.com/bug?extid=98889375a114b35f0717
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ca31d9e761b5/disk-55a13683.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/64e7ffdc2c1c/bsd-55a13683.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/1c6b321cd1b7/kernel-55a13683.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+988893...@syzkaller.appspotmail.com
panic: rw_enter: solock locking against myself
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
6403 72085 0 0x14000 0x200 0 zerothread
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827dc239) at panic+0x17b sys/kern/subr_prf.c:198
rw_enter(fffffd806f0e13e0,1) at rw_enter+0x482 rw_enter_diag sys/kern/kern_rwlock.c:183 [inline]
panic(ffffffff827dc239) at panic+0x17b sys/kern/subr_prf.c:198
rw_enter(fffffd806f0e13e0,1) at rw_enter+0x482 sys/kern/kern_rwlock.c:274
soisconnected(fffffd8069800050) at soisconnected+0x243 solock sys/kern/uipc_socket2.c:352 [inline]
soisconnected(fffffd8069800050) at soisconnected+0x243 sys/kern/uipc_socket2.c:111
unp_connect2(fffffd806f0e13d8,fffffd8069800050) at unp_connect2+0xca
unp_connect(fffffd806f0e13d8,fffffd806d212000,ffff8000212355e8) at unp_connect+0x46d sys/kern/uipc_usrreq.c:908
sys_connect(ffff8000212355e8,ffff8000212a1070,ffff8000212a10c0) at sys_connect+0x207 sys/kern/uipc_syscalls.c:422
syscall(ffff8000212a1140) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff8000212a1140) at syscall+0x606 sys/arch/amd64/amd64/trap.c:632
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xad453b621f0, count: 6
end of kernel
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: rw_enter: solock locking against myself
ddb{1}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827dc239) at panic+0x17b sys/kern/subr_prf.c:198
rw_enter(fffffd806f0e13e0,1) at rw_enter+0x482 rw_enter_diag sys/kern/kern_rwlock.c:183 [inline]
panic(ffffffff827dc239) at panic+0x17b sys/kern/subr_prf.c:198
rw_enter(fffffd806f0e13e0,1) at rw_enter+0x482 sys/kern/kern_rwlock.c:274
soisconnected(fffffd8069800050) at soisconnected+0x243 solock sys/kern/uipc_socket2.c:352 [inline]
soisconnected(fffffd8069800050) at soisconnected+0x243 sys/kern/uipc_socket2.c:111
unp_connect2(fffffd806f0e13d8,fffffd8069800050) at unp_connect2+0xca
unp_connect(fffffd806f0e13d8,fffffd806d212000,ffff8000212355e8) at unp_connect+0x46d sys/kern/uipc_usrreq.c:908
sys_connect(ffff8000212355e8,ffff8000212a1070,ffff8000212a10c0) at sys_connect+0x207 sys/kern/uipc_syscalls.c:422
syscall(ffff8000212a1140) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff8000212a1140) at syscall+0x606 sys/arch/amd64/amd64/trap.c:632
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xad453b621f0, count: -9
end of kernel
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff8000212a0ca0
rbx 0xffff800020d59b8f
rdx 0x3fd
rcx 0
rax 0x2f
r8 0x101010101010101
r9 0x8080808080808080
r10 0xaeb501b9592c2306
r11 0x24985fb9720657e
r12 0xffff800020d59990
r13 0
r14 0
r15 0x1
rip 0xffffffff82078dac db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff8000212a0c90
r14 0
r15 0x1
rip 0xffffffff82078dac db_enter+0x1c
cs 0x8
rflags 0x246
ss 0x10
db_enter+0x1c: addq $0x8,%rsp
ddb{1}> show proc
db_enter+0x1c: addq $0x8,%rsp
PROC (syz-executor.3) pid=370344 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800021294858,0xffff8000211d98d8
process=0xffff8000ffff65c8 user=0xffff80002129c000, vmspace=0xfffffd806953e3c8
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
26040 436876 56921 32767 3 0x90 nanoslp syz-executor.4
26040 382218 56921 32767 3 0x4000090 fsleep syz-executor.4
26040 257063 56921 32767 3 0x4000090 fsleep syz-executor.4
26040 457494 56921 32767 3 0x4000090 fsleep syz-executor.4
56681 232549 7329 32767 2 0x10 syz-executor.3
*56681 370344 7329 32767 7 0x4000010 syz-executor.3
56681 469444 7329 32767 3 0x4000090 fsleep syz-executor.3
56681 257411 7329 32767 3 0x4000090 fsleep syz-executor.3
66262 379399 75455 32767 2 0x10 syz-executor.5
66262 132088 75455 32767 3 0x4000090 fsleep syz-executor.5
66262 59980 75455 32767 3 0x4000090 fsleep syz-executor.5
66262 77473 75455 32767 3 0x4000090 fsleep syz-executor.5
72159 57104 90130 32767 3 0x90 nanoslp syz-executor.2
75455 433846 38792 32767 3 0x90 nanoslp syz-executor.5
56916 284737 73907 32767 3 0x10 biowait syz-executor.7
73907 339099 86172 0 3 0x82 wait syz-executor.7
38792 176053 86172 0 3 0x82 wait syz-executor.5
3784 62031 50908 32767 3 0x90 nanoslp syz-executor.1
90130 171273 86172 0 3 0x82 wait syz-executor.2
50908 420043 86172 0 3 0x82 wait syz-executor.1
56921 297752 35827 32767 3 0x90 nanoslp syz-executor.4
7329 182262 49874 32767 3 0x90 nanoslp syz-executor.3
35827 489863 86172 0 3 0x82 wait syz-executor.4
7774 218422 29817 32767 3 0x10 biowait syz-executor.6
49874 218223 86172 0 3 0x82 wait syz-executor.3
29817 346327 86172 0 3 0x82 wait syz-executor.6
30546 378753 74915 32767 3 0x90 nanoslp syz-executor.0
74915 86982 86172 0 3 0x82 wait syz-executor.0
86172 435716 15998 0 3 0x82 thrsleep syz-execprog
86172 520224 15998 0 3 0x4000082 nanoslp syz-execprog
86172 208459 15998 0 3 0x4000082 wait syz-execprog
86172 137504 15998 0 3 0x4000082 wait syz-execprog
86172 141933 15998 0 3 0x4000082 wait syz-execprog
86172 330591 15998 0 3 0x4000082 thrsleep syz-execprog
86172 295182 15998 0 3 0x4000082 wait syz-execprog
86172 124673 15998 0 3 0x4000082 wait syz-execprog
86172 307622 15998 0 3 0x4000082 wait syz-execprog
86172 191646 15998 0 3 0x4000082 thrsleep syz-execprog
86172 523761 15998 0 3 0x4000082 wait syz-execprog
86172 289126 15998 0 3 0x4000082 kqread syz-execprog
86172 297228 15998 0 3 0x4000082 wait syz-execprog
86172 279157 15998 0 3 0x4000082 thrsleep syz-execprog
86172 279958 15998 0 3 0x4000082 thrsleep syz-execprog
86172 145092 15998 0 3 0x4000082 thrsleep syz-execprog
15998 165891 74593 0 3 0x10008a sigsusp ksh
74593 147156 11346 0 3 0x9a kqread sshd
23146 352669 1 0 3 0x100083 ttyin getty
11346 15057 1 0 3 0x88 kqread sshd
99353 59547 9963 73 3 0x1100090 kqread syslogd
9963 102066 1 0 3 0x100082 netio syslogd
60598 222466 1 0 3 0x100080 kqread resolvd
92191 93159 28671 77 3 0x100092 kqread dhcpleased
70087 48024 28671 77 3 0x100092 kqread dhcpleased
28671 357189 1 0 3 0x80 kqread dhcpleased
26897 371929 0 0 3 0x14200 bored smr
72085 6403 0 0 7 0x14200 zerothread
78412 230325 0 0 3 0x14200 aiodoned aiodoned
7533 373109 0 0 3 0x14200 syncer update
20560 181823 0 0 3 0x14200 cleaner cleaner
36934 123221 0 0 3 0x14200 reaper reaper
36694 485937 0 0 3 0x14200 pgdaemon pagedaemon
82080 180703 0 0 3 0x14200 bored viomb
61626 213725 0 0 3 0x40014200 acpi0 acpi0
41225 397307 0 0 3 0x40014200 idle1
45648 289082 0 0 3 0x14200 bored softnet3
42655 519677 0 0 3 0x14200 bored softnet2
71229 92413 0 0 3 0x14200 bored softnet1
42931 327799 0 0 3 0x14200 bored softnet0
82618 30432 0 0 3 0x14200 bored systqmp
23301 380158 0 0 3 0x14200 bored systq
31919 437144 0 0 3 0x40014200 bored softclock
10000 390737 0 0 3 0x40014200 idle0
1 358327 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 56681 (syz-executor.3) thread 0xffff8000212355e8 (370344)
exclusive rwlock solock r = 0 (0xfffffd806f0e13f0)
#0 witness_lock+0x44d
#1 unp_connect+0x395 sys/kern/uipc_usrreq.c:880
#2 sys_connect+0x207 sys/kern/uipc_syscalls.c:422
#3 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#3 syscall+0x606 sys/arch/amd64/amd64/trap.c:632
#4 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8072c7db38)
#3 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#3 syscall+0x606 sys/arch/amd64/amd64/trap.c:632
#4 Xsyscall+0x128
#0 witness_lock+0x44d
#1 rw_enter+0x3e5 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8f sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vget+0x200 sys/kern/vfs_subr.c:676
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1324
#8 ufs_lookup+0x122c sys/ufs/ufs/ufs_lookup.c:582
#9 VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x6f5 sys/kern/vfs_lookup.c:566
#11 namei+0x55a sys/kern/vfs_lookup.c:250
#12 unp_connect+0x1ce sys/kern/uipc_usrreq.c:841
#13 sys_connect+0x207 sys/kern/uipc_syscalls.c:422
#14 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#14 syscall+0x606 sys/arch/amd64/amd64/trap.c:632
#15 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82cd16d8)
#0 witness_lock+0x44d
#1 unp_connect+0x1c6 sys/kern/uipc_usrreq.c:841
#2 sys_connect+0x207 sys/kern/uipc_syscalls.c:422
#3 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#3 syscall+0x606 sys/arch/amd64/amd64/trap.c:632
#4 Xsyscall+0x128
Process 56916 (syz-executor.7) thread 0xffff800021295080 (284737)
#1 rw_enter+0x3e5 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8f sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vget+0x200 sys/kern/vfs_subr.c:676
#6 ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7 ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1324
#8 ufs_lookup+0x122c sys/ufs/ufs/ufs_lookup.c:582
#9 VOP_LOOKUP+0x5c sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x6f5 sys/kern/vfs_lookup.c:566
#11 namei+0x55a sys/kern/vfs_lookup.c:250
#12 unp_connect+0x1ce sys/kern/uipc_usrreq.c:841
#13 sys_connect+0x207 sys/kern/uipc_syscalls.c:422
#14 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#14 syscall+0x606 sys/arch/amd64/amd64/trap.c:632
#15 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82cd16d8)
#0 witness_lock+0x44d
#1 unp_connect+0x1c6 sys/kern/uipc_usrreq.c:841
#2 sys_connect+0x207 sys/kern/uipc_syscalls.c:422
#3 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#3 syscall+0x606 sys/arch/amd64/amd64/trap.c:632
#4 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8072c7d4d8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e5 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8f sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 ufs_ihashins+0x46 sys/ufs/ufs/ufs_ihash.c:140
#1 rw_enter+0x3e5 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8f sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1353
#6 ffs_inode_alloc+0x1c2 sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_mkdir+0xf8 sys/ufs/ufs/ufs_vnops.c:1149
#8 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
#9 domkdirat+0x125 sys/kern/vfs_syscalls.c:3074
#10 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#10 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:632
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8069a0e708)
#0 witness_lock+0x44d
#1 rw_enter+0x3e5 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8f sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd5 sys/kern/vfs_lookup.c:418
#1 rw_enter+0x3e5 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8f sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#6 namei+0x55a sys/kern/vfs_lookup.c:250
#7 domkdirat+0x79 sys/kern/vfs_syscalls.c:3059
#8 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#8 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:632
#9 Xsyscall+0x128
Process 7774 (syz-executor.6) thread 0xffff800021235330 (218422)
exclusive rrwlock inode r = 0 (0xfffffd8072c7d3c8)
#0 witness_lock+0x44d
#1 rw_enter+0x3e5 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8f sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 ufs_ihashins+0x46 sys/ufs/ufs/ufs_ihash.c:140
#1 rw_enter+0x3e5 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8f sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1353
#6 ffs_inode_alloc+0x1c2 sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_mkdir+0xf8 sys/ufs/ufs/ufs_vnops.c:1149
#8 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
#9 domkdirat+0x125 sys/kern/vfs_syscalls.c:3074
#10 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#10 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:632
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8072c1a1b0)
#0 witness_lock+0x44d
#1 rw_enter+0x3e5 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8f sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd5 sys/kern/vfs_lookup.c:418
#1 rw_enter+0x3e5 sys/kern/kern_rwlock.c:310
#2 rrw_enter+0x8f sys/kern/kern_rwlock.c:465
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#6 namei+0x55a sys/kern/vfs_lookup.c:250
#7 domkdirat+0x79 sys/kern/vfs_syscalls.c:3059
#8 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#8 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:632
#9 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10171 6406K 6419K 78643K 11261 0
pcb 13 8K 8K 78643K 13 0
rtable 234 6K 6K 78643K 350 0
ifaddr 73 24K 24K 78643K 75 0
counters 60 35K 35K 78643K 60 0
ioctlops 0 0K 2K 78643K 29 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1174 73K 74K 78643K 1187 0
log 0 0K 0K 78643K 4 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
UFS mount 5 36K 36K 78643K 5 0
VM map 2 1K 1K 78643K 2 0
sem 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 21 77K 117K 78643K 16645 0
ACPI 1697 195K 286K 78643K 12548 0
proc 56 78K 103K 78643K 471 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 99 6K 6K 78643K 99 0
NFS daemon 1 16K 16K 78643K 1 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 25 122K 122K 78643K 25 0
MSDOSFS mount 1 16K 16K 78643K 1 0
exec 0 0K 1K 78643K 364 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 280 77K 79K 78643K 206935 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM aobj 3 2K 2K 78643K 3 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 11 0K 2K 78643K 27 0
crypto data 1 1K 1K 78643K 1 0
temp 51 5850K 5914K 78643K 37012 0
kqueue 12 18K 18K 78643K 25 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Apr 7, 2024, 3:27:13 PMApr 7
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
No recent activity, existing reproducers are no longer triggering the issue.
No recent activity, existing reproducers are no longer triggering the issue.
Reply all
Reply to author
Forward
0 new messages