uvm_fault: pfi_address_add
0 views
Skip to first unread message
syzbot
May 29, 2020, 10:11:17 PM5/29/20
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: d0e5c0ea Add a fix from ncurses 20200523 via Hiltjo Posthu..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=132c50de100000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=d70144b3ae2ec068e318
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d70144...@syzkaller.appspotmail.com
uvm_fault(0xfffffd806bc09bb0, 0x4, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at pfi_address_add+0x1eb: movl 0x4(%rax),%eax
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xfffffd806bc09bb0, 0x4, 0, 1) -> e
pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585
end trace frame: 0xffff80001ee2c4e0, count: 0
ddb> trace
pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585
pfi_instance_add(ffff8000009f7800,0,2) at pfi_instance_add+0x5e5
pfi_table_update(ffff800000a11a40,ffff800000a09800,0,2) at pfi_table_update+0x174
pfi_kif_update(ffff800000a09800) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline]
pfi_kif_update(ffff800000a09800) at pfi_kif_update+0xba sys/net/pf_if.c:442
if_addgroup(ffff8000009f7800,ffff80001ee2c6f8) at if_addgroup+0x280 sys/net/if.c:2742
ifioctl(fffffd8057e4fb18,80286987,ffff80001ee2c6e0,ffff80001d7a7c40) at ifioctl+0x13e7 sys/net/if.c:2154
sys_ioctl(ffff80001d7a7c40,ffff80001ee2c7f8,ffff80001ee2c840) at sys_ioctl+0x4a1
syscall(ffff80001ee2c8c0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf1f713c9cc0, count: -9
ddb> show registers
rdi 0xffffffff813ee597 pfi_address_add+0x1e7
rsi 0x1e22 __ALIGN_SIZE+0xe22
rbp 0xffff80001ee2c440
rbx 0
rdx 0x1e23 __ALIGN_SIZE+0xe23
rcx 0xffff80001de27000
rax 0
r8 0xffffffff813ede51 pfi_instance_add+0xf1
r9 0x1
r10 0x2
r11 0xa8ee8e6fa4eeb99
r12 0x34
r13 0x2
r14 0xffff800000654034
r15 0
rip 0xffffffff813ee59b pfi_address_add+0x1eb
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80001ee2c3d0
ss 0x10
pfi_address_add+0x1eb: movl 0x4(%rax),%eax
ddb> show proc
PROC (syz-executor.0) pid=395986 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=78, nice=20
forw=0xffffffffffffffff, list=0xffff80001d7394e8,0xffffffff825ec610
process=0xffff8000ffff8e78 user=0xffff80001ee27000, vmspace=0xfffffd806bc09bb0
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
28567 116947 41986 0 2 0 syz-executor.0
*28567 395986 41986 0 7 0x4000000 syz-executor.0
8240 449170 5441 0 3 0x82 piperd syz-executor.1
89005 312139 0 0 3 0x14200 bored sosplice
12664 494066 1 0 3 0x100083 ttyin getty
13344 300140 0 0 3 0x14200 acct acct
41986 27255 5441 0 3 0x82 nanosleep syz-executor.0
5441 194776 3503 0 3 0x82 thrsleep syz-fuzzer
5441 167804 3503 0 3 0x4000082 nanosleep syz-fuzzer
5441 96638 3503 0 3 0x4000082 thrsleep syz-fuzzer
5441 11271 3503 0 3 0x4000082 thrsleep syz-fuzzer
5441 95997 3503 0 3 0x4000082 thrsleep syz-fuzzer
5441 396191 3503 0 3 0x4000082 thrsleep syz-fuzzer
5441 420994 3503 0 3 0x4000082 thrsleep syz-fuzzer
5441 338682 3503 0 2 0x4000002 syz-fuzzer
3503 53086 88141 0 3 0x10008a pause ksh
88141 452507 78570 0 3 0x92 select sshd
78570 292773 1 0 3 0x80 select sshd
52174 392093 51983 73 3 0x100090 kqread syslogd
51983 55980 1 0 3 0x100082 netio syslogd
76356 329338 1 77 3 0x100090 poll dhclient
29981 439835 1 0 3 0x80 poll dhclient
52526 394328 0 0 3 0x14200 bored smr
92657 235619 0 0 2 0x14200 zerothread
51773 377044 0 0 3 0x14200 aiodoned aiodoned
3803 197729 0 0 3 0x14200 syncer update
26388 260491 0 0 3 0x14200 cleaner cleaner
97376 402209 0 0 3 0x14200 reaper reaper
74103 184317 0 0 3 0x14200 pgdaemon pagedaemon
6552 488604 0 0 3 0x14200 bored crynlk
84079 228812 0 0 3 0x14200 bored crypto
6568 13223 0 0 3 0x40014200 acpi0 acpi0
32360 492780 0 0 3 0x14200 bored softnet
23583 361261 0 0 3 0x14200 bored systqmp
55421 340294 0 0 3 0x14200 bored systq
38397 207390 0 0 3 0x40014200 bored softclock
14115 121157 0 0 3 0x40014200 idle0
1 149379 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9503 6350K 7632K 78643K 13249 0
pcb 13 8K 8K 78643K 111 0
rtable 128 17K 18K 78643K 434 0
ifaddr 74 15K 16K 78643K 165 0
counters 21 16K 16K 78643K 32 0
ioctlops 0 0K 4K 78643K 88 0
iov 0 0K 16K 78643K 65 0
mount 1 1K 1K 78643K 1 0
vnodes 1220 77K 77K 78643K 1916 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 5 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 1K 78643K 52 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 195K 288K 78643K 12938 0
file desc 5 13K 25K 78643K 570 0
sigio 0 0K 0K 78643K 4 0
proc 51 38K 55K 78643K 480 0
subproc 32 2K 2K 78643K 51 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 46 0
in_multi 64 3K 3K 78643K 141 0
ether_multi 1 0K 0K 78643K 22 0
mrt 0 0K 0K 78643K 8 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 49 228K 228K 78643K 49 0
exec 0 0K 1K 78643K 257 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 123 23K 25K 78643K 2212 0
UVM aobj 16 2K 2K 78643K 19 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 88 0
NDP 11 0K 0K 78643K 30 0
temp 110 3039K 3110K 78643K 8462 0
kqueue 3 4K 9K 78643K 32 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 8 0 2 1 0 1 1 0 8 0
rtpcb 80 59 0 57 1 0 1 1 0 8 0
rtentry 112 67 0 25 2 0 2 2 0 8 0
unpcb 120 385 0 376 1 0 1 1 0 8 0
syncache 264 7 0 7 3 3 0 1 0 8 0
tcpqe 32 445 0 445 1 1 0 1 0 8 0
tcpcb 544 242 0 237 2 1 1 2 0 8 0
ipq 40 6 0 6 2 1 1 1 0 8 1
ipqe 40 14 0 14 2 1 1 1 0 8 1
inpcb 280 1033 0 1025 5 4 1 2 0 8 0
rttmr 72 2 0 2 1 1 0 1 0 8 0
nd6 48 11 0 7 1 0 1 1 0 8 0
pkpcb 40 4 0 4 2 1 1 1 0 8 1
ppxss 1128 2 0 2 2 2 0 1 0 8 0
pfstscr 40 2 0 0 1 0 1 1 0 8 0
pfosfp 40 1 0 0 1 0 1 1 0 8 0
pfosfpen 112 2 0 0 1 0 1 1 0 8 0
pfrke_plain 160 7 0 2 1 0 1 1 0 8 0
pfrktable 1344 33 0 23 2 1 1 2 0 8 0
pftag 88 8 0 6 2 1 1 1 0 8 0
pfstitem 24 1 0 0 1 0 1 1 0 8 0
pfstkey 112 2 0 1 1 0 1 1 0 8 0
pfstate 328 2 0 1 1 0 1 1 0 8 0
pfrule 1360 31 0 14 2 0 2 2 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 292 0 111 13 1 12 13 0 8 0
art_table 32 294 0 111 2 0 2 2 0 8 0
art_node 16 66 0 27 1 0 1 1 0 8 0
sysvmsgpl 40 10 0 8 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 48 0 38 1 0 1 1 0 8 0
shmpl 112 17 0 3 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 2171 0 774 88 0 88 88 0 8 0
ffsino 240 2171 0 774 83 0 83 83 0 8 0
nchpl 144 3165 0 1582 60 0 60 60 0 8 0
rtmask 32 4 0 2 1 0 1 1 0 8 0
uvmvnodes 72 2826 0 0 52 0 52 52 0 8 0
vnodes 208 2826 0 0 149 0 149 149 0 8 0
namei 1024 9223 0 9223 2 1 1 1 0 8 1
vmpool 528 4 0 4 1 1 0 1 0 8 0
pfiaddrpl 120 13 0 4 1 0 1 1 0 8 0
scsiplug 64 1 0 1 1 1 0 1 0 8 0
scxspl 192 8936 0 8936 1 0 1 1 0 8 1
plimitpl 152 74 0 67 1 0 1 1 0 8 0
sigapl 424 756 0 726 4 0 4 4 0 8 0
futexpl 56 12020 0 12020 2 1 1 1 0 8 1
knotepl 112 99 0 80 1 0 1 1 0 8 0
kqueuepl 144 71 0 69 1 0 1 1 0 8 0
pipelkpl 16 144 0 134 1 0 1 1 0 8 0
pipepl 120 288 0 269 1 0 1 1 0 8 0
fdescpl 432 740 0 726 2 0 2 2 0 8 0
filepl 120 5093 0 4997 4 0 4 4 0 8 0
lockfpl 104 120 0 119 1 0 1 1 0 8 0
lockfspl 48 50 0 49 1 0 1 1 0 8 0
sessionpl 112 19 0 9 1 0 1 1 0 8 0
pgrppl 48 19 0 9 1 0 1 1 0 8 0
ucredpl 96 559 0 552 1 0 1 1 0 8 0
zombiepl 144 726 0 726 1 0 1 1 0 8 1
processpl 920 756 0 726 5 1 4 5 0 8 0
procpl 624 1430 0 1392 5 1 4 4 0 8 1
sosppl 128 2 0 2 1 1 0 1 0 8 0
sockpl 400 1483 0 1464 8 5 3 5 0 8 0
mcl64k 65536 43 0 43 3 2 1 1 0 8 1
mcl16k 16384 3 0 3 2 1 1 1 0 8 1
mcl12k 12288 25 0 25 3 2 1 1 0 8 1
mcl9k 9216 4 0 4 3 2 1 1 0 8 1
mcl8k 8192 18 0 18 3 3 0 1 0 8 0
mcl4k 4096 52 0 52 5 4 1 1 0 8 1
mcl2k2 2112 7 0 7 3 3 0 1 0 8 0
mcl2k 2048 72561 0 72506 26 17 9 19 0 8 0
mtagpl 80 93 0 61 3 1 2 2 0 8 0
mbufpl 256 118863 0 118713 21 5 16 17 0 8 0
bufpl 280 4506 0 143 312 0 312 312 0 8 0
anonpl 16 91789 0 76959 93 16 77 79 0 107 13
amapchunkpl 152 3689 0 3551 21 11 10 13 0 158 3
amappl16 192 3890 0 3044 63 12 51 55 0 8 8
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 27 0 21 1 0 1 1 0 8 0
amappl13 168 50 0 46 1 0 1 1 0 8 0
amappl12 160 10 0 7 1 0 1 1 0 8 0
amappl11 152 50 0 41 1 0 1 1 0 8 0
amappl10 144 537 0 530 1 0 1 1 0 8 0
amappl9 136 363 0 362 1 0 1 1 0 8 0
amappl8 128 344 0 306 2 0 2 2 0 8 0
amappl7 120 635 0 620 1 0 1 1 0 8 0
amappl6 112 24 0 20 1 0 1 1 0 8 0
amappl5 104 689 0 675 1 0 1 1 0 8 0
amappl4 96 441 0 413 1 0 1 1 0 8 0
amappl3 88 125 0 119 1 0 1 1 0 8 0
amappl2 80 5023 0 4958 2 0 2 2 0 8 0
amappl1 72 22799 0 22392 23 14 9 17 0 8 0
amappl 80 1695 0 1655 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 18 0 3 1 0 1 1 0 8 0
uaddrrnd 24 744 0 730 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 744 0 730 1 0 1 1 0 8 0
vmmpekpl 168 8707 0 8681 2 0 2 2 0 8 0
vmmpepl 168 93943 0 92016 150 44 106 123 0 357 17
vmsppl 272 743 0 730 3 2 1 2 0 8 0
pdppl 4096 1494 0 1460 6 1 5 6 0 8 0
pvpl 32 259564 0 241725 209 28 181 195 0 265 29
pmappl 200 743 0 730 1 0 1 1 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 279 0 46 7 0 7 7 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585
pfi_instance_add(ffff8000009f7800,0,2) at pfi_instance_add+0x5e5
pfi_table_update(ffff800000a11a40,ffff800000a09800,0,2) at pfi_table_update+0x174
pfi_kif_update(ffff800000a09800) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline]
pfi_kif_update(ffff800000a09800) at pfi_kif_update+0xba sys/net/pf_if.c:442
if_addgroup(ffff8000009f7800,ffff80001ee2c6f8) at if_addgroup+0x280 sys/net/if.c:2742
ifioctl(fffffd8057e4fb18,80286987,ffff80001ee2c6e0,ffff80001d7a7c40) at ifioctl+0x13e7 sys/net/if.c:2154
sys_ioctl(ffff80001d7a7c40,ffff80001ee2c7f8,ffff80001ee2c840) at sys_ioctl+0x4a1
syscall(ffff80001ee2c8c0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf1f713c9cc0, count: -9
ddb> machine ddbcpu 1
No such command
ddb> trace
pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585
pfi_instance_add(ffff8000009f7800,0,2) at pfi_instance_add+0x5e5
pfi_table_update(ffff800000a11a40,ffff800000a09800,0,2) at pfi_table_update+0x174
pfi_kif_update(ffff800000a09800) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline]
pfi_kif_update(ffff800000a09800) at pfi_kif_update+0xba sys/net/pf_if.c:442
if_addgroup(ffff8000009f7800,ffff80001ee2c6f8) at if_addgroup+0x280 sys/net/if.c:2742
ifioctl(fffffd8057e4fb18,80286987,ffff80001ee2c6e0,ffff80001d7a7c40) at ifioctl+0x13e7 sys/net/if.c:2154
sys_ioctl(ffff80001d7a7c40,ffff80001ee2c7f8,ffff80001ee2c840) at sys_ioctl+0x4a1
syscall(ffff80001ee2c8c0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf1f713c9cc0, count: -9
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: d0e5c0ea Add a fix from ncurses 20200523 via Hiltjo Posthu..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=132c50de100000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=d70144b3ae2ec068e318
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d70144...@syzkaller.appspotmail.com
uvm_fault(0xfffffd806bc09bb0, 0x4, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at pfi_address_add+0x1eb: movl 0x4(%rax),%eax
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xfffffd806bc09bb0, 0x4, 0, 1) -> e
pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585
end trace frame: 0xffff80001ee2c4e0, count: 0
ddb> trace
pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585
pfi_instance_add(ffff8000009f7800,0,2) at pfi_instance_add+0x5e5
pfi_table_update(ffff800000a11a40,ffff800000a09800,0,2) at pfi_table_update+0x174
pfi_kif_update(ffff800000a09800) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline]
pfi_kif_update(ffff800000a09800) at pfi_kif_update+0xba sys/net/pf_if.c:442
if_addgroup(ffff8000009f7800,ffff80001ee2c6f8) at if_addgroup+0x280 sys/net/if.c:2742
ifioctl(fffffd8057e4fb18,80286987,ffff80001ee2c6e0,ffff80001d7a7c40) at ifioctl+0x13e7 sys/net/if.c:2154
sys_ioctl(ffff80001d7a7c40,ffff80001ee2c7f8,ffff80001ee2c840) at sys_ioctl+0x4a1
syscall(ffff80001ee2c8c0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf1f713c9cc0, count: -9
ddb> show registers
rdi 0xffffffff813ee597 pfi_address_add+0x1e7
rsi 0x1e22 __ALIGN_SIZE+0xe22
rbp 0xffff80001ee2c440
rbx 0
rdx 0x1e23 __ALIGN_SIZE+0xe23
rcx 0xffff80001de27000
rax 0
r8 0xffffffff813ede51 pfi_instance_add+0xf1
r9 0x1
r10 0x2
r11 0xa8ee8e6fa4eeb99
r12 0x34
r13 0x2
r14 0xffff800000654034
r15 0
rip 0xffffffff813ee59b pfi_address_add+0x1eb
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80001ee2c3d0
ss 0x10
pfi_address_add+0x1eb: movl 0x4(%rax),%eax
ddb> show proc
PROC (syz-executor.0) pid=395986 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=78, nice=20
forw=0xffffffffffffffff, list=0xffff80001d7394e8,0xffffffff825ec610
process=0xffff8000ffff8e78 user=0xffff80001ee27000, vmspace=0xfffffd806bc09bb0
estcpu=36, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
28567 116947 41986 0 2 0 syz-executor.0
*28567 395986 41986 0 7 0x4000000 syz-executor.0
8240 449170 5441 0 3 0x82 piperd syz-executor.1
89005 312139 0 0 3 0x14200 bored sosplice
12664 494066 1 0 3 0x100083 ttyin getty
13344 300140 0 0 3 0x14200 acct acct
41986 27255 5441 0 3 0x82 nanosleep syz-executor.0
5441 194776 3503 0 3 0x82 thrsleep syz-fuzzer
5441 167804 3503 0 3 0x4000082 nanosleep syz-fuzzer
5441 96638 3503 0 3 0x4000082 thrsleep syz-fuzzer
5441 11271 3503 0 3 0x4000082 thrsleep syz-fuzzer
5441 95997 3503 0 3 0x4000082 thrsleep syz-fuzzer
5441 396191 3503 0 3 0x4000082 thrsleep syz-fuzzer
5441 420994 3503 0 3 0x4000082 thrsleep syz-fuzzer
5441 338682 3503 0 2 0x4000002 syz-fuzzer
3503 53086 88141 0 3 0x10008a pause ksh
88141 452507 78570 0 3 0x92 select sshd
78570 292773 1 0 3 0x80 select sshd
52174 392093 51983 73 3 0x100090 kqread syslogd
51983 55980 1 0 3 0x100082 netio syslogd
76356 329338 1 77 3 0x100090 poll dhclient
29981 439835 1 0 3 0x80 poll dhclient
52526 394328 0 0 3 0x14200 bored smr
92657 235619 0 0 2 0x14200 zerothread
51773 377044 0 0 3 0x14200 aiodoned aiodoned
3803 197729 0 0 3 0x14200 syncer update
26388 260491 0 0 3 0x14200 cleaner cleaner
97376 402209 0 0 3 0x14200 reaper reaper
74103 184317 0 0 3 0x14200 pgdaemon pagedaemon
6552 488604 0 0 3 0x14200 bored crynlk
84079 228812 0 0 3 0x14200 bored crypto
6568 13223 0 0 3 0x40014200 acpi0 acpi0
32360 492780 0 0 3 0x14200 bored softnet
23583 361261 0 0 3 0x14200 bored systqmp
55421 340294 0 0 3 0x14200 bored systq
38397 207390 0 0 3 0x40014200 bored softclock
14115 121157 0 0 3 0x40014200 idle0
1 149379 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9503 6350K 7632K 78643K 13249 0
pcb 13 8K 8K 78643K 111 0
rtable 128 17K 18K 78643K 434 0
ifaddr 74 15K 16K 78643K 165 0
counters 21 16K 16K 78643K 32 0
ioctlops 0 0K 4K 78643K 88 0
iov 0 0K 16K 78643K 65 0
mount 1 1K 1K 78643K 1 0
vnodes 1220 77K 77K 78643K 1916 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 5 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 1K 78643K 52 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 195K 288K 78643K 12938 0
file desc 5 13K 25K 78643K 570 0
sigio 0 0K 0K 78643K 4 0
proc 51 38K 55K 78643K 480 0
subproc 32 2K 2K 78643K 51 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 46 0
in_multi 64 3K 3K 78643K 141 0
ether_multi 1 0K 0K 78643K 22 0
mrt 0 0K 0K 78643K 8 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 49 228K 228K 78643K 49 0
exec 0 0K 1K 78643K 257 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 123 23K 25K 78643K 2212 0
UVM aobj 16 2K 2K 78643K 19 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 88 0
NDP 11 0K 0K 78643K 30 0
temp 110 3039K 3110K 78643K 8462 0
kqueue 3 4K 9K 78643K 32 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 8 0 2 1 0 1 1 0 8 0
rtpcb 80 59 0 57 1 0 1 1 0 8 0
rtentry 112 67 0 25 2 0 2 2 0 8 0
unpcb 120 385 0 376 1 0 1 1 0 8 0
syncache 264 7 0 7 3 3 0 1 0 8 0
tcpqe 32 445 0 445 1 1 0 1 0 8 0
tcpcb 544 242 0 237 2 1 1 2 0 8 0
ipq 40 6 0 6 2 1 1 1 0 8 1
ipqe 40 14 0 14 2 1 1 1 0 8 1
inpcb 280 1033 0 1025 5 4 1 2 0 8 0
rttmr 72 2 0 2 1 1 0 1 0 8 0
nd6 48 11 0 7 1 0 1 1 0 8 0
pkpcb 40 4 0 4 2 1 1 1 0 8 1
ppxss 1128 2 0 2 2 2 0 1 0 8 0
pfstscr 40 2 0 0 1 0 1 1 0 8 0
pfosfp 40 1 0 0 1 0 1 1 0 8 0
pfosfpen 112 2 0 0 1 0 1 1 0 8 0
pfrke_plain 160 7 0 2 1 0 1 1 0 8 0
pfrktable 1344 33 0 23 2 1 1 2 0 8 0
pftag 88 8 0 6 2 1 1 1 0 8 0
pfstitem 24 1 0 0 1 0 1 1 0 8 0
pfstkey 112 2 0 1 1 0 1 1 0 8 0
pfstate 328 2 0 1 1 0 1 1 0 8 0
pfrule 1360 31 0 14 2 0 2 2 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 292 0 111 13 1 12 13 0 8 0
art_table 32 294 0 111 2 0 2 2 0 8 0
art_node 16 66 0 27 1 0 1 1 0 8 0
sysvmsgpl 40 10 0 8 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 48 0 38 1 0 1 1 0 8 0
shmpl 112 17 0 3 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 2171 0 774 88 0 88 88 0 8 0
ffsino 240 2171 0 774 83 0 83 83 0 8 0
nchpl 144 3165 0 1582 60 0 60 60 0 8 0
rtmask 32 4 0 2 1 0 1 1 0 8 0
uvmvnodes 72 2826 0 0 52 0 52 52 0 8 0
vnodes 208 2826 0 0 149 0 149 149 0 8 0
namei 1024 9223 0 9223 2 1 1 1 0 8 1
vmpool 528 4 0 4 1 1 0 1 0 8 0
pfiaddrpl 120 13 0 4 1 0 1 1 0 8 0
scsiplug 64 1 0 1 1 1 0 1 0 8 0
scxspl 192 8936 0 8936 1 0 1 1 0 8 1
plimitpl 152 74 0 67 1 0 1 1 0 8 0
sigapl 424 756 0 726 4 0 4 4 0 8 0
futexpl 56 12020 0 12020 2 1 1 1 0 8 1
knotepl 112 99 0 80 1 0 1 1 0 8 0
kqueuepl 144 71 0 69 1 0 1 1 0 8 0
pipelkpl 16 144 0 134 1 0 1 1 0 8 0
pipepl 120 288 0 269 1 0 1 1 0 8 0
fdescpl 432 740 0 726 2 0 2 2 0 8 0
filepl 120 5093 0 4997 4 0 4 4 0 8 0
lockfpl 104 120 0 119 1 0 1 1 0 8 0
lockfspl 48 50 0 49 1 0 1 1 0 8 0
sessionpl 112 19 0 9 1 0 1 1 0 8 0
pgrppl 48 19 0 9 1 0 1 1 0 8 0
ucredpl 96 559 0 552 1 0 1 1 0 8 0
zombiepl 144 726 0 726 1 0 1 1 0 8 1
processpl 920 756 0 726 5 1 4 5 0 8 0
procpl 624 1430 0 1392 5 1 4 4 0 8 1
sosppl 128 2 0 2 1 1 0 1 0 8 0
sockpl 400 1483 0 1464 8 5 3 5 0 8 0
mcl64k 65536 43 0 43 3 2 1 1 0 8 1
mcl16k 16384 3 0 3 2 1 1 1 0 8 1
mcl12k 12288 25 0 25 3 2 1 1 0 8 1
mcl9k 9216 4 0 4 3 2 1 1 0 8 1
mcl8k 8192 18 0 18 3 3 0 1 0 8 0
mcl4k 4096 52 0 52 5 4 1 1 0 8 1
mcl2k2 2112 7 0 7 3 3 0 1 0 8 0
mcl2k 2048 72561 0 72506 26 17 9 19 0 8 0
mtagpl 80 93 0 61 3 1 2 2 0 8 0
mbufpl 256 118863 0 118713 21 5 16 17 0 8 0
bufpl 280 4506 0 143 312 0 312 312 0 8 0
anonpl 16 91789 0 76959 93 16 77 79 0 107 13
amapchunkpl 152 3689 0 3551 21 11 10 13 0 158 3
amappl16 192 3890 0 3044 63 12 51 55 0 8 8
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 27 0 21 1 0 1 1 0 8 0
amappl13 168 50 0 46 1 0 1 1 0 8 0
amappl12 160 10 0 7 1 0 1 1 0 8 0
amappl11 152 50 0 41 1 0 1 1 0 8 0
amappl10 144 537 0 530 1 0 1 1 0 8 0
amappl9 136 363 0 362 1 0 1 1 0 8 0
amappl8 128 344 0 306 2 0 2 2 0 8 0
amappl7 120 635 0 620 1 0 1 1 0 8 0
amappl6 112 24 0 20 1 0 1 1 0 8 0
amappl5 104 689 0 675 1 0 1 1 0 8 0
amappl4 96 441 0 413 1 0 1 1 0 8 0
amappl3 88 125 0 119 1 0 1 1 0 8 0
amappl2 80 5023 0 4958 2 0 2 2 0 8 0
amappl1 72 22799 0 22392 23 14 9 17 0 8 0
amappl 80 1695 0 1655 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 18 0 3 1 0 1 1 0 8 0
uaddrrnd 24 744 0 730 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 744 0 730 1 0 1 1 0 8 0
vmmpekpl 168 8707 0 8681 2 0 2 2 0 8 0
vmmpepl 168 93943 0 92016 150 44 106 123 0 357 17
vmsppl 272 743 0 730 3 2 1 2 0 8 0
pdppl 4096 1494 0 1460 6 1 5 6 0 8 0
pvpl 32 259564 0 241725 209 28 181 195 0 265 29
pmappl 200 743 0 730 1 0 1 1 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 279 0 46 7 0 7 7 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585
pfi_instance_add(ffff8000009f7800,0,2) at pfi_instance_add+0x5e5
pfi_table_update(ffff800000a11a40,ffff800000a09800,0,2) at pfi_table_update+0x174
pfi_kif_update(ffff800000a09800) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline]
pfi_kif_update(ffff800000a09800) at pfi_kif_update+0xba sys/net/pf_if.c:442
if_addgroup(ffff8000009f7800,ffff80001ee2c6f8) at if_addgroup+0x280 sys/net/if.c:2742
ifioctl(fffffd8057e4fb18,80286987,ffff80001ee2c6e0,ffff80001d7a7c40) at ifioctl+0x13e7 sys/net/if.c:2154
sys_ioctl(ffff80001d7a7c40,ffff80001ee2c7f8,ffff80001ee2c840) at sys_ioctl+0x4a1
syscall(ffff80001ee2c8c0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf1f713c9cc0, count: -9
ddb> machine ddbcpu 1
No such command
ddb> trace
pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585
pfi_instance_add(ffff8000009f7800,0,2) at pfi_instance_add+0x5e5
pfi_table_update(ffff800000a11a40,ffff800000a09800,0,2) at pfi_table_update+0x174
pfi_kif_update(ffff800000a09800) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline]
pfi_kif_update(ffff800000a09800) at pfi_kif_update+0xba sys/net/pf_if.c:442
if_addgroup(ffff8000009f7800,ffff80001ee2c6f8) at if_addgroup+0x280 sys/net/if.c:2742
ifioctl(fffffd8057e4fb18,80286987,ffff80001ee2c6e0,ffff80001d7a7c40) at ifioctl+0x13e7 sys/net/if.c:2154
sys_ioctl(ffff80001d7a7c40,ffff80001ee2c7f8,ffff80001ee2c840) at sys_ioctl+0x4a1
syscall(ffff80001ee2c8c0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf1f713c9cc0, count: -9
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
May 29, 2020, 11:39:14 PM5/29/20
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: d0e5c0ea Add a fix from ncurses 20200523 via Hiltjo Posthu..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11213686100000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d70144...@syzkaller.appspotmail.com
login: uvm_fault(0xfffffd806bc09bb0, 0x4, 0, 1) -> e
pfi_table_update(ffff800000a0af40,ffff8000006b5200,0,2) at pfi_table_update+0x174
pfi_kif_update(ffff8000006b5200) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline]
pfi_kif_update(ffff8000006b5200) at pfi_kif_update+0xba sys/net/pf_if.c:442
if_addgroup(ffff8000009f6800,ffff80001d808098) at if_addgroup+0x280 sys/net/if.c:2742
ifioctl(fffffd805dad8c88,80286987,ffff80001d808080,ffff80001d739ea8) at ifioctl+0x13e7 sys/net/if.c:2154
sys_ioctl(ffff80001d739ea8,ffff80001d808198,ffff80001d8081e0) at sys_ioctl+0x4a1
syscall(ffff80001d808260) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
ddb> show registers
rdi 0x20
rsi 0
rbp 0xffff80001d807de0
rbx 0
rdx 0
rcx 0xffff800000654000
flags process=0 proc=0
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff80001d73a868,0xffffffff825ec610
process=0xffff8000ffffb5a0 user=0xffff80001d803000, vmspace=0xfffffd806bc09bb0
estcpu=3, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
97446 194221 49897 0 3 0x82 nanosleep syz-executor.0
49897 167501 22615 0 3 0x82 thrsleep syz-execprog
49897 3363 22615 0 2 0x4000482 syz-execprog
49897 359441 22615 0 3 0x4000082 thrsleep syz-execprog
49897 195466 22615 0 3 0x4000082 thrsleep syz-execprog
49897 401384 22615 0 3 0x4000082 kqread syz-execprog
49897 249174 22615 0 3 0x4000082 thrsleep syz-execprog
49897 179508 22615 0 3 0x4000082 thrsleep syz-execprog
49897 72769 22615 0 3 0x4000082 thrsleep syz-execprog
22615 279574 21817 0 3 0x10008a pause ksh
21817 457497 5317 0 3 0x92 select sshd
19088 427973 1 0 3 0x100083 ttyin getty
5317 239351 1 0 3 0x80 select sshd
78480 39425 60670 73 3 0x100090 kqread syslogd
60670 22119 1 0 3 0x100082 netio syslogd
57617 519553 1 77 3 0x100090 poll dhclient
12013 477431 1 0 3 0x80 poll dhclient
92273 476749 0 0 3 0x14200 bored smr
55559 311887 0 0 2 0x14200 zerothread
28531 181759 0 0 3 0x14200 aiodoned aiodoned
9683 516574 0 0 3 0x14200 syncer update
93045 127724 0 0 3 0x14200 cleaner cleaner
1386 9468 0 0 3 0x14200 reaper reaper
30954 503685 0 0 3 0x14200 pgdaemon pagedaemon
90014 441025 0 0 3 0x14200 bored crynlk
3434 418717 0 0 3 0x14200 bored crypto
54763 234795 0 0 3 0x40014200 acpi0 acpi0
88689 101016 0 0 3 0x14200 bored softnet
40100 476348 0 0 3 0x14200 bored systqmp
69708 519109 0 0 3 0x14200 bored systq
81392 183425 0 0 2 0x40014200 softclock
67786 71402 0 0 3 0x40014200 idle0
1 500557 0 0 3 0x82 wait init
pcb 13 8K 8K 78643K 13 0
rtable 88 3K 4K 78643K 160 0
ifaddr 34 9K 9K 78643K 34 0
counters 20 16K 16K 78643K 20 0
ioctlops 0 0K 4K 78643K 15 0
proc 47 38K 54K 78643K 318 0
ether_multi 1 0K 0K 78643K 1 0
exec 0 0K 1K 78643K 171 0
UVM aobj 2 2K 2K 78643K 2 0
temp 27 3027K 3089K 78643K 1628 0
kqueue 3 4K 4K 78643K 3 0
rtpcb 80 17 0 15 1 0 1 1 0 8 0
rtentry 112 34 0 1 1 0 1 1 0 8 0
unpcb 120 27 0 19 1 0 1 1 0 8 0
syncache 264 5 0 5 2 1 1 1 0 8 1
tcpcb 544 9 0 5 1 0 1 1 0 8 0
inpcb 280 28 0 20 1 0 1 1 0 8 0
nd6 48 3 0 0 1 0 1 1 0 8 0
pfrktable 1344 3 0 1 1 0 1 1 0 8 0
pfrule 1360 1 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 144 0 0 9 0 9 9 0 8 0
art_table 32 145 0 0 2 0 2 2 0 8 0
art_node 16 33 0 3 1 0 1 1 0 8 0
ffsino 240 1415 0 21 82 0 82 82 0 8 0
nchpl 144 1633 0 36 60 0 60 60 0 8 0
uvmvnodes 72 1424 0 0 26 0 26 26 0 8 0
vnodes 208 1424 0 0 75 0 75 75 0 8 0
namei 1024 3920 0 3920 2 1 1 1 0 8 1
pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0
scxspl 192 3848 0 3848 6 5 1 1 0 8 1
plimitpl 152 14 0 8 1 0 1 1 0 8 0
sigapl 424 212 0 185 4 0 4 4 0 8 0
knotepl 112 47 0 36 1 0 1 1 0 8 0
kqueuepl 144 2 0 0 1 0 1 1 0 8 0
pipelkpl 16 70 0 63 2 1 1 1 0 8 0
pipepl 120 140 0 127 2 1 1 1 0 8 0
fdescpl 432 198 0 185 2 0 2 2 0 8 0
filepl 120 980 0 924 2 0 2 2 0 8 0
lockfpl 104 5 0 4 1 0 1 1 0 8 0
lockfspl 48 3 0 2 1 0 1 1 0 8 0
sessionpl 112 18 0 9 1 0 1 1 0 8 0
pgrppl 48 18 0 9 1 0 1 1 0 8 0
ucredpl 96 57 0 50 1 0 1 1 0 8 0
zombiepl 144 185 0 185 2 1 1 1 0 8 1
processpl 920 212 0 185 4 0 4 4 0 8 0
procpl 624 219 0 185 3 0 3 3 0 8 0
sockpl 400 72 0 54 2 0 2 2 0 8 0
mcl4k 4096 10 0 10 2 1 1 1 0 8 1
mcl2k 2048 5524 0 5495 7 3 4 7 0 8 0
mtagpl 80 2 0 2 1 1 0 1 0 8 0
mbufpl 256 9621 0 9546 7 2 5 5 0 8 0
bufpl 280 2899 0 126 199 0 199 199 0 8 0
anonpl 16 20283 0 18694 14 2 12 12 0 107 4
amapchunkpl 152 788 0 727 4 0 4 4 0 158 1
amappl16 192 126 0 92 2 0 2 2 0 8 0
amappl15 184 3 0 0 1 0 1 1 0 8 0
amappl14 176 26 0 22 1 0 1 1 0 8 0
amappl13 168 21 0 18 2 1 1 1 0 8 0
amappl12 160 6 0 4 2 1 1 1 0 8 0
amappl11 152 46 0 37 1 0 1 1 0 8 0
amappl10 144 12 0 9 1 0 1 1 0 8 0
amappl9 136 202 0 201 1 0 1 1 0 8 0
amappl8 128 240 0 231 1 0 1 1 0 8 0
amappl7 120 102 0 91 1 0 1 1 0 8 0
amappl6 112 22 0 20 2 1 1 1 0 8 0
amappl5 104 174 0 165 1 0 1 1 0 8 0
amappl4 96 427 0 402 1 0 1 1 0 8 0
amappl3 88 107 0 102 1 0 1 1 0 8 0
amappl2 80 803 0 749 3 1 2 2 0 8 0
amappl1 72 13520 0 13122 25 8 17 17 0 8 9
amappl 80 418 0 392 1 0 1 1 0 84 0
uaddrrnd 24 198 0 185 1 0 1 1 0 8 0
vmmpekpl 168 6150 0 6132 1 0 1 1 0 8 0
vmmpepl 168 29009 0 28134 86 17 69 69 0 357 30
vmsppl 272 197 0 185 1 0 1 1 0 8 0
pdppl 4096 402 0 370 5 0 5 5 0 8 0
pvpl 32 104720 0 100855 109 7 102 102 0 265 69
pmappl 200 197 0 185 1 0 1 1 0 8 0
pfi_table_update(ffff800000a0af40,ffff8000006b5200,0,2) at pfi_table_update+0x174
pfi_kif_update(ffff8000006b5200) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline]
pfi_kif_update(ffff8000006b5200) at pfi_kif_update+0xba sys/net/pf_if.c:442
if_addgroup(ffff8000009f6800,ffff80001d808098) at if_addgroup+0x280 sys/net/if.c:2742
ifioctl(fffffd805dad8c88,80286987,ffff80001d808080,ffff80001d739ea8) at ifioctl+0x13e7 sys/net/if.c:2154
sys_ioctl(ffff80001d739ea8,ffff80001d808198,ffff80001d8081e0) at sys_ioctl+0x4a1
syscall(ffff80001d808260) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
pfi_table_update(ffff800000a0af40,ffff8000006b5200,0,2) at pfi_table_update+0x174
pfi_kif_update(ffff8000006b5200) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline]
pfi_kif_update(ffff8000006b5200) at pfi_kif_update+0xba sys/net/pf_if.c:442
if_addgroup(ffff8000009f6800,ffff80001d808098) at if_addgroup+0x280 sys/net/if.c:2742
ifioctl(fffffd805dad8c88,80286987,ffff80001d808080,ffff80001d739ea8) at ifioctl+0x13e7 sys/net/if.c:2154
sys_ioctl(ffff80001d739ea8,ffff80001d808198,ffff80001d8081e0) at sys_ioctl+0x4a1
syscall(ffff80001d808260) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
HEAD commit: d0e5c0ea Add a fix from ncurses 20200523 via Hiltjo Posthu..
git tree: openbsd
kernel config: https://syzkaller.appspot.com/x/.config?x=fe55924c11e64b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=d70144b3ae2ec068e318
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16500116100000
dashboard link: https://syzkaller.appspot.com/bug?extid=d70144b3ae2ec068e318
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d70144...@syzkaller.appspotmail.com
kernel: page fault trap, code=0
Stopped at pfi_address_add+0x1eb: movl 0x4(%rax),%eax
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xfffffd806bc09bb0, 0x4, 0, 1) -> e
pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585
end trace frame: 0xffff80001d807e80, count: 0
Stopped at pfi_address_add+0x1eb: movl 0x4(%rax),%eax
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel page fault
uvm_fault(0xfffffd806bc09bb0, 0x4, 0, 1) -> e
pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585
ddb> trace
pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585
pfi_instance_add(ffff8000009f6800,0,2) at pfi_instance_add+0x5e5
pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585
pfi_table_update(ffff800000a0af40,ffff8000006b5200,0,2) at pfi_table_update+0x174
pfi_kif_update(ffff8000006b5200) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline]
pfi_kif_update(ffff8000006b5200) at pfi_kif_update+0xba sys/net/pf_if.c:442
if_addgroup(ffff8000009f6800,ffff80001d808098) at if_addgroup+0x280 sys/net/if.c:2742
ifioctl(fffffd805dad8c88,80286987,ffff80001d808080,ffff80001d739ea8) at ifioctl+0x13e7 sys/net/if.c:2154
sys_ioctl(ffff80001d739ea8,ffff80001d808198,ffff80001d8081e0) at sys_ioctl+0x4a1
syscall(ffff80001d808260) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff61f0, count: -9
end of kernel
ddb> show registers
rdi 0x20
rsi 0
rbp 0xffff80001d807de0
rbx 0
rdx 0
rcx 0xffff800000654000
rax 0
r8 0xffffffff813ede51 pfi_instance_add+0xf1
r9 0x1
r10 0x2
r11 0xe179ff2c045ab858
r8 0xffffffff813ede51 pfi_instance_add+0xf1
r9 0x1
r10 0x2
r12 0x34
r13 0x2
r14 0xffff800000654034
r15 0
rip 0xffffffff813ee59b pfi_address_add+0x1eb
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff80001d807d70
r13 0x2
r14 0xffff800000654034
r15 0
rip 0xffffffff813ee59b pfi_address_add+0x1eb
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
ss 0x10
pfi_address_add+0x1eb: movl 0x4(%rax),%eax
ddb> show proc
PROC (syz-executor.0) pid=456735 stat=onproc
pfi_address_add+0x1eb: movl 0x4(%rax),%eax
ddb> show proc
flags process=0 proc=0
pri=50, usrpri=50, nice=20
forw=0xffffffffffffffff, list=0xffff80001d73a868,0xffffffff825ec610
process=0xffff8000ffffb5a0 user=0xffff80001d803000, vmspace=0xfffffd806bc09bb0
estcpu=3, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*74354 456735 97446 0 7 0 syz-executor.0
PID TID PPID UID S FLAGS WAIT COMMAND
97446 194221 49897 0 3 0x82 nanosleep syz-executor.0
49897 167501 22615 0 3 0x82 thrsleep syz-execprog
49897 3363 22615 0 2 0x4000482 syz-execprog
49897 359441 22615 0 3 0x4000082 thrsleep syz-execprog
49897 195466 22615 0 3 0x4000082 thrsleep syz-execprog
49897 401384 22615 0 3 0x4000082 kqread syz-execprog
49897 249174 22615 0 3 0x4000082 thrsleep syz-execprog
49897 179508 22615 0 3 0x4000082 thrsleep syz-execprog
49897 72769 22615 0 3 0x4000082 thrsleep syz-execprog
22615 279574 21817 0 3 0x10008a pause ksh
21817 457497 5317 0 3 0x92 select sshd
19088 427973 1 0 3 0x100083 ttyin getty
5317 239351 1 0 3 0x80 select sshd
78480 39425 60670 73 3 0x100090 kqread syslogd
60670 22119 1 0 3 0x100082 netio syslogd
57617 519553 1 77 3 0x100090 poll dhclient
12013 477431 1 0 3 0x80 poll dhclient
92273 476749 0 0 3 0x14200 bored smr
55559 311887 0 0 2 0x14200 zerothread
28531 181759 0 0 3 0x14200 aiodoned aiodoned
9683 516574 0 0 3 0x14200 syncer update
93045 127724 0 0 3 0x14200 cleaner cleaner
1386 9468 0 0 3 0x14200 reaper reaper
30954 503685 0 0 3 0x14200 pgdaemon pagedaemon
90014 441025 0 0 3 0x14200 bored crynlk
3434 418717 0 0 3 0x14200 bored crypto
54763 234795 0 0 3 0x40014200 acpi0 acpi0
88689 101016 0 0 3 0x14200 bored softnet
40100 476348 0 0 3 0x14200 bored systqmp
69708 519109 0 0 3 0x14200 bored systq
81392 183425 0 0 2 0x40014200 softclock
67786 71402 0 0 3 0x40014200 idle0
1 500557 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9444 6321K 6321K 78643K 10543 0
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
pcb 13 8K 8K 78643K 13 0
rtable 88 3K 4K 78643K 160 0
ifaddr 34 9K 9K 78643K 34 0
counters 20 16K 16K 78643K 20 0
ioctlops 0 0K 4K 78643K 15 0
mount 1 1K 1K 78643K 1 0
vnodes 1182 74K 74K 78643K 1187 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
UFS mount 5 36K 36K 78643K 5 0
VM map 2 0K 0K 78643K 2 0
sem 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1809 195K 288K 78643K 12938 0
file desc 3 8K 12K 78643K 18 0
ACPI 1809 195K 288K 78643K 12938 0
proc 47 38K 54K 78643K 318 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 26 1K 1K 78643K 26 0
NFS daemon 1 16K 16K 78643K 1 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 19 95K 95K 78643K 19 0
MSDOSFS mount 1 16K 16K 78643K 1 0
exec 0 0K 1K 78643K 171 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 69 11K 12K 78643K 838 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM aobj 2 2K 2K 78643K 2 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 6 0K 0K 78643K 6 0
crypto data 1 1K 1K 78643K 1 0
temp 27 3027K 3089K 78643K 1628 0
kqueue 3 4K 4K 78643K 3 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 4 0 0 1 0 1 1 0 8 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 80 17 0 15 1 0 1 1 0 8 0
rtentry 112 34 0 1 1 0 1 1 0 8 0
unpcb 120 27 0 19 1 0 1 1 0 8 0
syncache 264 5 0 5 2 1 1 1 0 8 1
tcpcb 544 9 0 5 1 0 1 1 0 8 0
inpcb 280 28 0 20 1 0 1 1 0 8 0
nd6 48 3 0 0 1 0 1 1 0 8 0
pfrktable 1344 3 0 1 1 0 1 1 0 8 0
pfrule 1360 1 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 144 0 0 9 0 9 9 0 8 0
art_table 32 145 0 0 2 0 2 2 0 8 0
art_node 16 33 0 3 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1415 0 21 88 0 88 88 0 8 0
ffsino 240 1415 0 21 82 0 82 82 0 8 0
nchpl 144 1633 0 36 60 0 60 60 0 8 0
uvmvnodes 72 1424 0 0 26 0 26 26 0 8 0
vnodes 208 1424 0 0 75 0 75 75 0 8 0
namei 1024 3920 0 3920 2 1 1 1 0 8 1
pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0
scxspl 192 3848 0 3848 6 5 1 1 0 8 1
plimitpl 152 14 0 8 1 0 1 1 0 8 0
sigapl 424 212 0 185 4 0 4 4 0 8 0
knotepl 112 47 0 36 1 0 1 1 0 8 0
kqueuepl 144 2 0 0 1 0 1 1 0 8 0
pipelkpl 16 70 0 63 2 1 1 1 0 8 0
pipepl 120 140 0 127 2 1 1 1 0 8 0
fdescpl 432 198 0 185 2 0 2 2 0 8 0
filepl 120 980 0 924 2 0 2 2 0 8 0
lockfpl 104 5 0 4 1 0 1 1 0 8 0
lockfspl 48 3 0 2 1 0 1 1 0 8 0
sessionpl 112 18 0 9 1 0 1 1 0 8 0
pgrppl 48 18 0 9 1 0 1 1 0 8 0
ucredpl 96 57 0 50 1 0 1 1 0 8 0
zombiepl 144 185 0 185 2 1 1 1 0 8 1
processpl 920 212 0 185 4 0 4 4 0 8 0
procpl 624 219 0 185 3 0 3 3 0 8 0
sockpl 400 72 0 54 2 0 2 2 0 8 0
mcl4k 4096 10 0 10 2 1 1 1 0 8 1
mcl2k 2048 5524 0 5495 7 3 4 7 0 8 0
mtagpl 80 2 0 2 1 1 0 1 0 8 0
mbufpl 256 9621 0 9546 7 2 5 5 0 8 0
bufpl 280 2899 0 126 199 0 199 199 0 8 0
anonpl 16 20283 0 18694 14 2 12 12 0 107 4
amapchunkpl 152 788 0 727 4 0 4 4 0 158 1
amappl16 192 126 0 92 2 0 2 2 0 8 0
amappl15 184 3 0 0 1 0 1 1 0 8 0
amappl14 176 26 0 22 1 0 1 1 0 8 0
amappl13 168 21 0 18 2 1 1 1 0 8 0
amappl12 160 6 0 4 2 1 1 1 0 8 0
amappl11 152 46 0 37 1 0 1 1 0 8 0
amappl10 144 12 0 9 1 0 1 1 0 8 0
amappl9 136 202 0 201 1 0 1 1 0 8 0
amappl8 128 240 0 231 1 0 1 1 0 8 0
amappl7 120 102 0 91 1 0 1 1 0 8 0
amappl6 112 22 0 20 2 1 1 1 0 8 0
amappl5 104 174 0 165 1 0 1 1 0 8 0
amappl4 96 427 0 402 1 0 1 1 0 8 0
amappl3 88 107 0 102 1 0 1 1 0 8 0
amappl2 80 803 0 749 3 1 2 2 0 8 0
amappl1 72 13520 0 13122 25 8 17 17 0 8 9
amappl 80 418 0 392 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
uaddrrnd 24 198 0 185 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 198 0 185 1 0 1 1 0 8 0
vmmpekpl 168 6150 0 6132 1 0 1 1 0 8 0
vmmpepl 168 29009 0 28134 86 17 69 69 0 357 30
vmsppl 272 197 0 185 1 0 1 1 0 8 0
pdppl 4096 402 0 370 5 0 5 5 0 8 0
pvpl 32 104720 0 100855 109 7 102 102 0 265 69
pmappl 200 197 0 185 1 0 1 1 0 8 0
extentpl 40 53 0 36 1 0 1 1 0 8 0
phpool 112 216 0 9 6 0 6 6 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585
pfi_instance_add(ffff8000009f6800,0,2) at pfi_instance_add+0x5e5
No such command
ddb> trace
pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585
pfi_table_update(ffff800000a0af40,ffff8000006b5200,0,2) at pfi_table_update+0x174
pfi_kif_update(ffff8000006b5200) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline]
pfi_kif_update(ffff8000006b5200) at pfi_kif_update+0xba sys/net/pf_if.c:442
if_addgroup(ffff8000009f6800,ffff80001d808098) at if_addgroup+0x280 sys/net/if.c:2742
ifioctl(fffffd805dad8c88,80286987,ffff80001d808080,ffff80001d739ea8) at ifioctl+0x13e7 sys/net/if.c:2154
sys_ioctl(ffff80001d739ea8,ffff80001d808198,ffff80001d8081e0) at sys_ioctl+0x4a1
syscall(ffff80001d808260) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff61f0, count: -9
end of kernel
ddb> machine ddbcpu 1
No such command
ddb> trace
pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585
pfi_instance_add(ffff8000009f6800,0,2) at pfi_instance_add+0x5e5
No such command
ddb> trace
pfi_address_add(0,2,0) at pfi_address_add+0x1eb sys/net/pf_if.c:585
pfi_table_update(ffff800000a0af40,ffff8000006b5200,0,2) at pfi_table_update+0x174
pfi_kif_update(ffff8000006b5200) at pfi_kif_update+0xba pfi_dynaddr_update sys/net/pf_if.c:466 [inline]
pfi_kif_update(ffff8000006b5200) at pfi_kif_update+0xba sys/net/pf_if.c:442
if_addgroup(ffff8000009f6800,ffff80001d808098) at if_addgroup+0x280 sys/net/if.c:2742
ifioctl(fffffd805dad8c88,80286987,ffff80001d808080,ffff80001d739ea8) at ifioctl+0x13e7 sys/net/if.c:2154
sys_ioctl(ffff80001d739ea8,ffff80001d808198,ffff80001d8081e0) at sys_ioctl+0x4a1
syscall(ffff80001d808260) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff61f0, count: -9
end of kernel
Reply all
Reply to author
Forward
0 new messages