panic:p a anciqc:uikerrinngel dbialgocnkoastbliec a s s e r t i o n "! _k er neslle_lepo lcokc_khe l dw ( )i
0 views
Skip to first unread message
syzbot
Mar 22, 2022, 8:00:30 PM3/22/22
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 63abc0ec39b5 For multicast and broadcast packets udp_input..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11a8ecb3700000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=8cf79c6dac8bdea4b3c3
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8cf79c...@syzkaller.appspotmail.com
panic:p a anciqc:uikerrinngel dbialgocnkoastbliec a s s e r t i o n "! _k er neslle_lepo lcokc_khe l dw ( )i"t h s p i n lo ck o r cr i t ic a l s ec t i o n h e l d ( k er n e l _l o ck ) & k er n e l _ lo ck
fStopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*479979 11324 0 0 0x4000000 1 syz-executor.2
327639 52915 0 0x14000 0x200 0 reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a2db5) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff829f3ad8,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd80688bfaa0) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd80688bfaa0) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd80688bf988) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
rip_input(ffff80002e348a48,ffff80002e348a54,0,2) at rip_input+0x3b0 sys/netinet/raw_ip.c:188
ip_deliver(ffff80002e348a48,ffff80002e348a54,0,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002e348a48,ffff80002e348a54,0,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002e348a48,ffff80002e348a54,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd80669ae400) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd80669ae400,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd806c496000,0,fffffd80681e7098,20,0,fffffd80681e7020,aba0b48b42057bb5) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd806c496000,0,fffffd80681e7098,20,0,fffffd80681e7020,aba0b48b42057bb5) at ip_output+0xb05 sys/netinet/ip_output.c:332
rip_output(fffffd806c496000,fffffd80688bfb68,ffff80002e348ca0,1) at rip_output+0x2cb sys/netinet/raw_ip.c:302
end trace frame: 0xffff80002e348d20, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
cpu0: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_map.c", line 2734
*cpu1: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a2db5) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff829f3ad8,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd80688bfaa0) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd80688bfaa0) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd80688bf988) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
rip_input(ffff80002e348a48,ffff80002e348a54,0,2) at rip_input+0x3b0 sys/netinet/raw_ip.c:188
ip_deliver(ffff80002e348a48,ffff80002e348a54,0,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002e348a48,ffff80002e348a54,0,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002e348a48,ffff80002e348a54,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd80669ae400) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd80669ae400,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd806c496000,0,fffffd80681e7098,20,0,fffffd80681e7020,aba0b48b42057bb5) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd806c496000,0,fffffd80681e7098,20,0,fffffd80681e7020,aba0b48b42057bb5) at ip_output+0xb05 sys/netinet/ip_output.c:332
rip_output(fffffd806c496000,fffffd80688bfb68,ffff80002e348ca0,1) at rip_output+0x2cb sys/netinet/raw_ip.c:302
rip_usrreq(fffffd80688bfb68,9,fffffd806c496000,0,0,ffff8000ffff42a0) at rip_usrreq+0x49c sys/netinet/raw_ip.c:554
sosend(fffffd80688bfb68,0,ffff80002e348f30,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582
dofilewritev(ffff8000ffff42a0,85,ffff80002e348f30,0,ffff80002e349030) at dofilewritev+0x19c sys/kern/sys_generic.c:381
sys_writev(ffff8000ffff42a0,ffff80002e348fd8,ffff80002e349030) at sys_writev+0xa7 sys/kern/sys_generic.c:328
syscall(ffff80002e3490a0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002e3490a0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x2f5a8dfe040, count: -20
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002e3485d0
rbx 0xffff800020ce9bff
rdx 0
rcx 0
rax 0xffff8000ffff42a0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xb51095ac86cf98e3
r11 0x34d6089192ea19b3
r12 0xffff800020ce9a00
r13 0
r14 0
r15 0x1
rip 0xffffffff811e4c58 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80002e3485c0
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.2) pid=479979 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff4000,0xffff800021142a98
process=0xffff8000ffff14e0 user=0xffff80002e344000, vmspace=0xfffffd8066f60d10
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
48566 381212 57114 0 2 0 syz-executor.5
48566 183989 57114 0 2 0x4000000 syz-executor.5
18618 284978 1642 0 2 0 syz-executor.0
18618 436162 1642 0 3 0x4000080 fsleep syz-executor.0
18618 410801 1642 0 3 0x4000080 fsleep syz-executor.0
11324 480892 24952 0 2 0 syz-executor.2
*11324 479979 24952 0 7 0x4000000 syz-executor.2
57114 523309 94937 0 3 0x82 nanoslp syz-executor.5
63923 371181 0 0 3 0x14200 bored sosplice
67459 74572 94937 0 2 0x2 syz-executor.7
8516 30484 94937 0 3 0x82 nanoslp syz-executor.6
68651 424775 94937 0 2 0x2 syz-executor.4
24952 187726 94937 0 3 0x82 nanoslp syz-executor.2
60008 446408 94937 0 2 0x2 syz-executor.3
99369 433863 94937 0 3 0x82 nanoslp syz-executor.1
1642 116174 94937 0 3 0x82 nanoslp syz-executor.0
94937 267888 3356 0 3 0x82 thrsleep syz-fuzzer
94937 122368 3356 0 3 0x4000082 nanoslp syz-fuzzer
94937 462139 3356 0 3 0x4000082 thrsleep syz-fuzzer
94937 168484 3356 0 3 0x4000082 thrsleep syz-fuzzer
94937 203593 3356 0 3 0x4000082 thrsleep syz-fuzzer
94937 17513 3356 0 3 0x4000082 thrsleep syz-fuzzer
94937 345731 3356 0 3 0x4000082 kqread syz-fuzzer
94937 470476 3356 0 3 0x4000082 thrsleep syz-fuzzer
3356 358902 60977 0 3 0x10008a sigsusp ksh
60977 207412 72072 0 3 0x9a kqread sshd
94739 275052 1 0 3 0x100083 ttyin getty
72072 487461 1 0 3 0x88 kqread sshd
79085 295427 96530 74 3 0x1100092 bpf pflogd
96530 45620 1 0 3 0x80 netio pflogd
83482 166601 60811 73 3 0x1100090 kqread syslogd
60811 1320 1 0 3 0x100082 netio syslogd
30587 420435 1 0 3 0x100080 kqread resolvd
74804 509582 11019 77 3 0x100092 kqread dhcpleased
31476 112855 11019 77 3 0x100092 kqread dhcpleased
11019 238809 1 0 3 0x80 kqread dhcpleased
34049 331480 0 0 3 0x14200 bored smr
51462 366675 0 0 2 0x14200 zerothread
16796 186855 0 0 3 0x14200 aiodoned aiodoned
8636 519153 0 0 3 0x14200 syncer update
76440 9773 0 0 3 0x14200 cleaner cleaner
52915 327639 0 0 7 0x14200 reaper
38972 369191 0 0 3 0x14200 pgdaemon pagedaemon
7211 77816 0 0 3 0x14200 bored viomb
74891 321496 0 0 3 0x40014200 acpi0 acpi0
31947 301083 0 0 3 0x40014200 idle1
16088 462938 0 0 2 0x14200 softnet
42000 333243 0 0 3 0x14200 bored systqmp
79061 139833 0 0 3 0x14200 bored systq
91246 414812 0 0 3 0x40014200 bored softclock
55773 379200 0 0 3 0x40014200 idle0
1 43302 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 0:
exclusive mutex &(curpg)->mdpage.pv_mtx r = 0 (0xfffffd8006f208b8)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pmap_page_remove+0x44 sys/arch/amd64/amd64/pmap.c:1912
#4 uvm_anfree_list+0x98
#5 amap_wipeout+0x1b1 sys/uvm/uvm_amap.c:504
#6 uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1599
#7 uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789
#8 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
#9 reaper+0x18b sys/kern/kern_exit.c:457
#10 proc_trampoline+0x1c
CPU 1:
exclusive mutex &table->inpt_mtx r = 0 (0xffffffff82b03010)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 rip_input+0x135
#4 ip_deliver+0x322 sys/netinet/ip_input.c:657
#5 ip_ours+0x3ba sys/netinet/ip_input.c:616
#6 ip_input_if+0x2a1
#7 ipv4_input+0x48 sys/netinet/ip_input.c:242
#8 if_input_local+0x10e sys/net/if.c:774
#9 ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
#9 ip_output+0xb05 sys/netinet/ip_output.c:332
#10 rip_output+0x2cb sys/netinet/raw_ip.c:302
#11 rip_usrreq+0x49c sys/netinet/raw_ip.c:554
#12 sosend+0x632 sys/kern/uipc_socket.c:582
#13 dofilewritev+0x19c sys/kern/sys_generic.c:381
#14 sys_writev+0xa7 sys/kern/sys_generic.c:328
#15 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#15 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#16 Xsyscall+0x128
Process 11324 (syz-executor.2) thread 0xffff8000ffff42a0 (479979)
exclusive rwlock netlock r = 0 (0xffffffff82904160)
#0 witness_lock+0x44d
#1 solock+0x86 sys/kern/uipc_socket2.c:295
#2 sosend+0x517 sys/kern/uipc_socket.c:570
#3 dofilewritev+0x19c sys/kern/sys_generic.c:381
#4 sys_writev+0xa7 sys/kern/sys_generic.c:328
#5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#6 Xsyscall+0x128
exclusive mutex &table->inpt_mtx r = 0 (0xffffffff82b03010)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 rip_input+0x135
#4 ip_deliver+0x322 sys/netinet/ip_input.c:657
#5 ip_ours+0x3ba sys/netinet/ip_input.c:616
#6 ip_input_if+0x2a1
#7 ipv4_input+0x48 sys/netinet/ip_input.c:242
#8 if_input_local+0x10e sys/net/if.c:774
#9 ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
#9 ip_output+0xb05 sys/netinet/ip_output.c:332
#10 rip_output+0x2cb sys/netinet/raw_ip.c:302
#11 rip_usrreq+0x49c sys/netinet/raw_ip.c:554
#12 sosend+0x632 sys/kern/uipc_socket.c:582
#13 dofilewritev+0x19c sys/kern/sys_generic.c:381
#14 sys_writev+0xa7 sys/kern/sys_generic.c:328
#15 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#15 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#16 Xsyscall+0x128
Process 52915 (reaper) thread 0xffff8000210f9500 (327639)
exclusive rwlock amaplk r = 0 (0xfffffd8075889588)
#0 witness_lock+0x44d
#1 amap_unref+0x2b sys/uvm/uvm_amap.c:1365
#2 uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1599
#3 uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789
#4 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
#5 reaper+0x18b sys/kern/kern_exit.c:457
#6 proc_trampoline+0x1c
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10192 6619K 7400K 78643K 15974 0
pcb 13 16K 18K 78643K 166 0
rtable 235 7K 8K 78643K 910 0
ifaddr 82 17K 18K 78643K 208 0
sysctl 2 0K 0K 78643K 4 0
counters 54 35K 35K 78643K 90 0
ioctlops 0 0K 4K 78643K 1744 0
iov 0 0K 16K 78643K 204 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1407 88K 88K 78643K 2792 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 20 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 1K 78643K 61 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 13 45K 89K 78643K 1489 0
sigio 0 0K 0K 78643K 88 0
proc 71 87K 111K 78643K 873 0
subproc 104 6K 6K 78643K 247 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 39 0
in_multi 88 5K 6K 78643K 251 0
ether_multi 1 0K 0K 78643K 10 0
mrt 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 61 281K 281K 78643K 61 0
exec 0 0K 2K 78643K 1041 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 330 134K 136K 78643K 19840 0
UVM aobj 131 4K 4K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 29 0
NDP 11 0K 2K 78643K 68 0
temp 113 4711K 4787K 78643K 18959 0
kqueue 12 18K 24K 78643K 115 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 126 0 123 2 1 1 2 0 8 0
rtentry 112 256 0 150 4 0 4 4 0 8 0
unpcb 136 507 0 490 6 2 4 4 0 8 3
syncache 296 9 0 9 3 2 1 1 0 8 1
tcpqe 32 214 0 214 2 1 1 1 0 8 1
tcpcb 736 398 0 392 18 16 2 10 0 8 1
arp 120 43 0 25 1 0 1 1 0 8 0
inpcb 312 1262 0 1123 23 12 11 11 0 8 0
nd6 48 61 0 39 1 0 1 1 0 8 0
pkpcb 40 4 0 4 1 1 0 1 0 8 0
kcovpl 48 19 0 11 1 0 1 1 0 8 0
pffrag 232 4 0 2 1 0 1 1 0 482 0
pffrnode 88 4 0 2 1 0 1 1 0 8 0
pffrent 40 9 0 7 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 14 0 12 1 0 1 1 0 8 0
pfstitem 24 43 0 20 1 0 1 1 0 8 0
pfstkey 112 43 0 20 1 0 1 1 0 8 0
pfstate 320 43 0 20 2 0 2 2 0 8 0
pfrule 1360 78 0 65 3 1 2 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 990 0 566 30 3 27 30 0 8 0
art_table 32 991 0 566 4 0 4 4 0 8 0
art_node 16 254 0 159 1 0 1 1 0 8 0
sysvmsgpl 40 14 0 9 1 0 1 1 0 8 0
semupl 112 3 0 3 1 1 0 1 0 8 0
semapl 112 56 0 46 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 3092 0 1654 91 0 91 91 0 8 0
ffsino 272 3092 0 1654 97 0 97 97 0 8 0
nchpl 144 5241 0 3613 63 0 63 63 0 8 0
uvmvnodes 80 4521 0 0 93 0 93 93 0 8 0
vnodes 224 4521 0 0 266 0 266 266 0 8 0
namei 1024 19570 0 19570 3 2 1 2 0 8 1
percpumem 16 57 0 18 1 0 1 1 0 8 0
vcpupl 2048 3 0 0 1 0 1 1 0 8 0
vmpool 560 6 0 3 1 0 1 1 0 8 0
pfiaddrpl 120 4 0 0 1 0 1 1 0 8 0
scxspl 216 14372 0 14372 10 9 1 8 0 8 1
plimitpl 152 266 0 251 1 0 1 1 0 8 0
sigapl 424 1768 0 1725 6 0 6 6 0 8 0
futexpl 64 11070 0 11068 1 0 1 1 0 8 0
knotepl 120 104 0 0 4 0 4 4 0 8 0
kqueuepl 216 370 0 362 10 5 5 5 0 8 4
pipepl 336 398 0 370 13 10 3 8 0 8 0
fdescpl 496 1753 0 1727 5 1 4 5 0 8 0
filepl 152 10538 0 10165 25 10 15 15 0 8 0
lockfpl 104 312 0 310 1 0 1 1 0 8 0
lockfspl 48 141 0 139 1 0 1 1 0 8 0
sessionpl 144 35 0 18 1 0 1 1 0 8 0
pgrppl 48 35 0 18 1 0 1 1 0 8 0
ucredpl 96 890 0 876 1 0 1 1 0 8 0
zombiepl 144 1727 0 1725 1 0 1 1 0 8 0
processpl 1064 1768 0 1725 4 0 4 4 0 8 0
procpl 672 4319 0 4264 9 3 6 7 0 8 0
srpgc 96 24 0 24 1 1 0 1 0 8 0
sosppl 168 4 0 4 1 1 0 1 0 8 0
sockpl 480 1967 0 1808 44 24 20 20 0 8 0
mcl64k 65536 16 0 0 2 0 2 2 0 8 0
mcl16k 16384 5 0 0 1 0 1 1 0 8 0
mcl12k 12288 17 0 0 2 0 2 2 0 8 0
mcl9k 9216 5 0 0 1 0 1 1 0 8 0
mcl8k 8192 17 0 0 3 0 3 3 0 8 0
mcl4k 4096 15 0 0 2 0 2 2 0 8 0
mcl2k2 2112 2 0 0 1 0 1 1 0 8 0
mcl2k 2048 228 0 0 28 0 28 28 0 8 0
mtagpl 96 291 0 0 8 0 8 8 0 8 0
mbufpl 256 517 0 0 32 1 31 31 0 8 0
bufpl 288 5430 0 148 378 0 378 378 0 8 0
anonpl 24 440476 0 422394 142 24 118 130 0 186 0
amapchunkpl 152 46662 0 45830 41 4 37 39 0 158 0
amappl16 200 3951 0 3422 39 10 29 36 0 8 0
amappl15 192 648 0 641 1 0 1 1 0 8 0
amappl14 184 338 0 331 1 0 1 1 0 8 0
amappl13 176 210 0 208 1 0 1 1 0 8 0
amappl12 168 22 0 19 1 0 1 1 0 8 0
amappl11 160 71 0 57 1 0 1 1 0 8 0
amappl10 152 50 0 44 1 0 1 1 0 8 0
amappl9 144 838 0 831 1 0 1 1 0 8 0
amappl8 136 928 0 864 4 1 3 3 0 8 0
amappl7 128 313 0 301 1 0 1 1 0 8 0
amappl6 120 611 0 585 2 1 1 2 0 8 0
amappl5 112 1351 0 1334 1 0 1 1 0 8 0
amappl4 104 1315 0 1286 2 1 1 2 0 8 0
amappl3 96 297 0 282 1 0 1 1 0 8 0
amappl2 88 794 0 750 3 1 2 3 0 8 0
amappl1 80 35096 0 34545 20 7 13 19 0 8 0
amappl 88 19197 0 18957 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 1759 0 1729 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1759 0 1729 1 0 1 1 0 8 0
vmmpekpl 168 18077 0 18027 3 0 3 3 0 8 0
vmmpepl 168 166915 0 164582 146 29 117 128 0 357 4
vmsppl 368 1758 0 1729 5 1 4 4 0 8 0
rwobjpl 56 45188 0 39035 88 0 88 88 0 8 0
pdppl 4096 3525 0 3461 157 85 72 81 0 8 8
pvpl 32 879573 0 857615 265 72 193 263 0 265 2
pmappl 248 1758 0 1729 3 0 3 3 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 894 0 133 22 0 22 22 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff8298cff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_write_1(3f8,0,66) at x86_bus_space_io_write_1+0x31 sys/arch/amd64/amd64/bus_space.c:759
comcnputc(800,66) at comcnputc+0x128 bus_space_barrier machine/bus.h:481 [inline]
comcnputc(800,66) at comcnputc+0x128 sys/dev/ic/com.c:1263
cnputc(66) at cnputc+0x4b sys/dev/cons.c:239
db_putchar(66) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82608c08) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff8258fc0f) at panic+0xd7 sys/kern/subr_prf.c:220
__assert(ffffffff826026c6,ffffffff82609d0d,aae,ffffffff825be35d) at __assert+0x25 sys/kern/subr_prf.c:161
uvm_map_teardown(fffffd8066f60020) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2736
uvmspace_free(fffffd8066f60020) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
reaper(ffff8000210f9500) at reaper+0x18b sys/kern/kern_exit.c:457
end trace frame: 0x0, count: 1
ddb{0}> trace
x86_ipi_db(ffffffff8298cff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_write_1(3f8,0,66) at x86_bus_space_io_write_1+0x31 sys/arch/amd64/amd64/bus_space.c:759
comcnputc(800,66) at comcnputc+0x128 bus_space_barrier machine/bus.h:481 [inline]
comcnputc(800,66) at comcnputc+0x128 sys/dev/ic/com.c:1263
cnputc(66) at cnputc+0x4b sys/dev/cons.c:239
db_putchar(66) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82608c08) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff8258fc0f) at panic+0xd7 sys/kern/subr_prf.c:220
__assert(ffffffff826026c6,ffffffff82609d0d,aae,ffffffff825be35d) at __assert+0x25 sys/kern/subr_prf.c:161
uvm_map_teardown(fffffd8066f60020) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2736
uvmspace_free(fffffd8066f60020) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
reaper(ffff8000210f9500) at reaper+0x18b sys/kern/kern_exit.c:457
end trace frame: 0x0, count: -14
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x18: addq $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a2db5) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff829f3ad8,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd80688bfaa0) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd80688bfaa0) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd80688bf988) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
rip_input(ffff80002e348a48,ffff80002e348a54,0,2) at rip_input+0x3b0 sys/netinet/raw_ip.c:188
ip_deliver(ffff80002e348a48,ffff80002e348a54,0,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002e348a48,ffff80002e348a54,0,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002e348a48,ffff80002e348a54,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd80669ae400) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd80669ae400,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd806c496000,0,fffffd80681e7098,20,0,fffffd80681e7020,aba0b48b42057bb5) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd806c496000,0,fffffd80681e7098,20,0,fffffd80681e7020,aba0b48b42057bb5) at ip_output+0xb05 sys/netinet/ip_output.c:332
rip_output(fffffd806c496000,fffffd80688bfb68,ffff80002e348ca0,1) at rip_output+0x2cb sys/netinet/raw_ip.c:302
end trace frame: 0xffff80002e348d20, count: 0
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a2db5) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff829f3ad8,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd80688bfaa0) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd80688bfaa0) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd80688bf988) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
rip_input(ffff80002e348a48,ffff80002e348a54,0,2) at rip_input+0x3b0 sys/netinet/raw_ip.c:188
ip_deliver(ffff80002e348a48,ffff80002e348a54,0,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002e348a48,ffff80002e348a54,0,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002e348a48,ffff80002e348a54,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd80669ae400) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd80669ae400,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd806c496000,0,fffffd80681e7098,20,0,fffffd80681e7020,aba0b48b42057bb5) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd806c496000,0,fffffd80681e7098,20,0,fffffd80681e7020,aba0b48b42057bb5) at ip_output+0xb05 sys/netinet/ip_output.c:332
rip_output(fffffd806c496000,fffffd80688bfb68,ffff80002e348ca0,1) at rip_output+0x2cb sys/netinet/raw_ip.c:302
rip_usrreq(fffffd80688bfb68,9,fffffd806c496000,0,0,ffff8000ffff42a0) at rip_usrreq+0x49c sys/netinet/raw_ip.c:554
sosend(fffffd80688bfb68,0,ffff80002e348f30,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582
dofilewritev(ffff8000ffff42a0,85,ffff80002e348f30,0,ffff80002e349030) at dofilewritev+0x19c sys/kern/sys_generic.c:381
sys_writev(ffff8000ffff42a0,ffff80002e348fd8,ffff80002e349030) at sys_writev+0xa7 sys/kern/sys_generic.c:328
syscall(ffff80002e3490a0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002e3490a0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x2f5a8dfe040, count: -20
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 63abc0ec39b5 For multicast and broadcast packets udp_input..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11a8ecb3700000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=8cf79c6dac8bdea4b3c3
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8cf79c...@syzkaller.appspotmail.com
panic:p a anciqc:uikerrinngel dbialgocnkoastbliec a s s e r t i o n "! _k er neslle_lepo lcokc_khe l dw ( )i"t h s p i n lo ck o r cr i t ic a l s ec t i o n h e l d ( k er n e l _l o ck ) & k er n e l _ lo ck
fStopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*479979 11324 0 0 0x4000000 1 syz-executor.2
327639 52915 0 0x14000 0x200 0 reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a2db5) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff829f3ad8,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd80688bfaa0) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd80688bfaa0) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd80688bf988) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
rip_input(ffff80002e348a48,ffff80002e348a54,0,2) at rip_input+0x3b0 sys/netinet/raw_ip.c:188
ip_deliver(ffff80002e348a48,ffff80002e348a54,0,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002e348a48,ffff80002e348a54,0,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002e348a48,ffff80002e348a54,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd80669ae400) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd80669ae400,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd806c496000,0,fffffd80681e7098,20,0,fffffd80681e7020,aba0b48b42057bb5) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd806c496000,0,fffffd80681e7098,20,0,fffffd80681e7020,aba0b48b42057bb5) at ip_output+0xb05 sys/netinet/ip_output.c:332
rip_output(fffffd806c496000,fffffd80688bfb68,ffff80002e348ca0,1) at rip_output+0x2cb sys/netinet/raw_ip.c:302
end trace frame: 0xffff80002e348d20, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
cpu0: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_map.c", line 2734
*cpu1: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) &kernel_lock
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a2db5) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff829f3ad8,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd80688bfaa0) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd80688bfaa0) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd80688bf988) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
rip_input(ffff80002e348a48,ffff80002e348a54,0,2) at rip_input+0x3b0 sys/netinet/raw_ip.c:188
ip_deliver(ffff80002e348a48,ffff80002e348a54,0,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002e348a48,ffff80002e348a54,0,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002e348a48,ffff80002e348a54,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd80669ae400) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd80669ae400,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd806c496000,0,fffffd80681e7098,20,0,fffffd80681e7020,aba0b48b42057bb5) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd806c496000,0,fffffd80681e7098,20,0,fffffd80681e7020,aba0b48b42057bb5) at ip_output+0xb05 sys/netinet/ip_output.c:332
rip_output(fffffd806c496000,fffffd80688bfb68,ffff80002e348ca0,1) at rip_output+0x2cb sys/netinet/raw_ip.c:302
rip_usrreq(fffffd80688bfb68,9,fffffd806c496000,0,0,ffff8000ffff42a0) at rip_usrreq+0x49c sys/netinet/raw_ip.c:554
sosend(fffffd80688bfb68,0,ffff80002e348f30,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582
dofilewritev(ffff8000ffff42a0,85,ffff80002e348f30,0,ffff80002e349030) at dofilewritev+0x19c sys/kern/sys_generic.c:381
sys_writev(ffff8000ffff42a0,ffff80002e348fd8,ffff80002e349030) at sys_writev+0xa7 sys/kern/sys_generic.c:328
syscall(ffff80002e3490a0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002e3490a0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x2f5a8dfe040, count: -20
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002e3485d0
rbx 0xffff800020ce9bff
rdx 0
rcx 0
rax 0xffff8000ffff42a0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xb51095ac86cf98e3
r11 0x34d6089192ea19b3
r12 0xffff800020ce9a00
r13 0
r14 0
r15 0x1
rip 0xffffffff811e4c58 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80002e3485c0
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.2) pid=479979 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff4000,0xffff800021142a98
process=0xffff8000ffff14e0 user=0xffff80002e344000, vmspace=0xfffffd8066f60d10
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
48566 381212 57114 0 2 0 syz-executor.5
48566 183989 57114 0 2 0x4000000 syz-executor.5
18618 284978 1642 0 2 0 syz-executor.0
18618 436162 1642 0 3 0x4000080 fsleep syz-executor.0
18618 410801 1642 0 3 0x4000080 fsleep syz-executor.0
11324 480892 24952 0 2 0 syz-executor.2
*11324 479979 24952 0 7 0x4000000 syz-executor.2
57114 523309 94937 0 3 0x82 nanoslp syz-executor.5
63923 371181 0 0 3 0x14200 bored sosplice
67459 74572 94937 0 2 0x2 syz-executor.7
8516 30484 94937 0 3 0x82 nanoslp syz-executor.6
68651 424775 94937 0 2 0x2 syz-executor.4
24952 187726 94937 0 3 0x82 nanoslp syz-executor.2
60008 446408 94937 0 2 0x2 syz-executor.3
99369 433863 94937 0 3 0x82 nanoslp syz-executor.1
1642 116174 94937 0 3 0x82 nanoslp syz-executor.0
94937 267888 3356 0 3 0x82 thrsleep syz-fuzzer
94937 122368 3356 0 3 0x4000082 nanoslp syz-fuzzer
94937 462139 3356 0 3 0x4000082 thrsleep syz-fuzzer
94937 168484 3356 0 3 0x4000082 thrsleep syz-fuzzer
94937 203593 3356 0 3 0x4000082 thrsleep syz-fuzzer
94937 17513 3356 0 3 0x4000082 thrsleep syz-fuzzer
94937 345731 3356 0 3 0x4000082 kqread syz-fuzzer
94937 470476 3356 0 3 0x4000082 thrsleep syz-fuzzer
3356 358902 60977 0 3 0x10008a sigsusp ksh
60977 207412 72072 0 3 0x9a kqread sshd
94739 275052 1 0 3 0x100083 ttyin getty
72072 487461 1 0 3 0x88 kqread sshd
79085 295427 96530 74 3 0x1100092 bpf pflogd
96530 45620 1 0 3 0x80 netio pflogd
83482 166601 60811 73 3 0x1100090 kqread syslogd
60811 1320 1 0 3 0x100082 netio syslogd
30587 420435 1 0 3 0x100080 kqread resolvd
74804 509582 11019 77 3 0x100092 kqread dhcpleased
31476 112855 11019 77 3 0x100092 kqread dhcpleased
11019 238809 1 0 3 0x80 kqread dhcpleased
34049 331480 0 0 3 0x14200 bored smr
51462 366675 0 0 2 0x14200 zerothread
16796 186855 0 0 3 0x14200 aiodoned aiodoned
8636 519153 0 0 3 0x14200 syncer update
76440 9773 0 0 3 0x14200 cleaner cleaner
52915 327639 0 0 7 0x14200 reaper
38972 369191 0 0 3 0x14200 pgdaemon pagedaemon
7211 77816 0 0 3 0x14200 bored viomb
74891 321496 0 0 3 0x40014200 acpi0 acpi0
31947 301083 0 0 3 0x40014200 idle1
16088 462938 0 0 2 0x14200 softnet
42000 333243 0 0 3 0x14200 bored systqmp
79061 139833 0 0 3 0x14200 bored systq
91246 414812 0 0 3 0x40014200 bored softclock
55773 379200 0 0 3 0x40014200 idle0
1 43302 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 0:
exclusive mutex &(curpg)->mdpage.pv_mtx r = 0 (0xfffffd8006f208b8)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pmap_page_remove+0x44 sys/arch/amd64/amd64/pmap.c:1912
#4 uvm_anfree_list+0x98
#5 amap_wipeout+0x1b1 sys/uvm/uvm_amap.c:504
#6 uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1599
#7 uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789
#8 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
#9 reaper+0x18b sys/kern/kern_exit.c:457
#10 proc_trampoline+0x1c
CPU 1:
exclusive mutex &table->inpt_mtx r = 0 (0xffffffff82b03010)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 rip_input+0x135
#4 ip_deliver+0x322 sys/netinet/ip_input.c:657
#5 ip_ours+0x3ba sys/netinet/ip_input.c:616
#6 ip_input_if+0x2a1
#7 ipv4_input+0x48 sys/netinet/ip_input.c:242
#8 if_input_local+0x10e sys/net/if.c:774
#9 ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
#9 ip_output+0xb05 sys/netinet/ip_output.c:332
#10 rip_output+0x2cb sys/netinet/raw_ip.c:302
#11 rip_usrreq+0x49c sys/netinet/raw_ip.c:554
#12 sosend+0x632 sys/kern/uipc_socket.c:582
#13 dofilewritev+0x19c sys/kern/sys_generic.c:381
#14 sys_writev+0xa7 sys/kern/sys_generic.c:328
#15 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#15 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#16 Xsyscall+0x128
Process 11324 (syz-executor.2) thread 0xffff8000ffff42a0 (479979)
exclusive rwlock netlock r = 0 (0xffffffff82904160)
#0 witness_lock+0x44d
#1 solock+0x86 sys/kern/uipc_socket2.c:295
#2 sosend+0x517 sys/kern/uipc_socket.c:570
#3 dofilewritev+0x19c sys/kern/sys_generic.c:381
#4 sys_writev+0xa7 sys/kern/sys_generic.c:328
#5 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#5 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#6 Xsyscall+0x128
exclusive mutex &table->inpt_mtx r = 0 (0xffffffff82b03010)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 rip_input+0x135
#4 ip_deliver+0x322 sys/netinet/ip_input.c:657
#5 ip_ours+0x3ba sys/netinet/ip_input.c:616
#6 ip_input_if+0x2a1
#7 ipv4_input+0x48 sys/netinet/ip_input.c:242
#8 if_input_local+0x10e sys/net/if.c:774
#9 ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
#9 ip_output+0xb05 sys/netinet/ip_output.c:332
#10 rip_output+0x2cb sys/netinet/raw_ip.c:302
#11 rip_usrreq+0x49c sys/netinet/raw_ip.c:554
#12 sosend+0x632 sys/kern/uipc_socket.c:582
#13 dofilewritev+0x19c sys/kern/sys_generic.c:381
#14 sys_writev+0xa7 sys/kern/sys_generic.c:328
#15 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#15 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#16 Xsyscall+0x128
Process 52915 (reaper) thread 0xffff8000210f9500 (327639)
exclusive rwlock amaplk r = 0 (0xfffffd8075889588)
#0 witness_lock+0x44d
#1 amap_unref+0x2b sys/uvm/uvm_amap.c:1365
#2 uvm_unmap_detach+0x7d sys/uvm/uvm_map.c:1599
#3 uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789
#4 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
#5 reaper+0x18b sys/kern/kern_exit.c:457
#6 proc_trampoline+0x1c
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10192 6619K 7400K 78643K 15974 0
pcb 13 16K 18K 78643K 166 0
rtable 235 7K 8K 78643K 910 0
ifaddr 82 17K 18K 78643K 208 0
sysctl 2 0K 0K 78643K 4 0
counters 54 35K 35K 78643K 90 0
ioctlops 0 0K 4K 78643K 1744 0
iov 0 0K 16K 78643K 204 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1407 88K 88K 78643K 2792 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 20 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 1K 78643K 61 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 13 45K 89K 78643K 1489 0
sigio 0 0K 0K 78643K 88 0
proc 71 87K 111K 78643K 873 0
subproc 104 6K 6K 78643K 247 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 39 0
in_multi 88 5K 6K 78643K 251 0
ether_multi 1 0K 0K 78643K 10 0
mrt 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 61 281K 281K 78643K 61 0
exec 0 0K 2K 78643K 1041 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 330 134K 136K 78643K 19840 0
UVM aobj 131 4K 4K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 29 0
NDP 11 0K 2K 78643K 68 0
temp 113 4711K 4787K 78643K 18959 0
kqueue 12 18K 24K 78643K 115 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 126 0 123 2 1 1 2 0 8 0
rtentry 112 256 0 150 4 0 4 4 0 8 0
unpcb 136 507 0 490 6 2 4 4 0 8 3
syncache 296 9 0 9 3 2 1 1 0 8 1
tcpqe 32 214 0 214 2 1 1 1 0 8 1
tcpcb 736 398 0 392 18 16 2 10 0 8 1
arp 120 43 0 25 1 0 1 1 0 8 0
inpcb 312 1262 0 1123 23 12 11 11 0 8 0
nd6 48 61 0 39 1 0 1 1 0 8 0
pkpcb 40 4 0 4 1 1 0 1 0 8 0
kcovpl 48 19 0 11 1 0 1 1 0 8 0
pffrag 232 4 0 2 1 0 1 1 0 482 0
pffrnode 88 4 0 2 1 0 1 1 0 8 0
pffrent 40 9 0 7 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfrktable 1344 14 0 12 1 0 1 1 0 8 0
pfstitem 24 43 0 20 1 0 1 1 0 8 0
pfstkey 112 43 0 20 1 0 1 1 0 8 0
pfstate 320 43 0 20 2 0 2 2 0 8 0
pfrule 1360 78 0 65 3 1 2 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 990 0 566 30 3 27 30 0 8 0
art_table 32 991 0 566 4 0 4 4 0 8 0
art_node 16 254 0 159 1 0 1 1 0 8 0
sysvmsgpl 40 14 0 9 1 0 1 1 0 8 0
semupl 112 3 0 3 1 1 0 1 0 8 0
semapl 112 56 0 46 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 3092 0 1654 91 0 91 91 0 8 0
ffsino 272 3092 0 1654 97 0 97 97 0 8 0
nchpl 144 5241 0 3613 63 0 63 63 0 8 0
uvmvnodes 80 4521 0 0 93 0 93 93 0 8 0
vnodes 224 4521 0 0 266 0 266 266 0 8 0
namei 1024 19570 0 19570 3 2 1 2 0 8 1
percpumem 16 57 0 18 1 0 1 1 0 8 0
vcpupl 2048 3 0 0 1 0 1 1 0 8 0
vmpool 560 6 0 3 1 0 1 1 0 8 0
pfiaddrpl 120 4 0 0 1 0 1 1 0 8 0
scxspl 216 14372 0 14372 10 9 1 8 0 8 1
plimitpl 152 266 0 251 1 0 1 1 0 8 0
sigapl 424 1768 0 1725 6 0 6 6 0 8 0
futexpl 64 11070 0 11068 1 0 1 1 0 8 0
knotepl 120 104 0 0 4 0 4 4 0 8 0
kqueuepl 216 370 0 362 10 5 5 5 0 8 4
pipepl 336 398 0 370 13 10 3 8 0 8 0
fdescpl 496 1753 0 1727 5 1 4 5 0 8 0
filepl 152 10538 0 10165 25 10 15 15 0 8 0
lockfpl 104 312 0 310 1 0 1 1 0 8 0
lockfspl 48 141 0 139 1 0 1 1 0 8 0
sessionpl 144 35 0 18 1 0 1 1 0 8 0
pgrppl 48 35 0 18 1 0 1 1 0 8 0
ucredpl 96 890 0 876 1 0 1 1 0 8 0
zombiepl 144 1727 0 1725 1 0 1 1 0 8 0
processpl 1064 1768 0 1725 4 0 4 4 0 8 0
procpl 672 4319 0 4264 9 3 6 7 0 8 0
srpgc 96 24 0 24 1 1 0 1 0 8 0
sosppl 168 4 0 4 1 1 0 1 0 8 0
sockpl 480 1967 0 1808 44 24 20 20 0 8 0
mcl64k 65536 16 0 0 2 0 2 2 0 8 0
mcl16k 16384 5 0 0 1 0 1 1 0 8 0
mcl12k 12288 17 0 0 2 0 2 2 0 8 0
mcl9k 9216 5 0 0 1 0 1 1 0 8 0
mcl8k 8192 17 0 0 3 0 3 3 0 8 0
mcl4k 4096 15 0 0 2 0 2 2 0 8 0
mcl2k2 2112 2 0 0 1 0 1 1 0 8 0
mcl2k 2048 228 0 0 28 0 28 28 0 8 0
mtagpl 96 291 0 0 8 0 8 8 0 8 0
mbufpl 256 517 0 0 32 1 31 31 0 8 0
bufpl 288 5430 0 148 378 0 378 378 0 8 0
anonpl 24 440476 0 422394 142 24 118 130 0 186 0
amapchunkpl 152 46662 0 45830 41 4 37 39 0 158 0
amappl16 200 3951 0 3422 39 10 29 36 0 8 0
amappl15 192 648 0 641 1 0 1 1 0 8 0
amappl14 184 338 0 331 1 0 1 1 0 8 0
amappl13 176 210 0 208 1 0 1 1 0 8 0
amappl12 168 22 0 19 1 0 1 1 0 8 0
amappl11 160 71 0 57 1 0 1 1 0 8 0
amappl10 152 50 0 44 1 0 1 1 0 8 0
amappl9 144 838 0 831 1 0 1 1 0 8 0
amappl8 136 928 0 864 4 1 3 3 0 8 0
amappl7 128 313 0 301 1 0 1 1 0 8 0
amappl6 120 611 0 585 2 1 1 2 0 8 0
amappl5 112 1351 0 1334 1 0 1 1 0 8 0
amappl4 104 1315 0 1286 2 1 1 2 0 8 0
amappl3 96 297 0 282 1 0 1 1 0 8 0
amappl2 88 794 0 750 3 1 2 3 0 8 0
amappl1 80 35096 0 34545 20 7 13 19 0 8 0
amappl 88 19197 0 18957 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 1759 0 1729 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1759 0 1729 1 0 1 1 0 8 0
vmmpekpl 168 18077 0 18027 3 0 3 3 0 8 0
vmmpepl 168 166915 0 164582 146 29 117 128 0 357 4
vmsppl 368 1758 0 1729 5 1 4 4 0 8 0
rwobjpl 56 45188 0 39035 88 0 88 88 0 8 0
pdppl 4096 3525 0 3461 157 85 72 81 0 8 8
pvpl 32 879573 0 857615 265 72 193 263 0 265 2
pmappl 248 1758 0 1729 3 0 3 3 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 894 0 133 22 0 22 22 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff8298cff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_write_1(3f8,0,66) at x86_bus_space_io_write_1+0x31 sys/arch/amd64/amd64/bus_space.c:759
comcnputc(800,66) at comcnputc+0x128 bus_space_barrier machine/bus.h:481 [inline]
comcnputc(800,66) at comcnputc+0x128 sys/dev/ic/com.c:1263
cnputc(66) at cnputc+0x4b sys/dev/cons.c:239
db_putchar(66) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82608c08) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff8258fc0f) at panic+0xd7 sys/kern/subr_prf.c:220
__assert(ffffffff826026c6,ffffffff82609d0d,aae,ffffffff825be35d) at __assert+0x25 sys/kern/subr_prf.c:161
uvm_map_teardown(fffffd8066f60020) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2736
uvmspace_free(fffffd8066f60020) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
reaper(ffff8000210f9500) at reaper+0x18b sys/kern/kern_exit.c:457
end trace frame: 0x0, count: 1
ddb{0}> trace
x86_ipi_db(ffffffff8298cff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
x86_bus_space_io_write_1(3f8,0,66) at x86_bus_space_io_write_1+0x31 sys/arch/amd64/amd64/bus_space.c:759
comcnputc(800,66) at comcnputc+0x128 bus_space_barrier machine/bus.h:481 [inline]
comcnputc(800,66) at comcnputc+0x128 sys/dev/ic/com.c:1263
cnputc(66) at cnputc+0x4b sys/dev/cons.c:239
db_putchar(66) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x20ec sys/kern/subr_prf.c:1068
db_printf(ffffffff82608c08) at db_printf+0x85 sys/kern/subr_prf.c:502
panic(ffffffff8258fc0f) at panic+0xd7 sys/kern/subr_prf.c:220
__assert(ffffffff826026c6,ffffffff82609d0d,aae,ffffffff825be35d) at __assert+0x25 sys/kern/subr_prf.c:161
uvm_map_teardown(fffffd8066f60020) at uvm_map_teardown+0x2e8 sys/uvm/uvm_map.c:2736
uvmspace_free(fffffd8066f60020) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
reaper(ffff8000210f9500) at reaper+0x18b sys/kern/kern_exit.c:457
end trace frame: 0x0, count: -14
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x18: addq $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a2db5) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff829f3ad8,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd80688bfaa0) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd80688bfaa0) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd80688bf988) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
rip_input(ffff80002e348a48,ffff80002e348a54,0,2) at rip_input+0x3b0 sys/netinet/raw_ip.c:188
ip_deliver(ffff80002e348a48,ffff80002e348a54,0,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002e348a48,ffff80002e348a54,0,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002e348a48,ffff80002e348a54,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd80669ae400) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd80669ae400,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd806c496000,0,fffffd80681e7098,20,0,fffffd80681e7020,aba0b48b42057bb5) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd806c496000,0,fffffd80681e7098,20,0,fffffd80681e7020,aba0b48b42057bb5) at ip_output+0xb05 sys/netinet/ip_output.c:332
rip_output(fffffd806c496000,fffffd80688bfb68,ffff80002e348ca0,1) at rip_output+0x2cb sys/netinet/raw_ip.c:302
end trace frame: 0xffff80002e348d20, count: 0
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825a2db5) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(ffffffff829f3ad8,9,0) at witness_checkorder+0x116d sys/kern/subr_witness.c:833
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195 [inline]
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 intr_disable machine/cpufunc.h:216 [inline]
__mp_lock(ffffffff829f38d0) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
selwakeup(fffffd80688bfaa0) at selwakeup+0x16 klist_empty sys/sys/event.h:361 [inline]
selwakeup(fffffd80688bfaa0) at selwakeup+0x16 sys/kern/sys_generic.c:885
sorwakeup(fffffd80688bf988) at sorwakeup+0xc9 sys/kern/uipc_socket.c:1699
rip_input(ffff80002e348a48,ffff80002e348a54,0,2) at rip_input+0x3b0 sys/netinet/raw_ip.c:188
ip_deliver(ffff80002e348a48,ffff80002e348a54,0,2) at ip_deliver+0x322 sys/netinet/ip_input.c:657
ip_ours(ffff80002e348a48,ffff80002e348a54,0,0) at ip_ours+0x3ba sys/netinet/ip_input.c:616
ip_input_if(ffff80002e348a48,ffff80002e348a54,4,0,ffff800000689000) at ip_input_if+0x2a1
ipv4_input(ffff800000689000,fffffd80669ae400) at ipv4_input+0x48 sys/netinet/ip_input.c:242
if_input_local(ffff800000689000,fffffd80669ae400,2) at if_input_local+0x10e sys/net/if.c:774
ip_output(fffffd806c496000,0,fffffd80681e7098,20,0,fffffd80681e7020,aba0b48b42057bb5) at ip_output+0xb05 ip_mloopback sys/netinet/ip_output.c:1791 [inline]
ip_output(fffffd806c496000,0,fffffd80681e7098,20,0,fffffd80681e7020,aba0b48b42057bb5) at ip_output+0xb05 sys/netinet/ip_output.c:332
rip_output(fffffd806c496000,fffffd80688bfb68,ffff80002e348ca0,1) at rip_output+0x2cb sys/netinet/raw_ip.c:302
rip_usrreq(fffffd80688bfb68,9,fffffd806c496000,0,0,ffff8000ffff42a0) at rip_usrreq+0x49c sys/netinet/raw_ip.c:554
sosend(fffffd80688bfb68,0,ffff80002e348f30,0,0,0) at sosend+0x632 sys/kern/uipc_socket.c:582
dofilewritev(ffff8000ffff42a0,85,ffff80002e348f30,0,ffff80002e349030) at dofilewritev+0x19c sys/kern/sys_generic.c:381
sys_writev(ffff8000ffff42a0,ffff80002e348fd8,ffff80002e349030) at sys_writev+0xa7 sys/kern/sys_generic.c:328
syscall(ffff80002e3490a0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff80002e3490a0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x2f5a8dfe040, count: -20
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Alexander Bluhm
Mar 23, 2022, 3:20:39 PM3/23/22
to syzbot, syzkaller-o...@googlegroups.com
#syz fix: For raw IP packets rip_input() traverses the loop of all PCBs. From there it calls sbappendaddr() while holding the raw table mutex. This ends in sorwakeup() where we finally grab the kernel lock while holding a mutex. Witness detects this misuse. Use the same solution as for PCB notify. Collect the affected PCBs in a temporary list. The list is protected by exclusive net lock. syzbot+ebe3f0...@syzkaller.appspotmail.com OK claudio@
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-openbsd-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-openbsd...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-openbsd-bugs/000000000000b13a9505dad76a76%40google.com.
> You received this message because you are subscribed to the Google Groups "syzkaller-openbsd-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-openbsd...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-openbsd-bugs/000000000000b13a9505dad76a76%40google.com.
Reply all
Reply to author
Forward
0 new messages