kernel: protection fault trap, code=0 (6)
37 views
Skip to first unread message
syzbot
Sep 11, 2019, 2:05:07 PM9/11/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 067ee7eb Add window_marked_flag, GitHub issue 1887.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1680ba69600000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=1604348b3186fc78d7c6
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+160434...@syzkaller.appspotmail.com
kernel: protection fault trap, code=0
Stopped at pfi_ifhead_RB_REMOVE+0x58: movq 0x10(%r12),%rbx
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
pfi_ifhead_RB_REMOVE(ffffffff8258de90,ffff800000aa1f00) at
pfi_ifhead_RB_REMOVE+0x58 sys/net/pf_if.c:80
pfi_detach_ifgroup(ffff800000a9ec80) at pfi_detach_ifgroup+0x11b
pfi_kif_unref sys/net/pf_if.c:211 [inline]
pfi_detach_ifgroup(ffff800000a9ec80) at pfi_detach_ifgroup+0x11b
sys/net/pf_if.c:298
if_delgroup(ffff800000aab000,ffff800000a9ec80) at if_delgroup+0x1b7
sys/net/if.c:2674
if_detach(ffff800000aab000) at if_detach+0x1c0 sys/net/if.c:1116
tun_clone_destroy(ffff800000aab000) at tun_clone_destroy+0x1c0
sys/net/if_tun.c:278
ifioctl(fffffd803ac8bc50,80206979,ffff800015962500,ffff800014915b40) at
ifioctl+0x3d4 sys/net/if.c:1877
sys_ioctl(ffff800014915b40,ffff800015962618,ffff800015962660) at
sys_ioctl+0x5b9
syscall(ffff8000159626e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff36,0,3,af383adc010) at Xsyscall+0x128
end of kernel
end trace frame: 0xaf637fd3070, count: -9
ddb> show registers
rdi 0xffffffff81e1366b pfi_ifhead_RB_REMOVE+0x2b
rsi 0x148c0 acpi_pdirpa+0x728
rbp 0xffff8000159622e0
rbx 0xdeafbeaddeafbead
rdx 0x148c1 acpi_pdirpa+0x729
rcx 0xffff800015738000
rax 0xffff800000aa1f10
r8 0x101010101010101
r9 0x8080808080808080
r10 0xef30d7a97d50088c
r11 0x47e25df107cdc98
r12 0xdeafbeaddeafbead
r13 0xffff800000ac54e0
r14 0xffff800000aa1f00
r15 0xffffffff8258de90 pfi_ifs
rip 0xffffffff81e13698 pfi_ifhead_RB_REMOVE+0x58
cs 0x8
rflags 0x10282 __ALIGN_SIZE+0xf282
rsp 0xffff800015962280
ss 0x10
pfi_ifhead_RB_REMOVE+0x58: movq 0x10(%r12),%rbx
ddb> show proc
PROC (syz-executor.0) pid=217806 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=71, usrpri=71, nice=20
forw=0xffffffffffffffff, list=0xffff800014914018,0xffffffff8258e3e0
process=0xffff8000ffff77b0 user=0xffff80001595d000,
vmspace=0xfffffd803f013dd0
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
26570 177478 76687 0 2 0 syz-executor.0
*26570 217806 76687 0 7 0x4000000 syz-executor.0
95488 212309 30018 0 3 0x82 nanosleep syz-executor.1
18296 489525 0 0 3 0x14200 acct acct
76687 522403 30018 0 3 0x82 nanosleep syz-executor.0
17322 483042 0 0 3 0x14200 bored sosplice
30018 214572 45823 0 3 0x82 thrsleep syz-fuzzer
30018 335222 45823 0 3 0x4000082 thrsleep syz-fuzzer
30018 111983 45823 0 3 0x4000082 thrsleep syz-fuzzer
30018 125250 45823 0 3 0x4000082 thrsleep syz-fuzzer
30018 100955 45823 0 3 0x4000082 thrsleep syz-fuzzer
30018 400746 45823 0 3 0x4000082 thrsleep syz-fuzzer
30018 340079 45823 0 3 0x4000082 thrsleep syz-fuzzer
30018 319129 45823 0 3 0x4000082 kqread syz-fuzzer
45823 497451 14903 0 3 0x10008a pause ksh
14903 287541 29912 0 3 0x92 select sshd
92032 148136 1 0 3 0x100083 ttyin getty
29912 111989 1 0 3 0x80 select sshd
28778 257393 66358 73 3 0x100090 kqread syslogd
66358 128648 1 0 3 0x100082 netio syslogd
9088 298687 1 77 2 0x100090 dhclient
39602 23853 1 0 3 0x80 poll dhclient
16928 81771 0 0 2 0x14200 zerothread
75325 504849 0 0 3 0x14200 aiodoned aiodoned
54449 40100 0 0 3 0x14200 syncer update
72364 490103 0 0 3 0x14200 cleaner cleaner
24512 188871 0 0 3 0x14200 reaper reaper
32057 340089 0 0 3 0x14200 pgdaemon pagedaemon
77487 339545 0 0 3 0x14200 bored crynlk
5368 496263 0 0 3 0x14200 bored crypto
73140 435144 0 0 3 0x40014200 acpi0 acpi0
63646 109469 0 0 3 0x14200 bored softnet
35869 8625 0 0 3 0x14200 bored systqmp
51467 363651 0 0 3 0x14200 bored systq
76553 444731 0 0 3 0x40014200 bored softclock
81620 484906 0 0 3 0x40014200 idle0
76230 14074 0 0 3 0x14200 bored smr
1 399197 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9590 6393K 7266K 78643K 33274 0 0
pcb 13 8K 8K 78643K 792 0 0
rtable 102 12K 13K 78643K 2277 0 0
ifaddr 85 19K 20K 78643K 764 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 349 0 0
iov 0 0K 32K 78643K 642 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1217 76K 77K 78643K 8684 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 9K 78643K 124 0 0
VM map 2 0K 0K 78643K 12 0 0
sem 12 0K 0K 78643K 908 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 5 13K 25K 78643K 7230 0 0
sigio 0 0K 0K 78643K 486 0 0
proc 50 38K 55K 78643K 1832 0 0
subproc 32 2K 2K 78643K 437 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 632 0 0
in_multi 22 1K 2K 78643K 426 0 0
ether_multi 1 0K 0K 78643K 31 0 0
mrt 2 0K 0K 78643K 24 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 126 556K 556K 78643K 126 0 0
exec 0 0K 1K 78643K 1012 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 124 23K 32K 78643K 22358 0 0
UVM aobj 130 4K 4K 78643K 145 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 752 0 0
NDP 21 0K 1K 78643K 239 0 0
temp 360 3544K 3617K 78643K 128229 0 0
kqueue 0 0K 0K 78643K 49 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 58 0 54 1 0 1 1 0
8 0
rtpcb 80 395 0 393 1 0 1 1 0
8 0
rtentry 112 294 0 259 2 0 2 2 0
8 0
unpcb 120 2733 0 2714 3 2 1 2 0
8 0
syncache 264 4 0 4 1 1 0 1 0
8 0
tcpqe 32 5890 0 5890 1 1 0 1 0
8 0
tcpcb 544 9006 0 9000 45 44 1 3 0
8 0
ipq 40 9 0 9 5 5 0 1 0
8 0
ipqe 40 23 0 23 5 5 0 1 0
8 0
inpcb 280 11725 0 11717 19 18 1 3 0
8 0
rttmr 72 1 0 1 1 1 0 1 0
8 0
nd6 48 50 0 48 1 0 1 1 0
8 0
pkpcb 40 22 0 22 9 9 0 1 0
8 0
swfcl 56 6 0 0 1 0 1 1 0
8 0
ppxss 1128 105 0 105 52 52 0 1 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 1277 0 1105 23 12 11 14 0
8 0
art_table 32 1278 0 1105 2 0 2 2 0
8 0
art_node 16 286 0 255 1 0 1 1 0
8 0
sysvmsgpl 40 57 0 40 2 1 1 1 0
8 0
semapl 112 906 0 896 1 0 1 1 0
8 0
shmpl 112 143 0 15 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 12069 0 10681 46 0 46 46 0
8 0
ffsino 240 12069 0 10681 83 0 83 83 0
8 0
nchpl 144 22779 0 21147 63 2 61 61 0
8 0
uvmvnodes 72 6265 0 0 114 0 114 114 0
8 0
vnodes 208 6265 0 0 330 0 330 330 0
8 0
namei 1024 76998 0 76998 6 5 1 1 0
8 1
vmpool 520 10 0 10 4 4 0 1 0
8 0
scsiplug 64 14 0 14 11 11 0 1 0
8 0
scxspl 192 74210 0 74210 22 21 1 7 0
8 1
plimitpl 152 541 0 534 1 0 1 1 0
8 0
sigapl 432 7332 0 7319 2 0 2 2 0
8 0
futexpl 56 155249 0 155249 6 5 1 1 0
8 1
knotepl 112 2718 0 2699 5 4 1 3 0
8 0
kqueuepl 104 4227 0 4225 1 0 1 1 0
8 0
pipepl 112 4312 0 4293 16 15 1 2 0
8 0
fdescpl 424 7333 0 7319 2 0 2 2 0
8 0
filepl 120 58247 0 58151 26 22 4 6 0
8 1
lockfpl 104 1931 0 1930 1 0 1 1 0
8 0
lockfspl 48 654 0 653 1 0 1 1 0
8 0
sessionpl 112 40 0 30 1 0 1 1 0
8 0
pgrppl 48 114 0 104 1 0 1 1 0
8 0
ucredpl 96 7457 0 7450 1 0 1 1 0
8 0
zombiepl 144 7321 0 7320 3 2 1 1 0
8 0
processpl 864 7351 0 7320 4 0 4 4 0
8 0
procpl 632 20534 0 20495 9 4 5 5 0
8 0
sosppl 128 93 0 93 30 30 0 1 0
8 0
sockpl 384 14955 0 14926 47 43 4 6 0
8 0
mcl64k 65536 3192 0 3192 215 215 0 33 0
8 0
mcl16k 16384 272 0 272 46 46 0 1 0
8 0
mcl12k 12288 299 0 299 38 38 0 1 0
8 0
mcl9k 9216 164 0 164 51 51 0 1 0
8 0
mcl8k 8192 1189 0 1189 5 4 1 1 0
8 1
mcl4k 4096 846 0 846 11 10 1 1 0
8 1
mcl2k2 2112 32 0 32 20 20 0 1 0
8 0
mcl2k 2048 75398 0 75352 55 48 7 17 0
8 0
mtagpl 80 140 0 139 9 8 1 1 0
8 0
mbufpl 256 204939 0 204858 161 144 17 39 0
8 0
bufpl 256 23734 0 17456 393 0 393 393 0
8 0
anonpl 16 744880 0 729876 372 308 64 103 0
62 0
amapchunkpl 152 42460 0 42354 135 129 6 34 0
158 0
amappl16 192 40836 0 39997 355 312 43 55 0
8 0
amappl15 184 265 0 265 5 5 0 1 0
8 0
amappl14 176 708 0 704 2 1 1 1 0
8 0
amappl13 168 1424 0 1422 4 3 1 1 0
8 0
amappl12 160 76 0 73 1 0 1 1 0
8 0
amappl11 152 812 0 800 1 0 1 1 0
8 0
amappl10 144 1127 0 1126 4 3 1 1 0
8 0
amappl9 136 1637 0 1631 1 0 1 1 0
8 0
amappl8 128 1228 0 1185 4 2 2 2 0
8 0
amappl7 120 1250 0 1243 1 0 1 1 0
8 0
amappl6 112 787 0 775 1 0 1 1 0
8 0
amappl5 104 995 0 985 1 0 1 1 0
8 0
amappl4 96 7467 0 7437 1 0 1 1 0
8 0
amappl3 88 1473 0 1467 1 0 1 1 0
8 0
amappl2 80 59183 0 59114 4 2 2 3 0
8 0
amappl1 72 151714 0 151313 28 19 9 20 0
8 0
amappl 80 21102 0 21066 3 1 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 144 0 15 3 0 3 3 0
8 0
uaddrrnd 24 7343 0 7319 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 7343 0 7319 1 0 1 1 0
8 0
vmmpekpl 168 57928 0 57898 2 0 2 2 0
8 0
vmmpepl 168 888090 0 886186 645 553 92 118 0
357 0
vmsppl 272 7332 0 7319 9 8 1 2 0
8 0
pdppl 4096 14692 0 14658 6 1 5 6 0
8 0
pvpl 32 2085107 0 2066907 936 782 154 340 0
265 4
pmappl 200 7342 0 7329 1 0 1 1 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 1064 0 539 18 1 17 17 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 067ee7eb Add window_marked_flag, GitHub issue 1887.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1680ba69600000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=1604348b3186fc78d7c6
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+160434...@syzkaller.appspotmail.com
kernel: protection fault trap, code=0
Stopped at pfi_ifhead_RB_REMOVE+0x58: movq 0x10(%r12),%rbx
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
pfi_ifhead_RB_REMOVE(ffffffff8258de90,ffff800000aa1f00) at
pfi_ifhead_RB_REMOVE+0x58 sys/net/pf_if.c:80
pfi_detach_ifgroup(ffff800000a9ec80) at pfi_detach_ifgroup+0x11b
pfi_kif_unref sys/net/pf_if.c:211 [inline]
pfi_detach_ifgroup(ffff800000a9ec80) at pfi_detach_ifgroup+0x11b
sys/net/pf_if.c:298
if_delgroup(ffff800000aab000,ffff800000a9ec80) at if_delgroup+0x1b7
sys/net/if.c:2674
if_detach(ffff800000aab000) at if_detach+0x1c0 sys/net/if.c:1116
tun_clone_destroy(ffff800000aab000) at tun_clone_destroy+0x1c0
sys/net/if_tun.c:278
ifioctl(fffffd803ac8bc50,80206979,ffff800015962500,ffff800014915b40) at
ifioctl+0x3d4 sys/net/if.c:1877
sys_ioctl(ffff800014915b40,ffff800015962618,ffff800015962660) at
sys_ioctl+0x5b9
syscall(ffff8000159626e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff36,0,3,af383adc010) at Xsyscall+0x128
end of kernel
end trace frame: 0xaf637fd3070, count: -9
ddb> show registers
rdi 0xffffffff81e1366b pfi_ifhead_RB_REMOVE+0x2b
rsi 0x148c0 acpi_pdirpa+0x728
rbp 0xffff8000159622e0
rbx 0xdeafbeaddeafbead
rdx 0x148c1 acpi_pdirpa+0x729
rcx 0xffff800015738000
rax 0xffff800000aa1f10
r8 0x101010101010101
r9 0x8080808080808080
r10 0xef30d7a97d50088c
r11 0x47e25df107cdc98
r12 0xdeafbeaddeafbead
r13 0xffff800000ac54e0
r14 0xffff800000aa1f00
r15 0xffffffff8258de90 pfi_ifs
rip 0xffffffff81e13698 pfi_ifhead_RB_REMOVE+0x58
cs 0x8
rflags 0x10282 __ALIGN_SIZE+0xf282
rsp 0xffff800015962280
ss 0x10
pfi_ifhead_RB_REMOVE+0x58: movq 0x10(%r12),%rbx
ddb> show proc
PROC (syz-executor.0) pid=217806 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=71, usrpri=71, nice=20
forw=0xffffffffffffffff, list=0xffff800014914018,0xffffffff8258e3e0
process=0xffff8000ffff77b0 user=0xffff80001595d000,
vmspace=0xfffffd803f013dd0
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
26570 177478 76687 0 2 0 syz-executor.0
*26570 217806 76687 0 7 0x4000000 syz-executor.0
95488 212309 30018 0 3 0x82 nanosleep syz-executor.1
18296 489525 0 0 3 0x14200 acct acct
76687 522403 30018 0 3 0x82 nanosleep syz-executor.0
17322 483042 0 0 3 0x14200 bored sosplice
30018 214572 45823 0 3 0x82 thrsleep syz-fuzzer
30018 335222 45823 0 3 0x4000082 thrsleep syz-fuzzer
30018 111983 45823 0 3 0x4000082 thrsleep syz-fuzzer
30018 125250 45823 0 3 0x4000082 thrsleep syz-fuzzer
30018 100955 45823 0 3 0x4000082 thrsleep syz-fuzzer
30018 400746 45823 0 3 0x4000082 thrsleep syz-fuzzer
30018 340079 45823 0 3 0x4000082 thrsleep syz-fuzzer
30018 319129 45823 0 3 0x4000082 kqread syz-fuzzer
45823 497451 14903 0 3 0x10008a pause ksh
14903 287541 29912 0 3 0x92 select sshd
92032 148136 1 0 3 0x100083 ttyin getty
29912 111989 1 0 3 0x80 select sshd
28778 257393 66358 73 3 0x100090 kqread syslogd
66358 128648 1 0 3 0x100082 netio syslogd
9088 298687 1 77 2 0x100090 dhclient
39602 23853 1 0 3 0x80 poll dhclient
16928 81771 0 0 2 0x14200 zerothread
75325 504849 0 0 3 0x14200 aiodoned aiodoned
54449 40100 0 0 3 0x14200 syncer update
72364 490103 0 0 3 0x14200 cleaner cleaner
24512 188871 0 0 3 0x14200 reaper reaper
32057 340089 0 0 3 0x14200 pgdaemon pagedaemon
77487 339545 0 0 3 0x14200 bored crynlk
5368 496263 0 0 3 0x14200 bored crypto
73140 435144 0 0 3 0x40014200 acpi0 acpi0
63646 109469 0 0 3 0x14200 bored softnet
35869 8625 0 0 3 0x14200 bored systqmp
51467 363651 0 0 3 0x14200 bored systq
76553 444731 0 0 3 0x40014200 bored softclock
81620 484906 0 0 3 0x40014200 idle0
76230 14074 0 0 3 0x14200 bored smr
1 399197 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9590 6393K 7266K 78643K 33274 0 0
pcb 13 8K 8K 78643K 792 0 0
rtable 102 12K 13K 78643K 2277 0 0
ifaddr 85 19K 20K 78643K 764 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 349 0 0
iov 0 0K 32K 78643K 642 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1217 76K 77K 78643K 8684 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 9K 78643K 124 0 0
VM map 2 0K 0K 78643K 12 0 0
sem 12 0K 0K 78643K 908 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 5 13K 25K 78643K 7230 0 0
sigio 0 0K 0K 78643K 486 0 0
proc 50 38K 55K 78643K 1832 0 0
subproc 32 2K 2K 78643K 437 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 632 0 0
in_multi 22 1K 2K 78643K 426 0 0
ether_multi 1 0K 0K 78643K 31 0 0
mrt 2 0K 0K 78643K 24 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 126 556K 556K 78643K 126 0 0
exec 0 0K 1K 78643K 1012 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 124 23K 32K 78643K 22358 0 0
UVM aobj 130 4K 4K 78643K 145 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 752 0 0
NDP 21 0K 1K 78643K 239 0 0
temp 360 3544K 3617K 78643K 128229 0 0
kqueue 0 0K 0K 78643K 49 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 58 0 54 1 0 1 1 0
8 0
rtpcb 80 395 0 393 1 0 1 1 0
8 0
rtentry 112 294 0 259 2 0 2 2 0
8 0
unpcb 120 2733 0 2714 3 2 1 2 0
8 0
syncache 264 4 0 4 1 1 0 1 0
8 0
tcpqe 32 5890 0 5890 1 1 0 1 0
8 0
tcpcb 544 9006 0 9000 45 44 1 3 0
8 0
ipq 40 9 0 9 5 5 0 1 0
8 0
ipqe 40 23 0 23 5 5 0 1 0
8 0
inpcb 280 11725 0 11717 19 18 1 3 0
8 0
rttmr 72 1 0 1 1 1 0 1 0
8 0
nd6 48 50 0 48 1 0 1 1 0
8 0
pkpcb 40 22 0 22 9 9 0 1 0
8 0
swfcl 56 6 0 0 1 0 1 1 0
8 0
ppxss 1128 105 0 105 52 52 0 1 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 1277 0 1105 23 12 11 14 0
8 0
art_table 32 1278 0 1105 2 0 2 2 0
8 0
art_node 16 286 0 255 1 0 1 1 0
8 0
sysvmsgpl 40 57 0 40 2 1 1 1 0
8 0
semapl 112 906 0 896 1 0 1 1 0
8 0
shmpl 112 143 0 15 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 12069 0 10681 46 0 46 46 0
8 0
ffsino 240 12069 0 10681 83 0 83 83 0
8 0
nchpl 144 22779 0 21147 63 2 61 61 0
8 0
uvmvnodes 72 6265 0 0 114 0 114 114 0
8 0
vnodes 208 6265 0 0 330 0 330 330 0
8 0
namei 1024 76998 0 76998 6 5 1 1 0
8 1
vmpool 520 10 0 10 4 4 0 1 0
8 0
scsiplug 64 14 0 14 11 11 0 1 0
8 0
scxspl 192 74210 0 74210 22 21 1 7 0
8 1
plimitpl 152 541 0 534 1 0 1 1 0
8 0
sigapl 432 7332 0 7319 2 0 2 2 0
8 0
futexpl 56 155249 0 155249 6 5 1 1 0
8 1
knotepl 112 2718 0 2699 5 4 1 3 0
8 0
kqueuepl 104 4227 0 4225 1 0 1 1 0
8 0
pipepl 112 4312 0 4293 16 15 1 2 0
8 0
fdescpl 424 7333 0 7319 2 0 2 2 0
8 0
filepl 120 58247 0 58151 26 22 4 6 0
8 1
lockfpl 104 1931 0 1930 1 0 1 1 0
8 0
lockfspl 48 654 0 653 1 0 1 1 0
8 0
sessionpl 112 40 0 30 1 0 1 1 0
8 0
pgrppl 48 114 0 104 1 0 1 1 0
8 0
ucredpl 96 7457 0 7450 1 0 1 1 0
8 0
zombiepl 144 7321 0 7320 3 2 1 1 0
8 0
processpl 864 7351 0 7320 4 0 4 4 0
8 0
procpl 632 20534 0 20495 9 4 5 5 0
8 0
sosppl 128 93 0 93 30 30 0 1 0
8 0
sockpl 384 14955 0 14926 47 43 4 6 0
8 0
mcl64k 65536 3192 0 3192 215 215 0 33 0
8 0
mcl16k 16384 272 0 272 46 46 0 1 0
8 0
mcl12k 12288 299 0 299 38 38 0 1 0
8 0
mcl9k 9216 164 0 164 51 51 0 1 0
8 0
mcl8k 8192 1189 0 1189 5 4 1 1 0
8 1
mcl4k 4096 846 0 846 11 10 1 1 0
8 1
mcl2k2 2112 32 0 32 20 20 0 1 0
8 0
mcl2k 2048 75398 0 75352 55 48 7 17 0
8 0
mtagpl 80 140 0 139 9 8 1 1 0
8 0
mbufpl 256 204939 0 204858 161 144 17 39 0
8 0
bufpl 256 23734 0 17456 393 0 393 393 0
8 0
anonpl 16 744880 0 729876 372 308 64 103 0
62 0
amapchunkpl 152 42460 0 42354 135 129 6 34 0
158 0
amappl16 192 40836 0 39997 355 312 43 55 0
8 0
amappl15 184 265 0 265 5 5 0 1 0
8 0
amappl14 176 708 0 704 2 1 1 1 0
8 0
amappl13 168 1424 0 1422 4 3 1 1 0
8 0
amappl12 160 76 0 73 1 0 1 1 0
8 0
amappl11 152 812 0 800 1 0 1 1 0
8 0
amappl10 144 1127 0 1126 4 3 1 1 0
8 0
amappl9 136 1637 0 1631 1 0 1 1 0
8 0
amappl8 128 1228 0 1185 4 2 2 2 0
8 0
amappl7 120 1250 0 1243 1 0 1 1 0
8 0
amappl6 112 787 0 775 1 0 1 1 0
8 0
amappl5 104 995 0 985 1 0 1 1 0
8 0
amappl4 96 7467 0 7437 1 0 1 1 0
8 0
amappl3 88 1473 0 1467 1 0 1 1 0
8 0
amappl2 80 59183 0 59114 4 2 2 3 0
8 0
amappl1 72 151714 0 151313 28 19 9 20 0
8 0
amappl 80 21102 0 21066 3 1 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 144 0 15 3 0 3 3 0
8 0
uaddrrnd 24 7343 0 7319 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 7343 0 7319 1 0 1 1 0
8 0
vmmpekpl 168 57928 0 57898 2 0 2 2 0
8 0
vmmpepl 168 888090 0 886186 645 553 92 118 0
357 0
vmsppl 272 7332 0 7319 9 8 1 2 0
8 0
pdppl 4096 14692 0 14658 6 1 5 6 0
8 0
pvpl 32 2085107 0 2066907 936 782 154 340 0
265 4
pmappl 200 7342 0 7329 1 0 1 1 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 1064 0 539 18 1 17 17 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Sep 22, 2019, 7:55:07 AM9/22/19
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 3a973d31 Apply a patch from upstream to avoid triggering a..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=12f03f09600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+160434...@syzkaller.appspotmail.com
login: kernel: protection fault trap, code=0
Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx
sys/kern/subr_pool.c:844
pool_put(ffffffff82570990,fffffd80321b5b00) at pool_put+0x4b
sys/kern/subr_pool.c:802
m_free(fffffd80321b5b00) at m_free+0x119 sys/kern/uipc_mbuf.c:459
rt_ifa_del(ffff8000006a0b00,800100,ffff8000006a0b58,0) at rt_ifa_del+0x436
sys/net/route.c:1201
in_purgeaddr(ffff8000006a0b00) at in_purgeaddr+0xc6 in_remove_prefix
sys/netinet/in.c:738 [inline]
in_purgeaddr(ffff8000006a0b00) at in_purgeaddr+0xc6 in_ifscrub
sys/netinet/in.c:562 [inline]
in_purgeaddr(ffff8000006a0b00) at in_purgeaddr+0xc6 sys/netinet/in.c:678
in_ifinit(ffff800000a61800,ffff8000006a0b00,ffff800014918a60,1) at
in_ifinit+0x234 sys/netinet/in.c:664
in_ioctl_sifaddr(8020690c,ffff800014918a50,ffff800000a61800,1) at
in_ioctl_sifaddr+0x208 sys/netinet/in.c:360
in_ioctl(8020690c,ffff800014918a50,ffff800000a61800,1) at in_ioctl+0x1e7
sys/netinet/in.c:231
ifioctl(fffffd803d41f600,8020690c,ffff800014918a50,ffff8000ffff8770) at
ifioctl+0xb34 sys/net/if.c:2202
sys_ioctl(ffff8000ffff8770,ffff800014918b68,ffff800014918bb0) at
sys_ioctl+0x5b9
syscall(ffff800014918c30) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff36,0,3,c4e67bf010) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd3560, count: -12
ddb> show registers
rdi 0
rsi 0x6afcae9f15153fe
rbp 0xffff800014918590
rbx 0x6afcae9f15153fe
rdx 0xffff8000149184e0
rcx 0x1000 __ALIGN_SIZE
rax 0xfffffd80321b6000
r8 0x4
r9 0x5
r10 0x7034afd661193270
r11 0xa6ef98b515bde138
r12 0xfffffd80321b5b00
r13 0x6afcae9f15153fe
r14 0xffffffff82570990 mbpool
r15 0xfffffd803143d7f0
rip 0xffffffff81284e3e pool_do_put+0x12e
cs 0x8
rflags 0x10292 __ALIGN_SIZE+0xf292
rsp 0xffff8000149184e0
ss 0x10
pool_do_put+0x12e: movq 0x8(%rbx),%rbx
ddb> show proc
PROC (syz-executor.0) pid=391133 stat=onproc
flags process=0 proc=0
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff8008,0xffffffff825832a0
process=0xffff8000148a2378 user=0xffff800014913000,
vmspace=0xfffffd803f013330
estcpu=12, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
61652 218955 29778 0 3 0x82 nanosleep syz-executor.0
29778 99187 22817 0 3 0x82 thrsleep syz-execprog
29778 489069 22817 0 3 0x4000082 nanosleep syz-execprog
29778 311515 22817 0 3 0x4000082 thrsleep syz-execprog
29778 408849 22817 0 3 0x4000082 thrsleep syz-execprog
29778 119639 22817 0 3 0x4000082 kqread syz-execprog
29778 331825 22817 0 3 0x4000082 thrsleep syz-execprog
29778 249520 22817 0 3 0x4000082 thrsleep syz-execprog
22817 427669 6271 0 3 0x10008a pause ksh
6271 450282 28762 0 3 0x92 select sshd
24475 285866 1 0 3 0x100083 ttyin getty
28762 422007 1 0 3 0x80 select sshd
72162 185877 86250 73 3 0x100090 kqread syslogd
86250 371959 1 0 3 0x100082 netio syslogd
7254 309371 1 77 3 0x100090 poll dhclient
66064 273440 1 0 3 0x80 poll dhclient
5295 175421 0 0 2 0x14200 zerothread
87944 376499 0 0 3 0x14200 aiodoned aiodoned
78830 81274 0 0 3 0x14200 syncer update
1893 130764 0 0 3 0x14200 cleaner cleaner
54119 381258 0 0 3 0x14200 reaper reaper
98222 481681 0 0 3 0x14200 pgdaemon pagedaemon
79249 490311 0 0 3 0x14200 bored crynlk
60266 469793 0 0 3 0x14200 bored crypto
66755 420439 0 0 3 0x40014200 acpi0 acpi0
53235 150339 0 0 3 0x14200 bored softnet
47944 113774 0 0 3 0x14200 bored systqmp
4244 279117 0 0 3 0x14200 bored systq
36971 143300 0 0 3 0x40014200 bored softclock
37020 460085 0 0 3 0x40014200 idle0
44164 20430 0 0 3 0x14200 bored smr
1 363440 0 0 3 0x82 wait init
pcb 13 8K 8K 78643K 13 0 0
rtable 77 2K 2K 78643K 155 0 0
ifaddr 29 8K 8K 78643K 29 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 2 0K 0K 78643K 2 0 0
proc 47 38K 54K 78643K 307 0 0
ether_multi 1 0K 0K 78643K 1 0 0
exec 0 0K 1K 78643K 172 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
temp 39 3517K 3581K 78643K 3059 0 0
8 0
rtpcb 80 17 0 15 1 0 1 1 0
8 0
rtentry 112 34 0 4 1 0 1 1 0
8 0
unpcb 120 29 0 20 1 0 1 1 0
8 0
syncache 264 5 0 5 1 0 1 1 0
8 1
tcpcb 544 8 0 5 1 0 1 1 0
8 0
inpcb 280 28 0 21 1 0 1 1 0
8 0
nd6 48 2 0 0 1 0 1 1 0
8 0
8 0
art_table 32 168 0 2 2 0 2 2 0
8 0
art_node 16 33 0 6 1 0 1 1 0
8 0
ffsino 240 1414 0 20 83 0 83 83 0
8 0
nchpl 144 1655 0 51 60 0 60 60 0
8 0
uvmvnodes 72 1423 0 0 26 0 26 26 0
8 0
vnodes 208 1423 0 0 75 0 75 75 0
8 0
namei 1024 3843 0 3843 2 1 1 1 0
8 1
scxspl 192 4128 0 4128 8 1 7 7 0
8 7
plimitpl 152 14 0 8 1 0 1 1 0
8 0
sigapl 432 198 0 186 2 0 2 2 0
8 0
knotepl 112 39 0 28 1 0 1 1 0
8 0
kqueuepl 104 2 0 0 1 0 1 1 0
8 0
pipepl 112 138 0 125 2 1 1 1 0
8 0
fdescpl 424 199 0 186 2 0 2 2 0
8 0
filepl 120 981 0 926 2 0 2 2 0
8 0
lockfpl 104 5 0 4 1 0 1 1 0
8 0
lockfspl 48 3 0 2 1 0 1 1 0
8 0
sessionpl 112 18 0 9 1 0 1 1 0
8 0
pgrppl 48 18 0 9 1 0 1 1 0
8 0
ucredpl 96 47 0 40 1 0 1 1 0
8 0
zombiepl 144 186 0 186 2 1 1 1 0
8 1
processpl 864 213 0 186 4 0 4 4 0
8 0
procpl 632 219 0 186 3 0 3 3 0
8 0
sockpl 384 74 0 56 2 0 2 2 0
8 0
mcl4k 4096 10 0 10 1 0 1 1 0
8 1
mcl2k 2048 5480 0 5442 8 2 6 8 0
8 0
mtagpl 80 2 0 2 1 1 0 1 0
8 0
mbufpl 256 9483 0 9430 10 4 6 6 0
8 1
mbufpl: pool(0xffffffff82570990:mbufpl): free list modified: page
0xfffffd80321b5000; item ordinal 6; addr 0xfffffd80321b5c00 (p
0xfffffd803143d000); offset 0x0=0x0
pool(mbufpl): free list modified: page 0xfffffd80321b5000; item ordinal 6;
addr 0xfffffd80321b5c00 (p 0xfffffd803143d000); offset 0x0=0x0
mbufpl: pool(0xffffffff82570990:mbufpl): page inconsistency: page
0xfffffd80321b5000; item ordinal 7; addr 0x6afcae9f15153fe
bufpl 256 5786 0 1328 279 0 279 279 0
8 0
anonpl 16 20177 0 18694 15 2 13 13 0
62 6
amapchunkpl 152 802 0 742 5 0 5 5 0
158 2
amappl16 192 136 0 105 2 0 2 2 0
8 0
amappl15 184 1 0 0 1 0 1 1 0
8 0
amappl14 176 23 0 19 2 1 1 1 0
8 0
amappl12 160 7 0 6 1 0 1 1 0
8 0
amappl11 152 46 0 35 1 0 1 1 0
8 0
amappl10 144 12 0 10 2 1 1 1 0
8 0
amappl9 136 412 0 407 1 0 1 1 0
8 0
amappl8 128 110 0 101 1 0 1 1 0
8 0
amappl7 120 29 0 27 1 0 1 1 0
8 0
amappl6 112 73 0 64 1 0 1 1 0
8 0
amappl5 104 139 0 129 1 0 1 1 0
8 0
amappl4 96 431 0 404 1 0 1 1 0
8 0
amappl3 88 115 0 110 1 0 1 1 0
8 0
amappl2 80 841 0 785 4 1 3 3 0
8 1
amappl1 72 13313 0 12920 26 8 18 20 0
8 8
amappl 80 420 0 394 1 0 1 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
8 0
uaddrrnd 24 199 0 186 1 0 1 1 0
8 0
vmmpekpl 168 6192 0 6177 1 0 1 1 0
8 0
vmmpepl 168 28936 0 28069 88 12 76 76 0 357
38
vmsppl 272 198 0 186 1 0 1 1 0
8 0
pdppl 4096 404 0 372 5 0 5 5 0
8 0
pvpl 32 103209 0 99452 117 4 113 113 0 265
81
pmappl 200 198 0 186 1 0 1 1 0
8 0
HEAD commit: 3a973d31 Apply a patch from upstream to avoid triggering a..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=12f03f09600000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=1604348b3186fc78d7c6
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10ad3f3d600000
dashboard link: https://syzkaller.appspot.com/bug?extid=1604348b3186fc78d7c6
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+160434...@syzkaller.appspotmail.com
Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
pool_do_put(ffffffff82570990,fffffd80321b5b00) at pool_do_put+0x12e
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
sys/kern/subr_pool.c:844
pool_put(ffffffff82570990,fffffd80321b5b00) at pool_put+0x4b
sys/kern/subr_pool.c:802
m_free(fffffd80321b5b00) at m_free+0x119 sys/kern/uipc_mbuf.c:459
rt_ifa_del(ffff8000006a0b00,800100,ffff8000006a0b58,0) at rt_ifa_del+0x436
sys/net/route.c:1201
in_purgeaddr(ffff8000006a0b00) at in_purgeaddr+0xc6 in_remove_prefix
sys/netinet/in.c:738 [inline]
in_purgeaddr(ffff8000006a0b00) at in_purgeaddr+0xc6 in_ifscrub
sys/netinet/in.c:562 [inline]
in_purgeaddr(ffff8000006a0b00) at in_purgeaddr+0xc6 sys/netinet/in.c:678
in_ifinit(ffff800000a61800,ffff8000006a0b00,ffff800014918a60,1) at
in_ifinit+0x234 sys/netinet/in.c:664
in_ioctl_sifaddr(8020690c,ffff800014918a50,ffff800000a61800,1) at
in_ioctl_sifaddr+0x208 sys/netinet/in.c:360
in_ioctl(8020690c,ffff800014918a50,ffff800000a61800,1) at in_ioctl+0x1e7
sys/netinet/in.c:231
ifioctl(fffffd803d41f600,8020690c,ffff800014918a50,ffff8000ffff8770) at
ifioctl+0xb34 sys/net/if.c:2202
sys_ioctl(ffff8000ffff8770,ffff800014918b68,ffff800014918bb0) at
sys_ioctl+0x5b9
syscall(ffff800014918c30) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff36,0,3,c4e67bf010) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd3560, count: -12
ddb> show registers
rdi 0
rsi 0x6afcae9f15153fe
rbp 0xffff800014918590
rbx 0x6afcae9f15153fe
rdx 0xffff8000149184e0
rcx 0x1000 __ALIGN_SIZE
rax 0xfffffd80321b6000
r8 0x4
r9 0x5
r10 0x7034afd661193270
r11 0xa6ef98b515bde138
r12 0xfffffd80321b5b00
r13 0x6afcae9f15153fe
r14 0xffffffff82570990 mbpool
r15 0xfffffd803143d7f0
rip 0xffffffff81284e3e pool_do_put+0x12e
cs 0x8
rflags 0x10292 __ALIGN_SIZE+0xf292
rsp 0xffff8000149184e0
ss 0x10
pool_do_put+0x12e: movq 0x8(%rbx),%rbx
ddb> show proc
PROC (syz-executor.0) pid=391133 stat=onproc
flags process=0 proc=0
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff8008,0xffffffff825832a0
process=0xffff8000148a2378 user=0xffff800014913000,
vmspace=0xfffffd803f013330
estcpu=12, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*37706 391133 61652 0 7 0 syz-executor.0
PID TID PPID UID S FLAGS WAIT COMMAND
61652 218955 29778 0 3 0x82 nanosleep syz-executor.0
29778 99187 22817 0 3 0x82 thrsleep syz-execprog
29778 489069 22817 0 3 0x4000082 nanosleep syz-execprog
29778 311515 22817 0 3 0x4000082 thrsleep syz-execprog
29778 408849 22817 0 3 0x4000082 thrsleep syz-execprog
29778 119639 22817 0 3 0x4000082 kqread syz-execprog
29778 331825 22817 0 3 0x4000082 thrsleep syz-execprog
29778 249520 22817 0 3 0x4000082 thrsleep syz-execprog
22817 427669 6271 0 3 0x10008a pause ksh
6271 450282 28762 0 3 0x92 select sshd
24475 285866 1 0 3 0x100083 ttyin getty
28762 422007 1 0 3 0x80 select sshd
72162 185877 86250 73 3 0x100090 kqread syslogd
86250 371959 1 0 3 0x100082 netio syslogd
7254 309371 1 77 3 0x100090 poll dhclient
66064 273440 1 0 3 0x80 poll dhclient
5295 175421 0 0 2 0x14200 zerothread
87944 376499 0 0 3 0x14200 aiodoned aiodoned
78830 81274 0 0 3 0x14200 syncer update
1893 130764 0 0 3 0x14200 cleaner cleaner
54119 381258 0 0 3 0x14200 reaper reaper
98222 481681 0 0 3 0x14200 pgdaemon pagedaemon
79249 490311 0 0 3 0x14200 bored crynlk
60266 469793 0 0 3 0x14200 bored crypto
66755 420439 0 0 3 0x40014200 acpi0 acpi0
53235 150339 0 0 3 0x14200 bored softnet
47944 113774 0 0 3 0x14200 bored systqmp
4244 279117 0 0 3 0x14200 bored systq
36971 143300 0 0 3 0x40014200 bored softclock
37020 460085 0 0 3 0x40014200 idle0
44164 20430 0 0 3 0x14200 bored smr
1 363440 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9433 6310K 6310K 78643K 10526 0 0
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
pcb 13 8K 8K 78643K 13 0 0
rtable 77 2K 2K 78643K 155 0 0
ifaddr 29 8K 8K 78643K 29 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 14 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1180 74K 74K 78643K 1185 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 1K 78643K 2 0 0
UFS mount 5 36K 36K 78643K 5 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 2 0K 0K 78643K 2 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 3 8K 12K 78643K 19 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
proc 47 38K 54K 78643K 307 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
in_multi 22 1K 1K 78643K 22 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ether_multi 1 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 18 79K 79K 78643K 18 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
exec 0 0K 1K 78643K 172 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 65 11K 11K 78643K 844 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
NDP 6 0K 0K 78643K 6 0 0
crypto data 1 1K 1K 78643K 1 0 0
temp 39 3517K 3581K 78643K 3059 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 4 0 1 1 0 1 1 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
8 0
rtpcb 80 17 0 15 1 0 1 1 0
8 0
rtentry 112 34 0 4 1 0 1 1 0
8 0
unpcb 120 29 0 20 1 0 1 1 0
8 0
syncache 264 5 0 5 1 0 1 1 0
8 1
tcpcb 544 8 0 5 1 0 1 1 0
8 0
inpcb 280 28 0 21 1 0 1 1 0
8 0
nd6 48 2 0 0 1 0 1 1 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 167 0 2 11 0 11 11 0
8 0
8 0
art_table 32 168 0 2 2 0 2 2 0
8 0
art_node 16 33 0 6 1 0 1 1 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 1414 0 20 45 0 45 45 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
8 0
ffsino 240 1414 0 20 83 0 83 83 0
8 0
nchpl 144 1655 0 51 60 0 60 60 0
8 0
uvmvnodes 72 1423 0 0 26 0 26 26 0
8 0
vnodes 208 1423 0 0 75 0 75 75 0
8 0
namei 1024 3843 0 3843 2 1 1 1 0
8 1
scxspl 192 4128 0 4128 8 1 7 7 0
8 7
plimitpl 152 14 0 8 1 0 1 1 0
8 0
sigapl 432 198 0 186 2 0 2 2 0
8 0
knotepl 112 39 0 28 1 0 1 1 0
8 0
kqueuepl 104 2 0 0 1 0 1 1 0
8 0
pipepl 112 138 0 125 2 1 1 1 0
8 0
fdescpl 424 199 0 186 2 0 2 2 0
8 0
filepl 120 981 0 926 2 0 2 2 0
8 0
lockfpl 104 5 0 4 1 0 1 1 0
8 0
lockfspl 48 3 0 2 1 0 1 1 0
8 0
sessionpl 112 18 0 9 1 0 1 1 0
8 0
pgrppl 48 18 0 9 1 0 1 1 0
8 0
ucredpl 96 47 0 40 1 0 1 1 0
8 0
zombiepl 144 186 0 186 2 1 1 1 0
8 1
processpl 864 213 0 186 4 0 4 4 0
8 0
procpl 632 219 0 186 3 0 3 3 0
8 0
sockpl 384 74 0 56 2 0 2 2 0
8 0
mcl4k 4096 10 0 10 1 0 1 1 0
8 1
mcl2k 2048 5480 0 5442 8 2 6 8 0
8 0
mtagpl 80 2 0 2 1 1 0 1 0
8 0
mbufpl 256 9483 0 9430 10 4 6 6 0
8 1
mbufpl: pool(0xffffffff82570990:mbufpl): free list modified: page
0xfffffd80321b5000; item ordinal 6; addr 0xfffffd80321b5c00 (p
0xfffffd803143d000); offset 0x0=0x0
pool(mbufpl): free list modified: page 0xfffffd80321b5000; item ordinal 6;
addr 0xfffffd80321b5c00 (p 0xfffffd803143d000); offset 0x0=0x0
mbufpl: pool(0xffffffff82570990:mbufpl): page inconsistency: page
0xfffffd80321b5000; item ordinal 7; addr 0x6afcae9f15153fe
bufpl 256 5786 0 1328 279 0 279 279 0
8 0
anonpl 16 20177 0 18694 15 2 13 13 0
62 6
amapchunkpl 152 802 0 742 5 0 5 5 0
158 2
amappl16 192 136 0 105 2 0 2 2 0
8 0
amappl15 184 1 0 0 1 0 1 1 0
8 0
amappl14 176 23 0 19 2 1 1 1 0
8 0
amappl12 160 7 0 6 1 0 1 1 0
8 0
amappl11 152 46 0 35 1 0 1 1 0
8 0
amappl10 144 12 0 10 2 1 1 1 0
8 0
amappl9 136 412 0 407 1 0 1 1 0
8 0
amappl8 128 110 0 101 1 0 1 1 0
8 0
amappl7 120 29 0 27 1 0 1 1 0
8 0
amappl6 112 73 0 64 1 0 1 1 0
8 0
amappl5 104 139 0 129 1 0 1 1 0
8 0
amappl4 96 431 0 404 1 0 1 1 0
8 0
amappl3 88 115 0 110 1 0 1 1 0
8 0
amappl2 80 841 0 785 4 1 3 3 0
8 1
amappl1 72 13313 0 12920 26 8 18 20 0
8 8
amappl 80 420 0 394 1 0 1 1 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 1 0 0 1 0 1 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
8 0
uaddrrnd 24 199 0 186 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 199 0 186 1 0 1 1 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
8 0
vmmpekpl 168 6192 0 6177 1 0 1 1 0
8 0
vmmpepl 168 28936 0 28069 88 12 76 76 0 357
38
vmsppl 272 198 0 186 1 0 1 1 0
8 0
pdppl 4096 404 0 372 5 0 5 5 0
8 0
pvpl 32 103209 0 99452 117 4 113 113 0 265
81
pmappl 200 198 0 186 1 0 1 1 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 407 0 9 12 0 12 12 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
8 0
syzbot
Nov 14, 2019, 9:18:10 PM11/14/19
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 3d133dcf Change window-size default from smallest to latest.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13bae254e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13c8cb3ae00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+160434...@syzkaller.appspotmail.com
login: kernel: protection fault trap, code=0
Stopped at amap_pp_adjref+0x2ec: movl 0(%r15,%rax,4),%r14d
pp_getreflen sys/uvm/uvm_amap.c:203 [inline]
amap_pp_adjref(fffffd803cdf18c0,7f0,200,1) at amap_pp_adjref+0x2ec
sys/uvm/uvm_amap.c:832
uvm_mapent_clone(ffff8000006a2400,0,200000,7f0000,7,7) at
uvm_mapent_clone+0x14c sys/uvm/uvm_map.c:3733
uvm_share(ffff8000006a2400,0,7,fffffd803f011880,20800000,200000) at
uvm_share+0x4b4 uvm_mapent_share sys/uvm/uvm_map.c:3767 [inline]
uvm_share(ffff8000006a2400,0,7,fffffd803f011880,20800000,200000) at
uvm_share+0x4b4 sys/uvm/uvm_map.c:3668
vm_impl_init_vmx(ffff800014889c70,ffff8000ffff4c68) at
vm_impl_init_vmx+0xf1 sys/arch/amd64/amd64/vmm.c:1270
vm_create(ffff800000a64000,ffff8000ffff4c68) at vm_create+0x193
vm_impl_init sys/arch/amd64/amd64/vmm.c:1385 [inline]
vm_create(ffff800000a64000,ffff8000ffff4c68) at vm_create+0x193
sys/arch/amd64/amd64/vmm.c:1174
VOP_IOCTL(fffffd803c9bf8f0,c5005601,ffff800000a64000,1,fffffd803f7c6ba0,ffff8000ffff4c68)
at
VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291
vn_ioctl(fffffd8036210350,c5005601,ffff800000a64000,ffff8000ffff4c68) at
vn_ioctl+0xb7 sys/kern/vfs_vnops.c:533
sys_ioctl(ffff8000ffff4c68,ffff8000148da218,ffff8000148da260) at
sys_ioctl+0x5b9
syscall(ffff8000148da2e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff92b0, count: -10
ddb> show registers
rdi 0x9f0
rsi 0xdfdfe9b2
rbp 0xffff8000148d9ce0
rbx 0xdfdfdfdf
rdx 0
rcx 0x9d3
rax 0xffffffffdfdfe9b2
r8 0x274c __ALIGN_SIZE+0x174c
r9 0x7
r10 0x352099da11e3944e
r11 0x3e69b94fc2d5e00a
r12 0xdfdfe9b2
r13 0x9f0
r14 0x20202021
r15 0xffff800000a65000
rip 0xffffffff8199199c amap_pp_adjref+0x2ec
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff8000148d9c20
ss 0x10
amap_pp_adjref+0x2ec: movl 0(%r15,%rax,4),%r14d
ddb> show proc
PROC (syz-executor8527) pid=473906 stat=onproc
flags process=2<EXEC> proc=0
pri=51, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff4ee0,0xffffffff82586810
process=0xffff8000148a26d8 user=0xffff8000148d5000,
vmspace=0xfffffd803f011880
estcpu=1, cpticks=0, pctcpu=0.0
8583 514155 30545 0 3 0x10008a pause ksh
30545 518146 10444 0 2 0x12 sshd
25171 300188 1 0 3 0x100083 ttyin getty
10444 457538 1 0 3 0x80 select sshd
44853 379485 53497 73 3 0x100090 kqread syslogd
53497 43109 1 0 3 0x100082 netio syslogd
91702 428243 1 77 3 0x100090 poll dhclient
54116 82662 1 0 3 0x80 poll dhclient
84833 457767 0 0 2 0x14200 zerothread
90732 247754 0 0 3 0x14200 aiodoned aiodoned
22178 440398 0 0 3 0x14200 syncer update
4786 21626 0 0 3 0x14200 cleaner cleaner
46170 334271 0 0 3 0x14200 reaper reaper
8974 181887 0 0 3 0x14200 pgdaemon pagedaemon
93916 64435 0 0 3 0x14200 bored crynlk
51798 420984 0 0 3 0x14200 bored crypto
92541 83075 0 0 3 0x40014200 acpi0 acpi0
6706 92897 0 0 3 0x14200 bored softnet
61929 244770 0 0 3 0x14200 bored systqmp
99993 36592 0 0 3 0x14200 bored systq
86704 44972 0 0 3 0x40014200 bored softclock
21603 411788 0 0 3 0x40014200 idle0
49056 135677 0 0 3 0x14200 bored smr
1 226764 0 0 3 0x82 wait init
pcb 13 8K 8K 78643K 13 0 0
rtable 61 1K 2K 78643K 115 0 0
ifaddr 24 7K 7K 78643K 24 0 0
sem 2 0K 0K 78643K 2 0 0
file desc 1 0K 0K 78643K 1 0 0
proc 47 38K 46K 78643K 278 0 0
ether_multi 1 0K 0K 78643K 1 0 0
exec 0 0K 1K 78643K 151 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
temp 21 3515K 3579K 78643K 1688 0 0
8 0
rtpcb 80 15 0 13 1 0 1 1 0
8 0
rtentry 112 23 0 1 1 0 1 1 0
8 0
unpcb 120 27 0 19 1 0 1 1 0
8 0
syncache 264 5 0 5 2 1 1 1 0
8 1
tcpcb 544 8 0 5 1 0 1 1 0
8 0
inpcb 280 22 0 16 1 0 1 1 0
8 0
8 0
art_table 32 98 0 0 1 0 1 1 0
8 0
art_node 16 22 0 2 1 0 1 1 0
8 0
8 0
ffsino 240 1389 0 15 81 0 81 81 0
8 0
nchpl 144 1576 0 44 57 0 57 57 0
8 0
uvmvnodes 72 1398 0 0 26 0 26 26 0
8 0
vnodes 208 1398 0 0 74 0 74 74 0
8 0
namei 1024 3453 0 3453 2 1 1 1 0
8 1
vmpool 520 1 0 0 1 0 1 1 0
8 0
scxspl 192 2554 0 2554 9 8 1 7 0
8 1
plimitpl 152 13 0 8 1 0 1 1 0
8 0
sigapl 432 175 0 165 2 0 2 2 0
8 0
knotepl 112 5 0 0 1 0 1 1 0
8 0
kqueuepl 104 1 0 0 1 0 1 1 0
8 0
pipepl 128 114 0 107 2 1 1 1 0
8 0
fdescpl 424 176 0 165 2 0 2 2 0
8 0
filepl 120 834 0 790 2 0 2 2 0
8 0
lockfpl 104 5 0 4 1 0 1 1 0
8 0
lockfspl 48 3 0 2 1 0 1 1 0
8 0
sessionpl 112 17 0 9 1 0 1 1 0
8 0
pgrppl 48 17 0 9 1 0 1 1 0
8 0
ucredpl 96 47 0 40 1 0 1 1 0
8 0
zombiepl 144 165 0 165 2 1 1 1 0
8 1
processpl 864 190 0 165 4 0 4 4 0
8 0
procpl 632 190 0 165 3 0 3 3 0
8 0
sockpl 384 64 0 48 2 0 2 2 0
8 0
mcl4k 4096 10 0 10 2 1 1 1 0
8 1
mcl2k 2048 5763 0 5735 8 3 5 6 0
8 1
mtagpl 80 2 0 2 1 1 0 1 0
8 0
mbufpl 256 9892 0 9849 4 0 4 4 0
8 0
bufpl 256 2045 0 240 113 0 113 113 0
8 0
anonpl 16 18230 0 17112 7 2 5 7 0
62 0
amapchunkpl 152 547 0 512 2 0 2 2 0
158 0
amappl16 192 71 0 65 1 0 1 1 0
8 0
amappl14 176 35 0 31 1 0 1 1 0
8 0
amappl13 168 1 0 1 1 1 0 1 0
8 0
amappl12 160 7 0 7 1 1 0 1 0
8 0
amappl11 152 42 0 31 1 0 1 1 0
8 0
amappl10 144 2 0 2 1 1 0 1 0
8 0
amappl9 136 379 0 378 1 0 1 1 0
8 0
amappl8 128 81 0 77 1 0 1 1 0
8 0
amappl7 120 17 0 16 1 0 1 1 0
8 0
amappl6 112 42 0 38 1 0 1 1 0
8 0
amappl5 104 135 0 124 1 0 1 1 0
8 0
amappl4 96 395 0 371 1 0 1 1 0
8 0
amappl3 88 101 0 96 1 0 1 1 0
8 0
amappl2 80 662 0 613 3 1 2 2 0
8 0
amappl1 72 11944 0 11563 16 7 9 16 0
8 0
amappl 80 373 0 353 1 0 1 1 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
8 0
aobjpl 64 1 0 0 1 0 1 1 0
8 0
uaddrrnd 24 177 0 165 1 0 1 1 0
8 0
vmmpekpl 168 5302 0 5286 1 0 1 1 0
8 0
vmmpepl 168 25407 0 24663 52 16 36 48 0
357 2
vmsppl 272 175 0 165 1 0 1 1 0
8 0
pdppl 4096 360 0 330 5 0 5 5 0
8 0
pvpl 32 71484 0 68723 32 6 26 27 0
265 3
pmappl 200 176 0 165 1 0 1 1 0
8 0
extentpl 40 46 0 29 1 0 1 1 0
8 0
phpool 112 230 0 7 7 0 7 7 0
8 0
HEAD commit: 3d133dcf Change window-size default from smallest to latest.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13bae254e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=d0fe83f82fe104d4
dashboard link: https://syzkaller.appspot.com/bug?extid=1604348b3186fc78d7c6
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=149bfee2e00000
dashboard link: https://syzkaller.appspot.com/bug?extid=1604348b3186fc78d7c6
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13c8cb3ae00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+160434...@syzkaller.appspotmail.com
Stopped at amap_pp_adjref+0x2ec: movl 0(%r15,%rax,4),%r14d
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
amap_pp_adjref(fffffd803cdf18c0,7f0,200,1) at amap_pp_adjref+0x2ec
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
pp_getreflen sys/uvm/uvm_amap.c:203 [inline]
amap_pp_adjref(fffffd803cdf18c0,7f0,200,1) at amap_pp_adjref+0x2ec
sys/uvm/uvm_amap.c:832
uvm_mapent_clone(ffff8000006a2400,0,200000,7f0000,7,7) at
uvm_mapent_clone+0x14c sys/uvm/uvm_map.c:3733
uvm_share(ffff8000006a2400,0,7,fffffd803f011880,20800000,200000) at
uvm_share+0x4b4 uvm_mapent_share sys/uvm/uvm_map.c:3767 [inline]
uvm_share(ffff8000006a2400,0,7,fffffd803f011880,20800000,200000) at
uvm_share+0x4b4 sys/uvm/uvm_map.c:3668
vm_impl_init_vmx(ffff800014889c70,ffff8000ffff4c68) at
vm_impl_init_vmx+0xf1 sys/arch/amd64/amd64/vmm.c:1270
vm_create(ffff800000a64000,ffff8000ffff4c68) at vm_create+0x193
vm_impl_init sys/arch/amd64/amd64/vmm.c:1385 [inline]
vm_create(ffff800000a64000,ffff8000ffff4c68) at vm_create+0x193
sys/arch/amd64/amd64/vmm.c:1174
VOP_IOCTL(fffffd803c9bf8f0,c5005601,ffff800000a64000,1,fffffd803f7c6ba0,ffff8000ffff4c68)
at
VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291
vn_ioctl(fffffd8036210350,c5005601,ffff800000a64000,ffff8000ffff4c68) at
vn_ioctl+0xb7 sys/kern/vfs_vnops.c:533
sys_ioctl(ffff8000ffff4c68,ffff8000148da218,ffff8000148da260) at
sys_ioctl+0x5b9
syscall(ffff8000148da2e0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff92b0, count: -10
ddb> show registers
rdi 0x9f0
rsi 0xdfdfe9b2
rbp 0xffff8000148d9ce0
rbx 0xdfdfdfdf
rdx 0
rcx 0x9d3
rax 0xffffffffdfdfe9b2
r8 0x274c __ALIGN_SIZE+0x174c
r9 0x7
r10 0x352099da11e3944e
r11 0x3e69b94fc2d5e00a
r12 0xdfdfe9b2
r13 0x9f0
r14 0x20202021
r15 0xffff800000a65000
rip 0xffffffff8199199c amap_pp_adjref+0x2ec
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff8000148d9c20
ss 0x10
amap_pp_adjref+0x2ec: movl 0(%r15,%rax,4),%r14d
ddb> show proc
PROC (syz-executor8527) pid=473906 stat=onproc
flags process=2<EXEC> proc=0
pri=51, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff4ee0,0xffffffff82586810
process=0xffff8000148a26d8 user=0xffff8000148d5000,
vmspace=0xfffffd803f011880
estcpu=1, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*99407 473906 8583 0 7 0x2 syz-executor8527
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
8583 514155 30545 0 3 0x10008a pause ksh
30545 518146 10444 0 2 0x12 sshd
25171 300188 1 0 3 0x100083 ttyin getty
10444 457538 1 0 3 0x80 select sshd
44853 379485 53497 73 3 0x100090 kqread syslogd
53497 43109 1 0 3 0x100082 netio syslogd
91702 428243 1 77 3 0x100090 poll dhclient
54116 82662 1 0 3 0x80 poll dhclient
84833 457767 0 0 2 0x14200 zerothread
90732 247754 0 0 3 0x14200 aiodoned aiodoned
22178 440398 0 0 3 0x14200 syncer update
4786 21626 0 0 3 0x14200 cleaner cleaner
46170 334271 0 0 3 0x14200 reaper reaper
8974 181887 0 0 3 0x14200 pgdaemon pagedaemon
93916 64435 0 0 3 0x14200 bored crynlk
51798 420984 0 0 3 0x14200 bored crypto
92541 83075 0 0 3 0x40014200 acpi0 acpi0
6706 92897 0 0 3 0x14200 bored softnet
61929 244770 0 0 3 0x14200 bored systqmp
99993 36592 0 0 3 0x14200 bored systq
86704 44972 0 0 3 0x40014200 bored softclock
21603 411788 0 0 3 0x40014200 idle0
49056 135677 0 0 3 0x14200 bored smr
1 226764 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9438 6318K 6319K 78643K 10535 0 0
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
pcb 13 8K 8K 78643K 13 0 0
rtable 61 1K 2K 78643K 115 0 0
ifaddr 24 7K 7K 78643K 24 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 1 2K 2K 78643K 14 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1180 74K 74K 78643K 1185 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 1K 78643K 2 0 0
VM map 3 0K 0K 78643K 3 0 0
sem 2 0K 0K 78643K 2 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1794 195K 288K 78643K 12646 0 0
file desc 1 0K 0K 78643K 1 0 0
proc 47 38K 46K 78643K 278 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
in_multi 11 0K 0K 78643K 11 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ether_multi 1 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 18 79K 79K 78643K 18 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
exec 0 0K 1K 78643K 151 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 54 15K 15K 78643K 707 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
NDP 3 0K 0K 78643K 3 0 0
crypto data 1 1K 1K 78643K 1 0 0
temp 21 3515K 3579K 78643K 1688 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 2 0 0 1 0 1 1 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
8 0
rtpcb 80 15 0 13 1 0 1 1 0
8 0
rtentry 112 23 0 1 1 0 1 1 0
8 0
unpcb 120 27 0 19 1 0 1 1 0
8 0
syncache 264 5 0 5 2 1 1 1 0
8 1
tcpcb 544 8 0 5 1 0 1 1 0
8 0
inpcb 280 22 0 16 1 0 1 1 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 97 0 0 7 0 7 7 0
8 0
8 0
art_table 32 98 0 0 1 0 1 1 0
8 0
art_node 16 22 0 2 1 0 1 1 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 1389 0 15 45 0 45 45 0
8 0
8 0
ffsino 240 1389 0 15 81 0 81 81 0
8 0
nchpl 144 1576 0 44 57 0 57 57 0
8 0
uvmvnodes 72 1398 0 0 26 0 26 26 0
8 0
vnodes 208 1398 0 0 74 0 74 74 0
8 0
namei 1024 3453 0 3453 2 1 1 1 0
8 1
vmpool 520 1 0 0 1 0 1 1 0
8 0
scxspl 192 2554 0 2554 9 8 1 7 0
8 1
plimitpl 152 13 0 8 1 0 1 1 0
8 0
sigapl 432 175 0 165 2 0 2 2 0
8 0
knotepl 112 5 0 0 1 0 1 1 0
8 0
kqueuepl 104 1 0 0 1 0 1 1 0
8 0
pipepl 128 114 0 107 2 1 1 1 0
8 0
fdescpl 424 176 0 165 2 0 2 2 0
8 0
filepl 120 834 0 790 2 0 2 2 0
8 0
lockfpl 104 5 0 4 1 0 1 1 0
8 0
lockfspl 48 3 0 2 1 0 1 1 0
8 0
sessionpl 112 17 0 9 1 0 1 1 0
8 0
pgrppl 48 17 0 9 1 0 1 1 0
8 0
ucredpl 96 47 0 40 1 0 1 1 0
8 0
zombiepl 144 165 0 165 2 1 1 1 0
8 1
processpl 864 190 0 165 4 0 4 4 0
8 0
procpl 632 190 0 165 3 0 3 3 0
8 0
sockpl 384 64 0 48 2 0 2 2 0
8 0
mcl4k 4096 10 0 10 2 1 1 1 0
8 1
mcl2k 2048 5763 0 5735 8 3 5 6 0
8 1
mtagpl 80 2 0 2 1 1 0 1 0
8 0
mbufpl 256 9892 0 9849 4 0 4 4 0
8 0
bufpl 256 2045 0 240 113 0 113 113 0
8 0
anonpl 16 18230 0 17112 7 2 5 7 0
62 0
amapchunkpl 152 547 0 512 2 0 2 2 0
158 0
amappl16 192 71 0 65 1 0 1 1 0
8 0
amappl14 176 35 0 31 1 0 1 1 0
8 0
amappl13 168 1 0 1 1 1 0 1 0
8 0
amappl12 160 7 0 7 1 1 0 1 0
8 0
amappl11 152 42 0 31 1 0 1 1 0
8 0
amappl10 144 2 0 2 1 1 0 1 0
8 0
amappl9 136 379 0 378 1 0 1 1 0
8 0
amappl8 128 81 0 77 1 0 1 1 0
8 0
amappl7 120 17 0 16 1 0 1 1 0
8 0
amappl6 112 42 0 38 1 0 1 1 0
8 0
amappl5 104 135 0 124 1 0 1 1 0
8 0
amappl4 96 395 0 371 1 0 1 1 0
8 0
amappl3 88 101 0 96 1 0 1 1 0
8 0
amappl2 80 662 0 613 3 1 2 2 0
8 0
amappl1 72 11944 0 11563 16 7 9 16 0
8 0
amappl 80 373 0 353 1 0 1 1 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma128 128 253 0 253 1 1 0 1 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
8 0
dma64 64 6 0 6 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 18 0 17 1 0 1 1 0
8 0
8 0
aobjpl 64 1 0 0 1 0 1 1 0
8 0
uaddrrnd 24 177 0 165 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 177 0 165 1 0 1 1 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
8 0
vmmpekpl 168 5302 0 5286 1 0 1 1 0
8 0
vmmpepl 168 25407 0 24663 52 16 36 48 0
357 2
vmsppl 272 175 0 165 1 0 1 1 0
8 0
pdppl 4096 360 0 330 5 0 5 5 0
8 0
pvpl 32 71484 0 68723 32 6 26 27 0
265 3
pmappl 200 176 0 165 1 0 1 1 0
8 0
extentpl 40 46 0 29 1 0 1 1 0
8 0
phpool 112 230 0 7 7 0 7 7 0
8 0
Anton Lindqvist
Dec 4, 2019, 11:58:20 AM12/4/19
to syzbot, syzkaller-o...@googlegroups.com
#syz fix: Fix a bad offset calculation in uvm_share.
Reply all
Reply to author
Forward
0 new messages