protection_fault: strlcpy
0 views
Skip to first unread message
syzbot
Apr 9, 2024, 2:52:23 AMApr 9
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 7e284d508f03 Fix capping of VAPs
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=153693e3180000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=d46076683ca792dd5570
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9dc13d3284a4/disk-7e284d50.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/3198819dcdc1/bsd-7e284d50.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/71c921eecfc0/kernel-7e284d50.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d46076...@syzkaller.appspotmail.com
kernel: protection fault trap, code=0
Stopped at strlcpy+0x65: movb %al,0(%r15)
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
strlcpy(deadbeefdeadc1e7,ffffffff82932919,18) at strlcpy+0x65 sys/lib/libkern/strlcpy.c:35
kthread_create(ffffffff816cb080,0,0,ffffffff82932919) at kthread_create+0x83 sys/kern/kern_kthread.c:74
nfs_getset_niothreads(1) at nfs_getset_niothreads+0x177 sys/nfs/nfs_syscalls.c:700
nfs_sysctl(ffff80002f397b38,1,0,ffff80002f397b68,20000000,4,7c1cd6278b28c09d) at nfs_sysctl+0xb8 sys/nfs/nfs_vfsops.c:887
sys_sysctl(ffff80002a6799c0,ffff80002f397ca0,ffff80002f397bf0) at sys_sysctl+0x217 sys/kern/kern_sysctl.c:254
syscall(ffff80002f397ca0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe0152f497d0, count: -7
ddb> show registers
rdi 0
rsi 0x17
rbp 0xffff80002f3979e0
rbx 0x2
rdx 0xffff800000de1600
rcx 0x2649 __ALIGN_SIZE+0x1649
rax 0x6e
r8 0x78
r9 0
r10 0xb4b87c69ea6241ea
r11 0x6ef4aa164d47ab99
r12 0x16
r13 0xffffffff82932919 substchar+0x53767
r14 0xffffffff82932919 substchar+0x53767
r15 0xdeadbeefdeadc1e7
rip 0xffffffff82715dc5 strlcpy+0x65
cs 0x8
rflags 0x10202 __ALIGN_SIZE+0xf202
rsp 0xffff80002f397990
ss 0x10
strlcpy+0x65: movb %al,0(%r15)
ddb> show proc
PROC (syz-executor.5) tid=499128 pid=99736 tcnt=4 stat=onproc
flags process=8000000 proc=4000000<THREAD>
runpri=83, usrpri=83, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff80002a6787d0,0xffff80002a68a2c8
process=0xffff8000377d1508 user=0xffff80002f392000, vmspace=0xfffffd807973f030
estcpu=33, cpticks=2, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
25130 478628 22674 0 2 0x8000000 syz-executor.3
25130 509768 22674 0 2 0xc000000 syz-executor.3
71312 280669 91834 0 2 0x8000000 syz-executor.7
71312 247379 91834 0 2 0xc000000 syz-executor.7
40357 476929 61263 0 2 0x8000000 syz-executor.0
40357 76905 61263 0 3 0xc000080 fsleep syz-executor.0
87655 125548 52219 0 2 0x8000000 syz-executor.6
87655 241265 52219 0 3 0xc000080 fsleep syz-executor.6
7225 270899 41916 0 2 0x8000000 syz-executor.2
7225 336655 41916 0 3 0xc000080 fsleep syz-executor.2
97064 81657 21138 0 2 0x8000000 syz-executor.1
97064 423479 21138 0 3 0xc000080 fsleep syz-executor.1
97064 105372 21138 0 3 0xc000080 fsleep syz-executor.1
97064 34436 21138 0 3 0xc000080 fsleep syz-executor.1
99736 41456 96433 0 2 0x8000000 syz-executor.5
*99736 499128 96433 0 7 0xc000000 syz-executor.5
99736 99630 96433 0 2 0xc000000 syz-executor.5
99736 278504 96433 0 2 0xc000000 syz-executor.5
52219 263840 26310 0 2 0x8000482 syz-executor.6
41916 406508 26310 0 3 0x8000082 nanoslp syz-executor.2
5503 327034 26310 0 2 0x8000002 syz-executor.4
61263 78322 26310 0 2 0x8000482 syz-executor.0
21138 88184 26310 0 3 0x8000082 nanoslp syz-executor.1
22674 341603 26310 0 2 0x8000482 syz-executor.3
91834 484522 26310 0 2 0x8000482 syz-executor.7
96433 316772 26310 0 3 0x8000082 nanoslp syz-executor.5
86799 304595 0 0 3 0x14200 acct acct
584 353582 0 0 3 0x14200 bored sosplice
26310 306662 77179 0 3 0x1a000082 thrsleep syz-fuzzer
26310 154071 77179 0 3 0x1e000082 thrsleep syz-fuzzer
26310 25549 77179 0 3 0x1e000082 kqread syz-fuzzer
26310 224120 77179 0 3 0x1e000082 thrsleep syz-fuzzer
26310 63182 77179 0 3 0x1e000082 thrsleep syz-fuzzer
26310 109005 77179 0 3 0x1e000082 wait syz-fuzzer
26310 331377 77179 0 3 0x1e000082 wait syz-fuzzer
26310 509364 77179 0 3 0x1e000082 thrsleep syz-fuzzer
26310 361332 77179 0 3 0x1e000082 wait syz-fuzzer
26310 7239 77179 0 3 0x1e000082 wait syz-fuzzer
26310 51019 77179 0 3 0x1e000082 thrsleep syz-fuzzer
26310 277591 77179 0 3 0x1e000082 wait syz-fuzzer
26310 448790 77179 0 3 0x1e000082 wait syz-fuzzer
26310 454838 77179 0 3 0x1e000082 wait syz-fuzzer
26310 205668 77179 0 3 0x1e000082 wait syz-fuzzer
77179 105255 7772 0 3 0x810008a sigsusp ksh
7772 421899 16921 0 3 0x1800009a kqread sshd
12253 507026 1 0 3 0x18100083 ttyin getty
16921 138804 1 0 3 0x18000088 kqread sshd
78507 124125 21807 73 3 0x19100090 kqread syslogd
21807 188185 1 0 3 0x18100082 sbwait syslogd
24139 293273 1 0 3 0x18100080 kqread resolvd
6070 349872 54422 77 3 0x18100092 kqread dhcpleased
12318 185971 54422 77 3 0x18100092 kqread dhcpleased
54422 409190 1 0 3 0x18000080 kqread dhcpleased
15441 368323 0 0 3 0x14200 bored smr
67705 56355 0 0 2 0x14200 zerothread
430 519583 0 0 3 0x14200 aiodoned aiodoned
91329 254880 0 0 3 0x14200 syncer update
50376 102185 0 0 3 0x14200 cleaner cleaner
85259 418679 0 0 3 0x14200 reaper reaper
69230 446213 0 0 3 0x14200 pgdaemon pagedaemon
31917 97455 0 0 3 0x14200 bored viomb
89073 257190 0 0 3 0x40014200 acpi0 acpi0
77162 141320 0 0 3 0x14200 bored softnet3
42711 132343 0 0 3 0x14200 bored softnet2
95520 441819 0 0 3 0x14200 bored softnet1
86363 478584 0 0 3 0x14200 bored softnet0
61469 319295 0 0 3 0x14200 bored systqmp
72603 339967 0 0 3 0x14200 bored systq
40435 522670 0 0 3 0x40014200 tmoslp softclock
92402 259753 0 0 3 0x40014200 idle0
1 105065 0 0 3 0x8080082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10169 6427K 10921K 166960K 28951 0
pcb 15 15K 17K 166960K 728 0
rtable 137 9K 12K 166960K 4024 0
pf 23 8K 10K 166960K 454 0
ifaddr 27 10K 14K 166960K 540 0
ifgroup 38 1K 2K 166960K 775 0
sysctl 4 1K 1K 166960K 18 0
counters 27 17K 17K 166960K 221 0
ioctlops 0 0K 2K 166960K 502 0
iov 0 0K 24K 166960K 723 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1496 94K 95K 166960K 9115 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 13K 166960K 278 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 1K 166960K 589 0
dirhash 12 2K 3K 166960K 240 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 18 65K 73K 166960K 10288 0
sigio 0 0K 0K 166960K 250 0
proc 61 59K 83K 166960K 3675 0
subproc 104 6K 7K 166960K 1355 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 1422 0
in_multi 44 3K 7K 166960K 1513 0
ether_multi 2 0K 0K 166960K 77 0
mrt 2 0K 0K 166960K 29 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 91 413K 413K 166960K 91 0
exec 0 0K 1K 166960K 3509 0
pfkey data 0 0K 0K 166960K 11 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 416 364K 380K 166960K 88131 0
UVM aobj 131 6K 6K 166960K 149 0
pinsyscall 38 76K 100K 166960K 13958 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 528 0
NDP 8 0K 2K 166960K 408 0
temp 79 6804K 7440K 166960K 193094 0
kqueue 15 21K 29K 166960K 1075 0
SYN cache 2 104K 112K 166960K 3 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 1057 0 1054 3 2 1 3 0 8 0
rtentry 112 1315 0 1260 4 1 3 4 0 8 1
unpcb 144 6975 0 6962 4 3 1 4 0 8 0
syncache 336 177 0 177 2 1 1 1 0 8 1
tcpqe 32 297 0 297 2 1 1 1 0 8 1
tcpcb 808 3393 0 3375 9 6 3 9 0 8 0
arp 88 252 0 244 1 0 1 1 0 8 0
ipq 40 21 0 21 1 0 1 1 0 8 1
ipqe 40 200 0 200 1 0 1 1 0 8 1
inpcb 360 10242 0 10218 22 18 4 16 0 8 1
nd6 104 327 0 318 1 0 1 1 0 8 0
pkpcb 40 75 0 75 2 1 1 1 0 8 1
kcovpl 48 103 0 95 1 0 1 1 0 8 0
ppxss 1072 41 0 41 2 1 1 1 0 8 1
art_heap8 4096 3 0 2 2 1 1 2 0 8 0
art_heap4 256 4889 0 4653 52 30 22 30 0 8 5
art_table 32 4892 0 4655 4 0 4 4 0 8 1
art_node 16 1291 0 1241 1 0 1 1 0 8 0
sysvmsgpl 40 37 0 29 1 0 1 1 0 8 0
semupl 112 4 0 4 1 1 0 1 0 8 0
semapl 112 580 0 570 1 0 1 1 0 8 0
shmpl 112 146 0 18 4 0 4 4 0 8 0
dirhash 1024 169 0 152 3 0 3 3 0 8 0
dino2pl 256 16365 0 14815 98 0 98 98 0 8 0
ffsino 240 16365 0 14815 92 0 92 92 0 8 0
nchpl 144 30526 0 28801 67 1 66 67 0 8 0
uvmvnodes 80 7883 0 0 161 0 161 161 0 8 0
vnodes 216 7883 0 0 438 0 438 438 0 8 0
namei 1024 103413 0 103413 5 3 2 3 0 8 2
vcpupl 2048 45 0 1 6 0 6 6 0 8 0
vmpool 664 80 0 36 4 0 4 4 0 8 0
kstatmem 264 404 0 388 2 0 2 2 0 8 0
scxspl 216 101068 0 101068 8 7 1 8 1 8 1
plimitpl 152 1533 0 1517 1 0 1 1 0 8 0
sigapl 424 10536 0 10489 10 2 8 8 0 8 2
futexpl 64 155893 0 155886 1 0 1 1 0 8 0
knotepl 120 88428 0 88337 12 9 3 11 0 8 0
kqueuepl 184 2070 0 2058 1 0 1 1 0 8 0
pipepl 288 1371 0 1343 7 4 3 7 0 8 0
fdescpl 432 10367 0 10338 4 0 4 4 0 8 0
filepl 120 60503 0 60257 13 4 9 13 0 8 0
lockfpl 104 3419 0 3417 2 1 1 2 0 8 0
lockfspl 48 1504 0 1502 1 0 1 1 0 8 0
sessionpl 144 118 0 102 1 0 1 1 0 8 0
pgrppl 48 233 0 217 1 0 1 1 0 8 0
ucredpl 104 9577 0 9565 1 0 1 1 0 8 0
zombiepl 144 10790 0 10790 1 0 1 1 0 8 1
processpl 1072 10536 0 10489 5 0 5 5 0 8 0
procpl 656 21715 0 21643 11 2 9 9 0 8 2
sosppl 168 190 0 187 1 0 1 1 0 8 0
sockpl 488 18438 0 18398 48 40 8 24 0 8 1
mcl64k 65536 367 0 367 2 1 1 1 0 8 1
mcl16k 16384 233 0 233 2 1 1 1 0 8 1
mcl12k 12288 378 0 378 2 1 1 1 0 8 1
mcl9k 9216 83 0 83 2 1 1 1 0 8 1
mcl8k 8192 774 0 774 2 1 1 1 0 8 1
mcl4k 4096 1859 0 1859 3 2 1 2 0 8 1
mcl2k2 2112 112 0 112 2 1 1 1 0 8 1
mcl2k 2048 102659 0 102591 57 40 17 32 0 8 7
mtagpl 96 1069 0 1069 4 0 4 4 0 8 4
mbufpl 256 321319 0 321185 334 306 28 69 0 8 8
bufpl 280 24658 0 16775 564 0 564 564 0 8 0
anonpl 24 1181040 0 1174932 90 29 61 90 0 188 0
amapchunkpl 152 283775 0 283082 52 19 33 49 0 158 4
amappl16 200 25526 0 25420 127 118 9 32 0 8 0
amappl15 192 8 0 8 1 1 0 1 0 8 0
amappl14 184 537 0 524 2 1 1 2 0 8 0
amappl13 176 17 0 17 1 1 0 1 0 8 0
amappl12 168 12535 0 12501 2 0 2 2 0 8 0
amappl11 160 54 0 44 1 0 1 1 0 8 0
amappl10 152 185 0 172 1 0 1 1 0 8 0
amappl9 144 168 0 168 2 1 1 1 0 8 1
amappl8 136 1251 0 1119 6 0 6 6 0 8 0
amappl7 128 109 0 94 1 0 1 1 0 8 0
amappl6 120 1840 0 1816 2 0 2 2 0 8 0
amappl5 112 686 0 674 1 0 1 1 0 8 0
amappl4 104 1366 0 1326 2 0 2 2 0 8 0
amappl3 96 54447 0 54353 3 0 3 3 0 8 0
amappl2 88 11664 0 11575 4 1 3 4 0 8 0
amappl1 80 52214 0 51716 22 10 12 22 0 8 0
amappl 88 86132 0 85908 6 0 6 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 148 0 18 3 0 3 3 0 8 0
uaddrrnd 24 10447 0 10374 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 10447 0 10374 1 0 1 1 0 8 0
vmmpekpl 168 70421 0 70354 4 0 4 4 0 8 0
vmmpepl 168 648235 0 646172 117 9 108 111 0 357 5
vmsppl 344 10446 0 10374 7 0 7 7 0 8 0
rwobjpl 24 157489 0 148253 57 0 57 57 0 8 0
pdppl 4096 20900 0 20792 612 504 108 110 0 8 0
pvpl 32 3418965 0 3406761 367 234 133 367 0 265 3
pmappl 216 10446 0 10374 5 0 5 5 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1291 0 902 13 0 13 13 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
strlcpy(deadbeefdeadc1e7,ffffffff82932919,18) at strlcpy+0x65 sys/lib/libkern/strlcpy.c:35
kthread_create(ffffffff816cb080,0,0,ffffffff82932919) at kthread_create+0x83 sys/kern/kern_kthread.c:74
nfs_getset_niothreads(1) at nfs_getset_niothreads+0x177 sys/nfs/nfs_syscalls.c:700
nfs_sysctl(ffff80002f397b38,1,0,ffff80002f397b68,20000000,4,7c1cd6278b28c09d) at nfs_sysctl+0xb8 sys/nfs/nfs_vfsops.c:887
sys_sysctl(ffff80002a6799c0,ffff80002f397ca0,ffff80002f397bf0) at sys_sysctl+0x217 sys/kern/kern_sysctl.c:254
syscall(ffff80002f397ca0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe0152f497d0, count: -7
ddb> machine ddbcpu 1
No such command
ddb> trace
strlcpy(deadbeefdeadc1e7,ffffffff82932919,18) at strlcpy+0x65 sys/lib/libkern/strlcpy.c:35
kthread_create(ffffffff816cb080,0,0,ffffffff82932919) at kthread_create+0x83 sys/kern/kern_kthread.c:74
nfs_getset_niothreads(1) at nfs_getset_niothreads+0x177 sys/nfs/nfs_syscalls.c:700
nfs_sysctl(ffff80002f397b38,1,0,ffff80002f397b68,20000000,4,7c1cd6278b28c09d) at nfs_sysctl+0xb8 sys/nfs/nfs_vfsops.c:887
sys_sysctl(ffff80002a6799c0,ffff80002f397ca0,ffff80002f397bf0) at sys_sysctl+0x217 sys/kern/kern_sysctl.c:254
syscall(ffff80002f397ca0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe0152f497d0, count: -7
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 7e284d508f03 Fix capping of VAPs
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=153693e3180000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=d46076683ca792dd5570
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9dc13d3284a4/disk-7e284d50.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/3198819dcdc1/bsd-7e284d50.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/71c921eecfc0/kernel-7e284d50.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d46076...@syzkaller.appspotmail.com
kernel: protection fault trap, code=0
Stopped at strlcpy+0x65: movb %al,0(%r15)
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
strlcpy(deadbeefdeadc1e7,ffffffff82932919,18) at strlcpy+0x65 sys/lib/libkern/strlcpy.c:35
kthread_create(ffffffff816cb080,0,0,ffffffff82932919) at kthread_create+0x83 sys/kern/kern_kthread.c:74
nfs_getset_niothreads(1) at nfs_getset_niothreads+0x177 sys/nfs/nfs_syscalls.c:700
nfs_sysctl(ffff80002f397b38,1,0,ffff80002f397b68,20000000,4,7c1cd6278b28c09d) at nfs_sysctl+0xb8 sys/nfs/nfs_vfsops.c:887
sys_sysctl(ffff80002a6799c0,ffff80002f397ca0,ffff80002f397bf0) at sys_sysctl+0x217 sys/kern/kern_sysctl.c:254
syscall(ffff80002f397ca0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe0152f497d0, count: -7
ddb> show registers
rdi 0
rsi 0x17
rbp 0xffff80002f3979e0
rbx 0x2
rdx 0xffff800000de1600
rcx 0x2649 __ALIGN_SIZE+0x1649
rax 0x6e
r8 0x78
r9 0
r10 0xb4b87c69ea6241ea
r11 0x6ef4aa164d47ab99
r12 0x16
r13 0xffffffff82932919 substchar+0x53767
r14 0xffffffff82932919 substchar+0x53767
r15 0xdeadbeefdeadc1e7
rip 0xffffffff82715dc5 strlcpy+0x65
cs 0x8
rflags 0x10202 __ALIGN_SIZE+0xf202
rsp 0xffff80002f397990
ss 0x10
strlcpy+0x65: movb %al,0(%r15)
ddb> show proc
PROC (syz-executor.5) tid=499128 pid=99736 tcnt=4 stat=onproc
flags process=8000000 proc=4000000<THREAD>
runpri=83, usrpri=83, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff80002a6787d0,0xffff80002a68a2c8
process=0xffff8000377d1508 user=0xffff80002f392000, vmspace=0xfffffd807973f030
estcpu=33, cpticks=2, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
25130 478628 22674 0 2 0x8000000 syz-executor.3
25130 509768 22674 0 2 0xc000000 syz-executor.3
71312 280669 91834 0 2 0x8000000 syz-executor.7
71312 247379 91834 0 2 0xc000000 syz-executor.7
40357 476929 61263 0 2 0x8000000 syz-executor.0
40357 76905 61263 0 3 0xc000080 fsleep syz-executor.0
87655 125548 52219 0 2 0x8000000 syz-executor.6
87655 241265 52219 0 3 0xc000080 fsleep syz-executor.6
7225 270899 41916 0 2 0x8000000 syz-executor.2
7225 336655 41916 0 3 0xc000080 fsleep syz-executor.2
97064 81657 21138 0 2 0x8000000 syz-executor.1
97064 423479 21138 0 3 0xc000080 fsleep syz-executor.1
97064 105372 21138 0 3 0xc000080 fsleep syz-executor.1
97064 34436 21138 0 3 0xc000080 fsleep syz-executor.1
99736 41456 96433 0 2 0x8000000 syz-executor.5
*99736 499128 96433 0 7 0xc000000 syz-executor.5
99736 99630 96433 0 2 0xc000000 syz-executor.5
99736 278504 96433 0 2 0xc000000 syz-executor.5
52219 263840 26310 0 2 0x8000482 syz-executor.6
41916 406508 26310 0 3 0x8000082 nanoslp syz-executor.2
5503 327034 26310 0 2 0x8000002 syz-executor.4
61263 78322 26310 0 2 0x8000482 syz-executor.0
21138 88184 26310 0 3 0x8000082 nanoslp syz-executor.1
22674 341603 26310 0 2 0x8000482 syz-executor.3
91834 484522 26310 0 2 0x8000482 syz-executor.7
96433 316772 26310 0 3 0x8000082 nanoslp syz-executor.5
86799 304595 0 0 3 0x14200 acct acct
584 353582 0 0 3 0x14200 bored sosplice
26310 306662 77179 0 3 0x1a000082 thrsleep syz-fuzzer
26310 154071 77179 0 3 0x1e000082 thrsleep syz-fuzzer
26310 25549 77179 0 3 0x1e000082 kqread syz-fuzzer
26310 224120 77179 0 3 0x1e000082 thrsleep syz-fuzzer
26310 63182 77179 0 3 0x1e000082 thrsleep syz-fuzzer
26310 109005 77179 0 3 0x1e000082 wait syz-fuzzer
26310 331377 77179 0 3 0x1e000082 wait syz-fuzzer
26310 509364 77179 0 3 0x1e000082 thrsleep syz-fuzzer
26310 361332 77179 0 3 0x1e000082 wait syz-fuzzer
26310 7239 77179 0 3 0x1e000082 wait syz-fuzzer
26310 51019 77179 0 3 0x1e000082 thrsleep syz-fuzzer
26310 277591 77179 0 3 0x1e000082 wait syz-fuzzer
26310 448790 77179 0 3 0x1e000082 wait syz-fuzzer
26310 454838 77179 0 3 0x1e000082 wait syz-fuzzer
26310 205668 77179 0 3 0x1e000082 wait syz-fuzzer
77179 105255 7772 0 3 0x810008a sigsusp ksh
7772 421899 16921 0 3 0x1800009a kqread sshd
12253 507026 1 0 3 0x18100083 ttyin getty
16921 138804 1 0 3 0x18000088 kqread sshd
78507 124125 21807 73 3 0x19100090 kqread syslogd
21807 188185 1 0 3 0x18100082 sbwait syslogd
24139 293273 1 0 3 0x18100080 kqread resolvd
6070 349872 54422 77 3 0x18100092 kqread dhcpleased
12318 185971 54422 77 3 0x18100092 kqread dhcpleased
54422 409190 1 0 3 0x18000080 kqread dhcpleased
15441 368323 0 0 3 0x14200 bored smr
67705 56355 0 0 2 0x14200 zerothread
430 519583 0 0 3 0x14200 aiodoned aiodoned
91329 254880 0 0 3 0x14200 syncer update
50376 102185 0 0 3 0x14200 cleaner cleaner
85259 418679 0 0 3 0x14200 reaper reaper
69230 446213 0 0 3 0x14200 pgdaemon pagedaemon
31917 97455 0 0 3 0x14200 bored viomb
89073 257190 0 0 3 0x40014200 acpi0 acpi0
77162 141320 0 0 3 0x14200 bored softnet3
42711 132343 0 0 3 0x14200 bored softnet2
95520 441819 0 0 3 0x14200 bored softnet1
86363 478584 0 0 3 0x14200 bored softnet0
61469 319295 0 0 3 0x14200 bored systqmp
72603 339967 0 0 3 0x14200 bored systq
40435 522670 0 0 3 0x40014200 tmoslp softclock
92402 259753 0 0 3 0x40014200 idle0
1 105065 0 0 3 0x8080082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10169 6427K 10921K 166960K 28951 0
pcb 15 15K 17K 166960K 728 0
rtable 137 9K 12K 166960K 4024 0
pf 23 8K 10K 166960K 454 0
ifaddr 27 10K 14K 166960K 540 0
ifgroup 38 1K 2K 166960K 775 0
sysctl 4 1K 1K 166960K 18 0
counters 27 17K 17K 166960K 221 0
ioctlops 0 0K 2K 166960K 502 0
iov 0 0K 24K 166960K 723 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1496 94K 95K 166960K 9115 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 13K 166960K 278 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 1K 166960K 589 0
dirhash 12 2K 3K 166960K 240 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 18 65K 73K 166960K 10288 0
sigio 0 0K 0K 166960K 250 0
proc 61 59K 83K 166960K 3675 0
subproc 104 6K 7K 166960K 1355 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 1422 0
in_multi 44 3K 7K 166960K 1513 0
ether_multi 2 0K 0K 166960K 77 0
mrt 2 0K 0K 166960K 29 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 91 413K 413K 166960K 91 0
exec 0 0K 1K 166960K 3509 0
pfkey data 0 0K 0K 166960K 11 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 416 364K 380K 166960K 88131 0
UVM aobj 131 6K 6K 166960K 149 0
pinsyscall 38 76K 100K 166960K 13958 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 528 0
NDP 8 0K 2K 166960K 408 0
temp 79 6804K 7440K 166960K 193094 0
kqueue 15 21K 29K 166960K 1075 0
SYN cache 2 104K 112K 166960K 3 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 1057 0 1054 3 2 1 3 0 8 0
rtentry 112 1315 0 1260 4 1 3 4 0 8 1
unpcb 144 6975 0 6962 4 3 1 4 0 8 0
syncache 336 177 0 177 2 1 1 1 0 8 1
tcpqe 32 297 0 297 2 1 1 1 0 8 1
tcpcb 808 3393 0 3375 9 6 3 9 0 8 0
arp 88 252 0 244 1 0 1 1 0 8 0
ipq 40 21 0 21 1 0 1 1 0 8 1
ipqe 40 200 0 200 1 0 1 1 0 8 1
inpcb 360 10242 0 10218 22 18 4 16 0 8 1
nd6 104 327 0 318 1 0 1 1 0 8 0
pkpcb 40 75 0 75 2 1 1 1 0 8 1
kcovpl 48 103 0 95 1 0 1 1 0 8 0
ppxss 1072 41 0 41 2 1 1 1 0 8 1
art_heap8 4096 3 0 2 2 1 1 2 0 8 0
art_heap4 256 4889 0 4653 52 30 22 30 0 8 5
art_table 32 4892 0 4655 4 0 4 4 0 8 1
art_node 16 1291 0 1241 1 0 1 1 0 8 0
sysvmsgpl 40 37 0 29 1 0 1 1 0 8 0
semupl 112 4 0 4 1 1 0 1 0 8 0
semapl 112 580 0 570 1 0 1 1 0 8 0
shmpl 112 146 0 18 4 0 4 4 0 8 0
dirhash 1024 169 0 152 3 0 3 3 0 8 0
dino2pl 256 16365 0 14815 98 0 98 98 0 8 0
ffsino 240 16365 0 14815 92 0 92 92 0 8 0
nchpl 144 30526 0 28801 67 1 66 67 0 8 0
uvmvnodes 80 7883 0 0 161 0 161 161 0 8 0
vnodes 216 7883 0 0 438 0 438 438 0 8 0
namei 1024 103413 0 103413 5 3 2 3 0 8 2
vcpupl 2048 45 0 1 6 0 6 6 0 8 0
vmpool 664 80 0 36 4 0 4 4 0 8 0
kstatmem 264 404 0 388 2 0 2 2 0 8 0
scxspl 216 101068 0 101068 8 7 1 8 1 8 1
plimitpl 152 1533 0 1517 1 0 1 1 0 8 0
sigapl 424 10536 0 10489 10 2 8 8 0 8 2
futexpl 64 155893 0 155886 1 0 1 1 0 8 0
knotepl 120 88428 0 88337 12 9 3 11 0 8 0
kqueuepl 184 2070 0 2058 1 0 1 1 0 8 0
pipepl 288 1371 0 1343 7 4 3 7 0 8 0
fdescpl 432 10367 0 10338 4 0 4 4 0 8 0
filepl 120 60503 0 60257 13 4 9 13 0 8 0
lockfpl 104 3419 0 3417 2 1 1 2 0 8 0
lockfspl 48 1504 0 1502 1 0 1 1 0 8 0
sessionpl 144 118 0 102 1 0 1 1 0 8 0
pgrppl 48 233 0 217 1 0 1 1 0 8 0
ucredpl 104 9577 0 9565 1 0 1 1 0 8 0
zombiepl 144 10790 0 10790 1 0 1 1 0 8 1
processpl 1072 10536 0 10489 5 0 5 5 0 8 0
procpl 656 21715 0 21643 11 2 9 9 0 8 2
sosppl 168 190 0 187 1 0 1 1 0 8 0
sockpl 488 18438 0 18398 48 40 8 24 0 8 1
mcl64k 65536 367 0 367 2 1 1 1 0 8 1
mcl16k 16384 233 0 233 2 1 1 1 0 8 1
mcl12k 12288 378 0 378 2 1 1 1 0 8 1
mcl9k 9216 83 0 83 2 1 1 1 0 8 1
mcl8k 8192 774 0 774 2 1 1 1 0 8 1
mcl4k 4096 1859 0 1859 3 2 1 2 0 8 1
mcl2k2 2112 112 0 112 2 1 1 1 0 8 1
mcl2k 2048 102659 0 102591 57 40 17 32 0 8 7
mtagpl 96 1069 0 1069 4 0 4 4 0 8 4
mbufpl 256 321319 0 321185 334 306 28 69 0 8 8
bufpl 280 24658 0 16775 564 0 564 564 0 8 0
anonpl 24 1181040 0 1174932 90 29 61 90 0 188 0
amapchunkpl 152 283775 0 283082 52 19 33 49 0 158 4
amappl16 200 25526 0 25420 127 118 9 32 0 8 0
amappl15 192 8 0 8 1 1 0 1 0 8 0
amappl14 184 537 0 524 2 1 1 2 0 8 0
amappl13 176 17 0 17 1 1 0 1 0 8 0
amappl12 168 12535 0 12501 2 0 2 2 0 8 0
amappl11 160 54 0 44 1 0 1 1 0 8 0
amappl10 152 185 0 172 1 0 1 1 0 8 0
amappl9 144 168 0 168 2 1 1 1 0 8 1
amappl8 136 1251 0 1119 6 0 6 6 0 8 0
amappl7 128 109 0 94 1 0 1 1 0 8 0
amappl6 120 1840 0 1816 2 0 2 2 0 8 0
amappl5 112 686 0 674 1 0 1 1 0 8 0
amappl4 104 1366 0 1326 2 0 2 2 0 8 0
amappl3 96 54447 0 54353 3 0 3 3 0 8 0
amappl2 88 11664 0 11575 4 1 3 4 0 8 0
amappl1 80 52214 0 51716 22 10 12 22 0 8 0
amappl 88 86132 0 85908 6 0 6 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 148 0 18 3 0 3 3 0 8 0
uaddrrnd 24 10447 0 10374 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 10447 0 10374 1 0 1 1 0 8 0
vmmpekpl 168 70421 0 70354 4 0 4 4 0 8 0
vmmpepl 168 648235 0 646172 117 9 108 111 0 357 5
vmsppl 344 10446 0 10374 7 0 7 7 0 8 0
rwobjpl 24 157489 0 148253 57 0 57 57 0 8 0
pdppl 4096 20900 0 20792 612 504 108 110 0 8 0
pvpl 32 3418965 0 3406761 367 234 133 367 0 265 3
pmappl 216 10446 0 10374 5 0 5 5 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1291 0 902 13 0 13 13 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
strlcpy(deadbeefdeadc1e7,ffffffff82932919,18) at strlcpy+0x65 sys/lib/libkern/strlcpy.c:35
kthread_create(ffffffff816cb080,0,0,ffffffff82932919) at kthread_create+0x83 sys/kern/kern_kthread.c:74
nfs_getset_niothreads(1) at nfs_getset_niothreads+0x177 sys/nfs/nfs_syscalls.c:700
nfs_sysctl(ffff80002f397b38,1,0,ffff80002f397b68,20000000,4,7c1cd6278b28c09d) at nfs_sysctl+0xb8 sys/nfs/nfs_vfsops.c:887
sys_sysctl(ffff80002a6799c0,ffff80002f397ca0,ffff80002f397bf0) at sys_sysctl+0x217 sys/kern/kern_sysctl.c:254
syscall(ffff80002f397ca0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe0152f497d0, count: -7
ddb> machine ddbcpu 1
No such command
ddb> trace
strlcpy(deadbeefdeadc1e7,ffffffff82932919,18) at strlcpy+0x65 sys/lib/libkern/strlcpy.c:35
kthread_create(ffffffff816cb080,0,0,ffffffff82932919) at kthread_create+0x83 sys/kern/kern_kthread.c:74
nfs_getset_niothreads(1) at nfs_getset_niothreads+0x177 sys/nfs/nfs_syscalls.c:700
nfs_sysctl(ffff80002f397b38,1,0,ffff80002f397b68,20000000,4,7c1cd6278b28c09d) at nfs_sysctl+0xb8 sys/nfs/nfs_vfsops.c:887
sys_sysctl(ffff80002a6799c0,ffff80002f397ca0,ffff80002f397bf0) at sys_sysctl+0x217 sys/kern/kern_sysctl.c:254
syscall(ffff80002f397ca0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xe0152f497d0, count: -7
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages