assert "la != NULL" failed in if_ether.c
1 view
Skip to first unread message
syzbot
May 29, 2019, 10:55:07 AM5/29/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 7e4900cc Document the few neighbor options that need a res..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=17e5f59aa00000
kernel config: https://syzkaller.appspot.com/x/.config?x=7f659e47e42d9641
dashboard link: https://syzkaller.appspot.com/bug?extid=f608195a7e5454bb7bbc
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f60819...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "la != NULL" failed:
file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 342
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
261168 8133 0 0x14000 0x200 1 reaper
*284037 24666 0 0x14000 0x200 0 softnet
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
__assert(ffffffff81f9f98e,ffffffff81f9d06c,156,ffffffff81f7a131) at
__assert+0x2e sys/kern/subr_prf.c:159
arpresolve(ffff8000001732a8,fffffd80680fd7e8,fffffd806f29c500,ffff800020ae7a58,ffff800020ae79d8)
at
arpresolve+0x839 sys/netinet/if_ether.c:342
ether_resolve(ffff8000001732a8,fffffd806f29c500,ffff800020ae7a58,fffffd80680fd7e8,ffff800020ae79d8)
at
ether_resolve+0x20d sys/net/if_ethersubr.c:211
ether_output(ffff8000001732a8,fffffd806f29c500,ffff800020ae7a58,fffffd80680fd7e8)
at
ether_output+0x47 ether_encap sys/net/if_ethersubr.c:307 [inline]
ether_output(ffff8000001732a8,fffffd806f29c500,ffff800020ae7a58,fffffd80680fd7e8)
at
ether_output+0x47 sys/net/if_ethersubr.c:336
ip_output(fffffd806f29c500,0,0,800,0,0) at ip_output+0x1167
sys/netinet/ip_output.c:470
tcp_respond(0,fffffd8007ac181a,fffffd8007ac182e,0,9fd33e71,4) at
tcp_respond+0x581 sys/netinet/tcp_subr.c:406
tcp_input(ffff800020ae7e50,ffff800020ae7e5c,6,2) at tcp_input+0x2512
ip_deliver(ffff800020ae7e50,ffff800020ae7e5c,6,2) at ip_deliver+0x353
sys/netinet/ip_input.c:705
ipintr() at ipintr+0x77 sys/netinet/ip_input.c:239
if_netisr(0) at if_netisr+0x10a sys/net/if.c:1001
taskq_thread(ffff800000023080) at taskq_thread+0x9c sys/kern/kern_task.c:345
end trace frame: 0x0, count: 2
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
kernel diagnostic assertion "la != NULL" failed:
file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 342
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
__assert(ffffffff81f9f98e,ffffffff81f9d06c,156,ffffffff81f7a131) at
__assert+0x2e sys/kern/subr_prf.c:159
arpresolve(ffff8000001732a8,fffffd80680fd7e8,fffffd806f29c500,ffff800020ae7a58,ffff800020ae79d8)
at
arpresolve+0x839 sys/netinet/if_ether.c:342
ether_resolve(ffff8000001732a8,fffffd806f29c500,ffff800020ae7a58,fffffd80680fd7e8,ffff800020ae79d8)
at
ether_resolve+0x20d sys/net/if_ethersubr.c:211
ether_output(ffff8000001732a8,fffffd806f29c500,ffff800020ae7a58,fffffd80680fd7e8)
at
ether_output+0x47 ether_encap sys/net/if_ethersubr.c:307 [inline]
ether_output(ffff8000001732a8,fffffd806f29c500,ffff800020ae7a58,fffffd80680fd7e8)
at
ether_output+0x47 sys/net/if_ethersubr.c:336
ip_output(fffffd806f29c500,0,0,800,0,0) at ip_output+0x1167
sys/netinet/ip_output.c:470
tcp_respond(0,fffffd8007ac181a,fffffd8007ac182e,0,9fd33e71,4) at
tcp_respond+0x581 sys/netinet/tcp_subr.c:406
tcp_input(ffff800020ae7e50,ffff800020ae7e5c,6,2) at tcp_input+0x2512
ip_deliver(ffff800020ae7e50,ffff800020ae7e5c,6,2) at ip_deliver+0x353
sys/netinet/ip_input.c:705
ipintr() at ipintr+0x77 sys/netinet/ip_input.c:239
if_netisr(0) at if_netisr+0x10a sys/net/if.c:1001
taskq_thread(ffff800000023080) at taskq_thread+0x9c sys/kern/kern_task.c:345
end trace frame: 0x0, count: -13
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020ae77a0
rbx 0xffff800020ae7850
rdx 0xffff800020ac0000
rcx 0
rax 0
r8 0xffffffff8174e1a3 kprintf+0x173
r9 0x1
r10 0x25
r11 0x2f9769b41e14b9d1
r12 0x3000000008
r13 0xffff800020ae77b0
r14 0x100
r15 0x1
rip 0xffffffff81c63ee8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020ae7790
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (softnet) pid=284037 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
pri=32, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800020ac0258,0xffff800020ac0bc8
process=0xffff800020ac2348 user=0xffff800020ae2000,
vmspace=0xffffffff823984c0
estcpu=0, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
68523 442136 1 0 3 0x100083 ttyin getty
43356 457736 0 0 3 0x14200 bored sosplice
695 121543 1 0 2 0x2 syz-executor.1
51511 133922 52922 0 3 0x10008a pause ksh
52922 267629 55064 0 3 0x92 select sshd
55064 43016 1 0 3 0x80 select sshd
70926 141909 31354 74 3 0x100092 bpf pflogd
31354 483861 1 0 3 0x80 netio pflogd
5003 224356 97777 73 3 0x100090 kqread syslogd
97777 120095 1 0 3 0x100082 netio syslogd
53905 372942 1 77 3 0x100090 poll dhclient
38107 408680 1 0 3 0x80 poll dhclient
40596 348684 0 0 3 0x14200 pgzero zerothread
22512 169901 0 0 3 0x14200 aiodoned aiodoned
63716 319263 0 0 3 0x14200 syncer update
98369 52607 0 0 3 0x14200 cleaner cleaner
8133 261168 0 0 7 0x14200 reaper
39941 436352 0 0 3 0x14200 pgdaemon pagedaemon
80836 173983 0 0 3 0x14200 bored crynlk
81999 215596 0 0 3 0x14200 bored crypto
32879 416857 0 0 3 0x40014200 acpi0 acpi0
30095 345012 0 0 3 0x40014200 idle1
*24666 284037 0 0 7 0x14200 softnet
42607 60441 0 0 3 0x14200 bored systqmp
15267 283200 0 0 3 0x14200 bored systq
38700 466658 0 0 2 0x40014200 softclock
35517 394750 0 0 3 0x40014200 idle0
16967 332384 0 0 3 0x14200 bored smr
1 416353 0 0 2 0x82 init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 1:
exclusive mutex &(curpg)->mdpage.pv_mtx r = 0 (0xfffffd800744c6b8)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1161
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pmap_remove_ptes+0x22b pmap_remove_pv sys/arch/amd64/amd64/pmap.c:984
[inline]
#3 pmap_remove_ptes+0x22b sys/arch/amd64/amd64/pmap.c:1577
#4 pmap_do_remove+0x400 sys/arch/amd64/amd64/pmap.c:1785
#5 uvm_map_teardown+0x195 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:206
[inline]
#5 uvm_map_teardown+0x195 sys/uvm/uvm_map.c:2650
#6 uvmspace_free+0x86 sys/uvm/uvm_map.c:3519
#7 uvm_exit+0x29 sys/uvm/uvm_glue.c:297
#8 reaper+0x170 sys/kern/kern_exit.c:433
#9 proc_trampoline+0x1c
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd807effd498)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1161
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pmap_do_remove+0x88 rcr3
sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:141 [inline]
#3 pmap_do_remove+0x88 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:418
[inline]
#3 pmap_do_remove+0x88 sys/arch/amd64/amd64/pmap.c:1689
#4 uvm_map_teardown+0x195 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:206
[inline]
#4 uvm_map_teardown+0x195 sys/uvm/uvm_map.c:2650
#5 uvmspace_free+0x86 sys/uvm/uvm_map.c:3519
#6 uvm_exit+0x29 sys/uvm/uvm_glue.c:297
#7 reaper+0x170 sys/kern/kern_exit.c:433
#8 proc_trampoline+0x1c
Process 24666 (softnet) thread 0xffff800020ac0000 (284037)
exclusive rwlock netlock r = 0 (0xffffffff8220efe8)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1161
#1 if_netisr+0x1e sys/net/if.c:981
#2 taskq_thread+0x9c sys/kern/kern_task.c:345
#3 proc_trampoline+0x1c
shared rwlock softnet r = 0 (0xffff8000000230d8)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1161
#1 taskq_thread+0x8f sys/kern/kern_task.c:344
#2 proc_trampoline+0x1c
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9525 6431K 7052K 78643K 14456 0 0
pcb 25 9K 11K 78643K 3704 0 0
rtable 241 23K 26K 78643K 4864 0 0
ifaddr 55 12K 14K 78643K 282 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1529 0 0
iov 0 0K 24K 78643K 197 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1200 75K 76K 78643K 2977 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 25 0 0
VM map 2 1K 1K 78643K 2 0 0
sem 12 0K 0K 78643K 148 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12628 0 0
file desc 2 4K 25K 78643K 3763 0 0
sigio 0 0K 0K 78643K 20 0 0
proc 54 51K 83K 78643K 1161 0 0
subproc 16 1K 2K 78643K 221 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 181 0 0
in_multi 22 1K 2K 78643K 199 0 0
ether_multi 1 0K 0K 78643K 7 0 0
mrt 0 0K 0K 78643K 20 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 72 318K 318K 78643K 72 0 0
exec 0 0K 1K 78643K 713 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 93 13K 31K 78643K 11348 0 0
UVM aobj 99 4K 4K 78643K 110 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 96 0 0
NDP 12 0K 0K 78643K 89 0 0
temp 155 2732K 2807K 78643K 13940 0 0
kqueue 0 0K 0K 78643K 15 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 28 0 24 1 0 1 1 0
8 0
inpcbpl 280 863 0 857 1 0 1 1 0
8 0
plimitpl 152 62 0 55 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtentry 112 277 0 242 2 0 2 2 0
8 0
syncache 264 4 0 4 1 1 0 1 0
8 0
tcpcb 544 301 0 297 1 0 1 1 0
8 0
rttmr 72 7 0 7 4 4 0 1 0
8 0
nd6 48 39 0 36 1 0 1 1 0
8 0
ppxss 1128 36 0 36 9 9 0 1 0
8 0
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 27 0 23 1 0 1 1 0
8 0
pfstkey 112 27 0 23 1 0 1 1 0
8 0
pfstate 328 27 0 23 2 1 1 2 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 737 0 561 14 0 14 14 0
8 1
art_table 32 738 0 561 2 0 2 2 0
8 0
art_node 16 173 0 142 1 0 1 1 0
8 0
sysvmsgpl 40 10 0 5 1 0 1 1 0
8 0
semapl 112 146 0 136 1 0 1 1 0
8 0
shmpl 112 108 0 11 3 0 3 3 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 6359 0 4926 47 0 47 47 0
8 0
ffsino 272 6359 0 4926 96 0 96 96 0
8 0
nchpl 144 11108 0 9489 63 1 62 62 0
8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0
8 0
vnodes 200 5926 0 0 312 0 312 312 0
8 0
namei 1024 31406 0 31406 2 1 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
scsiplug 64 4 0 4 3 3 0 1 0
8 0
scxspl 192 33365 0 33365 16 15 1 6 0
8 1
sigapl 432 3931 0 3919 3 1 2 3 0
8 0
futexpl 56 27979 0 27979 1 0 1 1 0
8 1
knotepl 112 678 0 673 1 0 1 1 0
8 0
kqueuepl 104 510 0 509 1 0 1 1 0
8 0
pipepl 112 1472 0 1462 3 2 1 2 0
8 0
fdescpl 488 3932 0 3919 3 0 3 3 0
8 0
filepl 152 17570 0 17503 9 4 5 7 0
8 1
lockfpl 104 550 0 550 5 5 0 1 0
8 0
lockfspl 48 193 0 193 5 5 0 1 0
8 0
sessionpl 112 30 0 20 1 0 1 1 0
8 0
pgrppl 48 45 0 35 1 0 1 1 0
8 0
ucredpl 96 2714 0 2705 1 0 1 1 0
8 0
zombiepl 144 3919 0 3918 2 1 1 1 0
8 0
processpl 840 3948 0 3918 4 0 4 4 0
8 0
procpl 600 10066 0 10036 4 0 4 4 0
8 0
srpgc 64 77 0 77 5 4 1 1 0
8 1
sosppl 128 23 0 23 8 8 0 1 0
8 0
sockpl 384 4413 0 4395 5 2 3 4 0
8 1
mcl64k 65536 258 0 0 33 18 15 33 0
8 1
mcl16k 16384 2 0 0 1 0 1 1 0
8 0
mcl12k 12288 17 0 0 2 0 2 2 0
8 0
mcl9k 9216 15 0 0 2 0 2 2 0
8 0
mcl8k 8192 6 0 0 1 0 1 1 0
8 0
mcl4k 4096 11 0 0 2 0 2 2 0
8 0
mcl2k2 2112 5 0 0 1 0 1 1 0
8 0
mcl2k 2048 138 0 0 16 0 16 16 0
8 0
mtagpl 80 3 0 0 1 0 1 1 0
8 0
mbufpl 256 425 0 0 25 0 25 25 0
8 0
bufpl 256 12203 0 5195 439 0 439 439 0
8 0
anonpl 16 329686 0 321937 113 70 43 57 0
125 0
amapchunkpl 152 19618 0 19490 31 24 7 10 0
158 1
amappl16 192 19065 0 18535 118 90 28 38 0
8 0
amappl15 184 17 0 17 1 0 1 1 0
8 1
amappl14 176 128 0 123 2 1 1 1 0
8 0
amappl13 168 20 0 20 1 0 1 1 0
8 1
amappl12 160 30 0 29 1 0 1 1 0
8 0
amappl11 152 87 0 69 1 0 1 1 0
8 0
amappl10 144 111 0 108 1 0 1 1 0
8 0
amappl9 136 4283 0 4279 1 0 1 1 0
8 0
amappl8 128 3779 0 3763 1 0 1 1 0
8 0
amappl7 120 86 0 80 1 0 1 1 0
8 0
amappl6 112 74 0 64 1 0 1 1 0
8 0
amappl5 104 223 0 208 1 0 1 1 0
8 0
amappl4 96 4053 0 4024 2 1 1 2 0
8 0
amappl3 88 324 0 312 1 0 1 1 0
8 0
amappl2 80 29732 0 29672 3 1 2 3 0
8 0
amappl1 72 91044 0 90628 26 16 10 20 0
8 0
amappl 80 10494 0 10455 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 109 0 11 2 0 2 2 0
8 0
uaddrrnd 24 3932 0 3919 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 3932 0 3919 1 0 1 1 0
8 0
vmmpekpl 168 32014 0 31982 2 0 2 2 0
8 0
vmmpepl 168 414579 0 413124 155 65 90 90 0 357
15
vmsppl 360 3931 0 3918 2 0 2 2 0
8 0
pdppl 4096 7872 0 7836 6 0 6 6 0
8 0
pvpl 32 917810 0 913208 224 106 118 144 0
265 8
pmappl 232 3931 0 3918 2 1 1 2 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 644 0 22 19 0 19 19 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 7e4900cc Document the few neighbor options that need a res..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=17e5f59aa00000
kernel config: https://syzkaller.appspot.com/x/.config?x=7f659e47e42d9641
dashboard link: https://syzkaller.appspot.com/bug?extid=f608195a7e5454bb7bbc
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f60819...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "la != NULL" failed:
file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 342
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
261168 8133 0 0x14000 0x200 1 reaper
*284037 24666 0 0x14000 0x200 0 softnet
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
__assert(ffffffff81f9f98e,ffffffff81f9d06c,156,ffffffff81f7a131) at
__assert+0x2e sys/kern/subr_prf.c:159
arpresolve(ffff8000001732a8,fffffd80680fd7e8,fffffd806f29c500,ffff800020ae7a58,ffff800020ae79d8)
at
arpresolve+0x839 sys/netinet/if_ether.c:342
ether_resolve(ffff8000001732a8,fffffd806f29c500,ffff800020ae7a58,fffffd80680fd7e8,ffff800020ae79d8)
at
ether_resolve+0x20d sys/net/if_ethersubr.c:211
ether_output(ffff8000001732a8,fffffd806f29c500,ffff800020ae7a58,fffffd80680fd7e8)
at
ether_output+0x47 ether_encap sys/net/if_ethersubr.c:307 [inline]
ether_output(ffff8000001732a8,fffffd806f29c500,ffff800020ae7a58,fffffd80680fd7e8)
at
ether_output+0x47 sys/net/if_ethersubr.c:336
ip_output(fffffd806f29c500,0,0,800,0,0) at ip_output+0x1167
sys/netinet/ip_output.c:470
tcp_respond(0,fffffd8007ac181a,fffffd8007ac182e,0,9fd33e71,4) at
tcp_respond+0x581 sys/netinet/tcp_subr.c:406
tcp_input(ffff800020ae7e50,ffff800020ae7e5c,6,2) at tcp_input+0x2512
ip_deliver(ffff800020ae7e50,ffff800020ae7e5c,6,2) at ip_deliver+0x353
sys/netinet/ip_input.c:705
ipintr() at ipintr+0x77 sys/netinet/ip_input.c:239
if_netisr(0) at if_netisr+0x10a sys/net/if.c:1001
taskq_thread(ffff800000023080) at taskq_thread+0x9c sys/kern/kern_task.c:345
end trace frame: 0x0, count: 2
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
kernel diagnostic assertion "la != NULL" failed:
file "/syzkaller/managers/multicore/kernel/sys/netinet/if_ether.c", line 342
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
__assert(ffffffff81f9f98e,ffffffff81f9d06c,156,ffffffff81f7a131) at
__assert+0x2e sys/kern/subr_prf.c:159
arpresolve(ffff8000001732a8,fffffd80680fd7e8,fffffd806f29c500,ffff800020ae7a58,ffff800020ae79d8)
at
arpresolve+0x839 sys/netinet/if_ether.c:342
ether_resolve(ffff8000001732a8,fffffd806f29c500,ffff800020ae7a58,fffffd80680fd7e8,ffff800020ae79d8)
at
ether_resolve+0x20d sys/net/if_ethersubr.c:211
ether_output(ffff8000001732a8,fffffd806f29c500,ffff800020ae7a58,fffffd80680fd7e8)
at
ether_output+0x47 ether_encap sys/net/if_ethersubr.c:307 [inline]
ether_output(ffff8000001732a8,fffffd806f29c500,ffff800020ae7a58,fffffd80680fd7e8)
at
ether_output+0x47 sys/net/if_ethersubr.c:336
ip_output(fffffd806f29c500,0,0,800,0,0) at ip_output+0x1167
sys/netinet/ip_output.c:470
tcp_respond(0,fffffd8007ac181a,fffffd8007ac182e,0,9fd33e71,4) at
tcp_respond+0x581 sys/netinet/tcp_subr.c:406
tcp_input(ffff800020ae7e50,ffff800020ae7e5c,6,2) at tcp_input+0x2512
ip_deliver(ffff800020ae7e50,ffff800020ae7e5c,6,2) at ip_deliver+0x353
sys/netinet/ip_input.c:705
ipintr() at ipintr+0x77 sys/netinet/ip_input.c:239
if_netisr(0) at if_netisr+0x10a sys/net/if.c:1001
taskq_thread(ffff800000023080) at taskq_thread+0x9c sys/kern/kern_task.c:345
end trace frame: 0x0, count: -13
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff800020ae77a0
rbx 0xffff800020ae7850
rdx 0xffff800020ac0000
rcx 0
rax 0
r8 0xffffffff8174e1a3 kprintf+0x173
r9 0x1
r10 0x25
r11 0x2f9769b41e14b9d1
r12 0x3000000008
r13 0xffff800020ae77b0
r14 0x100
r15 0x1
rip 0xffffffff81c63ee8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800020ae7790
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (softnet) pid=284037 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
pri=32, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff800020ac0258,0xffff800020ac0bc8
process=0xffff800020ac2348 user=0xffff800020ae2000,
vmspace=0xffffffff823984c0
estcpu=0, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
68523 442136 1 0 3 0x100083 ttyin getty
43356 457736 0 0 3 0x14200 bored sosplice
695 121543 1 0 2 0x2 syz-executor.1
51511 133922 52922 0 3 0x10008a pause ksh
52922 267629 55064 0 3 0x92 select sshd
55064 43016 1 0 3 0x80 select sshd
70926 141909 31354 74 3 0x100092 bpf pflogd
31354 483861 1 0 3 0x80 netio pflogd
5003 224356 97777 73 3 0x100090 kqread syslogd
97777 120095 1 0 3 0x100082 netio syslogd
53905 372942 1 77 3 0x100090 poll dhclient
38107 408680 1 0 3 0x80 poll dhclient
40596 348684 0 0 3 0x14200 pgzero zerothread
22512 169901 0 0 3 0x14200 aiodoned aiodoned
63716 319263 0 0 3 0x14200 syncer update
98369 52607 0 0 3 0x14200 cleaner cleaner
8133 261168 0 0 7 0x14200 reaper
39941 436352 0 0 3 0x14200 pgdaemon pagedaemon
80836 173983 0 0 3 0x14200 bored crynlk
81999 215596 0 0 3 0x14200 bored crypto
32879 416857 0 0 3 0x40014200 acpi0 acpi0
30095 345012 0 0 3 0x40014200 idle1
*24666 284037 0 0 7 0x14200 softnet
42607 60441 0 0 3 0x14200 bored systqmp
15267 283200 0 0 3 0x14200 bored systq
38700 466658 0 0 2 0x40014200 softclock
35517 394750 0 0 3 0x40014200 idle0
16967 332384 0 0 3 0x14200 bored smr
1 416353 0 0 2 0x82 init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 1:
exclusive mutex &(curpg)->mdpage.pv_mtx r = 0 (0xfffffd800744c6b8)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1161
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pmap_remove_ptes+0x22b pmap_remove_pv sys/arch/amd64/amd64/pmap.c:984
[inline]
#3 pmap_remove_ptes+0x22b sys/arch/amd64/amd64/pmap.c:1577
#4 pmap_do_remove+0x400 sys/arch/amd64/amd64/pmap.c:1785
#5 uvm_map_teardown+0x195 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:206
[inline]
#5 uvm_map_teardown+0x195 sys/uvm/uvm_map.c:2650
#6 uvmspace_free+0x86 sys/uvm/uvm_map.c:3519
#7 uvm_exit+0x29 sys/uvm/uvm_glue.c:297
#8 reaper+0x170 sys/kern/kern_exit.c:433
#9 proc_trampoline+0x1c
exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd807effd498)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1161
#1 mtx_enter_try+0x102
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 pmap_do_remove+0x88 rcr3
sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:141 [inline]
#3 pmap_do_remove+0x88 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:418
[inline]
#3 pmap_do_remove+0x88 sys/arch/amd64/amd64/pmap.c:1689
#4 uvm_map_teardown+0x195 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:206
[inline]
#4 uvm_map_teardown+0x195 sys/uvm/uvm_map.c:2650
#5 uvmspace_free+0x86 sys/uvm/uvm_map.c:3519
#6 uvm_exit+0x29 sys/uvm/uvm_glue.c:297
#7 reaper+0x170 sys/kern/kern_exit.c:433
#8 proc_trampoline+0x1c
Process 24666 (softnet) thread 0xffff800020ac0000 (284037)
exclusive rwlock netlock r = 0 (0xffffffff8220efe8)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1161
#1 if_netisr+0x1e sys/net/if.c:981
#2 taskq_thread+0x9c sys/kern/kern_task.c:345
#3 proc_trampoline+0x1c
shared rwlock softnet r = 0 (0xffff8000000230d8)
#0 witness_lock+0x52e sys/kern/subr_witness.c:1161
#1 taskq_thread+0x8f sys/kern/kern_task.c:344
#2 proc_trampoline+0x1c
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9525 6431K 7052K 78643K 14456 0 0
pcb 25 9K 11K 78643K 3704 0 0
rtable 241 23K 26K 78643K 4864 0 0
ifaddr 55 12K 14K 78643K 282 0 0
counters 39 33K 33K 78643K 39 0 0
ioctlops 0 0K 4K 78643K 1529 0 0
iov 0 0K 24K 78643K 197 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1200 75K 76K 78643K 2977 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 25 0 0
VM map 2 1K 1K 78643K 2 0 0
sem 12 0K 0K 78643K 148 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1808 196K 290K 78643K 12628 0 0
file desc 2 4K 25K 78643K 3763 0 0
sigio 0 0K 0K 78643K 20 0 0
proc 54 51K 83K 78643K 1161 0 0
subproc 16 1K 2K 78643K 221 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 181 0 0
in_multi 22 1K 2K 78643K 199 0 0
ether_multi 1 0K 0K 78643K 7 0 0
mrt 0 0K 0K 78643K 20 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 72 318K 318K 78643K 72 0 0
exec 0 0K 1K 78643K 713 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 93 13K 31K 78643K 11348 0 0
UVM aobj 99 4K 4K 78643K 110 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 96 0 0
NDP 12 0K 0K 78643K 89 0 0
temp 155 2732K 2807K 78643K 13940 0 0
kqueue 0 0K 0K 78643K 15 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 28 0 24 1 0 1 1 0
8 0
inpcbpl 280 863 0 857 1 0 1 1 0
8 0
plimitpl 152 62 0 55 1 0 1 1 0
8 0
plcache 128 20 0 0 1 0 1 1 0
8 0
rtentry 112 277 0 242 2 0 2 2 0
8 0
syncache 264 4 0 4 1 1 0 1 0
8 0
tcpcb 544 301 0 297 1 0 1 1 0
8 0
rttmr 72 7 0 7 4 4 0 1 0
8 0
nd6 48 39 0 36 1 0 1 1 0
8 0
ppxss 1128 36 0 36 9 9 0 1 0
8 0
pfosfp 40 846 0 423 5 0 5 5 0
8 0
pfosfpen 112 1428 0 714 21 0 21 21 0
8 0
pfstitem 24 27 0 23 1 0 1 1 0
8 0
pfstkey 112 27 0 23 1 0 1 1 0
8 0
pfstate 328 27 0 23 2 1 1 2 0
8 0
pfrule 1360 21 0 16 2 1 1 2 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 737 0 561 14 0 14 14 0
8 1
art_table 32 738 0 561 2 0 2 2 0
8 0
art_node 16 173 0 142 1 0 1 1 0
8 0
sysvmsgpl 40 10 0 5 1 0 1 1 0
8 0
semapl 112 146 0 136 1 0 1 1 0
8 0
shmpl 112 108 0 11 3 0 3 3 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 6359 0 4926 47 0 47 47 0
8 0
ffsino 272 6359 0 4926 96 0 96 96 0
8 0
nchpl 144 11108 0 9489 63 1 62 62 0
8 0
uvmvnodes 72 5926 0 0 108 0 108 108 0
8 0
vnodes 200 5926 0 0 312 0 312 312 0
8 0
namei 1024 31406 0 31406 2 1 1 1 0
8 1
percpumem 16 30 0 0 1 0 1 1 0
8 0
scsiplug 64 4 0 4 3 3 0 1 0
8 0
scxspl 192 33365 0 33365 16 15 1 6 0
8 1
sigapl 432 3931 0 3919 3 1 2 3 0
8 0
futexpl 56 27979 0 27979 1 0 1 1 0
8 1
knotepl 112 678 0 673 1 0 1 1 0
8 0
kqueuepl 104 510 0 509 1 0 1 1 0
8 0
pipepl 112 1472 0 1462 3 2 1 2 0
8 0
fdescpl 488 3932 0 3919 3 0 3 3 0
8 0
filepl 152 17570 0 17503 9 4 5 7 0
8 1
lockfpl 104 550 0 550 5 5 0 1 0
8 0
lockfspl 48 193 0 193 5 5 0 1 0
8 0
sessionpl 112 30 0 20 1 0 1 1 0
8 0
pgrppl 48 45 0 35 1 0 1 1 0
8 0
ucredpl 96 2714 0 2705 1 0 1 1 0
8 0
zombiepl 144 3919 0 3918 2 1 1 1 0
8 0
processpl 840 3948 0 3918 4 0 4 4 0
8 0
procpl 600 10066 0 10036 4 0 4 4 0
8 0
srpgc 64 77 0 77 5 4 1 1 0
8 1
sosppl 128 23 0 23 8 8 0 1 0
8 0
sockpl 384 4413 0 4395 5 2 3 4 0
8 1
mcl64k 65536 258 0 0 33 18 15 33 0
8 1
mcl16k 16384 2 0 0 1 0 1 1 0
8 0
mcl12k 12288 17 0 0 2 0 2 2 0
8 0
mcl9k 9216 15 0 0 2 0 2 2 0
8 0
mcl8k 8192 6 0 0 1 0 1 1 0
8 0
mcl4k 4096 11 0 0 2 0 2 2 0
8 0
mcl2k2 2112 5 0 0 1 0 1 1 0
8 0
mcl2k 2048 138 0 0 16 0 16 16 0
8 0
mtagpl 80 3 0 0 1 0 1 1 0
8 0
mbufpl 256 425 0 0 25 0 25 25 0
8 0
bufpl 256 12203 0 5195 439 0 439 439 0
8 0
anonpl 16 329686 0 321937 113 70 43 57 0
125 0
amapchunkpl 152 19618 0 19490 31 24 7 10 0
158 1
amappl16 192 19065 0 18535 118 90 28 38 0
8 0
amappl15 184 17 0 17 1 0 1 1 0
8 1
amappl14 176 128 0 123 2 1 1 1 0
8 0
amappl13 168 20 0 20 1 0 1 1 0
8 1
amappl12 160 30 0 29 1 0 1 1 0
8 0
amappl11 152 87 0 69 1 0 1 1 0
8 0
amappl10 144 111 0 108 1 0 1 1 0
8 0
amappl9 136 4283 0 4279 1 0 1 1 0
8 0
amappl8 128 3779 0 3763 1 0 1 1 0
8 0
amappl7 120 86 0 80 1 0 1 1 0
8 0
amappl6 112 74 0 64 1 0 1 1 0
8 0
amappl5 104 223 0 208 1 0 1 1 0
8 0
amappl4 96 4053 0 4024 2 1 1 2 0
8 0
amappl3 88 324 0 312 1 0 1 1 0
8 0
amappl2 80 29732 0 29672 3 1 2 3 0
8 0
amappl1 72 91044 0 90628 26 16 10 20 0
8 0
amappl 80 10494 0 10455 2 0 2 2 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 109 0 11 2 0 2 2 0
8 0
uaddrrnd 24 3932 0 3919 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 3932 0 3919 1 0 1 1 0
8 0
vmmpekpl 168 32014 0 31982 2 0 2 2 0
8 0
vmmpepl 168 414579 0 413124 155 65 90 90 0 357
15
vmsppl 360 3931 0 3918 2 0 2 2 0
8 0
pdppl 4096 7872 0 7836 6 0 6 6 0
8 0
pvpl 32 917810 0 913208 224 106 118 144 0
265 8
pmappl 232 3931 0 3918 2 1 1 2 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 644 0 22 19 0 19 19 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Oct 25, 2019, 4:45:06 AM10/25/19
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages