panic: vput: v_writecount != 0
1 view
Skip to first unread message
syzbot
Jul 20, 2019, 10:21:06 PM7/20/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 463b33d1 Sort TOK_USELEASE case into proper alphabetic loc..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=121c4968600000
kernel config: https://syzkaller.appspot.com/x/.config?x=60e2b7157576c8d7
dashboard link: https://syzkaller.appspot.com/bug?extid=2a29c4391377f57ac593
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2a29c4...@syzkaller.appspotmail.com
panic: vput: v_writecount != 0
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
vput(fffffd8035d7f2e0) at vput+0x187 sys/kern/vfs_subr.c:759
vn_closefile(fffffd802af10f00,ffff800014fdf160) at vn_closefile+0x15b
sys/kern/vfs_vnops.c:589
fdrop(fffffd802af10f00,ffff800014fdf160) at fdrop+0xc9
sys/kern/kern_descrip.c:1269
closef(fffffd802af10f00,ffff800014fdf160) at closef+0x118
sys/kern/kern_descrip.c:1253
fdfree(ffff800014fdf160) at fdfree+0xf7 sys/kern/kern_descrip.c:1185
exit1(ffff800014fdf160,0,1) at exit1+0x32f sys/kern/kern_exit.c:196
sys_exit(ffff800014fdf160,ffff800015a06490,ffff800015a06500) at
sys_exit+0x17 sys/kern/kern_exit.c:94
syscall(ffff800015a06560) at syscall+0x508
Xsyscall(0,1,0,1,0,7f7ffffcc384) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcc350, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
vput: v_writecount != 0
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
vput(fffffd8035d7f2e0) at vput+0x187 sys/kern/vfs_subr.c:759
vn_closefile(fffffd802af10f00,ffff800014fdf160) at vn_closefile+0x15b
sys/kern/vfs_vnops.c:589
fdrop(fffffd802af10f00,ffff800014fdf160) at fdrop+0xc9
sys/kern/kern_descrip.c:1269
closef(fffffd802af10f00,ffff800014fdf160) at closef+0x118
sys/kern/kern_descrip.c:1253
fdfree(ffff800014fdf160) at fdfree+0xf7 sys/kern/kern_descrip.c:1185
exit1(ffff800014fdf160,0,1) at exit1+0x32f sys/kern/kern_exit.c:196
sys_exit(ffff800014fdf160,ffff800015a06490,ffff800015a06500) at
sys_exit+0x17 sys/kern/kern_exit.c:94
syscall(ffff800015a06560) at syscall+0x508
Xsyscall(0,1,0,1,0,7f7ffffcc384) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcc350, count: -11
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff800015a06180
rbx 0xffff800015a06230
rdx 0x2
rcx 0
rax 0
r8 0xffff800015a06140
r9 0x1
r10 0
r11 0x9434756d3625d550
r12 0x3000000008
r13 0xffff800015a06190
r14 0x100
r15 0x1
rip 0xffffffff8125b5f8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800015a06170
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=326610 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
pri=32, usrpri=71, nice=20
forw=0xffffffffffffffff, list=0xffff800014fde018,0xffffffff822c3340
process=0xffff8000ffff6a30 user=0xffff800015a01000,
vmspace=0xfffffd803f014cc0
estcpu=21, cpticks=2, pctcpu=0.10
user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
90070 406631 1 0 3 0x100083 ttyin getty
66235 272344 0 0 3 0x14200 bored sosplice
18893 387885 44669 0 3 0x82 wait syz-executor.0
50824 263280 44669 0 3 0x82 piperd syz-executor.1
44669 92246 15551 0 3 0x82 kqread syz-fuzzer
44669 348364 15551 0 3 0x4000082 thrsleep syz-fuzzer
44669 64781 15551 0 3 0x4000082 thrsleep syz-fuzzer
44669 469277 15551 0 3 0x4000082 thrsleep syz-fuzzer
44669 236731 15551 0 3 0x4000082 thrsleep syz-fuzzer
44669 297065 15551 0 3 0x4000082 thrsleep syz-fuzzer
44669 512336 15551 0 3 0x4000082 thrsleep syz-fuzzer
15551 54636 79452 0 3 0x10008a pause ksh
79452 481500 9249 0 3 0x92 select sshd
9249 290630 1 0 3 0x80 select sshd
1056 345654 8182 73 2 0x100090 syslogd
8182 47832 1 0 3 0x100082 netio syslogd
93748 147913 1 77 3 0x100090 poll dhclient
44234 466627 1 0 3 0x80 poll dhclient
17617 1158 0 0 2 0x14200 zerothread
97654 91882 0 0 3 0x14200 aiodoned aiodoned
33597 437371 0 0 3 0x14200 syncer update
77223 42740 0 0 3 0x14200 cleaner cleaner
