syzbot

 sign-in | mailing list | source | docs
🐞 Open [150]
🐞 Fixed [270]
🐞 Invalid [679]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
💬 Send us feedback

assert "rw_write_held(uobj->vmobjlock)" failed in uvm_vnode.c

Status: upstream: reported on 2024/05/14 12:38
Reported-by: syzbot+abc8d93c32e45bd3984f@syzkaller.appspotmail.com
First crash: 116d, last: 39d

Sample crash report:
panic: acquiring blockable sleep lock with spinlock or critical section held (rwlock) vmmaplk
Starting stack trace...
panic(ffffffff8306546d) at panic+0x1d0 sys/kern/subr_prf.c:229
witness_checkorder(ffffffff835617c0,1,0) at witness_checkorder+0x1197 witness_debugger sys/kern/subr_witness.c:2518 [inline]
witness_checkorder(ffffffff835617c0,1,0) at witness_checkorder+0x1197 sys/kern/subr_witness.c:780
rw_enter_read(ffffffff835617b0) at rw_enter_read+0xab sys/kern/kern_rwlock.c:112
uvmfault_lookup(ffff800029fe51e0,0) at uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1785
uvm_fault_check(ffff800029fe51e0,ffff800029fe5218,ffff800029fe5240) at uvm_fault_check+0x47 sys/uvm/uvm_fault.c:672
uvm_fault(ffffffff835616d0,7fbd2f6a7000,0,2) at uvm_fault+0x112 sys/uvm/uvm_fault.c:600
kpageflttrap(ffff800029fe5380,7fbd2f6a7fd0) at kpageflttrap+0x2d0 sys/arch/amd64/amd64/trap.c:279
kerntrap(ffff800029fe5380) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
pmap_page_remove(fffffd8008001800) at pmap_page_remove+0x45d _atomic_swap_64 machine/atomic.h:117 [inline]
pmap_page_remove(fffffd8008001800) at pmap_page_remove+0x45d sys/arch/amd64/amd64/pmap.c:2005
uvm_anfree_list(fffffd805de48540,0) at uvm_anfree_list+0xd6
amap_wipeout(fffffd806c1e8dd8) at amap_wipeout+0x248 sys/uvm/uvm_amap.c:502
uvm_unmap_detach(ffff800029fe55b0,0) at uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
uvm_map_teardown(fffffd806cd42dd8) at uvm_map_teardown+0x35e sys/uvm/uvm_map.c:2518
uvmspace_free(fffffd806cd42dd8) at uvmspace_free+0xcd sys/uvm/uvm_map.c:3422
reaper(ffff800029fd9448) at reaper+0x256 sys/kern/kern_exit.c:480
end trace frame: 0x0, count: 241
End of stack trace.
syncing disks...panic: kernel diagnostic assertion "rw_write_held(uobj->vmobjlock)" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_vnode.c", line 611
Starting stack trace...
panic(ffffffff830dd831) at panic+0x1d0 sys/kern/subr_prf.c:229
__assert(ffffffff8308f398,ffffffff82fcdb3b,263,ffffffff8300c67e) at __assert+0x29
uvn_flush(fffffd806cfab890,0,0,31) at uvn_flush+0xdfd sys/uvm/uvm_vnode.c:754
uvm_vnp_sync(ffff800000a66c00) at uvm_vnp_sync+0x1e7 sys/uvm/uvm_vnode.c:1542
sys_sync(ffff800029fd9448,0,0) at sys_sync+0xd4 sys/kern/vfs_syscalls.c:536
vfs_syncwait(ffff800029fd9448,1) at vfs_syncwait+0x44
vfs_shutdown(ffff800029fd9448) at vfs_shutdown+0x97 sys/kern/vfs_subr.c:1791
boot(100) at boot+0x143 sys/arch/amd64/amd64/machdep.c:901
reboot(100) at reboot+0xb1
panic(ffffffff8306546d) at panic+0x1f9 sys/kern/subr_prf.c:231
witness_checkorder(ffffffff835617c0,1,0) at witness_checkorder+0x1197 witness_debugger sys/kern/subr_witness.c:2518 [inline]
witness_checkorder(ffffffff835617c0,1,0) at witness_checkorder+0x1197 sys/kern/subr_witness.c:780
rw_enter_read(ffffffff835617b0) at rw_enter_read+0xab sys/kern/kern_rwlock.c:112
uvmfault_lookup(ffff800029fe51e0,0) at uvmfault_lookup+0x122 sys/uvm/uvm_fault.c:1785
uvm_fault_check(ffff800029fe51e0,ffff800029fe5218,ffff800029fe5240) at uvm_fault_check+0x47 sys/uvm/uvm_fault.c:672
uvm_fault(ffffffff835616d0,7fbd2f6a7000,0,2) at uvm_fault+0x112 sys/uvm/uvm_fault.c:600
kpageflttrap(ffff800029fe5380,7fbd2f6a7fd0) at kpageflttrap+0x2d0 sys/arch/amd64/amd64/trap.c:279
kerntrap(ffff800029fe5380) at kerntrap+0x14a sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
pmap_page_remove(fffffd8008001800) at pmap_page_remove+0x45d _atomic_swap_64 machine/atomic.h:117 [inline]
pmap_page_remove(fffffd8008001800) at pmap_page_remove+0x45d sys/arch/amd64/amd64/pmap.c:2005
uvm_anfree_list(fffffd805de48540,0) at uvm_anfree_list+0xd6
amap_wipeout(fffffd806c1e8dd8) at amap_wipeout+0x248 sys/uvm/uvm_amap.c:502
uvm_unmap_detach(ffff800029fe55b0,0) at uvm_unmap_detach+0x8a sys/uvm/uvm_map.c:1353
uvm_map_teardown(fffffd806cd42dd8) at uvm_map_teardown+0x35e sys/uvm/uvm_map.c:2518
uvmspace_free(fffffd806cd42dd8) at uvmspace_free+0xcd sys/uvm/uvm_map.c:3422
reaper(ffff800029fd9448) at reaper+0x256 sys/kern/kern_exit.c:480
end trace frame: 0x0, count: 232
End of stack trace.

dump to dev 4,1 not possible
rebooting...
SeaBIOS (version 1.8.2-google)
Total RAM Size = 0x0000000080000000 = 2048 MiB
CPUs found: 2     Max CPUs supported: 2
SeaBIOS (version 1.8.2-google)
Machine UUID 43b93b83-f320-801a-a1ee-23eab263a335
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f27c0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...
>> OpenBSD/amd64 BOOT 3.67
boot> set $maxwidth = 0
set: syntax error
boot> show panic
boot: illegal argument panic
boot> trace
boot> show registers
boot> show proc
boot> ps
boot> show all locks
boot> show malloc
boot> show all pools
boot> machine ddbcpu 0
machine: syntax error
boot> trace
boot> machine ddbcpu 1
machine: syntax error
boot> trace

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/07/30 06:42 openbsd 235013eb5537 a4e01e1e .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "rw_write_held(uobj->vmobjlock)" failed in uvm_vnode.c
2024/07/12 17:32 openbsd e24fbf55691f eaeb5c15 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "rw_write_held(uobj->vmobjlock)" failed in uvm_vnode.c
2024/05/14 12:37 openbsd 5dea098c4cfa fdb4c10c .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "rw_write_held(uobj->vmobjlock)" failed in uvm_vnode.c
* Struck through repros no longer work on HEAD.