assert "ifa == rt->rt_ifa" failed in nd6.c (2)
0 views
Skip to first unread message
syzbot
Sep 29, 2019, 12:53:07 PM9/29/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 6fa5adb2 Make clang emit the proper path to our libcompile..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16bc907d600000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=4992ad686d5ea5849064
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+4992ad...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "ifa == rt->rt_ifa" failed:
file "/syzkaller/managers/main/kernel/sys/netinet6/nd6.c", line 947
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*310011 41493 0 0 0x4000000 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff821e578d,ffffffff821c7dfa,3b3,ffffffff821a1f94) at
__assert+0x2b sys/kern/subr_prf.c:154
nd6_rtrequest(ffff800000b10000,1,fffffd803e2de7e8) at nd6_rtrequest+0xbb4
sys/netinet6/nd6.c:947
rtrequest(1,ffff800015931b78,1,ffff800015931c48,0) at rtrequest+0x9be
sys/net/route.c:973
rt_ifa_add(ffff800000a98600,240404,ffff800000a98658,0) at rt_ifa_add+0x290
sys/net/route.c:1133
rt_ifa_addlocal(ffff800000a98600) at rt_ifa_addlocal+0x149
sys/net/route.c:1242
in_ifinit(ffff800000b10000,ffff800000a98600,ffff800015931f70,0) at
in_ifinit+0x1cf sys/netinet/in.c:614
in_ioctl_sifaddr(8020690c,ffff800015931f60,ffff800000b10000,1) at
in_ioctl_sifaddr+0x208 sys/netinet/in.c:360
in_ioctl(8020690c,ffff800015931f60,ffff800000b10000,1) at in_ioctl+0x1e7
sys/netinet/in.c:231
ifioctl(fffffd802e7c8da8,8020690c,ffff800015931f60,ffff8000ffff29f8) at
ifioctl+0xb34 sys/net/if.c:2202
sys_ioctl(ffff8000ffff29f8,ffff800015932078,ffff8000159320c0) at
sys_ioctl+0x5b9
syscall(ffff800015932140) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff36,0,3,fa98f9d21b0) at Xsyscall+0x128
end of kernel
end trace frame: 0xfac38eb4680, count: 1
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel diagnostic assertion "ifa == rt->rt_ifa" failed:
file "/syzkaller/managers/main/kernel/sys/netinet6/nd6.c", line 947
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff821e578d,ffffffff821c7dfa,3b3,ffffffff821a1f94) at
__assert+0x2b sys/kern/subr_prf.c:154
nd6_rtrequest(ffff800000b10000,1,fffffd803e2de7e8) at nd6_rtrequest+0xbb4
sys/netinet6/nd6.c:947
rtrequest(1,ffff800015931b78,1,ffff800015931c48,0) at rtrequest+0x9be
sys/net/route.c:973
rt_ifa_add(ffff800000a98600,240404,ffff800000a98658,0) at rt_ifa_add+0x290
sys/net/route.c:1133
rt_ifa_addlocal(ffff800000a98600) at rt_ifa_addlocal+0x149
sys/net/route.c:1242
in_ifinit(ffff800000b10000,ffff800000a98600,ffff800015931f70,0) at
in_ifinit+0x1cf sys/netinet/in.c:614
in_ioctl_sifaddr(8020690c,ffff800015931f60,ffff800000b10000,1) at
in_ioctl_sifaddr+0x208 sys/netinet/in.c:360
in_ioctl(8020690c,ffff800015931f60,ffff800000b10000,1) at in_ioctl+0x1e7
sys/netinet/in.c:231
ifioctl(fffffd802e7c8da8,8020690c,ffff800015931f60,ffff8000ffff29f8) at
ifioctl+0xb34 sys/net/if.c:2202
sys_ioctl(ffff8000ffff29f8,ffff800015932078,ffff8000159320c0) at
sys_ioctl+0x5b9
syscall(ffff800015932140) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff36,0,3,fa98f9d21b0) at Xsyscall+0x128
end of kernel
end trace frame: 0xfac38eb4680, count: -14
ddb> show registers
rdi 0xffffffff81d502a7 db_enter+0x17
rsi 0x47ad __ALIGN_SIZE+0x37ad
rbp 0xffff8000159318b0
rbx 0xffff800015931960
rdx 0x47ae __ALIGN_SIZE+0x37ae
rcx 0xffff800017727000
rax 0xffff800017727000
r8 0xffff800015931870
r9 0x1
r10 0xffff800000b04800
r11 0x4293eb2968f76bd3
r12 0x3000000008
r13 0xffff8000159318c0
r14 0x100
r15 0x1
rip 0xffffffff81d502a8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000159318a0
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=310011 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff2018,0xffff8000ffff2c80
process=0xffff8000ffff70f0 user=0xffff80001592d000,
vmspace=0xfffffd803f014440
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
40997 275956 52951 0 2 0 syz-executor.1
40997 334483 52951 0 3 0x4000080 fsleep syz-executor.1
41493 270818 29708 0 2 0 syz-executor.0
41493 376026 29708 0 3 0x4000080 ttyin syz-executor.0
41493 140632 29708 0 3 0x4000080 ttyin syz-executor.0
*41493 310011 29708 0 7 0x4000000 syz-executor.0
63787 371239 0 0 3 0x14200 acct acct
52951 276081 3156 0 2 0x482 syz-executor.1
29708 519650 3156 0 3 0x82 nanosleep syz-executor.0
56380 54342 1 0 3 0x100083 ttyin getty
31758 499427 0 0 3 0x14200 bored sosplice
3156 164433 30416 0 3 0x82 thrsleep syz-fuzzer
3156 83032 30416 0 3 0x4000082 thrsleep syz-fuzzer
3156 462905 30416 0 3 0x4000082 kqread syz-fuzzer
3156 245298 30416 0 3 0x4000082 thrsleep syz-fuzzer
3156 110980 30416 0 3 0x4000082 thrsleep syz-fuzzer
3156 176241 30416 0 3 0x4000082 thrsleep syz-fuzzer
3156 347975 30416 0 3 0x4000082 thrsleep syz-fuzzer
30416 505227 60724 0 3 0x10008a pause ksh
60724 423922 56252 0 3 0x92 select sshd
56252 443913 1 0 3 0x80 select sshd
39493 167175 3843 73 3 0x100090 kqread syslogd
3843 143201 1 0 3 0x100082 netio syslogd
43995 359567 1 77 3 0x100090 poll dhclient
53682 498270 1 0 3 0x80 poll dhclient
78133 502080 0 0 2 0x14200 zerothread
56500 60295 0 0 3 0x14200 aiodoned aiodoned
40087 129651 0 0 3 0x14200 syncer update
665 177636 0 0 3 0x14200 cleaner cleaner
34501 58255 0 0 3 0x14200 reaper reaper
96920 99455 0 0 3 0x14200 pgdaemon pagedaemon
63516 472103 0 0 3 0x14200 bored crynlk
46457 260292 0 0 3 0x14200 bored crypto
1294 15188 0 0 3 0x40014200 acpi0 acpi0
95833 300577 0 0 3 0x14200 bored softnet
77943 112704 0 0 3 0x14200 bored systqmp
42114 36731 0 0 3 0x14200 bored systq
56392 156262 0 0 3 0x40014200 bored softclock
68530 284128 0 0 3 0x40014200 idle0
69199 330474 0 0 3 0x14200 bored smr
1 429301 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9585 6447K 7768K 78643K 21768 0 0
pcb 13 10K 12K 78643K 883 0 0
rtable 126 9K 9K 78643K 1695 0 0
ifaddr 84 17K 18K 78643K 496 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 162 0 0
iov 0 0K 32K 78643K 791 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1215 76K 77K 78643K 5267 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 54 0 0
VM map 2 0K 0K 78643K 14 0 0
sem 12 0K 1K 78643K 523 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 6 17K 25K 78643K 3320 0 0
sigio 0 0K 0K 78643K 52 0 0
proc 49 38K 63K 78643K 1125 0 0
subproc 32 2K 2K 78643K 214 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 186 0 0
in_multi 29 1K 2K 78643K 243 0 0
ether_multi 1 0K 0K 78643K 16 0 0
mrt 2 0K 0K 78643K 31 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 150 662K 662K 78643K 150 0 0
exec 0 0K 1K 78643K 662 0 0
pfkey data 0 0K 0K 78643K 2 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 121 22K 40K 78643K 10132 0 0
UVM aobj 106 4K 4K 78643K 142 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 711 0 0
NDP 20 0K 0K 78643K 147 0 0
temp 226 3540K 4180K 78643K 113882 0 0
kqueue 0 0K 0K 78643K 23 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 59 0 54 1 0 1 1 0
8 0
rtpcb 80 582 0 580 1 0 1 1 0
8 0
rtentry 112 318 0 271 2 0 2 2 0
8 0
unpcb 120 1924 0 1908 2 0 2 2 0
8 1
syncache 264 13 0 13 7 6 1 1 0
8 1
tcpqe 32 6437 0 6437 2 2 0 1 0
8 0
tcpcb 544 2128 0 2122 2 1 1 2 0
8 0
ipq 40 19 0 19 8 8 0 1 0
8 0
ipqe 40 48 0 48 8 8 0 1 0
8 0
inpcb 280 5174 0 5163 25 23 2 13 0
8 1
rttmr 72 10 0 9 8 7 1 1 0
8 0
ip6q 72 1 0 1 1 1 0 1 0
8 0
ip6af 40 1 0 1 1 1 0 1 0
8 0
nd6 48 32 0 27 4 3 1 1 0
8 0
pkpcb 40 18 0 18 8 7 1 1 0
8 1
swfcl 56 2 0 0 1 0 1 1 0
8 0
ppxss 1128 64 0 64 21 21 0 1 0
8 0
art_heap8 4096 13 0 11 9 7 2 3 0
8 0
art_heap4 256 1337 0 1050 33 15 18 18 0
8 0
art_table 32 1350 0 1061 4 1 3 3 0
8 0
art_node 16 313 0 270 1 0 1 1 0
8 0
sysvmsgpl 40 13 0 6 1 0 1 1 0
8 0
semupl 112 1 0 1 1 1 0 1 0
8 0
semapl 112 521 0 511 1 0 1 1 0
8 0
shmpl 112 140 0 36 4 1 3 3 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 7562 0 6163 46 0 46 46 0
8 0
ffsino 240 7562 0 6163 84 0 84 84 0
8 0
nchpl 144 12687 0 11073 60 0 60 60 0
8 0
uvmvnodes 72 6397 0 0 117 0 117 117 0
8 0
vnodes 208 6397 0 0 337 0 337 337 0
8 0
namei 1024 52380 0 52380 3 2 1 1 0
8 1
vmpool 520 12 0 12 6 6 0 1 0
8 0
scsiplug 64 3 0 3 2 2 0 1 0
8 0
scxspl 192 41556 0 41556 26 24 2 7 0
8 2
plimitpl 152 265 0 258 1 0 1 1 0
8 0
sigapl 432 3463 0 3449 2 0 2 2 0
8 0
futexpl 56 91858 0 91857 1 0 1 1 0
8 0
knotepl 112 795 0 776 3 2 1 3 0
8 0
kqueuepl 104 837 0 835 1 0 1 1 0
8 0
pipepl 112 1788 0 1769 9 8 1 2 0
8 0
fdescpl 424 3464 0 3449 2 0 2 2 0
8 0
filepl 120 37645 0 37532 24 20 4 11 0
8 0
lockfpl 104 2818 0 2817 1 0 1 1 0
8 0
lockfspl 48 856 0 855 1 0 1 1 0
8 0
sessionpl 112 29 0 19 1 0 1 1 0
8 0
pgrppl 48 57 0 47 1 0 1 1 0
8 0
ucredpl 96 11456 0 11448 1 0 1 1 0
8 0
zombiepl 144 3452 0 3452 3 2 1 1 0
8 1
processpl 864 3483 0 3452 4 0 4 4 0
8 0
procpl 632 8804 0 8763 12 7 5 5 0
8 1
sosppl 128 62 0 62 18 18 0 1 0
8 0
sockpl 384 7756 0 7727 45 40 5 21 0
8 2
mcl64k 65536 515 0 515 38 37 1 32 0
8 1
mcl16k 16384 35 0 35 18 17 1 1 0
8 1
mcl12k 12288 81 0 81 17 16 1 1 0
8 1
mcl9k 9216 55 0 55 18 17 1 1 0
8 1
mcl8k 8192 112 0 112 14 13 1 1 0
8 1
mcl4k 4096 425 0 425 2 1 1 1 0
8 1
mcl2k2 2112 28 0 28 15 14 1 1 0
8 1
mcl2k 2048 58664 0 58619 20 13 7 12 0
8 0
mtagpl 80 855 0 733 9 6 3 4 0
8 0
mbufpl 256 125584 0 125224 98 73 25 47 0
8 1
bufpl 256 19530 0 13122 401 0 401 401 0
8 0
anonpl 16 400119 0 383809 242 160 82 84 0 62
13
amapchunkpl 152 20068 0 19950 88 79 9 19 0
158 1
amappl16 192 20862 0 19931 221 166 55 59 0
8 8
amappl15 184 95 0 95 1 1 0 1 0
8 0
amappl14 176 573 0 567 2 1 1 1 0
8 0
amappl12 160 1366 0 1362 1 0 1 1 0
8 0
amappl11 152 1004 0 993 1 0 1 1 0
8 0
amappl10 144 341 0 337 1 0 1 1 0
8 0
amappl9 136 704 0 698 1 0 1 1 0
8 0
amappl8 128 312 0 269 2 0 2 2 0
8 0
amappl7 120 390 0 382 1 0 1 1 0
8 0
amappl6 112 986 0 976 1 0 1 1 0
8 0
amappl5 104 1591 0 1581 1 0 1 1 0
8 0
amappl4 96 3254 0 3227 1 0 1 1 0
8 0
amappl3 88 1016 0 1010 1 0 1 1 0
8 0
amappl2 80 26526 0 26450 4 2 2 3 0
8 0
amappl1 72 74679 0 74267 28 19 9 20 0
8 0
amappl 80 9227 0 9186 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 141 0 36 2 0 2 2 0
8 0
uaddrrnd 24 3476 0 3449 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 3476 0 3449 1 0 1 1 0
8 0
vmmpekpl 168 27129 0 27101 2 0 2 2 0
8 0
vmmpepl 168 423624 0 421533 327 228 99 127 0
357 5
vmsppl 272 3463 0 3449 4 3 1 2 0
8 0
pdppl 4096 6958 0 6922 6 1 5 6 0
8 0
pvpl 32 1045228 0 1025693 432 238 194 222 0 265
32
pmappl 200 3475 0 3461 1 0 1 1 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 737 0 185 16 0 16 16 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 6fa5adb2 Make clang emit the proper path to our libcompile..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16bc907d600000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=4992ad686d5ea5849064
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+4992ad...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "ifa == rt->rt_ifa" failed:
file "/syzkaller/managers/main/kernel/sys/netinet6/nd6.c", line 947
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*310011 41493 0 0 0x4000000 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff821e578d,ffffffff821c7dfa,3b3,ffffffff821a1f94) at
__assert+0x2b sys/kern/subr_prf.c:154
nd6_rtrequest(ffff800000b10000,1,fffffd803e2de7e8) at nd6_rtrequest+0xbb4
sys/netinet6/nd6.c:947
rtrequest(1,ffff800015931b78,1,ffff800015931c48,0) at rtrequest+0x9be
sys/net/route.c:973
rt_ifa_add(ffff800000a98600,240404,ffff800000a98658,0) at rt_ifa_add+0x290
sys/net/route.c:1133
rt_ifa_addlocal(ffff800000a98600) at rt_ifa_addlocal+0x149
sys/net/route.c:1242
in_ifinit(ffff800000b10000,ffff800000a98600,ffff800015931f70,0) at
in_ifinit+0x1cf sys/netinet/in.c:614
in_ioctl_sifaddr(8020690c,ffff800015931f60,ffff800000b10000,1) at
in_ioctl_sifaddr+0x208 sys/netinet/in.c:360
in_ioctl(8020690c,ffff800015931f60,ffff800000b10000,1) at in_ioctl+0x1e7
sys/netinet/in.c:231
ifioctl(fffffd802e7c8da8,8020690c,ffff800015931f60,ffff8000ffff29f8) at
ifioctl+0xb34 sys/net/if.c:2202
sys_ioctl(ffff8000ffff29f8,ffff800015932078,ffff8000159320c0) at
sys_ioctl+0x5b9
syscall(ffff800015932140) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff36,0,3,fa98f9d21b0) at Xsyscall+0x128
end of kernel
end trace frame: 0xfac38eb4680, count: 1
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel diagnostic assertion "ifa == rt->rt_ifa" failed:
file "/syzkaller/managers/main/kernel/sys/netinet6/nd6.c", line 947
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff821e578d,ffffffff821c7dfa,3b3,ffffffff821a1f94) at
__assert+0x2b sys/kern/subr_prf.c:154
nd6_rtrequest(ffff800000b10000,1,fffffd803e2de7e8) at nd6_rtrequest+0xbb4
sys/netinet6/nd6.c:947
rtrequest(1,ffff800015931b78,1,ffff800015931c48,0) at rtrequest+0x9be
sys/net/route.c:973
rt_ifa_add(ffff800000a98600,240404,ffff800000a98658,0) at rt_ifa_add+0x290
sys/net/route.c:1133
rt_ifa_addlocal(ffff800000a98600) at rt_ifa_addlocal+0x149
sys/net/route.c:1242
in_ifinit(ffff800000b10000,ffff800000a98600,ffff800015931f70,0) at
in_ifinit+0x1cf sys/netinet/in.c:614
in_ioctl_sifaddr(8020690c,ffff800015931f60,ffff800000b10000,1) at
in_ioctl_sifaddr+0x208 sys/netinet/in.c:360
in_ioctl(8020690c,ffff800015931f60,ffff800000b10000,1) at in_ioctl+0x1e7
sys/netinet/in.c:231
ifioctl(fffffd802e7c8da8,8020690c,ffff800015931f60,ffff8000ffff29f8) at
ifioctl+0xb34 sys/net/if.c:2202
sys_ioctl(ffff8000ffff29f8,ffff800015932078,ffff8000159320c0) at
sys_ioctl+0x5b9
syscall(ffff800015932140) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff36,0,3,fa98f9d21b0) at Xsyscall+0x128
end of kernel
end trace frame: 0xfac38eb4680, count: -14
ddb> show registers
rdi 0xffffffff81d502a7 db_enter+0x17
rsi 0x47ad __ALIGN_SIZE+0x37ad
rbp 0xffff8000159318b0
rbx 0xffff800015931960
rdx 0x47ae __ALIGN_SIZE+0x37ae
rcx 0xffff800017727000
rax 0xffff800017727000
r8 0xffff800015931870
r9 0x1
r10 0xffff800000b04800
r11 0x4293eb2968f76bd3
r12 0x3000000008
r13 0xffff8000159318c0
r14 0x100
r15 0x1
rip 0xffffffff81d502a8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000159318a0
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=310011 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff2018,0xffff8000ffff2c80
process=0xffff8000ffff70f0 user=0xffff80001592d000,
vmspace=0xfffffd803f014440
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
40997 275956 52951 0 2 0 syz-executor.1
40997 334483 52951 0 3 0x4000080 fsleep syz-executor.1
41493 270818 29708 0 2 0 syz-executor.0
41493 376026 29708 0 3 0x4000080 ttyin syz-executor.0
41493 140632 29708 0 3 0x4000080 ttyin syz-executor.0
*41493 310011 29708 0 7 0x4000000 syz-executor.0
63787 371239 0 0 3 0x14200 acct acct
52951 276081 3156 0 2 0x482 syz-executor.1
29708 519650 3156 0 3 0x82 nanosleep syz-executor.0
56380 54342 1 0 3 0x100083 ttyin getty
31758 499427 0 0 3 0x14200 bored sosplice
3156 164433 30416 0 3 0x82 thrsleep syz-fuzzer
3156 83032 30416 0 3 0x4000082 thrsleep syz-fuzzer
3156 462905 30416 0 3 0x4000082 kqread syz-fuzzer
3156 245298 30416 0 3 0x4000082 thrsleep syz-fuzzer
3156 110980 30416 0 3 0x4000082 thrsleep syz-fuzzer
3156 176241 30416 0 3 0x4000082 thrsleep syz-fuzzer
3156 347975 30416 0 3 0x4000082 thrsleep syz-fuzzer
30416 505227 60724 0 3 0x10008a pause ksh
60724 423922 56252 0 3 0x92 select sshd
56252 443913 1 0 3 0x80 select sshd
39493 167175 3843 73 3 0x100090 kqread syslogd
3843 143201 1 0 3 0x100082 netio syslogd
43995 359567 1 77 3 0x100090 poll dhclient
53682 498270 1 0 3 0x80 poll dhclient
78133 502080 0 0 2 0x14200 zerothread
56500 60295 0 0 3 0x14200 aiodoned aiodoned
40087 129651 0 0 3 0x14200 syncer update
665 177636 0 0 3 0x14200 cleaner cleaner
34501 58255 0 0 3 0x14200 reaper reaper
96920 99455 0 0 3 0x14200 pgdaemon pagedaemon
63516 472103 0 0 3 0x14200 bored crynlk
46457 260292 0 0 3 0x14200 bored crypto
1294 15188 0 0 3 0x40014200 acpi0 acpi0
95833 300577 0 0 3 0x14200 bored softnet
77943 112704 0 0 3 0x14200 bored systqmp
42114 36731 0 0 3 0x14200 bored systq
56392 156262 0 0 3 0x40014200 bored softclock
68530 284128 0 0 3 0x40014200 idle0
69199 330474 0 0 3 0x14200 bored smr
1 429301 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9585 6447K 7768K 78643K 21768 0 0
pcb 13 10K 12K 78643K 883 0 0
rtable 126 9K 9K 78643K 1695 0 0
ifaddr 84 17K 18K 78643K 496 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 162 0 0
iov 0 0K 32K 78643K 791 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1215 76K 77K 78643K 5267 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 54 0 0
VM map 2 0K 0K 78643K 14 0 0
sem 12 0K 1K 78643K 523 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 6 17K 25K 78643K 3320 0 0
sigio 0 0K 0K 78643K 52 0 0
proc 49 38K 63K 78643K 1125 0 0
subproc 32 2K 2K 78643K 214 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 186 0 0
in_multi 29 1K 2K 78643K 243 0 0
ether_multi 1 0K 0K 78643K 16 0 0
mrt 2 0K 0K 78643K 31 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 150 662K 662K 78643K 150 0 0
exec 0 0K 1K 78643K 662 0 0
pfkey data 0 0K 0K 78643K 2 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 121 22K 40K 78643K 10132 0 0
UVM aobj 106 4K 4K 78643K 142 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 711 0 0
NDP 20 0K 0K 78643K 147 0 0
temp 226 3540K 4180K 78643K 113882 0 0
kqueue 0 0K 0K 78643K 23 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 59 0 54 1 0 1 1 0
8 0
rtpcb 80 582 0 580 1 0 1 1 0
8 0
rtentry 112 318 0 271 2 0 2 2 0
8 0
unpcb 120 1924 0 1908 2 0 2 2 0
8 1
syncache 264 13 0 13 7 6 1 1 0
8 1
tcpqe 32 6437 0 6437 2 2 0 1 0
8 0
tcpcb 544 2128 0 2122 2 1 1 2 0
8 0
ipq 40 19 0 19 8 8 0 1 0
8 0
ipqe 40 48 0 48 8 8 0 1 0
8 0
inpcb 280 5174 0 5163 25 23 2 13 0
8 1
rttmr 72 10 0 9 8 7 1 1 0
8 0
ip6q 72 1 0 1 1 1 0 1 0
8 0
ip6af 40 1 0 1 1 1 0 1 0
8 0
nd6 48 32 0 27 4 3 1 1 0
8 0
pkpcb 40 18 0 18 8 7 1 1 0
8 1
swfcl 56 2 0 0 1 0 1 1 0
8 0
ppxss 1128 64 0 64 21 21 0 1 0
8 0
art_heap8 4096 13 0 11 9 7 2 3 0
8 0
art_heap4 256 1337 0 1050 33 15 18 18 0
8 0
art_table 32 1350 0 1061 4 1 3 3 0
8 0
art_node 16 313 0 270 1 0 1 1 0
8 0
sysvmsgpl 40 13 0 6 1 0 1 1 0
8 0
semupl 112 1 0 1 1 1 0 1 0
8 0
semapl 112 521 0 511 1 0 1 1 0
8 0
shmpl 112 140 0 36 4 1 3 3 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 7562 0 6163 46 0 46 46 0
8 0
ffsino 240 7562 0 6163 84 0 84 84 0
8 0
nchpl 144 12687 0 11073 60 0 60 60 0
8 0
uvmvnodes 72 6397 0 0 117 0 117 117 0
8 0
vnodes 208 6397 0 0 337 0 337 337 0
8 0
namei 1024 52380 0 52380 3 2 1 1 0
8 1
vmpool 520 12 0 12 6 6 0 1 0
8 0
scsiplug 64 3 0 3 2 2 0 1 0
8 0
scxspl 192 41556 0 41556 26 24 2 7 0
8 2
plimitpl 152 265 0 258 1 0 1 1 0
8 0
sigapl 432 3463 0 3449 2 0 2 2 0
8 0
futexpl 56 91858 0 91857 1 0 1 1 0
8 0
knotepl 112 795 0 776 3 2 1 3 0
8 0
kqueuepl 104 837 0 835 1 0 1 1 0
8 0
pipepl 112 1788 0 1769 9 8 1 2 0
8 0
fdescpl 424 3464 0 3449 2 0 2 2 0
8 0
filepl 120 37645 0 37532 24 20 4 11 0
8 0
lockfpl 104 2818 0 2817 1 0 1 1 0
8 0
lockfspl 48 856 0 855 1 0 1 1 0
8 0
sessionpl 112 29 0 19 1 0 1 1 0
8 0
pgrppl 48 57 0 47 1 0 1 1 0
8 0
ucredpl 96 11456 0 11448 1 0 1 1 0
8 0
zombiepl 144 3452 0 3452 3 2 1 1 0
8 1
processpl 864 3483 0 3452 4 0 4 4 0
8 0
procpl 632 8804 0 8763 12 7 5 5 0
8 1
sosppl 128 62 0 62 18 18 0 1 0
8 0
sockpl 384 7756 0 7727 45 40 5 21 0
8 2
mcl64k 65536 515 0 515 38 37 1 32 0
8 1
mcl16k 16384 35 0 35 18 17 1 1 0
8 1
mcl12k 12288 81 0 81 17 16 1 1 0
8 1
mcl9k 9216 55 0 55 18 17 1 1 0
8 1
mcl8k 8192 112 0 112 14 13 1 1 0
8 1
mcl4k 4096 425 0 425 2 1 1 1 0
8 1
mcl2k2 2112 28 0 28 15 14 1 1 0
8 1
mcl2k 2048 58664 0 58619 20 13 7 12 0
8 0
mtagpl 80 855 0 733 9 6 3 4 0
8 0
mbufpl 256 125584 0 125224 98 73 25 47 0
8 1
bufpl 256 19530 0 13122 401 0 401 401 0
8 0
anonpl 16 400119 0 383809 242 160 82 84 0 62
13
amapchunkpl 152 20068 0 19950 88 79 9 19 0
158 1
amappl16 192 20862 0 19931 221 166 55 59 0
8 8
amappl15 184 95 0 95 1 1 0 1 0
8 0
amappl14 176 573 0 567 2 1 1 1 0
8 0
amappl12 160 1366 0 1362 1 0 1 1 0
8 0
amappl11 152 1004 0 993 1 0 1 1 0
8 0
amappl10 144 341 0 337 1 0 1 1 0
8 0
amappl9 136 704 0 698 1 0 1 1 0
8 0
amappl8 128 312 0 269 2 0 2 2 0
8 0
amappl7 120 390 0 382 1 0 1 1 0
8 0
amappl6 112 986 0 976 1 0 1 1 0
8 0
amappl5 104 1591 0 1581 1 0 1 1 0
8 0
amappl4 96 3254 0 3227 1 0 1 1 0
8 0
amappl3 88 1016 0 1010 1 0 1 1 0
8 0
amappl2 80 26526 0 26450 4 2 2 3 0
8 0
amappl1 72 74679 0 74267 28 19 9 20 0
8 0
amappl 80 9227 0 9186 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 141 0 36 2 0 2 2 0
8 0
uaddrrnd 24 3476 0 3449 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 3476 0 3449 1 0 1 1 0
8 0
vmmpekpl 168 27129 0 27101 2 0 2 2 0
8 0
vmmpepl 168 423624 0 421533 327 228 99 127 0
357 5
vmsppl 272 3463 0 3449 4 3 1 2 0
8 0
pdppl 4096 6958 0 6922 6 1 5 6 0
8 0
pvpl 32 1045228 0 1025693 432 238 194 222 0 265
32
pmappl 200 3475 0 3461 1 0 1 1 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 737 0 185 16 0 16 16 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jan 4, 2020, 3:58:07 PM1/4/20
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages