kernel: page fault trap, code=NUM (3)
0 views
Skip to first unread message
syzbot
Aug 3, 2023, 4:12:55 PM8/3/23
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 95ed13e137a1 add EXIT STATUS section with information for ..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1611fba1a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=850b8cb78ee09d031793
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/bc1d33dd2288/disk-95ed13e1.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/0d8def29e89a/bsd-95ed13e1.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/8de1d2c3237e/kernel-95ed13e1.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+850b8c...@syzkaller.appspotmail.com
kernel: page fault trap, code=10
Stopped at 0 TID PID UID PRFLAGS PFLAGS CPU COMMAND
*327027 65726 0 0 0x4000000 0K syz-executor.1
447374 39586 0 0x2 0 1 syz-executor.6
0(2,0,ffff800000d51100,ffffffff82bc5ff0,0,0) at 0
timeout_run(fffffd806e2f6f00) at timeout_run+0xd0 sys/kern/kern_timeout.c:640
softclock_process_kclock_timeout(fffffd806e2f6f00,0) at softclock_process_kclock_timeout+0x1ca sys/kern/kern_timeout.c:665
softclock(0) at softclock+0x11a sys/kern/kern_timeout.c:716
softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x27
pool_get(ffffffff82ca6710,2) at pool_get+0x15f sys/kern/subr_pool.c:588
pmap_enter(fffffd807eff70f8,20002000,7c1d3000,3,21) at pmap_enter+0x178 sys/arch/amd64/amd64/pmap.c:2698
uvm_fault_lower(ffff8000247133f0,ffff800024713428,ffff800024713370,0) at uvm_fault_lower+0x768 sys/uvm/uvm_fault.c:1506
uvm_fault(fffffd8069a071e8,20002000,0,1) at uvm_fault+0x238
kpageflttrap(ffff800024713590,20002000) at kpageflttrap+0x252 sys/arch/amd64/amd64/trap.c:279
kerntrap(ffff800024713590) at kerntrap+0xf3 sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
_copyin() at _copyin+0x57
ffs_write(ffff8000247137d0) at ffs_write+0x631 sys/ufs/ffs/ffs_vnops.c:360
end trace frame: 0xffff800024713840, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: attempt to execute user address 0x0 in supervisor mode
ddb{0}> trace
0(2,0,ffff800000d51100,ffffffff82bc5ff0,0,0) at 0
timeout_run(fffffd806e2f6f00) at timeout_run+0xd0 sys/kern/kern_timeout.c:640
softclock_process_kclock_timeout(fffffd806e2f6f00,0) at softclock_process_kclock_timeout+0x1ca sys/kern/kern_timeout.c:665
softclock(0) at softclock+0x11a sys/kern/kern_timeout.c:716
softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x27
pool_get(ffffffff82ca6710,2) at pool_get+0x15f sys/kern/subr_pool.c:588
pmap_enter(fffffd807eff70f8,20002000,7c1d3000,3,21) at pmap_enter+0x178 sys/arch/amd64/amd64/pmap.c:2698
uvm_fault_lower(ffff8000247133f0,ffff800024713428,ffff800024713370,0) at uvm_fault_lower+0x768 sys/uvm/uvm_fault.c:1506
uvm_fault(fffffd8069a071e8,20002000,0,1) at uvm_fault+0x238
kpageflttrap(ffff800024713590,20002000) at kpageflttrap+0x252 sys/arch/amd64/amd64/trap.c:279
kerntrap(ffff800024713590) at kerntrap+0xf3 sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
_copyin() at _copyin+0x57
ffs_write(ffff8000247137d0) at ffs_write+0x631 sys/ufs/ffs/ffs_vnops.c:360
VOP_WRITE(fffffd807f7cb100,ffff8000247139f0,13,fffffd807f7d63a8) at VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
vn_write(fffffd8066f42438,ffff8000247139f0,0) at vn_write+0x15b sys/kern/vfs_vnops.c:408
dofilewritev(ffff800021277b60,4,ffff8000247139f0,0,ffff800024713ae0) at dofilewritev+0x1a0 sys/kern/sys_generic.c:375
sys_writev(ffff800021277b60,ffff800024713a90,ffff800024713ae0) at sys_writev+0xab sys/kern/sys_generic.c:322
syscall(ffff800024713b60) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff800024713b60) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa602b618170, count: -20
ddb{0}> show registers
rdi 0x2
rsi 0
rbp 0xffff800024712ef0
rbx 0
rdx 0xffff800000d51100
rcx 0xffff800021277b60
rax 0x9
r8 0x10e
r9 0x10e
r10 0xbb1e464999d8a5b1
r11 0
r12 0x2
r13 0xffffffff82bfcbb0 timeout_spinlock_obj
r14 0
r15 0
rip 0
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff800024712ea8
ss 0x10
0
ddb{0}> show proc
PROC (syz-executor.1) pid=327027 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=81, nice=20
forw=0xffffffffffffffff, list=0xffff800021277080,0xffff80002122f340
process=0xffff8000212a69f8 user=0xffff80002470e000, vmspace=0xfffffd8069a071e8
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=0, intr=1
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
35428 294858 82411 0 2 0 syz-executor.2
35428 109385 82411 0 3 0x4000080 fsleep syz-executor.2
23631 137217 771 0 2 0 syz-executor.0
23631 313218 771 0 2 0x4000000 syz-executor.0
65726 319958 23795 0 2 0 syz-executor.1
*65726 327027 23795 0 7 0x4000000 syz-executor.1
45111 289345 71209 0 2 0 syz-executor.3
45111 67954 71209 0 2 0x4000000 syz-executor.3
98133 154719 90256 0 2 0 syz-executor.5
98133 283835 90256 0 3 0x4000080 fsleep syz-executor.5
82411 365075 99840 0 2 0x482 syz-executor.2
771 517667 99840 0 2 0x482 syz-executor.0
71209 40928 99840 0 2 0x482 syz-executor.3
34581 370243 99840 0 2 0x2 syz-executor.4
23795 366702 99840 0 2 0x482 syz-executor.1
39586 447374 99840 0 7 0x2 syz-executor.6
90256 499631 99840 0 3 0x82 nanoslp syz-executor.5
68052 508483 99840 0 2 0x2 syz-executor.7
44080 477633 0 0 3 0x14200 acct acct
58487 286611 0 0 3 0x14280 nfsidl nfsio
85635 407672 0 0 3 0x14280 nfsidl nfsio
76523 38299 0 0 3 0x14280 nfsidl nfsio
56973 329923 0 0 3 0x14280 nfsidl nfsio
59369 111678 0 0 3 0x14280 nfsidl nfsio
88301 272637 0 0 3 0x14280 nfsidl nfsio
54247 507774 0 0 3 0x14280 nfsidl nfsio
5514 136592 0 0 3 0x14280 nfsidl nfsio
74300 19174 0 0 3 0x14280 nfsidl nfsio
6686 169337 0 0 3 0x14280 nfsidl nfsio
63598 73713 0 0 3 0x14280 nfsidl nfsio
69771 507313 0 0 3 0x14280 nfsidl nfsio
4969 492602 0 0 3 0x14280 nfsidl nfsio
38924 163844 0 0 3 0x14280 nfsidl nfsio
83113 349861 0 0 3 0x14280 nfsidl nfsio
99623 179714 0 0 3 0x14280 nfsidl nfsio
17552 431537 0 0 3 0x14280 nfsidl nfsio
50145 353567 0 0 3 0x14280 nfsidl nfsio
48069 20525 0 0 3 0x14280 nfsidl nfsio
4926 310021 0 0 3 0x14280 nfsidl nfsio
51928 349407 1 0 3 0x100083 ttyopn getty
46361 7719 0 0 3 0x14200 bored sosplice
99840 150629 61403 0 3 0x82 wait syz-fuzzer
99840 331965 61403 0 3 0x4000082 nanoslp syz-fuzzer
99840 448262 61403 0 3 0x4000082 thrsleep syz-fuzzer
99840 18668 61403 0 3 0x4000082 thrsleep syz-fuzzer
99840 67768 61403 0 3 0x4000082 thrsleep syz-fuzzer
99840 20515 61403 0 3 0x4000082 wait syz-fuzzer
99840 276993 61403 0 3 0x4000082 wait syz-fuzzer
99840 333082 61403 0 3 0x4000082 wait syz-fuzzer
99840 4272 61403 0 3 0x4000082 thrsleep syz-fuzzer
99840 194365 61403 0 3 0x4000082 thrsleep syz-fuzzer
99840 87759 61403 0 3 0x4000082 wait syz-fuzzer
99840 88937 61403 0 3 0x4000082 wait syz-fuzzer
99840 167421 61403 0 3 0x4000082 wait syz-fuzzer
99840 901 61403 0 3 0x4000082 thrsleep syz-fuzzer
99840 319510 61403 0 3 0x4000082 kqread syz-fuzzer
99840 306487 61403 0 3 0x4000082 wait syz-fuzzer
61403 318138 42800 0 3 0x10008a sigsusp ksh
42800 334044 72731 0 3 0x9a kqread sshd
72731 39299 1 0 3 0x88 kqread sshd
8748 410585 99946 74 3 0x1100092 bpf pflogd
99946 372959 1 0 3 0x80 netio pflogd
39509 188000 24181 73 3 0x1100090 kqread syslogd
24181 313309 1 0 3 0x100082 netio syslogd
14930 403924 1 0 3 0x100080 kqread resolvd
11503 341765 99998 77 3 0x100092 kqread dhcpleased
14355 210340 99998 77 3 0x100092 kqread dhcpleased
99998 498364 1 0 3 0x80 kqread dhcpleased
3790 492702 0 0 3 0x14200 bored smr
66873 428709 0 0 2 0x14200 zerothread
54498 219683 0 0 3 0x14200 aiodoned aiodoned
65220 496906 0 0 3 0x14200 syncer update
41545 107628 0 0 3 0x14200 cleaner cleaner
63764 90123 0 0 3 0x14200 reaper reaper
97073 341042 0 0 3 0x14200 pgdaemon pagedaemon
80271 51588 0 0 3 0x14200 bored viomb
83644 432949 0 0 3 0x40014200 acpi0 acpi0
39959 13556 0 0 3 0x40014200 idle1
62776 81085 0 0 3 0x14200 bored softnet3
45615 229221 0 0 3 0x14200 bored softnet2
32753 445809 0 0 3 0x14200 bored softnet1
76103 203468 0 0 3 0x14200 bored softnet0
74224 285099 0 0 3 0x14200 bored systqmp
46433 80512 0 0 3 0x14200 bored systq
92644 325070 0 0 3 0x40014200 bored softclock
33585 413736 0 0 3 0x40014200 idle0
1 142994 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
shared mutex timeout r = 0 (0xffffffff82bfcbb0)
#0 witness_lock+0x447
#1 timeout_run+0xbb sys/kern/kern_timeout.c:636
#2 softclock_process_kclock_timeout+0x1ca sys/kern/kern_timeout.c:665
#3 softclock+0x11a sys/kern/kern_timeout.c:716
#4 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
#5 Xsoftclock+0x27
#6 pool_get+0x15f sys/kern/subr_pool.c:588
#7 pmap_enter+0x178 sys/arch/amd64/amd64/pmap.c:2698
#8 uvm_fault_lower+0x768 sys/uvm/uvm_fault.c:1506
#9 uvm_fault+0x238
#10 kpageflttrap+0x252 sys/arch/amd64/amd64/trap.c:279
#11 kerntrap+0xf3 sys/arch/amd64/amd64/trap.c:332
#12 alltraps_kern_meltdown+0x7b
#13 _copyin+0x57
#14 ffs_write+0x631 sys/ufs/ffs/ffs_vnops.c:360
#15 VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
#16 vn_write+0x15b sys/kern/vfs_vnops.c:408
#17 dofilewritev+0x1a0 sys/kern/sys_generic.c:375
#18 sys_writev+0xab sys/kern/sys_generic.c:322
Process 65726 (syz-executor.1) thread 0xffff800021277b60 (327027)
exclusive rwlock amaplk r = 0 (0xfffffd8069e33f30)
#0 witness_lock+0x447
#1 uvm_fault_check+0x41a sys/uvm/uvm_fault.c:783
#2 uvm_fault+0xf2 sys/uvm/uvm_fault.c:601
#3 kpageflttrap+0x252 sys/arch/amd64/amd64/trap.c:279
#4 kerntrap+0xf3 sys/arch/amd64/amd64/trap.c:332
#5 alltraps_kern_meltdown+0x7b
#6 _copyin+0x57
#7 ffs_write+0x631 sys/ufs/ffs/ffs_vnops.c:360
#8 VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
#9 vn_write+0x15b sys/kern/vfs_vnops.c:408
#10 dofilewritev+0x1a0 sys/kern/sys_generic.c:375
#11 sys_writev+0xab sys/kern/sys_generic.c:322
#12 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#12 syscall+0x606 sys/arch/amd64/amd64/trap.c:623
#13 Xsyscall+0x128
shared rwlock vmmaplk r = 0 (0xfffffd8069a072e0)
#0 witness_lock+0x447
#1 uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1773
#2 uvm_fault_check+0x3e sys/uvm/uvm_fault.c:673
#3 uvm_fault+0xf2 sys/uvm/uvm_fault.c:601
#4 kpageflttrap+0x252 sys/arch/amd64/amd64/trap.c:279
#5 kerntrap+0xf3 sys/arch/amd64/amd64/trap.c:332
#6 alltraps_kern_meltdown+0x7b
#7 _copyin+0x57
#8 ffs_write+0x631 sys/ufs/ffs/ffs_vnops.c:360
#9 VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
#10 vn_write+0x15b sys/kern/vfs_vnops.c:408
#11 dofilewritev+0x1a0 sys/kern/sys_generic.c:375
#12 sys_writev+0xab sys/kern/sys_generic.c:322
#13 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#13 syscall+0x606 sys/arch/amd64/amd64/trap.c:623
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806810b6f8)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 uvm_vnp_uncache+0x116 sys/uvm/uvm_vnode.c:1421
#6 ffs_write+0x52b sys/ufs/ffs/ffs_vnops.c:356
#7 VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
#8 vn_write+0x15b sys/kern/vfs_vnops.c:408
#9 dofilewritev+0x1a0 sys/kern/sys_generic.c:375
#10 sys_writev+0xab sys/kern/sys_generic.c:322
#11 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#11 syscall+0x606 sys/arch/amd64/amd64/trap.c:623
#12 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82ca8d70)
#0 witness_lock+0x447
#1 vn_write+0x46 sys/kern/vfs_vnops.c:393
#2 dofilewritev+0x1a0 sys/kern/sys_generic.c:375
#3 sys_writev+0xab sys/kern/sys_generic.c:322
#4 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#4 syscall+0x606 sys/arch/amd64/amd64/trap.c:623
#5 Xsyscall+0x128
shared mutex timeout r = 0 (0xffffffff82bfcbb0)
#0 witness_lock+0x447
#1 timeout_run+0xbb sys/kern/kern_timeout.c:636
#2 softclock_process_kclock_timeout+0x1ca sys/kern/kern_timeout.c:665
#3 softclock+0x11a sys/kern/kern_timeout.c:716
#4 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
#5 Xsoftclock+0x27
#6 pool_get+0x15f sys/kern/subr_pool.c:588
#7 pmap_enter+0x178 sys/arch/amd64/amd64/pmap.c:2698
#8 uvm_fault_lower+0x768 sys/uvm/uvm_fault.c:1506
#9 uvm_fault+0x238
#10 kpageflttrap+0x252 sys/arch/amd64/amd64/trap.c:279
#11 kerntrap+0xf3 sys/arch/amd64/amd64/trap.c:332
#12 alltraps_kern_meltdown+0x7b
#13 _copyin+0x57
#14 ffs_write+0x631 sys/ufs/ffs/ffs_vnops.c:360
#15 VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
#16 vn_write+0x15b sys/kern/vfs_vnops.c:408
#17 dofilewritev+0x1a0 sys/kern/sys_generic.c:375
#18 sys_writev+0xab sys/kern/sys_generic.c:322
Process 34581 (syz-executor.4) thread 0xffff800021208848 (370243)
exclusive rrwlock inode r = 0 (0xfffffd8073183098)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 ufs_ihashins+0x46 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1343
#6 ffs_inode_alloc+0x1c2 sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_mkdir+0xf8 sys/ufs/ufs/ufs_vnops.c:1149
#8 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
#9 domkdirat+0x125 sys/kern/vfs_syscalls.c:3073
#10 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#10 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd80668c5708)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd5 sys/kern/vfs_lookup.c:418
#6 namei+0x55a sys/kern/vfs_lookup.c:250
#7 domkdirat+0x79 sys/kern/vfs_syscalls.c:3058
#8 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#8 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
#9 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10195 6509K 7067K 78643K 12909 0
pcb 13 16K 18K 78643K 617 0
rtable 243 7K 7K 78643K 1049 0
pf 32 9K 10K 78643K 319 0
ifaddr 45 17K 18K 78643K 231 0
ifgroup 55 2K 2K 78643K 515 0
sysctl 3 1K 2K 78643K 73 0
counters 60 35K 36K 78643K 292 0
ioctlops 0 0K 4K 78643K 1824 0
iov 0 0K 24K 78643K 1010 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1383 86K 87K 78643K 4458 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 3 5K 5K 78643K 94 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 658 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 15 53K 93K 78643K 10364 0
sigio 5 0K 0K 78643K 1702 0
proc 70 91K 140K 78643K 1691 0
subproc 104 6K 6K 78643K 364 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 807 0
in_multi 99 7K 7K 78643K 426 0
ether_multi 1 0K 0K 78643K 21 0
mrt 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 85 387K 387K 78643K 85 0
exec 0 0K 1K 78643K 2250 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 453 98K 114K 78643K 103326 0
UVM aobj 131 7K 7K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 241 0
NDP 12 0K 0K 78643K 184 0
temp 74 5872K 6004K 78643K 50917 0
kqueue 12 18K 26K 78643K 874 0
SYN cache 2 16K 24K 78643K 3 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 388 0 385 6 5 1 3 0 8 0
rtentry 112 338 0 225 4 0 4 4 0 8 0
unpcb 144 12100 0 12075 118 112 6 10 0 8 5
syncache 296 64 0 64 16 16 0 1 0 8 0
tcpqe 32 136 0 136 11 11 0 1 0 8 0
tcpcb 808 9552 0 9540 175 172 3 18 0 8 1
arp 120 58 0 40 1 0 1 1 0 8 0
inpcb 368 12934 0 12919 190 187 3 17 0 8 1
nd6 136 90 0 63 1 0 1 1 0 8 0
pkpcb 40 10 0 10 2 2 0 1 0 8 0
kcovpl 48 28 0 20 1 0 1 1 0 8 0
ppxss 1256 24 0 24 9 9 0 1 0 8 0
pffrag 232 263 0 257 5 4 1 1 0 482 0
pffrnode 88 263 0 257 5 4 1 1 0 8 0
pffrent 40 726 0 720 5 4 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 279 0 257 1 0 1 1 0 8 0
pfstkey 128 279 0 257 3 2 1 2 0 8 0
pfstate 376 279 0 257 12 9 3 4 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
rttmr 136 1 0 1 1 1 0 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1378 0 905 31 1 30 30 0 8 0
art_table 32 1379 0 905 4 0 4 4 0 8 0
art_node 16 337 0 234 1 0 1 1 0 8 0
sysvmsgpl 40 166 0 155 2 1 1 1 0 8 0
semapl 112 656 0 646 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 16017 0 14517 95 0 95 95 0 8 0
ffsino 272 16017 0 14517 101 0 101 101 0 8 0
nchpl 144 30441 0 29936 63 41 22 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 99322 0 99321 9 8 1 2 0 8 0
percpumem 16 159 0 116 1 0 1 1 0 8 0
kstatmem 264 256 0 232 2 0 2 2 0 8 0
scxspl 216 85890 0 85890 30 26 4 8 1 8 4
plimitpl 152 1396 0 1380 1 0 1 1 0 8 0
sigapl 424 10750 0 10682 10 2 8 8 0 8 0
futexpl 64 78611 0 78609 7 6 1 1 0 8 0
knotepl 120 382 0 0 11 1 10 11 0 8 0
kqueuepl 216 1826 0 1818 31 30 1 6 0 8 0
pipepl 320 1585 0 1557 36 33 3 8 0 8 0
fdescpl 496 10630 0 10602 7 3 4 5 0 8 0
filepl 152 71424 0 71170 176 161 15 20 0 8 5
lockfpl 104 2149 0 2146 5 4 1 2 0 8 0
lockfspl 48 476 0 473 1 0 1 1 0 8 0
sessionpl 144 45 0 28 1 0 1 1 0 8 0
pgrppl 48 199 0 182 1 0 1 1 0 8 0
ucredpl 104 11209 0 11195 1 0 1 1 0 8 0
zombiepl 144 10683 0 10682 1 0 1 1 0 8 0
processpl 1072 10750 0 10682 5 0 5 5 0 8 0
procpl 696 29012 0 28924 34 24 10 10 0 8 1
sosppl 168 81 0 81 11 11 0 1 0 8 0
sockpl 488 25437 0 25394 589 576 13 35 0 8 7
mcl64k 65536 33 0 0 4 1 3 3 0 8 0
mcl16k 16384 33 0 0 4 1 3 3 0 8 0
mcl12k 12288 17 0 0 2 0 2 2 0 8 0
mcl9k 9216 19 0 0 2 0 2 2 0 8 0
mcl8k 8192 33 0 0 4 1 3 3 0 8 0
mcl4k 4096 65 0 0 5 2 3 4 0 8 0
mcl2k2 2112 13 0 0 1 0 1 1 0 8 0
mcl2k 2048 350 0 0 36 13 23 36 0 8 0
mtagpl 96 76 0 0 2 1 1 2 0 8 0
mbufpl 256 1616 0 0 62 0 62 62 0 8 0
bufpl 288 22202 0 15885 452 0 452 452 0 8 0
anonpl 24 1123167 0 1110277 171 71 100 108 0 186 0
amapchunkpl 152 325082 0 324187 80 31 49 49 0 158 10
amappl16 200 24442 0 24086 156 124 32 33 0 8 11
amappl15 192 23 0 21 1 0 1 1 0 8 0
amappl14 184 252 0 234 2 1 1 2 0 8 0
amappl13 176 15 0 15 1 1 0 1 0 8 0
amappl12 168 11624 0 11592 4 2 2 3 0 8 0
amappl11 160 55 0 40 1 0 1 1 0 8 0
amappl10 152 61 0 46 1 0 1 1 0 8 0
amappl9 144 297 0 297 21 20 1 2 0 8 1
amappl8 136 652 0 491 6 0 6 6 0 8 0
amappl7 128 181 0 161 1 0 1 1 0 8 0
amappl6 120 498 0 478 2 1 1 2 0 8 0
amappl5 112 470 0 460 1 0 1 1 0 8 0
amappl4 104 1096 0 1046 2 0 2 2 0 8 0
amappl3 96 63735 0 63649 4 1 3 3 0 8 0
amappl2 88 11104 0 11037 3 1 2 3 0 8 0
amappl1 80 47149 0 46600 23 11 12 23 0 8 0
amappl 88 102317 0 102065 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 10630 0 10602 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 10630 0 10602 1 0 1 1 0 8 0
vmmpekpl 168 82123 0 82053 4 0 4 4 0 8 0
vmmpepl 168 640242 0 637870 324 198 126 135 0 357 4
vmsppl 464 10629 0 10602 5 1 4 5 0 8 0
rwobjpl 56 163515 0 155901 142 30 112 112 0 8 2
pdppl 4096 21268 0 21204 712 642 70 84 0 8 6
pvpl 32 2926018 0 2907146 391 206 185 326 0 265 1
pmappl 248 10629 0 10602 3 1 2 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1896 0 1039 26 0 26 26 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
0(2,0,ffff800000d51100,ffffffff82bc5ff0,0,0) at 0
timeout_run(fffffd806e2f6f00) at timeout_run+0xd0 sys/kern/kern_timeout.c:640
softclock_process_kclock_timeout(fffffd806e2f6f00,0) at softclock_process_kclock_timeout+0x1ca sys/kern/kern_timeout.c:665
softclock(0) at softclock+0x11a sys/kern/kern_timeout.c:716
softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x27
pool_get(ffffffff82ca6710,2) at pool_get+0x15f sys/kern/subr_pool.c:588
pmap_enter(fffffd807eff70f8,20002000,7c1d3000,3,21) at pmap_enter+0x178 sys/arch/amd64/amd64/pmap.c:2698
uvm_fault_lower(ffff8000247133f0,ffff800024713428,ffff800024713370,0) at uvm_fault_lower+0x768 sys/uvm/uvm_fault.c:1506
uvm_fault(fffffd8069a071e8,20002000,0,1) at uvm_fault+0x238
kpageflttrap(ffff800024713590,20002000) at kpageflttrap+0x252 sys/arch/amd64/amd64/trap.c:279
kerntrap(ffff800024713590) at kerntrap+0xf3 sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
_copyin() at _copyin+0x57
ffs_write(ffff8000247137d0) at ffs_write+0x631 sys/ufs/ffs/ffs_vnops.c:360
VOP_WRITE(fffffd807f7cb100,ffff8000247139f0,13,fffffd807f7d63a8) at VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
vn_write(fffffd8066f42438,ffff8000247139f0,0) at vn_write+0x15b sys/kern/vfs_vnops.c:408
dofilewritev(ffff800021277b60,4,ffff8000247139f0,0,ffff800024713ae0) at dofilewritev+0x1a0 sys/kern/sys_generic.c:375
sys_writev(ffff800021277b60,ffff800024713a90,ffff800024713ae0) at sys_writev+0xab sys/kern/sys_generic.c:322
syscall(ffff800024713b60) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff800024713b60) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa602b618170, count: -20
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf sys/dev/kcov.c:154
syscall(ffff80002936bd10) at syscall+0x5cd mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002936bd10) at syscall+0x5cd sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7cc9f9aea7c0, count: 9
ddb{1}> trace
x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf sys/dev/kcov.c:154
syscall(ffff80002936bd10) at syscall+0x5cd mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002936bd10) at syscall+0x5cd sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7cc9f9aea7c0, count: -6
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 95ed13e137a1 add EXIT STATUS section with information for ..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1611fba1a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=850b8cb78ee09d031793
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/bc1d33dd2288/disk-95ed13e1.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/0d8def29e89a/bsd-95ed13e1.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/8de1d2c3237e/kernel-95ed13e1.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+850b8c...@syzkaller.appspotmail.com
kernel: page fault trap, code=10
Stopped at 0 TID PID UID PRFLAGS PFLAGS CPU COMMAND
*327027 65726 0 0 0x4000000 0K syz-executor.1
447374 39586 0 0x2 0 1 syz-executor.6
0(2,0,ffff800000d51100,ffffffff82bc5ff0,0,0) at 0
timeout_run(fffffd806e2f6f00) at timeout_run+0xd0 sys/kern/kern_timeout.c:640
softclock_process_kclock_timeout(fffffd806e2f6f00,0) at softclock_process_kclock_timeout+0x1ca sys/kern/kern_timeout.c:665
softclock(0) at softclock+0x11a sys/kern/kern_timeout.c:716
softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x27
pool_get(ffffffff82ca6710,2) at pool_get+0x15f sys/kern/subr_pool.c:588
pmap_enter(fffffd807eff70f8,20002000,7c1d3000,3,21) at pmap_enter+0x178 sys/arch/amd64/amd64/pmap.c:2698
uvm_fault_lower(ffff8000247133f0,ffff800024713428,ffff800024713370,0) at uvm_fault_lower+0x768 sys/uvm/uvm_fault.c:1506
uvm_fault(fffffd8069a071e8,20002000,0,1) at uvm_fault+0x238
kpageflttrap(ffff800024713590,20002000) at kpageflttrap+0x252 sys/arch/amd64/amd64/trap.c:279
kerntrap(ffff800024713590) at kerntrap+0xf3 sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
_copyin() at _copyin+0x57
ffs_write(ffff8000247137d0) at ffs_write+0x631 sys/ufs/ffs/ffs_vnops.c:360
end trace frame: 0xffff800024713840, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: attempt to execute user address 0x0 in supervisor mode
ddb{0}> trace
0(2,0,ffff800000d51100,ffffffff82bc5ff0,0,0) at 0
timeout_run(fffffd806e2f6f00) at timeout_run+0xd0 sys/kern/kern_timeout.c:640
softclock_process_kclock_timeout(fffffd806e2f6f00,0) at softclock_process_kclock_timeout+0x1ca sys/kern/kern_timeout.c:665
softclock(0) at softclock+0x11a sys/kern/kern_timeout.c:716
softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x27
pool_get(ffffffff82ca6710,2) at pool_get+0x15f sys/kern/subr_pool.c:588
pmap_enter(fffffd807eff70f8,20002000,7c1d3000,3,21) at pmap_enter+0x178 sys/arch/amd64/amd64/pmap.c:2698
uvm_fault_lower(ffff8000247133f0,ffff800024713428,ffff800024713370,0) at uvm_fault_lower+0x768 sys/uvm/uvm_fault.c:1506
uvm_fault(fffffd8069a071e8,20002000,0,1) at uvm_fault+0x238
kpageflttrap(ffff800024713590,20002000) at kpageflttrap+0x252 sys/arch/amd64/amd64/trap.c:279
kerntrap(ffff800024713590) at kerntrap+0xf3 sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
_copyin() at _copyin+0x57
ffs_write(ffff8000247137d0) at ffs_write+0x631 sys/ufs/ffs/ffs_vnops.c:360
VOP_WRITE(fffffd807f7cb100,ffff8000247139f0,13,fffffd807f7d63a8) at VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
vn_write(fffffd8066f42438,ffff8000247139f0,0) at vn_write+0x15b sys/kern/vfs_vnops.c:408
dofilewritev(ffff800021277b60,4,ffff8000247139f0,0,ffff800024713ae0) at dofilewritev+0x1a0 sys/kern/sys_generic.c:375
sys_writev(ffff800021277b60,ffff800024713a90,ffff800024713ae0) at sys_writev+0xab sys/kern/sys_generic.c:322
syscall(ffff800024713b60) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff800024713b60) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa602b618170, count: -20
ddb{0}> show registers
rdi 0x2
rsi 0
rbp 0xffff800024712ef0
rbx 0
rdx 0xffff800000d51100
rcx 0xffff800021277b60
rax 0x9
r8 0x10e
r9 0x10e
r10 0xbb1e464999d8a5b1
r11 0
r12 0x2
r13 0xffffffff82bfcbb0 timeout_spinlock_obj
r14 0
r15 0
rip 0
cs 0x8
rflags 0x10246 __ALIGN_SIZE+0xf246
rsp 0xffff800024712ea8
ss 0x10
0
ddb{0}> show proc
PROC (syz-executor.1) pid=327027 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=81, nice=20
forw=0xffffffffffffffff, list=0xffff800021277080,0xffff80002122f340
process=0xffff8000212a69f8 user=0xffff80002470e000, vmspace=0xfffffd8069a071e8
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=0, intr=1
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
35428 294858 82411 0 2 0 syz-executor.2
35428 109385 82411 0 3 0x4000080 fsleep syz-executor.2
23631 137217 771 0 2 0 syz-executor.0
23631 313218 771 0 2 0x4000000 syz-executor.0
65726 319958 23795 0 2 0 syz-executor.1
*65726 327027 23795 0 7 0x4000000 syz-executor.1
45111 289345 71209 0 2 0 syz-executor.3
45111 67954 71209 0 2 0x4000000 syz-executor.3
98133 154719 90256 0 2 0 syz-executor.5
98133 283835 90256 0 3 0x4000080 fsleep syz-executor.5
82411 365075 99840 0 2 0x482 syz-executor.2
771 517667 99840 0 2 0x482 syz-executor.0
71209 40928 99840 0 2 0x482 syz-executor.3
34581 370243 99840 0 2 0x2 syz-executor.4
23795 366702 99840 0 2 0x482 syz-executor.1
39586 447374 99840 0 7 0x2 syz-executor.6
90256 499631 99840 0 3 0x82 nanoslp syz-executor.5
68052 508483 99840 0 2 0x2 syz-executor.7
44080 477633 0 0 3 0x14200 acct acct
58487 286611 0 0 3 0x14280 nfsidl nfsio
85635 407672 0 0 3 0x14280 nfsidl nfsio
76523 38299 0 0 3 0x14280 nfsidl nfsio
56973 329923 0 0 3 0x14280 nfsidl nfsio
59369 111678 0 0 3 0x14280 nfsidl nfsio
88301 272637 0 0 3 0x14280 nfsidl nfsio
54247 507774 0 0 3 0x14280 nfsidl nfsio
5514 136592 0 0 3 0x14280 nfsidl nfsio
74300 19174 0 0 3 0x14280 nfsidl nfsio
6686 169337 0 0 3 0x14280 nfsidl nfsio
63598 73713 0 0 3 0x14280 nfsidl nfsio
69771 507313 0 0 3 0x14280 nfsidl nfsio
4969 492602 0 0 3 0x14280 nfsidl nfsio
38924 163844 0 0 3 0x14280 nfsidl nfsio
83113 349861 0 0 3 0x14280 nfsidl nfsio
99623 179714 0 0 3 0x14280 nfsidl nfsio
17552 431537 0 0 3 0x14280 nfsidl nfsio
50145 353567 0 0 3 0x14280 nfsidl nfsio
48069 20525 0 0 3 0x14280 nfsidl nfsio
4926 310021 0 0 3 0x14280 nfsidl nfsio
51928 349407 1 0 3 0x100083 ttyopn getty
46361 7719 0 0 3 0x14200 bored sosplice
99840 150629 61403 0 3 0x82 wait syz-fuzzer
99840 331965 61403 0 3 0x4000082 nanoslp syz-fuzzer
99840 448262 61403 0 3 0x4000082 thrsleep syz-fuzzer
99840 18668 61403 0 3 0x4000082 thrsleep syz-fuzzer
99840 67768 61403 0 3 0x4000082 thrsleep syz-fuzzer
99840 20515 61403 0 3 0x4000082 wait syz-fuzzer
99840 276993 61403 0 3 0x4000082 wait syz-fuzzer
99840 333082 61403 0 3 0x4000082 wait syz-fuzzer
99840 4272 61403 0 3 0x4000082 thrsleep syz-fuzzer
99840 194365 61403 0 3 0x4000082 thrsleep syz-fuzzer
99840 87759 61403 0 3 0x4000082 wait syz-fuzzer
99840 88937 61403 0 3 0x4000082 wait syz-fuzzer
99840 167421 61403 0 3 0x4000082 wait syz-fuzzer
99840 901 61403 0 3 0x4000082 thrsleep syz-fuzzer
99840 319510 61403 0 3 0x4000082 kqread syz-fuzzer
99840 306487 61403 0 3 0x4000082 wait syz-fuzzer
61403 318138 42800 0 3 0x10008a sigsusp ksh
42800 334044 72731 0 3 0x9a kqread sshd
72731 39299 1 0 3 0x88 kqread sshd
8748 410585 99946 74 3 0x1100092 bpf pflogd
99946 372959 1 0 3 0x80 netio pflogd
39509 188000 24181 73 3 0x1100090 kqread syslogd
24181 313309 1 0 3 0x100082 netio syslogd
14930 403924 1 0 3 0x100080 kqread resolvd
11503 341765 99998 77 3 0x100092 kqread dhcpleased
14355 210340 99998 77 3 0x100092 kqread dhcpleased
99998 498364 1 0 3 0x80 kqread dhcpleased
3790 492702 0 0 3 0x14200 bored smr
66873 428709 0 0 2 0x14200 zerothread
54498 219683 0 0 3 0x14200 aiodoned aiodoned
65220 496906 0 0 3 0x14200 syncer update
41545 107628 0 0 3 0x14200 cleaner cleaner
63764 90123 0 0 3 0x14200 reaper reaper
97073 341042 0 0 3 0x14200 pgdaemon pagedaemon
80271 51588 0 0 3 0x14200 bored viomb
83644 432949 0 0 3 0x40014200 acpi0 acpi0
39959 13556 0 0 3 0x40014200 idle1
62776 81085 0 0 3 0x14200 bored softnet3
45615 229221 0 0 3 0x14200 bored softnet2
32753 445809 0 0 3 0x14200 bored softnet1
76103 203468 0 0 3 0x14200 bored softnet0
74224 285099 0 0 3 0x14200 bored systqmp
46433 80512 0 0 3 0x14200 bored systq
92644 325070 0 0 3 0x40014200 bored softclock
33585 413736 0 0 3 0x40014200 idle0
1 142994 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
shared mutex timeout r = 0 (0xffffffff82bfcbb0)
#0 witness_lock+0x447
#1 timeout_run+0xbb sys/kern/kern_timeout.c:636
#2 softclock_process_kclock_timeout+0x1ca sys/kern/kern_timeout.c:665
#3 softclock+0x11a sys/kern/kern_timeout.c:716
#4 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
#5 Xsoftclock+0x27
#6 pool_get+0x15f sys/kern/subr_pool.c:588
#7 pmap_enter+0x178 sys/arch/amd64/amd64/pmap.c:2698
#8 uvm_fault_lower+0x768 sys/uvm/uvm_fault.c:1506
#9 uvm_fault+0x238
#10 kpageflttrap+0x252 sys/arch/amd64/amd64/trap.c:279
#11 kerntrap+0xf3 sys/arch/amd64/amd64/trap.c:332
#12 alltraps_kern_meltdown+0x7b
#13 _copyin+0x57
#14 ffs_write+0x631 sys/ufs/ffs/ffs_vnops.c:360
#15 VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
#16 vn_write+0x15b sys/kern/vfs_vnops.c:408
#17 dofilewritev+0x1a0 sys/kern/sys_generic.c:375
#18 sys_writev+0xab sys/kern/sys_generic.c:322
Process 65726 (syz-executor.1) thread 0xffff800021277b60 (327027)
exclusive rwlock amaplk r = 0 (0xfffffd8069e33f30)
#0 witness_lock+0x447
#1 uvm_fault_check+0x41a sys/uvm/uvm_fault.c:783
#2 uvm_fault+0xf2 sys/uvm/uvm_fault.c:601
#3 kpageflttrap+0x252 sys/arch/amd64/amd64/trap.c:279
#4 kerntrap+0xf3 sys/arch/amd64/amd64/trap.c:332
#5 alltraps_kern_meltdown+0x7b
#6 _copyin+0x57
#7 ffs_write+0x631 sys/ufs/ffs/ffs_vnops.c:360
#8 VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
#9 vn_write+0x15b sys/kern/vfs_vnops.c:408
#10 dofilewritev+0x1a0 sys/kern/sys_generic.c:375
#11 sys_writev+0xab sys/kern/sys_generic.c:322
#12 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#12 syscall+0x606 sys/arch/amd64/amd64/trap.c:623
#13 Xsyscall+0x128
shared rwlock vmmaplk r = 0 (0xfffffd8069a072e0)
#0 witness_lock+0x447
#1 uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1773
#2 uvm_fault_check+0x3e sys/uvm/uvm_fault.c:673
#3 uvm_fault+0xf2 sys/uvm/uvm_fault.c:601
#4 kpageflttrap+0x252 sys/arch/amd64/amd64/trap.c:279
#5 kerntrap+0xf3 sys/arch/amd64/amd64/trap.c:332
#6 alltraps_kern_meltdown+0x7b
#7 _copyin+0x57
#8 ffs_write+0x631 sys/ufs/ffs/ffs_vnops.c:360
#9 VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
#10 vn_write+0x15b sys/kern/vfs_vnops.c:408
#11 dofilewritev+0x1a0 sys/kern/sys_generic.c:375
#12 sys_writev+0xab sys/kern/sys_generic.c:322
#13 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#13 syscall+0x606 sys/arch/amd64/amd64/trap.c:623
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806810b6f8)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 uvm_vnp_uncache+0x116 sys/uvm/uvm_vnode.c:1421
#6 ffs_write+0x52b sys/ufs/ffs/ffs_vnops.c:356
#7 VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
#8 vn_write+0x15b sys/kern/vfs_vnops.c:408
#9 dofilewritev+0x1a0 sys/kern/sys_generic.c:375
#10 sys_writev+0xab sys/kern/sys_generic.c:322
#11 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#11 syscall+0x606 sys/arch/amd64/amd64/trap.c:623
#12 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82ca8d70)
#0 witness_lock+0x447
#1 vn_write+0x46 sys/kern/vfs_vnops.c:393
#2 dofilewritev+0x1a0 sys/kern/sys_generic.c:375
#3 sys_writev+0xab sys/kern/sys_generic.c:322
#4 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#4 syscall+0x606 sys/arch/amd64/amd64/trap.c:623
#5 Xsyscall+0x128
shared mutex timeout r = 0 (0xffffffff82bfcbb0)
#0 witness_lock+0x447
#1 timeout_run+0xbb sys/kern/kern_timeout.c:636
#2 softclock_process_kclock_timeout+0x1ca sys/kern/kern_timeout.c:665
#3 softclock+0x11a sys/kern/kern_timeout.c:716
#4 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
#5 Xsoftclock+0x27
#6 pool_get+0x15f sys/kern/subr_pool.c:588
#7 pmap_enter+0x178 sys/arch/amd64/amd64/pmap.c:2698
#8 uvm_fault_lower+0x768 sys/uvm/uvm_fault.c:1506
#9 uvm_fault+0x238
#10 kpageflttrap+0x252 sys/arch/amd64/amd64/trap.c:279
#11 kerntrap+0xf3 sys/arch/amd64/amd64/trap.c:332
#12 alltraps_kern_meltdown+0x7b
#13 _copyin+0x57
#14 ffs_write+0x631 sys/ufs/ffs/ffs_vnops.c:360
#15 VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
#16 vn_write+0x15b sys/kern/vfs_vnops.c:408
#17 dofilewritev+0x1a0 sys/kern/sys_generic.c:375
#18 sys_writev+0xab sys/kern/sys_generic.c:322
Process 34581 (syz-executor.4) thread 0xffff800021208848 (370243)
exclusive rrwlock inode r = 0 (0xfffffd8073183098)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 ufs_ihashins+0x46 sys/ufs/ufs/ufs_ihash.c:140
#5 ffs_vget+0x141 sys/ufs/ffs/ffs_vfsops.c:1343
#6 ffs_inode_alloc+0x1c2 sys/ufs/ffs/ffs_alloc.c:394
#7 ufs_mkdir+0xf8 sys/ufs/ufs/ufs_vnops.c:1149
#8 VOP_MKDIR+0xc3 sys/kern/vfs_vops.c:388
#9 domkdirat+0x125 sys/kern/vfs_syscalls.c:3073
#10 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#10 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd80668c5708)
#0 witness_lock+0x447
#1 rw_enter+0x3c8 sys/kern/kern_rwlock.c:309
#2 rrw_enter+0x8c sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0x8b sys/kern/vfs_vops.c:518
#4 vn_lock+0x84 sys/kern/vfs_vnops.c:564
#5 vfs_lookup+0xd5 sys/kern/vfs_lookup.c:418
#6 namei+0x55a sys/kern/vfs_lookup.c:250
#7 domkdirat+0x79 sys/kern/vfs_syscalls.c:3058
#8 syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#8 syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
#9 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10195 6509K 7067K 78643K 12909 0
pcb 13 16K 18K 78643K 617 0
rtable 243 7K 7K 78643K 1049 0
pf 32 9K 10K 78643K 319 0
ifaddr 45 17K 18K 78643K 231 0
ifgroup 55 2K 2K 78643K 515 0
sysctl 3 1K 2K 78643K 73 0
counters 60 35K 36K 78643K 292 0
ioctlops 0 0K 4K 78643K 1824 0
iov 0 0K 24K 78643K 1010 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1383 86K 87K 78643K 4458 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 3 5K 5K 78643K 94 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 658 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 15 53K 93K 78643K 10364 0
sigio 5 0K 0K 78643K 1702 0
proc 70 91K 140K 78643K 1691 0
subproc 104 6K 6K 78643K 364 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 807 0
in_multi 99 7K 7K 78643K 426 0
ether_multi 1 0K 0K 78643K 21 0
mrt 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 85 387K 387K 78643K 85 0
exec 0 0K 1K 78643K 2250 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 453 98K 114K 78643K 103326 0
UVM aobj 131 7K 7K 78643K 134 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 241 0
NDP 12 0K 0K 78643K 184 0
temp 74 5872K 6004K 78643K 50917 0
kqueue 12 18K 26K 78643K 874 0
SYN cache 2 16K 24K 78643K 3 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 388 0 385 6 5 1 3 0 8 0
rtentry 112 338 0 225 4 0 4 4 0 8 0
unpcb 144 12100 0 12075 118 112 6 10 0 8 5
syncache 296 64 0 64 16 16 0 1 0 8 0
tcpqe 32 136 0 136 11 11 0 1 0 8 0
tcpcb 808 9552 0 9540 175 172 3 18 0 8 1
arp 120 58 0 40 1 0 1 1 0 8 0
inpcb 368 12934 0 12919 190 187 3 17 0 8 1
nd6 136 90 0 63 1 0 1 1 0 8 0
pkpcb 40 10 0 10 2 2 0 1 0 8 0
kcovpl 48 28 0 20 1 0 1 1 0 8 0
ppxss 1256 24 0 24 9 9 0 1 0 8 0
pffrag 232 263 0 257 5 4 1 1 0 482 0
pffrnode 88 263 0 257 5 4 1 1 0 8 0
pffrent 40 726 0 720 5 4 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 279 0 257 1 0 1 1 0 8 0
pfstkey 128 279 0 257 3 2 1 2 0 8 0
pfstate 376 279 0 257 12 9 3 4 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
rttmr 136 1 0 1 1 1 0 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1378 0 905 31 1 30 30 0 8 0
art_table 32 1379 0 905 4 0 4 4 0 8 0
art_node 16 337 0 234 1 0 1 1 0 8 0
sysvmsgpl 40 166 0 155 2 1 1 1 0 8 0
semapl 112 656 0 646 1 0 1 1 0 8 0
shmpl 112 131 0 3 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 16017 0 14517 95 0 95 95 0 8 0
ffsino 272 16017 0 14517 101 0 101 101 0 8 0
nchpl 144 30441 0 29936 63 41 22 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 99322 0 99321 9 8 1 2 0 8 0
percpumem 16 159 0 116 1 0 1 1 0 8 0
kstatmem 264 256 0 232 2 0 2 2 0 8 0
scxspl 216 85890 0 85890 30 26 4 8 1 8 4
plimitpl 152 1396 0 1380 1 0 1 1 0 8 0
sigapl 424 10750 0 10682 10 2 8 8 0 8 0
futexpl 64 78611 0 78609 7 6 1 1 0 8 0
knotepl 120 382 0 0 11 1 10 11 0 8 0
kqueuepl 216 1826 0 1818 31 30 1 6 0 8 0
pipepl 320 1585 0 1557 36 33 3 8 0 8 0
fdescpl 496 10630 0 10602 7 3 4 5 0 8 0
filepl 152 71424 0 71170 176 161 15 20 0 8 5
lockfpl 104 2149 0 2146 5 4 1 2 0 8 0
lockfspl 48 476 0 473 1 0 1 1 0 8 0
sessionpl 144 45 0 28 1 0 1 1 0 8 0
pgrppl 48 199 0 182 1 0 1 1 0 8 0
ucredpl 104 11209 0 11195 1 0 1 1 0 8 0
zombiepl 144 10683 0 10682 1 0 1 1 0 8 0
processpl 1072 10750 0 10682 5 0 5 5 0 8 0
procpl 696 29012 0 28924 34 24 10 10 0 8 1
sosppl 168 81 0 81 11 11 0 1 0 8 0
sockpl 488 25437 0 25394 589 576 13 35 0 8 7
mcl64k 65536 33 0 0 4 1 3 3 0 8 0
mcl16k 16384 33 0 0 4 1 3 3 0 8 0
mcl12k 12288 17 0 0 2 0 2 2 0 8 0
mcl9k 9216 19 0 0 2 0 2 2 0 8 0
mcl8k 8192 33 0 0 4 1 3 3 0 8 0
mcl4k 4096 65 0 0 5 2 3 4 0 8 0
mcl2k2 2112 13 0 0 1 0 1 1 0 8 0
mcl2k 2048 350 0 0 36 13 23 36 0 8 0
mtagpl 96 76 0 0 2 1 1 2 0 8 0
mbufpl 256 1616 0 0 62 0 62 62 0 8 0
bufpl 288 22202 0 15885 452 0 452 452 0 8 0
anonpl 24 1123167 0 1110277 171 71 100 108 0 186 0
amapchunkpl 152 325082 0 324187 80 31 49 49 0 158 10
amappl16 200 24442 0 24086 156 124 32 33 0 8 11
amappl15 192 23 0 21 1 0 1 1 0 8 0
amappl14 184 252 0 234 2 1 1 2 0 8 0
amappl13 176 15 0 15 1 1 0 1 0 8 0
amappl12 168 11624 0 11592 4 2 2 3 0 8 0
amappl11 160 55 0 40 1 0 1 1 0 8 0
amappl10 152 61 0 46 1 0 1 1 0 8 0
amappl9 144 297 0 297 21 20 1 2 0 8 1
amappl8 136 652 0 491 6 0 6 6 0 8 0
amappl7 128 181 0 161 1 0 1 1 0 8 0
amappl6 120 498 0 478 2 1 1 2 0 8 0
amappl5 112 470 0 460 1 0 1 1 0 8 0
amappl4 104 1096 0 1046 2 0 2 2 0 8 0
amappl3 96 63735 0 63649 4 1 3 3 0 8 0
amappl2 88 11104 0 11037 3 1 2 3 0 8 0
amappl1 80 47149 0 46600 23 11 12 23 0 8 0
amappl 88 102317 0 102065 7 0 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 133 0 3 3 0 3 3 0 8 0
uaddrrnd 24 10630 0 10602 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 10630 0 10602 1 0 1 1 0 8 0
vmmpekpl 168 82123 0 82053 4 0 4 4 0 8 0
vmmpepl 168 640242 0 637870 324 198 126 135 0 357 4
vmsppl 464 10629 0 10602 5 1 4 5 0 8 0
rwobjpl 56 163515 0 155901 142 30 112 112 0 8 2
pdppl 4096 21268 0 21204 712 642 70 84 0 8 6
pvpl 32 2926018 0 2907146 391 206 185 326 0 265 1
pmappl 248 10629 0 10602 3 1 2 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1896 0 1039 26 0 26 26 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
0(2,0,ffff800000d51100,ffffffff82bc5ff0,0,0) at 0
timeout_run(fffffd806e2f6f00) at timeout_run+0xd0 sys/kern/kern_timeout.c:640
softclock_process_kclock_timeout(fffffd806e2f6f00,0) at softclock_process_kclock_timeout+0x1ca sys/kern/kern_timeout.c:665
softclock(0) at softclock+0x11a sys/kern/kern_timeout.c:716
softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x27
pool_get(ffffffff82ca6710,2) at pool_get+0x15f sys/kern/subr_pool.c:588
pmap_enter(fffffd807eff70f8,20002000,7c1d3000,3,21) at pmap_enter+0x178 sys/arch/amd64/amd64/pmap.c:2698
uvm_fault_lower(ffff8000247133f0,ffff800024713428,ffff800024713370,0) at uvm_fault_lower+0x768 sys/uvm/uvm_fault.c:1506
uvm_fault(fffffd8069a071e8,20002000,0,1) at uvm_fault+0x238
kpageflttrap(ffff800024713590,20002000) at kpageflttrap+0x252 sys/arch/amd64/amd64/trap.c:279
kerntrap(ffff800024713590) at kerntrap+0xf3 sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
_copyin() at _copyin+0x57
ffs_write(ffff8000247137d0) at ffs_write+0x631 sys/ufs/ffs/ffs_vnops.c:360
VOP_WRITE(fffffd807f7cb100,ffff8000247139f0,13,fffffd807f7d63a8) at VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
vn_write(fffffd8066f42438,ffff8000247139f0,0) at vn_write+0x15b sys/kern/vfs_vnops.c:408
dofilewritev(ffff800021277b60,4,ffff8000247139f0,0,ffff800024713ae0) at dofilewritev+0x1a0 sys/kern/sys_generic.c:375
sys_writev(ffff800021277b60,ffff800024713a90,ffff800024713ae0) at sys_writev+0xab sys/kern/sys_generic.c:322
syscall(ffff800024713b60) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff800024713b60) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa602b618170, count: -20
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf sys/dev/kcov.c:154
syscall(ffff80002936bd10) at syscall+0x5cd mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002936bd10) at syscall+0x5cd sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7cc9f9aea7c0, count: 9
ddb{1}> trace
x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0xf sys/dev/kcov.c:154
syscall(ffff80002936bd10) at syscall+0x5cd mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002936bd10) at syscall+0x5cd sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7cc9f9aea7c0, count: -6
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Apr 2, 2024, 8:39:27 AMApr 2
to syzkaller-o...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 2ee472d028ec Support having bcmpcie(4) as both PCIe bus an..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=103e4519180000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=850b8cb78ee09d031793
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11d5c3b1180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1486b3c6180000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/3251cdf9a375/disk-2ee472d0.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/45f17e008029/bsd-2ee472d0.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c7513241ff7c/kernel-2ee472d0.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+850b8c...@syzkaller.appspotmail.com
kernel: page fault trap, code=0
Faulted in DDB; continuing...
ddb> ps
No such command
ddb> show malloc
pcb 15 10K 10K 166960K 15 0
rtable 58 1K 2K 166960K 110 0
pf 12 6K 6K 166960K 12 0
ifaddr 11 5K 5K 166960K 11 0
ifgroup 17 1K 1K 166960K 17 0
counters 22 16K 16K 166960K 22 0
ioctlops 0 0K 2K 166960K 21 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1259 79K 79K 166960K 1276 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 1K 166960K 2 0
VM map 2 1K 1K 166960K 2 0
sem 2 0K 0K 166960K 2 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 1 0K 0K 166960K 1 0
proc 55 58K 59K 166960K 246 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
in_multi 11 0K 0K 166960K 11 0
ether_multi 1 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 25 122K 122K 166960K 25 0
exec 0 0K 1K 166960K 243 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 93 4K 5K 166960K 2327 0
UVM aobj 3 2K 2K 166960K 3 0
pinsyscall 22 44K 48K 166960K 841 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
NDP 3 0K 0K 166960K 3 0
temp 1 6788K 6852K 166960K 2773 0
kqueue 11 16K 18K 166960K 24 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 144 33 0 20 1 0 1 1 0 8 0
syncache 336 5 0 5 1 0 1 1 0 8 1
tcpqe 32 76 0 76 1 0 1 1 0 8 1
tcpcb 808 8 0 5 1 0 1 1 0 8 0
arp 88 2 0 0 1 0 1 1 0 8 0
inpcb 360 26 0 20 1 0 1 1 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
pool(dirhash): free list modified: page 0xffff80002a614000; item ordinal 0; addr 0xffff80002a615000 (p 0xfffffd806e7ae000); offset 0x0=0x0
dirhash: pool(0xffffffff82e0c2d8:dirhash): page inconsistency: page 0xffff80002a614000; item ordinal 1; addr 0xf3f29009b3a163e5
dino2pl 256 1503 0 40 92 0 92 92 0 8 0
ffsino 240 1503 0 40 87 0 87 87 0 8 0
nchpl 144 1687 0 47 61 0 61 61 0 8 0
uvmvnodes 80 1513 0 0 31 0 31 31 0 8 0
vnodes 216 1513 0 0 85 0 85 85 0 8 0
namei 1024 4346 0 4346 1 0 1 1 0 8 1
namei: pool(0xffffffff82e4c118:namei): free list modified: page 0xffff80002a5f6000; item ordinal 0; addr 0xffff80002a5f7400 (p 0xfffffd807f7e4000); offset 0x0=0x0
pool(namei): free list modified: page 0xffff80002a5f6000; item ordinal 0; addr 0xffff80002a5f7400 (p 0xfffffd807f7e4000); offset 0x0=0x0
namei: pool(0xffffffff82e4c118:namei): page inconsistency: page 0xffff80002a5f6000; item ordinal 1; addr 0x3e4833399bf58809
kstatmem 264 6 0 0 1 0 1 1 0 8 0
scxspl 216 5449 0 5448 8 0 8 8 1 8 7
plimitpl 152 16 0 10 1 0 1 1 0 8 0
sigapl 424 310 0 280 4 0 4 4 0 8 0
knotepl 120 3625 0 3596 2 0 2 2 0 8 1
kqueuepl 184 20 0 13 1 0 1 1 0 8 0
pipepl 288 87 0 84 1 0 1 1 0 8 0
fdescpl 432 294 0 280 2 0 2 2 0 8 0
filepl 120 1134 0 1079 2 0 2 2 0 8 0
lockfpl 104 9 0 6 1 0 1 1 0 8 0
lockfspl 48 6 0 3 1 0 1 1 0 8 0
sessionpl 144 17 0 9 1 0 1 1 0 8 0
pgrppl 48 17 0 9 1 0 1 1 0 8 0
ucredpl 104 67 0 56 1 0 1 1 0 8 0
zombiepl 144 280 0 280 1 0 1 1 0 8 1
processpl 1072 310 0 280 3 0 3 3 0 8 0
procpl 680 310 0 280 3 0 3 3 0 8 0
procpl: pool(0xffffffff82e14688:procpl): free list modified: page 0xffff80002a5d6000; item ordinal 0; addr 0xffff80002a5d72a0 (p 0xfffffd807f7e4000); offset 0x0=0x0
pool(procpl): free list modified: page 0xffff80002a5d6000; item ordinal 0; addr 0xffff80002a5d72a0 (p 0xfffffd807f7e4000); offset 0x0=0x0
procpl: pool(0xffffffff82e14688:procpl): page inconsistency: page 0xffff80002a5d6000; item ordinal 1; addr 0xaf15f960f21cff50
procpl: pool(0xffffffff82e14688:procpl): free list modified: page 0xffff80002a62c000; item ordinal 0; addr 0xffff80002a62c2b8 (p 0xfffffd806f24c000); offset 0x0=0x0
pool(procpl): free list modified: page 0xffff80002a62c000; item ordinal 0; addr 0xffff80002a62c2b8 (p 0xfffffd806f24c000); offset 0x0=0x0
procpl: pool(0xffffffff82e14688:procpl): page inconsistency: page 0xffff80002a62c000; item ordinal 1; addr 0x6ca112b099faaafd
sockpl 488 79 0 57 3 0 3 3 0 8 0
mcl8k 8192 4 0 4 1 0 1 1 0 8 1
mcl4k 4096 10 0 10 1 0 1 1 0 8 1
mcl2k 2048 12096 0 12053 35 21 14 35 0 8 8
mtagpl 96 4 0 4 1 0 1 1 0 8 1
mbufpl 256 19412 0 19365 19 7 12 19 0 8 7
bufpl 280 2479 0 89 171 0 171 171 0 8 0
anonpl 24 215250 0 213456 24 0 24 24 0 188 13
amapchunkpl 152 9373 0 9241 7 0 7 7 0 158 1
amappl16 200 6490 0 6489 5 0 5 5 0 8 4
amappl15 192 10 0 10 1 0 1 1 0 8 1
amappl14 184 104 0 94 1 0 1 1 0 8 0
amappl13 176 16 0 16 1 0 1 1 0 8 1
amappl12 168 793 0 781 1 0 1 1 0 8 0
amappl11 160 55 0 45 1 0 1 1 0 8 0
amappl10 152 21 0 21 1 0 1 1 0 8 1
amappl9 144 123 0 123 1 0 1 1 0 8 1
amappl8 136 31 0 30 1 0 1 1 0 8 0
amappl7 128 17 0 16 1 0 1 1 0 8 0
amappl6 120 167 0 155 1 0 1 1 0 8 0
amappl5 112 145 0 133 1 0 1 1 0 8 0
amappl4 104 412 0 384 1 0 1 1 0 8 0
amappl3 96 2379 0 2353 1 0 1 1 0 8 0
amappl2 88 571 0 520 2 0 2 2 0 8 0
amappl1 80 8773 0 8371 11 0 11 11 0 8 1
amappl 88 2029 0 1981 2 0 2 2 0 92 0
dma4096 4096 1 0 1 1 0 1 1 0 8 1
dma128 128 253 0 253 1 0 1 1 0 8 1
dma64 64 6 0 6 1 0 1 1 0 8 1
dma32 32 7 0 7 1 0 1 1 0 8 1
uaddrrnd 24 294 0 280 1 0 1 1 0 8 0
vmmpekpl 168 5602 0 5586 1 0 1 1 0 8 0
vmmpepl 168 35896 0 34986 46 0 46 46 0 357 3
vmsppl 352 293 0 280 2 0 2 2 0 8 0
rwobjpl 24 20309 0 18197 14 0 14 14 0 8 0
pdppl 4096 594 0 560 48 14 34 40 0 8 0
pvpl 32 307258 0 303184 51 0 51 51 0 265 17
pmappl 216 293 0 280 1 0 1 1 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
end trace frame: 0x0, count: -1
ddb> machine ddbcpu 1
No such command
ddb> trace
end trace frame: 0x0, count: -1
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 2ee472d028ec Support having bcmpcie(4) as both PCIe bus an..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=103e4519180000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=850b8cb78ee09d031793
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11d5c3b1180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1486b3c6180000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/3251cdf9a375/disk-2ee472d0.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/45f17e008029/bsd-2ee472d0.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c7513241ff7c/kernel-2ee472d0.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+850b8c...@syzkaller.appspotmail.com
Faulted in DDB; continuing...
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10138 6382K 6413K 166960K 11216 0
pcb 15 10K 10K 166960K 15 0
rtable 58 1K 2K 166960K 110 0
pf 12 6K 6K 166960K 12 0
ifaddr 11 5K 5K 166960K 11 0
ifgroup 17 1K 1K 166960K 17 0
counters 22 16K 16K 166960K 22 0
ioctlops 0 0K 2K 166960K 21 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1259 79K 79K 166960K 1276 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 1K 166960K 2 0
VM map 2 1K 1K 166960K 2 0
sem 2 0K 0K 166960K 2 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 1 0K 0K 166960K 1 0
proc 55 58K 59K 166960K 246 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
in_multi 11 0K 0K 166960K 11 0
ether_multi 1 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 25 122K 122K 166960K 25 0
exec 0 0K 1K 166960K 243 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 93 4K 5K 166960K 2327 0
UVM aobj 3 2K 2K 166960K 3 0
pinsyscall 22 44K 48K 166960K 841 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
NDP 3 0K 0K 166960K 3 0
temp 1 6788K 6852K 166960K 2773 0
kqueue 11 16K 18K 166960K 24 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 20 0 17 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 144 33 0 20 1 0 1 1 0 8 0
syncache 336 5 0 5 1 0 1 1 0 8 1
tcpqe 32 76 0 76 1 0 1 1 0 8 1
tcpcb 808 8 0 5 1 0 1 1 0 8 0
arp 88 2 0 0 1 0 1 1 0 8 0
inpcb 360 26 0 20 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 96 0 0 6 0 6 6 0 8 0
art_table 32 97 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dirhash: pool(0xffffffff82e0c2d8:dirhash): free list modified: page 0xffff80002a614000; item ordinal 0; addr 0xffff80002a615000 (p 0xfffffd806e7ae000); offset 0x0=0x0
pool(dirhash): free list modified: page 0xffff80002a614000; item ordinal 0; addr 0xffff80002a615000 (p 0xfffffd806e7ae000); offset 0x0=0x0
dirhash: pool(0xffffffff82e0c2d8:dirhash): page inconsistency: page 0xffff80002a614000; item ordinal 1; addr 0xf3f29009b3a163e5
dino2pl 256 1503 0 40 92 0 92 92 0 8 0
ffsino 240 1503 0 40 87 0 87 87 0 8 0
nchpl 144 1687 0 47 61 0 61 61 0 8 0
uvmvnodes 80 1513 0 0 31 0 31 31 0 8 0
vnodes 216 1513 0 0 85 0 85 85 0 8 0
namei 1024 4346 0 4346 1 0 1 1 0 8 1
namei: pool(0xffffffff82e4c118:namei): free list modified: page 0xffff80002a5f6000; item ordinal 0; addr 0xffff80002a5f7400 (p 0xfffffd807f7e4000); offset 0x0=0x0
pool(namei): free list modified: page 0xffff80002a5f6000; item ordinal 0; addr 0xffff80002a5f7400 (p 0xfffffd807f7e4000); offset 0x0=0x0
namei: pool(0xffffffff82e4c118:namei): page inconsistency: page 0xffff80002a5f6000; item ordinal 1; addr 0x3e4833399bf58809
kstatmem 264 6 0 0 1 0 1 1 0 8 0
scxspl 216 5449 0 5448 8 0 8 8 1 8 7
plimitpl 152 16 0 10 1 0 1 1 0 8 0
sigapl 424 310 0 280 4 0 4 4 0 8 0
knotepl 120 3625 0 3596 2 0 2 2 0 8 1
kqueuepl 184 20 0 13 1 0 1 1 0 8 0
pipepl 288 87 0 84 1 0 1 1 0 8 0
fdescpl 432 294 0 280 2 0 2 2 0 8 0
filepl 120 1134 0 1079 2 0 2 2 0 8 0
lockfpl 104 9 0 6 1 0 1 1 0 8 0
lockfspl 48 6 0 3 1 0 1 1 0 8 0
sessionpl 144 17 0 9 1 0 1 1 0 8 0
pgrppl 48 17 0 9 1 0 1 1 0 8 0
ucredpl 104 67 0 56 1 0 1 1 0 8 0
zombiepl 144 280 0 280 1 0 1 1 0 8 1
processpl 1072 310 0 280 3 0 3 3 0 8 0
procpl 680 310 0 280 3 0 3 3 0 8 0
procpl: pool(0xffffffff82e14688:procpl): free list modified: page 0xffff80002a5d6000; item ordinal 0; addr 0xffff80002a5d72a0 (p 0xfffffd807f7e4000); offset 0x0=0x0
pool(procpl): free list modified: page 0xffff80002a5d6000; item ordinal 0; addr 0xffff80002a5d72a0 (p 0xfffffd807f7e4000); offset 0x0=0x0
procpl: pool(0xffffffff82e14688:procpl): page inconsistency: page 0xffff80002a5d6000; item ordinal 1; addr 0xaf15f960f21cff50
procpl: pool(0xffffffff82e14688:procpl): free list modified: page 0xffff80002a62c000; item ordinal 0; addr 0xffff80002a62c2b8 (p 0xfffffd806f24c000); offset 0x0=0x0
pool(procpl): free list modified: page 0xffff80002a62c000; item ordinal 0; addr 0xffff80002a62c2b8 (p 0xfffffd806f24c000); offset 0x0=0x0
procpl: pool(0xffffffff82e14688:procpl): page inconsistency: page 0xffff80002a62c000; item ordinal 1; addr 0x6ca112b099faaafd
sockpl 488 79 0 57 3 0 3 3 0 8 0
mcl8k 8192 4 0 4 1 0 1 1 0 8 1
mcl4k 4096 10 0 10 1 0 1 1 0 8 1
mcl2k 2048 12096 0 12053 35 21 14 35 0 8 8
mtagpl 96 4 0 4 1 0 1 1 0 8 1
mbufpl 256 19412 0 19365 19 7 12 19 0 8 7
bufpl 280 2479 0 89 171 0 171 171 0 8 0
anonpl 24 215250 0 213456 24 0 24 24 0 188 13
amapchunkpl 152 9373 0 9241 7 0 7 7 0 158 1
amappl16 200 6490 0 6489 5 0 5 5 0 8 4
amappl15 192 10 0 10 1 0 1 1 0 8 1
amappl14 184 104 0 94 1 0 1 1 0 8 0
amappl13 176 16 0 16 1 0 1 1 0 8 1
amappl12 168 793 0 781 1 0 1 1 0 8 0
amappl11 160 55 0 45 1 0 1 1 0 8 0
amappl10 152 21 0 21 1 0 1 1 0 8 1
amappl9 144 123 0 123 1 0 1 1 0 8 1
amappl8 136 31 0 30 1 0 1 1 0 8 0
amappl7 128 17 0 16 1 0 1 1 0 8 0
amappl6 120 167 0 155 1 0 1 1 0 8 0
amappl5 112 145 0 133 1 0 1 1 0 8 0
amappl4 104 412 0 384 1 0 1 1 0 8 0
amappl3 96 2379 0 2353 1 0 1 1 0 8 0
amappl2 88 571 0 520 2 0 2 2 0 8 0
amappl1 80 8773 0 8371 11 0 11 11 0 8 1
amappl 88 2029 0 1981 2 0 2 2 0 92 0
dma4096 4096 1 0 1 1 0 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 0 1 1 0 8 1
dma128 128 253 0 253 1 0 1 1 0 8 1
dma64 64 6 0 6 1 0 1 1 0 8 1
dma32 32 7 0 7 1 0 1 1 0 8 1
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
uaddrrnd 24 294 0 280 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 294 0 280 1 0 1 1 0 8 0
vmmpekpl 168 5602 0 5586 1 0 1 1 0 8 0
vmmpepl 168 35896 0 34986 46 0 46 46 0 357 3
vmsppl 352 293 0 280 2 0 2 2 0 8 0
rwobjpl 24 20309 0 18197 14 0 14 14 0 8 0
pdppl 4096 594 0 560 48 14 34 40 0 8 0
pvpl 32 307258 0 303184 51 0 51 51 0 265 17
pmappl 216 293 0 280 1 0 1 1 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 303 0 42 9 0 9 9 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
end trace frame: 0x0, count: -1
ddb> machine ddbcpu 1
No such command
ddb> trace
end trace frame: 0x0, count: -1
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages