panic: chgproccnt: procs < 0
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*519805 92485 0 0x10 0x4000000 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833ee998) at panic+0x1cf sys/kern/subr_prf.c:198
chgproccnt(ee00,ffffffff) at chgproccnt+0xcc
sys_setreuid(ffff80002a7ccd18,ffff80002f4ff280,ffff80002f4ff1d0) at sys_setreuid+0x563 sys/kern/kern_prot.c:688
syscall(ffff80002f4ff280) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002f4ff280) at syscall+0x962 sys/arch/amd64/amd64/trap.c:765
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd7a442e2170, count: 9
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: chgproccnt: procs < 0
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833ee998) at panic+0x1cf sys/kern/subr_prf.c:198
chgproccnt(ee00,ffffffff) at chgproccnt+0xcc
sys_setreuid(ffff80002a7ccd18,ffff80002f4ff280,ffff80002f4ff1d0) at sys_setreuid+0x563 sys/kern/kern_prot.c:688
syscall(ffff80002f4ff280) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002f4ff280) at syscall+0x962 sys/arch/amd64/amd64/trap.c:765
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd7a442e2170, count: -6
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80002f4ff060
rbx 0xee00 __ALIGN_SIZE+0xde00
rdx 0xffff800001465a40
rcx 0
rax 0xffff80002a7ccd18
r8 0x101010101010101
r9 0x8080808080808080
r10 0x1821fc8906c415c9
r11 0x253b96c0b14dcde6
r12 0
r13 0xfffffd8007bfd208
r14 0
r15 0x1
rip 0xffffffff8287ba05 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80002f4ff050
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=519805 pid=92485 tcnt=3 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
runpri=50, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a7e5cb0,0xffff80002a7ccfc0
process=0xffff8000ffff8498 user=0xffff80002f4fa000, vmspace=0xfffffd806cb3f2f0
estcpu=2, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
75046 182569 82324 0 2 0 syz-executor
75046 522390 82324 0 3 0x4000080 fsleep syz-executor
75046 217541 82324 0 3 0x4000080 fsleep syz-executor
49605 281875 7815 0 2 0 syz-executor
49605 183782 7815 0 3 0x4000080 fsleep syz-executor
49605 351860 7815 0 3 0x4000080 fsleep syz-executor
32129 37172 84257 0 2 0x82000 syz-executor
32129 57732 84257 0 3 0x4002000 suspend syz-executor
92485 116548 8314 0 2 0x10 syz-executor
*92485 519805 8314 0 7 0x4000010 syz-executor
92485 430067 8314 0 2 0x4000010 syz-executor
58956 161995 17583 0 2 0 syz-executor
58956 411530 17583 0 3 0x4000080 fsleep syz-executor
19143 308548 71517 0 3 0x3000 suspend syz-executor
19143 498612 71517 0 2 0x4081000 syz-executor
86760 245471 3016 0 2 0x2 sh
3016 287840 43720 0 2 0x10000002 syz-executor
17583 373879 43720 0 3 0x82 nanoslp syz-executor
8314 304915 43720 0 3 0x82 nanoslp syz-executor
71517 227206 43720 0 3 0x82 nanoslp syz-executor
7815 423782 43720 0 3 0x82 nanoslp syz-executor
60128 399862 43720 0 2 0x2 syz-executor
82324 306512 43720 0 3 0x82 nanoslp syz-executor
84257 135670 43720 0 3 0x82 nanoslp syz-executor
43720 490034 14767 0 3 0x82 kqread syz-executor
14767 186795 32498 0 3 0x10008a sigsusp ksh
32498 83790 98261 0 3 0x98 kqread sshd-session
98261 55038 12532 0 3 0x92 kqread sshd-session
23348 401406 1 0 3 0x100083 ttyin getty
12532 61383 1 0 3 0x88 kqread sshd
59811 211449 38258 73 3 0x1100090 kqread syslogd
38258 509086 1 0 3 0x100082 sbwait syslogd
65910 48602 1 0 3 0x100080 kqread resolvd
99157 220042 61596 77 3 0x100092 kqread dhcpleased
96986 70433 61596 77 3 0x100092 kqread dhcpleased
61596 158392 1 0 3 0x80 kqread dhcpleased
41299 131336 0 0 3 0x14200 bored smr
97502 342703 0 0 2 0x14200 zerothread
29641 334218 0 0 3 0x14200 aiodoned aiodoned
58582 391167 0 0 3 0x14200 syncer update
45483 53493 0 0 3 0x14200 cleaner cleaner
63702 119083 0 0 3 0x14200 reaper reaper
73275 69720 0 0 3 0x14200 pgdaemon pagedaemon
55845 298464 0 0 3 0x14200 bored viomb
23320 21410 0 0 3 0x40014200 acpi0 acpi0
76131 510369 0 0 3 0x14200 bored softnet0
68978 325470 0 0 3 0x14200 bored systqmp
14337 343044 0 0 3 0x14200 bored systq
10881 440964 0 0 3 0x40014200 tmoslp softclock
66805 97398 0 0 3 0x40014200 idle0
1 99684 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10176 11131K 11558K 166960K 11344 0
pcb 17 14K 16K 166960K 104 0
rtable 203 6K 6K 166960K 372 0
pf 30 12K 13K 166960K 42 0
ifaddr 37 6K 7K 166960K 55 0
ifgroup 48 2K 2K 166960K 70 0
sysctl 1 1K 9K 166960K 5 0
counters 32 17K 18K 166960K 40 0
ioctlops 0 0K 2K 166960K 38 0
iov 0 0K 12K 166960K 2 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1344 85K 85K 166960K 1572 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 4 0
VM map 2 1K 1K 166960K 2 0
sem 4 0K 0K 166960K 5 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 89K 166960K 200 0
sigio 0 0K 0K 166960K 1 0
proc 63 67K 91K 166960K 498 0
subproc 72 4K 4K 166960K 81 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 5 0
in_multi 78 5K 6K 166960K 105 0
ether_multi 1 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 49 228K 228K 166960K 49 0
exec 0 0K 1K 166960K 432 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 221 142K 151K 166960K 3491 0
UVM aobj 6 2K 2K 166960K 6 0
pinsyscall 38 76K 92K 166960K 1282 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 1 0K 1K 166960K 10 0
NDP 11 0K 1K 166960K 32 0
temp 74 8660K 8728K 166960K 4248 0
kqueue 13 20K 28K 166960K 34 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 40 0 37 1 0 1 1 0 8 0
rtentry 136 118 0 26 4 0 4 4 0 8 0
unpcb 144 47 0 32 1 0 1 1 0 8 0
syncache 336 3 0 3 1 1 0 1 0 8 0
tcpcb 736 32 0 26 1 0 1 1 0 8 0
arp 96 19 0 4 1 0 1 1 0 8 0
inpcb 328 167 0 158 7 6 1 7 0 8 0
nd6 112 25 0 6 1 0 1 1 0 8 0
kcovpl 48 9 0 1 1 0 1 1 0 8 0
ppxss 1072 4 0 3 2 1 1 1 0 8 0
pppxif 1384 3 0 3 2 1 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 469 0 100 29 0 29 29 0 8 4
art_table 40 470 0 100 5 0 5 5 0 8 0
art_node 32 118 0 34 1 0 1 1 0 8 0
semapl 112 3 0 1 1 0 1 1 0 8 0
shmpl 112 3 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1810 0 304 95 0 95 95 0 8 0
ffsino 256 1810 0 304 95 0 95 95 0 8 0
nchpl 144 2075 0 382 63 0 63 63 0 8 0
vnodes 216 1928 0 0 108 0 108 108 0 8 0
namei 1024 6348 0 6348 3 2 1 2 0 8 1
kstatmem 264 32 0 10 2 0 2 2 0 8 0
scsiplug 72 1 0 1 1 1 0 1 0 8 0
scxspl 216 6365 0 6365 9 1 8 8 1 8 8
plimitpl 152 65 0 49 1 0 1 1 0 8 0
sigapl 424 484 0 442 6 1 5 6 0 8 0
knotepl 120 4957 0 4910 9 0 9 9 0 8 5
kqueuepl 184 34 0 24 1 0 1 1 0 8 0
pipepl 304 120 0 93 3 0 3 3 0 8 0
fdescpl 448 471 0 442 5 1 4 5 0 8 0
filepl 120 2257 0 2044 15 8 7 15 0 8 0
lockfpl 104 38 0 36 1 0 1 1 0 8 0
lockfspl 48 13 0 11 1 0 1 1 0 8 0
sessionpl 144 22 0 14 1 0 1 1 0 8 0
pgrppl 48 32 0 16 1 0 1 1 0 8 0
ucredpl 104 604 0 591 1 0 1 1 0 8 0
zombiepl 144 466 0 465 2 1 1 1 0 8 0
processpl 1152 484 0 442 4 0 4 4 0 8 0
procpl 664 595 0 544 6 0 6 6 0 8 1
sosppl 176 1 0 1 1 0 1 1 0 8 1
sockpl 552 256 0 229 8 5 3 8 0 8 0
mcl64k 65536 3 0 3 1 1 0 1 0 8 0
mcl8k 8192 5 0 5 1 1 0 1 0 8 0
mcl4k 4096 2526 0 2470 14 6 8 14 0 8 0
mcl2k 2048 301 0 299 4 3 1 4 0 8 0
mtagpl 96 9 0 4 1 0 1 1 0 8 0
mbufpl 256 4784 0 4634 18 0 18 18 0 8 1
bufpl 280 2331 0 118 159 0 159 159 0 8 0
anonpl 24 85380 0 82371 21 2 19 21 0 187 0
amapchunkpl 152 9635 0 9182 20 1 19 19 0 158 0
amappl16 200 1176 0 1156 4 2 2 4 0 8 0
amappl15 192 7 0 7 1 1 0 1 0 8 0
amappl14 184 6 0 6 1 1 0 1 0 8 0
amappl13 176 435 0 433 1 0 1 1 0 8 0
amappl12 168 803 0 766 2 0 2 2 0 8 0
amappl11 160 10 0 10 1 1 0 1 0 8 0
amappl10 152 43 0 32 1 0 1 1 0 8 0
amappl9 144 254 0 253 1 0 1 1 0 8 0
amappl8 136 19 0 18 1 0 1 1 0 8 0
amappl7 128 86 0 85 1 0 1 1 0 8 0
amappl6 120 266 0 253 1 0 1 1 0 8 0
amappl5 112 72 0 65 1 0 1 1 0 8 0
amappl4 104 377 0 354 1 0 1 1 0 8 0
amappl3 96 1552 0 1466 3 0 3 3 0 8 0
amappl2 88 565 0 500 2 0 2 2 0 8 0
amappl1 80 8938 0 8412 12 0 12 12 0 8 0
amappl 88 2790 0 2636 4 0 4 4 0 92 0
uvmvnodes 80 97 0 0 2 0 2 2 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 5 0 0 1 0 1 1 0 8 0
uaddrrnd 24 471 0 442 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 471 0 442 1 0 1 1 0 8 0
vmmpekpl 168 5493 0 5453 2 0 2 2 0 8 0
vmmpepl 168 37041 0 35330 80 2 78 79 0 357 0
vmsppl 368 470 0 442 4 1 3 4 0 8 0
rwobjpl 40 12915 0 11997 10 0 10 10 0 8 0
pdppl 4096 949 0 884 97 30 67 79 0 8 2
pvpl 32 217558 0 208885 82 3 79 79 0 265 7
pmappl 216 470 0 442 2 0 2 2 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 375 0 48 11 0 11 11 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833ee998) at panic+0x1cf sys/kern/subr_prf.c:198
chgproccnt(ee00,ffffffff) at chgproccnt+0xcc
sys_setreuid(ffff80002a7ccd18,ffff80002f4ff280,ffff80002f4ff1d0) at sys_setreuid+0x563 sys/kern/kern_prot.c:688
syscall(ffff80002f4ff280) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002f4ff280) at syscall+0x962 sys/arch/amd64/amd64/trap.c:765
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd7a442e2170, count: -6
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff833ee998) at panic+0x1cf sys/kern/subr_prf.c:198
chgproccnt(ee00,ffffffff) at chgproccnt+0xcc
sys_setreuid(ffff80002a7ccd18,ffff80002f4ff280,ffff80002f4ff1d0) at sys_setreuid+0x563 sys/kern/kern_prot.c:688
syscall(ffff80002f4ff280) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002f4ff280) at syscall+0x962 sys/arch/amd64/amd64/trap.c:765
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd7a442e2170, count: -6