syzbot


assert failed: pg->wire_count > 0

Status: fixed on 2019/08/25 05:45
Reported-by: syzbot+a76c618a6808a0fda475@syzkaller.appspotmail.com
Fix commit: 6eb7fd2b53ce Acquire shmseg uobj reference while we hold shm_lock.
First crash: 2095d, last: 2082d

Sample crash report:
[  59.9832818] panic: kernel diagnostic assertion "pg->wire_count > 0" failed: file "/syzkaller/managers/netbsd/kernel/sys/uvm/uvm_page.c", line 1594 
[  59.9832818] cpu0: Begin traceback...
[  59.9902004] vpanic() at netbsd:vpanic+0x214
[  59.9971152] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[  60.0040278] uvm_fault_lower_enter() at netbsd:uvm_fault_lower_enter+0x429
[  60.0109445] uvm_fault_internal() at netbsd:uvm_fault_internal+0x17e7
[  60.0247756] uvm_fault_wire() at netbsd:uvm_fault_wire+0x56
[  60.0386055] uvm_map_pageable() at netbsd:uvm_map_pageable+0x5fb
[  60.0465558] sys_shmat() at netbsd:sys_shmat+0x46a
[  60.0593518] sys_syscall() at netbsd:sys_syscall+0xe2
[  60.0681804] syscall() at netbsd:syscall+0x30e
[  60.0756398] --- syscall (number 0) ---
[  60.0851330] 74049ac3f4ca:
[  60.0898293] cpu0: End traceback...

[  60.0948714] dumping to dev 4,1 (offset=0, size=0): not possible
[  60.0948714] rebooting...
SeaBIOS (version 1.8.2-20190204_181744-google)
Total RAM Size = 0x00000001e0000000 = 7680 MiB
CPUs found: 2     Max CPUs supported: 2
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f2a00: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Booting from Hard Disk 0...

>> NetBSD/x86 BIOS Boot, Revision 5.10 (Tue Jul 17 14:59:51 UTC 2018) (from NetBSD 8.0)
>> Memory: 639/3144640 k

     1. Boot normally
     2. Boot single user
     3. Disable ACPI
     4. Disable ACPI and SMP
     5. Drop to boot prompt
|/-\|/-39065424\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-+2877616\|/- [1062170\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/+1363032-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/+1044688-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-]=0x2b4fc38
\|/-\|/-\|/-\|/-\|/-\|/-\|/-WARNING: couldn't open /var/db/entropy-file
WARNING: 1 module failed to load
[   1.0000000] pool redzone disabled for 'pdppl'
[   1.0000000] pool redzone disabled for 'kmem-4096'
[   1.0000000] Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
[   1.0000000]     2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017,
[   1.0000000]     2018, 2019 The NetBSD Foundation, Inc.  All rights reserved.
[   1.0000000] Copyright (c) 1982, 1986, 1989, 1991, 1993
[   1.0000000]     The Regents of the University of California.  All rights reserved.

[   1.0000000] NetBSD 8.99.34 (GENERIC_SYZKALLER) #9: Mon Feb 25 20:27:03 UTC 2019
[   1.0000000] 	root@ci2:/syzkaller/managers/netbsd/kernel/sys/arch/amd64/compile/obj/GENERIC_SYZKALLER
[   1.0000000] total memory = 7679 MB
[   1.0000000] avail memory = 6662 MB
[   1.0000000] pool redzone disabled for 'buf64k'
[   1.0000000] cpu_rng: RDRAND
[   1.0000000] running cgd selftest aes-xts-256 aes-xts-512 done
[   1.0000030] mainbus0 (root)
[   1.0000030] ACPI: RSDP 0x00000000000F2A40 000014 (v00 Google)
[   1.0000030] ACPI: RSDT 0x00000000BFFFDBA0 000038 (v01 Google GOOGRSDT 00000001 GOOG 00000001)
[   1.0000030] ACPI: FACP 0x00000000BFFFFF00 0000F4 (v02 Google GOOGFACP 00000001 GOOG 00000001)
[   1.0000030] ACPI: DSDT 0x00000000BFFFDBE0 0017B2 (v01 Google GOOGDSDT 00000001 GOOG 00000001)
[   1.0000030] ACPI: FACS 0x00000000BFFFFEC0 000040
[   1.0000030] ACPI: SSDT 0x00000000BFFFF590 000930 (v01 Google GOOGSSDT 00000001 GOOG 00000001)
[   1.0000030] ACPI: APIC 0x00000000BFFFF4A0 000076 (v01 Google GOOGAPIC 00000001 GOOG 00000001)
[   1.0000030] ACPI: WAET 0x00000000BFFFF470 000028 (v01 Google GOOGWAET 00000001 GOOG 00000001)
[   1.0000030] ACPI: SRAT 0x00000000BFFFF3A0 0000C8 (v01 Google GOOGSRAT 00000001 GOOG 00000001)
[   1.0000030] ACPI: 2 ACPI AML tables successfully acquired and loaded
[   1.0000030] ioapic0 at mainbus0 apid 0
[   1.0000030] cpu0 at mainbus0 apid 0
[   1.0000030] cpu0: Intel(R) Xeon(R) CPU @ 2.30GHz, id 0x306f0
[   1.0000030] cpu0: package 0, core 0, smt 0
[   1.0000030] cpu1 at mainbus0 apid 1
[   1.0000030] cpu1: Intel(R) Xeon(R) CPU @ 2.30GHz, id 0x306f0
[   1.0000030] cpu1: package 0, core 0, smt 1
[   1.0000030] acpi0 at mainbus0: Intel ACPICA 20181213
[   1.0000030] acpi0: fixed power button present
[   1.0000030] acpi0: fixed sleep button present

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/02/26 05:16 netbsd 5eba7b0ad839 8022bafd console log report syz C ci2-netbsd
2019/03/10 18:33 netbsd 5e72195e84e2 12365b99 console log report ci2-netbsd
2019/03/07 22:28 netbsd 7cec0f5bb8dc 4b69c3cb console log report ci2-netbsd
2019/03/07 18:45 netbsd 4c653981f172 8c085c5e console log report ci2-netbsd
2019/03/06 10:24 netbsd 3ee0d5e1d4d6 05cf83bf console log report ci2-netbsd
2019/02/26 04:31 netbsd 5eba7b0ad839 8022bafd console log report ci2-netbsd
* Struck through repros no longer work on HEAD.