Hello,
syzbot found the following crash on:
HEAD commit: 3f7c3e6a6fe6 regen
git tree:
https://github.com/openbsd/src.git master
console output:
https://syzkaller.appspot.com/x/log.txt?x=15f23625400000
dashboard link:
https://syzkaller.appspot.com/bug?extid=2cd350dfe5c96f6469f2
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by:
syzbot+2cd350...@syzkaller.appspotmail.com
uvm_fault(0xffffff007f12be70, 0x48, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at sogetopt+0x3ae: testb $0x1,0x48(%r15)
ddb>
ddb> set $lines = 0
ddb> show panic
kernel page fault
uvm_fault(0xffffff007f12be70, 0x48, 0, 1) -> e
sogetopt(ffffff00680c6d30,ffff8000211744d0,ffffff006e709d88,ffff80002118af28)
at
sogetopt+0x3ae
end trace frame: 0xffff80002118aed0, count: 0
ddb> trace
sogetopt(ffffff00680c6d30,ffff8000211744d0,ffffff006e709d88,ffff80002118af28)
at
sogetopt+0x3ae
sys_getsockopt(ffff80002118afb0,ffff8000211744d0,ffff8000210a5cb0) at
sys_getsockopt+0x13c
syscall(0) at syscall+0x3e4
Xsyscall(6,0,ffffffffffffff67,0,5,8ba960f0010) at Xsyscall+0x128
end of kernel
end trace frame: 0x8bd65a20240, count: -4
ddb> show registers
rdi 0xffffffff81e1ac30 netlock
rsi 0xffffffff814d5dbc soassertlocked+0x7c
rbp 0xffff80002118ae70
rbx 0xffffff006ee5ee00
rdx 0xffff800002acc000
rcx 0x57
rax 0x1
r8 0xffffff006ee5ee00
r9 0
r10 0xf3f2555ade15410d
r11 0xffffffff8186f430 pool_lock_mtx_leave
r12 0x1022 __ALIGN_SIZE+0x22
r13 0xffff __ALIGN_SIZE+0xefff
r14 0xffffff006ee5ee00
r15 0
rip 0xffffffff81a25ffe sogetopt+0x3ae
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002118ae50
ss 0x10
sogetopt+0x3ae: testb $0x1,0x48(%r15)
ddb> show proc
PROC (syz-executor0) pid=258679 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=81, usrpri=81, nice=20
forw=0xffffffffffffffff, list=0xffff800021174e30,0xffff8000211757a0
process=0xffff8000210a5cb0 user=0xffff800021186000,
vmspace=0xffffff007f12be70
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
99091 336913 37742 0 2 0 syz-executor0
*99091 258679 37742 0 7 0x4000000 syz-executor0
51596 429723 37212 0 2 0 syz-executor1
51596 50717 37212 0 3 0x4000080 ttyout syz-executor1
51596 254613 37212 0 3 0x4000080 fsleep syz-executor1
24658 51249 1 0 3 0x100083 ttyin getty
22309 435656 0 0 3 0x14200 bored sosplice
37742 423484 52127 0 3 0x82 nanosleep syz-executor0
37212 261438 52127 0 3 0x82 nanosleep syz-executor1
52127 21371 42699 0 3 0x82 thrsleep syz-fuzzer
52127 235343 42699 0 3 0x4000082 thrsleep syz-fuzzer
52127 449205 42699 0 3 0x4000082 thrsleep syz-fuzzer
52127 415449 42699 0 3 0x4000082 thrsleep syz-fuzzer
52127 311254 42699 0 3 0x4000082 kqread syz-fuzzer
52127 419696 42699 0 3 0x4000082 thrsleep syz-fuzzer
52127 143592 42699 0 3 0x4000082 thrsleep syz-fuzzer
42699 965 7973 0 3 0x10008a pause ksh
7973 84823 70497 0 3 0x92 select sshd
70497 202428 1 0 3 0x80 select sshd
46672 442864 29617 73 2 0x100090 syslogd
29617 377127 1 0 3 0x100082 netio syslogd
56534 256164 1 77 3 0x100090 poll dhclient
9472 248763 1 0 3 0x80 poll dhclient
77922 282913 0 0 2 0x14200 zerothread
42280 45784 0 0 3 0x14200 aiodoned aiodoned
54328 391827 0 0 3 0x14200 syncer update
23127 38482 0 0 3 0x14200 cleaner cleaner
47850 437729 0 0 3 0x14200 reaper reaper
87426 305917 0 0 3 0x14200 pgdaemon pagedaemon
54904 270963 0 0 3 0x14200 bored crynlk
78040 105621 0 0 3 0x14200 bored crypto
3666 285207 0 0 3 0x40014200 acpi0 acpi0
13911 208216 0 0 3 0x14200 bored softnet
77087 163346 0 0 3 0x14200 bored systqmp
23515 424232 0 0 3 0x14200 bored systq
59845 210649 0 0 3 0x40014200 bored softclock
42314 381120 0 0 3 0x40014200 idle0
1 122950 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
---
This bug is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.