uvm_fault: ufs_direnter (2)
1 view
Skip to first unread message
syzbot
Mar 22, 2024, 6:15:17 AMMar 22
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: b98784e6f2e2 aucat: Add a bytes-per-sample argument to all..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1549c0e9180000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=6354866743e93a9ab6fc
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/17bef1fee247/disk-b98784e6.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/cf321ddceecc/bsd-b98784e6.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/08a34efe3e6e/kernel-b98784e6.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+635486...@syzkaller.appspotmail.com
uvm_fault(0xffffffff82d6fec8, 0xffff800029f9200c, 0, 1) -> d
kernel: page fault trap, code=0
Stopped at ufs_direnter+0x1be: movl 0(%r15),%r14d
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*111364 50481 0 0x2 0 0 syz-executor.4
ufs_direnter(fffffd8064671388,fffffd807885da38,ffff80002f55f310,ffff80002f55f630,fffffd8067c96c10) at ufs_direnter+0x1be sys/ufs/ufs/ufs_lookup.c:764
ufs_mkdir(ffff80002f55f4a0) at ufs_mkdir+0x4a3 sys/ufs/ufs/ufs_vnops.c:1194
VOP_MKDIR(fffffd8064671388,ffff80002f55f600,ffff80002f55f630,ffff80002f55f530) at VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
domkdirat(ffff80002a6792b8,ffffff9c,7589789dfbc0,1ff) at domkdirat+0x125 sys/kern/vfs_syscalls.c:3069
syscall(ffff80002f55f7a0) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7589789dfc30, count: 9
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xffffffff82d6fec8, 0xffff800029f9200c, 0, 1) -> d
ddb> trace
ufs_direnter(fffffd8064671388,fffffd807885da38,ffff80002f55f310,ffff80002f55f630,fffffd8067c96c10) at ufs_direnter+0x1be sys/ufs/ufs/ufs_lookup.c:764
ufs_mkdir(ffff80002f55f4a0) at ufs_mkdir+0x4a3 sys/ufs/ufs/ufs_vnops.c:1194
VOP_MKDIR(fffffd8064671388,ffff80002f55f600,ffff80002f55f630,ffff80002f55f530) at VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
domkdirat(ffff80002a6792b8,ffffff9c,7589789dfbc0,1ff) at domkdirat+0x125 sys/kern/vfs_syscalls.c:3069
syscall(ffff80002f55f7a0) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7589789dfc30, count: -6
ddb> show registers
rdi 0
rsi 0
rbp 0xffff80002f55f300
rbx 0xfffffd806e3810f0
rdx 0
rcx 0xfffffd8067eb2928
rax 0xffff80002a6792b8
r8 0xffffffffffffffff
r9 0
r10 0x847081e891b5c955
r11 0xe9122c176559cd4d
r12 0xfffffd80675ea600
r13 0xfffffd807885da38
r14 0x200
r15 0xffff800029f9200c
rip 0xffffffff816a744e ufs_direnter+0x1be
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002f55f250
ss 0x10
ufs_direnter+0x1be: movl 0(%r15),%r14d
ddb> show proc
PROC (syz-executor.4) tid=111364 pid=50481 tcnt=1 stat=onproc
flags process=2<EXEC> proc=0
runpri=17, usrpri=83, slppri=17, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff80002a602d58,0xffff80002a602ac0
process=0xffff8000ffff65c0 user=0xffff80002f55a000, vmspace=0xfffffd80787ff318
estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
30144 70383 20267 0 2 0 syz-executor.5
30144 310299 20267 0 2 0x4000000 syz-executor.5
30144 185031 20267 0 2 0x4000000 syz-executor.5
6361 396785 79645 0 2 0x480 syz-executor.1
6361 388365 79645 0 3 0x4000080 kqread syz-executor.1
6361 393687 79645 0 3 0x4000080 fsleep syz-executor.1
6361 308952 79645 0 3 0x4000080 fsleep syz-executor.1
44380 408871 91877 0 2 0 syz-executor.2
44380 184116 91877 0 3 0x4000080 netio syz-executor.2
44380 236053 91877 0 3 0x4000080 fsleep syz-executor.2
28247 450531 0 0 3 0x14200 acct acct
*50481 111364 48817 0 7 0x2 syz-executor.4
75312 298020 1 0 3 0x18100083 ttyin getty
79645 10107 48817 0 2 0x482 syz-executor.1
20267 120345 48817 0 2 0x482 syz-executor.5
91817 431433 48817 0 2 0x2 syz-executor.3
89754 226200 48817 0 2 0x2 syz-executor.7
48379 158899 48817 0 2 0x2 syz-executor.0
22790 437574 48817 0 2 0x2 syz-executor.6
30935 522763 0 0 3 0x14280 nfsidl nfsio
78043 501101 0 0 3 0x14280 nfsidl nfsio
87255 390777 0 0 3 0x14280 nfsidl nfsio
87500 21824 0 0 3 0x14280 nfsidl nfsio
70727 419446 0 0 3 0x14280 nfsidl nfsio
66529 197583 0 0 3 0x14280 nfsidl nfsio
57612 189019 0 0 3 0x14280 nfsidl nfsio
76456 463381 0 0 3 0x14280 nfsidl nfsio
15668 502820 0 0 3 0x14280 nfsidl nfsio
76558 357528 0 0 3 0x14280 nfsidl nfsio
9319 32796 0 0 3 0x14280 nfsidl nfsio
41951 42786 0 0 3 0x14280 nfsidl nfsio
34171 56170 0 0 3 0x14280 nfsidl nfsio
24834 361889 0 0 3 0x14280 nfsidl nfsio
48547 464457 0 0 3 0x14280 nfsidl nfsio
37609 91040 0 0 3 0x14280 nfsidl nfsio
97816 38389 0 0 3 0x14280 nfsidl nfsio
65641 287149 0 0 3 0x14280 nfsidl nfsio
51684 222617 0 0 3 0x14280 nfsidl nfsio
17348 354822 0 0 3 0x14280 nfsidl nfsio
71632 445997 0 0 3 0x14200 bored sosplice
91877 300762 48817 0 2 0x482 syz-executor.2
48817 339477 5916 0 3 0x1a000082 wait syz-fuzzer
48817 394466 5916 0 2 0x1e000482 syz-fuzzer
48817 153986 5916 0 3 0x1e000082 wait syz-fuzzer
48817 241425 5916 0 3 0x1e000082 thrsleep syz-fuzzer
48817 64430 5916 0 3 0x1e000082 wait syz-fuzzer
48817 388060 5916 0 3 0x1e000082 wait syz-fuzzer
48817 85390 5916 0 3 0x1e000082 wait syz-fuzzer
48817 183945 5916 0 3 0x1e000082 thrsleep syz-fuzzer
48817 489866 5916 0 3 0x1e000082 thrsleep syz-fuzzer
48817 267574 5916 0 3 0x1e000082 wait syz-fuzzer
48817 181699 5916 0 3 0x1e000082 thrsleep syz-fuzzer
48817 93454 5916 0 3 0x1e000082 kqread syz-fuzzer
48817 374786 5916 0 3 0x1e000082 wait syz-fuzzer
48817 487377 5916 0 3 0x1e000082 wait syz-fuzzer
5916 471460 81705 0 3 0x810008a sigsusp ksh
81705 33138 87294 0 3 0x1800009a kqread sshd
87294 189748 1 0 3 0x18000088 kqread sshd
59862 4028 88066 73 3 0x19100090 kqread syslogd
88066 431183 1 0 3 0x18100082 netio syslogd
43012 478012 1 0 3 0x18100080 kqread resolvd
45040 213223 32237 77 3 0x18100092 kqread dhcpleased
18552 499015 32237 77 3 0x18100092 kqread dhcpleased
32237 53478 1 0 3 0x18000080 kqread dhcpleased
71437 455595 0 0 3 0x14200 bored smr
99889 121246 0 0 2 0x14200 zerothread
94305 113490 0 0 3 0x14200 aiodoned aiodoned
67256 135191 0 0 3 0x14200 syncer update
68267 473241 0 0 3 0x14200 cleaner cleaner
3190 200979 0 0 3 0x14200 reaper reaper
42702 420232 0 0 3 0x14200 pgdaemon pagedaemon
50100 466516 0 0 3 0x14200 bored viomb
47077 179502 0 0 3 0x40014200 acpi0 acpi0
46219 397146 0 0 3 0x14200 bored softnet3
88669 232775 0 0 3 0x14200 bored softnet2
53527 149294 0 0 3 0x14200 bored softnet1
29169 269875 0 0 3 0x14200 bored softnet0
60411 170563 0 0 3 0x14200 bored systqmp
60075 504216 0 0 3 0x14200 bored systq
15494 150310 0 0 2 0x40014200 softclock
25755 169706 0 0 3 0x40014200 idle0
1 95395 0 0 3 0x8000082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10185 6487K 7320K 166960K 28956 0
pcb 15 14K 16K 166960K 722 0
rtable 211 6K 7K 166960K 1524 0
pf 32 9K 10K 166960K 280 0
ifaddr 40 11K 12K 166960K 234 0
ifgroup 55 2K 2K 166960K 449 0
sysctl 4 1K 1K 166960K 4 0
counters 31 17K 17K 166960K 140 0
ioctlops 0 0K 2K 166960K 476 0
iov 1 2K 20K 166960K 972 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1519 95K 96K 166960K 9167 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 115 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 1409 0
dirhash 12 2K 2K 166960K 75 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 13 45K 73K 166960K 7489 0
sigio 0 0K 0K 166960K 515 0
proc 58 59K 75K 166960K 1432 0
subproc 104 6K 6K 166960K 403 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 281 0
in_multi 84 6K 7K 166960K 395 0
ether_multi 1 0K 0K 166960K 1 0
mrt 0 0K 0K 166960K 12 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 91 413K 413K 166960K 91 0
exec 0 0K 1K 166960K 2248 0
pfkey data 0 0K 0K 166960K 42 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 400 201K 218K 166960K 69941 0
UVM aobj 131 4K 4K 166960K 141 0
pinsyscall 22 44K 100K 166960K 1969 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 258 0
NDP 12 0K 2K 166960K 185 0
temp 74 6804K 7440K 166960K 47418 0
kqueue 12 18K 25K 166960K 545 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 361 0 358 4 3 1 3 0 8 0
rtentry 112 434 0 337 4 0 4 4 0 8 0
unpcb 144 6771 0 6756 23 17 6 8 0 8 5
syncache 336 60 0 60 3 2 1 1 0 8 1
tcpqe 32 51 0 51 2 2 0 1 0 8 0
tcpcb 808 2230 0 2213 28 22 6 12 0 8 4
arp 88 65 0 49 1 0 1 1 0 8 0
ipq 40 1 0 1 1 1 0 1 0 8 0
ipqe 40 4 0 4 1 1 0 1 0 8 0
inpcb 360 6106 0 6086 38 29 9 14 0 8 6
nd6 104 100 0 80 1 0 1 1 0 8 0
pkpcb 40 25 0 25 3 3 0 1 0 8 0
kcovpl 48 31 0 23 1 0 1 1 0 8 0
ppxss 1072 36 0 36 3 2 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1570 0 1161 33 3 30 30 0 8 0
art_table 32 1571 0 1161 4 0 4 4 0 8 0
art_node 16 383 0 294 1 0 1 1 0 8 0
sysvmsgpl 40 40 0 4 1 0 1 1 0 8 0
semupl 112 3 0 3 1 1 0 1 0 8 0
semapl 112 1405 0 1395 1 0 1 1 0 8 0
shmpl 112 138 0 10 4 0 4 4 0 8 0
dirhash 1024 59 0 42 3 0 3 3 0 8 0
dino2pl 256 13378 0 11851 96 0 96 96 0 8 0
ffsino 240 13378 0 11851 90 0 90 90 0 8 0
nchpl 144 23522 0 21791 66 0 66 66 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 85855 0 85853 4 3 1 3 0 8 0
vcpupl 2048 94 0 0 12 0 12 12 0 8 0
vmpool 664 94 0 0 8 0 8 8 0 8 0
kstatmem 264 242 0 218 2 0 2 2 0 8 0
scxspl 216 65321 0 65321 13 11 2 8 1 8 2
plimitpl 152 1090 0 1075 1 0 1 1 0 8 0
sigapl 424 7844 0 7782 8 0 8 8 0 8 0
futexpl 64 70431 0 70428 2 1 1 1 0 8 0
knotepl 120 65978 0 65896 14 11 3 14 0 8 0
kqueuepl 184 1208 0 1199 9 6 3 4 0 8 2
pipepl 288 1247 0 1219 13 10 3 7 0 8 0
fdescpl 432 7726 0 7702 4 0 4 4 0 8 0
filepl 120 56576 0 56329 33 19 14 18 0 8 4
lockfpl 104 2769 0 2767 6 4 2 4 0 8 1
lockfspl 48 1022 0 1020 2 1 1 2 0 8 0
sessionpl 144 48 0 32 1 0 1 1 0 8 0
pgrppl 48 232 0 216 1 0 1 1 0 8 0
ucredpl 104 13982 0 13971 1 0 1 1 0 8 0
zombiepl 144 7782 0 7782 3 2 1 1 0 8 1
processpl 1072 7844 0 7782 5 0 5 5 0 8 0
procpl 680 18571 0 18489 10 1 9 9 0 8 1
sosppl 168 74 0 71 2 1 1 1 0 8 0
sockpl 488 13285 0 13247 259 237 22 43 0 8 16
mcl64k 65536 269 0 269 4 3 1 1 0 8 1
mcl16k 16384 138 0 138 4 3 1 1 0 8 1
mcl12k 12288 269 0 269 4 3 1 1 0 8 1
mcl9k 9216 115 0 115 4 3 1 1 0 8 1
mcl8k 8192 635 0 634 4 3 1 1 0 8 0
mcl4k 4096 791 0 791 4 3 1 1 0 8 1
mcl2k2 2112 40 0 40 4 3 1 1 0 8 1
mcl2k 2048 82919 0 82767 42 21 21 27 0 8 0
mtagpl 96 1526 0 942 15 0 15 15 0 8 0
mbufpl 256 198619 0 197875 214 166 48 103 0 8 0
bufpl 280 18411 0 12065 454 0 454 454 0 8 0
anonpl 24 796489 0 782516 150 38 112 112 0 188 20
amapchunkpl 152 234073 0 233255 63 14 49 49 0 158 13
amappl16 200 16866 0 16431 64 32 32 36 0 8 8
amappl15 192 57 0 56 1 0 1 1 0 8 0
amappl14 184 232 0 222 2 1 1 2 0 8 0
amappl13 176 14 0 14 2 2 0 1 0 8 0
amappl12 168 8692 0 8665 2 0 2 2 0 8 0
amappl11 160 62 0 51 1 0 1 1 0 8 0
amappl10 152 70 0 60 1 0 1 1 0 8 0
amappl9 144 145 0 144 1 0 1 1 0 8 0
amappl8 136 358 0 276 3 0 3 3 0 8 0
amappl7 128 79 0 64 1 0 1 1 0 8 0
amappl6 120 666 0 644 2 1 1 2 0 8 0
amappl5 112 376 0 364 1 0 1 1 0 8 0
amappl4 104 825 0 790 2 1 1 2 0 8 0
amappl3 96 44173 0 44101 3 0 3 3 0 8 0
amappl2 88 8532 0 8463 4 1 3 4 0 8 0
amappl1 80 37015 0 36529 22 11 11 22 0 8 0
amappl 88 69030 0 68798 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 140 0 10 3 0 3 3 0 8 0
uaddrrnd 24 7820 0 7702 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 7820 0 7702 1 0 1 1 0 8 0
vmmpekpl 168 53604 0 53536 4 0 4 4 0 8 0
vmmpepl 168 469744 0 467535 180 63 117 135 0 357 0
vmsppl 352 7819 0 7702 12 0 12 12 0 8 0
rwobjpl 24 116917 0 109398 47 0 47 47 0 8 0
pdppl 4096 15646 0 15498 499 341 158 160 0 8 10
pvpl 32 2135394 0 2116198 420 225 195 357 0 265 28
pmappl 216 7819 0 7702 7 0 7 7 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1067 0 583 16 0 16 16 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
ufs_direnter(fffffd8064671388,fffffd807885da38,ffff80002f55f310,ffff80002f55f630,fffffd8067c96c10) at ufs_direnter+0x1be sys/ufs/ufs/ufs_lookup.c:764
ufs_mkdir(ffff80002f55f4a0) at ufs_mkdir+0x4a3 sys/ufs/ufs/ufs_vnops.c:1194
VOP_MKDIR(fffffd8064671388,ffff80002f55f600,ffff80002f55f630,ffff80002f55f530) at VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
domkdirat(ffff80002a6792b8,ffffff9c,7589789dfbc0,1ff) at domkdirat+0x125 sys/kern/vfs_syscalls.c:3069
syscall(ffff80002f55f7a0) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7589789dfc30, count: -6
ddb> machine ddbcpu 1
No such command
ddb> trace
ufs_direnter(fffffd8064671388,fffffd807885da38,ffff80002f55f310,ffff80002f55f630,fffffd8067c96c10) at ufs_direnter+0x1be sys/ufs/ufs/ufs_lookup.c:764
ufs_mkdir(ffff80002f55f4a0) at ufs_mkdir+0x4a3 sys/ufs/ufs/ufs_vnops.c:1194
VOP_MKDIR(fffffd8064671388,ffff80002f55f600,ffff80002f55f630,ffff80002f55f530) at VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
domkdirat(ffff80002a6792b8,ffffff9c,7589789dfbc0,1ff) at domkdirat+0x125 sys/kern/vfs_syscalls.c:3069
syscall(ffff80002f55f7a0) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7589789dfc30, count: -6
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: b98784e6f2e2 aucat: Add a bytes-per-sample argument to all..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1549c0e9180000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=6354866743e93a9ab6fc
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/17bef1fee247/disk-b98784e6.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/cf321ddceecc/bsd-b98784e6.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/08a34efe3e6e/kernel-b98784e6.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+635486...@syzkaller.appspotmail.com
uvm_fault(0xffffffff82d6fec8, 0xffff800029f9200c, 0, 1) -> d
kernel: page fault trap, code=0
Stopped at ufs_direnter+0x1be: movl 0(%r15),%r14d
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*111364 50481 0 0x2 0 0 syz-executor.4
ufs_direnter(fffffd8064671388,fffffd807885da38,ffff80002f55f310,ffff80002f55f630,fffffd8067c96c10) at ufs_direnter+0x1be sys/ufs/ufs/ufs_lookup.c:764
ufs_mkdir(ffff80002f55f4a0) at ufs_mkdir+0x4a3 sys/ufs/ufs/ufs_vnops.c:1194
VOP_MKDIR(fffffd8064671388,ffff80002f55f600,ffff80002f55f630,ffff80002f55f530) at VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
domkdirat(ffff80002a6792b8,ffffff9c,7589789dfbc0,1ff) at domkdirat+0x125 sys/kern/vfs_syscalls.c:3069
syscall(ffff80002f55f7a0) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7589789dfc30, count: 9
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xffffffff82d6fec8, 0xffff800029f9200c, 0, 1) -> d
ddb> trace
ufs_direnter(fffffd8064671388,fffffd807885da38,ffff80002f55f310,ffff80002f55f630,fffffd8067c96c10) at ufs_direnter+0x1be sys/ufs/ufs/ufs_lookup.c:764
ufs_mkdir(ffff80002f55f4a0) at ufs_mkdir+0x4a3 sys/ufs/ufs/ufs_vnops.c:1194
VOP_MKDIR(fffffd8064671388,ffff80002f55f600,ffff80002f55f630,ffff80002f55f530) at VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
domkdirat(ffff80002a6792b8,ffffff9c,7589789dfbc0,1ff) at domkdirat+0x125 sys/kern/vfs_syscalls.c:3069
syscall(ffff80002f55f7a0) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7589789dfc30, count: -6
ddb> show registers
rdi 0
rsi 0
rbp 0xffff80002f55f300
rbx 0xfffffd806e3810f0
rdx 0
rcx 0xfffffd8067eb2928
rax 0xffff80002a6792b8
r8 0xffffffffffffffff
r9 0
r10 0x847081e891b5c955
r11 0xe9122c176559cd4d
r12 0xfffffd80675ea600
r13 0xfffffd807885da38
r14 0x200
r15 0xffff800029f9200c
rip 0xffffffff816a744e ufs_direnter+0x1be
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80002f55f250
ss 0x10
ufs_direnter+0x1be: movl 0(%r15),%r14d
ddb> show proc
PROC (syz-executor.4) tid=111364 pid=50481 tcnt=1 stat=onproc
flags process=2<EXEC> proc=0
runpri=17, usrpri=83, slppri=17, nice=20
wchan=0x0, wmesg=, ps_single=0x0
forw=0xffffffffffffffff, list=0xffff80002a602d58,0xffff80002a602ac0
process=0xffff8000ffff65c0 user=0xffff80002f55a000, vmspace=0xfffffd80787ff318
estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
30144 70383 20267 0 2 0 syz-executor.5
30144 310299 20267 0 2 0x4000000 syz-executor.5
30144 185031 20267 0 2 0x4000000 syz-executor.5
6361 396785 79645 0 2 0x480 syz-executor.1
6361 388365 79645 0 3 0x4000080 kqread syz-executor.1
6361 393687 79645 0 3 0x4000080 fsleep syz-executor.1
6361 308952 79645 0 3 0x4000080 fsleep syz-executor.1
44380 408871 91877 0 2 0 syz-executor.2
44380 184116 91877 0 3 0x4000080 netio syz-executor.2
44380 236053 91877 0 3 0x4000080 fsleep syz-executor.2
28247 450531 0 0 3 0x14200 acct acct
*50481 111364 48817 0 7 0x2 syz-executor.4
75312 298020 1 0 3 0x18100083 ttyin getty
79645 10107 48817 0 2 0x482 syz-executor.1
20267 120345 48817 0 2 0x482 syz-executor.5
91817 431433 48817 0 2 0x2 syz-executor.3
89754 226200 48817 0 2 0x2 syz-executor.7
48379 158899 48817 0 2 0x2 syz-executor.0
22790 437574 48817 0 2 0x2 syz-executor.6
30935 522763 0 0 3 0x14280 nfsidl nfsio
78043 501101 0 0 3 0x14280 nfsidl nfsio
87255 390777 0 0 3 0x14280 nfsidl nfsio
87500 21824 0 0 3 0x14280 nfsidl nfsio
70727 419446 0 0 3 0x14280 nfsidl nfsio
66529 197583 0 0 3 0x14280 nfsidl nfsio
57612 189019 0 0 3 0x14280 nfsidl nfsio
76456 463381 0 0 3 0x14280 nfsidl nfsio
15668 502820 0 0 3 0x14280 nfsidl nfsio
76558 357528 0 0 3 0x14280 nfsidl nfsio
9319 32796 0 0 3 0x14280 nfsidl nfsio
41951 42786 0 0 3 0x14280 nfsidl nfsio
34171 56170 0 0 3 0x14280 nfsidl nfsio
24834 361889 0 0 3 0x14280 nfsidl nfsio
48547 464457 0 0 3 0x14280 nfsidl nfsio
37609 91040 0 0 3 0x14280 nfsidl nfsio
97816 38389 0 0 3 0x14280 nfsidl nfsio
65641 287149 0 0 3 0x14280 nfsidl nfsio
51684 222617 0 0 3 0x14280 nfsidl nfsio
17348 354822 0 0 3 0x14280 nfsidl nfsio
71632 445997 0 0 3 0x14200 bored sosplice
91877 300762 48817 0 2 0x482 syz-executor.2
48817 339477 5916 0 3 0x1a000082 wait syz-fuzzer
48817 394466 5916 0 2 0x1e000482 syz-fuzzer
48817 153986 5916 0 3 0x1e000082 wait syz-fuzzer
48817 241425 5916 0 3 0x1e000082 thrsleep syz-fuzzer
48817 64430 5916 0 3 0x1e000082 wait syz-fuzzer
48817 388060 5916 0 3 0x1e000082 wait syz-fuzzer
48817 85390 5916 0 3 0x1e000082 wait syz-fuzzer
48817 183945 5916 0 3 0x1e000082 thrsleep syz-fuzzer
48817 489866 5916 0 3 0x1e000082 thrsleep syz-fuzzer
48817 267574 5916 0 3 0x1e000082 wait syz-fuzzer
48817 181699 5916 0 3 0x1e000082 thrsleep syz-fuzzer
48817 93454 5916 0 3 0x1e000082 kqread syz-fuzzer
48817 374786 5916 0 3 0x1e000082 wait syz-fuzzer
48817 487377 5916 0 3 0x1e000082 wait syz-fuzzer
5916 471460 81705 0 3 0x810008a sigsusp ksh
81705 33138 87294 0 3 0x1800009a kqread sshd
87294 189748 1 0 3 0x18000088 kqread sshd
59862 4028 88066 73 3 0x19100090 kqread syslogd
88066 431183 1 0 3 0x18100082 netio syslogd
43012 478012 1 0 3 0x18100080 kqread resolvd
45040 213223 32237 77 3 0x18100092 kqread dhcpleased
18552 499015 32237 77 3 0x18100092 kqread dhcpleased
32237 53478 1 0 3 0x18000080 kqread dhcpleased
71437 455595 0 0 3 0x14200 bored smr
99889 121246 0 0 2 0x14200 zerothread
94305 113490 0 0 3 0x14200 aiodoned aiodoned
67256 135191 0 0 3 0x14200 syncer update
68267 473241 0 0 3 0x14200 cleaner cleaner
3190 200979 0 0 3 0x14200 reaper reaper
42702 420232 0 0 3 0x14200 pgdaemon pagedaemon
50100 466516 0 0 3 0x14200 bored viomb
47077 179502 0 0 3 0x40014200 acpi0 acpi0
46219 397146 0 0 3 0x14200 bored softnet3
88669 232775 0 0 3 0x14200 bored softnet2
53527 149294 0 0 3 0x14200 bored softnet1
29169 269875 0 0 3 0x14200 bored softnet0
60411 170563 0 0 3 0x14200 bored systqmp
60075 504216 0 0 3 0x14200 bored systq
15494 150310 0 0 2 0x40014200 softclock
25755 169706 0 0 3 0x40014200 idle0
1 95395 0 0 3 0x8000082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10185 6487K 7320K 166960K 28956 0
pcb 15 14K 16K 166960K 722 0
rtable 211 6K 7K 166960K 1524 0
pf 32 9K 10K 166960K 280 0
ifaddr 40 11K 12K 166960K 234 0
ifgroup 55 2K 2K 166960K 449 0
sysctl 4 1K 1K 166960K 4 0
counters 31 17K 17K 166960K 140 0
ioctlops 0 0K 2K 166960K 476 0
iov 1 2K 20K 166960K 972 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1519 95K 96K 166960K 9167 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 115 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 1409 0
dirhash 12 2K 2K 166960K 75 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 13 45K 73K 166960K 7489 0
sigio 0 0K 0K 166960K 515 0
proc 58 59K 75K 166960K 1432 0
subproc 104 6K 6K 166960K 403 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 281 0
in_multi 84 6K 7K 166960K 395 0
ether_multi 1 0K 0K 166960K 1 0
mrt 0 0K 0K 166960K 12 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 91 413K 413K 166960K 91 0
exec 0 0K 1K 166960K 2248 0
pfkey data 0 0K 0K 166960K 42 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 400 201K 218K 166960K 69941 0
UVM aobj 131 4K 4K 166960K 141 0
pinsyscall 22 44K 100K 166960K 1969 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 1K 166960K 258 0
NDP 12 0K 2K 166960K 185 0
temp 74 6804K 7440K 166960K 47418 0
kqueue 12 18K 25K 166960K 545 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 361 0 358 4 3 1 3 0 8 0
rtentry 112 434 0 337 4 0 4 4 0 8 0
unpcb 144 6771 0 6756 23 17 6 8 0 8 5
syncache 336 60 0 60 3 2 1 1 0 8 1
tcpqe 32 51 0 51 2 2 0 1 0 8 0
tcpcb 808 2230 0 2213 28 22 6 12 0 8 4
arp 88 65 0 49 1 0 1 1 0 8 0
ipq 40 1 0 1 1 1 0 1 0 8 0
ipqe 40 4 0 4 1 1 0 1 0 8 0
inpcb 360 6106 0 6086 38 29 9 14 0 8 6
nd6 104 100 0 80 1 0 1 1 0 8 0
pkpcb 40 25 0 25 3 3 0 1 0 8 0
kcovpl 48 31 0 23 1 0 1 1 0 8 0
ppxss 1072 36 0 36 3 2 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1570 0 1161 33 3 30 30 0 8 0
art_table 32 1571 0 1161 4 0 4 4 0 8 0
art_node 16 383 0 294 1 0 1 1 0 8 0
sysvmsgpl 40 40 0 4 1 0 1 1 0 8 0
semupl 112 3 0 3 1 1 0 1 0 8 0
semapl 112 1405 0 1395 1 0 1 1 0 8 0
shmpl 112 138 0 10 4 0 4 4 0 8 0
dirhash 1024 59 0 42 3 0 3 3 0 8 0
dino2pl 256 13378 0 11851 96 0 96 96 0 8 0
ffsino 240 13378 0 11851 90 0 90 90 0 8 0
nchpl 144 23522 0 21791 66 0 66 66 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 85855 0 85853 4 3 1 3 0 8 0
vcpupl 2048 94 0 0 12 0 12 12 0 8 0
vmpool 664 94 0 0 8 0 8 8 0 8 0
kstatmem 264 242 0 218 2 0 2 2 0 8 0
scxspl 216 65321 0 65321 13 11 2 8 1 8 2
plimitpl 152 1090 0 1075 1 0 1 1 0 8 0
sigapl 424 7844 0 7782 8 0 8 8 0 8 0
futexpl 64 70431 0 70428 2 1 1 1 0 8 0
knotepl 120 65978 0 65896 14 11 3 14 0 8 0
kqueuepl 184 1208 0 1199 9 6 3 4 0 8 2
pipepl 288 1247 0 1219 13 10 3 7 0 8 0
fdescpl 432 7726 0 7702 4 0 4 4 0 8 0
filepl 120 56576 0 56329 33 19 14 18 0 8 4
lockfpl 104 2769 0 2767 6 4 2 4 0 8 1
lockfspl 48 1022 0 1020 2 1 1 2 0 8 0
sessionpl 144 48 0 32 1 0 1 1 0 8 0
pgrppl 48 232 0 216 1 0 1 1 0 8 0
ucredpl 104 13982 0 13971 1 0 1 1 0 8 0
zombiepl 144 7782 0 7782 3 2 1 1 0 8 1
processpl 1072 7844 0 7782 5 0 5 5 0 8 0
procpl 680 18571 0 18489 10 1 9 9 0 8 1
sosppl 168 74 0 71 2 1 1 1 0 8 0
sockpl 488 13285 0 13247 259 237 22 43 0 8 16
mcl64k 65536 269 0 269 4 3 1 1 0 8 1
mcl16k 16384 138 0 138 4 3 1 1 0 8 1
mcl12k 12288 269 0 269 4 3 1 1 0 8 1
mcl9k 9216 115 0 115 4 3 1 1 0 8 1
mcl8k 8192 635 0 634 4 3 1 1 0 8 0
mcl4k 4096 791 0 791 4 3 1 1 0 8 1
mcl2k2 2112 40 0 40 4 3 1 1 0 8 1
mcl2k 2048 82919 0 82767 42 21 21 27 0 8 0
mtagpl 96 1526 0 942 15 0 15 15 0 8 0
mbufpl 256 198619 0 197875 214 166 48 103 0 8 0
bufpl 280 18411 0 12065 454 0 454 454 0 8 0
anonpl 24 796489 0 782516 150 38 112 112 0 188 20
amapchunkpl 152 234073 0 233255 63 14 49 49 0 158 13
amappl16 200 16866 0 16431 64 32 32 36 0 8 8
amappl15 192 57 0 56 1 0 1 1 0 8 0
amappl14 184 232 0 222 2 1 1 2 0 8 0
amappl13 176 14 0 14 2 2 0 1 0 8 0
amappl12 168 8692 0 8665 2 0 2 2 0 8 0
amappl11 160 62 0 51 1 0 1 1 0 8 0
amappl10 152 70 0 60 1 0 1 1 0 8 0
amappl9 144 145 0 144 1 0 1 1 0 8 0
amappl8 136 358 0 276 3 0 3 3 0 8 0
amappl7 128 79 0 64 1 0 1 1 0 8 0
amappl6 120 666 0 644 2 1 1 2 0 8 0
amappl5 112 376 0 364 1 0 1 1 0 8 0
amappl4 104 825 0 790 2 1 1 2 0 8 0
amappl3 96 44173 0 44101 3 0 3 3 0 8 0
amappl2 88 8532 0 8463 4 1 3 4 0 8 0
amappl1 80 37015 0 36529 22 11 11 22 0 8 0
amappl 88 69030 0 68798 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 140 0 10 3 0 3 3 0 8 0
uaddrrnd 24 7820 0 7702 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 7820 0 7702 1 0 1 1 0 8 0
vmmpekpl 168 53604 0 53536 4 0 4 4 0 8 0
vmmpepl 168 469744 0 467535 180 63 117 135 0 357 0
vmsppl 352 7819 0 7702 12 0 12 12 0 8 0
rwobjpl 24 116917 0 109398 47 0 47 47 0 8 0
pdppl 4096 15646 0 15498 499 341 158 160 0 8 10
pvpl 32 2135394 0 2116198 420 225 195 357 0 265 28
pmappl 216 7819 0 7702 7 0 7 7 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1067 0 583 16 0 16 16 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
ufs_direnter(fffffd8064671388,fffffd807885da38,ffff80002f55f310,ffff80002f55f630,fffffd8067c96c10) at ufs_direnter+0x1be sys/ufs/ufs/ufs_lookup.c:764
ufs_mkdir(ffff80002f55f4a0) at ufs_mkdir+0x4a3 sys/ufs/ufs/ufs_vnops.c:1194
VOP_MKDIR(fffffd8064671388,ffff80002f55f600,ffff80002f55f630,ffff80002f55f530) at VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
domkdirat(ffff80002a6792b8,ffffff9c,7589789dfbc0,1ff) at domkdirat+0x125 sys/kern/vfs_syscalls.c:3069
syscall(ffff80002f55f7a0) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7589789dfc30, count: -6
ddb> machine ddbcpu 1
No such command
ddb> trace
ufs_direnter(fffffd8064671388,fffffd807885da38,ffff80002f55f310,ffff80002f55f630,fffffd8067c96c10) at ufs_direnter+0x1be sys/ufs/ufs/ufs_lookup.c:764
ufs_mkdir(ffff80002f55f4a0) at ufs_mkdir+0x4a3 sys/ufs/ufs/ufs_vnops.c:1194
VOP_MKDIR(fffffd8064671388,ffff80002f55f600,ffff80002f55f630,ffff80002f55f530) at VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
domkdirat(ffff80002a6792b8,ffffff9c,7589789dfbc0,1ff) at domkdirat+0x125 sys/kern/vfs_syscalls.c:3069
syscall(ffff80002f55f7a0) at syscall+0x538 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7589789dfc30, count: -6
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages