uvm_fault: mtx_enter
3 views
Skip to first unread message
syzbot
Apr 10, 2025, 8:12:24 PM4/10/25
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 5990a1963d9d Fix a double-free in iked(8) and isakmpd(8) i..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10300a3f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=012f107f543805943a64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e9055d0d55fe/disk-5990a196.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/5b9c64f3262c/bsd-5990a196.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/fac4c3d2c19d/kernel-5990a196.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+012f10...@syzkaller.appspotmail.com
uvm_fault(0xfffffd806ef21710, 0x18, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at mtx_enter+0x59: movq 0(%r14),%rax
TID PID UID PRFLAGS PFLAGS CPU COMMAND
mtx_enter(18) at mtx_enter+0x59 sys/kern/kern_lock.c:303
clockintr_unbind(ffff8000014cb330,1) at clockintr_unbind+0x56 sys/kern/kern_clockintr.c:375
dt_ioctl_record_stop(ffff8000014a3f80) at dt_ioctl_record_stop+0xbc sys/dev/dt/dt_dev.c:575
dtclose(11e5f,81,2000,ffff80003390dc58) at dtclose+0xd5 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(11e5f,81,2000,ffff80003390dc58) at dtclose+0xd5 sys/dev/dt/dt_dev.c:232
spec_close(ffff80002a8e2d20) at spec_close+0x45f sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd8066a69e78,81,fffffd807f7d7820,ffff80003390dc58) at VOP_CLOSE+0x12a sys/kern/vfs_vops.c:156
vn_closefile(fffffd806c4f3bc8,ffff80003390dc58) at vn_closefile+0x11d vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd806c4f3bc8,ffff80003390dc58) at vn_closefile+0x11d sys/kern/vfs_vnops.c:615
fdrop(fffffd806c4f3bc8,ffff80003390dc58) at fdrop+0x126 sys/kern/kern_descrip.c:1265
closef(fffffd806c4f3bc8,ffff80003390dc58) at closef+0x18d sys/kern/kern_descrip.c:1249
fdfree(ffff80003390dc58) at fdfree+0x115 sys/kern/kern_descrip.c:1181
exit1(ffff80003390dc58,0,0,1) at exit1+0x58f sys/kern/kern_exit.c:214
sys_exit(ffff80003390dc58,ffff80002a8e3090,ffff80002a8e2fe0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a8e3090) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a8e3090) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7b5683edb7a0, count: 1
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xfffffd806ef21710, 0x18, 0, 1) -> e
ddb> trace
mtx_enter(18) at mtx_enter+0x59 sys/kern/kern_lock.c:303
clockintr_unbind(ffff8000014cb330,1) at clockintr_unbind+0x56 sys/kern/kern_clockintr.c:375
dt_ioctl_record_stop(ffff8000014a3f80) at dt_ioctl_record_stop+0xbc sys/dev/dt/dt_dev.c:575
dtclose(11e5f,81,2000,ffff80003390dc58) at dtclose+0xd5 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(11e5f,81,2000,ffff80003390dc58) at dtclose+0xd5 sys/dev/dt/dt_dev.c:232
spec_close(ffff80002a8e2d20) at spec_close+0x45f sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd8066a69e78,81,fffffd807f7d7820,ffff80003390dc58) at VOP_CLOSE+0x12a sys/kern/vfs_vops.c:156
vn_closefile(fffffd806c4f3bc8,ffff80003390dc58) at vn_closefile+0x11d vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd806c4f3bc8,ffff80003390dc58) at vn_closefile+0x11d sys/kern/vfs_vnops.c:615
fdrop(fffffd806c4f3bc8,ffff80003390dc58) at fdrop+0x126 sys/kern/kern_descrip.c:1265
closef(fffffd806c4f3bc8,ffff80003390dc58) at closef+0x18d sys/kern/kern_descrip.c:1249
fdfree(ffff80003390dc58) at fdfree+0x115 sys/kern/kern_descrip.c:1181
exit1(ffff80003390dc58,0,0,1) at exit1+0x58f sys/kern/kern_exit.c:214
sys_exit(ffff80003390dc58,ffff80002a8e3090,ffff80002a8e2fe0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a8e3090) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a8e3090) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7b5683edb7a0, count: -14
ddb> show registers
rdi 0
rsi 0
rbp 0xffff80002a8e2bd0
rbx 0xffffffff832100a0 dtclose
rdx 0
rcx 0xffff80003390dc58
rax 0xffff80003390dc58
r8 0
r9 0
r10 0xdea2a2e0d116e408
r11 0xc5868d2ddf04a812
r12 0
r13 0
r14 0x18
r15 0
rip 0xffffffff82a40fe9 mtx_enter+0x59
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002a8e2ba0
ss 0x10
mtx_enter+0x59: movq 0(%r14),%rax
ddb> show proc
PROC (syz-executor) tid=242580 pid=86882 tcnt=0 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
runpri=32, usrpri=83, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0xffff80003390dc58 scnt=-1 ecnt=1
forw=0xffffffffffffffff, list=0xffff80003390cf88,0xffff80003390c2c8
process=0xffff8000ffff88c0 user=0xffff80002a8de000, vmspace=0xfffffd806ef21710
estcpu=33, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
32638 157317 53355 0 2 0 syz-executor
66712 267752 74038 0 2 0 syz-executor
66712 160706 74038 0 2 0x4000000 syz-executor
4796 101053 96529 0 3 0 futex syz-executor
4796 307226 96529 0 2 0x4000000 syz-executor
4796 279834 96529 0 3 0x4000080 fsleep syz-executor
69010 102599 99868 0 3 0 futex syz-executor
69010 80510 99868 0 2 0x4000000 syz-executor
69010 329237 99868 0 3 0x4000080 fsleep syz-executor
69010 193371 99868 0 3 0x4000080 fsleep syz-executor
39488 478464 73166 0 3 0 vmmaplk syz-executor
39488 132732 73166 0 2 0x4000000 syz-executor
73166 479216 14674 0 3 0x82 wait syz-executor
83310 320933 0 0 3 0x14280 nfsidl nfsio
79441 49228 0 0 3 0x14280 nfsidl nfsio
23721 54931 0 0 3 0x14280 nfsidl nfsio
54375 333347 0 0 3 0x14280 nfsidl nfsio
15410 64415 0 0 3 0x14280 nfsidl nfsio
63557 57539 0 0 3 0x14280 nfsidl nfsio
50011 438837 0 0 3 0x14280 nfsidl nfsio
89749 486963 0 0 3 0x14280 nfsidl nfsio
45759 401465 0 0 3 0x14280 nfsidl nfsio
40547 478494 0 0 3 0x14280 nfsidl nfsio
41789 491681 0 0 3 0x14280 nfsidl nfsio
23058 52571 0 0 3 0x14280 nfsidl nfsio
12529 448584 0 0 3 0x14280 nfsidl nfsio
57581 406016 0 0 3 0x14280 nfsidl nfsio
15304 196071 0 0 3 0x14280 nfsidl nfsio
7607 39898 0 0 3 0x14280 nfsidl nfsio
57133 14147 0 0 3 0x14280 nfsidl nfsio
365 256682 0 0 3 0x14280 nfsidl nfsio
29044 61694 0 0 3 0x14280 nfsidl nfsio
85651 437610 0 0 3 0x14280 nfsidl nfsio
60920 400275 1 0 3 0x100083 ttyin getty
53355 104807 14674 0 3 0x82 nanoslp syz-executor
27025 477941 14674 0 3 0x82 nanoslp syz-executor
74038 271587 14674 0 3 0x82 nanoslp syz-executor
40664 15697 0 0 3 0x14200 bored sosplice
99868 422670 14674 0 3 0x82 nanoslp syz-executor
78063 348275 14674 0 2 0x2 syz-executor
96529 404626 14674 0 3 0x82 nanoslp syz-executor
80780 68108 14674 0 3 0x82 nanoslp syz-executor
14674 481690 20765 0 3 0x82 kqread syz-executor
20765 215671 88443 0 3 0x10008a sigsusp ksh
88443 508443 28095 0 3 0x98 kqread sshd-session
28095 460838 9282 0 3 0x92 kqread sshd-session
9282 360416 1 0 3 0x88 kqread sshd
73180 228542 93252 73 3 0x1100090 kqread syslogd
93252 32712 1 0 3 0x100082 sbwait syslogd
28953 16595 1 0 3 0x100080 kqread resolvd
44714 413767 1825 77 3 0x100092 kqread dhcpleased
71841 229598 1825 77 3 0x100092 kqread dhcpleased
1825 233659 1 0 3 0x80 kqread dhcpleased
17975 5097 0 0 3 0x14200 bored smr
15731 395726 0 0 2 0x14200 zerothread
73061 91560 0 0 3 0x14200 aiodoned aiodoned
75796 245522 0 0 3 0x14200 syncer update
54569 230674 0 0 3 0x14200 cleaner cleaner
2166 115028 0 0 2 0x14200 reaper
17660 311804 0 0 3 0x14200 pgdaemon pagedaemon
51640 69692 0 0 3 0x14200 bored viomb
11211 104383 0 0 3 0x40014200 acpi0 acpi0
56721 334667 0 0 3 0x14200 bored softnet3
73062 73648 0 0 3 0x14200 bored softnet2
5477 300147 0 0 3 0x14200 bored softnet1
37624 372780 0 0 3 0x14200 bored softnet0
16216 360860 0 0 3 0x14200 bored systqmp
65692 54901 0 0 3 0x14200 bored systq
28365 333094 0 0 3 0x40014200 tmoslp softclock
23735 248998 0 0 3 0x40014200 idle0
1 522925 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10189 11082K 11669K 166960K 14274 0
pcb 17 14K 14K 166960K 347 0
rtable 208 9K 10K 166960K 655 0
pf 27 12K 17K 166960K 208 0
ifaddr 33 6K 7K 166960K 113 0
ifgroup 42 1K 2K 166960K 192 0
sysctl 4 1K 1K 166960K 4 0
counters 28 17K 17K 166960K 95 0
ioctlops 0 0K 4K 166960K 389 0
iov 0 0K 16K 166960K 316 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1462 92K 92K 166960K 3062 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 35 0
VM map 2 1K 1K 166960K 2 0
sem 23 16K 32K 166960K 143 0
dirhash 12 2K 2K 166960K 63 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 240K 166960K 2115 0
sigio 0 0K 0K 166960K 56 0
proc 62 67K 124K 166960K 772 0
subproc 72 4K 4K 166960K 110 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 424 0
in_multi 74 5K 7K 166960K 211 0
ether_multi 1 0K 0K 166960K 18 0
mrt 1 0K 0K 166960K 7 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 85 387K 387K 166960K 85 0
exec 0 0K 2K 166960K 737 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 4 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 232 153K 173K 166960K 19195 0
UVM aobj 93 8K 8K 166960K 97 0
pinsyscall 38 76K 100K 166960K 3224 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 122 0
NDP 9 0K 2K 166960K 79 0
temp 77 8684K 8812K 166960K 97423 0
kqueue 16 26K 30K 166960K 317 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 163 0 160 1 0 1 1 0 8 0
rtentry 136 206 0 117 4 0 4 4 0 8 0
unpcb 144 1805 0 1786 9 8 1 6 0 8 0
syncache 336 9 0 9 2 2 0 1 0 8 0
tcpqe 32 9 0 9 2 2 0 1 0 8 0
tcpcb 808 571 0 564 11 9 2 8 0 8 1
arp 88 35 0 18 1 0 1 1 0 8 0
ipq 40 9 0 6 1 0 1 1 0 8 0
ipqe 40 14 0 11 1 0 1 1 0 8 0
inpcb 344 1943 0 1931 15 13 2 8 0 8 0
nd6 104 46 0 25 1 0 1 1 0 8 0
pkpcb 40 11 0 11 3 3 0 1 0 8 0
kcovpl 48 12 0 4 1 0 1 1 0 8 0
ppxss 1072 44 0 44 3 2 1 1 0 8 1
pppxif 1384 5 0 5 2 2 0 1 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfqueue 320 1 0 1 1 1 0 1 0 8 0
rttmr 136 1 0 1 1 1 0 1 0 8 0
art_heap8 4096 4 0 0 4 0 4 4 0 8 0
art_heap4 256 774 0 419 33 7 26 30 0 8 2
art_table 32 778 0 419 4 0 4 4 0 8 0
art_node 16 198 0 120 1 0 1 1 0 8 0
sysvmsgpl 40 13 0 8 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 132 0 111 1 0 1 1 0 8 0
shmpl 112 94 0 4 3 0 3 3 0 8 0
dirhash 1024 53 0 36 3 0 3 3 0 8 0
dino2pl 256 5093 0 3595 95 0 95 95 0 8 0
ffsino 248 5093 0 3595 95 0 95 95 0 8 0
nchpl 144 8007 0 6316 64 0 64 64 0 8 0
rtmask 32 11 0 11 1 1 0 1 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 30973 0 30973 4 3 1 2 0 8 1
kstatmem 264 110 0 92 2 0 2 2 0 8 0
scsiplug 72 4 0 4 3 2 1 1 0 8 1
scxspl 216 24394 0 24394 9 8 1 8 1 8 1
plimitpl 152 625 0 609 1 0 1 1 0 8 0
sigapl 424 2373 0 2307 9 1 8 8 0 8 0
futexpl 64 30580 0 30576 1 0 1 1 0 8 0
knotepl 120 749555 0 749261 33 23 10 17 0 8 1
kqueuepl 184 722 0 709 3 2 1 3 0 8 0
pipepl 296 320 0 293 5 2 3 5 0 8 0
fdescpl 440 2332 0 2303 5 1 4 5 0 8 0
filepl 120 16783 0 16565 16 7 9 14 0 8 0
lockfpl 104 628 0 624 1 0 1 1 0 8 0
lockfspl 48 220 0 217 1 0 1 1 0 8 0
sessionpl 144 34 0 26 1 0 1 1 0 8 0
pgrppl 48 143 0 127 1 0 1 1 0 8 0
ucredpl 104 4009 0 3998 1 0 1 1 0 8 0
zombiepl 144 2364 0 2362 2 1 1 1 0 8 0
processpl 1112 2374 0 2307 5 0 5 5 0 8 0
procpl 656 5202 0 5127 7 0 7 7 0 8 0
sosppl 168 17 0 17 3 2 1 1 0 8 1
sockpl 528 4049 0 4016 24 21 3 14 0 8 0
mcl64k 65536 185 0 184 1 0 1 1 0 8 0
mcl16k 16384 7 0 7 2 1 1 1 0 8 1
mcl9k 9216 3 0 3 1 1 0 1 0 8 0
mcl8k 8192 31 0 31 4 3 1 1 0 8 1
mcl4k 4096 5069 0 5017 14 6 8 13 0 8 1
mcl2k2 2112 3 0 3 2 2 0 1 0 8 0
mcl2k 2048 2164 0 2157 4 2 2 3 0 8 0
mtagpl 96 188 0 72 4 0 4 4 0 8 0
mbufpl 256 31576 0 31310 28 7 21 28 0 8 0
bufpl 280 8545 0 2318 446 0 446 446 0 8 0
anonpl 24 327236 0 312857 104 16 88 100 0 187 0
amapchunkpl 152 67049 0 66484 69 29 40 42 0 158 12
amappl16 200 6628 0 6002 43 10 33 40 0 8 0
amappl15 192 3 0 3 1 1 0 1 0 8 0
amappl14 184 127 0 117 1 0 1 1 0 8 0
amappl13 176 17 0 17 1 1 0 1 0 8 0
amappl12 168 2999 0 2970 3 1 2 3 0 8 0
amappl11 160 42 0 31 1 0 1 1 0 8 0
amappl10 152 6 0 6 1 1 0 1 0 8 0
amappl9 144 250 0 249 1 0 1 1 0 8 0
amappl8 136 23 0 20 1 0 1 1 0 8 0
amappl7 128 114 0 103 1 0 1 1 0 8 0
