panic: pianfiac_:u pkdeartnee_lb drioaadgandodsrt dioces a nsots serutpipoonr t"!_kernel_lock_held()" failed: file "/syz
0 views
Skip to first unread message
syzbot
Oct 26, 2019, 11:39:10 AM10/26/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: c31be7ff Correct some ASM in a comment
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=12fe7997600000
kernel config: https://syzkaller.appspot.com/x/.config?x=26ca0a9c07f16a3a
dashboard link: https://syzkaller.appspot.com/bug?extid=d6368d7b6553c11200ca
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d6368d...@syzkaller.appspotmail.com
panic: pianfiac_:u pkdeartnee_lb drioaadgandodsrt dioces a nsots
serutpipoonr t"!_kernel_lock_held()" failed:
file "/syzkaller/managers/multicore/kernel/sys/kern/kern_fork.c", line 683
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*203282 72985 60929 0x10 0x4000000 1 syz-executor.1
302500 62951 0 0 0x4000000 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff82206dbe,ffffffff821f5e72,2ab,ffffffff821d72f2) at
__assert+0x2b sys/kern/subr_prf.c:154
proc_trampoline_mp() at proc_trampoline_mp+0x123
end trace frame: 0x0, count: 11
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
ifa_update_broadaddr does not support dynamic length
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff82206dbe,ffffffff821f5e72,2ab,ffffffff821d72f2) at
__assert+0x2b sys/kern/subr_prf.c:154
proc_trampoline_mp() at proc_trampoline_mp+0x123
end trace frame: 0x0, count: -4
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800022bf1000
rbx 0xffff800022bf10b0
rdx 0xffff800020a5e9e8
rcx 0
rax 0
r8 0xffffffff816ab13f kprintf+0x16f
r9 0x1
r10 0x25
r11 0xc0667b8762335027
r12 0x3000000008
r13 0xffff800022bf1010
r14 0x104
r15 0x1
rip 0xffffffff821156a8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800022bf0ff0
ss 0
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.1) pid=203282 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020a5ec60,0xffffffff82675698
process=0xffff800020a8b190 user=0xffff800022bec000,
vmspace=0xfffffd806e7c48a8
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
72985 361625 52547 60929 2 0x10 syz-executor.1
72985 433175 52547 60929 3 0x4000090 fsleep syz-executor.1
72985 444598 52547 60929 3 0x4000090 fsleep syz-executor.1
*72985 203282 52547 60929 7 0x4000010 syz-executor.1
62951 106497 33098 0 2 0 syz-executor.0
62951 184906 33098 0 3 0x4000080 poll syz-executor.0
62951 302500 33098 0 7 0x4000000 syz-executor.0
33098 323856 88397 0 3 0x82 nanosleep syz-executor.0
52547 363153 88397 0 3 0x82 nanosleep syz-executor.1
52246 371256 1 0 3 0x100083 ttyin getty
41708 296959 0 0 3 0x14200 bored sosplice
88397 303157 18134 0 3 0x82 thrsleep syz-fuzzer
88397 93027 18134 0 3 0x4000082 thrsleep syz-fuzzer
88397 235497 18134 0 3 0x4000082 thrsleep syz-fuzzer
88397 67203 18134 0 3 0x4000082 thrsleep syz-fuzzer
88397 185729 18134 0 3 0x4000082 thrsleep syz-fuzzer
88397 7358 18134 0 3 0x4000082 thrsleep syz-fuzzer
88397 440686 18134 0 3 0x4000082 kqread syz-fuzzer
88397 16532 18134 0 3 0x4000082 thrsleep syz-fuzzer
88397 182456 18134 0 3 0x4000082 thrsleep syz-fuzzer
88397 386483 18134 0 3 0x4000082 thrsleep syz-fuzzer
18134 299063 51814 0 3 0x10008a pause ksh
51814 11110 93746 0 3 0x92 select sshd
93746 315719 1 0 3 0x80 select sshd
50151 102243 39972 74 3 0x100092 bpf pflogd
39972 457673 1 0 3 0x80 netio pflogd
35716 359731 96658 73 3 0x100090 kqread syslogd
96658 261445 1 0 3 0x100082 netio syslogd
54860 432984 1 77 3 0x100090 poll dhclient
25324 269877 1 0 3 0x80 poll dhclient
69966 436211 0 0 2 0x14200 zerothread
17230 221754 0 0 3 0x14200 aiodoned aiodoned
39173 228904 0 0 3 0x14200 syncer update
96185 481272 0 0 3 0x14200 cleaner cleaner
70441 340180 0 0 3 0x14200 reaper reaper
61303 3437 0 0 3 0x14200 pgdaemon pagedaemon
8503 138972 0 0 3 0x14200 bored crynlk
15036 317355 0 0 3 0x14200 bored crypto
18580 456254 0 0 3 0x40014200 acpi0 acpi0
64196 69732 0 0 3 0x40014200 idle1
34711 125848 0 0 3 0x14200 bored softnet
45172 458320 0 0 3 0x14200 bored systqmp
6700 411560 0 0 3 0x14200 bored systq
61155 424354 0 0 3 0x40014200 bored softclock
4847 138160 0 0 3 0x40014200 idle0
97956 240469 0 0 3 0x14200 bored smr
1 331657 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 62951 (syz-executor.0) thread 0xffff800020a5ec60 (302500)
exclusive rwlock netlock r = 0 (0xffffffff82500b58)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 in_ioctl+0x142
#2 ifioctl+0xb64 sys/net/if.c:2202
#3 sys_ioctl+0x5b9
#4 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#4 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#5 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82671c60)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline]
#1 syscall+0x400 sys/arch/amd64/amd64/trap.c:555
#2 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9591 6448K 7001K 78643K 14628 0 0
pcb 13 8K 8K 78643K 332 0 0
rtable 101 5K 6K 78643K 1574 0 0
ifaddr 85 17K 17K 78643K 425 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1544 0 0
iov 0 0K 16K 78643K 315 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1212 76K 77K 78643K 2730 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 22 0 0
VM map 10 5K 5K 78643K 12 0 0
sem 12 1K 1K 78643K 362 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12765 0 0
file desc 6 17K 25K 78643K 1707 0 0
sigio 0 0K 0K 78643K 16 0 0
proc 64 75K 95K 78643K 1147 0 0
subproc 32 2K 2K 78643K 255 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 135 0 0
in_multi 23 1K 2K 78643K 259 0 0
ether_multi 1 0K 0K 78643K 13 0 0
mrt 0 0K 0K 78643K 6 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 78 344K 344K 78643K 78 0 0
exec 0 0K 1K 78643K 578 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 123 58K 64K 78643K 7347 0 0
UVM aobj 104 3K 3K 78643K 106 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 317 0 0
NDP 21 0K 1K 78643K 140 0 0
temp 234 3561K 3639K 78643K 53438 0 0
kqueue 0 0K 0K 78643K 22 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 63 0 60 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtpcb 80 179 0 177 1 0 1 1 0
8 0
rtentry 112 281 0 245 2 0 2 2 0
8 0
unpcb 120 840 0 827 1 0 1 1 0
8 0
syncache 264 16 0 16 9 9 0 1 0
8 0
tcpqe 32 19 0 19 5 5 0 1 0
8 0
tcpcb 544 540 0 536 2 1 1 2 0
8 0
inpcb 280 1895 0 1887 22 20 2 3 0
8 1
rttmr 72 4 0 3 3 2 1 1 0
8 0
ip6q 72 3 0 3 1 1 0 1 0
8 0
ip6af 40 7 0 7 1 1 0 1 0
8 0
nd6 48 38 0 36 1 0 1 1 0
8 0
pkpcb 40 12 0 12 6 6 0 1 0
8 0
swfcl 56 2 0 0 1 0 1 1 0
8 0
ppxss 1128 46 0 46 25 25 0 1 0
8 0
pffrag 232 53 0 53 26 26 0 1 0
482 0
pffrnode 88 53 0 53 26 26 0 1 0
8 0
pffrent 40 1517 0 1517 26 26 0 1 0
8 0
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 191 0 175 1 0 1 1 0
8 0
pfstkey 112 191 0 175 1 0 1 1 0
8 0
pfstate 328 191 0 175 5 2 3 3 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 4 0 2 4 2 2 3 0
8 0
art_heap4 256 1172 0 967 22 8 14 16 0
8 0
art_table 32 1176 0 969 2 0 2 2 0
8 0
art_node 16 280 0 247 1 0 1 1 0
8 0
sysvmsgpl 40 18 0 14 3 2 1 1 0
8 0
semupl 112 2 0 2 1 1 0 1 0
8 0
semapl 112 355 0 345 1 0 1 1 0
8 0
shmpl 112 104 0 2 4 1 3 3 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 3900 0 2497 46 0 46 46 0
8 0
ffsino 272 3900 0 2497 94 0 94 94 0
8 0
nchpl 144 6443 0 4821 61 0 61 61 0
8 0
uvmvnodes 72 5046 0 0 92 0 92 92 0
8 0
vnodes 208 5046 0 0 266 0 266 266 0
8 0
namei 1024 21450 0 21450 2 1 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
vcpupl 1984 8 0 0 1 0 1 1 0
8 0
vmpool 552 10 0 2 2 1 1 1 0
8 0
scsiplug 64 2 0 2 2 2 0 1 0
8 0
scxspl 192 21256 0 21256 27 24 3 7 0
8 3
plimitpl 152 141 0 133 1 0 1 1 0
8 0
sigapl 432 1870 0 1854 5 3 2 3 0
8 0
futexpl 56 32412 0 32410 1 0 1 1 0
8 0
knotepl 112 701 0 682 6 5 1 3 0
8 0
kqueuepl 104 859 0 857 1 0 1 1 0
8 0
pipepl 112 4782 0 4763 18 16 2 2 0
8 1
fdescpl 488 1871 0 1854 3 0 3 3 0
8 0
filepl 152 16844 0 16742 27 21 6 7 0
8 2
lockfpl 104 620 0 619 1 0 1 1 0
8 0
lockfspl 48 218 0 217 1 0 1 1 0
8 0
sessionpl 112 33 0 22 1 0 1 1 0
8 0
pgrppl 48 49 0 38 1 0 1 1 0
8 0
ucredpl 96 1659 0 1649 1 0 1 1 0
8 0
zombiepl 144 1855 0 1855 1 0 1 1 0
8 1
processpl 896 1888 0 1855 6 2 4 5 0
8 0
procpl 632 5570 0 5523 29 24 5 5 0
8 1
srpgc 64 21 0 21 9 9 0 1 0
8 0
sosppl 128 19 0 19 9 9 0 1 0
8 0
sockpl 384 2943 0 2920 37 33 4 6 0
8 1
mcl64k 65536 263 0 0 33 15 18 33 0
8 1
mcl16k 16384 7 0 0 1 0 1 1 0
8 0
mcl12k 12288 12 0 0 2 0 2 2 0
8 0
mcl9k 9216 5 0 0 1 0 1 1 0
8 0
mcl8k 8192 26 0 0 4 2 2 3 0
8 0
mcl4k 4096 11 0 0 2 0 2 2 0
8 0
mcl2k2 2112 6 0 0 1 0 1 1 0
8 0
mcl2k 2048 205 0 0 19 10 9 19 0
8 0
mtagpl 80 26 0 0 1 0 1 1 0
8 0
mbufpl 256 956 0 0 26 1 25 25 0
8 0
bufpl 256 11293 0 4245 441 0 441 441 0
8 0
anonpl 16 1066189 0 1046569 248 152 96 112 0
124 1
amapchunkpl 152 19146 0 19001 59 51 8 14 0
158 0
amappl16 192 56163 0 55046 377 308 69 78 0
8 5
amappl15 184 341 0 340 1 0 1 1 0
8 0
amappl14 176 247 0 245 1 0 1 1 0
8 0
amappl13 168 59 0 59 2 2 0 1 0
8 0
amappl12 160 143 0 142 2 1 1 1 0
8 0
amappl11 152 350 0 333 1 0 1 1 0
8 0
amappl10 144 393 0 388 1 0 1 1 0
8 0
amappl9 136 1090 0 1082 1 0 1 1 0
8 0
amappl8 128 602 0 572 2 0 2 2 0
8 0
amappl7 120 472 0 464 1 0 1 1 0
8 0
amappl6 112 355 0 344 1 0 1 1 0
8 0
amappl5 104 366 0 352 1 0 1 1 0
8 0
amappl4 96 1975 0 1944 1 0 1 1 0
8 0
amappl3 88 490 0 483 1 0 1 1 0
8 0
amappl2 80 13385 0 13303 3 1 2 3 0
8 0
amappl1 72 52826 0 52360 26 16 10 20 0
8 0
amappl 80 6419 0 6367 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 105 0 2 2 0 2 2 0
8 0
uaddrrnd 24 1881 0 1854 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 1881 0 1854 1 0 1 1 0
8 0
vmmpekpl 168 30213 0 30182 2 0 2 2 0
8 0
vmmpepl 168 295723 0 293303 416 299 117 153 0 357
10
vmsppl 368 1870 0 1854 2 0 2 2 0
8 0
pdppl 4096 3769 0 3720 9 2 7 7 0
8 0
pvpl 32 1598017 0 1575613 515 295 220 261 0 265
14
pmappl 232 1880 0 1856 4 2 2 2 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 668 0 45 19 0 19 19 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: c31be7ff Correct some ASM in a comment
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=12fe7997600000
kernel config: https://syzkaller.appspot.com/x/.config?x=26ca0a9c07f16a3a
dashboard link: https://syzkaller.appspot.com/bug?extid=d6368d7b6553c11200ca
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d6368d...@syzkaller.appspotmail.com
panic: pianfiac_:u pkdeartnee_lb drioaadgandodsrt dioces a nsots
serutpipoonr t"!_kernel_lock_held()" failed:
file "/syzkaller/managers/multicore/kernel/sys/kern/kern_fork.c", line 683
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*203282 72985 60929 0x10 0x4000000 1 syz-executor.1
302500 62951 0 0 0x4000000 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff82206dbe,ffffffff821f5e72,2ab,ffffffff821d72f2) at
__assert+0x2b sys/kern/subr_prf.c:154
proc_trampoline_mp() at proc_trampoline_mp+0x123
end trace frame: 0x0, count: 11
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
ifa_update_broadaddr does not support dynamic length
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff82206dbe,ffffffff821f5e72,2ab,ffffffff821d72f2) at
__assert+0x2b sys/kern/subr_prf.c:154
proc_trampoline_mp() at proc_trampoline_mp+0x123
end trace frame: 0x0, count: -4
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800022bf1000
rbx 0xffff800022bf10b0
rdx 0xffff800020a5e9e8
rcx 0
rax 0
r8 0xffffffff816ab13f kprintf+0x16f
r9 0x1
r10 0x25
r11 0xc0667b8762335027
r12 0x3000000008
r13 0xffff800022bf1010
r14 0x104
r15 0x1
rip 0xffffffff821156a8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800022bf0ff0
ss 0
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.1) pid=203282 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800020a5ec60,0xffffffff82675698
process=0xffff800020a8b190 user=0xffff800022bec000,
vmspace=0xfffffd806e7c48a8
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
72985 361625 52547 60929 2 0x10 syz-executor.1
72985 433175 52547 60929 3 0x4000090 fsleep syz-executor.1
72985 444598 52547 60929 3 0x4000090 fsleep syz-executor.1
*72985 203282 52547 60929 7 0x4000010 syz-executor.1
62951 106497 33098 0 2 0 syz-executor.0
62951 184906 33098 0 3 0x4000080 poll syz-executor.0
62951 302500 33098 0 7 0x4000000 syz-executor.0
33098 323856 88397 0 3 0x82 nanosleep syz-executor.0
52547 363153 88397 0 3 0x82 nanosleep syz-executor.1
52246 371256 1 0 3 0x100083 ttyin getty
41708 296959 0 0 3 0x14200 bored sosplice
88397 303157 18134 0 3 0x82 thrsleep syz-fuzzer
88397 93027 18134 0 3 0x4000082 thrsleep syz-fuzzer
88397 235497 18134 0 3 0x4000082 thrsleep syz-fuzzer
88397 67203 18134 0 3 0x4000082 thrsleep syz-fuzzer
88397 185729 18134 0 3 0x4000082 thrsleep syz-fuzzer
88397 7358 18134 0 3 0x4000082 thrsleep syz-fuzzer
88397 440686 18134 0 3 0x4000082 kqread syz-fuzzer
88397 16532 18134 0 3 0x4000082 thrsleep syz-fuzzer
88397 182456 18134 0 3 0x4000082 thrsleep syz-fuzzer
88397 386483 18134 0 3 0x4000082 thrsleep syz-fuzzer
18134 299063 51814 0 3 0x10008a pause ksh
51814 11110 93746 0 3 0x92 select sshd
93746 315719 1 0 3 0x80 select sshd
50151 102243 39972 74 3 0x100092 bpf pflogd
39972 457673 1 0 3 0x80 netio pflogd
35716 359731 96658 73 3 0x100090 kqread syslogd
96658 261445 1 0 3 0x100082 netio syslogd
54860 432984 1 77 3 0x100090 poll dhclient
25324 269877 1 0 3 0x80 poll dhclient
69966 436211 0 0 2 0x14200 zerothread
17230 221754 0 0 3 0x14200 aiodoned aiodoned
39173 228904 0 0 3 0x14200 syncer update
96185 481272 0 0 3 0x14200 cleaner cleaner
70441 340180 0 0 3 0x14200 reaper reaper
61303 3437 0 0 3 0x14200 pgdaemon pagedaemon
8503 138972 0 0 3 0x14200 bored crynlk
15036 317355 0 0 3 0x14200 bored crypto
18580 456254 0 0 3 0x40014200 acpi0 acpi0
64196 69732 0 0 3 0x40014200 idle1
34711 125848 0 0 3 0x14200 bored softnet
45172 458320 0 0 3 0x14200 bored systqmp
6700 411560 0 0 3 0x14200 bored systq
61155 424354 0 0 3 0x40014200 bored softclock
4847 138160 0 0 3 0x40014200 idle0
97956 240469 0 0 3 0x14200 bored smr
1 331657 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 62951 (syz-executor.0) thread 0xffff800020a5ec60 (302500)
exclusive rwlock netlock r = 0 (0xffffffff82500b58)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 in_ioctl+0x142
#2 ifioctl+0xb64 sys/net/if.c:2202
#3 sys_ioctl+0x5b9
#4 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#4 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#5 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82671c60)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline]
#1 syscall+0x400 sys/arch/amd64/amd64/trap.c:555
#2 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9591 6448K 7001K 78643K 14628 0 0
pcb 13 8K 8K 78643K 332 0 0
rtable 101 5K 6K 78643K 1574 0 0
ifaddr 85 17K 17K 78643K 425 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1544 0 0
iov 0 0K 16K 78643K 315 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1212 76K 77K 78643K 2730 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 22 0 0
VM map 10 5K 5K 78643K 12 0 0
sem 12 1K 1K 78643K 362 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12765 0 0
file desc 6 17K 25K 78643K 1707 0 0
sigio 0 0K 0K 78643K 16 0 0
proc 64 75K 95K 78643K 1147 0 0
subproc 32 2K 2K 78643K 255 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 135 0 0
in_multi 23 1K 2K 78643K 259 0 0
ether_multi 1 0K 0K 78643K 13 0 0
mrt 0 0K 0K 78643K 6 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 78 344K 344K 78643K 78 0 0
exec 0 0K 1K 78643K 578 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 123 58K 64K 78643K 7347 0 0
UVM aobj 104 3K 3K 78643K 106 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 317 0 0
NDP 21 0K 1K 78643K 140 0 0
temp 234 3561K 3639K 78643K 53438 0 0
kqueue 0 0K 0K 78643K 22 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 63 0 60 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtpcb 80 179 0 177 1 0 1 1 0
8 0
rtentry 112 281 0 245 2 0 2 2 0
8 0
unpcb 120 840 0 827 1 0 1 1 0
8 0
syncache 264 16 0 16 9 9 0 1 0
8 0
tcpqe 32 19 0 19 5 5 0 1 0
8 0
tcpcb 544 540 0 536 2 1 1 2 0
8 0
inpcb 280 1895 0 1887 22 20 2 3 0
8 1
rttmr 72 4 0 3 3 2 1 1 0
8 0
ip6q 72 3 0 3 1 1 0 1 0
8 0
ip6af 40 7 0 7 1 1 0 1 0
8 0
nd6 48 38 0 36 1 0 1 1 0
8 0
pkpcb 40 12 0 12 6 6 0 1 0
8 0
swfcl 56 2 0 0 1 0 1 1 0
8 0
ppxss 1128 46 0 46 25 25 0 1 0
8 0
pffrag 232 53 0 53 26 26 0 1 0
482 0
pffrnode 88 53 0 53 26 26 0 1 0
8 0
pffrent 40 1517 0 1517 26 26 0 1 0
8 0
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 191 0 175 1 0 1 1 0
8 0
pfstkey 112 191 0 175 1 0 1 1 0
8 0
pfstate 328 191 0 175 5 2 3 3 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 4 0 2 4 2 2 3 0
8 0
art_heap4 256 1172 0 967 22 8 14 16 0
8 0
art_table 32 1176 0 969 2 0 2 2 0
8 0
art_node 16 280 0 247 1 0 1 1 0
8 0
sysvmsgpl 40 18 0 14 3 2 1 1 0
8 0
semupl 112 2 0 2 1 1 0 1 0
8 0
semapl 112 355 0 345 1 0 1 1 0
8 0
shmpl 112 104 0 2 4 1 3 3 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 3900 0 2497 46 0 46 46 0
8 0
ffsino 272 3900 0 2497 94 0 94 94 0
8 0
nchpl 144 6443 0 4821 61 0 61 61 0
8 0
uvmvnodes 72 5046 0 0 92 0 92 92 0
8 0
vnodes 208 5046 0 0 266 0 266 266 0
8 0
namei 1024 21450 0 21450 2 1 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
vcpupl 1984 8 0 0 1 0 1 1 0
8 0
vmpool 552 10 0 2 2 1 1 1 0
8 0
scsiplug 64 2 0 2 2 2 0 1 0
8 0
scxspl 192 21256 0 21256 27 24 3 7 0
8 3
plimitpl 152 141 0 133 1 0 1 1 0
8 0
sigapl 432 1870 0 1854 5 3 2 3 0
8 0
futexpl 56 32412 0 32410 1 0 1 1 0
8 0
knotepl 112 701 0 682 6 5 1 3 0
8 0
kqueuepl 104 859 0 857 1 0 1 1 0
8 0
pipepl 112 4782 0 4763 18 16 2 2 0
8 1
fdescpl 488 1871 0 1854 3 0 3 3 0
8 0
filepl 152 16844 0 16742 27 21 6 7 0
8 2
lockfpl 104 620 0 619 1 0 1 1 0
8 0
lockfspl 48 218 0 217 1 0 1 1 0
8 0
sessionpl 112 33 0 22 1 0 1 1 0
8 0
pgrppl 48 49 0 38 1 0 1 1 0
8 0
ucredpl 96 1659 0 1649 1 0 1 1 0
8 0
zombiepl 144 1855 0 1855 1 0 1 1 0
8 1
processpl 896 1888 0 1855 6 2 4 5 0
8 0
procpl 632 5570 0 5523 29 24 5 5 0
8 1
srpgc 64 21 0 21 9 9 0 1 0
8 0
sosppl 128 19 0 19 9 9 0 1 0
8 0
sockpl 384 2943 0 2920 37 33 4 6 0
8 1
mcl64k 65536 263 0 0 33 15 18 33 0
8 1
mcl16k 16384 7 0 0 1 0 1 1 0
8 0
mcl12k 12288 12 0 0 2 0 2 2 0
8 0
mcl9k 9216 5 0 0 1 0 1 1 0
8 0
mcl8k 8192 26 0 0 4 2 2 3 0
8 0
mcl4k 4096 11 0 0 2 0 2 2 0
8 0
mcl2k2 2112 6 0 0 1 0 1 1 0
8 0
mcl2k 2048 205 0 0 19 10 9 19 0
8 0
mtagpl 80 26 0 0 1 0 1 1 0
8 0
mbufpl 256 956 0 0 26 1 25 25 0
8 0
bufpl 256 11293 0 4245 441 0 441 441 0
8 0
anonpl 16 1066189 0 1046569 248 152 96 112 0
124 1
amapchunkpl 152 19146 0 19001 59 51 8 14 0
158 0
amappl16 192 56163 0 55046 377 308 69 78 0
8 5
amappl15 184 341 0 340 1 0 1 1 0
8 0
amappl14 176 247 0 245 1 0 1 1 0
8 0
amappl13 168 59 0 59 2 2 0 1 0
8 0
amappl12 160 143 0 142 2 1 1 1 0
8 0
amappl11 152 350 0 333 1 0 1 1 0
8 0
amappl10 144 393 0 388 1 0 1 1 0
8 0
amappl9 136 1090 0 1082 1 0 1 1 0
8 0
amappl8 128 602 0 572 2 0 2 2 0
8 0
amappl7 120 472 0 464 1 0 1 1 0
8 0
amappl6 112 355 0 344 1 0 1 1 0
8 0
amappl5 104 366 0 352 1 0 1 1 0
8 0
amappl4 96 1975 0 1944 1 0 1 1 0
8 0
amappl3 88 490 0 483 1 0 1 1 0
8 0
amappl2 80 13385 0 13303 3 1 2 3 0
8 0
amappl1 72 52826 0 52360 26 16 10 20 0
8 0
amappl 80 6419 0 6367 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 105 0 2 2 0 2 2 0
8 0
uaddrrnd 24 1881 0 1854 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 1881 0 1854 1 0 1 1 0
8 0
vmmpekpl 168 30213 0 30182 2 0 2 2 0
8 0
vmmpepl 168 295723 0 293303 416 299 117 153 0 357
10
vmsppl 368 1870 0 1854 2 0 2 2 0
8 0
pdppl 4096 3769 0 3720 9 2 7 7 0
8 0
pvpl 32 1598017 0 1575613 515 295 220 261 0 265
14
pmappl 232 1880 0 1856 4 2 2 2 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 668 0 45 19 0 19 19 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Anton Lindqvist
Oct 27, 2019, 3:43:35 AM10/27/19
to syzbot, syzkaller-o...@googlegroups.com
#syz dup: panic: ifa_update_broadaddr does not support dynamic length
Reply all
Reply to author
Forward
0 new messages