uvm_fault: wsmux_detach_sc
1 view
Skip to first unread message
syzbot
Feb 5, 2019, 2:15:04 AM2/5/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 6e31582a5a78 _dl_cerror is trivial on powerpc; just inline..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16bd7273400000
kernel config: https://syzkaller.appspot.com/x/.config?x=3303344588104330
dashboard link: https://syzkaller.appspot.com/bug?extid=03f7377a9848d7d008c9
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+03f737...@syzkaller.appspotmail.com
login: uvm_fault(0xfffffd807f00d9d8, 0x9f, 0, 2) -> e
kernel: page fault trap, code=0
Stopped at wsmux_detach_sc+0xca: movq %rcx,0(%rax)
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> show panic
kernel page fault
uvm_fault(0xfffffd807f00d9d8, 0x9f, 0, 2) -> e
wsmux_detach_sc(3f2a36016d71fe5) at wsmux_detach_sc+0xca
sys/dev/wscons/wsmux.c:696
end trace frame: 0xffff800020ca2fb0, count: 0
ddb{1}> trace
wsmux_detach_sc(3f2a36016d71fe5) at wsmux_detach_sc+0xca
sys/dev/wscons/wsmux.c:696
wsmouseopen(6e873d895302cf10,ffff800020bbae28,ffff800020ca3020,1760) at
wsmouseopen+0xe5 sys/dev/wscons/wsmouse.c:325
spec_open(b59153f4a0f4384c) at spec_open+0x215 sys/kern/spec_vnops.c:158
VOP_OPEN(65ea782ac68aaa9e,ffff800020ca31d0,1,fffffd80701e53d0) at
VOP_OPEN+0x72 sys/kern/vfs_vops.c:153vn_open(704d6d45eaaabc49,1,1) at
vn_open+0x4c2
doopenat(f525f95fd7dd27c3,0,ffff800020bbae28,49ff0310218,0,50) at
doopenat+0x2b9 sys/kern/vfs_syscalls.c:1045
syscall(a6c67ce5500b32ed) at syscall+0x5a0 mi_syscall
sys/sys/syscall_mi.h:99 [inline]
syscall(a6c67ce5500b32ed) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:574
Xsyscall(6,0,ffffffffffffffa8,0,3,49dce636010) at Xsyscall+0x128
end of kernel
end trace frame: 0x49ff03102a0, count: -8
ddb{1}> show registers
rdi 0xffffffff8196b497 spllower+0x77
rsi 0x49a
rbp 0xffff800020ca2f70
rbx 0
rdx 0x49b
rcx 0xffffffffffffffff
rax 0x9f
r8 0xffffffff816da4a4 setrunnable+0x94
r9 0x5
r10 0x5939831ad1e193d9
r11 0x92fd97a6b86a473a
r12 0xffff800000026db8
r13 0x1760 __ALIGN_SIZE+0x760
r14 0xffff80000064dc00
r15 0x1
rip 0xffffffff816175fa wsmux_detach_sc+0xca
cs 0x8
rflags 0x10286 __ALIGN_SIZE+0xf286
rsp 0xffff800020ca2f50
ss 0x10
wsmux_detach_sc+0xca: movq %rcx,0(%rax)
ddb{1}> show proc
PROC (syz-executor0) pid=54542 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=0, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020bbb788,0xffff800020bba988
process=0xffff800020b949e8 user=0xffff800020c9e000,
vmspace=0xfffffd807f00d9d8
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
11912 87841 39629 0 7 0 syz-executor0
*11912 54542 39629 0 7 0x4000000 syz-executor0
11912 466219 39629 0 2 0x4000000 syz-executor0
88892 492482 1 0 3 0x100083 ttyin getty
67701 289219 0 0 3 0x14200 bored sosplice
64309 319622 18461 0 3 0x82 nanosleep syz-executor1
39629 476468 18461 0 3 0x82 nanosleep syz-executor0
18461 239031 26372 0 3 0x82 thrsleep syz-fuzzer
18461 111322 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 495282 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 511133 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 168426 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 521906 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 233989 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 477529 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 266092 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 160738 26372 0 3 0x4000082 kqread syz-fuzzer
26372 303931 64221 0 3 0x10008a pause ksh
64221 416112 55158 0 3 0x92 select sshd
55158 368058 1 0 3 0x80 select sshd
43769 71476 94456 73 2 0x100090 syslogd
94456 229086 1 0 3 0x100082 netio syslogd
11447 342876 1 77 3 0x100090 poll dhclient
27864 182249 1 0 3 0x80 poll dhclient
76302 35595 0 0 3 0x14200 pgzero zerothread
41768 42713 0 0 3 0x14200 aiodoned aiodoned
82146 440932 0 0 3 0x14200 syncer update
1446 103967 0 0 3 0x14200 cleaner cleaner
20092 76442 0 0 3 0x14200 reaper reaper
95173 227554 0 0 3 0x14200 pgdaemon pagedaemon
82630 332778 0 0 3 0x14200 bored crynlk
9656 239682 0 0 3 0x14200 bored crypto
77813 193064 0 0 3 0x40014200 acpi0 acpi0
93193 449702 0 0 3 0x40014200 idle1
47110 463150 0 0 3 0x14200 bored softnet
78680 27569 0 0 3 0x14200 bored systqmp
55030 221962 0 0 3 0x14200 bored systq
82454 403128 0 0 3 0x40014200 bored softclock
26311 510566 0 0 3 0x40014200 idle0
1 396845 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 11912 (syz-executor0) thread 0xffff800020bbae28 (54542)
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff822d6828) locked @
/syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/trap.c:161
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9524 6373K 6375K 78643K 11250 0 0
pcb 23 9K 10K 78643K 1112 0 0
rtable 100 3K 4K 78643K 372 0 0
ifaddr 54 13K 13K 78643K 175 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 2K 78643K 34 0 0
iov 0 0K 32K 78643K 240 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1196 75K 76K 78643K 2616 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 29 0 0
VM map 2 1K 1K 78643K 2 0 0
sem 12 0K 0K 78643K 262 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1792 194K 288K 78643K 12592 0 0
file desc 5 13K 25K 78643K 2223 0 0
sigio 0 0K 0K 78643K 48 0 0
proc 42 38K 58K 78643K 634 0 0
subproc 64 65538K 67586K 78643K 85 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 301 0 0
in_multi 33 2K 2K 78643K 153 0 0
ether_multi 1 0K 0K 78643K 18 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 90 397K 397K 78643K 90 0 0
exec 0 0K 1K 78643K 351 0 0
pfkey data 0 0K 4K 78643K 3 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 100 21K 30K 78643K 7913 0 0
UVM aobj 101 3K 3K 78643K 118 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 54 0 0
NDP 11 0K 0K 78643K 47 0 0
temp 163 2367K 2435K 78643K 8593 0 0
kqueue 0 0K 0K 78643K 27 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 4 0 0 1 0 1 1 0
8 0
inpcbpl 280 959 0 952 1 0 1 1 0
8 0
plimitpl 152 47 0 40 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtentry 112 41 0 1 2 0 2 2 0
8 0
syncache 264 4 0 4 1 1 0 1 0
8 0
tcpcb 544 359 0 355 1 0 1 1 0
8 0
nd6 48 4 0 0 1 0 1 1 0
8 0
ppxss 1128 27 0 27 8 7 1 1 0
8 1
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 185 0 0 12 0 12 12 0
8 0
art_table 32 186 0 0 2 0 2 2 0
8 0
art_node 16 40 0 6 1 0 1 1 0
8 0
sysvmsgpl 40 26 0 10 1 0 1 1 0
8 0
semupl 112 1 0 1 1 1 0 1 0
8 0
semapl 112 260 0 250 1 0 1 1 0
8 0
shmpl 112 116 0 17 3 0 3 3 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 5739 0 4320 46 0 46 46 0
8 0
ffsino 272 5739 0 4320 95 0 95 95 0
8 0
nchpl 144 9143 0 7567 60 1 59 60 0
8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0
8 0
vnodes 200 5926 0 0 312 0 312 312 0
8 0
namei 1024 27745 0 27745 1 0 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
scsiplug 64 8 0 8 5 5 0 1 0
8 0
scxspl 192 25229 0 25229 14 11 3 6 0
8 3
sigapl 432 2395 0 2382 2 0 2 2 0
8 0
futexpl 56 26822 0 26822 1 0 1 1 0
8 1
knotepl 112 658 0 631 6 5 1 2 0
8 0
kqueuepl 104 720 0 718 1 0 1 1 0
8 0
pipepl 112 1570 0 1551 5 4 1 2 0
8 0
fdescpl 488 2396 0 2382 3 1 2 3 0
8 0
filepl 152 14974 0 14877 5 0 5 5 0
8 1
lockfpl 104 738 0 738 3 2 1 1 0
8 1
lockfspl 32 1039 0 1039 3 2 1 1 0
8 1
sessionpl 112 22 0 12 1 0 1 1 0
8 0
pgrppl 48 46 0 36 1 0 1 1 0
8 0
ucredpl 96 4592 0 4585 1 0 1 1 0
8 0
zombiepl 144 2382 0 2381 2 1 1 1 0
8 0
processpl 840 2411 0 2381 4 0 4 4 0
8 0
procpl 600 7216 0 7175 4 0 4 4 0
8 0
sosppl 128 45 0 45 10 9 1 1 0
8 1
sockpl 384 2013 0 1996 4 1 3 3 0
8 1
mcl64k 65536 525 0 0 65 17 48 65 0
8 0
mcl16k 16384 2 0 0 1 0 1 1 0
8 0
mcl12k 12288 17 0 0 2 0 2 2 0
8 0
mcl9k 9216 8 0 0 1 0 1 1 0
8 0
mcl8k 8192 11 0 0 2 0 2 2 0
8 0
mcl4k 4096 17 0 0 3 0 3 3 0
8 0
mcl2k2 2112 3 0 0 1 0 1 1 0
8 0
mcl2k 2048 127 0 0 15 2 13 15 0
8 0
mtagpl 80 1 0 0 1 0 1 1 0
8 0
mbufpl 256 644 0 0 37 0 37 37 0
8 0
bufpl 256 8510 0 1541 436 0 436 436 0
8 0
anonpl 16 249336 0 241619 107 59 48 48 0 125
12
amapchunkpl 152 14129 0 14041 28 17 11 11 0
158 6
amappl16 192 13146 0 12737 116 87 29 33 0
8 8
amappl15 184 1 0 0 1 0 1 1 0
8 0
amappl14 176 1106 0 1103 2 1 1 1 0
8 0
amappl13 168 24 0 20 1 0 1 1 0
8 0
amappl12 160 19 0 17 1 0 1 1 0
8 0
amappl11 152 186 0 176 1 0 1 1 0
8 0
amappl10 144 2275 0 2271 2 1 1 1 0
8 0
amappl9 136 349 0 347 1 0 1 1 0
8 0
amappl8 128 164 0 134 1 0 1 1 0
8 0
amappl7 120 32 0 27 1 0 1 1 0
8 0
amappl6 112 1139 0 1134 1 0 1 1 0
8 0
amappl5 104 142 0 130 1 0 1 1 0
8 0
amappl4 96 321 0 298 2 1 1 2 0
8 0
amappl3 88 223 0 218 1 0 1 1 0
8 0
amappl2 80 22729 0 22672 2 0 2 2 0
8 0
amappl1 72 59738 0 59320 22 12 10 18 0
8 0
amappl 72 7463 0 7429 1 0 1 1 0
75 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 117 0 17 2 0 2 2 0
8 0
uaddrrnd 24 2396 0 2382 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 2396 0 2382 1 0 1 1 0
8 0
vmmpekpl 168 25442 0 25420 2 0 2 2 0
8 0
vmmpepl 168 261109 0 259740 139 65 74 75 0 357
10
vmsppl 360 2395 0 2382 2 0 2 2 0
8 0
pdppl 4096 4799 0 4764 6 1 5 6 0
8 0
pvpl 32 689218 0 678501 218 92 126 132 0 265
34
pmappl 224 2395 0 2382 1 0 1 1 0
8 0
extentpl 40 39 0 25 1 0 1 1 0
8 0
phpool 112 680 0 22 19 0 19 19 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: 6e31582a5a78 _dl_cerror is trivial on powerpc; just inline..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16bd7273400000
kernel config: https://syzkaller.appspot.com/x/.config?x=3303344588104330
dashboard link: https://syzkaller.appspot.com/bug?extid=03f7377a9848d7d008c9
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+03f737...@syzkaller.appspotmail.com
login: uvm_fault(0xfffffd807f00d9d8, 0x9f, 0, 2) -> e
kernel: page fault trap, code=0
Stopped at wsmux_detach_sc+0xca: movq %rcx,0(%rax)
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> show panic
kernel page fault
uvm_fault(0xfffffd807f00d9d8, 0x9f, 0, 2) -> e
wsmux_detach_sc(3f2a36016d71fe5) at wsmux_detach_sc+0xca
sys/dev/wscons/wsmux.c:696
end trace frame: 0xffff800020ca2fb0, count: 0
ddb{1}> trace
wsmux_detach_sc(3f2a36016d71fe5) at wsmux_detach_sc+0xca
sys/dev/wscons/wsmux.c:696
wsmouseopen(6e873d895302cf10,ffff800020bbae28,ffff800020ca3020,1760) at
wsmouseopen+0xe5 sys/dev/wscons/wsmouse.c:325
spec_open(b59153f4a0f4384c) at spec_open+0x215 sys/kern/spec_vnops.c:158
VOP_OPEN(65ea782ac68aaa9e,ffff800020ca31d0,1,fffffd80701e53d0) at
VOP_OPEN+0x72 sys/kern/vfs_vops.c:153vn_open(704d6d45eaaabc49,1,1) at
vn_open+0x4c2
doopenat(f525f95fd7dd27c3,0,ffff800020bbae28,49ff0310218,0,50) at
doopenat+0x2b9 sys/kern/vfs_syscalls.c:1045
syscall(a6c67ce5500b32ed) at syscall+0x5a0 mi_syscall
sys/sys/syscall_mi.h:99 [inline]
syscall(a6c67ce5500b32ed) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:574
Xsyscall(6,0,ffffffffffffffa8,0,3,49dce636010) at Xsyscall+0x128
end of kernel
end trace frame: 0x49ff03102a0, count: -8
ddb{1}> show registers
rdi 0xffffffff8196b497 spllower+0x77
rsi 0x49a
rbp 0xffff800020ca2f70
rbx 0
rdx 0x49b
rcx 0xffffffffffffffff
rax 0x9f
r8 0xffffffff816da4a4 setrunnable+0x94
r9 0x5
r10 0x5939831ad1e193d9
r11 0x92fd97a6b86a473a
r12 0xffff800000026db8
r13 0x1760 __ALIGN_SIZE+0x760
r14 0xffff80000064dc00
r15 0x1
rip 0xffffffff816175fa wsmux_detach_sc+0xca
cs 0x8
rflags 0x10286 __ALIGN_SIZE+0xf286
rsp 0xffff800020ca2f50
ss 0x10
wsmux_detach_sc+0xca: movq %rcx,0(%rax)
ddb{1}> show proc
PROC (syz-executor0) pid=54542 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=0, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020bbb788,0xffff800020bba988
process=0xffff800020b949e8 user=0xffff800020c9e000,
vmspace=0xfffffd807f00d9d8
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
11912 87841 39629 0 7 0 syz-executor0
*11912 54542 39629 0 7 0x4000000 syz-executor0
11912 466219 39629 0 2 0x4000000 syz-executor0
88892 492482 1 0 3 0x100083 ttyin getty
67701 289219 0 0 3 0x14200 bored sosplice
64309 319622 18461 0 3 0x82 nanosleep syz-executor1
39629 476468 18461 0 3 0x82 nanosleep syz-executor0
18461 239031 26372 0 3 0x82 thrsleep syz-fuzzer
18461 111322 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 495282 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 511133 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 168426 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 521906 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 233989 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 477529 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 266092 26372 0 3 0x4000082 thrsleep syz-fuzzer
18461 160738 26372 0 3 0x4000082 kqread syz-fuzzer
26372 303931 64221 0 3 0x10008a pause ksh
64221 416112 55158 0 3 0x92 select sshd
55158 368058 1 0 3 0x80 select sshd
43769 71476 94456 73 2 0x100090 syslogd
94456 229086 1 0 3 0x100082 netio syslogd
11447 342876 1 77 3 0x100090 poll dhclient
27864 182249 1 0 3 0x80 poll dhclient
76302 35595 0 0 3 0x14200 pgzero zerothread
41768 42713 0 0 3 0x14200 aiodoned aiodoned
82146 440932 0 0 3 0x14200 syncer update
1446 103967 0 0 3 0x14200 cleaner cleaner
20092 76442 0 0 3 0x14200 reaper reaper
95173 227554 0 0 3 0x14200 pgdaemon pagedaemon
82630 332778 0 0 3 0x14200 bored crynlk
9656 239682 0 0 3 0x14200 bored crypto
77813 193064 0 0 3 0x40014200 acpi0 acpi0
93193 449702 0 0 3 0x40014200 idle1
47110 463150 0 0 3 0x14200 bored softnet
78680 27569 0 0 3 0x14200 bored systqmp
55030 221962 0 0 3 0x14200 bored systq
82454 403128 0 0 3 0x40014200 bored softclock
26311 510566 0 0 3 0x40014200 idle0
1 396845 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 11912 (syz-executor0) thread 0xffff800020bbae28 (54542)
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff822d6828) locked @
/syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/trap.c:161
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9524 6373K 6375K 78643K 11250 0 0
pcb 23 9K 10K 78643K 1112 0 0
rtable 100 3K 4K 78643K 372 0 0
ifaddr 54 13K 13K 78643K 175 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 2K 78643K 34 0 0
iov 0 0K 32K 78643K 240 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1196 75K 76K 78643K 2616 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 29 0 0
VM map 2 1K 1K 78643K 2 0 0
sem 12 0K 0K 78643K 262 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1792 194K 288K 78643K 12592 0 0
file desc 5 13K 25K 78643K 2223 0 0
sigio 0 0K 0K 78643K 48 0 0
proc 42 38K 58K 78643K 634 0 0
subproc 64 65538K 67586K 78643K 85 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 301 0 0
in_multi 33 2K 2K 78643K 153 0 0
ether_multi 1 0K 0K 78643K 18 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 90 397K 397K 78643K 90 0 0
exec 0 0K 1K 78643K 351 0 0
pfkey data 0 0K 4K 78643K 3 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 100 21K 30K 78643K 7913 0 0
UVM aobj 101 3K 3K 78643K 118 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 54 0 0
NDP 11 0K 0K 78643K 47 0 0
temp 163 2367K 2435K 78643K 8593 0 0
kqueue 0 0K 0K 78643K 27 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 4 0 0 1 0 1 1 0
8 0
inpcbpl 280 959 0 952 1 0 1 1 0
8 0
plimitpl 152 47 0 40 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtentry 112 41 0 1 2 0 2 2 0
8 0
syncache 264 4 0 4 1 1 0 1 0
8 0
tcpcb 544 359 0 355 1 0 1 1 0
8 0
nd6 48 4 0 0 1 0 1 1 0
8 0
ppxss 1128 27 0 27 8 7 1 1 0
8 1
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 185 0 0 12 0 12 12 0
8 0
art_table 32 186 0 0 2 0 2 2 0
8 0
art_node 16 40 0 6 1 0 1 1 0
8 0
sysvmsgpl 40 26 0 10 1 0 1 1 0
8 0
semupl 112 1 0 1 1 1 0 1 0
8 0
semapl 112 260 0 250 1 0 1 1 0
8 0
shmpl 112 116 0 17 3 0 3 3 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 5739 0 4320 46 0 46 46 0
8 0
ffsino 272 5739 0 4320 95 0 95 95 0
8 0
nchpl 144 9143 0 7567 60 1 59 60 0
8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0
8 0
vnodes 200 5926 0 0 312 0 312 312 0
8 0
namei 1024 27745 0 27745 1 0 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
scsiplug 64 8 0 8 5 5 0 1 0
8 0
scxspl 192 25229 0 25229 14 11 3 6 0
8 3
sigapl 432 2395 0 2382 2 0 2 2 0
8 0
futexpl 56 26822 0 26822 1 0 1 1 0
8 1
knotepl 112 658 0 631 6 5 1 2 0
8 0
kqueuepl 104 720 0 718 1 0 1 1 0
8 0
pipepl 112 1570 0 1551 5 4 1 2 0
8 0
fdescpl 488 2396 0 2382 3 1 2 3 0
8 0
filepl 152 14974 0 14877 5 0 5 5 0
8 1
lockfpl 104 738 0 738 3 2 1 1 0
8 1
lockfspl 32 1039 0 1039 3 2 1 1 0
8 1
sessionpl 112 22 0 12 1 0 1 1 0
8 0
pgrppl 48 46 0 36 1 0 1 1 0
8 0
ucredpl 96 4592 0 4585 1 0 1 1 0
8 0
zombiepl 144 2382 0 2381 2 1 1 1 0
8 0
processpl 840 2411 0 2381 4 0 4 4 0
8 0
procpl 600 7216 0 7175 4 0 4 4 0
8 0
sosppl 128 45 0 45 10 9 1 1 0
8 1
sockpl 384 2013 0 1996 4 1 3 3 0
8 1
mcl64k 65536 525 0 0 65 17 48 65 0
8 0
mcl16k 16384 2 0 0 1 0 1 1 0
8 0
mcl12k 12288 17 0 0 2 0 2 2 0
8 0
mcl9k 9216 8 0 0 1 0 1 1 0
8 0
mcl8k 8192 11 0 0 2 0 2 2 0
8 0
mcl4k 4096 17 0 0 3 0 3 3 0
8 0
mcl2k2 2112 3 0 0 1 0 1 1 0
8 0
mcl2k 2048 127 0 0 15 2 13 15 0
8 0
mtagpl 80 1 0 0 1 0 1 1 0
8 0
mbufpl 256 644 0 0 37 0 37 37 0
8 0
bufpl 256 8510 0 1541 436 0 436 436 0
8 0
anonpl 16 249336 0 241619 107 59 48 48 0 125
12
amapchunkpl 152 14129 0 14041 28 17 11 11 0
158 6
amappl16 192 13146 0 12737 116 87 29 33 0
8 8
amappl15 184 1 0 0 1 0 1 1 0
8 0
amappl14 176 1106 0 1103 2 1 1 1 0
8 0
amappl13 168 24 0 20 1 0 1 1 0
8 0
amappl12 160 19 0 17 1 0 1 1 0
8 0
amappl11 152 186 0 176 1 0 1 1 0
8 0
amappl10 144 2275 0 2271 2 1 1 1 0
8 0
amappl9 136 349 0 347 1 0 1 1 0
8 0
amappl8 128 164 0 134 1 0 1 1 0
8 0
amappl7 120 32 0 27 1 0 1 1 0
8 0
amappl6 112 1139 0 1134 1 0 1 1 0
8 0
amappl5 104 142 0 130 1 0 1 1 0
8 0
amappl4 96 321 0 298 2 1 1 2 0
8 0
amappl3 88 223 0 218 1 0 1 1 0
8 0
amappl2 80 22729 0 22672 2 0 2 2 0
8 0
amappl1 72 59738 0 59320 22 12 10 18 0
8 0
amappl 72 7463 0 7429 1 0 1 1 0
75 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 117 0 17 2 0 2 2 0
8 0
uaddrrnd 24 2396 0 2382 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 2396 0 2382 1 0 1 1 0
8 0
vmmpekpl 168 25442 0 25420 2 0 2 2 0
8 0
vmmpepl 168 261109 0 259740 139 65 74 75 0 357
10
vmsppl 360 2395 0 2382 2 0 2 2 0
8 0
pdppl 4096 4799 0 4764 6 1 5 6 0
8 0
pvpl 32 689218 0 678501 218 92 126 132 0 265
34
pmappl 224 2395 0 2382 1 0 1 1 0
8 0
extentpl 40 39 0 25 1 0 1 1 0
8 0
phpool 112 680 0 22 19 0 19 19 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
Greg Steuck
Feb 5, 2019, 2:50:26 AM2/5/19
to syzbot, syzkaller-o...@googlegroups.com
We seem to be mangling the stack trace a bit (missing EOL before vnopen):
VOP_OPEN(65ea782ac68aaa9e,ffff800020ca31d0,1,fffffd80701e53d0) at Â
VOP_OPEN+0x72 sys/kern/vfs_vops.c:153vn_open(704d6d45eaaabc49,1,1) at Â
vn_open+0x4c2
--
You received this message because you are subscribed to the Google Groups "syzkaller-openbsd-bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-openbsd...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-openbsd-bugs/0000000000003d4df90581205e6c%40google.com.
For more options, visit https://groups.google.com/d/optout.
nest.cx is Gmail hosted, use PGP for anything private. Key: http://goo.gl/6dMsr
Fingerprint: 5E2B 2D0E 1E03 2046 BEC3Â 4D50 0B15 42BD 8DF5 A1B0
Fingerprint: 5E2B 2D0E 1E03 2046 BEC3Â 4D50 0B15 42BD 8DF5 A1B0
Anton Lindqvist
Feb 9, 2019, 9:03:01 AM2/9/19
to Greg Steuck, syzbot, syzkaller-o...@googlegroups.com
On Mon, Feb 04, 2019 at 11:50:13PM -0800, Greg Steuck wrote:
> We seem to be mangling the stack trace a bit (missing EOL before vnopen):
>
> VOP_OPEN(65ea782ac68aaa9e,ffff800020ca31d0,1,fffffd80701e53d0) at
> VOP_OPEN+0x72 sys/kern/vfs_vops.c:153vn_open(704d6d45eaaabc49,1,1) at
> vn_open+0x4c2
This line happens to be exactly 79 characters long, there's a PR up with
> We seem to be mangling the stack trace a bit (missing EOL before vnopen):
>
> VOP_OPEN(65ea782ac68aaa9e,ffff800020ca31d0,1,fffffd80701e53d0) at
> VOP_OPEN+0x72 sys/kern/vfs_vops.c:153vn_open(704d6d45eaaabc49,1,1) at
> vn_open+0x4c2
a fix.
https://github.com/google/syzkaller/pull/986
syzbot
Feb 9, 2019, 8:15:03 PM2/9/19
to an...@basename.se, gr...@nest.cx, syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 4071f8002cf2 Summarize the 4 same name functions and move ..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13e21820c00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fa145722143cbd64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12384258c00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+03f737...@syzkaller.appspotmail.com
uvm_fault(0xfffffd807f00c000, 0x9f, 0, 2) -> e
wsmux_detach_sc(ffff80000064dc00) at wsmux_detach_sc+0xcc
sys/dev/wscons/wsmux.c:696
end trace frame: 0xffff800020c28af0, count: 0
ddb{1}> trace
wsmux_detach_sc(ffff80000064dc00) at wsmux_detach_sc+0xcc
sys/dev/wscons/wsmux.c:696
wsmouseopen(4400,1,2000,ffff800020b25520) at wsmouseopen+0xe9
sys/dev/wscons/wsmouse.c:325
spec_open(ffff800020c28b70) at spec_open+0x217 sys/kern/spec_vnops.c:158
VOP_OPEN(fffffd807e9c60f0,1,fffffd807f7c7b40,ffff800020b25520) at
VOP_OPEN+0x76 sys/kern/vfs_vops.c:153vn_open(ffff800020c28d60,1,0) at
vn_open+0x4c6
doopenat(ffff800020b25520,ffffff9c,2054a000,0,0,ffff800020c28fa0) at
doopenat+0x2be sys/kern/vfs_syscalls.c:1045
syscall(ffff800020c29050) at syscall+0x5ac mi_syscall
sys/sys/syscall_mi.h:99 [inline]
syscall(ffff800020c29050) at syscall+0x5ac sys/arch/amd64/amd64/trap.c:574
Xsyscall(6,0,ffffffffffffffa8,0,3,5c5e08bc010) at Xsyscall+0x128
end of kernel
end trace frame: 0x5c82b59d810, count: -8
rbp 0xffff800020c28a90
rbx 0
rdx 0xffffffff81f3c640 apollo_udma100_tim+0x15089
rcx 0xffffffffffffffff
rax 0x9f
r8 0xffffffff814bb755 setrunnable+0x95
r9 0x5
r10 0x359b50364917b739
r11 0x24e1e0d843a8a70e
ss 0x10
wsmux_detach_sc+0xcc: movq %rcx,0(%rax)
ddb{1}> show proc
PROC (syz-executor.0) pid=168696 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=0, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800020b24968,0xffff800020b95538
process=0xffff800020b45078 user=0xffff800020c24000,
vmspace=0xfffffd807f00c000
8994 70339 74938 0 7 0x4000000 syz-executor.1
10795 136583 33842 0 2 0 syz-executor.0
*10795 168696 33842 0 7 0x4000000 syz-executor.0
74938 30518 18586 0 3 0x82 nanosleep syz-executor.1
33842 233526 18586 0 3 0x82 nanosleep syz-executor.0
18586 496989 70349 0 3 0x82 thrsleep syz-execprog
18586 273384 70349 0 3 0x4000082 thrsleep syz-execprog
18586 119552 70349 0 3 0x4000082 thrsleep syz-execprog
18586 369754 70349 0 3 0x4000082 thrsleep syz-execprog
18586 21513 70349 0 3 0x4000082 thrsleep syz-execprog
18586 243874 70349 0 3 0x4000082 thrsleep syz-execprog
18586 337788 70349 0 3 0x4000082 thrsleep syz-execprog
18586 425676 70349 0 3 0x4000082 thrsleep syz-execprog
18586 42841 70349 0 3 0x4000082 kqread syz-execprog
70349 215373 17086 0 3 0x10008a pause ksh
17086 52555 66146 0 3 0x92 select sshd
63961 101482 1 0 3 0x100083 ttyin getty
66146 45368 1 0 3 0x80 select sshd
39796 413605 45097 73 2 0x100090 syslogd
45097 405167 1 0 3 0x100082 netio syslogd
93820 370317 1 77 3 0x100090 poll dhclient
72456 513982 1 0 3 0x80 poll dhclient
49373 81290 0 0 2 0x14200 zerothread
77866 391185 0 0 3 0x14200 aiodoned aiodoned
69290 414029 0 0 3 0x14200 syncer update
73938 447751 0 0 3 0x14200 cleaner cleaner
74325 494959 0 0 3 0x14200 reaper reaper
57238 46696 0 0 3 0x14200 pgdaemon pagedaemon
89535 145380 0 0 3 0x14200 bored crynlk
12591 32495 0 0 3 0x14200 bored crypto
24199 26458 0 0 3 0x40014200 acpi0 acpi0
33329 249904 0 0 3 0x40014200 idle1
11504 771 0 0 3 0x14200 bored softnet
18196 294546 0 0 3 0x14200 bored systqmp
65701 353753 0 0 3 0x14200 bored systq
95619 299703 0 0 3 0x40014200 bored softclock
73311 126832 0 0 3 0x40014200 idle0
1 75164 0 0 3 0x82 wait init
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82348720) locked @
/syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/trap.c:161
#0 witness_lock+0x58a sys/kern/subr_witness.c:1205
#1 ___mp_acquire_count+0x67 sys/kern/kern_lock.c:231
#2 mi_switch+0x3b0 sys/kern/sched_bsd.c:436
#3 sleep_finish+0x110 sys/kern/kern_synch.c:312
#4 sleep_finish_all+0x34 sleep_finish_timeout sys/kern/kern_synch.c:336
[inline]
#4 sleep_finish_all+0x34 sys/kern/kern_synch.c:157
#5 tsleep+0x1bc
#6 pckbc_enqueue_cmd+0x29d sys/dev/ic/pckbc.c:923
#7 pms_change_state+0x1d3 sys/dev/pckbc/pms.c:839
#8 pms_disable+0x39 sys/dev/pckbc/pms.c:874
#9 wsmouse_mux_close+0x3f sys/dev/wscons/wsmouse.c:571
#10 wsmux_detach_sc+0x9b sys/dev/wscons/wsmux.c:693
#11 wsmouseopen+0xe9 sys/dev/wscons/wsmouse.c:325
#12 spec_open+0x217 sys/kern/spec_vnops.c:158
#13 VOP_OPEN+0x76 sys/kern/vfs_vops.c:153
#14 vn_open+0x4c6 sys/kern/vfs_vnops.c:174
#15 doopenat+0x2be sys/kern/vfs_syscalls.c:1045
#16 syscall+0x5ac mi_syscall sys/sys/syscall_mi.h:99 [inline]
#16 syscall+0x5ac sys/arch/amd64/amd64/trap.c:574
#17 Xsyscall+0x128
pcb 23 9K 9K 78643K 55 0 0
rtable 97 3K 3K 78643K 167 0 0
ifaddr 34 9K 9K 78643K 34 0 0
proc 40 38K 58K 78643K 247 0 0
ether_multi 1 0K 0K 78643K 1 0 0
exec 0 0K 1K 78643K 165 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
temp 46 2350K 2414K 78643K 2744 0 0
8 0
plimitpl 152 15 0 8 1 0 1 1 0
8 1
tcpcb 544 8 0 5 1 0 1 1 0
8 0
ffsino 272 1463 0 53 95 0 95 95 0
8 1
nchpl 144 1699 0 74 61 0 61 61 0
8 0
uvmvnodes 72 1472 0 0 27 0 27 27 0
8 0
vnodes 200 1472 0 0 78 0 78 78 0
8 0
namei 1024 4003 0 4003 3 2 1 1 0
8 1
8 1
sigapl 432 199 0 185 2 0 2 2 0
8 0
futexpl 56 47 0 47 1 0 1 1 0
8 1
knotepl 112 63 0 38 1 0 1 1 0
8 0
kqueuepl 104 2 0 0 1 0 1 1 0
8 0
pipepl 112 138 0 119 3 2 1 1 0
8 0
fdescpl 488 200 0 185 3 0 3 3 0
8 1
filepl 152 973 0 909 3 0 3 3 0
8 0
lockfpl 104 6 0 6 1 1 0 1 0
8 0
lockfspl 32 3 0 3 1 1 0 1 0
8 0
sessionpl 112 19 0 9 1 0 1 1 0
8 0
pgrppl 48 19 0 9 1 0 1 1 0
8 0
ucredpl 96 47 0 40 1 0 1 1 0
8 0
zombiepl 144 185 0 185 3 2 1 1 0
8 1
processpl 840 214 0 185 4 0 4 4 0
8 0
procpl 600 232 0 193 4 0 4 4 0
8 1
sockpl 384 68 0 52 2 0 2 2 0
8 0
mcl4k 4096 2 0 0 1 0 1 1 0
8 0
mcl2k 2048 69 0 0 9 0 9 9 0
8 0
bufpl 256 4939 0 1013 246 0 246 246 0
8 0
anonpl 16 19795 0 18286 13 1 12 12 0
125 5
amapchunkpl 152 748 0 679 5 0 5 5 0
158 1
amappl16 192 169 0 126 3 0 3 3 0
8 0
8 1
amappl13 168 31 0 26 1 0 1 1 0
8 0
amappl12 160 22 0 18 2 1 1 1 0
8 0
amappl11 152 183 0 173 1 0 1 1 0
8 0
amappl10 144 55 0 54 3 2 1 1 0
8 0
amappl9 136 202 0 199 1 0 1 1 0
8 0
amappl8 128 134 0 122 1 0 1 1 0
8 0
amappl7 120 40 0 35 1 0 1 1 0
8 0
amappl6 112 52 0 46 1 0 1 1 0
8 0
amappl5 104 145 0 134 1 0 1 1 0
8 0
amappl4 96 295 0 270 2 0 2 2 0
8 1
amappl3 88 135 0 128 1 0 1 1 0
8 0
amappl2 80 719 0 661 2 0 2 2 0
8 0
amappl1 72 12767 0 12331 24 6 18 19 0
8 8
amappl 72 442 0 410 1 0 1 1 0
8 0
uaddrrnd 24 200 0 185 1 0 1 1 0
8 0
8 0
vmmpekpl 168 5866 0 5843 2 0 2 2 0
8 0
vmmpepl 168 26969 0 25994 91 20 71 71 0 357
28
vmsppl 360 199 0 185 2 0 2 2 0
8 0
pdppl 4096 407 0 370 6 0 6 6 0
8 1
pvpl 32 96537 0 92635 102 9 93 93 0 265
61
pmappl 224 199 0 185 1 0 1 1 0
8 0
8 0
ddb{1}>
HEAD commit: 4071f8002cf2 Summarize the 4 same name functions and move ..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13e21820c00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fa145722143cbd64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12384258c00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+03f737...@syzkaller.appspotmail.com
kernel: page fault trap, code=0
Stopped at wsmux_detach_sc+0xcc: movq %rcx,0(%rax)
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> show panic
kernel page fault
uvm_fault(0xfffffd807f00c000, 0x9f, 0, 2) -> e
ddb{1}> set $lines = 0
ddb{1}> show panic
kernel page fault
wsmux_detach_sc(ffff80000064dc00) at wsmux_detach_sc+0xcc
sys/dev/wscons/wsmux.c:696
end trace frame: 0xffff800020c28af0, count: 0
ddb{1}> trace
wsmux_detach_sc(ffff80000064dc00) at wsmux_detach_sc+0xcc
sys/dev/wscons/wsmux.c:696
wsmouseopen(4400,1,2000,ffff800020b25520) at wsmouseopen+0xe9
sys/dev/wscons/wsmouse.c:325
spec_open(ffff800020c28b70) at spec_open+0x217 sys/kern/spec_vnops.c:158
VOP_OPEN(fffffd807e9c60f0,1,fffffd807f7c7b40,ffff800020b25520) at
VOP_OPEN+0x76 sys/kern/vfs_vops.c:153vn_open(ffff800020c28d60,1,0) at
vn_open+0x4c6
doopenat(ffff800020b25520,ffffff9c,2054a000,0,0,ffff800020c28fa0) at
doopenat+0x2be sys/kern/vfs_syscalls.c:1045
syscall(ffff800020c29050) at syscall+0x5ac mi_syscall
sys/sys/syscall_mi.h:99 [inline]
syscall(ffff800020c29050) at syscall+0x5ac sys/arch/amd64/amd64/trap.c:574
Xsyscall(6,0,ffffffffffffffa8,0,3,5c5e08bc010) at Xsyscall+0x128
end of kernel
end trace frame: 0x5c82b59d810, count: -8
ddb{1}> show registers
rdi 0
rsi 0
rdi 0
rbp 0xffff800020c28a90
rbx 0
rdx 0xffffffff81f3c640 apollo_udma100_tim+0x15089
rcx 0xffffffffffffffff
rax 0x9f
r8 0xffffffff814bb755 setrunnable+0x95
r9 0x5
r10 0x359b50364917b739
r11 0x24e1e0d843a8a70e
r12 0xffff800000026db8
r13 0x1760 __ALIGN_SIZE+0x760
r14 0xffff80000064dc00
r15 0x1
rip 0xffffffff810ec4fc wsmux_detach_sc+0xcc
r13 0x1760 __ALIGN_SIZE+0x760
r14 0xffff80000064dc00
r15 0x1
cs 0x8
rflags 0x10286 __ALIGN_SIZE+0xf286
rsp 0xffff800020c28a60
rflags 0x10286 __ALIGN_SIZE+0xf286
ss 0x10
wsmux_detach_sc+0xcc: movq %rcx,0(%rax)
ddb{1}> show proc
PROC (syz-executor.0) pid=168696 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=0, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800020b24968,0xffff800020b95538
process=0xffff800020b45078 user=0xffff800020c24000,
vmspace=0xfffffd807f00c000
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
8994 372437 74938 0 2 0 syz-executor.1
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
8994 70339 74938 0 7 0x4000000 syz-executor.1
10795 136583 33842 0 2 0 syz-executor.0
*10795 168696 33842 0 7 0x4000000 syz-executor.0
74938 30518 18586 0 3 0x82 nanosleep syz-executor.1
33842 233526 18586 0 3 0x82 nanosleep syz-executor.0
18586 496989 70349 0 3 0x82 thrsleep syz-execprog
18586 273384 70349 0 3 0x4000082 thrsleep syz-execprog
18586 119552 70349 0 3 0x4000082 thrsleep syz-execprog
18586 369754 70349 0 3 0x4000082 thrsleep syz-execprog
18586 21513 70349 0 3 0x4000082 thrsleep syz-execprog
18586 243874 70349 0 3 0x4000082 thrsleep syz-execprog
18586 337788 70349 0 3 0x4000082 thrsleep syz-execprog
18586 425676 70349 0 3 0x4000082 thrsleep syz-execprog
18586 42841 70349 0 3 0x4000082 kqread syz-execprog
70349 215373 17086 0 3 0x10008a pause ksh
17086 52555 66146 0 3 0x92 select sshd
63961 101482 1 0 3 0x100083 ttyin getty
66146 45368 1 0 3 0x80 select sshd
39796 413605 45097 73 2 0x100090 syslogd
45097 405167 1 0 3 0x100082 netio syslogd
93820 370317 1 77 3 0x100090 poll dhclient
72456 513982 1 0 3 0x80 poll dhclient
49373 81290 0 0 2 0x14200 zerothread
77866 391185 0 0 3 0x14200 aiodoned aiodoned
69290 414029 0 0 3 0x14200 syncer update
73938 447751 0 0 3 0x14200 cleaner cleaner
74325 494959 0 0 3 0x14200 reaper reaper
57238 46696 0 0 3 0x14200 pgdaemon pagedaemon
89535 145380 0 0 3 0x14200 bored crynlk
12591 32495 0 0 3 0x14200 bored crypto
24199 26458 0 0 3 0x40014200 acpi0 acpi0
33329 249904 0 0 3 0x40014200 idle1
11504 771 0 0 3 0x14200 bored softnet
18196 294546 0 0 3 0x14200 bored systqmp
65701 353753 0 0 3 0x14200 bored systq
95619 299703 0 0 3 0x40014200 bored softclock
73311 126832 0 0 3 0x40014200 idle0
1 75164 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 10795 (syz-executor.0) thread 0xffff800020b25520 (168696)
ddb{1}> show all locks
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82348720) locked @
/syzkaller/managers/multicore/kernel/sys/arch/amd64/amd64/trap.c:161
#0 witness_lock+0x58a sys/kern/subr_witness.c:1205
#1 ___mp_acquire_count+0x67 sys/kern/kern_lock.c:231
#2 mi_switch+0x3b0 sys/kern/sched_bsd.c:436
#3 sleep_finish+0x110 sys/kern/kern_synch.c:312
#4 sleep_finish_all+0x34 sleep_finish_timeout sys/kern/kern_synch.c:336
[inline]
#4 sleep_finish_all+0x34 sys/kern/kern_synch.c:157
#5 tsleep+0x1bc
#6 pckbc_enqueue_cmd+0x29d sys/dev/ic/pckbc.c:923
#7 pms_change_state+0x1d3 sys/dev/pckbc/pms.c:839
#8 pms_disable+0x39 sys/dev/pckbc/pms.c:874
#9 wsmouse_mux_close+0x3f sys/dev/wscons/wsmouse.c:571
#10 wsmux_detach_sc+0x9b sys/dev/wscons/wsmux.c:693
#11 wsmouseopen+0xe9 sys/dev/wscons/wsmouse.c:325
#12 spec_open+0x217 sys/kern/spec_vnops.c:158
#13 VOP_OPEN+0x76 sys/kern/vfs_vops.c:153
#14 vn_open+0x4c6 sys/kern/vfs_vnops.c:174
#15 doopenat+0x2be sys/kern/vfs_syscalls.c:1045
#16 syscall+0x5ac mi_syscall sys/sys/syscall_mi.h:99 [inline]
#16 syscall+0x5ac sys/arch/amd64/amd64/trap.c:574
#17 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9454 6336K 6336K 78643K 10555 0 0
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
pcb 23 9K 9K 78643K 55 0 0
rtable 97 3K 3K 78643K 167 0 0
ifaddr 34 9K 9K 78643K 34 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 2K 78643K 15 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1167 73K 73K 78643K 1187 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 1K 78643K 2 0 0
UFS mount 5 36K 36K 78643K 5 0 0
VM map 2 1K 1K 78643K 2 0 0
sem 2 0K 0K 78643K 2 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1792 194K 288K 78643K 12592 0 0
file desc 5 16K 24K 78643K 27 0 0
ACPI 1792 194K 288K 78643K 12592 0 0
proc 40 38K 58K 78643K 247 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
in_multi 33 2K 2K 78643K 33 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ether_multi 1 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 18 79K 79K 78643K 18 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
exec 0 0K 1K 78643K 165 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 69 19K 20K 78643K 802 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
NDP 9 0K 0K 78643K 9 0 0
crypto data 1 1K 1K 78643K 1 0 0
temp 46 2350K 2414K 78643K 2744 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 4 0 0 1 0 1 1 0
8 0
inpcbpl 280 26 0 20 1 0 1 1 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 4 0 0 1 0 1 1 0
8 0
8 0
plimitpl 152 15 0 8 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtentry 112 41 0 1 2 0 2 2 0
8 0
syncache 264 5 0 5 2 1 1 1 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtentry 112 41 0 1 2 0 2 2 0
8 0
8 1
tcpcb 544 8 0 5 1 0 1 1 0
8 0
nd6 48 4 0 0 1 0 1 1 0
8 0
nd6 48 4 0 0 1 0 1 1 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 185 0 0 12 0 12 12 0
8 0
art_table 32 186 0 0 2 0 2 2 0
8 0
art_node 16 40 0 6 1 0 1 1 0
8 0
8 0
art_heap4 256 185 0 0 12 0 12 12 0
8 0
art_table 32 186 0 0 2 0 2 2 0
8 0
art_node 16 40 0 6 1 0 1 1 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 1463 0 53 46 0 46 46 0
8 0
8 0
ffsino 272 1463 0 53 95 0 95 95 0
8 1
nchpl 144 1699 0 74 61 0 61 61 0
8 0
uvmvnodes 72 1472 0 0 27 0 27 27 0
8 0
vnodes 200 1472 0 0 78 0 78 78 0
8 0
namei 1024 4003 0 4003 3 2 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
scxspl 192 3702 0 3702 8 7 1 6 0
8 0
8 1
sigapl 432 199 0 185 2 0 2 2 0
8 0
futexpl 56 47 0 47 1 0 1 1 0
8 1
knotepl 112 63 0 38 1 0 1 1 0
8 0
kqueuepl 104 2 0 0 1 0 1 1 0
8 0
pipepl 112 138 0 119 3 2 1 1 0
8 0
fdescpl 488 200 0 185 3 0 3 3 0
8 1
filepl 152 973 0 909 3 0 3 3 0
8 0
lockfpl 104 6 0 6 1 1 0 1 0
8 0
lockfspl 32 3 0 3 1 1 0 1 0
8 0
sessionpl 112 19 0 9 1 0 1 1 0
8 0
pgrppl 48 19 0 9 1 0 1 1 0
8 0
ucredpl 96 47 0 40 1 0 1 1 0
8 0
zombiepl 144 185 0 185 3 2 1 1 0
8 1
processpl 840 214 0 185 4 0 4 4 0
8 0
procpl 600 232 0 193 4 0 4 4 0
8 1
sockpl 384 68 0 52 2 0 2 2 0
8 0
mcl4k 4096 2 0 0 1 0 1 1 0
8 0
mcl2k 2048 69 0 0 9 0 9 9 0
8 0
mtagpl 80 1 0 0 1 0 1 1 0
8 0
mbufpl 256 110 0 0 6 0 6 6 0
mtagpl 80 1 0 0 1 0 1 1 0
8 0
8 0
bufpl 256 4939 0 1013 246 0 246 246 0
8 0
anonpl 16 19795 0 18286 13 1 12 12 0
125 5
amapchunkpl 152 748 0 679 5 0 5 5 0
158 1
amappl16 192 169 0 126 3 0 3 3 0
8 0
amappl15 184 1 0 0 1 0 1 1 0
8 0
amappl14 176 3 0 3 2 1 1 1 0
8 0
8 1
amappl13 168 31 0 26 1 0 1 1 0
8 0
amappl12 160 22 0 18 2 1 1 1 0
8 0
amappl11 152 183 0 173 1 0 1 1 0
8 0
amappl10 144 55 0 54 3 2 1 1 0
8 0
amappl9 136 202 0 199 1 0 1 1 0
8 0
amappl8 128 134 0 122 1 0 1 1 0
8 0
amappl7 120 40 0 35 1 0 1 1 0
8 0
amappl6 112 52 0 46 1 0 1 1 0
8 0
amappl5 104 145 0 134 1 0 1 1 0
8 0
amappl4 96 295 0 270 2 0 2 2 0
8 1
amappl3 88 135 0 128 1 0 1 1 0
8 0
amappl2 80 719 0 661 2 0 2 2 0
8 0
amappl1 72 12767 0 12331 24 6 18 19 0
8 8
amappl 72 442 0 410 1 0 1 1 0
75 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 1 0 0 1 0 1 1 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
8 0
uaddrrnd 24 200 0 185 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 200 0 185 1 0 1 1 0
8 0
8 0
vmmpekpl 168 5866 0 5843 2 0 2 2 0
8 0
vmmpepl 168 26969 0 25994 91 20 71 71 0 357
28
vmsppl 360 199 0 185 2 0 2 2 0
8 0
pdppl 4096 407 0 370 6 0 6 6 0
8 1
pvpl 32 96537 0 92635 102 9 93 93 0 265
61
pmappl 224 199 0 185 1 0 1 1 0
8 0
extentpl 40 39 0 25 1 0 1 1 0
8 0
phpool 112 385 0 4 11 0 11 11 0
8 0
8 0
ddb{1}>
Reply all
Reply to author
Forward
0 new messages