kernel: integer divide fault trap, code=NUM (3)
1 view
Skip to first unread message
syzbot
Aug 8, 2022, 4:04:23 PM8/8/22
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 470043df5a59 Change branch condition inverted to realize o..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1680edc1080000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=2eca95b271d07ab91b43
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1114be46080000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1591b001080000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2eca95...@syzkaller.appspotmail.com
kernel: integer divide fault trap, code=0
Stopped at rc4_keysetup+0xaf: divl 0xffffffffffffffac(%rbp),%eax
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
rc4_keysetup(ffff80002126a7da,ffff80002126a8ec,0) at rc4_keysetup+0xaf sys/crypto/arc4.c:41
pipex_mppe_init(ffff80002126a7a0,ffffed52,7f93,ffff800000ba226c,ffffed52) at pipex_mppe_init+0x212 sys/net/pipex.c:2319
pipex_init_session(ffff8000212d40a8,ffff800000ba2000) at pipex_init_session+0x5e1 pipex_session_init_mppe_recv sys/net/pipex.c:2327 [inline]
pipex_init_session(ffff8000212d40a8,ffff800000ba2000) at pipex_init_session+0x5e1 sys/net/pipex.c:385
pppacioctl(4086337,82907003,ffff800000ba2000,1,ffff8000212337a8) at pppacioctl+0x156 pppac_add_session sys/net/if_pppx.c:1315 [inline]
pppacioctl(4086337,82907003,ffff800000ba2000,1,ffff8000212337a8) at pppacioctl+0x156 sys/net/if_pppx.c:1165
VOP_IOCTL(fffffd806ef1d950,82907003,ffff800000ba2000,1,fffffd807f7d7340,ffff8000212337a8) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd806e5e2990,82907003,ffff800000ba2000,ffff8000212337a8) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:528
sys_ioctl(ffff8000212337a8,ffff8000212d43f8,ffff8000212d4440) at sys_ioctl+0x4a2
syscall(ffff8000212d44c0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff8000212d44c0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd8810, count: -9
ddb{0}> show registers
rdi 0xffff80002126a7da
rsi 0
rbp 0xffff8000212d3f30
rbx 0
rdx 0
rcx 0
rax 0x1
r8 0x60
r9 0x2f2d33bf
r10 0xd7416bf0b563b2b7
r11 0xf63cfa766f0adb28
r12 0xffff80002126a8ec
r13 0
r14 0xffff80002126a7da
r15 0
rip 0xffffffff8108521f rc4_keysetup+0xaf
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff8000212d3ed0
ss 0x10
rc4_keysetup+0xaf: divl 0xffffffffffffffac(%rbp),%eax
ddb{0}> show proc
PROC (syz-executor4194452637) pid=328944 stat=onproc
flags process=2<EXEC> proc=0
pri=17, usrpri=52, nice=20
forw=0xffffffffffffffff, list=0xffff800021232008,0xffffffff82a7dbe0
process=0xffff80002129a578 user=0xffff8000212cf000, vmspace=0xfffffd806ef7f458
estcpu=2, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
* 7449 328944 25873 0 7 0x2 syz-executor4194452637
25873 303938 664 0 3 0x10008a sigsusp ksh
664 385956 88900 0 3 0x9a kqread sshd
31459 147155 1 0 3 0x100083 ttyin getty
88900 485826 1 0 3 0x88 kqread sshd
83797 413572 68427 74 2 0x1100492 pflogd
68427 223225 1 0 3 0x80 netio pflogd
11987 288635 81237 73 3 0x1100090 kqread syslogd
81237 429764 1 0 3 0x100082 netio syslogd
61602 358836 1 0 7 0x100000 resolvd
82055 1723 85192 77 2 0x100092 dhcpleased
18981 116094 85192 77 3 0x100092 kqread dhcpleased
85192 192661 1 0 3 0x80 kqread dhcpleased
51317 227702 0 0 3 0x14200 bored smr
85448 260759 0 0 3 0x14200 pgzero zerothread
63069 357183 0 0 3 0x14200 aiodoned aiodoned
70935 310255 0 0 3 0x14200 syncer update
60380 157412 0 0 3 0x14200 cleaner cleaner
86824 327579 0 0 3 0x14200 reaper reaper
91919 474486 0 0 3 0x14200 pgdaemon pagedaemon
12928 249921 0 0 3 0x14200 bored viomb
19416 114260 0 0 3 0x40014200 acpi0 acpi0
17955 90931 0 0 3 0x40014200 idle1
54542 470894 0 0 3 0x14200 bored softnet
20386 505554 0 0 3 0x14200 bored softnet
2393 264371 0 0 3 0x14200 bored softnet
44820 83766 0 0 3 0x14200 bored softnet
69939 373464 0 0 2 0x14200 systqmp
55413 124741 0 0 3 0x14200 bored systq
18608 402622 0 0 3 0x40014200 bored softclock
52952 413777 0 0 3 0x40014200 idle0
1 175943 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 7449 (syz-executor4194452637) thread 0xffff8000212337a8 (328944)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82a06628)
#0 witness_lock+0x44d
#1 vn_ioctl+0x41 sys/kern/vfs_vnops.c:511
#2 sys_ioctl+0x4a2
#3 syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#3 syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
#4 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10158 6457K 6457K 78643K 11248 0
pcb 13 8K 8K 78643K 13 0
rtable 58 1K 2K 78643K 107 0
ifaddr 34 8K 8K 78643K 37 0
counters 44 34K 34K 78643K 44 0
ioctlops 1 1K 4K 78643K 1480 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1168 73K 73K 78643K 1181 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 1K 1K 78643K 2 0
sem 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 1 0K 0K 78643K 1 0
proc 67 91K 91K 78643K 282 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 11 0K 0K 78643K 11 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 25 122K 122K 78643K 25 0
exec 0 0K 2K 78643K 431 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 62K 78643K 8 0
UVM amap 60 11K 11K 78643K 1535 0
UVM aobj 3 2K 2K 78643K 3 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 5 0K 0K 78643K 5 0
temp 25 4709K 4773K 78643K 2502 0
kqueue 11 16K 18K 78643K 24 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 17 0 14 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 144 37 0 20 1 0 1 1 0 8 0
syncache 296 5 0 5 2 1 1 1 0 8 1
tcpcb 736 8 0 5 1 0 1 1 0 8 0
arp 120 2 0 0 1 0 1 1 0 8 0
inpcb 320 32 0 26 1 0 1 1 0 8 0
mppekey 1024 1 0 0 1 0 1 1 0 8 0
ppxss 1256 2 0 0 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 9 0 2 1 0 1 1 0 8 0
pfstkey 120 9 0 2 1 0 1 1 0 8 0
pfstate 336 9 0 2 1 0 1 1 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 96 0 0 6 0 6 6 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1427 0 40 87 0 87 87 0 8 0
ffsino 272 1427 0 40 93 0 93 93 0 8 0
nchpl 144 1614 0 48 58 0 58 58 0 8 0
uvmvnodes 80 1437 0 0 30 0 30 30 0 8 0
vnodes 216 1437 0 0 80 0 80 80 0 8 0
namei 1024 4388 0 4388 2 1 1 1 0 8 1
percpumem 16 34 0 0 1 0 1 1 0 8 0
kstatmem 264 10 0 0 1 0 1 1 0 8 0
scxspl 216 4010 0 4010 10 7 3 8 0 8 3
plimitpl 152 17 0 9 1 0 1 1 0 8 0
sigapl 424 322 0 290 5 1 4 5 0 8 0
knotepl 120 43 0 0 2 0 2 2 0 8 0
kqueuepl 216 20 0 13 1 0 1 1 0 8 0
pipepl 320 86 0 83 2 1 1 1 0 8 0
fdescpl 496 305 0 290 3 0 3 3 0 8 0
filepl 152 1185 0 1124 3 0 3 3 0 8 0
lockfpl 104 6 0 4 1 0 1 1 0 8 0
lockfspl 48 4 0 2 1 0 1 1 0 8 0
sessionpl 144 19 0 9 1 0 1 1 0 8 0
pgrppl 48 19 0 9 1 0 1 1 0 8 0
ucredpl 104 69 0 57 1 0 1 1 0 8 0
zombiepl 144 290 0 290 2 1 1 1 0 8 1
processpl 1064 322 0 290 3 0 3 3 0 8 0
procpl 672 322 0 290 4 1 3 4 0 8 0
sockpl 488 86 0 60 5 1 4 4 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 4 0 0 1 0 1 1 0 8 0
mcl2k 2048 74 0 0 9 0 9 9 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 131 0 0 8 0 8 8 0 8 0
bufpl 288 1993 0 85 137 0 137 137 0 8 0
anonpl 24 38026 0 35958 18 4 14 15 0 186 1
amapchunkpl 152 2796 0 2696 6 2 4 6 0 158 0
amappl16 200 31 0 30 2 1 1 1 0 8 0
amappl15 192 69 0 64 1 0 1 1 0 8 0
amappl13 176 34 0 33 2 1 1 1 0 8 0
amappl12 168 4 0 3 1 0 1 1 0 8 0
amappl11 160 66 0 49 1 0 1 1 0 8 0
amappl10 152 2 0 0 1 0 1 1 0 8 0
amappl9 144 477 0 475 1 0 1 1 0 8 0
amappl8 136 366 0 365 2 1 1 1 0 8 0
amappl7 128 66 0 59 1 0 1 1 0 8 0
amappl6 120 92 0 85 1 0 1 1 0 8 0
amappl5 112 89 0 77 1 0 1 1 0 8 0
amappl4 104 636 0 614 1 0 1 1 0 8 0
amappl3 96 426 0 400 1 0 1 1 0 8 0
amappl2 88 313 0 284 1 0 1 1 0 8 0
amappl1 80 9457 0 9034 12 2 10 10 0 8 0
amappl 88 1253 0 1213 2 1 1 2 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
uaddrrnd 24 306 0 291 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 306 0 291 1 0 1 1 0 8 0
vmmpekpl 168 6180 0 6163 1 0 1 1 0 8 0
vmmpepl 168 26890 0 26011 46 4 42 42 0 357 3
vmsppl 368 305 0 291 2 0 2 2 0 8 0
rwobjpl 56 9604 0 7583 30 0 30 30 0 8 0
pdppl 4096 619 0 582 61 24 37 45 0 8 0
pvpl 32 126779 0 122739 42 7 35 35 0 265 2
pmappl 248 305 0 291 2 0 2 2 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 420 0 28 12 0 12 12 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
rc4_keysetup(ffff80002126a7da,ffff80002126a8ec,0) at rc4_keysetup+0xaf sys/crypto/arc4.c:41
pipex_mppe_init(ffff80002126a7a0,ffffed52,7f93,ffff800000ba226c,ffffed52) at pipex_mppe_init+0x212 sys/net/pipex.c:2319
pipex_init_session(ffff8000212d40a8,ffff800000ba2000) at pipex_init_session+0x5e1 pipex_session_init_mppe_recv sys/net/pipex.c:2327 [inline]
pipex_init_session(ffff8000212d40a8,ffff800000ba2000) at pipex_init_session+0x5e1 sys/net/pipex.c:385
pppacioctl(4086337,82907003,ffff800000ba2000,1,ffff8000212337a8) at pppacioctl+0x156 pppac_add_session sys/net/if_pppx.c:1315 [inline]
pppacioctl(4086337,82907003,ffff800000ba2000,1,ffff8000212337a8) at pppacioctl+0x156 sys/net/if_pppx.c:1165
VOP_IOCTL(fffffd806ef1d950,82907003,ffff800000ba2000,1,fffffd807f7d7340,ffff8000212337a8) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd806e5e2990,82907003,ffff800000ba2000,ffff8000212337a8) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:528
sys_ioctl(ffff8000212337a8,ffff8000212d43f8,ffff8000212d4440) at sys_ioctl+0x4a2
syscall(ffff8000212d44c0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff8000212d44c0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd8810, count: -9
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82a06420) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82a06420) at __mp_lock+0x122 sys/kern/kern_lock.c:147
kqueue_scan(ffff8000212b5d40,3,ffff8000212b5e40,0,ffff8000ffff7270,ffff8000212b5f9c) at kqueue_scan+0x1fa sys/kern/kern_event.c:1298
sys_kevent(ffff8000ffff7270,ffff8000212b6000,ffff8000212b6050) at sys_kevent+0x4a4 sys/kern/kern_event.c:983
syscall(ffff8000212b60d0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff8000212b60d0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc03c0, count: -8
ddb{1}>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 470043df5a59 Change branch condition inverted to realize o..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1680edc1080000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=2eca95b271d07ab91b43
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1114be46080000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1591b001080000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2eca95...@syzkaller.appspotmail.com
kernel: integer divide fault trap, code=0
Stopped at rc4_keysetup+0xaf: divl 0xffffffffffffffac(%rbp),%eax
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
rc4_keysetup(ffff80002126a7da,ffff80002126a8ec,0) at rc4_keysetup+0xaf sys/crypto/arc4.c:41
pipex_mppe_init(ffff80002126a7a0,ffffed52,7f93,ffff800000ba226c,ffffed52) at pipex_mppe_init+0x212 sys/net/pipex.c:2319
pipex_init_session(ffff8000212d40a8,ffff800000ba2000) at pipex_init_session+0x5e1 pipex_session_init_mppe_recv sys/net/pipex.c:2327 [inline]
pipex_init_session(ffff8000212d40a8,ffff800000ba2000) at pipex_init_session+0x5e1 sys/net/pipex.c:385
pppacioctl(4086337,82907003,ffff800000ba2000,1,ffff8000212337a8) at pppacioctl+0x156 pppac_add_session sys/net/if_pppx.c:1315 [inline]
pppacioctl(4086337,82907003,ffff800000ba2000,1,ffff8000212337a8) at pppacioctl+0x156 sys/net/if_pppx.c:1165
VOP_IOCTL(fffffd806ef1d950,82907003,ffff800000ba2000,1,fffffd807f7d7340,ffff8000212337a8) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd806e5e2990,82907003,ffff800000ba2000,ffff8000212337a8) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:528
sys_ioctl(ffff8000212337a8,ffff8000212d43f8,ffff8000212d4440) at sys_ioctl+0x4a2
syscall(ffff8000212d44c0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff8000212d44c0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd8810, count: -9
ddb{0}> show registers
rdi 0xffff80002126a7da
rsi 0
rbp 0xffff8000212d3f30
rbx 0
rdx 0
rcx 0
rax 0x1
r8 0x60
r9 0x2f2d33bf
r10 0xd7416bf0b563b2b7
r11 0xf63cfa766f0adb28
r12 0xffff80002126a8ec
r13 0
r14 0xffff80002126a7da
r15 0
rip 0xffffffff8108521f rc4_keysetup+0xaf
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff8000212d3ed0
ss 0x10
rc4_keysetup+0xaf: divl 0xffffffffffffffac(%rbp),%eax
ddb{0}> show proc
PROC (syz-executor4194452637) pid=328944 stat=onproc
flags process=2<EXEC> proc=0
pri=17, usrpri=52, nice=20
forw=0xffffffffffffffff, list=0xffff800021232008,0xffffffff82a7dbe0
process=0xffff80002129a578 user=0xffff8000212cf000, vmspace=0xfffffd806ef7f458
estcpu=2, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
* 7449 328944 25873 0 7 0x2 syz-executor4194452637
25873 303938 664 0 3 0x10008a sigsusp ksh
664 385956 88900 0 3 0x9a kqread sshd
31459 147155 1 0 3 0x100083 ttyin getty
88900 485826 1 0 3 0x88 kqread sshd
83797 413572 68427 74 2 0x1100492 pflogd
68427 223225 1 0 3 0x80 netio pflogd
11987 288635 81237 73 3 0x1100090 kqread syslogd
81237 429764 1 0 3 0x100082 netio syslogd
61602 358836 1 0 7 0x100000 resolvd
82055 1723 85192 77 2 0x100092 dhcpleased
18981 116094 85192 77 3 0x100092 kqread dhcpleased
85192 192661 1 0 3 0x80 kqread dhcpleased
51317 227702 0 0 3 0x14200 bored smr
85448 260759 0 0 3 0x14200 pgzero zerothread
63069 357183 0 0 3 0x14200 aiodoned aiodoned
70935 310255 0 0 3 0x14200 syncer update
60380 157412 0 0 3 0x14200 cleaner cleaner
86824 327579 0 0 3 0x14200 reaper reaper
91919 474486 0 0 3 0x14200 pgdaemon pagedaemon
12928 249921 0 0 3 0x14200 bored viomb
19416 114260 0 0 3 0x40014200 acpi0 acpi0
17955 90931 0 0 3 0x40014200 idle1
54542 470894 0 0 3 0x14200 bored softnet
20386 505554 0 0 3 0x14200 bored softnet
2393 264371 0 0 3 0x14200 bored softnet
44820 83766 0 0 3 0x14200 bored softnet
69939 373464 0 0 2 0x14200 systqmp
55413 124741 0 0 3 0x14200 bored systq
18608 402622 0 0 3 0x40014200 bored softclock
52952 413777 0 0 3 0x40014200 idle0
1 175943 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 7449 (syz-executor4194452637) thread 0xffff8000212337a8 (328944)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82a06628)
#0 witness_lock+0x44d
#1 vn_ioctl+0x41 sys/kern/vfs_vnops.c:511
#2 sys_ioctl+0x4a2
#3 syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
#3 syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
#4 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10158 6457K 6457K 78643K 11248 0
pcb 13 8K 8K 78643K 13 0
rtable 58 1K 2K 78643K 107 0
ifaddr 34 8K 8K 78643K 37 0
counters 44 34K 34K 78643K 44 0
ioctlops 1 1K 4K 78643K 1480 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1168 73K 73K 78643K 1181 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 1K 1K 78643K 2 0
sem 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 1 0K 0K 78643K 1 0
proc 67 91K 91K 78643K 282 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 11 0K 0K 78643K 11 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 25 122K 122K 78643K 25 0
exec 0 0K 2K 78643K 431 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 62K 78643K 8 0
UVM amap 60 11K 11K 78643K 1535 0
UVM aobj 3 2K 2K 78643K 3 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 5 0K 0K 78643K 5 0
temp 25 4709K 4773K 78643K 2502 0
kqueue 11 16K 18K 78643K 24 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 17 0 14 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 144 37 0 20 1 0 1 1 0 8 0
syncache 296 5 0 5 2 1 1 1 0 8 1
tcpcb 736 8 0 5 1 0 1 1 0 8 0
arp 120 2 0 0 1 0 1 1 0 8 0
inpcb 320 32 0 26 1 0 1 1 0 8 0
mppekey 1024 1 0 0 1 0 1 1 0 8 0
ppxss 1256 2 0 0 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 9 0 2 1 0 1 1 0 8 0
pfstkey 120 9 0 2 1 0 1 1 0 8 0
pfstate 336 9 0 2 1 0 1 1 0 8 0
pfrule 1360 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 96 0 0 6 0 6 6 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1427 0 40 87 0 87 87 0 8 0
ffsino 272 1427 0 40 93 0 93 93 0 8 0
nchpl 144 1614 0 48 58 0 58 58 0 8 0
uvmvnodes 80 1437 0 0 30 0 30 30 0 8 0
vnodes 216 1437 0 0 80 0 80 80 0 8 0
namei 1024 4388 0 4388 2 1 1 1 0 8 1
percpumem 16 34 0 0 1 0 1 1 0 8 0
kstatmem 264 10 0 0 1 0 1 1 0 8 0
scxspl 216 4010 0 4010 10 7 3 8 0 8 3
plimitpl 152 17 0 9 1 0 1 1 0 8 0
sigapl 424 322 0 290 5 1 4 5 0 8 0
knotepl 120 43 0 0 2 0 2 2 0 8 0
kqueuepl 216 20 0 13 1 0 1 1 0 8 0
pipepl 320 86 0 83 2 1 1 1 0 8 0
fdescpl 496 305 0 290 3 0 3 3 0 8 0
filepl 152 1185 0 1124 3 0 3 3 0 8 0
lockfpl 104 6 0 4 1 0 1 1 0 8 0
lockfspl 48 4 0 2 1 0 1 1 0 8 0
sessionpl 144 19 0 9 1 0 1 1 0 8 0
pgrppl 48 19 0 9 1 0 1 1 0 8 0
ucredpl 104 69 0 57 1 0 1 1 0 8 0
zombiepl 144 290 0 290 2 1 1 1 0 8 1
processpl 1064 322 0 290 3 0 3 3 0 8 0
procpl 672 322 0 290 4 1 3 4 0 8 0
sockpl 488 86 0 60 5 1 4 4 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 4 0 0 1 0 1 1 0 8 0
mcl2k 2048 74 0 0 9 0 9 9 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 131 0 0 8 0 8 8 0 8 0
bufpl 288 1993 0 85 137 0 137 137 0 8 0
anonpl 24 38026 0 35958 18 4 14 15 0 186 1
amapchunkpl 152 2796 0 2696 6 2 4 6 0 158 0
amappl16 200 31 0 30 2 1 1 1 0 8 0
amappl15 192 69 0 64 1 0 1 1 0 8 0
amappl13 176 34 0 33 2 1 1 1 0 8 0
amappl12 168 4 0 3 1 0 1 1 0 8 0
amappl11 160 66 0 49 1 0 1 1 0 8 0
amappl10 152 2 0 0 1 0 1 1 0 8 0
amappl9 144 477 0 475 1 0 1 1 0 8 0
amappl8 136 366 0 365 2 1 1 1 0 8 0
amappl7 128 66 0 59 1 0 1 1 0 8 0
amappl6 120 92 0 85 1 0 1 1 0 8 0
amappl5 112 89 0 77 1 0 1 1 0 8 0
amappl4 104 636 0 614 1 0 1 1 0 8 0
amappl3 96 426 0 400 1 0 1 1 0 8 0
amappl2 88 313 0 284 1 0 1 1 0 8 0
amappl1 80 9457 0 9034 12 2 10 10 0 8 0
amappl 88 1253 0 1213 2 1 1 2 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
uaddrrnd 24 306 0 291 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 306 0 291 1 0 1 1 0 8 0
vmmpekpl 168 6180 0 6163 1 0 1 1 0 8 0
vmmpepl 168 26890 0 26011 46 4 42 42 0 357 3
vmsppl 368 305 0 291 2 0 2 2 0 8 0
rwobjpl 56 9604 0 7583 30 0 30 30 0 8 0
pdppl 4096 619 0 582 61 24 37 45 0 8 0
pvpl 32 126779 0 122739 42 7 35 35 0 265 2
pmappl 248 305 0 291 2 0 2 2 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 420 0 28 12 0 12 12 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
rc4_keysetup(ffff80002126a7da,ffff80002126a8ec,0) at rc4_keysetup+0xaf sys/crypto/arc4.c:41
pipex_mppe_init(ffff80002126a7a0,ffffed52,7f93,ffff800000ba226c,ffffed52) at pipex_mppe_init+0x212 sys/net/pipex.c:2319
pipex_init_session(ffff8000212d40a8,ffff800000ba2000) at pipex_init_session+0x5e1 pipex_session_init_mppe_recv sys/net/pipex.c:2327 [inline]
pipex_init_session(ffff8000212d40a8,ffff800000ba2000) at pipex_init_session+0x5e1 sys/net/pipex.c:385
pppacioctl(4086337,82907003,ffff800000ba2000,1,ffff8000212337a8) at pppacioctl+0x156 pppac_add_session sys/net/if_pppx.c:1315 [inline]
pppacioctl(4086337,82907003,ffff800000ba2000,1,ffff8000212337a8) at pppacioctl+0x156 sys/net/if_pppx.c:1165
VOP_IOCTL(fffffd806ef1d950,82907003,ffff800000ba2000,1,fffffd807f7d7340,ffff8000212337a8) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd806e5e2990,82907003,ffff800000ba2000,ffff8000212337a8) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:528
sys_ioctl(ffff8000212337a8,ffff8000212d43f8,ffff8000212d4440) at sys_ioctl+0x4a2
syscall(ffff8000212d44c0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff8000212d44c0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd8810, count: -9
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800020dd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__mp_lock(ffffffff82a06420) at __mp_lock+0x122 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82a06420) at __mp_lock+0x122 sys/kern/kern_lock.c:147
kqueue_scan(ffff8000212b5d40,3,ffff8000212b5e40,0,ffff8000ffff7270,ffff8000212b5f9c) at kqueue_scan+0x1fa sys/kern/kern_event.c:1298
sys_kevent(ffff8000ffff7270,ffff8000212b6000,ffff8000212b6050) at sys_kevent+0x4a4 sys/kern/kern_event.c:983
syscall(ffff8000212b60d0) at syscall+0x4c3 mi_syscall sys/sys/syscall_mi.h:101 [inline]
syscall(ffff8000212b60d0) at syscall+0x4c3 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffc03c0, count: -8
ddb{1}>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages