assert "rw_write_held(uobj->vmobjlock)" failed in uvm_aobj.c
已查看 0 次
跳至第一个未读帖子
syzbot
2023年4月21日 08:59:502023/4/21
收件人 syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 1e5b016c5082 sync for __syscall removal
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=17197807c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=16f4c61f0703d02c83b9
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cb9a404e2563/disk-1e5b016c.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/27dc2036237a/bsd-1e5b016c.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ea0ea667b9fa/kernel-1e5b016c.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+16f4c6...@syzkaller.appspotmail.com
panic: panic: kernel diagnostic assertion "rw_write_held(uobj->vmobjlock)" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_aobj.c", line 1003
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*207968 76470 0 0 0 1 syz-executor.4
220211 92395 0 0 0x4000000 0 syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82751deb) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff827cd2be,ffffffff827b7d4c,3eb,ffffffff8275e34c) at __assert+0x25 sys/kern/subr_prf.c:157
uao_get(fffffd8078ff8f30,0,ffff8000249c4f00,ffff8000249c4d74,0,1,d2ea42536cd178be,fffffd8078ff8f30) at uao_get+0x78f uao_find_swslot sys/uvm/uvm_aobj.c:249 [inline]
uao_get(fffffd8078ff8f30,0,ffff8000249c4f00,ffff8000249c4d74,0,1,d2ea42536cd178be,fffffd8078ff8f30) at uao_get+0x78f sys/uvm/uvm_aobj.c:1174
uvm_fault_lower_lookup(ffff8000249c4f80,ffff8000249c4fb8,ffff8000249c4f00) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff8000249c4f80,ffff8000249c4fb8,ffff8000249c4f00,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd8008a02000,f4120b3f000,0,1) at uvm_fault+0x238
upageflttrap(ffff8000249c5100,f4120b3f04c) at upageflttrap+0x85 sys/arch/amd64/amd64/trap.c:186
usertrap(ffff8000249c5100) at usertrap+0x204 sys/arch/amd64/amd64/trap.c:438
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffe0db0, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu0: vop_generic_badop
cpu1: kernel diagnostic assertion "rw_write_held(uobj->vmobjlock)" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_aobj.c", line 1003
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82751deb) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff827cd2be,ffffffff827b7d4c,3eb,ffffffff8275e34c) at __assert+0x25 sys/kern/subr_prf.c:157
uao_get(fffffd8078ff8f30,0,ffff8000249c4f00,ffff8000249c4d74,0,1,d2ea42536cd178be,fffffd8078ff8f30) at uao_get+0x78f uao_find_swslot sys/uvm/uvm_aobj.c:249 [inline]
uao_get(fffffd8078ff8f30,0,ffff8000249c4f00,ffff8000249c4d74,0,1,d2ea42536cd178be,fffffd8078ff8f30) at uao_get+0x78f sys/uvm/uvm_aobj.c:1174
uvm_fault_lower_lookup(ffff8000249c4f80,ffff8000249c4fb8,ffff8000249c4f00) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff8000249c4f80,ffff8000249c4fb8,ffff8000249c4f00,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd8008a02000,f4120b3f000,0,1) at uvm_fault+0x238
upageflttrap(ffff8000249c5100,f4120b3f04c) at upageflttrap+0x85 sys/arch/amd64/amd64/trap.c:186
usertrap(ffff8000249c5100) at usertrap+0x204 sys/arch/amd64/amd64/trap.c:438
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffe0db0, count: -10
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff8000249c4b90
rbx 0xffff800020d69b8f
rdx 0
rcx 0
rax 0xffff8000212945e8
r8 0x101010101010101
r9 0x8080808080808080
r10 0x5b4d9919eb880a5d
r11 0xa153f05ffba7847c
r12 0xffff800020d69990
r13 0
r14 0xffffffff82b25990 cpu_info_full_primary+0x2990
r15 0x1
rip 0xffffffff81b420b8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000249c4b80
ss 0
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.4) pid=207968 stat=onproc
flags process=0 proc=0
pri=81, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000212950c8,0xffff800021294340
process=0xffff800021287258 user=0xffff8000249c0000, vmspace=0xfffffd8008a02000
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*76470 207968 71252 0 7 0 syz-executor.4
66660 428334 56671 0 2 0 syz-executor.6
66660 333165 56671 0 2 0x4000000 syz-executor.6
66654 86770 41733 0 2 0 syz-executor.5
66654 272728 41733 0 3 0x4000080 fsleep syz-executor.5
51476 495244 88234 0 2 0 syz-executor.0
51476 209403 88234 0 3 0x4000080 fsleep syz-executor.0
92395 242962 47432 0 2 0 syz-executor.1
92395 220211 47432 0 7 0x4000000 syz-executor.1
92395 456039 47432 0 3 0x4000000 inode syz-executor.1
56671 273651 86904 0 3 0x82 nanoslp syz-executor.6
70545 344639 1 0 3 0 vmmaplk syz-executor.6
70545 438000 1 0 3 0x4000000 vmmaplk syz-executor.6
47432 168110 86904 0 3 0x82 nanoslp syz-executor.1
89423 110620 1 0 3 0x100083 ttyin getty
41733 72778 86904 0 3 0x82 nanoslp syz-executor.5
96311 35395 86904 0 2 0x2 syz-executor.7
51326 402858 86904 0 2 0x2 syz-executor.2
610 397739 1 0 3 0 vmmaplk syz-executor.2
610 263297 1 0 3 0x4000000 vmmaplk syz-executor.2
610 151455 1 0 3 0x4000000 vmmaplk syz-executor.2
71252 5360 86904 0 3 0x82 nanoslp syz-executor.4
15819 136770 86904 0 3 0x2 biowait syz-executor.3
48744 151959 0 0 3 0x14280 nfsidl nfsio
43604 141404 0 0 3 0x14280 nfsidl nfsio
49217 29365 0 0 3 0x14280 nfsidl nfsio
2817 23696 0 0 3 0x14280 nfsidl nfsio
55166 50282 0 0 3 0x14280 nfsidl nfsio
84089 1398 0 0 3 0x14280 nfsidl nfsio
58340 240098 0 0 3 0x14280 nfsidl nfsio
65908 101795 0 0 3 0x14280 nfsidl nfsio
60272 128820 0 0 3 0x14280 nfsidl nfsio
88078 306131 0 0 3 0x14280 nfsidl nfsio
58806 421274 0 0 3 0x14280 nfsidl nfsio
10581 260741 0 0 3 0x14280 nfsidl nfsio
23128 521893 0 0 3 0x14280 nfsidl nfsio
1311 142097 0 0 3 0x14280 nfsidl nfsio
51025 339081 0 0 3 0x14280 nfsidl nfsio
65675 169757 0 0 3 0x14280 nfsidl nfsio
19932 162184 0 0 3 0x14280 nfsidl nfsio
12434 95765 0 0 3 0x14280 nfsidl nfsio
5406 203641 0 0 3 0x14280 nfsidl nfsio
33883 228628 0 0 3 0x14280 nfsidl nfsio
52350 443846 0 0 3 0x14200 bored sosplice
88234 144882 86904 0 3 0x82 nanoslp syz-executor.0
86904 250355 48298 0 3 0x82 wait syz-fuzzer
86904 190501 48298 0 3 0x4000082 nanoslp syz-fuzzer
86904 77655 48298 0 3 0x4000082 wait syz-fuzzer
86904 116729 48298 0 3 0x4000082 thrsleep syz-fuzzer
86904 488000 48298 0 3 0x4000082 wait syz-fuzzer
86904 181879 48298 0 3 0x4000082 wait syz-fuzzer
86904 213076 48298 0 3 0x4000082 thrsleep syz-fuzzer
86904 442575 48298 0 3 0x4000082 thrsleep syz-fuzzer
86904 365488 48298 0 2 0x4000082 syz-fuzzer
86904 203394 48298 0 3 0x4000082 thrsleep syz-fuzzer
86904 361087 48298 0 3 0x4000082 thrsleep syz-fuzzer
86904 323497 48298 0 3 0x4000082 wait syz-fuzzer
86904 395095 48298 0 3 0x4000082 wait syz-fuzzer
86904 125913 48298 0 3 0x4000082 thrsleep syz-fuzzer
86904 189314 48298 0 3 0x4000082 wait syz-fuzzer
86904 439464 48298 0 3 0x4000082 wait syz-fuzzer
48298 12744 26736 0 3 0x10008a sigsusp ksh
26736 225519 75729 0 3 0x9a kqread sshd
75729 502984 1 0 3 0x88 kqread sshd
70175 8723 22576 74 3 0x1100092 bpf pflogd
22576 43647 1 0 3 0x80 netio pflogd
80675 349380 48061 73 3 0x1100010 ffs_fsync syslogd
48061 416693 1 0 3 0x100082 netio syslogd
59017 125689 1 0 3 0x100080 kqread resolvd
18048 335456 35852 77 3 0x100092 kqread dhcpleased
20550 321912 35852 77 3 0x100092 kqread dhcpleased
35852 520487 1 0 3 0x80 kqread dhcpleased
68651 34548 0 0 3 0x14200 bored smr
29154 237671 0 0 2 0x14200 zerothread
90971 241075 0 0 3 0x14200 aiodoned aiodoned
38061 189944 0 0 3 0x14200 syncer update
36715 129193 0 0 3 0x14200 cleaner cleaner
91799 72791 0 0 3 0x14200 reaper reaper
16278 484813 0 0 3 0x14200 pgdaemon pagedaemon
15962 479126 0 0 3 0x14200 bored viomb
24446 330580 0 0 3 0x40014200 acpi0 acpi0
76855 227586 0 0 3 0x40014200 idle1
74271 440941 0 0 3 0x14200 bored softnet
33707 230359 0 0 3 0x14200 bored softnet
69942 473661 0 0 3 0x14200 bored softnet
73747 74349 0 0 3 0x14200 bored softnet
2665 228039 0 0 3 0x14200 bored systqmp
20078 137976 0 0 3 0x14200 bored systq
10051 278731 0 0 3 0x40014200 bored softclock
14898 148758 0 0 3 0x40014200 idle0
1 73377 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10233 6491K 7255K 78643K 17532 0
pcb 13 16K 21K 78643K 880 0
rtable 195 15K 16K 78643K 1286 0
ifaddr 77 25K 27K 78643K 390 0
sysctl 2 0K 0K 78643K 2 0
counters 58 35K 36K 78643K 374 0
ioctlops 0 0K 4K 78643K 4429 0
iov 0 0K 20K 78643K 844 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1558 97K 97K 78643K 4238 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 30 0
VM map 2 1K 1K 78643K 2 0
sem 19 2K 2K 78643K 26 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 17 61K 89K 78643K 4012 0
sigio 0 0K 0K 78643K 25 0
proc 70 91K 140K 78643K 1181 0
subproc 130 8K 8K 78643K 289 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 402 0
in_multi 77 5K 7K 78643K 351 0
ether_multi 1 0K 0K 78643K 27 0
mrt 1 0K 0K 78643K 33 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 211 943K 943K 78643K 211 0
exec 0 0K 1K 78643K 918 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 355 106K 114K 78643K 29797 0
UVM aobj 131 6K 6K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 88 0
NDP 13 0K 2K 78643K 124 0
temp 141 5779K 6798K 78643K 68647 0
kqueue 12 18K 26K 78643K 336 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 460 0 457 8 7 1 3 0 8 0
rtentry 112 411 0 328 4 0 4 4 0 8 0
unpcb 144 3396 0 3381 38 36 2 8 0 8 1
syncache 296 30 0 30 9 9 0 1 0 8 0
tcpqe 32 62 0 62 7 7 0 1 0 8 0
tcpcb 776 1205 0 1201 49 48 1 8 0 8 0
arp 120 52 0 38 1 0 1 1 0 8 0
inpcb 368 3811 0 3804 64 60 4 11 0 8 3
nd6 48 72 0 52 1 0 1 1 0 8 0
pkpcb 40 6 0 6 2 2 0 1 0 8 0
kcovpl 48 22 0 12 1 0 1 1 0 8 0
mppekey 1024 81 0 81 5 5 0 1 0 8 0
ppxss 1256 118 0 118 9 9 0 1 0 8 0
pppxif 1456 16 0 16 6 6 0 1 0 8 0
pfstscr 40 17 0 16 2 1 1 1 0 8 0
pffrag 232 43 0 42 4 3 1 1 0 482 0
pffrnode 88 43 0 42 4 3 1 1 0 8 0
pffrent 40 107 0 106 4 3 1 1 0 8 0
pfosfp 40 1495 0 1070 5 0 5 5 0 8 0
pfosfpen 112 1495 0 779 21 0 21 21 0 8 0
pfanchor 1280 647 41 135 47 4 43 43 0 8 0
pfstitem 24 40 0 37 1 0 1 1 0 8 0
pfstkey 128 53 0 48 1 0 1 1 0 8 0
pfstate 384 43 0 40 3 2 1 3 0 8 0
pfrule 1344 21 0 20 2 1 1 2 0 8 0
rttmr 136 8 0 8 1 1 0 1 0 8 0
art_heap8 4096 2 0 1 2 1 1 2 0 8 0
art_heap4 256 1492 0 1117 39 13 26 30 0 8 1
art_table 32 1494 0 1118 4 0 4 4 0 8 0
art_node 16 336 0 264 1 0 1 1 0 8 0
sysvmsgpl 40 5 0 3 1 0 1 1 0 8 0
semupl 112 4 0 4 1 1 0 1 0 8 0
semapl 112 18 0 1 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 6675 0 5219 92 0 92 92 0 8 0
ffsino 272 6675 0 5219 98 0 98 98 0 8 0
nchpl 144 12990 0 11342 63 0 63 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 46657 0 46654 5 4 1 2 0 8 0
percpumem 16 200 0 158 1 0 1 1 0 8 0
vmpool 696 89 0 89 6 5 1 1 0 8 1
kstatmem 264 156 0 130 2 0 2 2 0 8 0
scsiplug 72 11 0 11 2 2 0 1 0 8 0
scxspl 216 35294 0 35292 21 18 3 8 0 8 2
plimitpl 152 364 0 346 1 0 1 1 0 8 0
sigapl 424 4330 0 4262 10 2 8 8 0 8 0
futexpl 64 38917 0 38915 3 2 1 1 0 8 0
knotepl 120 527 0 0 11 0 11 11 0 8 0
kqueuepl 216 609 0 601 4 3 1 3 0 8 0
pipepl 320 713 0 682 19 16 3 8 0 8 0
fdescpl 496 4291 0 4261 8 3 5 5 0 8 1
filepl 152 31184 0 30908 57 40 17 18 0 8 5
lockfpl 104 1625 0 1623 6 5 1 4 0 8 0
lockfspl 48 619 0 617 2 1 1 2 0 8 0
sessionpl 144 40 0 21 1 0 1 1 0 8 0
pgrppl 48 65 0 46 1 0 1 1 0 8 0
ucredpl 104 3094 0 3082 1 0 1 1 0 8 0
zombiepl 144 4262 0 4262 3 2 1 1 0 8 1
processpl 1072 4330 0 4262 5 0 5 5 0 8 0
procpl 696 11717 0 11626 17 6 11 11 0 8 1
srpgc 96 22 0 22 8 7 1 1 0 8 1
sosppl 168 58 0 58 6 5 1 1 0 8 1
sockpl 488 7678 0 7653 167 159 8 29 0 8 4
mcl64k 65536 17 0 0 3 0 3 3 0 8 0
mcl16k 16384 17 0 0 3 0 3 3 0 8 0
mcl12k 12288 17 0 0 2 0 2 2 0 8 0
mcl9k 9216 18 0 0 2 0 2 2 0 8 0
mcl8k 8192 25 0 0 3 0 3 3 0 8 0
mcl4k 4096 22 0 0 3 0 3 3 0 8 0
mcl2k2 2112 4 0 0 1 0 1 1 0 8 0
mcl2k 2048 508 0 0 63 3 60 63 0 8 1
mtagpl 96 440 0 0 11 0 11 11 0 8 0
mbufpl 256 2261 0 0 130 0 130 130 0 8 0
bufpl 288 10210 0 3882 453 0 453 453 0 8 0
anonpl 24 940586 0 921622 194 60 134 141 0 186 1
amapchunkpl 152 85520 0 84682 61 21 40 46 0 158 0
amappl16 200 11767 0 11197 96 63 33 45 0 8 0
amappl15 192 20 0 19 1 0 1 1 0 8 0
amappl14 184 199 0 186 2 1 1 2 0 8 0
amappl13 176 6 0 6 2 2 0 1 0 8 0
amappl12 168 596 0 592 1 0 1 1 0 8 0
amappl11 160 51 0 36 1 0 1 1 0 8 0
amappl10 152 50 0 37 1 0 1 1 0 8 0
amappl9 144 980 0 979 2 1 1 1 0 8 0
amappl8 136 320 0 241 3 0 3 3 0 8 0
amappl7 128 202 0 175 2 1 1 2 0 8 0
amappl6 120 269 0 251 2 1 1 2 0 8 0
amappl5 112 227 0 218 1 0 1 1 0 8 0
amappl4 104 752 0 718 2 0 2 2 0 8 0
amappl3 96 12467 0 12405 2 0 2 2 0 8 0
amappl2 88 4950 0 4868 4 2 2 4 0 8 0
amappl1 80 101428 0 100615 30 11 19 28 0 8 0
amappl 88 28972 0 28755 7 1 6 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 4380 0 4350 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 4380 0 4350 1 0 1 1 0 8 0
vmmpekpl 168 38311 0 38249 4 0 4 4 0 8 0
vmmpepl 168 408106 0 405077 277 125 152 170 0 357 12
vmsppl 440 4379 0 4350 6 2 4 5 0 8 0
rwobjpl 56 117525 0 109595 121 7 114 115 0 8 0
pdppl 4096 8767 0 8700 395 324 71 81 0 8 4
pvpl 32 1832623 0 1807932 431 212 219 367 0 265 2
pmappl 248 4379 0 4350 4 1 3 3 0 8 1
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1373 0 421 28 0 28 28 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff82b24ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82db6020) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82db6020) at __mp_lock+0x122 sys/kern/kern_lock.c:147
intr_handler(ffff800029bd4920,ffff80000006ba00) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f
Xspllower() at Xspllower+0x19
cnputc(20) at cnputc+0x4b sys/dev/cons.c:218
db_putchar(76) at db_putchar+0x316 db_force_whitespace sys/ddb/db_output.c:102 [inline]
db_putchar(76) at db_putchar+0x316 sys/ddb/db_output.c:153
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1064
db_printf(ffffffff827d3cc9) at db_printf+0x85 sys/kern/subr_prf.c:498
panic(ffffffff82742aec) at panic+0xd7 sys/kern/subr_prf.c:216
vop_generic_badop(ffff800029bd4d48) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd80678f32e0,fffffd80675ced88) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:628
end trace frame: 0xffff800029bd4df0, count: 0
ddb{0}> trace
x86_ipi_db(ffffffff82b24ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82db6020) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82db6020) at __mp_lock+0x122 sys/kern/kern_lock.c:147
intr_handler(ffff800029bd4920,ffff80000006ba00) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f
Xspllower() at Xspllower+0x19
cnputc(20) at cnputc+0x4b sys/dev/cons.c:218
db_putchar(76) at db_putchar+0x316 db_force_whitespace sys/ddb/db_output.c:102 [inline]
db_putchar(76) at db_putchar+0x316 sys/ddb/db_output.c:153
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1064
db_printf(ffffffff827d3cc9) at db_printf+0x85 sys/kern/subr_prf.c:498
panic(ffffffff82742aec) at panic+0xd7 sys/kern/subr_prf.c:216
vop_generic_badop(ffff800029bd4d48) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd80678f32e0,fffffd80675ced88) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:628
bwrite(fffffd80675ced88) at bwrite+0x1f0 sys/kern/vfs_bio.c:760
VOP_BWRITE(fffffd80675ced88) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:640
ufs_mkdir(ffff800029bd4fe0) at ufs_mkdir+0x6b4 sys/ufs/ufs/ufs_vnops.c:1236
VOP_MKDIR(fffffd8067642958,ffff800029bd5140,ffff800029bd5170,ffff800029bd5070) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:388
domkdirat(ffff8000212d9358,ffffff9c,20000040,8c) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3112
syscall(ffff800029bd52f0) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff800029bd52f0) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:625
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3f545b7a440, count: -21
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x18: addq $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82751deb) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff827cd2be,ffffffff827b7d4c,3eb,ffffffff8275e34c) at __assert+0x25 sys/kern/subr_prf.c:157
uao_get(fffffd8078ff8f30,0,ffff8000249c4f00,ffff8000249c4d74,0,1,d2ea42536cd178be,fffffd8078ff8f30) at uao_get+0x78f uao_find_swslot sys/uvm/uvm_aobj.c:249 [inline]
uao_get(fffffd8078ff8f30,0,ffff8000249c4f00,ffff8000249c4d74,0,1,d2ea42536cd178be,fffffd8078ff8f30) at uao_get+0x78f sys/uvm/uvm_aobj.c:1174
uvm_fault_lower_lookup(ffff8000249c4f80,ffff8000249c4fb8,ffff8000249c4f00) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff8000249c4f80,ffff8000249c4fb8,ffff8000249c4f00,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd8008a02000,f4120b3f000,0,1) at uvm_fault+0x238
upageflttrap(ffff8000249c5100,f4120b3f04c) at upageflttrap+0x85 sys/arch/amd64/amd64/trap.c:186
usertrap(ffff8000249c5100) at usertrap+0x204 sys/arch/amd64/amd64/trap.c:438
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffe0db0, count: 5
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82751deb) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff827cd2be,ffffffff827b7d4c,3eb,ffffffff8275e34c) at __assert+0x25 sys/kern/subr_prf.c:157
uao_get(fffffd8078ff8f30,0,ffff8000249c4f00,ffff8000249c4d74,0,1,d2ea42536cd178be,fffffd8078ff8f30) at uao_get+0x78f uao_find_swslot sys/uvm/uvm_aobj.c:249 [inline]
uao_get(fffffd8078ff8f30,0,ffff8000249c4f00,ffff8000249c4d74,0,1,d2ea42536cd178be,fffffd8078ff8f30) at uao_get+0x78f sys/uvm/uvm_aobj.c:1174
uvm_fault_lower_lookup(ffff8000249c4f80,ffff8000249c4fb8,ffff8000249c4f00) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff8000249c4f80,ffff8000249c4fb8,ffff8000249c4f00,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd8008a02000,f4120b3f000,0,1) at uvm_fault+0x238
upageflttrap(ffff8000249c5100,f4120b3f04c) at upageflttrap+0x85 sys/arch/amd64/amd64/trap.c:186
usertrap(ffff8000249c5100) at usertrap+0x204 sys/arch/amd64/amd64/trap.c:438
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffe0db0, count: -10
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 1e5b016c5082 sync for __syscall removal
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=17197807c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=16f4c61f0703d02c83b9
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cb9a404e2563/disk-1e5b016c.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/27dc2036237a/bsd-1e5b016c.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ea0ea667b9fa/kernel-1e5b016c.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+16f4c6...@syzkaller.appspotmail.com
panic: panic: kernel diagnostic assertion "rw_write_held(uobj->vmobjlock)" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_aobj.c", line 1003
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*207968 76470 0 0 0 1 syz-executor.4
220211 92395 0 0 0x4000000 0 syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82751deb) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff827cd2be,ffffffff827b7d4c,3eb,ffffffff8275e34c) at __assert+0x25 sys/kern/subr_prf.c:157
uao_get(fffffd8078ff8f30,0,ffff8000249c4f00,ffff8000249c4d74,0,1,d2ea42536cd178be,fffffd8078ff8f30) at uao_get+0x78f uao_find_swslot sys/uvm/uvm_aobj.c:249 [inline]
uao_get(fffffd8078ff8f30,0,ffff8000249c4f00,ffff8000249c4d74,0,1,d2ea42536cd178be,fffffd8078ff8f30) at uao_get+0x78f sys/uvm/uvm_aobj.c:1174
uvm_fault_lower_lookup(ffff8000249c4f80,ffff8000249c4fb8,ffff8000249c4f00) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff8000249c4f80,ffff8000249c4fb8,ffff8000249c4f00,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd8008a02000,f4120b3f000,0,1) at uvm_fault+0x238
upageflttrap(ffff8000249c5100,f4120b3f04c) at upageflttrap+0x85 sys/arch/amd64/amd64/trap.c:186
usertrap(ffff8000249c5100) at usertrap+0x204 sys/arch/amd64/amd64/trap.c:438
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffe0db0, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu0: vop_generic_badop
cpu1: kernel diagnostic assertion "rw_write_held(uobj->vmobjlock)" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_aobj.c", line 1003
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82751deb) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff827cd2be,ffffffff827b7d4c,3eb,ffffffff8275e34c) at __assert+0x25 sys/kern/subr_prf.c:157
uao_get(fffffd8078ff8f30,0,ffff8000249c4f00,ffff8000249c4d74,0,1,d2ea42536cd178be,fffffd8078ff8f30) at uao_get+0x78f uao_find_swslot sys/uvm/uvm_aobj.c:249 [inline]
uao_get(fffffd8078ff8f30,0,ffff8000249c4f00,ffff8000249c4d74,0,1,d2ea42536cd178be,fffffd8078ff8f30) at uao_get+0x78f sys/uvm/uvm_aobj.c:1174
uvm_fault_lower_lookup(ffff8000249c4f80,ffff8000249c4fb8,ffff8000249c4f00) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff8000249c4f80,ffff8000249c4fb8,ffff8000249c4f00,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd8008a02000,f4120b3f000,0,1) at uvm_fault+0x238
upageflttrap(ffff8000249c5100,f4120b3f04c) at upageflttrap+0x85 sys/arch/amd64/amd64/trap.c:186
usertrap(ffff8000249c5100) at usertrap+0x204 sys/arch/amd64/amd64/trap.c:438
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffe0db0, count: -10
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff8000249c4b90
rbx 0xffff800020d69b8f
rdx 0
rcx 0
rax 0xffff8000212945e8
r8 0x101010101010101
r9 0x8080808080808080
r10 0x5b4d9919eb880a5d
r11 0xa153f05ffba7847c
r12 0xffff800020d69990
r13 0
r14 0xffffffff82b25990 cpu_info_full_primary+0x2990
r15 0x1
rip 0xffffffff81b420b8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000249c4b80
ss 0
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.4) pid=207968 stat=onproc
flags process=0 proc=0
pri=81, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000212950c8,0xffff800021294340
process=0xffff800021287258 user=0xffff8000249c0000, vmspace=0xfffffd8008a02000
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*76470 207968 71252 0 7 0 syz-executor.4
66660 428334 56671 0 2 0 syz-executor.6
66660 333165 56671 0 2 0x4000000 syz-executor.6
66654 86770 41733 0 2 0 syz-executor.5
66654 272728 41733 0 3 0x4000080 fsleep syz-executor.5
51476 495244 88234 0 2 0 syz-executor.0
51476 209403 88234 0 3 0x4000080 fsleep syz-executor.0
92395 242962 47432 0 2 0 syz-executor.1
92395 220211 47432 0 7 0x4000000 syz-executor.1
92395 456039 47432 0 3 0x4000000 inode syz-executor.1
56671 273651 86904 0 3 0x82 nanoslp syz-executor.6
70545 344639 1 0 3 0 vmmaplk syz-executor.6
70545 438000 1 0 3 0x4000000 vmmaplk syz-executor.6
47432 168110 86904 0 3 0x82 nanoslp syz-executor.1
89423 110620 1 0 3 0x100083 ttyin getty
41733 72778 86904 0 3 0x82 nanoslp syz-executor.5
96311 35395 86904 0 2 0x2 syz-executor.7
51326 402858 86904 0 2 0x2 syz-executor.2
610 397739 1 0 3 0 vmmaplk syz-executor.2
610 263297 1 0 3 0x4000000 vmmaplk syz-executor.2
610 151455 1 0 3 0x4000000 vmmaplk syz-executor.2
71252 5360 86904 0 3 0x82 nanoslp syz-executor.4
15819 136770 86904 0 3 0x2 biowait syz-executor.3
48744 151959 0 0 3 0x14280 nfsidl nfsio
43604 141404 0 0 3 0x14280 nfsidl nfsio
49217 29365 0 0 3 0x14280 nfsidl nfsio
2817 23696 0 0 3 0x14280 nfsidl nfsio
55166 50282 0 0 3 0x14280 nfsidl nfsio
84089 1398 0 0 3 0x14280 nfsidl nfsio
58340 240098 0 0 3 0x14280 nfsidl nfsio
65908 101795 0 0 3 0x14280 nfsidl nfsio
60272 128820 0 0 3 0x14280 nfsidl nfsio
88078 306131 0 0 3 0x14280 nfsidl nfsio
58806 421274 0 0 3 0x14280 nfsidl nfsio
10581 260741 0 0 3 0x14280 nfsidl nfsio
23128 521893 0 0 3 0x14280 nfsidl nfsio
1311 142097 0 0 3 0x14280 nfsidl nfsio
51025 339081 0 0 3 0x14280 nfsidl nfsio
65675 169757 0 0 3 0x14280 nfsidl nfsio
19932 162184 0 0 3 0x14280 nfsidl nfsio
12434 95765 0 0 3 0x14280 nfsidl nfsio
5406 203641 0 0 3 0x14280 nfsidl nfsio
33883 228628 0 0 3 0x14280 nfsidl nfsio
52350 443846 0 0 3 0x14200 bored sosplice
88234 144882 86904 0 3 0x82 nanoslp syz-executor.0
86904 250355 48298 0 3 0x82 wait syz-fuzzer
86904 190501 48298 0 3 0x4000082 nanoslp syz-fuzzer
86904 77655 48298 0 3 0x4000082 wait syz-fuzzer
86904 116729 48298 0 3 0x4000082 thrsleep syz-fuzzer
86904 488000 48298 0 3 0x4000082 wait syz-fuzzer
86904 181879 48298 0 3 0x4000082 wait syz-fuzzer
86904 213076 48298 0 3 0x4000082 thrsleep syz-fuzzer
86904 442575 48298 0 3 0x4000082 thrsleep syz-fuzzer
86904 365488 48298 0 2 0x4000082 syz-fuzzer
86904 203394 48298 0 3 0x4000082 thrsleep syz-fuzzer
86904 361087 48298 0 3 0x4000082 thrsleep syz-fuzzer
86904 323497 48298 0 3 0x4000082 wait syz-fuzzer
86904 395095 48298 0 3 0x4000082 wait syz-fuzzer
86904 125913 48298 0 3 0x4000082 thrsleep syz-fuzzer
86904 189314 48298 0 3 0x4000082 wait syz-fuzzer
86904 439464 48298 0 3 0x4000082 wait syz-fuzzer
48298 12744 26736 0 3 0x10008a sigsusp ksh
26736 225519 75729 0 3 0x9a kqread sshd
75729 502984 1 0 3 0x88 kqread sshd
70175 8723 22576 74 3 0x1100092 bpf pflogd
22576 43647 1 0 3 0x80 netio pflogd
80675 349380 48061 73 3 0x1100010 ffs_fsync syslogd
48061 416693 1 0 3 0x100082 netio syslogd
59017 125689 1 0 3 0x100080 kqread resolvd
18048 335456 35852 77 3 0x100092 kqread dhcpleased
20550 321912 35852 77 3 0x100092 kqread dhcpleased
35852 520487 1 0 3 0x80 kqread dhcpleased
68651 34548 0 0 3 0x14200 bored smr
29154 237671 0 0 2 0x14200 zerothread
90971 241075 0 0 3 0x14200 aiodoned aiodoned
38061 189944 0 0 3 0x14200 syncer update
36715 129193 0 0 3 0x14200 cleaner cleaner
91799 72791 0 0 3 0x14200 reaper reaper
16278 484813 0 0 3 0x14200 pgdaemon pagedaemon
15962 479126 0 0 3 0x14200 bored viomb
24446 330580 0 0 3 0x40014200 acpi0 acpi0
76855 227586 0 0 3 0x40014200 idle1
74271 440941 0 0 3 0x14200 bored softnet
33707 230359 0 0 3 0x14200 bored softnet
69942 473661 0 0 3 0x14200 bored softnet
73747 74349 0 0 3 0x14200 bored softnet
2665 228039 0 0 3 0x14200 bored systqmp
20078 137976 0 0 3 0x14200 bored systq
10051 278731 0 0 3 0x40014200 bored softclock
14898 148758 0 0 3 0x40014200 idle0
1 73377 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10233 6491K 7255K 78643K 17532 0
pcb 13 16K 21K 78643K 880 0
rtable 195 15K 16K 78643K 1286 0
ifaddr 77 25K 27K 78643K 390 0
sysctl 2 0K 0K 78643K 2 0
counters 58 35K 36K 78643K 374 0
ioctlops 0 0K 4K 78643K 4429 0
iov 0 0K 20K 78643K 844 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1558 97K 97K 78643K 4238 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 30 0
VM map 2 1K 1K 78643K 2 0
sem 19 2K 2K 78643K 26 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 17 61K 89K 78643K 4012 0
sigio 0 0K 0K 78643K 25 0
proc 70 91K 140K 78643K 1181 0
subproc 130 8K 8K 78643K 289 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 402 0
in_multi 77 5K 7K 78643K 351 0
ether_multi 1 0K 0K 78643K 27 0
mrt 1 0K 0K 78643K 33 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 211 943K 943K 78643K 211 0
exec 0 0K 1K 78643K 918 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 355 106K 114K 78643K 29797 0
UVM aobj 131 6K 6K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 88 0
NDP 13 0K 2K 78643K 124 0
temp 141 5779K 6798K 78643K 68647 0
kqueue 12 18K 26K 78643K 336 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 460 0 457 8 7 1 3 0 8 0
rtentry 112 411 0 328 4 0 4 4 0 8 0
unpcb 144 3396 0 3381 38 36 2 8 0 8 1
syncache 296 30 0 30 9 9 0 1 0 8 0
tcpqe 32 62 0 62 7 7 0 1 0 8 0
tcpcb 776 1205 0 1201 49 48 1 8 0 8 0
arp 120 52 0 38 1 0 1 1 0 8 0
inpcb 368 3811 0 3804 64 60 4 11 0 8 3
nd6 48 72 0 52 1 0 1 1 0 8 0
pkpcb 40 6 0 6 2 2 0 1 0 8 0
kcovpl 48 22 0 12 1 0 1 1 0 8 0
mppekey 1024 81 0 81 5 5 0 1 0 8 0
ppxss 1256 118 0 118 9 9 0 1 0 8 0
pppxif 1456 16 0 16 6 6 0 1 0 8 0
pfstscr 40 17 0 16 2 1 1 1 0 8 0
pffrag 232 43 0 42 4 3 1 1 0 482 0
pffrnode 88 43 0 42 4 3 1 1 0 8 0
pffrent 40 107 0 106 4 3 1 1 0 8 0
pfosfp 40 1495 0 1070 5 0 5 5 0 8 0
pfosfpen 112 1495 0 779 21 0 21 21 0 8 0
pfanchor 1280 647 41 135 47 4 43 43 0 8 0
pfstitem 24 40 0 37 1 0 1 1 0 8 0
pfstkey 128 53 0 48 1 0 1 1 0 8 0
pfstate 384 43 0 40 3 2 1 3 0 8 0
pfrule 1344 21 0 20 2 1 1 2 0 8 0
rttmr 136 8 0 8 1 1 0 1 0 8 0
art_heap8 4096 2 0 1 2 1 1 2 0 8 0
art_heap4 256 1492 0 1117 39 13 26 30 0 8 1
art_table 32 1494 0 1118 4 0 4 4 0 8 0
art_node 16 336 0 264 1 0 1 1 0 8 0
sysvmsgpl 40 5 0 3 1 0 1 1 0 8 0
semupl 112 4 0 4 1 1 0 1 0 8 0
semapl 112 18 0 1 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 6675 0 5219 92 0 92 92 0 8 0
ffsino 272 6675 0 5219 98 0 98 98 0 8 0
nchpl 144 12990 0 11342 63 0 63 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 46657 0 46654 5 4 1 2 0 8 0
percpumem 16 200 0 158 1 0 1 1 0 8 0
vmpool 696 89 0 89 6 5 1 1 0 8 1
kstatmem 264 156 0 130 2 0 2 2 0 8 0
scsiplug 72 11 0 11 2 2 0 1 0 8 0
scxspl 216 35294 0 35292 21 18 3 8 0 8 2
plimitpl 152 364 0 346 1 0 1 1 0 8 0
sigapl 424 4330 0 4262 10 2 8 8 0 8 0
futexpl 64 38917 0 38915 3 2 1 1 0 8 0
knotepl 120 527 0 0 11 0 11 11 0 8 0
kqueuepl 216 609 0 601 4 3 1 3 0 8 0
pipepl 320 713 0 682 19 16 3 8 0 8 0
fdescpl 496 4291 0 4261 8 3 5 5 0 8 1
filepl 152 31184 0 30908 57 40 17 18 0 8 5
lockfpl 104 1625 0 1623 6 5 1 4 0 8 0
lockfspl 48 619 0 617 2 1 1 2 0 8 0
sessionpl 144 40 0 21 1 0 1 1 0 8 0
pgrppl 48 65 0 46 1 0 1 1 0 8 0
ucredpl 104 3094 0 3082 1 0 1 1 0 8 0
zombiepl 144 4262 0 4262 3 2 1 1 0 8 1
processpl 1072 4330 0 4262 5 0 5 5 0 8 0
procpl 696 11717 0 11626 17 6 11 11 0 8 1
srpgc 96 22 0 22 8 7 1 1 0 8 1
sosppl 168 58 0 58 6 5 1 1 0 8 1
sockpl 488 7678 0 7653 167 159 8 29 0 8 4
mcl64k 65536 17 0 0 3 0 3 3 0 8 0
mcl16k 16384 17 0 0 3 0 3 3 0 8 0
mcl12k 12288 17 0 0 2 0 2 2 0 8 0
mcl9k 9216 18 0 0 2 0 2 2 0 8 0
mcl8k 8192 25 0 0 3 0 3 3 0 8 0
mcl4k 4096 22 0 0 3 0 3 3 0 8 0
mcl2k2 2112 4 0 0 1 0 1 1 0 8 0
mcl2k 2048 508 0 0 63 3 60 63 0 8 1
mtagpl 96 440 0 0 11 0 11 11 0 8 0
mbufpl 256 2261 0 0 130 0 130 130 0 8 0
bufpl 288 10210 0 3882 453 0 453 453 0 8 0
anonpl 24 940586 0 921622 194 60 134 141 0 186 1
amapchunkpl 152 85520 0 84682 61 21 40 46 0 158 0
amappl16 200 11767 0 11197 96 63 33 45 0 8 0
amappl15 192 20 0 19 1 0 1 1 0 8 0
amappl14 184 199 0 186 2 1 1 2 0 8 0
amappl13 176 6 0 6 2 2 0 1 0 8 0
amappl12 168 596 0 592 1 0 1 1 0 8 0
amappl11 160 51 0 36 1 0 1 1 0 8 0
amappl10 152 50 0 37 1 0 1 1 0 8 0
amappl9 144 980 0 979 2 1 1 1 0 8 0
amappl8 136 320 0 241 3 0 3 3 0 8 0
amappl7 128 202 0 175 2 1 1 2 0 8 0
amappl6 120 269 0 251 2 1 1 2 0 8 0
amappl5 112 227 0 218 1 0 1 1 0 8 0
amappl4 104 752 0 718 2 0 2 2 0 8 0
amappl3 96 12467 0 12405 2 0 2 2 0 8 0
amappl2 88 4950 0 4868 4 2 2 4 0 8 0
amappl1 80 101428 0 100615 30 11 19 28 0 8 0
amappl 88 28972 0 28755 7 1 6 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 4380 0 4350 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 4380 0 4350 1 0 1 1 0 8 0
vmmpekpl 168 38311 0 38249 4 0 4 4 0 8 0
vmmpepl 168 408106 0 405077 277 125 152 170 0 357 12
vmsppl 440 4379 0 4350 6 2 4 5 0 8 0
rwobjpl 56 117525 0 109595 121 7 114 115 0 8 0
pdppl 4096 8767 0 8700 395 324 71 81 0 8 4
pvpl 32 1832623 0 1807932 431 212 219 367 0 265 2
pmappl 248 4379 0 4350 4 1 3 3 0 8 1
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1373 0 421 28 0 28 28 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff82b24ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82db6020) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82db6020) at __mp_lock+0x122 sys/kern/kern_lock.c:147
intr_handler(ffff800029bd4920,ffff80000006ba00) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f
Xspllower() at Xspllower+0x19
cnputc(20) at cnputc+0x4b sys/dev/cons.c:218
db_putchar(76) at db_putchar+0x316 db_force_whitespace sys/ddb/db_output.c:102 [inline]
db_putchar(76) at db_putchar+0x316 sys/ddb/db_output.c:153
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1064
db_printf(ffffffff827d3cc9) at db_printf+0x85 sys/kern/subr_prf.c:498
panic(ffffffff82742aec) at panic+0xd7 sys/kern/subr_prf.c:216
vop_generic_badop(ffff800029bd4d48) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd80678f32e0,fffffd80675ced88) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:628
end trace frame: 0xffff800029bd4df0, count: 0
ddb{0}> trace
x86_ipi_db(ffffffff82b24ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82db6020) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82db6020) at __mp_lock+0x122 sys/kern/kern_lock.c:147
intr_handler(ffff800029bd4920,ffff80000006ba00) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f
Xspllower() at Xspllower+0x19
cnputc(20) at cnputc+0x4b sys/dev/cons.c:218
db_putchar(76) at db_putchar+0x316 db_force_whitespace sys/ddb/db_output.c:102 [inline]
db_putchar(76) at db_putchar+0x316 sys/ddb/db_output.c:153
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1064
db_printf(ffffffff827d3cc9) at db_printf+0x85 sys/kern/subr_prf.c:498
panic(ffffffff82742aec) at panic+0xd7 sys/kern/subr_prf.c:216
vop_generic_badop(ffff800029bd4d48) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_STRATEGY(fffffd80678f32e0,fffffd80675ced88) at VOP_STRATEGY+0x9b sys/kern/vfs_vops.c:628
bwrite(fffffd80675ced88) at bwrite+0x1f0 sys/kern/vfs_bio.c:760
VOP_BWRITE(fffffd80675ced88) at VOP_BWRITE+0x4a sys/kern/vfs_vops.c:640
ufs_mkdir(ffff800029bd4fe0) at ufs_mkdir+0x6b4 sys/ufs/ufs/ufs_vnops.c:1236
VOP_MKDIR(fffffd8067642958,ffff800029bd5140,ffff800029bd5170,ffff800029bd5070) at VOP_MKDIR+0xbf sys/kern/vfs_vops.c:388
domkdirat(ffff8000212d9358,ffffff9c,20000040,8c) at domkdirat+0x121 sys/kern/vfs_syscalls.c:3112
syscall(ffff800029bd52f0) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff800029bd52f0) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:625
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3f545b7a440, count: -21
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x18: addq $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82751deb) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff827cd2be,ffffffff827b7d4c,3eb,ffffffff8275e34c) at __assert+0x25 sys/kern/subr_prf.c:157
uao_get(fffffd8078ff8f30,0,ffff8000249c4f00,ffff8000249c4d74,0,1,d2ea42536cd178be,fffffd8078ff8f30) at uao_get+0x78f uao_find_swslot sys/uvm/uvm_aobj.c:249 [inline]
uao_get(fffffd8078ff8f30,0,ffff8000249c4f00,ffff8000249c4d74,0,1,d2ea42536cd178be,fffffd8078ff8f30) at uao_get+0x78f sys/uvm/uvm_aobj.c:1174
uvm_fault_lower_lookup(ffff8000249c4f80,ffff8000249c4fb8,ffff8000249c4f00) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff8000249c4f80,ffff8000249c4fb8,ffff8000249c4f00,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd8008a02000,f4120b3f000,0,1) at uvm_fault+0x238
upageflttrap(ffff8000249c5100,f4120b3f04c) at upageflttrap+0x85 sys/arch/amd64/amd64/trap.c:186
usertrap(ffff8000249c5100) at usertrap+0x204 sys/arch/amd64/amd64/trap.c:438
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffe0db0, count: 5
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff82751deb) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff827cd2be,ffffffff827b7d4c,3eb,ffffffff8275e34c) at __assert+0x25 sys/kern/subr_prf.c:157
uao_get(fffffd8078ff8f30,0,ffff8000249c4f00,ffff8000249c4d74,0,1,d2ea42536cd178be,fffffd8078ff8f30) at uao_get+0x78f uao_find_swslot sys/uvm/uvm_aobj.c:249 [inline]
uao_get(fffffd8078ff8f30,0,ffff8000249c4f00,ffff8000249c4d74,0,1,d2ea42536cd178be,fffffd8078ff8f30) at uao_get+0x78f sys/uvm/uvm_aobj.c:1174
uvm_fault_lower_lookup(ffff8000249c4f80,ffff8000249c4fb8,ffff8000249c4f00) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff8000249c4f80,ffff8000249c4fb8,ffff8000249c4f00,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd8008a02000,f4120b3f000,0,1) at uvm_fault+0x238
upageflttrap(ffff8000249c5100,f4120b3f04c) at upageflttrap+0x85 sys/arch/amd64/amd64/trap.c:186
usertrap(ffff8000249c5100) at usertrap+0x204 sys/arch/amd64/amd64/trap.c:438
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffe0db0, count: -10
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
2023年7月20日 08:59:372023/7/20
收件人 syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
回复全部
回复作者
转发
0 个新帖子