syzbot


assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno (2)

Status: auto-obsoleted due to no activity on 2023/04/11 21:33
Reported-by: syzbot+f8f7959db972d5d82c98@syzkaller.appspotmail.com
First crash: 680d, last: 680d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
openbsd assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno 1 773d 773d 0/3 auto-obsoleted due to no activity on 2023/01/08 11:37
openbsd assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno (3) 4 378d 479d 0/3 auto-obsoleted due to no activity on 2024/02/07 12:57
openbsd assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno (4) 10 31d 253d 0/3 upstream: reported on 2024/03/13 15:18

Sample crash report:
panicpanic: kernel diagnostic assertion "((flags & PGO_LOCKED) != 0 && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_vnode.c", line 953
Stopped at      db_enter+0x18:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
*383370  21922  32767        0x10          0    1  syz-executor.1
 116952  17121  32767        0x10  0x4000000    0  syz-executor.2
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825ad2fa) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff826222ff,ffffffff826437c3,3b9,ffffffff8258adf8) at __assert+0x25 sys/kern/subr_prf.c:157
uvn_get(fffffd806da3abf0,2a000,ffff8000284063e0,ffff800028406254,3,4,edc83c53bcb4e983,fffffd806da3abf0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff800028406460,ffff800028406498,ffff8000284063e0) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff800028406460,ffff800028406498,ffff8000284063e0,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd80687bd018,1c267e82000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000284065d0,1c267e82790) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
usertrap(ffff8000284065d0) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffd4b70, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{1}> 
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu0: vop_generic_badop
 cpu1: kernel diagnostic assertion "((flags & PGO_LOCKED) != 0 && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/uvm/uvm_vnode.c", line 953
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825ad2fa) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff826222ff,ffffffff826437c3,3b9,ffffffff8258adf8) at __assert+0x25 sys/kern/subr_prf.c:157
uvn_get(fffffd806da3abf0,2a000,ffff8000284063e0,ffff800028406254,3,4,edc83c53bcb4e983,fffffd806da3abf0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff800028406460,ffff800028406498,ffff8000284063e0) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff800028406460,ffff800028406498,ffff8000284063e0,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd80687bd018,1c267e82000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000284065d0,1c267e82790) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
usertrap(ffff8000284065d0) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffd4b70, count: -10
ddb{1}> show registers
rdi                                0
rsi                              0x1
rbp               0xffff800028406080
rbx               0xffff800020dd9b8f
rdx                                0
rcx                                0
rax               0xffff8000ffff37a8
r8                 0x101010101010101
r9                0x8080808080808080
r10                0x99dd1c3cbff793d
r11               0x6eff20ac2e85fc80
r12               0xffff800020dd9990
r13                                0
r14               0xffffffff829c6990    cpu_info_full_primary+0x2990
r15                              0x1
rip               0xffffffff8218bc88    db_enter+0x18
cs                               0x8
rflags                         0x246
rsp               0xffff800028406070
ss                                 0
db_enter+0x18:  addq    $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.1) pid=383370 stat=onproc
    flags process=10<SUGID> proc=0
    pri=83, usrpri=86, nice=20
    forw=0xffffffffffffffff, list=0xffff8000ffff2d28,0xffff800028458a90
    process=0xffff800021299d60 user=0xffff800028401000, vmspace=0xfffffd80687bd018
    estcpu=36, cpticks=2, pctcpu=0.0
    user=0, sys=2, intr=0
ddb{1}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 43540  441019  56687  32767  2        0x10                syz-executor.4
*21922  383370  20353  32767  7        0x10                syz-executor.1
 17121   78646  24352  32767  2        0x10                syz-executor.2
 17121  116952  24352  32767  7   0x4000010                syz-executor.2
 91183  507183  50522  32767  2        0x10                syz-executor.7
 91183   30904  50522  32767  3   0x4000090  netio         syz-executor.7
 13105  288241  14775  32767  2        0x10                syz-executor.5
 13105  408582  14775  32767  2   0x4000010                syz-executor.5
  4834  314305  74361  32767  2        0x10                syz-executor.3
  4834  477886  74361  32767  3   0x4000090  fsleep        syz-executor.3
  4834  457563  74361  32767  2   0x4000010                syz-executor.3
  4834  233567  74361  32767  3   0x4000090  fsleep        syz-executor.3
 69023  211952  27390  32767  3        0x10  biowait       syz-executor.0
 27390  405825  85175      0  3        0x82  wait          syz-executor.0
 14775  273918  60916  32767  3        0x90  nanoslp       syz-executor.5
 60916  190151  85175      0  3        0x82  wait          syz-executor.5
 24352  393342  30422  32767  3        0x90  nanoslp       syz-executor.2
 30422  337150  85175      0  3        0x82  wait          syz-executor.2
 56687   13475  77728  32767  3        0x90  nanoslp       syz-executor.4
 77728  200362  85175      0  3        0x82  wait          syz-executor.4
 82523  218017  48531  32767  2        0x10                syz-executor.6
 48531   31112  85175      0  3        0x82  wait          syz-executor.6
 57602   95565      0      0  3     0x14200  bored         sosplice
 20353  327078  74372  32767  3        0x90  nanoslp       syz-executor.1
 50522   70012  91982  32767  3        0x90  nanoslp       syz-executor.7
 91982   75729  85175      0  3        0x82  wait          syz-executor.7
 74361   67553  44893  32767  3        0x90  nanoslp       syz-executor.3
 44893  198646  85175      0  3        0x82  wait          syz-executor.3
 74372  167088  85175      0  3        0x82  wait          syz-executor.1
 85175    1041  27680      0  3        0x82  wait          syz-fuzzer
 85175  196450  27680      0  3   0x4000082  thrsleep      syz-fuzzer
 85175  376258  27680      0  2   0x4000002                syz-fuzzer
 85175   43126  27680      0  3   0x4000082  wait          syz-fuzzer
 85175  139811  27680      0  3   0x4000082  thrsleep      syz-fuzzer
 85175  269419  27680      0  3   0x4000082  thrsleep      syz-fuzzer
 85175  180549  27680      0  3   0x4000082  thrsleep      syz-fuzzer
 85175  479634  27680      0  3   0x4000082  thrsleep      syz-fuzzer
 85175  280713  27680      0  3   0x4000082  thrsleep      syz-fuzzer
 85175  131081  27680      0  3   0x4000082  wait          syz-fuzzer
 85175   48845  27680      0  3   0x4000082  wait          syz-fuzzer
 85175  401692  27680      0  3   0x4000082  wait          syz-fuzzer
 85175  388962  27680      0  3   0x4000082  wait          syz-fuzzer
 85175  364777  27680      0  3   0x4000082  wait          syz-fuzzer
 85175  115973  27680      0  2   0x4000082                syz-fuzzer
 85175  170645  27680      0  3   0x4000082  wait          syz-fuzzer
 27680  277614  29477      0  3    0x10008a  sigsusp       ksh
 29477   74264  51284      0  3        0x9a  kqread        sshd
 16998  129157      1      0  3    0x100083  ttyin         getty
 51284   82874      1      0  3        0x88  kqread        sshd
 90685  430048  62762     73  3   0x1100090  kqread        syslogd
 62762  397813      1      0  3    0x100082  netio         syslogd
 64046  219827      1      0  3    0x100080  kqread        resolvd
 13069  175202  81958     77  3    0x100092  kqread        dhcpleased
   935  360940  81958     77  3    0x100092  kqread        dhcpleased
 81958  235351      1      0  3        0x80  kqread        dhcpleased
 68156  240279      0      0  3     0x14200  bored         smr
 68257  435128      0      0  2     0x14200                zerothread
 15784   15969      0      0  3     0x14200  aiodoned      aiodoned
 28508  308576      0      0  3     0x14200  syncer        update
 67201  292390      0      0  3     0x14200  cleaner       cleaner
 83746  448204      0      0  3     0x14200  reaper        reaper
 86923  346072      0      0  3     0x14200  pgdaemon      pagedaemon
  3172   98926      0      0  3     0x14200  bored         viomb
 85949  254516      0      0  3  0x40014200  acpi0         acpi0
 21969   72833      0      0  3  0x40014200                idle1
 49371  391454      0      0  3     0x14200  bored         softnet
 84660  453875      0      0  3     0x14200  bored         softnet
 31836  466712      0      0  3     0x14200  bored         softnet
 11681  496590      0      0  3     0x14200  bored         softnet
 83086   53905      0      0  3     0x14200  bored         systqmp
 71505   67573      0      0  3     0x14200  bored         systq
 39729  222181      0      0  3  0x40014200  bored         softclock
 86776  136635      0      0  3  0x40014200                idle0
     1  437323      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{1}> show all locks
CPU 1:
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd8067e0dda0)
#0  witness_lock+0x44d
#1  mtx_enter_try+0x100
#2  mtx_enter+0x4b sys/kern/kern_lock.c:266
#3  pmap_enter+0x1bf pmap_map_ptes sys/arch/amd64/amd64/pmap.c:420 [inline]
#3  pmap_enter+0x1bf sys/arch/amd64/amd64/pmap.c:2699
#4  uvm_fault_lower_lookup+0x2a7 sys/uvm/uvm_fault.c:1193
#5  uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
#6  uvm_fault+0x238
#7  upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
#8  usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
#9  recall_trap+0x8
Process 43540 (syz-executor.4) thread 0xffff800028458a80 (441019)
exclusive rwlock uobjlk r = 0 (0xfffffd806dee1a28)
#0  witness_lock+0x44d
#1  rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2  uvm_fault_lower_lookup+0x46 sys/uvm/uvm_fault.c:1127
#3  uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
#4  uvm_fault+0x238
#5  upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
#6  usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
#7  recall_trap+0x8
shared rwlock vmmaplk r = 0 (0xfffffd80687bd510)
#0  witness_lock+0x44d
#1  uvmfault_lookup+0xc9 sys/uvm/uvm_fault.c:1773
#2  uvm_fault_check+0x3a sys/uvm/uvm_fault.c:673
#3  uvm_fault+0xf2 sys/uvm/uvm_fault.c:601
#4  upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
#5  usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
#6  recall_trap+0x8
Process 17121 (syz-executor.2) thread 0xffff8000ffff2008 (116952)
exclusive rrwlock inode r = 0 (0xfffffd806e4933d8)
#0  witness_lock+0x44d
#1  rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2  rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3  VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4  vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5  vget+0x1fc sys/kern/vfs_subr.c:676
#6  ufs_ihashget+0x121 sys/ufs/ufs/ufs_ihash.c:119
#7  ffs_vget+0x7c sys/ufs/ffs/ffs_vfsops.c:1324
#8  ufs_lookup+0x122c sys/ufs/ufs/ufs_lookup.c:582
#9  VOP_LOOKUP+0x58 sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x6e5 sys/kern/vfs_lookup.c:560
#11 namei+0x36a sys/kern/vfs_lookup.c:244
#12 dolinkat+0xaf sys/kern/vfs_syscalls.c:1716
#13 syscall+0x438 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#13 syscall+0x438 sys/arch/amd64/amd64/trap.c:599
#14 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82bb5c58)
#0  witness_lock+0x44d
#1  syscall+0x424 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#1  syscall+0x424 sys/arch/amd64/amd64/trap.c:599
#2  Xsyscall+0x128
Process 69023 (syz-executor.0) thread 0xffff8000ffff2fc8 (211952)
exclusive rrwlock inode r = 0 (0xfffffd806e49ac50)
#0  witness_lock+0x44d
#1  rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2  rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3  VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4  ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140
#5  ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1353
#6  ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#7  ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1150
#8  VOP_MKDIR+0xbf sys/kern/vfs_vops.c:388
#9  domkdirat+0x121 sys/kern/vfs_syscalls.c:3112
#10 syscall+0x438 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#10 syscall+0x438 sys/arch/amd64/amd64/trap.c:599
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806e4931b8)
#0  witness_lock+0x44d
#1  rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2  rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3  VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4  vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5  vfs_lookup+0xd1 sys/kern/vfs_lookup.c:412
#6  namei+0x36a sys/kern/vfs_lookup.c:244
#7  domkdirat+0x75 sys/kern/vfs_syscalls.c:3097
#8  syscall+0x438 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#8  syscall+0x438 sys/arch/amd64/amd64/trap.c:599
#9  Xsyscall+0x128
Process 82523 (syz-executor.6) thread 0xffff800028458000 (218017)
exclusive rrwlock inode r = 0 (0xfffffd806e493708)
#0  witness_lock+0x44d
#1  rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2  rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3  VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4  ufs_ihashins+0x42 sys/ufs/ufs/ufs_ihash.c:140
#5  ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1353
#6  ffs_inode_alloc+0x1be sys/ufs/ffs/ffs_alloc.c:394
#7  ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1150
#8  VOP_MKDIR+0xbf sys/kern/vfs_vops.c:388
#9  domkdirat+0x121 sys/kern/vfs_syscalls.c:3112
#10 syscall+0x438 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#10 syscall+0x438 sys/arch/amd64/amd64/trap.c:599
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd8067acac58)
#0  witness_lock+0x44d
#1  rw_enter+0x3e1 sys/kern/kern_rwlock.c:310
#2  rrw_enter+0x8b sys/kern/kern_rwlock.c:465
#3  VOP_LOCK+0x87 sys/kern/vfs_vops.c:518
#4  vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5  vfs_lookup+0xd1 sys/kern/vfs_lookup.c:412
#6  namei+0x36a sys/kern/vfs_lookup.c:244
#7  domkdirat+0x75 sys/kern/vfs_syscalls.c:3097
#8  syscall+0x438 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#8  syscall+0x438 sys/arch/amd64/amd64/trap.c:599
#9  Xsyscall+0x128
ddb{1}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf 10232   6414K    6420K  78643K     11351        0
            pcb    13     12K      14K  78643K        17        0
         rtable   248      7K       7K  78643K      1112        0
         ifaddr    71     16K      16K  78643K       129        0
         sysctl     2      0K       0K  78643K         2        0
       counters    60     35K      35K  78643K        78        0
       ioctlops     0      0K       2K  78643K       103        0
            iov     0      0K      28K  78643K      2410        0
          mount     1      1K       1K  78643K         1        0
            log     0      0K       0K  78643K         4        0
         vnodes  1272     80K      80K  78643K      3453        0
      UFS quota     1     32K      32K  78643K         1        0
      UFS mount     5     36K      36K  78643K         5        0
            shm     2      1K       9K  78643K       112        0
         VM map     2      1K       1K  78643K         2        0
            sem    12      0K       1K  78643K       707        0
        dirhash    12      2K       2K  78643K        12        0
           ACPI  1697    195K     286K  78643K     12548        0
      file desc    24     89K     113K  78643K      9102        0
          sigio     0      0K       0K  78643K       224        0
           proc    56     78K     115K  78643K      1247        0
        subproc   104      6K       6K  78643K       221        0
    NFS srvsock     1      0K       0K  78643K         1        0
     NFS daemon     1     16K      16K  78643K         1        0
    ip_moptions     0      0K       0K  78643K       721        0
       in_multi    99      6K       6K  78643K       306        0
    ether_multi     1      0K       0K  78643K        29        0
            mrt     1      0K       0K  78643K         1        0
    ISOFS mount     1     32K      32K  78643K         1        0
  MSDOSFS mount     1     16K      16K  78643K         1        0
           ttys   301   1341K    1341K  78643K       301        0
           exec     0      0K       1K  78643K      2676        0
            tdb     3      0K       0K  78643K         3        0
        pagedep     1      8K       8K  78643K         1        0
       inodedep     1     32K      32K  78643K         1        0
         newblk     1      0K       0K  78643K         1        0
        VM swap     8     62K      64K  78643K        10        0
       UVM amap   408     95K     986K  78643K     67461        0
       UVM aobj   131      4K       5K  78643K       137        0
        memdesc     1      4K       4K  78643K         1        0
    crypto data     1      1K       1K  78643K         1        0
    ip6_options     0      0K       0K  78643K       319        0
            NDP    11      0K       2K  78643K        54        0
           temp   124   4694K    4758K  78643K     25708        0
         kqueue    12     18K      26K  78643K       845        0
      SYN cache     2     16K      16K  78643K         2        0
ddb{1}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache    128       22    0        0     1     0     1     1     0     8    0
rtpcb      120     3715    0     3712    36    33     3     5     0     8    2
rtentry    112      224    0      107     4     0     4     4     0     8    0
unpcb      144    18723    0    18710   111   105     6    13     0     8    5
syncache   296       90    0       90    20    19     1     1     0     8    1
tcpqe       32       47    0       47    13    12     1     1     0     8    1
tcpcb      776     5253    0     5249   116   112     4    18     0     8    3
arp        120       37    0       19     1     0     1     1     0     8    0
ipq         40       41    0       41     4     4     0     1     0     8    0
ipqe        40      291    0      291     4     4     0     1     0     8    0
inpcb      368     9583    0     9574   126   119     7    19     0     8    6
ip6q        72        4    0        4     1     1     0     1     0     8    0
ip6af       40       12    0       12     1     1     0     1     0     8    0
nd6         48       64    0       33     1     0     1     1     0     8    0
kcovpl      48       17    0        9     1     0     1     1     0     8    0
art_heap8  4096       1    0        0     1     0     1     1     0     8    0
art_heap4  256      914    0      434    32     2    30    31     0     8    0
art_table   32      915    0      434     4     0     4     4     0     8    0
art_node    16      223    0      116     1     0     1     1     0     8    0
semupl     112        2    0        2     1     1     0     1     0     8    0
semapl     112      705    0      695     1     0     1     1     0     8    0
shmpl      112      134    0        6     4     0     4     4     0     8    0
dirhash    1024      17    0        0     3     0     3     3     0     8    0
dino2pl    256    14149    0    12702    91     0    91    91     0     8    0
ffsino     272    14149    0    12702    97     0    97    97     0     8    0
nchpl      144    26684    0    25053    63     0    63    63     0     8    0
uvmvnodes   80     5926    0        0   121     0   121   121     0     8    0
vnodes     216     5926    0        0   330     0   330   330     0     8    0
namei      1024   93430    0    93428     6     5     1     2     0     8    0
percpumem   16       51    0        9     1     0     1     1     0     8    0
kstatmem   264       40    0       18     2     0     2     2     0     8    0
scxspl     216    86015    0    86014    33    30     3     8     0     8    2
plimitpl   152     2587    0     2564    18    16     2     2     0     8    1
sigapl     424     9372    0     9319     7     0     7     7     0     8    0
futexpl     64    94974    0    94972     4     3     1     1     0     8    0
knotepl    120      696    0        0    11     1    10    11     0     8    0
kqueuepl   216     2767    0     2759    44    43     1     7     0     8    0
pipepl     320     2299    0     2271    60    52     8     9     0     8    5
fdescpl    496     9354    0     9319     7     2     5     6     0     8    0
filepl     152    79507    0    79272   137   122    15    25     0     8    5
lockfpl    104     1446    0     1444     1     0     1     1     0     8    0
lockfspl    48      397    0      395     1     0     1     1     0     8    0
sessionpl  144       32    0       16     1     0     1     1     0     8    0
pgrppl      48      275    0      259     1     0     1     1     0     8    0
ucredpl    104    12552    0    12534     1     0     1     1     0     8    0
zombiepl   144     9319    0     9319     1     0     1     1     0     8    1
processpl  1072    9372    0     9319     4     0     4     4     0     8    0
procpl     672    28336    0    28262    16     8     8     9     0     8    0
sosppl     168      154    0      154    16    15     1     1     0     8    1
sockpl     488    32345    0    32320   630   617    13    45     0     8    9
mcl64k     65536     33    0        0     4     1     3     3     0     8    0
mcl16k     16384     33    0        0     3     0     3     3     0     8    0
mcl12k     12288     25    0        0     2     0     2     2     0     8    0
mcl9k      9216      23    0        0     2     0     2     2     0     8    0
mcl8k      8192      25    0        0     4     1     3     3     0     8    0
mcl4k      4096      17    0        0     3     0     3     3     0     8    0
mcl2k2     2112       8    0        0     1     0     1     1     0     8    0
mcl2k      2048     327    0        0    31     6    25    31     0     8    0
mtagpl      96        3    0        0     1     0     1     1     0     8    0
mbufpl     256     4900    0        0   284     0   284   284     0     8    0
bufpl      288    19980    0    13652   453     0   453   453     0     8    0
anonpl      24  2060589    0  2046526   245   132   113   127     0   186    8
amapchunkpl 152  453843    0   453067  4489  4443    46  4421     0   158   13
amappl16   200    23965    0    23578   200   171    29    43     0     8    8
amappl15   192        9    0        9     1     1     0     1     0     8    0
amappl14   184      167    0      156     1     0     1     1     0     8    0
amappl13   176       11    0       10     1     0     1     1     0     8    0
amappl12   168      526    0      519     1     0     1     1     0     8    0
amappl11   160       54    0       43     1     0     1     1     0     8    0
amappl10   152       53    0       41     1     0     1     1     0     8    0
amappl9    144     1032    0     1032     5     4     1     1     0     8    1
amappl8    136      530    0      405     6     1     5     5     0     8    0
amappl7    128      205    0      181     2     1     1     2     0     8    0
amappl6    120      297    0      278     1     0     1     1     0     8    0
amappl5    112      309    0      302     1     0     1     1     0     8    0
amappl4    104      740    0      709     2     1     1     2     0     8    0
amappl3     96    29204    0    29144     2     0     2     2     0     8    0
amappl2     88    10169    0    10087     3     1     2     3     0     8    0
amappl1     80   217482    0   216719    22     4    18    22     0     8    0
amappl      88    66422    0    66197     7     1     6     6     0    92    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma1024    1024       1    0        0     1     0     1     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      253    0      253     1     1     0     1     0     8    0
dma64       64        6    0        6     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       18    0       17     1     0     1     1     0     8    0
aobjpl      72      136    0        6     3     0     3     3     0     8    0
uaddrrnd    24     9354    0     9319     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24     9354    0     9319     1     0     1     1     0     8    0
vmmpekpl   168    83308    0    83239     4     0     4     4     0     8    0
vmmpepl    168   873971    0   871004   271   126   145   154     0   357    4
vmsppl     368     9353    0     9319     4     0     4     4     0     8    0
rwobjpl     56   245794    0   238150   127    15   112   115     0     8    1
pdppl      4096   18715    0    18638   324   243    81    89     0     8    4
pvpl        32  3937272    0  3916919   499   296   203   255     0   265   13
pmappl     248     9353    0     9319     4     1     3     3     0     8    0
extentpl    40       56    0       38     1     0     1     1     0     8    0
phpool     112     1469    0      379    32     0    32    32     0     8    0
ddb{1}> machine ddbcpu 0
Stopped at      x86_ipi_db+0x1a:        addq    $0x8,%rsp
x86_ipi_db(ffffffff829c5ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82bb5a50) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82bb5a50) at __mp_lock+0x122 sys/kern/kern_lock.c:147
intr_handler(ffff800023c10190,ffff80000006ba00) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f
Xspllower() at Xspllower+0x19
cnputc(63) at cnputc+0x4b sys/dev/cons.c:218
db_putchar(63) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x6ac sys/kern/subr_prf.c:724
db_printf(ffffffff8262765d) at db_printf+0x85 sys/kern/subr_prf.c:498
panic(ffffffff8259f89f) at panic+0xd7 sys/kern/subr_prf.c:216
vop_generic_badop(ffff800023c105b0) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_READLINK(fffffd8077d9a520,ffff800023c10620,fffffd807f7d7340) at VOP_READLINK+0xb6 sys/kern/vfs_vops.c:460
end trace frame: 0xffff800023c106b0, count: 0
ddb{0}> trace
x86_ipi_db(ffffffff829c5ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82bb5a50) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82bb5a50) at __mp_lock+0x122 sys/kern/kern_lock.c:147
intr_handler(ffff800023c10190,ffff80000006ba00) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f
Xspllower() at Xspllower+0x19
cnputc(63) at cnputc+0x4b sys/dev/cons.c:218
db_putchar(63) at db_putchar+0x3fc sys/ddb/db_output.c:155
kprintf() at kprintf+0x6ac sys/kern/subr_prf.c:724
db_printf(ffffffff8262765d) at db_printf+0x85 sys/kern/subr_prf.c:498
panic(ffffffff8259f89f) at panic+0xd7 sys/kern/subr_prf.c:216
vop_generic_badop(ffff800023c105b0) at vop_generic_badop+0x1b sys/kern/vfs_default.c:133
VOP_READLINK(fffffd8077d9a520,ffff800023c10620,fffffd807f7d7340) at VOP_READLINK+0xb6 sys/kern/vfs_vops.c:460
namei(ffff800023c106c8) at namei+0x48a sys/kern/vfs_lookup.c:289
dolinkat(ffff8000ffff2008,ffffff9c,20000000,ffffff9c,20000100,4) at dolinkat+0xaf sys/kern/vfs_syscalls.c:1716
syscall(ffff800023c108d0) at syscall+0x438 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff800023c108d0) at syscall+0x438 sys/arch/amd64/amd64/trap.c:599
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa5b58781390, count: -18
ddb{0}> machine ddbcpu 1
Stopped at      db_enter+0x18:  addq    $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825ad2fa) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff826222ff,ffffffff826437c3,3b9,ffffffff8258adf8) at __assert+0x25 sys/kern/subr_prf.c:157
uvn_get(fffffd806da3abf0,2a000,ffff8000284063e0,ffff800028406254,3,4,edc83c53bcb4e983,fffffd806da3abf0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff800028406460,ffff800028406498,ffff8000284063e0) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff800028406460,ffff800028406498,ffff8000284063e0,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd80687bd018,1c267e82000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000284065d0,1c267e82790) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
usertrap(ffff8000284065d0) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffd4b70, count: 5
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff825ad2fa) at panic+0x177 sys/kern/subr_prf.c:198
__assert(ffffffff826222ff,ffffffff826437c3,3b9,ffffffff8258adf8) at __assert+0x25 sys/kern/subr_prf.c:157
uvn_get(fffffd806da3abf0,2a000,ffff8000284063e0,ffff800028406254,3,4,edc83c53bcb4e983,fffffd806da3abf0) at uvn_get+0x4b6 sys/uvm/uvm_vnode.c:952
uvm_fault_lower_lookup(ffff800028406460,ffff800028406498,ffff8000284063e0) at uvm_fault_lower_lookup+0xf6 sys/uvm/uvm_fault.c:1129
uvm_fault_lower(ffff800028406460,ffff800028406498,ffff8000284063e0,0) at uvm_fault_lower+0x5f sys/uvm/uvm_fault.c:1228
uvm_fault(fffffd80687bd018,1c267e82000,0,4) at uvm_fault+0x238
upageflttrap(ffff8000284065d0,1c267e82790) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
usertrap(ffff8000284065d0) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:417
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7ffffd4b70, count: -10

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/01/11 21:33 openbsd 86a45bbd35a5 96166539 .config console log report ci-openbsd-setuid assert "((flags & PGO_LOCKED) != NUM && rw_lock_held(uobj->vmobjlock)) || (flags & PGO_LOCKED) == NUM" failed in uvm_vno
* Struck through repros no longer work on HEAD.