assert "rt->rt_ifa->ifa_ifp != NULL" failed: file "/sypzaknic: kernel diagnostic assertion "!_kernel_lock_held()" failed
0 views
Skip to first unread message
syzbot
Nov 5, 2019, 9:22:09 PM11/5/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 38dc29e6 Add a default priority of 5 for user _pbuild, thi..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14ff7eece00000
kernel config: https://syzkaller.appspot.com/x/.config?x=26ca0a9c07f16a3a
dashboard link: https://syzkaller.appspot.com/bug?extid=a258da51529f785dcdb5
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a258da...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "rt->rt_ifa->ifa_ifp != NULL" failed:
file "/sypzaknic: kernel diagnostic assertion "!_kernel_lock_held()"
failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_fork.c",
line 683
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
389753 40397 0 0 0x4000000 0 syz-executor.0
* 47872 98206 0 0 0x4000000 1 syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff82208f7b,ffffffff821f7b24,2ab,ffffffff821db16e) at
__assert+0x2b sys/kern/subr_prf.c:154
proc_trampoline_mp() at proc_trampoline_mp+0x123
end trace frame: 0x0, count: 11
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
kernel diagnostic assertion "rt->rt_ifa->ifa_ifp != NULL" failed:
file "/syzkaller/managers/multicore/kernel/sys/net/route.c", line 848
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff82208f7b,ffffffff821f7b24,2ab,ffffffff821db16e) at
__assert+0x2b sys/kern/subr_prf.c:154
proc_trampoline_mp() at proc_trampoline_mp+0x123
end trace frame: 0x0, count: -4
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff8000229b3a90
rbx 0xffff8000229b3b40
rdx 0xffff800020ace510
rcx 0
rax 0
r8 0xffffffff8141f94f kprintf+0x16f
r9 0x1
r10 0x25
r11 0xa49da2ace6c58054
r12 0x3000000008
r13 0xffff8000229b3aa0
r14 0x104
r15 0x1
rip 0xffffffff814c4808 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000229b3a80
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.1) pid=47872 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020ace020,0xffff800020ace2a8
process=0xffff800020a8ae10 user=0xffff8000229ae000,
vmspace=0xfffffd807f00a000
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
40397 485393 39961 0 2 0 syz-executor.0
40397 389753 39961 0 7 0x4000000 syz-executor.0
98206 416742 25413 0 2 0 syz-executor.1
98206 254137 25413 0 3 0x4000080 ttyopn syz-executor.1
*98206 47872 25413 0 7 0x4000000 syz-executor.1
39961 382675 94410 0 3 0x82 nanosleep syz-executor.0
25413 100062 94410 0 3 0x82 nanosleep syz-executor.1
97352 217465 1 0 3 0x100083 ttyin getty
21685 467806 0 0 3 0x14200 acct acct
43761 492664 0 0 3 0x14200 bored sosplice
94410 406449 11905 0 3 0x82 thrsleep syz-fuzzer
94410 16626 11905 0 3 0x4000082 nanosleep syz-fuzzer
94410 312377 11905 0 3 0x4000082 thrsleep syz-fuzzer
94410 68394 11905 0 3 0x4000082 thrsleep syz-fuzzer
94410 114608 11905 0 3 0x4000082 thrsleep syz-fuzzer
94410 166111 11905 0 3 0x4000082 kqread syz-fuzzer
94410 353932 11905 0 3 0x4000082 thrsleep syz-fuzzer
94410 196601 11905 0 3 0x4000082 thrsleep syz-fuzzer
94410 503736 11905 0 3 0x4000082 thrsleep syz-fuzzer
94410 417591 11905 0 3 0x4000082 thrsleep syz-fuzzer
11905 192354 56555 0 3 0x10008a pause ksh
56555 307654 57878 0 3 0x92 select sshd
57878 384198 1 0 3 0x80 select sshd
89081 366118 98837 74 3 0x100092 bpf pflogd
98837 419610 1 0 3 0x80 netio pflogd
99176 415358 28869 73 3 0x100090 kqread syslogd
28869 59203 1 0 3 0x100082 netio syslogd
76223 372154 1 77 3 0x100090 poll dhclient
78988 266099 1 0 3 0x80 poll dhclient
38579 176744 0 0 2 0x14200 zerothread
84157 272151 0 0 3 0x14200 aiodoned aiodoned
90588 169391 0 0 3 0x14200 syncer update
95545 508919 0 0 3 0x14200 cleaner cleaner
62330 508964 0 0 3 0x14200 reaper reaper
79048 465292 0 0 3 0x14200 pgdaemon pagedaemon
10057 220730 0 0 3 0x14200 bored crynlk
76188 470386 0 0 3 0x14200 bored crypto
22764 309941 0 0 3 0x40014200 acpi0 acpi0
72535 394288 0 0 3 0x40014200 idle1
67513 432652 0 0 3 0x14200 bored softnet
54472 204508 0 0 3 0x14200 bored systqmp
96897 371193 0 0 3 0x14200 bored systq
87750 37598 0 0 3 0x40014200 bored softclock
1811 387824 0 0 3 0x40014200 idle0
96299 369692 0 0 3 0x14200 pause smr
1 194561 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 40397 (syz-executor.0) thread 0xffff800020ace298 (389753)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82648ec0)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 rt_clone+0x5c sys/net/route.c:266
#2 rtalloc_mpath+0xba rt_match sys/net/route.c:244 [inline]
#2 rtalloc_mpath+0xba sys/net/route.c:359
#3 ip_output+0x4f2 sys/netinet/ip_output.c:204
#4 rip_output+0x252 sys/netinet/raw_ip.c:289
#5 rip_usrreq+0x46a sys/netinet/raw_ip.c:538
#6 sosend+0x645 sys/kern/uipc_socket.c:524
#7 dofilewritev+0x1b7 sys/kern/sys_generic.c:364
#8 sys_write+0x83 sys/kern/sys_generic.c:284
#9 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#9 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#10 Xsyscall+0x128
exclusive rwlock netlock r = 0 (0xffffffff824dc718)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 solock+0x5a sys/kern/uipc_socket2.c:282
#2 sosend+0x51b sys/kern/uipc_socket.c:512
#3 dofilewritev+0x1b7 sys/kern/sys_generic.c:364
#4 sys_write+0x83 sys/kern/sys_generic.c:284
#5 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#5 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#6 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9647 6486K 15068K 78643K 52381 0 0
pcb 13 12K 14K 78643K 1674 0 0
rtable 173 17K 18K 78643K 4851 0 0
ifaddr 120 30K 33K 78643K 1467 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1818 0 0
iov 0 0K 32K 78643K 1784 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1236 78K 79K 78643K 13366 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 9K 78643K 117 0 0
VM map 51 25K 25K 78643K 78 0 0
sem 12 0K 1K 78643K 3009 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12765 0 0
file desc 6 17K 25K 78643K 7369 0 0
sigio 1 0K 0K 78643K 112 0 0
proc 62 63K 95K 78643K 3312 0 0
