syzbot


panic: vm_object_vndeallocate: bad object reference count

Status: fixed on 2019/05/14 06:05
Reported-by: syzbot+1d2cc393bd6c88a548be@syzkaller.appspotmail.com
Fix commit: 8cd6a80d7d68 Restore the pre-r347532 behaviour of ignoring wiring failures in mmap().
First crash: 1364d, last: 1364d
duplicates (3):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
panic: neg writecount increment -1 1 1364d 1364d 0/2 closed as dup on 2019/05/14 14:22
panic: vm_pager_assert_in: page ADDR is mapped 8 1364d 1364d 0/2 closed as dup on 2019/05/14 14:22
panic: vm_page_free_prep: freeing mapped page ADDR 1 1364d 1364d 0/2 closed as dup on 2019/05/14 14:22

Sample crash report:
panic: vm_object_vndeallocate: bad object reference count
cpuid = 1
time = 1557809250
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe0020dca6f0
vpanic() at vpanic+0x1e0/frame 0xfffffe0020dca750
panic() at panic+0x43/frame 0xfffffe0020dca7b0
vm_object_collapse() at vm_object_collapse/frame 0xfffffe0020dca810
vn_mmap() at vn_mmap+0x2e3/frame 0xfffffe0020dca890
kern_mmap() at kern_mmap+0x8a8/frame 0xfffffe0020dca950
sys_mmap() at sys_mmap+0x38/frame 0xfffffe0020dca980
amd64_syscall() at amd64_syscall+0x436/frame 0xfffffe0020dcaab0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0020dcaab0
--- syscall (0, FreeBSD ELF64, nosys), rip = 0x41c31a, rsp = 0x7fffffffead8, rbp = 0x7fffffffeb40 ---
KDB: enter: panic
[ thread pid 759 tid 100083 ]
Stopped at      kdb_enter+0x6a: movq    $0,kdb_why

Crashes (974):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-freebsd-main 2019/05/14 04:50 freebsd 094736f08fd5 7c305b44 console log report syz C
ci-freebsd-main 2019/05/13 22:23 freebsd 094736f08fd5 7c305b44 console log report syz C
ci-freebsd-main 2019/05/13 22:14 freebsd 094736f08fd5 7c305b44 console log report syz C
ci-freebsd-main 2019/05/13 21:23 freebsd 094736f08fd5 7c305b44 console log report syz C
ci-freebsd-main 2019/05/13 20:58 freebsd 094736f08fd5 7c305b44 console log report syz C
ci-freebsd-main 2019/05/13 20:43 freebsd 094736f08fd5 7c305b44 console log report syz C
ci-freebsd-main 2019/05/13 20:23 freebsd 094736f08fd5 7c305b44 console log report syz C
ci-freebsd-main 2019/05/13 20:00 freebsd 094736f08fd5 7c305b44 console log report syz C
ci-freebsd-main 2019/05/13 19:41 freebsd 094736f08fd5 7c305b44 console log report syz C
ci-freebsd-main 2019/05/13 19:17 freebsd 094736f08fd5 7c305b44 console log report syz C
ci-freebsd-main 2019/05/13 19:12 freebsd 094736f08fd5 7c305b44 console log report syz C
ci-freebsd-main 2019/05/14 05:45 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 05:35 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 05:14 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 05:00 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 04:47 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 04:29 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 04:15 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 04:03 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 03:54 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 03:43 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 03:33 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 03:23 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 03:11 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 02:57 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 02:45 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 02:33 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 02:22 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 02:09 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 01:53 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 01:39 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 01:25 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 01:09 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 00:58 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 00:48 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 00:38 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 00:27 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 00:15 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/14 00:04 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/13 23:53 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/13 23:43 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/13 23:25 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/13 23:12 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/13 23:01 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/13 22:48 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/13 22:36 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/13 22:25 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/13 22:02 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/13 21:45 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/13 21:31 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/13 21:08 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/13 20:45 freebsd 094736f08fd5 7c305b44 console log report
ci-freebsd-main 2019/05/13 18:07 freebsd 094736f08fd5 7c305b44 console log report
* Struck through repros no longer work on HEAD.