uvm_fault: pool_cache_get
1 view
Skip to first unread message
syzbot
Oct 20, 2019, 3:26:09 PM10/20/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 06f3ae2a unstub amdgpu_ttm_bo_eviction_valuable()
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10cac117600000
kernel config: https://syzkaller.appspot.com/x/.config?x=26ca0a9c07f16a3a
dashboard link: https://syzkaller.appspot.com/bug?extid=53798ec5409b3965c27f
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+53798e...@syzkaller.appspotmail.com
uvm_fault(0xffffffff82620600, 0xfffffd0000000010, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at pool_cache_get+0x1b1: movq 0x10(%r14),%r13
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
kernel page fault
uvm_fault(0xffffffff82620600, 0xfffffd0000000010, 0, 1) -> e
pool_cache_get(ffffffff8266e920) at pool_cache_get+0x1b1
pool_cache_item_magic_check sys/kern/subr_pool.c:1778 [inline]
pool_cache_get(ffffffff8266e920) at pool_cache_get+0x1b1
sys/kern/subr_pool.c:1892
end trace frame: 0xffff800023b82920, count: 0
ddb{0}> trace
pool_cache_get(ffffffff8266e920) at pool_cache_get+0x1b1
pool_cache_item_magic_check sys/kern/subr_pool.c:1778 [inline]
pool_cache_get(ffffffff8266e920) at pool_cache_get+0x1b1
sys/kern/subr_pool.c:1892
pool_get() at pool_get+0x91 sys/kern/subr_pool.c:572
m_get(2,3) at m_get+0x4c sys/kern/uipc_mbuf.c:250
sbappendaddr(fffffd806f6cb480,fffffd806f6cb508,ffffffff82260178,fffffd8068268500,0)
at
sbappendaddr+0x140 sys/kern/uipc_socket2.c:802
rtm_sendup(fffffd806f6cb480,fffffd80687d1b00,1) at rtm_sendup+0xe7
sys/net/rtsock.c:594
route_input(fffffd80687d1b00,0,0) at route_input+0x1cc sys/net/rtsock.c:560
if_detach(ffff800000b19800) at if_detach+0x381 sys/net/if.c:1145
tun_clone_destroy(ffff800000b19800) at tun_clone_destroy+0x1c7
sys/net/if_tun.c:278
spec_close(ffff800023b82c30) at spec_close+0x3b0 sys/kern/spec_vnops.c:553
VOP_CLOSE(fffffd80625f04e0,1,fffffd807f7c68a0,ffff800020abe9f8) at
VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:175
vn_closefile(fffffd807d0aa4c8,ffff800020abe9f8) at vn_closefile+0xd8
vn_close sys/kern/vfs_vnops.c:301 [inline]
vn_closefile(fffffd807d0aa4c8,ffff800020abe9f8) at vn_closefile+0xd8
sys/kern/vfs_vnops.c:613
fdrop(fffffd807d0aa4c8,ffff800020abe9f8) at fdrop+0xc2
sys/kern/kern_descrip.c:1273
closef(fffffd807d0aa4c8,ffff800020abe9f8) at closef+0x11d
sys/kern/kern_descrip.c:1257
fdfree(ffff800020abe9f8) at fdfree+0x101 sys/kern/kern_descrip.c:1189
exit1(ffff800020abe9f8,0,1) at exit1+0x32f sys/kern/kern_exit.c:196
sys_exit(ffff800020abe9f8,ffff800023b82ec0,ffff800023b82f10) at
sys_exit+0x17 sys/kern/kern_exit.c:94
syscall(ffff800023b82f90) at syscall+0x4a4 mi_syscall
sys/sys/syscall_mi.h:92 [inline]
syscall(ffff800023b82f90) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,1,0,1,0,7f7ffffd7244) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd7210, count: -18
ddb{0}> show registers
rdi 0x7
rsi 0x7
rbp 0xffff800023b82860
rbx 0xe6a15dc2fe3629c7
rdx 0xffffffff82260178 route_src
rcx 0
rax 0
r8 0
r9 0x5
r10 0x129dc2711d16fa3c
r11 0x4e5409f1a78849bd
r12 0xffffffff8266e920 mbpool
r13 0
r14 0xfffffd0000000000
r15 0xfffffd807f013f00
rip 0xffffffff817ab8f1 pool_cache_get+0x1b1
cs 0x8
rflags 0x10282 __ALIGN_SIZE+0xf282
rsp 0xffff800023b82800
ss 0x10
pool_cache_get+0x1b1: movq 0x10(%r14),%r13
ddb{0}> show proc
PROC (syz-executor.0) pid=212592 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020abf160,0xffffffff826716a0
process=0xffff800020adca80 user=0xffff800023b7e000,
vmspace=0xfffffd807f00ab80
estcpu=36, cpticks=3, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
40054 283246 43231 0 3 0x82 nanosleep syz-executor.0
71493 388905 43231 0 3 0x82 nanosleep syz-executor.1
76604 130057 1 0 3 0x100083 ttyin getty
39443 286474 0 0 3 0x14200 bored sosplice
43231 335265 13031 0 3 0x82 thrsleep syz-fuzzer
43231 430098 13031 0 3 0x4000082 nanosleep syz-fuzzer
43231 517001 13031 0 3 0x4000082 thrsleep syz-fuzzer
43231 492419 13031 0 3 0x4000082 thrsleep syz-fuzzer
43231 279190 13031 0 3 0x4000082 thrsleep syz-fuzzer
43231 343891 13031 0 3 0x4000082 thrsleep syz-fuzzer
43231 188341 13031 0 3 0x4000082 kqread syz-fuzzer
43231 239150 13031 0 3 0x4000082 thrsleep syz-fuzzer
43231 353850 13031 0 3 0x4000082 thrsleep syz-fuzzer
43231 377502 13031 0 3 0x4000082 thrsleep syz-fuzzer
13031 232069 23502 0 3 0x10008a pause ksh
23502 169494 10136 0 3 0x92 select sshd
10136 407652 1 0 3 0x80 select sshd
25436 33101 28160 74 3 0x100092 bpf pflogd
28160 184715 1 0 3 0x80 netio pflogd
59879 413998 9008 73 3 0x100090 kqread syslogd
9008 385727 1 0 3 0x100082 netio syslogd
50347 217495 1 77 3 0x100090 poll dhclient
49396 248196 1 0 3 0x80 poll dhclient
24178 141448 0 0 2 0x14200 zerothread
37810 255365 0 0 3 0x14200 aiodoned aiodoned
1317 246277 0 0 3 0x14200 syncer update
99584 38740 0 0 3 0x14200 cleaner cleaner
42082 486034 0 0 7 0x14200 reaper
58578 405049 0 0 3 0x14200 pgdaemon pagedaemon
87875 85125 0 0 3 0x14200 bored crynlk
31351 239912 0 0 3 0x14200 bored crypto
72000 168192 0 0 3 0x40014200 acpi0 acpi0
49387 165659 0 0 3 0x40014200 idle1
49317 261628 0 0 2 0x14200 softnet
28885 256545 0 0 3 0x14200 bored systqmp
69573 391056 0 0 3 0x14200 bored systq
87554 385555 0 0 3 0x40014200 bored softclock
86504 391650 0 0 3 0x40014200 idle0
83802 484425 0 0 3 0x14200 bored smr
1 276629 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9611 6457K 14629K 78643K 19451 0 0
pcb 13 12K 14K 78643K 875 0 0
rtable 120 13K 14K 78643K 2753 0 0
ifaddr 96 21K 22K 78643K 983 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1710 0 0
iov 0 0K 20K 78643K 785 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1217 76K 77K 78643K 4797 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 44 0 0
VM map 29 14K 14K 78643K 52 0 0
sem 12 0K 1K 78643K 1835 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12765 0 0
file desc 5 13K 25K 78643K 4120 0 0
sigio 0 0K 0K 78643K 53 0 0
proc 62 63K 95K 78643K 1956 0 0
subproc 32 2K 2K 78643K 499 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 1K 78643K 469 0 0
in_multi 35 2K 2K 78643K 462 0 0
ether_multi 1 0K 0K 78643K 37 0 0
mrt 1 0K 0K 78643K 7 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 90 397K 397K 78643K 90 0 0
exec 0 0K 1K 78643K 943 0 0
pfkey data 0 0K 0K 78643K 2 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 161 183K 183K 78643K 15551 0 0
UVM aobj 130 6K 6K 78643K 142 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 1306 0 0
NDP 23 0K 1K 78643K 292 0 0
temp 249 3565K 4205K 78643K 179238 0 0
kqueue 0 0K 0K 78643K 37 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 69 0 64 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtpcb 80 409 0 407 1 0 1 1 0
8 0
rtentry 112 394 0 352 2 0 2 2 0
8 0
unpcb 120 3005 0 2988 4 3 1 2 0
8 0
syncache 264 27 0 27 9 9 0 1 0
8 0
sackhl 24 2 0 2 2 2 0 1 0
8 0
tcpqe 32 35 0 35 7 7 0 1 0
8 0
tcpcb 544 4604 0 4600 58 57 1 14 0
8 0
inpcb 280 12631 0 12624 52 50 2 13 0
8 1
rttmr 72 1 0 1 1 1 0 1 0
8 0
ip6q 72 5 0 5 2 2 0 1 0
8 0
ip6af 40 13 0 13 2 2 0 1 0
8 0
nd6 48 67 0 62 6 5 1 1 0
8 0
pkpcb 40 24 0 24 7 7 0 1 0
8 0
swfcl 56 4 0 0 1 0 1 1 0
8 0
ppxss 1128 141 0 141 7 6 1 1 0
8 1
pffrag 232 108 0 108 11 11 0 1 0
482 0
pffrnode 88 108 0 108 11 11 0 1 0
8 0
pffrent 40 3202 0 3202 11 11 0 1 0
8 0
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 362 0 300 1 0 1 1 0
8 0
pfstkey 112 364 0 302 3 0 3 3 0
8 0
pfstate 328 364 0 302 9 1 8 8 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 8 0 7 8 7 1 3 0
8 0
art_heap4 256 1802 0 1572 43 28 15 15 0
8 0
art_table 32 1810 0 1579 2 0 2 2 0
8 0
art_node 16 391 0 353 1 0 1 1 0
8 0
sysvmsgpl 40 56 0 40 1 0 1 1 0
8 0
semupl 112 1 0 1 1 1 0 1 0
8 0
semapl 112 1833 0 1823 1 0 1 1 0
8 0
shmpl 112 140 0 12 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 7519 0 6112 46 0 46 46 0
8 0
ffsino 272 7519 0 6112 95 0 95 95 0
8 0
nchpl 144 13563 0 13102 61 40 21 61 0
8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0
8 0
vnodes 208 5926 0 0 312 0 312 312 0
8 0
namei 1024 46434 0 46434 2 1 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
vcpupl 1984 27 0 0 4 0 4 4 0
8 0
vmpool 552 50 0 23 2 0 2 2 0
8 0
scsiplug 64 4 0 4 2 2 0 1 0
8 0
scxspl 192 47128 0 47128 30 29 1 7 0
8 1
plimitpl 152 397 0 389 1 0 1 1 0
8 0
sigapl 432 4242 0 4227 4 2 2 3 0
8 0
futexpl 56 98660 0 98660 1 0 1 1 0
8 1
knotepl 112 1208 0 1189 2 1 1 2 0
8 0
kqueuepl 104 1480 0 1477 13 12 1 4 0
8 0
pipepl 112 2566 0 2547 6 5 1 2 0
8 0
fdescpl 488 4243 0 4227 3 0 3 3 0
8 0
filepl 152 39333 0 39231 57 52 5 14 0
8 0
lockfpl 104 1442 0 1441 1 0 1 1 0
8 0
lockfspl 48 470 0 469 1 0 1 1 0
8 0
sessionpl 112 48 0 37 1 0 1 1 0
8 0
pgrppl 48 89 0 78 1 0 1 1 0
8 0
ucredpl 96 4503 0 4493 1 0 1 1 0
8 0
zombiepl 144 4229 0 4227 1 0 1 1 0
8 0
processpl 896 4260 0 4227 5 1 4 5 0
8 0
procpl 632 13360 0 13317 6 1 5 5 0
8 1
srpgc 64 49 0 49 13 13 0 1 0
8 0
sosppl 128 70 0 70 13 12 1 1 0
8 1
sockpl 384 16172 0 16146 86 81 5 23 0
8 0
mcl64k 65536 259 0 0 33 26 7 33 0
8 0
mcl16k 16384 17 0 0 3 0 3 3 0
8 0
mcl12k 12288 17 0 0 2 0 2 2 0
8 0
mcl9k 9216 14 0 0 1 0 1 1 0
8 0
mcl8k 8192 22 0 0 3 1 2 3 0
8 0
mcl4k 4096 17 0 0 3 0 3 3 0
8 0
mcl2k2 2112 10 0 0 1 0 1 1 0
8 0
mcl2k 2048 181 0 0 21 1 20 21 0
8 0
mtagpl 80 38 0 0 1 0 1 1 0
8 0
mbufpl 256 578 0 0 28 0 28 28 0
8 0
mbufpl: pool(0xffffffff8266e920:mbufpl): free list modified: page
0xfffffd806c9e8000; item ordinal 2; addr 0xfffffd806c9e8200 (p
0xfffffd806987e000); offset 0x0=0x6a8640000000000
bufpl 256 20258 0 13210 441 0 441 441 0
8 0
anonpl 16 517897 0 501562 185 101 84 95 0
124 5
amapchunkpl 152 30200 0 30066 43 36 7 13 0
158 0
amappl16 192 23222 0 22134 172 115 57 67 0
8 0
amappl15 184 821 0 821 2 2 0 1 0
8 0
amappl14 176 645 0 639 1 0 1 1 0
8 0
amappl13 168 1087 0 1087 3 2 1 1 0
8 1
amappl12 160 87 0 86 2 1 1 1 0
8 0
amappl11 152 812 0 797 1 0 1 1 0
8 0
amappl10 144 426 0 422 1 0 1 1 0
8 0
amappl9 136 1287 0 1281 1 0 1 1 0
8 0
amappl8 128 836 0 788 2 0 2 2 0
8 0
amappl7 120 592 0 584 1 0 1 1 0
8 0
amappl6 112 780 0 766 1 0 1 1 0
8 0
amappl5 104 448 0 433 1 0 1 1 0
8 0
amappl4 96 4749 0 4716 1 0 1 1 0
8 0
amappl3 88 690 0 677 1 0 1 1 0
8 0
amappl2 80 32539 0 32467 3 1 2 3 0
8 0
amappl1 72 105982 0 105545 25 15 10 20 0
8 0
amappl 80 14108 0 14055 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 141 0 12 3 0 3 3 0
8 0
uaddrrnd 24 4293 0 4227 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 4293 0 4227 1 0 1 1 0
8 0
vmmpekpl 168 38333 0 38292 3 0 3 3 0
8 0
vmmpepl 168 551766 0 549466 277 134 143 152 0 357
34
vmsppl 368 4242 0 4227 2 0 2 2 0
8 0
pdppl 4096 8593 0 8527 11 2 9 9 0
8 0
pvpl 32 1385229 0 1366121 359 155 204 222 0 265
22
pmappl 232 4292 0 4250 4 1 3 3 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 758 0 126 19 0 19 19 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 06f3ae2a unstub amdgpu_ttm_bo_eviction_valuable()
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10cac117600000
kernel config: https://syzkaller.appspot.com/x/.config?x=26ca0a9c07f16a3a
dashboard link: https://syzkaller.appspot.com/bug?extid=53798ec5409b3965c27f
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+53798e...@syzkaller.appspotmail.com
uvm_fault(0xffffffff82620600, 0xfffffd0000000010, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at pool_cache_get+0x1b1: movq 0x10(%r14),%r13
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
kernel page fault
uvm_fault(0xffffffff82620600, 0xfffffd0000000010, 0, 1) -> e
pool_cache_get(ffffffff8266e920) at pool_cache_get+0x1b1
pool_cache_item_magic_check sys/kern/subr_pool.c:1778 [inline]
pool_cache_get(ffffffff8266e920) at pool_cache_get+0x1b1
sys/kern/subr_pool.c:1892
end trace frame: 0xffff800023b82920, count: 0
ddb{0}> trace
pool_cache_get(ffffffff8266e920) at pool_cache_get+0x1b1
pool_cache_item_magic_check sys/kern/subr_pool.c:1778 [inline]
pool_cache_get(ffffffff8266e920) at pool_cache_get+0x1b1
sys/kern/subr_pool.c:1892
pool_get() at pool_get+0x91 sys/kern/subr_pool.c:572
m_get(2,3) at m_get+0x4c sys/kern/uipc_mbuf.c:250
sbappendaddr(fffffd806f6cb480,fffffd806f6cb508,ffffffff82260178,fffffd8068268500,0)
at
sbappendaddr+0x140 sys/kern/uipc_socket2.c:802
rtm_sendup(fffffd806f6cb480,fffffd80687d1b00,1) at rtm_sendup+0xe7
sys/net/rtsock.c:594
route_input(fffffd80687d1b00,0,0) at route_input+0x1cc sys/net/rtsock.c:560
if_detach(ffff800000b19800) at if_detach+0x381 sys/net/if.c:1145
tun_clone_destroy(ffff800000b19800) at tun_clone_destroy+0x1c7
sys/net/if_tun.c:278
spec_close(ffff800023b82c30) at spec_close+0x3b0 sys/kern/spec_vnops.c:553
VOP_CLOSE(fffffd80625f04e0,1,fffffd807f7c68a0,ffff800020abe9f8) at
VOP_CLOSE+0xc0 sys/kern/vfs_vops.c:175
vn_closefile(fffffd807d0aa4c8,ffff800020abe9f8) at vn_closefile+0xd8
vn_close sys/kern/vfs_vnops.c:301 [inline]
vn_closefile(fffffd807d0aa4c8,ffff800020abe9f8) at vn_closefile+0xd8
sys/kern/vfs_vnops.c:613
fdrop(fffffd807d0aa4c8,ffff800020abe9f8) at fdrop+0xc2
sys/kern/kern_descrip.c:1273
closef(fffffd807d0aa4c8,ffff800020abe9f8) at closef+0x11d
sys/kern/kern_descrip.c:1257
fdfree(ffff800020abe9f8) at fdfree+0x101 sys/kern/kern_descrip.c:1189
exit1(ffff800020abe9f8,0,1) at exit1+0x32f sys/kern/kern_exit.c:196
sys_exit(ffff800020abe9f8,ffff800023b82ec0,ffff800023b82f10) at
sys_exit+0x17 sys/kern/kern_exit.c:94
syscall(ffff800023b82f90) at syscall+0x4a4 mi_syscall
sys/sys/syscall_mi.h:92 [inline]
syscall(ffff800023b82f90) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,1,0,1,0,7f7ffffd7244) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd7210, count: -18
ddb{0}> show registers
rdi 0x7
rsi 0x7
rbp 0xffff800023b82860
rbx 0xe6a15dc2fe3629c7
rdx 0xffffffff82260178 route_src
rcx 0
rax 0
r8 0
r9 0x5
r10 0x129dc2711d16fa3c
r11 0x4e5409f1a78849bd
r12 0xffffffff8266e920 mbpool
r13 0
r14 0xfffffd0000000000
r15 0xfffffd807f013f00
rip 0xffffffff817ab8f1 pool_cache_get+0x1b1
cs 0x8
rflags 0x10282 __ALIGN_SIZE+0xf282
rsp 0xffff800023b82800
ss 0x10
pool_cache_get+0x1b1: movq 0x10(%r14),%r13
ddb{0}> show proc
PROC (syz-executor.0) pid=212592 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020abf160,0xffffffff826716a0
process=0xffff800020adca80 user=0xffff800023b7e000,
vmspace=0xfffffd807f00ab80
estcpu=36, cpticks=3, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
40054 283246 43231 0 3 0x82 nanosleep syz-executor.0
71493 388905 43231 0 3 0x82 nanosleep syz-executor.1
76604 130057 1 0 3 0x100083 ttyin getty
39443 286474 0 0 3 0x14200 bored sosplice
43231 335265 13031 0 3 0x82 thrsleep syz-fuzzer
43231 430098 13031 0 3 0x4000082 nanosleep syz-fuzzer
43231 517001 13031 0 3 0x4000082 thrsleep syz-fuzzer
43231 492419 13031 0 3 0x4000082 thrsleep syz-fuzzer
43231 279190 13031 0 3 0x4000082 thrsleep syz-fuzzer
43231 343891 13031 0 3 0x4000082 thrsleep syz-fuzzer
43231 188341 13031 0 3 0x4000082 kqread syz-fuzzer
43231 239150 13031 0 3 0x4000082 thrsleep syz-fuzzer
43231 353850 13031 0 3 0x4000082 thrsleep syz-fuzzer
43231 377502 13031 0 3 0x4000082 thrsleep syz-fuzzer
13031 232069 23502 0 3 0x10008a pause ksh
23502 169494 10136 0 3 0x92 select sshd
10136 407652 1 0 3 0x80 select sshd
25436 33101 28160 74 3 0x100092 bpf pflogd
28160 184715 1 0 3 0x80 netio pflogd
59879 413998 9008 73 3 0x100090 kqread syslogd
9008 385727 1 0 3 0x100082 netio syslogd
50347 217495 1 77 3 0x100090 poll dhclient
49396 248196 1 0 3 0x80 poll dhclient
24178 141448 0 0 2 0x14200 zerothread
37810 255365 0 0 3 0x14200 aiodoned aiodoned
1317 246277 0 0 3 0x14200 syncer update
99584 38740 0 0 3 0x14200 cleaner cleaner
42082 486034 0 0 7 0x14200 reaper
58578 405049 0 0 3 0x14200 pgdaemon pagedaemon
87875 85125 0 0 3 0x14200 bored crynlk
31351 239912 0 0 3 0x14200 bored crypto
72000 168192 0 0 3 0x40014200 acpi0 acpi0
49387 165659 0 0 3 0x40014200 idle1
49317 261628 0 0 2 0x14200 softnet
28885 256545 0 0 3 0x14200 bored systqmp
69573 391056 0 0 3 0x14200 bored systq
87554 385555 0 0 3 0x40014200 bored softclock
86504 391650 0 0 3 0x40014200 idle0
83802 484425 0 0 3 0x14200 bored smr
1 276629 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9611 6457K 14629K 78643K 19451 0 0
pcb 13 12K 14K 78643K 875 0 0
rtable 120 13K 14K 78643K 2753 0 0
ifaddr 96 21K 22K 78643K 983 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1710 0 0
iov 0 0K 20K 78643K 785 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1217 76K 77K 78643K 4797 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 44 0 0
VM map 29 14K 14K 78643K 52 0 0
sem 12 0K 1K 78643K 1835 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12765 0 0
file desc 5 13K 25K 78643K 4120 0 0
sigio 0 0K 0K 78643K 53 0 0
proc 62 63K 95K 78643K 1956 0 0
subproc 32 2K 2K 78643K 499 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 1K 78643K 469 0 0
in_multi 35 2K 2K 78643K 462 0 0
ether_multi 1 0K 0K 78643K 37 0 0
mrt 1 0K 0K 78643K 7 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 90 397K 397K 78643K 90 0 0
exec 0 0K 1K 78643K 943 0 0
pfkey data 0 0K 0K 78643K 2 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 161 183K 183K 78643K 15551 0 0
UVM aobj 130 6K 6K 78643K 142 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 1306 0 0
NDP 23 0K 1K 78643K 292 0 0
temp 249 3565K 4205K 78643K 179238 0 0
kqueue 0 0K 0K 78643K 37 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 69 0 64 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtpcb 80 409 0 407 1 0 1 1 0
8 0
rtentry 112 394 0 352 2 0 2 2 0
8 0
unpcb 120 3005 0 2988 4 3 1 2 0
8 0
syncache 264 27 0 27 9 9 0 1 0
8 0
sackhl 24 2 0 2 2 2 0 1 0
8 0
tcpqe 32 35 0 35 7 7 0 1 0
8 0
tcpcb 544 4604 0 4600 58 57 1 14 0
8 0
inpcb 280 12631 0 12624 52 50 2 13 0
8 1
rttmr 72 1 0 1 1 1 0 1 0
8 0
ip6q 72 5 0 5 2 2 0 1 0
8 0
ip6af 40 13 0 13 2 2 0 1 0
8 0
nd6 48 67 0 62 6 5 1 1 0
8 0
pkpcb 40 24 0 24 7 7 0 1 0
8 0
swfcl 56 4 0 0 1 0 1 1 0
8 0
ppxss 1128 141 0 141 7 6 1 1 0
8 1
pffrag 232 108 0 108 11 11 0 1 0
482 0
pffrnode 88 108 0 108 11 11 0 1 0
8 0
pffrent 40 3202 0 3202 11 11 0 1 0
8 0
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 362 0 300 1 0 1 1 0
8 0
pfstkey 112 364 0 302 3 0 3 3 0
8 0
pfstate 328 364 0 302 9 1 8 8 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 8 0 7 8 7 1 3 0
8 0
art_heap4 256 1802 0 1572 43 28 15 15 0
8 0
art_table 32 1810 0 1579 2 0 2 2 0
8 0
art_node 16 391 0 353 1 0 1 1 0
8 0
sysvmsgpl 40 56 0 40 1 0 1 1 0
8 0
semupl 112 1 0 1 1 1 0 1 0
8 0
semapl 112 1833 0 1823 1 0 1 1 0
8 0
shmpl 112 140 0 12 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 7519 0 6112 46 0 46 46 0
8 0
ffsino 272 7519 0 6112 95 0 95 95 0
8 0
nchpl 144 13563 0 13102 61 40 21 61 0
8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0
8 0
vnodes 208 5926 0 0 312 0 312 312 0
8 0
namei 1024 46434 0 46434 2 1 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
vcpupl 1984 27 0 0 4 0 4 4 0
8 0
vmpool 552 50 0 23 2 0 2 2 0
8 0
scsiplug 64 4 0 4 2 2 0 1 0
8 0
scxspl 192 47128 0 47128 30 29 1 7 0
8 1
plimitpl 152 397 0 389 1 0 1 1 0
8 0
sigapl 432 4242 0 4227 4 2 2 3 0
8 0
futexpl 56 98660 0 98660 1 0 1 1 0
8 1
knotepl 112 1208 0 1189 2 1 1 2 0
8 0
kqueuepl 104 1480 0 1477 13 12 1 4 0
8 0
pipepl 112 2566 0 2547 6 5 1 2 0
8 0
fdescpl 488 4243 0 4227 3 0 3 3 0
8 0
filepl 152 39333 0 39231 57 52 5 14 0
8 0
lockfpl 104 1442 0 1441 1 0 1 1 0
8 0
lockfspl 48 470 0 469 1 0 1 1 0
8 0
sessionpl 112 48 0 37 1 0 1 1 0
8 0
pgrppl 48 89 0 78 1 0 1 1 0
8 0
ucredpl 96 4503 0 4493 1 0 1 1 0
8 0
zombiepl 144 4229 0 4227 1 0 1 1 0
8 0
processpl 896 4260 0 4227 5 1 4 5 0
8 0
procpl 632 13360 0 13317 6 1 5 5 0
8 1
srpgc 64 49 0 49 13 13 0 1 0
8 0
sosppl 128 70 0 70 13 12 1 1 0
8 1
sockpl 384 16172 0 16146 86 81 5 23 0
8 0
mcl64k 65536 259 0 0 33 26 7 33 0
8 0
mcl16k 16384 17 0 0 3 0 3 3 0
8 0
mcl12k 12288 17 0 0 2 0 2 2 0
8 0
mcl9k 9216 14 0 0 1 0 1 1 0
8 0
mcl8k 8192 22 0 0 3 1 2 3 0
8 0
mcl4k 4096 17 0 0 3 0 3 3 0
8 0
mcl2k2 2112 10 0 0 1 0 1 1 0
8 0
mcl2k 2048 181 0 0 21 1 20 21 0
8 0
mtagpl 80 38 0 0 1 0 1 1 0
8 0
mbufpl 256 578 0 0 28 0 28 28 0
8 0
mbufpl: pool(0xffffffff8266e920:mbufpl): free list modified: page
0xfffffd806c9e8000; item ordinal 2; addr 0xfffffd806c9e8200 (p
0xfffffd806987e000); offset 0x0=0x6a8640000000000
bufpl 256 20258 0 13210 441 0 441 441 0
8 0
anonpl 16 517897 0 501562 185 101 84 95 0
124 5
amapchunkpl 152 30200 0 30066 43 36 7 13 0
158 0
amappl16 192 23222 0 22134 172 115 57 67 0
8 0
amappl15 184 821 0 821 2 2 0 1 0
8 0
amappl14 176 645 0 639 1 0 1 1 0
8 0
amappl13 168 1087 0 1087 3 2 1 1 0
8 1
amappl12 160 87 0 86 2 1 1 1 0
8 0
amappl11 152 812 0 797 1 0 1 1 0
8 0
amappl10 144 426 0 422 1 0 1 1 0
8 0
amappl9 136 1287 0 1281 1 0 1 1 0
8 0
amappl8 128 836 0 788 2 0 2 2 0
8 0
amappl7 120 592 0 584 1 0 1 1 0
8 0
amappl6 112 780 0 766 1 0 1 1 0
8 0
amappl5 104 448 0 433 1 0 1 1 0
8 0
amappl4 96 4749 0 4716 1 0 1 1 0
8 0
amappl3 88 690 0 677 1 0 1 1 0
8 0
amappl2 80 32539 0 32467 3 1 2 3 0
8 0
amappl1 72 105982 0 105545 25 15 10 20 0
8 0
amappl 80 14108 0 14055 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 141 0 12 3 0 3 3 0
8 0
uaddrrnd 24 4293 0 4227 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 4293 0 4227 1 0 1 1 0
8 0
vmmpekpl 168 38333 0 38292 3 0 3 3 0
8 0
vmmpepl 168 551766 0 549466 277 134 143 152 0 357
34
vmsppl 368 4242 0 4227 2 0 2 2 0
8 0
pdppl 4096 8593 0 8527 11 2 9 9 0
8 0
pvpl 32 1385229 0 1366121 359 155 204 222 0 265
22
pmappl 232 4292 0 4250 4 1 3 3 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 758 0 126 19 0 19 19 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Sep 22, 2020, 1:59:10 PM9/22/20
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages