uvm_faulta(ADDRg518, ADDR, 0, 1) - > e
0 views
Skip to first unread message
syzbot
Oct 8, 2019, 7:47:07 PM10/8/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 70f1de17 convert unbounded sprintf/strcpy (in disabled deb..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11932d57600000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=9faa31af19fd0b170e7b
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+9faa31...@syzkaller.appspotmail.com
uvm_faulta(0xffffffff824ffg518, 0xffff80000e0b1a000, 0, 1) - > e
fault trap, code=0
Stopped at uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xffffffff824ff518, 0xffff800000b1a000, 0, 1) -> e
uvm_unmap_remove(ffff800000b19f00,0,80000000,ffff80001491e788,1,0) at
uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:497 [inline]
uvm_unmap_remove(ffff800000b19f00,0,80000000,ffff80001491e788,1,0) at
uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2217
end trace frame: 0xffff80001491e7c0, count: 0
ddb> trace
uvm_unmap_remove(ffff800000b19f00,0,80000000,ffff80001491e788,1,0) at
uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:497 [inline]
uvm_unmap_remove(ffff800000b19f00,0,80000000,ffff80001491e788,1,0) at
uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2217
uvm_map_deallocate(ffff800000b19f00) at uvm_map_deallocate+0x6e
sys/uvm/uvm_map.c:4233
vm_impl_init_vmx(ffff800016b54208,ffff8000ffff3b40) at
vm_impl_init_vmx+0x1e0
vm_create(ffff800000a62800,ffff8000ffff3b40) at vm_create+0x193
vm_impl_init sys/arch/amd64/amd64/vmm.c:1385 [inline]
vm_create(ffff800000a62800,ffff8000ffff3b40) at vm_create+0x193
sys/arch/amd64/amd64/vmm.c:1174
VOP_IOCTL(fffffd803acb48f0,c5005601,ffff800000a62800,1,fffffd803f7c6c00,ffff8000ffff3b40)
at
VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291
vn_ioctl(fffffd803aaab348,c5005601,ffff800000a62800,ffff8000ffff3b40) at
vn_ioctl+0xb7 sys/kern/vfs_vnops.c:536
sys_ioctl(ffff8000ffff3b40,ffff80001491eb68,ffff80001491ebb0) at
sys_ioctl+0x5b9
syscall(ffff80001491ec30) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff59,0,3,4a33f4b010) at Xsyscall+0x128
end of kernel
end trace frame: 0x4ceb0a8b40, count: -9
ddb> show registers
rdi 0
rsi 0
rbp 0xffff80001491e770
rbx 0
rdx 0x8ac
rcx 0xffff800014931000
rax 0xffff800000b19f00
r8 0x1
r9 0
r10 0xe9257e0220c6a976
r11 0x8a3ad8ed12f7da9f
r12 0
r13 0xfffffd80387d18c0
r14 0
r15 0xffff800000b19f00
rip 0xffffffff81559f4b uvm_unmap_remove+0x3eb
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80001491e6c0
ss 0x10
uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15
ddb> show proc
PROC (syz-executor.1) pid=455850 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=83, usrpri=83, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff3650,0xffffffff8259ac98
process=0xffff8000148a2a38 user=0xffff800014919000,
vmspace=0xfffffd803f013dd0
estcpu=33, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
58920 300070 54360 0 2 0 syz-executor.1
*58920 455850 54360 0 7 0x4000000 syz-executor.1
57605 68210 40057 0 2 0x2 syz-executor.0
54360 444400 40057 0 2 0x482 syz-executor.1
20716 46803 0 0 3 0x14200 bored sosplice
40057 61394 25167 0 3 0x82 thrsleep syz-fuzzer
40057 85539 25167 0 2 0x4000482 syz-fuzzer
40057 509325 25167 0 3 0x4000082 thrsleep syz-fuzzer
40057 479910 25167 0 3 0x4000082 thrsleep syz-fuzzer
40057 502119 25167 0 3 0x4000082 thrsleep syz-fuzzer
40057 417699 25167 0 3 0x4000082 kqread syz-fuzzer
40057 92579 25167 0 3 0x4000082 thrsleep syz-fuzzer
25167 448432 70715 0 3 0x10008a pause ksh
70715 211960 92367 0 3 0x92 select sshd
67347 492449 1 0 3 0x100083 ttyin getty
92367 470353 1 0 3 0x80 select sshd
58186 73022 16409 73 2 0x100090 syslogd
16409 512635 1 0 3 0x100082 netio syslogd
22273 474662 1 77 3 0x100090 poll dhclient
29387 95024 1 0 3 0x80 poll dhclient
1618 239627 0 0 2 0x14200 zerothread
58386 70380 0 0 3 0x14200 aiodoned aiodoned
67804 130583 0 0 3 0x14200 syncer update
7005 346082 0 0 3 0x14200 cleaner cleaner
56339 85762 0 0 3 0x14200 reaper reaper
1041 327847 0 0 3 0x14200 pgdaemon pagedaemon
94912 302666 0 0 3 0x14200 bored crynlk
7374 35287 0 0 3 0x14200 bored crypto
44866 455292 0 0 3 0x40014200 acpi0 acpi0
43156 179193 0 0 3 0x14200 bored softnet
94423 492482 0 0 3 0x14200 bored systqmp
55959 372229 0 0 3 0x14200 bored systq
17586 10424 0 0 3 0x40014200 bored softclock
47650 188635 0 0 3 0x40014200 idle0
90471 302993 0 0 3 0x14200 bored smr
1 145611 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9549 6353K 7376K 78643K 15620 0 0
pcb 13 10K 12K 78643K 298 0 0
rtable 98 4K 5K 78643K 2709 0 0
ifaddr 75 15K 16K 78643K 263 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 1 2K 2K 78643K 978 0 0
iov 0 0K 16K 78643K 303 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1221 77K 77K 78643K 3195 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 34 0 0
VM map 12 3K 3K 78643K 16 0 0
sem 12 0K 0K 78643K 225 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 5 13K 25K 78643K 2386 0 0
sigio 0 0K 0K 78643K 14 0 0
proc 48 38K 63K 78643K 911 0 0
subproc 32 2K 2K 78643K 238 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 432 0 0
in_multi 23 1K 2K 78643K 191 0 0
ether_multi 1 0K 0K 78643K 8 0 0
mrt 0 0K 0K 78643K 6 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 60 265K 265K 78643K 60 0 0
exec 0 0K 1K 78643K 505 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 121 103K 119K 78643K 6396 0 0
UVM aobj 109 3K 3K 78643K 118 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 224 0 0
NDP 18 0K 0K 78643K 86 0 0
temp 212 3540K 4180K 78643K 62505 0 0
kqueue 0 0K 0K 78643K 11 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 208 0 202 1 0 1 1 0
8 0
rtpcb 80 147 0 145 1 0 1 1 0
8 0
rtentry 112 702 0 666 2 0 2 2 0
8 0
unpcb 120 599 0 587 3 1 2 2 0
8 1
syncache 264 11 0 11 5 4 1 1 0
8 1
sackhl 24 1 0 1 1 1 0 1 0
8 0
tcpqe 32 77 0 77 3 3 0 1 0
8 0
tcpcb 544 1081 0 1077 18 12 6 15 0
8 5
ipq 40 1 0 1 1 1 0 1 0
8 0
ipqe 40 2 0 2 1 1 0 1 0
8 0
inpcb 280 2314 0 2305 14 8 6 9 0
8 5
rttmr 72 2 0 2 1 1 0 1 0
8 0
ip6q 72 1 0 0 1 0 1 1 0
8 0
nd6 48 29 0 27 1 0 1 1 0
8 0
pkpcb 40 8 0 8 3 2 1 1 0
8 1
ppxss 1128 21 0 21 8 7 1 1 0
8 1
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 2018 0 1843 20 6 14 16 0
8 3
art_table 32 2019 0 1843 3 1 2 3 0
8 0
art_node 16 694 0 661 1 0 1 1 0
8 0
sysvmsgpl 40 48 0 35 1 0 1 1 0
8 0
semapl 112 223 0 213 1 0 1 1 0
8 0
shmpl 112 116 0 9 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 4843 0 3449 46 0 46 46 0
8 0
ffsino 240 4843 0 3449 83 0 83 83 0
8 0
nchpl 144 8478 0 6878 60 0 60 60 0
8 0
uvmvnodes 72 6373 0 0 116 0 116 116 0
8 0
vnodes 208 6373 0 0 336 0 336 336 0
8 0
namei 1024 27188 0 27188 4 3 1 1 0
8 1
vcpupl 1984 9 0 0 2 0 2 2 0
8 0
vmpool 520 14 0 4 1 0 1 1 0
8 0
scsiplug 64 3 0 3 1 1 0 1 0
8 0
scxspl 192 27658 0 27658 15 13 2 7 0
8 2
plimitpl 152 136 0 129 1 0 1 1 0
8 0
sigapl 432 2521 0 2508 2 0 2 2 0
8 0
futexpl 56 63965 0 63965 3 2 1 1 0
8 1
knotepl 112 447 0 428 1 0 1 1 0
8 0
kqueuepl 104 468 0 466 4 3 1 4 0
8 0
pipepl 112 1798 0 1779 5 4 1 2 0
8 0
fdescpl 424 2522 0 2508 2 0 2 2 0
8 0
filepl 120 17316 0 17218 16 8 8 11 0
8 5
lockfpl 104 380 0 379 1 0 1 1 0
8 0
lockfspl 48 141 0 140 1 0 1 1 0
8 0
sessionpl 112 29 0 19 1 0 1 1 0
8 0
pgrppl 48 45 0 35 1 0 1 1 0
8 0
ucredpl 96 1724 0 1717 1 0 1 1 0
8 0
zombiepl 144 2509 0 2509 3 2 1 1 0
8 1
processpl 864 2538 0 2509 4 0 4 4 0
8 0
procpl 632 5077 0 5041 4 0 4 4 0
8 0
sosppl 128 15 0 15 6 6 0 1 0
8 0
sockpl 384 3081 0 3060 21 13 8 14 0
8 5
mcl64k 65536 112 0 112 4 3 1 1 0
8 1
mcl16k 16384 24 0 24 6 5 1 1 0
8 1
mcl12k 12288 47 0 47 6 5 1 1 0
8 1
mcl9k 9216 18 0 18 7 6 1 1 0
8 1
mcl8k 8192 96 0 96 4 3 1 1 0
8 1
mcl4k 4096 905 0 905 4 3 1 1 0
8 1
mcl2k2 2112 10 0 10 7 6 1 1 0
8 1
mcl2k 2048 67559 0 67518 23 16 7 14 0
8 1
mtagpl 80 47 0 47 3 2 1 1 0
8 1
mbufpl 256 129449 0 129371 55 41 14 44 0
8 4
bufpl 256 12277 0 5900 399 0 399 399 0
8 0
anonpl 16 276180 0 262103 106 28 78 88 0
62 6
amapchunkpl 152 12748 0 12615 56 42 14 20 0
158 7
amappl16 192 13117 0 12127 122 62 60 72 0
8 8
amappl15 184 191 0 190 1 0 1 1 0
8 0
amappl14 176 907 0 902 2 1 1 1 0
8 0
amappl13 168 394 0 394 2 1 1 1 0
8 1
amappl12 160 158 0 154 2 1 1 1 0
8 0
amappl11 152 79 0 68 1 0 1 1 0
8 0
amappl10 144 213 0 212 3 2 1 1 0
8 0
amappl9 136 1078 0 1072 1 0 1 1 0
8 0
amappl8 128 622 0 592 2 0 2 2 0
8 1
amappl7 120 282 0 276 1 0 1 1 0
8 0
amappl6 112 100 0 91 1 0 1 1 0
8 0
amappl5 104 417 0 404 1 0 1 1 0
8 0
amappl4 96 2870 0 2846 1 0 1 1 0
8 0
amappl3 88 293 0 286 1 0 1 1 0
8 0
amappl2 80 18826 0 18754 4 2 2 3 0
8 0
amappl1 72 53741 0 53335 27 18 9 20 0
8 0
amappl 80 5516 0 5466 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 117 0 9 2 0 2 2 0
8 0
uaddrrnd 24 2536 0 2508 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 2536 0 2508 1 0 1 1 0
8 0
vmmpekpl 168 18972 0 18945 2 0 2 2 0
8 0
vmmpepl 168 304471 0 302407 219 77 142 142 0 357
44
vmsppl 272 2521 0 2508 4 2 2 2 0
8 1
pdppl 4096 5078 0 5033 7 1 6 6 0
8 0
pvpl 32 762389 0 745433 317 92 225 303 0 265
57
pmappl 200 2535 0 2512 2 0 2 2 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 637 0 97 16 0 16 16 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 70f1de17 convert unbounded sprintf/strcpy (in disabled deb..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11932d57600000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=9faa31af19fd0b170e7b
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+9faa31...@syzkaller.appspotmail.com
uvm_faulta(0xffffffff824ffg518, 0xffff80000e0b1a000, 0, 1) - > e
fault trap, code=0
Stopped at uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xffffffff824ff518, 0xffff800000b1a000, 0, 1) -> e
uvm_unmap_remove(ffff800000b19f00,0,80000000,ffff80001491e788,1,0) at
uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:497 [inline]
uvm_unmap_remove(ffff800000b19f00,0,80000000,ffff80001491e788,1,0) at
uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2217
end trace frame: 0xffff80001491e7c0, count: 0
ddb> trace
uvm_unmap_remove(ffff800000b19f00,0,80000000,ffff80001491e788,1,0) at
uvm_unmap_remove+0x3eb uvmspace_dused sys/uvm/uvm_map.c:497 [inline]
uvm_unmap_remove(ffff800000b19f00,0,80000000,ffff80001491e788,1,0) at
uvm_unmap_remove+0x3eb sys/uvm/uvm_map.c:2217
uvm_map_deallocate(ffff800000b19f00) at uvm_map_deallocate+0x6e
sys/uvm/uvm_map.c:4233
vm_impl_init_vmx(ffff800016b54208,ffff8000ffff3b40) at
vm_impl_init_vmx+0x1e0
vm_create(ffff800000a62800,ffff8000ffff3b40) at vm_create+0x193
vm_impl_init sys/arch/amd64/amd64/vmm.c:1385 [inline]
vm_create(ffff800000a62800,ffff8000ffff3b40) at vm_create+0x193
sys/arch/amd64/amd64/vmm.c:1174
VOP_IOCTL(fffffd803acb48f0,c5005601,ffff800000a62800,1,fffffd803f7c6c00,ffff8000ffff3b40)
at
VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291
vn_ioctl(fffffd803aaab348,c5005601,ffff800000a62800,ffff8000ffff3b40) at
vn_ioctl+0xb7 sys/kern/vfs_vnops.c:536
sys_ioctl(ffff8000ffff3b40,ffff80001491eb68,ffff80001491ebb0) at
sys_ioctl+0x5b9
syscall(ffff80001491ec30) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff59,0,3,4a33f4b010) at Xsyscall+0x128
end of kernel
end trace frame: 0x4ceb0a8b40, count: -9
ddb> show registers
rdi 0
rsi 0
rbp 0xffff80001491e770
rbx 0
rdx 0x8ac
rcx 0xffff800014931000
rax 0xffff800000b19f00
r8 0x1
r9 0
r10 0xe9257e0220c6a976
r11 0x8a3ad8ed12f7da9f
r12 0
r13 0xfffffd80387d18c0
r14 0
r15 0xffff800000b19f00
rip 0xffffffff81559f4b uvm_unmap_remove+0x3eb
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80001491e6c0
ss 0x10
uvm_unmap_remove+0x3eb: movq 0x100(%r15),%r15
ddb> show proc
PROC (syz-executor.1) pid=455850 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=83, usrpri=83, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff3650,0xffffffff8259ac98
process=0xffff8000148a2a38 user=0xffff800014919000,
vmspace=0xfffffd803f013dd0
estcpu=33, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
58920 300070 54360 0 2 0 syz-executor.1
*58920 455850 54360 0 7 0x4000000 syz-executor.1
57605 68210 40057 0 2 0x2 syz-executor.0
54360 444400 40057 0 2 0x482 syz-executor.1
20716 46803 0 0 3 0x14200 bored sosplice
40057 61394 25167 0 3 0x82 thrsleep syz-fuzzer
40057 85539 25167 0 2 0x4000482 syz-fuzzer
40057 509325 25167 0 3 0x4000082 thrsleep syz-fuzzer
40057 479910 25167 0 3 0x4000082 thrsleep syz-fuzzer
40057 502119 25167 0 3 0x4000082 thrsleep syz-fuzzer
40057 417699 25167 0 3 0x4000082 kqread syz-fuzzer
40057 92579 25167 0 3 0x4000082 thrsleep syz-fuzzer
25167 448432 70715 0 3 0x10008a pause ksh
70715 211960 92367 0 3 0x92 select sshd
67347 492449 1 0 3 0x100083 ttyin getty
92367 470353 1 0 3 0x80 select sshd
58186 73022 16409 73 2 0x100090 syslogd
16409 512635 1 0 3 0x100082 netio syslogd
22273 474662 1 77 3 0x100090 poll dhclient
29387 95024 1 0 3 0x80 poll dhclient
1618 239627 0 0 2 0x14200 zerothread
58386 70380 0 0 3 0x14200 aiodoned aiodoned
67804 130583 0 0 3 0x14200 syncer update
7005 346082 0 0 3 0x14200 cleaner cleaner
56339 85762 0 0 3 0x14200 reaper reaper
1041 327847 0 0 3 0x14200 pgdaemon pagedaemon
94912 302666 0 0 3 0x14200 bored crynlk
7374 35287 0 0 3 0x14200 bored crypto
44866 455292 0 0 3 0x40014200 acpi0 acpi0
43156 179193 0 0 3 0x14200 bored softnet
94423 492482 0 0 3 0x14200 bored systqmp
55959 372229 0 0 3 0x14200 bored systq
17586 10424 0 0 3 0x40014200 bored softclock
47650 188635 0 0 3 0x40014200 idle0
90471 302993 0 0 3 0x14200 bored smr
1 145611 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9549 6353K 7376K 78643K 15620 0 0
pcb 13 10K 12K 78643K 298 0 0
rtable 98 4K 5K 78643K 2709 0 0
ifaddr 75 15K 16K 78643K 263 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 1 2K 2K 78643K 978 0 0
iov 0 0K 16K 78643K 303 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1221 77K 77K 78643K 3195 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 34 0 0
VM map 12 3K 3K 78643K 16 0 0
sem 12 0K 0K 78643K 225 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 5 13K 25K 78643K 2386 0 0
sigio 0 0K 0K 78643K 14 0 0
proc 48 38K 63K 78643K 911 0 0
subproc 32 2K 2K 78643K 238 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 432 0 0
in_multi 23 1K 2K 78643K 191 0 0
ether_multi 1 0K 0K 78643K 8 0 0
mrt 0 0K 0K 78643K 6 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 60 265K 265K 78643K 60 0 0
exec 0 0K 1K 78643K 505 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 121 103K 119K 78643K 6396 0 0
UVM aobj 109 3K 3K 78643K 118 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 224 0 0
NDP 18 0K 0K 78643K 86 0 0
temp 212 3540K 4180K 78643K 62505 0 0
kqueue 0 0K 0K 78643K 11 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 208 0 202 1 0 1 1 0
8 0
rtpcb 80 147 0 145 1 0 1 1 0
8 0
rtentry 112 702 0 666 2 0 2 2 0
8 0
unpcb 120 599 0 587 3 1 2 2 0
8 1
syncache 264 11 0 11 5 4 1 1 0
8 1
sackhl 24 1 0 1 1 1 0 1 0
8 0
tcpqe 32 77 0 77 3 3 0 1 0
8 0
tcpcb 544 1081 0 1077 18 12 6 15 0
8 5
ipq 40 1 0 1 1 1 0 1 0
8 0
ipqe 40 2 0 2 1 1 0 1 0
8 0
inpcb 280 2314 0 2305 14 8 6 9 0
8 5
rttmr 72 2 0 2 1 1 0 1 0
8 0
ip6q 72 1 0 0 1 0 1 1 0
8 0
nd6 48 29 0 27 1 0 1 1 0
8 0
pkpcb 40 8 0 8 3 2 1 1 0
8 1
ppxss 1128 21 0 21 8 7 1 1 0
8 1
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 2018 0 1843 20 6 14 16 0
8 3
art_table 32 2019 0 1843 3 1 2 3 0
8 0
art_node 16 694 0 661 1 0 1 1 0
8 0
sysvmsgpl 40 48 0 35 1 0 1 1 0
8 0
semapl 112 223 0 213 1 0 1 1 0
8 0
shmpl 112 116 0 9 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 4843 0 3449 46 0 46 46 0
8 0
ffsino 240 4843 0 3449 83 0 83 83 0
8 0
nchpl 144 8478 0 6878 60 0 60 60 0
8 0
uvmvnodes 72 6373 0 0 116 0 116 116 0
8 0
vnodes 208 6373 0 0 336 0 336 336 0
8 0
namei 1024 27188 0 27188 4 3 1 1 0
8 1
vcpupl 1984 9 0 0 2 0 2 2 0
8 0
vmpool 520 14 0 4 1 0 1 1 0
8 0
scsiplug 64 3 0 3 1 1 0 1 0
8 0
scxspl 192 27658 0 27658 15 13 2 7 0
8 2
plimitpl 152 136 0 129 1 0 1 1 0
8 0
sigapl 432 2521 0 2508 2 0 2 2 0
8 0
futexpl 56 63965 0 63965 3 2 1 1 0
8 1
knotepl 112 447 0 428 1 0 1 1 0
8 0
kqueuepl 104 468 0 466 4 3 1 4 0
8 0
pipepl 112 1798 0 1779 5 4 1 2 0
8 0
fdescpl 424 2522 0 2508 2 0 2 2 0
8 0
filepl 120 17316 0 17218 16 8 8 11 0
8 5
lockfpl 104 380 0 379 1 0 1 1 0
8 0
lockfspl 48 141 0 140 1 0 1 1 0
8 0
sessionpl 112 29 0 19 1 0 1 1 0
8 0
pgrppl 48 45 0 35 1 0 1 1 0
8 0
ucredpl 96 1724 0 1717 1 0 1 1 0
8 0
zombiepl 144 2509 0 2509 3 2 1 1 0
8 1
processpl 864 2538 0 2509 4 0 4 4 0
8 0
procpl 632 5077 0 5041 4 0 4 4 0
8 0
sosppl 128 15 0 15 6 6 0 1 0
8 0
sockpl 384 3081 0 3060 21 13 8 14 0
8 5
mcl64k 65536 112 0 112 4 3 1 1 0
8 1
mcl16k 16384 24 0 24 6 5 1 1 0
8 1
mcl12k 12288 47 0 47 6 5 1 1 0
8 1
mcl9k 9216 18 0 18 7 6 1 1 0
8 1
mcl8k 8192 96 0 96 4 3 1 1 0
8 1
mcl4k 4096 905 0 905 4 3 1 1 0
8 1
mcl2k2 2112 10 0 10 7 6 1 1 0
8 1
mcl2k 2048 67559 0 67518 23 16 7 14 0
8 1
mtagpl 80 47 0 47 3 2 1 1 0
8 1
mbufpl 256 129449 0 129371 55 41 14 44 0
8 4
bufpl 256 12277 0 5900 399 0 399 399 0
8 0
anonpl 16 276180 0 262103 106 28 78 88 0
62 6
amapchunkpl 152 12748 0 12615 56 42 14 20 0
158 7
amappl16 192 13117 0 12127 122 62 60 72 0
8 8
amappl15 184 191 0 190 1 0 1 1 0
8 0
amappl14 176 907 0 902 2 1 1 1 0
8 0
amappl13 168 394 0 394 2 1 1 1 0
8 1
amappl12 160 158 0 154 2 1 1 1 0
8 0
amappl11 152 79 0 68 1 0 1 1 0
8 0
amappl10 144 213 0 212 3 2 1 1 0
8 0
amappl9 136 1078 0 1072 1 0 1 1 0
8 0
amappl8 128 622 0 592 2 0 2 2 0
8 1
amappl7 120 282 0 276 1 0 1 1 0
8 0
amappl6 112 100 0 91 1 0 1 1 0
8 0
amappl5 104 417 0 404 1 0 1 1 0
8 0
amappl4 96 2870 0 2846 1 0 1 1 0
8 0
amappl3 88 293 0 286 1 0 1 1 0
8 0
amappl2 80 18826 0 18754 4 2 2 3 0
8 0
amappl1 72 53741 0 53335 27 18 9 20 0
8 0
amappl 80 5516 0 5466 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 117 0 9 2 0 2 2 0
8 0
uaddrrnd 24 2536 0 2508 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 2536 0 2508 1 0 1 1 0
8 0
vmmpekpl 168 18972 0 18945 2 0 2 2 0
8 0
vmmpepl 168 304471 0 302407 219 77 142 142 0 357
44
vmsppl 272 2521 0 2508 4 2 2 2 0
8 1
pdppl 4096 5078 0 5033 7 1 6 6 0
8 0
pvpl 32 762389 0 745433 317 92 225 303 0 265
57
pmappl 200 2535 0 2512 2 0 2 2 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 637 0 97 16 0 16 16 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Anton Lindqvist
Oct 9, 2019, 3:02:21 AM10/9/19
to syzbot, syzkaller-o...@googlegroups.com
#syz dup: uvm_fault: uvm_unmap_remove (2)
Reply all
Reply to author
Forward
0 new messages