witness: lock_object uninitialized: ADDR
0 views
Skip to first unread message
syzbot
Dec 27, 2021, 1:27:26 PM12/27/21
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: e82b5ebce50c Rework garbage collector for unix(4) sockets.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=123cfefdb00000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=1fae3cecd9b737a418e9
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1fae3c...@syzkaller.appspotmail.com
login: witness: lock_object uninitialized: 0xffff800000e2a028
Starting stack trace...
witness_checkorder(ffff800000e2a028,9,0) at witness_checkorder+0x133 witness_debugger sys/kern/subr_witness.c:2502 [inline]
witness_checkorder(ffff800000e2a028,9,0) at witness_checkorder+0x133 sys/kern/subr_witness.c:772
rw_enter_write(ffff800000e2a018) at rw_enter_write+0x5b sys/kern/kern_rwlock.c:128
unveil_delete_names(ffff800000e2a000) at unveil_delete_names+0x30 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:90 [inline]
unveil_delete_names(ffff800000e2a000) at unveil_delete_names+0x30 sys/kern/kern_unveil.c:100
unveil_destroy(ffff8000211f1d28) at unveil_destroy+0xad sys/kern/kern_unveil.c:191
exit1(ffff800027b537b0,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:225
sys_exit(ffff800027b537b0,ffff800027b0a870,ffff800027b0a8d0) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff800027b0a940) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800027b0a940) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffafc0, count: 249
End of stack trace.
Stopped at db_enter+0x18: addq $0x8,%rsp
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
witness_checkorder(ffff800000e2a028,9,0) at witness_checkorder+0x138 witness_debugger sys/kern/subr_witness.c:2502 [inline]
witness_checkorder(ffff800000e2a028,9,0) at witness_checkorder+0x138 sys/kern/subr_witness.c:772
rw_enter_write(ffff800000e2a018) at rw_enter_write+0x5b sys/kern/kern_rwlock.c:128
unveil_delete_names(ffff800000e2a000) at unveil_delete_names+0x30 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:90 [inline]
unveil_delete_names(ffff800000e2a000) at unveil_delete_names+0x30 sys/kern/kern_unveil.c:100
unveil_destroy(ffff8000211f1d28) at unveil_destroy+0xad sys/kern/kern_unveil.c:191
exit1(ffff800027b537b0,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:225
sys_exit(ffff800027b537b0,ffff800027b0a870,ffff800027b0a8d0) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff800027b0a940) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800027b0a940) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffafc0, count: -9
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff800027b0a610
rbx 0x3
rdx 0
rcx 0
rax 0xffff800027b537b0
r8 0xffff800027b0a5b0
r9 0x8080808080808080
r10 0xa25760cea3765a07
r11 0xd566f276066ba816
r12 0xffff800000e2a001
r13 0xffff800000e2a028
r14 0
r15 0
rip 0xffffffff820ea248 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800027b0a600
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.1) pid=63545 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800027b53270,0xffff800027b53520
process=0xffff8000211f1d28 user=0xffff800027b05000, vmspace=0xfffffd806839d2f8
estcpu=36, cpticks=11, pctcpu=0.0
user=0, sys=8, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
5893 522572 80442 0 2 0x480 syz-executor.2
5893 281474 80442 0 3 0x4000080 fsleep syz-executor.2
64302 141912 36533 0 2 0 syz-executor.0
64302 147254 36533 0 3 0x4000000 fdlock syz-executor.0
64302 343376 36533 0 2 0x4000000 syz-executor.0