66288 221913 0 0 3 0x14200 reaper reaper
58260 161045 0 0 3 0x14200 pgdaemon pagedaemon
73536 159209 0 0 3 0x14200 bored crynlk
82429 69347 0 0 3 0x14200 bored crypto
68113 30928 0 0 3 0x40014200 acpi0 acpi0
31104 256916 0 0 3 0x14200 bored softnet
25544 86460 0 0 3 0x14200 bored systqmp
12487 196497 0 0 3 0x14200 bored systq
5967 377896 0 0 3 0x40014200 bored softclock
52750 375414 0 0 3 0x40014200 idle0
66373 161625 0 0 3 0x14200 bored smr
1 508272 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9521 6369K 10781K 78643K 18579 0 0
pcb 13 8K 8K 78643K 244 0 0
rtable 116 4K 4K 78643K 675 0 0
ifaddr 60 14K 15K 78643K 301 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 162 0 0
iov 0 0K 28K 78643K 384 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1208 76K 77K 78643K 4035 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 44 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 12 0K 0K 78643K 271 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 5 13K 25K 78643K 3080 0 0
sigio 1 0K 0K 78643K 47 0 0
proc 42 30K 54K 78643K 638 0 0
subproc 32 2K 2K 78643K 36 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 279 0 0
in_multi 33 2K 2K 78643K 122 0 0
ether_multi 1 0K 0K 78643K 13 0 0
mrt 0 0K 0K 78643K 7 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 84 371K 371K 78643K 84 0 0
exec 0 0K 1K 78643K 432 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 91 20K 36K 78643K 8162 0 0
UVM aobj 130 4K 4K 78643K 145 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 125 0 0
NDP 13 0K 0K 78643K 81 0 0
temp 178 2727K 2855K 78643K 12607 0 0
kqueue 0 0K 0K 78643K 25 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 6 0 0 1 0 1 1 0
8 0
rtpcb 80 134 0 132 1 0 1 1 0
8 0
rtentry 112 49 0 5 2 0 2 2 0
8 0
unpcb 120 1149 0 1141 1 0 1 1 0
8 0
syncache 264 4 0 4 1 1 0 1 0
8 0
tcpqe 32 386 0 386 1 1 0 1 0
8 0
tcpcb 544 479 0 475 1 0 1 1 0
8 0
inpcb 280 1288 0 1281 2 1 1 2 0
8 0
nd6 48 6 0 0 1 0 1 1 0
8 0
pkpcb 40 12 0 12 5 5 0 1 0
8 0
ppxss 1128 49 0 49 13 13 0 1 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 188 0 0 12 0 12 12 0
8 0
art_table 32 189 0 0 2 0 2 2 0
8 0
art_node 16 44 0 4 1 0 1 1 0
8 0
sysvmsgpl 40 19 0 8 1 0 1 1 0
8 0
semapl 112 269 0 259 1 0 1 1 0
8 0
shmpl 112 143 0 15 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 6476 0 5069 46 0 46 46 0
8 0
ffsino 240 6476 0 5069 84 0 84 84 0
8 0
nchpl 144 11014 0 9379 61 0 61 61 0
8 0
uvmvnodes 72 5934 0 0 108 0 108 108 0
8 0
vnodes 200 5934 0 0 313 0 313 313 0
8 0
namei 1024 34557 0 34557 1 0 1 1 0
8 1
scsiplug 64 6 0 6 6 5 1 1 0
8 1
scxspl 192 51958 0 51958 10 9 1 5 0
8 1
plimitpl 152 261 0 254 1 0 1 1 0
8 0
sigapl 432 3256 0 3243 2 0 2 2 0
8 0
futexpl 56 51065 0 51065 1 0 1 1 0
8 1
knotepl 112 684 0 665 1 0 1 1 0
8 0
kqueuepl 104 824 0 822 1 0 1 1 0
8 0
pipepl 112 1868 0 1849 6 5 1 2 0
8 0
fdescpl 424 3257 0 3243 2 0 2 2 0
8 0
filepl 120 19758 0 19662 5 1 4 5 0
8 0
lockfpl 104 1045 0 1045 4 3 1 1 0
8 1
lockfspl 48 355 0 355 4 3 1 1 0
8 1
sessionpl 112 22 0 12 1 0 1 1 0
8 0
pgrppl 48 52 0 42 1 0 1 1 0
8 0
ucredpl 96 4190 0 4183 1 0 1 1 0
8 0
zombiepl 144 3244 0 3243 2 1 1 1 0
8 0
processpl 864 3272 0 3243 4 0 4 4 0
8 0
procpl 632 7320 0 7285 4 0 4 4 0
8 0
sosppl 128 37 0 37 11 11 0 1 0
8 0
sockpl 384 2617 0 2600 4 1 3 3 0
8 1
mcl64k 65536 621 0 621 73 73 0 65 0
8 0
mcl16k 16384 14 0 14 10 10 0 1 0
8 0
mcl12k 12288 53 0 53 10 9 1 1 0
8 1
mcl9k 9216 38 0 38 12 12 0 1 0
8 0
mcl8k 8192 40 0 40 11 10 1 1 0
8 1
mcl4k 4096 149 0 149 4 3 1 1 0
8 1
mcl2k2 2112 18 0 18 7 6 1 1 0
8 1
mcl2k 2048 57690 0 57653 14 8 6 12 0
8 0
mtagpl 80 14 0 5 2 1 1 1 0
8 0
mbufpl 256 105891 0 105807 40 32 8 37 0
8 0
bufpl 256 23321 0 14625 862 0 862 862 0 8
315
anonpl 16 311053 0 295627 162 100 62 64 0
62 0
amapchunkpl 152 14295 0 14166 48 40 8 18 0
158 3
amappl16 192 18187 0 17326 148 104 44 44 0
8 0
amappl15 184 1525 0 1523 1 0 1 1 0
8 0
amappl14 176 53 0 48 1 0 1 1 0
8 0
amappl13 168 9 0 8 1 0 1 1 0
8 0
amappl12 160 13 0 11 1 0 1 1 0
8 0
amappl11 152 1581 0 1569 1 0 1 1 0
8 0
amappl10 144 66 0 66 5 5 0 1 0
8 0
amappl9 136 559 0 556 1 0 1 1 0
8 0
amappl8 128 133 0 115 1 0 1 1 0
8 0
amappl7 120 38 0 34 1 0 1 1 0
8 0
amappl6 112 1576 0 1569 1 0 1 1 0
8 0
amappl5 104 158 0 148 1 0 1 1 0
8 0
amappl4 96 3521 0 3495 1 0 1 1 0
8 0
amappl3 88 256 0 246 1 0 1 1 0
8 0
amappl2 80 26824 0 26759 4 2 2 3 0
8 0
amappl1 72 64563 0 64130 26 17 9 19 0
8 0
amappl 80 7585 0 7544 1 0 1 1 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 144 0 15 3 0 3 3 0
8 0
uaddrrnd 24 3257 0 3243 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 3257 0 3243 1 0 1 1 0
8 0
vmmpekpl 168 21421 0 21397 2 0 2 2 0
8 0
vmmpepl 168 385246 0 383319 180 96 84 91 0
357 0
vmsppl 272 3256 0 3243 2 1 1 2 0
8 0
pdppl 4096 6520 0 6486 6 1 5 6 0
8 0
pvpl 32 856481 0 837493 323 159 164 222 0 265
10
pmappl 200 3256 0 3243 1 0 1 1 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 1126 0 140 31 2 29 29 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 463b33d1 Sort TOK_USELEASE case into proper alphabetic loc..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=121c4968600000
kernel config: https://syzkaller.appspot.com/x/.config?x=60e2b7157576c8d7
dashboard link: https://syzkaller.appspot.com/bug?extid=2a29c4391377f57ac593
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2a29c4...@syzkaller.appspotmail.com
panic: vput: v_writecount != 0
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
vput(fffffd8035d7f2e0) at vput+0x187 sys/kern/vfs_subr.c:759
vn_closefile(fffffd802af10f00,ffff800014fdf160) at vn_closefile+0x15b
sys/kern/vfs_vnops.c:589
fdrop(fffffd802af10f00,ffff800014fdf160) at fdrop+0xc9
sys/kern/kern_descrip.c:1269
closef(fffffd802af10f00,ffff800014fdf160) at closef+0x118
sys/kern/kern_descrip.c:1253
fdfree(ffff800014fdf160) at fdfree+0xf7 sys/kern/kern_descrip.c:1185
exit1(ffff800014fdf160,0,1) at exit1+0x32f sys/kern/kern_exit.c:196
sys_exit(ffff800014fdf160,ffff800015a06490,ffff800015a06500) at
sys_exit+0x17 sys/kern/kern_exit.c:94
syscall(ffff800015a06560) at syscall+0x508
Xsyscall(0,1,0,1,0,7f7ffffcc384) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcc350, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
vput: v_writecount != 0
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
vput(fffffd8035d7f2e0) at vput+0x187 sys/kern/vfs_subr.c:759
vn_closefile(fffffd802af10f00,ffff800014fdf160) at vn_closefile+0x15b
sys/kern/vfs_vnops.c:589
fdrop(fffffd802af10f00,ffff800014fdf160) at fdrop+0xc9
sys/kern/kern_descrip.c:1269
closef(fffffd802af10f00,ffff800014fdf160) at closef+0x118
sys/kern/kern_descrip.c:1253
fdfree(ffff800014fdf160) at fdfree+0xf7 sys/kern/kern_descrip.c:1185
exit1(ffff800014fdf160,0,1) at exit1+0x32f sys/kern/kern_exit.c:196
sys_exit(ffff800014fdf160,ffff800015a06490,ffff800015a06500) at
sys_exit+0x17 sys/kern/kern_exit.c:94
syscall(ffff800015a06560) at syscall+0x508
Xsyscall(0,1,0,1,0,7f7ffffcc384) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcc350, count: -11
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff800015a06180
rbx 0xffff800015a06230
rdx 0x2
rcx 0
rax 0
r8 0xffff800015a06140
r9 0x1
r10 0
r11 0x9434756d3625d550
r12 0x3000000008
r13 0xffff800015a06190
r14 0x100
r15 0x1
rip 0xffffffff8125b5f8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff800015a06170
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=326610 stat=onproc
flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
pri=32, usrpri=71, nice=20
forw=0xffffffffffffffff, list=0xffff800014fde018,0xffffffff822c3340
process=0xffff8000ffff6a30 user=0xffff800015a01000,
vmspace=0xfffffd803f014cc0
estcpu=21, cpticks=2, pctcpu=0.10
user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
90070 406631 1 0 3 0x100083 ttyin getty
66235 272344 0 0 3 0x14200 bored sosplice
18893 387885 44669 0 3 0x82 wait syz-executor.0
50824 263280 44669 0 3 0x82 piperd syz-executor.1
44669 92246 15551 0 3 0x82 kqread syz-fuzzer
44669 348364 15551 0 3 0x4000082 thrsleep syz-fuzzer
44669 64781 15551 0 3 0x4000082 thrsleep syz-fuzzer
44669 469277 15551 0 3 0x4000082 thrsleep syz-fuzzer
44669 236731 15551 0 3 0x4000082 thrsleep syz-fuzzer
44669 297065 15551 0 3 0x4000082 thrsleep syz-fuzzer
44669 512336 15551 0 3 0x4000082 thrsleep syz-fuzzer
15551 54636 79452 0 3 0x10008a pause ksh
79452 481500 9249 0 3 0x92 select sshd
9249 290630 1 0 3 0x80 select sshd
1056 345654 8182 73 2 0x100090 syslogd
8182 47832 1 0 3 0x100082 netio syslogd
93748 147913 1 77 3 0x100090 poll dhclient
44234 466627 1 0 3 0x80 poll dhclient
17617 1158 0 0 2 0x14200 zerothread
97654 91882 0 0 3 0x14200 aiodoned aiodoned
33597 437371 0 0 3 0x14200 syncer update
77223 42740 0 0 3 0x14200 cleaner cleaner
66288 221913 0 0 3 0x14200 reaper reaper
58260 161045 0 0 3 0x14200 pgdaemon pagedaemon
73536 159209 0 0 3 0x14200 bored crynlk
82429 69347 0 0 3 0x14200 bored crypto
68113 30928 0 0 3 0x40014200 acpi0 acpi0
31104 256916 0 0 3 0x14200 bored softnet
25544 86460 0 0 3 0x14200 bored systqmp
12487 196497 0 0 3 0x14200 bored systq
5967 377896 0 0 3 0x40014200 bored softclock
52750 375414 0 0 3 0x40014200 idle0
66373 161625 0 0 3 0x14200 bored smr
1 508272 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9521 6369K 10781K 78643K 18579 0 0
pcb 13 8K 8K 78643K 244 0 0
rtable 116 4K 4K 78643K 675 0 0
ifaddr 60 14K 15K 78643K 301 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 162 0 0
iov 0 0K 28K 78643K 384 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1208 76K 77K 78643K 4035 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 44 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 12 0K 0K 78643K 271 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 5 13K 25K 78643K 3080 0 0
sigio 1 0K 0K 78643K 47 0 0
proc 42 30K 54K 78643K 638 0 0
subproc 32 2K 2K 78643K 36 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 279 0 0
in_multi 33 2K 2K 78643K 122 0 0
ether_multi 1 0K 0K 78643K 13 0 0
mrt 0 0K 0K 78643K 7 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 84 371K 371K 78643K 84 0 0
exec 0 0K 1K 78643K 432 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 91 20K 36K 78643K 8162 0 0
UVM aobj 130 4K 4K 78643K 145 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 1K 78643K 125 0 0
NDP 13 0K 0K 78643K 81 0 0
temp 178 2727K 2855K 78643K 12607 0 0
kqueue 0 0K 0K 78643K 25 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 6 0 0 1 0 1 1 0
8 0
rtpcb 80 134 0 132 1 0 1 1 0
8 0
rtentry 112 49 0 5 2 0 2 2 0
8 0
unpcb 120 1149 0 1141 1 0 1 1 0
8 0
syncache 264 4 0 4 1 1 0 1 0
8 0
tcpqe 32 386 0 386 1 1 0 1 0
8 0
tcpcb 544 479 0 475 1 0 1 1 0
8 0
inpcb 280 1288 0 1281 2 1 1 2 0
8 0
nd6 48 6 0 0 1 0 1 1 0
8 0
pkpcb 40 12 0 12 5 5 0 1 0
8 0
ppxss 1128 49 0 49 13 13 0 1 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 188 0 0 12 0 12 12 0
8 0
art_table 32 189 0 0 2 0 2 2 0
8 0
art_node 16 44 0 4 1 0 1 1 0
8 0
sysvmsgpl 40 19 0 8 1 0 1 1 0
8 0
semapl 112 269 0 259 1 0 1 1 0
8 0
shmpl 112 143 0 15 4 0 4 4 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 6476 0 5069 46 0 46 46 0
8 0
ffsino 240 6476 0 5069 84 0 84 84 0
8 0
nchpl 144 11014 0 9379 61 0 61 61 0
8 0
uvmvnodes 72 5934 0 0 108 0 108 108 0
8 0
vnodes 200 5934 0 0 313 0 313 313 0
8 0
namei 1024 34557 0 34557 1 0 1 1 0
8 1
scsiplug 64 6 0 6 6 5 1 1 0
8 1
scxspl 192 51958 0 51958 10 9 1 5 0
8 1
plimitpl 152 261 0 254 1 0 1 1 0
8 0
sigapl 432 3256 0 3243 2 0 2 2 0
8 0
futexpl 56 51065 0 51065 1 0 1 1 0
8 1
knotepl 112 684 0 665 1 0 1 1 0
8 0
kqueuepl 104 824 0 822 1 0 1 1 0
8 0
pipepl 112 1868 0 1849 6 5 1 2 0
8 0
fdescpl 424 3257 0 3243 2 0 2 2 0
8 0
filepl 120 19758 0 19662 5 1 4 5 0
8 0
lockfpl 104 1045 0 1045 4 3 1 1 0
8 1
lockfspl 48 355 0 355 4 3 1 1 0
8 1
sessionpl 112 22 0 12 1 0 1 1 0
8 0
pgrppl 48 52 0 42 1 0 1 1 0
8 0
ucredpl 96 4190 0 4183 1 0 1 1 0
8 0
zombiepl 144 3244 0 3243 2 1 1 1 0
8 0
processpl 864 3272 0 3243 4 0 4 4 0
8 0
procpl 632 7320 0 7285 4 0 4 4 0
8 0
sosppl 128 37 0 37 11 11 0 1 0
8 0
sockpl 384 2617 0 2600 4 1 3 3 0
8 1
mcl64k 65536 621 0 621 73 73 0 65 0
8 0
mcl16k 16384 14 0 14 10 10 0 1 0
8 0
mcl12k 12288 53 0 53 10 9 1 1 0
8 1
mcl9k 9216 38 0 38 12 12 0 1 0
8 0
mcl8k 8192 40 0 40 11 10 1 1 0
8 1
mcl4k 4096 149 0 149 4 3 1 1 0
8 1
mcl2k2 2112 18 0 18 7 6 1 1 0
8 1
mcl2k 2048 57690 0 57653 14 8 6 12 0
8 0
mtagpl 80 14 0 5 2 1 1 1 0
8 0
mbufpl 256 105891 0 105807 40 32 8 37 0
8 0
bufpl 256 23321 0 14625 862 0 862 862 0 8
315
anonpl 16 311053 0 295627 162 100 62 64 0
62 0
amapchunkpl 152 14295 0 14166 48 40 8 18 0
158 3
amappl16 192 18187 0 17326 148 104 44 44 0
8 0
amappl15 184 1525 0 1523 1 0 1 1 0
8 0
amappl14 176 53 0 48 1 0 1 1 0
8 0
amappl13 168 9 0 8 1 0 1 1 0
8 0
amappl12 160 13 0 11 1 0 1 1 0
8 0
amappl11 152 1581 0 1569 1 0 1 1 0
8 0
amappl10 144 66 0 66 5 5 0 1 0
8 0
amappl9 136 559 0 556 1 0 1 1 0
8 0
amappl8 128 133 0 115 1 0 1 1 0
8 0
amappl7 120 38 0 34 1 0 1 1 0
8 0
amappl6 112 1576 0 1569 1 0 1 1 0
8 0
amappl5 104 158 0 148 1 0 1 1 0
8 0
amappl4 96 3521 0 3495 1 0 1 1 0
8 0
amappl3 88 256 0 246 1 0 1 1 0
8 0
amappl2 80 26824 0 26759 4 2 2 3 0
8 0
amappl1 72 64563 0 64130 26 17 9 19 0
8 0
amappl 80 7585 0 7544 1 0 1 1 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 144 0 15 3 0 3 3 0
8 0
uaddrrnd 24 3257 0 3243 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 3257 0 3243 1 0 1 1 0
8 0
vmmpekpl 168 21421 0 21397 2 0 2 2 0
8 0
vmmpepl 168 385246 0 383319 180 96 84 91 0
357 0
vmsppl 272 3256 0 3243 2 1 1 2 0
8 0
pdppl 4096 6520 0 6486 6 1 5 6 0
8 0
pvpl 32 856481 0 837493 323 159 164 222 0 265
10
pmappl 200 3256 0 3243 1 0 1 1 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 1126 0 140 31 2 29 29 0
8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jul 20, 2019, 10:54:06 PM7/20/19
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 463b33d1 Sort TOK_USELEASE case into proper alphabetic loc..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=118446afa00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=116b09d0600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2a29c4...@syzkaller.appspotmail.com
panic: vput: v_writecount != 0
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
vput(fffffd803c54b968) at vput+0x187 sys/kern/vfs_subr.c:759
vn_closefile(fffffd8036164620,ffff8000ffff4778) at vn_closefile+0x15b
sys/kern/vfs_vnops.c:589
fdrop(fffffd8036164620,ffff8000ffff4778) at fdrop+0xc9
sys/kern/kern_descrip.c:1269
closef(fffffd8036164620,ffff8000ffff4778) at closef+0x118
sys/kern/kern_descrip.c:1253
fdfree(ffff8000ffff4778) at fdfree+0xf7 sys/kern/kern_descrip.c:1185
exit1(ffff8000ffff4778,0,1) at exit1+0x32f sys/kern/kern_exit.c:196
sys_exit(ffff8000ffff4778,ffff80001497ad70,ffff80001497ade0) at
sys_exit+0x17 sys/kern/kern_exit.c:94
syscall(ffff80001497ae40) at syscall+0x508
Xsyscall(6,1,9c38304f000,1,7f7ffffcf5b8,0) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcf530, count: 4
vn_closefile(fffffd8036164620,ffff8000ffff4778) at vn_closefile+0x15b
sys/kern/vfs_vnops.c:589
fdrop(fffffd8036164620,ffff8000ffff4778) at fdrop+0xc9
sys/kern/kern_descrip.c:1269
closef(fffffd8036164620,ffff8000ffff4778) at closef+0x118
sys/kern/kern_descrip.c:1253
fdfree(ffff8000ffff4778) at fdfree+0xf7 sys/kern/kern_descrip.c:1185
exit1(ffff8000ffff4778,0,1) at exit1+0x32f sys/kern/kern_exit.c:196
sys_exit(ffff8000ffff4778,ffff80001497ad70,ffff80001497ade0) at
sys_exit+0x17 sys/kern/kern_exit.c:94
syscall(ffff80001497ae40) at syscall+0x508
Xsyscall(6,1,9c38304f000,1,7f7ffffcf5b8,0) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcf530, count: -11
rbx 0xffff80001497ab10
rdx 0x2
rcx 0x1
rax 0x1
r8 0xffff80001497aa20
r9 0x1
r10 0x664fd4b721e44895
r11 0xf56480a474f879e4
r12 0x3000000008
r13 0xffff80001497aa70
flags process=100a<EXEC,EXITING,SINGLEEXIT> proc=2000<WEXIT>
pri=32, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff5158,0xffffffff822c3340
process=0xffff800014942018 user=0xffff800014975000,
vmspace=0xfffffd803f014110
estcpu=1, cpticks=2, pctcpu=0.17
64921 447245 93482 0 3 0x92 select sshd
49959 197825 1 0 3 0x100083 ttyin getty
93482 71649 1 0 3 0x80 select sshd
64105 281332 79172 73 2 0x100090 syslogd
79172 151659 1 0 3 0x100082 netio syslogd
76126 399401 1 77 3 0x100090 poll dhclient
1099 97417 1 0 3 0x80 poll dhclient
58472 449 0 0 2 0x14200 zerothread
37070 99317 0 0 3 0x14200 aiodoned aiodoned
59478 72147 0 0 3 0x14200 syncer update
23860 494830 0 0 3 0x14200 cleaner cleaner
87394 42790 0 0 3 0x14200 reaper reaper
78351 261454 0 0 3 0x14200 pgdaemon pagedaemon
62103 412180 0 0 3 0x14200 bored crynlk
82040 126227 0 0 3 0x14200 bored crypto
49473 301178 0 0 3 0x40014200 acpi0 acpi0
18939 518880 0 0 3 0x14200 bored softnet
1055 49461 0 0 3 0x14200 bored systqmp
86508 155873 0 0 3 0x14200 bored systq
37191 156076 0 0 2 0x40014200 softclock
54492 451475 0 0 3 0x40014200 idle0
30700 267962 0 0 3 0x14200 bored smr
1 385230 0 0 3 0x82 wait init
pcb 13 8K 8K 78643K 13 0 0
rtable 61 1K 2K 78643K 115 0 0
ifaddr 21 7K 7K 78643K 21 0 0
proc 40 30K 38K 78643K 257 0 0
ether_multi 1 0K 0K 78643K 1 0 0
exec 0 0K 1K 78643K 152 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
temp 30 2707K 2771K 78643K 1715 0 0
8 0
rtpcb 80 15 0 13 1 0 1 1 0
8 0
rtentry 112 23 0 1 1 0 1 1 0
8 0
unpcb 120 27 0 19 1 0 1 1 0
8 0
syncache 264 5 0 5 1 0 1 1 0
8 1
tcpcb 544 8 0 5 1 0 1 1 0
8 0
inpcb 280 22 0 16 1 0 1 1 0
8 0
8 0
art_table 32 97 0 0 1 0 1 1 0
8 0
art_node 16 22 0 2 1 0 1 1 0
8 0
8 0
ffsino 240 1393 0 17 81 0 81 81 0
8 0
nchpl 144 1578 0 43 57 0 57 57 0
8 0
uvmvnodes 72 1402 0 0 26 0 26 26 0
8 0
vnodes 200 1402 0 0 74 0 74 74 0
8 0
namei 1024 3371 0 3371 2 1 1 1 0
8 1
scxspl 192 18766 0 18766 8 7 1 6 0
8 1
plimitpl 152 13 0 8 1 0 1 1 0
8 0
sigapl 432 176 0 166 2 0 2 2 0
8 0
futexpl 56 7 0 7 1 0 1 1 0
8 1
knotepl 112 5 0 0 1 0 1 1 0
8 0
kqueuepl 104 1 0 0 1 0 1 1 0
8 0
pipepl 112 118 0 111 2 1 1 1 0
8 0
fdescpl 424 177 0 166 2 0 2 2 0
8 0
filepl 120 842 0 798 2 0 2 2 0
8 0
lockfpl 104 6 0 6 1 1 0 1 0
8 0
lockfspl 48 3 0 3 1 1 0 1 0
8 0
sessionpl 112 17 0 9 1 0 1 1 0
8 0
pgrppl 48 17 0 9 1 0 1 1 0
8 0
ucredpl 96 47 0 40 1 0 1 1 0
8 0
zombiepl 144 167 0 166 2 1 1 1 0
8 0
processpl 864 191 0 166 4 0 4 4 0
8 0
procpl 632 197 0 172 3 0 3 3 0
8 0
sockpl 384 64 0 48 2 0 2 2 0
8 0
mcl4k 4096 10 0 10 1 0 1 1 0
8 1
mcl2k 2048 6105 0 6070 8 2 6 8 0
8 1
mtagpl 80 2 0 2 1 1 0 1 0
8 0
mbufpl 256 10426 0 10380 7 3 4 6 0
8 0
bufpl 256 10270 0 5372 624 0 624 624 0 8
315
anonpl 16 22051 0 16769 24 2 22 22 0
62 0
amapchunkpl 152 503 0 441 3 0 3 3 0
158 0
amappl16 192 320 0 73 13 0 13 13 0
8 0
amappl14 176 36 0 32 1 0 1 1 0
8 0
amappl12 160 4 0 4 1 1 0 1 0
8 0
amappl11 152 40 0 29 1 0 1 1 0
8 0
amappl10 144 45 0 45 2 1 1 1 0
8 1
amappl9 136 389 0 388 1 0 1 1 0
8 0
amappl8 128 84 0 79 1 0 1 1 0
8 0
amappl7 120 15 0 14 1 0 1 1 0
8 0
amappl6 112 41 0 37 1 0 1 1 0
8 0
amappl5 104 138 0 129 1 0 1 1 0
8 0
amappl4 96 399 0 378 1 0 1 1 0
8 0
amappl3 88 147 0 136 1 0 1 1 0
8 0
amappl2 80 694 0 638 3 1 2 2 0
8 0
amappl1 72 12164 0 11763 16 6 10 16 0
8 0
amappl 80 371 0 345 1 0 1 1 0
8 0
uaddrrnd 24 177 0 166 1 0 1 1 0
8 0
vmmpekpl 168 5342 0 5327 1 0 1 1 0
8 0
vmmpepl 168 26052 0 25007 64 18 46 48 0
357 0
vmsppl 272 176 0 166 1 0 1 1 0
8 0
pdppl 4096 360 0 332 5 0 5 5 0
8 0
pvpl 32 75499 0 68609 61 5 56 56 0
265 0
pmappl 200 176 0 166 1 0 1 1 0
8 0
ddb>
HEAD commit: 463b33d1 Sort TOK_USELEASE case into proper alphabetic loc..
git tree: openbsd
kernel config: https://syzkaller.appspot.com/x/.config?x=60e2b7157576c8d7
dashboard link: https://syzkaller.appspot.com/bug?extid=2a29c4391377f57ac593
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=162c051fa00000
dashboard link: https://syzkaller.appspot.com/bug?extid=2a29c4391377f57ac593
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=116b09d0600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2a29c4...@syzkaller.appspotmail.com
panic: vput: v_writecount != 0
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
vn_closefile(fffffd8036164620,ffff8000ffff4778) at vn_closefile+0x15b
sys/kern/vfs_vnops.c:589
fdrop(fffffd8036164620,ffff8000ffff4778) at fdrop+0xc9
sys/kern/kern_descrip.c:1269
closef(fffffd8036164620,ffff8000ffff4778) at closef+0x118
sys/kern/kern_descrip.c:1253
fdfree(ffff8000ffff4778) at fdfree+0xf7 sys/kern/kern_descrip.c:1185
exit1(ffff8000ffff4778,0,1) at exit1+0x32f sys/kern/kern_exit.c:196
sys_exit(ffff8000ffff4778,ffff80001497ad70,ffff80001497ade0) at
sys_exit+0x17 sys/kern/kern_exit.c:94
syscall(ffff80001497ae40) at syscall+0x508
Xsyscall(6,1,9c38304f000,1,7f7ffffcf5b8,0) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcf530, count: 4
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
vput: v_writecount != 0
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
vput(fffffd803c54b968) at vput+0x187 sys/kern/vfs_subr.c:759
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
vput: v_writecount != 0
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:212
vn_closefile(fffffd8036164620,ffff8000ffff4778) at vn_closefile+0x15b
sys/kern/vfs_vnops.c:589
fdrop(fffffd8036164620,ffff8000ffff4778) at fdrop+0xc9
sys/kern/kern_descrip.c:1269
closef(fffffd8036164620,ffff8000ffff4778) at closef+0x118
sys/kern/kern_descrip.c:1253
fdfree(ffff8000ffff4778) at fdfree+0xf7 sys/kern/kern_descrip.c:1185
exit1(ffff8000ffff4778,0,1) at exit1+0x32f sys/kern/kern_exit.c:196
sys_exit(ffff8000ffff4778,ffff80001497ad70,ffff80001497ade0) at
sys_exit+0x17 sys/kern/kern_exit.c:94
syscall(ffff80001497ae40) at syscall+0x508
Xsyscall(6,1,9c38304f000,1,7f7ffffcf5b8,0) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffcf530, count: -11
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80001497aa60
rdi 0
rsi 0x1
rbx 0xffff80001497ab10
rdx 0x2
rcx 0x1
rax 0x1
r8 0xffff80001497aa20
r9 0x1
r10 0x664fd4b721e44895
r11 0xf56480a474f879e4
r12 0x3000000008
r13 0xffff80001497aa70
r14 0x100
r15 0x1
rip 0xffffffff8125b5f8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80001497aa50
r15 0x1
rip 0xffffffff8125b5f8 db_enter+0x18
cs 0x8
rflags 0x246
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor7698) pid=26392 stat=onproc
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
flags process=100a<EXEC,EXITING,SINGLEEXIT> proc=2000<WEXIT>
pri=32, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffff5158,0xffffffff822c3340
process=0xffff800014942018 user=0xffff800014975000,
vmspace=0xfffffd803f014110
estcpu=1, cpticks=2, pctcpu=0.17
user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
73377 257695 64921 0 3 0x10008a pause ksh
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
64921 447245 93482 0 3 0x92 select sshd
49959 197825 1 0 3 0x100083 ttyin getty
93482 71649 1 0 3 0x80 select sshd
64105 281332 79172 73 2 0x100090 syslogd
79172 151659 1 0 3 0x100082 netio syslogd
76126 399401 1 77 3 0x100090 poll dhclient
1099 97417 1 0 3 0x80 poll dhclient
58472 449 0 0 2 0x14200 zerothread
37070 99317 0 0 3 0x14200 aiodoned aiodoned
59478 72147 0 0 3 0x14200 syncer update
23860 494830 0 0 3 0x14200 cleaner cleaner
87394 42790 0 0 3 0x14200 reaper reaper
78351 261454 0 0 3 0x14200 pgdaemon pagedaemon
62103 412180 0 0 3 0x14200 bored crynlk
82040 126227 0 0 3 0x14200 bored crypto
49473 301178 0 0 3 0x40014200 acpi0 acpi0
18939 518880 0 0 3 0x14200 bored softnet
1055 49461 0 0 3 0x14200 bored systqmp
86508 155873 0 0 3 0x14200 bored systq
37191 156076 0 0 2 0x40014200 softclock
54492 451475 0 0 3 0x40014200 idle0
30700 267962 0 0 3 0x14200 bored smr
1 385230 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9428 6307K 6309K 78643K 10523 0 0
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
pcb 13 8K 8K 78643K 13 0 0
rtable 61 1K 2K 78643K 115 0 0
ifaddr 21 7K 7K 78643K 21 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 13 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1181 74K 74K 78643K 1186 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 1K 78643K 2 0 0
UFS mount 5 36K 36K 78643K 5 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 2 0K 0K 78643K 2 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 1 0K 0K 78643K 1 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
proc 40 30K 38K 78643K 257 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
in_multi 11 0K 0K 78643K 11 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ether_multi 1 0K 0K 78643K 1 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 18 79K 79K 78643K 18 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
exec 0 0K 1K 78643K 152 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 61 3K 3K 78643K 709 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM aobj 2 2K 2K 78643K 2 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
NDP 3 0K 0K 78643K 3 0 0
crypto data 1 1K 1K 78643K 1 0 0
temp 30 2707K 2771K 78643K 1715 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
arp 64 2 0 0 1 0 1 1 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg
Idle
8 0
rtpcb 80 15 0 13 1 0 1 1 0
8 0
rtentry 112 23 0 1 1 0 1 1 0
8 0
unpcb 120 27 0 19 1 0 1 1 0
8 0
syncache 264 5 0 5 1 0 1 1 0
8 1
tcpcb 544 8 0 5 1 0 1 1 0
8 0
inpcb 280 22 0 16 1 0 1 1 0
8 0
art_heap8 4096 1 0 0 1 0 1 1 0
8 0
art_heap4 256 96 0 0 6 0 6 6 0
8 0
8 0
art_table 32 97 0 0 1 0 1 1 0
8 0
art_node 16 22 0 2 1 0 1 1 0
8 0
dirhash 1024 17 0 0 3 0 3 3 0
8 0
dino1pl 128 1393 0 17 45 0 45 45 0
8 0
8 0
ffsino 240 1393 0 17 81 0 81 81 0
8 0
nchpl 144 1578 0 43 57 0 57 57 0
8 0
uvmvnodes 72 1402 0 0 26 0 26 26 0
8 0
vnodes 200 1402 0 0 74 0 74 74 0
8 0
namei 1024 3371 0 3371 2 1 1 1 0
8 1
scxspl 192 18766 0 18766 8 7 1 6 0
8 1
plimitpl 152 13 0 8 1 0 1 1 0
8 0
sigapl 432 176 0 166 2 0 2 2 0
8 0
futexpl 56 7 0 7 1 0 1 1 0
8 1
knotepl 112 5 0 0 1 0 1 1 0
8 0
kqueuepl 104 1 0 0 1 0 1 1 0
8 0
pipepl 112 118 0 111 2 1 1 1 0
8 0
fdescpl 424 177 0 166 2 0 2 2 0
8 0
filepl 120 842 0 798 2 0 2 2 0
8 0
lockfpl 104 6 0 6 1 1 0 1 0
8 0
lockfspl 48 3 0 3 1 1 0 1 0
8 0
sessionpl 112 17 0 9 1 0 1 1 0
8 0
pgrppl 48 17 0 9 1 0 1 1 0
8 0
ucredpl 96 47 0 40 1 0 1 1 0
8 0
zombiepl 144 167 0 166 2 1 1 1 0
8 0
processpl 864 191 0 166 4 0 4 4 0
8 0
procpl 632 197 0 172 3 0 3 3 0
8 0
sockpl 384 64 0 48 2 0 2 2 0
8 0
mcl4k 4096 10 0 10 1 0 1 1 0
8 1
mcl2k 2048 6105 0 6070 8 2 6 8 0
8 1
mtagpl 80 2 0 2 1 1 0 1 0
8 0
mbufpl 256 10426 0 10380 7 3 4 6 0
8 0
bufpl 256 10270 0 5372 624 0 624 624 0 8
315
anonpl 16 22051 0 16769 24 2 22 22 0
62 0
amapchunkpl 152 503 0 441 3 0 3 3 0
158 0
amappl16 192 320 0 73 13 0 13 13 0
8 0
amappl14 176 36 0 32 1 0 1 1 0
8 0
amappl12 160 4 0 4 1 1 0 1 0
8 0
amappl11 152 40 0 29 1 0 1 1 0
8 0
amappl10 144 45 0 45 2 1 1 1 0
8 1
amappl9 136 389 0 388 1 0 1 1 0
8 0
amappl8 128 84 0 79 1 0 1 1 0
8 0
amappl7 120 15 0 14 1 0 1 1 0
8 0
amappl6 112 41 0 37 1 0 1 1 0
8 0
amappl5 104 138 0 129 1 0 1 1 0
8 0
amappl4 96 399 0 378 1 0 1 1 0
8 0
amappl3 88 147 0 136 1 0 1 1 0
8 0
amappl2 80 694 0 638 3 1 2 2 0
8 0
amappl1 72 12164 0 11763 16 6 10 16 0
8 0
amappl 80 371 0 345 1 0 1 1 0
84 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
aobjpl 64 1 0 0 1 0 1 1 0
dma4096 4096 1 0 1 1 1 0 1 0
8 0
dma256 256 6 0 6 1 1 0 1 0
8 0
dma64 64 259 0 259 1 1 0 1 0
8 0
dma32 32 7 0 7 1 1 0 1 0
8 0
dma16 16 17 0 17 1 1 0 1 0
8 0
8 0
uaddrrnd 24 177 0 166 1 0 1 1 0
8 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
uaddr 24 177 0 166 1 0 1 1 0
uaddrbest 32 2 0 0 1 0 1 1 0
8 0
8 0
vmmpekpl 168 5342 0 5327 1 0 1 1 0
8 0
vmmpepl 168 26052 0 25007 64 18 46 48 0
357 0
vmsppl 272 176 0 166 1 0 1 1 0
8 0
pdppl 4096 360 0 332 5 0 5 5 0
8 0
pvpl 32 75499 0 68609 61 5 56 56 0
265 0
pmappl 200 176 0 166 1 0 1 1 0
8 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
phpool 112 742 0 8 21 0 21 21 0
extentpl 40 41 0 26 1 0 1 1 0
8 0
8 0
ddb>
Anton Lindqvist
Jul 22, 2019, 2:58:08 AM7/22/19
to syzbot, syzkaller-o...@googlegroups.com
#syz invalid
Writing to the swap partition can lead to all kind of corruptions.
Creating such device nodes should not be possible anymore[1].
[1] https://github.com/google/syzkaller/pull/1295
Writing to the swap partition can lead to all kind of corruptions.
Creating such device nodes should not be possible anymore[1].
[1] https://github.com/google/syzkaller/pull/1295
Reply all
Reply to author
Forward
0 new messages