syzbot

 sign-in | mailing list | source | docs
🐞 Open [144]
🐞 Fixed [274]
🐞 Invalid [739]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno (4)

Status: upstream: reported on 2024/03/13 15:18
Reported-by: syzbot+a75e7174b254bdc350bd@syzkaller.appspotmail.com
First crash: 253d, last: 31d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
openbsd assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno 1 773d 773d 0/3 auto-obsoleted due to no activity on 2023/01/08 11:37
openbsd assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno (2) 1 679d 679d 0/3 auto-obsoleted due to no activity on 2023/04/11 21:33
openbsd assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno (3) 4 378d 479d 0/3 auto-obsoleted due to no activity on 2024/02/07 12:57

Sample crash report:
login: panic: mutex 0xfffffd806c1b49f0 not held in mtx_leave
Starting stack trace...
panic(ffffffff830777cb) at panic+0x1d0 sys/kern/subr_prf.c:229
mtx_leave(fffffd806c1b49f0) at mtx_leave+0x17c sys/kern/kern_lock.c:335
msleep(fffffd806c1b4908,fffffd806c1b49f0,4,ffffffff832017c0,0) at msleep+0x125 sys/kern/kern_synch.c:249
vm_map_lock_ln(fffffd806c1b48d8,b587ccb5000,0) at vm_map_lock_ln+0xd4 sys/uvm/uvm_map.c:5250
uvm_map_protect(fffffd806c1b48d8,b587cab6000,b587ccb5000,1,0,0,21cf473b7052fda2) at uvm_map_protect+0xe1 sys/uvm/uvm_map.c:3059
sys_mprotect(ffff8000365c3470,ffff8000371d3370,ffff8000371d32c0) at sys_mprotect+0x34c sys/uvm/uvm_mmap.c:585
syscall(ffff8000371d3370) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff8000371d3370) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x79044519e610, count: 249
End of stack trace.
syncing disks...panic: kernel diagnostic assertion "((flags & PGO_LOCKED) != 0 && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_vnode.c", line 955
Starting stack trace...
panic(ffffffff830e780f) at panic+0x1d0 sys/kern/subr_prf.c:229
__assert(ffffffff8309a24d,ffffffff82fdf167,3bb,ffffffff830bc3e2) at __assert+0x29
uvn_get(fffffd806d46c840,5f000,ffff80002a04ffb0,ffff80002a04fe2c,3,1,df2670cb6fb12c43,5f000) at uvn_get+0x69b sys/uvm/uvm_vnode.c:954
uvm_fault_lower_lookup(ffff80002a050030,ffff80002a050068,ffff80002a04ffb0) at uvm_fault_lower_lookup+0x10e sys/uvm/uvm_fault.c:1128
uvm_fault_lower(ffff80002a050030,ffff80002a050068,ffff80002a04ffb0,0) at uvm_fault_lower+0x74 sys/uvm/uvm_fault.c:1227
uvm_fault(fffffd806c1b4718,110c292000,0,1) at uvm_fault+0x301 sys/uvm/uvm_fault.c:637
upageflttrap(ffff80002a0501b0,110c292ea5) at upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:188
usertrap(ffff80002a0501b0) at usertrap+0x2d8 sys/arch/amd64/amd64/trap.c:436
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x74bbcda380d0, count: 248
End of stack trace.

dump to dev 4,1 not possible

Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/10/21 10:12 openbsd e432ca3c48ac cd6fc0a3 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno
2024/09/24 13:15 openbsd 208893442c38 5643e0e9 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno
2024/09/05 06:16 openbsd ebe65f64a6a1 dfbe2ed4 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno
2024/07/11 07:31 openbsd 2617e43b76b7 c699c2eb .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno
2024/05/20 11:39 openbsd ab5fd4cb8341 c0f1611a .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno
2024/05/02 21:51 openbsd 3ad4051d1cf6 22ee48a2 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno
2024/04/21 04:43 openbsd a0c63bf7b3c7 af24b050 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno
2024/04/18 05:31 openbsd 3a96f17f8ee6 bd38b692 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno
2024/04/07 00:04 openbsd 85fbf21ae5ae ca620dd8 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-setuid assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno
2024/03/13 15:17 openbsd 8f79da2a7ab2 6ee49f2e .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno
* Struck through repros no longer work on HEAD.