amappl6 120 245 0 241 1 0 1 1 0 8 0
amappl5 112 202 0 195 1 0 1 1 0 8 0
amappl4 104 334 0 317 1 0 1 1 0 8 0
amappl3 96 13706 0 13602 4 0 4 4 0 8 0
amappl2 88 712 0 656 2 0 2 2 0 8 0
amappl1 80 17491 0 16942 14 1 13 14 0 8 0
amappl 88 17988 0 17822 5 0 5 5 0 92 0
dma16384 16384 1 0 1 1 0 1 1 0 8 1
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 2 0 1 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 254 0 254 2 1 1 1 0 8 1
dma64 64 8 0 8 2 2 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 19 0 18 1 0 1 1 0 8 0
aobjpl 72 96 0 4 2 0 2 2 0 8 0
uaddrrnd 24 2332 0 2303 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2332 0 2303 1 0 1 1 0 8 0
vmmpekpl 168 18057 0 17998 3 0 3 3 0 8 0
vmmpepl 168 149353 0 146875 118 7 111 115 0 357 0
vmsppl 360 2331 0 2303 4 1 3 4 0 8 0
rwobjpl 32 42847 0 35379 61 0 61 61 0 8 0
pdppl 4096 4671 0 4606 125 58 67 83 0 8 2
pvpl 32 957335 0 937528 203 40 163 190 0 265 0
pmappl 216 2331 0 2303 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 334 0 100 8 0 8 8 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
mtx_enter(18) at mtx_enter+0x59 sys/kern/kern_lock.c:303
clockintr_unbind(ffff8000014cb330,1) at clockintr_unbind+0x56 sys/kern/kern_clockintr.c:375
dt_ioctl_record_stop(ffff8000014a3f80) at dt_ioctl_record_stop+0xbc sys/dev/dt/dt_dev.c:575
dtclose(11e5f,81,2000,ffff80003390dc58) at dtclose+0xd5 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(11e5f,81,2000,ffff80003390dc58) at dtclose+0xd5 sys/dev/dt/dt_dev.c:232
spec_close(ffff80002a8e2d20) at spec_close+0x45f sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd8066a69e78,81,fffffd807f7d7820,ffff80003390dc58) at VOP_CLOSE+0x12a sys/kern/vfs_vops.c:156
vn_closefile(fffffd806c4f3bc8,ffff80003390dc58) at vn_closefile+0x11d vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd806c4f3bc8,ffff80003390dc58) at vn_closefile+0x11d sys/kern/vfs_vnops.c:615
fdrop(fffffd806c4f3bc8,ffff80003390dc58) at fdrop+0x126 sys/kern/kern_descrip.c:1265
closef(fffffd806c4f3bc8,ffff80003390dc58) at closef+0x18d sys/kern/kern_descrip.c:1249
fdfree(ffff80003390dc58) at fdfree+0x115 sys/kern/kern_descrip.c:1181
exit1(ffff80003390dc58,0,0,1) at exit1+0x58f sys/kern/kern_exit.c:214
sys_exit(ffff80003390dc58,ffff80002a8e3090,ffff80002a8e2fe0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a8e3090) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a8e3090) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7b5683edb7a0, count: -14
ddb> machine ddbcpu 1
No such command
ddb> trace
mtx_enter(18) at mtx_enter+0x59 sys/kern/kern_lock.c:303
clockintr_unbind(ffff8000014cb330,1) at clockintr_unbind+0x56 sys/kern/kern_clockintr.c:375
dt_ioctl_record_stop(ffff8000014a3f80) at dt_ioctl_record_stop+0xbc sys/dev/dt/dt_dev.c:575
dtclose(11e5f,81,2000,ffff80003390dc58) at dtclose+0xd5 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(11e5f,81,2000,ffff80003390dc58) at dtclose+0xd5 sys/dev/dt/dt_dev.c:232
spec_close(ffff80002a8e2d20) at spec_close+0x45f sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd8066a69e78,81,fffffd807f7d7820,ffff80003390dc58) at VOP_CLOSE+0x12a sys/kern/vfs_vops.c:156
vn_closefile(fffffd806c4f3bc8,ffff80003390dc58) at vn_closefile+0x11d vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd806c4f3bc8,ffff80003390dc58) at vn_closefile+0x11d sys/kern/vfs_vnops.c:615
fdrop(fffffd806c4f3bc8,ffff80003390dc58) at fdrop+0x126 sys/kern/kern_descrip.c:1265
closef(fffffd806c4f3bc8,ffff80003390dc58) at closef+0x18d sys/kern/kern_descrip.c:1249
fdfree(ffff80003390dc58) at fdfree+0x115 sys/kern/kern_descrip.c:1181
exit1(ffff80003390dc58,0,0,1) at exit1+0x58f sys/kern/kern_exit.c:214
sys_exit(ffff80003390dc58,ffff80002a8e3090,ffff80002a8e2fe0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a8e3090) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a8e3090) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7b5683edb7a0, count: -14
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 5990a1963d9d Fix a double-free in iked(8) and isakmpd(8) i..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10300a3f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=012f107f543805943a64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e9055d0d55fe/disk-5990a196.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/5b9c64f3262c/bsd-5990a196.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/fac4c3d2c19d/kernel-5990a196.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+012f10...@syzkaller.appspotmail.com
uvm_fault(0xfffffd806ef21710, 0x18, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at mtx_enter+0x59: movq 0(%r14),%rax
TID PID UID PRFLAGS PFLAGS CPU COMMAND
mtx_enter(18) at mtx_enter+0x59 sys/kern/kern_lock.c:303
clockintr_unbind(ffff8000014cb330,1) at clockintr_unbind+0x56 sys/kern/kern_clockintr.c:375
dt_ioctl_record_stop(ffff8000014a3f80) at dt_ioctl_record_stop+0xbc sys/dev/dt/dt_dev.c:575
dtclose(11e5f,81,2000,ffff80003390dc58) at dtclose+0xd5 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(11e5f,81,2000,ffff80003390dc58) at dtclose+0xd5 sys/dev/dt/dt_dev.c:232
spec_close(ffff80002a8e2d20) at spec_close+0x45f sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd8066a69e78,81,fffffd807f7d7820,ffff80003390dc58) at VOP_CLOSE+0x12a sys/kern/vfs_vops.c:156
vn_closefile(fffffd806c4f3bc8,ffff80003390dc58) at vn_closefile+0x11d vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd806c4f3bc8,ffff80003390dc58) at vn_closefile+0x11d sys/kern/vfs_vnops.c:615
fdrop(fffffd806c4f3bc8,ffff80003390dc58) at fdrop+0x126 sys/kern/kern_descrip.c:1265
closef(fffffd806c4f3bc8,ffff80003390dc58) at closef+0x18d sys/kern/kern_descrip.c:1249
fdfree(ffff80003390dc58) at fdfree+0x115 sys/kern/kern_descrip.c:1181
exit1(ffff80003390dc58,0,0,1) at exit1+0x58f sys/kern/kern_exit.c:214
sys_exit(ffff80003390dc58,ffff80002a8e3090,ffff80002a8e2fe0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a8e3090) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a8e3090) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7b5683edb7a0, count: 1
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xfffffd806ef21710, 0x18, 0, 1) -> e
ddb> trace
mtx_enter(18) at mtx_enter+0x59 sys/kern/kern_lock.c:303
clockintr_unbind(ffff8000014cb330,1) at clockintr_unbind+0x56 sys/kern/kern_clockintr.c:375
dt_ioctl_record_stop(ffff8000014a3f80) at dt_ioctl_record_stop+0xbc sys/dev/dt/dt_dev.c:575
dtclose(11e5f,81,2000,ffff80003390dc58) at dtclose+0xd5 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(11e5f,81,2000,ffff80003390dc58) at dtclose+0xd5 sys/dev/dt/dt_dev.c:232
spec_close(ffff80002a8e2d20) at spec_close+0x45f sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd8066a69e78,81,fffffd807f7d7820,ffff80003390dc58) at VOP_CLOSE+0x12a sys/kern/vfs_vops.c:156
vn_closefile(fffffd806c4f3bc8,ffff80003390dc58) at vn_closefile+0x11d vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd806c4f3bc8,ffff80003390dc58) at vn_closefile+0x11d sys/kern/vfs_vnops.c:615
fdrop(fffffd806c4f3bc8,ffff80003390dc58) at fdrop+0x126 sys/kern/kern_descrip.c:1265
closef(fffffd806c4f3bc8,ffff80003390dc58) at closef+0x18d sys/kern/kern_descrip.c:1249
fdfree(ffff80003390dc58) at fdfree+0x115 sys/kern/kern_descrip.c:1181
exit1(ffff80003390dc58,0,0,1) at exit1+0x58f sys/kern/kern_exit.c:214
sys_exit(ffff80003390dc58,ffff80002a8e3090,ffff80002a8e2fe0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a8e3090) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a8e3090) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7b5683edb7a0, count: -14
ddb> show registers
rdi 0
rsi 0
rbp 0xffff80002a8e2bd0
rbx 0xffffffff832100a0 dtclose
rdx 0
rcx 0xffff80003390dc58
rax 0xffff80003390dc58
r8 0
r9 0
r10 0xdea2a2e0d116e408
r11 0xc5868d2ddf04a812
r12 0
r13 0
r14 0x18
r15 0
rip 0xffffffff82a40fe9 mtx_enter+0x59
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002a8e2ba0
ss 0x10
mtx_enter+0x59: movq 0(%r14),%rax
ddb> show proc
PROC (syz-executor) tid=242580 pid=86882 tcnt=0 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
runpri=32, usrpri=83, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0xffff80003390dc58 scnt=-1 ecnt=1
forw=0xffffffffffffffff, list=0xffff80003390cf88,0xffff80003390c2c8
process=0xffff8000ffff88c0 user=0xffff80002a8de000, vmspace=0xfffffd806ef21710
estcpu=33, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
32638 157317 53355 0 2 0 syz-executor
66712 267752 74038 0 2 0 syz-executor
66712 160706 74038 0 2 0x4000000 syz-executor
4796 101053 96529 0 3 0 futex syz-executor
4796 307226 96529 0 2 0x4000000 syz-executor
4796 279834 96529 0 3 0x4000080 fsleep syz-executor
69010 102599 99868 0 3 0 futex syz-executor
69010 80510 99868 0 2 0x4000000 syz-executor
69010 329237 99868 0 3 0x4000080 fsleep syz-executor
69010 193371 99868 0 3 0x4000080 fsleep syz-executor
39488 478464 73166 0 3 0 vmmaplk syz-executor
39488 132732 73166 0 2 0x4000000 syz-executor
73166 479216 14674 0 3 0x82 wait syz-executor
83310 320933 0 0 3 0x14280 nfsidl nfsio
79441 49228 0 0 3 0x14280 nfsidl nfsio
23721 54931 0 0 3 0x14280 nfsidl nfsio
54375 333347 0 0 3 0x14280 nfsidl nfsio
15410 64415 0 0 3 0x14280 nfsidl nfsio
63557 57539 0 0 3 0x14280 nfsidl nfsio
50011 438837 0 0 3 0x14280 nfsidl nfsio
89749 486963 0 0 3 0x14280 nfsidl nfsio
45759 401465 0 0 3 0x14280 nfsidl nfsio
40547 478494 0 0 3 0x14280 nfsidl nfsio
41789 491681 0 0 3 0x14280 nfsidl nfsio
23058 52571 0 0 3 0x14280 nfsidl nfsio
12529 448584 0 0 3 0x14280 nfsidl nfsio
57581 406016 0 0 3 0x14280 nfsidl nfsio
15304 196071 0 0 3 0x14280 nfsidl nfsio
7607 39898 0 0 3 0x14280 nfsidl nfsio
57133 14147 0 0 3 0x14280 nfsidl nfsio
365 256682 0 0 3 0x14280 nfsidl nfsio
29044 61694 0 0 3 0x14280 nfsidl nfsio
85651 437610 0 0 3 0x14280 nfsidl nfsio
60920 400275 1 0 3 0x100083 ttyin getty
53355 104807 14674 0 3 0x82 nanoslp syz-executor
27025 477941 14674 0 3 0x82 nanoslp syz-executor
74038 271587 14674 0 3 0x82 nanoslp syz-executor
40664 15697 0 0 3 0x14200 bored sosplice
99868 422670 14674 0 3 0x82 nanoslp syz-executor
78063 348275 14674 0 2 0x2 syz-executor
96529 404626 14674 0 3 0x82 nanoslp syz-executor
80780 68108 14674 0 3 0x82 nanoslp syz-executor
14674 481690 20765 0 3 0x82 kqread syz-executor
20765 215671 88443 0 3 0x10008a sigsusp ksh
88443 508443 28095 0 3 0x98 kqread sshd-session
28095 460838 9282 0 3 0x92 kqread sshd-session
9282 360416 1 0 3 0x88 kqread sshd
73180 228542 93252 73 3 0x1100090 kqread syslogd
93252 32712 1 0 3 0x100082 sbwait syslogd
28953 16595 1 0 3 0x100080 kqread resolvd
44714 413767 1825 77 3 0x100092 kqread dhcpleased
71841 229598 1825 77 3 0x100092 kqread dhcpleased
1825 233659 1 0 3 0x80 kqread dhcpleased
17975 5097 0 0 3 0x14200 bored smr
15731 395726 0 0 2 0x14200 zerothread
73061 91560 0 0 3 0x14200 aiodoned aiodoned
75796 245522 0 0 3 0x14200 syncer update
54569 230674 0 0 3 0x14200 cleaner cleaner
2166 115028 0 0 2 0x14200 reaper
17660 311804 0 0 3 0x14200 pgdaemon pagedaemon
51640 69692 0 0 3 0x14200 bored viomb
11211 104383 0 0 3 0x40014200 acpi0 acpi0
56721 334667 0 0 3 0x14200 bored softnet3
73062 73648 0 0 3 0x14200 bored softnet2
5477 300147 0 0 3 0x14200 bored softnet1
37624 372780 0 0 3 0x14200 bored softnet0
16216 360860 0 0 3 0x14200 bored systqmp
65692 54901 0 0 3 0x14200 bored systq
28365 333094 0 0 3 0x40014200 tmoslp softclock
23735 248998 0 0 3 0x40014200 idle0
1 522925 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10189 11082K 11669K 166960K 14274 0
pcb 17 14K 14K 166960K 347 0
rtable 208 9K 10K 166960K 655 0
pf 27 12K 17K 166960K 208 0
ifaddr 33 6K 7K 166960K 113 0
ifgroup 42 1K 2K 166960K 192 0
sysctl 4 1K 1K 166960K 4 0
counters 28 17K 17K 166960K 95 0
ioctlops 0 0K 4K 166960K 389 0
iov 0 0K 16K 166960K 316 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1462 92K 92K 166960K 3062 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 35 0
VM map 2 1K 1K 166960K 2 0
sem 23 16K 32K 166960K 143 0
dirhash 12 2K 2K 166960K 63 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 240K 166960K 2115 0
sigio 0 0K 0K 166960K 56 0
proc 62 67K 124K 166960K 772 0
subproc 72 4K 4K 166960K 110 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 424 0
in_multi 74 5K 7K 166960K 211 0
ether_multi 1 0K 0K 166960K 18 0
mrt 1 0K 0K 166960K 7 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 85 387K 387K 166960K 85 0
exec 0 0K 2K 166960K 737 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 4 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 232 153K 173K 166960K 19195 0
UVM aobj 93 8K 8K 166960K 97 0
pinsyscall 38 76K 100K 166960K 3224 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 122 0
NDP 9 0K 2K 166960K 79 0
temp 77 8684K 8812K 166960K 97423 0
kqueue 16 26K 30K 166960K 317 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 163 0 160 1 0 1 1 0 8 0
rtentry 136 206 0 117 4 0 4 4 0 8 0
unpcb 144 1805 0 1786 9 8 1 6 0 8 0
syncache 336 9 0 9 2 2 0 1 0 8 0
tcpqe 32 9 0 9 2 2 0 1 0 8 0
tcpcb 808 571 0 564 11 9 2 8 0 8 1
arp 88 35 0 18 1 0 1 1 0 8 0
ipq 40 9 0 6 1 0 1 1 0 8 0
ipqe 40 14 0 11 1 0 1 1 0 8 0
inpcb 344 1943 0 1931 15 13 2 8 0 8 0
nd6 104 46 0 25 1 0 1 1 0 8 0
pkpcb 40 11 0 11 3 3 0 1 0 8 0
kcovpl 48 12 0 4 1 0 1 1 0 8 0
ppxss 1072 44 0 44 3 2 1 1 0 8 1
pppxif 1384 5 0 5 2 2 0 1 0 8 0
pftag 88 1 0 0 1 0 1 1 0 8 0
pfqueue 320 1 0 1 1 1 0 1 0 8 0
rttmr 136 1 0 1 1 1 0 1 0 8 0
art_heap8 4096 4 0 0 4 0 4 4 0 8 0
art_heap4 256 774 0 419 33 7 26 30 0 8 2
art_table 32 778 0 419 4 0 4 4 0 8 0
art_node 16 198 0 120 1 0 1 1 0 8 0
sysvmsgpl 40 13 0 8 1 0 1 1 0 8 0
semupl 112 1 0 1 1 1 0 1 0 8 0
semapl 112 132 0 111 1 0 1 1 0 8 0
shmpl 112 94 0 4 3 0 3 3 0 8 0
dirhash 1024 53 0 36 3 0 3 3 0 8 0
dino2pl 256 5093 0 3595 95 0 95 95 0 8 0
ffsino 248 5093 0 3595 95 0 95 95 0 8 0
nchpl 144 8007 0 6316 64 0 64 64 0 8 0
rtmask 32 11 0 11 1 1 0 1 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 30973 0 30973 4 3 1 2 0 8 1
kstatmem 264 110 0 92 2 0 2 2 0 8 0
scsiplug 72 4 0 4 3 2 1 1 0 8 1
scxspl 216 24394 0 24394 9 8 1 8 1 8 1
plimitpl 152 625 0 609 1 0 1 1 0 8 0
sigapl 424 2373 0 2307 9 1 8 8 0 8 0
futexpl 64 30580 0 30576 1 0 1 1 0 8 0
knotepl 120 749555 0 749261 33 23 10 17 0 8 1
kqueuepl 184 722 0 709 3 2 1 3 0 8 0
pipepl 296 320 0 293 5 2 3 5 0 8 0
fdescpl 440 2332 0 2303 5 1 4 5 0 8 0
filepl 120 16783 0 16565 16 7 9 14 0 8 0
lockfpl 104 628 0 624 1 0 1 1 0 8 0
lockfspl 48 220 0 217 1 0 1 1 0 8 0
sessionpl 144 34 0 26 1 0 1 1 0 8 0
pgrppl 48 143 0 127 1 0 1 1 0 8 0
ucredpl 104 4009 0 3998 1 0 1 1 0 8 0
zombiepl 144 2364 0 2362 2 1 1 1 0 8 0
processpl 1112 2374 0 2307 5 0 5 5 0 8 0
procpl 656 5202 0 5127 7 0 7 7 0 8 0
sosppl 168 17 0 17 3 2 1 1 0 8 1
sockpl 528 4049 0 4016 24 21 3 14 0 8 0
mcl64k 65536 185 0 184 1 0 1 1 0 8 0
mcl16k 16384 7 0 7 2 1 1 1 0 8 1
mcl9k 9216 3 0 3 1 1 0 1 0 8 0
mcl8k 8192 31 0 31 4 3 1 1 0 8 1
mcl4k 4096 5069 0 5017 14 6 8 13 0 8 1
mcl2k2 2112 3 0 3 2 2 0 1 0 8 0
mcl2k 2048 2164 0 2157 4 2 2 3 0 8 0
mtagpl 96 188 0 72 4 0 4 4 0 8 0
mbufpl 256 31576 0 31310 28 7 21 28 0 8 0
bufpl 280 8545 0 2318 446 0 446 446 0 8 0
anonpl 24 327236 0 312857 104 16 88 100 0 187 0
amapchunkpl 152 67049 0 66484 69 29 40 42 0 158 12
amappl16 200 6628 0 6002 43 10 33 40 0 8 0
amappl15 192 3 0 3 1 1 0 1 0 8 0
amappl14 184 127 0 117 1 0 1 1 0 8 0
amappl13 176 17 0 17 1 1 0 1 0 8 0
amappl12 168 2999 0 2970 3 1 2 3 0 8 0
amappl11 160 42 0 31 1 0 1 1 0 8 0
amappl10 152 6 0 6 1 1 0 1 0 8 0
amappl9 144 250 0 249 1 0 1 1 0 8 0
amappl8 136 23 0 20 1 0 1 1 0 8 0
amappl7 128 114 0 103 1 0 1 1 0 8 0
amappl6 120 245 0 241 1 0 1 1 0 8 0
amappl5 112 202 0 195 1 0 1 1 0 8 0
amappl4 104 334 0 317 1 0 1 1 0 8 0
amappl3 96 13706 0 13602 4 0 4 4 0 8 0
amappl2 88 712 0 656 2 0 2 2 0 8 0
amappl1 80 17491 0 16942 14 1 13 14 0 8 0
amappl 88 17988 0 17822 5 0 5 5 0 92 0
dma16384 16384 1 0 1 1 0 1 1 0 8 1
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 2 0 1 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 254 0 254 2 1 1 1 0 8 1
dma64 64 8 0 8 2 2 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 19 0 18 1 0 1 1 0 8 0
aobjpl 72 96 0 4 2 0 2 2 0 8 0
uaddrrnd 24 2332 0 2303 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2332 0 2303 1 0 1 1 0 8 0
vmmpekpl 168 18057 0 17998 3 0 3 3 0 8 0
vmmpepl 168 149353 0 146875 118 7 111 115 0 357 0
vmsppl 360 2331 0 2303 4 1 3 4 0 8 0
rwobjpl 32 42847 0 35379 61 0 61 61 0 8 0
pdppl 4096 4671 0 4606 125 58 67 83 0 8 2
pvpl 32 957335 0 937528 203 40 163 190 0 265 0
pmappl 216 2331 0 2303 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 334 0 100 8 0 8 8 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
mtx_enter(18) at mtx_enter+0x59 sys/kern/kern_lock.c:303
clockintr_unbind(ffff8000014cb330,1) at clockintr_unbind+0x56 sys/kern/kern_clockintr.c:375
dt_ioctl_record_stop(ffff8000014a3f80) at dt_ioctl_record_stop+0xbc sys/dev/dt/dt_dev.c:575
dtclose(11e5f,81,2000,ffff80003390dc58) at dtclose+0xd5 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(11e5f,81,2000,ffff80003390dc58) at dtclose+0xd5 sys/dev/dt/dt_dev.c:232
spec_close(ffff80002a8e2d20) at spec_close+0x45f sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd8066a69e78,81,fffffd807f7d7820,ffff80003390dc58) at VOP_CLOSE+0x12a sys/kern/vfs_vops.c:156
vn_closefile(fffffd806c4f3bc8,ffff80003390dc58) at vn_closefile+0x11d vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd806c4f3bc8,ffff80003390dc58) at vn_closefile+0x11d sys/kern/vfs_vnops.c:615
fdrop(fffffd806c4f3bc8,ffff80003390dc58) at fdrop+0x126 sys/kern/kern_descrip.c:1265
closef(fffffd806c4f3bc8,ffff80003390dc58) at closef+0x18d sys/kern/kern_descrip.c:1249
fdfree(ffff80003390dc58) at fdfree+0x115 sys/kern/kern_descrip.c:1181
exit1(ffff80003390dc58,0,0,1) at exit1+0x58f sys/kern/kern_exit.c:214
sys_exit(ffff80003390dc58,ffff80002a8e3090,ffff80002a8e2fe0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a8e3090) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a8e3090) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7b5683edb7a0, count: -14
ddb> machine ddbcpu 1
No such command
ddb> trace
mtx_enter(18) at mtx_enter+0x59 sys/kern/kern_lock.c:303
clockintr_unbind(ffff8000014cb330,1) at clockintr_unbind+0x56 sys/kern/kern_clockintr.c:375
dt_ioctl_record_stop(ffff8000014a3f80) at dt_ioctl_record_stop+0xbc sys/dev/dt/dt_dev.c:575
dtclose(11e5f,81,2000,ffff80003390dc58) at dtclose+0xd5 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(11e5f,81,2000,ffff80003390dc58) at dtclose+0xd5 sys/dev/dt/dt_dev.c:232
spec_close(ffff80002a8e2d20) at spec_close+0x45f sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd8066a69e78,81,fffffd807f7d7820,ffff80003390dc58) at VOP_CLOSE+0x12a sys/kern/vfs_vops.c:156
vn_closefile(fffffd806c4f3bc8,ffff80003390dc58) at vn_closefile+0x11d vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd806c4f3bc8,ffff80003390dc58) at vn_closefile+0x11d sys/kern/vfs_vnops.c:615
fdrop(fffffd806c4f3bc8,ffff80003390dc58) at fdrop+0x126 sys/kern/kern_descrip.c:1265
closef(fffffd806c4f3bc8,ffff80003390dc58) at closef+0x18d sys/kern/kern_descrip.c:1249
fdfree(ffff80003390dc58) at fdfree+0x115 sys/kern/kern_descrip.c:1181
exit1(ffff80003390dc58,0,0,1) at exit1+0x58f sys/kern/kern_exit.c:214
sys_exit(ffff80003390dc58,ffff80002a8e3090,ffff80002a8e2fe0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a8e3090) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a8e3090) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7b5683edb7a0, count: -14
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages