assert failed: mp->mnt_refcnt > NUM || mutex_owned(&mountlist_lock)

To: syzkaller-netbsd-bugs%googlegroups.com@localhost
Subject: assert failed: mp->mnt_refcnt > NUM || mutex_owned(&mountlist_lock)
From: syzbot <syzbot+5d75c8103a9b77632e7b%syzkaller.appspotmail.com@localhost>
Date: Mon, 25 Jul 2022 18:35:36 -0700

Hello,

syzbot found the following issue on:

HEAD commit:    85ea66796a7c kern.maxvnodes _can_ be lowered, but not belo..
git tree:       netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11e338de080000
kernel config:  https://syzkaller.appspot.com/x/.config?x=739e57438eb9ed9e
dashboard link: https://syzkaller.appspot.com/bug?extid=5d75c8103a9b77632e7b
compiler:       Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63

Unfortunately, I don't have any reproducer for this issue yet.

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5d75c8103a9b77632e7b%syzkaller.appspotmail.com@localhost

[ 139.7345872] panic: kernel diagnostic assertion "mp->mnt_refcnt > 0 || mutex_owned(&mountlist_lock)" failed: file "/syzkaller/managers/ci2-netbsd-kmsan/kernel/sys/kern/vfs_mount.c", line 274 
[ 139.7545713] cpu1: Begin traceback...
[ 139.7845756] vpanic() at netbsd:vpanic+0xc9d
[ 139.8345732] kern_assert() at netbsd:kern_assert+0x228
[ 139.8845760] mount_domount() at netbsd:mount_domount+0x22de sys/kern/vfs_mount.c:838
[ 139.9345743] do_sys_mount() at netbsd:do_sys_mount+0xc07 sys/kern/vfs_syscalls.c:616
[ 139.9845720] sys___mount50() at netbsd:sys___mount50+0x1bf sys/kern/vfs_syscalls.c:534
[ 140.0345754] sys___syscall() at netbsd:sys___syscall+0x2c6 sys/kern/sys_syscall.c:90
[ 140.0945723] syscall() at netbsd:syscall+0x60c sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 140.0945723] syscall() at netbsd:syscall+0x60c sys/arch/x86/x86/syscall.c:138
[ 140.1145744] --- syscall (number 410 via SYS_syscall) ---
[ 140.1245738] netbsd:syscall+0x60c:
[ 140.1345720] cpu1: End traceback...
[ 140.1345720] fatal breakpoint trap in supervisor mode
[ 140.1445678] trap type 1 code 0 rip 0xffffffff802228ad cs 0x8 rflags 0x282 cr2 0x7d23a9513578 ilevel 0 rsp 0xffffa3808973f7d0
[ 140.1545688] curlwp 0xffffa38013a4f300 pid 6230.10546 lowest kstack 0xffffa380897382c0
[ 140.1645681] uvm_fault(0xffffa3801357b858, 0x0, 1) -> e
[ 140.1645681] fatal page fault in supervisor mode
[ 140.1645681] trap type 6 code 0 rip 0xffffffff848ae8f7 cs 0x8 rflags 0x10246 cr2 0x1e8 ilevel 0x8 rsp 0xffffa3808973f1c0
[ 140.1645681] curlwp 0xffffa38013a4f300 pid 6230.10546 lowest kstack 0xffffa380897382c0
kernel: page fault trap, code=0
[ 140.1645681] uvm_fault(0xffffa3801357b858, 0x0, 1) -> e
[ 140.1645681] fatal page fault in supervisor mode
[ 140.1645681] trap type 6 code 0 rip 0xffffffff848ae8f7 cs 0x8 rflags 0x10246 cr2 0x1e8 ilevel 0x8 rsp 0xffffa3808973ebb0
[ 140.1645681] curlwp 0xffffa38013a4f300 pid 6230.10546 lowest kstack 0xffffa380897382c0
kernel: page fault trap, code=0
[ 140.1645681] uvm_fault(0xffffa3801357b858, 0x0, 1) -> e
[ 140.1645681] fatal page fault in supervisor mode
[ 140.1645681] trap type 6 code 0 rip 0xffffffff848ae8f7 cs 0x8 rflags 0x10246 cr2 0x1e8 ilevel 0x8 rsp 0xffffa3808973e5a0
[ 140.1645681] curlwp 0xffffa38013a4f300 pid 6230.10546 lowest kstack 0xffffa380897382c0
kernel: page fault trap, code=0
[ 140.1645681] uvm_fault(0xffffa3801357b858, 0x0, 1) -> e
[ 140.1645681] fatal page fault in supervisor mode
[ 140.1645681] trap type 6 code 0 rip 0xffffffff848ae8f7 cs 0x8 rflags 0x10246 cr2 0x1e8 ilevel 0x8 rsp 0xffffa3808973df90
[ 140.1645681] curlwp 0xffffa38013a4f300 pid 6230.10546 lowest kstack 0xffffa380897382c0
kernel: page fault trap, code=0
[ 140.1645681] uvm_fault(0xffffa3801357b858, 0x0, 1) -> e
[ 140.1645681] fatal page fault in supervisor mode
[ 140.1645681] trap type 6 code 0 rip 0xffffffff848ae8f7 cs 0x8 rflags 0x10246 cr2 0x1e8 ilevel 0x8 rsp 0xffffa3808973d980
[ 140.1645681] curlwp 0xffffa38013a4f300 pid 6230.10546 lowest kstack 0xffffa380897382c0
kernel: page fault trap, code=0
[ 140.1645681] uvm_fault(0xffffa3801357b858, 0x0, 1) -> e
[ 140.1645681] fatal page fault in supervisor mode
[ 140.1645681] trap type 6 code 0 rip 0xffffffff848ae8f7 cs 0x8 rflags 0x10246 cr2 0x1e8 ilevel 0x8 rsp 0xffffa3808973d370
[ 140.1645681] curlwp 0xffffa38013a4f300 pid 6230.10546 lowest kstack 0xffffa380897382c0
kernel: page fault trap, code=0
[ 140.1645681] uvm_fault(0xffffa3801357b858, 0x0, 1) -> e
[ 140.1645681] fatal page fault in supervisor mode
[ 140.1645681] trap type 6 code 0 rip 0xffffffff848ae8f7 cs 0x8 rflags 0x10246 cr2 0x1e8 ilevel 0x8 rsp 0xffffa3808973cd60
[ 140.1645681] curlwp 0xffffa38013a4f300 pid 6230.10546 lowest kstack 0xffffa380897382c0
kernel: page fault trap, code=0
[ 140.1645681] uvm_fault(0xffffa3801357b858, 0x0, 1) -> e
[ 140.1645681] fatal page fault in supervisor mode
[ 140.1645681] trap type 6 code 0 rip 0xffffffff848ae8f7 cs 0x8 rflags 0x10246 cr2 0x1e8 ilevel 0x8 rsp 0xffffa3808973c750
[ 140.1645681] curlwp 0xffffa38013a4f300 pid 6230.10546 lowest kstack 0xffffa380897382c0
kernel: page fault trap, code=0
[ 140.1645681] uvm_fault(0xffffa3801357b858, 0x0, 1) -> e
[ 140.1645681] fatal page fault in supervisor mode
[ 140.1645681] trap type 6 code 0 rip 0xffffffff848ae8f7 cs 0x8 rflags 0x10246 cr2 0x1e8 ilevel 0x8 rsp 0xffffa3808973c140
[ 140.1645681] curlwp 0xffffa38013a4f300 pid 6230.10546 lowest kstack 0xffffa380897382c0
kernel: page fault trap, code=0
[ 140.1645681] uvm_fault(0xffffa3801357b858, 0x0, 1) -> e
[ 140.1645681] fatal page fault in supervisor mode
[ 140.1645681] trap type 6 code 0 rip 0xffffffff848ae8f7 cs 0x8 rflags 0x10246 cr2 0x1e8 ilevel 0x8 rsp 0xffffa3808973bb30
[ 140.1645681] curlwp 0xffffa38013a4f300 pid 6230.10546 lowest kstack 0xffffa380897382c0
kernel: page fault trap, code=0
[ 140.1645681] uvm_fault(0xffffa3801357b858, 0x0, 1) -> e
[ 140.1645681] fatal page fault in supervisor mode
[ 140.1645681] trap type 6 code 0 rip 0xffffffff848ae8f7 cs 0x8 rflags 0x10246 cr2 0x1e8 ilevel 0x8 rsp 0xffffa3808973b520
[ 140.1645681] curlwp 0xffffa38013a4f300 pid 6230.10546 lowest kstack 0xffffa380897382c0
kernel: page fault trap, code=0
[ 140.1645681] uvm_fault(0xffffa3801357b858, 0x0, 1) -> e
[ 140.1645681] fatal page fault in supervisor mode
[ 140.1645681] trap type 6 code 0 rip 0xffffffff848ae8f7 cs 0x8 rflags 0x10246 cr2 0x1e8 ilevel 0x8 rsp 0xffffa3808973af10
[ 140.1645681] curlwp 0xffffa38013a4f300 pid 6230.10546 lowest kstack 0xffffa380897382c0
kernel: page fault trap, code=0


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller%googlegroups.com@localhost.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

-- 
You received this message because you are subscribed to the Google Groups "syzkaller-netbsd-bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-netbsd-bugs+unsubscribe%googlegroups.com@localhost.
To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-netbsd-bugs/0000000000002df3c005e4ab51b8%40google.com.

Follow-Ups:
- Re: assert failed: mp->mnt_refcnt > NUM || mutex_owned(&mountlist_lock)
  - From: syzbot
- Re: assert failed: mp->mnt_refcnt > NUM || mutex_owned(&mountlist_lock)
  - From: syzbot

Prev by Date: assert failed: dq->dq_ump->um_quotas[dq->dq_type] != vp
Next by Date: Re: UBSan: Undefined Behavior in sysctl_rtable (3)
Previous by Thread: assert failed: dq->dq_ump->um_quotas[dq->dq_type] != vp
Next by Thread: Re: assert failed: mp->mnt_refcnt > NUM || mutex_owned(&mountlist_lock)
Indexes:

Home | Main Index | Thread Index | Old Index