panic: witness_warn
3 views
Skip to first unread message
syzbot
Jan 24, 2019, 2:50:04 AM1/24/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: f1baa6d0b1f2 set the NEGOTIATED flag in the flags argument..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1182f8c0c00000
kernel config: https://syzkaller.appspot.com/x/.config?x=3303344588104330
dashboard link: https://syzkaller.appspot.com/bug?extid=8d2433a7145f5483e36f
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8d2433...@syzkaller.appspotmail.com
panic: witness_warn
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*406261 83548 32767 0x1010 0x4080000 1 syz-executor0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x16c sys/kern/subr_prf.c:208
witness_warn(ea37504bd14f1bd3,0,ffff800020bba4c8) at witness_warn+0x6e0
witness_debugger sys/kern/subr_witness.c:2546 [inline]
witness_warn(ea37504bd14f1bd3,0,ffff800020bba4c8) at witness_warn+0x6e0
sys/kern/subr_witness.c:1462
userret(1db18f455523ed19) at userret+0x361 sys/kern/kern_sig.c:1899
syscall(541e68d93654cbdd) at syscall+0x680 mi_syscall_return
sys/sys/syscall_mi.h:122 [inline]
syscall(541e68d93654cbdd) at syscall+0x680 sys/arch/amd64/amd64/trap.c:605
Xsyscall(6,5,c,0,3,a07008670d8) at Xsyscall+0x128
end of kernel
end trace frame: 0xa098365b230, count: 9
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> show panic
witness_warn
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x16c sys/kern/subr_prf.c:208
witness_warn(ea37504bd14f1bd3,0,ffff800020bba4c8) at witness_warn+0x6e0
witness_debugger sys/kern/subr_witness.c:2546 [inline]
witness_warn(ea37504bd14f1bd3,0,ffff800020bba4c8) at witness_warn+0x6e0
sys/kern/subr_witness.c:1462
userret(1db18f455523ed19) at userret+0x361 sys/kern/kern_sig.c:1899
syscall(541e68d93654cbdd) at syscall+0x680 mi_syscall_return
sys/sys/syscall_mi.h:122 [inline]
syscall(541e68d93654cbdd) at syscall+0x680 sys/arch/amd64/amd64/trap.c:605
Xsyscall(6,5,c,0,3,a07008670d8) at Xsyscall+0x128
end of kernel
end trace frame: 0xa098365b230, count: -6
ddb{1}> show registers
rdi 0xffffffff81107617 db_enter+0x17
rsi 0x4745 __ALIGN_SIZE+0x3745
rbp 0xffff800020c7fb70
rbx 0xffff800020c7fc10
rdx 0x4746 __ALIGN_SIZE+0x3746
rcx 0xffff800000b46000
rax 0xffff800000b46000
r8 0xffffffff81788154 kprintf+0x174
r9 0x1
r10 0x263be4e83557ba98
r11 0x432b544e619eff4e
r12 0x3000000008
r13 0xffff800020c7fb80
r14 0x100
r15 0x1
rip 0xffffffff81107618 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020c7fb60
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor0) pid=406261 stat=onproc
flags process=1010<SUGID,SINGLEEXIT> proc=4080000<SUSPSINGLE,THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020bbabd0,0xffff800020bbb2e8
process=0xffff800020bcad38 user=0xffff800020c7a000,
vmspace=0xfffffd807f00c870
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
74591 399371 38596 32767 3 0x90 nanosleep syz-executor1
74591 88995 38596 32767 3 0x4000090 nanosleep syz-executor1
83548 470034 58256 32767 3 0x3010 suspend syz-executor0
83548 279091 58256 32767 2 0x4081010 syz-executor0
*83548 406261 58256 32767 7 0x4081010 syz-executor0
83548 212331 58256 32767 2 0x4081010 syz-executor0
58256 197899 43891 32767 2 0x490 syz-executor0
43891 134682 80469 0 3 0x82 wait syz-executor0
38596 185415 30519 32767 3 0x90 nanosleep syz-executor1
30519 446059 80469 0 3 0x82 wait syz-executor1
80469 238129 20699 0 3 0x82 thrsleep syz-fuzzer
80469 242306 20699 0 3 0x4000082 thrsleep syz-fuzzer
80469 428443 20699 0 3 0x4000082 thrsleep syz-fuzzer
80469 72045 20699 0 2 0x4000002 syz-fuzzer
80469 262831 20699 0 3 0x4000082 thrsleep syz-fuzzer
80469 388332 20699 0 3 0x4000082 thrsleep syz-fuzzer
80469 276510 20699 0 3 0x4000082 thrsleep syz-fuzzer
80469 113333 20699 0 3 0x4000082 thrsleep syz-fuzzer
80469 501063 20699 0 3 0x4000082 thrsleep syz-fuzzer
80469 83037 20699 0 2 0x4000482 syz-fuzzer
20699 101837 13297 0 3 0x10008a pause ksh
13297 431449 57349 0 3 0x92 select sshd
71137 388477 1 0 3 0x100083 ttyin getty
57349 449274 1 0 3 0x80 select sshd
62748 367616 41290 73 2 0x100090 syslogd
41290 294107 1 0 3 0x100082 netio syslogd
38037 144984 1 77 3 0x100090 poll dhclient
8090 417047 1 0 3 0x80 poll dhclient
40804 453189 0 0 3 0x14200 pgzero zerothread
50258 451717 0 0 3 0x14200 aiodoned aiodoned
36790 451820 0 0 3 0x14200 syncer update
37047 190254 0 0 3 0x14200 cleaner cleaner
50051 492241 0 0 2 0x14200 reaper
16399 226846 0 0 3 0x14200 pgdaemon pagedaemon
11492 167608 0 0 3 0x14200 bored crynlk
68394 340699 0 0 3 0x14200 bored crypto
1074 79590 0 0 3 0x40014200 acpi0 acpi0
79979 25017 0 0 3 0x40014200 idle1
57082 99762 0 0 3 0x14200 bored softnet
6703 485615 0 0 3 0x14200 bored systqmp
94513 355872 0 0 3 0x14200 bored systq
75839 60450 0 0 3 0x40014200 bored softclock
28975 323894 0 0 7 0x40014200 idle0
1 354870 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: f1baa6d0b1f2 set the NEGOTIATED flag in the flags argument..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1182f8c0c00000
kernel config: https://syzkaller.appspot.com/x/.config?x=3303344588104330
dashboard link: https://syzkaller.appspot.com/bug?extid=8d2433a7145f5483e36f
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8d2433...@syzkaller.appspotmail.com
panic: witness_warn
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*406261 83548 32767 0x1010 0x4080000 1 syz-executor0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x16c sys/kern/subr_prf.c:208
witness_warn(ea37504bd14f1bd3,0,ffff800020bba4c8) at witness_warn+0x6e0
witness_debugger sys/kern/subr_witness.c:2546 [inline]
witness_warn(ea37504bd14f1bd3,0,ffff800020bba4c8) at witness_warn+0x6e0
sys/kern/subr_witness.c:1462
userret(1db18f455523ed19) at userret+0x361 sys/kern/kern_sig.c:1899
syscall(541e68d93654cbdd) at syscall+0x680 mi_syscall_return
sys/sys/syscall_mi.h:122 [inline]
syscall(541e68d93654cbdd) at syscall+0x680 sys/arch/amd64/amd64/trap.c:605
Xsyscall(6,5,c,0,3,a07008670d8) at Xsyscall+0x128
end of kernel
end trace frame: 0xa098365b230, count: 9
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> show panic
witness_warn
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x16c sys/kern/subr_prf.c:208
witness_warn(ea37504bd14f1bd3,0,ffff800020bba4c8) at witness_warn+0x6e0
witness_debugger sys/kern/subr_witness.c:2546 [inline]
witness_warn(ea37504bd14f1bd3,0,ffff800020bba4c8) at witness_warn+0x6e0
sys/kern/subr_witness.c:1462
userret(1db18f455523ed19) at userret+0x361 sys/kern/kern_sig.c:1899
syscall(541e68d93654cbdd) at syscall+0x680 mi_syscall_return
sys/sys/syscall_mi.h:122 [inline]
syscall(541e68d93654cbdd) at syscall+0x680 sys/arch/amd64/amd64/trap.c:605
Xsyscall(6,5,c,0,3,a07008670d8) at Xsyscall+0x128
end of kernel
end trace frame: 0xa098365b230, count: -6
ddb{1}> show registers
rdi 0xffffffff81107617 db_enter+0x17
rsi 0x4745 __ALIGN_SIZE+0x3745
rbp 0xffff800020c7fb70
rbx 0xffff800020c7fc10
rdx 0x4746 __ALIGN_SIZE+0x3746
rcx 0xffff800000b46000
rax 0xffff800000b46000
r8 0xffffffff81788154 kprintf+0x174
r9 0x1
r10 0x263be4e83557ba98
r11 0x432b544e619eff4e
r12 0x3000000008
r13 0xffff800020c7fb80
r14 0x100
r15 0x1
rip 0xffffffff81107618 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020c7fb60
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor0) pid=406261 stat=onproc
flags process=1010<SUGID,SINGLEEXIT> proc=4080000<SUSPSINGLE,THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020bbabd0,0xffff800020bbb2e8
process=0xffff800020bcad38 user=0xffff800020c7a000,
vmspace=0xfffffd807f00c870
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
74591 399371 38596 32767 3 0x90 nanosleep syz-executor1
74591 88995 38596 32767 3 0x4000090 nanosleep syz-executor1
83548 470034 58256 32767 3 0x3010 suspend syz-executor0
83548 279091 58256 32767 2 0x4081010 syz-executor0
*83548 406261 58256 32767 7 0x4081010 syz-executor0
83548 212331 58256 32767 2 0x4081010 syz-executor0
58256 197899 43891 32767 2 0x490 syz-executor0
43891 134682 80469 0 3 0x82 wait syz-executor0
38596 185415 30519 32767 3 0x90 nanosleep syz-executor1
30519 446059 80469 0 3 0x82 wait syz-executor1
80469 238129 20699 0 3 0x82 thrsleep syz-fuzzer
80469 242306 20699 0 3 0x4000082 thrsleep syz-fuzzer
80469 428443 20699 0 3 0x4000082 thrsleep syz-fuzzer
80469 72045 20699 0 2 0x4000002 syz-fuzzer
80469 262831 20699 0 3 0x4000082 thrsleep syz-fuzzer
80469 388332 20699 0 3 0x4000082 thrsleep syz-fuzzer
80469 276510 20699 0 3 0x4000082 thrsleep syz-fuzzer
80469 113333 20699 0 3 0x4000082 thrsleep syz-fuzzer
80469 501063 20699 0 3 0x4000082 thrsleep syz-fuzzer
80469 83037 20699 0 2 0x4000482 syz-fuzzer
20699 101837 13297 0 3 0x10008a pause ksh
13297 431449 57349 0 3 0x92 select sshd
71137 388477 1 0 3 0x100083 ttyin getty
57349 449274 1 0 3 0x80 select sshd
62748 367616 41290 73 2 0x100090 syslogd
41290 294107 1 0 3 0x100082 netio syslogd
38037 144984 1 77 3 0x100090 poll dhclient
8090 417047 1 0 3 0x80 poll dhclient
40804 453189 0 0 3 0x14200 pgzero zerothread
50258 451717 0 0 3 0x14200 aiodoned aiodoned
36790 451820 0 0 3 0x14200 syncer update
37047 190254 0 0 3 0x14200 cleaner cleaner
50051 492241 0 0 2 0x14200 reaper
16399 226846 0 0 3 0x14200 pgdaemon pagedaemon
11492 167608 0 0 3 0x14200 bored crynlk
68394 340699 0 0 3 0x14200 bored crypto
1074 79590 0 0 3 0x40014200 acpi0 acpi0
79979 25017 0 0 3 0x40014200 idle1
57082 99762 0 0 3 0x14200 bored softnet
6703 485615 0 0 3 0x14200 bored systqmp
94513 355872 0 0 3 0x14200 bored systq
75839 60450 0 0 3 0x40014200 bored softclock
28975 323894 0 0 7 0x40014200 idle0
1 354870 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot
Jan 24, 2019, 3:11:03 AM1/24/19
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: f1baa6d0b1f2 set the NEGOTIATED flag in the flags argument..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=170bcd08c00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8d2433...@syzkaller.appspotmail.com
panic: witness_warn
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
485455 83635 32767 0x10 0 0 syz-executor1
*120295 83635 32767 0x10 0x4000000 1 syz-executor1
witness_debugger sys/kern/subr_witness.c:2546 [inline]
witness_warn(bd48d4556b687497,0,ffff800020b92bd0) at witness_warn+0x6e0
sys/kern/subr_witness.c:1462
userret(9439c9f00a600a4e) at userret+0x361 sys/kern/kern_sig.c:1899
syscall(95d37f4e4d09df6e) at syscall+0x680 mi_syscall_return
sys/sys/syscall_mi.h:122 [inline]
syscall(95d37f4e4d09df6e) at syscall+0x680 sys/arch/amd64/amd64/trap.c:605
Xsyscall(6,5,c,0,3,c8b9c1ef0d8) at Xsyscall+0x128
end of kernel
end trace frame: 0xc8e8fd85b00, count: 9
HEAD commit: f1baa6d0b1f2 set the NEGOTIATED flag in the flags argument..
git tree: openbsd
kernel config: https://syzkaller.appspot.com/x/.config?x=3303344588104330
dashboard link: https://syzkaller.appspot.com/bug?extid=8d2433a7145f5483e36f
compiler:
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1782f8c0c00000
dashboard link: https://syzkaller.appspot.com/bug?extid=8d2433a7145f5483e36f
compiler:
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8d2433...@syzkaller.appspotmail.com
panic: witness_warn
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*120295 83635 32767 0x10 0x4000000 1 syz-executor1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x16c sys/kern/subr_prf.c:208
witness_warn(bd48d4556b687497,0,ffff800020b92bd0) at witness_warn+0x6e0
panic() at panic+0x16c sys/kern/subr_prf.c:208
witness_debugger sys/kern/subr_witness.c:2546 [inline]
witness_warn(bd48d4556b687497,0,ffff800020b92bd0) at witness_warn+0x6e0
sys/kern/subr_witness.c:1462
userret(9439c9f00a600a4e) at userret+0x361 sys/kern/kern_sig.c:1899
syscall(95d37f4e4d09df6e) at syscall+0x680 mi_syscall_return
sys/sys/syscall_mi.h:122 [inline]
syscall(95d37f4e4d09df6e) at syscall+0x680 sys/arch/amd64/amd64/trap.c:605
Xsyscall(6,5,c,0,3,c8b9c1ef0d8) at Xsyscall+0x128
end of kernel
end trace frame: 0xc8e8fd85b00, count: 9
syzbot
Jan 24, 2019, 5:57:03 AM1/24/19
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: f1baa6d0b1f2 set the NEGOTIATED flag in the flags argument..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=138e7f44c00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=107ea8c0c00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8d2433...@syzkaller.appspotmail.com
panic: witness_warn
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*175334 82294 0 0 0x4000000 0 syz-executor7144
427036 84602 0 0 0x480 1 syz-executor7144
witness_debugger sys/kern/subr_witness.c:2546 [inline]
witness_warn(15552fc2a820bb84,0,ffff800020b74bc0) at witness_warn+0x6e0
sys/kern/subr_witness.c:1462
userret(9e8bd6e5bda8e078) at userret+0x361 sys/kern/kern_sig.c:1899
syscall(5f1f968ae6d3bfd6) at syscall+0x680 mi_syscall_return
sys/sys/syscall_mi.h:122 [inline]
syscall(5f1f968ae6d3bfd6) at syscall+0x680 sys/arch/amd64/amd64/trap.c:605
Xsyscall(6,5,de66d540c8,0,de66d540a8,de66d540a0) at Xsyscall+0x128
end of kernel
end trace frame: 0xe0be6e8510, count: 9
ddb{0}> set $lines = 0
ddb{0}> show panic
witness_warn
ddb{0}> trace
witness_debugger sys/kern/subr_witness.c:2546 [inline]
witness_warn(15552fc2a820bb84,0,ffff800020b74bc0) at witness_warn+0x6e0
sys/kern/subr_witness.c:1462
userret(9e8bd6e5bda8e078) at userret+0x361 sys/kern/kern_sig.c:1899
syscall(5f1f968ae6d3bfd6) at syscall+0x680 mi_syscall_return
sys/sys/syscall_mi.h:122 [inline]
syscall(5f1f968ae6d3bfd6) at syscall+0x680 sys/arch/amd64/amd64/trap.c:605
Xsyscall(6,5,de66d540c8,0,de66d540a8,de66d540a0) at Xsyscall+0x128
end of kernel
end trace frame: 0xe0be6e8510, count: -6
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020c1d5b0
rbx 0xffff800020c1d650
rdx 0xffffffff81ec577a cmd0646_9_tim_udma+0x16395
rcx 0x201
rax 0x1
r11 0x4b9cb1f45b0a2212
r12 0x3000000008
r13 0xffff800020c1d5c0
PROC (syz-executor7144) pid=175334 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020b75520,0xffff800020b75080
process=0xffff800020bcb080 user=0xffff800020c18000,
vmspace=0xfffffd806e9372d8
*82294 175334 84602 0 7 0x4000000 syz-executor7144
82294 61176 84602 0 3 0x4000080 fsleep syz-executor7144
82294 223855 84602 0 2 0x4000000 syz-executor7144
88069 244345 82639 0 2 0 syz-executor7144
88069 495463 82639 0 3 0x4000080 fsleep syz-executor7144
84602 427036 15882 0 7 0x480 syz-executor7144
82639 478770 15882 0 2 0 syz-executor7144
15882 208260 3018 0 3 0x82 nanosleep syz-executor7144
3018 94359 9945 0 3 0x10008a pause ksh
9945 133407 20061 0 3 0x92 select sshd
98405 81664 1 0 3 0x100083 ttyin getty
20061 165613 1 0 3 0x80 select sshd
64247 199513 82139 73 3 0x100010 ffs_fsync syslogd
82139 3779 1 0 3 0x100082 netio syslogd
27317 186814 1 77 3 0x100090 poll dhclient
9549 212121 1 0 3 0x80 poll dhclient
90711 404011 0 0 3 0x14200 pgzero zerothread
54608 393432 0 0 3 0x14200 aiodoned aiodoned
59075 434843 0 0 3 0x14200 syncer update
98599 508448 0 0 3 0x14200 cleaner cleaner
79588 9890 0 0 3 0x14200 reaper reaper
63835 189396 0 0 3 0x14200 pgdaemon pagedaemon
94940 521017 0 0 3 0x14200 bored crynlk
43936 46918 0 0 3 0x14200 bored crypto
92037 504466 0 0 3 0x40014200 acpi0 acpi0
48252 303887 0 0 3 0x40014200 idle1
6935 419957 0 0 3 0x14200 bored softnet
31917 341682 0 0 3 0x14200 bored systqmp
76968 385231 0 0 3 0x14200 bored systq
26928 182055 0 0 3 0x40014200 bored softclock
10636 485841 0 0 3 0x40014200 idle0
1 61555 0 0 3 0x82 wait init
HEAD commit: f1baa6d0b1f2 set the NEGOTIATED flag in the flags argument..
git tree: openbsd
kernel config: https://syzkaller.appspot.com/x/.config?x=3303344588104330
dashboard link: https://syzkaller.appspot.com/bug?extid=8d2433a7145f5483e36f
compiler:
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13f77508c00000
dashboard link: https://syzkaller.appspot.com/bug?extid=8d2433a7145f5483e36f
compiler:
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=107ea8c0c00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8d2433...@syzkaller.appspotmail.com
panic: witness_warn
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
427036 84602 0 0 0x480 1 syz-executor7144
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x16c sys/kern/subr_prf.c:208
witness_warn(15552fc2a820bb84,0,ffff800020b74bc0) at witness_warn+0x6e0
panic() at panic+0x16c sys/kern/subr_prf.c:208
witness_debugger sys/kern/subr_witness.c:2546 [inline]
witness_warn(15552fc2a820bb84,0,ffff800020b74bc0) at witness_warn+0x6e0
sys/kern/subr_witness.c:1462
userret(9e8bd6e5bda8e078) at userret+0x361 sys/kern/kern_sig.c:1899
syscall(5f1f968ae6d3bfd6) at syscall+0x680 mi_syscall_return
sys/sys/syscall_mi.h:122 [inline]
syscall(5f1f968ae6d3bfd6) at syscall+0x680 sys/arch/amd64/amd64/trap.c:605
Xsyscall(6,5,de66d540c8,0,de66d540a8,de66d540a0) at Xsyscall+0x128
end of kernel
end trace frame: 0xe0be6e8510, count: 9
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}> set $lines = 0
ddb{0}> show panic
witness_warn
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x16c sys/kern/subr_prf.c:208
witness_warn(15552fc2a820bb84,0,ffff800020b74bc0) at witness_warn+0x6e0
panic() at panic+0x16c sys/kern/subr_prf.c:208
witness_debugger sys/kern/subr_witness.c:2546 [inline]
witness_warn(15552fc2a820bb84,0,ffff800020b74bc0) at witness_warn+0x6e0
sys/kern/subr_witness.c:1462
userret(9e8bd6e5bda8e078) at userret+0x361 sys/kern/kern_sig.c:1899
syscall(5f1f968ae6d3bfd6) at syscall+0x680 mi_syscall_return
sys/sys/syscall_mi.h:122 [inline]
syscall(5f1f968ae6d3bfd6) at syscall+0x680 sys/arch/amd64/amd64/trap.c:605
Xsyscall(6,5,de66d540c8,0,de66d540a8,de66d540a0) at Xsyscall+0x128
end of kernel
end trace frame: 0xe0be6e8510, count: -6
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020c1d5b0
rbx 0xffff800020c1d650
rdx 0xffffffff81ec577a cmd0646_9_tim_udma+0x16395
rcx 0x201
rax 0x1
r8 0xffffffff81788154 kprintf+0x174
r9 0x1
r10 0xdb67ae6ff8eaa839
r9 0x1
r11 0x4b9cb1f45b0a2212
r12 0x3000000008
r13 0xffff800020c1d5c0
r14 0x100
r15 0x1
rip 0xffffffff81107618 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020c1d5a0
r15 0x1
rip 0xffffffff81107618 db_enter+0x18
cs 0x8
rflags 0x246
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
db_enter+0x18: addq $0x8,%rsp
PROC (syz-executor7144) pid=175334 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020b75520,0xffff800020b75080
process=0xffff800020bcb080 user=0xffff800020c18000,
vmspace=0xfffffd806e9372d8
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb{0}> ps
user=0, sys=2, intr=0
PID TID PPID UID S FLAGS WAIT COMMAND
82294 427157 84602 0 2 0 syz-executor7144
*82294 175334 84602 0 7 0x4000000 syz-executor7144
82294 61176 84602 0 3 0x4000080 fsleep syz-executor7144
82294 223855 84602 0 2 0x4000000 syz-executor7144
88069 244345 82639 0 2 0 syz-executor7144
88069 495463 82639 0 3 0x4000080 fsleep syz-executor7144
84602 427036 15882 0 7 0x480 syz-executor7144
82639 478770 15882 0 2 0 syz-executor7144
15882 208260 3018 0 3 0x82 nanosleep syz-executor7144
3018 94359 9945 0 3 0x10008a pause ksh
9945 133407 20061 0 3 0x92 select sshd
98405 81664 1 0 3 0x100083 ttyin getty
20061 165613 1 0 3 0x80 select sshd
64247 199513 82139 73 3 0x100010 ffs_fsync syslogd
82139 3779 1 0 3 0x100082 netio syslogd
27317 186814 1 77 3 0x100090 poll dhclient
9549 212121 1 0 3 0x80 poll dhclient
90711 404011 0 0 3 0x14200 pgzero zerothread
54608 393432 0 0 3 0x14200 aiodoned aiodoned
59075 434843 0 0 3 0x14200 syncer update
98599 508448 0 0 3 0x14200 cleaner cleaner
79588 9890 0 0 3 0x14200 reaper reaper
63835 189396 0 0 3 0x14200 pgdaemon pagedaemon
94940 521017 0 0 3 0x14200 bored crynlk
43936 46918 0 0 3 0x14200 bored crypto
92037 504466 0 0 3 0x40014200 acpi0 acpi0
48252 303887 0 0 3 0x40014200 idle1
6935 419957 0 0 3 0x14200 bored softnet
31917 341682 0 0 3 0x14200 bored systqmp
76968 385231 0 0 3 0x14200 bored systq
26928 182055 0 0 3 0x40014200 bored softclock
10636 485841 0 0 3 0x40014200 idle0
1 61555 0 0 3 0x82 wait init
Anton Lindqvist
Jan 29, 2019, 1:51:04 AM1/29/19
to syzbot, syzkaller-o...@googlegroups.com
#syz dup: witness: userret: returning with the following locks held:
Reply all
Reply to author
Forward
0 new messages