panic: chgproccnt: procs < 0
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
221390 54200 0 0x10 0 0 syz-executor
*314032 54200 0 0x10 0x4000000 1K syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff834ddfab) at panic+0x1e5 sys/kern/subr_prf.c:198
chgproccnt(ee00,ffffffff) at chgproccnt+0xcc
sys_setresuid(ffff80002f3a74e8,ffff80003c427060,ffff80003c426fb0) at sys_setresuid+0x577 sys/kern/kern_prot.c:421
syscall(ffff80003c427060) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c427060) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x6d47b0d6d40, count: 9
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: chgproccnt: procs < 0
ddb{1}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff834ddfab) at panic+0x1e5 sys/kern/subr_prf.c:198
chgproccnt(ee00,ffffffff) at chgproccnt+0xcc
sys_setresuid(ffff80002f3a74e8,ffff80003c427060,ffff80003c426fb0) at sys_setresuid+0x577 sys/kern/kern_prot.c:421
syscall(ffff80003c427060) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c427060) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x6d47b0d6d40, count: -6
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff80003c426e20
rbx 0xffff8000299aee07
rdx 0
rcx 0xffff80002f3a74e8
rax 0xffff8000299adff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xcb7cee48b4557b90
r11 0x42c70c2e858d8db2
r12 0xffff8000299aec08
r13 0
r14 0
r15 0x1
rip 0xffffffff82e68e25 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003c426e10
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor) tid=314032 pid=54200 tcnt=3 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
runpri=50, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002f3a7250,0xffffffff83ab07f8
process=0xffff80002a38d358 user=0xffff80003c422000, vmspace=0xfffffd806c69fb88
estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
54200 221390 23780 0 7 0x10 syz-executor
54200 143977 23780 0 2 0x4000010 syz-executor
*54200 314032 23780 0 7 0x4000010 syz-executor
64298 231130 46234 0 2 0x100002 ndp
46234 106375 74344 0 3 0x10008a sigsusp sh
71503 234439 31493 0 2 0x100002 arp
94929 53667 67682 0 3 0x80 nanoslp syz-executor
94929 249683 67682 0 3 0x4000000 clonelk syz-executor
76470 280209 43895 0 3 0 vmmaplk syz-executor
76470 414009 43895 0 2 0x4000000 syz-executor
31493 306176 51024 0 3 0x10008a sigsusp sh
52388 412119 90671 0 2 0 syz-executor
52388 404399 90671 0 3 0x4000000 clonelk syz-executor
52388 231796 90671 0 3 0x4000080 fsleep syz-executor
85579 38665 70359 0 3 0x90 nanoslp syz-executor
85579 347912 70359 0 3 0x4000090 pipewr syz-executor
85579 79488 70359 0 3 0x4000090 fsleep syz-executor
85579 357857 70359 0 3 0x4000090 fsleep syz-executor
74344 54996 92576 0 3 0x82 wait syz-executor
70359 14954 92576 0 3 0x82 nanoslp syz-executor
90671 460630 92576 0 3 0x82 nanoslp syz-executor
51024 119728 92576 0 3 0x82 wait syz-executor
43895 126797 92576 0 3 0x82 nanoslp syz-executor
27797 478445 92576 0 3 0x82 nanoslp syz-executor
23780 455320 92576 0 3 0x82 nanoslp syz-executor
67682 456824 92576 0 3 0x82 nanoslp syz-executor
92576 124719 5829 0 3 0x82 kqread syz-executor
5829 309958 73679 0 3 0x10008a sigsusp ksh
73679 412270 28081 0 3 0x98 kqread sshd-session
28081 115746 33698 0 3 0x92 kqread sshd-session
4039 241517 1 0 3 0x100083 ttyin getty
33698 49045 1 0 3 0x88 kqread sshd
58753 468732 36100 74 3 0x1100092 bpf pflogd
36100 182521 1 0 3 0x80 sbwait pflogd
21122 5043 32025 73 3 0x1100090 kqread syslogd
32025 207283 1 0 3 0x100082 sbwait syslogd
27473 360468 1 0 3 0x100080 kqread resolvd
45956 308121 27798 77 3 0x100092 kqread dhcpleased
55121 508510 27798 77 3 0x100092 kqread dhcpleased
27798 237480 1 0 3 0x80 kqread dhcpleased
94015 388895 0 0 3 0x14200 bored smr
5967 238719 0 0 2 0x14200 zerothread
24964 367680 0 0 3 0x14200 aiodoned aiodoned
42332 310291 0 0 3 0x14200 syncer update
59266 26472 0 0 3 0x14200 cleaner cleaner
85473 30669 0 0 3 0x14200 reaper reaper
24396 168004 0 0 3 0x14200 pgdaemon pagedaemon
88302 15034 0 0 3 0x14200 bored viomb
96369 375928 0 0 3 0x40014200 acpi0 acpi0
57824 279995 0 0 3 0x40014200 idle1
14670 494148 0 0 3 0x14200 bored softnet1
65681 61793 0 0 3 0x14200 bored softnet0
91891 144956 0 0 3 0x14200 bored systqmp
28775 469400 0 0 3 0x14200 bored systq
96422 273831 0 0 3 0x14200 tmoslp softclockmp
76146 488381 0 0 3 0x40014200 tmoslp softclock
90242 480979 0 0 3 0x40014200 idle0
1 313848 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 54200 (syz-executor) thread 0xffff80002f3a74e8 (314032)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83aa7780)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 __mp_acquire_count+0x58 sys/kern/kern_lock.c:-1
#2 malloc+0xe3 sys/kern/kern_malloc.c:175
#3 uid_find+0xab sys/kern/kern_proc.c:136
#4 chgproccnt+0x39 sys/kern/kern_proc.c:-1
#5 sys_setresuid+0x577 sys/kern/kern_prot.c:421
#6 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
#7 Xsyscall+0x128
Process 76470 (syz-executor) thread 0xffff80002f3a6558 (414009)
exclusive rwlock vmmaplk r = 0 (0xfffffd806f3e5c78)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_read+0x3e8 sys/kern/kern_rwlock.c:413
#2 uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1880
#3 uvm_fault_check+0x4f sys/uvm/uvm_fault.c:693
#4 uvm_fault+0x106 sys/uvm/uvm_fault.c:627
#5 kpageflttrap+0x2f4 sys/arch/amd64/amd64/trap.c:283
#6 kerntrap+0x19d sys/arch/amd64/amd64/trap.c:528
#7 alltraps_kern_meltdown+0x7b
#8 _copyin+0x5b
#9 ffs_write+0x769 sys/ufs/ffs/ffs_vnops.c:359
#10 VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
#11 vn_write+0x248 sys/kern/vfs_vnops.c:414
#12 dofilewritev+0x2bd sys/kern/sys_generic.c:384
#13 sys_pwritev+0xe3 sys/kern/vfs_syscalls.c:3426
#14 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#14 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
#15 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd800e97ea08)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:576
#5 vn_write+0x18f sys/kern/vfs_vnops.c:411
#6 dofilewritev+0x2bd sys/kern/sys_generic.c:384
#7 sys_pwritev+0xe3 sys/kern/vfs_syscalls.c:3426
#8 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
#9 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11063 12153K 12155K 166960K 12159 0
pcb 17 12K 12K 166960K 20 0
rtable 219 6K 6K 166960K 321 0
pf 37 18K 18K 166960K 50 0
ifaddr 42 7K 7K 166960K 45 0
ifgroup 60 2K 2K 166960K 62 0
sysctl 1 1K 9K 166960K 6 0
counters 72 37K 37K 166960K 74 0
ioctlops 0 0K 4K 166960K 1483 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1294 81K 81K 166960K 1366 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 1K 166960K 2 0
VM map 2 1K 1K 166960K 2 0
sem 2 0K 0K 166960K 2 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 20 73K 89K 166960K 137 0
proc 71 115K 147K 166960K 547 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 2 0
in_multi 89 6K 6K 166960K 91 0
ether_multi 1 0K 0K 166960K 2 0
mrt 1 0K 0K 166960K 3 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 49 228K 228K 166960K 49 0
exec 0 0K 1K 166960K 375 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 255 171K 176K 166960K 3227 0
UVM aobj 3 2K 2K 166960K 3 0
pinsyscall 47 94K 104K 166960K 1265 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
NDP 27 1K 1K 166960K 28 0
temp 34 9074K 9138K 166960K 4037 0
kqueue 14 22K 22K 166960K 26 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 32 0 27 1 0 1 1 0 8 0
rtentry 176 102 0 1 5 0 5 5 0 8 0
unpcb 144 37 0 18 1 0 1 1 0 8 0
syncache 336 3 0 3 1 1 0 1 0 8 0
tcpcb 736 8 0 4 1 0 1 1 0 8 0
arp 136 17 0 0 1 0 1 1 0 8 0
inpcb 328 74 0 63 1 0 1 1 0 8 0
nd6 152 20 0 0 1 0 1 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
ppxss 1192 1 0 1 1 0 1 1 0 8 1
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 18 0 0 1 0 1 1 0 8 0
pfstkey 128 18 0 0 1 0 1 1 0 8 0
pfstate 448 18 0 0 2 0 2 2 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 410 0 0 26 0 26 26 0 8 0
art_table 40 411 0 0 5 0 5 5 0 8 0
art_node 32 102 0 10 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1577 0 107 92 0 92 92 0 8 0
ffsino 296 1577 0 107 114 0 114 114 0 8 0
nchpl 144 1777 0 75 64 0 64 64 0 8 0
vnodes 216 1666 0 0 93 0 93 93 0 8 0
namei 1024 5368 0 5368 2 1 1 1 0 8 1
percpumem 16 52 0 1 1 0 1 1 0 8 0
kstatmem 264 30 0 2 2 0 2 2 0 8 0
scxspl 216 6058 0 6058 3 2 1 3 1 8 1
plimitpl 152 27 0 10 1 0 1 1 0 8 0
sigapl 424 449 0 399 7 0 7 7 0 8 0
knotepl 120 63 0 0 2 0 2 2 0 8 0
kqueuepl 224 22 0 11 1 0 1 1 0 8 0
pipepl 344 123 0 95 3 0 3 3 0 8 0
fdescpl 528 433 0 399 3 0 3 3 0 8 0
filepl 160 1555 0 1329 10 0 10 10 0 8 0
lockfpl 104 6 0 4 1 0 1 1 0 8 0
lockfspl 48 4 0 2 1 0 1 1 0 8 0
sessionpl 144 22 0 13 1 0 1 1 0 8 0
pgrppl 48 30 0 13 1 0 1 1 0 8 0
ucredpl 104 88 0 72 1 0 1 1 0 8 0
zombiepl 144 403 0 402 2 1 1 1 0 8 0
processpl 1232 449 0 399 5 0 5 5 0 8 1
procpl 664 467 0 408 6 0 6 6 0 8 0
sockpl 752 144 0 109 4 0 4 4 0 8 0
mcl64k 65536 4 0 0 1 0 1 1 0 8 0
mcl16k 16384 2 0 0 1 0 1 1 0 8 0
mcl12k 12288 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 1 0 0 1 0 1 1 0 8 0
mcl4k 4096 114 0 0 15 0 15 15 0 8 0
mcl2k 2048 12 0 0 2 0 2 2 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 114 0 0 8 0 8 8 0 8 0
bufpl 280 2305 0 105 158 0 158 158 0 8 0
anonpl 32 3876 0 0 32 0 32 32 0 246 0
amapchunkpl 152 8654 0 8147 20 0 20 20 0 158 0
amappl16 200 1844 0 1825 5 4 1 5 0 8 0
amappl15 192 5 0 5 1 1 0 1 0 8 0
amappl14 184 447 0 444 1 0 1 1 0 8 0
amappl13 176 122 0 108 1 0 1 1 0 8 0
amappl12 168 682 0 650 2 0 2 2 0 8 0
amappl11 160 21 0 21 2 2 0 1 0 8 0
amappl10 152 67 0 52 1 0 1 1 0 8 0
amappl9 144 267 0 266 1 0 1 1 0 8 0
amappl8 136 118 0 115 1 0 1 1 0 8 0
amappl7 128 141 0 126 1 0 1 1 0 8 0
amappl6 120 183 0 180 1 0 1 1 0 8 0
amappl5 112 111 0 101 1 0 1 1 0 8 0
amappl4 104 283 0 264 1 0 1 1 0 8 0
amappl3 96 1469 0 1350 3 0 3 3 0 8 0
amappl2 88 563 0 502 2 0 2 2 0 8 0
amappl1 80 9152 0 8487 16 2 14 15 0 8 0
amappl 88 2522 0 2348 4 0 4 4 0 92 0
uvmvnodes 80 98 0 0 2 0 2 2 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
uaddrrnd 24 433 0 399 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 433 0 399 1 0 1 1 0 8 0
vmmpekpl 168 5343 0 5307 2 0 2 2 0 8 0
vmmpepl 168 36416 0 34412 90 2 88 88 0 357 0
vmsppl 488 432 0 399 5 0 5 5 0 8 0
rwobjpl 80 13530 0 12420 24 1 23 24 0 8 0
pdppl 4096 873 0 798 95 18 77 83 0 8 2
pvpl 32 10138 0 0 82 0 82 82 0 265 0
pmappl 256 432 0 399 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 259 0 23 7 0 7 7 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff83915ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83aa6f80) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff83aa6f80) at __mp_lock+0x192 sys/kern/kern_lock.c:173
softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83
dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862
Xsoftclock() at Xsoftclock+0x27
end of kernel
end trace frame: 0x758d7d596330, count: 8
ddb{0}> trace
x86_ipi_db(ffffffff83915ff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83aa6f80) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:142 [inline]
__mp_lock(ffffffff83aa6f80) at __mp_lock+0x192 sys/kern/kern_lock.c:173
softintr_dispatch(0) at softintr_dispatch+0x125 sys/kern/kern_softintr.c:83
dosoftint(0) at dosoftint+0x54 sys/arch/amd64/amd64/intr.c:862
Xsoftclock() at Xsoftclock+0x27
end of kernel
end trace frame: 0x758d7d596330, count: -7
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x25: addq $0x8,%rsp
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff834ddfab) at panic+0x1e5 sys/kern/subr_prf.c:198
chgproccnt(ee00,ffffffff) at chgproccnt+0xcc
sys_setresuid(ffff80002f3a74e8,ffff80003c427060,ffff80003c426fb0) at sys_setresuid+0x577 sys/kern/kern_prot.c:421
syscall(ffff80003c427060) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c427060) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x6d47b0d6d40, count: 9
ddb{1}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff834ddfab) at panic+0x1e5 sys/kern/subr_prf.c:198
chgproccnt(ee00,ffffffff) at chgproccnt+0xcc
sys_setresuid(ffff80002f3a74e8,ffff80003c427060,ffff80003c426fb0) at sys_setresuid+0x577 sys/kern/kern_prot.c:421
syscall(ffff80003c427060) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c427060) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x6d47b0d6d40, count: -6