subproc 32 2K 2K 78643K 837 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 1K 78643K 684 0 0
in_multi 38 2K 3K 78643K 1045 0 0
ether_multi 1 0K 0K 78643K 99 0 0
mrt 0 0K 0K 78643K 53 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 108 477K 477K 78643K 108 0 0
exec 0 0K 1K 78643K 1773 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 225 389K 394K 78643K 27044 0 0
UVM aobj 130 4K 4K 78643K 136 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 1696 0 0
NDP 25 0K 1K 78643K 473 0 0
temp 264 3561K 4201K 78643K 246448 0 0
kqueue 0 0K 0K 78643K 85 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 118 0 113 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtpcb 80 613 0 611 1 0 1 1 0
8 0
rtentry 112 858 0 790 3 0 3 3 0
8 0
unpcb 120 5625 0 5604 15 14 1 2 0
8 0
syncache 264 47 0 47 20 20 0 1 0
8 0
tcpqe 32 121 0 121 8 8 0 1 0
8 0
tcpcb 544 4968 0 4964 39 37 2 12 0
8 1
inpcb 280 13027 0 13019 55 53 2 13 0
8 1
rttmr 72 16 0 15 3 2 1 1 0
8 0
ip6q 72 2 0 2 2 2 0 1 0
8 0
ip6af 40 2 0 2 1 1 0 1 0
8 0
nd6 48 135 0 133 3 2 1 1 0
8 0
pkpcb 40 27 0 27 10 10 0 1 0
8 0
swfcl 56 3 0 0 1 0 1 1 0
8 0
ppxss 1128 209 0 209 25 24 1 1 0
8 1
pffrag 232 199 0 199 37 36 1 1 0
482 1
pffrnode 88 199 0 199 37 36 1 1 0
8 1
pffrent 40 6853 0 6853 37 36 1 1 0
8 1
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 603 0 567 1 0 1 1 0
8 0
pfstkey 112 603 0 567 3 1 2 3 0
8 0
pfstate 328 603 0 566 9 4 5 8 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 19 0 13 17 11 6 6 0
8 0
art_heap4 256 3706 0 3422 51 31 20 22 0
8 0
art_table 32 3725 0 3435 7 4 3 3 0
8 0
art_node 16 852 0 803 1 0 1 1 0
8 0
sysvmsgpl 40 23 0 12 1 0 1 1 0
8 0
semupl 112 1 0 1 1 1 0 1 0
8 0
semapl 112 3007 0 2997 1 0 1 1 0
8 0
shmpl 112 134 0 6 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 12823 0 11390 49 2 47 47 0
8 0
ffsino 272 12823 0 11390 97 1 96 96 0
8 0
nchpl 144 26151 0 25654 61 41 20 61 0
8 0
uvmvnodes 72 6398 0 0 117 0 117 117 0
8 0
vnodes 208 6398 0 0 337 0 337 337 0
8 0
namei 1024 97400 0 97400 3 2 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
vcpupl 1984 49 0 0 7 0 7 7 0
8 0
vmpool 552 76 0 27 4 0 4 4 0
8 0
scsiplug 64 9 0 9 6 6 0 1 0
8 0
scxspl 192 78017 0 78017 57 54 3 3 0
8 3
plimitpl 152 682 0 674 1 0 1 1 0
8 0
sigapl 432 7432 0 7416 3 1 2 3 0
8 0
futexpl 56 190814 0 190814 2 1 1 1 0
8 1
knotepl 112 1504 0 1485 5 4 1 2 0
8 0
kqueuepl 104 2129 0 2127 7 6 1 4 0
8 0
pipepl 112 4660 0 4641 4 3 1 2 0
8 0
fdescpl 488 7433 0 7416 3 0 3 3 0
8 0
filepl 152 75293 0 75191 71 65 6 14 0
8 2
lockfpl 104 2796 0 2795 1 0 1 1 0
8 0
lockfspl 48 923 0 922 1 0 1 1 0
8 0
sessionpl 112 71 0 60 1 0 1 1 0
8 0
pgrppl 48 180 0 169 1 0 1 1 0
8 0
ucredpl 96 8416 0 8406 1 0 1 1 0
8 0
zombiepl 144 7416 0 7416 2 1 1 1 0
8 1
processpl 896 7450 0 7416 4 0 4 4 0
8 0
procpl 632 23592 0 23546 5 0 5 5 0
8 0
srpgc 64 90 0 90 29 28 1 1 0
8 1
sosppl 128 279 0 279 31 30 1 1 0
8 1
sockpl 384 19512 0 19479 101 96 5 23 0
8 0
mcl64k 65536 925 0 0 100 35 65 66 0
8 0
mcl16k 16384 33 0 0 5 2 3 3 0
8 0
mcl12k 12288 41 0 0 2 0 2 2 0
8 0
mcl9k 9216 27 0 0 2 0 2 2 0
8 0
mcl8k 8192 33 0 0 5 2 3 3 0
8 0
mcl4k 4096 25 0 0 3 0 3 3 0
8 0
mcl2k2 2112 11 0 0 1 0 1 1 0
8 0
mcl2k 2048 202 0 0 20 3 17 20 0
8 0
mtagpl 80 99 0 0 1 0 1 1 0
8 0
mbufpl 256 1274 0 0 51 0 51 51 0
8 0
bufpl 256 28809 0 21751 442 0 442 442 0
8 0
anonpl 16 959732 0 935188 268 163 105 116 0
124 1
amapchunkpl 152 57982 0 57553 133 110 23 31 0
158 5
amappl16 192 40286 0 39131 281 221 60 71 0
8 0
amappl15 184 748 0 747 6 5 1 1 0
8 0
amappl14 176 916 0 911 1 0 1 1 0
8 0
amappl13 168 743 0 742 1 0 1 1 0
8 0
amappl12 160 2111 0 2106 1 0 1 1 0
8 0
amappl11 152 566 0 551 1 0 1 1 0
8 0
amappl10 144 1529 0 1520 1 0 1 1 0
8 0
amappl9 136 2245 0 2241 1 0 1 1 0
8 0
amappl8 128 1933 0 1847 3 0 3 3 0
8 0
amappl7 120 1711 0 1700 1 0 1 1 0
8 0
amappl6 112 457 0 441 1 0 1 1 0
8 0
amappl5 104 2643 0 2628 1 0 1 1 0
8 0
amappl4 96 6808 0 6772 1 0 1 1 0
8 0
amappl3 88 2040 0 2035 1 0 1 1 0
8 0
amappl2 80 56605 0 56516 3 1 2 3 0
8 0
amappl1 72 177332 0 176876 25 15 10 20 0
8 0
amappl 80 24859 0 24784 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 135 0 6 3 0 3 3 0
8 0
uaddrrnd 24 7509 0 7416 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 7509 0 7416 1 0 1 1 0
8 0
vmmpekpl 168 61171 0 61128 3 0 3 3 0
8 0
vmmpepl 168 960000 0 957433 498 343 155 164 0 357
35
vmsppl 368 7432 0 7416 2 0 2 2 0
8 0
pdppl 4096 15025 0 14935 13 1 12 12 0
8 0
pvpl 32 2455936 0 2432421 512 310 202 231 0
265 0
pmappl 232 7508 0 7443 5 1 4 4 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 855 0 128 21 0 21 21 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 38dc29e6 Add a default priority of 5 for user _pbuild, thi..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14ff7eece00000
kernel config: https://syzkaller.appspot.com/x/.config?x=26ca0a9c07f16a3a
dashboard link: https://syzkaller.appspot.com/bug?extid=a258da51529f785dcdb5
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a258da...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "rt->rt_ifa->ifa_ifp != NULL" failed:
file "/sypzaknic: kernel diagnostic assertion "!_kernel_lock_held()"
failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_fork.c",
line 683
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
389753 40397 0 0 0x4000000 0 syz-executor.0
* 47872 98206 0 0 0x4000000 1 syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff82208f7b,ffffffff821f7b24,2ab,ffffffff821db16e) at
__assert+0x2b sys/kern/subr_prf.c:154
proc_trampoline_mp() at proc_trampoline_mp+0x123
end trace frame: 0x0, count: 11
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
kernel diagnostic assertion "rt->rt_ifa->ifa_ifp != NULL" failed:
file "/syzkaller/managers/multicore/kernel/sys/net/route.c", line 848
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff82208f7b,ffffffff821f7b24,2ab,ffffffff821db16e) at
__assert+0x2b sys/kern/subr_prf.c:154
proc_trampoline_mp() at proc_trampoline_mp+0x123
end trace frame: 0x0, count: -4
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff8000229b3a90
rbx 0xffff8000229b3b40
rdx 0xffff800020ace510
rcx 0
rax 0
r8 0xffffffff8141f94f kprintf+0x16f
r9 0x1
r10 0x25
r11 0xa49da2ace6c58054
r12 0x3000000008
r13 0xffff8000229b3aa0
r14 0x104
r15 0x1
rip 0xffffffff814c4808 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000229b3a80
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.1) pid=47872 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020ace020,0xffff800020ace2a8
process=0xffff800020a8ae10 user=0xffff8000229ae000,
vmspace=0xfffffd807f00a000
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
40397 485393 39961 0 2 0 syz-executor.0
40397 389753 39961 0 7 0x4000000 syz-executor.0
98206 416742 25413 0 2 0 syz-executor.1
98206 254137 25413 0 3 0x4000080 ttyopn syz-executor.1
*98206 47872 25413 0 7 0x4000000 syz-executor.1
39961 382675 94410 0 3 0x82 nanosleep syz-executor.0
25413 100062 94410 0 3 0x82 nanosleep syz-executor.1
97352 217465 1 0 3 0x100083 ttyin getty
21685 467806 0 0 3 0x14200 acct acct
43761 492664 0 0 3 0x14200 bored sosplice
94410 406449 11905 0 3 0x82 thrsleep syz-fuzzer
94410 16626 11905 0 3 0x4000082 nanosleep syz-fuzzer
94410 312377 11905 0 3 0x4000082 thrsleep syz-fuzzer
94410 68394 11905 0 3 0x4000082 thrsleep syz-fuzzer
94410 114608 11905 0 3 0x4000082 thrsleep syz-fuzzer
94410 166111 11905 0 3 0x4000082 kqread syz-fuzzer
94410 353932 11905 0 3 0x4000082 thrsleep syz-fuzzer
94410 196601 11905 0 3 0x4000082 thrsleep syz-fuzzer
94410 503736 11905 0 3 0x4000082 thrsleep syz-fuzzer
94410 417591 11905 0 3 0x4000082 thrsleep syz-fuzzer
11905 192354 56555 0 3 0x10008a pause ksh
56555 307654 57878 0 3 0x92 select sshd
57878 384198 1 0 3 0x80 select sshd
89081 366118 98837 74 3 0x100092 bpf pflogd
98837 419610 1 0 3 0x80 netio pflogd
99176 415358 28869 73 3 0x100090 kqread syslogd
28869 59203 1 0 3 0x100082 netio syslogd
76223 372154 1 77 3 0x100090 poll dhclient
78988 266099 1 0 3 0x80 poll dhclient
38579 176744 0 0 2 0x14200 zerothread
84157 272151 0 0 3 0x14200 aiodoned aiodoned
90588 169391 0 0 3 0x14200 syncer update
95545 508919 0 0 3 0x14200 cleaner cleaner
62330 508964 0 0 3 0x14200 reaper reaper
79048 465292 0 0 3 0x14200 pgdaemon pagedaemon
10057 220730 0 0 3 0x14200 bored crynlk
76188 470386 0 0 3 0x14200 bored crypto
22764 309941 0 0 3 0x40014200 acpi0 acpi0
72535 394288 0 0 3 0x40014200 idle1
67513 432652 0 0 3 0x14200 bored softnet
54472 204508 0 0 3 0x14200 bored systqmp
96897 371193 0 0 3 0x14200 bored systq
87750 37598 0 0 3 0x40014200 bored softclock
1811 387824 0 0 3 0x40014200 idle0
96299 369692 0 0 3 0x14200 pause smr
1 194561 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 40397 (syz-executor.0) thread 0xffff800020ace298 (389753)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82648ec0)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 rt_clone+0x5c sys/net/route.c:266
#2 rtalloc_mpath+0xba rt_match sys/net/route.c:244 [inline]
#2 rtalloc_mpath+0xba sys/net/route.c:359
#3 ip_output+0x4f2 sys/netinet/ip_output.c:204
#4 rip_output+0x252 sys/netinet/raw_ip.c:289
#5 rip_usrreq+0x46a sys/netinet/raw_ip.c:538
#6 sosend+0x645 sys/kern/uipc_socket.c:524
#7 dofilewritev+0x1b7 sys/kern/sys_generic.c:364
#8 sys_write+0x83 sys/kern/sys_generic.c:284
#9 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#9 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#10 Xsyscall+0x128
exclusive rwlock netlock r = 0 (0xffffffff824dc718)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 solock+0x5a sys/kern/uipc_socket2.c:282
#2 sosend+0x51b sys/kern/uipc_socket.c:512
#3 dofilewritev+0x1b7 sys/kern/sys_generic.c:364
#4 sys_write+0x83 sys/kern/sys_generic.c:284
#5 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#5 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#6 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9647 6486K 15068K 78643K 52381 0 0
pcb 13 12K 14K 78643K 1674 0 0
rtable 173 17K 18K 78643K 4851 0 0
ifaddr 120 30K 33K 78643K 1467 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1818 0 0
iov 0 0K 32K 78643K 1784 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1236 78K 79K 78643K 13366 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 9K 78643K 117 0 0
VM map 51 25K 25K 78643K 78 0 0
sem 12 0K 1K 78643K 3009 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12765 0 0
file desc 6 17K 25K 78643K 7369 0 0
sigio 1 0K 0K 78643K 112 0 0
proc 62 63K 95K 78643K 3312 0 0
subproc 32 2K 2K 78643K 837 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 1K 78643K 684 0 0
in_multi 38 2K 3K 78643K 1045 0 0
ether_multi 1 0K 0K 78643K 99 0 0
mrt 0 0K 0K 78643K 53 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 108 477K 477K 78643K 108 0 0
exec 0 0K 1K 78643K 1773 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 225 389K 394K 78643K 27044 0 0
UVM aobj 130 4K 4K 78643K 136 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 1696 0 0
NDP 25 0K 1K 78643K 473 0 0
temp 264 3561K 4201K 78643K 246448 0 0
kqueue 0 0K 0K 78643K 85 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 118 0 113 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtpcb 80 613 0 611 1 0 1 1 0
8 0
rtentry 112 858 0 790 3 0 3 3 0
8 0
unpcb 120 5625 0 5604 15 14 1 2 0
8 0
syncache 264 47 0 47 20 20 0 1 0
8 0
tcpqe 32 121 0 121 8 8 0 1 0
8 0
tcpcb 544 4968 0 4964 39 37 2 12 0
8 1
inpcb 280 13027 0 13019 55 53 2 13 0
8 1
rttmr 72 16 0 15 3 2 1 1 0
8 0
ip6q 72 2 0 2 2 2 0 1 0
8 0
ip6af 40 2 0 2 1 1 0 1 0
8 0
nd6 48 135 0 133 3 2 1 1 0
8 0
pkpcb 40 27 0 27 10 10 0 1 0
8 0
swfcl 56 3 0 0 1 0 1 1 0
8 0
ppxss 1128 209 0 209 25 24 1 1 0
8 1
pffrag 232 199 0 199 37 36 1 1 0
482 1
pffrnode 88 199 0 199 37 36 1 1 0
8 1
pffrent 40 6853 0 6853 37 36 1 1 0
8 1
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 603 0 567 1 0 1 1 0
8 0
pfstkey 112 603 0 567 3 1 2 3 0
8 0
pfstate 328 603 0 566 9 4 5 8 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 19 0 13 17 11 6 6 0
8 0
art_heap4 256 3706 0 3422 51 31 20 22 0
8 0
art_table 32 3725 0 3435 7 4 3 3 0
8 0
art_node 16 852 0 803 1 0 1 1 0
8 0
sysvmsgpl 40 23 0 12 1 0 1 1 0
8 0
semupl 112 1 0 1 1 1 0 1 0
8 0
semapl 112 3007 0 2997 1 0 1 1 0
8 0
shmpl 112 134 0 6 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 12823 0 11390 49 2 47 47 0
8 0
ffsino 272 12823 0 11390 97 1 96 96 0
8 0
nchpl 144 26151 0 25654 61 41 20 61 0
8 0
uvmvnodes 72 6398 0 0 117 0 117 117 0
8 0
vnodes 208 6398 0 0 337 0 337 337 0
8 0
namei 1024 97400 0 97400 3 2 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
vcpupl 1984 49 0 0 7 0 7 7 0
8 0
vmpool 552 76 0 27 4 0 4 4 0
8 0
scsiplug 64 9 0 9 6 6 0 1 0
8 0
scxspl 192 78017 0 78017 57 54 3 3 0
8 3
plimitpl 152 682 0 674 1 0 1 1 0
8 0
sigapl 432 7432 0 7416 3 1 2 3 0
8 0
futexpl 56 190814 0 190814 2 1 1 1 0
8 1
knotepl 112 1504 0 1485 5 4 1 2 0
8 0
kqueuepl 104 2129 0 2127 7 6 1 4 0
8 0
pipepl 112 4660 0 4641 4 3 1 2 0
8 0
fdescpl 488 7433 0 7416 3 0 3 3 0
8 0
filepl 152 75293 0 75191 71 65 6 14 0
8 2
lockfpl 104 2796 0 2795 1 0 1 1 0
8 0
lockfspl 48 923 0 922 1 0 1 1 0
8 0
sessionpl 112 71 0 60 1 0 1 1 0
8 0
pgrppl 48 180 0 169 1 0 1 1 0
8 0
ucredpl 96 8416 0 8406 1 0 1 1 0
8 0
zombiepl 144 7416 0 7416 2 1 1 1 0
8 1
processpl 896 7450 0 7416 4 0 4 4 0
8 0
procpl 632 23592 0 23546 5 0 5 5 0
8 0
srpgc 64 90 0 90 29 28 1 1 0
8 1
sosppl 128 279 0 279 31 30 1 1 0
8 1
sockpl 384 19512 0 19479 101 96 5 23 0
8 0
mcl64k 65536 925 0 0 100 35 65 66 0
8 0
mcl16k 16384 33 0 0 5 2 3 3 0
8 0
mcl12k 12288 41 0 0 2 0 2 2 0
8 0
mcl9k 9216 27 0 0 2 0 2 2 0
8 0
mcl8k 8192 33 0 0 5 2 3 3 0
8 0
mcl4k 4096 25 0 0 3 0 3 3 0
8 0
mcl2k2 2112 11 0 0 1 0 1 1 0
8 0
mcl2k 2048 202 0 0 20 3 17 20 0
8 0
mtagpl 80 99 0 0 1 0 1 1 0
8 0
mbufpl 256 1274 0 0 51 0 51 51 0
8 0
bufpl 256 28809 0 21751 442 0 442 442 0
8 0
anonpl 16 959732 0 935188 268 163 105 116 0
124 1
amapchunkpl 152 57982 0 57553 133 110 23 31 0
158 5
amappl16 192 40286 0 39131 281 221 60 71 0
8 0
amappl15 184 748 0 747 6 5 1 1 0
8 0
amappl14 176 916 0 911 1 0 1 1 0
8 0
amappl13 168 743 0 742 1 0 1 1 0
8 0
amappl12 160 2111 0 2106 1 0 1 1 0
8 0
amappl11 152 566 0 551 1 0 1 1 0
8 0
amappl10 144 1529 0 1520 1 0 1 1 0
8 0
amappl9 136 2245 0 2241 1 0 1 1 0
8 0
amappl8 128 1933 0 1847 3 0 3 3 0
8 0
amappl7 120 1711 0 1700 1 0 1 1 0
8 0
amappl6 112 457 0 441 1 0 1 1 0
8 0
amappl5 104 2643 0 2628 1 0 1 1 0
8 0
amappl4 96 6808 0 6772 1 0 1 1 0
8 0
amappl3 88 2040 0 2035 1 0 1 1 0
8 0
amappl2 80 56605 0 56516 3 1 2 3 0
8 0
amappl1 72 177332 0 176876 25 15 10 20 0
8 0
amappl 80 24859 0 24784 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 135 0 6 3 0 3 3 0
8 0
uaddrrnd 24 7509 0 7416 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 7509 0 7416 1 0 1 1 0
8 0
vmmpekpl 168 61171 0 61128 3 0 3 3 0
8 0
vmmpepl 168 960000 0 957433 498 343 155 164 0 357
35
vmsppl 368 7432 0 7416 2 0 2 2 0
8 0
pdppl 4096 15025 0 14935 13 1 12 12 0
8 0
pvpl 32 2455936 0 2432421 512 310 202 231 0
265 0
pmappl 232 7508 0 7443 5 1 4 4 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 855 0 128 21 0 21 21 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Anton Lindqvist
Nov 6, 2019, 3:14:42 AM11/6/19
to syzbot, syzkaller-o...@googlegroups.com
#syz dup: assert "rt->rt_ifa->ifa_ifp != NULL" failed in route.c
Reply all
Reply to author
Forward
0 new messages