uvm_fault: softclock (4)
0 views
Skip to first unread message
syzbot
Mar 5, 2024, 5:35:21 PMMar 5
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 20110d46fc7f Make ftpd tests less flaky by ensuring the se..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=167d3c2a180000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=1308f2999d69cc95f557
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/59b4247f7599/disk-20110d46.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/9736b3764cef/bsd-20110d46.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/cebb48d381a3/kernel-20110d46.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1308f2...@syzkaller.appspotmail.com
uvm_fault(0xffffffff82e3acf8, 0x8, 0, 2) -> e
kernel: page fault trap, code=2
Stopped at softclock+0xd7: movq %rcx,0x8(%rax)
TID PID UID PRFLAGS PFLAGS CPU COMMAND
252974 74051 0 0x2 0 1 syz-executor.3
softclock(0) at softclock+0xd7 sys/kern/kern_timeout.c:751
softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x27
acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206
sched_idle(ffffffff82c9aff0) at sched_idle+0x41e sys/kern/kern_sched.c:183
end trace frame: 0x0, count: 10
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: uvm_fault(0xffffffff82e3acf8, 0x8, 0, 2) -> e
ddb{0}> trace
softclock(0) at softclock+0xd7 sys/kern/kern_timeout.c:751
softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x27
acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206
sched_idle(ffffffff82c9aff0) at sched_idle+0x41e sys/kern/kern_sched.c:183
end trace frame: 0x0, count: -5
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002a102230
rbx 0xffffffff82e3c6c0 timeout_todo
rdx 0
rcx 0xffffffff82e3c6c0 timeout_todo
rax 0
r8 0xba
r9 0xba
r10 0x7b03d2068a4a75cf
r11 0x3998f307d57a7dda
r12 0xffffffff
r13 0xffffffff82d8a340 rdrand_tmo
r14 0
r15 0xfffffd80687fbf00
rip 0xffffffff81875a37 softclock+0xd7
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002a1021f0
ss 0x10
softclock+0xd7: movq %rcx,0x8(%rax)
ddb{0}> show proc
PROC (idle0) tid=191540 pid=60419 tcnt=1 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=40000200<SYSTEM,CPUPEG>
runpri=0, usrpri=50, slppri=0, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0x3bb6bfd199dcdfb7, list=0xffff80002a0fc7e8,0xffff80002a0fc000
process=0xffff8000ffffec60 user=0xffff80002a0fd000, vmspace=0xffffffff82e3acf8
estcpu=0, cpticks=26211, pctcpu=0.0, user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
4108 309077 26251 0 3 0x82 piperd syz-executor.6
12793 137160 26251 0 3 0x82 piperd syz-executor.4
51096 350499 26251 0 3 0x82 piperd syz-executor.5
60988 87816 26251 0 3 0x82 piperd syz-executor.7
9528 464961 26251 0 3 0x82 piperd syz-executor.0
74051 252974 26251 0 7 0x2 syz-executor.3
81170 418589 26251 0 3 0x82 piperd syz-executor.2
59598 220267 26251 0 3 0x82 piperd syz-executor.1
90112 980 1 0 3 0x100083 ttyopn getty
41713 463751 0 0 3 0x14200 acct acct
92429 84514 0 0 3 0x14280 nfsidl nfsio
45560 154375 0 0 3 0x14280 nfsidl nfsio
33976 516345 0 0 3 0x14280 nfsidl nfsio
17826 193958 0 0 3 0x14280 nfsidl nfsio
84622 408393 0 0 3 0x14280 nfsidl nfsio
20352 164262 0 0 3 0x14280 nfsidl nfsio
13422 326962 0 0 3 0x14280 nfsidl nfsio
3361 417818 0 0 3 0x14280 nfsidl nfsio
94209 127575 0 0 3 0x14280 nfsidl nfsio
25890 414089 0 0 3 0x14280 nfsidl nfsio
86775 317700 0 0 3 0x14280 nfsidl nfsio
80013 4226 0 0 3 0x14280 nfsidl nfsio
96433 88660 0 0 3 0x14280 nfsidl nfsio
35984 479652 0 0 3 0x14280 nfsidl nfsio
65629 388961 0 0 3 0x14280 nfsidl nfsio
24932 151805 0 0 3 0x14280 nfsidl nfsio
56161 68757 0 0 3 0x14280 nfsidl nfsio
14696 115226 0 0 3 0x14280 nfsidl nfsio
21964 472723 0 0 3 0x14280 nfsidl nfsio
3769 270980 0 0 3 0x14280 nfsidl nfsio
45920 51529 0 0 3 0x14200 bored sosplice
26251 189223 31747 0 3 0x2000082 thrsleep syz-fuzzer
26251 169114 31747 0 3 0x6000082 thrsleep syz-fuzzer
26251 45896 31747 0 3 0x6000082 thrsleep syz-fuzzer
26251 489436 31747 0 3 0x6000082 wait syz-fuzzer
26251 40238 31747 0 3 0x6000082 kqread syz-fuzzer
26251 492166 31747 0 3 0x6000082 wait syz-fuzzer
26251 82913 31747 0 3 0x6000082 wait syz-fuzzer
26251 137071 31747 0 3 0x6000082 thrsleep syz-fuzzer
26251 97779 31747 0 3 0x6000082 wait syz-fuzzer
26251 60280 31747 0 3 0x6000082 thrsleep syz-fuzzer
26251 150277 31747 0 3 0x6000082 thrsleep syz-fuzzer
26251 193522 31747 0 3 0x6000082 wait syz-fuzzer
26251 459074 31747 0 3 0x6000082 wait syz-fuzzer
26251 463193 31747 0 3 0x6000082 thrsleep syz-fuzzer
26251 396077 31747 0 3 0x6000082 wait syz-fuzzer
26251 245383 31747 0 3 0x6000082 wait syz-fuzzer
31747 250510 49514 0 3 0x10008a sigsusp ksh
49514 468554 61279 0 3 0x9a kqread sshd
61279 55994 1 0 3 0x88 kqread sshd
78742 472789 54170 74 3 0x1100092 bpf pflogd
54170 457956 1 0 3 0x80 netio pflogd
76435 459343 97027 73 3 0x1100090 kqread syslogd
97027 369807 1 0 3 0x100082 netio syslogd
51477 236301 1 0 3 0x100080 kqread resolvd
54708 196098 72424 77 3 0x100092 kqread dhcpleased
34464 448093 72424 77 3 0x100092 kqread dhcpleased
72424 273076 1 0 3 0x80 kqread dhcpleased
4176 292478 0 0 3 0x14200 bored smr
62408 433331 0 0 3 0x14200 pgzero zerothread
33227 266530 0 0 3 0x14200 aiodoned aiodoned
8478 71001 0 0 3 0x14200 syncer update
72408 233149 0 0 3 0x14200 cleaner cleaner
80254 441561 0 0 3 0x14200 reaper reaper
42306 221338 0 0 3 0x14200 pgdaemon pagedaemon
98500 459205 0 0 3 0x14200 bored viomb
851 371034 0 0 3 0x40014200 acpi0 acpi0
43596 519529 0 0 3 0x40014200 idle1
64739 418785 0 0 3 0x14200 bored softnet3
50956 132867 0 0 3 0x14200 bored softnet2
78985 184000 0 0 3 0x14200 bored softnet1
9465 381508 0 0 3 0x14200 bored softnet0
24183 214656 0 0 3 0x14200 bored systqmp
18986 220129 0 0 3 0x14200 bored systq
71256 211645 0 0 3 0x14200 tmoslp softclockmp
38170 191948 0 0 3 0x40014200 tmoslp softclock
*60419 191540 0 0 7 0x40014200 idle0
1 494975 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex /syzkaller/managers/multicore/kernel/sys/kern/kern_timeout.c:57 r = 0 (0xffffffff82cdd850)
#0 witness_lock+0x447
#1 mtx_enter_try+0x104
#2 mtx_enter+0x4f sys/kern/kern_lock.c:266
#3 softclock_process_tick_timeout+0x1b2 sys/kern/kern_timeout.c:723
#4 softclock+0x13a sys/kern/kern_timeout.c:755
#5 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
#6 Xsoftclock+0x27
#7 acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206
#8 sched_idle+0x41e sys/kern/kern_sched.c:183
#9 proc_trampoline+0x10
Process 60419 (idle0) thread 0xffff80002a0fc298 (191540)
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10226 6507K 6867K 166960K 18683 0
pcb 15 18K 20K 166960K 909 0
rtable 232 9K 9K 166960K 2345 0
pf 40 10K 11K 166960K 303 0
ifaddr 47 17K 17K 166960K 281 0
ifgroup 73 3K 3K 166960K 477 0
sysctl 4 1K 2K 166960K 7 0
counters 70 37K 37K 166960K 316 0
ioctlops 0 0K 4K 166960K 2207 0
iov 0 0K 32K 166960K 1248 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1412 88K 88K 166960K 5136 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 112 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 1133 0
dirhash 12 2K 2K 166960K 78 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 11 37K 85K 166960K 12467 0
sigio 0 0K 0K 166960K 505 0
proc 73 91K 116K 166960K 1822 0
subproc 104 6K 6K 166960K 507 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 742 0
in_multi 98 7K 7K 166960K 529 0
ether_multi 1 0K 0K 166960K 8 0
mrt 1 0K 0K 166960K 6 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 223 996K 996K 166960K 223 0
exec 0 0K 1K 166960K 2130 0
pfkey data 0 0K 4K 166960K 6 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 412 269K 271K 166960K 123597 0
UVM aobj 131 6K 7K 166960K 146 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 503 0
NDP 17 0K 1K 166960K 216 0
temp 75 6772K 6900K 166960K 83576 0
kqueue 12 18K 26K 166960K 763 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 873 0 870 10 9 1 4 0 8 0
rtentry 112 598 0 492 6 2 4 4 0 8 0
unpcb 144 9830 0 9815 125 121 4 8 0 8 3
syncache 336 204 0 204 24 24 0 1 0 8 0
tcpqe 32 643 70 643 6 6 0 1 0 8 0
tcpcb 808 7004 0 6986 158 149 9 15 0 8 6
arp 120 112 0 96 1 0 1 1 0 8 0
inpcb 392 11381 0 11360 191 182 9 18 0 8 5
nd6 136 122 0 98 1 0 1 1 0 8 0
pkpcb 40 86 0 86 9 9 0 1 0 8 0
kcovpl 48 39 0 31 1 0 1 1 0 8 0
ppxss 1168 48 0 48 12 12 0 1 0 8 0
pffrag 232 85 0 85 9 9 0 1 0 482 0
pffrnode 88 85 0 85 9 9 0 1 0 8 0
pffrent 40 409 0 409 9 9 0 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 394 0 378 1 0 1 1 0 8 0
pfstkey 128 394 0 378 2 1 1 2 0 8 0
pfstate 376 394 0 378 15 13 2 9 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
rttmr 136 1 0 1 1 1 0 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 2092 0 1638 43 14 29 32 0 8 0
art_table 32 2093 0 1638 5 1 4 5 0 8 0
art_node 16 552 0 456 1 0 1 1 0 8 0
sysvmsgpl 40 8 0 8 1 1 0 1 0 8 0
semupl 112 3 0 3 1 1 0 1 0 8 0
semapl 112 1131 0 1121 1 0 1 1 0 8 0
shmpl 112 143 0 15 4 0 4 4 0 8 0
dirhash 1024 61 0 44 3 0 3 3 0 8 0
dino2pl 256 16923 0 15435 94 0 94 94 0 8 0
ffsino 272 16923 0 15435 100 0 100 100 0 8 0
nchpl 144 33506 0 31868 64 0 64 64 0 8 0
uvmvnodes 80 6250 0 0 128 0 128 128 0 8 0
vnodes 216 6250 0 0 348 0 348 348 0 8 0
namei 1024 105395 0 105395 19 18 1 2 0 8 1
percpumem 16 172 0 123 1 0 1 1 0 8 0
vcpupl 2048 118 0 1 15 0 15 15 0 8 0
vmpool 696 132 0 15 11 0 11 11 0 8 0
kstatmem 264 276 0 246 7 4 3 3 0 8 0
scxspl 216 103537 0 103537 28 25 3 8 1 8 3
plimitpl 152 754 0 738 1 0 1 1 0 8 0
sigapl 424 12741 0 12677 20 11 9 9 0 8 0
futexpl 64 90503 0 90503 6 5 1 1 0 8 1
knotepl 120 777 0 0 20 2 18 19 0 8 0
kqueuepl 216 1813 0 1805 39 38 1 5 0 8 0
pipepl 320 1736 0 1708 49 43 6 8 0 8 3
fdescpl 496 12700 0 12676 12 7 5 5 0 8 0
filepl 152 68535 0 68294 150 136 14 24 0 8 3
lockfpl 104 2529 0 2527 4 3 1 2 0 8 0
lockfspl 48 737 0 735 1 0 1 1 0 8 0
sessionpl 144 57 0 40 1 0 1 1 0 8 0
pgrppl 48 201 0 184 1 0 1 1 0 8 0
ucredpl 104 8047 0 8035 1 0 1 1 0 8 0
zombiepl 144 12678 0 12677 2 1 1 1 0 8 0
processpl 1136 12741 0 12677 6 0 6 6 0 8 0
procpl 680 34417 0 34338 31 22 9 10 0 8 0
srpgc 96 27 0 27 12 12 0 1 0 8 0
sosppl 168 156 0 155 11 10 1 1 0 8 0
sockpl 584 22376 0 22337 277 267 10 22 0 8 5
mcl64k 65536 18 0 0 3 0 3 3 0 8 0
mcl16k 16384 17 0 0 3 0 3 3 0 8 0
mcl12k 12288 41 0 0 2 0 2 2 0 8 0
mcl9k 9216 18 0 0 2 0 2 2 0 8 0
mcl8k 8192 29 0 0 3 1 2 3 0 8 0
mcl4k 4096 91 0 0 6 3 3 3 0 8 0
mcl2k2 2112 9 0 0 1 0 1 1 0 8 0
mcl2k 2048 458 0 0 34 14 20 34 0 8 0
mtagpl 96 221 0 0 5 1 4 5 0 8 0
mbufpl 256 4288 0 0 229 0 229 229 0 8 0
bufpl 280 22610 0 16292 452 0 452 452 0 8 0
anonpl 24 1266962 0 1254278 215 95 120 131 0 186 1
amapchunkpl 152 390451 0 389688 94 48 46 51 0 158 0
amappl16 200 24002 0 23425 105 70 35 42 0 8 3
amappl15 192 68 0 67 1 0 1 1 0 8 0
amappl14 184 274 0 258 2 1 1 2 0 8 0
amappl13 176 17 0 17 5 5 0 1 0 8 0
amappl12 168 13824 0 13795 3 1 2 2 0 8 0
amappl11 160 60 0 46 1 0 1 1 0 8 0
amappl10 152 78 0 63 1 0 1 1 0 8 0
amappl9 144 242 0 242 28 28 0 1 0 8 0
amappl8 136 716 0 597 5 0 5 5 0 8 0
amappl7 128 297 0 269 2 0 2 2 0 8 0
amappl6 120 799 0 785 1 0 1 1 0 8 0
amappl5 112 369 0 356 1 0 1 1 0 8 0
amappl4 104 838 0 804 3 1 2 2 0 8 0
amappl3 96 76587 0 76517 4 1 3 3 0 8 0
amappl2 88 13675 0 13596 3 1 2 3 0 8 0
amappl1 80 55181 0 54650 25 12 13 22 0 8 0
amappl 88 122490 0 122252 8 1 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 145 0 15 3 0 3 3 0 8 0
uaddrrnd 24 12832 0 12691 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 12832 0 12691 1 0 1 1 0 8 0
vmmpekpl 168 96598 0 96509 5 0 5 5 0 8 0
vmmpepl 168 764208 0 761738 519 363 156 182 0 357 25
vmsppl 448 12831 0 12691 28 11 17 17 0 8 0
rwobjpl 56 188401 0 180294 125 10 115 115 0 8 0
pdppl 4096 25671 0 25499 1341 1153 188 189 0 8 16
pvpl 32 42160 0 0 341 1 340 340 0 265 0
pmappl 248 12831 0 12691 13 3 10 10 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 2427 0 1690 22 0 22 22 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
softclock(0) at softclock+0xd7 sys/kern/kern_timeout.c:751
softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x27
acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206
sched_idle(ffffffff82c9aff0) at sched_idle+0x41e sys/kern/kern_sched.c:183
end trace frame: 0x0, count: -5
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffff800029cebff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 kd_curproc sys/dev/kcov.c:589 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 sys/dev/kcov.c:158
__mp_lock(ffffffff82e6f748) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82e6f748) at __mp_lock+0x133 sys/kern/kern_lock.c:147
syscall(ffff800032515ed0) at syscall+0x51a mi_syscall sys/sys/syscall_mi.h:183 [inline]
syscall(ffff800032515ed0) at syscall+0x51a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x77ed3f7157c0, count: 8
ddb{1}> trace
x86_ipi_db(ffff800029cebff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 kd_curproc sys/dev/kcov.c:589 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 sys/dev/kcov.c:158
__mp_lock(ffffffff82e6f748) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82e6f748) at __mp_lock+0x133 sys/kern/kern_lock.c:147
syscall(ffff800032515ed0) at syscall+0x51a mi_syscall sys/sys/syscall_mi.h:183 [inline]
syscall(ffff800032515ed0) at syscall+0x51a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x77ed3f7157c0, count: -7
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 20110d46fc7f Make ftpd tests less flaky by ensuring the se..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=167d3c2a180000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=1308f2999d69cc95f557
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/59b4247f7599/disk-20110d46.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/9736b3764cef/bsd-20110d46.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/cebb48d381a3/kernel-20110d46.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1308f2...@syzkaller.appspotmail.com
uvm_fault(0xffffffff82e3acf8, 0x8, 0, 2) -> e
kernel: page fault trap, code=2
Stopped at softclock+0xd7: movq %rcx,0x8(%rax)
TID PID UID PRFLAGS PFLAGS CPU COMMAND
252974 74051 0 0x2 0 1 syz-executor.3
softclock(0) at softclock+0xd7 sys/kern/kern_timeout.c:751
softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x27
acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206
sched_idle(ffffffff82c9aff0) at sched_idle+0x41e sys/kern/kern_sched.c:183
end trace frame: 0x0, count: 10
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: uvm_fault(0xffffffff82e3acf8, 0x8, 0, 2) -> e
ddb{0}> trace
softclock(0) at softclock+0xd7 sys/kern/kern_timeout.c:751
softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x27
acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206
sched_idle(ffffffff82c9aff0) at sched_idle+0x41e sys/kern/kern_sched.c:183
end trace frame: 0x0, count: -5
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002a102230
rbx 0xffffffff82e3c6c0 timeout_todo
rdx 0
rcx 0xffffffff82e3c6c0 timeout_todo
rax 0
r8 0xba
r9 0xba
r10 0x7b03d2068a4a75cf
r11 0x3998f307d57a7dda
r12 0xffffffff
r13 0xffffffff82d8a340 rdrand_tmo
r14 0
r15 0xfffffd80687fbf00
rip 0xffffffff81875a37 softclock+0xd7
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002a1021f0
ss 0x10
softclock+0xd7: movq %rcx,0x8(%rax)
ddb{0}> show proc
PROC (idle0) tid=191540 pid=60419 tcnt=1 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=40000200<SYSTEM,CPUPEG>
runpri=0, usrpri=50, slppri=0, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0x3bb6bfd199dcdfb7, list=0xffff80002a0fc7e8,0xffff80002a0fc000
process=0xffff8000ffffec60 user=0xffff80002a0fd000, vmspace=0xffffffff82e3acf8
estcpu=0, cpticks=26211, pctcpu=0.0, user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
4108 309077 26251 0 3 0x82 piperd syz-executor.6
12793 137160 26251 0 3 0x82 piperd syz-executor.4
51096 350499 26251 0 3 0x82 piperd syz-executor.5
60988 87816 26251 0 3 0x82 piperd syz-executor.7
9528 464961 26251 0 3 0x82 piperd syz-executor.0
74051 252974 26251 0 7 0x2 syz-executor.3
81170 418589 26251 0 3 0x82 piperd syz-executor.2
59598 220267 26251 0 3 0x82 piperd syz-executor.1
90112 980 1 0 3 0x100083 ttyopn getty
41713 463751 0 0 3 0x14200 acct acct
92429 84514 0 0 3 0x14280 nfsidl nfsio
45560 154375 0 0 3 0x14280 nfsidl nfsio
33976 516345 0 0 3 0x14280 nfsidl nfsio
17826 193958 0 0 3 0x14280 nfsidl nfsio
84622 408393 0 0 3 0x14280 nfsidl nfsio
20352 164262 0 0 3 0x14280 nfsidl nfsio
13422 326962 0 0 3 0x14280 nfsidl nfsio
3361 417818 0 0 3 0x14280 nfsidl nfsio
94209 127575 0 0 3 0x14280 nfsidl nfsio
25890 414089 0 0 3 0x14280 nfsidl nfsio
86775 317700 0 0 3 0x14280 nfsidl nfsio
80013 4226 0 0 3 0x14280 nfsidl nfsio
96433 88660 0 0 3 0x14280 nfsidl nfsio
35984 479652 0 0 3 0x14280 nfsidl nfsio
65629 388961 0 0 3 0x14280 nfsidl nfsio
24932 151805 0 0 3 0x14280 nfsidl nfsio
56161 68757 0 0 3 0x14280 nfsidl nfsio
14696 115226 0 0 3 0x14280 nfsidl nfsio
21964 472723 0 0 3 0x14280 nfsidl nfsio
3769 270980 0 0 3 0x14280 nfsidl nfsio
45920 51529 0 0 3 0x14200 bored sosplice
26251 189223 31747 0 3 0x2000082 thrsleep syz-fuzzer
26251 169114 31747 0 3 0x6000082 thrsleep syz-fuzzer
26251 45896 31747 0 3 0x6000082 thrsleep syz-fuzzer
26251 489436 31747 0 3 0x6000082 wait syz-fuzzer
26251 40238 31747 0 3 0x6000082 kqread syz-fuzzer
26251 492166 31747 0 3 0x6000082 wait syz-fuzzer
26251 82913 31747 0 3 0x6000082 wait syz-fuzzer
26251 137071 31747 0 3 0x6000082 thrsleep syz-fuzzer
26251 97779 31747 0 3 0x6000082 wait syz-fuzzer
26251 60280 31747 0 3 0x6000082 thrsleep syz-fuzzer
26251 150277 31747 0 3 0x6000082 thrsleep syz-fuzzer
26251 193522 31747 0 3 0x6000082 wait syz-fuzzer
26251 459074 31747 0 3 0x6000082 wait syz-fuzzer
26251 463193 31747 0 3 0x6000082 thrsleep syz-fuzzer
26251 396077 31747 0 3 0x6000082 wait syz-fuzzer
26251 245383 31747 0 3 0x6000082 wait syz-fuzzer
31747 250510 49514 0 3 0x10008a sigsusp ksh
49514 468554 61279 0 3 0x9a kqread sshd
61279 55994 1 0 3 0x88 kqread sshd
78742 472789 54170 74 3 0x1100092 bpf pflogd
54170 457956 1 0 3 0x80 netio pflogd
76435 459343 97027 73 3 0x1100090 kqread syslogd
97027 369807 1 0 3 0x100082 netio syslogd
51477 236301 1 0 3 0x100080 kqread resolvd
54708 196098 72424 77 3 0x100092 kqread dhcpleased
34464 448093 72424 77 3 0x100092 kqread dhcpleased
72424 273076 1 0 3 0x80 kqread dhcpleased
4176 292478 0 0 3 0x14200 bored smr
62408 433331 0 0 3 0x14200 pgzero zerothread
33227 266530 0 0 3 0x14200 aiodoned aiodoned
8478 71001 0 0 3 0x14200 syncer update
72408 233149 0 0 3 0x14200 cleaner cleaner
80254 441561 0 0 3 0x14200 reaper reaper
42306 221338 0 0 3 0x14200 pgdaemon pagedaemon
98500 459205 0 0 3 0x14200 bored viomb
851 371034 0 0 3 0x40014200 acpi0 acpi0
43596 519529 0 0 3 0x40014200 idle1
64739 418785 0 0 3 0x14200 bored softnet3
50956 132867 0 0 3 0x14200 bored softnet2
78985 184000 0 0 3 0x14200 bored softnet1
9465 381508 0 0 3 0x14200 bored softnet0
24183 214656 0 0 3 0x14200 bored systqmp
18986 220129 0 0 3 0x14200 bored systq
71256 211645 0 0 3 0x14200 tmoslp softclockmp
38170 191948 0 0 3 0x40014200 tmoslp softclock
*60419 191540 0 0 7 0x40014200 idle0
1 494975 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex /syzkaller/managers/multicore/kernel/sys/kern/kern_timeout.c:57 r = 0 (0xffffffff82cdd850)
#0 witness_lock+0x447
#1 mtx_enter_try+0x104
#2 mtx_enter+0x4f sys/kern/kern_lock.c:266
#3 softclock_process_tick_timeout+0x1b2 sys/kern/kern_timeout.c:723
#4 softclock+0x13a sys/kern/kern_timeout.c:755
#5 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
#6 Xsoftclock+0x27
#7 acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206
#8 sched_idle+0x41e sys/kern/kern_sched.c:183
#9 proc_trampoline+0x10
Process 60419 (idle0) thread 0xffff80002a0fc298 (191540)
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10226 6507K 6867K 166960K 18683 0
pcb 15 18K 20K 166960K 909 0
rtable 232 9K 9K 166960K 2345 0
pf 40 10K 11K 166960K 303 0
ifaddr 47 17K 17K 166960K 281 0
ifgroup 73 3K 3K 166960K 477 0
sysctl 4 1K 2K 166960K 7 0
counters 70 37K 37K 166960K 316 0
ioctlops 0 0K 4K 166960K 2207 0
iov 0 0K 32K 166960K 1248 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1412 88K 88K 166960K 5136 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 112 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 1133 0
dirhash 12 2K 2K 166960K 78 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 11 37K 85K 166960K 12467 0
sigio 0 0K 0K 166960K 505 0
proc 73 91K 116K 166960K 1822 0
subproc 104 6K 6K 166960K 507 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 742 0
in_multi 98 7K 7K 166960K 529 0
ether_multi 1 0K 0K 166960K 8 0
mrt 1 0K 0K 166960K 6 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 223 996K 996K 166960K 223 0
exec 0 0K 1K 166960K 2130 0
pfkey data 0 0K 4K 166960K 6 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 412 269K 271K 166960K 123597 0
UVM aobj 131 6K 7K 166960K 146 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 503 0
NDP 17 0K 1K 166960K 216 0
temp 75 6772K 6900K 166960K 83576 0
kqueue 12 18K 26K 166960K 763 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 873 0 870 10 9 1 4 0 8 0
rtentry 112 598 0 492 6 2 4 4 0 8 0
unpcb 144 9830 0 9815 125 121 4 8 0 8 3
syncache 336 204 0 204 24 24 0 1 0 8 0
tcpqe 32 643 70 643 6 6 0 1 0 8 0
tcpcb 808 7004 0 6986 158 149 9 15 0 8 6
arp 120 112 0 96 1 0 1 1 0 8 0
inpcb 392 11381 0 11360 191 182 9 18 0 8 5
nd6 136 122 0 98 1 0 1 1 0 8 0
pkpcb 40 86 0 86 9 9 0 1 0 8 0
kcovpl 48 39 0 31 1 0 1 1 0 8 0
ppxss 1168 48 0 48 12 12 0 1 0 8 0
pffrag 232 85 0 85 9 9 0 1 0 482 0
pffrnode 88 85 0 85 9 9 0 1 0 8 0
pffrent 40 409 0 409 9 9 0 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 394 0 378 1 0 1 1 0 8 0
pfstkey 128 394 0 378 2 1 1 2 0 8 0
pfstate 376 394 0 378 15 13 2 9 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
rttmr 136 1 0 1 1 1 0 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 2092 0 1638 43 14 29 32 0 8 0
art_table 32 2093 0 1638 5 1 4 5 0 8 0
art_node 16 552 0 456 1 0 1 1 0 8 0
sysvmsgpl 40 8 0 8 1 1 0 1 0 8 0
semupl 112 3 0 3 1 1 0 1 0 8 0
semapl 112 1131 0 1121 1 0 1 1 0 8 0
shmpl 112 143 0 15 4 0 4 4 0 8 0
dirhash 1024 61 0 44 3 0 3 3 0 8 0
dino2pl 256 16923 0 15435 94 0 94 94 0 8 0
ffsino 272 16923 0 15435 100 0 100 100 0 8 0
nchpl 144 33506 0 31868 64 0 64 64 0 8 0
uvmvnodes 80 6250 0 0 128 0 128 128 0 8 0
vnodes 216 6250 0 0 348 0 348 348 0 8 0
namei 1024 105395 0 105395 19 18 1 2 0 8 1
percpumem 16 172 0 123 1 0 1 1 0 8 0
vcpupl 2048 118 0 1 15 0 15 15 0 8 0
vmpool 696 132 0 15 11 0 11 11 0 8 0
kstatmem 264 276 0 246 7 4 3 3 0 8 0
scxspl 216 103537 0 103537 28 25 3 8 1 8 3
plimitpl 152 754 0 738 1 0 1 1 0 8 0
sigapl 424 12741 0 12677 20 11 9 9 0 8 0
futexpl 64 90503 0 90503 6 5 1 1 0 8 1
knotepl 120 777 0 0 20 2 18 19 0 8 0
kqueuepl 216 1813 0 1805 39 38 1 5 0 8 0
pipepl 320 1736 0 1708 49 43 6 8 0 8 3
fdescpl 496 12700 0 12676 12 7 5 5 0 8 0
filepl 152 68535 0 68294 150 136 14 24 0 8 3
lockfpl 104 2529 0 2527 4 3 1 2 0 8 0
lockfspl 48 737 0 735 1 0 1 1 0 8 0
sessionpl 144 57 0 40 1 0 1 1 0 8 0
pgrppl 48 201 0 184 1 0 1 1 0 8 0
ucredpl 104 8047 0 8035 1 0 1 1 0 8 0
zombiepl 144 12678 0 12677 2 1 1 1 0 8 0
processpl 1136 12741 0 12677 6 0 6 6 0 8 0
procpl 680 34417 0 34338 31 22 9 10 0 8 0
srpgc 96 27 0 27 12 12 0 1 0 8 0
sosppl 168 156 0 155 11 10 1 1 0 8 0
sockpl 584 22376 0 22337 277 267 10 22 0 8 5
mcl64k 65536 18 0 0 3 0 3 3 0 8 0
mcl16k 16384 17 0 0 3 0 3 3 0 8 0
mcl12k 12288 41 0 0 2 0 2 2 0 8 0
mcl9k 9216 18 0 0 2 0 2 2 0 8 0
mcl8k 8192 29 0 0 3 1 2 3 0 8 0
mcl4k 4096 91 0 0 6 3 3 3 0 8 0
mcl2k2 2112 9 0 0 1 0 1 1 0 8 0
mcl2k 2048 458 0 0 34 14 20 34 0 8 0
mtagpl 96 221 0 0 5 1 4 5 0 8 0
mbufpl 256 4288 0 0 229 0 229 229 0 8 0
bufpl 280 22610 0 16292 452 0 452 452 0 8 0
anonpl 24 1266962 0 1254278 215 95 120 131 0 186 1
amapchunkpl 152 390451 0 389688 94 48 46 51 0 158 0
amappl16 200 24002 0 23425 105 70 35 42 0 8 3
amappl15 192 68 0 67 1 0 1 1 0 8 0
amappl14 184 274 0 258 2 1 1 2 0 8 0
amappl13 176 17 0 17 5 5 0 1 0 8 0
amappl12 168 13824 0 13795 3 1 2 2 0 8 0
amappl11 160 60 0 46 1 0 1 1 0 8 0
amappl10 152 78 0 63 1 0 1 1 0 8 0
amappl9 144 242 0 242 28 28 0 1 0 8 0
amappl8 136 716 0 597 5 0 5 5 0 8 0
amappl7 128 297 0 269 2 0 2 2 0 8 0
amappl6 120 799 0 785 1 0 1 1 0 8 0
amappl5 112 369 0 356 1 0 1 1 0 8 0
amappl4 104 838 0 804 3 1 2 2 0 8 0
amappl3 96 76587 0 76517 4 1 3 3 0 8 0
amappl2 88 13675 0 13596 3 1 2 3 0 8 0
amappl1 80 55181 0 54650 25 12 13 22 0 8 0
amappl 88 122490 0 122252 8 1 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 145 0 15 3 0 3 3 0 8 0
uaddrrnd 24 12832 0 12691 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 12832 0 12691 1 0 1 1 0 8 0
vmmpekpl 168 96598 0 96509 5 0 5 5 0 8 0
vmmpepl 168 764208 0 761738 519 363 156 182 0 357 25
vmsppl 448 12831 0 12691 28 11 17 17 0 8 0
rwobjpl 56 188401 0 180294 125 10 115 115 0 8 0
pdppl 4096 25671 0 25499 1341 1153 188 189 0 8 16
pvpl 32 42160 0 0 341 1 340 340 0 265 0
pmappl 248 12831 0 12691 13 3 10 10 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 2427 0 1690 22 0 22 22 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
softclock(0) at softclock+0xd7 sys/kern/kern_timeout.c:751
softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x27
acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206
sched_idle(ffffffff82c9aff0) at sched_idle+0x41e sys/kern/kern_sched.c:183
end trace frame: 0x0, count: -5
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffff800029cebff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 kd_curproc sys/dev/kcov.c:589 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 sys/dev/kcov.c:158
__mp_lock(ffffffff82e6f748) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82e6f748) at __mp_lock+0x133 sys/kern/kern_lock.c:147
syscall(ffff800032515ed0) at syscall+0x51a mi_syscall sys/sys/syscall_mi.h:183 [inline]
syscall(ffff800032515ed0) at syscall+0x51a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x77ed3f7157c0, count: 8
ddb{1}> trace
x86_ipi_db(ffff800029cebff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 kd_curproc sys/dev/kcov.c:589 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 sys/dev/kcov.c:158
__mp_lock(ffffffff82e6f748) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82e6f748) at __mp_lock+0x133 sys/kern/kern_lock.c:147
syscall(ffff800032515ed0) at syscall+0x51a mi_syscall sys/sys/syscall_mi.h:183 [inline]
syscall(ffff800032515ed0) at syscall+0x51a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x77ed3f7157c0, count: -7
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages