panic: receive 1a: so ADDR, so_type 3, m ADDR, m_type 0
3 views
Skip to first unread message
syzbot
Oct 2, 2019, 6:15:07 AM10/2/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 65ab43f2 When dequeuing an aqb from the live queue and mov..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1360937b600000
kernel config: https://syzkaller.appspot.com/x/.config?x=26ca0a9c07f16a3a
dashboard link: https://syzkaller.appspot.com/bug?extid=240c19f6b4f39a2c345d
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+240c19...@syzkaller.appspotmail.com
panic: receive 1a: so 0xfffffd806f6cb480, so_type 3, m 0xfffffd806a0f1f00,
m_type 0
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
55693 51 77 0x100010 0x1 1 dhclient
*214410 7170 0 0 0 0K dhclient
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
soreceive(fffffd806f6cb480,0,ffff800020aa5748,0,0,ffff800020aa5654) at
soreceive+0x174a sys/kern/uipc_socket.c:952
soo_read(fffffd807d9f7390,ffff800020aa5748,0) at soo_read+0x53
sys/kern/sys_socket.c:70
dofilereadv(ffff800020a5eed8,6,ffff800020aa5748,0,ffff800020aa5830) at
dofilereadv+0x1a2 sys/kern/sys_generic.c:236
sys_read(ffff800020a5eed8,ffff800020aa57e0,ffff800020aa5830) at
sys_read+0x83 sys/kern/sys_generic.c:156
syscall(ffff800020aa58b0) at syscall+0x4a4 mi_syscall
sys/sys/syscall_mi.h:92 [inline]
syscall(ffff800020aa58b0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
Xsyscall(0,3,7f7ffffecce8,3,d5412b61,1adf3a990000) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffeca20, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
receive 1a: so 0xfffffd806f6cb480, so_type 3, m 0xfffffd806a0f1f00, m_type 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
soreceive(fffffd806f6cb480,0,ffff800020aa5748,0,0,ffff800020aa5654) at
soreceive+0x174a sys/kern/uipc_socket.c:952
soo_read(fffffd807d9f7390,ffff800020aa5748,0) at soo_read+0x53
sys/kern/sys_socket.c:70
dofilereadv(ffff800020a5eed8,6,ffff800020aa5748,0,ffff800020aa5830) at
dofilereadv+0x1a2 sys/kern/sys_generic.c:236
sys_read(ffff800020a5eed8,ffff800020aa57e0,ffff800020aa5830) at
sys_read+0x83 sys/kern/sys_generic.c:156
syscall(ffff800020aa58b0) at syscall+0x4a4 mi_syscall
sys/sys/syscall_mi.h:92 [inline]
syscall(ffff800020aa58b0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
Xsyscall(0,3,7f7ffffecce8,3,d5412b61,1adf3a990000) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffeca20, count: -8
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020aa5490
rbx 0xffff800020aa5540
rdx 0xffff800020a5eed8
rcx 0
rax 0
r8 0xffffffff81c6670f kprintf+0x16f
r9 0x1
r10 0x25
r11 0x3a70ed7773f68ad1
r12 0x3000000008
r13 0xffff800020aa54a0
r14 0x100
r15 0x1
rip 0xffffffff812d2ac8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020aa5480
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (dhclient) pid=214410 stat=onproc
flags process=0 proc=0
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800020a5e280,0xffff800020a5f160
process=0xffff800020a8a710 user=0xffff800020aa0000,
vmspace=0xfffffd807f00b170
estcpu=0, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
29683 273747 97743 0 2 0x482 syz-executor.1
4274 85667 97743 0 3 0x82 nanosleep syz-executor.0
1033 499551 0 0 3 0x14200 acct acct
46571 288938 0 0 3 0x14200 bored sosplice
97743 473279 20293 0 3 0x82 thrsleep syz-fuzzer
97743 299848 20293 0 3 0x4000082 thrsleep syz-fuzzer
97743 476230 20293 0 3 0x4000082 thrsleep syz-fuzzer
97743 276221 20293 0 3 0x4000082 thrsleep syz-fuzzer
97743 522061 20293 0 3 0x4000082 thrsleep syz-fuzzer
97743 469829 20293 0 3 0x4000082 thrsleep syz-fuzzer
97743 131305 20293 0 3 0x4000082 thrsleep syz-fuzzer
97743 479356 20293 0 3 0x4000082 thrsleep syz-fuzzer
97743 364497 20293 0 3 0x4000082 kqread syz-fuzzer
97743 500839 20293 0 3 0x4000082 thrsleep syz-fuzzer
20293 296677 11413 0 3 0x10008a pause ksh
11413 403880 41935 0 3 0x92 select sshd
35313 314553 1 0 3 0x100083 ttyopn getty
41935 115175 1 0 3 0x80 select sshd
49850 449169 23061 74 3 0x100092 bpf pflogd
23061 466990 1 0 3 0x80 netio pflogd
95950 97858 7237 73 3 0x100090 kqread syslogd
7237 9305 1 0 3 0x100082 netio syslogd
51 55693 1 77 7 0x100011 dhclient
* 7170 214410 1 0 7 0 dhclient
31161 61625 0 0 3 0x14200 pgzero zerothread
19430 200432 0 0 3 0x14200 aiodoned aiodoned
30614 157193 0 0 3 0x14200 syncer update
28536 326622 0 0 3 0x14200 cleaner cleaner
87584 383037 0 0 3 0x14200 reaper reaper
56072 479654 0 0 3 0x14200 pgdaemon pagedaemon
80782 83900 0 0 3 0x14200 bored crynlk
16314 239534 0 0 3 0x14200 bored crypto
18214 388368 0 0 3 0x40014200 acpi0 acpi0
11979 374638 0 0 3 0x40014200 idle1
81691 75844 0 0 2 0x14200 softnet
14228 255924 0 0 3 0x14200 bored systqmp
64120 77036 0 0 3 0x14200 bored systq
53113 337237 0 0 2 0x40014200 softclock
26355 274855 0 0 3 0x40014200 idle0
12782 456807 0 0 3 0x14200 bored smr
1 475803 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 7170 (dhclient) thread 0xffff800020a5eed8 (214410)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82651848)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 solock+0x66 sys/kern/uipc_socket2.c:292
#2 soreceive+0x114 sys/kern/uipc_socket.c:706
#3 soo_read+0x53 sys/kern/sys_socket.c:70
#4 dofilereadv+0x1a2 sys/kern/sys_generic.c:236
#5 sys_read+0x83 sys/kern/sys_generic.c:156
#6 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#6 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#7 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9592 6582K 7807K 78643K 14053 0 0
pcb 13 8K 8K 78643K 327 0 0
rtable 94 3K 4K 78643K 1037 0 0
ifaddr 83 17K 18K 78643K 395 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1799 0 0
iov 0 0K 32K 78643K 315 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1231 77K 77K 78643K 2493 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 22 0 0
VM map 2 1K 1K 78643K 7 0 0
sem 12 0K 0K 78643K 326 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12765 0 0
file desc 5 13K 25K 78643K 1904 0 0
sigio 0 0K 0K 78643K 20 0 0
proc 62 63K 95K 78643K 885 0 0
subproc 32 2K 2K 78643K 161 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 147 0 0
in_multi 34 2K 2K 78643K 187 0 0
ether_multi 1 0K 0K 78643K 15 0 0
mrt 0 0K 0K 78643K 4 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 78 344K 344K 78643K 78 0 0
exec 0 0K 1K 78643K 469 0 0
pfkey data 0 0K 0K 78643K 2 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 105 21K 31K 78643K 7389 0 0
UVM aobj 88 4K 4K 78643K 92 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 337 0 0
NDP 19 0K 0K 78643K 106 0 0
temp 223 3560K 3636K 78643K 33956 0 0
kqueue 0 0K 0K 78643K 20 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 28 0 25 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtpcb 80 125 0 123 1 0 1 1 0
8 0
rtentry 112 163 0 126 2 0 2 2 0
8 0
unpcb 120 667 0 656 1 0 1 1 0
8 0
syncache 264 5 0 5 2 2 0 1 0
8 0
tcpqe 32 5134 0 5134 1 1 0 1 0
8 0
tcpcb 544 2033 0 2027 8 7 1 2 0
8 0
inpcb 280 4884 0 4877 9 7 2 3 0
8 1
rttmr 72 2 0 2 1 1 0 1 0
8 0
nd6 48 23 0 19 1 0 1 1 0
8 0
pkpcb 40 7 0 7 4 4 0 1 0
8 0
ppxss 1128 47 0 47 6 5 1 1 0
8 1
pffrag 232 24 0 24 6 6 0 1 0
482 0
pffrnode 88 24 0 24 6 6 0 1 0
8 0
pffrent 40 305 0 305 6 6 0 1 0
8 0
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 104 0 59 1 0 1 1 0
8 0
pfstkey 112 104 0 59 2 0 2 2 0
8 0
pfstate 328 104 0 59 4 0 4 4 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 742 0 529 21 6 15 15 0
8 1
art_table 32 743 0 529 2 0 2 2 0
8 0
art_node 16 159 0 126 1 0 1 1 0
8 0
sysvmsgpl 40 2 0 2 1 1 0 1 0
8 0
semupl 112 4 0 4 1 1 0 1 0
8 0
semapl 112 324 0 314 1 0 1 1 0
8 0
shmpl 112 90 0 4 3 0 3 3 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 4071 0 2664 46 0 46 46 0
8 0
ffsino 272 4071 0 2664 95 0 95 95 0
8 0
nchpl 144 6785 0 6329 61 41 20 61 0
8 0
uvmvnodes 72 5029 0 0 92 0 92 92 0
8 0
vnodes 208 5029 0 0 265 0 265 265 0
8 0
namei 1024 21437 0 21437 4 3 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
vmpool 552 5 0 5 4 3 1 1 0
8 1
scsiplug 64 5 0 5 3 3 0 1 0
8 0
scxspl 192 20616 0 20616 18 15 3 7 0
8 3
plimitpl 152 151 0 143 1 0 1 1 0
8 0
sigapl 432 2083 0 2068 3 1 2 3 0
8 0
futexpl 56 36748 0 36748 3 2 1 1 0
8 1
knotepl 112 385 0 366 1 0 1 1 0
8 0
kqueuepl 104 339 0 337 1 0 1 1 0
8 0
pipepl 112 1196 0 1177 7 6 1 2 0
8 0
fdescpl 488 2084 0 2068 3 0 3 3 0
8 0
filepl 152 15430 0 15329 13 8 5 7 0
8 0
lockfpl 104 441 0 440 1 0 1 1 0
8 0
lockfspl 48 146 0 145 1 0 1 1 0
8 0
sessionpl 112 25 0 14 1 0 1 1 0
8 0
pgrppl 48 35 0 24 1 0 1 1 0
8 0
ucredpl 96 1562 0 1553 1 0 1 1 0
8 0
zombiepl 144 2071 0 2069 4 3 1 1 0
8 0
processpl 896 2103 0 2069 4 0 4 4 0
8 0
procpl 632 6142 0 6099 9 4 5 5 0
8 0
srpgc 64 14 0 14 6 6 0 1 0
8 0
sosppl 128 13 0 13 4 4 0 1 0
8 0
sockpl 384 5694 0 5674 12 8 4 5 0
8 1
mcl64k 65536 267 0 0 34 0 34 34 0
8 0
mcl16k 16384 4 0 0 1 0 1 1 0
8 0
mcl12k 12288 16 0 0 2 0 2 2 0
8 0
mcl9k 9216 10 0 0 1 0 1 1 0
8 0
mcl8k 8192 9 0 0 2 0 2 2 0
8 0
mcl4k 4096 17 0 0 3 0 3 3 0
8 0
mcl2k2 2112 7 0 0 1 0 1 1 0
8 0
mcl2k 2048 148 0 0 17 0 17 17 0
8 0
mtagpl 80 41 0 0 1 0 1 1 0
8 0
mbufpl 256 430 0 0 23 0 23 23 0
8 0
bufpl 256 10729 0 3681 441 0 441 441 0
8 0
anonpl 16 210798 0 194347 114 40 74 83 0
124 3
amapchunkpl 152 12965 0 12856 30 20 10 19 0
158 3
amappl16 192 10053 0 9113 94 42 52 60 0
8 4
amappl14 176 500 0 495 2 1 1 1 0
8 0
amappl13 168 1151 0 1150 2 1 1 1 0
8 0
amappl12 160 77 0 77 3 3 0 1 0
8 0
amappl11 152 75 0 60 1 0 1 1 0
8 0
amappl10 144 26 0 19 1 0 1 1 0
8 0
amappl9 136 853 0 846 1 0 1 1 0
8 0
amappl8 128 383 0 356 1 0 1 1 0
8 0
amappl7 120 71 0 64 1 0 1 1 0
8 0
amappl6 112 82 0 72 1 0 1 1 0
8 0
amappl5 104 268 0 253 1 0 1 1 0
8 0
amappl4 96 2813 0 2783 1 0 1 1 0
8 0
amappl3 88 730 0 720 1 0 1 1 0
8 0
amappl2 80 15847 0 15774 4 2 2 3 0
8 0
amappl1 72 54780 0 54349 25 15 10 20 0
8 0
amappl 80 6503 0 6465 1 0 1 1 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 91 0 4 2 0 2 2 0
8 0
uaddrrnd 24 2089 0 2068 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 2089 0 2068 1 0 1 1 0
8 0
vmmpekpl 168 20332 0 20298 2 0 2 2 0
8 0
vmmpepl 168 262188 0 260119 194 74 120 127 0 357
26
vmsppl 368 2083 0 2068 2 0 2 2 0
8 0
pdppl 4096 4185 0 4146 7 1 6 6 0
8 1
pvpl 32 595099 0 575428 239 58 181 197 0 265
15
pmappl 232 2088 0 2073 3 1 2 2 0
8 1
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 666 0 20 19 0 19 19 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 65ab43f2 When dequeuing an aqb from the live queue and mov..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1360937b600000
kernel config: https://syzkaller.appspot.com/x/.config?x=26ca0a9c07f16a3a
dashboard link: https://syzkaller.appspot.com/bug?extid=240c19f6b4f39a2c345d
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+240c19...@syzkaller.appspotmail.com
panic: receive 1a: so 0xfffffd806f6cb480, so_type 3, m 0xfffffd806a0f1f00,
m_type 0
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
55693 51 77 0x100010 0x1 1 dhclient
*214410 7170 0 0 0 0K dhclient
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
soreceive(fffffd806f6cb480,0,ffff800020aa5748,0,0,ffff800020aa5654) at
soreceive+0x174a sys/kern/uipc_socket.c:952
soo_read(fffffd807d9f7390,ffff800020aa5748,0) at soo_read+0x53
sys/kern/sys_socket.c:70
dofilereadv(ffff800020a5eed8,6,ffff800020aa5748,0,ffff800020aa5830) at
dofilereadv+0x1a2 sys/kern/sys_generic.c:236
sys_read(ffff800020a5eed8,ffff800020aa57e0,ffff800020aa5830) at
sys_read+0x83 sys/kern/sys_generic.c:156
syscall(ffff800020aa58b0) at syscall+0x4a4 mi_syscall
sys/sys/syscall_mi.h:92 [inline]
syscall(ffff800020aa58b0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
Xsyscall(0,3,7f7ffffecce8,3,d5412b61,1adf3a990000) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffeca20, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
receive 1a: so 0xfffffd806f6cb480, so_type 3, m 0xfffffd806a0f1f00, m_type 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
soreceive(fffffd806f6cb480,0,ffff800020aa5748,0,0,ffff800020aa5654) at
soreceive+0x174a sys/kern/uipc_socket.c:952
soo_read(fffffd807d9f7390,ffff800020aa5748,0) at soo_read+0x53
sys/kern/sys_socket.c:70
dofilereadv(ffff800020a5eed8,6,ffff800020aa5748,0,ffff800020aa5830) at
dofilereadv+0x1a2 sys/kern/sys_generic.c:236
sys_read(ffff800020a5eed8,ffff800020aa57e0,ffff800020aa5830) at
sys_read+0x83 sys/kern/sys_generic.c:156
syscall(ffff800020aa58b0) at syscall+0x4a4 mi_syscall
sys/sys/syscall_mi.h:92 [inline]
syscall(ffff800020aa58b0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
Xsyscall(0,3,7f7ffffecce8,3,d5412b61,1adf3a990000) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffeca20, count: -8
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020aa5490
rbx 0xffff800020aa5540
rdx 0xffff800020a5eed8
rcx 0
rax 0
r8 0xffffffff81c6670f kprintf+0x16f
r9 0x1
r10 0x25
r11 0x3a70ed7773f68ad1
r12 0x3000000008
r13 0xffff800020aa54a0
r14 0x100
r15 0x1
rip 0xffffffff812d2ac8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020aa5480
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (dhclient) pid=214410 stat=onproc
flags process=0 proc=0
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800020a5e280,0xffff800020a5f160
process=0xffff800020a8a710 user=0xffff800020aa0000,
vmspace=0xfffffd807f00b170
estcpu=0, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
29683 273747 97743 0 2 0x482 syz-executor.1
4274 85667 97743 0 3 0x82 nanosleep syz-executor.0
1033 499551 0 0 3 0x14200 acct acct
46571 288938 0 0 3 0x14200 bored sosplice
97743 473279 20293 0 3 0x82 thrsleep syz-fuzzer
97743 299848 20293 0 3 0x4000082 thrsleep syz-fuzzer
97743 476230 20293 0 3 0x4000082 thrsleep syz-fuzzer
97743 276221 20293 0 3 0x4000082 thrsleep syz-fuzzer
97743 522061 20293 0 3 0x4000082 thrsleep syz-fuzzer
97743 469829 20293 0 3 0x4000082 thrsleep syz-fuzzer
97743 131305 20293 0 3 0x4000082 thrsleep syz-fuzzer
97743 479356 20293 0 3 0x4000082 thrsleep syz-fuzzer
97743 364497 20293 0 3 0x4000082 kqread syz-fuzzer
97743 500839 20293 0 3 0x4000082 thrsleep syz-fuzzer
20293 296677 11413 0 3 0x10008a pause ksh
11413 403880 41935 0 3 0x92 select sshd
35313 314553 1 0 3 0x100083 ttyopn getty
41935 115175 1 0 3 0x80 select sshd
49850 449169 23061 74 3 0x100092 bpf pflogd
23061 466990 1 0 3 0x80 netio pflogd
95950 97858 7237 73 3 0x100090 kqread syslogd
7237 9305 1 0 3 0x100082 netio syslogd
51 55693 1 77 7 0x100011 dhclient
* 7170 214410 1 0 7 0 dhclient
31161 61625 0 0 3 0x14200 pgzero zerothread
19430 200432 0 0 3 0x14200 aiodoned aiodoned
30614 157193 0 0 3 0x14200 syncer update
28536 326622 0 0 3 0x14200 cleaner cleaner
87584 383037 0 0 3 0x14200 reaper reaper
56072 479654 0 0 3 0x14200 pgdaemon pagedaemon
80782 83900 0 0 3 0x14200 bored crynlk
16314 239534 0 0 3 0x14200 bored crypto
18214 388368 0 0 3 0x40014200 acpi0 acpi0
11979 374638 0 0 3 0x40014200 idle1
81691 75844 0 0 2 0x14200 softnet
14228 255924 0 0 3 0x14200 bored systqmp
64120 77036 0 0 3 0x14200 bored systq
53113 337237 0 0 2 0x40014200 softclock
26355 274855 0 0 3 0x40014200 idle0
12782 456807 0 0 3 0x14200 bored smr
1 475803 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 7170 (dhclient) thread 0xffff800020a5eed8 (214410)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82651848)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 solock+0x66 sys/kern/uipc_socket2.c:292
#2 soreceive+0x114 sys/kern/uipc_socket.c:706
#3 soo_read+0x53 sys/kern/sys_socket.c:70
#4 dofilereadv+0x1a2 sys/kern/sys_generic.c:236
#5 sys_read+0x83 sys/kern/sys_generic.c:156
#6 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#6 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#7 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9592 6582K 7807K 78643K 14053 0 0
pcb 13 8K 8K 78643K 327 0 0
rtable 94 3K 4K 78643K 1037 0 0
ifaddr 83 17K 18K 78643K 395 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1799 0 0
iov 0 0K 32K 78643K 315 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1231 77K 77K 78643K 2493 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 22 0 0
VM map 2 1K 1K 78643K 7 0 0
sem 12 0K 0K 78643K 326 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12765 0 0
file desc 5 13K 25K 78643K 1904 0 0
sigio 0 0K 0K 78643K 20 0 0
proc 62 63K 95K 78643K 885 0 0
subproc 32 2K 2K 78643K 161 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 147 0 0
in_multi 34 2K 2K 78643K 187 0 0
ether_multi 1 0K 0K 78643K 15 0 0
mrt 0 0K 0K 78643K 4 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 78 344K 344K 78643K 78 0 0
exec 0 0K 1K 78643K 469 0 0
pfkey data 0 0K 0K 78643K 2 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 105 21K 31K 78643K 7389 0 0
UVM aobj 88 4K 4K 78643K 92 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 337 0 0
NDP 19 0K 0K 78643K 106 0 0
temp 223 3560K 3636K 78643K 33956 0 0
kqueue 0 0K 0K 78643K 20 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 28 0 25 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtpcb 80 125 0 123 1 0 1 1 0
8 0
rtentry 112 163 0 126 2 0 2 2 0
8 0
unpcb 120 667 0 656 1 0 1 1 0
8 0
syncache 264 5 0 5 2 2 0 1 0
8 0
tcpqe 32 5134 0 5134 1 1 0 1 0
8 0
tcpcb 544 2033 0 2027 8 7 1 2 0
8 0
inpcb 280 4884 0 4877 9 7 2 3 0
8 1
rttmr 72 2 0 2 1 1 0 1 0
8 0
nd6 48 23 0 19 1 0 1 1 0
8 0
pkpcb 40 7 0 7 4 4 0 1 0
8 0
ppxss 1128 47 0 47 6 5 1 1 0
8 1
pffrag 232 24 0 24 6 6 0 1 0
482 0
pffrnode 88 24 0 24 6 6 0 1 0
8 0
pffrent 40 305 0 305 6 6 0 1 0
8 0
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 104 0 59 1 0 1 1 0
8 0
pfstkey 112 104 0 59 2 0 2 2 0
8 0
pfstate 328 104 0 59 4 0 4 4 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 742 0 529 21 6 15 15 0
8 1
art_table 32 743 0 529 2 0 2 2 0
8 0
art_node 16 159 0 126 1 0 1 1 0
8 0
sysvmsgpl 40 2 0 2 1 1 0 1 0
8 0
semupl 112 4 0 4 1 1 0 1 0
8 0
semapl 112 324 0 314 1 0 1 1 0
8 0
shmpl 112 90 0 4 3 0 3 3 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 4071 0 2664 46 0 46 46 0
8 0
ffsino 272 4071 0 2664 95 0 95 95 0
8 0
nchpl 144 6785 0 6329 61 41 20 61 0
8 0
uvmvnodes 72 5029 0 0 92 0 92 92 0
8 0
vnodes 208 5029 0 0 265 0 265 265 0
8 0
namei 1024 21437 0 21437 4 3 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
vmpool 552 5 0 5 4 3 1 1 0
8 1
scsiplug 64 5 0 5 3 3 0 1 0
8 0
scxspl 192 20616 0 20616 18 15 3 7 0
8 3
plimitpl 152 151 0 143 1 0 1 1 0
8 0
sigapl 432 2083 0 2068 3 1 2 3 0
8 0
futexpl 56 36748 0 36748 3 2 1 1 0
8 1
knotepl 112 385 0 366 1 0 1 1 0
8 0
kqueuepl 104 339 0 337 1 0 1 1 0
8 0
pipepl 112 1196 0 1177 7 6 1 2 0
8 0
fdescpl 488 2084 0 2068 3 0 3 3 0
8 0
filepl 152 15430 0 15329 13 8 5 7 0
8 0
lockfpl 104 441 0 440 1 0 1 1 0
8 0
lockfspl 48 146 0 145 1 0 1 1 0
8 0
sessionpl 112 25 0 14 1 0 1 1 0
8 0
pgrppl 48 35 0 24 1 0 1 1 0
8 0
ucredpl 96 1562 0 1553 1 0 1 1 0
8 0
zombiepl 144 2071 0 2069 4 3 1 1 0
8 0
processpl 896 2103 0 2069 4 0 4 4 0
8 0
procpl 632 6142 0 6099 9 4 5 5 0
8 0
srpgc 64 14 0 14 6 6 0 1 0
8 0
sosppl 128 13 0 13 4 4 0 1 0
8 0
sockpl 384 5694 0 5674 12 8 4 5 0
8 1
mcl64k 65536 267 0 0 34 0 34 34 0
8 0
mcl16k 16384 4 0 0 1 0 1 1 0
8 0
mcl12k 12288 16 0 0 2 0 2 2 0
8 0
mcl9k 9216 10 0 0 1 0 1 1 0
8 0
mcl8k 8192 9 0 0 2 0 2 2 0
8 0
mcl4k 4096 17 0 0 3 0 3 3 0
8 0
mcl2k2 2112 7 0 0 1 0 1 1 0
8 0
mcl2k 2048 148 0 0 17 0 17 17 0
8 0
mtagpl 80 41 0 0 1 0 1 1 0
8 0
mbufpl 256 430 0 0 23 0 23 23 0
8 0
bufpl 256 10729 0 3681 441 0 441 441 0
8 0
anonpl 16 210798 0 194347 114 40 74 83 0
124 3
amapchunkpl 152 12965 0 12856 30 20 10 19 0
158 3
amappl16 192 10053 0 9113 94 42 52 60 0
8 4
amappl14 176 500 0 495 2 1 1 1 0
8 0
amappl13 168 1151 0 1150 2 1 1 1 0
8 0
amappl12 160 77 0 77 3 3 0 1 0
8 0
amappl11 152 75 0 60 1 0 1 1 0
8 0
amappl10 144 26 0 19 1 0 1 1 0
8 0
amappl9 136 853 0 846 1 0 1 1 0
8 0
amappl8 128 383 0 356 1 0 1 1 0
8 0
amappl7 120 71 0 64 1 0 1 1 0
8 0
amappl6 112 82 0 72 1 0 1 1 0
8 0
amappl5 104 268 0 253 1 0 1 1 0
8 0
amappl4 96 2813 0 2783 1 0 1 1 0
8 0
amappl3 88 730 0 720 1 0 1 1 0
8 0
amappl2 80 15847 0 15774 4 2 2 3 0
8 0
amappl1 72 54780 0 54349 25 15 10 20 0
8 0
amappl 80 6503 0 6465 1 0 1 1 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 91 0 4 2 0 2 2 0
8 0
uaddrrnd 24 2089 0 2068 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 2089 0 2068 1 0 1 1 0
8 0
vmmpekpl 168 20332 0 20298 2 0 2 2 0
8 0
vmmpepl 168 262188 0 260119 194 74 120 127 0 357
26
vmsppl 368 2083 0 2068 2 0 2 2 0
8 0
pdppl 4096 4185 0 4146 7 1 6 6 0
8 1
pvpl 32 595099 0 575428 239 58 181 197 0 265
15
pmappl 232 2088 0 2073 3 1 2 2 0
8 1
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 666 0 20 19 0 19 19 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Nov 13, 2019, 7:40:10 PM11/13/19
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 39b7db27 reflect reality
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=142c4416e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=240c19f6b4f39a2c345d
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=176045aae00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+240c19...@syzkaller.appspotmail.com
login: panic: receive 1a: so 0xfffffd8037012480, so_type 3, m
0xfffffd803dd1b200, m_type 0
soreceive+0x170a sys/kern/uipc_socket.c:952
soo_read(fffffd8037563708,ffff8000148866e8,0) at soo_read+0x53
sys/kern/sys_socket.c:70
dofilereadv(ffff8000ffff93c8,6,ffff8000148866e8,0,ffff8000148867d0) at
dofilereadv+0x1a2 sys/kern/sys_generic.c:236
sys_read(ffff8000ffff93c8,ffff800014886780,ffff8000148867d0) at
sys_read+0x83 sys/kern/sys_generic.c:156
syscall(ffff800014886850) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc68b0, count: 7
ddb> set $maxwidth = 0
ddb> show panic
receive 1a: so 0xfffffd8037012480, so_type 3, m 0xfffffd803dd1b200, m_type 0
ddb> trace
soreceive+0x170a sys/kern/uipc_socket.c:952
soo_read(fffffd8037563708,ffff8000148866e8,0) at soo_read+0x53
sys/kern/sys_socket.c:70
dofilereadv(ffff8000ffff93c8,6,ffff8000148866e8,0,ffff8000148867d0) at
dofilereadv+0x1a2 sys/kern/sys_generic.c:236
sys_read(ffff8000ffff93c8,ffff800014886780,ffff8000148867d0) at
sys_read+0x83 sys/kern/sys_generic.c:156
syscall(ffff800014886850) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc68b0, count: -8
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff800014886430
rbx 0xffff8000148864e0
rdx 0x2
rcx 0x1
rax 0x1
r8 0xffff8000148863f0
r9 0x1
r10 0x1e1b06564566ade5
r11 0xf2a5fc5dc66735fd
r12 0x3000000008
r13 0xffff800014886440
r14 0x100
r15 0x1
rip 0xffffffff814c7838 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800014886420
PROC (dhclient) pid=510474 stat=onproc
process=0xffff8000ffff6010 user=0xffff800014881000,
vmspace=0xfffffd803f013660
87778 168195 93672 0 3 0x4000082 nanosleep syz-execprog
87778 69116 93672 0 3 0x4000082 thrsleep syz-execprog
87778 381738 93672 0 3 0x4000082 thrsleep syz-execprog
87778 26640 93672 0 3 0x4000082 wait syz-execprog
87778 121307 93672 0 3 0x4000082 thrsleep syz-execprog
87778 366728 93672 0 3 0x4000082 thrsleep syz-execprog
93672 79684 46106 0 3 0x10008a pause ksh
46106 202059 25758 0 3 0x92 select sshd
99008 54247 1 0 3 0x100083 ttyin getty
25758 183836 1 0 3 0x80 select sshd
42283 502082 3223 73 3 0x100090 kqread syslogd
3223 301768 1 0 3 0x100082 netio syslogd
89342 467958 1 77 2 0x100010 dhclient
*97339 510474 1 0 7 0 dhclient
7476 51450 0 0 3 0x14200 pgzero zerothread
75043 492904 0 0 3 0x14200 aiodoned aiodoned
31570 395122 0 0 3 0x14200 syncer update
44273 244917 0 0 3 0x14200 cleaner cleaner
88231 154659 0 0 3 0x14200 reaper reaper
82829 368687 0 0 3 0x14200 pgdaemon pagedaemon
23763 197268 0 0 3 0x14200 bored crynlk
75954 468277 0 0 3 0x14200 bored crypto
2896 490076 0 0 3 0x40014200 acpi0 acpi0
71015 83620 0 0 2 0x14200 softnet
23001 151565 0 0 2 0x14200 systqmp
60830 345307 0 0 3 0x14200 bored systq
29891 335980 0 0 3 0x40014200 bored softclock
86844 358699 0 0 3 0x40014200 idle0
99273 117539 0 0 3 0x14200 bored smr
1 131539 0 0 3 0x82 wait init
No such command
ddb> show malloc
pcb 13 8K 8K 78643K 13 0 0
rtable 63 1K 2K 78643K 155 0 0
ifaddr 26 7K 9K 78643K 34 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 14 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 2 0K 0K 78643K 2 0 0
file desc 2 4K 12K 78643K 18 0 0
proc 47 38K 54K 78643K 318 0 0
ether_multi 1 0K 0K 78643K 1 0 0
exec 0 0K 1K 78643K 171 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
temp 22 3517K 3581K 78643K 3029 0 0
8 0
rtpcb 80 17 0 15 1 0 1 1 0
8 0
rtentry 112 34 0 11 1 0 1 1 0
8 0
unpcb 120 27 0 19 1 0 1 1 0
8 0
syncache 264 5 0 5 1 0 1 1 0
8 1
tcpcb 544 8 0 5 1 0 1 1 0
8 0
inpcb 280 27 0 21 1 0 1 1 0
8 0
nd6 48 2 0 2 1 0 1 1 0
8 1
8 0
art_table 32 168 0 0 2 0 2 2 0
8 0
art_node 16 33 0 3 1 0 1 1 0
8 0
8 0
ffsino 240 1412 0 20 82 0 82 82 0
8 0
nchpl 144 1651 0 53 60 0 60 60 0
8 0
uvmvnodes 72 1421 0 0 26 0 26 26 0
8 0
vnodes 208 1421 0 0 75 0 75 75 0
8 0
namei 1024 3837 0 3837 1 0 1 1 0
8 1
scxspl 192 3982 0 3982 2 1 1 2 0
8 1
plimitpl 152 14 0 8 1 0 1 1 0
8 0
sigapl 432 196 0 185 2 0 2 2 0
8 0
knotepl 112 39 0 28 1 0 1 1 0
8 0
kqueuepl 104 2 0 0 1 0 1 1 0
8 0
pipepl 128 134 0 122 1 0 1 1 0
8 0
fdescpl 424 197 0 185 2 0 2 2 0
8 0
filepl 120 974 0 922 2 0 2 2 0
8 0
lockfpl 104 5 0 4 1 0 1 1 0
8 0
lockfspl 48 3 0 2 1 0 1 1 0
8 0
sessionpl 112 18 0 9 1 0 1 1 0
8 0
pgrppl 48 18 0 9 1 0 1 1 0
8 0
ucredpl 96 47 0 40 1 0 1 1 0
8 0
zombiepl 144 186 0 185 1 0 1 1 0
8 0
processpl 864 211 0 185 4 0 4 4 0
8 0
procpl 632 217 0 185 3 0 3 3 0
8 0
sockpl 384 71 0 55 2 0 2 2 0
8 0
mcl4k 4096 10 0 10 1 0 1 1 0
8 1
mcl2k 2048 5473 0 5444 6 1 5 6 0
8 1
mtagpl 80 2 0 2 1 1 0 1 0
8 0
mbufpl 256 9528 0 9451 7 0 7 7 0
8 0
bufpl 256 5784 0 1323 279 0 279 279 0
8 0
anonpl 16 19926 0 18484 15 2 13 13 0
62 6
amapchunkpl 152 694 0 635 5 0 5 5 0
158 2
amappl16 192 125 0 95 2 0 2 2 0
8 0
amappl14 176 47 0 41 1 0 1 1 0
8 0
amappl12 160 3 0 2 2 1 1 1 0
8 0
amappl11 152 44 0 33 1 0 1 1 0
8 0
amappl10 144 9 0 8 2 1 1 1 0
8 0
amappl9 136 397 0 394 1 0 1 1 0
8 0
amappl8 128 120 0 110 1 0 1 1 0
8 0
amappl7 120 28 0 26 1 0 1 1 0
8 0
amappl6 112 58 0 52 1 0 1 1 0
8 0
amappl5 104 128 0 118 1 0 1 1 0
8 0
amappl4 96 427 0 400 1 0 1 1 0
8 0
amappl3 88 116 0 110 1 0 1 1 0
8 0
amappl2 80 836 0 782 3 0 3 3 0
8 1
amappl1 72 13251 0 12865 28 12 16 20 0
8 8
amappl 80 417 0 392 1 0 1 1 0
8 0
uaddrrnd 24 197 0 185 1 0 1 1 0
8 0
vmmpekpl 168 6163 0 6147 1 0 1 1 0
8 0
vmmpepl 168 28613 0 27777 87 10 77 77 0 357
39
vmsppl 272 196 0 185 1 0 1 1 0
8 0
pdppl 4096 400 0 370 5 0 5 5 0
8 0
pvpl 32 103049 0 99344 113 0 113 113 0 265
81
pmappl 200 196 0 185 1 0 1 1 0
8 0
8 0
HEAD commit: 39b7db27 reflect reality
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=142c4416e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=240c19f6b4f39a2c345d
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=176045aae00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+240c19...@syzkaller.appspotmail.com
0xfffffd803dd1b200, m_type 0
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*510474 97339 0 0 0 0 dhclient
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
soreceive(fffffd8037012480,0,ffff8000148866e8,0,0,ffff8000148865f4) at
panic() at panic+0x15c sys/kern/subr_prf.c:207
soreceive+0x170a sys/kern/uipc_socket.c:952
soo_read(fffffd8037563708,ffff8000148866e8,0) at soo_read+0x53
sys/kern/sys_socket.c:70
dofilereadv(ffff8000ffff93c8,6,ffff8000148866e8,0,ffff8000148867d0) at
dofilereadv+0x1a2 sys/kern/sys_generic.c:236
sys_read(ffff8000ffff93c8,ffff800014886780,ffff8000148867d0) at
sys_read+0x83 sys/kern/sys_generic.c:156
syscall(ffff800014886850) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc68b0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $maxwidth = 0
ddb> show panic
receive 1a: so 0xfffffd8037012480, so_type 3, m 0xfffffd803dd1b200, m_type 0
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
soreceive(fffffd8037012480,0,ffff8000148866e8,0,0,ffff8000148865f4) at
panic() at panic+0x15c sys/kern/subr_prf.c:207
soreceive+0x170a sys/kern/uipc_socket.c:952
soo_read(fffffd8037563708,ffff8000148866e8,0) at soo_read+0x53
sys/kern/sys_socket.c:70
dofilereadv(ffff8000ffff93c8,6,ffff8000148866e8,0,ffff8000148867d0) at
dofilereadv+0x1a2 sys/kern/sys_generic.c:236
sys_read(ffff8000ffff93c8,ffff800014886780,ffff8000148867d0) at
sys_read+0x83 sys/kern/sys_generic.c:156
syscall(ffff800014886850) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc68b0, count: -8
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff800014886430
rbx 0xffff8000148864e0
rdx 0x2
rcx 0x1
rax 0x1
r8 0xffff8000148863f0
r9 0x1
r10 0x1e1b06564566ade5
r11 0xf2a5fc5dc66735fd
r12 0x3000000008
r13 0xffff800014886440
r14 0x100
r15 0x1
rip 0xffffffff814c7838 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800014886420
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
db_enter+0x18: addq $0x8,%rsp
PROC (dhclient) pid=510474 stat=onproc
flags process=0 proc=0
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff8280,0xffff8000ffff9650
pri=50, usrpri=50, nice=20
process=0xffff8000ffff6010 user=0xffff800014881000,
vmspace=0xfffffd803f013660
estcpu=0, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
user=0, sys=1, intr=0
PID TID PPID UID S FLAGS WAIT COMMAND
87778 69352 93672 0 3 0x82 thrsleep syz-execprog
87778 168195 93672 0 3 0x4000082 nanosleep syz-execprog
87778 69116 93672 0 3 0x4000082 thrsleep syz-execprog
87778 381738 93672 0 3 0x4000082 thrsleep syz-execprog
87778 26640 93672 0 3 0x4000082 wait syz-execprog
87778 121307 93672 0 3 0x4000082 thrsleep syz-execprog
87778 366728 93672 0 3 0x4000082 thrsleep syz-execprog
93672 79684 46106 0 3 0x10008a pause ksh
46106 202059 25758 0 3 0x92 select sshd
99008 54247 1 0 3 0x100083 ttyin getty
25758 183836 1 0 3 0x80 select sshd
42283 502082 3223 73 3 0x100090 kqread syslogd
3223 301768 1 0 3 0x100082 netio syslogd
89342 467958 1 77 2 0x100010 dhclient
*97339 510474 1 0 7 0 dhclient
7476 51450 0 0 3 0x14200 pgzero zerothread
75043 492904 0 0 3 0x14200 aiodoned aiodoned
31570 395122 0 0 3 0x14200 syncer update
44273 244917 0 0 3 0x14200 cleaner cleaner
88231 154659 0 0 3 0x14200 reaper reaper
82829 368687 0 0 3 0x14200 pgdaemon pagedaemon
23763 197268 0 0 3 0x14200 bored crynlk
75954 468277 0 0 3 0x14200 bored crypto
2896 490076 0 0 3 0x40014200 acpi0 acpi0
71015 83620 0 0 2 0x14200 softnet
23001 151565 0 0 2 0x14200 systqmp
60830 345307 0 0 3 0x14200 bored systq
29891 335980 0 0 3 0x40014200 bored softclock
86844 358699 0 0 3 0x40014200 idle0
99273 117539 0 0 3 0x14200 bored smr
1 131539 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9427 6310K 6310K 78643K 10522 0 0
pcb 13 8K 8K 78643K 13 0 0
rtable 63 1K 2K 78643K 155 0 0
ifaddr 26 7K 9K 78643K 34 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 14 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1180 74K 74K 78643K 1185 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 1K 78643K 2 0 0
UFS mount 5 36K 36K 78643K 5 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 2 0K 0K 78643K 2 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 2 4K 12K 78643K 18 0 0
proc 47 38K 54K 78643K 318 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
in_multi 11 0K 1K 78643K 22 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ether_multi 1 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 18 79K 79K 78643K 18 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
exec 0 0K 1K 78643K 171 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 67 11K 12K 78643K 836 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
NDP 3 0K 0K 78643K 6 0 0
crypto data 1 1K 1K 78643K 1 0 0
temp 22 3517K 3581K 78643K 3029 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 4 0 2 1 0 1 1 0
Idle
8 0
rtpcb 80 17 0 15 1 0 1 1 0
8 0
rtentry 112 34 0 11 1 0 1 1 0
8 0
unpcb 120 27 0 19 1 0 1 1 0
8 0
syncache 264 5 0 5 1 0 1 1 0
8 1
tcpcb 544 8 0 5 1 0 1 1 0
8 0
inpcb 280 27 0 21 1 0 1 1 0
8 0
nd6 48 2 0 2 1 0 1 1 0
8 1
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 167 0 0 11 0 11 11 0
8 0
8 0
art_table 32 168 0 0 2 0 2 2 0
8 0
art_node 16 33 0 3 1 0 1 1 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 1412 0 20 45 0 45 45 0
8 0
8 0
ffsino 240 1412 0 20 82 0 82 82 0
8 0
nchpl 144 1651 0 53 60 0 60 60 0
8 0
uvmvnodes 72 1421 0 0 26 0 26 26 0
8 0
vnodes 208 1421 0 0 75 0 75 75 0
8 0
namei 1024 3837 0 3837 1 0 1 1 0
8 1
scxspl 192 3982 0 3982 2 1 1 2 0
8 1
plimitpl 152 14 0 8 1 0 1 1 0
8 0
sigapl 432 196 0 185 2 0 2 2 0
8 0
knotepl 112 39 0 28 1 0 1 1 0
8 0
kqueuepl 104 2 0 0 1 0 1 1 0
8 0
pipepl 128 134 0 122 1 0 1 1 0
8 0
fdescpl 424 197 0 185 2 0 2 2 0
8 0
filepl 120 974 0 922 2 0 2 2 0
8 0
lockfpl 104 5 0 4 1 0 1 1 0
8 0
lockfspl 48 3 0 2 1 0 1 1 0
8 0
sessionpl 112 18 0 9 1 0 1 1 0
8 0
pgrppl 48 18 0 9 1 0 1 1 0
8 0
ucredpl 96 47 0 40 1 0 1 1 0
8 0
zombiepl 144 186 0 185 1 0 1 1 0
8 0
processpl 864 211 0 185 4 0 4 4 0
8 0
procpl 632 217 0 185 3 0 3 3 0
8 0
sockpl 384 71 0 55 2 0 2 2 0
8 0
mcl4k 4096 10 0 10 1 0 1 1 0
8 1
mcl2k 2048 5473 0 5444 6 1 5 6 0
8 1
mtagpl 80 2 0 2 1 1 0 1 0
8 0
mbufpl 256 9528 0 9451 7 0 7 7 0
8 0
bufpl 256 5784 0 1323 279 0 279 279 0
8 0
anonpl 16 19926 0 18484 15 2 13 13 0
62 6
amapchunkpl 152 694 0 635 5 0 5 5 0
158 2
amappl16 192 125 0 95 2 0 2 2 0
8 0
amappl14 176 47 0 41 1 0 1 1 0
8 0
amappl12 160 3 0 2 2 1 1 1 0
8 0
amappl11 152 44 0 33 1 0 1 1 0
8 0
amappl10 144 9 0 8 2 1 1 1 0
8 0
amappl9 136 397 0 394 1 0 1 1 0
8 0
amappl8 128 120 0 110 1 0 1 1 0
8 0
amappl7 120 28 0 26 1 0 1 1 0
8 0
amappl6 112 58 0 52 1 0 1 1 0
8 0
amappl5 104 128 0 118 1 0 1 1 0
8 0
amappl4 96 427 0 400 1 0 1 1 0
8 0
amappl3 88 116 0 110 1 0 1 1 0
8 0
amappl2 80 836 0 782 3 0 3 3 0
8 1
amappl1 72 13251 0 12865 28 12 16 20 0
8 8
amappl 80 417 0 392 1 0 1 1 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 1 0 0 1 0 1 1 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
8 0
uaddrrnd 24 197 0 185 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 197 0 185 1 0 1 1 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
8 0
vmmpekpl 168 6163 0 6147 1 0 1 1 0
8 0
vmmpepl 168 28613 0 27777 87 10 77 77 0 357
39
vmsppl 272 196 0 185 1 0 1 1 0
8 0
pdppl 4096 400 0 370 5 0 5 5 0
8 0
pvpl 32 103049 0 99344 113 0 113 113 0 265
81
pmappl 200 196 0 185 1 0 1 1 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 400 0 3 12 0 12 12 0
8 0
8 0
Anton Lindqvist
Feb 28, 2020, 3:38:09 AM2/28/20
to syzbot, syzkaller-o...@googlegroups.com
#syz dup: soreceive 1a
Reply all
Reply to author
Forward
0 new messages