kernel: double fault trap, code=0 (4)
7 views
Skip to first unread message
syzbot
Apr 14, 2020, 9:15:18 AM4/14/20
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 25b10e59 sync
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11ff8fe7e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=a43ace363f1b663238f8
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a43ace...@syzkaller.appspotmail.com
kernel: double fault trap, code=0
Stopped at in_pcbhash+0x29: movq %r8,0xffffffffffffff90(%rbp)
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
in_pcbhash(ffffffff825c05f8,0,ffff80001e8430a0,81,ffff80001e8430a8,81) at in_pcbhash+0x29 sys/netinet/in_pcb.c:141
in_pcbhashlookup(ffffffff825c05f8,ffffffff,81,ffffffff,81,0) at in_pcbhashlookup+0x7f
udp_input(ffff80001e8433d8,ffff80001e8433e4,11,2) at udp_input+0xcfd sys/netinet/udp_usrreq.c:489
ip_deliver(ffff80001e8433d8,ffff80001e8433e4,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001e8433d8,ffff80001e8433e4,cc9,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001e8433d8,ffff80001e8433e4,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd806bc21000) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd806bc21000,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd806bc21500,fffffd805e55d2b0,fffffd805e380070,ffff80001e843528) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd806bc21500,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd806bc21500,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd806bc21500,fffffd80604c6600,fffffd805e55d2a0,0,0,fffffd805e55d230) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e55d230,fffffd806bc21500,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805e55e000,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805e55e000) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e55d230,fffffd80604c6500,fffffd80604c65dc,0,18,fffffd80604c65f4) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001e843ba8,ffff80001e843bb4,11,2) at udp_input+0x10d8
ip_deliver(ffff80001e843ba8,ffff80001e843bb4,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001e843ba8,ffff80001e843bb4,ab5,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001e843ba8,ffff80001e843bb4,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd80604c6500) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd80604c6500,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd806bc21300,fffffd805e55d2b0,fffffd805e380070,ffff80001e843cf8) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd806bc21300,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd806bc21300,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd806bc21300,fffffd80604c6600,fffffd805e55d2a0,0,0,fffffd805e55d230) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e55d230,fffffd806bc21300,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805e55e000,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805e55e000) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e55d230,fffffd806bc21500,fffffd806bc215e0,0,18,fffffd806bc215f8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001e844378,ffff80001e844384,11,2) at udp_input+0x10d8
ip_deliver(ffff80001e844378,ffff80001e844384,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001e844378,ffff80001e844384,86c,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001e844378,ffff80001e844384,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd806bc21500) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd806bc21500,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd806bc21100,fffffd805e55d2b0,fffffd805e380070,ffff80001e8444c8) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd806bc21100,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd806bc21100,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd806bc21100,fffffd80604c6600,fffffd805e55d2a0,0,0,fffffd805e55d230) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e55d230,fffffd806bc21100,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805e55e000,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805e55e000) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e55d230,fffffd806bc21300,fffffd806bc213dc,0,18,fffffd806bc213f4) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001e844b48,ffff80001e844b54,11,2) at udp_input+0x10d8
ip_deliver(ffff80001e844b48,ffff80001e844b54,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001e844b48,ffff80001e844b54,657,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001e844b48,ffff80001e844b54,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd806bc21300) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd806bc21300,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd806bc21700,fffffd805e55d2b0,fffffd805e380070,ffff80001e844c98) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd806bc21700,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd806bc21700,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd806bc21700,fffffd80604c6600,fffffd805e55d2a0,0,0,fffffd805e55d230) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e55d230,fffffd806bc21700,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805e55e000,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805e55e000) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e55d230,fffffd806bc21100,fffffd806bc211e0,0,18,fffffd806bc211f8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001e845318,ffff80001e845324,11,2) at udp_input+0x10d8
ip_deliver(ffff80001e845318,ffff80001e845324,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001e845318,ffff80001e845324,40c,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001e845318,ffff80001e845324,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd806bc21100) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd806bc21100,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd8057dfad00,fffffd805e55d2b0,fffffd805e380070,ffff80001e845468) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd8057dfad00,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd8057dfad00,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd8057dfad00,fffffd80604c6600,fffffd805e55d2a0,0,0,fffffd805e55d230) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e55d230,fffffd8057dfad00,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805e55e000,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805e55e000) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e55d230,fffffd806bc21700,fffffd806bc217dc,0,18,fffffd806bc217f4) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001e845ae8,ffff80001e845af4,11,2) at udp_input+0x10d8
ip_deliver(ffff80001e845ae8,ffff80001e845af4,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001e845ae8,ffff80001e845af4,1f3,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001e845ae8,ffff80001e845af4,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd806bc21700) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd806bc21700,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd8055137400,fffffd805e55d2b0,fffffd805e380070,ffff80001e845c38) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd8055137400,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd8055137400,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd8055137400,fffffd80604c6600,fffffd805e55d2a0,0,0,fffffd805e55d230) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e55d230,fffffd8055137600,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
sosend(fffffd805e55e000,0,ffff80001e846008,0,0,0) at sosend+0x669 sys/kern/uipc_socket.c:549
dofilewritev(ffff80001d73a5f8,0,ffff80001e846008,0,ffff80001e8460f0) at dofilewritev+0x1ab sys/kern/sys_generic.c:365
sys_write(ffff80001d73a5f8,ffff80001e8460a8,ffff80001e8460f0) at sys_write+0x83 sys/kern/sys_generic.c:285
syscall(ffff80001e846170) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc21aa774610, count: -82
ddb> show registers
rdi 0xffffffff825c05f8 udbtable
rsi 0
rbp 0xffff80001e843060
rbx 0x81
rdx 0xffff80001e8430a0
rcx 0x81
rax 0
r8 0xffff80001e8430a8
r9 0x81
r10 0xffff8000009f9ec0
r11 0x9507fcc6c4c85607
r12 0x81
r13 0x81
r14 0
r15 0xffffffff
rip 0xffffffff81ed0409 in_pcbhash+0x29
cs 0x8
rflags 0x10286 __ALIGN_SIZE+0xf286
rsp 0xffff80001e842fc0
ss 0x10
in_pcbhash+0x29: movq %r8,0xffffffffffffff90(%rbp)
ddb> show proc
PROC (syz-executor.1) pid=314933 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=53, nice=20
forw=0xffffffffffffffff, list=0xffff80001d739008,0xffff80001d739768
process=0xffff8000ffffb208 user=0xffff80001e841000, vmspace=0xfffffd806bc09440
estcpu=12, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
67805 103663 0 0 3 0x14200 bored sosplice
33577 244970 37567 0 2 0 syz-executor.1
*33577 314933 37567 0 7 0x4000000 syz-executor.1
37567 343038 38133 0 3 0x82 nanosleep syz-executor.1
87359 230192 38133 0 3 0x82 nanosleep syz-executor.0
38133 271708 5988 0 3 0x82 thrsleep syz-fuzzer
38133 126035 5988 0 3 0x4000082 thrsleep syz-fuzzer
38133 118815 5988 0 3 0x4000082 thrsleep syz-fuzzer
38133 516895 5988 0 3 0x4000082 thrsleep syz-fuzzer
38133 57016 5988 0 3 0x4000082 kqread syz-fuzzer
38133 493382 5988 0 3 0x4000082 thrsleep syz-fuzzer
38133 186814 5988 0 3 0x4000082 thrsleep syz-fuzzer
5988 349015 93915 0 3 0x10008a pause ksh
93915 186280 57272 0 3 0x92 select sshd
37608 241891 1 0 3 0x100083 ttyin getty
57272 142847 1 0 3 0x80 select sshd
48023 259893 37044 73 3 0x100090 kqread syslogd
37044 481391 1 0 3 0x100082 netio syslogd
20550 507467 1 77 3 0x100090 poll dhclient
82261 162571 1 0 3 0x80 poll dhclient
88124 268982 0 0 3 0x14200 bored smr
30166 102047 0 0 2 0x14200 zerothread
19777 278459 0 0 3 0x14200 aiodoned aiodoned
95143 256154 0 0 3 0x14200 syncer update
75902 442794 0 0 3 0x14200 cleaner cleaner
99641 296278 0 0 3 0x14200 reaper reaper
359 188628 0 0 3 0x14200 pgdaemon pagedaemon
90876 415639 0 0 3 0x14200 bored crynlk
94985 192983 0 0 3 0x14200 bored crypto
20745 193649 0 0 3 0x40014200 acpi0 acpi0
29076 458295 0 0 3 0x14200 bored softnet
44037 505919 0 0 3 0x14200 bored systqmp
87647 1879 0 0 3 0x14200 bored systq
8042 351011 0 0 3 0x40014200 bored softclock
9637 168967 0 0 3 0x40014200 idle0
1 265838 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9477 6467K 6527K 78643K 10639 0
pcb 13 8K 8K 78643K 41 0
rtable 105 3K 3K 78643K 223 0
ifaddr 48 11K 12K 78643K 73 0
counters 21 16K 17K 78643K 26 0
ioctlops 0 0K 2K 78643K 23 0
iov 0 0K 12K 78643K 12 0
mount 1 1K 1K 78643K 1 0
vnodes 1218 77K 77K 78643K 1245 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 0K 0K 78643K 2 0
sem 9 0K 1K 78643K 13 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1794 195K 288K 78643K 12646 0
file desc 5 13K 25K 78643K 77 0
proc 49 38K 63K 78643K 362 0
subproc 32 2K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 10 0
in_multi 33 2K 2K 78643K 33 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 43 201K 201K 78643K 43 0
exec 0 0K 1K 78643K 193 0
pfkey data 0 0K 1K 78643K 2 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 93 21K 41K 78643K 1013 0
UVM aobj 4 2K 2K 78643K 4 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 14 0
NDP 7 0K 0K 78643K 16 0
temp 72 3032K 3096K 78643K 2639 0
kqueue 3 4K 4K 78643K 3 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 6 0 0 1 0 1 1 0 8 0
rtpcb 80 21 0 19 1 0 1 1 0 8 0
rtentry 112 45 0 1 2 0 2 2 0 8 0
unpcb 120 47 0 39 1 0 1 1 0 8 0
syncache 264 4 0 4 1 1 0 1 0 8 0
tcpqe 32 78 0 78 1 0 1 1 0 8 1
tcpcb 544 26 0 22 1 0 1 1 0 8 0
ipq 40 1 0 1 1 0 1 1 0 8 1
ipqe 40 3 0 3 1 0 1 1 0 8 1
inpcb 280 132 0 122 2 0 2 2 0 8 1
nd6 48 6 0 0 1 0 1 1 0 8 0
pkpcb 40 3 0 3 1 0 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 189 0 0 12 0 12 12 0 8 0
art_table 32 190 0 0 2 0 2 2 0 8 0
art_node 16 44 0 4 1 0 1 1 0 8 0
sysvmsgpl 40 1 0 1 1 0 1 1 0 8 1
semupl 112 1 0 1 1 0 1 1 0 8 1
semapl 112 9 0 2 1 0 1 1 0 8 0
shmpl 112 2 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1496 0 95 46 0 46 46 0 8 0
ffsino 240 1496 0 95 83 0 83 83 0 8 0
nchpl 144 1781 0 170 60 0 60 60 0 8 0
uvmvnodes 72 1551 0 0 29 0 29 29 0 8 0
vnodes 208 1551 0 0 82 0 82 82 0 8 0
namei 1024 4402 0 4402 1 0 1 1 0 8 1
vmpool 528 3 0 3 1 0 1 1 0 8 1
scxspl 192 5462 0 5462 1 0 1 1 0 8 1
plimitpl 152 15 0 8 1 0 1 1 0 8 0
sigapl 424 264 0 235 4 0 4 4 0 8 0
futexpl 56 1170 0 1170 1 0 1 1 0 8 1
knotepl 112 53 0 34 1 0 1 1 0 8 0
kqueuepl 144 6 0 2 1 0 1 1 0 8 0
pipelkpl 16 77 0 67 1 0 1 1 0 8 0
pipepl 120 154 0 135 1 0 1 1 0 8 0
fdescpl 432 249 0 235 2 0 2 2 0 8 0
filepl 120 1370 0 1270 4 0 4 4 0 8 0
lockfpl 104 19 0 18 1 0 1 1 0 8 0
lockfspl 48 8 0 7 1 0 1 1 0 8 0
sessionpl 112 17 0 7 1 0 1 1 0 8 0
pgrppl 48 17 0 7 1 0 1 1 0 8 0
ucredpl 96 157 0 149 1 0 1 1 0 8 0
zombiepl 144 235 0 234 1 0 1 1 0 8 0
processpl 920 264 0 234 4 0 4 4 0 8 0
procpl 624 326 0 289 4 0 4 4 0 8 1
sosppl 128 1 0 0 1 0 1 1 0 8 0
sockpl 400 203 0 183 3 0 3 3 0 8 0
mcl64k 65536 6 0 6 1 0 1 1 0 8 1
mcl8k 8192 2 0 2 1 0 1 1 0 8 1
mcl4k 4096 12 0 12 1 0 1 1 0 8 1
mcl2k2 2112 1 0 1 1 0 1 1 0 8 1
mcl2k 2048 62067 0 62022 16 3 13 13 0 8 7
mtagpl 80 3 0 2 2 1 1 1 0 8 0
mbufpl 256 98505 0 98420 11 1 10 10 0 8 0
bufpl 280 4250 0 161 293 0 293 293 0 8 0
anonpl 16 39473 0 25329 62 1 61 61 0 107 1
amapchunkpl 152 1606 0 1462 20 0 20 20 0 158 12
amappl16 192 1107 0 301 42 0 42 42 0 8 1
amappl15 184 2 0 1 1 0 1 1 0 8 0
amappl14 176 1 0 1 1 1 0 1 0 8 0
amappl13 168 24 0 23 1 0 1 1 0 8 0
amappl12 160 14 0 10 1 0 1 1 0 8 0
amappl11 152 91 0 75 1 0 1 1 0 8 0
amappl10 144 35 0 31 1 0 1 1 0 8 0
amappl9 136 379 0 376 1 0 1 1 0 8 0
amappl8 128 263 0 249 1 0 1 1 0 8 0
amappl7 120 128 0 117 1 0 1 1 0 8 0
amappl6 112 43 0 37 1 0 1 1 0 8 0
amappl5 104 182 0 170 1 0 1 1 0 8 0
amappl4 96 434 0 404 1 0 1 1 0 8 0
amappl3 88 104 0 98 1 0 1 1 0 8 0
amappl2 80 1191 0 1128 3 1 2 3 0 8 0
amappl1 72 14144 0 13728 26 10 16 20 0 8 6
amappl 80 570 0 527 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 3 0 0 1 0 1 1 0 8 0
uaddrrnd 24 252 0 238 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 252 0 238 1 0 1 1 0 8 0
vmmpekpl 168 5841 0 5815 2 0 2 2 0 8 0
vmmpepl 168 37180 0 35322 138 5 133 133 0 357 52
vmsppl 272 251 0 238 2 0 2 2 0 8 1
pdppl 4096 510 0 476 6 0 6 6 0 8 1
pvpl 32 132838 0 115743 149 0 149 149 0 265 5
pmappl 200 251 0 238 1 0 1 1 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 148 0 6 5 0 5 5 0 8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 25b10e59 sync
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11ff8fe7e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=a43ace363f1b663238f8
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a43ace...@syzkaller.appspotmail.com
kernel: double fault trap, code=0
Stopped at in_pcbhash+0x29: movq %r8,0xffffffffffffff90(%rbp)
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
in_pcbhash(ffffffff825c05f8,0,ffff80001e8430a0,81,ffff80001e8430a8,81) at in_pcbhash+0x29 sys/netinet/in_pcb.c:141
in_pcbhashlookup(ffffffff825c05f8,ffffffff,81,ffffffff,81,0) at in_pcbhashlookup+0x7f
udp_input(ffff80001e8433d8,ffff80001e8433e4,11,2) at udp_input+0xcfd sys/netinet/udp_usrreq.c:489
ip_deliver(ffff80001e8433d8,ffff80001e8433e4,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001e8433d8,ffff80001e8433e4,cc9,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001e8433d8,ffff80001e8433e4,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd806bc21000) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd806bc21000,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd806bc21500,fffffd805e55d2b0,fffffd805e380070,ffff80001e843528) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd806bc21500,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd806bc21500,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd806bc21500,fffffd80604c6600,fffffd805e55d2a0,0,0,fffffd805e55d230) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e55d230,fffffd806bc21500,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805e55e000,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805e55e000) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e55d230,fffffd80604c6500,fffffd80604c65dc,0,18,fffffd80604c65f4) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001e843ba8,ffff80001e843bb4,11,2) at udp_input+0x10d8
ip_deliver(ffff80001e843ba8,ffff80001e843bb4,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001e843ba8,ffff80001e843bb4,ab5,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001e843ba8,ffff80001e843bb4,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd80604c6500) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd80604c6500,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd806bc21300,fffffd805e55d2b0,fffffd805e380070,ffff80001e843cf8) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd806bc21300,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd806bc21300,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd806bc21300,fffffd80604c6600,fffffd805e55d2a0,0,0,fffffd805e55d230) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e55d230,fffffd806bc21300,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805e55e000,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805e55e000) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e55d230,fffffd806bc21500,fffffd806bc215e0,0,18,fffffd806bc215f8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001e844378,ffff80001e844384,11,2) at udp_input+0x10d8
ip_deliver(ffff80001e844378,ffff80001e844384,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001e844378,ffff80001e844384,86c,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001e844378,ffff80001e844384,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd806bc21500) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd806bc21500,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd806bc21100,fffffd805e55d2b0,fffffd805e380070,ffff80001e8444c8) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd806bc21100,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd806bc21100,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd806bc21100,fffffd80604c6600,fffffd805e55d2a0,0,0,fffffd805e55d230) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e55d230,fffffd806bc21100,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805e55e000,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805e55e000) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e55d230,fffffd806bc21300,fffffd806bc213dc,0,18,fffffd806bc213f4) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001e844b48,ffff80001e844b54,11,2) at udp_input+0x10d8
ip_deliver(ffff80001e844b48,ffff80001e844b54,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001e844b48,ffff80001e844b54,657,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001e844b48,ffff80001e844b54,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd806bc21300) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd806bc21300,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd806bc21700,fffffd805e55d2b0,fffffd805e380070,ffff80001e844c98) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd806bc21700,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd806bc21700,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd806bc21700,fffffd80604c6600,fffffd805e55d2a0,0,0,fffffd805e55d230) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e55d230,fffffd806bc21700,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805e55e000,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805e55e000) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e55d230,fffffd806bc21100,fffffd806bc211e0,0,18,fffffd806bc211f8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001e845318,ffff80001e845324,11,2) at udp_input+0x10d8
ip_deliver(ffff80001e845318,ffff80001e845324,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001e845318,ffff80001e845324,40c,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001e845318,ffff80001e845324,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd806bc21100) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd806bc21100,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd8057dfad00,fffffd805e55d2b0,fffffd805e380070,ffff80001e845468) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd8057dfad00,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd8057dfad00,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd8057dfad00,fffffd80604c6600,fffffd805e55d2a0,0,0,fffffd805e55d230) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e55d230,fffffd8057dfad00,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805e55e000,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805e55e000) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e55d230,fffffd806bc21700,fffffd806bc217dc,0,18,fffffd806bc217f4) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001e845ae8,ffff80001e845af4,11,2) at udp_input+0x10d8
ip_deliver(ffff80001e845ae8,ffff80001e845af4,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001e845ae8,ffff80001e845af4,1f3,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001e845ae8,ffff80001e845af4,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd806bc21700) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd806bc21700,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd8055137400,fffffd805e55d2b0,fffffd805e380070,ffff80001e845c38) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd8055137400,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd8055137400,fffffd805e55d2b0,fffffd805e380070) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd8055137400,fffffd80604c6600,fffffd805e55d2a0,0,0,fffffd805e55d230) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e55d230,fffffd8055137600,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
sosend(fffffd805e55e000,0,ffff80001e846008,0,0,0) at sosend+0x669 sys/kern/uipc_socket.c:549
dofilewritev(ffff80001d73a5f8,0,ffff80001e846008,0,ffff80001e8460f0) at dofilewritev+0x1ab sys/kern/sys_generic.c:365
sys_write(ffff80001d73a5f8,ffff80001e8460a8,ffff80001e8460f0) at sys_write+0x83 sys/kern/sys_generic.c:285
syscall(ffff80001e846170) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc21aa774610, count: -82
ddb> show registers
rdi 0xffffffff825c05f8 udbtable
rsi 0
rbp 0xffff80001e843060
rbx 0x81
rdx 0xffff80001e8430a0
rcx 0x81
rax 0
r8 0xffff80001e8430a8
r9 0x81
r10 0xffff8000009f9ec0
r11 0x9507fcc6c4c85607
r12 0x81
r13 0x81
r14 0
r15 0xffffffff
rip 0xffffffff81ed0409 in_pcbhash+0x29
cs 0x8
rflags 0x10286 __ALIGN_SIZE+0xf286
rsp 0xffff80001e842fc0
ss 0x10
in_pcbhash+0x29: movq %r8,0xffffffffffffff90(%rbp)
ddb> show proc
PROC (syz-executor.1) pid=314933 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=53, nice=20
forw=0xffffffffffffffff, list=0xffff80001d739008,0xffff80001d739768
process=0xffff8000ffffb208 user=0xffff80001e841000, vmspace=0xfffffd806bc09440
estcpu=12, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
67805 103663 0 0 3 0x14200 bored sosplice
33577 244970 37567 0 2 0 syz-executor.1
*33577 314933 37567 0 7 0x4000000 syz-executor.1
37567 343038 38133 0 3 0x82 nanosleep syz-executor.1
87359 230192 38133 0 3 0x82 nanosleep syz-executor.0
38133 271708 5988 0 3 0x82 thrsleep syz-fuzzer
38133 126035 5988 0 3 0x4000082 thrsleep syz-fuzzer
38133 118815 5988 0 3 0x4000082 thrsleep syz-fuzzer
38133 516895 5988 0 3 0x4000082 thrsleep syz-fuzzer
38133 57016 5988 0 3 0x4000082 kqread syz-fuzzer
38133 493382 5988 0 3 0x4000082 thrsleep syz-fuzzer
38133 186814 5988 0 3 0x4000082 thrsleep syz-fuzzer
5988 349015 93915 0 3 0x10008a pause ksh
93915 186280 57272 0 3 0x92 select sshd
37608 241891 1 0 3 0x100083 ttyin getty
57272 142847 1 0 3 0x80 select sshd
48023 259893 37044 73 3 0x100090 kqread syslogd
37044 481391 1 0 3 0x100082 netio syslogd
20550 507467 1 77 3 0x100090 poll dhclient
82261 162571 1 0 3 0x80 poll dhclient
88124 268982 0 0 3 0x14200 bored smr
30166 102047 0 0 2 0x14200 zerothread
19777 278459 0 0 3 0x14200 aiodoned aiodoned
95143 256154 0 0 3 0x14200 syncer update
75902 442794 0 0 3 0x14200 cleaner cleaner
99641 296278 0 0 3 0x14200 reaper reaper
359 188628 0 0 3 0x14200 pgdaemon pagedaemon
90876 415639 0 0 3 0x14200 bored crynlk
94985 192983 0 0 3 0x14200 bored crypto
20745 193649 0 0 3 0x40014200 acpi0 acpi0
29076 458295 0 0 3 0x14200 bored softnet
44037 505919 0 0 3 0x14200 bored systqmp
87647 1879 0 0 3 0x14200 bored systq
8042 351011 0 0 3 0x40014200 bored softclock
9637 168967 0 0 3 0x40014200 idle0
1 265838 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9477 6467K 6527K 78643K 10639 0
pcb 13 8K 8K 78643K 41 0
rtable 105 3K 3K 78643K 223 0
ifaddr 48 11K 12K 78643K 73 0
counters 21 16K 17K 78643K 26 0
ioctlops 0 0K 2K 78643K 23 0
iov 0 0K 12K 78643K 12 0
mount 1 1K 1K 78643K 1 0
vnodes 1218 77K 77K 78643K 1245 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 0K 0K 78643K 2 0
sem 9 0K 1K 78643K 13 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1794 195K 288K 78643K 12646 0
file desc 5 13K 25K 78643K 77 0
proc 49 38K 63K 78643K 362 0
subproc 32 2K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 10 0
in_multi 33 2K 2K 78643K 33 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 43 201K 201K 78643K 43 0
exec 0 0K 1K 78643K 193 0
pfkey data 0 0K 1K 78643K 2 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 93 21K 41K 78643K 1013 0
UVM aobj 4 2K 2K 78643K 4 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 14 0
NDP 7 0K 0K 78643K 16 0
temp 72 3032K 3096K 78643K 2639 0
kqueue 3 4K 4K 78643K 3 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 6 0 0 1 0 1 1 0 8 0
rtpcb 80 21 0 19 1 0 1 1 0 8 0
rtentry 112 45 0 1 2 0 2 2 0 8 0
unpcb 120 47 0 39 1 0 1 1 0 8 0
syncache 264 4 0 4 1 1 0 1 0 8 0
tcpqe 32 78 0 78 1 0 1 1 0 8 1
tcpcb 544 26 0 22 1 0 1 1 0 8 0
ipq 40 1 0 1 1 0 1 1 0 8 1
ipqe 40 3 0 3 1 0 1 1 0 8 1
inpcb 280 132 0 122 2 0 2 2 0 8 1
nd6 48 6 0 0 1 0 1 1 0 8 0
pkpcb 40 3 0 3 1 0 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 189 0 0 12 0 12 12 0 8 0
art_table 32 190 0 0 2 0 2 2 0 8 0
art_node 16 44 0 4 1 0 1 1 0 8 0
sysvmsgpl 40 1 0 1 1 0 1 1 0 8 1
semupl 112 1 0 1 1 0 1 1 0 8 1
semapl 112 9 0 2 1 0 1 1 0 8 0
shmpl 112 2 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1496 0 95 46 0 46 46 0 8 0
ffsino 240 1496 0 95 83 0 83 83 0 8 0
nchpl 144 1781 0 170 60 0 60 60 0 8 0
uvmvnodes 72 1551 0 0 29 0 29 29 0 8 0
vnodes 208 1551 0 0 82 0 82 82 0 8 0
namei 1024 4402 0 4402 1 0 1 1 0 8 1
vmpool 528 3 0 3 1 0 1 1 0 8 1
scxspl 192 5462 0 5462 1 0 1 1 0 8 1
plimitpl 152 15 0 8 1 0 1 1 0 8 0
sigapl 424 264 0 235 4 0 4 4 0 8 0
futexpl 56 1170 0 1170 1 0 1 1 0 8 1
knotepl 112 53 0 34 1 0 1 1 0 8 0
kqueuepl 144 6 0 2 1 0 1 1 0 8 0
pipelkpl 16 77 0 67 1 0 1 1 0 8 0
pipepl 120 154 0 135 1 0 1 1 0 8 0
fdescpl 432 249 0 235 2 0 2 2 0 8 0
filepl 120 1370 0 1270 4 0 4 4 0 8 0
lockfpl 104 19 0 18 1 0 1 1 0 8 0
lockfspl 48 8 0 7 1 0 1 1 0 8 0
sessionpl 112 17 0 7 1 0 1 1 0 8 0
pgrppl 48 17 0 7 1 0 1 1 0 8 0
ucredpl 96 157 0 149 1 0 1 1 0 8 0
zombiepl 144 235 0 234 1 0 1 1 0 8 0
processpl 920 264 0 234 4 0 4 4 0 8 0
procpl 624 326 0 289 4 0 4 4 0 8 1
sosppl 128 1 0 0 1 0 1 1 0 8 0
sockpl 400 203 0 183 3 0 3 3 0 8 0
mcl64k 65536 6 0 6 1 0 1 1 0 8 1
mcl8k 8192 2 0 2 1 0 1 1 0 8 1
mcl4k 4096 12 0 12 1 0 1 1 0 8 1
mcl2k2 2112 1 0 1 1 0 1 1 0 8 1
mcl2k 2048 62067 0 62022 16 3 13 13 0 8 7
mtagpl 80 3 0 2 2 1 1 1 0 8 0
mbufpl 256 98505 0 98420 11 1 10 10 0 8 0
bufpl 280 4250 0 161 293 0 293 293 0 8 0
anonpl 16 39473 0 25329 62 1 61 61 0 107 1
amapchunkpl 152 1606 0 1462 20 0 20 20 0 158 12
amappl16 192 1107 0 301 42 0 42 42 0 8 1
amappl15 184 2 0 1 1 0 1 1 0 8 0
amappl14 176 1 0 1 1 1 0 1 0 8 0
amappl13 168 24 0 23 1 0 1 1 0 8 0
amappl12 160 14 0 10 1 0 1 1 0 8 0
amappl11 152 91 0 75 1 0 1 1 0 8 0
amappl10 144 35 0 31 1 0 1 1 0 8 0
amappl9 136 379 0 376 1 0 1 1 0 8 0
amappl8 128 263 0 249 1 0 1 1 0 8 0
amappl7 120 128 0 117 1 0 1 1 0 8 0
amappl6 112 43 0 37 1 0 1 1 0 8 0
amappl5 104 182 0 170 1 0 1 1 0 8 0
amappl4 96 434 0 404 1 0 1 1 0 8 0
amappl3 88 104 0 98 1 0 1 1 0 8 0
amappl2 80 1191 0 1128 3 1 2 3 0 8 0
amappl1 72 14144 0 13728 26 10 16 20 0 8 6
amappl 80 570 0 527 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 3 0 0 1 0 1 1 0 8 0
uaddrrnd 24 252 0 238 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 252 0 238 1 0 1 1 0 8 0
vmmpekpl 168 5841 0 5815 2 0 2 2 0 8 0
vmmpepl 168 37180 0 35322 138 5 133 133 0 357 52
vmsppl 272 251 0 238 2 0 2 2 0 8 1
pdppl 4096 510 0 476 6 0 6 6 0 8 1
pvpl 32 132838 0 115743 149 0 149 149 0 265 5
pmappl 200 251 0 238 1 0 1 1 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 148 0 6 5 0 5 5 0 8 0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 14, 2020, 9:37:16 AM4/14/20
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 25b10e59 sync
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=147b6fe7e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a43ace...@syzkaller.appspotmail.com
kernel: double fault trap, code=0
Stopped at SipHash_Update+0x30: callq __sanitizer_cov_trace_pc+0x4
in_pcbhash(ffffffff825c05f8,0,ffff80001d80b150,81,ffff80001d80b158,81) at in_pcbhash+0x87 sys/netinet/in_pcb.c:147
in_pcbhashlookup(ffffffff825c05f8,ffffffff,81,ffffffff,81,0) at in_pcbhashlookup+0x7f
udp_input(ffff80001d80b488,ffff80001d80b494,11,2) at udp_input+0xcfd sys/netinet/udp_usrreq.c:489
ip_deliver(ffff80001d80b488,ffff80001d80b494,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d80b488,ffff80001d80b494,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d80b488,ffff80001d80b494,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805c989d00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805c989d00,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805c989c00,fffffd805e5623c8,fffffd805e4c9310,ffff80001d80b5d8) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805c989c00,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805c989c00,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805c989c00,fffffd805c989200,fffffd805e5623b8,0,0,fffffd805e562348) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e562348,fffffd805c989c00,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805daf6648,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805daf6648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e562348,fffffd805c989c00,fffffd805c989ce0,0,18,fffffd805c989cf8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d80bc58,ffff80001d80bc64,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d80bc58,ffff80001d80bc64,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d80bc58,ffff80001d80bc64,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d80bc58,ffff80001d80bc64,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805c989c00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805c989c00,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805c989b00,fffffd805e5623c8,fffffd805e4c9310,ffff80001d80bda8) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805c989b00,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805c989b00,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805c989b00,fffffd805c989200,fffffd805e5623b8,0,0,fffffd805e562348) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e562348,fffffd805c989b00,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805daf6648,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805daf6648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e562348,fffffd805c989b00,fffffd805c989be0,0,18,fffffd805c989bf8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d80c428,ffff80001d80c434,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d80c428,ffff80001d80c434,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d80c428,ffff80001d80c434,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d80c428,ffff80001d80c434,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805c989b00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805c989b00,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805c989900,fffffd805e5623c8,fffffd805e4c9310,ffff80001d80c578) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805c989900,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805c989900,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805c989900,fffffd805c989200,fffffd805e5623b8,0,0,fffffd805e562348) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e562348,fffffd805c989900,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805daf6648,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805daf6648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e562348,fffffd805c989900,fffffd805c9899e0,0,18,fffffd805c9899f8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d80cbf8,ffff80001d80cc04,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d80cbf8,ffff80001d80cc04,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d80cbf8,ffff80001d80cc04,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d80cbf8,ffff80001d80cc04,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805c989900) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805c989900,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805c989500,fffffd805e5623c8,fffffd805e4c9310,ffff80001d80cd48) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805c989500,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805c989500,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805c989500,fffffd805c989200,fffffd805e5623b8,0,0,fffffd805e562348) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e562348,fffffd805c989500,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805daf6648,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805daf6648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e562348,fffffd805c989500,fffffd805c9895e0,0,18,fffffd805c9895f8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d80d3c8,ffff80001d80d3d4,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d80d3c8,ffff80001d80d3d4,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d80d3c8,ffff80001d80d3d4,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d80d3c8,ffff80001d80d3d4,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805c989500) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805c989500,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805c989300,fffffd805e5623c8,fffffd805e4c9310,ffff80001d80d518) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805c989300,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805c989300,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805c989300,fffffd805c989200,fffffd805e5623b8,0,0,fffffd805e562348) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e562348,fffffd805c989300,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805daf6648,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805daf6648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e562348,fffffd805c989300,fffffd805c9893e0,0,18,fffffd805c9893f8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d80db98,ffff80001d80dba4,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d80db98,ffff80001d80dba4,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d80db98,ffff80001d80dba4,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d80db98,ffff80001d80dba4,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805c989300) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805c989300,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805c989100,fffffd805e5623c8,fffffd805e4c9310,ffff80001d80dce8) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805c989100,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805c989100,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805c989100,fffffd805c989200,fffffd805e5623b8,0,0,fffffd805e562348) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e562348,fffffd805c989100,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
sosend(fffffd805daf6648,0,ffff80001d80e0b8,0,0,0) at sosend+0x669 sys/kern/uipc_socket.c:549
dofilewritev(ffff80001d739008,0,ffff80001d80e0b8,0,ffff80001d80e1a0) at dofilewritev+0x1ab sys/kern/sys_generic.c:365
sys_write(ffff80001d739008,ffff80001d80e158,ffff80001d80e1a0) at sys_write+0x83 sys/kern/sys_generic.c:285
syscall(ffff80001d80e220) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
ddb> show registers
rdi 0xffff80001d80b070
rsi 0x2
rbp 0xffff80001d80b060
rbx 0x2
rdx 0x4
rcx 0xffff80001d80b0a8
rax 0x55ac69dc2f8b5092
r8 0x4
r9 0x81
r10 0x73558294614612dc
r11 0x1108ad10ed52178e
r12 0xffff80001d80b070
r13 0xffff80001d80b150
r14 0x4
r15 0xffff80001d80b0a8
rip 0xffffffff81b873a0 SipHash_Update+0x30
ss 0x10
SipHash_Update+0x30: callq __sanitizer_cov_trace_pc+0x4
ddb> show proc
PROC (syz-executor.0) pid=235344 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff80001d739c38,0xffff80001d7394f8
process=0xffff8000ffffb5a0 user=0xffff80001d809000, vmspace=0xfffffd806bc09aa0
estcpu=36, cpticks=0, pctcpu=0.0
869 510586 55363 0 2 0 syz-executor.0
* 869 235344 55363 0 7 0x4000000 syz-executor.0
55363 299181 59749 0 3 0x82 nanosleep syz-executor.0
59749 395408 38991 0 3 0x82 thrsleep syz-execprog
59749 32249 38991 0 3 0x4000082 thrsleep syz-execprog
59749 252756 38991 0 3 0x4000082 thrsleep syz-execprog
59749 325332 38991 0 3 0x4000082 thrsleep syz-execprog
59749 359734 38991 0 3 0x4000082 kqread syz-execprog
59749 206258 38991 0 3 0x4000082 thrsleep syz-execprog
59749 44951 38991 0 3 0x4000082 thrsleep syz-execprog
38991 359587 27201 0 3 0x10008a pause ksh
27201 49539 13388 0 3 0x92 select sshd
88650 413133 1 0 3 0x100083 ttyin getty
13388 8928 1 0 3 0x80 select sshd
78700 153418 79703 73 3 0x100090 kqread syslogd
79703 116968 1 0 3 0x100082 netio syslogd
88640 229630 1 77 3 0x100090 poll dhclient
21373 491875 1 0 3 0x80 poll dhclient
99822 137760 0 0 3 0x14200 bored smr
40289 35243 0 0 2 0x14200 zerothread
70824 417265 0 0 3 0x14200 aiodoned aiodoned
27090 232127 0 0 3 0x14200 syncer update
40936 519494 0 0 3 0x14200 cleaner cleaner
97433 201777 0 0 3 0x14200 reaper reaper
57953 455254 0 0 3 0x14200 pgdaemon pagedaemon
26388 66274 0 0 3 0x14200 bored crynlk
68959 74606 0 0 3 0x14200 bored crypto
42200 227137 0 0 3 0x40014200 acpi0 acpi0
3974 231372 0 0 3 0x14200 bored softnet
99884 257993 0 0 3 0x14200 bored systqmp
5120 414195 0 0 3 0x14200 bored systq
93793 516272 0 0 3 0x40014200 bored softclock
53798 196039 0 0 3 0x40014200 idle0
1 275715 0 0 3 0x82 wait init
pcb 13 8K 8K 78643K 13 0
rtable 83 2K 2K 78643K 153 0
ifaddr 32 8K 8K 78643K 32 0
counters 20 16K 16K 78643K 20 0
ioctlops 0 0K 2K 78643K 14 0
proc 47 38K 54K 78643K 318 0
exec 0 0K 1K 78643K 171 0
UVM aobj 2 2K 2K 78643K 2 0
temp 23 3029K 3093K 78643K 1663 0
rtpcb 80 17 0 15 1 0 1 1 0 8 0
rtentry 112 34 0 1 1 0 1 1 0 8 0
unpcb 120 27 0 19 1 0 1 1 0 8 0
syncache 264 5 0 5 1 0 1 1 0 8 1
tcpcb 544 8 0 5 1 0 1 1 0 8 0
inpcb 280 28 0 21 1 0 1 1 0 8 0
nd6 48 3 0 0 1 0 1 1 0 8 0
art_table 32 145 0 0 2 0 2 2 0 8 0
art_node 16 33 0 3 1 0 1 1 0 8 0
ffsino 240 1414 0 19 83 0 83 83 0 8 0
nchpl 144 1639 0 35 60 0 60 60 0 8 0
uvmvnodes 72 1423 0 0 26 0 26 26 0 8 0
vnodes 208 1423 0 0 75 0 75 75 0 8 0
namei 1024 3831 0 3831 1 0 1 1 0 8 1
scxspl 192 4341 0 4341 1 0 1 1 0 8 1
plimitpl 152 14 0 8 1 0 1 1 0 8 0
sigapl 424 213 0 185 4 0 4 4 0 8 0
futexpl 56 16 0 16 1 0 1 1 0 8 1
knotepl 112 39 0 28 1 0 1 1 0 8 0
kqueuepl 144 4 0 0 1 0 1 1 0 8 0
pipelkpl 16 67 0 60 1 0 1 1 0 8 0
pipepl 120 134 0 121 1 0 1 1 0 8 0
fdescpl 432 198 0 185 2 0 2 2 0 8 0
filepl 120 966 0 910 2 0 2 2 0 8 0
lockfpl 104 5 0 4 1 0 1 1 0 8 0
lockfspl 48 3 0 2 1 0 1 1 0 8 0
sessionpl 112 18 0 9 1 0 1 1 0 8 0
pgrppl 48 18 0 9 1 0 1 1 0 8 0
ucredpl 96 47 0 40 1 0 1 1 0 8 0
zombiepl 144 185 0 185 1 0 1 1 0 8 1
processpl 920 213 0 185 4 0 4 4 0 8 0
procpl 624 220 0 185 3 0 3 3 0 8 0
mcl4k 4096 10 0 10 1 0 1 1 0 8 1
mcl2k 2048 5507 0 5479 6 2 4 6 0 8 0
mtagpl 80 2 0 2 1 1 0 1 0 8 0
mbufpl 256 9592 0 9513 6 1 5 5 0 8 0
bufpl 280 3648 0 160 250 0 250 250 0 8 0
anonpl 16 20277 0 18806 15 2 13 13 0 107 7
amapchunkpl 152 776 0 712 5 0 5 5 0 158 1
amappl16 192 118 0 92 2 0 2 2 0 8 0
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 2 0 1 2 1 1 1 0 8 0
amappl13 168 20 0 17 1 0 1 1 0 8 0
amappl12 160 7 0 5 1 0 1 1 0 8 0
amappl11 152 61 0 49 1 0 1 1 0 8 0
amappl10 144 22 0 14 1 0 1 1 0 8 0
amappl9 136 225 0 223 1 0 1 1 0 8 0
amappl8 128 231 0 224 1 0 1 1 0 8 0
amappl7 120 102 0 92 1 0 1 1 0 8 0
amappl6 112 24 0 21 1 0 1 1 0 8 0
amappl5 104 132 0 123 1 0 1 1 0 8 0
amappl4 96 444 0 419 1 0 1 1 0 8 0
amappl3 88 113 0 107 1 0 1 1 0 8 0
amappl2 80 838 0 776 3 0 3 3 0 8 1
amappl1 72 13645 0 13244 27 10 17 20 0 8 8
amappl 80 420 0 393 1 0 1 1 0 84 0
uaddrrnd 24 198 0 185 1 0 1 1 0 8 0
vmmpekpl 168 6011 0 5992 2 0 2 2 0 8 1
vmmpepl 168 29068 0 28179 84 8 76 76 0 357 37
vmsppl 272 197 0 185 1 0 1 1 0 8 0
pdppl 4096 402 0 370 5 0 5 5 0 8 0
pvpl 32 103333 0 99575 113 0 113 113 0 265 81
pmappl 200 197 0 185 1 0 1 1 0 8 0
ddb>
HEAD commit: 25b10e59 sync
git tree: openbsd
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=a43ace363f1b663238f8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17520e8be00000
dashboard link: https://syzkaller.appspot.com/bug?extid=a43ace363f1b663238f8
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a43ace...@syzkaller.appspotmail.com
kernel: double fault trap, code=0
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
SipHash_Update(ffff80001d80b070,2,4,ffff80001d80b0a8,4) at SipHash_Update+0x30 sys/crypto/siphash.c:73
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
in_pcbhash(ffffffff825c05f8,0,ffff80001d80b150,81,ffff80001d80b158,81) at in_pcbhash+0x87 sys/netinet/in_pcb.c:147
in_pcbhashlookup(ffffffff825c05f8,ffffffff,81,ffffffff,81,0) at in_pcbhashlookup+0x7f
udp_input(ffff80001d80b488,ffff80001d80b494,11,2) at udp_input+0xcfd sys/netinet/udp_usrreq.c:489
ip_deliver(ffff80001d80b488,ffff80001d80b494,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d80b488,ffff80001d80b494,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d80b488,ffff80001d80b494,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805c989d00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805c989d00,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805c989c00,fffffd805e5623c8,fffffd805e4c9310,ffff80001d80b5d8) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805c989c00,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805c989c00,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805c989c00,fffffd805c989200,fffffd805e5623b8,0,0,fffffd805e562348) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e562348,fffffd805c989c00,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805daf6648,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805daf6648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e562348,fffffd805c989c00,fffffd805c989ce0,0,18,fffffd805c989cf8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d80bc58,ffff80001d80bc64,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d80bc58,ffff80001d80bc64,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d80bc58,ffff80001d80bc64,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d80bc58,ffff80001d80bc64,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805c989c00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805c989c00,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805c989b00,fffffd805e5623c8,fffffd805e4c9310,ffff80001d80bda8) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805c989b00,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805c989b00,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805c989b00,fffffd805c989200,fffffd805e5623b8,0,0,fffffd805e562348) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e562348,fffffd805c989b00,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805daf6648,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805daf6648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e562348,fffffd805c989b00,fffffd805c989be0,0,18,fffffd805c989bf8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d80c428,ffff80001d80c434,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d80c428,ffff80001d80c434,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d80c428,ffff80001d80c434,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d80c428,ffff80001d80c434,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805c989b00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805c989b00,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805c989900,fffffd805e5623c8,fffffd805e4c9310,ffff80001d80c578) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805c989900,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805c989900,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805c989900,fffffd805c989200,fffffd805e5623b8,0,0,fffffd805e562348) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e562348,fffffd805c989900,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805daf6648,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805daf6648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e562348,fffffd805c989900,fffffd805c9899e0,0,18,fffffd805c9899f8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d80cbf8,ffff80001d80cc04,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d80cbf8,ffff80001d80cc04,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d80cbf8,ffff80001d80cc04,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d80cbf8,ffff80001d80cc04,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805c989900) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805c989900,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805c989500,fffffd805e5623c8,fffffd805e4c9310,ffff80001d80cd48) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805c989500,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805c989500,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805c989500,fffffd805c989200,fffffd805e5623b8,0,0,fffffd805e562348) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e562348,fffffd805c989500,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805daf6648,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805daf6648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e562348,fffffd805c989500,fffffd805c9895e0,0,18,fffffd805c9895f8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d80d3c8,ffff80001d80d3d4,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d80d3c8,ffff80001d80d3d4,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d80d3c8,ffff80001d80d3d4,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d80d3c8,ffff80001d80d3d4,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805c989500) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805c989500,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805c989300,fffffd805e5623c8,fffffd805e4c9310,ffff80001d80d518) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805c989300,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805c989300,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805c989300,fffffd805c989200,fffffd805e5623b8,0,0,fffffd805e562348) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e562348,fffffd805c989300,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805daf6648,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805daf6648) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e562348,fffffd805c989300,fffffd805c9893e0,0,18,fffffd805c9893f8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d80db98,ffff80001d80dba4,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d80db98,ffff80001d80dba4,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d80db98,ffff80001d80dba4,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d80db98,ffff80001d80dba4,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805c989300) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805c989300,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805c989100,fffffd805e5623c8,fffffd805e4c9310,ffff80001d80dce8) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805c989100,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805c989100,fffffd805e5623c8,fffffd805e4c9310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805c989100,fffffd805c989200,fffffd805e5623b8,0,0,fffffd805e562348) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e562348,fffffd805c989100,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
sosend(fffffd805daf6648,0,ffff80001d80e0b8,0,0,0) at sosend+0x669 sys/kern/uipc_socket.c:549
dofilewritev(ffff80001d739008,0,ffff80001d80e0b8,0,ffff80001d80e1a0) at dofilewritev+0x1ab sys/kern/sys_generic.c:365
sys_write(ffff80001d739008,ffff80001d80e158,ffff80001d80e1a0) at sys_write+0x83 sys/kern/sys_generic.c:285
syscall(ffff80001d80e220) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xc1ec2d6b8e0, count: -83
end of kernel
ddb> show registers
rdi 0xffff80001d80b070
rsi 0x2
rbp 0xffff80001d80b060
rbx 0x2
rdx 0x4
rcx 0xffff80001d80b0a8
rax 0x55ac69dc2f8b5092
r8 0x4
r9 0x81
r10 0x73558294614612dc
r11 0x1108ad10ed52178e
r12 0xffff80001d80b070
r13 0xffff80001d80b150
r14 0x4
r15 0xffff80001d80b0a8
rip 0xffffffff81b873a0 SipHash_Update+0x30
cs 0x8
rflags 0x10286 __ALIGN_SIZE+0xf286
rsp 0xffff80001d80afc0
rflags 0x10286 __ALIGN_SIZE+0xf286
ss 0x10
SipHash_Update+0x30: callq __sanitizer_cov_trace_pc+0x4
ddb> show proc
PROC (syz-executor.0) pid=235344 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff80001d739c38,0xffff80001d7394f8
process=0xffff8000ffffb5a0 user=0xffff80001d809000, vmspace=0xfffffd806bc09aa0
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
87944 350904 0 0 3 0x14200 bored sosplice
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
869 510586 55363 0 2 0 syz-executor.0
* 869 235344 55363 0 7 0x4000000 syz-executor.0
55363 299181 59749 0 3 0x82 nanosleep syz-executor.0
59749 395408 38991 0 3 0x82 thrsleep syz-execprog
59749 32249 38991 0 3 0x4000082 thrsleep syz-execprog
59749 252756 38991 0 3 0x4000082 thrsleep syz-execprog
59749 325332 38991 0 3 0x4000082 thrsleep syz-execprog
59749 359734 38991 0 3 0x4000082 kqread syz-execprog
59749 206258 38991 0 3 0x4000082 thrsleep syz-execprog
59749 44951 38991 0 3 0x4000082 thrsleep syz-execprog
38991 359587 27201 0 3 0x10008a pause ksh
27201 49539 13388 0 3 0x92 select sshd
88650 413133 1 0 3 0x100083 ttyin getty
13388 8928 1 0 3 0x80 select sshd
78700 153418 79703 73 3 0x100090 kqread syslogd
79703 116968 1 0 3 0x100082 netio syslogd
88640 229630 1 77 3 0x100090 poll dhclient
21373 491875 1 0 3 0x80 poll dhclient
99822 137760 0 0 3 0x14200 bored smr
40289 35243 0 0 2 0x14200 zerothread
70824 417265 0 0 3 0x14200 aiodoned aiodoned
27090 232127 0 0 3 0x14200 syncer update
40936 519494 0 0 3 0x14200 cleaner cleaner
97433 201777 0 0 3 0x14200 reaper reaper
57953 455254 0 0 3 0x14200 pgdaemon pagedaemon
26388 66274 0 0 3 0x14200 bored crynlk
68959 74606 0 0 3 0x14200 bored crypto
42200 227137 0 0 3 0x40014200 acpi0 acpi0
3974 231372 0 0 3 0x14200 bored softnet
99884 257993 0 0 3 0x14200 bored systqmp
5120 414195 0 0 3 0x14200 bored systq
93793 516272 0 0 3 0x40014200 bored softclock
53798 196039 0 0 3 0x40014200 idle0
1 275715 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9444 6321K 6321K 78643K 10541 0
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
pcb 13 8K 8K 78643K 13 0
rtable 83 2K 2K 78643K 153 0
ifaddr 32 8K 8K 78643K 32 0
counters 20 16K 16K 78643K 20 0
ioctlops 0 0K 2K 78643K 14 0
mount 1 1K 1K 78643K 1 0
vnodes 1182 74K 74K 78643K 1187 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 0K 0K 78643K 2 0
sem 2 0K 0K 78643K 2 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1794 195K 288K 78643K 12646 0
file desc 3 8K 12K 78643K 18 0
ACPI 1794 195K 288K 78643K 12646 0
proc 47 38K 54K 78643K 318 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 22 1K 1K 78643K 22 0
NFS daemon 1 16K 16K 78643K 1 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 19 95K 95K 78643K 19 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
exec 0 0K 1K 78643K 171 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 70 11K 12K 78643K 838 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM aobj 2 2K 2K 78643K 2 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 6 0K 0K 78643K 6 0
crypto data 1 1K 1K 78643K 1 0
temp 23 3029K 3093K 78643K 1663 0
kqueue 3 4K 4K 78643K 3 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 4 0 0 1 0 1 1 0 8 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 80 17 0 15 1 0 1 1 0 8 0
rtentry 112 34 0 1 1 0 1 1 0 8 0
unpcb 120 27 0 19 1 0 1 1 0 8 0
syncache 264 5 0 5 1 0 1 1 0 8 1
tcpcb 544 8 0 5 1 0 1 1 0 8 0
inpcb 280 28 0 21 1 0 1 1 0 8 0
nd6 48 3 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 144 0 0 9 0 9 9 0 8 0
art_table 32 145 0 0 2 0 2 2 0 8 0
art_node 16 33 0 3 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1414 0 19 45 0 45 45 0 8 0
ffsino 240 1414 0 19 83 0 83 83 0 8 0
nchpl 144 1639 0 35 60 0 60 60 0 8 0
uvmvnodes 72 1423 0 0 26 0 26 26 0 8 0
vnodes 208 1423 0 0 75 0 75 75 0 8 0
namei 1024 3831 0 3831 1 0 1 1 0 8 1
scxspl 192 4341 0 4341 1 0 1 1 0 8 1
plimitpl 152 14 0 8 1 0 1 1 0 8 0
sigapl 424 213 0 185 4 0 4 4 0 8 0
futexpl 56 16 0 16 1 0 1 1 0 8 1
knotepl 112 39 0 28 1 0 1 1 0 8 0
kqueuepl 144 4 0 0 1 0 1 1 0 8 0
pipelkpl 16 67 0 60 1 0 1 1 0 8 0
pipepl 120 134 0 121 1 0 1 1 0 8 0
fdescpl 432 198 0 185 2 0 2 2 0 8 0
filepl 120 966 0 910 2 0 2 2 0 8 0
lockfpl 104 5 0 4 1 0 1 1 0 8 0
lockfspl 48 3 0 2 1 0 1 1 0 8 0
sessionpl 112 18 0 9 1 0 1 1 0 8 0
pgrppl 48 18 0 9 1 0 1 1 0 8 0
ucredpl 96 47 0 40 1 0 1 1 0 8 0
zombiepl 144 185 0 185 1 0 1 1 0 8 1
processpl 920 213 0 185 4 0 4 4 0 8 0
procpl 624 220 0 185 3 0 3 3 0 8 0
sosppl 128 1 0 0 1 0 1 1 0 8 0
sockpl 400 72 0 55 2 0 2 2 0 8 0
mcl4k 4096 10 0 10 1 0 1 1 0 8 1
mcl2k 2048 5507 0 5479 6 2 4 6 0 8 0
mtagpl 80 2 0 2 1 1 0 1 0 8 0
mbufpl 256 9592 0 9513 6 1 5 5 0 8 0
bufpl 280 3648 0 160 250 0 250 250 0 8 0
anonpl 16 20277 0 18806 15 2 13 13 0 107 7
amapchunkpl 152 776 0 712 5 0 5 5 0 158 1
amappl16 192 118 0 92 2 0 2 2 0 8 0
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 2 0 1 2 1 1 1 0 8 0
amappl13 168 20 0 17 1 0 1 1 0 8 0
amappl12 160 7 0 5 1 0 1 1 0 8 0
amappl11 152 61 0 49 1 0 1 1 0 8 0
amappl10 144 22 0 14 1 0 1 1 0 8 0
amappl9 136 225 0 223 1 0 1 1 0 8 0
amappl8 128 231 0 224 1 0 1 1 0 8 0
amappl7 120 102 0 92 1 0 1 1 0 8 0
amappl6 112 24 0 21 1 0 1 1 0 8 0
amappl5 104 132 0 123 1 0 1 1 0 8 0
amappl4 96 444 0 419 1 0 1 1 0 8 0
amappl3 88 113 0 107 1 0 1 1 0 8 0
amappl2 80 838 0 776 3 0 3 3 0 8 1
amappl1 72 13645 0 13244 27 10 17 20 0 8 8
amappl 80 420 0 393 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
uaddrrnd 24 198 0 185 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 198 0 185 1 0 1 1 0 8 0
vmmpekpl 168 6011 0 5992 2 0 2 2 0 8 1
vmmpepl 168 29068 0 28179 84 8 76 76 0 357 37
vmsppl 272 197 0 185 1 0 1 1 0 8 0
pdppl 4096 402 0 370 5 0 5 5 0 8 0
pvpl 32 103333 0 99575 113 0 113 113 0 265 81
pmappl 200 197 0 185 1 0 1 1 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 124 0 5 4 0 4 4 0 8 0
ddb>
syzbot
Apr 15, 2020, 8:20:13 PM4/15/20
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 20c8eb7c Add bse(4) device to unbreak build.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=155c3bd0100000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=149250bfe00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a43ace...@syzkaller.appspotmail.com
login: kernel: double fault trap, code=0
Stopped at pool_get+0x26: callq __sanitizer_cov_trace_pc+0x4
m_copym(fffffd806bc22c00,0,3b9aca00,2) at m_copym+0x174 m_get sys/kern/uipc_mbuf.c:250 [inline]
m_copym(fffffd806bc22c00,0,3b9aca00,2) at m_copym+0x174 sys/kern/uipc_mbuf.c:667
ether_resolve(ffff80000017a2a8,fffffd806bc22c00,fffffd805e561080,fffffd805e542310,ffff80001d7c11e8) at ether_resolve+0x49f sys/net/if_ethersubr.c:227
ether_output(ffff80000017a2a8,fffffd806bc22c00,fffffd805e561080,fffffd805e542310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd806bc22c00,fffffd805e561080,fffffd805e542310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd806bc22c00,fffffd805e4faa00,fffffd805e561070,0,0,fffffd805e561000) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e561000,fffffd806bc22c00,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805dafb7d8,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805dafb7d8) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e561000,fffffd806bc22c00,fffffd806bc22ce0,0,18,fffffd806bc22cf8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d7c1868,ffff80001d7c1874,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d7c1868,ffff80001d7c1874,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d7c1868,ffff80001d7c1874,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d7c1868,ffff80001d7c1874,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd806bc22c00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd806bc22c00,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd806bc22a00,fffffd805e561080,fffffd805e542310,ffff80001d7c19b8) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd806bc22a00,fffffd805e561080,fffffd805e542310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd806bc22a00,fffffd805e561080,fffffd805e542310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd806bc22a00,fffffd805e4faa00,fffffd805e561070,0,0,fffffd805e561000) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e561000,fffffd806bc22a00,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805dafb7d8,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805dafb7d8) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e561000,fffffd806bc22a00,fffffd806bc22ae0,0,18,fffffd806bc22af8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d7c2038,ffff80001d7c2044,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d7c2038,ffff80001d7c2044,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d7c2038,ffff80001d7c2044,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d7c2038,ffff80001d7c2044,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd806bc22a00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd806bc22a00,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805e2f0700,fffffd805e561080,fffffd805e542310,ffff80001d7c2188) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805e2f0700,fffffd805e561080,fffffd805e542310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805e2f0700,fffffd805e561080,fffffd805e542310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805e2f0700,fffffd805e4faa00,fffffd805e561070,0,0,fffffd805e561000) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e561000,fffffd805e2f0700,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805dafb7d8,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805dafb7d8) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e561000,fffffd805e2f0700,fffffd805e2f07e0,0,18,fffffd805e2f07f8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d7c2808,ffff80001d7c2814,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d7c2808,ffff80001d7c2814,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d7c2808,ffff80001d7c2814,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d7c2808,ffff80001d7c2814,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805e2f0700) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805e2f0700,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805e4fa900,fffffd805e561080,fffffd805e542310,ffff80001d7c2958) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805e4fa900,fffffd805e561080,fffffd805e542310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805e4fa900,fffffd805e561080,fffffd805e542310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805e4fa900,fffffd805e4faa00,fffffd805e561070,0,0,fffffd805e561000) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e561000,fffffd805e4fa900,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805dafb7d8,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805dafb7d8) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e561000,fffffd805e4fa900,fffffd805e4fa9e0,0,18,fffffd805e4fa9f8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d7c2fd8,ffff80001d7c2fe4,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d7c2fd8,ffff80001d7c2fe4,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d7c2fd8,ffff80001d7c2fe4,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d7c2fd8,ffff80001d7c2fe4,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805e4fa900) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805e4fa900,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805e390d00,fffffd805e561080,fffffd805e542310,ffff80001d7c3128) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805e390d00,fffffd805e561080,fffffd805e542310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805e390d00,fffffd805e561080,fffffd805e542310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805e390d00,fffffd805e4faa00,fffffd805e561070,0,0,fffffd805e561000) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e561000,fffffd805e390d00,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805dafb7d8,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805dafb7d8) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e561000,fffffd805e390d00,fffffd805e390de0,0,18,fffffd805e390df8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d7c37a8,ffff80001d7c37b4,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d7c37a8,ffff80001d7c37b4,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d7c37a8,ffff80001d7c37b4,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d7c37a8,ffff80001d7c37b4,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805e390d00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805e390d00,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805e390c00,fffffd805e561080,fffffd805e542310,ffff80001d7c38f8) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805e390c00,fffffd805e561080,fffffd805e542310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805e390c00,fffffd805e561080,fffffd805e542310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805e390c00,fffffd805e4faa00,fffffd805e561070,0,0,fffffd805e561000) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e561000,fffffd805e390c00,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805dafb7d8,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805dafb7d8) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e561000,fffffd805e390c00,fffffd805e390ce0,0,18,fffffd805e390cf8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d7c3f78,ffff80001d7c3f84,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d7c3f78,ffff80001d7c3f84,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d7c3f78,ffff80001d7c3f84,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d7c3f78,ffff80001d7c3f84,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805e390c00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805e390c00,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805e390600,fffffd805e561080,fffffd805e542310,ffff80001d7c40c8) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805e390600,fffffd805e561080,fffffd805e542310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805e390600,fffffd805e561080,fffffd805e542310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805e390600,fffffd805e4faa00,fffffd805e561070,0,0,fffffd805e561000) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e561000,fffffd805e390600,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805dafb7d8,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805dafb7d8) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
sorflush(fffffd805dafb7d8) at sorflush+0x69 sys/kern/uipc_socket.c:1122
soshutdown(fffffd805dafb7d8,2) at soshutdown+0x7b sys/kern/uipc_socket.c:1097
sys_shutdown(ffff80001d7a74f0,ffff80001d7c4678,ffff80001d7c46c0) at sys_shutdown+0x63 sys/kern/uipc_syscalls.c:913
syscall(ffff80001d7c4740) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
ddb> show registers
rdi 0xffffffff8259ed90 mbpool
rsi 0x2
rbp 0xffff80001d7c1090
rbx 0x2
rdx 0x3b9aca00
rcx 0x2
rax 0
r8 0xffff80001d7c11e8
r9 0x1
r10 0xd03d3e2678cc3c3d
r11 0x21bcb9d3b2c6ca2d
r12 0x1
r13 0
r14 0xffffffff8259ed90 mbpool
r15 0x2
rip 0xffffffff81be24b6 pool_get+0x26
ss 0x10
pool_get+0x26: callq __sanitizer_cov_trace_pc+0x4
ddb> show proc
PROC (syz-executor4063) pid=10593 stat=onproc
flags process=2<EXEC,8ORPHAN> proc=0
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff80001d7a79d0,0xffff80001d7a7290
process=0xffff8000ffff83b0 user=0xffff80001d7bf000, vmspace=0xfffffd806bc0a880
estcpu=0, cpticks=0, pctcpu=0.0
*98885 10593 41012 0 7 0x2 syz-executor4063
41012 395185 76824 0 3 0x10008a pause ksh
76824 186071 48787 0 3 0x92 select sshd
18842 121248 1 0 3 0x100083 ttyin getty
48787 491985 1 0 3 0x80 select sshd
26628 487399 54106 73 3 0x100090 kqread syslogd
54106 374205 1 0 3 0x100082 netio syslogd
84179 434613 1 77 3 0x100090 poll dhclient
19568 205371 1 0 3 0x80 poll dhclient
80036 178254 0 0 3 0x14200 bored smr
79528 166973 0 0 2 0x14200 zerothread
97735 9675 0 0 3 0x14200 aiodoned aiodoned
39757 231287 0 0 3 0x14200 syncer update
66587 150793 0 0 3 0x14200 cleaner cleaner
21148 312412 0 0 3 0x14200 reaper reaper
24489 152249 0 0 3 0x14200 pgdaemon pagedaemon
45427 452143 0 0 3 0x14200 bored crynlk
69863 516110 0 0 3 0x14200 bored crypto
2730 143834 0 0 3 0x40014200 acpi0 acpi0
43809 309895 0 0 3 0x14200 bored softnet
38612 231265 0 0 3 0x14200 bored systqmp
40109 196140 0 0 3 0x14200 bored systq
57716 210237 0 0 3 0x40014200 bored softclock
42149 81211 0 0 3 0x40014200 idle0
1 123040 0 0 3 0x82 wait init
pcb 13 8K 8K 78643K 13 0
rtable 61 1K 2K 78643K 118 0
ifaddr 24 7K 7K 78643K 24 0
counters 19 16K 16K 78643K 19 0
ioctlops 0 0K 2K 78643K 13 0
proc 47 38K 46K 78643K 278 0
exec 0 0K 1K 78643K 151 0
UVM aobj 2 2K 2K 78643K 2 0
temp 18 3029K 3093K 78643K 1417 0
kqueue 2 2K 2K 78643K 2 0
rtpcb 80 15 0 13 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
ffsino 240 1391 0 15 81 0 81 81 0 8 0
nchpl 144 1566 0 31 57 0 57 57 0 8 0
uvmvnodes 72 1400 0 0 26 0 26 26 0 8 0
vnodes 208 1400 0 0 74 0 74 74 0 8 0
namei 1024 3447 0 3447 1 0 1 1 0 8 1
scxspl 192 2585 0 2585 1 0 1 1 0 8 1
plimitpl 152 13 0 8 1 0 1 1 0 8 0
sigapl 424 192 0 166 4 0 4 4 0 8 0
knotepl 112 5 0 0 1 0 1 1 0 8 0
kqueuepl 144 3 0 0 1 0 1 1 0 8 0
pipelkpl 16 57 0 53 1 0 1 1 0 8 0
pipepl 120 114 0 107 1 0 1 1 0 8 0
fdescpl 432 177 0 166 2 0 2 2 0 8 0
filepl 120 827 0 781 2 0 2 2 0 8 0
lockfpl 104 5 0 4 1 0 1 1 0 8 0
lockfspl 48 3 0 2 1 0 1 1 0 8 0
sessionpl 112 17 0 9 1 0 1 1 0 8 0
pgrppl 48 17 0 9 1 0 1 1 0 8 0
ucredpl 96 47 0 40 1 0 1 1 0 8 0
zombiepl 144 166 0 166 1 0 1 1 0 8 1
processpl 920 192 0 166 4 0 4 4 0 8 0
procpl 624 192 0 166 3 0 3 3 0 8 0
mcl4k 4096 10 0 10 1 0 1 1 0 8 1
mcl2k 2048 5842 0 5802 9 1 8 9 0 8 2
mtagpl 80 2 0 2 1 1 0 1 0 8 0
mbufpl 256 9977 0 9919 6 1 5 6 0 8 1
bufpl 280 1754 0 66 121 0 121 121 0 8 0
anonpl 16 17557 0 16425 7 2 5 7 0 107 0
amapchunkpl 152 494 0 458 2 0 2 2 0 158 0
amappl16 192 71 0 67 1 0 1 1 0 8 0
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl12 160 7 0 7 1 0 1 1 0 8 1
amappl11 152 55 0 43 1 0 1 1 0 8 0
amappl10 144 2 0 0 1 0 1 1 0 8 0
amappl9 136 217 0 214 1 0 1 1 0 8 0
amappl8 128 200 0 199 1 0 1 1 0 8 0
amappl7 120 78 0 70 1 0 1 1 0 8 0
amappl6 112 13 0 12 1 0 1 1 0 8 0
amappl5 104 148 0 139 1 0 1 1 0 8 0
amappl4 96 414 0 389 1 0 1 1 0 8 0
amappl3 88 98 0 92 1 0 1 1 0 8 0
amappl2 80 714 0 664 2 0 2 2 0 8 0
amappl1 72 12232 0 11843 16 7 9 16 0 8 0
amappl 80 364 0 345 1 0 1 1 0 84 0
uaddrrnd 24 177 0 166 1 0 1 1 0 8 0
vmmpekpl 168 5167 0 5148 1 0 1 1 0 8 0
vmmpepl 168 25588 0 24831 48 7 41 48 0 357 6
vmsppl 272 176 0 166 1 0 1 1 0 8 0
pdppl 4096 360 0 332 5 0 5 5 0 8 0
pvpl 32 70695 0 67968 26 0 26 26 0 265 1
pmappl 200 176 0 166 1 0 1 1 0 8 0
HEAD commit: 20c8eb7c Add bse(4) device to unbreak build.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=155c3bd0100000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=a43ace363f1b663238f8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1366a0bfe00000
dashboard link: https://syzkaller.appspot.com/bug?extid=a43ace363f1b663238f8
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=149250bfe00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a43ace...@syzkaller.appspotmail.com
Stopped at pool_get+0x26: callq __sanitizer_cov_trace_pc+0x4
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
pool_get(ffffffff8259ed90,2) at pool_get+0x26 sys/kern/subr_pool.c:561
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
the kernel did not panic
ddb> trace
m_copym(fffffd806bc22c00,0,3b9aca00,2) at m_copym+0x174 m_get sys/kern/uipc_mbuf.c:250 [inline]
m_copym(fffffd806bc22c00,0,3b9aca00,2) at m_copym+0x174 sys/kern/uipc_mbuf.c:667
ether_resolve(ffff80000017a2a8,fffffd806bc22c00,fffffd805e561080,fffffd805e542310,ffff80001d7c11e8) at ether_resolve+0x49f sys/net/if_ethersubr.c:227
ether_output(ffff80000017a2a8,fffffd806bc22c00,fffffd805e561080,fffffd805e542310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd806bc22c00,fffffd805e561080,fffffd805e542310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd806bc22c00,fffffd805e4faa00,fffffd805e561070,0,0,fffffd805e561000) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e561000,fffffd806bc22c00,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805dafb7d8,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805dafb7d8) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e561000,fffffd806bc22c00,fffffd806bc22ce0,0,18,fffffd806bc22cf8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d7c1868,ffff80001d7c1874,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d7c1868,ffff80001d7c1874,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d7c1868,ffff80001d7c1874,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d7c1868,ffff80001d7c1874,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd806bc22c00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd806bc22c00,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd806bc22a00,fffffd805e561080,fffffd805e542310,ffff80001d7c19b8) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd806bc22a00,fffffd805e561080,fffffd805e542310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd806bc22a00,fffffd805e561080,fffffd805e542310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd806bc22a00,fffffd805e4faa00,fffffd805e561070,0,0,fffffd805e561000) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e561000,fffffd806bc22a00,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805dafb7d8,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805dafb7d8) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e561000,fffffd806bc22a00,fffffd806bc22ae0,0,18,fffffd806bc22af8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d7c2038,ffff80001d7c2044,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d7c2038,ffff80001d7c2044,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d7c2038,ffff80001d7c2044,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d7c2038,ffff80001d7c2044,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd806bc22a00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd806bc22a00,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805e2f0700,fffffd805e561080,fffffd805e542310,ffff80001d7c2188) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805e2f0700,fffffd805e561080,fffffd805e542310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805e2f0700,fffffd805e561080,fffffd805e542310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805e2f0700,fffffd805e4faa00,fffffd805e561070,0,0,fffffd805e561000) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e561000,fffffd805e2f0700,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805dafb7d8,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805dafb7d8) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e561000,fffffd805e2f0700,fffffd805e2f07e0,0,18,fffffd805e2f07f8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d7c2808,ffff80001d7c2814,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d7c2808,ffff80001d7c2814,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d7c2808,ffff80001d7c2814,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d7c2808,ffff80001d7c2814,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805e2f0700) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805e2f0700,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805e4fa900,fffffd805e561080,fffffd805e542310,ffff80001d7c2958) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805e4fa900,fffffd805e561080,fffffd805e542310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805e4fa900,fffffd805e561080,fffffd805e542310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805e4fa900,fffffd805e4faa00,fffffd805e561070,0,0,fffffd805e561000) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e561000,fffffd805e4fa900,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805dafb7d8,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805dafb7d8) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e561000,fffffd805e4fa900,fffffd805e4fa9e0,0,18,fffffd805e4fa9f8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d7c2fd8,ffff80001d7c2fe4,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d7c2fd8,ffff80001d7c2fe4,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d7c2fd8,ffff80001d7c2fe4,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d7c2fd8,ffff80001d7c2fe4,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805e4fa900) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805e4fa900,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805e390d00,fffffd805e561080,fffffd805e542310,ffff80001d7c3128) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805e390d00,fffffd805e561080,fffffd805e542310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805e390d00,fffffd805e561080,fffffd805e542310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805e390d00,fffffd805e4faa00,fffffd805e561070,0,0,fffffd805e561000) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e561000,fffffd805e390d00,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805dafb7d8,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805dafb7d8) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e561000,fffffd805e390d00,fffffd805e390de0,0,18,fffffd805e390df8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d7c37a8,ffff80001d7c37b4,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d7c37a8,ffff80001d7c37b4,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d7c37a8,ffff80001d7c37b4,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d7c37a8,ffff80001d7c37b4,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805e390d00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805e390d00,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805e390c00,fffffd805e561080,fffffd805e542310,ffff80001d7c38f8) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805e390c00,fffffd805e561080,fffffd805e542310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805e390c00,fffffd805e561080,fffffd805e542310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805e390c00,fffffd805e4faa00,fffffd805e561070,0,0,fffffd805e561000) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e561000,fffffd805e390c00,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805dafb7d8,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805dafb7d8) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
udp_sbappend(fffffd805e561000,fffffd805e390c00,fffffd805e390ce0,0,18,fffffd805e390cf8) at udp_sbappend+0x366 sys/netinet/udp_usrreq.c:635
udp_input(ffff80001d7c3f78,ffff80001d7c3f84,11,2) at udp_input+0x10d8
ip_deliver(ffff80001d7c3f78,ffff80001d7c3f84,11,2) at ip_deliver+0x2e3 sys/netinet/ip_input.c:668
ip_ours(ffff80001d7c3f78,ffff80001d7c3f84,2,0) at ip_ours+0x4fe sys/netinet/ip_input.c:563
ip_input_if(ffff80001d7c3f78,ffff80001d7c3f84,4,0,ffff80000017a2a8) at ip_input_if+0x571
ipv4_input(ffff80000017a2a8,fffffd805e390c00) at ipv4_input+0x48 sys/netinet/ip_input.c:215
if_input_local(ffff80000017a2a8,fffffd805e390c00,2) at if_input_local+0xf9 sys/net/if.c:776
ether_resolve(ffff80000017a2a8,fffffd805e390600,fffffd805e561080,fffffd805e542310,ffff80001d7c40c8) at ether_resolve+0x4c2 sys/net/if_ethersubr.c:228
ether_output(ffff80000017a2a8,fffffd805e390600,fffffd805e561080,fffffd805e542310) at ether_output+0x47 ether_encap sys/net/if_ethersubr.c:310 [inline]
ether_output(ffff80000017a2a8,fffffd805e390600,fffffd805e561080,fffffd805e542310) at ether_output+0x47 sys/net/if_ethersubr.c:339
ip_output(fffffd805e390600,fffffd805e4faa00,fffffd805e561070,0,0,fffffd805e561000) at ip_output+0x10d4 sys/netinet/ip_output.c:468
udp_output(fffffd805e561000,fffffd805e390600,0,0) at udp_output+0x58b sys/netinet/udp_usrreq.c:1008
somove(fffffd805dafb7d8,2) at somove+0xf61 sys/kern/uipc_socket.c:1610
sorwakeup(fffffd805dafb7d8) at sorwakeup+0x79 sys/kern/uipc_socket.c:1659
sorflush(fffffd805dafb7d8) at sorflush+0x69 sys/kern/uipc_socket.c:1122
soshutdown(fffffd805dafb7d8,2) at soshutdown+0x7b sys/kern/uipc_socket.c:1097
sys_shutdown(ffff80001d7a74f0,ffff80001d7c4678,ffff80001d7c46c0) at sys_shutdown+0x63 sys/kern/uipc_syscalls.c:913
syscall(ffff80001d7c4740) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff5680, count: -91
end of kernel
ddb> show registers
rdi 0xffffffff8259ed90 mbpool
rsi 0x2
rbp 0xffff80001d7c1090
rbx 0x2
rdx 0x3b9aca00
rcx 0x2
rax 0
r8 0xffff80001d7c11e8
r9 0x1
r10 0xd03d3e2678cc3c3d
r11 0x21bcb9d3b2c6ca2d
r12 0x1
r13 0
r14 0xffffffff8259ed90 mbpool
r15 0x2
rip 0xffffffff81be24b6 pool_get+0x26
cs 0x8
rflags 0x10286 __ALIGN_SIZE+0xf286
rsp 0xffff80001d7c1000
rflags 0x10286 __ALIGN_SIZE+0xf286
ss 0x10
pool_get+0x26: callq __sanitizer_cov_trace_pc+0x4
ddb> show proc
PROC (syz-executor4063) pid=10593 stat=onproc
flags process=2<EXEC,8ORPHAN> proc=0
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff80001d7a79d0,0xffff80001d7a7290
process=0xffff8000ffff83b0 user=0xffff80001d7bf000, vmspace=0xfffffd806bc0a880
estcpu=0, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
66493 382082 0 0 3 0x14200 bored sosplice
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*98885 10593 41012 0 7 0x2 syz-executor4063
41012 395185 76824 0 3 0x10008a pause ksh
76824 186071 48787 0 3 0x92 select sshd
18842 121248 1 0 3 0x100083 ttyin getty
48787 491985 1 0 3 0x80 select sshd
26628 487399 54106 73 3 0x100090 kqread syslogd
54106 374205 1 0 3 0x100082 netio syslogd
84179 434613 1 77 3 0x100090 poll dhclient
19568 205371 1 0 3 0x80 poll dhclient
80036 178254 0 0 3 0x14200 bored smr
79528 166973 0 0 2 0x14200 zerothread
97735 9675 0 0 3 0x14200 aiodoned aiodoned
39757 231287 0 0 3 0x14200 syncer update
66587 150793 0 0 3 0x14200 cleaner cleaner
21148 312412 0 0 3 0x14200 reaper reaper
24489 152249 0 0 3 0x14200 pgdaemon pagedaemon
45427 452143 0 0 3 0x14200 bored crynlk
69863 516110 0 0 3 0x14200 bored crypto
2730 143834 0 0 3 0x40014200 acpi0 acpi0
43809 309895 0 0 3 0x14200 bored softnet
38612 231265 0 0 3 0x14200 bored systqmp
40109 196140 0 0 3 0x14200 bored systq
57716 210237 0 0 3 0x40014200 bored softclock
42149 81211 0 0 3 0x40014200 idle0
1 123040 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9440 6319K 6320K 78643K 10537 0
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
pcb 13 8K 8K 78643K 13 0
rtable 61 1K 2K 78643K 118 0
ifaddr 24 7K 7K 78643K 24 0
counters 19 16K 16K 78643K 19 0
ioctlops 0 0K 2K 78643K 13 0
mount 1 1K 1K 78643K 1 0
vnodes 1182 74K 74K 78643K 1187 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 0K 0K 78643K 2 0
sem 2 0K 0K 78643K 2 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1794 195K 288K 78643K 12646 0
file desc 1 0K 0K 78643K 1 0
ACPI 1794 195K 288K 78643K 12646 0
proc 47 38K 46K 78643K 278 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 11 0K 0K 78643K 11 0
NFS daemon 1 16K 16K 78643K 1 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 19 95K 95K 78643K 19 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
exec 0 0K 1K 78643K 151 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 55 2K 3K 78643K 699 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM aobj 2 2K 2K 78643K 2 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 3 0K 0K 78643K 3 0
crypto data 1 1K 1K 78643K 1 0
temp 18 3029K 3093K 78643K 1417 0
kqueue 2 2K 2K 78643K 2 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 2 0 0 1 0 1 1 0 8 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 80 15 0 13 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 120 27 0 19 1 0 1 1 0 8 0
syncache 264 5 0 5 1 0 1 1 0 8 1
tcpcb 544 8 0 5 1 0 1 1 0 8 0
inpcb 280 24 0 17 1 0 1 1 0 8 0
syncache 264 5 0 5 1 0 1 1 0 8 1
tcpcb 544 8 0 5 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 96 0 0 6 0 6 6 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1391 0 15 45 0 45 45 0 8 0
ffsino 240 1391 0 15 81 0 81 81 0 8 0
nchpl 144 1566 0 31 57 0 57 57 0 8 0
uvmvnodes 72 1400 0 0 26 0 26 26 0 8 0
vnodes 208 1400 0 0 74 0 74 74 0 8 0
namei 1024 3447 0 3447 1 0 1 1 0 8 1
scxspl 192 2585 0 2585 1 0 1 1 0 8 1
plimitpl 152 13 0 8 1 0 1 1 0 8 0
sigapl 424 192 0 166 4 0 4 4 0 8 0
knotepl 112 5 0 0 1 0 1 1 0 8 0
kqueuepl 144 3 0 0 1 0 1 1 0 8 0
pipelkpl 16 57 0 53 1 0 1 1 0 8 0
pipepl 120 114 0 107 1 0 1 1 0 8 0
fdescpl 432 177 0 166 2 0 2 2 0 8 0
filepl 120 827 0 781 2 0 2 2 0 8 0
lockfpl 104 5 0 4 1 0 1 1 0 8 0
lockfspl 48 3 0 2 1 0 1 1 0 8 0
sessionpl 112 17 0 9 1 0 1 1 0 8 0
pgrppl 48 17 0 9 1 0 1 1 0 8 0
ucredpl 96 47 0 40 1 0 1 1 0 8 0
zombiepl 144 166 0 166 1 0 1 1 0 8 1
processpl 920 192 0 166 4 0 4 4 0 8 0
procpl 624 192 0 166 3 0 3 3 0 8 0
sosppl 128 1 0 0 1 0 1 1 0 8 0
sockpl 400 66 0 49 2 0 2 2 0 8 0
mcl4k 4096 10 0 10 1 0 1 1 0 8 1
mcl2k 2048 5842 0 5802 9 1 8 9 0 8 2
mtagpl 80 2 0 2 1 1 0 1 0 8 0
mbufpl 256 9977 0 9919 6 1 5 6 0 8 1
bufpl 280 1754 0 66 121 0 121 121 0 8 0
anonpl 16 17557 0 16425 7 2 5 7 0 107 0
amapchunkpl 152 494 0 458 2 0 2 2 0 158 0
amappl16 192 71 0 67 1 0 1 1 0 8 0
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 1 0 1 1 1 0 1 0 8 0
amappl13 168 12 0 11 1 0 1 1 0 8 0
amappl12 160 7 0 7 1 0 1 1 0 8 1
amappl11 152 55 0 43 1 0 1 1 0 8 0
amappl10 144 2 0 0 1 0 1 1 0 8 0
amappl9 136 217 0 214 1 0 1 1 0 8 0
amappl8 128 200 0 199 1 0 1 1 0 8 0
amappl7 120 78 0 70 1 0 1 1 0 8 0
amappl6 112 13 0 12 1 0 1 1 0 8 0
amappl5 104 148 0 139 1 0 1 1 0 8 0
amappl4 96 414 0 389 1 0 1 1 0 8 0
amappl3 88 98 0 92 1 0 1 1 0 8 0
amappl2 80 714 0 664 2 0 2 2 0 8 0
amappl1 72 12232 0 11843 16 7 9 16 0 8 0
amappl 80 364 0 345 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
uaddrrnd 24 177 0 166 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 177 0 166 1 0 1 1 0 8 0
vmmpekpl 168 5167 0 5148 1 0 1 1 0 8 0
vmmpepl 168 25588 0 24831 48 7 41 48 0 357 6
vmsppl 272 176 0 166 1 0 1 1 0 8 0
pdppl 4096 360 0 332 5 0 5 5 0 8 0
pvpl 32 70695 0 67968 26 0 26 26 0 265 1
pmappl 200 176 0 166 1 0 1 1 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 122 0 4 4 0 4 4 0 8 0
Greg Steuck
Apr 16, 2020, 2:40:32 PM4/16/20
to syzbot, sas...@openbsd.org, syzkaller-o...@googlegroups.com
Sasha,
Here's another seemingly recursive crash in the networks stack with a repro:
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=149250bfe00000
Thanks
Greg
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-openbsd-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-openbsd...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-openbsd-bugs/0000000000006d215505a35d65ba%40google.com.
--
nest.cx is Gmail hosted, use PGP: https://pgp.key-server.io/0x0B1542BD8DF5A1B0
Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
Here's another seemingly recursive crash in the networks stack with a repro:
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=149250bfe00000
Thanks
Greg
> You received this message because you are subscribed to the Google Groups "syzkaller-openbsd-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-openbsd...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-openbsd-bugs/0000000000006d215505a35d65ba%40google.com.
--
nest.cx is Gmail hosted, use PGP: https://pgp.key-server.io/0x0B1542BD8DF5A1B0
Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
Anton Lindqvist
Apr 17, 2020, 2:47:35 AM4/17/20
to Greg Steuck, syzbot, sas...@openbsd.org, syzkaller-o...@googlegroups.com
On Thu, Apr 16, 2020 at 11:40:16AM -0700, Greg Steuck wrote:
> Sasha,
>
> Here's another seemingly recursive crash in the networks stack with a repro:
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=149250bfe00000
Already being looked at.
> Sasha,
>
> Here's another seemingly recursive crash in the networks stack with a repro:
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=149250bfe00000
syzbot
Apr 18, 2020, 5:13:07 AM4/18/20
to an...@basename.se, syzkaller-o...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger crash:
Reported-and-tested-by: syzbot+a43ace...@syzkaller.appspotmail.com
Tested on:
commit: 56924c30 XXX potential fix
git tree: https://github.com/mptre/openbsd-src netinet
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger crash:
Reported-and-tested-by: syzbot+a43ace...@syzkaller.appspotmail.com
Tested on:
commit: 56924c30 XXX potential fix
git tree: https://github.com/mptre/openbsd-src netinet
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=a43ace363f1b663238f8
compiler:
dashboard link: https://syzkaller.appspot.com/bug?extid=a43ace363f1b663238f8
Note: testing is done by a robot and is best-effort only.
Reply all
Reply to author
Forward
0 new messages