uvm_fault: bpfioctl (4)
2 views
Skip to first unread message
syzbot
Mar 24, 2024, 2:07:31 PMMar 24
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: f4ea8fe21082 Sync with IANA Status Code Registry
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1143eaa5180000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=abd2b03b712d87e33e79
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4f32497a809d/disk-f4ea8fe2.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/924966d225ee/bsd-f4ea8fe2.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/97029a8608a1/kernel-f4ea8fe2.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+abd2b0...@syzkaller.appspotmail.com
uvm_fault(0xfffffd806739bca0, 0x28, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at bpfioctl+0xd26: movq 0x28(%rax),%rdi
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 73985 47644 0 0 0x4000000 0 syz-executor.7
bpfioctl(21700,20004269,ffff80003782f6c0,3,ffff80002a603d50) at bpfioctl+0xd26 sys/net/bpf.c:901
VOP_IOCTL(fffffd8071e12bd0,20004269,ffff80003782f6c0,3,fffffd807f7d7068,ffff80002a603d50) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd8067c68080,20004269,ffff80003782f6c0,ffff80002a603d50) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525
sys_ioctl(ffff80002a603d50,ffff80003782f890,ffff80003782f7e0) at sys_ioctl+0x4a5
syscall(ffff80003782f890) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x55a1963d620, count: 9
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xfffffd806739bca0, 0x28, 0, 1) -> e
ddb> trace
bpfioctl(21700,20004269,ffff80003782f6c0,3,ffff80002a603d50) at bpfioctl+0xd26 sys/net/bpf.c:901
VOP_IOCTL(fffffd8071e12bd0,20004269,ffff80003782f6c0,3,fffffd807f7d7068,ffff80002a603d50) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd8067c68080,20004269,ffff80003782f6c0,ffff80002a603d50) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525
sys_ioctl(ffff80002a603d50,ffff80003782f890,ffff80003782f7e0) at sys_ioctl+0x4a5
syscall(ffff80003782f890) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x55a1963d620, count: -6
ddb> show registers
rdi 0xffff80002dd1e000
rsi 0x15a
rbp 0xffff80003782f4f0
rbx 0
rdx 0xffff80002dd1e000
rcx 0x159
rax 0
r8 0x7f7fffffc000
r9 0
r10 0xb76d72e05bba936
r11 0x9810d8eb62847836
r12 0
r13 0
r14 0xffff800000f52800
r15 0xffff800000f528a0
rip 0xffffffff827d3b76 bpfioctl+0xd26
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80003782f480
ss 0x10
bpfioctl+0xd26: movq 0x28(%rax),%rdi
ddb> show proc
PROC (syz-executor.7) tid=73985 pid=47644 tcnt=4 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=84, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff80002db1cab0,0xffff80002a64e580
process=0xffff8000ffff50d8 user=0xffff80003782a000, vmspace=0xfffffd806739bca0
estcpu=34, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
98489 189198 52435 0 2 0 syz-executor.4
23120 327274 17850 0 3 0x80 nanoslp syz-executor.5
23120 64638 17850 0 2 0x4000000 syz-executor.5
23120 334527 17850 0 3 0x4000080 fsleep syz-executor.5
6970 318064 18580 0 3 0x80 nanoslp syz-executor.0
6970 280172 18580 0 3 0x4000080 fsleep syz-executor.0
44071 178387 10606 0 2 0 syz-executor.6
44071 119740 10606 0 2 0x4000000 syz-executor.6
44071 229045 10606 0 2 0x4000000 syz-executor.6
44071 487829 10606 0 2 0x4000000 syz-executor.6
23767 185498 5732 0 3 0x80 nanoslp syz-executor.1
23767 65760 5732 0 3 0x4000080 fsleep syz-executor.1
23767 447137 5732 0 2 0x4000000 syz-executor.1
47644 30818 70819 0 3 0x80 nanoslp syz-executor.7
47644 223587 70819 0 2 0x4000000 syz-executor.7
*47644 73985 70819 0 7 0x4000000 syz-executor.7
47644 313500 70819 0 3 0x4000080 fsleep syz-executor.7
96453 368261 29016 0 2 0x2 syz-executor.3
89654 444253 0 0 3 0x14280 nfsidl nfsio
35680 283215 0 0 3 0x14280 nfsidl nfsio
98939 18318 0 0 3 0x14280 nfsidl nfsio
73104 155914 0 0 3 0x14280 nfsidl nfsio
59059 234126 0 0 3 0x14280 nfsidl nfsio
70321 510472 0 0 3 0x14280 nfsidl nfsio
48161 299939 0 0 3 0x14280 nfsidl nfsio
69564 478513 0 0 3 0x14280 nfsidl nfsio
34768 523180 0 0 3 0x14280 nfsidl nfsio
38403 13256 0 0 3 0x14280 nfsidl nfsio
76043 276864 0 0 3 0x14280 nfsidl nfsio
79331 346873 0 0 3 0x14280 nfsidl nfsio
87208 150630 0 0 3 0x14280 nfsidl nfsio
50261 379940 0 0 3 0x14280 nfsidl nfsio
85378 167720 0 0 3 0x14280 nfsidl nfsio
72276 136927 0 0 3 0x14280 nfsidl nfsio
91973 392189 0 0 3 0x14280 nfsidl nfsio
53911 416292 0 0 3 0x14280 nfsidl nfsio
74947 106747 0 0 3 0x14280 nfsidl nfsio
56094 293703 0 0 3 0x14280 nfsidl nfsio
52435 111656 29016 0 3 0x82 nanoslp syz-executor.4
7718 264343 29016 0 3 0x82 nanoslp syz-executor.2
5732 248271 29016 0 3 0x82 nanoslp syz-executor.1
10606 116050 29016 0 3 0x82 nanoslp syz-executor.6
17850 92129 29016 0 3 0x82 nanoslp syz-executor.5
18580 182760 29016 0 3 0x82 nanoslp syz-executor.0
70819 65345 29016 0 3 0x82 nanoslp syz-executor.7
53391 271253 1 0 3 0x18100083 ttyin getty
66282 298421 0 0 3 0x14200 bored sosplice
29016 461733 98566 0 3 0x1a000082 kqread syz-fuzzer
29016 109703 98566 0 3 0x1e000082 thrsleep syz-fuzzer
29016 295350 98566 0 3 0x1e000082 thrsleep syz-fuzzer
29016 519574 98566 0 3 0x1e000082 thrsleep syz-fuzzer
29016 347238 98566 0 3 0x1e000082 wait syz-fuzzer
29016 232716 98566 0 3 0x1e000082 thrsleep syz-fuzzer
29016 83348 98566 0 3 0x1e000082 wait syz-fuzzer
29016 398155 98566 0 3 0x1e000082 wait syz-fuzzer
29016 429005 98566 0 3 0x1e000082 wait syz-fuzzer
29016 262403 98566 0 3 0x1e000082 wait syz-fuzzer
29016 287039 98566 0 3 0x1e000082 thrsleep syz-fuzzer
29016 344603 98566 0 3 0x1e000082 wait syz-fuzzer
29016 187699 98566 0 3 0x1e000082 wait syz-fuzzer
29016 303324 98566 0 3 0x1e000082 wait syz-fuzzer
98566 460359 5926 0 3 0x810008a sigsusp ksh
5926 423062 6417 0 2 0x1800001a sshd
6417 236075 1 0 3 0x18000088 kqread sshd
64873 479499 12317 73 3 0x19100090 kqread syslogd
12317 36927 1 0 3 0x18100082 netio syslogd
98815 240642 1 0 3 0x18100080 kqread resolvd
72201 139872 59448 77 3 0x18100092 kqread dhcpleased
97330 320357 59448 77 3 0x18100092 kqread dhcpleased
59448 136734 1 0 3 0x18000080 kqread dhcpleased
33286 401211 0 0 3 0x14200 bored smr
67961 438304 0 0 2 0x14200 zerothread
33717 473521 0 0 3 0x14200 aiodoned aiodoned
84200 324604 0 0 3 0x14200 syncer update
48644 482737 0 0 3 0x14200 cleaner cleaner
6966 256036 0 0 3 0x14200 reaper reaper
74939 77271 0 0 3 0x14200 pgdaemon pagedaemon
27350 239121 0 0 3 0x14200 bored viomb
38251 320489 0 0 3 0x40014200 acpi0 acpi0
47867 490071 0 0 3 0x14200 bored softnet3
84633 393976 0 0 3 0x14200 bored softnet2
87552 238823 0 0 3 0x14200 bored softnet1
31599 214962 0 0 3 0x14200 bored softnet0
4156 421924 0 0 3 0x14200 bored systqmp
41671 8812 0 0 3 0x14200 bored systq
93016 36902 0 0 2 0x40014200 softclock
78764 323647 0 0 3 0x40014200 idle0
1 371215 0 0 3 0x8080082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10211 6491K 6989K 166960K 27845 0
pcb 15 18K 20K 166960K 637 0
rtable 222 10K 11K 166960K 2338 0
pf 32 9K 10K 166960K 496 0
ifaddr 43 13K 13K 166960K 381 0
ifgroup 55 2K 2K 166960K 789 0
sysctl 3 0K 1K 166960K 10 0
counters 31 17K 17K 166960K 221 0
ioctlops 0 0K 2K 166960K 556 0
iov 0 0K 26K 166960K 1118 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1517 95K 96K 166960K 7499 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 125 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 1602 0
dirhash 12 2K 2K 166960K 69 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 16 57K 73K 166960K 9104 0
sigio 0 0K 0K 166960K 592 0
proc 58 59K 75K 166960K 2042 0
subproc 104 6K 7K 166960K 729 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 838 0
in_multi 89 6K 7K 166960K 648 0
ether_multi 1 0K 0K 166960K 12 0
mrt 1 0K 0K 166960K 7 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 247 1102K 1102K 166960K 247 0
exec 0 0K 1K 166960K 2057 0
pfkey data 0 0K 1K 166960K 6 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 480 548K 548K 166960K 84832 0
UVM aobj 131 4K 4K 166960K 131 0
pinsyscall 22 44K 100K 166960K 2688 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 311 0
NDP 12 0K 1K 166960K 306 0
temp 74 6804K 6932K 166960K 138386 0
kqueue 13 20K 31K 166960K 887 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 376 0 373 3 1 2 2 0 8 1
rtentry 112 683 0 582 5 1 4 4 0 8 0
unpcb 144 8320 0 8306 25 16 9 15 0 8 8
syncache 336 78 0 78 4 3 1 1 0 8 1
tcpqe 32 190 0 190 4 3 1 1 0 8 1
tcpcb 808 2522 0 2514 25 15 10 10 0 8 8
arp 88 131 0 113 1 0 1 1 0 8 0
ipq 40 5 0 4 2 1 1 1 0 8 0
ipqe 40 20 0 19 2 1 1 1 0 8 0
inpcb 360 7260 0 7238 44 33 11 15 0 8 8
nd6 104 161 0 140 1 0 1 1 0 8 0
pkpcb 40 64 0 64 4 3 1 1 0 8 1
kcovpl 48 53 0 45 1 0 1 1 0 8 0
ppxss 1072 55 0 55 3 2 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 2504 0 2089 37 7 30 30 0 8 3
art_table 32 2505 0 2089 4 0 4 4 0 8 0
art_node 16 672 0 586 1 0 1 1 0 8 0
sysvmsgpl 40 46 0 15 1 0 1 1 0 8 0
semapl 112 1600 0 1590 1 0 1 1 0 8 0
shmpl 112 128 0 0 4 0 4 4 0 8 0
dirhash 1024 55 0 38 3 0 3 3 0 8 0
dino2pl 256 14037 0 12481 98 0 98 98 0 8 0
ffsino 240 14037 0 12481 92 0 92 92 0 8 0
nchpl 144 26107 0 24381 66 1 65 66 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 94188 0 94187 4 3 1 2 0 8 0
vcpupl 2048 53 0 0 7 0 7 7 0 8 0
vmpool 664 67 0 14 5 0 5 5 0 8 0
kstatmem 264 404 0 380 2 0 2 2 0 8 0
scxspl 216 75577 0 75577 13 9 4 8 1 8 4
plimitpl 152 1140 0 1125 1 0 1 1 0 8 0
sigapl 424 9609 0 9544 8 0 8 8 0 8 0
futexpl 64 86545 0 86541 1 0 1 1 0 8 0
knotepl 120 79457 0 79373 10 0 10 10 0 8 7
kqueuepl 184 1939 0 1930 10 6 4 4 0 8 3
pipepl 288 1488 0 1460 15 8 7 7 0 8 4
fdescpl 432 9291 0 9264 4 0 4 4 0 8 0
filepl 120 59113 0 58746 38 21 17 20 0 8 5
lockfpl 104 2799 0 2797 3 1 2 2 0 8 1
lockfspl 48 1076 0 1074 1 0 1 1 0 8 0
sessionpl 144 70 0 54 1 0 1 1 0 8 0
pgrppl 48 324 0 308 1 0 1 1 0 8 0
ucredpl 104 9267 0 9250 1 0 1 1 0 8 0
zombiepl 144 9545 0 9544 2 1 1 1 0 8 0
processpl 1072 9609 0 9544 5 0 5 5 0 8 0
procpl 680 22924 0 22835 11 2 9 9 0 8 1
sosppl 168 95 0 95 4 3 1 1 0 8 1
sockpl 488 16042 0 15999 278 264 14 52 0 8 8
mcl64k 65536 363 0 363 4 3 1 1 0 8 1
mcl16k 16384 185 0 185 4 3 1 1 0 8 1
mcl12k 12288 383 0 383 4 3 1 1 0 8 1
mcl9k 9216 157 0 157 4 3 1 1 0 8 1
mcl8k 8192 984 0 984 3 2 1 1 0 8 1
mcl4k 4096 1062 0 1062 4 3 1 2 0 8 1
mcl2k2 2112 65 0 65 4 3 1 1 0 8 1
mcl2k 2048 91189 0 91130 38 24 14 27 0 8 5
mtagpl 96 1541 0 1469 11 1 10 10 0 8 6
mbufpl 256 221774 0 221545 155 124 31 64 0 8 6
bufpl 280 19340 0 12997 454 0 454 454 0 8 0
anonpl 24 962497 0 948077 171 32 139 139 0 188 40
amapchunkpl 152 267302 0 266424 61 23 38 49 0 158 0
amappl16 200 20280 0 19800 80 45 35 50 0 8 8
amappl15 192 74 0 73 1 0 1 1 0 8 0
amappl14 184 281 0 269 2 1 1 2 0 8 0
amappl13 176 23 0 23 2 1 1 1 0 8 1
amappl12 168 10613 0 10583 2 0 2 2 0 8 0
amappl11 160 54 0 44 1 0 1 1 0 8 0
amappl10 152 184 0 174 1 0 1 1 0 8 0
amappl9 144 236 0 232 1 0 1 1 0 8 0
amappl8 136 430 0 350 3 0 3 3 0 8 0
amappl7 128 77 0 62 1 0 1 1 0 8 0
amappl6 120 982 0 963 2 1 1 2 0 8 0
amappl5 112 502 0 490 1 0 1 1 0 8 0
amappl4 104 982 0 951 2 1 1 2 0 8 0
amappl3 96 52905 0 52825 3 0 3 3 0 8 0
amappl2 88 10206 0 10132 4 1 3 4 0 8 0
amappl1 80 44260 0 43765 22 10 12 22 0 8 0
amappl 88 83638 0 83370 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 130 0 0 3 0 3 3 0 8 0
uaddrrnd 24 9358 0 9278 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 9358 0 9278 1 0 1 1 0 8 0
vmmpekpl 168 72323 0 72256 4 0 4 4 0 8 0
vmmpepl 168 574597 0 572237 189 55 134 134 0 357 12
vmsppl 352 9357 0 9278 9 1 8 8 0 8 0
rwobjpl 24 140438 0 132840 49 0 49 49 0 8 1
pdppl 4096 18722 0 18609 596 479 117 117 0 8 4
pvpl 32 2601706 0 2581851 503 272 231 380 0 265 56
pmappl 216 9357 0 9278 5 0 5 5 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1104 0 678 13 0 13 13 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
bpfioctl(21700,20004269,ffff80003782f6c0,3,ffff80002a603d50) at bpfioctl+0xd26 sys/net/bpf.c:901
VOP_IOCTL(fffffd8071e12bd0,20004269,ffff80003782f6c0,3,fffffd807f7d7068,ffff80002a603d50) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd8067c68080,20004269,ffff80003782f6c0,ffff80002a603d50) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525
sys_ioctl(ffff80002a603d50,ffff80003782f890,ffff80003782f7e0) at sys_ioctl+0x4a5
syscall(ffff80003782f890) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x55a1963d620, count: -6
ddb> machine ddbcpu 1
No such command
ddb> trace
bpfioctl(21700,20004269,ffff80003782f6c0,3,ffff80002a603d50) at bpfioctl+0xd26 sys/net/bpf.c:901
VOP_IOCTL(fffffd8071e12bd0,20004269,ffff80003782f6c0,3,fffffd807f7d7068,ffff80002a603d50) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd8067c68080,20004269,ffff80003782f6c0,ffff80002a603d50) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525
sys_ioctl(ffff80002a603d50,ffff80003782f890,ffff80003782f7e0) at sys_ioctl+0x4a5
syscall(ffff80003782f890) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x55a1963d620, count: -6
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: f4ea8fe21082 Sync with IANA Status Code Registry
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1143eaa5180000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=abd2b03b712d87e33e79
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4f32497a809d/disk-f4ea8fe2.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/924966d225ee/bsd-f4ea8fe2.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/97029a8608a1/kernel-f4ea8fe2.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+abd2b0...@syzkaller.appspotmail.com
uvm_fault(0xfffffd806739bca0, 0x28, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at bpfioctl+0xd26: movq 0x28(%rax),%rdi
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 73985 47644 0 0 0x4000000 0 syz-executor.7
bpfioctl(21700,20004269,ffff80003782f6c0,3,ffff80002a603d50) at bpfioctl+0xd26 sys/net/bpf.c:901
VOP_IOCTL(fffffd8071e12bd0,20004269,ffff80003782f6c0,3,fffffd807f7d7068,ffff80002a603d50) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd8067c68080,20004269,ffff80003782f6c0,ffff80002a603d50) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525
sys_ioctl(ffff80002a603d50,ffff80003782f890,ffff80003782f7e0) at sys_ioctl+0x4a5
syscall(ffff80003782f890) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x55a1963d620, count: 9
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xfffffd806739bca0, 0x28, 0, 1) -> e
ddb> trace
bpfioctl(21700,20004269,ffff80003782f6c0,3,ffff80002a603d50) at bpfioctl+0xd26 sys/net/bpf.c:901
VOP_IOCTL(fffffd8071e12bd0,20004269,ffff80003782f6c0,3,fffffd807f7d7068,ffff80002a603d50) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd8067c68080,20004269,ffff80003782f6c0,ffff80002a603d50) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525
sys_ioctl(ffff80002a603d50,ffff80003782f890,ffff80003782f7e0) at sys_ioctl+0x4a5
syscall(ffff80003782f890) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x55a1963d620, count: -6
ddb> show registers
rdi 0xffff80002dd1e000
rsi 0x15a
rbp 0xffff80003782f4f0
rbx 0
rdx 0xffff80002dd1e000
rcx 0x159
rax 0
r8 0x7f7fffffc000
r9 0
r10 0xb76d72e05bba936
r11 0x9810d8eb62847836
r12 0
r13 0
r14 0xffff800000f52800
r15 0xffff800000f528a0
rip 0xffffffff827d3b76 bpfioctl+0xd26
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80003782f480
ss 0x10
bpfioctl+0xd26: movq 0x28(%rax),%rdi
ddb> show proc
PROC (syz-executor.7) tid=73985 pid=47644 tcnt=4 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=84, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff80002db1cab0,0xffff80002a64e580
process=0xffff8000ffff50d8 user=0xffff80003782a000, vmspace=0xfffffd806739bca0
estcpu=34, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
98489 189198 52435 0 2 0 syz-executor.4
23120 327274 17850 0 3 0x80 nanoslp syz-executor.5
23120 64638 17850 0 2 0x4000000 syz-executor.5
23120 334527 17850 0 3 0x4000080 fsleep syz-executor.5
6970 318064 18580 0 3 0x80 nanoslp syz-executor.0
6970 280172 18580 0 3 0x4000080 fsleep syz-executor.0
44071 178387 10606 0 2 0 syz-executor.6
44071 119740 10606 0 2 0x4000000 syz-executor.6
44071 229045 10606 0 2 0x4000000 syz-executor.6
44071 487829 10606 0 2 0x4000000 syz-executor.6
23767 185498 5732 0 3 0x80 nanoslp syz-executor.1
23767 65760 5732 0 3 0x4000080 fsleep syz-executor.1
23767 447137 5732 0 2 0x4000000 syz-executor.1
47644 30818 70819 0 3 0x80 nanoslp syz-executor.7
47644 223587 70819 0 2 0x4000000 syz-executor.7
*47644 73985 70819 0 7 0x4000000 syz-executor.7
47644 313500 70819 0 3 0x4000080 fsleep syz-executor.7
96453 368261 29016 0 2 0x2 syz-executor.3
89654 444253 0 0 3 0x14280 nfsidl nfsio
35680 283215 0 0 3 0x14280 nfsidl nfsio
98939 18318 0 0 3 0x14280 nfsidl nfsio
73104 155914 0 0 3 0x14280 nfsidl nfsio
59059 234126 0 0 3 0x14280 nfsidl nfsio
70321 510472 0 0 3 0x14280 nfsidl nfsio
48161 299939 0 0 3 0x14280 nfsidl nfsio
69564 478513 0 0 3 0x14280 nfsidl nfsio
34768 523180 0 0 3 0x14280 nfsidl nfsio
38403 13256 0 0 3 0x14280 nfsidl nfsio
76043 276864 0 0 3 0x14280 nfsidl nfsio
79331 346873 0 0 3 0x14280 nfsidl nfsio
87208 150630 0 0 3 0x14280 nfsidl nfsio
50261 379940 0 0 3 0x14280 nfsidl nfsio
85378 167720 0 0 3 0x14280 nfsidl nfsio
72276 136927 0 0 3 0x14280 nfsidl nfsio
91973 392189 0 0 3 0x14280 nfsidl nfsio
53911 416292 0 0 3 0x14280 nfsidl nfsio
74947 106747 0 0 3 0x14280 nfsidl nfsio
56094 293703 0 0 3 0x14280 nfsidl nfsio
52435 111656 29016 0 3 0x82 nanoslp syz-executor.4
7718 264343 29016 0 3 0x82 nanoslp syz-executor.2
5732 248271 29016 0 3 0x82 nanoslp syz-executor.1
10606 116050 29016 0 3 0x82 nanoslp syz-executor.6
17850 92129 29016 0 3 0x82 nanoslp syz-executor.5
18580 182760 29016 0 3 0x82 nanoslp syz-executor.0
70819 65345 29016 0 3 0x82 nanoslp syz-executor.7
53391 271253 1 0 3 0x18100083 ttyin getty
66282 298421 0 0 3 0x14200 bored sosplice
29016 461733 98566 0 3 0x1a000082 kqread syz-fuzzer
29016 109703 98566 0 3 0x1e000082 thrsleep syz-fuzzer
29016 295350 98566 0 3 0x1e000082 thrsleep syz-fuzzer
29016 519574 98566 0 3 0x1e000082 thrsleep syz-fuzzer
29016 347238 98566 0 3 0x1e000082 wait syz-fuzzer
29016 232716 98566 0 3 0x1e000082 thrsleep syz-fuzzer
29016 83348 98566 0 3 0x1e000082 wait syz-fuzzer
29016 398155 98566 0 3 0x1e000082 wait syz-fuzzer
29016 429005 98566 0 3 0x1e000082 wait syz-fuzzer
29016 262403 98566 0 3 0x1e000082 wait syz-fuzzer
29016 287039 98566 0 3 0x1e000082 thrsleep syz-fuzzer
29016 344603 98566 0 3 0x1e000082 wait syz-fuzzer
29016 187699 98566 0 3 0x1e000082 wait syz-fuzzer
29016 303324 98566 0 3 0x1e000082 wait syz-fuzzer
98566 460359 5926 0 3 0x810008a sigsusp ksh
5926 423062 6417 0 2 0x1800001a sshd
6417 236075 1 0 3 0x18000088 kqread sshd
64873 479499 12317 73 3 0x19100090 kqread syslogd
12317 36927 1 0 3 0x18100082 netio syslogd
98815 240642 1 0 3 0x18100080 kqread resolvd
72201 139872 59448 77 3 0x18100092 kqread dhcpleased
97330 320357 59448 77 3 0x18100092 kqread dhcpleased
59448 136734 1 0 3 0x18000080 kqread dhcpleased
33286 401211 0 0 3 0x14200 bored smr
67961 438304 0 0 2 0x14200 zerothread
33717 473521 0 0 3 0x14200 aiodoned aiodoned
84200 324604 0 0 3 0x14200 syncer update
48644 482737 0 0 3 0x14200 cleaner cleaner
6966 256036 0 0 3 0x14200 reaper reaper
74939 77271 0 0 3 0x14200 pgdaemon pagedaemon
27350 239121 0 0 3 0x14200 bored viomb
38251 320489 0 0 3 0x40014200 acpi0 acpi0
47867 490071 0 0 3 0x14200 bored softnet3
84633 393976 0 0 3 0x14200 bored softnet2
87552 238823 0 0 3 0x14200 bored softnet1
31599 214962 0 0 3 0x14200 bored softnet0
4156 421924 0 0 3 0x14200 bored systqmp
41671 8812 0 0 3 0x14200 bored systq
93016 36902 0 0 2 0x40014200 softclock
78764 323647 0 0 3 0x40014200 idle0
1 371215 0 0 3 0x8080082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10211 6491K 6989K 166960K 27845 0
pcb 15 18K 20K 166960K 637 0
rtable 222 10K 11K 166960K 2338 0
pf 32 9K 10K 166960K 496 0
ifaddr 43 13K 13K 166960K 381 0
ifgroup 55 2K 2K 166960K 789 0
sysctl 3 0K 1K 166960K 10 0
counters 31 17K 17K 166960K 221 0
ioctlops 0 0K 2K 166960K 556 0
iov 0 0K 26K 166960K 1118 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1517 95K 96K 166960K 7499 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 125 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 1602 0
dirhash 12 2K 2K 166960K 69 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 16 57K 73K 166960K 9104 0
sigio 0 0K 0K 166960K 592 0
proc 58 59K 75K 166960K 2042 0
subproc 104 6K 7K 166960K 729 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 838 0
in_multi 89 6K 7K 166960K 648 0
ether_multi 1 0K 0K 166960K 12 0
mrt 1 0K 0K 166960K 7 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 247 1102K 1102K 166960K 247 0
exec 0 0K 1K 166960K 2057 0
pfkey data 0 0K 1K 166960K 6 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 480 548K 548K 166960K 84832 0
UVM aobj 131 4K 4K 166960K 131 0
pinsyscall 22 44K 100K 166960K 2688 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 311 0
NDP 12 0K 1K 166960K 306 0
temp 74 6804K 6932K 166960K 138386 0
kqueue 13 20K 31K 166960K 887 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 376 0 373 3 1 2 2 0 8 1
rtentry 112 683 0 582 5 1 4 4 0 8 0
unpcb 144 8320 0 8306 25 16 9 15 0 8 8
syncache 336 78 0 78 4 3 1 1 0 8 1
tcpqe 32 190 0 190 4 3 1 1 0 8 1
tcpcb 808 2522 0 2514 25 15 10 10 0 8 8
arp 88 131 0 113 1 0 1 1 0 8 0
ipq 40 5 0 4 2 1 1 1 0 8 0
ipqe 40 20 0 19 2 1 1 1 0 8 0
inpcb 360 7260 0 7238 44 33 11 15 0 8 8
nd6 104 161 0 140 1 0 1 1 0 8 0
pkpcb 40 64 0 64 4 3 1 1 0 8 1
kcovpl 48 53 0 45 1 0 1 1 0 8 0
ppxss 1072 55 0 55 3 2 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 2504 0 2089 37 7 30 30 0 8 3
art_table 32 2505 0 2089 4 0 4 4 0 8 0
art_node 16 672 0 586 1 0 1 1 0 8 0
sysvmsgpl 40 46 0 15 1 0 1 1 0 8 0
semapl 112 1600 0 1590 1 0 1 1 0 8 0
shmpl 112 128 0 0 4 0 4 4 0 8 0
dirhash 1024 55 0 38 3 0 3 3 0 8 0
dino2pl 256 14037 0 12481 98 0 98 98 0 8 0
ffsino 240 14037 0 12481 92 0 92 92 0 8 0
nchpl 144 26107 0 24381 66 1 65 66 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 94188 0 94187 4 3 1 2 0 8 0
vcpupl 2048 53 0 0 7 0 7 7 0 8 0
vmpool 664 67 0 14 5 0 5 5 0 8 0
kstatmem 264 404 0 380 2 0 2 2 0 8 0
scxspl 216 75577 0 75577 13 9 4 8 1 8 4
plimitpl 152 1140 0 1125 1 0 1 1 0 8 0
sigapl 424 9609 0 9544 8 0 8 8 0 8 0
futexpl 64 86545 0 86541 1 0 1 1 0 8 0
knotepl 120 79457 0 79373 10 0 10 10 0 8 7
kqueuepl 184 1939 0 1930 10 6 4 4 0 8 3
pipepl 288 1488 0 1460 15 8 7 7 0 8 4
fdescpl 432 9291 0 9264 4 0 4 4 0 8 0
filepl 120 59113 0 58746 38 21 17 20 0 8 5
lockfpl 104 2799 0 2797 3 1 2 2 0 8 1
lockfspl 48 1076 0 1074 1 0 1 1 0 8 0
sessionpl 144 70 0 54 1 0 1 1 0 8 0
pgrppl 48 324 0 308 1 0 1 1 0 8 0
ucredpl 104 9267 0 9250 1 0 1 1 0 8 0
zombiepl 144 9545 0 9544 2 1 1 1 0 8 0
processpl 1072 9609 0 9544 5 0 5 5 0 8 0
procpl 680 22924 0 22835 11 2 9 9 0 8 1
sosppl 168 95 0 95 4 3 1 1 0 8 1
sockpl 488 16042 0 15999 278 264 14 52 0 8 8
mcl64k 65536 363 0 363 4 3 1 1 0 8 1
mcl16k 16384 185 0 185 4 3 1 1 0 8 1
mcl12k 12288 383 0 383 4 3 1 1 0 8 1
mcl9k 9216 157 0 157 4 3 1 1 0 8 1
mcl8k 8192 984 0 984 3 2 1 1 0 8 1
mcl4k 4096 1062 0 1062 4 3 1 2 0 8 1
mcl2k2 2112 65 0 65 4 3 1 1 0 8 1
mcl2k 2048 91189 0 91130 38 24 14 27 0 8 5
mtagpl 96 1541 0 1469 11 1 10 10 0 8 6
mbufpl 256 221774 0 221545 155 124 31 64 0 8 6
bufpl 280 19340 0 12997 454 0 454 454 0 8 0
anonpl 24 962497 0 948077 171 32 139 139 0 188 40
amapchunkpl 152 267302 0 266424 61 23 38 49 0 158 0
amappl16 200 20280 0 19800 80 45 35 50 0 8 8
amappl15 192 74 0 73 1 0 1 1 0 8 0
amappl14 184 281 0 269 2 1 1 2 0 8 0
amappl13 176 23 0 23 2 1 1 1 0 8 1
amappl12 168 10613 0 10583 2 0 2 2 0 8 0
amappl11 160 54 0 44 1 0 1 1 0 8 0
amappl10 152 184 0 174 1 0 1 1 0 8 0
amappl9 144 236 0 232 1 0 1 1 0 8 0
amappl8 136 430 0 350 3 0 3 3 0 8 0
amappl7 128 77 0 62 1 0 1 1 0 8 0
amappl6 120 982 0 963 2 1 1 2 0 8 0
amappl5 112 502 0 490 1 0 1 1 0 8 0
amappl4 104 982 0 951 2 1 1 2 0 8 0
amappl3 96 52905 0 52825 3 0 3 3 0 8 0
amappl2 88 10206 0 10132 4 1 3 4 0 8 0
amappl1 80 44260 0 43765 22 10 12 22 0 8 0
amappl 88 83638 0 83370 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 130 0 0 3 0 3 3 0 8 0
uaddrrnd 24 9358 0 9278 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 9358 0 9278 1 0 1 1 0 8 0
vmmpekpl 168 72323 0 72256 4 0 4 4 0 8 0
vmmpepl 168 574597 0 572237 189 55 134 134 0 357 12
vmsppl 352 9357 0 9278 9 1 8 8 0 8 0
rwobjpl 24 140438 0 132840 49 0 49 49 0 8 1
pdppl 4096 18722 0 18609 596 479 117 117 0 8 4
pvpl 32 2601706 0 2581851 503 272 231 380 0 265 56
pmappl 216 9357 0 9278 5 0 5 5 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1104 0 678 13 0 13 13 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
bpfioctl(21700,20004269,ffff80003782f6c0,3,ffff80002a603d50) at bpfioctl+0xd26 sys/net/bpf.c:901
VOP_IOCTL(fffffd8071e12bd0,20004269,ffff80003782f6c0,3,fffffd807f7d7068,ffff80002a603d50) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd8067c68080,20004269,ffff80003782f6c0,ffff80002a603d50) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525
sys_ioctl(ffff80002a603d50,ffff80003782f890,ffff80003782f7e0) at sys_ioctl+0x4a5
syscall(ffff80003782f890) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x55a1963d620, count: -6
ddb> machine ddbcpu 1
No such command
ddb> trace
bpfioctl(21700,20004269,ffff80003782f6c0,3,ffff80002a603d50) at bpfioctl+0xd26 sys/net/bpf.c:901
VOP_IOCTL(fffffd8071e12bd0,20004269,ffff80003782f6c0,3,fffffd807f7d7068,ffff80002a603d50) at VOP_IOCTL+0x91 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd8067c68080,20004269,ffff80003782f6c0,ffff80002a603d50) at vn_ioctl+0xbb sys/kern/vfs_vnops.c:525
sys_ioctl(ffff80002a603d50,ffff80003782f890,ffff80003782f7e0) at sys_ioctl+0x4a5
syscall(ffff80003782f890) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x55a1963d620, count: -6
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages