panic: chgproccnt: procs < 0
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*476109 23390 0 0x10 0x4000000 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83404581) at panic+0x1cf sys/kern/subr_prf.c:198
chgproccnt(212a200,ffffffff) at chgproccnt+0xcc
sys_setreuid(ffff800031903a30,ffff80003c930f50,ffff80003c930ea0) at sys_setreuid+0x563 sys/kern/kern_prot.c:688
syscall(ffff80003c930f50) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c930f50) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3a64a5bc120, count: 9
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: chgproccnt: procs < 0
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83404581) at panic+0x1cf sys/kern/subr_prf.c:198
chgproccnt(212a200,ffffffff) at chgproccnt+0xcc
sys_setreuid(ffff800031903a30,ffff80003c930f50,ffff80003c930ea0) at sys_setreuid+0x563 sys/kern/kern_prot.c:688
syscall(ffff80003c930f50) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c930f50) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3a64a5bc120, count: -6
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80003c930d30
rbx 0x212a200 __kernel_phys_base+0x112a200
rdx 0xffff800001573c40
rcx 0
rax 0xffff800031903a30
r8 0x101010101010101
r9 0x8080808080808080
r10 0x3fa2cd41b3f80d56
r11 0x7c8128c3121f82de
r12 0
r13 0xfffffd8007bfd4e0
r14 0
r15 0x1
rip 0xffffffff81df8255 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003c930d20
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=476109 pid=23390 tcnt=4 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
runpri=82, usrpri=82, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003c93b248,0xffff8000319037a8
process=0xffff8000ffff9b18 user=0xffff80003c92c000, vmspace=0xfffffd806cafbe78
estcpu=32, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
66273 342514 51225 0 2 0 syz-executor
87799 13456 54381 -1 2 0x10 syz-executor
87799 375669 54381 -1 3 0x4000090 fsleep syz-executor
95728 248302 82148 0 2 0 syz-executor
95728 63558 82148 0 2 0x4000000 syz-executor
1170 238501 22237 0 2 0 syz-executor
1170 122688 22237 0 2 0x4000000 syz-executor
1170 109515 22237 0 2 0x4000000 syz-executor
1170 384935 22237 0 2 0x4000000 syz-executor
52992 62085 26045 0 3 0x80 nanoslp syz-executor
52992 496242 26045 0 2 0x4000000 syz-executor
52992 14160 26045 0 3 0x4000080 fsleep syz-executor
52992 43768 26045 0 2 0x4000000 syz-executor
23390 44865 24159 0 2 0x10 syz-executor
23390 469747 24159 0 2 0x4000010 syz-executor
*23390 476109 24159 0 7 0x4000010 syz-executor
23390 468473 24159 0 3 0x4000090 fsleep syz-executor
45551 181004 0 0 3 0x14280 nfsidl nfsio
1252 405378 0 0 3 0x14280 nfsidl nfsio
46014 238512 0 0 3 0x14280 nfsidl nfsio
71629 469681 0 0 3 0x14280 nfsidl nfsio
39946 380879 0 0 3 0x14280 nfsidl nfsio
37301 446439 0 0 3 0x14280 nfsidl nfsio
63469 520318 0 0 3 0x14280 nfsidl nfsio
25123 48798 0 0 3 0x14280 nfsidl nfsio
55651 197271 0 0 3 0x14280 nfsidl nfsio
15753 217182 0 0 3 0x14280 nfsidl nfsio
95318 334071 0 0 3 0x14280 nfsidl nfsio
98979 363536 0 0 3 0x14280 nfsidl nfsio
19148 342967 0 0 3 0x14280 nfsidl nfsio
93289 309450 0 0 3 0x14280 nfsidl nfsio
1284 468283 0 0 3 0x14280 nfsidl nfsio
68384 263073 0 0 3 0x14280 nfsidl nfsio
75035 463148 0 0 3 0x14280 nfsidl nfsio
43569 93024 0 0 3 0x14280 nfsidl nfsio
79703 135773 0 0 3 0x14280 nfsidl nfsio
86752 478933 0 0 3 0x14280 nfsidl nfsio
17901 371677 66438 0 3 0x82 wait syz-executor
82148 91095 66438 0 3 0x82 nanoslp syz-executor
22237 491919 66438 0 3 0x82 nanoslp syz-executor
54381 35980 66438 0 3 0x82 nanoslp syz-executor
24159 486974 66438 0 3 0x82 nanoslp syz-executor
51225 84913 66438 0 3 0x82 nanoslp syz-executor
26045 286662 66438 0 3 0x82 nanoslp syz-executor
9836 471851 66438 0 2 0x2 syz-executor
66438 253740 1051 0 3 0x82 kqread syz-executor
1051 243907 81896 0 3 0x10008a sigsusp ksh
81896 384394 85264 0 3 0x98 kqread sshd-session
85264 150825 71689 0 3 0x92 kqread sshd-session
29659 113418 1 0 3 0x100083 ttyopn getty
71689 99155 1 0 3 0x88 kqread sshd
79513 191390 92213 73 3 0x1100090 kqread syslogd
92213 77833 1 0 3 0x100082 sbwait syslogd
96678 269385 1 0 3 0x100080 kqread resolvd
63625 455063 36120 77 3 0x100092 kqread dhcpleased
98443 499462 36120 77 3 0x100092 kqread dhcpleased
36120 137274 1 0 3 0x80 kqread dhcpleased
80755 486825 0 0 3 0x14200 bored smr
35862 12227 0 0 2 0x14200 zerothread
81087 1827 0 0 3 0x14200 aiodoned aiodoned
36236 326646 0 0 3 0x14200 syncer update
40889 192305 0 0 3 0x14200 cleaner cleaner
36299 149432 0 0 3 0x14200 reaper reaper
62920 481795 0 0 3 0x14200 pgdaemon pagedaemon
49424 72420 0 0 3 0x14200 bored viomb
24833 171058 0 0 3 0x40014200 acpi0 acpi0
49326 144892 0 0 3 0x14200 bored softnet0
77135 201560 0 0 3 0x14200 bored systqmp
79132 259426 0 0 3 0x14200 bored systq
92757 97898 0 0 3 0x40014200 tmoslp softclock
89061 187722 0 0 3 0x40014200 idle0
1 134968 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11069 12176K 13201K 166960K 15051 0
pcb 17 16K 18K 166960K 677 0
rtable 161 10K 10K 166960K 714 0
pf 29 12K 14K 166960K 139 0
ifaddr 25 3K 8K 166960K 116 0
ifgroup 46 2K 2K 166960K 176 0
sysctl 4 1K 9K 166960K 14 0
counters 32 17K 18K 166960K 170 0
ioctlops 0 0K 4K 166960K 379 0
iov 0 0K 16K 166960K 130 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1590 100K 100K 166960K 2949 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 15 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 1K 166960K 42 0
dirhash 12 2K 2K 166960K 39 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 232K 166960K 1443 0
sigio 0 0K 0K 166960K 22 0
proc 62 59K 100K 166960K 687 0
subproc 72 4K 4K 166960K 99 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 115 0
in_multi 46 3K 7K 166960K 181 0
ether_multi 1 0K 0K 166960K 9 0
mrt 0 0K 0K 166960K 3 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 229 1023K 1023K 166960K 229 0
exec 0 0K 1K 166960K 594 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 2 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 227 134K 154K 166960K 14543 0
UVM aobj 48 13K 13K 166960K 59 0
pinsyscall 39 78K 94K 166960K 2600 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 81 0
NDP 10 0K 2K 166960K 75 0
temp 81 8676K 8783K 166960K 52909 0
kqueue 13 20K 32K 166960K 279 0
SYN cache 2 8K 16K 166960K 3 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 207 0 204 3 0 3 3 0 8 2
rtentry 136 189 0 142 4 0 4 4 0 8 0
unpcb 144 1161 0 1146 9 5 4 6 0 8 3
syncache 336 11 0 11 3 2 1 1 0 8 1
tcpqe 32 7 0 7 2 1 1 1 0 8 1
tcpcb 736 450 0 442 13 6 7 7 0 8 5
arp 96 33 0 25 1 0 1 1 0 8 0
ipq 40 3 0 3 1 0 1 1 0 8 1
ipqe 40 37 0 37 1 0 1 1 0 8 1
inpcb 328 1625 0 1613 20 13 7 9 0 8 5
ip6q 72 1 0 1 1 1 0 1 0 8 0
ip6af 40 2 0 2 1 1 0 1 0 8 0
nd6 112 38 0 27 1 0 1 1 0 8 0
pkpcb 40 6 0 6 1 0 1 1 0 8 1
kcovpl 48 11 0 3 1 0 1 1 0 8 0
mppekey 1024 4 0 4 2 1 1 1 0 8 1
ppxss 1072 122 0 122 2 1 1 1 0 8 1
pppxif 1384 11 0 11 3 2 1 1 0 8 1
art_heap8 4096 5 0 0 5 0 5 5 0 8 0
art_heap4 256 796 0 558 30 4 26 29 0 8 7
art_table 40 801 0 558 5 0 5 5 0 8 0
art_node 32 187 0 146 1 0 1 1 0 8 0
sysvmsgpl 40 5 0 3 2 1 1 1 0 8 0
semapl 112 38 0 28 1 0 1 1 0 8 0
shmpl 112 50 0 10 2 0 2 2 0 8 0
dirhash 1024 35 0 18 3 0 3 3 0 8 0
dino2pl 256 3950 0 2450 95 0 95 95 0 8 0
ffsino 256 3950 0 2450 95 0 95 95 0 8 0
nchpl 144 5909 0 4210 65 1 64 64 0 8 0
rtmask 32 16 0 16 1 0 1 1 0 8 1
vnodes 216 5126 0 0 285 0 285 285 0 8 0
namei 1024 20176 0 20175 3 2 1 2 0 8 0
vcpupl 3904 5 0 0 1 0 1 1 0 8 0
vmpool 808 6 0 1 1 0 1 1 0 8 0
kstatmem 264 106 0 86 2 0 2 2 0 8 0
scsiplug 72 6 0 6 2 1 1 1 0 8 1
scxspl 216 22733 0 22733 10 8 2 8 1 8 2
plimitpl 152 522 0 506 1 0 1 1 0 8 0
sigapl 424 1725 0 1662 9 1 8 8 0 8 0
knotepl 120 50896 0 50849 41 31 10 17 0 8 8
kqueuepl 184 502 0 492 4 0 4 4 0 8 3
pipepl 304 285 0 258 7 2 5 5 0 8 2
fdescpl 448 1691 0 1661 5 1 4 5 0 8 0
filepl 120 10786 0 10566 24 10 14 14 0 8 5
lockfpl 104 766 0 763 4 0 4 4 0 8 3
lockfspl 48 360 0 357 2 0 2 2 0 8 1
sessionpl 144 31 0 23 1 0 1 1 0 8 0
pgrppl 48 53 0 37 1 0 1 1 0 8 0
ucredpl 104 1473 0 1458 1 0 1 1 0 8 0
zombiepl 144 2225 0 2224 2 1 1 1 0 8 0
processpl 1152 1725 0 1662 5 0 5 5 0 8 0
procpl 664 3775 0 3701 10 1 9 9 0 8 1
sosppl 176 1 0 1 1 0 1 1 0 8 1
sockpl 552 3232 0 3202 38 27 11 19 0 8 8
mcl64k 65536 183 0 183 3 2 1 1 0 8 1
mcl16k 16384 7 0 7 3 2 1 1 0 8 1
mcl12k 12288 2 0 2 1 0 1 1 0 8 1
mcl9k 9216 1 0 1 1 0 1 1 0 8 1
mcl8k 8192 80 0 80 3 2 1 1 0 8 1
mcl4k 4096 4266 0 4212 16 8 8 14 0 8 0
mcl2k2 2112 2 0 2 2 1 1 1 0 8 1
mcl2k 2048 1618 0 1618 4 2 2 2 0 8 2
mtagpl 96 31 0 16 1 0 1 1 0 8 0
mbufpl 256 17915 0 17800 18 0 18 18 0 8 6
bufpl 280 8527 0 2306 445 0 445 445 0 8 0
anonpl 24 267272 0 264077 86 30 56 56 0 187 17
amapchunkpl 152 50454 0 49979 50 16 34 34 0 158 13
amappl16 200 5482 0 5447 37 22 15 20 0 8 8
amappl15 192 5 0 5 1 1 0 1 0 8 0
amappl14 184 6 0 6 1 1 0 1 0 8 0
amappl13 176 444 0 442 1 0 1 1 0 8 0
amappl12 168 2068 0 2030 2 0 2 2 0 8 0
amappl11 160 4 0 4 1 1 0 1 0 8 0
amappl10 152 45 0 35 1 0 1 1 0 8 0
amappl9 144 246 0 246 1 1 0 1 0 8 0
amappl8 136 33 0 31 1 0 1 1 0 8 0
amappl7 128 95 0 93 1 0 1 1 0 8 0
amappl6 120 307 0 296 1 0 1 1 0 8 0
amappl5 112 88 0 80 1 0 1 1 0 8 0
amappl4 104 429 0 405 1 0 1 1 0 8 0
amappl3 96 8531 0 8440 3 0 3 3 0 8 0
amappl2 88 1850 0 1779 2 0 2 2 0 8 0
amappl1 80 16278 0 15745 14 1 13 13 0 8 0
amappl 88 13530 0 13369 5 0 5 5 0 92 0
uvmvnodes 80 143 0 0 3 0 3 3 0 8 0
dma65536 65536 1 0 1 1 0 1 1 0 8 1
dma32768 32768 1 0 1 1 0 1 1 0 8 1
dma4096 4096 2 0 2 2 2 0 1 0 8 0
dma2048 2048 1 0 1 1 0 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 255 0 255 2 1 1 1 0 8 1
dma64 64 8 0 8 3 2 1 1 0 8 1
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 58 0 11 1 0 1 1 0 8 0
uaddrrnd 24 1691 0 1661 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1691 0 1661 1 0 1 1 0 8 0
vmmpekpl 168 14976 0 14930 3 0 3 3 0 8 0
vmmpepl 168 113690 0 111861 107 12 95 95 0 357 13
vmsppl 368 1690 0 1661 4 1 3 4 0 8 0
rwobjpl 40 32047 0 31016 16 2 14 14 0 8 0
pdppl 4096 3400 0 3329 125 54 71 82 0 8 0
pvpl 32 741212 0 732431 178 51 127 127 0 265 24
pmappl 216 1696 0 1662 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 438 0 90 11 0 11 11 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83404581) at panic+0x1cf sys/kern/subr_prf.c:198
chgproccnt(212a200,ffffffff) at chgproccnt+0xcc
sys_setreuid(ffff800031903a30,ffff80003c930f50,ffff80003c930ea0) at sys_setreuid+0x563 sys/kern/kern_prot.c:688
syscall(ffff80003c930f50) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c930f50) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3a64a5bc120, count: -6
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83404581) at panic+0x1cf sys/kern/subr_prf.c:198
chgproccnt(212a200,ffffffff) at chgproccnt+0xcc
sys_setreuid(ffff800031903a30,ffff80003c930f50,ffff80003c930ea0) at sys_setreuid+0x563 sys/kern/kern_prot.c:688
syscall(ffff80003c930f50) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c930f50) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3a64a5bc120, count: -6