64302 222963 36533 0 3 0x4000080 fsleep syz-executor.0
64302 96047 36533 0 2 0x4000000 syz-executor.0
64302 395812 36533 0 2 0x4000000 syz-executor.0
82083 388972 23974 0 2 0x482 syz-executor.3
67504 223226 1 0 2 0x100083 getty
80442 302808 23974 0 2 0x482 syz-executor.2
36533 79803 23974 0 2 0x482 syz-executor.0
30987 497768 23974 0 2 0x482 syz-executor.1
16884 426176 0 0 3 0x14280 nfsidl nfsio
48227 101796 0 0 3 0x14280 nfsidl nfsio
65367 168657 0 0 3 0x14280 nfsidl nfsio
39675 300794 0 0 3 0x14280 nfsidl nfsio
21763 485964 0 0 3 0x14280 nfsidl nfsio
43356 38660 0 0 3 0x14280 nfsidl nfsio
33849 503990 0 0 3 0x14280 nfsidl nfsio
97051 192189 0 0 3 0x14280 nfsidl nfsio
31563 159393 0 0 3 0x14280 nfsidl nfsio
11476 68850 0 0 3 0x14280 nfsidl nfsio
75336 126234 0 0 3 0x14280 nfsidl nfsio
75484 309544 0 0 3 0x14280 nfsidl nfsio
56147 167191 0 0 3 0x14280 nfsidl nfsio
11968 45893 0 0 3 0x14280 nfsidl nfsio
97966 512867 0 0 3 0x14280 nfsidl nfsio
94263 55433 0 0 3 0x14280 nfsidl nfsio
99419 50299 0 0 3 0x14280 nfsidl nfsio
55653 388692 0 0 3 0x14280 nfsidl nfsio
35375 183693 0 0 3 0x14280 nfsidl nfsio
12944 146405 0 0 3 0x14280 nfsidl nfsio
64183 402803 0 0 3 0x14200 bored sosplice
23974 1722 47202 0 3 0x82 thrsleep syz-fuzzer
23974 16185 47202 0 3 0x4000082 thrsleep syz-fuzzer
23974 119362 47202 0 3 0x4000082 thrsleep syz-fuzzer
23974 421029 47202 0 3 0x4000082 thrsleep syz-fuzzer
23974 444748 47202 0 3 0x4000082 kqread syz-fuzzer
23974 100488 47202 0 3 0x4000082 thrsleep syz-fuzzer
23974 63027 47202 0 3 0x4000082 thrsleep syz-fuzzer
23974 41448 47202 0 3 0x4000082 thrsleep syz-fuzzer
47202 313922 69875 0 3 0x10008a sigsusp ksh
69875 475829 90268 0 3 0x9a poll sshd
90268 221311 1 0 3 0x88 poll sshd
55957 379155 42097 74 3 0x100092 bpf pflogd
42097 209163 1 0 3 0x80 netio pflogd
56970 155146 40963 73 2 0x100090 syslogd
40963 443559 1 0 3 0x100082 netio syslogd
83946 468969 1 0 3 0x100080 kqread resolvd
2361 193852 7679 77 3 0x100092 kqread dhcpleased
24671 142312 7679 77 3 0x100092 kqread dhcpleased
7679 18908 1 0 3 0x80 kqread dhcpleased
7477 180079 0 0 3 0x14200 bored smr
69818 168797 0 0 2 0x14200 zerothread
94417 189829 0 0 3 0x14200 aiodoned aiodoned
27119 62116 0 0 3 0x14200 syncer update
26272 523157 0 0 3 0x14200 cleaner cleaner
42138 174121 0 0 7 0x14200 reaper
42218 198173 0 0 3 0x14200 pgdaemon pagedaemon
88935 272387 0 0 3 0x14200 bored viomb
69127 358127 0 0 3 0x40014200 acpi0 acpi0
47317 244282 0 0 3 0x40014200 idle1
77523 265536 0 0 3 0x14200 bored softnet
29800 127418 0 0 3 0x14200 bored systqmp
97842 353739 0 0 3 0x14200 bored systq
72303 375842 0 0 3 0x40014200 bored softclock
68584 377976 0 0 3 0x40014200 idle0
1 29168 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 64302 (syz-executor.0) thread 0xffff800024cdf268 (343376)
exclusive rwlock fdlock r = 0 (0xfffffd806ec44c08)
#0 witness_lock+0x44d
#1 doopenat+0x11b
#2 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#2 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#3 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10202 6496K 10910K 78643K 63999 0
pcb 13 18K 21K 78643K 2354 0
rtable 184 16K 17K 78643K 4061 0
ifaddr 86 23K 24K 78643K 1192 0
sysctl 2 0K 0K 78643K 2 0
counters 48 34K 35K 78643K 374 0
ioctlops 0 0K 4K 78643K 4206 0
iov 0 0K 32K 78643K 1665 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1475 93K 93K 78643K 17324 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 78 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 1K 78643K 2617 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12598 0
file desc 8 25K 49K 78643K 14747 0
sigio 0 0K 0K 78643K 214 0
proc 74 111K 112K 78643K 2951 0
subproc 52 3K 3K 78643K 1009 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 469 0
in_multi 51 3K 4K 78643K 1539 0
ether_multi 1 0K 0K 78643K 179 0
mrt 1 0K 0K 78643K 101 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 241 1076K 1076K 78643K 241 0
exec 0 0K 2K 78643K 4461 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 587 1359K 1360K 78643K 185097 0
UVM aobj 131 4K 4K 78643K 142 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 690 0
NDP 9 0K 1K 78643K 380 0
temp 113 4218K 4346K 78643K 144604 0
kqueue 11 16K 25K 78643K 485 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 904 0 901 12 11 1 3 0 8 0
rtentry 112 1143 0 1086 4 1 3 3 0 8 0
unpcb 136 8428 0 8410 104 103 1 8 0 8 0
syncache 296 66 0 66 19 18 1 1 0 8 1
tcpqe 32 351 0 351 11 11 0 2 0 8 0
tcpcb 736 3661 0 3653 127 121 6 17 0 8 3
arp 120 160 0 150 1 0 1 1 0 8 0
inpcb 304 12267 0 12257 157 153 4 16 0 8 2
rttmr 72 35 0 35 9 9 0 1 0 8 0
nd6 48 313 0 303 1 0 1 1 0 8 0
pkpcb 40 94 0 94 7 7 0 1 0 8 0
kcovpl 48 77 0 73 1 0 1 1 0 8 0
ppxss 1248 36 0 36 10 10 0 1 0 8 0
pfstscr 40 125 0 125 7 7 0 1 0 8 0
pffrag 232 38 0 35 5 4 1 1 0 482 0
pffrnode 88 38 0 35 5 4 1 1 0 8 0
pffrent 40 585 0 582 5 4 1 1 0 8 0
pfosfp 40 1431 0 1007 5 0 5 5 0 8 0
pfosfpen 112 1431 0 714 21 0 21 21 0 8 0
pfrktable 1344 288 0 266 6 4 2 3 0 8 0
pfpktdelay 88 284 0 284 7 7 0 7 0 8 0
pftag 88 15 0 10 1 0 1 1 0 8 0
pfqueue 264 45 0 45 4 4 0 1 0 8 0
pfstitem 24 69 0 67 1 0 1 1 0 8 0
pfstkey 112 293 0 291 1 0 1 1 0 8 0
pfstate 320 177 0 175 3 2 1 3 0 8 0
pfsrctr 152 59 0 59 3 3 0 1 0 8 0
pfrule 1360 1193 0 1060 13 1 12 12 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 4677 0 4423 46 28 18 20 0 8 1
art_table 32 4678 0 4423 3 0 3 3 0 8 0
art_node 16 1075 0 1027 1 0 1 1 0 8 0
semupl 112 6 0 6 1 1 0 1 0 8 0
semapl 112 2614 0 2604 1 0 1 1 0 8 0
shmpl 112 139 0 11 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 19898 0 18437 92 0 92 92 0 8 0
ffsino 272 19898 0 18437 98 0 98 98 0 8 0
nchpl 144 40437 0 38834 61 0 61 61 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 224 5926 0 0 349 0 349 349 0 8 0
namei 1024 149010 0 149010 5 4 1 1 0 8 1
percpumem 16 199 0 163 1 0 1 1 0 8 0
vcpupl 2048 406 0 4 51 0 51 51 0 8 0
vmpool 560 412 0 10 29 0 29 29 0 8 0
pfiaddrpl 120 164 0 119 2 0 2 2 0 8 0
scsiplug 72 11 0 11 4 4 0 1 0 8 0
scxspl 216 119382 0 119382 31 30 1 8 0 8 1
plimitpl 152 1098 0 1087 1 0 1 1 0 8 0
sigapl 424 14796 0 14739 7 0 7 7 0 8 0
futexpl 64 115928 0 115926 4 3 1 1 0 8 0
knotepl 112 120 0 0 3 0 3 3 0 8 0
kqueuepl 216 2573 0 2566 52 51 1 5 0 8 0
pipepl 336 3670 0 3654 88 86 2 12 0 8 0
fdescpl 496 14756 0 14735 4 1 3 4 0 8 0
filepl 152 101328 0 101173 167 158 9 18 0 8 3
lockfpl 104 3828 0 3826 8 7 1 2 0 8 0
lockfspl 48 1090 0 1088 1 0 1 1 0 8 0
sessionpl 144 97 0 84 1 0 1 1 0 8 0
pgrppl 48 164 0 151 1 0 1 1 0 8 0
ucredpl 96 9478 0 9462 1 0 1 1 0 8 0
zombiepl 144 14810 0 14808 3 2 1 1 0 8 0
processpl 1064 14796 0 14738 4 0 4 4 0 8 0
procpl 672 42092 0 42017 20 13 7 8 0 8 0
srpgc 96 116 0 116 16 16 0 1 0 8 0
sosppl 168 105 0 105 13 13 0 1 0 8 0
sockpl 480 21697 0 21666 470 462 8 34 0 8 3
mcl64k 65536 24 0 0 3 0 3 3 0 8 0
mcl16k 16384 41 0 0 6 3 3 3 0 8 0
mcl12k 12288 49 0 0 2 0 2 2 0 8 0
mcl9k 9216 17 0 0 2 0 2 2 0 8 0
mcl8k 8192 33 0 0 4 1 3 3 0 8 0
mcl4k 4096 25 0 0 3 0 3 3 0 8 0
mcl2k2 2112 12 0 0 1 0 1 1 0 8 0
mcl2k 2048 481 0 0 34 9 25 34 0 8 0
mtagpl 96 1317 0 0 25 0 25 25 0 8 0
mbufpl 256 3091 0 0 167 0 167 167 0 8 0
bufpl 288 28328 0 21984 454 0 454 454 0 8 0
anonpl 24 4103035 0 4082285 269 134 135 156 0 186 0
amapchunkpl 152 468652 0 467850 166 133 33 45 0 158 0
amappl16 200 36010 0 35241 135 93 42 53 0 8 0
amappl15 192 999 0 998 8 7 1 1 0 8 0
amappl14 184 2689 0 2686 1 0 1 1 0 8 0
amappl13 176 3870 0 3869 1 0 1 1 0 8 0
amappl12 168 1951 0 1948 1 0 1 1 0 8 0
amappl11 160 1438 0 1424 1 0 1 1 0 8 0
amappl10 152 500 0 489 1 0 1 1 0 8 0
amappl9 144 3189 0 3183 1 0 1 1 0 8 0
amappl8 136 2809 0 2699 4 0 4 4 0 8 0
amappl7 128 1401 0 1387 1 0 1 1 0 8 0
amappl6 120 3295 0 3272 1 0 1 1 0 8 0
amappl5 112 9509 0 9482 1 0 1 1 0 8 0
amappl4 104 4852 0 4824 1 0 1 1 0 8 0
amappl3 96 6358 0 6334 1 0 1 1 0 8 0
amappl2 88 5595 0 5532 3 1 2 2 0 8 0
amappl1 80 268538 0 268026 20 9 11 13 0 8 0
amappl 88 183216 0 182902 9 1 8 8 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 141 0 11 3 0 3 3 0 8 0
uaddrrnd 24 15168 0 14744 3 0 3 3 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 15168 0 14744 3 0 3 3 0 8 0
vmmpekpl 168 106235 0 106151 5 1 4 4 0 8 0
vmmpepl 168 1375527 0 1372241 489 316 173 173 0 357 26
vmsppl 368 15167 0 14743 39 0 39 39 0 8 0
rwobjpl 56 325914 0 318032 134 22 112 114 0 8 0
pdppl 4096 30344 0 29888 520 64 456 456 0 8 0
pvpl 32 6952179 0 6929495 460 270 190 256 0 265 0
pmappl 248 15167 0 14743 28 1 27 27 0 8 0
extentpl 40 57 0 38 1 0 1 1 0 8 0
phpool 112 1757 0 319 42 0 42 42 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
witness_checkorder(ffff800000e2a028,9,0) at witness_checkorder+0x138 witness_debugger sys/kern/subr_witness.c:2502 [inline]
witness_checkorder(ffff800000e2a028,9,0) at witness_checkorder+0x138 sys/kern/subr_witness.c:772
rw_enter_write(ffff800000e2a018) at rw_enter_write+0x5b sys/kern/kern_rwlock.c:128
unveil_delete_names(ffff800000e2a000) at unveil_delete_names+0x30 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:90 [inline]
unveil_delete_names(ffff800000e2a000) at unveil_delete_names+0x30 sys/kern/kern_unveil.c:100
unveil_destroy(ffff8000211f1d28) at unveil_destroy+0xad sys/kern/kern_unveil.c:191
exit1(ffff800027b537b0,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:225
sys_exit(ffff800027b537b0,ffff800027b0a870,ffff800027b0a8d0) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff800027b0a940) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800027b0a940) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffafc0, count: -9
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82969998) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82969998) at __mp_lock+0x122 sys/kern/kern_lock.c:147
uvm_unmap_detach(ffff800021184ea0,1) at uvm_unmap_detach+0x113 sys/uvm/uvm_map.c:1615
uvm_map_teardown(fffffd8067b83e90) at uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789
uvmspace_free(fffffd8067b83e90) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
reaper(ffff8000211497a0) at reaper+0x18b sys/kern/kern_exit.c:462
end trace frame: 0x0, count: -8
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: e82b5ebce50c Rework garbage collector for unix(4) sockets.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=123cfefdb00000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=1fae3cecd9b737a418e9
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1fae3c...@syzkaller.appspotmail.com
login: witness: lock_object uninitialized: 0xffff800000e2a028
Starting stack trace...
witness_checkorder(ffff800000e2a028,9,0) at witness_checkorder+0x133 witness_debugger sys/kern/subr_witness.c:2502 [inline]
witness_checkorder(ffff800000e2a028,9,0) at witness_checkorder+0x133 sys/kern/subr_witness.c:772
rw_enter_write(ffff800000e2a018) at rw_enter_write+0x5b sys/kern/kern_rwlock.c:128
unveil_delete_names(ffff800000e2a000) at unveil_delete_names+0x30 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:90 [inline]
unveil_delete_names(ffff800000e2a000) at unveil_delete_names+0x30 sys/kern/kern_unveil.c:100
unveil_destroy(ffff8000211f1d28) at unveil_destroy+0xad sys/kern/kern_unveil.c:191
exit1(ffff800027b537b0,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:225
sys_exit(ffff800027b537b0,ffff800027b0a870,ffff800027b0a8d0) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff800027b0a940) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800027b0a940) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffafc0, count: 249
End of stack trace.
Stopped at db_enter+0x18: addq $0x8,%rsp
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
witness_checkorder(ffff800000e2a028,9,0) at witness_checkorder+0x138 witness_debugger sys/kern/subr_witness.c:2502 [inline]
witness_checkorder(ffff800000e2a028,9,0) at witness_checkorder+0x138 sys/kern/subr_witness.c:772
rw_enter_write(ffff800000e2a018) at rw_enter_write+0x5b sys/kern/kern_rwlock.c:128
unveil_delete_names(ffff800000e2a000) at unveil_delete_names+0x30 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:90 [inline]
unveil_delete_names(ffff800000e2a000) at unveil_delete_names+0x30 sys/kern/kern_unveil.c:100
unveil_destroy(ffff8000211f1d28) at unveil_destroy+0xad sys/kern/kern_unveil.c:191
exit1(ffff800027b537b0,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:225
sys_exit(ffff800027b537b0,ffff800027b0a870,ffff800027b0a8d0) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff800027b0a940) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800027b0a940) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffafc0, count: -9
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff800027b0a610
rbx 0x3
rdx 0
rcx 0
rax 0xffff800027b537b0
r8 0xffff800027b0a5b0
r9 0x8080808080808080
r10 0xa25760cea3765a07
r11 0xd566f276066ba816
r12 0xffff800000e2a001
r13 0xffff800000e2a028
r14 0
r15 0
rip 0xffffffff820ea248 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800027b0a600
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.1) pid=63545 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800027b53270,0xffff800027b53520
process=0xffff8000211f1d28 user=0xffff800027b05000, vmspace=0xfffffd806839d2f8
estcpu=36, cpticks=11, pctcpu=0.0
user=0, sys=8, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
5893 522572 80442 0 2 0x480 syz-executor.2
5893 281474 80442 0 3 0x4000080 fsleep syz-executor.2
64302 141912 36533 0 2 0 syz-executor.0
64302 147254 36533 0 3 0x4000000 fdlock syz-executor.0
64302 343376 36533 0 2 0x4000000 syz-executor.0
64302 222963 36533 0 3 0x4000080 fsleep syz-executor.0
64302 96047 36533 0 2 0x4000000 syz-executor.0
64302 395812 36533 0 2 0x4000000 syz-executor.0
82083 388972 23974 0 2 0x482 syz-executor.3
67504 223226 1 0 2 0x100083 getty
80442 302808 23974 0 2 0x482 syz-executor.2
36533 79803 23974 0 2 0x482 syz-executor.0
30987 497768 23974 0 2 0x482 syz-executor.1
16884 426176 0 0 3 0x14280 nfsidl nfsio
48227 101796 0 0 3 0x14280 nfsidl nfsio
65367 168657 0 0 3 0x14280 nfsidl nfsio
39675 300794 0 0 3 0x14280 nfsidl nfsio
21763 485964 0 0 3 0x14280 nfsidl nfsio
43356 38660 0 0 3 0x14280 nfsidl nfsio
33849 503990 0 0 3 0x14280 nfsidl nfsio
97051 192189 0 0 3 0x14280 nfsidl nfsio
31563 159393 0 0 3 0x14280 nfsidl nfsio
11476 68850 0 0 3 0x14280 nfsidl nfsio
75336 126234 0 0 3 0x14280 nfsidl nfsio
75484 309544 0 0 3 0x14280 nfsidl nfsio
56147 167191 0 0 3 0x14280 nfsidl nfsio
11968 45893 0 0 3 0x14280 nfsidl nfsio
97966 512867 0 0 3 0x14280 nfsidl nfsio
94263 55433 0 0 3 0x14280 nfsidl nfsio
99419 50299 0 0 3 0x14280 nfsidl nfsio
55653 388692 0 0 3 0x14280 nfsidl nfsio
35375 183693 0 0 3 0x14280 nfsidl nfsio
12944 146405 0 0 3 0x14280 nfsidl nfsio
64183 402803 0 0 3 0x14200 bored sosplice
23974 1722 47202 0 3 0x82 thrsleep syz-fuzzer
23974 16185 47202 0 3 0x4000082 thrsleep syz-fuzzer
23974 119362 47202 0 3 0x4000082 thrsleep syz-fuzzer
23974 421029 47202 0 3 0x4000082 thrsleep syz-fuzzer
23974 444748 47202 0 3 0x4000082 kqread syz-fuzzer
23974 100488 47202 0 3 0x4000082 thrsleep syz-fuzzer
23974 63027 47202 0 3 0x4000082 thrsleep syz-fuzzer
23974 41448 47202 0 3 0x4000082 thrsleep syz-fuzzer
47202 313922 69875 0 3 0x10008a sigsusp ksh
69875 475829 90268 0 3 0x9a poll sshd
90268 221311 1 0 3 0x88 poll sshd
55957 379155 42097 74 3 0x100092 bpf pflogd
42097 209163 1 0 3 0x80 netio pflogd
56970 155146 40963 73 2 0x100090 syslogd
40963 443559 1 0 3 0x100082 netio syslogd
83946 468969 1 0 3 0x100080 kqread resolvd
2361 193852 7679 77 3 0x100092 kqread dhcpleased
24671 142312 7679 77 3 0x100092 kqread dhcpleased
7679 18908 1 0 3 0x80 kqread dhcpleased
7477 180079 0 0 3 0x14200 bored smr
69818 168797 0 0 2 0x14200 zerothread
94417 189829 0 0 3 0x14200 aiodoned aiodoned
27119 62116 0 0 3 0x14200 syncer update
26272 523157 0 0 3 0x14200 cleaner cleaner
42138 174121 0 0 7 0x14200 reaper
42218 198173 0 0 3 0x14200 pgdaemon pagedaemon
88935 272387 0 0 3 0x14200 bored viomb
69127 358127 0 0 3 0x40014200 acpi0 acpi0
47317 244282 0 0 3 0x40014200 idle1
77523 265536 0 0 3 0x14200 bored softnet
29800 127418 0 0 3 0x14200 bored systqmp
97842 353739 0 0 3 0x14200 bored systq
72303 375842 0 0 3 0x40014200 bored softclock
68584 377976 0 0 3 0x40014200 idle0
1 29168 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 64302 (syz-executor.0) thread 0xffff800024cdf268 (343376)
exclusive rwlock fdlock r = 0 (0xfffffd806ec44c08)
#0 witness_lock+0x44d
#1 doopenat+0x11b
#2 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#2 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#3 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10202 6496K 10910K 78643K 63999 0
pcb 13 18K 21K 78643K 2354 0
rtable 184 16K 17K 78643K 4061 0
ifaddr 86 23K 24K 78643K 1192 0
sysctl 2 0K 0K 78643K 2 0
counters 48 34K 35K 78643K 374 0
ioctlops 0 0K 4K 78643K 4206 0
iov 0 0K 32K 78643K 1665 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1475 93K 93K 78643K 17324 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 78 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 1K 78643K 2617 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12598 0
file desc 8 25K 49K 78643K 14747 0
sigio 0 0K 0K 78643K 214 0
proc 74 111K 112K 78643K 2951 0
subproc 52 3K 3K 78643K 1009 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 469 0
in_multi 51 3K 4K 78643K 1539 0
ether_multi 1 0K 0K 78643K 179 0
mrt 1 0K 0K 78643K 101 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 241 1076K 1076K 78643K 241 0
exec 0 0K 2K 78643K 4461 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 587 1359K 1360K 78643K 185097 0
UVM aobj 131 4K 4K 78643K 142 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 690 0
NDP 9 0K 1K 78643K 380 0
temp 113 4218K 4346K 78643K 144604 0
kqueue 11 16K 25K 78643K 485 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 904 0 901 12 11 1 3 0 8 0
rtentry 112 1143 0 1086 4 1 3 3 0 8 0
unpcb 136 8428 0 8410 104 103 1 8 0 8 0
syncache 296 66 0 66 19 18 1 1 0 8 1
tcpqe 32 351 0 351 11 11 0 2 0 8 0
tcpcb 736 3661 0 3653 127 121 6 17 0 8 3
arp 120 160 0 150 1 0 1 1 0 8 0
inpcb 304 12267 0 12257 157 153 4 16 0 8 2
rttmr 72 35 0 35 9 9 0 1 0 8 0
nd6 48 313 0 303 1 0 1 1 0 8 0
pkpcb 40 94 0 94 7 7 0 1 0 8 0
kcovpl 48 77 0 73 1 0 1 1 0 8 0
ppxss 1248 36 0 36 10 10 0 1 0 8 0
pfstscr 40 125 0 125 7 7 0 1 0 8 0
pffrag 232 38 0 35 5 4 1 1 0 482 0
pffrnode 88 38 0 35 5 4 1 1 0 8 0
pffrent 40 585 0 582 5 4 1 1 0 8 0
pfosfp 40 1431 0 1007 5 0 5 5 0 8 0
pfosfpen 112 1431 0 714 21 0 21 21 0 8 0
pfrktable 1344 288 0 266 6 4 2 3 0 8 0
pfpktdelay 88 284 0 284 7 7 0 7 0 8 0
pftag 88 15 0 10 1 0 1 1 0 8 0
pfqueue 264 45 0 45 4 4 0 1 0 8 0
pfstitem 24 69 0 67 1 0 1 1 0 8 0
pfstkey 112 293 0 291 1 0 1 1 0 8 0
pfstate 320 177 0 175 3 2 1 3 0 8 0
pfsrctr 152 59 0 59 3 3 0 1 0 8 0
pfrule 1360 1193 0 1060 13 1 12 12 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 4677 0 4423 46 28 18 20 0 8 1
art_table 32 4678 0 4423 3 0 3 3 0 8 0
art_node 16 1075 0 1027 1 0 1 1 0 8 0
semupl 112 6 0 6 1 1 0 1 0 8 0
semapl 112 2614 0 2604 1 0 1 1 0 8 0
shmpl 112 139 0 11 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 19898 0 18437 92 0 92 92 0 8 0
ffsino 272 19898 0 18437 98 0 98 98 0 8 0
nchpl 144 40437 0 38834 61 0 61 61 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 224 5926 0 0 349 0 349 349 0 8 0
namei 1024 149010 0 149010 5 4 1 1 0 8 1
percpumem 16 199 0 163 1 0 1 1 0 8 0
vcpupl 2048 406 0 4 51 0 51 51 0 8 0
vmpool 560 412 0 10 29 0 29 29 0 8 0
pfiaddrpl 120 164 0 119 2 0 2 2 0 8 0
scsiplug 72 11 0 11 4 4 0 1 0 8 0
scxspl 216 119382 0 119382 31 30 1 8 0 8 1
plimitpl 152 1098 0 1087 1 0 1 1 0 8 0
sigapl 424 14796 0 14739 7 0 7 7 0 8 0
futexpl 64 115928 0 115926 4 3 1 1 0 8 0
knotepl 112 120 0 0 3 0 3 3 0 8 0
kqueuepl 216 2573 0 2566 52 51 1 5 0 8 0
pipepl 336 3670 0 3654 88 86 2 12 0 8 0
fdescpl 496 14756 0 14735 4 1 3 4 0 8 0
filepl 152 101328 0 101173 167 158 9 18 0 8 3
lockfpl 104 3828 0 3826 8 7 1 2 0 8 0
lockfspl 48 1090 0 1088 1 0 1 1 0 8 0
sessionpl 144 97 0 84 1 0 1 1 0 8 0
pgrppl 48 164 0 151 1 0 1 1 0 8 0
ucredpl 96 9478 0 9462 1 0 1 1 0 8 0
zombiepl 144 14810 0 14808 3 2 1 1 0 8 0
processpl 1064 14796 0 14738 4 0 4 4 0 8 0
procpl 672 42092 0 42017 20 13 7 8 0 8 0
srpgc 96 116 0 116 16 16 0 1 0 8 0
sosppl 168 105 0 105 13 13 0 1 0 8 0
sockpl 480 21697 0 21666 470 462 8 34 0 8 3
mcl64k 65536 24 0 0 3 0 3 3 0 8 0
mcl16k 16384 41 0 0 6 3 3 3 0 8 0
mcl12k 12288 49 0 0 2 0 2 2 0 8 0
mcl9k 9216 17 0 0 2 0 2 2 0 8 0
mcl8k 8192 33 0 0 4 1 3 3 0 8 0
mcl4k 4096 25 0 0 3 0 3 3 0 8 0
mcl2k2 2112 12 0 0 1 0 1 1 0 8 0
mcl2k 2048 481 0 0 34 9 25 34 0 8 0
mtagpl 96 1317 0 0 25 0 25 25 0 8 0
mbufpl 256 3091 0 0 167 0 167 167 0 8 0
bufpl 288 28328 0 21984 454 0 454 454 0 8 0
anonpl 24 4103035 0 4082285 269 134 135 156 0 186 0
amapchunkpl 152 468652 0 467850 166 133 33 45 0 158 0
amappl16 200 36010 0 35241 135 93 42 53 0 8 0
amappl15 192 999 0 998 8 7 1 1 0 8 0
amappl14 184 2689 0 2686 1 0 1 1 0 8 0
amappl13 176 3870 0 3869 1 0 1 1 0 8 0
amappl12 168 1951 0 1948 1 0 1 1 0 8 0
amappl11 160 1438 0 1424 1 0 1 1 0 8 0
amappl10 152 500 0 489 1 0 1 1 0 8 0
amappl9 144 3189 0 3183 1 0 1 1 0 8 0
amappl8 136 2809 0 2699 4 0 4 4 0 8 0
amappl7 128 1401 0 1387 1 0 1 1 0 8 0
amappl6 120 3295 0 3272 1 0 1 1 0 8 0
amappl5 112 9509 0 9482 1 0 1 1 0 8 0
amappl4 104 4852 0 4824 1 0 1 1 0 8 0
amappl3 96 6358 0 6334 1 0 1 1 0 8 0
amappl2 88 5595 0 5532 3 1 2 2 0 8 0
amappl1 80 268538 0 268026 20 9 11 13 0 8 0
amappl 88 183216 0 182902 9 1 8 8 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 141 0 11 3 0 3 3 0 8 0
uaddrrnd 24 15168 0 14744 3 0 3 3 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 15168 0 14744 3 0 3 3 0 8 0
vmmpekpl 168 106235 0 106151 5 1 4 4 0 8 0
vmmpepl 168 1375527 0 1372241 489 316 173 173 0 357 26
vmsppl 368 15167 0 14743 39 0 39 39 0 8 0
rwobjpl 56 325914 0 318032 134 22 112 114 0 8 0
pdppl 4096 30344 0 29888 520 64 456 456 0 8 0
pvpl 32 6952179 0 6929495 460 270 190 256 0 265 0
pmappl 248 15167 0 14743 28 1 27 27 0 8 0
extentpl 40 57 0 38 1 0 1 1 0 8 0
phpool 112 1757 0 319 42 0 42 42 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
witness_checkorder(ffff800000e2a028,9,0) at witness_checkorder+0x138 witness_debugger sys/kern/subr_witness.c:2502 [inline]
witness_checkorder(ffff800000e2a028,9,0) at witness_checkorder+0x138 sys/kern/subr_witness.c:772
rw_enter_write(ffff800000e2a018) at rw_enter_write+0x5b sys/kern/kern_rwlock.c:128
unveil_delete_names(ffff800000e2a000) at unveil_delete_names+0x30 unvname_rbt_RBT_MIN sys/kern/kern_unveil.c:90 [inline]
unveil_delete_names(ffff800000e2a000) at unveil_delete_names+0x30 sys/kern/kern_unveil.c:100
unveil_destroy(ffff8000211f1d28) at unveil_destroy+0xad sys/kern/kern_unveil.c:191
exit1(ffff800027b537b0,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:225
sys_exit(ffff800027b537b0,ffff800027b0a870,ffff800027b0a8d0) at sys_exit+0x16 sys/kern/kern_exit.c:95
syscall(ffff800027b0a940) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff800027b0a940) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffafc0, count: -9
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800020d38ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82969998) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82969998) at __mp_lock+0x122 sys/kern/kern_lock.c:147
uvm_unmap_detach(ffff800021184ea0,1) at uvm_unmap_detach+0x113 sys/uvm/uvm_map.c:1615
uvm_map_teardown(fffffd8067b83e90) at uvm_map_teardown+0x262 sys/uvm/uvm_map.c:2789
uvmspace_free(fffffd8067b83e90) at uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
reaper(ffff8000211497a0) at reaper+0x18b sys/kern/kern_exit.c:462
end trace frame: 0x0, count: -8
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Aug 14, 2022, 2:12:16 AM8/14/22
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages