uvm_fault: memcpy
9 views
Skip to first unread message
syzbot
Mar 11, 2019, 3:17:07 PM3/11/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 015dd9ff mark check_abort() and post_abort() as __dead; ba..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16fe884d200000
kernel config: https://syzkaller.appspot.com/x/.config?x=ffa1da4399f74b2b
dashboard link: https://syzkaller.appspot.com/bug?extid=18fd599cf8e14c507115
userspace arch: amd64
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+18fd59...@syzkaller.appspotmail.com
uvm_fault(0xffffffff821f4cc8, 0xffff800002f87000, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at memcpy+0x15: repe movsq (%rsi),%es:(%rdi)
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xffffffff821f4cc8, 0xffff800002f87000, 0, 1) -> e
memcpy(fffffd803a1f6a18,ffff800002f86f0d,0,fffffd803a1f6a18,9efe89f687f1a983,ffff8000149f5b28)
at
memcpy+0x15
end trace frame: 0xffff8000149f5a30, count: 0
ddb> trace
memcpy(fffffd803a1f6a18,ffff800002f86f0d,0,fffffd803a1f6a18,9efe89f687f1a983,ffff8000149f5b28)
at
memcpy+0x15
rtrequest(1,ffff8000149f5b28,38,ffff8000149f5a70,0) at rtrequest+0x83b
sys/net/route.c:917
rtm_output(ffff800002f86f00,ffff8000149f5b20,ffff8000149f5b28,38,0) at
rtm_output+0x711 sys/net/rtsock.c:888
route_output(fffffd803eb4b000,fffffd8036ffda80,0,0) at route_output+0x78b
sys/net/rtsock.c:806
route_usrreq(fffffd8036ffda80,9,fffffd803eb4b000,0,0,ffff8000ffff8e18) at
route_usrreq+0x35d sys/net/rtsock.c:271
sosend(fffffd8036ffda80,0,ffff8000149f5de8,0,0,0) at sosend+0x6e3
sys/kern/uipc_socket.c:513
sendit(ffff8000ffff8e18,4,ffff8000149f5ea8,0,ffff8000149f5f70) at
sendit+0x58f sys/kern/uipc_syscalls.c:662
sys_sendto(ffff8000ffff8e18,ffff8000149f5f88,ffff8000149f5f70) at
sys_sendto+0x92
syscall(ffff8000149f6020) at syscall+0x541
Xsyscall(6,0,ffffffffffffffd8,0,6,9169419b010) at Xsyscall+0x128
end of kernel
end trace frame: 0x9193ad126b0, count: -10
ddb> show registers
rdi 0xffff800002f860f0
rsi 0xffff800002f86ffd
rbp 0xffff8000149f5920
rbx 0xffff800002f86f0d
rdx 0x100
rcx 0x2
rax 0xfffffffffffff0f3
r8 0x70
r9 0x5
r10 0x2fa53930143d9aec
r11 0xffff800002f86000
r12 0xffff800002f86000
r13 0x100
r14 0
r15 0xfffffd803a1f6a18
rip 0xffffffff81adeff5 memcpy+0x15
cs 0x8
rflags 0x10202 __ALIGN_SIZE+0xf202
rsp 0xffff8000149f58b8
ss 0x10
memcpy+0x15: repe movsq (%rsi),%es:(%rdi)
ddb> show proc
PROC (syz-executor.0) pid=513236 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff9070,0xffffffff8227c6c8
process=0xffff8000ffff7708 user=0xffff8000149f1000,
vmspace=0xfffffd803f014420
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
37290 117009 61414 0 2 0 syz-executor.0
*37290 513236 61414 0 7 0x4000000 syz-executor.0
61370 191464 1 0 3 0x100083 ttyin getty
61414 48179 18603 0 3 0x82 nanosleep syz-executor.0
19095 147218 18603 0 2 0x2 syz-executor.1
18603 195078 13294 0 3 0x82 thrsleep syz-fuzzer
18603 294996 13294 0 2 0x4000482 syz-fuzzer
18603 197404 13294 0 3 0x4000082 thrsleep syz-fuzzer
18603 148066 13294 0 3 0x4000082 thrsleep syz-fuzzer
18603 22904 13294 0 3 0x4000082 thrsleep syz-fuzzer
18603 317916 13294 0 3 0x4000082 kqread syz-fuzzer
18603 17642 13294 0 3 0x4000082 thrsleep syz-fuzzer
13294 270944 33117 0 3 0x10008a pause ksh
33117 307230 3919 0 3 0x92 select sshd
3919 391009 1 0 3 0x80 select sshd
49730 446476 19950 73 2 0x100090 syslogd
19950 77246 1 0 3 0x100082 netio syslogd
57907 296011 1 77 3 0x100090 poll dhclient
45131 26349 1 0 3 0x80 poll dhclient
25596 204029 0 0 2 0x14200 zerothread
74791 176660 0 0 3 0x14200 aiodoned aiodoned
13813 460666 0 0 3 0x14200 syncer update
41163 134589 0 0 3 0x14200 cleaner cleaner
51695 99627 0 0 3 0x14200 reaper reaper
64234 94969 0 0 3 0x14200 pgdaemon pagedaemon
32288 387377 0 0 3 0x14200 bored crynlk
98117 52743 0 0 3 0x14200 bored crypto
21662 358446 0 0 3 0x40014200 acpi0 acpi0
35494 118864 0 0 3 0x14200 bored softnet
17410 428308 0 0 3 0x14200 bored systqmp
74088 273875 0 0 3 0x14200 bored systq
99777 31308 0 0 3 0x40014200 bored softclock
58250 44082 0 0 3 0x40014200 idle0
30872 195070 0 0 3 0x14200 bored smr
1 143922 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9462 8378K 8400K 78643K 10651 0 0
pcb 25 9K 11K 78643K 12262 0 0
rtable 205 18K 18K 78643K 12513 0 0
ifaddr 42 11K 11K 78643K 51 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 30 0 0
iov 0 0K 12K 78643K 48 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1192 75K 75K 78643K 1341 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 12 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 12 1K 1K 78643K 604 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12537 0 0
file desc 5 13K 25K 78643K 7341 0 0
sigio 0 0K 0K 78643K 4 0 0
proc 42 30K 54K 78643K 330 0 0
subproc 64 65538K 69634K 78643K 68 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 36 0 0
in_multi 33 2K 2K 78643K 40 0 0
ether_multi 1 0K 0K 78643K 1 0 0
mrt 0 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 66 291K 291K 78643K 66 0 0
exec 0 0K 1K 78643K 218 0 0
pfkey data 0 0K 0K 78643K 2 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 80 20K 20K 78643K 15614 0 0
UVM aobj 48 3K 3K 78643K 52 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 510 0 0
NDP 7 0K 0K 78643K 13 0 0
temp 121 2351K 2415K 78643K 17635 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 4 0 0 1 0 1 1 0
8 0
inpcbpl 280 1164 0 1157 1 0 1 1 0
8 0
plimitpl 152 17 0 10 1 0 1 1 0
8 0
rtentry 112 998 0 957 2 0 2 2 0
8 0
syncache 264 4 0 4 1 1 0 1 0
8 0
tcpcb 544 48 0 44 1 0 1 1 0
8 0
nd6 48 4 0 0 1 0 1 1 0
8 0
ppxss 1128 2 0 2 1 1 0 1 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 185 0 0 12 0 12 12 0
8 0
art_table 32 186 0 0 2 0 2 2 0
8 0
art_node 16 40 0 6 1 0 1 1 0
8 0
sysvmsgpl 40 6 0 0 1 0 1 1 0
8 0
semupl 112 4 0 4 1 1 0 1 0
8 0
semapl 112 602 0 592 1 0 1 1 0
8 0
shmpl 112 50 0 4 2 0 2 2 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 9503 0 8101 46 0 46 46 0
8 0
ffsino 240 9503 0 8101 83 0 83 83 0
8 0
nchpl 144 18096 0 16478 61 0 61 61 0
8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0
8 0
vnodes 200 5926 0 0 312 0 312 312 0
8 0
namei 1024 55323 0 55322 2 1 1 1 0
8 0
scsiplug 64 1 0 1 1 1 0 1 0
8 0
scxspl 192 56009 0 56009 11 10 1 6 0
8 1
sigapl 432 7510 0 7497 2 0 2 2 0
8 0
futexpl 56 54655 0 54655 1 0 1 1 0
8 1
knotepl 112 92 0 65 2 1 1 2 0
8 0
kqueuepl 104 69 0 67 1 0 1 1 0
8 0
pipepl 112 708 0 689 3 2 1 2 0
8 0
fdescpl 424 7511 0 7497 2 0 2 2 0
8 0
filepl 120 24387 0 24291 13 9 4 5 0
8 1
lockfpl 104 156 0 156 11 10 1 1 0
8 1
lockfspl 32 75 0 75 11 10 1 1 0
8 1
sessionpl 112 18 0 8 1 0 1 1 0
8 0
pgrppl 48 26 0 16 1 0 1 1 0
8 0
ucredpl 96 531 0 524 1 0 1 1 0
8 0
zombiepl 144 7497 0 7497 2 1 1 1 0
8 1
processpl 840 7525 0 7497 4 0 4 4 0
8 0
procpl 600 15016 0 14981 7 4 3 4 0
8 0
sockpl 384 13405 0 13386 4 1 3 4 0
8 1
mcl64k 65536 237 0 237 37 37 0 29 0
8 0
mcl16k 16384 4 0 4 3 3 0 1 0
8 0
mcl12k 12288 41 0 41 11 10 1 1 0
8 1
mcl9k 9216 25 0 25 10 9 1 1 0
8 1
mcl8k 8192 49 0 49 13 13 0 1 0
8 0
mcl4k 4096 592 0 592 11 11 0 1 0
8 0
mcl2k2 2112 27 0 27 13 13 0 1 0
8 0
mcl2k 2048 57617 0 57585 10 5 5 8 0
8 0
mtagpl 80 2 0 2 1 1 0 1 0
8 0
mbufpl 256 146544 0 146353 35 21 14 18 0
8 1
bufpl 256 12974 0 8678 269 0 269 269 0
8 0
anonpl 16 457986 0 449122 42 5 37 40 0
62 0
amapchunkpl 152 23060 0 22977 5 1 4 5 0
158 0
amappl16 192 26910 0 26432 29 4 25 27 0
8 0
amappl15 184 7326 0 7323 1 0 1 1 0
8 0
amappl14 176 29 0 24 1 0 1 1 0
8 0
amappl13 168 23 0 20 1 0 1 1 0
8 0
amappl12 160 5 0 5 1 1 0 1 0
8 0
amappl11 152 3777 0 3766 1 0 1 1 0
8 0
amappl10 144 56 0 55 2 1 1 1 0
8 0
amappl9 136 333 0 330 1 0 1 1 0
8 0
amappl8 128 129 0 107 1 0 1 1 0
8 0
amappl7 120 24 0 21 1 0 1 1 0
8 0
amappl6 112 49 0 43 1 0 1 1 0
8 0
amappl5 104 7490 0 7476 1 0 1 1 0
8 0
amappl4 96 276 0 255 1 0 1 1 0
8 0
amappl3 88 194 0 189 1 0 1 1 0
8 0
amappl2 80 73849 0 73796 2 0 2 2 0
8 0
amappl1 72 144984 0 144570 24 14 10 19 0
8 0
amappl 72 15240 0 15208 1 0 1 1 0
75 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 51 0 4 1 0 1 1 0
8 0
uaddrrnd 24 7511 0 7497 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 7511 0 7497 1 0 1 1 0
8 0
vmmpekpl 168 42700 0 42685 1 0 1 1 0
8 0
vmmpepl 168 722776 0 721376 89 23 66 71 0
357 5
vmsppl 264 7510 0 7497 2 1 1 2 0
8 0
pdppl 4096 15028 0 14994 6 1 5 6 0
8 0
pvpl 32 1558702 0 1546856 155 55 100 109 0
265 3
pmappl 192 7510 0 7497 1 0 1 1 0
8 0
extentpl 40 39 0 25 1 0 1 1 0
8 0
phpool 112 488 0 94 13 0 13 13 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: 015dd9ff mark check_abort() and post_abort() as __dead; ba..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16fe884d200000
kernel config: https://syzkaller.appspot.com/x/.config?x=ffa1da4399f74b2b
dashboard link: https://syzkaller.appspot.com/bug?extid=18fd599cf8e14c507115
userspace arch: amd64
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+18fd59...@syzkaller.appspotmail.com
uvm_fault(0xffffffff821f4cc8, 0xffff800002f87000, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at memcpy+0x15: repe movsq (%rsi),%es:(%rdi)
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xffffffff821f4cc8, 0xffff800002f87000, 0, 1) -> e
memcpy(fffffd803a1f6a18,ffff800002f86f0d,0,fffffd803a1f6a18,9efe89f687f1a983,ffff8000149f5b28)
at
memcpy+0x15
end trace frame: 0xffff8000149f5a30, count: 0
ddb> trace
memcpy(fffffd803a1f6a18,ffff800002f86f0d,0,fffffd803a1f6a18,9efe89f687f1a983,ffff8000149f5b28)
at
memcpy+0x15
rtrequest(1,ffff8000149f5b28,38,ffff8000149f5a70,0) at rtrequest+0x83b
sys/net/route.c:917
rtm_output(ffff800002f86f00,ffff8000149f5b20,ffff8000149f5b28,38,0) at
rtm_output+0x711 sys/net/rtsock.c:888
route_output(fffffd803eb4b000,fffffd8036ffda80,0,0) at route_output+0x78b
sys/net/rtsock.c:806
route_usrreq(fffffd8036ffda80,9,fffffd803eb4b000,0,0,ffff8000ffff8e18) at
route_usrreq+0x35d sys/net/rtsock.c:271
sosend(fffffd8036ffda80,0,ffff8000149f5de8,0,0,0) at sosend+0x6e3
sys/kern/uipc_socket.c:513
sendit(ffff8000ffff8e18,4,ffff8000149f5ea8,0,ffff8000149f5f70) at
sendit+0x58f sys/kern/uipc_syscalls.c:662
sys_sendto(ffff8000ffff8e18,ffff8000149f5f88,ffff8000149f5f70) at
sys_sendto+0x92
syscall(ffff8000149f6020) at syscall+0x541
Xsyscall(6,0,ffffffffffffffd8,0,6,9169419b010) at Xsyscall+0x128
end of kernel
end trace frame: 0x9193ad126b0, count: -10
ddb> show registers
rdi 0xffff800002f860f0
rsi 0xffff800002f86ffd
rbp 0xffff8000149f5920
rbx 0xffff800002f86f0d
rdx 0x100
rcx 0x2
rax 0xfffffffffffff0f3
r8 0x70
r9 0x5
r10 0x2fa53930143d9aec
r11 0xffff800002f86000
r12 0xffff800002f86000
r13 0x100
r14 0
r15 0xfffffd803a1f6a18
rip 0xffffffff81adeff5 memcpy+0x15
cs 0x8
rflags 0x10202 __ALIGN_SIZE+0xf202
rsp 0xffff8000149f58b8
ss 0x10
memcpy+0x15: repe movsq (%rsi),%es:(%rdi)
ddb> show proc
PROC (syz-executor.0) pid=513236 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff9070,0xffffffff8227c6c8
process=0xffff8000ffff7708 user=0xffff8000149f1000,
vmspace=0xfffffd803f014420
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
37290 117009 61414 0 2 0 syz-executor.0
*37290 513236 61414 0 7 0x4000000 syz-executor.0
61370 191464 1 0 3 0x100083 ttyin getty
61414 48179 18603 0 3 0x82 nanosleep syz-executor.0
19095 147218 18603 0 2 0x2 syz-executor.1
18603 195078 13294 0 3 0x82 thrsleep syz-fuzzer
18603 294996 13294 0 2 0x4000482 syz-fuzzer
18603 197404 13294 0 3 0x4000082 thrsleep syz-fuzzer
18603 148066 13294 0 3 0x4000082 thrsleep syz-fuzzer
18603 22904 13294 0 3 0x4000082 thrsleep syz-fuzzer
18603 317916 13294 0 3 0x4000082 kqread syz-fuzzer
18603 17642 13294 0 3 0x4000082 thrsleep syz-fuzzer
13294 270944 33117 0 3 0x10008a pause ksh
33117 307230 3919 0 3 0x92 select sshd
3919 391009 1 0 3 0x80 select sshd
49730 446476 19950 73 2 0x100090 syslogd
19950 77246 1 0 3 0x100082 netio syslogd
57907 296011 1 77 3 0x100090 poll dhclient
45131 26349 1 0 3 0x80 poll dhclient
25596 204029 0 0 2 0x14200 zerothread
74791 176660 0 0 3 0x14200 aiodoned aiodoned
13813 460666 0 0 3 0x14200 syncer update
41163 134589 0 0 3 0x14200 cleaner cleaner
51695 99627 0 0 3 0x14200 reaper reaper
64234 94969 0 0 3 0x14200 pgdaemon pagedaemon
32288 387377 0 0 3 0x14200 bored crynlk
98117 52743 0 0 3 0x14200 bored crypto
21662 358446 0 0 3 0x40014200 acpi0 acpi0
35494 118864 0 0 3 0x14200 bored softnet
17410 428308 0 0 3 0x14200 bored systqmp
74088 273875 0 0 3 0x14200 bored systq
99777 31308 0 0 3 0x40014200 bored softclock
58250 44082 0 0 3 0x40014200 idle0
30872 195070 0 0 3 0x14200 bored smr
1 143922 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9462 8378K 8400K 78643K 10651 0 0
pcb 25 9K 11K 78643K 12262 0 0
rtable 205 18K 18K 78643K 12513 0 0
ifaddr 42 11K 11K 78643K 51 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 30 0 0
iov 0 0K 12K 78643K 48 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1192 75K 75K 78643K 1341 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 12 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 12 1K 1K 78643K 604 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12537 0 0
file desc 5 13K 25K 78643K 7341 0 0
sigio 0 0K 0K 78643K 4 0 0
proc 42 30K 54K 78643K 330 0 0
subproc 64 65538K 69634K 78643K 68 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 36 0 0
in_multi 33 2K 2K 78643K 40 0 0
ether_multi 1 0K 0K 78643K 1 0 0
mrt 0 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 66 291K 291K 78643K 66 0 0
exec 0 0K 1K 78643K 218 0 0
pfkey data 0 0K 0K 78643K 2 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 80 20K 20K 78643K 15614 0 0
UVM aobj 48 3K 3K 78643K 52 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 510 0 0
NDP 7 0K 0K 78643K 13 0 0
temp 121 2351K 2415K 78643K 17635 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 4 0 0 1 0 1 1 0
8 0
inpcbpl 280 1164 0 1157 1 0 1 1 0
8 0
plimitpl 152 17 0 10 1 0 1 1 0
8 0
rtentry 112 998 0 957 2 0 2 2 0
8 0
syncache 264 4 0 4 1 1 0 1 0
8 0
tcpcb 544 48 0 44 1 0 1 1 0
8 0
nd6 48 4 0 0 1 0 1 1 0
8 0
ppxss 1128 2 0 2 1 1 0 1 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 185 0 0 12 0 12 12 0
8 0
art_table 32 186 0 0 2 0 2 2 0
8 0
art_node 16 40 0 6 1 0 1 1 0
8 0
sysvmsgpl 40 6 0 0 1 0 1 1 0
8 0
semupl 112 4 0 4 1 1 0 1 0
8 0
semapl 112 602 0 592 1 0 1 1 0
8 0
shmpl 112 50 0 4 2 0 2 2 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 9503 0 8101 46 0 46 46 0
8 0
ffsino 240 9503 0 8101 83 0 83 83 0
8 0
nchpl 144 18096 0 16478 61 0 61 61 0
8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0
8 0
vnodes 200 5926 0 0 312 0 312 312 0
8 0
namei 1024 55323 0 55322 2 1 1 1 0
8 0
scsiplug 64 1 0 1 1 1 0 1 0
8 0
scxspl 192 56009 0 56009 11 10 1 6 0
8 1
sigapl 432 7510 0 7497 2 0 2 2 0
8 0
futexpl 56 54655 0 54655 1 0 1 1 0
8 1
knotepl 112 92 0 65 2 1 1 2 0
8 0
kqueuepl 104 69 0 67 1 0 1 1 0
8 0
pipepl 112 708 0 689 3 2 1 2 0
8 0
fdescpl 424 7511 0 7497 2 0 2 2 0
8 0
filepl 120 24387 0 24291 13 9 4 5 0
8 1
lockfpl 104 156 0 156 11 10 1 1 0
8 1
lockfspl 32 75 0 75 11 10 1 1 0
8 1
sessionpl 112 18 0 8 1 0 1 1 0
8 0
pgrppl 48 26 0 16 1 0 1 1 0
8 0
ucredpl 96 531 0 524 1 0 1 1 0
8 0
zombiepl 144 7497 0 7497 2 1 1 1 0
8 1
processpl 840 7525 0 7497 4 0 4 4 0
8 0
procpl 600 15016 0 14981 7 4 3 4 0
8 0
sockpl 384 13405 0 13386 4 1 3 4 0
8 1
mcl64k 65536 237 0 237 37 37 0 29 0
8 0
mcl16k 16384 4 0 4 3 3 0 1 0
8 0
mcl12k 12288 41 0 41 11 10 1 1 0
8 1
mcl9k 9216 25 0 25 10 9 1 1 0
8 1
mcl8k 8192 49 0 49 13 13 0 1 0
8 0
mcl4k 4096 592 0 592 11 11 0 1 0
8 0
mcl2k2 2112 27 0 27 13 13 0 1 0
8 0
mcl2k 2048 57617 0 57585 10 5 5 8 0
8 0
mtagpl 80 2 0 2 1 1 0 1 0
8 0
mbufpl 256 146544 0 146353 35 21 14 18 0
8 1
bufpl 256 12974 0 8678 269 0 269 269 0
8 0
anonpl 16 457986 0 449122 42 5 37 40 0
62 0
amapchunkpl 152 23060 0 22977 5 1 4 5 0
158 0
amappl16 192 26910 0 26432 29 4 25 27 0
8 0
amappl15 184 7326 0 7323 1 0 1 1 0
8 0
amappl14 176 29 0 24 1 0 1 1 0
8 0
amappl13 168 23 0 20 1 0 1 1 0
8 0
amappl12 160 5 0 5 1 1 0 1 0
8 0
amappl11 152 3777 0 3766 1 0 1 1 0
8 0
amappl10 144 56 0 55 2 1 1 1 0
8 0
amappl9 136 333 0 330 1 0 1 1 0
8 0
amappl8 128 129 0 107 1 0 1 1 0
8 0
amappl7 120 24 0 21 1 0 1 1 0
8 0
amappl6 112 49 0 43 1 0 1 1 0
8 0
amappl5 104 7490 0 7476 1 0 1 1 0
8 0
amappl4 96 276 0 255 1 0 1 1 0
8 0
amappl3 88 194 0 189 1 0 1 1 0
8 0
amappl2 80 73849 0 73796 2 0 2 2 0
8 0
amappl1 72 144984 0 144570 24 14 10 19 0
8 0
amappl 72 15240 0 15208 1 0 1 1 0
75 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 51 0 4 1 0 1 1 0
8 0
uaddrrnd 24 7511 0 7497 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 7511 0 7497 1 0 1 1 0
8 0
vmmpekpl 168 42700 0 42685 1 0 1 1 0
8 0
vmmpepl 168 722776 0 721376 89 23 66 71 0
357 5
vmsppl 264 7510 0 7497 2 1 1 2 0
8 0
pdppl 4096 15028 0 14994 6 1 5 6 0
8 0
pvpl 32 1558702 0 1546856 155 55 100 109 0
265 3
pmappl 192 7510 0 7497 1 0 1 1 0
8 0
extentpl 40 39 0 25 1 0 1 1 0
8 0
phpool 112 488 0 94 13 0 13 13 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot
Mar 11, 2019, 3:56:06 PM3/11/19
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 015dd9ff mark check_abort() and post_abort() as __dead; ba..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10dd56e7200000
kernel config: https://syzkaller.appspot.com/x/.config?x=fa145722143cbd64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=115ae10b200000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1436cbad200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+18fd59...@syzkaller.appspotmail.com
login: uvm_fault(0xffffffff82336280, 0xffff800000920000, 0, 1) -> e
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
kernel page fault
uvm_fault(0xffffffff82336280, 0xffff800000920000, 0, 1) -> e
memcpy(fffffd807ebf1070,ffff80000091ff0d,1,fffffd807ebf1070,199b36c109bf68cd,ffff800020bc0b78)
at
memcpy+0x15
end trace frame: 0xffff800020bc0a80, count: 0
ddb{1}> trace
memcpy(fffffd807ebf1070,ffff80000091ff0d,1,fffffd807ebf1070,199b36c109bf68cd,ffff800020bc0b78)
at
memcpy+0x15
rtrequest(1,ffff800020bc0b78,38,ffff800020bc0ac0,1) at rtrequest+0x83c
sys/net/route.c:917
rtm_output(ffff80000091ff00,ffff800020bc0b70,ffff800020bc0b78,38,1) at
rtm_output+0x760 sys/net/rtsock.c:888
route_output(fffffd806f2ad400,fffffd806e9c3d88,0,0) at route_output+0x79b
sys/net/rtsock.c:806
route_usrreq(fffffd806e9c3d88,9,fffffd806f2ad400,0,0,ffff800020b76970) at
route_usrreq+0x35d sys/net/rtsock.c:271
sosend(fffffd806e9c3d88,0,ffff800020bc0e38,0,0,0) at sosend+0x6eb
sys/kern/uipc_socket.c:513
sendit(ffff800020b76970,3,ffff800020bc0ef8,0,ffff800020bc0fc0) at
sendit+0x590 sys/kern/uipc_syscalls.c:662
sys_sendto(ffff800020b76970,ffff800020bc0fd8,ffff800020bc0fc0) at
sys_sendto+0x92
syscall(ffff800020bc1070) at syscall+0x5b8 mi_syscall
sys/sys/syscall_mi.h:99 [inline]
syscall(ffff800020bc1070) at syscall+0x5b8 sys/arch/amd64/amd64/trap.c:574
Xsyscall(6,0,2f9,0,5e,0) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd37d0, count: -10
ddb{1}> show registers
rdi 0xffff80000091fef0
rsi 0xffff80000091fffd
rbp 0xffff800020bc0970
rbx 0xffff80000091ff0d
rdx 0x100
rcx 0x2
rax 0xfffffffffffffef3
r8 0
r9 0x5
r10 0xd33723fbdbd27e34
r11 0xffff80000091fe00
r12 0xffff80000091fe00
r13 0x100
r14 0
r15 0xfffffd807ebf1070
rip 0xffffffff81668755 memcpy+0x15
PROC (syz-executor3805) pid=70204 stat=onproc
flags process=0 proc=0
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800020b772d0,0xffffffff8234cb00
process=0xffff800020b3a6a0 user=0xffff800020bbc000,
vmspace=0xfffffd806e80e5a8
61171 80878 24892 0 3 0x82 nanosleep syz-executor3805
24892 280297 46468 0 3 0x10008a pause ksh
46468 129658 27437 0 7 0x12 sshd
89829 346953 1 0 3 0x100083 ttyin getty
27437 433308 1 0 3 0x80 select sshd
2532 341308 35658 74 3 0x100092 bpf pflogd
35658 246119 1 0 3 0x80 netio pflogd
78304 313752 18362 73 2 0x100090 syslogd
18362 396437 1 0 3 0x100082 netio syslogd
47059 244627 1 77 3 0x100090 poll dhclient
25343 280720 1 0 3 0x80 poll dhclient
94556 270686 0 0 3 0x14200 pgzero zerothread
8523 480113 0 0 3 0x14200 aiodoned aiodoned
17742 12731 0 0 3 0x14200 syncer update
45887 198801 0 0 3 0x14200 cleaner cleaner
59701 232187 0 0 3 0x14200 reaper reaper
85014 356767 0 0 3 0x14200 pgdaemon pagedaemon
50344 145666 0 0 3 0x14200 bored crynlk
68146 187804 0 0 3 0x14200 bored crypto
55344 343456 0 0 3 0x40014200 acpi0 acpi0
94567 299646 0 0 3 0x40014200 idle1
39417 114075 0 0 3 0x14200 bored softnet
50402 172561 0 0 3 0x14200 bored systqmp
48898 11035 0 0 3 0x14200 bored systq
17519 64403 0 0 3 0x40014200 bored softclock
76464 141656 0 0 3 0x40014200 idle0
76361 231144 0 0 3 0x14200 bored smr
1 115882 0 0 3 0x82 wait init
Process 41114 (syz-executor3805) thread 0xffff800020b76970 (70204)
exclusive rwlock netlock r = 0 (0xffffffff82208928) locked @
/syzkaller/managers/multicore/kernel/sys/net/rtsock.c:883
#0 witness_lock+0x594 sys/kern/subr_witness.c:1205
#1 rtm_output+0x6b0 sys/net/rtsock.c:884
#2 route_output+0x79b sys/net/rtsock.c:806
#3 route_usrreq+0x35d sys/net/rtsock.c:271
#4 sosend+0x6eb sys/kern/uipc_socket.c:513
#5 sendit+0x590 sys/kern/uipc_syscalls.c:662
#6 sys_sendto+0x92
#7 syscall+0x5b8 mi_syscall sys/sys/syscall_mi.h:99 [inline]
#7 syscall+0x5b8 sys/arch/amd64/amd64/trap.c:574
#8 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff8234c580) locked @
/syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/trap.c:161
#0 witness_lock+0x594 sys/kern/subr_witness.c:1205
#1 solock+0x7e sys/kern/uipc_socket2.c:292
#2 sosend+0x586 sys/kern/uipc_socket.c:501
#3 sendit+0x590 sys/kern/uipc_syscalls.c:662
#4 sys_sendto+0x92
#5 syscall+0x5b8 mi_syscall sys/sys/syscall_mi.h:99 [inline]
#5 syscall+0x5b8 sys/arch/amd64/amd64/trap.c:574
#6 Xsyscall+0x128
ddb{1}> show malloc
pcb 26 9K 9K 78643K 96 0 0
rtable 67 2K 2K 78643K 253 0 0
ifaddr 25 7K 7K 78643K 26 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1467 0 0
VM map 2 1K 1K 78643K 2 0 0
sem 2 0K 0K 78643K 2 0 0
file desc 1 0K 0K 78643K 1 0 0
proc 52 50K 58K 78643K 279 0 0
exec 0 0K 1K 78643K 176 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
temp 78 2369K 2424K 78643K 1992 0 0
8 0
inpcbpl 280 29 0 23 1 0 1 1 0
8 0
plimitpl 152 14 0 8 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtentry 112 62 0 39 1 0 1 1 0
8 0
syncache 264 5 0 5 2 1 1 1 0
8 1
tcpcb 544 8 0 5 1 0 1 1 0
8 0
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 8 0 2 1 0 1 1 0
8 0
pfstkey 112 8 0 2 1 0 1 1 0
8 0
pfstate 328 8 0 2 1 0 1 1 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
8 0
art_table 32 97 0 0 1 0 1 1 0
8 0
art_node 16 22 0 2 1 0 1 1 0
8 0
8 0
ffsino 272 1390 0 17 92 0 92 92 0
8 0
nchpl 144 1563 0 32 57 0 57 57 0
8 0
uvmvnodes 72 1400 0 0 26 0 26 26 0
8 0
vnodes 200 1400 0 0 74 0 74 74 0
8 0
namei 1024 3525 0 3525 3 2 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
scxspl 192 2430 0 2430 9 8 1 6 0
8 1
sigapl 432 241 0 228 2 0 2 2 0
8 0
knotepl 112 5 0 0 1 0 1 1 0
8 0
kqueuepl 104 1 0 0 1 0 1 1 0
8 0
pipepl 112 128 0 121 3 2 1 1 0
8 0
fdescpl 488 242 0 228 3 0 3 3 0
8 0
filepl 152 984 0 936 2 0 2 2 0
8 0
lockfpl 104 6 0 6 1 1 0 1 0
8 0
lockfspl 32 3 0 3 1 1 0 1 0
8 0
sessionpl 112 18 0 9 1 0 1 1 0
8 0
pgrppl 48 18 0 9 1 0 1 1 0
8 0
ucredpl 96 52 0 43 1 0 1 1 0
8 0
zombiepl 144 228 0 228 3 2 1 1 0
8 1
processpl 840 257 0 228 4 0 4 4 0
8 0
procpl 600 257 0 228 3 0 3 3 0
8 0
sockpl 384 112 0 93 2 0 2 2 0
8 0
mcl4k 4096 2 0 0 1 0 1 1 0
8 0
mcl2k 2048 64 0 0 8 0 8 8 0
8 0
mtagpl 80 1 0 0 1 0 1 1 0
8 0
mbufpl 256 82 0 0 5 0 5 5 0
8 0
bufpl 256 2122 0 248 118 0 118 118 0
8 0
anonpl 16 18949 0 17761 9 3 6 7 0
125 1
amapchunkpl 152 585 0 547 2 0 2 2 0
158 0
amappl16 192 118 0 112 1 0 1 1 0
8 0
amappl15 184 1 0 0 1 0 1 1 0
8 0
amappl14 176 24 0 21 1 0 1 1 0
8 0
amappl13 168 16 0 13 1 0 1 1 0
8 0
amappl10 144 56 0 54 1 0 1 1 0
8 0
amappl9 136 221 0 219 1 0 1 1 0
8 0
amappl8 128 94 0 90 1 0 1 1 0
8 0
amappl7 120 21 0 19 1 0 1 1 0
8 0
amappl6 112 44 0 39 1 0 1 1 0
8 0
amappl5 104 173 0 159 1 0 1 1 0
8 0
amappl4 96 307 0 284 1 0 1 1 0
8 0
amappl3 88 111 0 106 1 0 1 1 0
8 0
amappl2 80 636 0 598 1 0 1 1 0
8 0
amappl1 72 13246 0 12833 16 6 10 16 0
8 0
amappl 72 459 0 437 1 0 1 1 0
8 0
uaddrrnd 24 242 0 228 1 0 1 1 0
8 0
vmmpekpl 168 5555 0 5534 3 1 2 2 0
8 1
vmmpepl 168 27232 0 26467 53 17 36 50 0
357 0
vmsppl 360 241 0 228 2 0 2 2 0
8 0
pdppl 4096 492 0 456 6 0 6 6 0
8 0
pvpl 32 79804 0 76787 38 9 29 29 0
265 4
pmappl 224 241 0 228 1 0 1 1 0
8 0
ddb{1}>
HEAD commit: 015dd9ff mark check_abort() and post_abort() as __dead; ba..
git tree: openbsd
kernel config: https://syzkaller.appspot.com/x/.config?x=fa145722143cbd64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=115ae10b200000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1436cbad200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+18fd59...@syzkaller.appspotmail.com
kernel: page fault trap, code=0
Stopped at memcpy+0x15: repe movsq (%rsi),%es:(%rdi)
ddb{1}>
Stopped at memcpy+0x15: repe movsq (%rsi),%es:(%rdi)
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
kernel page fault
uvm_fault(0xffffffff82336280, 0xffff800000920000, 0, 1) -> e
memcpy(fffffd807ebf1070,ffff80000091ff0d,1,fffffd807ebf1070,199b36c109bf68cd,ffff800020bc0b78)
at
memcpy+0x15
end trace frame: 0xffff800020bc0a80, count: 0
ddb{1}> trace
memcpy(fffffd807ebf1070,ffff80000091ff0d,1,fffffd807ebf1070,199b36c109bf68cd,ffff800020bc0b78)
at
memcpy+0x15
rtrequest(1,ffff800020bc0b78,38,ffff800020bc0ac0,1) at rtrequest+0x83c
sys/net/route.c:917
rtm_output(ffff80000091ff00,ffff800020bc0b70,ffff800020bc0b78,38,1) at
rtm_output+0x760 sys/net/rtsock.c:888
route_output(fffffd806f2ad400,fffffd806e9c3d88,0,0) at route_output+0x79b
sys/net/rtsock.c:806
route_usrreq(fffffd806e9c3d88,9,fffffd806f2ad400,0,0,ffff800020b76970) at
route_usrreq+0x35d sys/net/rtsock.c:271
sosend(fffffd806e9c3d88,0,ffff800020bc0e38,0,0,0) at sosend+0x6eb
sys/kern/uipc_socket.c:513
sendit(ffff800020b76970,3,ffff800020bc0ef8,0,ffff800020bc0fc0) at
sendit+0x590 sys/kern/uipc_syscalls.c:662
sys_sendto(ffff800020b76970,ffff800020bc0fd8,ffff800020bc0fc0) at
sys_sendto+0x92
syscall(ffff800020bc1070) at syscall+0x5b8 mi_syscall
sys/sys/syscall_mi.h:99 [inline]
syscall(ffff800020bc1070) at syscall+0x5b8 sys/arch/amd64/amd64/trap.c:574
Xsyscall(6,0,2f9,0,5e,0) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd37d0, count: -10
ddb{1}> show registers
rdi 0xffff80000091fef0
rsi 0xffff80000091fffd
rbp 0xffff800020bc0970
rbx 0xffff80000091ff0d
rdx 0x100
rcx 0x2
rax 0xfffffffffffffef3
r8 0
r9 0x5
r10 0xd33723fbdbd27e34
r11 0xffff80000091fe00
r12 0xffff80000091fe00
r13 0x100
r14 0
r15 0xfffffd807ebf1070
rip 0xffffffff81668755 memcpy+0x15
cs 0x8
rflags 0x10202 __ALIGN_SIZE+0xf202
rsp 0xffff800020bc0908
rflags 0x10202 __ALIGN_SIZE+0xf202
ss 0x10
memcpy+0x15: repe movsq (%rsi),%es:(%rdi)
ddb{1}> show proc
memcpy+0x15: repe movsq (%rsi),%es:(%rdi)
PROC (syz-executor3805) pid=70204 stat=onproc
flags process=0 proc=0
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800020b772d0,0xffffffff8234cb00
process=0xffff800020b3a6a0 user=0xffff800020bbc000,
vmspace=0xfffffd806e80e5a8
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
user=0, sys=1, intr=0
PID TID PPID UID S FLAGS WAIT COMMAND
*41114 70204 61171 0 7 0 syz-executor3805
61171 80878 24892 0 3 0x82 nanosleep syz-executor3805
24892 280297 46468 0 3 0x10008a pause ksh
46468 129658 27437 0 7 0x12 sshd
89829 346953 1 0 3 0x100083 ttyin getty
27437 433308 1 0 3 0x80 select sshd
2532 341308 35658 74 3 0x100092 bpf pflogd
35658 246119 1 0 3 0x80 netio pflogd
78304 313752 18362 73 2 0x100090 syslogd
18362 396437 1 0 3 0x100082 netio syslogd
47059 244627 1 77 3 0x100090 poll dhclient
25343 280720 1 0 3 0x80 poll dhclient
94556 270686 0 0 3 0x14200 pgzero zerothread
8523 480113 0 0 3 0x14200 aiodoned aiodoned
17742 12731 0 0 3 0x14200 syncer update
45887 198801 0 0 3 0x14200 cleaner cleaner
59701 232187 0 0 3 0x14200 reaper reaper
85014 356767 0 0 3 0x14200 pgdaemon pagedaemon
50344 145666 0 0 3 0x14200 bored crynlk
68146 187804 0 0 3 0x14200 bored crypto
55344 343456 0 0 3 0x40014200 acpi0 acpi0
94567 299646 0 0 3 0x40014200 idle1
39417 114075 0 0 3 0x14200 bored softnet
50402 172561 0 0 3 0x14200 bored systqmp
48898 11035 0 0 3 0x14200 bored systq
17519 64403 0 0 3 0x40014200 bored softclock
76464 141656 0 0 3 0x40014200 idle0
76361 231144 0 0 3 0x14200 bored smr
1 115882 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 41114 (syz-executor3805) thread 0xffff800020b76970 (70204)
exclusive rwlock netlock r = 0 (0xffffffff82208928) locked @
/syzkaller/managers/multicore/kernel/sys/net/rtsock.c:883
#0 witness_lock+0x594 sys/kern/subr_witness.c:1205
#1 rtm_output+0x6b0 sys/net/rtsock.c:884
#2 route_output+0x79b sys/net/rtsock.c:806
#3 route_usrreq+0x35d sys/net/rtsock.c:271
#4 sosend+0x6eb sys/kern/uipc_socket.c:513
#5 sendit+0x590 sys/kern/uipc_syscalls.c:662
#6 sys_sendto+0x92
#7 syscall+0x5b8 mi_syscall sys/sys/syscall_mi.h:99 [inline]
#7 syscall+0x5b8 sys/arch/amd64/amd64/trap.c:574
#8 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff8234c580) locked @
/syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/trap.c:161
#0 witness_lock+0x594 sys/kern/subr_witness.c:1205
#1 solock+0x7e sys/kern/uipc_socket2.c:292
#2 sosend+0x586 sys/kern/uipc_socket.c:501
#3 sendit+0x590 sys/kern/uipc_syscalls.c:662
#4 sys_sendto+0x92
#5 syscall+0x5b8 mi_syscall sys/sys/syscall_mi.h:99 [inline]
#5 syscall+0x5b8 sys/arch/amd64/amd64/trap.c:574
#6 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9450 6382K 6383K 78643K 10537 0 0
pcb 26 9K 9K 78643K 96 0 0
rtable 67 2K 2K 78643K 253 0 0
ifaddr 25 7K 7K 78643K 26 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1467 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1167 73K 73K 78643K 1172 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 1K 78643K 2 0 0
UFS mount 5 36K 36K 78643K 5 0 0
VM map 2 1K 1K 78643K 2 0 0
sem 2 0K 0K 78643K 2 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12628 0 0
file desc 1 0K 0K 78643K 1 0 0
proc 52 50K 58K 78643K 279 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
in_multi 11 0K 0K 78643K 11 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ether_multi 1 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 18 79K 79K 78643K 18 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
exec 0 0K 1K 78643K 176 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 56 3K 3K 78643K 791 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
NDP 4 0K 0K 78643K 4 0 0
crypto data 1 1K 1K 78643K 1 0 0
temp 78 2369K 2424K 78643K 1992 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 2 0 0 1 0 1 1 0
Idle
8 0
inpcbpl 280 29 0 23 1 0 1 1 0
8 0
plimitpl 152 14 0 8 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtentry 112 62 0 39 1 0 1 1 0
8 0
syncache 264 5 0 5 2 1 1 1 0
8 1
tcpcb 544 8 0 5 1 0 1 1 0
8 0
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 8 0 2 1 0 1 1 0
8 0
pfstkey 112 8 0 2 1 0 1 1 0
8 0
pfstate 328 8 0 2 1 0 1 1 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 96 0 0 6 0 6 6 0
8 0
8 0
art_table 32 97 0 0 1 0 1 1 0
8 0
art_node 16 22 0 2 1 0 1 1 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 1390 0 17 45 0 45 45 0
8 0
8 0
ffsino 272 1390 0 17 92 0 92 92 0
8 0
nchpl 144 1563 0 32 57 0 57 57 0
8 0
uvmvnodes 72 1400 0 0 26 0 26 26 0
8 0
vnodes 200 1400 0 0 74 0 74 74 0
8 0
namei 1024 3525 0 3525 3 2 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
scxspl 192 2430 0 2430 9 8 1 6 0
8 1
sigapl 432 241 0 228 2 0 2 2 0
8 0
knotepl 112 5 0 0 1 0 1 1 0
8 0
kqueuepl 104 1 0 0 1 0 1 1 0
8 0
pipepl 112 128 0 121 3 2 1 1 0
8 0
fdescpl 488 242 0 228 3 0 3 3 0
8 0
filepl 152 984 0 936 2 0 2 2 0
8 0
lockfpl 104 6 0 6 1 1 0 1 0
8 0
lockfspl 32 3 0 3 1 1 0 1 0
8 0
sessionpl 112 18 0 9 1 0 1 1 0
8 0
pgrppl 48 18 0 9 1 0 1 1 0
8 0
ucredpl 96 52 0 43 1 0 1 1 0
8 0
zombiepl 144 228 0 228 3 2 1 1 0
8 1
processpl 840 257 0 228 4 0 4 4 0
8 0
procpl 600 257 0 228 3 0 3 3 0
8 0
sockpl 384 112 0 93 2 0 2 2 0
8 0
mcl4k 4096 2 0 0 1 0 1 1 0
8 0
mcl2k 2048 64 0 0 8 0 8 8 0
8 0
mtagpl 80 1 0 0 1 0 1 1 0
8 0
mbufpl 256 82 0 0 5 0 5 5 0
8 0
bufpl 256 2122 0 248 118 0 118 118 0
8 0
anonpl 16 18949 0 17761 9 3 6 7 0
125 1
amapchunkpl 152 585 0 547 2 0 2 2 0
158 0
amappl16 192 118 0 112 1 0 1 1 0
8 0
amappl15 184 1 0 0 1 0 1 1 0
8 0
amappl14 176 24 0 21 1 0 1 1 0
8 0
amappl13 168 16 0 13 1 0 1 1 0
8 0
amappl12 160 5 0 5 1 1 0 1 0
8 0
amappl11 152 206 0 193 1 0 1 1 0
amappl12 160 5 0 5 1 1 0 1 0
8 0
8 0
amappl10 144 56 0 54 1 0 1 1 0
8 0
amappl9 136 221 0 219 1 0 1 1 0
8 0
amappl8 128 94 0 90 1 0 1 1 0
8 0
amappl7 120 21 0 19 1 0 1 1 0
8 0
amappl6 112 44 0 39 1 0 1 1 0
8 0
amappl5 104 173 0 159 1 0 1 1 0
8 0
amappl4 96 307 0 284 1 0 1 1 0
8 0
amappl3 88 111 0 106 1 0 1 1 0
8 0
amappl2 80 636 0 598 1 0 1 1 0
8 0
amappl1 72 13246 0 12833 16 6 10 16 0
8 0
amappl 72 459 0 437 1 0 1 1 0
75 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 1 0 0 1 0 1 1 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
8 0
uaddrrnd 24 242 0 228 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 242 0 228 1 0 1 1 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
8 0
vmmpekpl 168 5555 0 5534 3 1 2 2 0
8 1
vmmpepl 168 27232 0 26467 53 17 36 50 0
357 0
vmsppl 360 241 0 228 2 0 2 2 0
8 0
pdppl 4096 492 0 456 6 0 6 6 0
8 0
pvpl 32 79804 0 76787 38 9 29 29 0
265 4
pmappl 224 241 0 228 1 0 1 1 0
8 0
extentpl 40 39 0 25 1 0 1 1 0
8 0
phpool 112 248 0 5 7 0 7 7 0
extentpl 40 39 0 25 1 0 1 1 0
8 0
8 0
ddb{1}>
Reply all
Reply to author
Forward
0 new messages