uvm_fault
1 view
Skip to first unread message
syzbot
Oct 2, 2019, 1:46:11 PM10/2/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 65ab43f2 When dequeuing an aqb from the live queue and mov..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=109b0ff5600000
kernel config: https://syzkaller.appspot.com/x/.config?x=26ca0a9c07f16a3a
dashboard link: https://syzkaller.appspot.com/bug?extid=cccc0469607ef90bf324
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cccc04...@syzkaller.appspotmail.com
uvm_fault(0xffffffff8254db38, 0xfffffd806f6d4578, 0, 4) -> e
kernel: page fault trap, code=0
Stopped at 0xfffffd806f6d4578: addb %al,0(%rax)
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
kernel page fault
uvm_fault(0xffffffff8254db38, 0xfffffd806f6d4578, 0, 4) -> e
fffffd806f6d4578(b,ffff800023991788,83,ffff800023991828,0,b) at
0xfffffd806f6d4578
end trace frame: 0xffff800023991880, count: 0
ddb{0}> trace
fffffd806f6d4578(b,ffff800023991788,83,ffff800023991828,0,b) at
0xfffffd806f6d4578
rt_clone(ffff800023991898,fffffd806f6d4080,0) at rt_clone+0x78
sys/net/route.c:266
rtalloc_mpath(fffffd806f6d4080,0,0) at rtalloc_mpath+0xba rt_match
sys/net/route.c:244 [inline]
rtalloc_mpath(fffffd806f6d4080,0,0) at rtalloc_mpath+0xba
sys/net/route.c:359
in_pcbselsrc(ffff800023991970,fffffd8069ec3220,fffffd806f6d4000) at
in_pcbselsrc+0x219 sys/netinet/in_pcb.c:934
in_pcbconnect(fffffd806f6d4000,fffffd8069ec3200) at in_pcbconnect+0x107
sys/netinet/in_pcb.c:492
udp_usrreq(fffffd80625c24a0,4,0,fffffd8069ec3200,0,ffff800020abe780) at
udp_usrreq+0x560
sys_connect(ffff800020abe780,ffff800023991af8,ffff800023991b40) at
sys_connect+0x3df sys/kern/uipc_syscalls.c:388
syscall(ffff800023991bc0) at syscall+0x4a4 mi_syscall
sys/sys/syscall_mi.h:92 [inline]
syscall(ffff800023991bc0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,fffffffffffffed2,0,3,15542f71010) at Xsyscall+0x128
end of kernel
end trace frame: 0x15821bb6540, count: -9
ddb{0}> show registers
rdi 0xffff800000aa8000
rsi 0xb
rbp 0xffff800023991770
rbx 0xfffffd806699e8c8
rdx 0xfffffd806699e8c8
rcx 0xffff80002115a000
rax 0xffff80002115a000
r8 0x100
r9 0x7
r10 0x72e3a14a8664a42f
r11 0xfffffd806f6d4578
r12 0xfffffd806699e8c8
r13 0xffff800023991788
r14 0xffff800023991828
r15 0xffff80000005b870
rip 0xfffffd806f6d4578
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff800023991678
ss 0x10
0xfffffd806f6d4578: addb %al,0(%rax)
ddb{0}> show proc
PROC (syz-executor.1) pid=242906 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=77, usrpri=77, nice=20
forw=0xffffffffffffffff, list=0xffff800020abf8c8,0xffffffff8264fc48
process=0xffff800020adc000 user=0xffff80002398c000,
vmspace=0xfffffd807f00b5c0
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
61699 220503 82173 0 2 0 syz-executor.1
*61699 242906 82173 0 7 0x4000000 syz-executor.1
69423 354266 68018 60929 3 0x90 nanosleep syz-executor.0
69423 407229 68018 60929 3 0x4000090 netcon2 syz-executor.0
69423 427901 68018 60929 3 0x4000090 fsleep syz-executor.0
68018 355582 77071 0 3 0x82 nanosleep syz-executor.0
82173 19864 77071 0 2 0x482 syz-executor.1
83138 106746 0 0 3 0x14200 acct acct
31874 63212 0 0 3 0x14200 bored sosplice
77071 404207 77933 0 3 0x82 kqread syz-fuzzer
77071 496970 77933 0 2 0x4000482 syz-fuzzer
77071 375046 77933 0 3 0x4000082 thrsleep syz-fuzzer
77071 83470 77933 0 3 0x4000082 thrsleep syz-fuzzer
77071 164966 77933 0 3 0x4000082 thrsleep syz-fuzzer
77071 132040 77933 0 3 0x4000082 thrsleep syz-fuzzer
77071 167984 77933 0 3 0x4000082 thrsleep syz-fuzzer
77071 107131 77933 0 3 0x4000082 thrsleep syz-fuzzer
77071 187027 77933 0 3 0x4000082 thrsleep syz-fuzzer
77071 62547 77933 0 3 0x4000082 thrsleep syz-fuzzer
77933 485964 26897 0 3 0x10008a pause ksh
26897 148041 80231 0 3 0x92 select sshd
59728 356454 1 0 3 0x100083 ttyin getty
80231 264030 1 0 3 0x80 select sshd
63558 496010 88517 74 3 0x100092 bpf pflogd
88517 1574 1 0 3 0x80 netio pflogd
68563 19582 826 73 7 0x100090 syslogd
826 464084 1 0 3 0x100082 netio syslogd
50297 65730 1 77 3 0x100090 poll dhclient
23053 151883 1 0 3 0x80 poll dhclient
18928 274304 0 0 3 0x14200 pgzero zerothread
57372 11912 0 0 3 0x14200 aiodoned aiodoned
34326 350752 0 0 3 0x14200 syncer update
6904 173024 0 0 3 0x14200 cleaner cleaner
48161 203275 0 0 3 0x14200 reaper reaper
52825 58376 0 0 3 0x14200 pgdaemon pagedaemon
24345 520345 0 0 3 0x14200 bored crynlk
55070 458698 0 0 3 0x14200 bored crypto
96432 427926 0 0 3 0x40014200 acpi0 acpi0
32204 202632 0 0 3 0x40014200 idle1
7717 86372 0 0 3 0x14200 bored softnet
88944 64298 0 0 3 0x14200 bored systqmp
36497 262204 0 0 3 0x14200 bored systq
26055 285971 0 0 3 0x40014200 bored softclock
78448 475664 0 0 3 0x40014200 idle0
16441 25924 0 0 3 0x14200 bored smr
1 412758 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 61699 (syz-executor.1) thread 0xffff800020abe780 (242906)
exclusive rwlock netlock r = 0 (0xffffffff8246c0b8)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 uvn_io+0x3b2 sys/uvm/uvm_vnode.c:1206
#2 uvn_get+0x226 sys/uvm/uvm_vnode.c:1049
#3 uvm_fault+0x11cc sys/uvm/uvm_fault.c:1023
#4 pageflttrap+0x20b sys/arch/amd64/amd64/trap.c:199
#5 kerntrap+0xec sys/arch/amd64/amd64/trap.c:287
#6 alltraps_kern_meltdown+0x7b
#7 copyin+0x4b
#8 sys_connect+0x9c sys/kern/uipc_syscalls.c:367
#9 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#9 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#10 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 2 (0xffffffff82651848)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline]
#1 syscall+0x400 sys/arch/amd64/amd64/trap.c:555
#2 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9615 7226K 7863K 78643K 17265 0 0
pcb 13 10K 12K 78643K 506 0 0
rtable 127 9K 9K 78643K 1800 0 0
ifaddr 95 21K 23K 78643K 634 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1554 0 0
iov 0 0K 32K 78643K 498 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1223 77K 77K 78643K 3623 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 28 0 0
VM map 2 1K 1K 78643K 22 0 0
sem 12 0K 1K 78643K 369 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12765 0 0
file desc 6 17K 25K 78643K 2606 0 0
sigio 0 0K 0K 78643K 24 0 0
proc 62 63K 95K 78643K 1054 0 0
subproc 32 2K 2K 78643K 227 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 242 0 0
in_multi 36 2K 2K 78643K 301 0 0
ether_multi 1 0K 0K 78643K 31 0 0
mrt 0 0K 0K 78643K 21 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 78 344K 344K 78643K 78 0 0
exec 0 0K 1K 78643K 552 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 108 22K 31K 78643K 10115 0 0
UVM aobj 108 3K 3K 78643K 121 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 544 0 0
NDP 22 0K 0K 78643K 188 0 0
temp 243 3563K 4201K 78643K 38741 0 0
kqueue 0 0K 0K 78643K 28 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 64 0 56 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtpcb 80 201 0 199 1 0 1 1 0
8 0
rtentry 112 276 0 227 2 0 2 2 0
8 0
unpcb 120 1168 0 1156 2 1 1 2 0
8 0
syncache 264 21 0 21 8 7 1 1 0
8 1
sackhl 24 1 0 1 1 1 0 1 0
8 0
tcpqe 32 6501 0 6501 4 3 1 2 0
8 1
tcpcb 544 3210 0 3204 18 9 9 15 0
8 8
inpcb 280 4942 0 4929 13 4 9 9 0
8 8
rttmr 72 6 0 6 6 6 0 1 0
8 0
nd6 48 33 0 29 2 1 1 1 0
8 0
pkpcb 40 12 0 12 6 6 0 1 0
8 0
ppxss 1128 97 0 97 6 5 1 1 0
8 1
pffrag 232 46 0 46 10 9 1 1 0
482 1
pffrnode 88 46 0 46 10 9 1 1 0
8 1
pffrent 40 873 0 873 11 10 1 1 0
8 1
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 1287 0 739 5 0 5 5 0
8 0
pfstkey 112 1287 0 739 20 2 18 20 0
8 0
pfstate 328 1287 0 739 67 16 51 58 0
8 1
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 2 0 1 2 1 1 2 0
8 0
art_heap4 256 1142 0 909 25 10 15 15 0
8 0
art_table 32 1144 0 910 2 0 2 2 0
8 0
art_node 16 268 0 224 1 0 1 1 0
8 0
sysvmsgpl 40 12 0 3 1 0 1 1 0
8 0
semapl 112 366 0 356 1 0 1 1 0
8 0
shmpl 112 119 0 13 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 5432 0 4029 46 0 46 46 0
8 0
ffsino 272 5432 0 4029 95 0 95 95 0
8 0
nchpl 144 10051 0 9585 61 40 21 61 0
8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0
8 0
vnodes 208 5926 0 0 312 0 312 312 0
8 0
namei 1024 32246 0 32246 6 5 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
vmpool 552 20 0 20 7 6 1 1 0
8 1
scsiplug 64 3 0 3 2 2 0 1 0
8 0
scxspl 192 29705 0 29705 25 24 1 7 0
8 1
plimitpl 152 234 0 226 1 0 1 1 0
8 0
sigapl 432 2773 0 2757 3 1 2 3 0
8 0
futexpl 56 54672 0 54671 1 0 1 1 0
8 0
knotepl 112 936 0 916 4 3 1 3 0
8 0
kqueuepl 104 2872 0 2869 5 1 4 4 0
8 3
pipepl 112 2440 0 2421 13 11 2 2 0
8 1
fdescpl 488 2774 0 2757 3 0 3 3 0
8 0
filepl 152 26241 0 26136 23 11 12 13 0
8 7
lockfpl 104 733 0 732 1 0 1 1 0
8 0
lockfspl 48 247 0 246 1 0 1 1 0
8 0
sessionpl 112 29 0 18 1 0 1 1 0
8 0
pgrppl 48 53 0 42 1 0 1 1 0
8 0
ucredpl 96 3020 0 3010 1 0 1 1 0
8 0
zombiepl 144 2757 0 2757 5 4 1 1 0
8 1
processpl 896 2791 0 2757 4 0 4 4 0
8 0
procpl 632 8751 0 8705 8 3 5 5 0
8 1
srpgc 64 17 0 17 7 7 0 1 0
8 0
sosppl 128 239 0 239 4 3 1 1 0
8 1
sockpl 384 6350 0 6326 18 6 12 14 0
8 8
mcl64k 65536 368 0 0 38 5 33 33 0
8 0
mcl16k 16384 9 0 0 2 0 2 2 0
8 0
mcl12k 12288 19 0 0 2 0 2 2 0
8 0
mcl9k 9216 11 0 0 1 0 1 1 0
8 0
mcl8k 8192 25 0 0 4 1 3 3 0
8 0
mcl4k 4096 19 0 0 3 1 2 3 0
8 0
mcl2k2 2112 8 0 0 1 0 1 1 0
8 0
mcl2k 2048 218 0 0 24 1 23 24 0
8 1
mtagpl 80 64 0 0 1 0 1 1 0
8 0
mbufpl 256 596 0 0 25 0 25 25 0
8 0
bufpl 256 15744 0 8696 441 0 441 441 0
8 0
anonpl 16 316061 0 299418 133 54 79 86 0
124 7
amapchunkpl 152 19842 0 19731 39 33 6 12 0
158 0
amappl16 192 14885 0 13919 136 84 52 61 0
8 3
amappl15 184 156 0 154 1 0 1 1 0
8 0
amappl14 176 504 0 502 2 1 1 1 0
8 0
amappl13 168 959 0 958 1 0 1 1 0
8 0
amappl12 160 62 0 60 4 3 1 1 0
8 0
amappl11 152 172 0 156 1 0 1 1 0
8 0
amappl10 144 329 0 326 1 0 1 1 0
8 0
amappl9 136 1250 0 1244 1 0 1 1 0
8 0
amappl8 128 786 0 757 2 0 2 2 0
8 0
amappl7 120 402 0 393 1 0 1 1 0
8 0
amappl6 112 157 0 144 1 0 1 1 0
8 0
amappl5 104 277 0 262 1 0 1 1 0
8 0
amappl4 96 3288 0 3255 1 0 1 1 0
8 0
amappl3 88 627 0 622 1 0 1 1 0
8 0
amappl2 80 21306 0 21225 4 1 3 3 0
8 0
amappl1 72 70709 0 70245 27 17 10 20 0
8 0
amappl 80 9216 0 9176 1 0 1 1 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 120 0 13 2 0 2 2 0
8 0
uaddrrnd 24 2794 0 2757 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 2794 0 2757 1 0 1 1 0
8 0
vmmpekpl 168 28015 0 27978 2 0 2 2 0
8 0
vmmpepl 168 352319 0 350098 282 154 128 129 0 357
29
vmsppl 368 2773 0 2757 2 0 2 2 0
8 0
pdppl 4096 5595 0 5554 7 1 6 6 0
8 0
pvpl 32 847388 0 827450 303 110 193 203 0 265
27
pmappl 232 2793 0 2777 8 6 2 2 0
8 1
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 699 0 37 20 0 20 20 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 65ab43f2 When dequeuing an aqb from the live queue and mov..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=109b0ff5600000
kernel config: https://syzkaller.appspot.com/x/.config?x=26ca0a9c07f16a3a
dashboard link: https://syzkaller.appspot.com/bug?extid=cccc0469607ef90bf324
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cccc04...@syzkaller.appspotmail.com
uvm_fault(0xffffffff8254db38, 0xfffffd806f6d4578, 0, 4) -> e
kernel: page fault trap, code=0
Stopped at 0xfffffd806f6d4578: addb %al,0(%rax)
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
kernel page fault
uvm_fault(0xffffffff8254db38, 0xfffffd806f6d4578, 0, 4) -> e
fffffd806f6d4578(b,ffff800023991788,83,ffff800023991828,0,b) at
0xfffffd806f6d4578
end trace frame: 0xffff800023991880, count: 0
ddb{0}> trace
fffffd806f6d4578(b,ffff800023991788,83,ffff800023991828,0,b) at
0xfffffd806f6d4578
rt_clone(ffff800023991898,fffffd806f6d4080,0) at rt_clone+0x78
sys/net/route.c:266
rtalloc_mpath(fffffd806f6d4080,0,0) at rtalloc_mpath+0xba rt_match
sys/net/route.c:244 [inline]
rtalloc_mpath(fffffd806f6d4080,0,0) at rtalloc_mpath+0xba
sys/net/route.c:359
in_pcbselsrc(ffff800023991970,fffffd8069ec3220,fffffd806f6d4000) at
in_pcbselsrc+0x219 sys/netinet/in_pcb.c:934
in_pcbconnect(fffffd806f6d4000,fffffd8069ec3200) at in_pcbconnect+0x107
sys/netinet/in_pcb.c:492
udp_usrreq(fffffd80625c24a0,4,0,fffffd8069ec3200,0,ffff800020abe780) at
udp_usrreq+0x560
sys_connect(ffff800020abe780,ffff800023991af8,ffff800023991b40) at
sys_connect+0x3df sys/kern/uipc_syscalls.c:388
syscall(ffff800023991bc0) at syscall+0x4a4 mi_syscall
sys/sys/syscall_mi.h:92 [inline]
syscall(ffff800023991bc0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,fffffffffffffed2,0,3,15542f71010) at Xsyscall+0x128
end of kernel
end trace frame: 0x15821bb6540, count: -9
ddb{0}> show registers
rdi 0xffff800000aa8000
rsi 0xb
rbp 0xffff800023991770
rbx 0xfffffd806699e8c8
rdx 0xfffffd806699e8c8
rcx 0xffff80002115a000
rax 0xffff80002115a000
r8 0x100
r9 0x7
r10 0x72e3a14a8664a42f
r11 0xfffffd806f6d4578
r12 0xfffffd806699e8c8
r13 0xffff800023991788
r14 0xffff800023991828
r15 0xffff80000005b870
rip 0xfffffd806f6d4578
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff800023991678
ss 0x10
0xfffffd806f6d4578: addb %al,0(%rax)
ddb{0}> show proc
PROC (syz-executor.1) pid=242906 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=77, usrpri=77, nice=20
forw=0xffffffffffffffff, list=0xffff800020abf8c8,0xffffffff8264fc48
process=0xffff800020adc000 user=0xffff80002398c000,
vmspace=0xfffffd807f00b5c0
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
61699 220503 82173 0 2 0 syz-executor.1
*61699 242906 82173 0 7 0x4000000 syz-executor.1
69423 354266 68018 60929 3 0x90 nanosleep syz-executor.0
69423 407229 68018 60929 3 0x4000090 netcon2 syz-executor.0
69423 427901 68018 60929 3 0x4000090 fsleep syz-executor.0
68018 355582 77071 0 3 0x82 nanosleep syz-executor.0
82173 19864 77071 0 2 0x482 syz-executor.1
83138 106746 0 0 3 0x14200 acct acct
31874 63212 0 0 3 0x14200 bored sosplice
77071 404207 77933 0 3 0x82 kqread syz-fuzzer
77071 496970 77933 0 2 0x4000482 syz-fuzzer
77071 375046 77933 0 3 0x4000082 thrsleep syz-fuzzer
77071 83470 77933 0 3 0x4000082 thrsleep syz-fuzzer
77071 164966 77933 0 3 0x4000082 thrsleep syz-fuzzer
77071 132040 77933 0 3 0x4000082 thrsleep syz-fuzzer
77071 167984 77933 0 3 0x4000082 thrsleep syz-fuzzer
77071 107131 77933 0 3 0x4000082 thrsleep syz-fuzzer
77071 187027 77933 0 3 0x4000082 thrsleep syz-fuzzer
77071 62547 77933 0 3 0x4000082 thrsleep syz-fuzzer
77933 485964 26897 0 3 0x10008a pause ksh
26897 148041 80231 0 3 0x92 select sshd
59728 356454 1 0 3 0x100083 ttyin getty
80231 264030 1 0 3 0x80 select sshd
63558 496010 88517 74 3 0x100092 bpf pflogd
88517 1574 1 0 3 0x80 netio pflogd
68563 19582 826 73 7 0x100090 syslogd
826 464084 1 0 3 0x100082 netio syslogd
50297 65730 1 77 3 0x100090 poll dhclient
23053 151883 1 0 3 0x80 poll dhclient
18928 274304 0 0 3 0x14200 pgzero zerothread
57372 11912 0 0 3 0x14200 aiodoned aiodoned
34326 350752 0 0 3 0x14200 syncer update
6904 173024 0 0 3 0x14200 cleaner cleaner
48161 203275 0 0 3 0x14200 reaper reaper
52825 58376 0 0 3 0x14200 pgdaemon pagedaemon
24345 520345 0 0 3 0x14200 bored crynlk
55070 458698 0 0 3 0x14200 bored crypto
96432 427926 0 0 3 0x40014200 acpi0 acpi0
32204 202632 0 0 3 0x40014200 idle1
7717 86372 0 0 3 0x14200 bored softnet
88944 64298 0 0 3 0x14200 bored systqmp
36497 262204 0 0 3 0x14200 bored systq
26055 285971 0 0 3 0x40014200 bored softclock
78448 475664 0 0 3 0x40014200 idle0
16441 25924 0 0 3 0x14200 bored smr
1 412758 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 61699 (syz-executor.1) thread 0xffff800020abe780 (242906)
exclusive rwlock netlock r = 0 (0xffffffff8246c0b8)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 uvn_io+0x3b2 sys/uvm/uvm_vnode.c:1206
#2 uvn_get+0x226 sys/uvm/uvm_vnode.c:1049
#3 uvm_fault+0x11cc sys/uvm/uvm_fault.c:1023
#4 pageflttrap+0x20b sys/arch/amd64/amd64/trap.c:199
#5 kerntrap+0xec sys/arch/amd64/amd64/trap.c:287
#6 alltraps_kern_meltdown+0x7b
#7 copyin+0x4b
#8 sys_connect+0x9c sys/kern/uipc_syscalls.c:367
#9 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#9 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#10 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 2 (0xffffffff82651848)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1163
#1 syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline]
#1 syscall+0x400 sys/arch/amd64/amd64/trap.c:555
#2 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9615 7226K 7863K 78643K 17265 0 0
pcb 13 10K 12K 78643K 506 0 0
rtable 127 9K 9K 78643K 1800 0 0
ifaddr 95 21K 23K 78643K 634 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1554 0 0
iov 0 0K 32K 78643K 498 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1223 77K 77K 78643K 3623 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 28 0 0
VM map 2 1K 1K 78643K 22 0 0
sem 12 0K 1K 78643K 369 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12765 0 0
file desc 6 17K 25K 78643K 2606 0 0
sigio 0 0K 0K 78643K 24 0 0
proc 62 63K 95K 78643K 1054 0 0
subproc 32 2K 2K 78643K 227 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 242 0 0
in_multi 36 2K 2K 78643K 301 0 0
ether_multi 1 0K 0K 78643K 31 0 0
mrt 0 0K 0K 78643K 21 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 78 344K 344K 78643K 78 0 0
exec 0 0K 1K 78643K 552 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 108 22K 31K 78643K 10115 0 0
UVM aobj 108 3K 3K 78643K 121 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 544 0 0
NDP 22 0K 0K 78643K 188 0 0
temp 243 3563K 4201K 78643K 38741 0 0
kqueue 0 0K 0K 78643K 28 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 64 0 56 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtpcb 80 201 0 199 1 0 1 1 0
8 0
rtentry 112 276 0 227 2 0 2 2 0
8 0
unpcb 120 1168 0 1156 2 1 1 2 0
8 0
syncache 264 21 0 21 8 7 1 1 0
8 1
sackhl 24 1 0 1 1 1 0 1 0
8 0
tcpqe 32 6501 0 6501 4 3 1 2 0
8 1
tcpcb 544 3210 0 3204 18 9 9 15 0
8 8
inpcb 280 4942 0 4929 13 4 9 9 0
8 8
rttmr 72 6 0 6 6 6 0 1 0
8 0
nd6 48 33 0 29 2 1 1 1 0
8 0
pkpcb 40 12 0 12 6 6 0 1 0
8 0
ppxss 1128 97 0 97 6 5 1 1 0
8 1
pffrag 232 46 0 46 10 9 1 1 0
482 1
pffrnode 88 46 0 46 10 9 1 1 0
8 1
pffrent 40 873 0 873 11 10 1 1 0
8 1
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 1287 0 739 5 0 5 5 0
8 0
pfstkey 112 1287 0 739 20 2 18 20 0
8 0
pfstate 328 1287 0 739 67 16 51 58 0
8 1
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 2 0 1 2 1 1 2 0
8 0
art_heap4 256 1142 0 909 25 10 15 15 0
8 0
art_table 32 1144 0 910 2 0 2 2 0
8 0
art_node 16 268 0 224 1 0 1 1 0
8 0
sysvmsgpl 40 12 0 3 1 0 1 1 0
8 0
semapl 112 366 0 356 1 0 1 1 0
8 0
shmpl 112 119 0 13 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 5432 0 4029 46 0 46 46 0
8 0
ffsino 272 5432 0 4029 95 0 95 95 0
8 0
nchpl 144 10051 0 9585 61 40 21 61 0
8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0
8 0
vnodes 208 5926 0 0 312 0 312 312 0
8 0
namei 1024 32246 0 32246 6 5 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
vmpool 552 20 0 20 7 6 1 1 0
8 1
scsiplug 64 3 0 3 2 2 0 1 0
8 0
scxspl 192 29705 0 29705 25 24 1 7 0
8 1
plimitpl 152 234 0 226 1 0 1 1 0
8 0
sigapl 432 2773 0 2757 3 1 2 3 0
8 0
futexpl 56 54672 0 54671 1 0 1 1 0
8 0
knotepl 112 936 0 916 4 3 1 3 0
8 0
kqueuepl 104 2872 0 2869 5 1 4 4 0
8 3
pipepl 112 2440 0 2421 13 11 2 2 0
8 1
fdescpl 488 2774 0 2757 3 0 3 3 0
8 0
filepl 152 26241 0 26136 23 11 12 13 0
8 7
lockfpl 104 733 0 732 1 0 1 1 0
8 0
lockfspl 48 247 0 246 1 0 1 1 0
8 0
sessionpl 112 29 0 18 1 0 1 1 0
8 0
pgrppl 48 53 0 42 1 0 1 1 0
8 0
ucredpl 96 3020 0 3010 1 0 1 1 0
8 0
zombiepl 144 2757 0 2757 5 4 1 1 0
8 1
processpl 896 2791 0 2757 4 0 4 4 0
8 0
procpl 632 8751 0 8705 8 3 5 5 0
8 1
srpgc 64 17 0 17 7 7 0 1 0
8 0
sosppl 128 239 0 239 4 3 1 1 0
8 1
sockpl 384 6350 0 6326 18 6 12 14 0
8 8
mcl64k 65536 368 0 0 38 5 33 33 0
8 0
mcl16k 16384 9 0 0 2 0 2 2 0
8 0
mcl12k 12288 19 0 0 2 0 2 2 0
8 0
mcl9k 9216 11 0 0 1 0 1 1 0
8 0
mcl8k 8192 25 0 0 4 1 3 3 0
8 0
mcl4k 4096 19 0 0 3 1 2 3 0
8 0
mcl2k2 2112 8 0 0 1 0 1 1 0
8 0
mcl2k 2048 218 0 0 24 1 23 24 0
8 1
mtagpl 80 64 0 0 1 0 1 1 0
8 0
mbufpl 256 596 0 0 25 0 25 25 0
8 0
bufpl 256 15744 0 8696 441 0 441 441 0
8 0
anonpl 16 316061 0 299418 133 54 79 86 0
124 7
amapchunkpl 152 19842 0 19731 39 33 6 12 0
158 0
amappl16 192 14885 0 13919 136 84 52 61 0
8 3
amappl15 184 156 0 154 1 0 1 1 0
8 0
amappl14 176 504 0 502 2 1 1 1 0
8 0
amappl13 168 959 0 958 1 0 1 1 0
8 0
amappl12 160 62 0 60 4 3 1 1 0
8 0
amappl11 152 172 0 156 1 0 1 1 0
8 0
amappl10 144 329 0 326 1 0 1 1 0
8 0
amappl9 136 1250 0 1244 1 0 1 1 0
8 0
amappl8 128 786 0 757 2 0 2 2 0
8 0
amappl7 120 402 0 393 1 0 1 1 0
8 0
amappl6 112 157 0 144 1 0 1 1 0
8 0
amappl5 104 277 0 262 1 0 1 1 0
8 0
amappl4 96 3288 0 3255 1 0 1 1 0
8 0
amappl3 88 627 0 622 1 0 1 1 0
8 0
amappl2 80 21306 0 21225 4 1 3 3 0
8 0
amappl1 72 70709 0 70245 27 17 10 20 0
8 0
amappl 80 9216 0 9176 1 0 1 1 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 120 0 13 2 0 2 2 0
8 0
uaddrrnd 24 2794 0 2757 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 2794 0 2757 1 0 1 1 0
8 0
vmmpekpl 168 28015 0 27978 2 0 2 2 0
8 0
vmmpepl 168 352319 0 350098 282 154 128 129 0 357
29
vmsppl 368 2773 0 2757 2 0 2 2 0
8 0
pdppl 4096 5595 0 5554 7 1 6 6 0
8 0
pvpl 32 847388 0 827450 303 110 193 203 0 265
27
pmappl 232 2793 0 2777 8 6 2 2 0
8 1
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 699 0 37 20 0 20 20 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jan 15, 2020, 9:32:07 AM1/15/20
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages