uvm_fault: witness_checkorder (6)
2 views
Skip to first unread message
syzbot
May 16, 2025, 6:51:34 PM5/16/25
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: f47d9bee1200 Use %lld to format a time_t, not %ld
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=110eef68580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=94c529af6dd3e483cff6
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/fdfa29a68bfb/disk-f47d9bee.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/664ed602842d/bsd-f47d9bee.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d7aeec83281e/kernel-f47d9bee.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+94c529...@syzkaller.appspotmail.com
uvm_fault(0xfffffd806e0f9b50, 0x48, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at witness_checkorder+0xa9: movl 0x20(%r14),%r15d
TID PID UID PRFLAGS PFLAGS CPU COMMAND
37136 89135 0 0x14000 0x200 1 reaper
witness_checkorder(28,9,0) at witness_checkorder+0xa9 sys/kern/subr_witness.c:779
mtx_enter(18) at mtx_enter+0x47 sys/kern/kern_lock.c:238
clockintr_unbind(ffff80000149df30,1) at clockintr_unbind+0x56 sys/kern/kern_clockintr.c:375
dt_ioctl_record_stop(ffff80000148c000) at dt_ioctl_record_stop+0xbc sys/dev/dt/dt_dev.c:575
dtclose(31e5f,81,2000,ffff80003c4519c8) at dtclose+0x105 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(31e5f,81,2000,ffff80003c4519c8) at dtclose+0x105 sys/dev/dt/dt_dev.c:232
spec_close(ffff80002a3a0f30) at spec_close+0x45f sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd80655981c8,81,fffffd807f7d2138,ffff80003c4519c8) at VOP_CLOSE+0x133 sys/kern/vfs_vops.c:156
vn_closefile(fffffd800b35fe00,ffff80003c4519c8) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd800b35fe00,ffff80003c4519c8) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd800b35fe00,ffff80003c4519c8) at fdrop+0x126 sys/kern/kern_descrip.c:1267
closef(fffffd800b35fe00,ffff80003c4519c8) at closef+0x192 sys/kern/kern_descrip.c:1251
fdfree(ffff80003c4519c8) at fdfree+0x116 sys/kern/kern_descrip.c:1182
exit1(ffff80003c4519c8,0,0,1) at exit1+0x58f sys/kern/kern_exit.c:214
sys_exit(ffff80003c4519c8,ffff80002a3a12a0,ffff80002a3a11f0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a3a12a0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a3a12a0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579
end trace frame: 0xffff80002a3a1320, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: uvm_fault(0xfffffd806e0f9b50, 0x48, 0, 1) -> e
ddb{0}> trace
witness_checkorder(28,9,0) at witness_checkorder+0xa9 sys/kern/subr_witness.c:779
mtx_enter(18) at mtx_enter+0x47 sys/kern/kern_lock.c:238
clockintr_unbind(ffff80000149df30,1) at clockintr_unbind+0x56 sys/kern/kern_clockintr.c:375
dt_ioctl_record_stop(ffff80000148c000) at dt_ioctl_record_stop+0xbc sys/dev/dt/dt_dev.c:575
dtclose(31e5f,81,2000,ffff80003c4519c8) at dtclose+0x105 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(31e5f,81,2000,ffff80003c4519c8) at dtclose+0x105 sys/dev/dt/dt_dev.c:232
spec_close(ffff80002a3a0f30) at spec_close+0x45f sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd80655981c8,81,fffffd807f7d2138,ffff80003c4519c8) at VOP_CLOSE+0x133 sys/kern/vfs_vops.c:156
vn_closefile(fffffd800b35fe00,ffff80003c4519c8) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd800b35fe00,ffff80003c4519c8) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd800b35fe00,ffff80003c4519c8) at fdrop+0x126 sys/kern/kern_descrip.c:1267
closef(fffffd800b35fe00,ffff80003c4519c8) at closef+0x192 sys/kern/kern_descrip.c:1251
fdfree(ffff80003c4519c8) at fdfree+0x116 sys/kern/kern_descrip.c:1182
exit1(ffff80003c4519c8,0,0,1) at exit1+0x58f sys/kern/kern_exit.c:214
sys_exit(ffff80003c4519c8,ffff80002a3a12a0,ffff80002a3a11f0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a3a12a0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a3a12a0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x769adc71a030, count: -15
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80002a3a0da0
rbx 0
rdx 0
rcx 0xffff80003c4519c8
rax 0xffffffff837bbff0 cpu_info_full_primary+0x1ff0
r8 0xffffffffffffffff
r9 0x4bf00 acpi_pdirpa+0x37d71
r10 0x23cfdf01fced871d
r11 0x8e9fe61c47a762ce
r12 0
r13 0x1
r14 0x28
r15 0x3
rip 0xffffffff82a7b5f9 witness_checkorder+0xa9
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002a3a0cf0
ss 0x10
witness_checkorder+0xa9: movl 0x20(%r14),%r15d
ddb{0}> show proc
PROC (syz-executor) tid=254302 pid=42865 tcnt=0 stat=onproc
flags process=1018<EXITING,SUGID,SINGLEEXIT> proc=2000<WEXIT>
runpri=32, usrpri=82, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0xffff80003c4519c8 scnt=-1 ecnt=1
forw=0xffffffffffffffff, list=0xffff80003c450cf8,0xffffffff83a13120
process=0xffff80003c4eaf58 user=0xffff80002a39c000, vmspace=0xfffffd806e0f9b50
estcpu=32, cpticks=0, pctcpu=0.1, user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
21593 507046 82240 0 3 0x82 wait syz-executor
35099 311555 61269 0 2 0xc90 syz-executor
35099 94050 61269 0 3 0x4000090 sbwait syz-executor
35099 49723 61269 0 3 0x4000090 fsleep syz-executor
91551 480502 81960 0 2 0xc80 syz-executor
91551 365704 81960 0 3 0x4000080 kqpoll syz-executor
52280 220688 68365 0 2 0xc80 syz-executor
52280 228059 68365 0 3 0x4000080 ttyout syz-executor
52280 410151 68365 0 3 0x4000080 fsleep syz-executor
44591 253876 62060 0 2 0xc80 syz-executor
44591 64692 62060 0 3 0x4000080 ttyin syz-executor
44591 516665 62060 0 3 0x4000080 fsleep syz-executor
44591 228145 62060 0 3 0x4000080 fsleep syz-executor
15932 65611 36151 0 2 0xc90 syz-executor
15932 340266 36151 0 3 0x4000090 sbwait syz-executor
15932 314864 36151 0 3 0x4000090 fsleep syz-executor
62060 433879 82240 0 2 0xc82 syz-executor
68365 236804 82240 0 2 0xc82 syz-executor
42136 321419 0 0 3 0x14200 acct acct
46060 181723 1 0 3 0x100083 ttyin getty
42360 68107 0 0 3 0x14280 nfsidl nfsio
9226 326650 0 0 3 0x14280 nfsidl nfsio
94502 498940 0 0 3 0x14280 nfsidl nfsio
84016 406489 0 0 3 0x14280 nfsidl nfsio
56310 47802 0 0 3 0x14280 nfsidl nfsio
84069 502975 0 0 3 0x14280 nfsidl nfsio
14818 69294 0 0 3 0x14280 nfsidl nfsio
47060 403794 0 0 3 0x14280 nfsidl nfsio
24062 261374 0 0 3 0x14280 nfsidl nfsio
55536 438444 0 0 3 0x14280 nfsidl nfsio
98326 230768 0 0 3 0x14280 nfsidl nfsio
80645 495038 0 0 3 0x14280 nfsidl nfsio
84261 359236 0 0 3 0x14280 nfsidl nfsio
92254 223085 0 0 3 0x14280 nfsidl nfsio
97163 16511 0 0 3 0x14280 nfsidl nfsio
64020 249705 0 0 3 0x14280 nfsidl nfsio
12852 358883 0 0 3 0x14280 nfsidl nfsio
64971 150176 0 0 3 0x14280 nfsidl nfsio
40982 315839 0 0 3 0x14280 nfsidl nfsio
26102 140315 0 0 3 0x14280 nfsidl nfsio
17959 409453 0 0 3 0x14200 bored sosplice
61269 421037 82240 0 3 0x82 nanoslp syz-executor
81960 235001 82240 0 3 0x82 nanoslp syz-executor
42156 17756 82240 0 3 0x82 nanoslp syz-executor
36151 11079 82240 0 2 0xc82 syz-executor
98841 387767 82240 0 3 0x82 wait syz-executor
82240 314417 26718 0 3 0x82 kqread syz-executor
26718 509727 17108 0 3 0x10008a sigsusp ksh
17108 365874 63827 0 3 0x98 kqread sshd-session
63827 84611 79456 0 3 0x92 kqread sshd-session
79456 254164 1 0 3 0x88 kqread sshd
20750 71517 33250 74 3 0x1100092 bpf pflogd
33250 447031 1 0 3 0x80 sbwait pflogd
8440 277630 8393 73 3 0x1100090 kqread syslogd
8393 503396 1 0 3 0x100082 sbwait syslogd
46505 412762 1 0 3 0x100080 kqread resolvd
32779 390113 98679 77 3 0x100092 kqread dhcpleased
91397 144211 98679 77 3 0x100092 kqread dhcpleased
98679 267267 1 0 3 0x80 kqread dhcpleased
65843 410676 0 0 2 0x14200 smr
19251 503141 0 0 3 0x14200 pgzero zerothread
58379 281763 0 0 3 0x14200 aiodoned aiodoned
39986 46192 0 0 3 0x14200 syncer update
65359 313778 0 0 3 0x14200 cleaner cleaner
89135 37136 0 0 7 0x14200 reaper
28189 503392 0 0 3 0x14200 pgdaemon pagedaemon
3161 67533 0 0 3 0x14200 bored viomb
53802 142235 0 0 3 0x40014200 acpi0 acpi0
18114 80466 0 0 3 0x40014200 idle1
26793 454736 0 0 3 0x14200 bored softnet3
92602 286697 0 0 3 0x14200 bored softnet2
37552 393284 0 0 3 0x14200 bored softnet1
48319 206357 0 0 3 0x14200 bored softnet0
10556 202942 0 0 2 0x14200 systqmp
6411 110712 0 0 3 0x14200 bored systq
22166 89059 0 0 3 0x14200 tmoslp softclockmp
31981 24173 0 0 2 0x40014200 softclock
69713 332169 0 0 3 0x40014200 idle0
1 234330 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{0}> show all locks
Process 44591 (syz-executor) thread 0xffff80003c450a68 (64692)
exclusive rrwlock inode r = 0 (0xfffffd806df8abf8)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:616
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:527
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570
#5 spec_open+0x305 sys/kern/spec_vnops.c:151
#6 VOP_OPEN+0x8b sys/kern/vfs_vops.c:138
#7 vn_open+0x708 sys/kern/vfs_vnops.c:177
#8 vndioctl+0xcb1 sys/dev/vnd.c:457
#9 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264
#10 vn_ioctl+0xf8 sys/kern/vfs_vnops.c:531
#11 sys_ioctl+0x5c3 sys/kern/sys_generic.c:-1
#12 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#12 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579
#13 Xsyscall+0x128
Process 89135 (reaper) thread 0xffff8000ffffcf68 (37136)
exclusive kernel: protection fault trap, code=0
Faulted in DDB; continuing...
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10255 11159K 12544K 166960K 13768 0
pcb 17 13K 14K 166960K 210 0
rtable 229 10K 10K 166960K 562 0
pf 38 18K 22K 166960K 147 0
ifaddr 41 7K 8K 166960K 98 0
ifgroup 59 2K 2K 166960K 173 0
sysctl 4 1K 9K 166960K 13 0
counters 68 36K 37K 166960K 310 0
ioctlops 0 0K 4K 166960K 1802 0
iov 0 0K 20K 166960K 136 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1528 96K 96K 166960K 2858 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 4 9K 13K 166960K 25 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 47 0
dirhash 12 2K 2K 166960K 39 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 93K 166960K 1318 0
sigio 0 0K 0K 166960K 17 0
proc 73 103K 128K 166960K 761 0
subproc 72 4K 4K 166960K 102 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 1 0K 0K 166960K 148 0
in_multi 90 6K 7K 166960K 155 0
ether_multi 2 0K 0K 166960K 6 0
mrt 2 0K 0K 166960K 5 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 235 1049K 1049K 166960K 235 0
exec 0 0K 1K 166960K 632 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 2 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 266 168K 182K 166960K 13748 0
UVM aobj 36 5K 5K 166960K 38 0
pinsyscall 42 84K 102K 166960K 2484 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 73 0
NDP 13 0K 2K 166960K 70 0
temp 80 8684K 8755K 166960K 59406 0
kqueue 14 22K 33K 166960K 263 0
SYN cache 2 10K 18K 166960K 3 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 175 0 172 3 2 1 3 0 8 0
rtentry 176 174 0 75 6 0 6 6 0 8 0
unpcb 144 852 0 825 10 8 2 6 0 8 1
syncache 336 7 0 7 3 2 1 1 0 8 1
tcpcb 808 402 0 391 9 7 2 5 0 8 0
arp 128 34 0 16 1 0 1 1 0 8 0
inpcb 384 1300 0 1282 19 14 5 8 0 8 3
nd6 144 36 0 10 2 0 2 2 0 8 0
pkpcb 40 22 0 22 2 1 1 1 0 8 1
kcovpl 48 11 0 3 1 0 1 1 0 8 0
ppxss 1192 106 0 106 2 1 1 1 0 8 1
pppxif 1504 3 0 3 3 2 1 1 0 8 1
pfstscr 40 1 0 1 1 1 0 1 0 8 0
pffrag 232 9 0 2 2 1 1 1 0 482 0
pffrnode 88 8 0 2 2 1 1 1 0 8 0
pffrent 40 14 0 7 2 1 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfanchor 1288 2 0 0 1 0 1 1 0 8 0
pfstitem 24 74 0 25 1 0 1 1 0 8 0
pfstkey 128 76 0 27 2 0 2 2 0 8 0
pfstate 384 75 0 26 5 0 5 5 0 8 0
pfrule 1344 23 0 16 2 1 1 2 0 8 0
rttmr 136 1 0 1 1 1 0 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 708 0 252 34 5 29 32 0 8 0
art_table 32 710 0 252 5 1 4 5 0 8 0
art_node 16 172 0 87 1 0 1 1 0 8 0
sysvmsgpl 40 25 0 14 1 0 1 1 0 8 0
semapl 112 43 0 33 1 0 1 1 0 8 0
shmpl 112 35 0 2 1 0 1 1 0 8 0
dirhash 1024 35 0 18 3 0 3 3 0 8 0
dino2pl 256 3941 0 2424 95 0 95 95 0 8 0
ffsino 288 3941 0 2424 109 0 109 109 0 8 0
nchpl 144 5843 0 5282 64 39 25 64 0 8 0
rtmask 32 11 0 11 3 2 1 1 0 8 1
uvmvnodes 80 3723 0 0 76 0 76 76 0 8 0
vnodes 216 3723 0 0 207 0 207 207 0 8 0
namei 1024 20585 0 20585 2 1 1 2 0 8 1
percpumem 16 170 0 121 1 0 1 1 0 8 0
kstatmem 264 104 0 74 3 0 3 3 0 8 0
scsiplug 72 2 0 2 2 2 0 1 0 8 0
scxspl 216 16854 0 16854 12 9 3 8 1 8 3
plimitpl 152 345 0 327 1 0 1 1 0 8 0
sigapl 424 1639 0 1567 10 1 9 9 0 8 0
knotepl 120 538 0 0 17 0 17 17 0 8 0
kqueuepl 224 515 0 503 6 4 2 3 0 8 1
pipepl 336 235 0 208 3 0 3 3 0 8 0
fdescpl 520 1598 0 1567 3 0 3 3 0 8 0
filepl 160 10811 0 10568 32 20 12 19 0 8 1
lockfpl 104 368 0 366 1 0 1 1 0 8 0
lockfspl 48 165 0 163 1 0 1 1 0 8 0
sessionpl 144 31 0 22 1 0 1 1 0 8 0
pgrppl 48 65 0 48 1 0 1 1 0 8 0
ucredpl 104 2071 0 2054 1 0 1 1 0 8 0
zombiepl 144 1953 0 1950 1 0 1 1 0 8 0
processpl 1208 1639 0 1567 6 0 6 6 0 8 0
procpl 656 3657 0 3572 8 0 8 8 0 8 0
srpgc 96 6 0 6 2 2 0 1 0 8 0
sosppl 168 9 0 9 3 2 1 1 0 8 1
sockpl 728 2444 0 2398 29 23 6 16 0 8 1
mcl64k 65536 4 0 0 1 0 1 1 0 8 0
mcl16k 16384 6 0 0 1 0 1 1 0 8 0
mcl12k 12288 1 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 5 0 0 1 0 1 1 0 8 0
mcl4k 4096 121 0 0 16 1 15 16 0 8 0
mcl2k 2048 35 0 0 4 0 4 4 0 8 0
mtagpl 96 68 0 0 2 0 2 2 0 8 0
mbufpl 256 286 0 0 18 0 18 18 0 8 0
bufpl 280 5750 0 127 402 0 402 402 0 8 0
anonpl 32 9195 0 0 75 0 75 75 0 246 0
amapchunkpl 152 46009 0 45382 53 20 33 38 0 158 7
amappl16 200 3277 0 3219 16 11 5 16 0 8 0
amappl15 192 1 0 1 1 1 0 1 0 8 0
amappl14 184 126 0 114 1 0 1 1 0 8 0
amappl13 176 7 0 7 2 2 0 1 0 8 0
amappl12 168 2283 0 2252 4 1 3 3 0 8 0
amappl11 160 49 0 35 1 0 1 1 0 8 0
amappl10 152 8 0 6 1 0 1 1 0 8 0
amappl9 144 253 0 253 1 1 0 1 0 8 0
amappl8 136 30 0 27 1 0 1 1 0 8 0
amappl7 128 116 0 104 1 0 1 1 0 8 0
amappl6 120 207 0 202 1 0 1 1 0 8 0
amappl5 112 138 0 128 1 0 1 1 0 8 0
amappl4 104 339 0 316 1 0 1 1 0 8 0
amappl3 96 9225 0 9101 5 1 4 4 0 8 0
amappl2 88 693 0 629 2 0 2 2 0 8 0
amappl1 80 14246 0 13647 18 3 15 15 0 8 0
amappl 88 12809 0 12615 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 2 0 1 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 254 0 254 2 2 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 37 0 2 1 0 1 1 0 8 0
uaddrrnd 24 1598 0 1567 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1598 0 1567 1 0 1 1 0 8 0
vmmpekpl 168 14229 0 14180 3 0 3 3 0 8 0
vmmpepl 168 103595 0 101536 112 14 98 101 0 357 2
vmsppl 480 1597 0 1567 6 1 5 5 0 8 0
rwobjpl 72 30925 0 26164 91 2 89 89 0 8 2
pdppl 4096 3204 0 3134 120 46 74 86 0 8 4
pvpl 32 16980 0 0 138 1 137 137 0 265 0
pmappl 256 1597 0 1567 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 427 0 64 11 0 11 11 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
witness_checkorder(28,9,0) at witness_checkorder+0xa9 sys/kern/subr_witness.c:779
mtx_enter(18) at mtx_enter+0x47 sys/kern/kern_lock.c:238
clockintr_unbind(ffff80000149df30,1) at clockintr_unbind+0x56 sys/kern/kern_clockintr.c:375
dt_ioctl_record_stop(ffff80000148c000) at dt_ioctl_record_stop+0xbc sys/dev/dt/dt_dev.c:575
dtclose(31e5f,81,2000,ffff80003c4519c8) at dtclose+0x105 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(31e5f,81,2000,ffff80003c4519c8) at dtclose+0x105 sys/dev/dt/dt_dev.c:232
spec_close(ffff80002a3a0f30) at spec_close+0x45f sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd80655981c8,81,fffffd807f7d2138,ffff80003c4519c8) at VOP_CLOSE+0x133 sys/kern/vfs_vops.c:156
vn_closefile(fffffd800b35fe00,ffff80003c4519c8) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd800b35fe00,ffff80003c4519c8) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd800b35fe00,ffff80003c4519c8) at fdrop+0x126 sys/kern/kern_descrip.c:1267
closef(fffffd800b35fe00,ffff80003c4519c8) at closef+0x192 sys/kern/kern_descrip.c:1251
fdfree(ffff80003c4519c8) at fdfree+0x116 sys/kern/kern_descrip.c:1182
exit1(ffff80003c4519c8,0,0,1) at exit1+0x58f sys/kern/kern_exit.c:214
sys_exit(ffff80003c4519c8,ffff80002a3a12a0,ffff80002a3a11f0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a3a12a0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a3a12a0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x769adc71a030, count: -15
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf sys/dev/kcov.c:149
reaper(ffff8000ffffcf68) at reaper+0x218 sys/kern/kern_exit.c:482
end trace frame: 0x0, count: 10
ddb{1}> trace
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf sys/dev/kcov.c:149
reaper(ffff8000ffffcf68) at reaper+0x218 sys/kern/kern_exit.c:482
end trace frame: 0x0, count: -5
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: f47d9bee1200 Use %lld to format a time_t, not %ld
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=110eef68580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=94c529af6dd3e483cff6
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/fdfa29a68bfb/disk-f47d9bee.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/664ed602842d/bsd-f47d9bee.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d7aeec83281e/kernel-f47d9bee.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+94c529...@syzkaller.appspotmail.com
uvm_fault(0xfffffd806e0f9b50, 0x48, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at witness_checkorder+0xa9: movl 0x20(%r14),%r15d
TID PID UID PRFLAGS PFLAGS CPU COMMAND
37136 89135 0 0x14000 0x200 1 reaper
witness_checkorder(28,9,0) at witness_checkorder+0xa9 sys/kern/subr_witness.c:779
mtx_enter(18) at mtx_enter+0x47 sys/kern/kern_lock.c:238
clockintr_unbind(ffff80000149df30,1) at clockintr_unbind+0x56 sys/kern/kern_clockintr.c:375
dt_ioctl_record_stop(ffff80000148c000) at dt_ioctl_record_stop+0xbc sys/dev/dt/dt_dev.c:575
dtclose(31e5f,81,2000,ffff80003c4519c8) at dtclose+0x105 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(31e5f,81,2000,ffff80003c4519c8) at dtclose+0x105 sys/dev/dt/dt_dev.c:232
spec_close(ffff80002a3a0f30) at spec_close+0x45f sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd80655981c8,81,fffffd807f7d2138,ffff80003c4519c8) at VOP_CLOSE+0x133 sys/kern/vfs_vops.c:156
vn_closefile(fffffd800b35fe00,ffff80003c4519c8) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd800b35fe00,ffff80003c4519c8) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd800b35fe00,ffff80003c4519c8) at fdrop+0x126 sys/kern/kern_descrip.c:1267
closef(fffffd800b35fe00,ffff80003c4519c8) at closef+0x192 sys/kern/kern_descrip.c:1251
fdfree(ffff80003c4519c8) at fdfree+0x116 sys/kern/kern_descrip.c:1182
exit1(ffff80003c4519c8,0,0,1) at exit1+0x58f sys/kern/kern_exit.c:214
sys_exit(ffff80003c4519c8,ffff80002a3a12a0,ffff80002a3a11f0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a3a12a0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a3a12a0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579
end trace frame: 0xffff80002a3a1320, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: uvm_fault(0xfffffd806e0f9b50, 0x48, 0, 1) -> e
ddb{0}> trace
witness_checkorder(28,9,0) at witness_checkorder+0xa9 sys/kern/subr_witness.c:779
mtx_enter(18) at mtx_enter+0x47 sys/kern/kern_lock.c:238
clockintr_unbind(ffff80000149df30,1) at clockintr_unbind+0x56 sys/kern/kern_clockintr.c:375
dt_ioctl_record_stop(ffff80000148c000) at dt_ioctl_record_stop+0xbc sys/dev/dt/dt_dev.c:575
dtclose(31e5f,81,2000,ffff80003c4519c8) at dtclose+0x105 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(31e5f,81,2000,ffff80003c4519c8) at dtclose+0x105 sys/dev/dt/dt_dev.c:232
spec_close(ffff80002a3a0f30) at spec_close+0x45f sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd80655981c8,81,fffffd807f7d2138,ffff80003c4519c8) at VOP_CLOSE+0x133 sys/kern/vfs_vops.c:156
vn_closefile(fffffd800b35fe00,ffff80003c4519c8) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd800b35fe00,ffff80003c4519c8) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd800b35fe00,ffff80003c4519c8) at fdrop+0x126 sys/kern/kern_descrip.c:1267
closef(fffffd800b35fe00,ffff80003c4519c8) at closef+0x192 sys/kern/kern_descrip.c:1251
fdfree(ffff80003c4519c8) at fdfree+0x116 sys/kern/kern_descrip.c:1182
exit1(ffff80003c4519c8,0,0,1) at exit1+0x58f sys/kern/kern_exit.c:214
sys_exit(ffff80003c4519c8,ffff80002a3a12a0,ffff80002a3a11f0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a3a12a0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a3a12a0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x769adc71a030, count: -15
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80002a3a0da0
rbx 0
rdx 0
rcx 0xffff80003c4519c8
rax 0xffffffff837bbff0 cpu_info_full_primary+0x1ff0
r8 0xffffffffffffffff
r9 0x4bf00 acpi_pdirpa+0x37d71
r10 0x23cfdf01fced871d
r11 0x8e9fe61c47a762ce
r12 0
r13 0x1
r14 0x28
r15 0x3
rip 0xffffffff82a7b5f9 witness_checkorder+0xa9
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002a3a0cf0
ss 0x10
witness_checkorder+0xa9: movl 0x20(%r14),%r15d
ddb{0}> show proc
PROC (syz-executor) tid=254302 pid=42865 tcnt=0 stat=onproc
flags process=1018<EXITING,SUGID,SINGLEEXIT> proc=2000<WEXIT>
runpri=32, usrpri=82, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0xffff80003c4519c8 scnt=-1 ecnt=1
forw=0xffffffffffffffff, list=0xffff80003c450cf8,0xffffffff83a13120
process=0xffff80003c4eaf58 user=0xffff80002a39c000, vmspace=0xfffffd806e0f9b50
estcpu=32, cpticks=0, pctcpu=0.1, user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
21593 507046 82240 0 3 0x82 wait syz-executor
35099 311555 61269 0 2 0xc90 syz-executor
35099 94050 61269 0 3 0x4000090 sbwait syz-executor
35099 49723 61269 0 3 0x4000090 fsleep syz-executor
91551 480502 81960 0 2 0xc80 syz-executor
91551 365704 81960 0 3 0x4000080 kqpoll syz-executor
52280 220688 68365 0 2 0xc80 syz-executor
52280 228059 68365 0 3 0x4000080 ttyout syz-executor
52280 410151 68365 0 3 0x4000080 fsleep syz-executor
44591 253876 62060 0 2 0xc80 syz-executor
44591 64692 62060 0 3 0x4000080 ttyin syz-executor
44591 516665 62060 0 3 0x4000080 fsleep syz-executor
44591 228145 62060 0 3 0x4000080 fsleep syz-executor
15932 65611 36151 0 2 0xc90 syz-executor
15932 340266 36151 0 3 0x4000090 sbwait syz-executor
15932 314864 36151 0 3 0x4000090 fsleep syz-executor
62060 433879 82240 0 2 0xc82 syz-executor
68365 236804 82240 0 2 0xc82 syz-executor
42136 321419 0 0 3 0x14200 acct acct
46060 181723 1 0 3 0x100083 ttyin getty
42360 68107 0 0 3 0x14280 nfsidl nfsio
9226 326650 0 0 3 0x14280 nfsidl nfsio
94502 498940 0 0 3 0x14280 nfsidl nfsio
84016 406489 0 0 3 0x14280 nfsidl nfsio
56310 47802 0 0 3 0x14280 nfsidl nfsio
84069 502975 0 0 3 0x14280 nfsidl nfsio
14818 69294 0 0 3 0x14280 nfsidl nfsio
47060 403794 0 0 3 0x14280 nfsidl nfsio
24062 261374 0 0 3 0x14280 nfsidl nfsio
55536 438444 0 0 3 0x14280 nfsidl nfsio
98326 230768 0 0 3 0x14280 nfsidl nfsio
80645 495038 0 0 3 0x14280 nfsidl nfsio
84261 359236 0 0 3 0x14280 nfsidl nfsio
92254 223085 0 0 3 0x14280 nfsidl nfsio
97163 16511 0 0 3 0x14280 nfsidl nfsio
64020 249705 0 0 3 0x14280 nfsidl nfsio
12852 358883 0 0 3 0x14280 nfsidl nfsio
64971 150176 0 0 3 0x14280 nfsidl nfsio
40982 315839 0 0 3 0x14280 nfsidl nfsio
26102 140315 0 0 3 0x14280 nfsidl nfsio
17959 409453 0 0 3 0x14200 bored sosplice
61269 421037 82240 0 3 0x82 nanoslp syz-executor
81960 235001 82240 0 3 0x82 nanoslp syz-executor
42156 17756 82240 0 3 0x82 nanoslp syz-executor
36151 11079 82240 0 2 0xc82 syz-executor
98841 387767 82240 0 3 0x82 wait syz-executor
82240 314417 26718 0 3 0x82 kqread syz-executor
26718 509727 17108 0 3 0x10008a sigsusp ksh
17108 365874 63827 0 3 0x98 kqread sshd-session
63827 84611 79456 0 3 0x92 kqread sshd-session
79456 254164 1 0 3 0x88 kqread sshd
20750 71517 33250 74 3 0x1100092 bpf pflogd
33250 447031 1 0 3 0x80 sbwait pflogd
8440 277630 8393 73 3 0x1100090 kqread syslogd
8393 503396 1 0 3 0x100082 sbwait syslogd
46505 412762 1 0 3 0x100080 kqread resolvd
32779 390113 98679 77 3 0x100092 kqread dhcpleased
91397 144211 98679 77 3 0x100092 kqread dhcpleased
98679 267267 1 0 3 0x80 kqread dhcpleased
65843 410676 0 0 2 0x14200 smr
19251 503141 0 0 3 0x14200 pgzero zerothread
58379 281763 0 0 3 0x14200 aiodoned aiodoned
39986 46192 0 0 3 0x14200 syncer update
65359 313778 0 0 3 0x14200 cleaner cleaner
89135 37136 0 0 7 0x14200 reaper
28189 503392 0 0 3 0x14200 pgdaemon pagedaemon
3161 67533 0 0 3 0x14200 bored viomb
53802 142235 0 0 3 0x40014200 acpi0 acpi0
18114 80466 0 0 3 0x40014200 idle1
26793 454736 0 0 3 0x14200 bored softnet3
92602 286697 0 0 3 0x14200 bored softnet2
37552 393284 0 0 3 0x14200 bored softnet1
48319 206357 0 0 3 0x14200 bored softnet0
10556 202942 0 0 2 0x14200 systqmp
6411 110712 0 0 3 0x14200 bored systq
22166 89059 0 0 3 0x14200 tmoslp softclockmp
31981 24173 0 0 2 0x40014200 softclock
69713 332169 0 0 3 0x40014200 idle0
1 234330 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb{0}> show all locks
Process 44591 (syz-executor) thread 0xffff80003c450a68 (64692)
exclusive rrwlock inode r = 0 (0xfffffd806df8abf8)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:616
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:527
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570
#5 spec_open+0x305 sys/kern/spec_vnops.c:151
#6 VOP_OPEN+0x8b sys/kern/vfs_vops.c:138
#7 vn_open+0x708 sys/kern/vfs_vnops.c:177
#8 vndioctl+0xcb1 sys/dev/vnd.c:457
#9 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264
#10 vn_ioctl+0xf8 sys/kern/vfs_vnops.c:531
#11 sys_ioctl+0x5c3 sys/kern/sys_generic.c:-1
#12 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#12 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:579
#13 Xsyscall+0x128
Process 89135 (reaper) thread 0xffff8000ffffcf68 (37136)
exclusive kernel: protection fault trap, code=0
Faulted in DDB; continuing...
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10255 11159K 12544K 166960K 13768 0
pcb 17 13K 14K 166960K 210 0
rtable 229 10K 10K 166960K 562 0
pf 38 18K 22K 166960K 147 0
ifaddr 41 7K 8K 166960K 98 0
ifgroup 59 2K 2K 166960K 173 0
sysctl 4 1K 9K 166960K 13 0
counters 68 36K 37K 166960K 310 0
ioctlops 0 0K 4K 166960K 1802 0
iov 0 0K 20K 166960K 136 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1528 96K 96K 166960K 2858 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 4 9K 13K 166960K 25 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 47 0
dirhash 12 2K 2K 166960K 39 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 93K 166960K 1318 0
sigio 0 0K 0K 166960K 17 0
proc 73 103K 128K 166960K 761 0
subproc 72 4K 4K 166960K 102 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 1 0K 0K 166960K 148 0
in_multi 90 6K 7K 166960K 155 0
ether_multi 2 0K 0K 166960K 6 0
mrt 2 0K 0K 166960K 5 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 235 1049K 1049K 166960K 235 0
exec 0 0K 1K 166960K 632 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 2 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 266 168K 182K 166960K 13748 0
UVM aobj 36 5K 5K 166960K 38 0
pinsyscall 42 84K 102K 166960K 2484 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 73 0
NDP 13 0K 2K 166960K 70 0
temp 80 8684K 8755K 166960K 59406 0
kqueue 14 22K 33K 166960K 263 0
SYN cache 2 10K 18K 166960K 3 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 175 0 172 3 2 1 3 0 8 0
rtentry 176 174 0 75 6 0 6 6 0 8 0
unpcb 144 852 0 825 10 8 2 6 0 8 1
syncache 336 7 0 7 3 2 1 1 0 8 1
tcpcb 808 402 0 391 9 7 2 5 0 8 0
arp 128 34 0 16 1 0 1 1 0 8 0
inpcb 384 1300 0 1282 19 14 5 8 0 8 3
nd6 144 36 0 10 2 0 2 2 0 8 0
pkpcb 40 22 0 22 2 1 1 1 0 8 1
kcovpl 48 11 0 3 1 0 1 1 0 8 0
ppxss 1192 106 0 106 2 1 1 1 0 8 1
pppxif 1504 3 0 3 3 2 1 1 0 8 1
pfstscr 40 1 0 1 1 1 0 1 0 8 0
pffrag 232 9 0 2 2 1 1 1 0 482 0
pffrnode 88 8 0 2 2 1 1 1 0 8 0
pffrent 40 14 0 7 2 1 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfanchor 1288 2 0 0 1 0 1 1 0 8 0
pfstitem 24 74 0 25 1 0 1 1 0 8 0
pfstkey 128 76 0 27 2 0 2 2 0 8 0
pfstate 384 75 0 26 5 0 5 5 0 8 0
pfrule 1344 23 0 16 2 1 1 2 0 8 0
rttmr 136 1 0 1 1 1 0 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 708 0 252 34 5 29 32 0 8 0
art_table 32 710 0 252 5 1 4 5 0 8 0
art_node 16 172 0 87 1 0 1 1 0 8 0
sysvmsgpl 40 25 0 14 1 0 1 1 0 8 0
semapl 112 43 0 33 1 0 1 1 0 8 0
shmpl 112 35 0 2 1 0 1 1 0 8 0
dirhash 1024 35 0 18 3 0 3 3 0 8 0
dino2pl 256 3941 0 2424 95 0 95 95 0 8 0
ffsino 288 3941 0 2424 109 0 109 109 0 8 0
nchpl 144 5843 0 5282 64 39 25 64 0 8 0
rtmask 32 11 0 11 3 2 1 1 0 8 1
uvmvnodes 80 3723 0 0 76 0 76 76 0 8 0
vnodes 216 3723 0 0 207 0 207 207 0 8 0
namei 1024 20585 0 20585 2 1 1 2 0 8 1
percpumem 16 170 0 121 1 0 1 1 0 8 0
kstatmem 264 104 0 74 3 0 3 3 0 8 0
scsiplug 72 2 0 2 2 2 0 1 0 8 0
scxspl 216 16854 0 16854 12 9 3 8 1 8 3
plimitpl 152 345 0 327 1 0 1 1 0 8 0
sigapl 424 1639 0 1567 10 1 9 9 0 8 0
knotepl 120 538 0 0 17 0 17 17 0 8 0
kqueuepl 224 515 0 503 6 4 2 3 0 8 1
pipepl 336 235 0 208 3 0 3 3 0 8 0
fdescpl 520 1598 0 1567 3 0 3 3 0 8 0
filepl 160 10811 0 10568 32 20 12 19 0 8 1
lockfpl 104 368 0 366 1 0 1 1 0 8 0
lockfspl 48 165 0 163 1 0 1 1 0 8 0
sessionpl 144 31 0 22 1 0 1 1 0 8 0
pgrppl 48 65 0 48 1 0 1 1 0 8 0
ucredpl 104 2071 0 2054 1 0 1 1 0 8 0
zombiepl 144 1953 0 1950 1 0 1 1 0 8 0
processpl 1208 1639 0 1567 6 0 6 6 0 8 0
procpl 656 3657 0 3572 8 0 8 8 0 8 0
srpgc 96 6 0 6 2 2 0 1 0 8 0
sosppl 168 9 0 9 3 2 1 1 0 8 1
sockpl 728 2444 0 2398 29 23 6 16 0 8 1
mcl64k 65536 4 0 0 1 0 1 1 0 8 0
mcl16k 16384 6 0 0 1 0 1 1 0 8 0
mcl12k 12288 1 0 0 1 0 1 1 0 8 0
mcl9k 9216 1 0 0 1 0 1 1 0 8 0
mcl8k 8192 5 0 0 1 0 1 1 0 8 0
mcl4k 4096 121 0 0 16 1 15 16 0 8 0
mcl2k 2048 35 0 0 4 0 4 4 0 8 0
mtagpl 96 68 0 0 2 0 2 2 0 8 0
mbufpl 256 286 0 0 18 0 18 18 0 8 0
bufpl 280 5750 0 127 402 0 402 402 0 8 0
anonpl 32 9195 0 0 75 0 75 75 0 246 0
amapchunkpl 152 46009 0 45382 53 20 33 38 0 158 7
amappl16 200 3277 0 3219 16 11 5 16 0 8 0
amappl15 192 1 0 1 1 1 0 1 0 8 0
amappl14 184 126 0 114 1 0 1 1 0 8 0
amappl13 176 7 0 7 2 2 0 1 0 8 0
amappl12 168 2283 0 2252 4 1 3 3 0 8 0
amappl11 160 49 0 35 1 0 1 1 0 8 0
amappl10 152 8 0 6 1 0 1 1 0 8 0
amappl9 144 253 0 253 1 1 0 1 0 8 0
amappl8 136 30 0 27 1 0 1 1 0 8 0
amappl7 128 116 0 104 1 0 1 1 0 8 0
amappl6 120 207 0 202 1 0 1 1 0 8 0
amappl5 112 138 0 128 1 0 1 1 0 8 0
amappl4 104 339 0 316 1 0 1 1 0 8 0
amappl3 96 9225 0 9101 5 1 4 4 0 8 0
amappl2 88 693 0 629 2 0 2 2 0 8 0
amappl1 80 14246 0 13647 18 3 15 15 0 8 0
amappl 88 12809 0 12615 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 2 0 1 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 254 0 254 2 2 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 37 0 2 1 0 1 1 0 8 0
uaddrrnd 24 1598 0 1567 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1598 0 1567 1 0 1 1 0 8 0
vmmpekpl 168 14229 0 14180 3 0 3 3 0 8 0
vmmpepl 168 103595 0 101536 112 14 98 101 0 357 2
vmsppl 480 1597 0 1567 6 1 5 5 0 8 0
rwobjpl 72 30925 0 26164 91 2 89 89 0 8 2
pdppl 4096 3204 0 3134 120 46 74 86 0 8 4
pvpl 32 16980 0 0 138 1 137 137 0 265 0
pmappl 256 1597 0 1567 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 427 0 64 11 0 11 11 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
witness_checkorder(28,9,0) at witness_checkorder+0xa9 sys/kern/subr_witness.c:779
mtx_enter(18) at mtx_enter+0x47 sys/kern/kern_lock.c:238
clockintr_unbind(ffff80000149df30,1) at clockintr_unbind+0x56 sys/kern/kern_clockintr.c:375
dt_ioctl_record_stop(ffff80000148c000) at dt_ioctl_record_stop+0xbc sys/dev/dt/dt_dev.c:575
dtclose(31e5f,81,2000,ffff80003c4519c8) at dtclose+0x105 dt_pcb_purge sys/dev/dt/dt_dev.c:-1 [inline]
dtclose(31e5f,81,2000,ffff80003c4519c8) at dtclose+0x105 sys/dev/dt/dt_dev.c:232
spec_close(ffff80002a3a0f30) at spec_close+0x45f sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd80655981c8,81,fffffd807f7d2138,ffff80003c4519c8) at VOP_CLOSE+0x133 sys/kern/vfs_vops.c:156
vn_closefile(fffffd800b35fe00,ffff80003c4519c8) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd800b35fe00,ffff80003c4519c8) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd800b35fe00,ffff80003c4519c8) at fdrop+0x126 sys/kern/kern_descrip.c:1267
closef(fffffd800b35fe00,ffff80003c4519c8) at closef+0x192 sys/kern/kern_descrip.c:1251
fdfree(ffff80003c4519c8) at fdfree+0x116 sys/kern/kern_descrip.c:1182
exit1(ffff80003c4519c8,0,0,1) at exit1+0x58f sys/kern/kern_exit.c:214
sys_exit(ffff80003c4519c8,ffff80002a3a12a0,ffff80002a3a11f0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a3a12a0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a3a12a0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x769adc71a030, count: -15
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf sys/dev/kcov.c:149
reaper(ffff8000ffffcf68) at reaper+0x218 sys/kern/kern_exit.c:482
end trace frame: 0x0, count: 10
ddb{1}> trace
x86_ipi_db(ffff8000299ddff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf sys/dev/kcov.c:149
reaper(ffff8000ffffcf68) at reaper+0x218 sys/kern/kern_exit.c:482
end trace frame: 0x0, count: -5
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages