panic: bad dir
3 views
Skip to first unread message
syzbot
May 9, 2019, 3:58:06 AM5/9/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 2f8707c8 Don't forget about previous dhcp configuration at..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11cfb88ca00000
kernel config: https://syzkaller.appspot.com/x/.config?x=60e2b7157576c8d7
dashboard link: https://syzkaller.appspot.com/bug?extid=3a6d90598376a6a69fea
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3a6d90...@syzkaller.appspotmail.com
panic: bad dir
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*279534 63554 0 0x2 0 0 ifconfig
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
ufs_dirbadentry(ffff8000149df328,ffff8000149df328,6b3b65c5c085fa37) at
ufs_dirbadentry
VOP_LOOKUP(fffffd803efd9708,ffff8000149df3d0,ffff8000149df390) at
VOP_LOOKUP+0x5b sys/kern/vfs_vops.c:90
unveil_find_cover(fffffd803efd9708,ffff8000149c6720) at
unveil_find_cover+0x139 sys/kern/kern_unveil.c:290
unveil_add_vnode(ffff8000ffff7708,fffffd803efd9708,0) at
unveil_add_vnode+0x23c sys/kern/kern_unveil.c:471
unveil_add(ffff8000149c6720,ffff8000149df998,ffff8000149dfa63) at
unveil_add+0x273 sys/kern/kern_unveil.c:597
sys_unveil(ffff8000149c6720,ffff8000149dfad0,ffff8000149dfb40) at
sys_unveil+0x405 sys/kern/vfs_syscalls.c:937
syscall(ffff8000149dfbb0) at syscall+0x511
Xsyscall(6,72,1,72,7f7ffffbc058,43ff7008ac8) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffbbfe0, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
bad dir
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
ufs_dirbadentry(ffff8000149df328,ffff8000149df328,6b3b65c5c085fa37) at
ufs_dirbadentry
VOP_LOOKUP(fffffd803efd9708,ffff8000149df3d0,ffff8000149df390) at
VOP_LOOKUP+0x5b sys/kern/vfs_vops.c:90
unveil_find_cover(fffffd803efd9708,ffff8000149c6720) at
unveil_find_cover+0x139 sys/kern/kern_unveil.c:290
unveil_add_vnode(ffff8000ffff7708,fffffd803efd9708,0) at
unveil_add_vnode+0x23c sys/kern/kern_unveil.c:471
unveil_add(ffff8000149c6720,ffff8000149df998,ffff8000149dfa63) at
unveil_add+0x273 sys/kern/kern_unveil.c:597
sys_unveil(ffff8000149c6720,ffff8000149dfad0,ffff8000149dfb40) at
sys_unveil+0x405 sys/kern/vfs_syscalls.c:937
syscall(ffff8000149dfbb0) at syscall+0x511
Xsyscall(6,72,1,72,7f7ffffbc058,43ff7008ac8) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffbbfe0, count: -10
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff8000149df140
rbx 0xffff8000149df1f0
rdx 0x2
rcx 0
rax 0
r8 0xffff8000149df100
r9 0x1
r10 0
r11 0x3b5b21f7f2f82fe1
r12 0x3000000008
r13 0xffff8000149df150
r14 0x100
r15 0x1
rip 0xffffffff811f14c8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000149df130
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (ifconfig) pid=279534 stat=onproc
flags process=2<EXEC> proc=0
pri=17, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff8000149c6978,0xffffffff822af360
process=0xffff8000ffff7708 user=0xffff8000149da000,
vmspace=0xfffffd803f013948
estcpu=1, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*63554 279534 51010 0 7 0x2 ifconfig
51010 203071 9408 0 3 0x10008a pause sh
9408 449246 67816 0 3 0x82 wait syz-executor.1
81193 215496 1 0 3 0x100083 ttyin getty
42119 442284 0 0 3 0x14200 bored sosplice
67816 381683 12782 0 3 0x82 thrsleep syz-fuzzer
67816 291285 12782 0 3 0x4000082 thrsleep syz-fuzzer
67816 301580 12782 0 3 0x4000082 thrsleep syz-fuzzer
67816 354779 12782 0 3 0x4000082 thrsleep syz-fuzzer
67816 322085 12782 0 3 0x4000082 thrsleep syz-fuzzer
67816 130222 12782 0 3 0x4000082 kqread syz-fuzzer
67816 387359 12782 0 3 0x4000082 thrsleep syz-fuzzer
67816 335692 12782 0 3 0x4000082 thrsleep syz-fuzzer
12782 111134 39359 0 3 0x10008a pause ksh
39359 297346 81284 0 3 0x92 select sshd
81284 259425 1 0 3 0x80 select sshd
34157 120763 82875 73 2 0x100090 syslogd
82875 519842 1 0 3 0x100082 netio syslogd
88223 176417 1 77 3 0x100090 poll dhclient
94657 201053 1 0 3 0x80 poll dhclient
1810 240038 0 0 3 0x14200 pgzero zerothread
57660 226494 0 0 3 0x14200 aiodoned aiodoned
35835 372115 0 0 3 0x14200 syncer update
14234 405064 0 0 3 0x14200 cleaner cleaner
8619 465959 0 0 3 0x14200 reaper reaper
37225 38444 0 0 3 0x14200 pgdaemon pagedaemon
53911 522273 0 0 3 0x14200 bored crynlk
14294 137016 0 0 3 0x14200 bored crypto
43986 386723 0 0 3 0x40014200 acpi0 acpi0
61054 307643 0 0 3 0x14200 bored softnet
14470 189724 0 0 3 0x14200 bored systqmp
88394 367222 0 0 3 0x14200 bored systq
94561 271121 0 0 3 0x40014200 bored softclock
56603 222869 0 0 3 0x40014200 idle0
70837 38851 0 0 3 0x14200 bored smr
1 456007 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9461 6321K 6957K 78643K 13357 0 0
pcb 23 9K 11K 78643K 599 0 0
rtable 64 2K 4K 78643K 932 0 0
ifaddr 33 9K 13K 78643K 252 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 44 0 0
iov 0 0K 24K 78643K 130 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1197 75K 76K 78643K 2424 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 9K 78643K 22 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 12 0K 1K 78643K 165 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12537 0 0
file desc 5 13K 25K 78643K 1686 0 0
sigio 0 0K 0K 78643K 11 0 0
proc 43 46K 62K 78643K 775 0 0
subproc 34 34817K 69634K 78643K 476 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 36 0 0
in_multi 11 0K 2K 78643K 188 0 0
ether_multi 1 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 60 265K 265K 78643K 60 0 0
exec 0 0K 1K 78643K 369 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 72 12K 20K 78643K 4822 0 0
UVM aobj 32 2K 3K 78643K 40 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 38 0 0
NDP 6 0K 0K 78643K 80 0 0
temp 89 2700K 2829K 78643K 11444 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 28 0 26 1 0 1 1 0
8 0
inpcbpl 280 473 0 466 1 0 1 1 0
8 0
plimitpl 152 63 0 56 1 0 1 1 0
8 0
rtentry 112 166 0 144 2 0 2 2 0
8 1
syncache 264 4 0 4 1 1 0 1 0
8 0
tcpcb 544 117 0 113 1 0 1 1 0
8 0
nd6 48 39 0 39 1 0 1 1 0
8 1
ppxss 1128 35 0 35 4 3 1 1 0
8 1
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 704 0 608 13 0 13 13 0
8 7
art_table 32 705 0 608 2 0 2 2 0
8 1
art_node 16 165 0 145 1 0 1 1 0
8 0
semapl 112 163 0 153 1 0 1 1 0
8 0
shmpl 112 38 0 8 1 0 1 1 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 4009 0 2554 48 0 48 48 0
8 0
ffsino 240 4009 0 2554 86 0 86 86 0
8 0
nchpl 144 6177 0 4504 63 0 63 63 0
8 0
uvmvnodes 72 4853 0 0 89 0 89 89 0
8 0
vnodes 200 4853 0 0 256 0 256 256 0
8 0
namei 1024 16611 0 16610 2 1 1 1 0
8 0
scxspl 192 44847 0 44847 12 11 1 6 0
8 1
sigapl 432 1821 0 1808 2 0 2 2 0
8 0
futexpl 56 12406 0 12406 1 0 1 1 0
8 1
knotepl 112 491 0 472 1 0 1 1 0
8 0
kqueuepl 104 213 0 211 1 0 1 1 0
8 0
pipepl 112 584 0 569 3 2 1 2 0
8 0
fdescpl 424 1822 0 1808 2 0 2 2 0
8 0
filepl 120 6843 0 6770 7 3 4 5 0
8 1
lockfpl 104 320 0 320 5 4 1 1 0
8 1
lockfspl 48 132 0 132 5 4 1 1 0
8 1
sessionpl 112 30 0 20 1 0 1 1 0
8 0
pgrppl 48 30 0 20 1 0 1 1 0
8 0
ucredpl 96 937 0 930 1 0 1 1 0
8 0
zombiepl 144 1808 0 1807 2 1 1 1 0
8 0
processpl 840 1837 0 1807 4 0 4 4 0
8 0
procpl 600 3661 0 3624 4 0 4 4 0
8 0
sosppl 128 19 0 19 3 3 0 1 0
8 0
sockpl 384 1022 0 1005 8 5 3 4 0
8 1
mcl64k 65536 14 0 14 2 1 1 1 0
8 1
mcl12k 12288 38 0 38 2 2 0 1 0
8 0
mcl9k 9216 11 0 11 2 2 0 1 0
8 0
mcl8k 8192 4 0 4 1 1 0 1 0
8 0
mcl4k 4096 35 0 35 4 3 1 1 0
8 1
mcl2k2 2112 5 0 5 1 1 0 1 0
8 0
mcl2k 2048 15385 0 15354 16 11 5 11 0
8 0
mtagpl 80 7 0 7 2 2 0 1 0
8 0
mbufpl 256 45818 0 45781 15 7 8 11 0
8 2
bufpl 256 37809 0 34701 198 0 198 198 0
8 0
anonpl 16 149827 0 146824 34 5 29 29 0 62
14
amapchunkpl 152 8059 0 7969 6 1 5 5 0
158 0
amappl16 192 8843 0 8726 21 6 15 18 0
8 8
amappl15 184 120 0 120 2 2 0 1 0
8 0
amappl14 176 589 0 585 2 1 1 1 0
8 0
amappl13 168 322 0 322 3 2 1 1 0
8 1
amappl12 160 15 0 13 1 0 1 1 0
8 0
amappl11 152 182 0 168 1 0 1 1 0
8 0
amappl10 144 110 0 107 2 1 1 1 0
8 0
amappl9 136 693 0 690 1 0 1 1 0
8 0
amappl8 128 265 0 242 1 0 1 1 0
8 0
amappl7 120 80 0 74 1 0 1 1 0
8 0
amappl6 112 176 0 169 1 0 1 1 0
8 0
amappl5 104 284 0 273 1 0 1 1 0
8 0
amappl4 96 2305 0 2276 2 1 1 2 0
8 0
amappl3 88 660 0 650 1 0 1 1 0
8 0
amappl2 80 14156 0 14116 2 0 2 2 0
8 0
amappl1 72 42098 0 41671 25 15 10 19 0
8 0
amappl 72 4087 0 4058 1 0 1 1 0
75 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 39 0 8 1 0 1 1 0
8 0
uaddrrnd 24 1822 0 1808 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 1822 0 1808 1 0 1 1 0
8 0
vmmpekpl 168 14584 0 14562 2 0 2 2 0
8 0
vmmpepl 168 184939 0 183967 102 45 57 72 0
357 7
vmsppl 264 1821 0 1808 3 2 1 2 0
8 0
pdppl 4096 3650 0 3616 7 2 5 6 0
8 0
pvpl 32 493051 0 487103 154 64 90 101 0 265
35
pmappl 200 1821 0 1808 1 0 1 1 0
8 0
extentpl 40 39 0 25 1 0 1 1 0
8 0
phpool 112 351 0 28 10 0 10 10 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 2f8707c8 Don't forget about previous dhcp configuration at..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11cfb88ca00000
kernel config: https://syzkaller.appspot.com/x/.config?x=60e2b7157576c8d7
dashboard link: https://syzkaller.appspot.com/bug?extid=3a6d90598376a6a69fea
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3a6d90...@syzkaller.appspotmail.com
panic: bad dir
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*279534 63554 0 0x2 0 0 ifconfig
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
ufs_dirbadentry(ffff8000149df328,ffff8000149df328,6b3b65c5c085fa37) at
ufs_dirbadentry
VOP_LOOKUP(fffffd803efd9708,ffff8000149df3d0,ffff8000149df390) at
VOP_LOOKUP+0x5b sys/kern/vfs_vops.c:90
unveil_find_cover(fffffd803efd9708,ffff8000149c6720) at
unveil_find_cover+0x139 sys/kern/kern_unveil.c:290
unveil_add_vnode(ffff8000ffff7708,fffffd803efd9708,0) at
unveil_add_vnode+0x23c sys/kern/kern_unveil.c:471
unveil_add(ffff8000149c6720,ffff8000149df998,ffff8000149dfa63) at
unveil_add+0x273 sys/kern/kern_unveil.c:597
sys_unveil(ffff8000149c6720,ffff8000149dfad0,ffff8000149dfb40) at
sys_unveil+0x405 sys/kern/vfs_syscalls.c:937
syscall(ffff8000149dfbb0) at syscall+0x511
Xsyscall(6,72,1,72,7f7ffffbc058,43ff7008ac8) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffbbfe0, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
bad dir
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
ufs_dirbadentry(ffff8000149df328,ffff8000149df328,6b3b65c5c085fa37) at
ufs_dirbadentry
VOP_LOOKUP(fffffd803efd9708,ffff8000149df3d0,ffff8000149df390) at
VOP_LOOKUP+0x5b sys/kern/vfs_vops.c:90
unveil_find_cover(fffffd803efd9708,ffff8000149c6720) at
unveil_find_cover+0x139 sys/kern/kern_unveil.c:290
unveil_add_vnode(ffff8000ffff7708,fffffd803efd9708,0) at
unveil_add_vnode+0x23c sys/kern/kern_unveil.c:471
unveil_add(ffff8000149c6720,ffff8000149df998,ffff8000149dfa63) at
unveil_add+0x273 sys/kern/kern_unveil.c:597
sys_unveil(ffff8000149c6720,ffff8000149dfad0,ffff8000149dfb40) at
sys_unveil+0x405 sys/kern/vfs_syscalls.c:937
syscall(ffff8000149dfbb0) at syscall+0x511
Xsyscall(6,72,1,72,7f7ffffbc058,43ff7008ac8) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffbbfe0, count: -10
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff8000149df140
rbx 0xffff8000149df1f0
rdx 0x2
rcx 0
rax 0
r8 0xffff8000149df100
r9 0x1
r10 0
r11 0x3b5b21f7f2f82fe1
r12 0x3000000008
r13 0xffff8000149df150
r14 0x100
r15 0x1
rip 0xffffffff811f14c8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000149df130
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (ifconfig) pid=279534 stat=onproc
flags process=2<EXEC> proc=0
pri=17, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff8000149c6978,0xffffffff822af360
process=0xffff8000ffff7708 user=0xffff8000149da000,
vmspace=0xfffffd803f013948
estcpu=1, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*63554 279534 51010 0 7 0x2 ifconfig
51010 203071 9408 0 3 0x10008a pause sh
9408 449246 67816 0 3 0x82 wait syz-executor.1
81193 215496 1 0 3 0x100083 ttyin getty
42119 442284 0 0 3 0x14200 bored sosplice
67816 381683 12782 0 3 0x82 thrsleep syz-fuzzer
67816 291285 12782 0 3 0x4000082 thrsleep syz-fuzzer
67816 301580 12782 0 3 0x4000082 thrsleep syz-fuzzer
67816 354779 12782 0 3 0x4000082 thrsleep syz-fuzzer
67816 322085 12782 0 3 0x4000082 thrsleep syz-fuzzer
67816 130222 12782 0 3 0x4000082 kqread syz-fuzzer
67816 387359 12782 0 3 0x4000082 thrsleep syz-fuzzer
67816 335692 12782 0 3 0x4000082 thrsleep syz-fuzzer
12782 111134 39359 0 3 0x10008a pause ksh
39359 297346 81284 0 3 0x92 select sshd
81284 259425 1 0 3 0x80 select sshd
34157 120763 82875 73 2 0x100090 syslogd
82875 519842 1 0 3 0x100082 netio syslogd
88223 176417 1 77 3 0x100090 poll dhclient
94657 201053 1 0 3 0x80 poll dhclient
1810 240038 0 0 3 0x14200 pgzero zerothread
57660 226494 0 0 3 0x14200 aiodoned aiodoned
35835 372115 0 0 3 0x14200 syncer update
14234 405064 0 0 3 0x14200 cleaner cleaner
8619 465959 0 0 3 0x14200 reaper reaper
37225 38444 0 0 3 0x14200 pgdaemon pagedaemon
53911 522273 0 0 3 0x14200 bored crynlk
14294 137016 0 0 3 0x14200 bored crypto
43986 386723 0 0 3 0x40014200 acpi0 acpi0
61054 307643 0 0 3 0x14200 bored softnet
14470 189724 0 0 3 0x14200 bored systqmp
88394 367222 0 0 3 0x14200 bored systq
94561 271121 0 0 3 0x40014200 bored softclock
56603 222869 0 0 3 0x40014200 idle0
70837 38851 0 0 3 0x14200 bored smr
1 456007 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9461 6321K 6957K 78643K 13357 0 0
pcb 23 9K 11K 78643K 599 0 0
rtable 64 2K 4K 78643K 932 0 0
ifaddr 33 9K 13K 78643K 252 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 44 0 0
iov 0 0K 24K 78643K 130 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1197 75K 76K 78643K 2424 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 9K 78643K 22 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 12 0K 1K 78643K 165 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12537 0 0
file desc 5 13K 25K 78643K 1686 0 0
sigio 0 0K 0K 78643K 11 0 0
proc 43 46K 62K 78643K 775 0 0
subproc 34 34817K 69634K 78643K 476 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 36 0 0
in_multi 11 0K 2K 78643K 188 0 0
ether_multi 1 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 60 265K 265K 78643K 60 0 0
exec 0 0K 1K 78643K 369 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 72 12K 20K 78643K 4822 0 0
UVM aobj 32 2K 3K 78643K 40 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 38 0 0
NDP 6 0K 0K 78643K 80 0 0
temp 89 2700K 2829K 78643K 11444 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 28 0 26 1 0 1 1 0
8 0
inpcbpl 280 473 0 466 1 0 1 1 0
8 0
plimitpl 152 63 0 56 1 0 1 1 0
8 0
rtentry 112 166 0 144 2 0 2 2 0
8 1
syncache 264 4 0 4 1 1 0 1 0
8 0
tcpcb 544 117 0 113 1 0 1 1 0
8 0
nd6 48 39 0 39 1 0 1 1 0
8 1
ppxss 1128 35 0 35 4 3 1 1 0
8 1
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 704 0 608 13 0 13 13 0
8 7
art_table 32 705 0 608 2 0 2 2 0
8 1
art_node 16 165 0 145 1 0 1 1 0
8 0
semapl 112 163 0 153 1 0 1 1 0
8 0
shmpl 112 38 0 8 1 0 1 1 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 4009 0 2554 48 0 48 48 0
8 0
ffsino 240 4009 0 2554 86 0 86 86 0
8 0
nchpl 144 6177 0 4504 63 0 63 63 0
8 0
uvmvnodes 72 4853 0 0 89 0 89 89 0
8 0
vnodes 200 4853 0 0 256 0 256 256 0
8 0
namei 1024 16611 0 16610 2 1 1 1 0
8 0
scxspl 192 44847 0 44847 12 11 1 6 0
8 1
sigapl 432 1821 0 1808 2 0 2 2 0
8 0
futexpl 56 12406 0 12406 1 0 1 1 0
8 1
knotepl 112 491 0 472 1 0 1 1 0
8 0
kqueuepl 104 213 0 211 1 0 1 1 0
8 0
pipepl 112 584 0 569 3 2 1 2 0
8 0
fdescpl 424 1822 0 1808 2 0 2 2 0
8 0
filepl 120 6843 0 6770 7 3 4 5 0
8 1
lockfpl 104 320 0 320 5 4 1 1 0
8 1
lockfspl 48 132 0 132 5 4 1 1 0
8 1
sessionpl 112 30 0 20 1 0 1 1 0
8 0
pgrppl 48 30 0 20 1 0 1 1 0
8 0
ucredpl 96 937 0 930 1 0 1 1 0
8 0
zombiepl 144 1808 0 1807 2 1 1 1 0
8 0
processpl 840 1837 0 1807 4 0 4 4 0
8 0
procpl 600 3661 0 3624 4 0 4 4 0
8 0
sosppl 128 19 0 19 3 3 0 1 0
8 0
sockpl 384 1022 0 1005 8 5 3 4 0
8 1
mcl64k 65536 14 0 14 2 1 1 1 0
8 1
mcl12k 12288 38 0 38 2 2 0 1 0
8 0
mcl9k 9216 11 0 11 2 2 0 1 0
8 0
mcl8k 8192 4 0 4 1 1 0 1 0
8 0
mcl4k 4096 35 0 35 4 3 1 1 0
8 1
mcl2k2 2112 5 0 5 1 1 0 1 0
8 0
mcl2k 2048 15385 0 15354 16 11 5 11 0
8 0
mtagpl 80 7 0 7 2 2 0 1 0
8 0
mbufpl 256 45818 0 45781 15 7 8 11 0
8 2
bufpl 256 37809 0 34701 198 0 198 198 0
8 0
anonpl 16 149827 0 146824 34 5 29 29 0 62
14
amapchunkpl 152 8059 0 7969 6 1 5 5 0
158 0
amappl16 192 8843 0 8726 21 6 15 18 0
8 8
amappl15 184 120 0 120 2 2 0 1 0
8 0
amappl14 176 589 0 585 2 1 1 1 0
8 0
amappl13 168 322 0 322 3 2 1 1 0
8 1
amappl12 160 15 0 13 1 0 1 1 0
8 0
amappl11 152 182 0 168 1 0 1 1 0
8 0
amappl10 144 110 0 107 2 1 1 1 0
8 0
amappl9 136 693 0 690 1 0 1 1 0
8 0
amappl8 128 265 0 242 1 0 1 1 0
8 0
amappl7 120 80 0 74 1 0 1 1 0
8 0
amappl6 112 176 0 169 1 0 1 1 0
8 0
amappl5 104 284 0 273 1 0 1 1 0
8 0
amappl4 96 2305 0 2276 2 1 1 2 0
8 0
amappl3 88 660 0 650 1 0 1 1 0
8 0
amappl2 80 14156 0 14116 2 0 2 2 0
8 0
amappl1 72 42098 0 41671 25 15 10 19 0
8 0
amappl 72 4087 0 4058 1 0 1 1 0
75 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 39 0 8 1 0 1 1 0
8 0
uaddrrnd 24 1822 0 1808 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 1822 0 1808 1 0 1 1 0
8 0
vmmpekpl 168 14584 0 14562 2 0 2 2 0
8 0
vmmpepl 168 184939 0 183967 102 45 57 72 0
357 7
vmsppl 264 1821 0 1808 3 2 1 2 0
8 0
pdppl 4096 3650 0 3616 7 2 5 6 0
8 0
pvpl 32 493051 0 487103 154 64 90 101 0 265
35
pmappl 200 1821 0 1808 1 0 1 1 0
8 0
extentpl 40 39 0 25 1 0 1 1 0
8 0
phpool 112 351 0 28 10 0 10 10 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
May 9, 2019, 6:21:06 AM5/9/19
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 2f8707c8 Don't forget about previous dhcp configuration at..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10c8aaaca00000
kernel config: https://syzkaller.appspot.com/x/.config?x=7f659e47e42d9641
dashboard link: https://syzkaller.appspot.com/bug?extid=3a6d90598376a6a69fea
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=168f9aaca00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17e61412a00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3a6d90...@syzkaller.appspotmail.com
panic: bad dir
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*308306 82927 0 0 0 1 syz-executor6193
421530 6758 73 0x100010 0 0 syslogd
ufs_dirbadentry
VOP_LOOKUP(fffffd807efca960,ffff800020bbaa10,ffff800020bba9d0) at
VOP_LOOKUP+0x5b sys/kern/vfs_vops.c:90
unveil_find_cover(fffffd806ed037d8,ffff800020b852d0) at
unveil_find_cover+0x139 sys/kern/kern_unveil.c:290
unveil_add_vnode() at unveil_add_vnode+0x221 sys/kern/kern_unveil.c:471
unveil_add(ffff800020b852d0,ffff800020bbafd8,ffff800020bbb0a3) at
unveil_add+0x273 sys/kern/kern_unveil.c:597
sys_unveil(ffff800020b852d0,ffff800020bbb118,ffff800020bbb180) at
sys_unveil+0x405 sys/kern/vfs_syscalls.c:937
syscall(ffff800020bbb1f0) at syscall+0x552 mi_syscall
sys/sys/syscall_mi.h:99 [inline]
syscall(ffff800020bbb1f0) at syscall+0x552 sys/arch/amd64/amd64/trap.c:574
Xsyscall(6,0,7f7ffffcf7a8,0,431bde82d7b634db,7dfc472d568) at Xsyscall+0x128
end trace frame: 0x0, count: 5
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
bad dir
ddb{1}> trace
ufs_dirbadentry
VOP_LOOKUP(fffffd807efca960,ffff800020bbaa10,ffff800020bba9d0) at
VOP_LOOKUP+0x5b sys/kern/vfs_vops.c:90
unveil_find_cover(fffffd806ed037d8,ffff800020b852d0) at
unveil_find_cover+0x139 sys/kern/kern_unveil.c:290
unveil_add_vnode() at unveil_add_vnode+0x221 sys/kern/kern_unveil.c:471
unveil_add(ffff800020b852d0,ffff800020bbafd8,ffff800020bbb0a3) at
unveil_add+0x273 sys/kern/kern_unveil.c:597
sys_unveil(ffff800020b852d0,ffff800020bbb118,ffff800020bbb180) at
sys_unveil+0x405 sys/kern/vfs_syscalls.c:937
syscall(ffff800020bbb1f0) at syscall+0x552 mi_syscall
sys/sys/syscall_mi.h:99 [inline]
syscall(ffff800020bbb1f0) at syscall+0x552 sys/arch/amd64/amd64/trap.c:574
Xsyscall(6,0,7f7ffffcf7a8,0,431bde82d7b634db,7dfc472d568) at Xsyscall+0x128
end trace frame: 0x0, count: -10
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020bba780
rbx 0xffff800020bba830
rdx 0x8b
rcx 0x2
rax 0x1
r8 0xffffffff81a425b3 kprintf+0x173
r9 0x1
r10 0x4274cb14f133163b
r11 0x3188371dbc430079
r12 0x3000000008
r13 0xffff800020bba790
r14 0x100
r15 0x1
rip 0xffffffff812575e8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020bba770
PROC (syz-executor6193) pid=308306 stat=onproc
flags process=0 proc=0
pri=17, usrpri=53, nice=20
forw=0xffffffffffffffff, list=0xffff800020b84e20,0xffffffff823445b0
process=0xffff800020b3b3c0 user=0xffff800020bb6000,
vmspace=0xfffffd806f1a2878
estcpu=3, cpticks=5, pctcpu=0.7
user=0, sys=1, intr=0
ddb{1}> ps
84520 148700 53087 0 3 0x82 nanosleep syz-executor6193
53087 29823 60172 0 3 0x10008a pause ksh
60172 209202 76707 0 3 0x92 select sshd
17999 4757 1 0 3 0x100083 ttyin getty
76707 251384 1 0 3 0x80 select sshd
38475 105361 60582 74 3 0x100092 bpf pflogd
60582 151913 1 0 3 0x80 netio pflogd
6758 421530 56284 73 7 0x100010 syslogd
56284 410030 1 0 3 0x100082 netio syslogd
54129 80941 1 77 3 0x100090 poll dhclient
6496 443897 1 0 3 0x80 poll dhclient
39443 278119 0 0 3 0x14200 pgzero zerothread
50030 331091 0 0 3 0x14200 aiodoned aiodoned
22903 107321 0 0 3 0x14200 syncer update
86361 302272 0 0 3 0x14200 cleaner cleaner
17251 73644 0 0 3 0x14200 reaper reaper
81615 10797 0 0 3 0x14200 pgdaemon pagedaemon
65775 386849 0 0 3 0x14200 bored crynlk
74253 65237 0 0 3 0x14200 bored crypto
42075 518234 0 0 3 0x40014200 acpi0 acpi0
47050 480008 0 0 3 0x40014200 idle1
55622 208616 0 0 3 0x14200 bored softnet
70012 332349 0 0 3 0x14200 bored systqmp
76615 113594 0 0 3 0x14200 bored systq
85943 398782 0 0 3 0x40014200 bored softclock
34088 418983 0 0 3 0x40014200 idle0
34096 201573 0 0 3 0x14200 bored smr
1 201855 0 0 3 0x82 wait init
Process 82927 (syz-executor6193) thread 0xffff800020b852d0 (308306)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82374b68)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1161
#1 __mp_acquire_count+0x51 sys/kern/kern_lock.c:227
#2 mi_switch+0x38c sys/kern/sched_bsd.c:439
#3 sleep_finish+0x110 sys/kern/kern_synch.c:303
#4 sleep_finish_all+0x34 sleep_finish_timeout sys/kern/kern_synch.c:327
[inline]
#4 sleep_finish_all+0x34 sys/kern/kern_synch.c:157
#5 tsleep+0x195 sys/kern/kern_synch.c:149
#6 biowait+0xa1 sys/kern/vfs_bio.c:1228
#7 ffs_bufatoff+0x14f sys/ufs/ffs/ffs_subr.c:71
#8 ufs_lookup+0x48d sys/ufs/ufs/ufs_lookup.c:258
#9 VOP_LOOKUP+0x5b sys/kern/vfs_vops.c:90
#10 unveil_find_cover+0x139 sys/kern/kern_unveil.c:290
#11 unveil_add_vnode+0x221 sys/kern/kern_unveil.c:471
#12 unveil_add+0x273 sys/kern/kern_unveil.c:597
#13 sys_unveil+0x405 sys/kern/vfs_syscalls.c:937
#14 syscall+0x552 mi_syscall sys/sys/syscall_mi.h:99 [inline]
#14 syscall+0x552 sys/arch/amd64/amd64/trap.c:574
#15 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd807ed21e68)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1161
#1 rw_enter+0x414 sys/kern/kern_rwlock.c:278
#2 rrw_enter+0x4f sys/kern/kern_rwlock.c:407
#3 VOP_LOCK+0x4b sys/kern/vfs_vops.c:602
#4 vn_lock+0x6e sys/kern/vfs_vnops.c:549
#5 vget+0x1c3 sys/kern/vfs_subr.c:672
#6 unveil_find_cover+0x10d sys/kern/kern_unveil.c:286
#7 unveil_add_vnode+0x221 sys/kern/kern_unveil.c:471
#8 unveil_add+0x273 sys/kern/kern_unveil.c:597
#9 sys_unveil+0x405 sys/kern/vfs_syscalls.c:937
#10 syscall+0x552 mi_syscall sys/sys/syscall_mi.h:99 [inline]
#10 syscall+0x552 sys/arch/amd64/amd64/trap.c:574
#11 Xsyscall+0x128
ddb{1}> show malloc
pcb 25 9K 9K 78643K 57 0 0
rtable 61 2K 2K 78643K 125 0 0
ifaddr 25 7K 7K 78643K 26 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1467 0 0
VM map 2 1K 1K 78643K 2 0 0
sem 2 0K 0K 78643K 2 0 0
file desc 1 0K 0K 78643K 1 0 0
proc 54 70K 70K 78643K 281 0 0
exec 0 0K 1K 78643K 179 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
temp 39 2712K 2776K 78643K 2845 0 0
8 0
inpcbpl 280 29 0 23 1 0 1 1 0
8 0
plimitpl 152 14 0 8 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtentry 112 23 0 1 1 0 1 1 0
8 0
syncache 264 5 0 5 1 0 1 1 0
8 1
tcpcb 544 8 0 5 1 0 1 1 0
8 0
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 8 0 0 1 0 1 1 0
8 0
pfstkey 112 8 0 0 1 0 1 1 0
8 0
pfstate 328 8 0 0 1 0 1 1 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
8 0
art_table 32 97 0 0 1 0 1 1 0
8 0
art_node 16 22 0 2 1 0 1 1 0
8 0
ffsino 272 1394 0 19 92 0 92 92 0
8 0
nchpl 144 1568 0 32 57 0 57 57 0
8 0
uvmvnodes 72 1404 0 0 26 0 26 26 0
8 0
vnodes 200 1404 0 0 74 0 74 74 0
8 0
namei 1024 3556 0 3555 2 1 1 1 0
8 0
percpumem 16 30 0 0 1 0 1 1 0
8 0
scxspl 192 5579 0 5578 9 3 6 7 0
8 5
sigapl 432 206 0 193 2 0 2 2 0
8 0
knotepl 112 5 0 0 1 0 1 1 0
8 0
kqueuepl 104 1 0 0 1 0 1 1 0
8 0
pipepl 112 136 0 129 2 1 1 1 0
8 0
fdescpl 488 207 0 193 3 1 2 3 0
8 0
filepl 152 962 0 914 2 0 2 2 0
8 0
lockfpl 104 6 0 6 1 1 0 1 0
8 0
lockfspl 48 3 0 3 1 1 0 1 0
8 0
sessionpl 112 18 0 9 1 0 1 1 0
8 0
pgrppl 48 18 0 9 1 0 1 1 0
8 0
ucredpl 96 52 0 43 1 0 1 1 0
8 0
zombiepl 144 193 0 193 2 1 1 1 0
8 1
processpl 840 222 0 193 4 0 4 4 0
8 0
procpl 600 222 0 193 3 0 3 3 0
8 0
sockpl 384 73 0 55 2 0 2 2 0
8 0
mcl4k 4096 3 0 0 1 0 1 1 0
8 0
mcl2k 2048 71 0 0 9 0 9 9 0
8 0
mtagpl 80 1 0 0 1 0 1 1 0
8 0
mbufpl 256 104 0 0 6 0 6 6 0
8 0
bufpl 256 7124 0 2651 280 0 280 280 0
8 0
anonpl 16 23702 0 18375 24 2 22 22 0
125 0
amapchunkpl 152 593 0 540 3 0 3 3 0
158 0
amappl16 192 338 0 92 13 0 13 13 0
8 0
amappl14 176 16 0 15 2 1 1 1 0
8 0
amappl12 160 4 0 4 1 1 0 1 0
8 0
amappl11 152 42 0 24 1 0 1 1 0
8 0
amappl10 144 56 0 54 1 0 1 1 0
8 0
amappl9 136 423 0 422 1 0 1 1 0
8 0
amappl8 128 98 0 94 1 0 1 1 0
8 0
amappl7 120 19 0 18 1 0 1 1 0
8 0
amappl6 112 48 0 42 1 0 1 1 0
8 0
amappl5 104 120 0 107 1 0 1 1 0
8 0
amappl4 96 440 0 415 1 0 1 1 0
8 0
amappl3 88 106 0 100 1 0 1 1 0
8 0
amappl2 80 646 0 604 1 0 1 1 0
8 0
amappl1 72 13718 0 13283 15 5 10 15 0
8 0
amappl 72 436 0 413 1 0 1 1 0
8 0
uaddrrnd 24 207 0 193 1 0 1 1 0
8 0
vmmpekpl 168 5623 0 5602 2 0 2 2 0
8 0
vmmpepl 168 28055 0 27020 59 13 46 46 0
357 0
vmsppl 360 206 0 193 2 0 2 2 0
8 0
pdppl 4096 422 0 386 6 1 5 6 0
8 0
pvpl 32 89377 0 82288 62 4 58 58 0
265 0
pmappl 232 206 0 193 1 0 1 1 0
8 0
HEAD commit: 2f8707c8 Don't forget about previous dhcp configuration at..
git tree: openbsd
kernel config: https://syzkaller.appspot.com/x/.config?x=7f659e47e42d9641
dashboard link: https://syzkaller.appspot.com/bug?extid=3a6d90598376a6a69fea
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=168f9aaca00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17e61412a00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3a6d90...@syzkaller.appspotmail.com
panic: bad dir
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
421530 6758 73 0x100010 0 0 syslogd
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
ufs_dirbadentry(ffff800020bba968,ffff800020bba968,ca21247bcb3d2877) at
panic() at panic+0x15c sys/kern/subr_prf.c:212
ufs_dirbadentry
VOP_LOOKUP(fffffd807efca960,ffff800020bbaa10,ffff800020bba9d0) at
VOP_LOOKUP+0x5b sys/kern/vfs_vops.c:90
unveil_find_cover(fffffd806ed037d8,ffff800020b852d0) at
unveil_find_cover+0x139 sys/kern/kern_unveil.c:290
unveil_add_vnode() at unveil_add_vnode+0x221 sys/kern/kern_unveil.c:471
unveil_add(ffff800020b852d0,ffff800020bbafd8,ffff800020bbb0a3) at
unveil_add+0x273 sys/kern/kern_unveil.c:597
sys_unveil(ffff800020b852d0,ffff800020bbb118,ffff800020bbb180) at
sys_unveil+0x405 sys/kern/vfs_syscalls.c:937
syscall(ffff800020bbb1f0) at syscall+0x552 mi_syscall
sys/sys/syscall_mi.h:99 [inline]
syscall(ffff800020bbb1f0) at syscall+0x552 sys/arch/amd64/amd64/trap.c:574
Xsyscall(6,0,7f7ffffcf7a8,0,431bde82d7b634db,7dfc472d568) at Xsyscall+0x128
end trace frame: 0x0, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
bad dir
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
ufs_dirbadentry(ffff800020bba968,ffff800020bba968,ca21247bcb3d2877) at
panic() at panic+0x15c sys/kern/subr_prf.c:212
ufs_dirbadentry
VOP_LOOKUP(fffffd807efca960,ffff800020bbaa10,ffff800020bba9d0) at
VOP_LOOKUP+0x5b sys/kern/vfs_vops.c:90
unveil_find_cover(fffffd806ed037d8,ffff800020b852d0) at
unveil_find_cover+0x139 sys/kern/kern_unveil.c:290
unveil_add_vnode() at unveil_add_vnode+0x221 sys/kern/kern_unveil.c:471
unveil_add(ffff800020b852d0,ffff800020bbafd8,ffff800020bbb0a3) at
unveil_add+0x273 sys/kern/kern_unveil.c:597
sys_unveil(ffff800020b852d0,ffff800020bbb118,ffff800020bbb180) at
sys_unveil+0x405 sys/kern/vfs_syscalls.c:937
syscall(ffff800020bbb1f0) at syscall+0x552 mi_syscall
sys/sys/syscall_mi.h:99 [inline]
syscall(ffff800020bbb1f0) at syscall+0x552 sys/arch/amd64/amd64/trap.c:574
Xsyscall(6,0,7f7ffffcf7a8,0,431bde82d7b634db,7dfc472d568) at Xsyscall+0x128
end trace frame: 0x0, count: -10
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020bba780
rbx 0xffff800020bba830
rdx 0x8b
rcx 0x2
rax 0x1
r8 0xffffffff81a425b3 kprintf+0x173
r9 0x1
r10 0x4274cb14f133163b
r11 0x3188371dbc430079
r12 0x3000000008
r13 0xffff800020bba790
r14 0x100
r15 0x1
rip 0xffffffff812575e8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020bba770
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
db_enter+0x18: addq $0x8,%rsp
PROC (syz-executor6193) pid=308306 stat=onproc
flags process=0 proc=0
pri=17, usrpri=53, nice=20
forw=0xffffffffffffffff, list=0xffff800020b84e20,0xffffffff823445b0
process=0xffff800020b3b3c0 user=0xffff800020bb6000,
vmspace=0xfffffd806f1a2878
estcpu=3, cpticks=5, pctcpu=0.7
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*82927 308306 84520 0 7 0 syz-executor6193
84520 148700 53087 0 3 0x82 nanosleep syz-executor6193
53087 29823 60172 0 3 0x10008a pause ksh
60172 209202 76707 0 3 0x92 select sshd
17999 4757 1 0 3 0x100083 ttyin getty
76707 251384 1 0 3 0x80 select sshd
38475 105361 60582 74 3 0x100092 bpf pflogd
60582 151913 1 0 3 0x80 netio pflogd
6758 421530 56284 73 7 0x100010 syslogd
56284 410030 1 0 3 0x100082 netio syslogd
54129 80941 1 77 3 0x100090 poll dhclient
6496 443897 1 0 3 0x80 poll dhclient
39443 278119 0 0 3 0x14200 pgzero zerothread
50030 331091 0 0 3 0x14200 aiodoned aiodoned
22903 107321 0 0 3 0x14200 syncer update
86361 302272 0 0 3 0x14200 cleaner cleaner
17251 73644 0 0 3 0x14200 reaper reaper
81615 10797 0 0 3 0x14200 pgdaemon pagedaemon
65775 386849 0 0 3 0x14200 bored crynlk
74253 65237 0 0 3 0x14200 bored crypto
42075 518234 0 0 3 0x40014200 acpi0 acpi0
47050 480008 0 0 3 0x40014200 idle1
55622 208616 0 0 3 0x14200 bored softnet
70012 332349 0 0 3 0x14200 bored systqmp
76615 113594 0 0 3 0x14200 bored systq
85943 398782 0 0 3 0x40014200 bored softclock
34088 418983 0 0 3 0x40014200 idle0
34096 201573 0 0 3 0x14200 bored smr
1 201855 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
Process 82927 (syz-executor6193) thread 0xffff800020b852d0 (308306)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82374b68)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1161
#1 __mp_acquire_count+0x51 sys/kern/kern_lock.c:227
#2 mi_switch+0x38c sys/kern/sched_bsd.c:439
#3 sleep_finish+0x110 sys/kern/kern_synch.c:303
#4 sleep_finish_all+0x34 sleep_finish_timeout sys/kern/kern_synch.c:327
[inline]
#4 sleep_finish_all+0x34 sys/kern/kern_synch.c:157
#5 tsleep+0x195 sys/kern/kern_synch.c:149
#6 biowait+0xa1 sys/kern/vfs_bio.c:1228
#7 ffs_bufatoff+0x14f sys/ufs/ffs/ffs_subr.c:71
#8 ufs_lookup+0x48d sys/ufs/ufs/ufs_lookup.c:258
#9 VOP_LOOKUP+0x5b sys/kern/vfs_vops.c:90
#10 unveil_find_cover+0x139 sys/kern/kern_unveil.c:290
#11 unveil_add_vnode+0x221 sys/kern/kern_unveil.c:471
#12 unveil_add+0x273 sys/kern/kern_unveil.c:597
#13 sys_unveil+0x405 sys/kern/vfs_syscalls.c:937
#14 syscall+0x552 mi_syscall sys/sys/syscall_mi.h:99 [inline]
#14 syscall+0x552 sys/arch/amd64/amd64/trap.c:574
#15 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd807ed21e68)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1161
#1 rw_enter+0x414 sys/kern/kern_rwlock.c:278
#2 rrw_enter+0x4f sys/kern/kern_rwlock.c:407
#3 VOP_LOCK+0x4b sys/kern/vfs_vops.c:602
#4 vn_lock+0x6e sys/kern/vfs_vnops.c:549
#5 vget+0x1c3 sys/kern/vfs_subr.c:672
#6 unveil_find_cover+0x10d sys/kern/kern_unveil.c:286
#7 unveil_add_vnode+0x221 sys/kern/kern_unveil.c:471
#8 unveil_add+0x273 sys/kern/kern_unveil.c:597
#9 sys_unveil+0x405 sys/kern/vfs_syscalls.c:937
#10 syscall+0x552 mi_syscall sys/sys/syscall_mi.h:99 [inline]
#10 syscall+0x552 sys/arch/amd64/amd64/trap.c:574
#11 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9450 6382K 6383K 78643K 10537 0 0
pcb 25 9K 9K 78643K 57 0 0
rtable 61 2K 2K 78643K 125 0 0
ifaddr 25 7K 7K 78643K 26 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1467 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1167 73K 73K 78643K 1173 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 1K 78643K 2 0 0
UFS mount 5 36K 36K 78643K 5 0 0
VM map 2 1K 1K 78643K 2 0 0
sem 2 0K 0K 78643K 2 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12628 0 0
file desc 1 0K 0K 78643K 1 0 0
proc 54 70K 70K 78643K 281 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
in_multi 11 0K 0K 78643K 11 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ether_multi 1 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 18 79K 79K 78643K 18 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
exec 0 0K 1K 78643K 179 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 55 3K 3K 78643K 773 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
NDP 4 0K 0K 78643K 4 0 0
crypto data 1 1K 1K 78643K 1 0 0
temp 39 2712K 2776K 78643K 2845 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 2 0 0 1 0 1 1 0
Idle
8 0
inpcbpl 280 29 0 23 1 0 1 1 0
8 0
plimitpl 152 14 0 8 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtentry 112 23 0 1 1 0 1 1 0
8 0
syncache 264 5 0 5 1 0 1 1 0
8 1
tcpcb 544 8 0 5 1 0 1 1 0
8 0
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 8 0 0 1 0 1 1 0
8 0
pfstkey 112 8 0 0 1 0 1 1 0
8 0
pfstate 328 8 0 0 1 0 1 1 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 96 0 0 6 0 6 6 0
8 0
8 0
art_table 32 97 0 0 1 0 1 1 0
8 0
art_node 16 22 0 2 1 0 1 1 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 1394 0 19 45 0 45 45 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
8 0
ffsino 272 1394 0 19 92 0 92 92 0
8 0
nchpl 144 1568 0 32 57 0 57 57 0
8 0
uvmvnodes 72 1404 0 0 26 0 26 26 0
8 0
vnodes 200 1404 0 0 74 0 74 74 0
8 0
namei 1024 3556 0 3555 2 1 1 1 0
8 0
percpumem 16 30 0 0 1 0 1 1 0
8 0
scxspl 192 5579 0 5578 9 3 6 7 0
8 5
sigapl 432 206 0 193 2 0 2 2 0
8 0
knotepl 112 5 0 0 1 0 1 1 0
8 0
kqueuepl 104 1 0 0 1 0 1 1 0
8 0
pipepl 112 136 0 129 2 1 1 1 0
8 0
fdescpl 488 207 0 193 3 1 2 3 0
8 0
filepl 152 962 0 914 2 0 2 2 0
8 0
lockfpl 104 6 0 6 1 1 0 1 0
8 0
lockfspl 48 3 0 3 1 1 0 1 0
8 0
sessionpl 112 18 0 9 1 0 1 1 0
8 0
pgrppl 48 18 0 9 1 0 1 1 0
8 0
ucredpl 96 52 0 43 1 0 1 1 0
8 0
zombiepl 144 193 0 193 2 1 1 1 0
8 1
processpl 840 222 0 193 4 0 4 4 0
8 0
procpl 600 222 0 193 3 0 3 3 0
8 0
sockpl 384 73 0 55 2 0 2 2 0
8 0
mcl4k 4096 3 0 0 1 0 1 1 0
8 0
mcl2k 2048 71 0 0 9 0 9 9 0
8 0
mtagpl 80 1 0 0 1 0 1 1 0
8 0
mbufpl 256 104 0 0 6 0 6 6 0
8 0
bufpl 256 7124 0 2651 280 0 280 280 0
8 0
anonpl 16 23702 0 18375 24 2 22 22 0
125 0
amapchunkpl 152 593 0 540 3 0 3 3 0
158 0
amappl16 192 338 0 92 13 0 13 13 0
8 0
amappl14 176 16 0 15 2 1 1 1 0
8 0
amappl12 160 4 0 4 1 1 0 1 0
8 0
amappl11 152 42 0 24 1 0 1 1 0
8 0
amappl10 144 56 0 54 1 0 1 1 0
8 0
amappl9 136 423 0 422 1 0 1 1 0
8 0
amappl8 128 98 0 94 1 0 1 1 0
8 0
amappl7 120 19 0 18 1 0 1 1 0
8 0
amappl6 112 48 0 42 1 0 1 1 0
8 0
amappl5 104 120 0 107 1 0 1 1 0
8 0
amappl4 96 440 0 415 1 0 1 1 0
8 0
amappl3 88 106 0 100 1 0 1 1 0
8 0
amappl2 80 646 0 604 1 0 1 1 0
8 0
amappl1 72 13718 0 13283 15 5 10 15 0
8 0
amappl 72 436 0 413 1 0 1 1 0
75 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 1 0 0 1 0 1 1 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
8 0
uaddrrnd 24 207 0 193 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 207 0 193 1 0 1 1 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
8 0
vmmpekpl 168 5623 0 5602 2 0 2 2 0
8 0
vmmpepl 168 28055 0 27020 59 13 46 46 0
357 0
vmsppl 360 206 0 193 2 0 2 2 0
8 0
pdppl 4096 422 0 386 6 1 5 6 0
8 0
pvpl 32 89377 0 82288 62 4 58 58 0
265 0
pmappl 232 206 0 193 1 0 1 1 0
8 0
extentpl 40 39 0 25 1 0 1 1 0
8 0
phpool 112 411 0 5 12 0 12 12 0
extentpl 40 39 0 25 1 0 1 1 0
8 0
8 0
Dmitry Vyukov
May 10, 2019, 2:46:38 AM5/10/19
to syzbot, syzkaller-o...@googlegroups.com, Anton Lindqvist, Greg Steuck
From: syzbot <syzbot+3a6d90...@syzkaller.appspotmail.com>
Date: Thu, May 9, 2019 at 12:21 PM
To: <syzkaller-o...@googlegroups.com>
> syzbot has found a reproducer for the following crash on:
>
> HEAD commit: 2f8707c8 Don't forget about previous dhcp configuration at..
> git tree: openbsd
> console output: https://syzkaller.appspot.com/x/log.txt?x=10c8aaaca00000
> kernel config: https://syzkaller.appspot.com/x/.config?x=7f659e47e42d9641
> dashboard link: https://syzkaller.appspot.com/bug?extid=3a6d90598376a6a69fea
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=168f9aaca00000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17e61412a00000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+3a6d90...@syzkaller.appspotmail.com
Let's try patch testing for OpenBSD:
#syz test: https://github.com/openbsd/src.git 2f8707c8
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-openbsd-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-openbsd...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-openbsd-bugs/000000000000cbdba4058871ceb4%40google.com.
> For more options, visit https://groups.google.com/d/optout.
Date: Thu, May 9, 2019 at 12:21 PM
To: <syzkaller-o...@googlegroups.com>
> syzbot has found a reproducer for the following crash on:
>
> HEAD commit: 2f8707c8 Don't forget about previous dhcp configuration at..
> git tree: openbsd
> console output: https://syzkaller.appspot.com/x/log.txt?x=10c8aaaca00000
> kernel config: https://syzkaller.appspot.com/x/.config?x=7f659e47e42d9641
> dashboard link: https://syzkaller.appspot.com/bug?extid=3a6d90598376a6a69fea
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=168f9aaca00000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17e61412a00000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+3a6d90...@syzkaller.appspotmail.com
#syz test: https://github.com/openbsd/src.git 2f8707c8
> You received this message because you are subscribed to the Google Groups "syzkaller-openbsd-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-openbsd...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-openbsd-bugs/000000000000cbdba4058871ceb4%40google.com.
> For more options, visit https://groups.google.com/d/optout.
syzbot
May 10, 2019, 1:28:00 PM5/10/19
to an...@basename.se, dvy...@google.com, gne...@google.com, syzkaller-o...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but build/boot failed:
failed to read config file: open /syzkaller/jobs/openbsd/kernel/.config: no
such file or directory
Tested on:
commit: 2f8707c8 Don't forget about previous dhcp configuration at..
git tree: https://github.com/openbsd/src.git
compiler:
syzbot tried to test the proposed patch but build/boot failed:
failed to read config file: open /syzkaller/jobs/openbsd/kernel/.config: no
such file or directory
Tested on:
commit: 2f8707c8 Don't forget about previous dhcp configuration at..
compiler:
Greg Steuck (Sh-toy-k)
May 10, 2019, 1:31:22 PM5/10/19
to syzbot, Anton Lindqvist, Dmitry Vyukov, syzkaller-o...@googlegroups.com
Log entries:
2019/05/10 10:21:45 using syzkaller built on
214bf476d3ae8eb77b04adbc52baeef09a9d6f31
2019/05/10 10:21:46 ci-openbsd-setuid: latest image is on
f92b4bd854923e0d92e230c978b3c6dd525e9be9
2019/05/10 10:21:46 ci-openbsd-main: latest image is on
f92b4bd854923e0d92e230c978b3c6dd525e9be9
2019/05/10 10:21:46 ci-openbsd-multicore: latest image is on
f92b4bd854923e0d92e230c978b3c6dd525e9be9
2019/05/10 10:21:56 starting job
2c5c906866055d49309ba07760ee9fada7b76a0d|6153713724948480 type 0 for
manager ci-openbsd-multicore on
https://github.com/openbsd/src.git/2f8707c8
2019/05/10 10:21:56 job: building syzkaller on
1ab4c999204f727316e77b769e51f6ebdaae00ff...
2019/05/10 10:22:21 ci-openbsd-setuid: poll:
017348fd9e151db65e509e6fb577f24587e25b0f
2019/05/10 10:22:21 ci-openbsd-main: poll:
017348fd9e151db65e509e6fb577f24587e25b0f
2019/05/10 10:22:22 ci-openbsd-multicore: poll:
017348fd9e151db65e509e6fb577f24587e25b0f
2019/05/10 10:23:34 job: fetching kernel...
2019/05/10 10:23:51 job: building kernel...
2019/05/10 10:27:44 done job
2c5c906866055d49309ba07760ee9fada7b76a0d|6153713724948480: commit
2f8707c8a257bc1db51e4781acefa151aeba29de, crash "", error: failed to
2019/05/10 10:21:45 using syzkaller built on
214bf476d3ae8eb77b04adbc52baeef09a9d6f31
2019/05/10 10:21:46 ci-openbsd-setuid: latest image is on
f92b4bd854923e0d92e230c978b3c6dd525e9be9
2019/05/10 10:21:46 ci-openbsd-main: latest image is on
f92b4bd854923e0d92e230c978b3c6dd525e9be9
2019/05/10 10:21:46 ci-openbsd-multicore: latest image is on
f92b4bd854923e0d92e230c978b3c6dd525e9be9
2019/05/10 10:21:56 starting job
2c5c906866055d49309ba07760ee9fada7b76a0d|6153713724948480 type 0 for
manager ci-openbsd-multicore on
https://github.com/openbsd/src.git/2f8707c8
2019/05/10 10:21:56 job: building syzkaller on
1ab4c999204f727316e77b769e51f6ebdaae00ff...
2019/05/10 10:22:21 ci-openbsd-setuid: poll:
017348fd9e151db65e509e6fb577f24587e25b0f
2019/05/10 10:22:21 ci-openbsd-main: poll:
017348fd9e151db65e509e6fb577f24587e25b0f
2019/05/10 10:22:22 ci-openbsd-multicore: poll:
017348fd9e151db65e509e6fb577f24587e25b0f
2019/05/10 10:23:34 job: fetching kernel...
2019/05/10 10:23:51 job: building kernel...
2019/05/10 10:27:44 done job
2c5c906866055d49309ba07760ee9fada7b76a0d|6153713724948480: commit
2f8707c8a257bc1db51e4781acefa151aeba29de, crash "", error: failed to
read config file: open /syzkaller/jobs/openbsd/kernel/.config: no such
file or directory
Looks like it is Linux specific in some parts.
file or directory
Dmitry Vyukov
May 12, 2019, 5:50:28 AM5/12/19
to Greg Steuck (Sh-toy-k), syzbot, Anton Lindqvist, syzkaller-o...@googlegroups.com
From: Greg Steuck (Sh-toy-k) <gne...@google.com>
Date: Fri, May 10, 2019 at 7:31 PM
To: syzbot
Cc: Anton Lindqvist, Dmitry Vyukov, <syzkaller-o...@googlegroups.com>
This should be fixed with
https://github.com/google/syzkaller/commit/39449875b60fb5a6e5ab53a1b2231ab6b29506a7
We need to resubmit testing request once the change is deployed.
Date: Fri, May 10, 2019 at 7:31 PM
To: syzbot
Cc: Anton Lindqvist, Dmitry Vyukov, <syzkaller-o...@googlegroups.com>
https://github.com/google/syzkaller/commit/39449875b60fb5a6e5ab53a1b2231ab6b29506a7
We need to resubmit testing request once the change is deployed.
Anton Lindqvist
May 12, 2019, 2:53:05 PM5/12/19
to syzbot, syzkaller-o...@googlegroups.com
#syz invalid
More reading on the matter for the curious:
https://github.com/google/syzkaller/pull/1171
https://flak.tedunangst.com/post/syzkaller-found-a-bug
More reading on the matter for the curious:
https://github.com/google/syzkaller/pull/1171
https://flak.tedunangst.com/post/syzkaller-found-a-bug
Reply all
Reply to author
Forward
0 new messages